[Pkg-samba-maint] [Git][samba-team/samba][master] 5956 commits: VERSION: Bump version to 4.14.0pre1...
Michael Tokarev (@mjt)
gitlab at salsa.debian.org
Thu Mar 31 14:36:55 BST 2022
Michael Tokarev pushed to branch master at Debian Samba Team / samba
Commits:
7b99d0bc by Karolin Seeger at 2020-07-09T07:19:38+00:00
VERSION: Bump version to 4.14.0pre1...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Karolin Seeger <kseeger at samba.org>
- - - - -
92b1078e by Karolin Seeger at 2020-07-09T08:43:25+00:00
WHATSNEW: Start release notes for Samba 4.14.0pre1.
Signed-off-by: Karolin Seeger <kseeger at samba.org>
Autobuild-User(master): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(master): Thu Jul 9 08:43:25 UTC 2020 on sn-devel-184
- - - - -
60b09289 by Volker Lendecke at 2020-07-09T20:16:40+00:00
libcli/ldap: Test decoding an exop response
ldap-starttls-response.dat is a reply to a starttls extended
operation. Right now ldap_decode() does not handle this correctly.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
0bb1488d by Volker Lendecke at 2020-07-09T20:16:40+00:00
libcli/ldap: Fix decoding struct ldap_ExtendedResponse
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
89d21f50 by Volker Lendecke at 2020-07-09T20:16:40+00:00
torture3: Silence two signed/unsigned warnings
A longer fix would be to change the callbacks to use "int" instead of
"unsigned". Arguably that might be cleaner, but as this is torture
code I opted for the minimum necessary change.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
10ea0e0b by Volker Lendecke at 2020-07-09T20:16:40+00:00
torture3: Align integer types
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
04eafce6 by Volker Lendecke at 2020-07-09T20:16:40+00:00
winbind: Add test for lookuprids cache problem
When reading entries from gencache, wb_cache_rids_to_names() can
return STATUS_SOME_UNMAPPED, which _wbint_LookupRids() does not handle
correctly.
This test enforces this situation by filling gencache with one wbinfo
-R and then erasing the winbindd_cache.tdb. This forces winbind to
enter the domain helper process, which will then read from gencache
filled with the previous wbinfo -R.
Without having the entries cached this does not happen because
wb_cache_rids_to_names() via the do_query: path calls deep inside
calls dcerpc_lsa_lookup_sids_noalloc(), which hides the
STATUS_SOME_UNMAPPED that came in as lsa_LookupSids result value.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14435
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
cd4122d9 by Volker Lendecke at 2020-07-09T21:40:52+00:00
winbind: Fix lookuprids cache problem
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14435
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Thu Jul 9 21:40:52 UTC 2020 on sn-devel-184
- - - - -
4c74db69 by Andreas Schneider at 2020-07-10T09:40:37+00:00
docs: Fix documentation for require_membership_of of pam_winbind
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14358
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Fri Jul 10 09:40:37 UTC 2020 on sn-devel-184
- - - - -
10f61cd3 by Isaac Boukris at 2020-07-13T10:41:37+00:00
selftest: add tests for net-ads over TLS
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14439
Signed-off-by: Isaac Boukris <iboukris at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
9ec83cae by Isaac Boukris at 2020-07-13T10:41:37+00:00
Decouple ldap-ssl-ads from ldap-ssl option
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14439
Signed-off-by: Isaac Boukris <iboukris at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
b3af1d33 by Isaac Boukris at 2020-07-13T10:41:38+00:00
Fix ads_set_sasl_wrap_flags to only change sasl flags
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14439
Signed-off-by: Isaac Boukris <iboukris at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
39b293c2 by Isaac Boukris at 2020-07-13T10:41:38+00:00
ads: set sasl-wrapping to plain when over TLS
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14439
Signed-off-by: Isaac Boukris <iboukris at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
965d1888 by Isaac Boukris at 2020-07-13T12:06:06+00:00
net: ignore possible SIGPIPE upon ldap_unbind when over TLS
>From local tests with strace:
socket(AF_UNIX, SOCK_STREAM, 0) = 12
write(2, "Connecting to 10.53.57.21 at por"..., 38) = 38
...
write(2, "ads_domain_func_level: 3\n", 25) = 25
write(12, "\27\3\3\0\37\0\0\0\0\0\0\0\16nl[\374\375i\325\334\25\227kxG@\326\311R\225x"..., 36) = 36
write(12, "\25\3\3\0\32\0\0\0\0\0\0\0\17Hh\304\254\244\17\342<\334\210L&\20_\177\307\232P", 31) = -1 EPIPE (Broken pipe)
--- SIGPIPE {si_signo=SIGPIPE, si_code=SI_USER, si_pid=12089, si_uid=1000} ---
+++ killed by SIGPIPE +++
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14439
Signed-off-by: Isaac Boukris <iboukris at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Isaac Boukris <iboukris at samba.org>
Autobuild-Date(master): Mon Jul 13 12:06:07 UTC 2020 on sn-devel-184
- - - - -
aa4d1357 by Jeremy Allison at 2020-07-14T07:42:54+00:00
s3: lib: Fix missing TALLOC_FREE in error code path.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14441
Reported by Alexander Pyhalov <apyhalov at gmail.com>
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Tue Jul 14 07:42:54 UTC 2020 on sn-devel-184
- - - - -
3fa9c3d5 by Stefan Metzmacher at 2020-07-14T13:38:35+00:00
s4:torture/smb2: split replay_smb3_specification into durable handle and multichannel
It's better to have durable handles and multichannel tested separate:
1. we test both cases in the server
2. it makes it easier to deal with knownfail entries if only one
of these features is active on the server.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
8fbb7ad2 by Stefan Metzmacher at 2020-07-14T13:38:35+00:00
s4:torture/smb2: make smb2.durable-v2-delay tests more robust
We should not crash when the test fails, so we use a 2nd independent
connection to unlink the file at the end.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
e5a8b16a by Stefan Metzmacher at 2020-07-14T13:38:35+00:00
s3:smbd: move exit_firsttime checking to the start of exit_server_common()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14433
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
d23e2678 by Stefan Metzmacher at 2020-07-14T14:59:18+00:00
s3:smbd: stop accepting multichannel connections early in exit_server_common()
This is just a step in the correct direction, but there's still a
possible race...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14433
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
Autobuild-User(master): Günther Deschner <gd at samba.org>
Autobuild-Date(master): Tue Jul 14 14:59:19 UTC 2020 on sn-devel-184
- - - - -
2162d503 by Christof Schmitt at 2020-07-16T01:29:45+00:00
smbd: Remove code inside #ifdef NEXT2
This is dead code, the define is never set.
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
268994f5 by Christof Schmitt at 2020-07-16T01:29:45+00:00
s4:client: Remove code inside #ifdef NEXT2
This is dead code, the define is never set.
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
eecd65d4 by Christof Schmitt at 2020-07-16T01:29:45+00:00
lib/util: Remove code inside #ifdef NEXT2
This is dead code, the define is never set.
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
ee6b31ad by Christof Schmitt at 2020-07-16T01:29:45+00:00
lib/util: Remove code inside #ifdef HAVE_BROKEN_READDIR_NAME
This is dead code, the define is never set.
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
6fc0a486 by Christof Schmitt at 2020-07-16T01:29:45+00:00
smbd: Remove code inside #ifdef HAVE_BROKEN_READDIR_NAME
This is dead code, the define is never set.
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
cfd34eef by Martin Schwenke at 2020-07-16T01:29:45+00:00
tdb: Fix some signed/unsigned comparisons
[207/389] Compiling lib/tdb/tools/tdbdump.c
../../../lib/tdb/tools/tdbrestore.c: In function ‘read_linehead’:
../../../lib/tdb/tools/tdbrestore.c:43:13: warning: comparison of integer expressions of different signedness: ‘int’ and ‘long unsigned int’ [-Wsign-compare]
43 | for (i=0; i<sizeof(prefix); i++) {
| ^
../../../lib/tdb/tools/tdbrestore.c: In function ‘read_data’:
../../../lib/tdb/tools/tdbrestore.c:95:13: warning: comparison of integer expressions of different signedness: ‘int’ and ‘size_t’ {aka ‘long unsigned int’} [-Wsign-compare]
95 | for (i=0; i<size; i++) {
| ^
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
d8f1d267 by Martin Schwenke at 2020-07-16T04:00:52+00:00
util: Fix a signed/unsigned comparison
[107/390] Compiling lib/util/time.c
../../../lib/util/time.c: In function ‘timespec_string_buf’:
../../../lib/util/time.c:416:10: warning: comparison of integer expressions of different signedness: ‘size_t’ {aka ‘long unsigned int’} and ‘int’ [-Wsign-compare]
416 | if (len == -1) {
| ^~
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Thu Jul 16 04:00:52 UTC 2020 on sn-devel-184
- - - - -
bc174243 by Martin Schwenke at 2020-07-16T05:28:42+00:00
ctdb-tools: Drop undocumented ONNODE_SSH_OPTS variable
Options can be set in ONNODE_SSH, so this variable is unnecessary.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
00eb88b2 by Martin Schwenke at 2020-07-16T05:28:42+00:00
ctdb-tools: Whitespace fixups
Drop some unnecessary whitespace and re-indent push().
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
5f217d60 by Martin Schwenke at 2020-07-16T05:28:42+00:00
ctdb-tools: Allow onnode -P to respect ONNODE_SSH
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
0e287127 by Martin Schwenke at 2020-07-16T06:51:47+00:00
ctdb-tools: Improve onnode's ShellCheck credibility
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay at samba.org>
Autobuild-Date(master): Thu Jul 16 06:51:47 UTC 2020 on sn-devel-184
- - - - -
527d7df0 by Jeremy Allison at 2020-07-16T06:52:36+00:00
s3: lib: Cleanup - all the ipstr_XXX() functions are only used in namecache.c.
Move them there. Will remove from the global namespace next.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
2371c45f by Jeremy Allison at 2020-07-16T06:52:36+00:00
s3: lib: Cleanup - nothing uses ipstr_list_free(). Remove it.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
c7e8c3d4 by Jeremy Allison at 2020-07-16T06:52:36+00:00
s3: lib: Cleanup - make ipstr_list_make() and ipstr_list_parse() private to the only user.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
be410351 by Jeremy Allison at 2020-07-16T06:52:36+00:00
s3: libsmb: Cleanup modern coding standards. 'True/False' -> 'true/false'.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
67ea64d2 by Jeremy Allison at 2020-07-16T06:52:36+00:00
s3: libsmb: Cleanup - move talloc frame out of inner scope.
Make it available thoughout the function. Prepare to use
talloc for namecache_key().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
06f0a7e9 by Jeremy Allison at 2020-07-16T06:52:36+00:00
s3: libsmb: Cleanup - namecache_store() initialize stack variables.
Preparing for common out: exit.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
df0e54be by Jeremy Allison at 2020-07-16T06:52:36+00:00
s3: libsmb: Cleanup - namecache_store() - use common out.
Prepare for moving malloc values to talloc.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
56d5cbe8 by Jeremy Allison at 2020-07-16T06:52:36+00:00
s3: libsmb: Cleanup - make namecache_key() use talloc.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
bd205f2a by Jeremy Allison at 2020-07-16T06:52:37+00:00
s3: libsmb: Cleanup - make namecache_status_record_key() use talloc.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
1d712add by Jeremy Allison at 2020-07-16T06:52:37+00:00
s3: libsmb: Cleanup - Move DEBUG -> DBG_XXX() macros.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
8ea51f41 by Jeremy Allison at 2020-07-16T08:16:31+00:00
s3: libsmb: Cleanup - Make ipstr_list_make() talloc rather than malloc.
Remove the excessive and unneeded ipstr_list_add() function,
fold it into ipstr_list_make() to make it much clearer what
we're doing.
The only use of MALLOC now is in ipstr_list_parse() returned
by namecache_fetch(). We need to fix the caller before
we can move that to talloc. As that is used inside internal_resolve_name()
which is designed to return a MALLOC'ed ip list from all
name resolution mechanisms leave that fix for another day.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Thu Jul 16 08:16:31 UTC 2020 on sn-devel-184
- - - - -
d67e9149 by Isaac Boukris at 2020-07-16T10:41:40+00:00
s3-libads: Pass timeout to open_socket_out in ms
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13124
Signed-off-by: Isaac Boukris <iboukris at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Thu Jul 16 10:41:40 UTC 2020 on sn-devel-184
- - - - -
57badc46 by Jeremy Allison at 2020-07-17T05:54:29+00:00
s3: libsmb: Namecache. Fix bug missed by me in previous cleanup.
In ipstr_list_make() we need to look at the correct array entry
to determine the ss_family for the sockaddr_storage.
Otherwise we are always storing the type of the first entry.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Fri Jul 17 05:54:31 UTC 2020 on sn-devel-184
- - - - -
5e4e18d0 by Douglas Bagnall at 2020-07-17T05:55:49+00:00
s4/torture/smb2/oplock: fix compilation by initialising variable
With gcc (Ubuntu 9.3.0-10ubuntu2) 9.3.0:
../../source4/torture/smb2/oplock.c:2709:2: error: variable 'h2' is used uninitialized whenever 'if' condition is true [-Werror,-Wsometimes-uninitialized]
torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "Incorrect status");
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../lib/torture/torture.h:734:3: note: expanded from macro 'torture_assert_ntstatus_ok_goto'
torture_assert_ntstatus_equal_goto(torture_ctx,expr,NT_STATUS_OK,ret,label,cmt)
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../lib/torture/torture.h:302:6: note: expanded from macro 'torture_assert_ntstatus_equal_goto'
if (!NT_STATUS_EQUAL(__got, __expected)) { \
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../source4/torture/smb2/oplock.c:2730:25: note: uninitialized use occurs here
smb2_util_close(tree1, h2);
^~
../../source4/torture/smb2/oplock.c:2709:2: note: remove the 'if' if its condition is always false
torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "Incorrect status");
^
../../lib/torture/torture.h:734:3: note: expanded from macro 'torture_assert_ntstatus_ok_goto'
torture_assert_ntstatus_equal_goto(torture_ctx,expr,NT_STATUS_OK,ret,label,cmt)
^
../../lib/torture/torture.h:302:2: note: expanded from macro 'torture_assert_ntstatus_equal_goto'
if (!NT_STATUS_EQUAL(__got, __expected)) { \
^
../../source4/torture/smb2/oplock.c:2652:2: note: variable 'h2' is declared here
struct smb2_handle h, h1, h2;
^
1 error generated.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
8e1d72b7 by Douglas Bagnall at 2020-07-17T07:16:31+00:00
s4/torture: fix compilation in smb2/multichannel
GCC 9.3.0 doesn't like a true array being compared to NULL.
[3628/3972] Compiling source4/torture/smb2/multichannel.c
../../source4/torture/smb2/multichannel.c:1077:7: error: comparison of array 'trees2' equal to a null pointer is always false [-Werror,-Wtautological-pointer-compare]
if (trees2 == NULL || trees2[i] == NULL) {
^~~~~~ ~~~~
../../source4/torture/smb2/multichannel.c:1284:7: error: comparison of array 'trees2' equal to a null pointer is always false [-Werror,-Wtautological-pointer-compare]
if (trees2 == NULL || trees2[i] == NULL) {
^~~~~~ ~~~~
../../source4/torture/smb2/multichannel.c:2337:7: error: comparison of array 'trees2' equal to a null pointer is always false [-Werror,-Wtautological-pointer-compare]
if (trees2 == NULL || trees2[i] == NULL) {
^~~~~~ ~~~~
3 errors generated.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Fri Jul 17 07:16:31 UTC 2020 on sn-devel-184
- - - - -
5a078bc9 by Douglas Bagnall at 2020-07-17T07:17:39+00:00
dbcheck: omit unused argument in err_wrong_default_sd
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: David Mulder <dmulder at samba.org>
- - - - -
65b49259 by Douglas Bagnall at 2020-07-17T07:17:39+00:00
python/ms_forest_updates_markdown: avoid implicit global variable
out_dict would have been shared across all calls, aggregating values as it went.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: David Mulder <dmulder at samba.org>
- - - - -
e15ee51e by Douglas Bagnall at 2020-07-17T07:17:40+00:00
s4/scripting/samba_dnsupdate: remove unreachable code
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: David Mulder <dmulder at samba.org>
- - - - -
78383dd8 by Douglas Bagnall at 2020-07-17T07:17:40+00:00
samba-tool ntacl: remove unused imports and variables
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: David Mulder <dmulder at samba.org>
- - - - -
820b3d82 by Douglas Bagnall at 2020-07-17T07:17:40+00:00
python/upgradehelpers: remove unused imports and variables
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: David Mulder <dmulder at samba.org>
- - - - -
98f6ece5 by Douglas Bagnall at 2020-07-17T07:17:40+00:00
python/join: use the provided krbtgt link in cleanup_old_accounts
Before we were putting it in an otherwise unused variable, and
deleting the previous krbtgt_dn, if any.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: David Mulder <dmulder at samba.org>
- - - - -
914226bf by Douglas Bagnall at 2020-07-17T07:17:40+00:00
python: wrap 'import dckeytab' in an explanatory function
The samba.dckeytab module has magic effects on samba.net, but never
appears to be used. That can be confusing, both to people and to
linters. Here we wrap that confusion up into a well-commented
function, so we never again have to wonder why the unused import is
there.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: David Mulder <dmulder at samba.org>
- - - - -
d05fc858 by Douglas Bagnall at 2020-07-17T08:39:37+00:00
python: samba.compat rejects Python 2
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: David Mulder <dmulder at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Fri Jul 17 08:39:38 UTC 2020 on sn-devel-184
- - - - -
71b7140f by Andreas Schneider at 2020-07-17T13:07:44+00:00
docs: Fix documentation for require_membership_of of pam_winbind.conf
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14358
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Isaac Boukris <iboukris at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Fri Jul 17 13:07:44 UTC 2020 on sn-devel-184
- - - - -
fd364b01 by Christof Schmitt at 2020-07-17T17:12:33+00:00
pam_winbind: Fix CID 242274 Time of check time of use
Always issue the mkdir call to avoid the TOCTOU issue. Only if there is
already an object with the requested name, check whether it is a
directory.
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
0b1bec43 by Christof Schmitt at 2020-07-17T17:12:34+00:00
test_vfs_posixacl: Add unit test for Linux POSIX ACL mapping
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
63b9b2a1 by Christof Schmitt at 2020-07-17T18:33:41+00:00
vfs_posixacl: Remove unnecessary call to acl_set_permset
After the initial acl_get_permset, the permset is alreadying pointing to
the ACL entry and all changes are done on the ACL entry. There is no
need to overwrite the permissions in the ACL entry again with the same
value in the acl_set_permset call.
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Christof Schmitt <cs at samba.org>
Autobuild-Date(master): Fri Jul 17 18:33:41 UTC 2020 on sn-devel-184
- - - - -
4523a0b4 by Ralph Boehme at 2020-07-18T05:58:40+00:00
smbd: ensure we do a base open for internal stream deletes
Otherwise we're not opening the basefile so fsp->base_fsp remains NULL for fsp
handles on streams. As there are some places that use the check (fsp->base_fsp
!= NULL) to check for stream handles, eg streams_xattr_fstat(), we must ensure
it is set otherwise we open a pretty big window for undefined behaviour.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
916ebade by Ralph Boehme at 2020-07-18T05:58:40+00:00
smbd: remove unused NTCREATEX_OPTIONS_PRIVATE_STREAM_DELETE
The previous commit removed the only consumer of the flags.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
6ab75d2c by Ralph Boehme at 2020-07-18T05:58:40+00:00
smbd: use a helper variable in open_file()
No change in behaviour, this just prepares for changes to come.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a929644b by Ralph Boehme at 2020-07-18T05:58:41+00:00
smbd: check for conn->cwd_fsp in file_free()
This avoids doing the check in all callers.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
afdeba88 by Ralph Boehme at 2020-07-18T05:58:41+00:00
smbd: check for conn->cwd_fsp in fd_close()
This avoids doing the check in all callers.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
b6e40dbf by Ralph Boehme at 2020-07-18T05:58:41+00:00
smbd: use (global) POSIX pathname state in non_widelink_open()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1508d661 by Ralph Boehme at 2020-07-18T05:58:41+00:00
smbd: remove a nested block in non_widelink_open()
No change in behaviour.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
92d8b5f5 by Ralph Boehme at 2020-07-18T05:58:41+00:00
smbd: remove errno saving from fd_open()
This is not needed anymore since 97d061237b0f2e07ae9c8e893734e222e58cfa4e..
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
8c2c7491 by Ralph Boehme at 2020-07-18T05:58:41+00:00
smbd: use helper variable for fd in fd_open()
No change in behaviour. Fwiw, no need to set fsp->fh->fd to -1 in the error case,
as that is initialized to -1 in fsp_new().
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
567f7987 by Ralph Boehme at 2020-07-18T05:58:41+00:00
s3/lib: fsp_str_dbg() doesn't show a possible stream name
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
9c187e29 by Ralph Boehme at 2020-07-18T05:58:41+00:00
smbd: don't mess with smb_dname->base_name in call_trans2findfirst()
Create a fresh name instead. Needed to proper support for path-ref fsps in the
future.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
09cfac65 by Ralph Boehme at 2020-07-18T05:58:41+00:00
smbd: factor out fsp_bind_smb()
Needed for path-ref fsps in the future.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f31108cd by Ralph Boehme at 2020-07-18T05:58:41+00:00
smbd: consolidate fsp allocation for open_directory() and open_file_ntcreate()
...at one place in the caller create_file_unixpath().
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
da1103db by Ralph Boehme at 2020-07-18T07:21:10+00:00
smbd: build smb_fname per file to delete in unlink_internals()
Make sure to pass fresh smb_fname's to do_unlink(). Needed for path-ref fsps in
the future.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Sat Jul 18 07:21:11 UTC 2020 on sn-devel-184
- - - - -
91c36c16 by Martin Schwenke at 2020-07-22T02:42:37+00:00
ctdb-build: Don't build/install tests in top-level build by default
The standalone build still includes tests, as does the top-level build
when --enable-selftest is used. The latter is consistent with the use
of --enable-selftest in the rest of the tree.
Signed-off-by: Martin Schwenke <martin at meltin.net>
- - - - -
9694ba6f by Martin Schwenke at 2020-07-22T02:42:37+00:00
ctdb-tests: Enable SOCKET_WRAPPER_DIR_ALLOW_ORIG
This will allow local daemons to be used in more contexts, especially
in tests run by Jenkins where the directory names for some targets can
be very long.
Signed-off-by: Martin Schwenke <martin at meltin.net>
- - - - -
c78de201 by Martin Schwenke at 2020-07-22T02:42:37+00:00
ctdb-tests: Show hung script debugging output
The output in a test failure appears to contain no pstree output
because "00\.test\.script,.*" does not match. However, this is just a
guess because the output is not shown.
Showing the output makes it easier to understand test failures.
Signed-off-by: Martin Schwenke <martin at meltin.net>
- - - - -
847aa0e3 by Martin Schwenke at 2020-07-22T02:42:37+00:00
ctdb-tests: Redirect stderr too when checking for shellcheck
Avoid:
.../UNIT/shellcheck/scripts/local.sh: line 14: type: shellcheck: not found
The "type" command in dash prints the "not found" message to stdout
but the bash version prints to stderr, so redirect stderr too.
Signed-off-by: Martin Schwenke <martin at meltin.net>
- - - - -
a55dd6f1 by Martin Schwenke at 2020-07-22T02:42:37+00:00
ctdb-tests: Drop unreachable line
ctdb_test_skip() will exit.
Signed-off-by: Martin Schwenke <martin at meltin.net>
- - - - -
65f56505 by Martin Schwenke at 2020-07-22T02:42:37+00:00
ctdb-tests: Update preamble for INTEGRATION tests
* Use "#!/usr/bin/env bash" for improved portability
* Drop test_info() definition and replace it with a comment
The use of test_info() is pointless.
* Drop call to cluster_is_healthy()
This is a holdover from when the previous test would restart daemons
to get things ready for a test. There was also a bug where going
into recovery during the restart would sometimes cause the cluster
to become unhealthy. If we really need something like this then we
can add it to ctdb_test_init().
* Make order of preamble consistent
Signed-off-by: Martin Schwenke <martin at meltin.net>
- - - - -
9a7cabd3 by Martin Schwenke at 2020-07-22T02:42:37+00:00
ctdb-tests: Use "#!/usr/bin/env bash" for improved portability
Signed-off-by: Martin Schwenke <martin at meltin.net>
- - - - -
0f04b8a7 by Martin Schwenke at 2020-07-22T02:42:37+00:00
ctdb-tests: Make integration.bash pass shellcheck
Apart from the non-constant sourcing of include files.
Mostly avoidance of quoting warnings.
One subtle change is to simply pass "120" to wait_until_ready() to
stop warnings that it expects arguments but none are passed (both
SC2119 and SC2120). There seems no way to indicate to structure
function argument handling so that shellcheck realises arguments are
optional. In later shellcheck versions, disabling SC2120 for a
function also silences complaints about its callers... but not all of
our testing uses "later" shellcheck versions.
Signed-off-by: Martin Schwenke <martin at meltin.net>
- - - - -
30293baa by Martin Schwenke at 2020-07-22T02:42:37+00:00
ctdb-tests: Make unit.sh pass shellcheck
Mostly avoidance of quoting warnings.
Silencing warnings about unquoted $CTDB_TEST_CAT_RESULTS_OPTS is
handled by passing '-' to cat when that variable's value is empty.
Signed-off-by: Martin Schwenke <martin at meltin.net>
- - - - -
44e05ac8 by Martin Schwenke at 2020-07-22T02:42:38+00:00
ctdb-tests: Do not trigger ctdb_test_error() from ctdb_init()
The only caller calls ctdb_test_error() on failure and nesting this
calls can be confusing. A future change will make this even more
confusing.
Signed-off-by: Martin Schwenke <martin at meltin.net>
- - - - -
e9df17b5 by Martin Schwenke at 2020-07-22T02:42:38+00:00
ctdb-tests: Separate custom cluster startup from test initialisation
Separate cluster startup from test initialisation for tests that start
the cluster with customised configuration. In these cases the result
of the cluster startup is actually the point of the test.
Additionally, pubips.013.failover_noop.sh claims to have completed
test initialisation twice, which just seems wrong.
The result is:
* ctdb_test_init() takes one option (-n) to indicate when it should
not configure/start the cluster
* New function ctdb_nodes_start_custom() accepts options for special
cluster configuration, only operates on local daemons and triggers a
test failure rather than a test error on failure.
Signed-off-by: Martin Schwenke <martin at meltin.net>
- - - - -
58f9f699 by Martin Schwenke at 2020-07-22T02:42:38+00:00
ctdb-tests: Don't bother shutting down daemons in ctdb_init()
They'll never be up here...
Signed-off-by: Martin Schwenke <martin at meltin.net>
- - - - -
aa5b214e by Martin Schwenke at 2020-07-22T02:42:38+00:00
ctdb-tests: Drop uses of "onnode any ..." in testcases
It would be nice to get rid of "onnode any". There's no use making
tests nondeterministic. If covering different cases matters then they
should be explicitly handled.
In most places "any" is replaced by "$test_node". In some cases,
where $test_node is not set, a fixed node that is already used
elsewhere can be reused.
Signed-off-by: Martin Schwenke <martin at meltin.net>
- - - - -
1079d6e3 by Martin Schwenke at 2020-07-22T02:42:38+00:00
ctdb-tests: Improve test portability
"wc -l" on some platforms (e.g. FreeBSD) contains leading spaces and
stops "$num from being a number. Create a more portable solution and
put it in a function instead of repeating the logic.
Signed-off-by: Martin Schwenke <martin at meltin.net>
- - - - -
ea1cbff6 by Martin Schwenke at 2020-07-22T02:42:38+00:00
ctdb-tests: Improve test quality
Select test node with IPs instead of using a fixed node. Remove
unnecessary code, use more modern commands, code
improvements (shellcheck).
Signed-off-by: Martin Schwenke <martin at meltin.net>
- - - - -
1f655691 by Martin Schwenke at 2020-07-22T02:42:38+00:00
ctdb-tests: Improve test portability
"wc -l" on some platforms (e.g. FreeBSD) contains leading spaces, so
strip them.
Signed-off-by: Martin Schwenke <martin at meltin.net>
- - - - -
a308f253 by Martin Schwenke at 2020-07-22T02:42:38+00:00
ctdb-tests: Improve test quality
Simplify code, use more modern commands, code improvements (shellcheck).
Signed-off-by: Martin Schwenke <martin at meltin.net>
- - - - -
d2f8cd83 by Martin Schwenke at 2020-07-22T02:42:38+00:00
ctdb-tests: Improve test portability/quality
Avoid use of non-portable md5sum by constructing database names using
index. Improve indentation, use more modern commands, code
improvements (shellcheck).
Signed-off-by: Martin Schwenke <martin at meltin.net>
- - - - -
5707781c by Martin Schwenke at 2020-07-22T04:10:47+00:00
ctdb-tests: Stop cat command failure from causing test failure
In certain circumstance, which aren't obvious, cat(1) can fail when
attempting to write a lot of data. This is due to something (probably
write(2)) returning EAGAIN.
Given that the -v option should only really be used for test
debugging, ignore the failure instead of spending time debugging it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14446
Signed-off-by: Martin Schwenke <martin at meltin.net>
Autobuild-User(master): Amitay Isaacs <amitay at samba.org>
Autobuild-Date(master): Wed Jul 22 04:10:47 UTC 2020 on sn-devel-184
- - - - -
5948a579 by Martin Schwenke at 2020-07-22T05:07:45+00:00
Revert "ctdb-tests: Stop cat command failure from causing test failure"
Fix missing Reviewed-by: tag.
This reverts commit 5707781ccf682d95a5a05a7c3e00a43003dbe62e.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
d035b69b by Martin Schwenke at 2020-07-22T05:07:45+00:00
Revert "ctdb-tests: Improve test portability/quality"
Fix missing Reviewed-by: tag.
This reverts commit d2f8cd835da39784f2d99231f9a1067ae56ede7a.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
979a6c8c by Martin Schwenke at 2020-07-22T05:07:45+00:00
Revert "ctdb-tests: Improve test quality"
Fix missing Reviewed-by: tag.
This reverts commit a308f2534d3991866efa2c662921ec63b4238888.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
cf3b1fb3 by Martin Schwenke at 2020-07-22T05:07:45+00:00
Revert "ctdb-tests: Improve test portability"
Fix missing Reviewed-by: tag.
This reverts commit 1f6556916e7f3a731d7d760fa6fd857e7f571541.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
c83ece42 by Martin Schwenke at 2020-07-22T05:07:45+00:00
Revert "ctdb-tests: Improve test quality"
Fix missing Reviewed-by: tag.
This reverts commit ea1cbff624383fb9d5b83b863fa6bd00a8fb77fa.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
635d5cfa by Martin Schwenke at 2020-07-22T05:07:45+00:00
Revert "ctdb-tests: Improve test portability"
Fix missing Reviewed-by: tag.
This reverts commit 1079d6e3ae5805ef65a3628edf0a3ac2cd7fac1c.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
c9dfdead by Martin Schwenke at 2020-07-22T05:07:45+00:00
Revert "ctdb-tests: Drop uses of "onnode any ..." in testcases"
Fix missing Reviewed-by: tag.
This reverts commit aa5b214eaa88414c87410fd068fe7624e9790185.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
941a2d0a by Martin Schwenke at 2020-07-22T05:07:45+00:00
Revert "ctdb-tests: Don't bother shutting down daemons in ctdb_init()"
Fix missing Reviewed-by: tag.
This reverts commit 58f9f699f181ac217cda8de512b8385da173f884.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
e11526ad by Martin Schwenke at 2020-07-22T05:07:45+00:00
Revert "ctdb-tests: Separate custom cluster startup from test initialisation"
Fix missing Reviewed-by: tag.
This reverts commit e9df17b500146e62539feac66d0cd4b3ef7aa47a.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
da654f97 by Martin Schwenke at 2020-07-22T05:07:46+00:00
Revert "ctdb-tests: Do not trigger ctdb_test_error() from ctdb_init()"
Fix missing Reviewed-by: tag.
This reverts commit 44e05ac8515be3220a334ae8001db83b06bec59f.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
548f2021 by Martin Schwenke at 2020-07-22T05:07:46+00:00
Revert "ctdb-tests: Make unit.sh pass shellcheck"
Fix missing Reviewed-by: tag.
This reverts commit 30293baae5f22628405d327fc0b6bae993e96cd8.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
60d999ad by Martin Schwenke at 2020-07-22T05:07:46+00:00
Revert "ctdb-tests: Make integration.bash pass shellcheck"
Fix missing Reviewed-by: tag.
This reverts commit 0f04b8a70be3b8e157a4a88e9e54e87fa380022e.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
271ad95e by Martin Schwenke at 2020-07-22T05:07:46+00:00
Revert "ctdb-tests: Use "#!/usr/bin/env bash" for improved portability"
Fix missing Reviewed-by: tag.
This reverts commit 9a7cabd342d0aed450ed3305931702a7351f814a.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
4438e44f by Martin Schwenke at 2020-07-22T05:07:46+00:00
Revert "ctdb-tests: Update preamble for INTEGRATION tests"
Fix missing Reviewed-by: tag.
This reverts commit 65f56505e29c01d5891e5bc1050b6c37b8cbdee7.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
a694c071 by Martin Schwenke at 2020-07-22T05:07:46+00:00
Revert "ctdb-tests: Drop unreachable line"
Fix missing Reviewed-by: tag.
This reverts commit a55dd6f17b6d65db77bcd4f5a011e9aef64729e5.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
e4b1cdc7 by Martin Schwenke at 2020-07-22T05:07:46+00:00
Revert "ctdb-tests: Redirect stderr too when checking for shellcheck"
Fix missing Reviewed-by: tag.
This reverts commit 847aa0e367c721944650aa34d67f8073461ae272.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
6a3372e8 by Martin Schwenke at 2020-07-22T05:07:46+00:00
Revert "ctdb-tests: Show hung script debugging output"
Fix missing Reviewed-by: tag.
This reverts commit c78de201f84f9fae9916af9592d42cbc71f805c5.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
bdd89d52 by Martin Schwenke at 2020-07-22T05:07:47+00:00
Revert "ctdb-tests: Enable SOCKET_WRAPPER_DIR_ALLOW_ORIG"
Fix missing Reviewed-by: tag.
This reverts commit 9694ba6fe4d073c653f49080127ee9efa21a8e9e.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
6436c74e by Martin Schwenke at 2020-07-22T06:29:43+00:00
Revert "ctdb-build: Don't build/install tests in top-level build by default"
Fix missing Reviewed-by: tag.
This reverts commit 91c36c16c8516359380a00ee3d2229422b048d9f.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
Autobuild-User(master): Martin Schwenke <martins at samba.org>
Autobuild-Date(master): Wed Jul 22 06:29:43 UTC 2020 on sn-devel-184
- - - - -
3ff8765d by Martin Schwenke at 2020-07-22T07:53:35+00:00
ctdb-tests: Stop cat command failure from causing test failure
In certain circumstance, which aren't obvious, cat(1) can fail when
attempting to write a lot of data. This is due to something (probably
write(2)) returning EAGAIN.
Given that the -v option should only really be used for test
debugging, ignore the failure instead of spending time debugging it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14446
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
066c205e by Martin Schwenke at 2020-07-22T07:53:35+00:00
ctdb-build: Don't build/install tests in top-level build by default
The standalone build still includes tests, as does the top-level build
when --enable-selftest is used. The latter is consistent with the use
of --enable-selftest in the rest of the tree.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
70c38d40 by Martin Schwenke at 2020-07-22T07:53:35+00:00
ctdb-tests: Enable SOCKET_WRAPPER_DIR_ALLOW_ORIG
This will allow local daemons to be used in more contexts, especially
in tests run by Jenkins where the directory names for some targets can
be very long.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
15654465 by Martin Schwenke at 2020-07-22T07:53:35+00:00
ctdb-tests: Show hung script debugging output
The output in a test failure appears to contain no pstree output
because "00\.test\.script,.*" does not match. However, this is just a
guess because the output is not shown.
Showing the output makes it easier to understand test failures.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
29a3fce2 by Martin Schwenke at 2020-07-22T07:53:35+00:00
ctdb-tests: Redirect stderr too when checking for shellcheck
Avoid:
.../UNIT/shellcheck/scripts/local.sh: line 14: type: shellcheck: not found
The "type" command in dash prints the "not found" message to stdout
but the bash version prints to stderr, so redirect stderr too.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
0f201dd6 by Martin Schwenke at 2020-07-22T07:53:35+00:00
ctdb-tests: Drop unreachable line
ctdb_test_skip() will exit.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
8b24cae6 by Martin Schwenke at 2020-07-22T07:53:35+00:00
ctdb-tests: Update preamble for INTEGRATION tests
* Use "#!/usr/bin/env bash" for improved portability
* Drop test_info() definition and replace it with a comment
The use of test_info() is pointless.
* Drop call to cluster_is_healthy()
This is a holdover from when the previous test would restart daemons
to get things ready for a test. There was also a bug where going
into recovery during the restart would sometimes cause the cluster
to become unhealthy. If we really need something like this then we
can add it to ctdb_test_init().
* Make order of preamble consistent
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
d6673528 by Martin Schwenke at 2020-07-22T07:53:35+00:00
ctdb-tests: Use "#!/usr/bin/env bash" for improved portability
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
be3065ea by Martin Schwenke at 2020-07-22T07:53:36+00:00
ctdb-tests: Make integration.bash pass shellcheck
Apart from the non-constant sourcing of include files.
Mostly avoidance of quoting warnings.
One subtle change is to simply pass "120" to wait_until_ready() to
stop warnings that it expects arguments but none are passed (both
SC2119 and SC2120). There seems no way to indicate to structure
function argument handling so that shellcheck realises arguments are
optional. In later shellcheck versions, disabling SC2120 for a
function also silences complaints about its callers... but not all of
our testing uses "later" shellcheck versions.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
a369bedf by Martin Schwenke at 2020-07-22T07:53:36+00:00
ctdb-tests: Make unit.sh pass shellcheck
Mostly avoidance of quoting warnings.
Silencing warnings about unquoted $CTDB_TEST_CAT_RESULTS_OPTS is
handled by passing '-' to cat when that variable's value is empty.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
a766136d by Martin Schwenke at 2020-07-22T07:53:36+00:00
ctdb-tests: Do not trigger ctdb_test_error() from ctdb_init()
The only caller calls ctdb_test_error() on failure and nesting this
calls can be confusing. A future change will make this even more
confusing.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
37c26a95 by Martin Schwenke at 2020-07-22T07:53:36+00:00
ctdb-tests: Separate custom cluster startup from test initialisation
Separate cluster startup from test initialisation for tests that start
the cluster with customised configuration. In these cases the result
of the cluster startup is actually the point of the test.
Additionally, pubips.013.failover_noop.sh claims to have completed
test initialisation twice, which just seems wrong.
The result is:
* ctdb_test_init() takes one option (-n) to indicate when it should
not configure/start the cluster
* New function ctdb_nodes_start_custom() accepts options for special
cluster configuration, only operates on local daemons and triggers a
test failure rather than a test error on failure.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
ce3de398 by Martin Schwenke at 2020-07-22T07:53:36+00:00
ctdb-tests: Don't bother shutting down daemons in ctdb_init()
They'll never be up here...
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
41ff5833 by Martin Schwenke at 2020-07-22T07:53:36+00:00
ctdb-tests: Drop uses of "onnode any ..." in testcases
It would be nice to get rid of "onnode any". There's no use making
tests nondeterministic. If covering different cases matters then they
should be explicitly handled.
In most places "any" is replaced by "$test_node". In some cases,
where $test_node is not set, a fixed node that is already used
elsewhere can be reused.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
760c3039 by Martin Schwenke at 2020-07-22T07:53:36+00:00
ctdb-tests: Improve test portability
"wc -l" on some platforms (e.g. FreeBSD) contains leading spaces and
stops "$num from being a number. Create a more portable solution and
put it in a function instead of repeating the logic.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
244eaad7 by Martin Schwenke at 2020-07-22T07:53:36+00:00
ctdb-tests: Improve test quality
Select test node with IPs instead of using a fixed node. Remove
unnecessary code, use more modern commands, code
improvements (shellcheck).
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
c6c81ea2 by Martin Schwenke at 2020-07-22T07:53:36+00:00
ctdb-tests: Improve test portability
"wc -l" on some platforms (e.g. FreeBSD) contains leading spaces, so
strip them.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
f4c2c77f by Martin Schwenke at 2020-07-22T07:53:36+00:00
ctdb-tests: Improve test quality
Simplify code, use more modern commands, code improvements (shellcheck).
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
484a764e by Martin Schwenke at 2020-07-22T09:14:35+00:00
ctdb-tests: Improve test portability/quality
Avoid use of non-portable md5sum by constructing database names using
index. Improve indentation, use more modern commands, code
improvements (shellcheck).
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
Autobuild-User(master): Martin Schwenke <martins at samba.org>
Autobuild-Date(master): Wed Jul 22 09:14:35 UTC 2020 on sn-devel-184
- - - - -
6982fcb3 by Martin Schwenke at 2020-07-24T04:41:25+00:00
ctdb-recoverd: Drop unused nodemap argument from update_flags_on_all_nodes()
An unused argument needlessly extends the length of function calls. A
subsequent change will allow rec->nodemap to be used if necessary.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
cb3a3147 by Martin Schwenke at 2020-07-24T04:41:25+00:00
ctdb-recoverd: Change update_flags_on_all_nodes() to take rec argument
This makes fields such as recmaster and nodemap easily available if
required.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
f681c0e9 by Martin Schwenke at 2020-07-24T04:41:25+00:00
ctdb-recoverd: Introduce some local variables to improve readability
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
915d24ac by Martin Schwenke at 2020-07-24T04:41:25+00:00
ctdb-recoverd: Use update_flags_on_all_nodes()
This is clearer than using the MODFLAGS control directly.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
b1e631ff by Martin Schwenke at 2020-07-24T04:41:25+00:00
ctdb-recoverd: Improve a call to update_flags_on_all_nodes()
This should take a PNN, not an array index.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
a88c10c5 by Martin Schwenke at 2020-07-24T04:41:25+00:00
ctdb-recoverd: Move ctdb_ctrl_modflags() to ctdb_recoverd.c
This file is the only user of this function.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
0c6a7db3 by Martin Schwenke at 2020-07-24T04:41:25+00:00
ctdb-recoverd: Flatten update_flags_on_all_nodes()
The logic currently in ctdb_ctrl_modflags() will be optimised so that
it no longer matches the pattern for a control function. So, remove
this function and squash its functionality into the only caller.
Although there are some superficial changes, the behaviour is
unchanged.
Flattening the 2 functions produces some seriously weird logic for
setting the new flags, to the point where using ctdb_ctrl_modflags()
for this purpose now looks very strange. The weirdness will be
cleaned up in a subsequent commit.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
9475ab04 by Martin Schwenke at 2020-07-24T04:41:25+00:00
ctdb-recoverd: Do not retrieve nodemap from recovery master
It is already in rec->nodemap.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
3654e416 by Martin Schwenke at 2020-07-24T04:41:25+00:00
ctdb-recoverd: Correctly find nodemap entry for pnn
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
5ce6133a by Martin Schwenke at 2020-07-24T06:03:23+00:00
ctdb-recoverd: Simplify calculation of new flags
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
Autobuild-User(master): Martin Schwenke <martins at samba.org>
Autobuild-Date(master): Fri Jul 24 06:03:23 UTC 2020 on sn-devel-184
- - - - -
16b84855 by Martin Schwenke at 2020-07-24T08:37:31+00:00
ctdb: Change NAT gateway to use leader/follower
Instead of master/slave.
Nearly all of these are simple textual substitutions, which preserve
the case of the original.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
f37b3cf2 by Martin Schwenke at 2020-07-24T08:37:31+00:00
ctdb: Change LVS to use leader/follower
Instead of master/slave.
Nearly all of these are simple textual substitutions, which preserve
the case of the original. A couple of minor cleanups were made in the
documentation (such as "LVSMASTER" -> "LVS leader").
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
db4b52b7 by Martin Schwenke at 2020-07-24T09:58:53+00:00
WHATSNEW: Document CTDB NAT gateway and LVS changes
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay at samba.org>
Autobuild-Date(master): Fri Jul 24 09:58:53 UTC 2020 on sn-devel-184
- - - - -
bbcab579 by Martin Schwenke at 2020-07-26T13:01:09+00:00
WHATSNEW: Fix description of CTDB NAT gateway and LVS changes
Oops! Using parentheses makes it harder to get this wrong.
Reported-by: Volker Lendecke <vl at samba.org>
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Martin Schwenke <martins at samba.org>
Autobuild-Date(master): Sun Jul 26 13:01:09 UTC 2020 on sn-devel-184
- - - - -
334dd8ce by Martin Schwenke at 2020-07-27T05:42:31+00:00
ctdb-scripts: Use nfsconf as a last resort to set NFS_HOSTNAME
If nfsconf exists then use it as last resort to attempt to extract
[statd]:name from /etc/nfs.conf.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14444
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
642dc6de by Martin Schwenke at 2020-07-27T07:06:57+00:00
ctdb-scripts: Use nfsconf as a last resort get nfsd thread count
If nfsconf exists then use it as last resort to attempt to extract
[nfsd]:threads from /etc/nfs.conf.
Invocation of nfsconf requires "|| true" because this script uses "set
-e". Add a stub that always fails to at least test this much.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14444
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay at samba.org>
Autobuild-Date(master): Mon Jul 27 07:06:58 UTC 2020 on sn-devel-184
- - - - -
6e496aa3 by Khem Raj at 2020-07-28T10:52:00+00:00
nsswitch/nsstest.c: Avoid nss function conflicts with glibc nss.h
glibc 2.32 will define these varibles [1] which results in conflicts
with these static function names, therefore prefix these function names
with samba_ to avoid it
[1] https://sourceware.org/git/?p=glibc.git;a=commit;h=499a92df8b9fc64a054cf3b7f728f8967fc1da7d
Signed-off-by: Khem Raj <raj.khem at gmail.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
Autobuild-User(master): Noel Power <npower at samba.org>
Autobuild-Date(master): Tue Jul 28 10:52:00 UTC 2020 on sn-devel-184
- - - - -
07399831 by Isaac Boukris at 2020-07-28T12:40:26+00:00
Add a test with old msDS-SupportedEncryptionTypes
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14354
Signed-off-by: Isaac Boukris <iboukris at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
4baa7cc8 by Stefan Metzmacher at 2020-07-28T14:04:26+00:00
kdc:db-glue: ignore KRB5_PROG_ETYPE_NOSUPP also for Primary:Kerberos
Currently we only ignore KRB5_PROG_ETYPE_NOSUPP for
Primary:Kerberos-Newer-Keys, but not for Primary:Kerberos.
If a service account has msDS-SupportedEncryptionTypes: 31
and DES keys stored in Primary:Kerberos, we'll pass the
DES key to smb_krb5_keyblock_init_contents(), but may get
KRB5_PROG_ETYPE_NOSUPP.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14354
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Isaac Boukris <iboukris at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Tue Jul 28 14:04:26 UTC 2020 on sn-devel-184
- - - - -
05228c4e by Andrew Bartlett at 2020-07-29T03:19:02+00:00
dbcheck: Allow a dangling forward link outside our known NCs
If we do not have the NC of the target object we can not be really sure
that the object is redundent and so we want to keep it for now
and not (as happened until now) break the dbcheck run made during the
replication stage of a "samba-tool domain backup rename".
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14450
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
2aace18f by Douglas Bagnall at 2020-07-29T04:43:23+00:00
ldb_controls: control_to_string avoids crash
Otherwise a malformed control with unexpected NULL data will segfault
ldb_control_to_string(), though this is not very likely to affect
anyone in practice as converting controls to strings is rarely
necessary. If it happens at all in Samba it is in Python code.
Found by Honggfuzz using fuzz_ldb_parse_control.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Douglas Bagnall <dbagnall at samba.org>
Autobuild-Date(master): Wed Jul 29 04:43:23 UTC 2020 on sn-devel-184
- - - - -
698d20d3 by Ralph Boehme at 2020-07-29T13:44:47+00:00
smbd: remove get_current_vuid()
The last user was removed by 3d09993725412bb0e856cc2ebf6ac68f8e762730.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Wed Jul 29 13:44:47 UTC 2020 on sn-devel-184
- - - - -
326bc84c by Douglas Bagnall at 2020-08-03T02:51:35+00:00
oss-fuzz: use uninstrumented dynamic python
We can't link to the instrumented statically built Python, so instead
we use the system Python in the docker image.
REF: https://github.com/google/oss-fuzz/issues/4223
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22618
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14451
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9bf331b4 by Douglas Bagnall at 2020-08-03T02:51:35+00:00
ndr: maintain proper talloc tree in pull_string_array
We don't want to leave other parts of the ndr struct hanging off this
string array just because LIBNDR_FLAG_REMAINING is used.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Noel Power <npower at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9148f38c by Douglas Bagnall at 2020-08-03T02:51:35+00:00
ndr: avoid excessive reallocing in pull_string_array
Before, talloc_realloc() was being called n times for an array of
length n. This could be very expensive on long string arrays since it
is reasonable to assume each realloc moves O(n) bytes.
This addresses at least one OSS-Fuzz bug, making a timing out test case
100 times faster. Credit to OSS-Fuzz.
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19706
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Noel Power <npower at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
14210c24 by Douglas Bagnall at 2020-08-03T02:51:35+00:00
python tests: drop python 2.6 compatibility functions
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Noel Power <npower at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
06f87f14 by Douglas Bagnall at 2020-08-03T04:13:37+00:00
README.Coding: target Python 3.6+
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Noel Power <npower at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Mon Aug 3 04:13:37 UTC 2020 on sn-devel-184
- - - - -
611e643d by Samuel Thibault at 2020-08-03T09:39:02+00:00
ldap_server: fix hurd build
There is no hardcoded IOV_MAX iov limitation on GNU/Hurd. We however do
not want unbound allocation, so define it to a reasonable amount.
Signed-off-by: Samuel Thibault <samuel.thibault at ens-lyon.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Mon Aug 3 09:39:02 UTC 2020 on sn-devel-184
- - - - -
23274717 by Ralph Boehme at 2020-08-03T22:21:02+00:00
lib: relicense smb_strtoul(l) under LGPLv3
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Swen Schillig <swen at linux.ibm.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon Aug 3 22:21:04 UTC 2020 on sn-devel-184
- - - - -
12c526f1 by Jeremy Allison at 2020-08-04T06:30:25+00:00
s3: scripts: Selfttest. samba3.blackbox.smbclient_iconv.*
Fix missing 'include' in temporary client smb.conf file.
The current temporary generated smb.conf file for the client, "client_cp850_smbconf"
doesn't include the normal client smb.conf file "client.conf".
This means it's missing the:
interfaces = XXXX,YYYY
line we needed to find the server via socketwrapper. Currently this test is finding the server by accident :-).
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Tue Aug 4 06:30:25 UTC 2020 on sn-devel-184
- - - - -
a4c85116 by Jeremy Allison at 2020-08-04T08:51:41+00:00
s3: libsmb: Cleanup - ensure we don't try and continue resolving names on failure of convert_ss2service().
Logic change, but correct error cleanup - jump to new 'fail:' label.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Isaac Boukris <iboukris at samba.org>
- - - - -
bfe1b6ee by Jeremy Allison at 2020-08-04T08:51:41+00:00
s3: libsmb: Cleanup - change to early continue in internal_resolve_name() for resolve_hosts().
No logic change.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Isaac Boukris <iboukris at samba.org>
- - - - -
e74b323a by Jeremy Allison at 2020-08-04T08:51:41+00:00
s3: libsmb: Cleanup - change to early continue in internal_resolve_name() for KDC resolve_ads().
No logic change.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Isaac Boukris <iboukris at samba.org>
- - - - -
139d7a73 by Jeremy Allison at 2020-08-04T08:51:41+00:00
s3: libsmb: Cleanup - change to early continue in internal_resolve_name() for resolve_ads().
No logic change.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Isaac Boukris <iboukris at samba.org>
- - - - -
114fe823 by Jeremy Allison at 2020-08-04T08:51:41+00:00
s3: libsmb: Cleanup - change to early continue in internal_resolve_name() for resolve_lmhosts_file_as_sockaddr().
No logic change.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Isaac Boukris <iboukris at samba.org>
- - - - -
02f72478 by Jeremy Allison at 2020-08-04T08:51:41+00:00
s3: libsmb: Cleanup - change to early continue in internal_resolve_name() for 0x1D name in resolve_wins().
No logic change.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Isaac Boukris <iboukris at samba.org>
- - - - -
ba656a79 by Jeremy Allison at 2020-08-04T08:51:41+00:00
s3: libsmb: Cleanup - change to early continue in internal_resolve_name() for resolve_wins().
No logic change.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Isaac Boukris <iboukris at samba.org>
- - - - -
75469fcf by Jeremy Allison at 2020-08-04T08:51:41+00:00
s3: libsmb: Cleanup - change to early continue in internal_resolve_name() for name_resolve_bcast().
No logic change.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Isaac Boukris <iboukris at samba.org>
- - - - -
d4e43063 by Jeremy Allison at 2020-08-04T08:51:41+00:00
s3: libsmb: Cleanup - use helper 'ok' bool for resolve_hosts().
No logic change.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Isaac Boukris <iboukris at samba.org>
- - - - -
8e20de54 by Jeremy Allison at 2020-08-04T08:51:41+00:00
s3: libsmb: Cleanup - use helper 'ok' bool for resolve_lmhosts_file_as_sockaddr().
No logic change.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Isaac Boukris <iboukris at samba.org>
- - - - -
d48d6059 by Jeremy Allison at 2020-08-04T08:51:41+00:00
s3: libsmb: Cleanup - use helper 'ok' bool for resolve_wins().
No logic change.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Isaac Boukris <iboukris at samba.org>
- - - - -
4abcb300 by Jeremy Allison at 2020-08-04T08:51:41+00:00
s3: libsmb: Cleanup - use helper 'ok' bool for name_resolve_bcast().
No logic change.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Isaac Boukris <iboukris at samba.org>
- - - - -
1499fd8a by Jeremy Allison at 2020-08-04T08:51:41+00:00
s3: libsmb: Cleanup - use helper 'ok' bool for internal_resolve_name().
No logic change.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Isaac Boukris <iboukris at samba.org>
- - - - -
14433e2a by Jeremy Allison at 2020-08-04T08:51:41+00:00
s3: libsmb: Cleanup - split allocation and NULL check in internal_resolve_name().
No logic change.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Isaac Boukris <iboukris at samba.org>
- - - - -
e07fa953 by Jeremy Allison at 2020-08-04T08:51:41+00:00
s3: libsmb: Cleanup - modernize DEBUG -> DBG_ in internal_resolve_name()
No logic change.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Isaac Boukris <iboukris at samba.org>
- - - - -
2ad48899 by Jeremy Allison at 2020-08-04T08:51:42+00:00
s3: libsmb: Cleanup - Remove incorrect comment in resolve_ads(). The DNS code copes fine with IPv6 addresses.
No logic change.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Isaac Boukris <iboukris at samba.org>
- - - - -
dd165b2c by Jeremy Allison at 2020-08-04T08:51:42+00:00
s3: libsmb: Cleanup - reformatting resolve_hosts() parameters inside internal_resolve_name().
No logic changes.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Isaac Boukris <iboukris at samba.org>
- - - - -
cd3cc111 by Jeremy Allison at 2020-08-04T08:51:42+00:00
s3: libsmb: Cleanup - reformatting resolve_ads() parameters inside internal_resolve_name().
No logic changes.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Isaac Boukris <iboukris at samba.org>
- - - - -
d42ba0b1 by Jeremy Allison at 2020-08-04T08:51:42+00:00
s3: libsmb: Cleanup - reformatting 2nd use of resolve_ads() parameters inside internal_resolve_name().
No logic change.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Isaac Boukris <iboukris at samba.org>
- - - - -
e8db4b09 by Jeremy Allison at 2020-08-04T08:51:42+00:00
s3: libsmb: Cleanup - reformatting resolve_lmhosts_file_as_sockaddr() parameters inside internal_resolve_name().
No logic changes.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Isaac Boukris <iboukris at samba.org>
- - - - -
1cb67bd3 by Jeremy Allison at 2020-08-04T08:51:42+00:00
s3: libsmb: Cleanup - reformatting resolve_wins() parameters inside internal_resolve_name().
No logic changes.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Isaac Boukris <iboukris at samba.org>
- - - - -
53474b57 by Jeremy Allison at 2020-08-04T08:51:42+00:00
s3: libsmb: Cleanup - reformatting name_resolve_bcast() parameters inside internal_resolve_name().
No logic changes.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Isaac Boukris <iboukris at samba.org>
- - - - -
f12cee23 by Jeremy Allison at 2020-08-04T08:51:42+00:00
s3: libsmb: Cleanup - put talloc parameter first in resolve_hosts().
No logic changes.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Isaac Boukris <iboukris at samba.org>
- - - - -
7ad92b37 by Jeremy Allison at 2020-08-04T08:51:42+00:00
s3/s4: Cleanup. Move TALLOC_CTX * parameter to be first in resolve_lmhosts_file_as_sockaddr() to match modern conventions.
No logic changes.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Isaac Boukris <iboukris at samba.org>
- - - - -
cef158a7 by Jeremy Allison at 2020-08-04T08:51:42+00:00
s3: libsmb: Cleanup - put talloc parameter first in resolve_wins().
No logic changes.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Isaac Boukris <iboukris at samba.org>
- - - - -
eaea3c0a by Jeremy Allison at 2020-08-04T08:51:42+00:00
s3: libsmb: Cleanup - put talloc parameter first in name_resolve_bcast().
No logic changes.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Isaac Boukris <iboukris at samba.org>
- - - - -
2297c883 by Jeremy Allison at 2020-08-04T08:51:42+00:00
s3: libsmb: Cleanup - ensure ss_list variables are initialized with NULL.
No logic changes.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Isaac Boukris <iboukris at samba.org>
- - - - -
97781fe0 by Jeremy Allison at 2020-08-04T08:51:42+00:00
s3: libsmb: Pass in TALLOC_CTX * parameter to resolve_ads() instead of creating one internally.
Pass in talloc_tos() to make it match the other resolve_XXX() functions.
No memory leaks as this is used for transient data and is cleaned up
when the calling frame in internal_resolve_name() is destroyed.
Preparing to have it return a talloc'ed struct sockaddr_storage array
rather than a malloc'ed struct ip_service array.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Isaac Boukris <iboukris at samba.org>
- - - - -
d0fa32bd by Jeremy Allison at 2020-08-04T08:51:42+00:00
s3: libsmb: Add in (currently unused) function dns_lookup_list().
This function takes a list of names returned from a DNS SRV
query which didn't have returned IP addresses and returns an
array of struct sockaddr_storage.
Currently synchronous, but this is the function that will
be changed to be asynchronous later.
Compiles but commented out for now so we don't get "unused
function" warnings.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Isaac Boukris <iboukris at samba.org>
- - - - -
d53ade5b by Jeremy Allison at 2020-08-04T08:51:43+00:00
s3: libsmb: Rewrite resolve_ads() to use the previously added dns_lookup_list() function.
Clean up internals - a LOT.
This one needs careful review. Ditch the (unused) port returns from
the SRV replies.
Internally uses talloc'ed arrays of struct sockaddr_storage
which it then convert to MALLOC'ed struct ip_service.
Still returns struct ip_service but this will be
fixed in the next commit.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Isaac Boukris <iboukris at samba.org>
- - - - -
ecaa4244 by Jeremy Allison at 2020-08-04T08:51:43+00:00
s3: libsmb: Change resolve_ads() to return a talloc'ed ss_list, matching the other name resolution methods.
Now we can move all the convert_ss2service() calls to one place.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Isaac Boukris <iboukris at samba.org>
- - - - -
03112db1 by Jeremy Allison at 2020-08-04T08:51:43+00:00
s3: libsmb: Now all resolution functions return a ss_list on success, we only need one local variable for this.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Isaac Boukris <iboukris at samba.org>
- - - - -
860510b1 by Jeremy Allison at 2020-08-04T10:13:53+00:00
s3: libsmb: Move all calls to convert_ss2service() to one place now all methods return a sockaddr_storage.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Isaac Boukris <iboukris at samba.org>
Autobuild-User(master): Isaac Boukris <iboukris at samba.org>
Autobuild-Date(master): Tue Aug 4 10:13:53 UTC 2020 on sn-devel-184
- - - - -
182cde4f by Ralph Boehme at 2020-08-05T10:17:06+00:00
lib: fix smb_strtox.[c|h] license header
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Wed Aug 5 10:17:06 UTC 2020 on sn-devel-184
- - - - -
ae56a07a by David Mulder at 2020-08-06T16:38:35+00:00
gpo: Test gpo hourly scripts apply
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
42f043ab by David Mulder at 2020-08-06T16:38:35+00:00
gpo: Apply Group Policy Hourly Scripts
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
63703c9a by David Mulder at 2020-08-06T16:38:35+00:00
gpo: Test gpo monthly scripts apply
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
1810e4f1 by David Mulder at 2020-08-06T16:38:35+00:00
gpo: Apply Group Policy Monthly Scripts
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
7e5c842c by David Mulder at 2020-08-06T16:38:35+00:00
gpo: Test gpo weekly scripts apply
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
b30a604f by David Mulder at 2020-08-06T16:38:35+00:00
gpo: Apply Group Policy Weekly Scripts
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
cd4efb95 by David Mulder at 2020-08-06T16:38:36+00:00
gpo: Move all scripts to a sub-category in samba.admx
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
edf4b6eb by David Mulder at 2020-08-06T16:38:36+00:00
gpo: Scripts extension use 'gp_' prefix, not 'tmp'
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
e387aa93 by David Mulder at 2020-08-06T16:38:36+00:00
gpo: Scripts gpo add warning about generated scripts
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
9679ba95 by David Mulder at 2020-08-06T16:38:36+00:00
gpo: Test Group Policy Sudo Rights
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
88b62661 by David Mulder at 2020-08-06T16:38:36+00:00
gpo: Apply Group Policy Sudo Rights
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
70a38eb5 by David Mulder at 2020-08-06T16:38:36+00:00
gpo: Test proper decoding of utf-16 inf files
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
0f3066ab by David Mulder at 2020-08-06T16:38:36+00:00
gpo: Properly decode utf-8/16 inf files from bytes
This code was python 2 specific (string handling
has changed dramatically in python 3), and didn't
correctly decode utf-16 in python3. We should
instead read the file as bytes, then attempt a
utf-8 decode (the default), and try utf-16 if
encountering a decode failure.
The existing code actually throws an exception on
the initial file read when the data is utf-16,
since it tries to decode the bytes to a utf-8
string.
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
f5202c7b by David Mulder at 2020-08-06T16:38:36+00:00
gpo: Add --rsop option to samba-gpupdate
This command prints the Resultant Set of Policy
for applicable GPOs, for either the Computer or
User policy (depending on the target specified).
Policy specific output must be implemented for
each client side extension.
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
5361f258 by David Mulder at 2020-08-06T16:38:36+00:00
gpo: Test samba-gpupdate --rsop
Test that the rsop command produces the expected
output.
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
1f631030 by David Mulder at 2020-08-06T16:38:36+00:00
gpo: Add RSOP output for Security Extension
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
bf74bf1c by David Mulder at 2020-08-06T16:38:36+00:00
gpo: Add RSOP output for Scripts Extension
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
89718761 by David Mulder at 2020-08-06T16:38:36+00:00
gpo: Extract Kerberos policy from Security extension
Rewrite the extension to be easier to understand,
and to remove references to gp_ext_setter.
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
627fb547 by David Mulder at 2020-08-06T16:38:36+00:00
gpo: Extract Access policy from Security extension
Rewrite the extension to be easier to understand,
and to remove references to gp_ext_setter.
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
d512b1a4 by David Mulder at 2020-08-06T18:01:49+00:00
gpo: Remove unused gp_ext_setter code
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Autobuild-User(master): David Mulder <dmulder at samba.org>
Autobuild-Date(master): Thu Aug 6 18:01:49 UTC 2020 on sn-devel-184
- - - - -
41beb510 by Volker Lendecke at 2020-08-06T19:00:36+00:00
libcli/ldap: Fix CID 1465278 Resource leak
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
de2a7574 by Volker Lendecke at 2020-08-06T19:00:36+00:00
libcli/ldap: Fix CID 1462696 Resource leak
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1b139de5 by Volker Lendecke at 2020-08-06T19:00:36+00:00
libcli/ldap: Fix CID 1462695 Resource leak
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
04b2db7d by Volker Lendecke at 2020-08-06T20:23:53+00:00
libsmb: Fix CID 1465656 Resource leak
This is very likely a false positive, because Coverity does not see
that we only assign "dns_addrs" when NT_STATUS_IS_OK(status), so we
might not want this. But it is a fresh finding and looks cleaner this
way.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Aug 6 20:23:53 UTC 2020 on sn-devel-184
- - - - -
ebaa0022 by Stefan Metzmacher at 2020-08-07T03:23:43+00:00
wafsamba: run SAMBA_GENERATOR('VERSION') with group='setup'
This means this is the first thing that's done.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
4e8f3fdf by Gary Lockyer at 2020-08-07T03:23:43+00:00
heimdal: Use #ifdef HAVE_DLOPEN around functions used only by HAVE_DLOPEN
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
1687813e by Gary Lockyer at 2020-08-07T03:23:43+00:00
heimdal: Use #ifdef HAVE_DLOPEN around function used by HAVE_DLOPEN
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
1663ada9 by Andrew Bartlett at 2020-08-07T03:23:43+00:00
heimdal: Exclude more of plugin.c if HAVE_DLOPEN (which Samba unsets) is not set
This allows us to avoid warnings and errors due to unsued variables
and functions.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
cb721715 by Gary Lockyer at 2020-08-07T03:23:43+00:00
Make HEIMDAL_WARN_UNUSED_RESULT_ATTRIBUTE available in krb5.h
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
e8f5a25f by Gary Lockyer at 2020-08-07T03:23:43+00:00
heimdal_build: Include keys.c in the hdb autoproto
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
8a148193 by Gary Lockyer at 2020-08-07T03:23:43+00:00
heimdal_build: provide a prototype with the dummy afs header-only function stubs
We do not do AFS in Samba
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
c51c1514 by Andrew Bartlett at 2020-08-07T03:23:44+00:00
Compile .l files (flex) with the waf rule at runtime
Other parts of Samba already compile these directly.
This makes these files compile with modern compiler warnings.
The primary difference (other than being built with a newer
flex) is the loss of the #include "config.h" but
this is not used in the other .l files elsewehre and does not
seem to matter on modern systems.
The generated output from compile_et asn1_compile has not changed
(so I think the hx509 case is safe).
The mdssvc case just has changed file locations and line numbers.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
fb041236 by Gary Lockyer at 2020-08-07T03:23:44+00:00
heimdal_build: Do not allow warnings in the heimdal code!
(const excepted)
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Updated to 2020 requirements since changes in
13a2f70a4dd6dd68e0dbd0379d35409c5f100f06
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d4a9e882 by Andrew Bartlett at 2020-08-07T03:23:44+00:00
Revert "build: fix the coverage build"
This reverts commit 3e072b3fb78f0d3132b1d3ce719b8f3706e8491a.
This is no longer required now that --noline is set globally
and that is a much nicer solution.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
b063bbf8 by Andrew Bartlett at 2020-08-07T03:23:44+00:00
heimdal_build: Add missing dependency on heimbase
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
9b706650 by Andrew Bartlett at 2020-08-07T03:23:44+00:00
selftest: Work around existing CA certificates to get PKINIT tests working
This could be reverted in the future, but for now the certificate validation is not what
we are testing and this allows the heimdal upgrade to work.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
889c461c by Andrew Bartlett at 2020-08-07T03:23:44+00:00
kdc: Remind us that these values need to match other values
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
bf16cd72 by Douglas Bagnall at 2020-08-07T03:23:44+00:00
ndr: fix ndr_pull_string_array() off by one alloc
The correct line should have been
talloc_realloc(ndr->current_mem_ctx, a, const char *, count + 2);
because if the loop does not increment count on exit (it exits via
break), so count is left pointing at the thing that just got put in.
i.e., if there was one item it is at a[0], count is 0, but we also
need the trailing NULL byte at a[1] and the length is 2. Thus + 2, not
+ 1.
This will not affect ordinary (that is, non-malicious) traffic,
because talloc_realloc will not actually realloc unless it is saving a
kilobyte. Since the allocation grows slowly with the exponent ~1.25,
the actual reallocs will start happening at some point between 512 and
1024 items.
In the example we have, there were 666 pointers, and space for 824 was
allocated.
Rather than doing the +2 realloc, it is simpler to leave it off
altogether; in the common case (<512 items) it is a no-op anyway, and
in the best possible case it reduces the temporary array by 20%.
Credit to OSS-Fuzz.
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24646
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
fc83b470 by Douglas Bagnall at 2020-08-07T04:44:17+00:00
libprc/test: add pull_string_array large array test
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Douglas Bagnall <dbagnall at samba.org>
Autobuild-Date(master): Fri Aug 7 04:44:17 UTC 2020 on sn-devel-184
- - - - -
47c1b874 by Jeremy Allison at 2020-08-07T06:34:36+00:00
lib: addns: Add code for asynchronously looking up A records.
Returns an array of struct samba_sockaddr.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
a1b90237 by Jeremy Allison at 2020-08-07T06:34:36+00:00
lib: addns: Add code for asynchronously looking up AAAA records.
Returns an array of struct samba_sockaddr.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
b3671de4 by Jeremy Allison at 2020-08-07T06:34:36+00:00
s3: net: Add new 'net ads dns async <name>' command.
Will test the async DNS lookups in the next commit.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
156f1dfc by Jeremy Allison at 2020-08-07T06:34:36+00:00
s4: tests: Add new async DNS unit test - samba4.blackbox.net_ads_dns_async(ad_member:local).
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
8a140391 by Jeremy Allison at 2020-08-07T06:34:37+00:00
s3: Parameters. Add 'async dns timeout' parameter. Default to 10. Minimum value 1.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
5ffcd883 by Jeremy Allison at 2020-08-07T06:34:37+00:00
s3: libsmb: Add dns_lookup_list_async() - not yet used.
Take a list of hostnames and does async A and AAAA (if
supported) lookups on them. Interface compatible with
dns_lookup_list() (with the addition of one extra
parameter returning the query name list, for use inside
dsgetdcname() internals later) and we'll replace it in the next
commit. Waits for lp_get_async_dns_timeout() seconds to complete.
Commented out as not yet used.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
bc307f1e by Jeremy Allison at 2020-08-07T06:34:37+00:00
s3: libsmb: Use dns_lookup_list_async() instead of dns_lookup_list().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
f87ce5b0 by Jeremy Allison at 2020-08-07T06:34:37+00:00
s3: libsmb: Remove dns_lookup_list(). No longer used.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
6411c64d by Jeremy Allison at 2020-08-07T06:34:37+00:00
s3: libsmb: Make dns_lookup_list_async() available to other Samba callers..
This allows the async DNS lookups to be re-used inside the dsgetdcname() internals
code as previously described.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
d882add6 by Jeremy Allison at 2020-08-07T06:34:37+00:00
s3: libsmb: Make discover_dc_dns() use async DNS.
Change to call dns_lookup_list_async(). This is
doing the samba SRV lookup followed by A and AAAA
record host lookup as resolve_ads() does and so
benefits from the same changes to make it async.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
3b13d4d6 by Jeremy Allison at 2020-08-07T06:34:37+00:00
s3: libsmb: Add utility function sockaddr_storage_to_samba_sockaddr().
As requested by Andreas and Metze, ensure new code uses
struct samba_sockaddr. This is part of changing dns_lookup_list_async()
and callers to use struct samba_sockaddr.
Currently putting this into namequery.c even though it's
used inside dsgetdcname.c as I have future patches that
heavily make use of this to convert sockaddr_storage -> samba_sockaddr..
I'm not committed to putting it here, it may fit better
in lib/util/util_net.[ch]. It just needs to be somewhere
other functions inside source/libsmb/*.c can get to it,
and currently namequery.h exports the most stuff.
Not yet used.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
eb5a4738 by Jeremy Allison at 2020-08-07T06:34:37+00:00
s3: libsmb: Change dns_lookup_list_async() and associated functions to return a struct samba_sockaddr * array.
This fullfills the promise to Andreas and Metze
of all new code using struct samba_sockaddr.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
1b42b79c by Jeremy Allison at 2020-08-07T06:34:37+00:00
s3: libsmb: Cleanup - Move dsgetdcname.c to using struct samba_sockaddr internally.
Mostly renames of ss -> sa and access union members. No logic changes.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
6a9c7859 by Jeremy Allison at 2020-08-07T07:58:13+00:00
s3: libsmb: Cleanup - Remove the last use of a struct sockaddr_storage variable in dsgetdcname.c
Remove from process_dc_netbios().
This is a logic change, but as all the logic did was force a round-trip
through converting an already guaranteed numeric hostname printed by
print_sockaddr() inside discover_dc_netbios() to a struct
sockaddr_storage and then discard the result (!) I think it's harmless.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Fri Aug 7 07:58:14 UTC 2020 on sn-devel-184
- - - - -
19ef9c40 by Stefan Metzmacher at 2020-08-08T09:36:28+00:00
s3:rpc_client: reverse rpccli_{is_connected,set_timeout}() and rpccli_bh_{is_connected,set_timeout}()
rpccli->transport should never be used directly,
everything should go via the binding handle.
Internal pipes don't have a transport, so p->transport is always
NULL. rpccli_is_connected() checks this and this causes all SAMR and LSA
requests for the local domain to be processed a second time by the triggered
retry logic.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14457
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
f50987df by Ralph Boehme at 2020-08-08T10:59:38+00:00
winbind: directly use dcerpc_binding_handle_is_connected() in reset_connection_on_error() SAMR code
In the end we should avoid rpccli_is_connected(), rpccli_set_timeout() and the
whole rpc_pipe_client concept.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14457
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Ralph Boehme <slow at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Sat Aug 8 10:59:38 UTC 2020 on sn-devel-184
- - - - -
a97c78fb by Stefan Metzmacher at 2020-08-09T00:30:26+00:00
lzxpress: add bounds checking to lzxpress_decompress()
lzxpress_decompress() would wander past the end of the array in
numerous locations.
Credit to OSS-Fuzz.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14190
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19382
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20083
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22485
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22667
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall at samba.org>
Autobuild-Date(master): Sun Aug 9 00:30:26 UTC 2020 on sn-devel-184
- - - - -
08909e66 by Isaac Boukris at 2020-08-11T09:32:34+00:00
Revert "selftest: add tests for net-ads over TLS"
As we are removing the option.
This reverts commit 10f61cd39b9e03e7bb781edf04022ea6ae1f1cac.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14462
Signed-off-by: Isaac Boukris <iboukris at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
32eb7f39 by Isaac Boukris at 2020-08-11T10:53:05+00:00
Remove depracated "ldap ssl ads" smb.conf option
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14462
Signed-off-by: Isaac Boukris <iboukris at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Isaac Boukris <iboukris at samba.org>
Autobuild-Date(master): Tue Aug 11 10:53:05 UTC 2020 on sn-devel-184
- - - - -
323073f4 by Douglas Bagnall at 2020-08-11T16:37:35+00:00
python compat: remove integer_types
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
9cc65a55 by Douglas Bagnall at 2020-08-11T16:37:35+00:00
python compat: remove string_types
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
4d9d63b0 by Douglas Bagnall at 2020-08-11T16:37:35+00:00
python compat: remove StringIO
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
bcaf076d by Douglas Bagnall at 2020-08-11T16:37:35+00:00
python compat: reduce use of 'if PY3:'
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
ace50380 by Douglas Bagnall at 2020-08-11T16:37:35+00:00
python compat: remove binary_type
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
f0860de5 by Douglas Bagnall at 2020-08-11T16:37:35+00:00
python compat: remove text_type
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
9aa6b0cd by Volker Lendecke at 2020-08-11T18:00:26+00:00
libsmb: Fix CID 1465860 Control flow issues (DEADCODE)
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
Autobuild-User(master): Noel Power <npower at samba.org>
Autobuild-Date(master): Tue Aug 11 18:00:26 UTC 2020 on sn-devel-184
- - - - -
9f7ef21e by Matthew DeVore at 2020-08-15T07:30:30+00:00
s3: lib: Fix unneeded relative path in #include.
Signed-off-by: Matthew DeVore <matvore at google.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
53a1d034 by Matthew DeVore at 2020-08-15T08:51:09+00:00
lib/util: Standardize use of st_[acm]time ns
Commit 810397f89a10, and possibly others, broke the build for macOS and
other environments which don't have st_[acm]tim fields on 'struct stat'.
Multiple places in the codebase used the config.h values to determine
how to access the nanosecond or microsecond values of the stat
timestamps, so rather than add more, centralize them all into
lib/util/time.c.
Also allow pvfs_fileinfo.c to read nanosecond-granularity timestamps on
platforms where it didn't before, since its #if branches were not
complete.
Signed-off-by: Matthew DeVore <matvore at google.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Sat Aug 15 08:51:09 UTC 2020 on sn-devel-184
- - - - -
672212ce by Christof Schmitt at 2020-08-16T05:45:35+00:00
util: Allow symlinks in directory_create_or_exist
Commit 9f60a77e0b updated the check to avoid having files or other
objects instead of a directory. This missed the valid case that there
might be a symlink to a directory. Updated the check accordingly to
allow symlinks to directories.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14166
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
e89ec78e by Christof Schmitt at 2020-08-16T07:06:59+00:00
util: Add cmocka unit test for directory_create_or_exists
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14166
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Sun Aug 16 07:06:59 UTC 2020 on sn-devel-184
- - - - -
971c20e9 by Martin Schwenke at 2020-08-17T04:51:32+00:00
ctdb-tools: Drop "ctdb isnotrecmaster" command
This isn't used anywhere and can easily be checked via "ctdb pnn" and
"ctdb recmaster" commands.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
8baf4791 by Martin Schwenke at 2020-08-17T04:51:32+00:00
WHATSNEW: Document removal of "ctdb isnotrecmaster" command
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
0cb61c6f by Martin Schwenke at 2020-08-17T06:13:11+00:00
ctdb-doc: Link to CTDB page in wiki
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay at samba.org>
Autobuild-Date(master): Mon Aug 17 06:13:11 UTC 2020 on sn-devel-184
- - - - -
86ab4676 by Volker Lendecke at 2020-08-17T09:46:36+00:00
ldap_server: Avoid talloc_memdup() for ldap_decode()
Slight optimization for the ldap server: We don't need to copy the
client PDU into the ASN1 struct, the decoding process happens
immediately in the same routine.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
3514e410 by Volker Lendecke at 2020-08-17T11:10:04+00:00
ldap_server: Do an early TALLOC_FREE()
We don't need the asn1 struct after this point anymore
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Mon Aug 17 11:10:04 UTC 2020 on sn-devel-184
- - - - -
2e7f3e5e by Volker Lendecke at 2020-08-17T19:35:37+00:00
lib: Move send_keepalive() to smbd/smb1_utils.c
This is a SMB1-only packet sent from smbd only
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
2ccc9df4 by Volker Lendecke at 2020-08-17T19:35:37+00:00
lib: Move read_udp_v4_socket() to nmbd
This is the only consumer of it
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
630f228f by Volker Lendecke at 2020-08-17T19:35:37+00:00
lib: Remove unused open_udp_socket()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
de03dba4 by Volker Lendecke at 2020-08-17T19:35:37+00:00
lib: Remove unused client_addr()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d5cca8d0 by Volker Lendecke at 2020-08-17T19:35:37+00:00
lib: Remove unused client_socket_addr()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
b0d270d9 by Volker Lendecke at 2020-08-17T19:35:37+00:00
lib: Align integer types in same_net()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f3c43c65 by Volker Lendecke at 2020-08-17T19:35:37+00:00
lib: Remove unused client_socket_port()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
753b6cc5 by Volker Lendecke at 2020-08-17T19:35:37+00:00
lib: Move get_socket_port() to its only consumer
This is only used in netbios_session_retarget()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
2d29bb42 by Volker Lendecke at 2020-08-17T19:35:37+00:00
test: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
acd8de28 by Volker Lendecke at 2020-08-17T19:35:37+00:00
auth_log_test: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
af34a411 by Volker Lendecke at 2020-08-17T19:35:37+00:00
gensec: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
5416fd2c by Volker Lendecke at 2020-08-17T19:35:37+00:00
torture: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a6e506af by Volker Lendecke at 2020-08-17T19:35:37+00:00
torture: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
07c64844 by Volker Lendecke at 2020-08-17T19:35:37+00:00
torture: Align a few integer types
Also move a variable closer to its use
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
4f3ab0e9 by Volker Lendecke at 2020-08-17T19:35:37+00:00
ldap_server: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f05f4031 by Volker Lendecke at 2020-08-17T19:35:38+00:00
Fix a comment typo copied around
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
6c42bc48 by Volker Lendecke at 2020-08-17T19:35:38+00:00
tests: Fix typos
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
546a0f99 by Volker Lendecke at 2020-08-17T20:59:51+00:00
auth: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon Aug 17 20:59:51 UTC 2020 on sn-devel-184
- - - - -
d3ff49f4 by Andrew Bartlett at 2020-08-18T00:10:39+00:00
selftest: Add test for suppression of deprecation warnings
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14460
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
d14cc45c by Andrew Bartlett at 2020-08-18T00:10:40+00:00
param: Allow tests to silence deprecation warnings
This helps make output sensitive tests more reliable.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14460
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
9e212dd1 by Andrew Bartlett at 2020-08-18T00:10:40+00:00
selftest: Do not let deprecated option warnings muck this test up
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14460
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
c6aa710f by Andrew Bartlett at 2020-08-18T00:10:40+00:00
docs: Deprecate NT4-like domains and SMBv1-only protocol options
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14460
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
1b85db57 by Andrew Bartlett at 2020-08-18T00:10:40+00:00
docs: deprecate "client use spnego"
This parameter is appicable only to SMBv1 and we are deprecating SMBv1 specific
authentication options for possible removal.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14460
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
ac8e5ea2 by Andrew Bartlett at 2020-08-18T00:10:40+00:00
docs: deprecate "client lanman auth"
This parameter is appicable only to SMBv1 and we are deprecating SMBv1 specific
authentication options for possible removal.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14460
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
5543c11c by Andrew Bartlett at 2020-08-18T00:10:40+00:00
docs: deprecate "client NTLMv2 auth"
This parameter is appicable only to SMBv1 and we are deprecating SMBv1 specific
authentication options for possible removal.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14460
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
37583b19 by Andrew Bartlett at 2020-08-18T00:10:40+00:00
docs: deprecate "client plaintext auth"
This parameter is appicable only to SMBv1 and we are deprecating SMBv1 specific
authentication options for possible removal.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14460
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
8c9d9441 by Andrew Bartlett at 2020-08-18T00:10:40+00:00
docs: deprecate "raw NTLMv2 auth"
This parameter is appicable only to SMBv1 and we are deprecating SMBv1 specific
authentication options for possible removal.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14460
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
20606fd0 by Andrew Bartlett at 2020-08-18T01:32:21+00:00
WHATSNEW: list deprecated parameters
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14460
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Tue Aug 18 01:32:21 UTC 2020 on sn-devel-184
- - - - -
52f520d3 by Martin Schwenke at 2020-08-18T05:02:25+00:00
ctdb-recoverd: Basic cleanups for get_remote_nodemaps()
Don't log an error on failure - let the caller can do this. Apart
from this: fix up coding style and modernise the remaining error
message.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14466
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
d2d90f25 by Martin Schwenke at 2020-08-18T05:02:25+00:00
ctdb-recoverd: Fix a local memory leak
The memory is allocated off the memory context used by the current
iteration of main loop. It is freed when main loop completes the fix
doesn't require backporting to stable branches. However, it is sloppy
so it is worth fixing.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14466
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
3324dd27 by Martin Schwenke at 2020-08-18T05:02:25+00:00
ctdb-recoverd: Change signature of get_remote_nodemaps()
Change 1st argument to a rec context, since this will be needed later.
Drop the nodemap argument and access it via rec->nodemap instead.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14466
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
2eaa0af6 by Martin Schwenke at 2020-08-18T05:02:25+00:00
ctdb-recoverd: Move memory allocation into get_remote_nodemaps()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14466
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
a079ee31 by Martin Schwenke at 2020-08-18T05:02:25+00:00
ctdb-recoverd: Add an intermediate state struct for nodemap fetching
This will allow an error callback to be added.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14466
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
10ce0dbf by Martin Schwenke at 2020-08-18T05:02:25+00:00
ctdb-recoverd: Add fail callback to assign banning credits
Also drop error handling in main_loop() that is replaced by this
change.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14466
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
368c83bf by Martin Schwenke at 2020-08-18T05:02:25+00:00
ctdb-recoverd: Fix node_pnn check and assignment of nodemap into array
This array is indexed by the same index as nodemap, not the PNN.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14466
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
762d1d8a by Martin Schwenke at 2020-08-18T05:02:25+00:00
ctdb-recoverd: Change get_remote_nodemaps() to use connected nodes
The plan here is to use the nodemaps retrieved by get_remote_nodes()
in update_local_flags(). This will improve efficiency, since
get_remote_nodes() fetches flags from nodes in parallel. It also
means that get_remote_nodes() can be used exactly once early on in
main_loop() to retrieve remote nodemaps. Retrieving nodemaps multiple
times is unnecessary and racy - a single monitoring iteration should
not fetch flags multiple times and compare them.
This introduces a temporary behaviour change but it will be of no
consequence when the above changes are made.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14466
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
d50919b0 by Martin Schwenke at 2020-08-18T05:02:25+00:00
ctdb-recoverd: Do not fetch the nodemap from the recovery master
The nodemap has already been fetched from the local node and is
actually passed to this function. Care must be taken to avoid
referencing the "remote" nodemap for the recovery master. It also
isn't useful to do so, since it would be the same nodemap.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14466
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
910a0b3b by Martin Schwenke at 2020-08-18T05:02:25+00:00
ctdb-recoverd: Get remote nodemaps earlier
update_local_flags() will be changed to use these nodemaps.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14466
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
702c7c49 by Martin Schwenke at 2020-08-18T05:02:25+00:00
ctdb-recoverd: Change update_local_flags() to use already retrieved nodemaps
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14466
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
4aa8e72d by Martin Schwenke at 2020-08-18T05:02:25+00:00
ctdb-recoverd: Rename update_local_flags() -> update_flags()
This also updates remote flags so the name is misleading.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14466
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
8bb6a660 by Martin Schwenke at 2020-08-18T06:24:11+00:00
ctdb-recoverd: Broadcast takeover run message when verifying IPs
This makes it consistent with the monitoring code. If the master has
changed then this means the master will always get the message.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay at samba.org>
Autobuild-Date(master): Tue Aug 18 06:24:11 UTC 2020 on sn-devel-184
- - - - -
0535a265 by Jeremy Allison at 2020-08-18T08:25:39+00:00
s3: libads: Add utility function ads_zero_ldap().
When initializing or re-initializing the ldap part of the ADS_STRUCT,
we should call this to ensure that ads->ldap.ss is correctly recognized
as a zero IPaddr by is_zero_addr(). It zeros out the ads->ldap but
then adds zero_sockaddr() to initialize as AF_INET. Otherwise it's
left by accident as AF_UNSPEC (0).
Not yet used.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
61895749 by Jeremy Allison at 2020-08-18T08:25:39+00:00
s3: libads: Where we implicitly zero out ads->ldap in ads_init() or ads_destroy() ensure we call ads_zero_ldap() after.
For ads_destroy(), this has a mode where the memory is not destroyed
but is being re-initialized. Horrid, but that's the way it works right
now.
This clears out the memory, but also leaves ads->ldap as a valid (zero) IPaddr.
Otherwise it's left by accident as AF_UNSPEC (0).
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
6b47f3db by Jeremy Allison at 2020-08-18T08:25:39+00:00
s3: libads: In ads_connect(), and ads_disconnect(), replace ZERO_STRUCT(ads->ldap) with calls to ads_zero_ldap(ads)
This clears out the memory, but also leaves ads->ldap as a valid (zero) IPaddr.
Otherwise it's left by accident as AF_UNSPEC (0).
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
c863cc2b by Jeremy Allison at 2020-08-18T08:25:39+00:00
s3: libads: ads_connect can be passed in an ADS_STRUCT with an existing IP address.
ads_connect can be passed in a reused ADS_STRUCT
with an existing ads->ldap.ss IP address that
is stored by going through ads_find_dc()
if ads->server.ldap_server was NULL.
If ads->server.ldap_server is still NULL but
the target address isn't a zero ip address,
then store it off before zeroing out ads->ldap
so we don't keep doing multiple calls to
ads_find_dc() in the reuse case.
If a caller wants a clean ADS_STRUCT they
will re-initialize by calling ads_init(), or
call ads_destroy() both of which ensures
ads->ldap.ss is a correctly zero'ed out IP address
by using ads_zero_ldap().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
1d066f37 by Jeremy Allison at 2020-08-18T08:25:39+00:00
s3: libads: Don't re-do DNS lookups in ads_current_time() if not needed.
ADS_STRUCT may be being reused after a
DC lookup from ads_find_dc(), so ads->ldap.ss may already have a
good address (even if ads->server.ldap_server == NULL).
Only re-initialize the ADS_STRUCT and redo the ads_find_fc()
DNS lookups if we have to.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
cf0cfa03 by Jeremy Allison at 2020-08-18T09:46:28+00:00
s3: libads: Don't re-do DNS lookups in ads_domain_func_level() if not needed.
ADS_STRUCT may be being reused after a
DC lookup from ads_find_dc(), so ads->ldap.ss may already have a
good address (even if ads->server.ldap_server == NULL).
Only re-initialize the ADS_STRUCT and redo the ads_find_fc()
DNS lookups if we have to.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Tue Aug 18 09:46:28 UTC 2020 on sn-devel-184
- - - - -
53b6dd95 by Andreas Schneider at 2020-08-19T05:21:40+00:00
s3:tests: Add test for 'valid users = DOMAIN\%U'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14467
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
5de7c91e by Andreas Schneider at 2020-08-19T06:43:10+00:00
s3:smbd: Fix %U substitutions if it contains a domain name
'valid users = DOMAIN\%U' worked with Samba 3.6 and broke in a newer
version.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14467
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Wed Aug 19 06:43:10 UTC 2020 on sn-devel-184
- - - - -
cf432bd4 by Andreas Schneider at 2020-08-19T16:22:39+00:00
libcli:smb2: Do not leak ptext on error
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
46142d83 by Andreas Schneider at 2020-08-19T16:22:40+00:00
libcli:smb2: Use talloc NULL context if we don't have a stackframe
If we execute this code from python we don't have a talloc stackframe
around and segfault with talloc_tos().
To fix the crash we use the NULL context as we take care for freeing the
memory as soon as possible.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
e9135035 by Stefan Metzmacher at 2020-08-19T16:22:40+00:00
auth:creds: Introduce CRED_SMB_CONF
We have several places where we check '> CRED_UNINITIALISED',
so we better don't use CRED_UNINITIALISED for values from
our smb.conf.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
bd5a8887 by Andreas Schneider at 2020-08-19T16:22:40+00:00
param: Add 'server smb encrypt' parameter
And this also makes 'smb encrypt' a synonym of that.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
f03bb8ad by Andreas Schneider at 2020-08-19T16:22:40+00:00
param: Create and use enum_smb_encryption_vals
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
58e31f78 by Andreas Schneider at 2020-08-19T16:22:40+00:00
s3:smbd: Use 'enum smb_encryption_setting' values
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
5a733c3c by Andreas Schneider at 2020-08-19T16:22:40+00:00
docs-xml: Add 'client smb encrypt'
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
93e97d5a by Andreas Schneider at 2020-08-19T16:22:40+00:00
lib:param: Add lpcfg_parse_enum_vals()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
e5247190 by Andreas Schneider at 2020-08-19T16:22:40+00:00
libcli:smb: Add smb_signing_setting_translate()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
4bf8a667 by Andreas Schneider at 2020-08-19T16:22:40+00:00
libcli:smb: Add smb_encryption_setting_translate()
Add encryption enum and function to avoid confusion when reading the
code.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
b0ae876a by Andreas Schneider at 2020-08-19T16:22:40+00:00
s3:lib: Use smb_signing_setting_translate for cmdline parsing
The function will be removed soon.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
59a1272a by Andreas Schneider at 2020-08-19T16:22:40+00:00
auth:creds: Remove unused credentials autoproto header
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
58e0abc5 by Andreas Schneider at 2020-08-19T16:22:40+00:00
auth:creds: Add cli_credentials_(get|set)_smb_signing()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
098774b2 by Andreas Schneider at 2020-08-19T16:22:40+00:00
auth:creds: Add python bindings for (get|set)_smb_signing
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
71d65278 by Andreas Schneider at 2020-08-19T16:22:41+00:00
auth:creds: Add cli_credentials_(get|set)_smb_ipc_signing()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
ef12caea by Andreas Schneider at 2020-08-19T16:22:41+00:00
auth:creds: Add python bindings for (get|set)_smb_ipc_signing
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
836c5e01 by Andreas Schneider at 2020-08-19T16:22:41+00:00
auth:creds: Add cli_credentials_(get|set)_smb_encryption()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
66c9c68b by Andreas Schneider at 2020-08-19T16:22:41+00:00
auth:creds: Add python bindings for (get|set)_smb_encryption
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
84f1e468 by Andreas Schneider at 2020-08-19T16:22:41+00:00
auth:creds: Add python bindings for cli_credentials_set_conf()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
0188885a by Andreas Schneider at 2020-08-19T16:22:41+00:00
auth:creds: Bump library version
We added new functions so bump the version.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
be9e60ef by Andreas Schneider at 2020-08-19T16:22:41+00:00
s3:lib: Use cli_credential_(get|set)_smb_signing()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
34a81eca by Andreas Schneider at 2020-08-19T16:22:41+00:00
s3:lib: Set smb encryption also via cli creds API
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
d55950b8 by Andreas Schneider at 2020-08-19T16:22:41+00:00
python: Remove unused sign argument from smb_connection()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
946e43f0 by Andreas Schneider at 2020-08-19T16:22:41+00:00
python: Set smb signing via the creds API
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
c58a301c by Andreas Schneider at 2020-08-19T16:22:41+00:00
s3:libsmb: Introduce CLI_FULL_CONNECTION_IPC
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
8c06dc13 by Andreas Schneider at 2020-08-19T16:22:41+00:00
s3:pylibsmb: Add ipc=True support for CLI_FULL_CONNECTION_IPC
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
1a74c790 by Andreas Schneider at 2020-08-19T16:22:42+00:00
python:tests: Mark libsmb connection as an IPC connection
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
67323b1f by Andreas Schneider at 2020-08-19T16:22:42+00:00
python:tests: Set smb ipc signing via the creds API
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
62a4705d by Andreas Schneider at 2020-08-19T16:22:42+00:00
s3:libsmb: Use 'enum smb_signing_setting' in cliconnect.c
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
6f552204 by Andreas Schneider at 2020-08-19T16:22:42+00:00
s3:client: Turn off smb signing for message op
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
886f245a by Andreas Schneider at 2020-08-19T16:22:42+00:00
s3:libsmb: Remove signing_state from cli_full_connection_creds_send()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
ba04151a by Andreas Schneider at 2020-08-19T16:22:42+00:00
s3:libsmb: Remove signing_state from cli_full_connection_creds()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
8a5bc0a6 by Stefan Metzmacher at 2020-08-19T16:22:42+00:00
s3:libsmb: Add encryption support to cli_full_connection_creds*()
Pair-Programmed-With: Andreas Schneider <asn at samba.org>
Signed-off-by: Andreas Schneider <asn at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
5bff7a06 by Andreas Schneider at 2020-08-19T16:22:42+00:00
python: Add a test for SMB encryption
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
1acc6408 by Andreas Schneider at 2020-08-19T16:22:42+00:00
s3:net: Use cli_credentials_set_smb_encryption()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
d0062d31 by Andreas Schneider at 2020-08-19T16:22:42+00:00
s3:libsmb: Use cli_credentials_set_smb_encryption()
This also adds a SMBC_ENCRYPTLEVEL_DEFAULT to 'enum
smbc_smb_encrypt_level' in order to use the smb.conf default value.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
5698fb41 by Andreas Schneider at 2020-08-19T16:22:42+00:00
s3:client: Remove unused smb encryption code
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
0d0a3bbc by Andreas Schneider at 2020-08-19T16:22:42+00:00
s3:utils: Remove obsolete force encryption from smbacls
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
85e2660b by Andreas Schneider at 2020-08-19T16:22:42+00:00
s3:utils: Remove obsolete force encryption from mdfind
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
2bf58f18 by Andreas Schneider at 2020-08-19T16:22:43+00:00
s3:utils: Remove obsolete force encryption from smbcquotas
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
29504508 by Andreas Schneider at 2020-08-19T16:22:43+00:00
s3:rpcclient: Remove obsolete force encryption from rpcclient
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
d7c3d86f by Andreas Schneider at 2020-08-19T16:22:43+00:00
examples: Remove obsolete force encryption from smb2mount
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
dd1cacb6 by Andreas Schneider at 2020-08-19T16:22:43+00:00
s3:libsmb: Make cli_cm_force_encryption_creds() static
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
e2287011 by Andreas Schneider at 2020-08-19T16:22:43+00:00
s4:libcli: Return NTSTATUS errors for smb_composite_connect_send()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
7387c1da by Andreas Schneider at 2020-08-19T16:22:43+00:00
s4:libcli: Return if encryption is requested for SMB1
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
6454ed76 by Andreas Schneider at 2020-08-19T16:22:43+00:00
s3:libcli: Split out smb2_connect_tcon_start()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
d546dd1e by Andreas Schneider at 2020-08-19T16:22:43+00:00
s4:libcli: Add smb2_connect_enc_start()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
81052e41 by Andreas Schneider at 2020-08-19T16:22:43+00:00
s4:libcli: Require signing for SMB encryption
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
7e3ceaec by Andreas Schneider at 2020-08-19T17:46:28+00:00
python:tests: Add test for SMB encrypted DCERPC connection
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Wed Aug 19 17:46:28 UTC 2020 on sn-devel-184
- - - - -
a9b6a837 by Günther Deschner at 2020-08-20T12:55:23+00:00
docs: Add missing winexe manpage
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14318
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Thu Aug 20 12:55:23 UTC 2020 on sn-devel-184
- - - - -
0a526483 by Volker Lendecke at 2020-08-20T17:20:29+00:00
torture: Add subunit output to ldap.basic test
The next commit will make this fail, and we need to detect this in
knownfail.d/ldap. Without subunit output filter-subunit won't find it..
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
0c36316e by Volker Lendecke at 2020-08-20T17:20:29+00:00
torture: Pass DN and password to ldap.basic test
Without this, test_multibind() only gets NULL for userdn and password,
not doing what the test claims. This now fails, because our LDAP
server does not allow plain text binds.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c5e85f4b by Volker Lendecke at 2020-08-20T17:20:29+00:00
torture: Inline test_bind_simple()
Avoid losing the specific error code with this simple wrapper function
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ef57bc6d by Volker Lendecke at 2020-08-20T18:44:49+00:00
torture: Fix ldap.basic multibind test
It gets LDAP_STRONG_AUTH_REQUIRED from current AD servers
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Aug 20 18:44:49 UTC 2020 on sn-devel-184
- - - - -
7dc53599 by Andrew Bartlett at 2020-08-20T22:49:25+00:00
bootstrap: Fix spelling of README.md
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: David Mulder <dmulder at suse.com>
- - - - -
0573c13d by Andrew Bartlett at 2020-08-20T22:49:25+00:00
bootstrap: Fix python dependencies
Python2 dependencies are removed and the RPM name of python-iso8601
is added to allow removal from third_party.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: David Mulder <dmulder at suse.com>
- - - - -
091e1126 by Andrew Bartlett at 2020-08-20T22:49:26+00:00
Remove pyiso8601 from third_party
The trend has been to remove widely available packages from third_party/
This module is both widely available, and only needed for --enable-selftest
It is, strangely enough, a BuildDependes in the RHEL/Fedora packages
just to stop it being installed in third_party.
The check for iso8601 being available is moved to python/wscript
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: David Mulder <dmulder at suse.com>
- - - - -
2420b7c6 by Andrew Bartlett at 2020-08-20T22:49:26+00:00
python: Add checks for some more required python packages
This catches the most important packages we require, but
this may not be the full list.
python-gpg is not listed as we have a big workaround handler
for this in samba-tool.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: David Mulder <dmulder at suse.com>
- - - - -
4dbe8d11 by Andrew Bartlett at 2020-08-21T00:12:51+00:00
python: Remove remaining references to third_party python libs
For now at least we do not have any in third_party.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: David Mulder <dmulder at suse.com>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Fri Aug 21 00:12:52 UTC 2020 on sn-devel-184
- - - - -
c8c2f8ba by Volker Lendecke at 2020-08-21T19:14:32+00:00
build: Wrap a long line
There will be another entry in the next commit
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14465
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
35c4bb0b by Volker Lendecke at 2020-08-21T19:14:32+00:00
torture: Test ldap session expiry
LDAP connections should time out when the kerberos ticket used to authenticate
expires. Windows does this with a RFC4511 section 4.4.1 message (that as of
August 2020 is encoded not according to the RFC) followed by a TCP disconnect.
ldb sees the section 4.4.1 as a protocol violation and returns
LDB_ERR_PROTOCOL_ERROR.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14465
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
77f72fb0 by Volker Lendecke at 2020-08-21T19:14:32+00:00
ldap_server: Add the krb5 expiry to conn->limits
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14465
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
eb72f887 by Volker Lendecke at 2020-08-21T19:14:32+00:00
ldap_server: Terminate LDAP connections on krb ticket expiry
See RFC4511 section 4.4.1 and
https://lists.samba.org/archive/cifs-protocol/2020-August/003515.html
for details: Windows terminates LDAP connections when the krb5 ticket
expires, Samba should do the same. This patch slightly deviates from
Windows behaviour by sending a LDAP exop response with msgid 0 that is
ASN1-encoded conforming to RFC4511.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14465
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
b85dbc9c by Volker Lendecke at 2020-08-21T19:14:32+00:00
tldap: Only free() ld->pending if "req" is part of it
Best reviewed with "git show -U10". We need to check that "req" is
actually the last request that is being freed before freeing the whole
array.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14465
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
f816ccb8 by Volker Lendecke at 2020-08-21T19:14:33+00:00
tldap: Fix tldap_msg_received()
The callback of "req" might have destroyed "ld", we can't reference
this anymore after calling tevent_req_done(req). Defer calling the
callbacks, which also means that the callbacks can't have added
anything to ld->pending.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14465
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
14f6d199 by Volker Lendecke at 2020-08-21T19:14:33+00:00
tldap: Always remove ourselves from ld->pending at cleanup time
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14465
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
cb852c9d by Volker Lendecke at 2020-08-21T19:14:33+00:00
tldap: Maintain the ldap read request in tldap_context
Required for proper connection rundown, we need to TALLOC_FREE() the
read request before shutting down the tstream
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14465
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
f745f5b1 by Volker Lendecke at 2020-08-21T19:14:33+00:00
tldap: Centralize connection rundown on error
Whenever send or recv return -1, we have to cancel all pending
requests and our transport stream is no longer usable: Discard it upon
such an error.
To avoid duplicate state, tldap_connection_ok() now looks at whether
we have a tstream_context around.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14465
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
2a2a6b27 by Volker Lendecke at 2020-08-21T19:14:33+00:00
tldap: Make sure all requests are cancelled on rundown
Put messages into the ld->pending array before sending them out, not
after they have been sent.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14465
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
a2b281be by Volker Lendecke at 2020-08-21T19:14:33+00:00
tldap: Add PRINTF_ATTRIBUTE declaration to tldap_debug()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14465
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
7af2df01 by Stefan Metzmacher at 2020-08-21T19:14:33+00:00
idmap_ad: Pass tldap debug messages on to DEBUG()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14465
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
a4ecd112 by Volker Lendecke at 2020-08-21T19:14:33+00:00
test: Test winbind idmap_ad ticket expiry behaviour
We need to make sure that winbind's idmap_ad deals fine with an
expired krb ticket used to connect to AD via LDAP. In a customer
situation we have seen the RFC4511 section 4.4.1 unsolicited ldap exop
response coming through, but the TCP disconnect that Windows seems to
do after that did not make it. Winbind deals fine with a TCP
disconnect, but right now it does not handle just the section 4.4.1
response properly: It completely hangs.
This test requests a ticket valid for 5 seconds and makes the LDAP
server postpone the TCP disconnect after the ticket expiry for 10
seconds. The tests that winbind reacts to the ticket expiry exop
response by making sure in this situation the wbinfo call running into
the issue takes less than 8 seconds. If it did not look at the expiry
exop response, it would take more than 10 seconds.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14465
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
ccaf661f by Volker Lendecke at 2020-08-21T20:37:24+00:00
tldap: Receiving "msgid == 0" means the connection is dead
We never use msgid=0, see tldap_next_msgid(). RFC4511 section 4.4.1
says that the unsolicited disconnect response uses msgid 0. We don't
parse this message, which supposedly is an extended response: Windows
up to 2019 sends an extended response in an ASN.1 encoding that does
not match RFC4511.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14465
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Fri Aug 21 20:37:25 UTC 2020 on sn-devel-184
- - - - -
7afe449e by Douglas Bagnall at 2020-08-23T22:55:29+00:00
s4: dns: Ensure variable initialization with NULL.
Ensure no use after free.
Based on patches from Francis Brosnan Blázquez <francis at aspl.es>
and Jeremy Allison <jra at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12795
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
df98e7db by Douglas Bagnall at 2020-08-24T00:21:41+00:00
s4/dns: do not crash when additional data not found
Found by Francis Brosnan Blázquez <francis at aspl.es>.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12795
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Douglas Bagnall <dbagnall at samba.org>
Autobuild-Date(master): Mon Aug 24 00:21:41 UTC 2020 on sn-devel-184
- - - - -
d64886f3 by Douglas Bagnall at 2020-08-24T01:46:29+00:00
tests/vlv: remove redundant assignments
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3c026ba4 by Douglas Bagnall at 2020-08-24T01:46:29+00:00
tests/vlv: attempt to cause trouble by changing sort attribute
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4a252f6e by David Mulder at 2020-08-24T01:46:30+00:00
python compat: remove ConfigParser
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7dabe5ac by Christof Schmitt at 2020-08-24T01:46:30+00:00
lib/util: Remove unnecessary semicolon from wscript_build
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
40afb0bb by Christof Schmitt at 2020-08-24T01:46:30+00:00
lib/util: Fix cleanup in unit test
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c057586f by Christof Schmitt at 2020-08-24T01:46:30+00:00
lib/util: Remove wrong return statement in unit test
Fixes CID 1466195
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d3109a11 by Christof Schmitt at 2020-08-24T03:10:09+00:00
lib/util: Move cleanup for unit test in teardown function
Where to call rmdir does not matter, but that should avoid the TOCTOU
warning from CID 1466194 and might be slightly cleaner.
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Mon Aug 24 03:10:09 UTC 2020 on sn-devel-184
- - - - -
9d935795 by Mathieu Parent at 2020-08-25T04:23:19+00:00
Fix FTBFS / Increase the over-estimation for sparse files
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14418
Signed-off-by: Mathieu Parent <math.parent at gmail.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Tue Aug 25 04:23:19 UTC 2020 on sn-devel-184
- - - - -
928fb892 by Jeremy Allison at 2020-08-25T16:21:32+00:00
s3: libsmb: Cleanup - Remove one call to set_socket_addr_v4().
The stack variable sockaddr_storage ss wasn't being used at all.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: David Mulder <dmulder at samba.org>
- - - - -
fbc65a24 by Jeremy Allison at 2020-08-25T16:21:32+00:00
s3: libsmb: Cleanup - change parameter and callers of set_socket_addr_v4() to samba_sockaddr.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: David Mulder <dmulder at samba.org>
- - - - -
e3d9962e by Jeremy Allison at 2020-08-25T16:21:32+00:00
s3: libsmb: Cleanup - Longlines cleanup for README.Coding standards.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: David Mulder <dmulder at samba.org>
- - - - -
fa6d5bb3 by Jeremy Allison at 2020-08-25T16:21:32+00:00
s3: libsmb: Cleanup - make node_status_query_send() use samba_sockaddr internally.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: David Mulder <dmulder at samba.org>
- - - - -
d67c4a84 by Jeremy Allison at 2020-08-25T16:21:32+00:00
s3: libsmb: Cleanup - make name_status_lmhosts() use samba_sockaddr internally.
Use existing utility function instead of direct memcmp.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: David Mulder <dmulder at samba.org>
- - - - -
0ef885c0 by Jeremy Allison at 2020-08-25T16:21:32+00:00
s3: libsmb: Cleanup - make name_query_send() use samba_sockaddr internally.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: David Mulder <dmulder at samba.org>
- - - - -
a559eebc by Jeremy Allison at 2020-08-25T16:21:32+00:00
s3: libsmb: Cleanup - convert addr_compare() to using samba_sockaddr internally.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: David Mulder <dmulder at samba.org>
- - - - -
2056b0d9 by Jeremy Allison at 2020-08-25T16:21:32+00:00
s3: libsmb: Cleanup - Use samba_sockaddr as intended in resolve_name() to make ugly casts go away.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: David Mulder <dmulder at samba.org>
- - - - -
54454b30 by Jeremy Allison at 2020-08-25T16:21:32+00:00
s3: libsmb: Cleanup - Remove two more sockaddr casts inside remove_duplicate_addrs2().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: David Mulder <dmulder at samba.org>
- - - - -
189c7410 by Jeremy Allison at 2020-08-25T16:21:32+00:00
s3: libsmb: Cleanup - Remove the last two sockaddr casts in namequery.c in name_query_validator().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: David Mulder <dmulder at samba.org>
- - - - -
5151278c by Jeremy Allison at 2020-08-25T16:21:32+00:00
s3: libsmb: Cleanup - Remove a union in sock_packet_read_got_socket() that was an early attempt a samba_sockaddr.
Just use samba_sockaddr.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: David Mulder <dmulder at samba.org>
- - - - -
a388f791 by Jeremy Allison at 2020-08-25T16:21:33+00:00
s3: libsmb: Cleanup - Pass samba_sockaddr directly to nb_trans_send().
Saves an ugly internal cast. We know this must be AF_INET.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: David Mulder <dmulder at samba.org>
- - - - -
ce84521c by Jeremy Allison at 2020-08-25T16:21:33+00:00
s3: libads: Cleanup - Remove two more ugly const struct sockaddr * casts in get_kdc_ip_string().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: David Mulder <dmulder at samba.org>
- - - - -
102e2a26 by Jeremy Allison at 2020-08-25T17:43:17+00:00
s3: libsmb: Cleanup - remove an ugly sockaddr_in cast inside resolve_wins_send().
Use samba_sockaddr for its intended purpose.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: David Mulder <dmulder at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Aug 25 17:43:17 UTC 2020 on sn-devel-184
- - - - -
49f58b2b by Andrew Bartlett at 2020-08-26T01:57:33+00:00
oss-fuzz: Try harder to ensure we always fail fast
During a previous attempt to fix the LANG= issue I changed
the script invocation to be via a shell, so the set -x et al
ensures these are always in place and we fail fast
rather than failures only being detected by lack of output.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
830c0206 by Andrew Bartlett at 2020-08-26T03:20:45+00:00
oss-fuzz: Ensure a UTF8 locale is set for the samba build
This ensures that LANG=en_US.UTF8 is set, which
Samba's build system needs to operate in UTF8 mode.
The change to use flex to generate code meant that this
difference between GitLab CI and oss-fuzz was exposed.
REF: https://github.com/google/oss-fuzz/pull/4366
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed Aug 26 03:20:46 UTC 2020 on sn-devel-184
- - - - -
e9137a9e by Rowland Penny at 2020-08-26T04:44:51+00:00
docs-xml: pam_winbind manpage: grammar and typos
Signed-off-by: Rowland Penny <rpenny at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Aug 26 04:44:51 UTC 2020 on sn-devel-184
- - - - -
09fba1f3 by Andreas Schneider at 2020-08-26T08:39:29+00:00
selftest: Catch exception from dns_hub.py
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
fbe58531 by Andreas Schneider at 2020-08-26T09:59:28+00:00
third_party: Update resolv_wrapper to version 1.1.7
This fixes some Samba tests which redirect stderr to stdout and then get
more messages than expected.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Wed Aug 26 09:59:28 UTC 2020 on sn-devel-184
- - - - -
42d01987 by Jeremy Allison at 2020-08-27T06:52:30+00:00
s3: libsmb: Inside get_dc_list() move one more sockaddr_storage -> samba_sockaddr.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
f8b7ee02 by Jeremy Allison at 2020-08-27T08:16:37+00:00
s3: libsmb: Remove one more ugly sockaddr cast in resolve_name_list() by converting to samba_sockaddr.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Thu Aug 27 08:16:37 UTC 2020 on sn-devel-184
- - - - -
5249727f by David Mulder at 2020-08-27T15:59:32+00:00
Add WHATSNEW section on Client Group Policy
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
4148af12 by David Mulder at 2020-08-27T15:59:32+00:00
gpo: Test rsop output for Sudoers policy
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
bc38d3af by David Mulder at 2020-08-27T15:59:32+00:00
gpo: Add rsop output for Sudoers policy
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
0a7e2e39 by David Mulder at 2020-08-27T15:59:33+00:00
gpo: Clarify the contents of deleted_gpo_list in process_group_policy
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
0544237e by David Mulder at 2020-08-27T15:59:33+00:00
gpo: Avoid using distutils since it will be deprecated
We shouldn't use distutils.spawn.find-executable
here, since its use is discouraged:
https://docs.python.org/3/library/distutils.html
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
7acbb440 by David Mulder at 2020-08-27T15:59:33+00:00
gpo: Cleanup script policy test
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
7c6969e9 by David Mulder at 2020-08-27T15:59:33+00:00
gpo: Cleanup sudoers policy test
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
87fe8627 by David Mulder at 2020-08-27T15:59:33+00:00
gpo: Script ext should not crash if script missing
If a user has manually removed a script, the
extension should not crash in an unapply removing
it.
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
8626910c by David Mulder at 2020-08-27T15:59:33+00:00
gpo: Sudoers ext should not crash if policy missing
If a user has manually removed a policy, the
extension should not crash in an unapply removing
it.
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
7e507dd8 by David Mulder at 2020-08-27T15:59:33+00:00
gpo: Test multiple extention unapply
Verify that an unapply of multiple extentions
deletes the script files and policy settings.
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
c887f7a7 by David Mulder at 2020-08-27T15:59:33+00:00
gpo: Fix unapply failure when multiple extensions run
When multiple Group Policy Extensions are present,
only the last executed extension saves it's
changes to the Group Policy Database, due to the
database being loaded seperately for each
extension.
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
7d6d160a by David Mulder at 2020-08-27T15:59:33+00:00
gpo: Display Security Extension RSOP on ADDC only
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
5128dc7d by David Mulder at 2020-08-27T15:59:33+00:00
gpo: Move gp_sec_ext conversion functions to top
These functions don't actually use self, so can
be moved to top level functions.
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
ab347c86 by David Mulder at 2020-08-27T15:59:33+00:00
gpo: gp_krb_ext always uses set_kdc_tdb to update
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
cb994bef by David Mulder at 2020-08-27T15:59:34+00:00
gpo: Add admx files for smb.conf parameters
Administrative Template (admx) files are
installed to the sysvol central store, and
apply Group Policy settings to the sysvol, via
the Group Policy Management Console (gpmc).
These admx files add smb.conf settings to the
gpmc.
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
37661d1a by David Mulder at 2020-08-27T15:59:34+00:00
gpo: Test Group Policy smb.conf Extension
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
3303869c by David Mulder at 2020-08-27T15:59:34+00:00
gpo: Add CSE for applying smb.conf
Add an extension that applies smb.conf params
applied via the smb.conf admx files.
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
101b5f17 by David Mulder at 2020-08-27T15:59:34+00:00
GPO: Test rsop output for smb.conf policy
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
fee00231 by David Mulder at 2020-08-27T15:59:34+00:00
GPO: Add rsop output for smb.conf policy
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
e8757e0d by David Mulder at 2020-08-27T15:59:34+00:00
gpo: Test Group Policy Message of the day
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
a4f598fd by David Mulder at 2020-08-27T15:59:34+00:00
gpo: Apply Group Policy Message of the day
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
b76d55cc by David Mulder at 2020-08-27T15:59:34+00:00
gpo: Test Group Policy Login Prompt Message
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
1544929f by David Mulder at 2020-08-27T15:59:34+00:00
gpo: Apply Group Policy Login Prompt Message
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
2ef88466 by David Mulder at 2020-08-27T15:59:34+00:00
GPO: Test rsop output for Messages policy
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
811e2f55 by David Mulder at 2020-08-27T17:19:48+00:00
GPO: Add rsop output for Messages policy
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Autobuild-User(master): David Mulder <dmulder at samba.org>
Autobuild-Date(master): Thu Aug 27 17:19:48 UTC 2020 on sn-devel-184
- - - - -
afb5cee6 by Andreas Schneider at 2020-08-27T21:59:16+00:00
s3:smbd: Fix strict aliasing in get_socket_port()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Aug 27 21:59:17 UTC 2020 on sn-devel-184
- - - - -
87bf6aa7 by Matthew DeVore at 2020-08-28T00:56:34+00:00
s3: safe_string: remove unnecessary include
safe_string.h is only included by source3/include/includes.h, which
already includes ntstatus.h, so it is not necessary to include it
from within safe_string.h.
Signed-off-by: Matthew DeVore <matvore at google.com>
Reviewed-by: David Mulder <dmulder at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d485f369 by Matthew DeVore at 2020-08-28T00:56:34+00:00
lib/util: do not make string_wrappers.h public
string_wrappers.h is a collection of macros. All but one of the macros
rely on symbols not defined in public headers, so it is not useful as a
public header.
For instance, fstring is defined in includes.h. PTR_DIFF is defined in
lib/util/memory.h, which is not public.
checked_strlcpy is actually self-contained and is usable outside of a
Samba build, but without a Samba config.h, it is just aliased to
strlcpy.
Signed-off-by: Matthew DeVore <matvore at google.com>
Reviewed-by: David Mulder <dmulder at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1fde7db3 by Matthew DeVore at 2020-08-28T00:56:34+00:00
string_wrappers: include replace.h
To ensure we always get the right value for the config.h macro
`HAVE_COMPILER_WILL_OPTIMIZE_OUT_FNS`, #include "lib/util/replace.h"
rather than rely on it being included by the API user.
Signed-off-by: Matthew DeVore <matvore at google.com>
Reviewed-by: David Mulder <dmulder at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c2ac923c by Matthew DeVore at 2020-08-28T00:56:34+00:00
s3: safe_string: do not include string_wrappers.h
Rather than have safe_string.h #include string_wrappers.h, make users of
string_wrappers.h include it explicitly.
includes.h now no longer includes string_wrappers.h transitively. Still
allow includes.h to #include safe_string.h for now so that as many
modules as possible get the safety checks in it.
Signed-off-by: Matthew DeVore <matvore at google.com>
Reviewed-by: David Mulder <dmulder at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
232054c0 by Matthew DeVore at 2020-08-28T02:18:40+00:00
lib/util: remove extra safe_string.h file
lib/util/safe_string.h is similar to source3/include/safe_string.h, but
the former has fewer checks. It is missing bcopy, strcasecmp, and
strncasecmp.
Add the missing elements to lib/util/safe_string.h remove the other
safe_string.h which is in the source3-specific path. To accomodate
existing uses of str(n?)casecmp, add #undef lines to source files where
they are used.
Signed-off-by: Matthew DeVore <matvore at google.com>
Reviewed-by: David Mulder <dmulder at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Aug 28 02:18:40 UTC 2020 on sn-devel-184
- - - - -
560fe7b3 by Stefan Metzmacher at 2020-08-31T11:57:01+00:00
s3:selftest: also run durable_v2_reconnect_delay_msec in samba3.blackbox.durable_v2_delay
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14428
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
444f2bed by Stefan Metzmacher at 2020-08-31T11:57:01+00:00
s3:share_mode_lock: reproduce problem with stale disconnected share mode entries
This reproduces the origin of "PANIC: assert failed in get_lease_type()"
(https://bugzilla.samba.org/show_bug.cgi?id=14428).
share_mode_cleanup_disconnected() removes disconnected entries from
leases.tdb and brlock.tdb but not from locking.tdb.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14428
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
deb2f782 by Stefan Metzmacher at 2020-08-31T11:57:01+00:00
s3:share_mode_lock: let share_mode_forall_entries/share_entry_forall evaluate e.stale first
It's not really clear why e.stale would be ignored if *modified is set
to true.
This matches the behavior of share_mode_entry_do()
This also makes sure we see the removed entry in level 10 logs again.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14428
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
4d740ac2 by Stefan Metzmacher at 2020-08-31T11:57:01+00:00
s3:share_mode_lock: consistently debug share_mode_entry records
share_mode_entry_do(), share_mode_forall_entries() and
share_entry_forall() print the record before the callback is called
and when it was modified or deleted.
This makes it much easier to debug problems.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14428
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
1aa1ac97 by Stefan Metzmacher at 2020-08-31T11:57:01+00:00
s3:share_mode_lock: add missing 'goto done' in share_mode_cleanup_disconnected()
When cleanup_disconnected_lease() fails we should stop,
at least we do that if brl_cleanup_disconnected() fails.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14428
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
b5c0874f by Stefan Metzmacher at 2020-08-31T11:57:01+00:00
s3:share_mode_lock: make sure share_mode_cleanup_disconnected() removes the record
This fixes one possible trigger for "PANIC: assert failed in get_lease_type()"
https://bugzilla.samba.org/show_bug.cgi?id=14428
This is no longer enough to remove the record:
d->have_share_modes = false;
d->modified = true;
Note that we can remove it completely from
share_mode_cleanup_disconnected() as
share_mode_forall_entries() already sets it
when there are no entries left.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14428
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
b02f1d67 by Stefan Metzmacher at 2020-08-31T13:34:17+00:00
s3:share_mode_lock: remove unused reproducer for bug #14428
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14428
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Mon Aug 31 13:34:17 UTC 2020 on sn-devel-184
- - - - -
05de29a4 by Noel Power at 2020-08-31T17:44:38+00:00
python/samba/tests/blackbox: Fix undetected deltree fail
With msdfs root share smbclient deltree command can fail without
setting the errorcode (e.g. when do_list encounters an error it will
log a warning message and continue rather than error out fatally)
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
8826d74a by Noel Power at 2020-08-31T17:44:38+00:00
python/samba/tests:blackbox: Fix local file delete test tree fallback
Wrong indentation ensures the fallback where we use file system removal
of test files if the test's tearDown method fails.
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c681f5bf by Noel Power at 2020-08-31T17:44:38+00:00
python/samba/tests/blackbox: Preparatory change to support custom share
tearDown method doesn't handle local file deletion fallback if a share
other than 'tmp' is used
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
0248fdd0 by Noel Power at 2020-08-31T17:44:38+00:00
add new '--propagate-inheritance' option for smbcacls
smbcacls now can take a '--propagate-inheritance' flag to indicate that the
add, delete, modify and set operations now support automatic propagation of
inheritable ACE(s)
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
8c581758 by David Disseldorp at 2020-08-31T17:44:38+00:00
doc: describe smbcacls --propagate-inheritance
Signed-off-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c4707e1d by Noel Power at 2020-08-31T17:44:38+00:00
doc: describe smbcacls --propagate-inheritance expanding INHERITANCE section
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
7faab75b by Noel Power at 2020-08-31T17:44:38+00:00
python/samba/tests/blackbox: python smbcacls '--propagate-inherit' test
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
28719f3e by Noel Power at 2020-08-31T17:44:38+00:00
s3/utils: If dfs path is an ordinary path then really just return it
In cli_resolve_path if the share was a root dfs share then any self
hosted dfs paths end up not being returned as is but being decorated
with fileserver and share. This file path is not suitable for
passing to cli_list so we adjust it here.
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
5b04affc by Noel Power at 2020-08-31T17:44:38+00:00
s3/utils: restore client share connection after call to sec_desc_parse
This normally isn't a problem *except* for when the share is a dfs root
(which results in cli_resolve_patch creating an incorrect path)
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e3079c53 by Noel Power at 2020-08-31T19:09:24+00:00
python/samba/tests/blackbox: Tests with nested DFS container
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon Aug 31 19:09:24 UTC 2020 on sn-devel-184
- - - - -
2e37d224 by Gary Lockyer at 2020-08-31T21:06:29+00:00
Fix clang 9 format-nonliteral warning
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
9c3ff1b9 by Douglas Bagnall at 2020-08-31T21:06:29+00:00
lib/util/asn1: avoid technically undefined shift
UBSAN says
runtime error: left shift of 255 by 24 places cannot be represented in type 'int'
Credit to OSS-Fuzz.
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22889
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
- - - - -
0c461f3b by Douglas Bagnall at 2020-08-31T22:31:13+00:00
lzxpress: avoid technically undefined shift
UBSAN:
runtime error: left shift of 1 by 31 places cannot be represented in type 'int'
Credit to OSS-fuzz.
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22283
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon Aug 31 22:31:13 UTC 2020 on sn-devel-184
- - - - -
38fcad60 by David Mulder at 2020-09-02T09:11:29+00:00
samba-tool: Test creating unix user with modified template homedir
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
07ce4808 by David Mulder at 2020-09-02T09:11:29+00:00
samba-tool: Create unix user with modified template homedir
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
dff01a5e by David Mulder at 2020-09-02T09:11:30+00:00
gpo: Test rsop function for success
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
11f97148 by David Mulder at 2020-09-02T09:11:30+00:00
gpo: Pass necessary parameters to rsop
These parameters were missed by mistake when exts
were modified to be initialized within the rsop
command. Fixes an exception thrown when executing
samba-gpupdate --rsop:
Traceback (most recent call last):
File "/usr/sbin/samba-gpupdate", line 99, in <module>
rsop(lp, creds, gp_extensions, opts.target)
File "/usr/lib64/python3.8/site-packages/samba/gpclass.py", line 512, in rsop
ext = ext(logger, lp, creds, store)
NameError: name 'logger' is not defined
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
1ba15c45 by David Mulder at 2020-09-02T09:11:30+00:00
GPO: Update the samba-gpupdate man page
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
50d900b6 by Volker Lendecke at 2020-09-02T10:35:53+00:00
tests: Make sure that idmap_ad retrieves unix nss attributes
Make sure that unix_primary_group and unix_nss_info idmap_ad options
work. We have two domains here and test wbinfo -i for both domains, so
we also run the test without those options for the trusted domain.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Sep 2 10:35:53 UTC 2020 on sn-devel-184
- - - - -
b6805d5e by David Disseldorp at 2020-09-02T16:24:50+00:00
build: toggle vfs_snapper using --with-shared-modules
7ae03a19b3c ("build: add configure option to control vfs_snapper build")
added new --enable-snapper and --disable-snapper configure parameters to
control whether the vfs_snapper module was built.
The new parameters conflicted with existing
--with-shared-modules=[!]vfs_snapper behaviour.
This change reinstates working --with-shared-modules=[!]vfs_snapper
functionality. vfs_snapper stays enabled by default, but only on Linux.
Linux systems lacking the dbus library and header files should
explicitly disable the module via --with-shared-modules=!vfs_snapper as
documented.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14437
Signed-off-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Björn Jacke <bjacke at samba.org>
Autobuild-User(master): David Disseldorp <ddiss at samba.org>
Autobuild-Date(master): Wed Sep 2 16:24:50 UTC 2020 on sn-devel-184
- - - - -
ff39211d by David Disseldorp at 2020-09-03T12:10:35+00:00
build: avoid unnecessary TO_LIST() calls for static strings
Signed-off-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
12fbd5dc by David Disseldorp at 2020-09-03T13:33:54+00:00
build: avoid some unnecessary list.extend() calls
Signed-off-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Autobuild-User(master): David Disseldorp <ddiss at samba.org>
Autobuild-Date(master): Thu Sep 3 13:33:54 UTC 2020 on sn-devel-184
- - - - -
bd9f64d1 by Hezekiah at 2020-09-04T16:57:30+00:00
Fixed arrow keys typo to the computer move command utility
Signed-off-by: Hezekiah <hezekiahmaina3 at gmail.com>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
Reviewed-by: David Disseldorp <ddiss at samba.org>
Autobuild-User(master): Alexander Bokovoy <ab at samba.org>
Autobuild-Date(master): Fri Sep 4 16:57:30 UTC 2020 on sn-devel-184
- - - - -
9cf1aecd by Andreas Schneider at 2020-09-07T08:03:38+00:00
s3:libads: Remove DES legacy types for Kerberos
We already removed DES support for Kerberos in Samba 4.12.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Isaac Boukris <iboukris at samba.org>
- - - - -
a5303967 by Andreas Schneider at 2020-09-07T08:03:38+00:00
s3:libads: Only add RC4 if weak crypto is allowed
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Isaac Boukris <iboukris at samba.org>
- - - - -
6444a743 by Andreas Schneider at 2020-09-07T09:25:33+00:00
s3:libads: Also add a realm entry for the domain name
This is required if we try to authenticate as Administrator at DOMAIN so it
can find the KDC. This fixes 'net ads join' for ad_member_fips if we
require Kerberos auth.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14479
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Isaac Boukris <iboukris at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Mon Sep 7 09:25:33 UTC 2020 on sn-devel-184
- - - - -
b716dbc9 by Stefan Metzmacher at 2020-09-07T12:02:15+00:00
python/tests/gpo: this should fix a Popen deadlock
It is inspired by commit 5dc773a5b00834c7a53130a73a48f49048bd55e8
Author: Joe Guo <joeg at catalyst.net.nz>
Date: Fri Sep 15 16:13:26 2017 +1200
python: use communicate to fix Popen deadlock
`Popen.wait()` will deadlock when using stdout=PIPE and/or stderr=PIPE and the
child process generates large output to a pipe such that it blocks waiting for
the OS pipe buffer to accept more data. Use communicate() to avoid that.
Signed-off-by: Joe Guo <joeg at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu Oct 19 09:27:16 CEST 2017 on sn-devel-144
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
- - - - -
e0e51632 by Stefan Metzmacher at 2020-09-07T12:02:15+00:00
bootstrap: document git push -o ci.variable='SAMBA_CI_REBUILD_IMAGES=yes'
This is much easier than going through the web interface.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
896b7bbc by Stefan Metzmacher at 2020-09-07T12:02:15+00:00
bootstrap: install perl-JSON on on rpm distributions
This will be needed for the next heimdal import.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5fc3a71d by David Mulder at 2020-09-07T12:02:15+00:00
waf: upgrade to 2.0.20
This contain an important change:
"Fix gccdeps.scan() returning nodes that no longer exist on disk."
https://gitlab.com/ita1024/waf/-/merge_requests/2293
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
b34e8dc8 by Stefan Metzmacher at 2020-09-07T12:02:15+00:00
auth:gensec: Add gensec_security_sasl_names()
Pair-Programmed-With: Andreas Schneider <asn at samba.org>
Signed-off-by: Andreas Schneider <asn at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
- - - - -
5e3363e0 by Stefan Metzmacher at 2020-09-07T12:02:15+00:00
s4:ldap_server: Use samba_server_gensec_start() in ldapsrv_backend_Init()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
2186d413 by Stefan Metzmacher at 2020-09-07T12:02:15+00:00
auth:gensec: Make gensec_use_kerberos_mechs() a static function
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
a33a40bb by Stefan Metzmacher at 2020-09-07T12:02:15+00:00
auth:gensec: Pass use_kerberos and keep_schannel to gensec_use_kerberos_mechs()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
515cffb1 by Stefan Metzmacher at 2020-09-07T12:02:15+00:00
auth:gensec: If Kerberos is required, keep schannel for machine account auth
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Andreas Schneider <asn at samba.org>
- - - - -
2c00bea2 by Andreas Schneider at 2020-09-07T12:02:15+00:00
auth:creds: Add cli_credentials_init_server()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
6c94ebf7 by Andreas Schneider at 2020-09-07T12:02:15+00:00
s4:rpc_server: Use cli_credentials_init_server()
Signed-off-by: Andreas Schneider <asn at samba.org>
- - - - -
0b742ec6 by Andreas Schneider at 2020-09-07T13:22:26+00:00
s4:smb_server: Use cli_credentials_init_server() for negprot
Signed-off-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Mon Sep 7 13:22:26 UTC 2020 on sn-devel-184
- - - - -
f11dce99 by Jeremy Allison at 2020-09-07T13:23:39+00:00
s3: libsmb: discover_dc_netbios(). Remember to free on error return.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
c4c00d62 by Jeremy Allison at 2020-09-07T13:23:39+00:00
s3: libsmb: Cleanup - ensure we initialize all stack variables to 'safe' values when calling get_kdc_list() that may not touch returns on error.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
13acac25 by Jeremy Allison at 2020-09-07T13:23:39+00:00
s3: libsmb: Cleanup - ensure we initialize all stack variables to 'safe' values when calling get_sorted_dc_list() that may not touch returns on error.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
b95eea6b by Noel Power at 2020-09-07T13:23:39+00:00
s3: libsmb: Cleanup - ensure we initialize all stack variables to 'safe' values when calling resolve_name_list()
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
6c28d715 by Jeremy Allison at 2020-09-07T13:23:40+00:00
s3: libsmb: Cleanup - correctly error on sockaddr_storage_to_samba_sockaddr() fail.
Instead of jumping out and leaking the memory onto ctx,
skip bad conversions and error out if there are no addresses
to return (and cleanup the memory there).
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
a4073ae5 by Noel Power at 2020-09-07T13:23:40+00:00
s3: libsmb: Cleanup in resolve_name_list().
Don't modify out params (unless successful result).
Signed-off-by: Noel Power <npower at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
6bee431b by Jeremy Allison at 2020-09-07T13:23:40+00:00
s3: libsmb: Cleanup - Use helper variable for return from namecache_fetch() in internal_resolve_name().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
02016acb by Jeremy Allison at 2020-09-07T13:23:40+00:00
s3: libsmb: Add utility funtion dup_ip_service_array().
Preparing to return ip_service arrays as talloc, not
malloc. Commented out as not yet used.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
e8a49169 by Jeremy Allison at 2020-09-07T13:23:40+00:00
s3: libsmb: Add get_kdc_list_talloc().
Talloc version of get_kdc_list(). Makes use of dup_ip_service_array().
Now to move the callers.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
8e1b6602 by Jeremy Allison at 2020-09-07T13:23:40+00:00
s3: libads: Make get_kdc_ip_string() use get_kdc_list_talloc().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
9d62c3e9 by Noel Power at 2020-09-07T13:23:40+00:00
s3/libads: Only set result to kdc_str on success
Prior to this change result was set even when any or all errors
occured in the function.
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
5307b0e3 by Noel Power at 2020-09-07T13:23:40+00:00
s3/libads: Cleanup() get_kdc_ip_string, free kdc_str on error
kdc_str will be cleaned up when the passed ctx is freed,
it just seems odd that we now return NULL without cleaning up allocated mem.
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
11226af3 by Jeremy Allison at 2020-09-07T13:23:40+00:00
s3: utils: net_lookup. Convert to use get_kdc_list_talloc().
No more users of get_kdc_list().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
b7182c44 by Jeremy Allison at 2020-09-07T13:23:40+00:00
s3: libsmb: Remove now unused get_kdc_list() (non-talloc version).
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
6deb23c6 by Jeremy Allison at 2020-09-07T13:23:40+00:00
s3: libads: Rename get_kdc_list_talloc() -> get_kdc_list().
It's the only version now.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
f305a140 by Jeremy Allison at 2020-09-07T13:23:40+00:00
s3: libsmb: Add get_sorted_dc_list_talloc().
Talloc version of get_sorted_dc_list_talloc().
Makes use of dup_ip_service_array().
Now to move the callers.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
fbc20318 by Jeremy Allison at 2020-09-07T13:23:41+00:00
s3: libads: Move callers of get_sorted_dc_list() -> get_sorted_dc_list_talloc().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
b4164093 by Jeremy Allison at 2020-09-07T13:23:41+00:00
s3: libsmb: Move callers of get_sorted_dc_list() -> get_sorted_dc_list_talloc().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
1d6c3c2d by Jeremy Allison at 2020-09-07T13:23:41+00:00
s3: net lookup: Move callers of get_sorted_dc_list() -> get_sorted_dc_list_talloc().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
e8b71624 by Jeremy Allison at 2020-09-07T13:23:41+00:00
s3: winbindd: Move callers of get_sorted_dc_list() -> get_sorted_dc_list_talloc().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
a0984e50 by Jeremy Allison at 2020-09-07T13:23:41+00:00
s3: libsmb: Remove get_sorted_dc_list().
No more callers.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
23fb64f3 by Jeremy Allison at 2020-09-07T13:23:41+00:00
s3: libsmb: Rename get_sorted_dc_list_talloc() -> get_sorted_dc_list()
There are no non-talloc callers.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
3b3f92a2 by Jeremy Allison at 2020-09-07T13:23:41+00:00
s3: libsmb: Cleanup - rename ctx -> frame for a talloc_stackframe to match modern coding standards.
We will be passing in a real TALLOC_CTX soon.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
b9bc1e59 by Jeremy Allison at 2020-09-07T13:23:41+00:00
s3: libsmb: Change to an early return in get_dc_list().
No logic change. Will make later code changes clearer.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
46f7ab8f by Jeremy Allison at 2020-09-07T13:23:41+00:00
s3: libsmb: Change get_dc_list() to return a size_t count parameter.
Remove paranoia checks and casts from callers, move internally.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
973ca8a5 by Jeremy Allison at 2020-09-07T13:23:41+00:00
s3: libsmb: Cleanup - use early return in get_dc_list().
No logic change. Makes later code changes clearer.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
c0ccdd70 by Jeremy Allison at 2020-09-07T13:23:41+00:00
s3: libsmb: Make get_dc_list() internal to namequery.c return talloc'ed ip_service array.
Moving closer to the target of making internal_resolve_name()
use talloc.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
c6fc75a7 by Jeremy Allison at 2020-09-07T13:23:41+00:00
s3: libsmb: namequery - Add internal_resolve_name_talloc().
This is a wrapper function for internal_resolve_name()
that converts the replies from malloc() -> talloc().
Now to move the callers, and I can move the talloc
code down one level again.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
e18eb94f by Jeremy Allison at 2020-09-07T13:23:41+00:00
s3: libsmb: namequery - Make resolve_name() use internal_resolve_name_talloc().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
505272a8 by Jeremy Allison at 2020-09-07T13:23:42+00:00
s3: libsmb: Make resolve_name_list() use internal_resolve_name_talloc().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
12e346d9 by Noel Power at 2020-09-07T13:23:42+00:00
s3/libsmb: resolve_name_list don't update out params except for success
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
55b589e9 by Jeremy Allison at 2020-09-07T13:23:42+00:00
s3: libsmb: Make find_master_ip() use internal_resolve_name_talloc().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
37eaee03 by Jeremy Allison at 2020-09-07T13:23:42+00:00
s3: libsmb: Make get_pdc_ip() use internal_resolve_name_talloc().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
fed4b634 by Jeremy Allison at 2020-09-07T13:23:42+00:00
s3: libsmb: Make get_dc_list() use internal_resolve_name_talloc().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
a16d023c by Jeremy Allison at 2020-09-07T13:23:42+00:00
s3: libsmb: Make discover_dc_netbios() use internal_resolve_name_talloc()..
No more external users of internal_resolve_name().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
e5fd57d6 by Noel Power at 2020-09-07T13:23:42+00:00
s3/libsmb: Cleanup, don't modify out params except on success
All callers don't use out params on failure.
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a68d329b by Jeremy Allison at 2020-09-07T13:23:42+00:00
s3: libsmb: Remove internal_resolve_name() externally. All callers now use internal_resolve_name_talloc().
Make the wrapped internal_resolve_name() function static as _internal_resolve_name().
Now we can rename the callers back from internal_resolve_name_talloc() -> internal_resolve_name()
as all external callers are talloc-based.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
f5bb322e by Jeremy Allison at 2020-09-07T13:23:42+00:00
s3: libsmb: Rename internal_resolve_name_talloc() -> internal_resolve_name().
No more non-talloc callers.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
e065fc8e by Jeremy Allison at 2020-09-07T13:23:42+00:00
s3: libsmb: Move talloc_stackframe() initialization to the front of _internal_resolve_name().
Ensure we free correctly on all exit paths.
This will allow us to move the internal calls to
talloc more easily.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
aa20df21 by Jeremy Allison at 2020-09-07T13:23:42+00:00
s3: libsmb: Change remove_duplicate_addrs2() to take and return size_t, not int.
Will make converting _internal_resolve_name() to return a size_t easier.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
9ffb1885 by Jeremy Allison at 2020-09-07T13:23:42+00:00
s3: libsmb: Cleanup the code to do one address return given an IP address to _internal_resolve_name().
Will make easier to move to talloc later.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
4d4bf8ee by Jeremy Allison at 2020-09-07T13:23:42+00:00
s3: libsmb: Convert namecache_fetch() and it's only caller to return a talloc'ed array of struct samba_sockaddr.
Eventually everything will be talloced arrays of samba_sockaddr.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
f39ff136 by Jeremy Allison at 2020-09-07T13:23:43+00:00
s3: libsmb: _internal_resolve_name(). Remove unused free(s).
*return_iplist is guaranteeded to be always NULL here.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
cb01b5e4 by Jeremy Allison at 2020-09-07T13:23:43+00:00
s3: libsmb: Make namecache_store() take an unsigned count.
Counts can never be negative.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
9e4b5349 by Jeremy Allison at 2020-09-07T13:23:43+00:00
s3: libsmb: Change convert_ss2service() and it's one caller to take and return unsigned counts.
Getting closer to making _internal_resolve_name() return a pointer to size_t
for a count.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
6b0b7261 by Jeremy Allison at 2020-09-07T13:23:43+00:00
s3: libsmb: Cleanup coding in convert_ss2service().
Will make it easier to return a talloc'ed array.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
e68e0402 by Noel Power at 2020-09-07T13:23:43+00:00
s3/libsmb: Cleanup coding in convert_ss2service()
Don't update out params when unsuccessful
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
5e819231 by Jeremy Allison at 2020-09-07T13:23:43+00:00
s3: libsmb: _internal_resolve_name() code cleanup.
Only set *return_count just before success return.
Preparing to move all counts to size_t.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
31674946 by Jeremy Allison at 2020-09-07T13:23:43+00:00
s3: libsmb: _internal_resolve_name() code cleanup.
Only set *return_iplist just before success return.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
863ab1af by Jeremy Allison at 2020-09-07T13:23:43+00:00
s3: libsmb: Make _internal_resolve_name() return a size_t pointer for count.
Getting closer to being a idential to the wrapper function
internal_resolve_name() which we can then remove.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
68e12688 by Jeremy Allison at 2020-09-07T13:23:43+00:00
s3: libsmb: Finally change _internal_resolve_name() to return a talloc'ed ip_service array.
The wrapper internal_resolve_name() is now functionaly identical to _internal_resolve_name()
so we can remove it and rename _internal_resolve_name() back to internal_resolve_name().
dup_ip_service_array() is now no longer used, so comment it
out as it's a staic function.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
57349b65 by Jeremy Allison at 2020-09-07T13:23:43+00:00
s3: libsmb: Remove now unused dup_ip_service_array().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
f36a0be9 by Jeremy Allison at 2020-09-07T13:23:43+00:00
s3: libsmb: Comment out wrapper function internal_resolve_name(). Rename _internal_resolve_name() -> internal_resolve_name().
We can now remove the wrapper.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
c6cc05f5 by Jeremy Allison at 2020-09-07T13:23:43+00:00
s3: libsmb: Remove commented out wrapper for internal_resolve_name().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
39ecff71 by Jeremy Allison at 2020-09-07T13:23:44+00:00
s3: libsmb: Cleanup - resolve_name() get names from internal_resolve_names() which is guaranteed not to return zero addresses.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
7835e2cb by Jeremy Allison at 2020-09-07T13:23:44+00:00
s3: libsmb: Add internal ipstr_list_make_sa().
Duplicates ipstr_list_make() with samba_sockaddr, but doesn't store
ports. The duplication is temporary as the ipstr_list_make() function
will go away once namecache_store is converted to samba_sockaddr.
Compiles but commented out as not yet used.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
0e59fee2 by Jeremy Allison at 2020-09-07T13:23:44+00:00
s3: libsmb: Add namecache_store_sa(). Doesn't store ports and takes a samba_sockaddr array.
Now uses ipstr_list_make_sa(). Now convert
the callers, remove namecache_store() and
then rename namecache_store_sa() back to namecache_store().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
1593231e by Jeremy Allison at 2020-09-07T13:23:44+00:00
s3: libsmb: Use namecache_store_sa() instead of namecache_store().
Removes one more struct ip_service usage.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
4c81f390 by Jeremy Allison at 2020-09-07T13:23:44+00:00
s3: winbindd: Use namecache_store_sa() inside dcip_check_name().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
3dad456d by Jeremy Allison at 2020-09-07T13:23:44+00:00
s3: libsmb: Add internal conversion function ip_service_to_samba_sockaddr().
Compiles but commented out as not yet used. Next commit will
change that.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
9da8d26f by Jeremy Allison at 2020-09-07T13:23:44+00:00
s3: libsmb: Remove the last caller of namecache_store().
Convert to a struct samba_sockaddr array and use namecache_store_sa().
We can now remove the use of 'struct ip_list' from
the namecache code.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
2989d736 by Jeremy Allison at 2020-09-07T13:23:44+00:00
s3: libsmb: Remove use of struct ip_service from the namecache code.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
170051d6 by Jeremy Allison at 2020-09-07T13:23:44+00:00
s3: libsmb: Now we only have namecache_store_sa(), rename it back to namecache_store().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
7a3c368d by Noel Power at 2020-09-07T14:46:58+00:00
s3: libsmb: Cleanup in get_dc_list()
Don't modify out params (unless successful result),
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Noel Power <npower at samba.org>
Autobuild-Date(master): Mon Sep 7 14:46:58 UTC 2020 on sn-devel-184
- - - - -
c760ed61 by Andreas Schneider at 2020-09-07T23:57:48+00:00
gitlab-ci: Fix the sha1sum
The images where build with an invalid sha1sum.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Mon Sep 7 23:57:48 UTC 2020 on sn-devel-184
- - - - -
0022cd94 by Stefan Metzmacher at 2020-09-08T13:59:58+00:00
lib/replace: move lib/replace/closefrom.c from ROKEN_HOSTCC_SOURCE to REPLACE_HOSTCC_SOURCE
This is where it really belongs and we avoid the strange interaction
with source4/heimdal_build/config.h. This a follow up for commit
f31333d40e6fa38daa32a3ebb32d5a317c06fc62.
This fixes a build problem if libbsd-dev is not installed.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14482
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Björn Jacke <bjacke at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Tue Sep 8 13:59:58 UTC 2020 on sn-devel-184
- - - - -
99565d2a by Christof Schmitt at 2020-09-08T21:35:41+00:00
wscript: Make list of shared modules available in STRING_SHARED_MODULES
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
80add26b by Christof Schmitt at 2020-09-08T21:35:41+00:00
selftest: Add function for checking whether a module is enabled
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
fd7b77f4 by Christof Schmitt at 2020-09-08T21:35:41+00:00
selftest: Add unit test for vfs_gpfs
The mapping functions of the vfs_gpfs module can be easily unit tested.
Begin a cmocka test to cover those.
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
5cfe884b by Christof Schmitt at 2020-09-08T21:35:41+00:00
test_vfs_gpfs: Add test for lease mapping function
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c94ea50b by Christof Schmitt at 2020-09-08T21:35:41+00:00
test_vfs_gpfs: Add test for winattr mappings
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
b65fbade by Christof Schmitt at 2020-09-08T22:57:03+00:00
test_vfs_gpfs: Add test for file id generation
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Christof Schmitt <cs at samba.org>
Autobuild-Date(master): Tue Sep 8 22:57:03 UTC 2020 on sn-devel-184
- - - - -
21de9077 by Jeremy Allison at 2020-09-09T10:31:17+00:00
s3: libsmb: Fix bug in get_dc_list() introduced by ip-service cleanup.
Do an early return on error. On success assign to the correct
variables that are going to get copied into the 'out' parameters.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
Autobuild-User(master): Noel Power <npower at samba.org>
Autobuild-Date(master): Wed Sep 9 10:31:17 UTC 2020 on sn-devel-184
- - - - -
53a368c5 by Christof Schmitt at 2020-09-10T23:19:56+00:00
idmap_ad: Honor "client ldap sasl wrapping" config setting
Instead of hard-coding SIGN and SEAL for the connections from this idmap
module, query the desired wrapping from "client ldap sasl wrapping".
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Sep 10 23:19:56 UTC 2020 on sn-devel-184
- - - - -
e60df214 by Andrew Bartlett at 2020-09-11T03:43:40+00:00
oss-fuzz: standardise on RUNPATH for the static-ish binaries
We use ld.bfd for the coverage builds, rather than the faster ld.gold.
We run the oss-fuzz autobuild target on Ubuntu 16.04 to more closely
mirror the environment provided by the Google oss-fuzz build
container.
On Ubuntu 16.04, when linking with ld.bfd built binaries get a RPATH,
but builds in Ubuntu 18.04 and those using ld.gold get a RUNPATH.
Just convert them all to RUNPATH to make the check_build.sh test (run
by the oss-fuzz autobuild target) easier.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
6f5b0fef by David Mulder at 2020-09-11T03:43:40+00:00
ctdb: Prevent man page duplication
The new waf detects a duplicate instance of
ctdb_mutex_ceph_rados_helper.7.xml, which is due
to manpages_extra being a pointer to
manpages_misc, therefore each call to build()
added duplicate entries to the manpages_misc
global entry.
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
671fe10f by David Disseldorp at 2020-09-11T03:43:40+00:00
s4:torture/rpc: run tests in the order that they're added
torture_rpc_tcase_add_test*() uses DLIST_ADD(), which sees them executed
in reverse order to which they're added. Use DLIST_ADD_END() instead to
fix this.
Signed-off-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9bbfdb11 by David Disseldorp at 2020-09-11T03:43:40+00:00
s4:torture/rpc: flip order of netlogon tests
The previous change to not run rpc tests in reverse order results in
the following failure:
Testing netr_LogonGetDomainInfo
UNEXPECTED(failure): samba4.rpc.netlogon with
seal,padcheck.netlogon.GetDomainInfo(ad_dc)
REASON: Exception: ../../source4/torture/rpc/netlogon.c:320:
Expression `plain_pass != ((void *)0)' failed: plain_pass
Restore the dependent order of netlogon tests by reversing the
torture_rpc_tcase_add_test*() calls for the suite.
Signed-off-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
47ee0c81 by David Disseldorp at 2020-09-11T03:43:40+00:00
s4:torture/rpc: move test_fsrvp_seq_timeout as last
test_fsrvp_seq_timeout may see share snapshots left-over, which can
cause problems if subsequent tests expect a clean slate
(i.e. enum_created).
Signed-off-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ed9abf94 by Douglas Bagnall at 2020-09-11T05:05:59+00:00
utils/asn1: avoid undefined behaviour warning
UBSAN does not like an int >= 1<<24 being shifted left.
We check the overflow in the very next line.
Credit to OSS-Fuzz.
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25436
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Fri Sep 11 05:05:59 UTC 2020 on sn-devel-184
- - - - -
d9d8bf8c by Martin Schwenke at 2020-09-11T05:06:42+00:00
ctdb-tests: Simplify comment in large database recovery test
The older style controls mentioned are being removed.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
f9685766 by Martin Schwenke at 2020-09-11T05:06:42+00:00
ctdb-recovery: Remove use of old pull and push controls
Removes use of the old controls without cleaning up the code. Clean
up can be done later.
After this change the CTDB_CAP_FRAGMENTED_CONTROLS capability is no
longer checked. This capability can be removed along with the
controls.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
595c1a7c by Martin Schwenke at 2020-09-11T05:06:42+00:00
ctdb-recovery: Simplify database pull function names
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
225a6996 by Martin Schwenke at 2020-09-11T05:06:42+00:00
ctdb-recovery: Drop passing of capabilities into database pull
This is no longer necessary because the capability new style database
pull is assumed to always be available.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
f4e2206e by Martin Schwenke at 2020-09-11T05:06:42+00:00
ctdb-recovery: Drop unnecessary database push wrapper
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
2efce7d4 by Martin Schwenke at 2020-09-11T05:06:42+00:00
ctdb-recovery: Simplify database push function names
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
28986954 by Martin Schwenke at 2020-09-11T05:06:42+00:00
ctdb-client: Drop unused synchronous functions for database pull/push
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
3bbb4a85 by Martin Schwenke at 2020-09-11T05:06:42+00:00
ctdb-protocol: Drop client functions for old-style database pull/push
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
7d826731 by Martin Schwenke at 2020-09-11T05:06:42+00:00
ctdb-protocol: Drop marshalling functions for old-style database pull/push
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
d98f68f9 by Martin Schwenke at 2020-09-11T06:29:32+00:00
ctdb-daemon: Drop implementation of old-style database pull/push controls
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay at samba.org>
Autobuild-Date(master): Fri Sep 11 06:29:32 UTC 2020 on sn-devel-184
- - - - -
4d63a1a7 by Andrew Bartlett at 2020-09-11T07:05:33+00:00
bootstrap: Fix the spelling of README.md (again) and get a new GnuTLS
We re-run ./bootstrap/template.py --render to get a new GnuTLS on Fedora 32
This was missed with 7dc535995bbdb42b1b053c22acff5978cb5da516
and so caused e0e51632cf77be439ebcbcba025a42e8558fa824 to
break the sha1sum and so require 7077be01a3cc860ce1fcfafd9e5028829f0c1887
to fix it.
The sha1sum changes because we fixed the bug about the spelling of
README.md, which is helpful because otherwise we would not get a
new image.
This provides a GnuTLS 3.6.15 so that we still test using GnuTLS's
gnutls_aead_cipher_encryptv2() for the SMB encryption codepath.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14399
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
94808cc5 by Andreas Schneider at 2020-09-11T08:27:26+00:00
waf: Only use gnutls_aead_cipher_encryptv2() for GnuTLS > 3.6.14
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14399
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Fri Sep 11 08:27:26 UTC 2020 on sn-devel-184
- - - - -
ff40135a by Christof Schmitt at 2020-09-12T06:29:37+00:00
s3:VFS: Remove function declaration for vfs_posixacl_init
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
8d34b673 by Christof Schmitt at 2020-09-12T06:29:37+00:00
lib: Make get_share_security_default static
Reviewed-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
8b4c6fb7 by Christof Schmitt at 2020-09-12T07:53:56+00:00
smbclient: Remove unused reference to extern override_logfile
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Sat Sep 12 07:53:56 UTC 2020 on sn-devel-184
- - - - -
8f868b0e by Laurent Menase at 2020-09-14T13:33:13+00:00
winbind: Fix a memleak
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14388
Signed-off-by: Laurent Menase <laurent.menase at hpe.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Mon Sep 14 13:33:13 UTC 2020 on sn-devel-184
- - - - -
923648b0 by Jeremy Allison at 2020-09-15T10:09:36+00:00
s3: libsmb: Convert node_status_query() and associated functions and callers to expect a size_t * return.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
- - - - -
dbab4626 by Noel Power at 2020-09-15T10:09:36+00:00
s3/libsmb: Cleanup parse_node_status() only set out params on success
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
af6aaf62 by Jeremy Allison at 2020-09-15T10:09:36+00:00
s3: libsmb: Convert the WINS and broadcast name functions to return size_t * num addresses.
Have to do both at once as they are intimately related.
The uglyness inside internal_resolve_name() will go away
once all the resove_XXX() functions return size_t values.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
da9c7b19 by Jeremy Allison at 2020-09-15T10:09:37+00:00
libcli: nbt: cleanup resolve_lmhosts_file_as_sockaddr() - don't change return values on fail.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
e034072c by Jeremy Allison at 2020-09-15T10:09:37+00:00
libcli: nbt: Fix resolve_lmhosts_file_as_sockaddr() to return size_t * count of addresses.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
f5dda19d by Jeremy Allison at 2020-09-15T10:09:37+00:00
s3: libsmb: cleanup resolve_hosts() - don't change return values on fail.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
2a1c57f6 by Jeremy Allison at 2020-09-15T10:09:37+00:00
s3: libsmb: Fix resolve_hosts() to return size_t * count of addresses.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
1fc49be4 by Jeremy Allison at 2020-09-15T10:09:37+00:00
s3: libsmb: Make resolve_ads() return a size_t * address count.
All resolve_XXXX() functions inside internal_resolve_name()
now use size_t and we can clean this up.
Signed-off-by: Jeremy Allison <jra at samba.org>
Signed-off-by: Noel Power<npower at samba.org>
- - - - -
a8e0d46e by Jeremy Allison at 2020-09-15T10:09:37+00:00
s3: libsmb: internal_resolve_name() - get rid of the icount variables.
Plus the paranoia check. Everything now uses size_t * returns.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
2ebf3191 by Jeremy Allison at 2020-09-15T10:09:37+00:00
lib: addns: Fix ads_dns_lookup_srv() and functions to return size_t * num servers.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
62e99efa by Jeremy Allison at 2020-09-15T10:09:37+00:00
lib: addns: Fix ads_dns_lookup_ns(), ads_dns_query_dcs(), ads_dns_query_gcs(), ads_dns_query_kdcs(), ads_dns_query_pdc() to return size_t *.
Easier to do all callers at once.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
ed1e1e0b by Noel Power at 2020-09-15T10:09:37+00:00
s3/libsmb: cleanup discover_dc_dns, only set out params on success
Signed-off-by: Noel Power <npower at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1a10a430 by Noel Power at 2020-09-15T10:09:37+00:00
s3/libsmb: cleanup discover_dc_dns() Fix potential leak
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d8ff3652 by Jeremy Allison at 2020-09-15T10:09:37+00:00
s3: libsmb: Fix the count returns in discover_dc_netbios(), discover_dc_dns(), process_dc_dns() to return size_t * counts.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
ced8fbc7 by Jeremy Allison at 2020-09-15T10:09:37+00:00
s3: libsmb: Make prioritize_ipv4_list() use size_t counts.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
- - - - -
d044d20c by Jeremy Allison at 2020-09-15T10:09:37+00:00
s3: libads: Reformat args to cldap_ping_list().
Pure reformatting.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
- - - - -
76beee81 by Jeremy Allison at 2020-09-15T10:09:37+00:00
s3: libads: Use size_t counts inside cldap_ping_list().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
- - - - -
78b191c4 by Jeremy Allison at 2020-09-15T10:09:37+00:00
s3: libsmb: Make sort_addr_list() and sort_service_list() take size_t counts.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
- - - - -
afd83fa5 by Jeremy Allison at 2020-09-15T10:09:38+00:00
s3: libsmb: Add sort_sa_list() compare function. Not yet used.
Ready for when we start returning ordered samba_sockaddr arrays.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
- - - - -
47e104c4 by Jeremy Allison at 2020-09-15T10:09:38+00:00
s3: libsmb: Add get_kdc_list_sa() returns samba_sockaddr array.
Not yet used, but uses the previous utility functions.
Now to convert the get_kdc_list() callers and remove
one more external use of ip_service.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
- - - - -
0a347683 by Jeremy Allison at 2020-09-15T10:09:38+00:00
s3: utils: Make net_lookup_kdc() use get_kdc_list_sa().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
- - - - -
516d8734 by Jeremy Allison at 2020-09-15T10:09:38+00:00
s3: libads: Convert get_kdc_ip_string() to use get_kdc_list_sa().
No more callers of get_kdc_list().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
- - - - -
0562154a by Jeremy Allison at 2020-09-15T10:09:38+00:00
s3: libsmb: Remove get_kdc_list(). No more callers.
Next we can rename get_kdc_list_sa() -> get_kdc_list().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
- - - - -
1eecdd94 by Jeremy Allison at 2020-09-15T10:09:38+00:00
s3: libsmb: Rename get_kdc_list_sa() back to get_kdc_list().
The samba_sockaddr interface is now the only one.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
- - - - -
2b7629f3 by Jeremy Allison at 2020-09-15T10:09:38+00:00
s3: libsmb: Add function get_sorted_dc_list_sa(). Returns samba_sockaddr array.
Now to fix callers.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
- - - - -
1fb56f3f by Jeremy Allison at 2020-09-15T10:09:38+00:00
s3: utils: Make net_lookup_dc() use get_sorted_dc_list_sa().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
- - - - -
4b6fc2b0 by Jeremy Allison at 2020-09-15T10:09:38+00:00
s3: libads: Add an alternate version of cldap_ping_list() that takes an array of samba_sockaddrs.
Preparing for get_sorted_dc_list() returning such an array.
ifdef'ed out as not yet used.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
- - - - -
6be32826 by Jeremy Allison at 2020-09-15T10:09:38+00:00
s3: libads: Make resolve_and_ping_netbios() use get_sorted_dc_list_sa().
Now we use cldap_ping_list_sa() so uncomment it.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
- - - - -
5a448e96 by Jeremy Allison at 2020-09-15T10:09:38+00:00
s3: libads: Make resolve_and_ping_dns() use get_sorted_dc_list_sa().
We no longer use cldap_ping_list(), comment it out
for removal.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
- - - - -
bef9ebd8 by Jeremy Allison at 2020-09-15T10:09:38+00:00
s3: libads: Remove cldap_ping_list().
No longer used.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
- - - - -
2a57e7ed by Jeremy Allison at 2020-09-15T10:09:38+00:00
s3: libads: Rename cldap_ping_list_sa() -> cldap_ping_list().
The old cldap_ping_list() is now gone.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
- - - - -
cb5b69fb by Jeremy Allison at 2020-09-15T10:09:38+00:00
s3: winbind: Fix get_dcs() to use get_sorted_dc_list_sa().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
- - - - -
ffed032b by Jeremy Allison at 2020-09-15T10:09:38+00:00
s3: libsmb: Remove last caller of get_sorted_dc_list() from rpc_dc_name()..
Now only get_sorted_dc_list_sa() left.
Now we can remove get_sorted_dc_list() and rename
get_sorted_dc_list_sa() back to get_sorted_dc_list().
One more external user of struct ip_service gone.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
- - - - -
8ae5408d by Jeremy Allison at 2020-09-15T10:09:39+00:00
s3: libsmb: Remove get_sorted_dc_list(). No longer used.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
- - - - -
b59de9e5 by Jeremy Allison at 2020-09-15T10:09:39+00:00
s3: libsmb: Rename get_sorted_dc_list_sa() -> get_sorted_dc_list().
Everyone now uses samba_sockaddr arrays.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.com>
- - - - -
1cb9611b by Jeremy Allison at 2020-09-15T10:09:39+00:00
s3: libsmb: Convert internal function get_dc_list() to return a samba_sockaddr array.
Callers now don't need to convert. Getting closer to making internal_resolve_name()
return samba_sockaddr array.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
`
- - - - -
1181e5e1 by Jeremy Allison at 2020-09-15T10:09:39+00:00
s3: libsmb: Add remove_duplicate_addrs2_sa() - uses samba_sockaddr.
Not yet used, will be used when we migrate internal_resolve_name()
to samba_sockaddr.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
- - - - -
5bb63200 by Jeremy Allison at 2020-09-15T10:09:39+00:00
3: torture: Use remove_duplicate_addrs2_sa() instead of remove_duplicate_addrs2() in LOCAL-remove_duplicate_addrs2 test.
Spoiler, still passes :-).
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
- - - - -
c5b1d4ff by Jeremy Allison at 2020-09-15T10:09:39+00:00
s3: libsmb: Add prioritize_ipv4_list_sa().
Re-arranges a samba_sockaddr array in IPv4 preference.
Not yet used so compiles but ifdef'ed out. Needed for conversion
of internal_resolve_name().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
- - - - -
fb8acf17 by Jeremy Allison at 2020-09-15T10:09:39+00:00
s3: libsmb: Add internal_resolve_name_sa(). A wrapper for internal_resolve_name().
Not yet used. Now to fix the callers, and convert internal_resolve_name()..
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <jra at samba.org>
- - - - -
a8ec446d by Jeremy Allison at 2020-09-15T10:09:39+00:00
s3: libsmb: Fix discover_dc_netbios() to call internal_resolve_name_sa().
All callers of internal_resolve_name() are now internal to namequery.c
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
- - - - -
489102b0 by Jeremy Allison at 2020-09-15T10:09:39+00:00
s3: libsmb: Remove the internal_resolve_name() external interface.
Change the internal version from internal_resolve_name() -> _internal_resolve_name().
Only external caller calls internal_resolve_name_sa().
After this we can rename internal_resolve_name_sa() back to internal_resolve_name()
as all internal use in namequery.c is via _internal_resolve_name().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
- - - - -
185f3027 by Jeremy Allison at 2020-09-15T10:09:39+00:00
s3: libsmb: Rename internal_resolve_name_sa() -> internal_resolve_name()
That's now the only external interface to it.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
- - - - -
178bd384 by Jeremy Allison at 2020-09-15T10:09:39+00:00
s3: libsmb: Convert resolve_name() to call internal_resolve_name() not _internal_resolve_name().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
- - - - -
3b1542a1 by Jeremy Allison at 2020-09-15T10:09:39+00:00
s3: libsmb: Convert resolve_name_list() to call internal_resolve_name() not _internal_resolve_name().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
- - - - -
be85a463 by Jeremy Allison at 2020-09-15T10:09:39+00:00
s3: libsmb: Convert find_master_ip() to call internal_resolve_name() not _internal_resolve_name().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
- - - - -
e6c581f0 by Jeremy Allison at 2020-09-15T10:09:39+00:00
s3: libsmb: Convert get_pdc_ip() to call internal_resolve_name() not _internal_resolve_name().
NB. sort_service_list() and ip_service_compare() are now no
longer used so comment them out for removal.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
- - - - -
5b8f5971 by Jeremy Allison at 2020-09-15T10:09:40+00:00
s3: libsmb: Remove now unused internal functions ip_service_compare() and sort_service_list().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
- - - - -
f03a6ef6 by Jeremy Allison at 2020-09-15T10:09:40+00:00
s3: libsmb: Convert get_dc_list() to call internal_resolve_name() not _internal_resolve_name().
prioritize_ipv4_list() is no longer used.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
- - - - -
e0d060c6 by Jeremy Allison at 2020-09-15T10:09:40+00:00
s3: libsmb: Tidy up the talloc heirarchy allocation in get_dc_list().
Always allocate the return_salist off the frame pointer.
Only talloc_move() to return ctx on successful return.
Cleans up a nasty else in the exit path that caused
problems in the past - we can now always TALLOC_FREE(return_salist)
without remembering if we need to return it.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
- - - - -
5a2b5c74 by Jeremy Allison at 2020-09-15T10:09:40+00:00
s3: libsmb: Remove unused prioritize_ipv4_list().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
- - - - -
ef62fa93 by Jeremy Allison at 2020-09-15T10:09:40+00:00
s3: libsmb: Rename prioritize_ipv4_list_sa() -> prioritize_ipv4_list() now it's the only use.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
- - - - -
d3f6eccc by Jeremy Allison at 2020-09-15T10:09:40+00:00
s3: libsmb: namequery: Add utility function sockaddr_array_to_samba_sockaddr_array().
Not yet used. Will help convert _internal_resolve_name() to internal_resolve_name().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
- - - - -
757934e8 by Jeremy Allison at 2020-09-15T10:09:40+00:00
3: libsmb: namequery: Convert _internal_resolve_name() -> internal_resolve_name() returning talloced samba_sockaddr arrays.
Wrapper function internal_resolve_name() is now commented out,
along with the now unused ip_service_to_samba_sockaddr() and
convert_ss2service() functions.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
- - - - -
7d37b8ba by Jeremy Allison at 2020-09-15T10:09:40+00:00
s3: libsmb: namequery.c: Remove now unused ip_service_to_samba_sockaddr()..
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
- - - - -
a679c6c5 by Jeremy Allison at 2020-09-15T10:09:40+00:00
s3: libsmb: namequery.c: Remove now unused convert_ss2service().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
- - - - -
5b6245d1 by Jeremy Allison at 2020-09-15T10:09:40+00:00
s3: libsmb: namequery.c: Remove now unused internal_resolve_name() wrapper.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
- - - - -
d627ef14 by Jeremy Allison at 2020-09-15T10:09:40+00:00
s3: libsmb: namequery.c: Remove unused remove_duplicate_addrs2().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
- - - - -
526fdaa7 by Jeremy Allison at 2020-09-15T10:09:40+00:00
s3: libsmb: namequery. Rename remove_duplicate_addrs2_sa() to remove_duplicate_addrs2()
It's now the only function.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
- - - - -
c1d39295 by Jeremy Allison at 2020-09-15T10:09:40+00:00
s3: Remove struct ip_service.
---------------
/ \
/ REST \
/ IN \
/ PEACE \
/ \
| |
| struct ip_service |
| |
| |
| 9 August |
| In the year of the |
| pandemic |
| 2020 |
*| * * * | *
_________)/\\_//(\/(/\)/\//\/\////|_)_______
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
- - - - -
67498ffd by Jeremy Allison at 2020-09-15T11:33:35+00:00
s3: libsmb: Cleanup - in internal_resolve_name() only write the out parameters on success.
All callers already correctly initialize them.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
Autobuild-User(master): Noel Power <npower at samba.org>
Autobuild-Date(master): Tue Sep 15 11:33:35 UTC 2020 on sn-devel-184
- - - - -
ebada816 by Samuel Cabrero at 2020-09-16T22:45:38+00:00
selftest: Create client directories in a loop
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: David Disseldorp <ddiss at samba.org>
- - - - -
63b0d2dc by Samuel Cabrero at 2020-09-16T22:45:38+00:00
selftest: set pid directory in client's smb.conf
Set a pid file directory to avoid the following testparm error:
ERROR: pid directory /usr/local/samba/var/run does not exist
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: David Disseldorp <ddiss at samba.org>
- - - - -
ed625d66 by Samuel Cabrero at 2020-09-17T00:05:51+00:00
tests: Disable kerberos for weak crypto test
Otherwise the test fails because the client is authenticated using
spnego and gse_krb5, not triggering the weak crypto restrictions.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: David Disseldorp <ddiss at samba.org>
Autobuild-User(master): David Disseldorp <ddiss at samba.org>
Autobuild-Date(master): Thu Sep 17 00:05:51 UTC 2020 on sn-devel-184
- - - - -
7651c026 by Björn Jacke at 2020-09-18T00:35:40+00:00
srv_spoolss_nt.c: fix wrong value in debug message
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
787d7756 by Björn Jacke at 2020-09-18T00:35:40+00:00
cli_winreg_spoolss: handle also printer sharename
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9771
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
380938b0 by Björn Jacke at 2020-09-18T01:58:22+00:00
nt_printing_ads: add missing printShareName attribute when publishing printers
Without printShareName attribute in LDAP, Windows doesn't list the pinters at all.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9771
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Sep 18 01:58:22 UTC 2020 on sn-devel-184
- - - - -
b813cdca by Stefan Metzmacher at 2020-09-18T12:48:38+00:00
CVE-2020-1472(ZeroLogon): libcli/auth: add netlogon_creds_random_challenge()
It's good to have just a single isolated function that will generate
random challenges, in future we can add some logic in order to
avoid weak values, which are likely to be rejected by a server.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
- - - - -
355efadc by Stefan Metzmacher at 2020-09-18T12:48:38+00:00
CVE-2020-1472(ZeroLogon): s4:torture/rpc: make use of netlogon_creds_random_challenge()
This will avoid getting flakey tests once our server starts to
reject weak challenges.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
- - - - -
46642fd3 by Stefan Metzmacher at 2020-09-18T12:48:38+00:00
CVE-2020-1472(ZeroLogon): libcli/auth: make use of netlogon_creds_random_challenge() in netlogon_creds_cli.c
This will avoid getting rejected by the server if we generate
a weak challenge.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
- - - - -
caba2d80 by Stefan Metzmacher at 2020-09-18T12:48:38+00:00
CVE-2020-1472(ZeroLogon): s3:rpc_server:netlogon: make use of netlogon_creds_random_challenge()
This is not strictly needed, but makes things more clear.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
- - - - -
74eb448a by Stefan Metzmacher at 2020-09-18T12:48:38+00:00
CVE-2020-1472(ZeroLogon): s4:rpc_server:netlogon: make use of netlogon_creds_random_challenge()
This is not strictly needed, but makes things more clear.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
- - - - -
53528c71 by Stefan Metzmacher at 2020-09-18T12:48:38+00:00
CVE-2020-1472(ZeroLogon): libcli/auth: add netlogon_creds_is_random_challenge() to avoid weak values
This is the check Windows is using, so we won't generate challenges,
which are rejected by Windows DCs (and future Samba DCs).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
- - - - -
d3123858 by Stefan Metzmacher at 2020-09-18T12:48:38+00:00
CVE-2020-1472(ZeroLogon): libcli/auth: reject weak client challenges in netlogon_creds_server_init()
This implements the note from MS-NRPC 3.1.4.1 Session-Key Negotiation:
7. If none of the first 5 bytes of the client challenge is unique, the
server MUST fail session-key negotiation without further processing of
the following steps.
It lets ./zerologon_tester.py from
https://github.com/SecuraBV/CVE-2020-1472.git
report: "Attack failed. Target is probably patched."
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
- - - - -
d8a6e654 by Stefan Metzmacher at 2020-09-18T12:48:38+00:00
CVE-2020-1472(ZeroLogon): s4:rpc_server/netlogon: protect netr_ServerPasswordSet2 against unencrypted passwords
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
- - - - -
9ec8b59b by Jeremy Allison at 2020-09-18T12:48:38+00:00
CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: Fix mem leak onto p->mem_ctx in error path of _netr_ServerPasswordSet2().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
- - - - -
82d41977 by Jeremy Allison at 2020-09-18T12:48:38+00:00
CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: protect netr_ServerPasswordSet2 against unencrypted passwords
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Jeremy Allison <jra at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
- - - - -
be8e6394 by Stefan Metzmacher at 2020-09-18T12:48:38+00:00
CVE-2020-1472(ZeroLogon): s4:rpc_server/netlogon: refactor dcesrv_netr_creds_server_step_check()
We should debug more details about the failing request.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
- - - - -
f9b772bf by Stefan Metzmacher at 2020-09-18T12:48:38+00:00
CVE-2020-1472(ZeroLogon): s4:rpc_server/netlogon: support "server require schannel:WORKSTATION$ = no"
This allows to add expections for individual workstations, when using "server schannel = yes".
"server schannel = auto" is very insecure and will be removed soon.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
- - - - -
ca8a0098 by Stefan Metzmacher at 2020-09-18T12:48:39+00:00
CVE-2020-1472(ZeroLogon): s4:rpc_server/netlogon: log warnings about unsecure configurations
This should give admins wawrnings until they have a secure
configuration.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
- - - - -
9ef5b63e by Günther Deschner at 2020-09-18T12:48:39+00:00
CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: refactor dcesrv_netr_creds_server_step_check()
We should debug more details about the failing request.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Günther Deschner <gd at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
- - - - -
b74017d2 by Günther Deschner at 2020-09-18T12:48:39+00:00
CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: support "server require schannel:WORKSTATION$ = no"
This allows to add expections for individual workstations, when using "server schannel = yes".
"server schannel = auto" is very insecure and will be removed soon.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Günther Deschner <gd at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
- - - - -
b8e4b0f4 by Günther Deschner at 2020-09-18T12:48:39+00:00
CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: log warnings about unsecure configurations
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Günther Deschner <gd at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
- - - - -
d1790a0b by Stefan Metzmacher at 2020-09-18T12:48:39+00:00
CVE-2020-1472(ZeroLogon): docs-xml: document 'server require schannel:COMPUTERACCOUNT'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
- - - - -
4b262b03 by Gary Lockyer at 2020-09-18T12:48:39+00:00
CVE-2020-1472(ZeroLogon): s4 torture rpc: Test empty machine acct pwd
Ensure that an empty machine account password can't be set by
netr_ServerPasswordSet2
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
9945f3e3 by Gary Lockyer at 2020-09-18T14:13:17+00:00
CVE-2020-1472(ZeroLogon): s4 torture rpc: repeated bytes in client challenge
Ensure that client challenges with the first 5 bytes identical are
rejected.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Fri Sep 18 14:13:17 UTC 2020 on sn-devel-184
- - - - -
454ccd98 by Ralph Boehme at 2020-09-21T07:26:54+00:00
s3: fix fcntl waf configure check
RN: Fix fcntl waf configure check
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14503
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Mon Sep 21 07:26:54 UTC 2020 on sn-devel-184
- - - - -
8e31c4e6 by Volker Lendecke at 2020-09-23T16:54:38+00:00
libsmb: Use direct struct initialization
Give the compiler more hints
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ed263ef4 by Volker Lendecke at 2020-09-23T16:54:38+00:00
libsmb: README.Coding for resolve_hosts()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a3572821 by Volker Lendecke at 2020-09-23T16:54:38+00:00
libsmb: Protect against rogue getaddrinfo result
Probably a "won't happen", but to me this looked fishy
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c6a11d8d by Volker Lendecke at 2020-09-23T16:54:38+00:00
libsmb: Use talloc_realloc() correctly in resolve_hosts()
On realloc failure the old value is still around
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
08c4dd58 by Volker Lendecke at 2020-09-23T18:20:36+00:00
libsmb: Fix CID 1467087: Resource leaks
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Sep 23 18:20:36 UTC 2020 on sn-devel-184
- - - - -
56f022c3 by Volker Lendecke at 2020-09-23T20:40:47+00:00
smbd: Propagate reload-config message to all worker smbds
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Sep 23 20:40:48 UTC 2020 on sn-devel-184
- - - - -
ff36cb74 by David Disseldorp at 2020-09-23T23:29:41+00:00
ctdb/ceph: register recovery lock holder with ceph-mgr
The Ceph Manager's service map is useful for tracking the status of
Ceph related services. By registering the CTDB recovery lock holder,
Ceph storage administrators can more easily identify where and when a
CTDB cluster is up and running.
Signed-off-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
- - - - -
55dbd108 by David Disseldorp at 2020-09-23T23:29:41+00:00
ctdb/doc: mention ctdb_mutex_ceph_rados_helper mgr registration
Signed-off-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
- - - - -
68b981ee by David Disseldorp at 2020-09-24T00:52:42+00:00
ctdb/test_ceph_rados_reclock: check for service registration
Signed-off-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
Autobuild-User(master): David Disseldorp <ddiss at samba.org>
Autobuild-Date(master): Thu Sep 24 00:52:42 UTC 2020 on sn-devel-184
- - - - -
cdb6c5d1 by Amitay Isaacs at 2020-09-24T04:32:41+00:00
bind9-dlz: Bind 9.13.x switched to using bool as isc_boolean_t instead of int.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14487
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Rowland Penny <rpenny at samba.org>
- - - - -
95278618 by Amitay Isaacs at 2020-09-24T04:32:41+00:00
provision: BIND 9.13.x is not supported
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14487
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Rowland Penny <rpenny at samba.org>
- - - - -
a167a215 by Amitay Isaacs at 2020-09-24T04:32:41+00:00
bind9-dlz: Add support for BIND 9.14.x
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14487
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Rowland Penny <rpenny at samba.org>
- - - - -
016c1174 by Amitay Isaacs at 2020-09-24T04:32:41+00:00
provision: Add support for BIND 9.14.x
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14487
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Rowland Penny <rpenny at samba.org>
- - - - -
4d097976 by Amitay Isaacs at 2020-09-24T04:32:41+00:00
provision: BIND 9.15.x is not supported
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14487
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Rowland Penny <rpenny at samba.org>
- - - - -
ca3c18a2 by Amitay Isaacs at 2020-09-24T04:32:41+00:00
bind9-dlz: Add support for BIND 9.16.x
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14487
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Rowland Penny <rpenny at samba.org>
- - - - -
5b2ccb1c by Amitay Isaacs at 2020-09-24T04:32:42+00:00
provision: Add support for BIND 9.16.x
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14487
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Rowland Penny <rpenny at samba.org>
- - - - -
1bccc67c by Amitay Isaacs at 2020-09-24T05:55:43+00:00
provision: BIND 9.17.x is not supported
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14487
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Rowland Penny <rpenny at samba.org>
Autobuild-User(master): Amitay Isaacs <amitay at samba.org>
Autobuild-Date(master): Thu Sep 24 05:55:43 UTC 2020 on sn-devel-184
- - - - -
d53c91db by Andrew at 2020-09-24T21:41:12+00:00
s3:util:net_conf - allow empty path for [homes]
Validation for "net conf addshare" is overly strict. Empty string for
path for homes share is valid.
Signed-off-by: Andrew <awalker at ixsystems.com>
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Böhme <slow at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Sep 24 21:41:12 UTC 2020 on sn-devel-184
- - - - -
fca8cb63 by Jeremy Allison at 2020-09-30T11:18:43+00:00
s3: smbd: Don't overwrite contents of fsp->aio_requests[0] with NULL via TALLOC_FREE().
They may have been carefully set by the aio_del_req_from_fsp()
destructor so we must not overwrite here.
Found via some *amazing* debugging work from Ashok Ramakrishnan <aramakrishnan at nasuni.com>.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14515
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Wed Sep 30 11:18:43 UTC 2020 on sn-devel-184
- - - - -
6ee90adf by Volker Lendecke at 2020-09-30T15:58:38+00:00
libsmb: Make cli_list() prototype more descriptive
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f67c8f95 by Volker Lendecke at 2020-09-30T15:58:38+00:00
libsmb: Make cli_smb2_list() prototype more descriptive
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
2915522d by Volker Lendecke at 2020-09-30T15:58:38+00:00
smbd: Align integer types in gid_in_use()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
62237e6b by Volker Lendecke at 2020-09-30T15:58:38+00:00
smbd: process.c does not need libsmb.h
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
44fd7447 by Volker Lendecke at 2020-09-30T15:58:38+00:00
spoolss: Align some integer types
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
2c04e9a6 by Volker Lendecke at 2020-09-30T15:58:38+00:00
spoolss: Align some integer types
SPOOLSS_NOTIFY_MSG_CTR->num_groups is defined as uint32_t
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
9d14187c by Volker Lendecke at 2020-09-30T15:58:38+00:00
lib: Remove an optimization in string_replace()
Why? This simplifies the code.
Why do I believe we can do this? I don't think this is a very common
operation in critical code paths. Also, next_codepoint() already has
the same optimization. If this turns out to be a measurable
performance issue, we should turn next_codepoint() into a static
inline function doing the 7-bit optimized code path inlined the same
way we did it for tdb_oob(). This way all callers would benefit from
this optimization.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
8fa451d2 by Volker Lendecke at 2020-09-30T15:58:39+00:00
smbclient: Remove the "abort_mget" variable
This was never set to true anywhere in the code
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14517
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
71bc4d4b by Volker Lendecke at 2020-09-30T15:58:39+00:00
smbclient: Slightly simplify do_mget()
Put the prompt query into a separate if-statement, move the "quest"
variable closer to its use
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14517
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
254a5b03 by Volker Lendecke at 2020-09-30T15:58:39+00:00
test3: Add a test showing that smbclient recursive mget is broken
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14517
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
9f24b509 by Volker Lendecke at 2020-09-30T17:23:45+00:00
smbclient: Fix recursive mget
Make do_mget rely on do_list() already doing the recursion in a
breadth-first manner. The previous code called do_list() from within
its callback. Unfortunately the recent simplifications of do_list()
broke this, leading to recursive mget to segfault. Instead of figuring
out how this worked before the simplifications in do_list() (I did
spend a few hours on this) and fixing it, I chose to restructure
do_mget() to not recursively call do_list() anymore but instead rely
on do_list() to do the recursion. Saves quite a few lines of code and
complexity.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14517
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Sep 30 17:23:45 UTC 2020 on sn-devel-184
- - - - -
b8653f4e by Simo Sorce at 2020-09-30T20:45:23+00:00
Restrict GSSAPI query to the krb5 mechanism
Otherwise GSSAPI will consult other mechanisms if available and we can
only cope with krb5 credentials here.
Signed-off-by: Simo Sorce <idra at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Sep 30 20:45:23 UTC 2020 on sn-devel-184
- - - - -
33fffcd2 by Jeremy Allison at 2020-09-30T20:46:39+00:00
s3: smbd: dptr_create() doesn't need a separate wcard_has_wild parameter.
It can figure this out by itself.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
93fcb449 by Jeremy Allison at 2020-09-30T20:46:39+00:00
s3: smbd: SMB1 reply_unlink() - the UCF_COND_ALLOW_WCARD_LCOMP makes no sense.
There's either a wildcard in the last component or not. Always use
UCF_ALWAYS_ALLOW_WCARD_LCOMP for calls that can take a wildcard.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
38bdb082 by Jeremy Allison at 2020-09-30T20:46:39+00:00
s3: smbd: SMB1 reply_mv() - the UCF_COND_ALLOW_WCARD_LCOMP makes no sense..
There's either a wildcard in the last component or not. Always use
UCF_ALWAYS_ALLOW_WCARD_LCOMP for calls that can take a wildcard.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
10e034ec by Jeremy Allison at 2020-09-30T20:46:39+00:00
s3: smbd: SMB1 reply_copy() - the UCF_COND_ALLOW_WCARD_LCOMP makes no sense.
There's either a wildcard in the last component or not. Always use
UCF_ALWAYS_ALLOW_WCARD_LCOMP for calls that can take a wildcard.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
5082423f by Jeremy Allison at 2020-09-30T20:46:39+00:00
s3: smbd: SMB1 reply_ntrename() - the UCF_COND_ALLOW_WCARD_LCOMP makes no sense.
There's either a wildcard in the last component or not. Always use
UCF_ALWAYS_ALLOW_WCARD_LCOMP for calls that can take a wildcard.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
8d11a87e by Jeremy Allison at 2020-09-30T20:46:39+00:00
s3: smbd: MS-DFS - We no longer ever set UCF_COND_ALLOW_WCARD_LCOMP so don't check for it.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
e188b74a by Jeremy Allison at 2020-09-30T20:46:39+00:00
s3: smbd: SMB1 Remove the crazy semantics in filename_convert_internal() using UCF_COND_ALLOW_WCARD_LCOMP.
In the places where wildcards are allowed in SMB1
we always pass in UCF_ALWAYS_ALLOW_WCARD_LCOMP.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
5547cc80 by Jeremy Allison at 2020-09-30T20:46:39+00:00
s3: smbd: SMB1 comment out unused UCF_COND_ALLOW_WCARD_LCOMP flag.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
b7ca811e by Jeremy Allison at 2020-09-30T20:46:39+00:00
s3: smbd: SMB1 reply_ntrename() - the source cannot have a wildcard.
Simplify the wildcard processing of the source name.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
71c4c96d by Jeremy Allison at 2020-09-30T20:46:39+00:00
s3: smbd: SMB1 reply_ntrename() - Move the call to get_original_lcomp() to before filename_convert() for the destination name.
Simple code re-arrangement to make the next change clear.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
c518111e by Jeremy Allison at 2020-09-30T20:46:39+00:00
s3: smbd: SMB1 reply_ntrename() - set dest_has_wcard from the parsed last component.
We eventually want to remove the last_component_has_wcard out of the srvstr_get_pathXXX()
calls and just use srvstr_get_path_req().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
f43c0416 by Jeremy Allison at 2020-09-30T20:46:39+00:00
s3: smbd: SMB1 reply_ntrename() - now we set dest_has_wcard separately we can use srvstr_get_path_req() instead of srvstr_get_path_req_wcard().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
db20ef39 by Jeremy Allison at 2020-09-30T20:46:39+00:00
s3: smbd: SMB1 reply_ntrename() - now we set dest_has_wcard separately we don't need to pass it to filename_convert().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
525ccadd by Jeremy Allison at 2020-09-30T20:46:40+00:00
s3: smbd: srvstr_get_path_req_wcard() is now static to reply.c
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
078f2d94 by Jeremy Allison at 2020-09-30T20:46:40+00:00
s3: smbd: In SMB2 query directory we don't need to do full path resolution of the mask component.
get_original_lcomp() does all the name canonicalization required for the mask.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
97a4dfbd by Jeremy Allison at 2020-09-30T20:46:40+00:00
s3: smbd: SMB1 reply_search() doesn't actually care if the mask contains a wildcard or not.
Don't pass to filename_convert().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
e3611cc0 by Jeremy Allison at 2020-09-30T20:46:40+00:00
s3: smbd: SMB1 reply_search(). The dptr already knows if the mask has a wildcard.
Get the value from the dptr instead.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
edee7198 by Jeremy Allison at 2020-09-30T20:46:40+00:00
s3: smbd: SMB1 reply_search(). Use srvstr_get_path_req() not srvstr_get_path_req_wcard()
If we have a wildcard is found by other means now.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
49be6d38 by Jeremy Allison at 2020-09-30T20:46:40+00:00
s3: smbd: SMB1 reply_fclose() doesn't need wcard, use srvstr_get_path_req() not srvstr_get_path_req_wcard().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
96b9842e by Jeremy Allison at 2020-09-30T20:46:40+00:00
s3: smbd: unlink_internals() can figure out if the mask has a wildcard on its own.
Doesn't need a parameter for that.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
ed0c07e2 by Jeremy Allison at 2020-09-30T20:46:40+00:00
s3: smbd: SMB1 call_trans2findfirst(). Don't need the wildcard status of the mask here.
dptr_create() can work this out all on its own.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
0fbce948 by Jeremy Allison at 2020-09-30T20:46:40+00:00
s3: smbd: SMB1 call_trans2findnext() doesn't need the mask_contains_wcard bool.
dptr already knows this.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
83b17f4f by Jeremy Allison at 2020-09-30T20:46:40+00:00
s3: smbd: SMB1 reply_unlink() - use srvstr_get_path_req() not srvstr_get_path_req_wcard()
Now unlink_internals() checks its own wildcard on the mask.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
b89c0a6d by Jeremy Allison at 2020-09-30T20:46:40+00:00
s3: smbd: SMB1 rename_internals() can figure out the wildcard status of the paths by itself.
No need to pass them as parameters.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
079aec9d by Jeremy Allison at 2020-09-30T20:46:41+00:00
s3: smbd: SMB1 reply_mv() no longer needs the XX_has_wcard variables.
Use srvstr_get_path_req() not srvstr_get_path_req_wcard().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
9269e9c2 by Jeremy Allison at 2020-09-30T20:46:41+00:00
s3: smbd: SMB1 reply_copy() - set the xxx_has_wild flags from the processed names.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
08d029c2 by Jeremy Allison at 2020-09-30T20:46:41+00:00
s3: smbd: SMB1 reply_copy(). Use srvstr_get_path_req() not srvstr_get_path_req_wcard()
Now we check the wildcard status elsewhere. Don't pass to filename_convert() either.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
bf966dc2 by Jeremy Allison at 2020-09-30T20:46:41+00:00
s3: smbd: SMB1 call_nt_transact_rename() never needs wcard bool.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
9c16729a by Jeremy Allison at 2020-09-30T20:46:41+00:00
s3: smbd: smb_file_rename_information() doesn't need to use the wildcard status of the destination.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
4f0ecc7d by Jeremy Allison at 2020-09-30T20:46:41+00:00
s3: smbd: srvstr_get_path_wcard_posix() is no longer used.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
26e8bd7e by Jeremy Allison at 2020-09-30T20:46:41+00:00
s3: smbd: Remove srvstr_get_path_wcard() - no longer used.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
9392b13d by Jeremy Allison at 2020-09-30T20:46:41+00:00
s3: smbd: Remove the wrapper srvstr_get_path_req_wcard().
Rename srvstr_get_path_req_wcard() -> srvstr_get_path_req()
as it no longer gets ward status.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
7a1839ab by Jeremy Allison at 2020-09-30T20:46:41+00:00
s3: smbd: All callers to srvstr_get_path_wcard_internal() pass 'ignore' as the last parameter.
Move it internal to srvstr_get_path_wcard_internal().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
5ea69c26 by Jeremy Allison at 2020-09-30T20:46:41+00:00
s3: smbd: Rename srvstr_get_path_wcard_internal() -> srvstr_get_path_internal().
It now does nothing with wildcards.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
4d7cdefb by Jeremy Allison at 2020-09-30T20:46:41+00:00
s3: smbd: As srvstr_get_path_internal() ignores the wcard parameter, use check_path_syntax() instead of check_path_syntax_wcard()
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
ff4e8b2c by Jeremy Allison at 2020-09-30T20:46:42+00:00
s3: smbd: All callers to filename_convert() pass in NULL for the 'bool *ppath_contains_wcard' parameter.
Remove it.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
eb60ed6b by Jeremy Allison at 2020-09-30T20:46:42+00:00
s3: smbd: The only caller of filename_convert_with_privilege() passes in NULL for the 'bool *ppath_contains_wcard' parameter.
Remove it.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
b3334eb9 by Jeremy Allison at 2020-09-30T20:46:42+00:00
s3: smbd: Remove the 'bool *ppath_contains_wcard' parameter from filename_convert_internal()
It's always ignored.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
e59c810f by Jeremy Allison at 2020-09-30T20:46:42+00:00
s3: smbd: Remove unused 'bool *ppath_contains_wcard' parameter from resolve_dfspath_wcard()
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
e7bb8075 by Jeremy Allison at 2020-09-30T20:46:42+00:00
s3: smbd: Remove unused 'bool *ppath_contains_wcard' parameter from dfs_redirect()
resolve_dfspath_wcard() is now a tranparent wrapper for dfs_redirect().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
b7bb348b by Jeremy Allison at 2020-09-30T20:46:42+00:00
s3: smbd: Remove wrapper resolve_dfspath_wcard(). Just call dfs_redirect() directly.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
25ef2552 by Jeremy Allison at 2020-09-30T20:46:42+00:00
s3: smbd: Implement the 'allow_wcards' parameter inside parse_dfs_path().
Previously this didn't actually restrict wildcards here, as check_path_syntax_wcard()
returns the fact there was a wildcard in the last component, but doesn't
return an error. Just use check_path_syntax() instead and check
for wildcards separately.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
f9321ed7 by Jeremy Allison at 2020-09-30T20:46:42+00:00
s3: smbd: Remove unused 'bool *ppath_contains_wcard' parameter from parse_dfs_path().
check_path_syntax_wcard() is now unused.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
a9186829 by Jeremy Allison at 2020-09-30T22:08:01+00:00
s3: smbd: Remove unused check_path_syntax_wcard().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Wed Sep 30 22:08:01 UTC 2020 on sn-devel-184
- - - - -
8557a529 by Andrew Bartlett at 2020-10-01T01:18:38+00:00
autobuild.py: Combine samba-static and samba-nopython
We expect these will complete in under an hour and reduce the number of
parallel jobs. Hopefully there will be some ccache hits between these
as well.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
3e488255 by Andrew Bartlett at 2020-10-01T01:18:38+00:00
build: Remove Python2 support from the build
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14488
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
40511af0 by Andrew Bartlett at 2020-10-01T01:18:38+00:00
build: Remove Python2 handling in SAMBA_CHECK_PYTHON_HEADERS()
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
5edc004f by Andrew Bartlett at 2020-10-01T01:18:38+00:00
.gitlab-ci.yml: Set interuptable: true
This should reduce some CI costs, avoiding spending CPU time on jobs that are
already out of date because a new branch has been pushed.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
21197bb5 by Andrew Bartlett at 2020-10-01T01:18:38+00:00
selftest: Move some more tests from the samba-o3 job
These tests do not need to be repeated over and over on multiple
distributions. This just wastes CI resources.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
5419774b by Andrew Bartlett at 2020-10-01T01:18:39+00:00
autobuild: Remove the os.getpid() from the autobuild directory
This might help our CI runners get a ccache hit by keeping the path constant.
Otherwise, we only get a good ccache hit rate if the docker container gives
us the same pid each time.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
e5b236d4 by Andrew Bartlett at 2020-10-01T01:18:39+00:00
.gitlab-ci.yml: Remove echo of (incorrect due previous commit) command
The command is now echoed by the gitlab interface now anyway,
so avoid having to keep these in sync.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
584f5106 by Andrew Bartlett at 2020-10-01T01:18:39+00:00
autobuild: Remove more "make install" steps
Running a "make install" involves a full re-link which takes quite some time
we really only need to test this in a couple of basic combinations, so remove
from a few more targets.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
88663eb9 by Andrew Bartlett at 2020-10-01T01:18:39+00:00
autobuild: Merge no-modules test with the library --disable-python build
This avoids another full compile cycle.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
a22a80ed by Jule Anger at 2020-10-01T01:18:39+00:00
samdb: add prepare_attr_replace() method
Add a method to prepare a given Message to replace the given attribute.
If the given new value is None or the old value and the new value are
the same, do nothing.
If the new value is empty, prepare to replace the given attribute with
[].
Else prepare to replace the given attribute with the new value.
Use this for samdb.modify(msg).
Signed-off-by: Jule Anger <ja at sernet.de>
Reviewed-by: Björn Baumbach <bb at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
899e66d4 by Jule Anger at 2020-10-01T01:18:39+00:00
samdb: add fullname_from_names() method
Add a method to construct the fullname, using the given name, the initials
and the surname.
If one of this values is empty, try to use the old one, given by an
attributs set.
If the combination is empty, the method will return the fallback-default
parameter.
Use this method to construct the CN or the displayName of users or
contacts.
Signed-off-by: Jule Anger <ja at sernet.de>
Reviewed-by: Björn Baumbach <bb at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
efa9889a by Jule Anger at 2020-10-01T01:18:39+00:00
testsuite: add test suite for samba-tool contact commands
Signed-off-by: Jule Anger <ja at sernet.de>
Reviewed-by: Björn Baumbach <bb at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
891af240 by Björn Baumbach at 2020-10-01T01:18:39+00:00
samba-tool user: add new user 'rename' command
Usage: samba-tool user rename <username> [options]
Rename a user and related attributes.
This command allows to set the user's name related attributes. The user's
CN will be renamed automatically.
The user's new CN will be made up by combining the given-name, initials
and surname. A dot ('.') will be appended to the initials automatically.
Use the --force-new-cn option to specify the new CN manually.
The username specified on the command is the sAMAccountName.
Example1:
samba-tool user rename johndoe --surname='Bloggs'
Example1 shows how to change the surname of a user 'johndoe' to 'Bloggs' on
the local server. The user's CN will be renamed automatically, based on
the given name, initials and surname.
Pair-Programmed-With: Jule Anger <ja at sernet.de>
Signed-off-by: Björn Baumbach <bb at sernet.de>
Signed-off-by: Jule Anger <ja at sernet.de>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
06997d15 by Jule Anger at 2020-10-01T01:18:39+00:00
doc: add samba-tool user rename command to samba-tool man page
Signed-off-by: Jule Anger <ja at sernet.de>
Reviewed-by: Björn Baumbach <bb at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
ea8b3f92 by Jule Anger at 2020-10-01T01:18:39+00:00
samba-tool tests: add test-cases for 'user rename'
Tests the following options:
--surname
--given-name
--initials
--force-new-cn
--reset-cn
--display-name
--mail-address
--samaccountname
--upn
Signed-off-by: Jule Anger <ja at sernet.de>
Reviewed-by: Björn Baumbach <bb at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
4b06ff7f by Jule Anger at 2020-10-01T01:18:39+00:00
samba-tool group: add new group 'rename' command
Usage: samba-tool group rename <groupname> [options]
Rename a group and related attributes.
This command allows to set the group's name related attributes.
Use an empty attribute value to remove the specified attribute.
The groupname specified on the command is the sAMAccountName.
Example1:
samba-tool group rename employees --samaccountname=staff
Example1 shows how to change the sAMAaccountName of a group 'employees' to
'staff' on the local server.
Signed-off-by: Jule Anger <ja at sernet.de>
Reviewed-by: Björn Baumbach <bb at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
3ff79e81 by Jule Anger at 2020-10-01T01:18:39+00:00
doc: add samba-tool group rename command to samba-tool man page
Signed-off-by: Jule Anger <ja at sernet.de>
Reviewed-by: Björn Baumbach <bb at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
ac283a96 by Jule Anger at 2020-10-01T01:18:40+00:00
samba-tool tests: add test-cases for 'group rename'
Tests the following options:
--samaccountname
--force-new-cn
--reset-cn
--mail-address
Signed-off-by: Jule Anger <ja at sernet.de>
Reviewed-by: Björn Baumbach <bb at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
bf04cb3b by Jule Anger at 2020-10-01T01:18:40+00:00
samba-tool contact: add new contact 'rename' command
Usage: samba-tool contact rename <contactname> [options]
Rename a contact and related attributes.
This command allows to set the contact's name related attributes.
Use an empty attribute value to remove the specified attribute.
The contactname specified on the command is the CN.
Example1:
samba-tool contact rename "John Doe" --surname=Bloggs \\
--force-new-cn=John
Example1 shows how to change the surname ('sn' attribute) of a contact
'John Doe' to 'Bloggs' and change the CN to 'John' on the local server.
Signed-off-by: Jule Anger <ja at sernet.de>
Reviewed-by: Björn Baumbach <bb at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
66b6d90c by Jule Anger at 2020-10-01T01:18:40+00:00
doc: add samba-tool contact rename command to samba-tool man page
Signed-off-by: Jule Anger <ja at sernet.de>
Reviewed-by: Björn Baumbach <bb at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
b83b4c92 by Jule Anger at 2020-10-01T01:18:40+00:00
samba-tool tests: add test-cases for 'contact rename'
Tests the following options:
--surname
--given-name
--initials
--force-new-cn
--reset-cn
--display-name
--mail-address
Signed-off-by: Jule Anger <ja at sernet.de>
Reviewed-by: Björn Baumbach <bb at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
419e75cc by Jule Anger at 2020-10-01T01:18:40+00:00
samba-tool ou: rename 'ou create' to 'ou add'
Keep 'ou create' for compatibility reasons.
Signed-off-by: Jule Anger <ja at sernet.de>
Reviewed-by: Björn Baumbach <bb at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
3b8ed676 by Jule Anger at 2020-10-01T01:18:40+00:00
doc: rename 'ou create' to 'ou add'
And add 'ou create' as synonym for 'ou add'.
Signed-off-by: Jule Anger <ja at sernet.de>
Reviewed-by: Björn Baumbach <bb at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
6315deaa by Jule Anger at 2020-10-01T01:18:40+00:00
samba-tool tests: rename 'ou create' to 'ou add'
Signed-off-by: Jule Anger <ja at sernet.de>
Reviewed-by: Björn Baumbach <bb at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
95ba8a3f by Jule Anger at 2020-10-01T01:18:40+00:00
samba-tool user: rename 'user create' to 'user add'
Keep 'user create' for compatibility reasons.
Signed-off-by: Jule Anger <ja at sernet.de>
Reviewed-by: Björn Baumbach <bb at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
d93a7e21 by Jule Anger at 2020-10-01T01:18:40+00:00
doc: rename 'user create' to 'user add'
And add 'user create' as synonym for 'user add'.
Signed-off-by: Jule Anger <ja at sernet.de>
Reviewed-by: Björn Baumbach <bb at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
05136448 by Jule Anger at 2020-10-01T01:18:40+00:00
samba-tool tests: rename 'user create' to 'user add'
Signed-off-by: Jule Anger <ja at sernet.de>
Reviewed-by: Björn Baumbach <bb at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
1703ca11 by Jule Anger at 2020-10-01T01:18:40+00:00
samba-tool computer: rename 'computer create' to 'computer add'
Keep 'computer create' for compatibility reasons.
Signed-off-by: Jule Anger <ja at sernet.de>
Reviewed-by: Björn Baumbach <bb at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
5f657d55 by Jule Anger at 2020-10-01T01:18:40+00:00
doc: rename 'computer create' to 'computer add'
And add 'computer create' as synonym for 'computer add'.
Signed-off-by: Jule Anger <ja at sernet.de>
Reviewed-by: Björn Baumbach <bb at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
1f61ef20 by Jule Anger at 2020-10-01T01:18:41+00:00
samba-tool tests: rename 'computer create' to 'computer add'
Signed-off-by: Jule Anger <ja at sernet.de>
Reviewed-by: Björn Baumbach <bb at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
90988ff6 by Jule Anger at 2020-10-01T01:18:41+00:00
samba-tool group: add 'group create' as synonym for 'group add'
Add 'group create' command for a symmetric set of
samba-tool subcommands
Signed-off-by: Jule Anger <ja at sernet.de>
Reviewed-by: Björn Baumbach <bb at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
ee1c8126 by Jule Anger at 2020-10-01T01:18:41+00:00
doc: add 'group create' as synonym for 'group add'
Signed-off-by: Jule Anger <ja at sernet.de>
Reviewed-by: Björn Baumbach <bb at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
66862358 by Jule Anger at 2020-10-01T01:18:41+00:00
samba-tool tests: rename 'group create' to 'group add'
Signed-off-by: Jule Anger <ja at sernet.de>
Reviewed-by: Björn Baumbach <bb at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
f38336ac by Jule Anger at 2020-10-01T01:18:41+00:00
samba-tool contact: rename 'contact create' to 'contact add'
Keep 'contact create' for compatibility reasons.
Signed-off-by: Jule Anger <ja at sernet.de>
Reviewed-by: Björn Baumbach <bb at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
3b7cf5f5 by Jule Anger at 2020-10-01T01:18:41+00:00
doc: rename 'contact create' to 'contact add'
And add 'contact create' as synonym for 'contact add'.
Signed-off-by: Jule Anger <ja at sernet.de>
Reviewed-by: Björn Baumbach <bb at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
ab0e5e3c by Jule Anger at 2020-10-01T02:44:09+00:00
samba-tool tests: rename 'contact create' to 'contact add'
Signed-off-by: Jule Anger <ja at sernet.de>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall at samba.org>
Autobuild-Date(master): Thu Oct 1 02:44:09 UTC 2020 on sn-devel-184
- - - - -
91dc9bb6 by Jeremy Allison at 2020-10-01T21:21:38+00:00
s3: smbd: Remove the ignored last parameter 'bool *p_last_component_contains_wcard' from check_path_syntax_internal().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Böhme <slow at samba.org>
- - - - -
234957a2 by Alexander Bokovoy at 2020-10-01T22:45:29+00:00
Fix build after removal of an extra safe_string.h
Move of strcasecmp redefine to lib/util/safe_string.h in
https://gitlab.com/samba-team/samba/-/merge_requests/1507 broke build on
Fedora 33 with GCC 10.2.1 for those compilation units that use
ldb_att_cmp().
The reason for that is that ldb_attr_cmp() defined as
#define ldb_attr_cmp(a, b) strcasecmp(a, b)
because attribute names restricted to be ASCII by RFC2251 (LDAPv3 spec).
A solution is to add
#undef strcasecmp
to all source code files which use ldb_attr_cmp().
Signed-off-by: Alexander Bokovoy <ab at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Oct 1 22:45:29 UTC 2020 on sn-devel-184
- - - - -
85d2ff2f by David Mulder at 2020-10-02T13:29:35+00:00
python: Move dsdb_Dn to samdb
The import dsdb needed for dsdb_Dn causes import
errors when trying to import get_bytes/get_string
in some places.
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
a3cd3153 by David Mulder at 2020-10-02T14:49:36+00:00
python2 reduction: Merge remaining compat code into common
The remaining compat code (get_string, get_bytes,
cmp) are useful helper routines which we should
simply merge into common (especially since there
is some duplication here).
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Autobuild-User(master): David Mulder <dmulder at samba.org>
Autobuild-Date(master): Fri Oct 2 14:49:36 UTC 2020 on sn-devel-184
- - - - -
80ac7fa7 by Ralph Boehme at 2020-10-02T19:39:43+00:00
build: remove smbd_conn private library
This is not needed anymore since 6822baa2920f30374ec84363497d97e24f359fab..
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
089d8f44 by Ralph Boehme at 2020-10-02T19:39:43+00:00
vfs: add and use vfs_fake_fd()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
176290eb by Ralph Boehme at 2020-10-02T19:39:43+00:00
vfs_default: realign vfswrap_fgetxattr() args
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
616b64c3 by Ralph Boehme at 2020-10-02T19:39:43+00:00
s4/torture: use unique filename for torture_samba3_hide() test
The filename "test.txt" is also used by other tests and without O_PATH the file
can't be removed at the end of this tests: open_smb_fname_fsp() fails with
ACCESS_DENIED because the POSIX mode of the file is 0000 and become_root() used
in the #ifndef O_PATH fallback case doesn't work in CI.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
4389ae9c by Ralph Boehme at 2020-10-02T19:39:43+00:00
vfs_fruit: ensure the buffer passed to file_lines_parse() is 0-terminated
Otherwise valgrind complains...
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
187353d9 by Ralph Boehme at 2020-10-02T19:39:43+00:00
smbd: switch caller of fd_openat() to fd_open()
fd_openat() was added to be used with real dirfsp, but after adding pathref fd
support we will never use this.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d196cf46 by Ralph Boehme at 2020-10-02T19:39:43+00:00
vfs_fruit: use VFS ftruncate function in fruit_ftruncate_rsrc_adouble()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
7ccaff48 by Ralph Boehme at 2020-10-02T19:39:43+00:00
smbd: remove dirfsp arg from mkdir_internal()
Prepares for removing the dirfsp arg from SMB_VFS_CREATE_FILE() again. In the
future mkdir_internal() will open the dirfsp itself as needed.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a7544661 by Ralph Boehme at 2020-10-02T19:39:43+00:00
smbd: remove dirsp arg from open_directory()
Prepares for removing the dirfsp arg from SMB_VFS_CREATE_FILE() again. In the
future open_directory() will open the dirfsp itself.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
9d84a235 by Ralph Boehme at 2020-10-02T19:39:44+00:00
smbd: remove dirfsp arg from create_file_unixpath()
Prepares for removing the dirfsp arg from SMB_VFS_CREATE_FILE() again. In the
future dirfsp has to opened as needed within create_file_unixpath() and below.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a366b756 by Ralph Boehme at 2020-10-02T19:39:44+00:00
vfs_fruit: avoid using fsp->dirsp
fsp->dirfsp will eventually go away again.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
b133b81d by Ralph Boehme at 2020-10-02T19:39:44+00:00
smbd: avoid using dirfsp arg in create_file_default()
This is not used anymore in the callees.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1c444f9c by Ralph Boehme at 2020-10-02T19:39:44+00:00
smbd: remove fsp->dirfsp
This was supposed to be a shortcut to avoid passing dirfsp around as an explicit
function argument throughout the whole codebase when the new VFS design idea was
based on using *AT functions throughout the VFS.
Now that we've opted for basing the VFS on handles and *AT functions will only
be used in a much more limitted extent, it makes sense to remove this internal
dirfsp reference, otherwise the combination of internal fsp->dirfsp and
smb_fname->fsp is going to be a tough to wrap your head around.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
32257483 by Ralph Boehme at 2020-10-02T21:00:05+00:00
vfs: remove dirfsp arg from SMB_VFS_CREATE_FILE()
This was supposed to be a shortcut to avoid passing dirfsp around as an explicit
function argument throughout the whole codebase when the new VFS design idea was
based on using *AT functions throughout the VFS.
Now that we've opted for basing the VFS on handles and *AT functions will only
be used in a much more limitted extent, it makes sense to remove this internal
dirfsp reference, otherwise the combination of internal fsp->dirfsp and
smb_fname->fsp is going to be a tough to wrap your head around.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Oct 2 21:00:05 UTC 2020 on sn-devel-184
- - - - -
f02e76d0 by Volker Lendecke at 2020-10-02T21:30:32+00:00
libads: Improve a debug message
"kdc_str" is a multi-line string starting with a tab. It looks
better in the debug message when starting in a new line.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
4c1f61cb by Volker Lendecke at 2020-10-02T21:30:32+00:00
libads: Improve a debug message
"kdc_ip_string" is a multi-line string starting with a tab. It looks
better in the debug message when starting in a new line.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
9b453f47 by Volker Lendecke at 2020-10-02T21:30:32+00:00
libcli: Remove a pointless if-expression
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
bb8d3330 by Volker Lendecke at 2020-10-02T21:30:32+00:00
libcli: Don't leave a pointer uninitialized
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
6d369438 by Volker Lendecke at 2020-10-02T21:30:33+00:00
vfs: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f58ae505 by Volker Lendecke at 2020-10-02T21:30:33+00:00
torture3: Fix a cut&paste error in a printf message
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
818103c8 by Volker Lendecke at 2020-10-02T21:30:33+00:00
vfs: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
552ceb5b by Volker Lendecke at 2020-10-02T21:30:33+00:00
smbd: Use ISDOT/ISDOTDOT instead of strcmp
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
bcbe7363 by Volker Lendecke at 2020-10-02T21:30:33+00:00
vfs_fruit: Fix typos
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
5a143c09 by Volker Lendecke at 2020-10-02T21:30:33+00:00
lib: Avoid a use of includes.h
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a61ed4df by Volker Lendecke at 2020-10-02T21:30:33+00:00
libcli: Align some integer types
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
dfc870b6 by Volker Lendecke at 2020-10-02T21:30:33+00:00
mdssvc: Slightly simplify dalloc_size()
talloc_get_size() and thus talloc_array_length() deals fine with a
NULL pointer
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
bbb01763 by Volker Lendecke at 2020-10-02T21:30:33+00:00
librpc: Add GUID_to_ndr_buf()
Avoids talloc
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
29e3c0cd by Volker Lendecke at 2020-10-02T21:30:33+00:00
librpc: Use GUID_to_ndr_buf() in GUID_to_ndr_blob()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
77877cfe by Volker Lendecke at 2020-10-02T21:30:33+00:00
libcli: Use GUID_to_ndr_buf() in ldap_encode_ndr_GUID()
Avoid a talloc/free
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
bc638871 by Volker Lendecke at 2020-10-02T21:30:33+00:00
smbd: Use GUID_to_ndr_buf() in smbXsrv_client_global_id_to_key()
Avoid a talloc/free
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
5f1161f4 by Volker Lendecke at 2020-10-02T21:30:33+00:00
smbd: Use GUID_to_ndr_buf() in fsctl_validate_neg_info()
Avoid a talloc/free
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
b1fa3e2b by Volker Lendecke at 2020-10-02T21:30:34+00:00
libcli: Use GUID_to_ndr_buf() in smbcli_push_guid()
Avoid two talloc/free
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
39180ca2 by Volker Lendecke at 2020-10-02T21:30:34+00:00
libcli: Use GUID_to_ndr_buf() in smb2_create_send()
Avoid talloc/free
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
63ab004e by Volker Lendecke at 2020-10-02T21:30:34+00:00
libcli: Use GUID_to_ndr_buf() in smbXcli_negprot_smb2_subreq()
Avoid a talloc/free
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
666d2a38 by Volker Lendecke at 2020-10-02T22:50:43+00:00
libcli: Use GUID_to_ndr_buf() in smb2cli_validate_negotiate_info_send()
Avoid a talloc/free
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Oct 2 22:50:43 UTC 2020 on sn-devel-184
- - - - -
83ab59d9 by David Disseldorp at 2020-10-05T12:38:34+00:00
Revert "vfs_ceph: drop fdopendir handler"
This reverts commit 76d7d05b1da6c0703b1c2bade0c4467c7cc1adec.
OpenDir_fsp() no longer falls back to regular open, so this hook is
required.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14519
Signed-off-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
Autobuild-User(master): David Disseldorp <ddiss at samba.org>
Autobuild-Date(master): Mon Oct 5 12:38:34 UTC 2020 on sn-devel-184
- - - - -
5cfc9271 by Christof Schmitt at 2020-10-05T20:06:04+00:00
third_party: Update gpfs.h to 5.0.5.3 version
4.2.3 went out of support, so update the header file to the oldest
currently supported GPFS version. Going forward, this will allow usage
of newer API calls.
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Christof Schmitt <cs at samba.org>
Autobuild-Date(master): Mon Oct 5 20:06:04 UTC 2020 on sn-devel-184
- - - - -
3ab52b52 by Martin Schwenke at 2020-10-06T03:12:35+00:00
ctdb-recoverd: Drop unnecessary code
This has already been done in update_flags().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14513
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
4b01f540 by Martin Schwenke at 2020-10-06T03:12:35+00:00
ctdb-recoverd: Drop unnecessary and broken code
update_flags() has already updated the recovery master's canonical
node map, based on the flags from each remote node, and pushed out
these flags to all nodes.
If i == j then the node map has already been updated from this remote
node's flags, so simply drop this case.
Although update_flags() has updated flags for all nodes, it did not
update each node map in remote_nodemaps[] to reflect this. This means
that remote_nodemaps[] may contain inconsistent flags for some nodes
so it should not be used to check consistency when i != j.
Further, a meaningful difference in flags can only really occur if
update_flags() failed. In that case this code is never reached.
These observations combine to imply that this whole loop should be
dropped.
This leaves potential sub-second inconsistencies due to out-of-band
healthy/unhealthy flag changes pushed via CTDB_SRVID_PUSH_NODE_FLAGS.
These updates could be dropped (takeover run asks each node for
available IPs rather than making centralised decisions based on node
flags) but for now they will be fixed in the next iteration of
main_loop().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14513
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
b68105b8 by Martin Schwenke at 2020-10-06T04:32:06+00:00
ctdb-tests: Strengthen node state checking in ctdb disable/enable test
Check that the desired state is set on all nodes instead of just the
test node. This ensures that node flags have correctly propagated
across the cluster.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14513
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay at samba.org>
Autobuild-Date(master): Tue Oct 6 04:32:06 UTC 2020 on sn-devel-184
- - - - -
c587685d by Björn Jacke at 2020-10-06T23:06:50+00:00
docs: fix default value of spoolss:architecture
"Windows x64" is the default here since a couple of years already.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14522
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Oct 6 23:06:50 UTC 2020 on sn-devel-184
- - - - -
728dd396 by Jeremy Allison at 2020-10-08T15:07:30+00:00
nsswitch: Add an async DNS kerberos locator plugin.
Used in production on a large customer site.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
f3281e0b by Jeremy Allison at 2020-10-08T15:07:30+00:00
s3: selftest: Add new SMB1-only wildcard unlink regression test.
samba3.smbtorture_s3.crypt_client.SMB1-WILD-MANGLE-UNLINK(nt4_dc_smb1)
samba3.smbtorture_s3.plain.SMB1-WILD-MANGLE-UNLINK(fileserver_smb1)
knownfail for now.
The recent wildcard changes broke something that used to work.
Consider a directory with 2 files:
dir/
a
*
The '*' file has a mangled name of _2X68P~X.
SMB1unlink("_2X68P~X") will delete *both* files
as the new 'unlink has wildcard' check is done after
the name unmangle.
SMB2 doesn't suffer from this problem, as it doesn't
allow wildcard unlinks.
Fix to follow.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
43d30ddb by Jeremy Allison at 2020-10-08T15:07:30+00:00
s3: selftest: Add new SMB1-only wildcard rename regression test.
samba3.smbtorture_s3.crypt_client.SMB1-WILD-MANGLE-RENAME(nt4_dc_smb1)
samba3.smbtorture_s3.plain.SMB1-WILD-MANGLE-RENAME(fileserver_smb1)
knownfail for now.
The recent wildcard changes broke something that used to work.
Consider a directory with 2 files:
dir/
foo
fo*
The 'fo*' file has a mangled name of FSHCRD~2.
SMB1rename("dir/FSHCRD~2", "dir/ba*") will rename *both* files
as the new 'rename has wildcard' check is done after
the name unmangle.
SMB2 doesn't allow wildcard renames so doesn't have this problem.
Fix to follow.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
e4fd7bc7 by Jeremy Allison at 2020-10-08T15:07:30+00:00
s3: smbd: SMB1 reply_copy. Check untouched last component for wildcards in src and dst.
Not doing a test for this as wildcard SMB1copy() is evil and
should be removed. It's the same fix I'm doing for unlink
and rename, so this shouldn't be an issue.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
4ba14283 by Jeremy Allison at 2020-10-08T15:07:30+00:00
s3: smbd: Pure reformatting of unlink_internals() to make it obvious when I add a parameter.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
90bce2c0 by Jeremy Allison at 2020-10-08T15:07:30+00:00
s3: smbd: Fix SMB1 reply_unlink() to handle wildcards.
Add a 'bool have_wcard' to unlink_internals().
Move the wildcard detection out of unlink_internals() as it
was looking at the wrong thing.
This is now correctly set only from the unmangled last component
of the path sent to reply_unlink().
We now pass:
Samba3.smbtorture_s3.crypt_client.SMB1-WILD-MANGLE-UNLINK(nt4_dc_smb1)
samba3.smbtorture_s3.plain.SMB1-WILD-MANGLE-UNLINK(fileserver_smb1)
so remove the knownfail.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
f75e633f by Jeremy Allison at 2020-10-08T15:07:30+00:00
s3: smbd: Add a 'const char *src_orginal_lcomp' (last component) parameter to rename_internals().
Not yet used. Passing as NULL means explicitly no wildcards
in the source name. There's only one place where we have to handle
wildcards here and that is from SMB1 reply_mv().
Could have used a bool here as in unlink_internals() but
using a string here makes the parameters more symmetrical
around src and destination values.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
f696d29f by Jeremy Allison at 2020-10-08T16:29:27+00:00
s3: smbd: Fix SMB1 reply_mv() to handle wildcards.
Pass in the original source last component to rename_internals()
from reply_mv().
Change the wildcard detection in rename_internals() to
look at the correct thing for the source path.
This is now correctly set only from the unmangled last component
of the source path sent to reply_mv().
We now pass:
Samba3.smbtorture_s3.crypt_client.SMB1-WILD-MANGLE-RENAME(nt4_dc_smb1)
samba3.smbtorture_s3.plain.SMB1-WILD-MANGLE-RENAME(fileserver_smb1)
so remove the knownfail.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Thu Oct 8 16:29:27 UTC 2020 on sn-devel-184
- - - - -
8fbda54e by Björn Jacke at 2020-10-08T17:52:46+00:00
nt_printing_ads: support more attributes for AD published printers
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9578
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Oct 8 17:52:46 UTC 2020 on sn-devel-184
- - - - -
c75e8ff4 by Andreas Schneider at 2020-10-09T19:16:45+00:00
selftest: Rename 'smb encrypt' to 'server smb encrypt'
This makes it more clear what we want. 'smb encrypt' is a synonym for
'server smb encrypt'.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1b67943f by Andreas Schneider at 2020-10-09T19:16:45+00:00
selftest: Move enc_desired to provision to have it in 'fileserver' too
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e7577ab6 by Andreas Schneider at 2020-10-09T19:16:45+00:00
s3:tests: Add smbclient tests for 'client smb encrypt'
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1189b20c by Andreas Schneider at 2020-10-09T19:16:45+00:00
s3:client: Remove global smb_encrypt
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a9fbc8da by Andreas Schneider at 2020-10-09T19:16:45+00:00
s3:libsmb: Remove force_encrypt from cli_cm_open()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d27e237c by Andreas Schneider at 2020-10-09T19:16:45+00:00
s3:libsmb: Remove force_encrypt from cli_cm_connect()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
615a9a68 by Andreas Schneider at 2020-10-09T19:16:45+00:00
s3:libsmb: Remove force_encrypt from clidfs do_connect()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
4ddec1ca by Andreas Schneider at 2020-10-09T19:16:45+00:00
s3:libsmb: Remove force_encrypt from cli_check_msdfs_proxy()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
276563de by Andreas Schneider at 2020-10-09T19:16:45+00:00
s3:libsmb: Pass cli_credentials to clidfs do_connect()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c8349111 by Andreas Schneider at 2020-10-09T19:16:45+00:00
s3:libsmb: Pass cli_credentials to cli_cm_connect()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
df1623ab by Andreas Schneider at 2020-10-09T19:16:46+00:00
s3:libsmb: Pass cli_credentials to cli_cm_open()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
5245ab3c by Andreas Schneider at 2020-10-09T19:16:46+00:00
s3:libsmb: Pass cli_credentials to cli_resolve_path(), using helper variables.
Signed-off-by: Andreas Schneider <asn at samba.org>
Signed-off-by: Jeremy Allison <jra at samba.org>
- - - - -
d07f2864 by Andreas Schneider at 2020-10-09T19:16:46+00:00
s3:client: Remove global max_protocol
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
4aac9daf by Andreas Schneider at 2020-10-09T19:16:46+00:00
s3:libsmb: Remove max_protocol from cli_cm_open()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
21595826 by Andreas Schneider at 2020-10-09T19:16:46+00:00
s3:libcmb: Remove max_protocol from cli_cm_connect()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
50b59b4c by Andreas Schneider at 2020-10-09T19:16:46+00:00
s3:libsmb: Remove max_protocol from clidfs do_connect()
The if check for max_protocol == 0 is part of lp_client_max_protocol().
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d4d8218b by Andreas Schneider at 2020-10-09T19:16:46+00:00
s3:include: Move loadparm prototypes to own header file
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
925cc9aa by Andreas Schneider at 2020-10-09T20:36:12+00:00
s3:lib: Move interface prototypes to own header file
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Oct 9 20:36:13 UTC 2020 on sn-devel-184
- - - - -
74fbe0b9 by Anoop C S at 2020-10-14T10:08:24+00:00
vfs_shadow_copy2: Avoid closing snapsdir twice
As per man page for closedir(3):
. . .
The closedir() function closes the directory stream associated with
dirp. A successful call to closedir() also closes the underlying file
descriptor associated with dirp.
. . .
Therefore we don't have to attempt an additional close of file
descriptor after closedir().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14530
Signed-off-by: Jeremy Allison <jra at samba.org>
Signed-off-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Wed Oct 14 10:08:24 UTC 2020 on sn-devel-184
- - - - -
b78ff571 by Jones Syue at 2020-10-14T11:07:36+00:00
interface: fix if_index is not parsed correctly
Replace probed_ifaces[i] with ifs.
In SDC 2020 SMB3 Virtual IO Lab,
run Windows Protocol Test Suite to test FileServer multichannel test cases.
Samba server has 2 virtual interfaces for VPN connection:
> name=tun2001, ip/mask=192.168.144.9/22
> name=tun2002, ip/mask=192.168.144.10/22
test suite client can ping these 2 ip addresses and browse shares.
Then client try to use IOCTL FSCTL_QUERY_NETWORK_INTERFACE_INFO to get the
virtual ip addresses of samba server, but samba server responded it
without the virtual ip addresses. My VPN setup is point-to-point and the
virtual interfaces 'tun2001' & 'tun2002' are without flag IFF_BROADCAST.
So edit smb.conf and add
"interfaces = ${virtual_ip}/${mask_length};if_index=${id}", like this:
> interfaces = eth4 eth8 eth11 eth10 qvs0 "192.168.144.9/22;if_index=50" "192.168.144.10/22;if_index=51"
then samba server IOCTL response could return the virtual ip addresses,
but found a issue:
the interface index of virtual ip addresses is always 4294967295
(0xFFFFFFFF, -1).
Quote Metze: https://gitlab.com/samba-team/devel/samba/-/commit/6cadb55d975a6348a417caed8b3258f5be2acba4#note_419181789
This looks good, I think that also explains
the possible memory corruption/crash I mentioned in the bug report.
As 'i' is most likely the same as 'total_probed' and
probed_ifaces[i] is not valid, so we overwrite unrelated memory.
Later I see 'realloc(): invalid pointer' and this backtrace:
BACKTRACE:
#0 log_stack_trace + 0x29 [ip=0x7f2f1b6fffa9] [sp=0x7ffcd0ab53e0]
#1 smb_panic + 0x11 [ip=0x7f2f1b700301] [sp=0x7ffcd0ab5d10]
#2 sig_fault + 0x54 [ip=0x7f2f1b7004f4] [sp=0x7ffcd0ab5e20]
#3 funlockfile + 0x50 [ip=0x7f2f17ce6dd0] [sp=0x7ffcd0ab5ec0]
#4 gsignal + 0x10f [ip=0x7f2f1794970f] [sp=0x7ffcd0ab6b90]
#5 abort + 0x127 [ip=0x7f2f17933b25] [sp=0x7ffcd0ab6cb0]
#6 __libc_message + 0x297 [ip=0x7f2f1798c897] [sp=0x7ffcd0ab6de0]
#7 malloc_printerr + 0x1c [ip=0x7f2f17992fdc] [sp=0x7ffcd0ab6ef0]
#8 realloc + 0x23a [ip=0x7f2f17997f6a] [sp=0x7ffcd0ab6f00]
#9 _talloc_realloc + 0xee [ip=0x7f2f1a365d2e] [sp=0x7ffcd0ab6f50]
#10 messaging_filtered_read_send + 0x18c [ip=0x7f2f1a10f54c] [sp=0x7ffcd0ab6fb0]
#11 messaging_read_send + 0x55 [ip=0x7f2f1a10f705] [sp=0x7ffcd0ab7000]
#12 smb2srv_session_table_init + 0x83 [ip=0x7f2f1b3a6cd3] [sp=0x7ffcd0ab7040]
#13 smbXsrv_connection_init_tables + 0x2d [ip=0x7f2f1b373f4d] [sp=0x7ffcd0ab7060]
#14 smbd_smb2_request_process_negprot + 0x827 [ip=0x7f2f1b38cb47] [sp=0x7ffcd0ab7080]
#15 smbd_smb2_request_dispatch + 0x19db [ip=0x7f2f1b38921b] [sp=0x7ffcd0ab71d0]
#16 smbd_smb2_process_negprot + 0x298 [ip=0x7f2f1b38bb38] [sp=0x7ffcd0ab7260]
#17 process_smb + 0x2ca [ip=0x7f2f1b37537a] [sp=0x7ffcd0ab72b0]
#18 smbd_server_connection_read_handler + 0xd0 [ip=0x7f2f1b376420] [sp=0x7ffcd0ab7350]
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14514
Signed-off-by: Jones Syue <jonessyue at qnap.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
55dad704 by David Disseldorp at 2020-10-14T11:07:36+00:00
smb2_ioctl_network_fs: fix minor leak in error path
The struct fsctl_net_iface_info array needs to be cleaned up.
Signed-off-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
0253ba15 by David Disseldorp at 2020-10-14T11:07:36+00:00
s3:smbd: rename has_ctdb_public_ip to has_cluster_movable_ip
This provides a little more detail to what's actually being tracked
with this boolean.
Signed-off-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
6b9564c1 by David Disseldorp at 2020-10-14T12:29:55+00:00
s3:ctdbd_conn: simplify get_public_ips() / find_in_public_ips() API
These calls are used to check whether an IP address is static to the
host, or whether it could be migrated by ctdb.
Combine the calls into a simple ctdbd_public_ip_foreach(cb) function,
which avoids the need to expose struct ctdb_public_ip_list_old.
Signed-off-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Wed Oct 14 12:29:56 UTC 2020 on sn-devel-184
- - - - -
f763b1e4 by Ralph Boehme at 2020-10-15T19:07:40+00:00
vfs_zfsacl: use handle based facl() call to query ZFS filesytem ACL
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14470
Pair-Programmed-With: Andrew Walker <awalker at ixsystems.com>
Signed-off-by: Ralph Boehme <slow at samba.org>
Signed-off-by: Andrew Walker <awalker at ixsystems.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c10ae30c by Andrew Walker at 2020-10-15T19:07:40+00:00
vfs_zfsacl: Add new parameter to stop automatic addition of special entries
Prevent ZFS from automatically adding NFSv4 special entries (owner@, group@,
everyone@). ZFS will automatically add these these entries when calculating the
inherited ACL of new files if the ACL of the parent directory lacks an
inheriting special entry. This may result in user confusion and unexpected
change in permissions of files and directories as the inherited ACL is
generated. Blocking this behavior is achieved by setting an inheriting
everyone@ that grants no permissions and not adding the entry to the file's
Security Descriptor.
This change also updates behavior so that the fd-based syscall facl() is
used where possible.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14470
Signed-off-by: Andrew Walker <awalker at ixsystems.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a182f2e6 by Ralph Boehme at 2020-10-15T19:07:40+00:00
vfs_zfsacl: README.Coding fix
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14471
Pair-Programmed-With: Andrew Walker <awalker at ixsystems.com>
Signed-off-by: Ralph Boehme <slow at samba.org>
Signed-off-by: Andrew Walker <awalker at ixsystems.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
13b4f913 by Ralph Boehme at 2020-10-15T19:07:40+00:00
vfs_zfsacl: use a helper variable in zfs_get_nt_acl_common()
No change in behaviour.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14471
Pair-Programmed-With: Andrew Walker <awalker at ixsystems.com>
Signed-off-by: Ralph Boehme <slow at samba.org>
Signed-off-by: Andrew Walker <awalker at ixsystems.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c1a37b4f by Andrew Walker at 2020-10-15T19:07:40+00:00
vfs_zfsacl: only grant DELETE_CHILD if ACL tag is special
When ZFS aclmode is set to "passthrough" chmod(2)/fchmod(2) will result
in special entries being modified in a way such that delete, delete_child,
write_named_attr, write_attribute are stripped from the returned ACL entry,
and the kernel / ZFS treats this as having rights equivalent to the desired
POSIX mode. Historically, samba has added delete_child to the NFSv4 ACL, but
this is only really called for in the case of special entries in this
particular circumstance.
Alter circumstances in which delete_child is granted so that it only
is added to special entries. This preserves the intend post-chmod behavior,
but avoids unnecessarily increasing permissions in cases where it's not
intended. Further modification of this behavior may be required so that
we grant a general read or general write permissions set in case of
POSIX read / POSIX write on special entries.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14471
Signed-off-by: Andrew Walker <awalker at ixsystems.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
2b8b0139 by Andrew Walker at 2020-10-15T20:27:34+00:00
vfs_zfsacl: add zfs configuration guidance to manpage
Provide minimal background information on recommended ZFS settings
for a samba share.
Signed-off-by: Andrew Walker <awalker at ixsystems.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Oct 15 20:27:34 UTC 2020 on sn-devel-184
- - - - -
e721dfc8 by Douglas Bagnall at 2020-10-16T04:45:39+00:00
fuzz: add fuzz_dcerpc_parse_binding
We parse a binding and do a few tricks with it, including turning it
into a tower and back.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2541f67c by Douglas Bagnall at 2020-10-16T04:45:40+00:00
fuzz: add fuzz_cli_credentials_parse_string
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2889baee by Björn Jacke at 2020-10-16T04:45:40+00:00
talloc: also use portable __has_attribute macro to check for "deprecated" attribute
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14526
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
de748864 by Björn Jacke at 2020-10-16T04:45:40+00:00
replace: also use portable __has_attribute macro to check for "deprecated" attribute
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14526
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c56c5c17 by Björn Jacke at 2020-10-16T04:45:40+00:00
tevent: also use portable __has_attribute macro to check for "deprecated" attribute
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14526
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b9b6abf1 by Gary Lockyer at 2020-10-16T04:45:40+00:00
CVE-2020-1472(ZeroLogon): rpc_server/netlogon: Fix confounder check
Add check for zero length confounder, to allow setting of passwords 512
bytes long. This does not need to be backported, as it is extremely
unlikely that anyone is using 512 byte passwords.
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6f59a5fd by Gary Lockyer at 2020-10-16T04:45:40+00:00
CVE-2020-1472(ZeroLogon): Add zerologon test suite
Add a ZeroLogon test suite, to allow the ZeroLogon tests to be run against
the s3 and s4 netlogon servers.
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
07c31634 by Gary Lockyer at 2020-10-16T04:45:40+00:00
CVE-2020-1472(ZeroLogon): torture: Move existing tests
Move the existing ZeroLogon tests into the ZeroLogon testsuite.
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f47e3734 by Gary Lockyer at 2020-10-16T04:45:40+00:00
CVE-2020-1472(ZeroLogon): torture: ServerSetPassword2 all zero enc req
Check that a request that encrypts to all zeros, is rejected if the length
encrypts to itself.
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e790f9d2 by Gary Lockyer at 2020-10-16T04:45:40+00:00
CVE-2020-1472(ZeroLogon): torture: ServerSetPassword2 all zero password
Check that a password buffer containing all zeros is rejected.
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b2f4a556 by Gary Lockyer at 2020-10-16T04:45:40+00:00
CVE-2020-1472(ZeroLogon): torture: ServerSetPassword2 confounder
Test that a confounder that encrypts to itself is rejected
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
56297c70 by Gary Lockyer at 2020-10-16T04:45:40+00:00
CVE-2020-1472(ZeroLogon): torture: ServerSetPassword2 all zero password
Check that an all zero password is rejected, Note this test user ARC4
encryption so that it passes the self encryption test.
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
61f216dc by Gary Lockyer at 2020-10-16T04:45:40+00:00
CVE-2020-1472(ZeroLogon): torture: ServerSetPassword2 max len password
Ensure that a maximum length password (512) is still accepted
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6bf1b988 by Gary Lockyer at 2020-10-16T06:09:05+00:00
CVE-2020-1472(ZeroLogon): torture: ServerSetPassword2 zero password
Ensure that a password of all zeros shorter than the maximum length is
rejected.
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Fri Oct 16 06:09:06 UTC 2020 on sn-devel-184
- - - - -
4c5a0cab by Volker Lendecke at 2020-10-16T17:10:34+00:00
test: Use the smb2-based deny2 test in clusteredmember_smb1
There is no reason to use the SMB1-based ntdeny2 test. It was just
an arbitrary test that depends on clustering to work.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
c7a3e550 by Volker Lendecke at 2020-10-16T17:10:34+00:00
test: Lift clusteredmember_smb1 to use smb2
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
570c425d by Volker Lendecke at 2020-10-16T18:30:18+00:00
test: Get the clusteredmember environment out of its smb1 corner
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Fri Oct 16 18:30:18 UTC 2020 on sn-devel-184
- - - - -
9b6e2393 by Björn Jacke at 2020-10-17T09:22:31+00:00
spoolss.idl: add some missing PROCESSOR_ARCHITECTURE defines
information from wine's winnt.h and MSDN
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
92123572 by Björn Jacke at 2020-10-17T09:22:31+00:00
spoolss.idl: add some missing processor defines
information from wine's winnt.h
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ca1a3014 by Björn Jacke at 2020-10-17T09:22:31+00:00
spoolss.idl: add spoolss architecture defines, that we require
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
62c514c2 by Björn Jacke at 2020-10-17T09:22:31+00:00
printing: move archi_table declarations into nt_printing.h
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
38391ccc by Björn Jacke at 2020-10-17T09:22:31+00:00
printing/spoolss: add ARM64 support
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
40a4dd28 by Björn Jacke at 2020-10-17T10:46:12+00:00
spoolss.idl: remove obviously bogous PROCESSOR_ARM 0 define
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Sat Oct 17 10:46:12 UTC 2020 on sn-devel-184
- - - - -
67c437bf by Andreas Schneider at 2020-10-19T21:14:21+00:00
s3:tests: Improve test_force_close_share test
This fixes the test with fast disks where 20MB transfers are done in
less than a second.
This also cleans up the code to have less sleeping time!
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon Oct 19 21:14:21 UTC 2020 on sn-devel-184
- - - - -
930695b0 by Douglas Bagnall at 2020-10-20T02:26:40+00:00
fuzz_dcerpc_parse_binding: don't leak
Also, by not tallocing at all in the too-long case, we can short
circuit quicker.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Oct 20 02:26:40 UTC 2020 on sn-devel-184
- - - - -
a6ff80cd by Martin Schwenke at 2020-10-20T07:22:08+00:00
s3:ctdbd_conn: Fix the build on FreeBSD
Commit 6b9564c1084d8dc7319857fac984808571ef0eb9 broke the build on
FreeBSD:
[2321/3909] Compiling source3/smbd/process.c
../../source3/smbd/process.c:2797:10: error: use of undeclared identifier 'EREMOTEIO'
return EREMOTEIO;
^
../../source3/smbd/process.c:2833:14: error: use of undeclared identifier 'EREMOTEIO'
if (ret == EREMOTEIO) {
^
2 errors generated.
Use one of the POSIX error codes instead.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: David Disseldorp <ddiss at samba.org>
Autobuild-User(master): Martin Schwenke <martins at samba.org>
Autobuild-Date(master): Tue Oct 20 07:22:08 UTC 2020 on sn-devel-184
- - - - -
e32846f0 by Alexander Bokovoy at 2020-10-20T08:50:13+00:00
smb.conf.5: add clarification how configuration changes reflected by Samba
Users of Linux distributions know to read smb.conf(5) manual page but
apparently not many of them read smbd(8) and winbindd(8) to understand
how changes to smb.conf file are reflected in the running processes.
Add a small section that makes it clear where to find relevant
information. Also correct the information in smbd, nmbd, and winbindd
manual pages.
The interval at which smbd does check for smb.conf changes was increased
from 60 seconds to 180 seconds in 1999 with commit 3db52feb1f3b.
Signed-off-by: Alexander Bokovoy <ab at samba.org>
Reviewed-by: Isaac Boukris <iboukris at samba.org>
Autobuild-User(master): Alexander Bokovoy <ab at samba.org>
Autobuild-Date(master): Tue Oct 20 08:50:13 UTC 2020 on sn-devel-184
- - - - -
c15c40e0 by Bradley M. Kuhn at 2020-10-20T18:10:50+00:00
Update Samba's DCO license in compliance with CC-BY-SA 4.0
The text of "Samba's Developer Certificate of Origin" is copyrighted
and licensed CC-BY-SA. Add notice for compliance with CC-BY-SA 4.0.
Signed-off-by: Bradley M. Kuhn <bkuhn at sfconservancy.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Simo Sorce <idra at samba.org>
Reviewed-by: Ralph Böhme <slow at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Oct 20 18:10:50 UTC 2020 on sn-devel-184
- - - - -
5fa89897 by Bradley M. Kuhn at 2020-10-20T22:54:01+00:00
Rename Samba's DCO to Samba Developer's Declaration
In an effort to reduce any confusion about the differences
between the Samba DCO and the Linux DCO, and as a favor to the
Linux community, rename the Samba DCO to the Samba Developer's
Declaration.
Signed-off-by: Bradley M. Kuhn <bkuhn at sfconservancy.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Simo Sorce <idra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Oct 20 22:54:01 UTC 2020 on sn-devel-184
- - - - -
e246976b by Denis Karpelevich at 2020-10-21T01:17:05+00:00
s3:tests: Add tests for 'valid users'.
Extending testsuite for option 'valid/invalid users' from smb.conf.
Signed-off-by: Denis Karpelevich <dkarpele at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Oct 21 01:17:05 UTC 2020 on sn-devel-184
- - - - -
be51499f by Douglas Bagnall at 2020-10-21T02:28:38+00:00
fuzzing/README: link to wiki
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6d388da7 by Douglas Bagnall at 2020-10-21T02:28:38+00:00
fuzz/oss-fuzz/build-samba: note the calling site
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9dfeb81d by Douglas Bagnall at 2020-10-21T03:47:35+00:00
fuzz/oss-fuzz/build_samba: fetch fuzz seeds
There is a git repository at
https://gitlab.com/samba-team/samba-fuzz-seeds that contains the
seeds. When the master branch of that repository is updated, a CI job
runs that creates a zip file of all the seeds as an artifact. That zip
file is downloaded and unpacked by oss_fuzz/build_samba. The contents
of that zip are further zips that contain the seeds for each fuzzing
binary; these are placed next to the binaries in the manner that
oss-fuzz expects.
That is, beside 'fuzz_foo', we put 'fuzz_foo_seed_corpus.zip' which
contains a pile of fuzz_foo seeds.
There may be times when a new fuzz target does not have a seed corpus,
and times when a removed fuzz target leaves behind a seed corpus.
This is OK, so we don't insist on an exact match between the target
names and the zip names, only that there is some overlap.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed Oct 21 03:47:35 UTC 2020 on sn-devel-184
- - - - -
6aa396b0 by Amitay Isaacs at 2020-10-21T05:52:28+00:00
ctdb-common: Avoid aliasing errors during code optimization
When compiling with GCC 10.x and -O3 optimization, the IP checksum
calculation code generates wrong checksum. The function uint16_checksum
gets inlined during optimization and ip4pkt->tcp data gets wrongly
aliased.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14537
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
Autobuild-User(master): Martin Schwenke <martins at samba.org>
Autobuild-Date(master): Wed Oct 21 05:52:28 UTC 2020 on sn-devel-184
- - - - -
80347deb by Stefan Metzmacher at 2020-10-21T07:25:37+00:00
python/tests: add DynamicTestCase setUpDynamicTestCases() infrastructure
This can be used in order to run a sepcific test (coded just once)
with an autogenerated set of arguments.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14531
Pair-Programmed-With: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
06d13440 by Stefan Metzmacher at 2020-10-21T07:25:37+00:00
s4:dsdb:tests: add AclVisibiltyTests
This tests a sorts of combinations in order to
demonstrate the visibility of objects depending on:
- with or without fDoListObject
- with or without explicit DENY ACEs
- A hierachy of objects with 4 levels from the base dn
- SEC_ADS_LIST (List Children)
- SEC_ADS_LIST_LIST_OBJECT (List Object)
- SEC_ADS_READ_PROP
- all possible scopes and basedns
This demonstrates that NO_SUCH_OBJECT doesn't depend purely
on the visibility of the base dn, it's still possible to
get children returned und an invisible base dn.
It also demonstrates the additional behavior with "List Object" mode.
See [MS-ADTS] 5.1.3.3.6 Checking Object Visibility
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14531
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
d2dd7c2a by Stefan Metzmacher at 2020-10-21T07:25:37+00:00
s4:dsdb:acl_read: introduce aclread_check_object_visible() helper
In future this will do more than aclread_check_parent(),
if we implement fDoListObject and SEC_ADS_LIST_OBJECT handling.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14531
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
c4a3028d by Stefan Metzmacher at 2020-10-21T07:25:37+00:00
s4:dsdb:acl_read: fully set up 'struct aclread_context' before the search base acl check
This makes further change much easier.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14531
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
faff8e6c by Stefan Metzmacher at 2020-10-21T07:25:37+00:00
s4:dsdb:acl_read: make use of aclread_check_object_visible() for the search base
We should only have one place to do access checks.
Use 'git show -w' to see the minimal diff.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14531
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
e1529bed by Stefan Metzmacher at 2020-10-21T07:25:37+00:00
s4:dsdb:acl_read: defer LDB_ERR_NO_SUCH_OBJECT
We may need to return child objects even if the base dn
is invisible.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14531
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
ffc0bdc6 by Stefan Metzmacher at 2020-10-21T07:25:37+00:00
s4:dsdb:util: add dsdb_do_list_object() helper
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14531
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
7223f645 by Stefan Metzmacher at 2020-10-21T08:48:01+00:00
s4:dsdb:acl_read: Implement "List Object" mode feature
See [MS-ADTS] 5.1.3.3.6 Checking Object Visibility
I tried to avoid any possible overhead for the common cases:
- SEC_ADS_LIST (List Children) is already granted by default
- fDoListObject is off by default
Overhead is only added if the administrator turned on
the fDoListObject feature and removed SEC_ADS_LIST (List Children)
from a parent object.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14531
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Wed Oct 21 08:48:02 UTC 2020 on sn-devel-184
- - - - -
ac20617c by Volker Lendecke at 2020-10-21T19:04:38+00:00
smbd: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
b64949d5 by Volker Lendecke at 2020-10-21T19:04:38+00:00
libsmb: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
051967d9 by Volker Lendecke at 2020-10-21T19:04:38+00:00
smbd: Remove an unused anonymous struct definition
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c71d52b9 by Volker Lendecke at 2020-10-21T19:04:38+00:00
notifyd: Modernize DBG statements
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ad7e2cf6 by Volker Lendecke at 2020-10-21T19:04:38+00:00
smbd: Modernize DBG statements in notify_msg.c
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
2ae42beb by Volker Lendecke at 2020-10-21T19:04:38+00:00
libcli: Align integer types
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f11ef354 by Volker Lendecke at 2020-10-21T19:04:38+00:00
smbcacls: Use ISDOT[DOT] instead of strequal
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1cca034c by Volker Lendecke at 2020-10-21T19:04:38+00:00
smbcacls: Use direct struct initialization
Use implicit NULL/false initialization
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
8a61f0eb by Volker Lendecke at 2020-10-21T19:04:38+00:00
libsmb: Use "struct" in self-references
Don't go via the typedefs for next and prev pointers
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
41c78d18 by Volker Lendecke at 2020-10-21T19:04:38+00:00
libsmb: Use ZERO_STRUCTP
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
7ce22e2f by Volker Lendecke at 2020-10-21T19:04:39+00:00
libsmb: Use a direct struct initialization to avoid a memset
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
4ad0e4d2 by Volker Lendecke at 2020-10-21T19:04:39+00:00
libsmb: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f05020df by Volker Lendecke at 2020-10-21T19:04:39+00:00
includes: nt_printing.h does not need client.h
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d93e0f09 by Volker Lendecke at 2020-10-21T19:04:39+00:00
libsmb: Factor out cli_conn_have_dfs() from cli_resolve_path()
This also does the checks from cli_dfs_check_error(), which can be
removed in the next step.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d845e90e by Volker Lendecke at 2020-10-21T19:04:39+00:00
libsmb: Simplify cli_resolve_path()
The additional conditions in cli_dfs_check_error() were covered
earlier in cli_resolve_path() via cli_conn_have_dfs(). Without those
it's more obvious to directly call NT_STATUS_EQUAL here.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a01dfc29 by Volker Lendecke at 2020-10-21T20:27:57+00:00
lib: Add tevent_req_received() to messaging_filtered_read_recv()
Early talloc_free() for the msg_rec if it's not picked up
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Oct 21 20:27:57 UTC 2020 on sn-devel-184
- - - - -
d031391b by Andrew Bartlett at 2020-10-21T23:07:37+00:00
fuzzing: Fix the oss-fuzz coverage build
It was long thought that the issue here was that no seed corpus was
provided, but actually the issue is that to obtain coverage output
just as we already know for gcc gcov, you must provide fuzzing flags
to both the compile and link phase.
Thankfully clang as a linker does not mind the strange non-linker options
from $COVERAGE_FLAGS.
REF: https://stackoverflow.com/questions/56112019/clang-does-not-generate-profraw-file-when-linking-manually
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19495#c48
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed Oct 21 23:07:37 UTC 2020 on sn-devel-184
- - - - -
3b2a9083 by Andrew Walker at 2020-10-21T23:08:43+00:00
lib:util:loadparm - fix leak in lpcfg_dump_a_parameter
This function calls talloc_strdup() for the parm_name passed into
it so that we can check whether it's a parametric entry. It's
allocated under the loadparm context passed into the function.
Primary consumer of this is "testparm" and so context short-lived in
typical use-case, but this is also exposed via pyparam and so the
loadparm context may be somewhat longer-lived depending on how it is
being used.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14544
Signed-off-by: Andrew Walker <awalker at ixsystems.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
- - - - -
7b52c2db by Andrew Walker at 2020-10-22T00:30:38+00:00
s3:param:service - ensure registry shares loaded before home check
Registry shares should be loaded and checked prior to checking home
directories. This ensures that an explicitly defined service takes
priority over home directories (same behavior as non-registry shares).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14543
Signed-off-by: Andrew Walker <awalker at ixsystems.com>
Reviewed-by: Jeremy Alison <jra at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Oct 22 00:30:38 UTC 2020 on sn-devel-184
- - - - -
04872508 by Andrew Bartlett at 2020-10-22T12:47:37+00:00
fuzzing: Improve robustness and documentation of the ldd-base library copy
This tries to make progress towards understanding why we sometime see errors like
Step #6: Error occured while running fuzz_reg_parse:
Step #6: /workspace/out/coverage/fuzz_reg_parse: error while loading shared libraries: libavahi-common.so.3: cannot open shared object file: No such file or directory
in the previously failing coverage builds.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
c03a2650 by Andrew Bartlett at 2020-10-22T14:10:04+00:00
oss-fuzz: standardise on RPATH for the static-ish binaries
This includes a revert of commit e60df214998afc145ca482cab184691b3ddc3bb2..
We strictly require RPATH, not the modern RUNPATH for the behaviour
we need in oss-fuzz, which is that not just the first line of dependencies
but the full set of libraries used by the program are looked for in the
'$ORIGIN/lib' directory.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall at samba.org>
Autobuild-Date(master): Thu Oct 22 14:10:04 UTC 2020 on sn-devel-184
- - - - -
1262b13f by Jeremy Allison at 2020-10-22T15:34:54+00:00
Add VFS-License-clarification.txt as discussed on the Team list.
Update WHATSNEW.txt with a copy for the next release.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Thu Oct 22 15:34:54 UTC 2020 on sn-devel-184
- - - - -
4cd195aa by Amitay Isaacs at 2020-10-22T16:05:30+00:00
libndr: Avoid assigning duplicate versions to symbols
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14541
Symbols _ndr_push_error and _ndr_pull_error keep getting redefined as
they are included without wildcard in abi_match. Apparently on linux ld
does not complain about duplicate symbols, but on freebsd ld fails to
link with following error:
[ 918/3912] Linking bin/default/librpc/libndr.so
ld: error: duplicate symbol '_ndr_pull_error' in version script
ld: error: duplicate symbol '_ndr_push_error' in version script
clang: error: linker command failed with exit code 1 (use -v to see invocation)
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
76db7961 by Andreas Schneider at 2020-10-22T16:05:30+00:00
python: Create targetdir recursively
This fixes `make test` in a release tarball.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14542
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
3770f28c by Andreas Schneider at 2020-10-22T16:05:30+00:00
testprogs: Add remove_directory to common test functions
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14542
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
e58ccdaa by Andreas Schneider at 2020-10-22T16:05:30+00:00
testprogs: Fix and improve demote-saveddb test
This fixes running `make test` in a release tarball!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14542
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
e4194355 by Andreas Schneider at 2020-10-22T16:05:30+00:00
testprogs: Fix and improve tombstones-expunge test
This fixes running `make test` in a release tarball!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14542
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
a9765084 by Andreas Schneider at 2020-10-22T16:05:30+00:00
testprogs: Fix and improve runtime-links test
This fixes running `make test` in a release tarball!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14542
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
d8fe4315 by Andreas Schneider at 2020-10-22T16:05:30+00:00
testprogs: Fix and improve dbcheck-links test
This fixes running `make test` in a release tarball!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14542
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
28720d66 by Andreas Schneider at 2020-10-22T16:05:31+00:00
testprogs: Fix and improve functionalprep test
This fixes running `make test` in a release tarball!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14542
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
32305d60 by Andreas Schneider at 2020-10-22T16:05:31+00:00
testprogs: Fix and improve dbcheck-oldrelease test
This fixes running `make test` in a release tarball!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14542
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
1432d225 by Andreas Schneider at 2020-10-22T17:28:39+00:00
testprogs: Fix and improve upgradeprovision-oldrelease test
This fixes running `make test` in a release tarball!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14542
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Thu Oct 22 17:28:39 UTC 2020 on sn-devel-184
- - - - -
b5f80734 by Andrew Bartlett at 2020-10-22T23:08:31+00:00
oss-fuzz: update comment to reference RPATH for the static-ish binaries
We strictly require RPATH, so fix the comment to avoid mentioning
the modern RUNPATH which is almost but not entirely similar.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
a57702db by Andrew Bartlett at 2020-10-22T23:08:31+00:00
oss-fuzz: Always run the check, even on the oss-fuzz platform
It is much harder to determine why we get messages like
Step #6: Error occured while running fuzz_reg_parse:
Step #6: /workspace/out/coverage/fuzz_reg_parse: error while loading shared libraries: libavahi-common.so.3: cannot open shared object file: No such file or directory
instead this detects the failure to use RPATH (which is
strictly required instead of the modern RUNPATH)
otherwise.
We do this by creating a new build_samba.sh after renaming
build_samba.sh to do_build.sh because this is what oss-fuzz
runs, meaning we don't need to coordinate a MR there as well.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
8f66ce0a by Andrew Bartlett at 2020-10-23T00:33:57+00:00
oss-fuzz: Add very verbose explaination for RPATH vs RUNPATH
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall at samba.org>
Autobuild-Date(master): Fri Oct 23 00:33:57 UTC 2020 on sn-devel-184
- - - - -
895c729c by David Mulder at 2020-10-23T03:25:34+00:00
py3: Add is_ad_dc_built option to python glue
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
48c9b699 by Andrew Bartlett at 2020-10-23T03:25:35+00:00
.gitlab-ci.yml: Run the coverity submission job in parallel with the builds
This avoids a flapping test elsewhere delying the submission of the code to coverity
for checking.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
09479bf0 by Andrew Bartlett at 2020-10-23T03:25:35+00:00
.gitlab-ci.yml: Ensure we compile before we start the main parallel testing
This build can be as fast as 10mins if the ccache matches and there
are few tests. Therefore put it first as a sentinal.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
302098c3 by Douglas Bagnall at 2020-10-23T03:25:35+00:00
rpc: avoid undefined behaviour when parsing bindings
If the binding string ends with "[", we were setting options to an
empty string, then asking for 'options[strlen(options)-1]', which
UBSan dosn't like because the offset evaluates to (size_t)0xFFFFF...
causing pointer overflow.
I believe this is actually well defined in practice, but we don't want
to be in the habit of leaving sanitiser warnings in code parsing
untrusted strings.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1576421d by Stefan Metzmacher at 2020-10-23T03:25:35+00:00
winbind.idl: rename wbint_TransID.type to wbint_TransID.type_hint
This makes it clear that it's a hint from the parent to the
child.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
- - - - -
58e9b622 by Stefan Metzmacher at 2020-10-23T03:25:35+00:00
s3:passdb: use ID_TYPE_* instead of WBC_ID_TYPE_*
Currently these enums have the same values, but that will
change in future.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
- - - - -
f5eec890 by Stefan Metzmacher at 2020-10-23T03:25:35+00:00
test_idmap_tdb_common: correctly initialize the idmap domain with an init function
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
- - - - -
95b0dac0 by Stefan Metzmacher at 2020-10-23T03:25:35+00:00
winbindd/idmap: apply const to struct idmap_methods pointers
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
- - - - -
7518a0ca by Stefan Metzmacher at 2020-10-23T03:25:35+00:00
winbindd/idmap: apply const to struct nss_info_methods pointers
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
- - - - -
7dbe5b48 by Stefan Metzmacher at 2020-10-23T03:25:35+00:00
wb_queryuser: avoid idmap_child() and use idmap_child_handle() instead
This is the only aspect we need here.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
- - - - -
5cc21a9d by Stefan Metzmacher at 2020-10-23T03:25:35+00:00
wb_xids2sids: avoid idmap_child() and use idmap_child_handle() instead
This is the only aspect we need here.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
- - - - -
1694de1a by Stefan Metzmacher at 2020-10-23T03:25:35+00:00
wb_sids2xids: avoid idmap_child() and use idmap_child_handle() instead
This is the only aspect we need here.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
- - - - -
21035436 by Stefan Metzmacher at 2020-10-23T03:25:35+00:00
winbindd: add and use idmap_child_pid()
We should avoid calling idmap_child() as much as possible.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
- - - - -
cd9a9702 by Stefan Metzmacher at 2020-10-23T03:25:35+00:00
winbindd: add and use is_idmap_child()
We should avoid calling idmap_child() as much as possible.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
- - - - -
209e81a2 by Stefan Metzmacher at 2020-10-23T03:25:36+00:00
winbindd: add generic wb_parent_idmap_setup_send/recv() helpers
This is more or less a copy of wb_xids2sids_init_dom_maps_send/recv,
but it's more generic and doesn't imply global state.
It also closes a initialization race by using a tevent_queue to
serialize the calls.
In the next commits we'll replace wb_xids2sids_init_dom_maps_send/recv.
We'll also use the new function in the wb_sids2xids code.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
- - - - -
a8f57c94 by Stefan Metzmacher at 2020-10-23T03:25:36+00:00
wb_xids2sids: make use of the new wb_parent_idmap_setup_send/recv() helpers
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
- - - - -
d42aaeba by Stefan Metzmacher at 2020-10-23T03:25:36+00:00
wb_sids2xids: call wb_parent_idmap_setup_send/recv as the first step
This isn't really used yet, but it will in the next commits.
Also idmap_child_handle() will soon assert that
wb_parent_idmap_setup_send/recv() was called before it's used.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
- - - - -
82fd0779 by Stefan Metzmacher at 2020-10-23T03:25:36+00:00
wb_queryuser: explain why wb_parent_idmap_setup_send/recv is not needed
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
- - - - -
b8c74b7b by Stefan Metzmacher at 2020-10-23T03:25:36+00:00
winbindd: assert wb_parent_idmap_setup_send/recv() was called before idmap_child_handle()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
- - - - -
28e020c0 by Stefan Metzmacher at 2020-10-23T03:25:36+00:00
winbindd: defer the setup_child() from init_idmap_child()
At startup we trigger a wb_parent_idmap_setup_send() and make
sure setup_child() is called just before wb_parent_idmap_setup_recv()
finished.
This makes sure our view of the idmap config in the parent matches
what we have in the child.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
- - - - -
79c1d3aa by Ralph Boehme at 2020-10-23T03:25:36+00:00
wb_sids2xids: split out wb_sids2xids_next_sids2unix()
Put the code that calls the per-domain idmap backend
in its own function.
This makes further reconstruction easier.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Ralph Boehme <slow at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
- - - - -
04956350 by Stefan Metzmacher at 2020-10-23T03:25:36+00:00
wb_sids2xids: maintain struct wbint_TransIDArray all_ids as cache
Entries with domain_index == UINT32_MAX are valid cache entries.
In the following commits we'll fill in missing entries step by step
until all entries are marked as filled.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
- - - - -
797b11f1 by Stefan Metzmacher at 2020-10-23T03:25:36+00:00
wb_sids2xids: rename 'non_cached' to 'lookup_sids'
This array is used to pass to wb_lookupsids_send()
and that will be the only reason to have this in future.
For now it's used for all non cached sids, but that will
also change in the next commits.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
- - - - -
231c8d04 by Stefan Metzmacher at 2020-10-23T03:25:36+00:00
wb_sids2xids: move more checks to wb_sids2xids_next_sids2unix()
For the first run this is a no-op, but it simplified the caller.
We'll call wb_sids2xids_next_sids2unix() in a few more places in future
and it's easier to have this all within wb_sids2xids_next_sids2unix()..
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
- - - - -
f6bb0ed2 by Stefan Metzmacher at 2020-10-23T03:25:36+00:00
wb_sids2xids: inline wb_sids2xids_extract_for_domain_index() into wb_sids2xids_next_sids2unix()
Instead of re-creating the dom_ids element,
we just use a pre-allocated map_ids_in array.
This is a bit tricky as we need to use map_ids_out as a copy of
map_ids_in, because the _ids argument of dcerpc_wbint_Sids2UnixIDs_send()
in [in,out], which means that _ids->ids is changed between
dcerpc_wbint_Sids2UnixIDs_send() and dcerpc_wbint_Sids2UnixIDs_recv()!
If the domain doesn't need any mappings, we'll move to the next domain
early, for now this can't happend but it will in future.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
- - - - -
cda61f59 by Stefan Metzmacher at 2020-10-23T03:25:36+00:00
wb_sids2xids: refactor wb_sids2xids_done() a bit
Here we don't change the logic.
It will make the following changes easier.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
- - - - -
19c8b6a8 by Stefan Metzmacher at 2020-10-23T03:25:37+00:00
wb_sids2xids: change 'i' to 'li' in wb_sids2xids_lookupsids_done()
With all the indexes we have into various array, this makes clear
'li' is the index into the state->lookup_sids array.
This makes the following changes easier to review.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
- - - - -
374acc2e by Stefan Metzmacher at 2020-10-23T03:25:37+00:00
wb_sids2xids: directly use state->all_ids to collect results
In order to translate the indexes from state->lookup_sids[]
for wb_lookupsids_send/recv() and state->map_ids.ids[]
for dcerpc_wbint_Sids2UnixIDs_send/recv() back to
state->all_ids.ids[] or state->sids[] we have state->tmp_idx[].
This simplifies wb_sids2xids_recv() a lot and make further
restructuring much easier.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
- - - - -
3f4626ea by Stefan Metzmacher at 2020-10-23T03:25:37+00:00
wb_sids2xids: fill cache as soon as possible
After adding entries to the cache we can mark them
as filled from the cache by setting its domain_index
to UINT32_MAX.
This will allow further changes to fill the results
into state->all_ids in steps.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
- - - - -
c55f4f37 by Stefan Metzmacher at 2020-10-23T03:25:37+00:00
wb_sids2xids: build state->idmap_doms based on wb_parent_idmap_config
In future we'll try to avoid wb_lookupsids_send() and only call
it if needed.
The domain name passed should be only relevant to find the correct
idmap backend, and these should all be available in
wb_parent_idmap_config as it was created before the idmap child was forked.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
- - - - -
493f5d6b by Stefan Metzmacher at 2020-10-23T03:25:37+00:00
winbindd: allow idmap backends to mark entries with ID_[TYPE_WB_]REQUIRE_TYPE
This must only be used between winbindd parent and child!
It must not leak into outside world.
Some backends require ID_TYPE_UID or ID_TYPE_GID as type_hint,
while others may only need ID_TYPE_BOTH in order to validate that
the domain exists.
This will allow us to skip the wb_lookupsids_send/recv in the winbindd parent
in future and only do that on demand.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
- - - - -
54b4d2d3 by Stefan Metzmacher at 2020-10-23T04:47:26+00:00
wb_sids2xids: defer/skip wb_lookupsids* unless we get ID_TYPE_WB_REQUIRE_TYPE
We try to give a valid hint for predefined sids and
pass ID_TYPE_BOTH as a hint that the domain part of the sid is valid.
In most cases the idmap child/backend does not require a type_hint
as mappings already exist.
This is a speed up as we no longer need to contact a domain controller.
It's also possible to accept kerberos authentication without reaching
out to a domain controller at all (if the idmap backend doesn't need a
hint).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Fri Oct 23 04:47:26 UTC 2020 on sn-devel-184
- - - - -
c4cbe061 by Ralph Boehme at 2020-10-23T07:56:32+00:00
vfs: make dirfsp arg to SMB_VFS_READLINKAT() const
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
3df5f851 by Ralph Boehme at 2020-10-23T07:56:32+00:00
smbd: fix order of smb_fname flags and twrp args in unlink_internals()
As snapshots are read-only by design, this bug was likely not a real issue so
I'm not creating a BUG for this.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
3caf53a0 by Ralph Boehme at 2020-10-23T07:56:32+00:00
smbd: fix order of smb_fname flags and twrp args in call_trans2findfirst()
Also not creating a BUG for this one as I've not seen any reports from the field
that this is causing issues.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ac45ce02 by Ralph Boehme at 2020-10-23T07:56:32+00:00
vfs_streams_xattr: only assert AT_FDCWD for streams
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
219a44ee by Ralph Boehme at 2020-10-23T07:56:32+00:00
vfs_streams_depot: only assert AT_FDCWD for streams
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
5161edbd by Ralph Boehme at 2020-10-23T07:56:32+00:00
selftest: remove POSIX test from planned tests for ad_dc_ntvfs environ
Just don't run the tests instead of retrofitting them to the skiplist..
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
0d6d53a9 by Ralph Boehme at 2020-10-23T07:56:32+00:00
vfs_default: allow dirfsps in the link VFS functions
The functions work just fine with real dirfsps.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
42b8a431 by Ralph Boehme at 2020-10-23T07:56:33+00:00
smbd: base POSIX semantics in call_trans2findfirst() on req->posix_pathnames
This will require a SMB1 client to enable SMB1 POSIX extensions, just sending
POSIX info-level requests without first enabling them won't cut it.
As discussed with Jeremy, SMB1 POSIX extensions is a global thing and the client
that wants to use it is expected to enable them explicitly before making use of
POSIX info-levels.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
2e5e49e4 by Ralph Boehme at 2020-10-23T07:56:33+00:00
smbd: let directory entries inherit the smb_fname->flags from the directory
If the listed directory has SMB_FILENAME_POSIX_PATH set, this change causes the
smb_fname of directory entries to inherit the flag so subsequent operations on
the directory entry can correctly implement POSIX semantics.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
71a57596 by Ralph Boehme at 2020-10-23T07:56:33+00:00
smbd: base POSIX semantics of call_trans2findfirst() on SMB_FILENAME_POSIX_PATH flag
We really want to apply POSIX semantics in this place whenever the client has
enabled UNIX extensions, not only when using UNIX find info-levels.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
29e212dd by Ralph Boehme at 2020-10-23T07:56:33+00:00
smbd: use UCF_POSIX_PATHNAMES flag for path validation logic in filename_convert_internal()
This change means that if a client path is a symlink, we *always* only call
check_veto_path() for POSIX clients using a POSIX pathname, not just when a
POSIX info-level was used in an SMB request.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
df92b06f by Ralph Boehme at 2020-10-23T07:56:33+00:00
smbd: remove use of UCF_UNIX_NAME_LOOKUP
This is now handled by SMB_FILENAME_POSIX_PATH.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
537069b6 by Ralph Boehme at 2020-10-23T07:56:33+00:00
smbd: mark UCF_UNIX_NAME_LOOKUP as unused
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
63a4e883 by Ralph Boehme at 2020-10-23T09:19:12+00:00
smbd: split out POSIX info_levels from smbd_do_setfilepathinfo() into own function
smbd_do_setfilepathinfo() can be made fully handle based for all non-POSIX
infolevels with pathref fsps, but for a POSIX create we may not have a fsp if
the path points at a symlink.
Splitting the POSIX from the non-POSIX logic allows for cleaner handling of this
in the future with pathref fsps.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Fri Oct 23 09:19:12 UTC 2020 on sn-devel-184
- - - - -
9bc9f8ce by Andreas Schneider at 2020-10-23T14:09:42+00:00
s3:script: Fix test_dfree_quota.sh
source3/script/tests/test_dfree_quota.sh: line 200: [: missing `]'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14550
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
8fa0d333 by Andreas Schneider at 2020-10-23T14:09:43+00:00
buildtools: Do not install binaries which are for selftest
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14550
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
2d89ddb0 by Andreas Schneider at 2020-10-23T14:09:43+00:00
unittests: Mark test binaries for selftest
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14550
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
6e25613a by Andreas Schneider at 2020-10-23T14:09:43+00:00
s3:modules: Do not install vfs modules only used for testing
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14550
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
3b5b23ea by Andreas Schneider at 2020-10-23T15:32:08+00:00
examples:auth: Do not install example plugin
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14550
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Fri Oct 23 15:32:08 UTC 2020 on sn-devel-184
- - - - -
7c8a7e8a by Stefan Metzmacher at 2020-10-23T16:02:37+00:00
librpc/dcesrv_core: move two rpcint_dispatch() copies into dcesrv_call_dispatch_local()
We only need this function once, so that we need to fix bugs only once...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14551
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
- - - - -
42e79cee by Stefan Metzmacher at 2020-10-23T16:02:37+00:00
librpc/dcesrv_core: make use of dcerpc_fault_to_nt_status() in dcesrv_call_dispatch_local()
The caller wants to get a useful NTSTATUS instead of a generic
NT_STATUS_NET_WRITE_FAULT.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14551
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
- - - - -
7bd321e7 by Stefan Metzmacher at 2020-10-23T16:02:37+00:00
librpc/dcesrv_core: assert that dcesrv_call_dispatch_local() never gets async.
This is just not supported for now...
We would need a dcesrv_call_dispatch_local_send/recv in order to
support async calls.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14551
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
- - - - -
d08a6b42 by Stefan Metzmacher at 2020-10-23T17:24:37+00:00
librpc/dcesrv_core: let dcesrv_call_dispatch_local() call context->iface->reply()
This is needed in order to get NDR_PRINT_FUNCTION_DEBUG(..., NDR_OUT) called.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14551
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
Autobuild-User(master): Samuel Cabrero <scabrero at samba.org>
Autobuild-Date(master): Fri Oct 23 17:24:37 UTC 2020 on sn-devel-184
- - - - -
6da16727 by Ralph Boehme at 2020-10-23T17:44:33+00:00
smb: rename NTCREATEX_OPTIONS_PRIVATE_DENY_DOS to NTCREATEX_FLAG_DENY_DOS
Just a shorter name, no change in behaviour.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c2f0fd40 by Ralph Boehme at 2020-10-23T17:44:33+00:00
smb: rename NTCREATEX_OPTIONS_PRIVATE_DENY_FCB to NTCREATEX_FLAG_DENY_FCB
Just a shorter name, no change in behaviour.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
4481259f by Ralph Boehme at 2020-10-23T17:44:34+00:00
smb: rename NTCREATEX_OPTIONS_PRIVATE_DELETE_ON_CLOSE to NTCREATEX_FLAG_DELETE_ON_CLOSE
Just a shorter name, no change in behaviour.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
45017205 by Ralph Boehme at 2020-10-23T17:44:34+00:00
smb: rename NTCREATEX_OPTIONS_PRIVATE_STREAM_BASEOPEN to NTCREATEX_FLAG_STREAM_BASEOPEN
Just a shorter name, no change in behaviour.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
7d9b32c8 by Ralph Boehme at 2020-10-23T17:44:34+00:00
smb: update comments on the NTCREATEX_FLAG_* flags
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
4b53e583 by Ralph Boehme at 2020-10-23T17:44:34+00:00
s3: add and use MS-FSCC Codes from 2.4 and 2.5
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f33b91a9 by Ralph Boehme at 2020-10-23T17:44:34+00:00
smbd: add and use SMB2_FILE_FULL_EA_INFORMATION
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
0dad9a31 by Ralph Boehme at 2020-10-23T19:06:40+00:00
smbd: add and use SMB2_FILE_ALL_INFORMATION
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Oct 23 19:06:40 UTC 2020 on sn-devel-184
- - - - -
5bb796cb by Volker Lendecke at 2020-10-24T05:57:31+00:00
lib: Fix includes for messages.h
It references struct tevent_context
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
79b0829e by Volker Lendecke at 2020-10-24T05:57:31+00:00
notify: Remove an unused structure definition
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
4dac4859 by Volker Lendecke at 2020-10-24T05:57:31+00:00
notifyd: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
3e648e9d by Volker Lendecke at 2020-10-24T05:57:31+00:00
notifyd: Factor out notifyd_parse_entry() into its own file
The next step will be to factor out notifyd_parse_db() and and
notify_walk() for consumption outside of smbd. notifyd_parse_db()
needs access to the internal representation of notifyd's database, so
move it into a commonly usable file.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
49859ac1 by Volker Lendecke at 2020-10-24T05:57:31+00:00
notifyd: Factor out notify_walk() into its own file
To be used in smbtorture, avoid having to include almost all of smbd
just for this
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
741428ea by Volker Lendecke at 2020-10-24T05:57:31+00:00
notifyd: Add fcn_wait_send()/recv()
tevent_req based functions to listen for file change
notifications. Mainly right now for testing purposes, but it could be
used to also implement smbd's file change notify in a more tevent_req
based fashion than it is implemented now.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
609867ef by Volker Lendecke at 2020-10-24T05:57:31+00:00
test: Add a first unit test for notifyd
Use the notifyd "messaging" protocol to check if notifyd works at all
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
bbc065da by Volker Lendecke at 2020-10-24T07:20:17+00:00
test: Check that notifyd messages actually change the database
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Sat Oct 24 07:20:17 UTC 2020 on sn-devel-184
- - - - -
183d5d63 by Alexander Bokovoy at 2020-10-26T18:33:40+00:00
DNS Resolver: support both dnspython before and after 2.0.0
`dnspython` 2.0.0 has many changes and several deprecations like:
```
> dns.resolver.resolve() has been added, allowing control of whether
search lists are used. dns.resolver.query() is retained for backwards
compatibility, but deprecated. The default for search list behavior can
be set at in the resolver object with the use_search_by_default
parameter. The default is False.
> dns.resolver.resolve_address() has been added, allowing easy
address-to-name lookups.
```
The new class `DNSResolver`:
- provides the compatibility layer
- defaults the previous behavior (the search list configured in the
system's resolver configuration is used for relative names)
- defaults lifetime to 15sec (determines the number of seconds
to spend trying to get an answer to the question)
The compatibility shim was developed by Stanislav Levin for FreeIPA and
adopted for Samba by Alexander Bokovoy.
Signed-off-by: Stanislav Levin <slev at altlinux.org>
Signed-off-by: Alexander Bokovoy <ab at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
3e27dc48 by Alexander Bokovoy at 2020-10-26T19:58:17+00:00
daemons: report status to systemd even when running in foreground
When systemd launches samba services, the configuration we have in
systemd service files expects that the main process (/usr/sbin/*)
would use sd_notify() to report back its status. However, we only use
sd_notify() when running become_daemon().
As a result, samba/smbd/winbindd/nmbd processes never report back its
status and the status updates from other childs (smbd, winbindd, etc)
are not accepted as we now have implied NotifyAccess=main since commit
d1740fb3d5a72cb49e30b330bb0b01e7ef3e09cc
This leads to a timeout and killing samba process by systemd. Situation
is reproducible in Fedora 33, for example.
Make sure that we have required status updates for all daemons in case
we aren't runnning in interactive mode.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14552
Signed-off-by: Alexander Bokovoy <ab at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon Oct 26 19:58:18 UTC 2020 on sn-devel-184
- - - - -
341adfdf by Mikhail Novosyolov at 2020-10-28T14:04:31+00:00
s3: fix running genmsg in pure git
xgettext wants pam_winbind.po to exist.
Without this running ./genmsg in cloned git fails.
Signed-off-by: Mikhail Novosyolov <m.novosyolov at rosalinux.ru>
Reviewed-by: Björn Jacke <bjacke at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
7958abe3 by Mikhail Novosyolov at 2020-10-28T14:04:31+00:00
s3: update paths in genmsg of pam_winbind
Signed-off-by: Mikhail Novosyolov <m.novosyolov at rosalinux.ru>
Reviewed-by: Björn Jacke <bjacke at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
c218ad1a by Mikhail Novosyolov at 2020-10-28T14:04:31+00:00
s3: update list of languages in genmsg of pam_winbind
Removed languages for which translations do not exist.
Signed-off-by: Mikhail Novosyolov <m.novosyolov at rosalinux.ru>
Reviewed-by: Björn Jacke <bjacke at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
c69d710f by Mikhail Novosyolov at 2020-10-28T14:04:31+00:00
s3: Rerun genmsg to update pam_winbind after 10 years
Previous run was in 2010 (10 years ago!), a lot of strings have changed.
Also removed all fuzzies because many strings do not exist any more in nterr.c
and then regenerated pos to restore strings that do exist.
I ran:
$ ./genmsg (with previous commits applied)
$ for i in *.po ; do mv -v $i ${i}.t && msgattrib --no-fuzzy -o $i ${i}.t && rm -fv ${i}.t ; done
$ ./genmsg
bjacke edited: don't remove old nterr.c translations, we should keep those
translatins and translate the mappings to the new strings coming from
nterr_gen.c, see b7b289f372535dc479a9c9b7ea80da4711edf4f8 for the related
change.
Signed-off-by: Mikhail Novosyolov <m.novosyolov at rosalinux.ru>
Reviewed-by: Björn Jacke <bjacke at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
d619a578 by Mikhail Novosyolov at 2020-10-28T15:31:05+00:00
s3: update Russian translation of pam_winbind
Signed-off-by: Mikhail Novosyolov <m.novosyolov at rosalinux.ru>
Reviewed-by: Björn Jacke <bjacke at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
Autobuild-User(master): Björn Jacke <bjacke at samba.org>
Autobuild-Date(master): Wed Oct 28 15:31:05 UTC 2020 on sn-devel-184
- - - - -
5f92ec69 by Andreas Schneider at 2020-10-28T17:52:19+00:00
s4:torture: Pass buffer correctly to write()
../../source4/torture/basic/denytest.c: In function ‘torture_createx_specific.isra’:
../../source4/torture/basic/denytest.c:2372:9: error: ‘write’ reading 56 bytes from a region of size 8 [-Werror=stringop-overflow=]
2372 | res = write(data_file_fd, &cxd, cxd_len);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14555
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Oct 28 17:52:19 UTC 2020 on sn-devel-184
- - - - -
cc490112 by Andrew Walker at 2020-10-29T03:31:56+00:00
s3:rpcclient fix NULL - deref caused by misuse of chgpasswd3
Passing wrong number of arguments to chgpasswd3 will cause rpcclient to crash.
Signed-off-by: Andrew Walker <awalker at ixsystems.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Oct 29 03:31:56 UTC 2020 on sn-devel-184
- - - - -
a380f19d by Volker Lendecke at 2020-10-29T10:25:37+00:00
CVE-2020-14323 winbind: Fix invalid lookupsids DoS
A lookupsids request without extra_data will lead to "state->domain==NULL",
which makes winbindd_lookupsids_recv trying to dereference it.
Reported by Bas Alberts of the GitHub Security Lab Team as GHSL-2020-134
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14436
Signed-off-by: Volker Lendecke <vl at samba.org>
- - - - -
40f23c24 by Volker Lendecke at 2020-10-29T10:25:37+00:00
CVE-2020-14323 torture4: Add a simple test for invalid lookup_sids winbind call
We can't add this test before the fix, add it to knownfail and have the fix
remove the knownfail entry again. As this crashes winbind, many tests after
this one will fail.
Reported by Bas Alberts of the GitHub Security Lab Team as GHSL-2020-134
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14436
Signed-off-by: Volker Lendecke <vl at samba.org>
- - - - -
6e143d9c by Jeremy Allison at 2020-10-29T10:25:37+00:00
s4: torture: Add smb2.notify.handle-permissions test.
Add knownfail entry.
CVE-2020-14318
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14434
Signed-off-by: Jeremy Allison <jra at samba.org>
- - - - -
3076566d by Jeremy Allison at 2020-10-29T11:47:35+00:00
s3: smbd: Ensure change notifies can't get set unless the directory handle is open for SEC_DIR_LIST.
Remove knownfail entry.
CVE-2020-14318
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14434
Signed-off-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(master): Thu Oct 29 11:47:35 UTC 2020 on sn-devel-184
- - - - -
56879ec5 by Andreas Schneider at 2020-10-29T14:19:36+00:00
idl: Add SID_SAMBA_SMB3
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
905c2b97 by Andreas Schneider at 2020-10-29T14:19:36+00:00
s3:smbd: Add SMB3 connection information to session info
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
8bbe5c8c by Andreas Schneider at 2020-10-29T14:19:36+00:00
librpc: Add dcerpc helper dcerpc_is_transport_encrypted()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
5f1a73be by Andreas Schneider at 2020-10-29T14:19:36+00:00
s3:smbd: Use defines to set 'srv_smb_encrypt'
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
c6a21e18 by Andreas Schneider at 2020-10-29T14:19:36+00:00
s3:rpc_server: Allow to use RC4 for setting passwords
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
a9c532c6 by Andreas Schneider at 2020-10-29T14:19:36+00:00
s4:rpc_server: Allow to use RC4 for setting passwords
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
32d4c75d by Isaac Boukris at 2020-10-29T14:19:36+00:00
lib:crypto: Add py binding for set_relax/strict fips mode
Signed-off-by: Isaac Boukris <iboukris at gmail.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
7d54e4b4 by Andreas Schneider at 2020-10-29T14:19:36+00:00
s4:param: Add 'weak crypto' getter to pyparam
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
9a3ba502 by Andreas Schneider at 2020-10-29T14:19:37+00:00
python:tests: Add SAMR password change tests for fips
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
ebd68733 by Andreas Schneider at 2020-10-29T15:41:37+00:00
python:tests: Add SAMR password change tests for fips
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Thu Oct 29 15:41:37 UTC 2020 on sn-devel-184
- - - - -
9214fcec by Jule Anger at 2020-10-29T18:54:24+00:00
tests: avoid returning an already used ID in randomXid()
The error 'uidNumber xxx is already being used.' in the samba tool tests
occurs when the random.randint functions returns the same value twice and
therefore a user or group with an already used gid or uid should be created.
Avoid this error by adding a list that stores the used IDs, so that the randomXid
function can check wheter a value is already used before returning it.
Signed-off-by: Jule Anger <ja at sernet.de>
Reviewed-by: Björn Baumbach <bb at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Oct 29 18:54:24 UTC 2020 on sn-devel-184
- - - - -
e8f31e5c by Björn Jacke at 2020-10-29T20:49:16+00:00
pam_winbind/ro.po: fix error from previous patch merge
fixes up d619a57804d200e351b509d67a8c76042cb9daa8
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14491
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Björn Baumbach <bbaumbach at samba.org>
Autobuild-User(master): Björn Jacke <bjacke at samba.org>
Autobuild-Date(master): Thu Oct 29 20:49:16 UTC 2020 on sn-devel-184
- - - - -
ee79d39a by Rowland Penny at 2020-10-30T17:11:02+00:00
idmap_nss.8.xml: update manpage as discussed on the samba mailing
list
Signed-off-by: Rowland Penny <rpenny at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Fri Oct 30 17:11:02 UTC 2020 on sn-devel-184
- - - - -
9404f863 by Martin Schwenke at 2020-11-02T08:58:31+00:00
ctdb-daemon: Clean up socket bind/secure/listen
Obey the coding style, modernise debug macros, clean up whitespace.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
78c3b5b6 by Martin Schwenke at 2020-11-02T08:58:31+00:00
ctdb-daemon: Clean up call to bind socket
Variable res is only used once and ret is re-used many times. Drop
res, use ret, which doesn't need to be initialised. Modernise debug
macro.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
65ab8cb0 by Martin Schwenke at 2020-11-02T08:58:31+00:00
ctdb-daemon: Do not attempt to chown Unix domain socket in test mode
If run with UID wrapper and UID_WRAPPER_ROOT=1 then securing the
socket will fail.
Test mode means that local daemons are in use, so securing the socket
is not important.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
4bf01030 by Martin Schwenke at 2020-11-02T10:20:45+00:00
selftest: Drop dummy environment variables for CTDB daemons
This existed to avoid UID_WRAPPER_ROOT=1 causing ctdbd to fail to
chown the socket. The chown is no longer done in test mode so remove
this confusing hack.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Amitay Isaacs <amitay at samba.org>
Autobuild-Date(master): Mon Nov 2 10:20:45 UTC 2020 on sn-devel-184
- - - - -
08f8f665 by Sachin Prabhu at 2020-11-02T20:18:33+00:00
docs-xml/manpages: Add warning about write-behind translator for vfs_glusterfs
Add warning about data corruption with the write-behind translator.
The data corruption is highlighted by the smbtorture test smb2.rw.rw1.
More information about this data corruption issue is available in the
bz.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14486
Signed-off-by: Sachin Prabhu <sprabhu at redhat.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
2a49ccbc by Günther Deschner at 2020-11-02T21:40:33+00:00
s3-vfs_glusterfs: refuse connection when write-behind xlator is present
s3-vfs_glusterfs: refuse connection when write-behind xlator is present
Once the new glusterfs api is available we will programmtically disable
the translator, for now we just refuse the connection as there is
a potential for serious data damage.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14486
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Pair-Programmed-With: Sachin Prabhu <sprabhu at redhat.com>
Pair-Programmed-With: Anoop C S <anoopcs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon Nov 2 21:40:33 UTC 2020 on sn-devel-184
- - - - -
6a9d22f4 by Douglas Bagnall at 2020-11-03T00:33:41+00:00
dsdb/mod/operational: correct comment arithmetic
E + F is not 1F! E + F is 1D!
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7d846cd1 by Jeremy Allison at 2020-11-03T01:56:59+00:00
s3: modules: vfs_glusterfs: Fix leak of char **lines onto mem_ctx on return.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14486
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Tue Nov 3 01:56:59 UTC 2020 on sn-devel-184
- - - - -
1298280a by Andreas Schneider at 2020-11-03T15:25:37+00:00
auth:creds: Rename CRED_USE_KERBEROS values
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
1a92994a by Andreas Schneider at 2020-11-03T15:25:37+00:00
auth:creds:tests: Migrate test to a cmocka unit test
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
27480333 by Andreas Schneider at 2020-11-03T16:47:57+00:00
s3:vfs: Document the encryption_required flag in vfs.h
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Tue Nov 3 16:47:57 UTC 2020 on sn-devel-184
- - - - -
0bc93500 by Björn Baumbach at 2020-11-03T22:55:37+00:00
samba-tool: add new "user unlock" command
Can be used to unlock a user when the badPwdCount has been reached.
Introduces SamDB error classes, as suggested by
Douglas Bagnall <douglas.bagnall at catalyst.net.nz> - thanks!
This helps to handle expected failures.
Tracebacks of really unexpected failures will not be hidden.
Signed-off-by: Björn Baumbach <bb at sernet.de>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
a1b02120 by Björn Baumbach at 2020-11-04T00:19:25+00:00
selftest: add test for new "samba-tool user unlock" command
Signed-off-by: Björn Baumbach <bb at sernet.de>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall at samba.org>
Autobuild-Date(master): Wed Nov 4 00:19:25 UTC 2020 on sn-devel-184
- - - - -
eb0474d2 by Alexander Bokovoy at 2020-11-04T14:59:34+00:00
cli_credentials_parse_string: fix parsing of principals
When parsing a principal-like name, user name was left with full
principal instead of taking only the left part before '@' sign.
>>> from samba import credentials
>>> t = credentials.Credentials()
>>> t.parse_string('admin at realm.test', credentials.SPECIFIED)
>>> t.get_username()
'admin at realm.test'
The issue is that cli_credentials_set_username() does a talloc_strdup()
of the argument, so we need to change order of assignment to allow
talloc_strdup() to copy the right part of the string.
Signed-off-by: Alexander Bokovoy <ab at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
00f4262e by Alexander Bokovoy at 2020-11-04T14:59:34+00:00
cli_credentials: add a helper to parse user or group names
cli_credentials_parse_string() parses a string specified for -U option
in command line tools. It has a side-effect that '%' character is always
considered to be a separator after which a password is specified.
Active Directory does allow to create user or group objects with '%' in
the name. It means cli_credentials_parse_string() will not be able to
properly parse such name.
Introduce cli_credentials_parse_name() for the cases when a password is
not expected in the name and call to cli_credentials_parse_name() from
cli_credentials_parse_string().
Test cli_credentials_parse_name() with its intended use in lookup_name()
refactoring.
Signed-off-by: Alexander Bokovoy <ab at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
f9016912 by Alexander Bokovoy at 2020-11-04T16:23:40+00:00
lookup_name: allow lookup for own realm
When using a security tab in Windows Explorer, a lookup over a trusted
forest might come as realm\name instead of NetBIOS domain name:
--------------------------------------------------------------------
[2020/01/13 11:12:39.859134, 1, pid=33253, effective(1732401004, 1732401004), real(1732401004, 0), class=rpc_parse] ../../librpc/ndr/ndr.c:471(ndr_print_function_debug)
lsa_LookupNames3: struct lsa_LookupNames3
in: struct lsa_LookupNames3
handle : *
handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid : 0000000e-0000-0000-1c5e-a750e5810000
num_names : 0x00000001 (1)
names: ARRAY(1)
names: struct lsa_String
length : 0x001e (30)
size : 0x0020 (32)
string : *
string : 'ipa.test\admins'
sids : *
sids: struct lsa_TransSidArray3
count : 0x00000000 (0)
sids : NULL
level : LSA_LOOKUP_NAMES_UPLEVEL_TRUSTS_ONLY2 (6)
count : *
count : 0x00000000 (0)
lookup_options : LSA_LOOKUP_OPTION_SEARCH_ISOLATED_NAMES (0)
client_revision : LSA_CLIENT_REVISION_2 (2)
--------------------------------------------------------------------
Allow this lookup using realm to be done against primary domain when we
are a domain controller. This corresponds to FreeIPA use of Samba as a
DC. For normal domain members a realm-based lookup falls back to a
lookup over to its own domain controller with the help of winbindd.
Refactor user name parsing code to reuse cli_credentials_* API to be
consistent with other places. cli_credentials_parse_name() handles
both domain and realm-based user name variants.
Signed-off-by: Alexander Bokovoy <ab at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Alexander Bokovoy <ab at samba.org>
Autobuild-Date(master): Wed Nov 4 16:23:40 UTC 2020 on sn-devel-184
- - - - -
0851afdf by Volker Lendecke at 2020-11-04T18:55:39+00:00
libsmb: Improve wording of a comment in cli_smb2_list
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
669414ef by Volker Lendecke at 2020-11-04T18:55:39+00:00
libsmb: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
af49efcd by Volker Lendecke at 2020-11-04T18:55:39+00:00
libreplace: Compare a pointer against NULL, not 0
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
40cec276 by Volker Lendecke at 2020-11-04T18:55:39+00:00
smbd: Align two integer types
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
7ea5c1f0 by Volker Lendecke at 2020-11-04T18:55:39+00:00
libsmb: Fix a signed/unsigned warning
"num_bytes" is uint32_t, "received" is uint16_t. The multiplication
seems to implicitly widen "received" to int, leading to a
signed/unsigned warning. This cast makes that warning go away.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
95e23517 by Volker Lendecke at 2020-11-04T18:55:40+00:00
torture: Show that recursive ls across dfs is broken
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f879c833 by Volker Lendecke at 2020-11-04T18:55:40+00:00
smbclient: Move variable declarations closer to their use
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
fd430864 by Volker Lendecke at 2020-11-04T18:55:40+00:00
smbclient: Wrap a few long lines
Make the next patch simpler
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
623bc39b by Volker Lendecke at 2020-11-04T18:55:40+00:00
smbclient: Introduce struct do_list_helper_state
We'll pass more information to do_list_helper() soon
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
88666564 by Volker Lendecke at 2020-11-04T18:55:40+00:00
smbclient: Add "mask" to do_list_helper_state
To me this is simpler to understand than to rely on the cli_list
callback which goes through some function call layers. Also, this
gives more obvious control over what we pass in the next patch.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
4cc4938a by Volker Lendecke at 2020-11-04T18:55:40+00:00
smbclient: Fix recursive "ls" across DFS links
This is an a bit subtle patch: The main trick is that the previous
code a DFS-style \\server\share\dir1\dir2 path ended up in the list of
directories to enumerate. This was then processed by do_list again,
passing it to cli_resolve_path. However, cli_resolve_path always
expects non-DFS style paths as input. This patch passes the original,
non-DFS path to do_list_helper(), so that it ends up without the DFS
style \\server\share prefix in the directory queue.
>From general failure it just fails on the SMB1-based environments,
like the other smbclient_s3 ones in knownfail.d/smb1-tests
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
4ebe72b9 by Volker Lendecke at 2020-11-04T18:55:40+00:00
libsmb: Remove "mntpoint" argument from cli_list() callback
do_list()/do_list_helper() in source3/client/client.c was the only user of this
argument. And that use was wrong.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a7d39ed1 by Volker Lendecke at 2020-11-04T18:55:40+00:00
libsmb: Remove "mntpoint" argument from cli_list_trans() callback
This was unused in the callers, also do this for symmetry.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
3e8ce497 by Volker Lendecke at 2020-11-04T20:17:47+00:00
libsmb: Remove cli_state->dfs_mountpoint
Not used anymore
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Nov 4 20:17:47 UTC 2020 on sn-devel-184
- - - - -
80ff5a37 by Bradley M. Kuhn at 2020-11-04T21:29:40+00:00
VFS-License-clarification: minor improvements aligning w/ GPLv3 text
The phrase "derived work" and word "derived" don't appear in GPLv3;
instead, GPLv3 uses the phrases "modified version" and "based on" to
implement the strong copyleft clause. Herein, align the VFS
statement with the phrases as they appear in the GPLv3 since Samba's
license is GPLv3-or-later.
Included are also a few other very minor wording changes as suggested
by legal counsel who is experienced with presenting these sorts of
licensing statements to company lawyers and suggests these changes
will comfort that constituency.
Finally, update both occurrences of the statement in the codebase in
two different files.
Signed-off-by: Bradley M. Kuhn <bkuhn at sfconservancy.org>
Reviewed-by: Jim McDonough <jmcd at samba.org>
Reviewed-by: Karolin Seeger <kseeger at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a51cda69 by Günther Deschner at 2020-11-04T22:53:49+00:00
s3-vfs_glusterfs: always disable write-behind translator
The "pass-through" option has now been merged upstream as of:
https://github.com/gluster/glusterfs/pull/1640
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14486
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Pair-Programmed-With: Anoop C S <anoopcs at samba.org>
Pair-Programmed-With: Sachin Prabhu <sprabhu at redhat.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Nov 4 22:53:49 UTC 2020 on sn-devel-184
- - - - -
04248f5e by Gary Lockyer at 2020-11-04T22:54:41+00:00
selftest: add mit kdc specific known fail
Add a MIT kerberos specific known fail, will be needed by subsequent
commits.
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b14dca7c by Gary Lockyer at 2020-11-04T22:54:41+00:00
tests python krb5: Make PrincipalName_create a class method
Make PrincipalName_create a class method, so it can be used in helper
classes.
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
41c8aa4b by Gary Lockyer at 2020-11-04T22:54:41+00:00
tests python krb5: Add canonicalize flag to ASN1
Add the canonicalize flag to KerberosFlags, so that it can be used in
python based canonicalization tests.
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
005435dc by Gary Lockyer at 2020-11-04T22:54:41+00:00
tests python krb5: Add python kerberos canonicalization tests
Add python canonicalization tests, loosely based on the code in
source4/torture/krb5/kdc-canon-heimdal.c. The long term goal is to move
the integration level tests out of kdc-canon-heimdal, leaving it as a
heimdal library unit test.
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8aebd486 by Andreas Schneider at 2020-11-05T00:17:54+00:00
bootstrap: Add Fedora 33
This removes Fedora 31 support.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu Nov 5 00:17:55 UTC 2020 on sn-devel-184
- - - - -
49efe0ca by Alexander Bokovoy at 2020-11-05T06:30:31+00:00
Revert "cli_credentials_parse_string: fix parsing of principals"
This reverts commit eb0474d27bae4592b25ac6bf600da29c6a1cb9f8.
- - - - -
5d80b179 by Alexander Bokovoy at 2020-11-05T06:30:31+00:00
Revert "cli_credentials: add a helper to parse user or group names"
This reverts commit 00f4262ed0b22f6e333e5a29c5590b62c783905c.
- - - - -
ca07dc77 by Alexander Bokovoy at 2020-11-05T07:53:02+00:00
Revert "lookup_name: allow lookup for own realm"
This reverts commit f901691209867b32c2d7c5c9274eee196f541654.
Autobuild-User(master): Alexander Bokovoy <ab at samba.org>
Autobuild-Date(master): Thu Nov 5 07:53:03 UTC 2020 on sn-devel-184
- - - - -
c2fcd83e by Andrew Walker at 2020-11-06T04:58:31+00:00
s4:libnet:py_net - free event context in dealloc fn
Creation of a new Net() object initializes an event context under
a NULL talloc context and then creates a new talloc context as a
child of the event context. The deallocation function for the
net object only frees the child and not the parent. This leaks an
fd for the tevent context and associated memory.
Signed-off-by: Andrew Walker <awalker at ixsystems.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Nov 6 04:58:31 UTC 2020 on sn-devel-184
- - - - -
f0f8de9d by Isaac Boukris at 2020-11-06T10:02:35+00:00
Add smb2cli_session_get_encryption_cipher()
When 'session->smb2->should_encrypt' is true, the client MUST encrypt
all transport messages (see also MS-SMB2 3.2.4.1.8).
Signed-off-by: Isaac Boukris <iboukris at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
339bfcd6 by Isaac Boukris at 2020-11-06T10:02:35+00:00
Add dcerpc_transport_encrypted()
Signed-off-by: Isaac Boukris <iboukris at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
eba91f0d by Isaac Boukris at 2020-11-06T10:02:35+00:00
Add py binding for dcerpc_transport_encrypted
Signed-off-by: Isaac Boukris <iboukris at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
a77551be by Isaac Boukris at 2020-11-06T10:02:35+00:00
selftest: add a test for py dce transport_encrypted
Signed-off-by: Isaac Boukris <iboukris at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
c2644032 by Isaac Boukris at 2020-11-06T10:02:35+00:00
Add CreateTrustedDomainRelax wrapper for fips mode
Signed-off-by: Isaac Boukris <iboukris at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
baf4e293 by Isaac Boukris at 2020-11-06T10:02:35+00:00
Use the new CreateTrustedDomainRelax()
Signed-off-by: Isaac Boukris <iboukris at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
cfaad16f by Isaac Boukris at 2020-11-06T10:02:35+00:00
selftest: add a test for the CreateTrustedDomainRelax wrapper
Originally copied from 'source4/scripting/devel/createtrust'
(had to drop the TRUST_AUTH_TYPE_VERSION part though, as it
fails against samba DC).
Signed-off-by: Isaac Boukris <iboukris at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
60415352 by Isaac Boukris at 2020-11-06T11:25:02+00:00
Remove source4/scripting/devel/createtrust script
We now have the 'samba-tool domain trust' command.
Signed-off-by: Isaac Boukris <iboukris at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
Autobuild-User(master): Isaac Boukris <iboukris at samba.org>
Autobuild-Date(master): Fri Nov 6 11:25:02 UTC 2020 on sn-devel-184
- - - - -
7b479c31 by David Disseldorp at 2020-11-06T18:56:29+00:00
build: put quotes around '!vfs_snapper' module instructions
Otherwise the exclamation may get swallowed by shell, leading to further
confusion.
Signed-off-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
710196f0 by David Disseldorp at 2020-11-06T20:19:22+00:00
doc: improve --with-shared-modules documentation
Remove statement about lack of support. Add description and example for
how to explicitly disable modules via a '!' prefix.
Signed-off-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Nov 6 20:19:22 UTC 2020 on sn-devel-184
- - - - -
86eb6423 by Jeremy Allison at 2020-11-09T02:46:49+00:00
lib: talloc: Cleanup. Use consistent preprocessor logic macros.
Match other use of ALWAYS_REALLOC.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14540
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6e0aab0b by Jeremy Allison at 2020-11-09T02:46:49+00:00
lib: talloc: Fix pool object accounting when doing talloc_realloc() in the ALWAYS_REALLOC compiled case.
tc_alloc_pool() or the fallback malloc can return NULL.
Wait until we know we are returning a valid pointer
before decrementing pool_hdr->object_count due to
reallocing out of the talloc_pool.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14540
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
30a8bea8 by Arran Cudbard-Bell at 2020-11-09T02:46:49+00:00
lib: talloc: Add more debugging text for existing memlimit + pool tests
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14540
Signed-off-by: Arran Cudbard-Bell <a.cudbardb at freeradius.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4566ee91 by Jeremy Allison at 2020-11-09T02:46:50+00:00
lib: talloc: Fix memlimit on pool realloc.
We only have to do the memlimit check before any
real malloc or realloc. Allocations out of a
memory pool have already been counted in the
memory limit, so don't check in those cases.
This is an application-visible change (although
fixing a bug) so bump the ABI to 2.3.1 -> 2.3.2.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14540
Signed-off-by: Jeremy Allison <jra at samba.org>
Signed-off-by: Arran Cudbard-Bell <a.cudbardb at freeradius.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a5052c73 by Arran Cudbard-Bell at 2020-11-09T02:46:50+00:00
lib: talloc: More tests for realloc when used with memlimited pools
This requires the previous patch.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14540
Signed-off-by: Arran Cudbard-Bell <a.cudbardb at freeradius.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5cb51343 by Gary Lockyer at 2020-11-09T02:46:50+00:00
selftest: add heimdal kdc specific known fail
Add a heimdal kerberos specific known fail, will be needed by subsequent
commits.
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1e1d8b9c by Gary Lockyer at 2020-11-09T02:46:50+00:00
tests python krb5: Add python kerberos compatability tests
Add new python test to document the differences between the MIT and
Heimdal Kerberos implementations.
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e5e17590 by Jeremy Allison at 2020-11-09T04:10:45+00:00
s3: spoolss: Make parameters in call to user_ok_token() match all other uses.
We already have p->session_info->unix_info->unix_name, we don't
need to go through a legacy call to uidtoname(p->session_info->unix_token->uid).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14568
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Mon Nov 9 04:10:45 UTC 2020 on sn-devel-184
- - - - -
6c11e5f4 by Andreas Schneider at 2020-11-09T08:58:35+00:00
s3:rpc_server: Use gnutls_cipher_decrypt() in get_trustdom_auth_blob()
It doesn't matter for RC4, but just to be correct.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
c93ccebd by Andreas Schneider at 2020-11-09T08:58:35+00:00
s4:rpc_server: Use gnutls_cipher_decrypt() in get_trustdom_auth_blob()
It doesn't matter for RC4, but just to be correct.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
4425f2c1 by Andreas Schneider at 2020-11-09T08:58:35+00:00
s3:rpc_server: Allow to use RC4 for creating trusts
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
c75dd1ea by Andreas Schneider at 2020-11-09T08:58:35+00:00
s4:rpc_server: Allow to use RC4 for creating trusts
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
b8913401 by Andreas Schneider at 2020-11-09T10:22:51+00:00
sefltest: Enable the dcerpc.createtrustrelax test against ad_dc_fips
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Mon Nov 9 10:22:51 UTC 2020 on sn-devel-184
- - - - -
be03ce7d by Anoop C S at 2020-11-09T13:30:06+00:00
manpages/vfs_glusterfs: Mention silent skipping of write-behind translator
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14486
Signed-off-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
Autobuild-User(master): Günther Deschner <gd at samba.org>
Autobuild-Date(master): Mon Nov 9 13:30:06 UTC 2020 on sn-devel-184
- - - - -
96e2cf79 by Björn Jacke at 2020-11-10T06:53:42+00:00
replace/waf: fix libnsl checking on Solaris
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13343
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b9e8959c by Björn Jacke at 2020-11-10T06:53:42+00:00
waf/texpect: add required nsl dependency for Solaris
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
edb10125 by Björn Jacke at 2020-11-10T06:53:42+00:00
replace: define BOOL_DEFINED to fix header yp_prot header check on Solaris
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
104b3545 by Björn Jacke at 2020-11-10T06:53:42+00:00
heimdal_build: silence warning: macro redefined
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a223c5b5 by Björn Jacke at 2020-11-10T06:53:42+00:00
waf: use _POSIX_PTHREAD_SEMANTIC on Solaris
Solaris uses POSIX draft function calls by default for a number of functions,
unless you set _POSIX_PTHREAD_SEMANTIC
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
bbfd93f7 by Björn Jacke at 2020-11-10T06:53:42+00:00
debug: remove a cast, which makes the Solaris Studio compiler unhappy
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14526
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a4e90cfe by Björn Jacke at 2020-11-10T06:53:42+00:00
http_conn.c: fix "void function cannot return value" error
this made the studio compiler build break
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
cce4e801 by Björn Jacke at 2020-11-10T06:53:42+00:00
auth_generic: fix empty initializer compile warning
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6b855429 by Björn Jacke at 2020-11-10T06:53:43+00:00
talloc: fix studio compiler build
Solaris Studio compiler 12.4 is pedantic about prototypes in headers having
the external visibility declarations too. It throws errors like:
redeclaration must have the same or more restrictive linker scoping: ...
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
268fcfdd by Björn Jacke at 2020-11-10T06:53:43+00:00
talloc/pytalloc: fix studio compler build
Solaris Studio compiler 12.4 is pedantic about prototypes in headers having
the external visibility declarations too. It throws errors like:
redeclaration must have the same or more restrictive linker scoping: ...
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3c1013ca by Björn Jacke at 2020-11-10T06:53:43+00:00
tdb: fix studio compiler build
Solaris Studio compiler 12.4 is pedantic about prototypes in headers having
the external visibility declarations too. It throws errors like:
redeclaration must have the same or more restrictive linker scoping: ...
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
aa8d6c77 by Björn Jacke at 2020-11-10T06:53:43+00:00
pidl: use unused attribute only if supported by feature macro
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e4f33548 by Björn Jacke at 2020-11-10T06:53:43+00:00
torture/sharemode: fix empty initializer compile warning
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c862ad64 by Björn Jacke at 2020-11-10T06:53:43+00:00
ldb_kv_index: fix empty initializer compile warning
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
91831712 by Björn Jacke at 2020-11-10T06:53:43+00:00
ldb_key_value_test: studio compiler doesn't like empty struct definitions
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c305ab07 by Björn Jacke at 2020-11-10T06:53:43+00:00
ldb_parse_test: studio compiler doesn't like empty struct definitions
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
37b81f91 by Björn Jacke at 2020-11-10T06:53:43+00:00
util_net: fix a statement not reached warning
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c32eb006 by Björn Jacke at 2020-11-10T06:53:43+00:00
waf: check for pragma init/fini support for constructors/destructors
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f13e1ca5 by Björn Jacke at 2020-11-10T06:53:43+00:00
talloc: alternatively use prama init for constructors if supported
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
18fdfe8c by Björn Jacke at 2020-11-10T08:17:53+00:00
winbind: alternatively use prama fini for destructors if supported
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Tue Nov 10 08:17:53 UTC 2020 on sn-devel-184
- - - - -
6598e00e by Jeremy Allison at 2020-11-10T19:49:33+00:00
lib: talloc: Remove the ALWAYS_REALLOC code paths.
This is now never set, and also never tested, and only makes
the talloc code more complicated.
Once this is gone we can start looking at the memlimit
stuff.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
5ac44b83 by Volker Lendecke at 2020-11-10T19:49:33+00:00
lib: Move generate_unique_u64_state into generate_unique_u64()
Make clear that generate_unique_u64() is the only function referencing
it.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a342cf2c by Volker Lendecke at 2020-11-10T19:49:33+00:00
locking: Remove an unused anonymous struct reference
This was used in share_mode_do_locked()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
be381fd4 by Volker Lendecke at 2020-11-10T19:49:33+00:00
smbd: Use ISDOT[DOT] in can_delete_directory_fsp()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1af086d2 by Volker Lendecke at 2020-11-10T19:49:33+00:00
lib: Fix a signed/unsigned warning
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
30c917c2 by Volker Lendecke at 2020-11-10T19:49:33+00:00
lib: Fix a theoretical out-of-bounds write
This routine looked fishy: We do cap_vals[num_cap_vals++] = XXX based
on #ifdefs and capabilities. Then later on we did a check that we did
not overwrite the stack. The change I did is to just count the number
of num_cap_vals++, right now it's 5. I know it is in different switch
branches, but with the #ifdefs it's a bit clumsy to read the exact
number of actual num_cap_vals++ that can happen in one run. On debian
buster, cap_val_t is an int, so this is not really wasting too much.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
76043ccb by Volker Lendecke at 2020-11-10T19:49:33+00:00
lib: Slightly optimize smb_fname_str_dbg()
Don't leak "fname"
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
fc88f2e0 by Volker Lendecke at 2020-11-10T19:49:33+00:00
vfs_error_inject: Align integer types
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
daa9d98c by Volker Lendecke at 2020-11-10T19:49:33+00:00
auth: Align an integer type
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
401c5132 by Volker Lendecke at 2020-11-10T19:49:33+00:00
passdb: Align integer types
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
4da7de80 by Volker Lendecke at 2020-11-10T19:49:33+00:00
smbd: Align integer types
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
15e9e294 by Volker Lendecke at 2020-11-10T19:49:34+00:00
smbd: Give locking/share_mode_lock.c its own header file
To me this is then easier to figure out what is defined there, and
where it's exactly used.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
13217e6e by Volker Lendecke at 2020-11-10T19:49:34+00:00
smbd: Move share_mode_cleanup_disonnected() to scavenger.c
Reduce the complexity of share_mode_lock.c, scavenger.c is the only
user of this routine.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
2fe1e601 by Volker Lendecke at 2020-11-10T19:49:34+00:00
smbd: Move "struct share_mode_lock" to share_mode_lock.h
share_mode_lock.c is where it's created
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
84dba041 by Volker Lendecke at 2020-11-10T19:49:34+00:00
locking: Make share_mode_watch_send() take "share_mode_lock"
This makes clear that this can only be done under a lock
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
3f54fcaf by Volker Lendecke at 2020-11-10T19:49:34+00:00
smbd: Move setting d->modified=true to reset_share_mode_entry()
This function is only called from
vfs_default_durable_reconnect(). It is really the lower-level routine
that triggers the write of the locking.tdb record.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a01cb7fa by Volker Lendecke at 2020-11-10T19:49:34+00:00
locking: Add share_mode_changed_write_time() accessor function
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
60f24079 by Volker Lendecke at 2020-11-10T19:49:34+00:00
smbd: Use share_mode_changed_write_time() in durable_disconnect()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ec387d04 by Volker Lendecke at 2020-11-10T19:49:34+00:00
smbd: Use share_mode_changed_write_time() in smbd/close.c
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
701da78c by Volker Lendecke at 2020-11-10T19:49:34+00:00
locking: Add share_mode_filename() accessor function
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d2662dff by Volker Lendecke at 2020-11-10T19:49:34+00:00
smbstatus: Use share_mode_filename()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
53059dc6 by Volker Lendecke at 2020-11-10T19:49:34+00:00
smbd: Use share_mode_filename() in scavenger.c
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
3d33eee5 by Volker Lendecke at 2020-11-10T19:49:34+00:00
smbd: Avoid share_mode_lock dereference in scavenger
Pass "struct file_id" to callees without accessing share_mode_lock
internals
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
5aab299d by Volker Lendecke at 2020-11-10T19:49:34+00:00
locking: Add share_mode_servicepath() accessor function
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ee41ec8a by Volker Lendecke at 2020-11-10T19:49:35+00:00
smbd: Use share_mode_servicepath() in scavenger.c
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
2337c1e3 by Volker Lendecke at 2020-11-10T19:49:35+00:00
net_tdb: Slightly restructure net_tdb_locking()
Remove the net_tdb_locking_fetch() subroutine. All of net_tdb_locking() is
still very simple, and net_tdb_locking_fetch() did the fetch as such plus
parsing the hex key. With this restructuring it was possible to avoid a direct
reference to lck->data->id.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
affce737 by Volker Lendecke at 2020-11-10T19:49:35+00:00
net_tdb: Use share_mode_servicepath()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ce64b3ca by Volker Lendecke at 2020-11-10T19:49:35+00:00
net_tdb: Use share_mode_filename()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
5c3a18e5 by Volker Lendecke at 2020-11-10T19:49:35+00:00
locking: Add share_mode_data_dump() accessor function
This is a special case for net tdb dump. The alternative would be to
change the net tdb dump behaviour.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f6abe33d by Volker Lendecke at 2020-11-10T19:49:35+00:00
net_tdb: Use share_mode_data_dump()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
271a369f by Volker Lendecke at 2020-11-10T19:49:35+00:00
smbd: Don't set share_mode_lock modified in grant_new_fsp_lease()
A new lease never triggers a retry. Setting d->modified to true just
triggered the watchers needlessly.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d220bae5 by Volker Lendecke at 2020-11-10T19:49:35+00:00
smbd: Remove a variable used just once
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
4b6f4ee4 by Volker Lendecke at 2020-11-10T19:49:35+00:00
smbd: Avoid references to share_mode_data->id
When calling open_mode_check() we know the file id. We can pass it to
the lower levels without dereferencing struct share_mode_lock.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
df2ffaaa by Volker Lendecke at 2020-11-10T19:49:35+00:00
locking: move share_mode_flags_[gs]et to share_mode_lock.c
These routines parse and marshall the uint16 summary flag in
share_mode_data. open_file_ntcreate() and open_directory() are the
only real users of this. The user in oplock.c is just the lazy reset
of the "read lease exists somewhere" after asynchronously breaking
read oplocks after a write request.
This moves handling the flags into locking/ to consolidate data
structure handling of "share_mode_data" there.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d762ab55 by Volker Lendecke at 2020-11-10T21:12:48+00:00
locking: hide share_mode_lock definition
This makes "struct share_mode_lock" an opaque data structure opened up
only to the code in locking/. This makes it much safer to modify the
data structure with defined accessor functions in share_mode_lock.c.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Nov 10 21:12:48 UTC 2020 on sn-devel-184
- - - - -
d7f731ed by Andrew Bartlett at 2020-11-11T01:15:39+00:00
selftest: Send enterprise principals tagged as such
This test passed against Samba but failed against Windows when
an enterprise principal (user at domain.com@REALM) was encoded as
NT_PRINCIPAL.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
- - - - -
579a3c64 by Andrew Bartlett at 2020-11-11T01:15:39+00:00
selftest: Fix flipped machine and user constants
This naturally does not change the test, but reduces developer
confusion.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
- - - - -
d85e71f4 by Andrew Bartlett at 2020-11-11T01:15:39+00:00
selftest: Make as_canonicalization_tests.py easier to run outside "make test"
This takes the realm from the LDAP base DN and so avoids one
easy mistake to make. So far the NT4 domain name is not
auto-detected, so much be read from the smb.conf.
By using .guess() the smb.conf is read for the unspecified
parts (eg workstation for an NTLM login to the LDAP server if
the target server is an IP address).
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
- - - - -
d79218db by Andrew Bartlett at 2020-11-11T01:15:39+00:00
samdb: Add samdb.domain_netbios_name()
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
- - - - -
2693f12f by Andrew Bartlett at 2020-11-11T01:15:39+00:00
selftest: Make as_canonicalization_tests.py auto-detect the NT4 domain name
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
- - - - -
ab8c0a18 by Andrew Bartlett at 2020-11-11T01:15:39+00:00
selftest: Fix formatting of failure (traceback and options swapped in format string)
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
- - - - -
fc77ece0 by Andrew Bartlett at 2020-11-11T01:15:39+00:00
selftest: Add in encrypted-pa-data from RFC 6806
This comes from Windows 2019 which supports FAST.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
- - - - -
f214a3ba by Andrew Bartlett at 2020-11-11T02:38:46+00:00
selftest: Windows 2019 implements the RemoveDollar behaviour for Enterprise principals
This is documented in MS-KILE.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
Autobuild-User(master): Gary Lockyer <gary at samba.org>
Autobuild-Date(master): Wed Nov 11 02:38:46 UTC 2020 on sn-devel-184
- - - - -
31c70376 by Alexander Bokovoy at 2020-11-11T10:59:01+00:00
lookup_name: allow lookup names prefixed with DNS forest root for FreeIPA DC
In FreeIPA deployment with active Global Catalog service, when a two-way
trust to Active Directory forest is established, Windows systems can
look up FreeIPA users and groups. When using a security tab in Windows
Explorer on AD side, a lookup over a trusted forest might come as
realm\name instead of NetBIOS domain name:
--------------------------------------------------------------------
[2020/01/13 11:12:39.859134, 1, pid=33253, effective(1732401004, 1732401004), real(1732401004, 0), class=rpc_parse] ../../librpc/ndr/ndr.c:471(ndr_print_function_debug)
lsa_LookupNames3: struct lsa_LookupNames3
in: struct lsa_LookupNames3
handle : *
handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid : 0000000e-0000-0000-1c5e-a750e5810000
num_names : 0x00000001 (1)
names: ARRAY(1)
names: struct lsa_String
length : 0x001e (30)
size : 0x0020 (32)
string : *
string : 'ipa.test\admins'
sids : *
sids: struct lsa_TransSidArray3
count : 0x00000000 (0)
sids : NULL
level : LSA_LOOKUP_NAMES_UPLEVEL_TRUSTS_ONLY2 (6)
count : *
count : 0x00000000 (0)
lookup_options : LSA_LOOKUP_OPTION_SEARCH_ISOLATED_NAMES (0)
client_revision : LSA_CLIENT_REVISION_2 (2)
--------------------------------------------------------------------
If we are running as a DC and PASSDB supports returning domain info
(pdb_get_domain_info() returns a valid structure), check domain of the
name in lookup_name() against DNS forest name and allow the request to
be done against the primary domain. This corresponds to FreeIPA's use of
Samba as a DC. For normal domain members a realm-based lookup falls back
to a lookup over to its own domain controller with the help of winbindd.
Signed-off-by: Alexander Bokovoy <ab at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Alexander Bokovoy <ab at samba.org>
Autobuild-Date(master): Wed Nov 11 10:59:01 UTC 2020 on sn-devel-184
- - - - -
457b49c6 by Jeremy Allison at 2020-11-11T15:02:27+00:00
s3: modules: gluster. Fix the error I made in preventing talloc leaks from a function.
file_lines_parse() plays horrible tricks with
the passed-in talloc pointers and the hierarcy
which makes freeing hard to get right.
As we know mem_ctx is freed by the caller, after
calling file_lines_parse don't free on exit and let the caller
handle it. This violates good Samba coding practice
but we know we're not leaking here.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14486
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
Autobuild-User(master): Günther Deschner <gd at samba.org>
Autobuild-Date(master): Wed Nov 11 15:02:27 UTC 2020 on sn-devel-184
- - - - -
40079975 by Stefan Metzmacher at 2020-11-11T21:14:32+00:00
testprogs/blackbox: make sure subunit.sh always terminates DETAILS with '\n]\n'
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
b3ffc61e by Stefan Metzmacher at 2020-11-11T21:14:32+00:00
SambaToolCmdTest: let assertCmdSuccess() escape ']\n' lines
This gives a much higher chance to see the actual problem
without having them filtered by various 'filter-subunit' invocations.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
3f556d97 by Stefan Metzmacher at 2020-11-11T21:14:32+00:00
selftest/subunithelper: only let ']\n' lines to terminate
It should not be enough that a line ends with ']\n' is accident,
subunit DETAILS are terminated with '\n]\n'!
This gives a much higher chance to see the actual problem
without having them filtered by various 'filter-subunit' invocations.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
dcd5a64c by Stefan Metzmacher at 2020-11-11T22:43:46+00:00
selftest/subunithelper: also output as much of unterminated DETAILS
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall at samba.org>
Autobuild-Date(master): Wed Nov 11 22:43:46 UTC 2020 on sn-devel-184
- - - - -
2a8b6726 by Alexander Bokovoy at 2020-11-12T13:49:34+00:00
auth_sam: use pdb_get_domain_info to look up DNS forest information
When Samba is used as a part of FreeIPA domain controller, Windows
clients for a trusted AD forest may try to authenticate (perform logon
operation) as a REALM\name user account.
Fix auth_sam plugins to accept DNS forest name if we are running on a DC
with PASSDB module providing domain information (e.g. pdb_get_domain_info()
returning non-NULL structure). Right now, only FreeIPA or Samba AD DC
PASSDB backends return this information but Samba AD DC configuration is
explicitly ignored by the two auth_sam (strict and netlogon3) modules.
Detailed logs below:
[2020/11/11 09:23:53.281296, 1, pid=42677, effective(65534, 65534), real(65534, 0), class=rpc_parse] ../../librpc/ndr/ndr.c:482(ndr_print_function_debug)
netr_LogonSamLogonWithFlags: struct netr_LogonSamLogonWithFlags
in: struct netr_LogonSamLogonWithFlags
server_name : *
server_name : '\\master.ipa.test'
computer_name : *
computer_name : 'AD1'
credential : *
credential: struct netr_Authenticator
cred: struct netr_Credential
data : 529f4b087c5f6546
timestamp : Wed Nov 11 09:23:55 AM 2020 UTC
return_authenticator : *
return_authenticator: struct netr_Authenticator
cred: struct netr_Credential
data : 204f28f622010000
timestamp : Fri May 2 06:37:50 AM 1986 UTC
logon_level : NetlogonNetworkTransitiveInformation (6)
logon : *
logon : union netr_LogonLevel(case 6)
network : *
network: struct netr_NetworkInfo
identity_info: struct netr_IdentityInfo
domain_name: struct lsa_String
length : 0x0010 (16)
size : 0x01fe (510)
string : *
string : 'IPA.TEST'
parameter_control : 0x00002ae0 (10976)
0: MSV1_0_CLEARTEXT_PASSWORD_ALLOWED
0: MSV1_0_UPDATE_LOGON_STATISTICS
0: MSV1_0_RETURN_USER_PARAMETERS
0: MSV1_0_DONT_TRY_GUEST_ACCOUNT
1: MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT
1: MSV1_0_RETURN_PASSWORD_EXPIRY
1: MSV1_0_USE_CLIENT_CHALLENGE
0: MSV1_0_TRY_GUEST_ACCOUNT_ONLY
1: MSV1_0_RETURN_PROFILE_PATH
0: MSV1_0_TRY_SPECIFIED_DOMAIN_ONLY
1: MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT
0: MSV1_0_DISABLE_PERSONAL_FALLBACK
1: MSV1_0_ALLOW_FORCE_GUEST
0: MSV1_0_CLEARTEXT_PASSWORD_SUPPLIED
0: MSV1_0_USE_DOMAIN_FOR_ROUTING_ONLY
0: MSV1_0_ALLOW_MSVCHAPV2
0: MSV1_0_S4U2SELF
0: MSV1_0_CHECK_LOGONHOURS_FOR_S4U
0: MSV1_0_SUBAUTHENTICATION_DLL_EX
logon_id : 0x0000000000884ef2 (8933106)
account_name: struct lsa_String
length : 0x000e (14)
size : 0x000e (14)
string : *
string : 'idmuser'
workstation: struct lsa_String
length : 0x0000 (0)
size : 0x0000 (0)
string : *
string : ''
challenge : 417207867bd33c74
nt: struct netr_ChallengeResponse
length : 0x00c0 (192)
size : 0x00c0 (192)
data : *
data: ARRAY(192)
[0000] A5 24 62 6E 31 DF 69 66 9E DC 54 D6 63 4C D6 2F .$bn1.if ..T.cL./
[0010] 01 01 00 00 00 00 00 00 50 37 D7 60 0C B8 D6 01 ........ P7.`....
[0020] 15 1B 38 4F 47 95 4D 62 00 00 00 00 02 00 0E 00 ..8OG.Mb ........
[0030] 57 00 49 00 4E 00 32 00 30 00 31 00 36 00 01 00 W.I.N.2. 0.1.6...
[0040] 06 00 41 00 44 00 31 00 04 00 18 00 77 00 69 00 ..A.D.1. ....w.i.
[0050] 6E 00 32 00 30 00 31 00 36 00 2E 00 74 00 65 00 n.2.0.1. 6...t.e.
[0060] 73 00 74 00 03 00 20 00 61 00 64 00 31 00 2E 00 s.t... . a.d.1...
[0070] 77 00 69 00 6E 00 32 00 30 00 31 00 36 00 2E 00 w.i.n.2. 0.1.6...
[0080] 74 00 65 00 73 00 74 00 05 00 18 00 77 00 69 00 t.e.s.t. ....w.i.
[0090] 6E 00 32 00 30 00 31 00 36 00 2E 00 74 00 65 00 n.2.0.1. 6...t.e.
[00A0] 73 00 74 00 07 00 08 00 50 37 D7 60 0C B8 D6 01 s.t..... P7.`....
[00B0] 06 00 04 00 02 00 00 00 00 00 00 00 00 00 00 00 ........ ........
lm: struct netr_ChallengeResponse
length : 0x0018 (24)
size : 0x0018 (24)
data : *
data : 000000000000000000000000000000000000000000000000
validation_level : 0x0006 (6)
flags : *
flags : 0x00000000 (0)
0: NETLOGON_SAMLOGON_FLAG_PASS_TO_FOREST_ROOT
0: NETLOGON_SAMLOGON_FLAG_PASS_CROSS_FOREST_HOP
0: NETLOGON_SAMLOGON_FLAG_RODC_TO_OTHER_DOMAIN
0: NETLOGON_SAMLOGON_FLAG_RODC_NTLM_REQUEST
In such case checks for a workgroup name will not match the DNS forest
name used in the username specification:
[2020/11/11 09:23:53.283055, 3, pid=42677, effective(65534, 65534), real(65534, 0), class=auth] ../../source3/auth/auth.c:200(auth_check_ntlm_password)
check_ntlm_password: Checking password for unmapped user [IPA.TEST]\[idmuser]@[] with the new password interface
[2020/11/11 09:23:53.283073, 3, pid=42677, effective(65534, 65534), real(65534, 0), class=auth] ../../source3/auth/auth.c:203(auth_check_ntlm_password)
check_ntlm_password: mapped user is: [IPA.TEST]\[idmuser]@[]
[2020/11/11 09:23:53.283082, 10, pid=42677, effective(65534, 65534), real(65534, 0), class=auth] ../../source3/auth/auth.c:213(auth_check_ntlm_password)
check_ntlm_password: auth_context challenge created by fixed
[2020/11/11 09:23:53.283091, 10, pid=42677, effective(65534, 65534), real(65534, 0), class=auth] ../../source3/auth/auth.c:216(auth_check_ntlm_password)
challenge is:
[2020/11/11 09:23:53.283099, 5, pid=42677, effective(65534, 65534), real(65534, 0)] ../../lib/util/util.c:678(dump_data)
[0000] 41 72 07 86 7B D3 3C 74 Ar..{.<t
[2020/11/11 09:23:53.283113, 10, pid=42677, effective(65534, 65534), real(65534, 0), class=auth] ../../source3/auth/auth_sam.c:209(auth_sam_netlogon3_auth)
auth_sam_netlogon3_auth: Check auth for: [IPA.TEST]\[idmuser]
[2020/11/11 09:23:53.283123, 5, pid=42677, effective(65534, 65534), real(65534, 0), class=auth] ../../source3/auth/auth_sam.c:234(auth_sam_netlogon3_auth)
auth_sam_netlogon3_auth: IPA.TEST is not our domain name (DC for IPA)
[2020/11/11 09:23:53.283131, 10, pid=42677, effective(65534, 65534), real(65534, 0), class=auth] ../../source3/auth/auth.c:249(auth_check_ntlm_password)
auth_check_ntlm_password: sam_netlogon3 had nothing to say
and overall authentication attempt will fail: auth_winbind will complain
that this domain is not a trusted one and refuse operating on it:
[2020/11/11 09:23:53.283784, 10, pid=42663, effective(0, 0), real(0, 0), class=winbind] ../../source3/winbindd/winbindd.c:742(process_request_send)
process_request_send: process_request: Handling async request smbd(42677):PAM_AUTH_CRAP
[2020/11/11 09:23:53.283796, 3, pid=42663, effective(0, 0), real(0, 0), class=winbind] ../../source3/winbindd/winbindd_pam_auth_crap.c:110(winbindd_pam_auth_crap_send)
[42677]: pam auth crap domain: [IPA.TEST] user: idmuser
[2020/11/11 09:23:53.283810, 3, pid=42663, effective(0, 0), real(0, 0), class=winbind] ../../source3/winbindd/winbindd_pam.c:409(find_auth_domain)
Authentication for domain [IPA.TEST] refused as it is not a trusted domain
[2020/11/11 09:23:53.283825, 10, pid=42663, effective(0, 0), real(0, 0), class=winbind] ../../source3/winbindd/winbindd.c:810(process_request_done)
process_request_done: [smbd(42677):PAM_AUTH_CRAP]: NT_STATUS_NO_SUCH_USER
[2020/11/11 09:23:53.283844, 10, pid=42663, effective(0, 0), real(0, 0), class=winbind] ../../source3/winbindd/winbindd.c:855(process_request_written)
process_request_written: [smbd(42677):PAM_AUTH_CRAP]: delivered response to client
Signed-off-by: Alexander Bokovoy <ab at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
8036bf97 by Andreas Schneider at 2020-11-12T15:13:47+00:00
s3:smbd: Fix possible null pointer dereference in token_contains_name()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14572
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
Autobuild-User(master): Alexander Bokovoy <ab at samba.org>
Autobuild-Date(master): Thu Nov 12 15:13:47 UTC 2020 on sn-devel-184
- - - - -
e9e06a11 by Anoop C S at 2020-11-12T17:23:19+00:00
vfs_shadow_copy2: Preserve all open flags assuming ROFS
Instead of replacing open flags with just O_RDONLY, filter out all those
flags unrelated to a Read Only File System
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14573
Signed-off-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Thu Nov 12 17:23:19 UTC 2020 on sn-devel-184
- - - - -
532c941f by Gary Lockyer at 2020-11-12T21:30:32+00:00
tests python krb5: Add constants module
Extract the constants used in the tests into a separate module.
To reduce code duplication
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
97b830cb by Gary Lockyer at 2020-11-12T21:30:32+00:00
tests python krb5: Refactor canonicalization test constants
Modify tests to use the constants defined in rfc4120_constants.py
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
82a413f4 by Gary Lockyer at 2020-11-12T21:30:32+00:00
tests python krb5: Refactor compatability test constants
Modify tests to use the constants defined in rfc4120_constants.py
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1bab87c5 by Gary Lockyer at 2020-11-12T21:30:32+00:00
tests python krb5: raw_testcase permit RC4 salts
MIT kerberos returns a salt when ARCFOUR_HMAC_MD5, this commit removes
the check that a salt is not returned. A test for the difference
between MIT and Heimdal will be added in the subsequent commits.
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a00a1c97 by Gary Lockyer at 2020-11-12T21:30:32+00:00
tests python krb5: Convert kdc-heimdal to python
Implement the tests in source4/torture/krb5/kdc-heimdal.c in python.
The following tests were not re-implemented as they are client side
tests for the "Orpheus Lyre" attack:
TORTURE_KRB5_TEST_CHANGE_SERVER_OUT
TORTURE_KRB5_TEST_CHANGE_SERVER_IN
TORTURE_KRB5_TEST_CHANGE_SERVER_BOTH
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d492355f by Gary Lockyer at 2020-11-12T21:30:32+00:00
tests python krb5: refactor compatability tests
Refactor to aid the adding of tests for the inclusion of a salt when
ARCFOUR_HMAC_MD5 encryption selected
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2ba6d596 by Gary Lockyer at 2020-11-12T22:54:22+00:00
tests python krb5: add arcfour salt tests
MIT kerberos returns a salt when ARCFOUR_HMAC_MD5 encryption selected,
Heimdal does not.
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu Nov 12 22:54:22 UTC 2020 on sn-devel-184
- - - - -
61f6672d by Jeremy Allison at 2020-11-13T16:22:32+00:00
lib: create a wrapper for file_lines_parse().
Make the internal function file_lines_parse_internal().
Currently file_lines_parse() just wraps file_lines_parse_internal(),
but this allows me to change file_lines_parse() to take
a const char * to make it safe for callers (no talloc tricks).
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
ae4dd2ab by Jeremy Allison at 2020-11-13T16:22:32+00:00
lib: Fix file_lines_parse() to do what people expect. Much safer to use.
Take an incoming const char * pointer and return an allocated
array that must be freed. Don't expose the internal optimization
of file_lines_parse_internal() breaking the passed in string
into lines.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
a8ec8304 by Günther Deschner at 2020-11-13T17:47:33+00:00
s4-torture: test file_line_parse as well
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Günther Deschner <gd at samba.org>
Autobuild-Date(master): Fri Nov 13 17:47:33 UTC 2020 on sn-devel-184
- - - - -
26ba04a4 by Jeremy Allison at 2020-11-16T09:47:38+00:00
libcli: smb2: Never print length if smb2_signing_key_valid() fails for crypto blob.
Blob could be NULL.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14210
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Mon Nov 16 09:47:38 UTC 2020 on sn-devel-184
- - - - -
2cff5990 by Volker Lendecke at 2020-11-16T19:53:44+00:00
pylibsmb: Add a compatible python-level wrapper
Right now this is empty, but it is the basis for moving complexity out
or pylibsmb.c into python code.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
13aecb22 by Volker Lendecke at 2020-11-16T19:53:44+00:00
pylibsmb: Move deltree to python code
This is much shorter. There's also another aspect: I'm working on
improving cli_list() to not collect all files before starting to call
the callback function. This means that the cli_list cb will be called
from within tevent_loop_once(). In pylibsmb.c's deltree code this
would create a nested event loop. By moving the deltree code into the
python world this nested event loop is avoided. Now the python code
will first collect everything and then start to delete, avoiding the
nesting. A future development should make listing directories a
generator or something like that.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
5ee42dd0 by Volker Lendecke at 2020-11-16T19:53:44+00:00
pylibsmb: Merge unlink_file() into its only caller
Now that delete_tree is in python code, align py_smb_unlink() with the
other functions.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d33cec8d by Volker Lendecke at 2020-11-16T19:53:44+00:00
pylibsmb: Merge remove_dir() into its only caller
Now that delete_tree is in python code, align py_smb_rmdir() with the
other functions.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
25628907 by Volker Lendecke at 2020-11-16T19:53:44+00:00
pylibsmb: Export a few SMB constants
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c6fef155 by Volker Lendecke at 2020-11-16T19:53:44+00:00
torture3: cli_query_security_descriptor() does smb2 as well
Remove a direct caller
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
207ca061 by Volker Lendecke at 2020-11-16T19:53:45+00:00
libsmb: Make cli_query_security_descriptor() async
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
edf26b29 by Volker Lendecke at 2020-11-16T19:53:45+00:00
libsmb: Remove unused sync cli_smb2_query_security_descriptor()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
57f8e7eb by Volker Lendecke at 2020-11-16T19:53:45+00:00
pylibsmb: Add get_sd()
getacl() on a fnum, available asynchronously
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
472c16d5 by Volker Lendecke at 2020-11-16T19:53:45+00:00
pylibsmb: Move get_acl() to python
The previous code was not available in threaded environments
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c6894378 by Volker Lendecke at 2020-11-16T19:53:45+00:00
torture3: cli_set_security_descriptor() does smb2 as well
Remove a direct caller
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e617cb5f by Volker Lendecke at 2020-11-16T19:53:45+00:00
libsmb: Make cli_set_security_descriptor() async
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
97fca81a by Volker Lendecke at 2020-11-16T19:53:45+00:00
libsmb: Remove unused sync cli_smb2_set_security_descriptor()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
3b81cc90 by Volker Lendecke at 2020-11-16T19:53:45+00:00
pylibsmb: Add set_sd()
setacl() on a fnum, available asynchronously
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
42be033b by Volker Lendecke at 2020-11-16T19:53:45+00:00
pylibsmb: Move set_acl() to python
The previous code was not available in threaded environments
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
2ea885f9 by Volker Lendecke at 2020-11-16T19:53:45+00:00
libsmb: Make get_fnum_from_path() async
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1ce7c596 by Volker Lendecke at 2020-11-16T19:53:46+00:00
libsmb: Make cli_smb2_rename async
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
db1fa239 by Volker Lendecke at 2020-11-16T19:53:46+00:00
libsmb: Make cli_rename_send()/_recv() a proper tevent_req engine
This will make it more obvious to add SMB2 soon
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1fdcfdcf by Volker Lendecke at 2020-11-16T19:53:46+00:00
libsmb: Make cli_rename_send()/recv() smb2-capable
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
7bd040f6 by Volker Lendecke at 2020-11-16T21:18:16+00:00
libsmb: Remove unused sync cli_smb2_rename()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon Nov 16 21:18:16 UTC 2020 on sn-devel-184
- - - - -
6ac16232 by SATOH Fumiyasu at 2020-11-16T22:43:34+00:00
autobuild: Encode text/plain into base64 to wrap long-lines
MIMEText(text, 'plain', 'utf-8') encodes the text into
base64 and adds 'Content-Transfer-Encoding: base64' header.
Signed-off-by: SATOH Fumiyasu <fumiyas at osstech.co.jp>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: David Disseldorp <ddiss at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Mon Nov 16 22:43:35 UTC 2020 on sn-devel-184
- - - - -
41b2beef by Samuel Cabrero at 2020-11-17T18:50:04+00:00
bootstrap: Add OpenSUSE 15.2
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Autobuild-User(master): Samuel Cabrero <scabrero at samba.org>
Autobuild-Date(master): Tue Nov 17 18:50:05 UTC 2020 on sn-devel-184
- - - - -
1d12806d by Rowland Penny at 2020-11-19T00:36:58+00:00
uptodateness.py: remove what appears to be debugging lines
They do nothing except confuse users.
Signed-off-by: Rowland Penny <rpenny at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall at samba.org>
Autobuild-Date(master): Thu Nov 19 00:36:58 UTC 2020 on sn-devel-184
- - - - -
d1269ef9 by Volker Lendecke at 2020-11-19T02:48:40+00:00
libsmb: Make cli_smb2_list() asynchronous
Return directory entries as soon as possible via
cli_smb2_list_recv(). This returns just one entry per call to
cli_smb2_list_recv() right out of the buffer without assembling
potentially thousands of entries in a big array. You must call
cli_smb2_recv() until an error (except NT_STATUS_RETRY) happens. This
reduces our latency for smbclient's "dir" command significantly for
large directories. In the future I hope I can do the same thing also for
SMBC_readdir_ctx() to improve all users of our published libsmbclient.
Initial attempts of this routine issued fresh smb2_query_directory
requests asynchronously while the receivers of the entries did their
processing, for example showing them in smbclient's "dir"
command. However, this breaks because for example the "showacls"
smbclient option needs to do synchronous smb requests to do their job,
which we can't do while async requests are pending. Thus I came up
with a semi-synchronous approach to issue additional
smb2_query_directory requests from within cli_smb2_list_recv() and
return NT_STATUS_RETRY. This means that we will call back our caller
via the tevent_req_notify function when a fresh entry is available.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1f11b7b4 by Volker Lendecke at 2020-11-19T02:48:40+00:00
libsmb: Convert cli_list_recv() to single-recv
This converts the higher-level cli_list_recv() to the new
cli_smb2_list_recv() calling convention to just issue one entry per
recv() call in preparation of using the async cli_smb2_list_send() in
cli_list_send().
For SMB1 this will be a performance degradation, as we have to make
copies out of the arrays that cli_trans_recv() returns, but soon this
will become a performance improvement for the SMB2 directory
listing. And as hopefully most deployments these days are SMB2, I
think we can live with the SMB1 client directory listing
degradation. Also, we can also convert the lowerlevel SMB1 directory
listing routines in case someone actually sees problems from this
here.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
8101c183 by Volker Lendecke at 2020-11-19T02:48:40+00:00
libsmb: Prepare cli_list_send()/recv() for single-issue subreqs
This prepares cli_list_recv() for the lowerlevel NT_STATUS_RETRY that
will come in once cli_list_send() uses cli_smb2_list_send() as well.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
9dde2dc9 by Volker Lendecke at 2020-11-19T02:48:40+00:00
libsmb: Use async cli_smb2_list_send() in cli_list_send()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
6baceb4d by Volker Lendecke at 2020-11-19T02:48:40+00:00
pylibsmb: Remove SMB2 special case for cli_list()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
47b773ad by Volker Lendecke at 2020-11-19T02:48:40+00:00
libsmb: Remove unused sync cli_smb2_list()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a4e3092b by Volker Lendecke at 2020-11-19T02:48:40+00:00
pylibsmb: Remove unused py_cli_state->is_smb1
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
8bc77a0f by Volker Lendecke at 2020-11-19T04:12:11+00:00
pylibsmb: Multi-threaded use is now possible with SMB2
No non-async callees are used anymore
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Nov 19 04:12:11 UTC 2020 on sn-devel-184
- - - - -
3b694328 by Ralph Boehme at 2020-11-19T20:00:38+00:00
selftest: remove selftest/knownfail.d/samba3.smbtorture_s3
This hunk was inadvertently included in 5161edbdb28.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
4dbb8fda by Ralph Boehme at 2020-11-19T20:00:38+00:00
docs-xml: add "smbd force process locks"
Avoid a parametric option in a hot codepath.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
5604afef by Ralph Boehme at 2020-11-19T20:00:38+00:00
torture: avoid OPLOCK-CANCEL flapping on busy gitlab CI
I saw this test fail a few times on gitlab CI with
NT_STATUS_SHARING_VIOLATION:
Running OPLOCK-CANCEL
cli_unlink failed: NT_STATUS_SHARING_VIOLATION
TEST OPLOCK-CANCEL FAILED!
The only possible explanation I could come up for
this flapping test is that the fnum1 filehandle in cli1 is still not closed when
cli2 tries to open the file deletion 5 seconds after cli1 is thrown away. As
fnum1 doesn't have FILE_SHARE_DELELE the open-for-delete fails with a
SHARING_VIOLATION.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ed88f591 by Ralph Boehme at 2020-11-19T20:00:38+00:00
smbd: use SMB2_INFO_SPECIAL in call_trans2qfilepathinfo()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
7f0008a9 by Ralph Boehme at 2020-11-19T20:00:38+00:00
smbd: replace calls to check_access() with smbd_check_access_rights()
check_access() is a 1:1 wrapper arounf smbd_check_access_rights().
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
458c24fc by Ralph Boehme at 2020-11-19T20:00:38+00:00
smbd: avoid a smb_fname copy in call_trans2qfilepathinfo()
No point in making a copy here.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c4d82a6b by Ralph Boehme at 2020-11-19T21:24:23+00:00
smbd: avoid a smb_fname copy in call_trans2setfilepathinfo()
There's no point in doing a copy here, we can just point smb_fname at
fsp->fsp_name.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Nov 19 21:24:23 UTC 2020 on sn-devel-184
- - - - -
b948b99c by Volker Lendecke at 2020-11-19T22:56:40+00:00
build: fcvt() and fcvtl() are not used
No need to check for them in the configure phase
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
7aaefd6f by Volker Lendecke at 2020-11-19T22:56:40+00:00
lib: Remove unused security_descriptor_append()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
47d93b02 by Volker Lendecke at 2020-11-19T22:56:40+00:00
lib: g_lock.h references "struct server_id", add #include
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
74576743 by Volker Lendecke at 2020-11-19T22:56:40+00:00
libsmb: Make cli_nt_pipes_close() static
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
fec5a569 by Volker Lendecke at 2020-11-19T22:56:40+00:00
tests: Factor out prep_creds()
3 times the same code can be put together
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d680d392 by Volker Lendecke at 2020-11-19T22:56:40+00:00
pylibsmb: Add rename()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
0f67dd54 by Volker Lendecke at 2020-11-19T22:56:41+00:00
tests: SMB2 rename fails to check del-on-close on dst dir
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
382a5c4e by Volker Lendecke at 2020-11-20T00:20:06+00:00
smbd: Fix failure to check dstdir for delete on close
In smb2_setinfo.c the call to smbd_do_setfilepathinfo() to perform the
rename takes place while holding a share mode lock. The function
check_parent_access() called below tries to query the destination
directory's locking.tdb entry to check whether the delete on close
flag is set on the destination directory. This fails because the
file to be renamed already has the share mode entry locked, we can't
lock two share mode entries simultaneously.
Convert the check to use fetch_share_mode_unlocked(). This might
introduce races, but this whole check is racy anyway. It does not
really matter whether we do the check for delete_on_close under a lock
or not, fetch_share_mode_unlocked() retrieves a consistent status of
the locking.tdb entry at some point in time as well.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Nov 20 00:20:06 UTC 2020 on sn-devel-184
- - - - -
39536286 by Andreas Schneider at 2020-11-21T00:11:02+00:00
testprogs: Fix MIT KRB5 export keytab with > 1.18
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Böhme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Sat Nov 21 00:11:02 UTC 2020 on sn-devel-184
- - - - -
53c39a26 by Jeremy Allison at 2020-11-22T01:22:36+00:00
s3: smbd: Fix misleading comment I added for commit 382a5c4e7ec08ec9291453ffad9541ab36aca274
smbd: Fix failure to check dstdir for delete on close
We're preventing ourselves from holding two locks here,
not protecting from waiting for a lock someone else
holds.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <Volker.Lendecke at SerNet.DE>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Sun Nov 22 01:22:36 UTC 2020 on sn-devel-184
- - - - -
15609cb9 by Andrew Bartlett at 2020-11-26T06:52:40+00:00
samba-tool domain backup: Confirm the sidForRestore we will put into the backup is free
Otherwise the administrator might only find there is a problem once they
attempt to restore the domain!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14575
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
- - - - -
17a72ab5 by Andreas Schneider at 2020-11-26T06:52:41+00:00
s3:smbd: Fix a possible null pointer deref in oplock code
Found by cppcheck.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7fa75b69 by Andreas Schneider at 2020-11-26T06:52:41+00:00
s3:winbind: Check return code of set_blocking()
Found by covscan.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8d5d968d by Andreas Schneider at 2020-11-26T06:52:41+00:00
libcli:smb: Check return code of set_blocking
Found by covscan.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c79b3e2e by Andreas Schneider at 2020-11-26T06:52:41+00:00
s3:smbd: Check return code of set_blocking()
Found by covscan.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5ef3b6de by Andreas Schneider at 2020-11-26T06:52:41+00:00
s3:lib: Check return code of set_blocking()
Found by covscan.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6718b5e6 by Stefan Metzmacher at 2020-11-26T06:52:41+00:00
waf: upgrade to 2.0.21
This commit message was wrong:
commit 5fc3a71d0f54b176d3cb2e399718d0468507e797
Author: David Mulder <dmulder at suse.com>
Date: Mon Aug 24 13:12:46 2020 -0600
waf: upgrade to 2.0.20
This contain an important change:
"Fix gccdeps.scan() returning nodes that no longer exist on disk."
https://gitlab.com/ita1024/waf/-/merge_requests/2293
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
The fix was in in waf master, but not included in 2.0.20,
but it's now included in 2.0.21.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f226bea5 by Andrew Bartlett at 2020-11-26T06:52:41+00:00
torture: Do not call destroy_dlz() on uninitialised memory
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14579
Reviewed-by: Andreas Schneider <asn at samba.org>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d49e96bc by Andrew Bartlett at 2020-11-26T06:52:41+00:00
Do not create an empty DB when accessing a sam.ldb
Samba already does this for samba-tool and doing this should make
our errors more sensible, particularly in BIND9 if not provisioned
with the correct --dns-backend=DLZ_BIND9
The old error was like:
named[62954]: samba_dlz: Unable to get basedn for
/var/lib/samba/private/dns/sam.ldb
- NULL Base DN invalid for a base search.
The new error will be like (in this case from the torture test):
Failed to connect to Failed to connect to
ldb:///home/abartlet/samba/st/chgdcpass/bind-dns/dns/sam.ldb:
Unable to open tdb '/home/abartlet/samba/st/chgdcpass/bind-dns/dns/sam.ldb':
No such file or directory: Operations error
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14579
Reviewed-by: Andreas Schneider <asn at samba.org>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9ec69895 by Heiko Baumann at 2020-11-26T06:52:41+00:00
Remove password from samba-tool proctitle
This fix makes sure the password is removed from the proctitle
of samba-tool so it cannot be exposed by e.g. ps(1).
- Moved code to python/samba/getopt.py as suggested by David Mulder
- Except ModuleNotFoundError when trying to load setproctitle module
- Improved code to keep option separator (space or equal sign) while
removing password from proctitle.
Signed-off-by: Heiko Baumann <heibau at gmail.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: David Mulder <dmulder at suse.com>
- - - - -
a31891c7 by David Mulder at 2020-11-26T06:52:41+00:00
Test password removal via python proctitle
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
53274d11 by Andrew Bartlett at 2020-11-26T08:16:04+00:00
samba_upgradedns: Do not print confusing logs about missing .zone files
samba_upgradedns prints confusing logs about upgrading zone files
and automatically creating DNS zones when the zone already exists.
We need to move the logging to later when we know we what we are
using the parsed information for.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14580
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Thu Nov 26 08:16:04 UTC 2020 on sn-devel-184
- - - - -
6123bd25 by Andreas Schneider at 2020-11-26T09:44:41+00:00
s3:libsmb: Fix clang warnings that fnum might be used uninitialized
Found by covscan.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
12b9e440 by Andreas Schneider at 2020-11-26T09:44:42+00:00
winexe: Fix a possible null pointer derference
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
35e97715 by Andreas Schneider at 2020-11-26T09:44:42+00:00
s3:spoolssd: Fix creating binding string for error message
Found by covscan.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b20da08d by Andreas Schneider at 2020-11-26T09:44:42+00:00
s3:lsasd: Fix creating binding string for error message
Found by covscan.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6d021d64 by Andreas Schneider at 2020-11-26T09:44:42+00:00
s3:mdssd: Fix creating binding string for error message
Found by covscan.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1a864749 by Andreas Schneider at 2020-11-26T11:07:09+00:00
s3:libsmb: Return early if dir is NULL
This makes sure we do not dereference a NULL poineter.
Found by covscan.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Thu Nov 26 11:07:09 UTC 2020 on sn-devel-184
- - - - -
8ad82ae6 by Andrew Bartlett at 2020-11-26T21:15:40+00:00
samba-tool: Give better error information when the 'domain backup restore' fails with a duplicate SID
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14575
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
Autobuild-User(master): Gary Lockyer <gary at samba.org>
Autobuild-Date(master): Thu Nov 26 21:15:40 UTC 2020 on sn-devel-184
- - - - -
4142bde7 by Ralph Boehme at 2020-11-27T10:07:18+00:00
s4: rename source4/smbd/ to source4/samba/
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Fri Nov 27 10:07:18 UTC 2020 on sn-devel-184
- - - - -
5c27740a by Andreas Schneider at 2020-11-27T13:48:19+00:00
docs-xml: Add a section about weak crypto in testparm manpage
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14583
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Fri Nov 27 13:48:20 UTC 2020 on sn-devel-184
- - - - -
369c1d53 by Günther Deschner at 2020-11-27T17:15:07+00:00
vfs_glusterfs: print exact cmdline for disabling write-behind translator
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14486
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
Autobuild-User(master): Günther Deschner <gd at samba.org>
Autobuild-Date(master): Fri Nov 27 17:15:07 UTC 2020 on sn-devel-184
- - - - -
7f7e2b0e by Gary Lockyer at 2020-11-30T05:21:42+00:00
tests python krb5: Extra canonicalization tests
Add tests that set the server name to the client name for the machine
account in the kerberos AS_REQ. This replicates the TEST_AS_REQ_SELF
test phase in source4/torture/krb5/kdc-canon-heimdal.c.
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Mon Nov 30 05:21:42 UTC 2020 on sn-devel-184
- - - - -
a613ebc0 by Volker Lendecke at 2020-11-30T22:24:37+00:00
dsgetdcname: Fix talloc hierarchy
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ccb7d444 by Volker Lendecke at 2020-11-30T22:24:37+00:00
loadparm: Simplify lp_get_async_dns_timeout()
Use MAX, and per README.Coding we don't need the intermediate
variable. This can be inspected in the debugger directly.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
5c81a5a0 by Volker Lendecke at 2020-11-30T22:24:37+00:00
docs: Fix "async dns timeout" manpage entry
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a41112fc by Volker Lendecke at 2020-11-30T22:24:37+00:00
libcli: Align a few integer types
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f53117e0 by Volker Lendecke at 2020-11-30T22:24:37+00:00
librpc: Fix a talloc_stackframe() leak
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
fd124648 by Volker Lendecke at 2020-11-30T22:24:37+00:00
librpc: Make ep_register a bit easier to understand
I found the pointer dereference a bit confusing
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
38a0724f by Volker Lendecke at 2020-11-30T22:24:37+00:00
librpc: talloc_stackframe() panics on failure
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
fce49f4a by Volker Lendecke at 2020-11-30T22:24:37+00:00
libcli: Align integer types
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
5a0baf49 by Volker Lendecke at 2020-11-30T22:24:37+00:00
winbind: Align integer types
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f85adfb2 by Volker Lendecke at 2020-11-30T22:24:37+00:00
libsmb: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
7fc62fd1 by Volker Lendecke at 2020-11-30T22:24:38+00:00
libsmb: Align integer types
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e098610d by Volker Lendecke at 2020-11-30T22:24:38+00:00
test: smbtorture3's OPLOCK5 test only available with kernel oplocks
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d1be9eee by Volker Lendecke at 2020-11-30T22:24:38+00:00
samldb: Align two integer types
ARRAY_SIZE is size_t
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d82cd10f by Volker Lendecke at 2020-11-30T22:24:38+00:00
libsmb: Move a variable closer to its use in internal_resolve_name()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f0311358 by Volker Lendecke at 2020-11-30T22:24:38+00:00
libsmb: Slightly beautify internal_resolve_name()
We have "goto done;" at the end of every if-branch, we don't need
else.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
7bd51217 by Volker Lendecke at 2020-11-30T22:24:38+00:00
torture: Align integer types
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
05f7558b by Volker Lendecke at 2020-11-30T22:24:38+00:00
lib: Change make_file_id_from_itime() prototype
SMB_STRUCT_STAT is defined in includes.h. This way including file_id.h
is possible without including includes.h
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
cff22bcc by Volker Lendecke at 2020-11-30T22:24:38+00:00
wbinfo: Align some integer types
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
efb3c742 by Volker Lendecke at 2020-11-30T22:24:38+00:00
smbd: Fix the 32-bit build on FreeBSD
log->rec_index is not size_t, it's uint64_t
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
b09f0bb4 by Volker Lendecke at 2020-11-30T23:48:02+00:00
test: Fix the FreeBSD build
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon Nov 30 23:48:02 UTC 2020 on sn-devel-184
- - - - -
4f5a7f11 by Noel Power at 2020-12-01T19:06:44+00:00
s3/script/tests: Fix 'Unrecognized option(s) passed to mkpath()' error
'keep_root' is an unrecognised option for make_path/mkpath
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14581
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a250f733 by Noel Power at 2020-12-01T19:06:44+00:00
selftest: Add a new tarmode shares
samba3.blackbox.smbclient_tar & samba3.blackbox.smbclient_tar
need separate shares with own xattr tdb(s)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14581
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
6cb0a00f by Noel Power at 2020-12-01T19:06:44+00:00
s3/script/test: Use different testdir for samba3.blackbox.smbclient_tarmode
The other tarmode torture test samba3.blackbox.smbclient_tar now uses a share
'tarmode' which uses the same source path as samba3.blackbox.smbclient_tarmode
Avoid conflicting paths and use a new subdir (of the test share) called
'smbclient_tarmode'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14581
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
be8dca68 by Noel Power at 2020-12-01T19:06:44+00:00
s3/script/tests: Use tarmode share for samba3.blackbox.smbclient_tar*
After this change both samba3.blackbox.smbclient_tar &
samba3.blackbox.smbclient_tarmode now use the same dedicated share
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14581
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
fec1f8fa by Noel Power at 2020-12-01T19:06:44+00:00
s3/script: Use smbclient deltree to clean up smbclient_tarmode subdir
Replace rm -rf of local dir (that is hosted remotely)
with smbclient deltree
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14581
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
4bb3bffa by Noel Power at 2020-12-01T19:06:44+00:00
s3/script/tests: Fix samba3.blackbox.smbclient_tarmode cleanup
Make sure samba3.blackbox.smbclient_tarmode removes data files
not just before running the test but also after
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14581
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
6f246658 by Noel Power at 2020-12-01T19:06:44+00:00
selftest: make samba3.blackbox.smbclient_tar runnable (even manually)
samba3.blackbox.smbclient_tar is marked as flapping so it
seems we have missed that it has stopped working. The local path
passed to script/tests/test_smbclient_tarmode.pl must point to a
valid share
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14581
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
99ffa4a9 by Noel Power at 2020-12-01T19:06:44+00:00
s3/script/tests: Remove make_path (for remote dir)
LOCALPATH is actually the local path to the share, we should
not need to create the share path (it should already exist)
Note: When we remove the tree located at LOCALPATH we keep the root
so the share path should always be there
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14581
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
363bfa4e by Noel Power at 2020-12-01T19:06:44+00:00
s3/script/tests: Make smb_client 'die' behaviour configurable
smb_client behaviour is to die if there is an error. This is
a little heavy handed and make it impossible for example to
use smb_client to run a command that might fail (where such
a failure isn't really an error) E.G. Calling deltree and
the directory doesn't exist
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14581
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
6c7dc495 by Noel Power at 2020-12-01T19:06:45+00:00
s3/script/tests: call smbclient deltree to remove remote files
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14581
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
16ffa17e by Jeremy Allison at 2020-12-01T19:06:45+00:00
s3/script/tests: Ensure all remote test files are removed
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14581
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
- - - - -
20e0ce50 by Volker Lendecke at 2020-12-01T19:06:45+00:00
clitar: Use do_list()'s recursion in clitar.c
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14581
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Aurelien Aptel <aaptel at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
- - - - -
89e2d68b by Noel Power at 2020-12-01T19:06:45+00:00
selftest: Remove samba3.blackbox.smbclient_tar from flapping tests
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14581
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a8457ac3 by Ralph Boehme at 2020-12-01T19:06:45+00:00
vfs_zfsacl: reformatting
No change in behaviour.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14587
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
936f74da by Ralph Boehme at 2020-12-01T20:29:34+00:00
vfs_zfsacl: add missing inherited flag on hidden "magic" everyone@ ACE
This was an omission in the fixes for bug 14470.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14587
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Dec 1 20:29:34 UTC 2020 on sn-devel-184
- - - - -
8a0a7359 by Jeremy Allison at 2020-12-04T20:54:06+00:00
s3: smbd: Quiet log messages from usershares for an unknown share.
No need to log missing shares/sharenames at debug level zero.
Keep the debug level zero for all other usershare problems.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14590
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Rowland penny <rpenny at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Dec 4 20:54:06 UTC 2020 on sn-devel-184
- - - - -
441fdc12 by Volker Lendecke at 2020-12-04T21:08:38+00:00
lib: Align integer types
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
3bf9973d by Volker Lendecke at 2020-12-04T21:08:38+00:00
clitar: Align integer types
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
18146c62 by Volker Lendecke at 2020-12-04T21:08:38+00:00
spoolssd: Align integer types
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
7d04b5a7 by Volker Lendecke at 2020-12-04T21:08:38+00:00
smbd: Align integer types
full_path_tos() return ssize_t
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a8d2654d by Volker Lendecke at 2020-12-04T21:08:38+00:00
build: Fix kernel oplock test
In a pure docker environment with overlayfs F_GETLEASE works on /tmp,
but F_SETLEASE does not. This test now correctly detects that.
The effect is that the samba-fileserver environment would run fine in
a shared gitlab runner, at the price of not testing kernel oplocks. We
could move the kernel oplock tests to another environment that for
other reasons can't run on shared gitlab runners.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
2c7e8e3f by Volker Lendecke at 2020-12-04T21:08:38+00:00
smbd: Simplify share_mode_memcache_fetch()
Take a struct file_id instead of a locking.tdb key,
share_mode_memcache_store() also operates on the implicit fid in
struct share_mode_data.
To do this, parse_share_modes() also needs to take file_id.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
b712bd81 by Volker Lendecke at 2020-12-04T21:08:38+00:00
smbd: Simplify open_mode_check()
The call to share_mode_have_entries() was put in before
fresh_share_mode_lock() initialized d->flags to be completely
permissive. With that correct initialization the call to
share_conflict() a few lines down will also make open_mode_check()
pass for any share_access/access_mask.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
0f40c4ab by Volker Lendecke at 2020-12-04T21:08:38+00:00
smbd: Remove unused share_mode_have_entries()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
05f9e8f9 by Volker Lendecke at 2020-12-04T21:08:39+00:00
smbd: Simplify share_mode_lock_destructor()
Rely on the truth in the database whether we found share modes or
not, share_mode_data_store() has that information for free.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
7677c40f by Volker Lendecke at 2020-12-04T21:08:39+00:00
smbd: Remove a comment that was not helpful for me
Also avoid an "else" branch
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1ba4672e by Volker Lendecke at 2020-12-04T21:08:39+00:00
smbd: Simplify share_mode_entry_do()
Rely on the truth in locking.tdb wrt existence of share entries
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
bbd94522 by Volker Lendecke at 2020-12-04T22:32:38+00:00
smbd: Remove "have_share_modes" from "struct share_mode_data"
Nobody in share_mode_lock.c looked at that value anymore, so we don't
need to manually maintain it.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Dec 4 22:32:38 UTC 2020 on sn-devel-184
- - - - -
ed212593 by Stefan Metzmacher at 2020-12-05T22:35:04+00:00
WHATSNEW.txt: fix version to 4.14
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Sat Dec 5 22:35:04 UTC 2020 on sn-devel-184
- - - - -
ab2c712c by Ralph Boehme at 2020-12-07T17:54:10+00:00
loadparm: setup debug subsystem setting max_log_size from config
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14248
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
29cd139a by Ralph Boehme at 2020-12-07T17:54:10+00:00
debug: pass struct debug_class *config to reopen_one_log()
Pass a pointer to the struct instead of all struct members individually. No
change in behaviour.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14248
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
b7ee3614 by Ralph Boehme at 2020-12-07T17:54:10+00:00
debug: pass struct debug_class *config to do_one_check_log_size()
Pass a pointer to the struct instead of all struct members individually. No
change in behaviour.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14248
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
3651a51e by Ralph Boehme at 2020-12-07T17:54:10+00:00
debug: detect logrotation by checking inode number
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14248
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
68f71f22 by Ralph Boehme at 2020-12-07T17:54:10+00:00
s4: add samba server tevent trace helper stuff
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14248
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
516c2a04 by Ralph Boehme at 2020-12-07T17:54:10+00:00
s4: install tevent tracing hooks to trigger logfile rotation
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14248
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
9f71e617 by Ralph Boehme at 2020-12-07T17:54:10+00:00
s4: replace low-level SIGUP handler with a tevent handler
Replace the low-level signal handler for SIGHUP with a nice tevent signal
handler. The low-level handler sig_hup() installed by setup_signals() remains
being used during early startup before a tevent context is available.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14248
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
19413e76 by Ralph Boehme at 2020-12-07T17:54:10+00:00
s4: call reopen_logs_internal() in the SIGHUP handler of the prefork process model
With debug_schedule_reopen_logs() the actual reopen only takes place at some
point in the future when a DEBUG message is processed.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14248
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
82b64e93 by Ralph Boehme at 2020-12-07T17:54:10+00:00
s4/samba: call force_check_log_size() in prefork_reload_after_fork()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14248
Signed-off-by: Ralph Boehme <slow at samba.org>
- - - - -
6fa5fb8e by Ralph Boehme at 2020-12-07T17:54:10+00:00
s4/samba: call force_check_log_size() in standard_accept_connection()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14248
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
058f96f4 by Ralph Boehme at 2020-12-07T18:54:29+00:00
s4/samba: call force_check_log_size() in standard_new_task()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14248
RN: samba process does not honor max log size
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon Dec 7 18:54:29 UTC 2020 on sn-devel-184
- - - - -
1b2e6764 by Stefan Metzmacher at 2020-12-07T19:02:33+00:00
s3/wscript: remove unused check for F_NOTIFY
There're no references to F_NOTIFY nor HAVE_KERNEL_CHANGE_NOTIFY in the
code, so the configure check is not needed at all.
We only use the inotify or fam abstractions.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
6d4ce53e by Stefan Metzmacher at 2020-12-07T19:02:33+00:00
s3/wscript: only check for F_SETLEASE being available at compile time
F_GETLEASE/F_SETLEASE are available (at least) since Linux 2.4.0 from
2002.
We also should not have the configure check depend on the filesystem
we find at build time. It's very common that the build-environment is
much more restricted than the runtime-environment will be.
As a history we had this check on Samba 3.6:
AC_CACHE_CHECK([for Linux kernel oplocks],samba_cv_HAVE_KERNEL_OPLOCKS_LINUX,[
AC_TRY_RUN([
#include <sys/types.h>
#include <fcntl.h>
#ifndef F_GETLEASE
#define F_GETLEASE 1025
#endif
main() {
int fd = open("/dev/null", O_RDONLY);
return fcntl(fd, F_GETLEASE, 0) == -1;
}
],
samba_cv_HAVE_KERNEL_OPLOCKS_LINUX=yes,samba_cv_HAVE_KERNEL_OPLOCKS_LINUX=no,samba_cv_HAVE_KERNEL_OPLOCKS_LINUX=cross)])
if test x"$samba_cv_HAVE_KERNEL_OPLOCKS_LINUX" = x"yes"; then
AC_DEFINE(HAVE_KERNEL_OPLOCKS_LINUX,1,[Whether to use linux kernel oplocks])
fi
which didn't depend on the filesystem.
Then we got a broken check introduced in Samba 4.0 (a copy of the
F_NOTIFY check):
# Check for Linux kernel oplocks
conf.CHECK_CODE('''
#include <sys/types.h>
#include <fcntl.h>
#include <signal.h>
#ifndef F_NOTIFY
#define F_NOTIFY 1026
#endif
main() {
exit(fcntl(open("/tmp", O_RDONLY), F_NOTIFY, 0) == -1 ? 1 : 0);
}''', 'HAVE_KERNEL_OPLOCKS_LINUX', addmain=False, execute=True,
msg="Checking for Linux kernel oplocks")
this got "fixed" in Samba 4.7 (and backports to 4.6, 4.5 and 4.4) into
# Check for Linux kernel oplocks
conf.CHECK_CODE('''
#include <sys/types.h>
#include <fcntl.h>
#include <signal.h>
#ifndef F_GETLEASE
#define F_GETLEASE 1025
#endif
main() {
exit(fcntl(open("/tmp", O_RDONLY), F_GETLEASE, 0) == -1 ? 1 : 0);
}''', 'HAVE_KERNEL_OPLOCKS_LINUX', addmain=False, execute=True,
msg="Checking for Linux kernel oplocks")
Lately it became dependend on the filesystem in the build-environment:
# Check for Linux kernel oplocks
conf.CHECK_CODE('''
#include <sys/types.h>
#include <fcntl.h>
#include <signal.h>
#ifndef F_GETLEASE
#define F_GETLEASE 1025
#endif
main() {
const char *fname="/tmp/oplock-test.txt";
int fd = open(fname, O_RDWR|O_CREAT, 0644);
int ret = fcntl(fd, F_SETLEASE, F_WRLCK);
unlink(fname);
return (ret == -1) ? 1 : 0;
}''', 'HAVE_KERNEL_OPLOCKS_LINUX', addmain=False, execute=True,
msg="Checking for Linux kernel oplocks")
Now we just check for F_SETLEASE being available in linux/fcntl.h.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
30c1c153 by Stefan Metzmacher at 2020-12-07T19:02:33+00:00
s3:smbd: remove unused fallback defines in oplock_linux.c
F_GETLEASE/F_SETLEASE/F_SETSIG were all included in the kernel
and glibc in 2002, there's no need to have fallbacks 18 years later.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
14768d0d by Stefan Metzmacher at 2020-12-07T20:07:18+00:00
s4:torture:smb2: remove unused fallback defines in oplock.c
F_SETLEASE/F_SETSIG were all included in the kernel
and glibc in 2002, there's no need to have fallbacks 18 years later.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon Dec 7 20:07:18 UTC 2020 on sn-devel-184
- - - - -
c8d3547c by Douglas Bagnall at 2020-12-09T16:00:39+00:00
samba-tool domain: move timestamp functions to common
Other tools use identical functions, and they too can use common.py
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
2c48e90f by Douglas Bagnall at 2020-12-09T16:00:39+00:00
samba-tool pso uses common timestamp functions
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
816dee1a by Douglas Bagnall at 2020-12-09T16:00:39+00:00
samba-tool drs: move attr_default to common
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
e253c45c by Douglas Bagnall at 2020-12-09T16:00:39+00:00
samba-tool gpo: use common attr_default
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
a8d1a6c5 by Douglas Bagnall at 2020-12-09T16:00:39+00:00
python: remove unused provision.check_install()
Unused for at last 10 years.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
02c3a66c by Douglas Bagnall at 2020-12-09T16:00:39+00:00
drs_utils: remove unused sendRemoveDsServer()
The only caller of this was `samba-tool domain demote` which stopped
using it in 2015 with commit f121173cbf46fe64746d73adf40015c43d5c55fc.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
9938a9f7 by Douglas Bagnall at 2020-12-09T16:00:39+00:00
selftest/subunit: python file modernisation
Python idioms for iterating over a line and closing it have improved,
and we should keep up.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
3afd5942 by Douglas Bagnall at 2020-12-09T16:00:39+00:00
dbcheck: fix documentation for err_duplicate_values
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
fa035037 by Douglas Bagnall at 2020-12-09T16:00:39+00:00
dbcheck: fix documentation for err_base64_userParameters
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
c7b39f1c by Douglas Bagnall at 2020-12-09T16:00:39+00:00
dbcheck: fix documentation and typo for err_utf_userParameters
pseudo, not psudo.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
9fabe3aa by Douglas Bagnall at 2020-12-09T16:00:39+00:00
dbcheck: fix documentation for err_doubled_userParameters
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
081d12de by Douglas Bagnall at 2020-12-09T16:00:39+00:00
dbcheck: add docstring for err_odd_userParameters
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
71311740 by Douglas Bagnall at 2020-12-09T16:00:39+00:00
dbcheck: don't try to stringify values list twice
dump_attr_values already turns it into a comma separated list.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
99cdb219 by Douglas Bagnall at 2020-12-09T16:00:39+00:00
dbcheck: drop py2 support from dump_attr_values()
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
0aec5b93 by Douglas Bagnall at 2020-12-09T16:00:39+00:00
dbcheck: improve some duplicate doc strings
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
17fb6355 by Douglas Bagnall at 2020-12-09T16:00:39+00:00
dbcheck: remove unused fix_incorrect_deleted_objects flag
This was introduced in db15993401f927fd2fcea1687c4155dce2272aa8
but not actually referenced then or since.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
c28a3dd6 by Douglas Bagnall at 2020-12-09T16:00:39+00:00
dbcheck: fix doc for do_rename()
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
f1be8813 by Douglas Bagnall at 2020-12-09T16:00:39+00:00
dbcheck: fix doc for err_normalise_mismatch*
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
cc9ff79d by Douglas Bagnall at 2020-12-09T17:04:23+00:00
dbcheck: err_normalise-mismatch_replace: no msg if no error
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Noel Power <npower at samba.org>
Autobuild-User(master): Noel Power <npower at samba.org>
Autobuild-Date(master): Wed Dec 9 17:04:23 UTC 2020 on sn-devel-184
- - - - -
6f137484 by David Mulder at 2020-12-09T17:38:28+00:00
samba-tool: Test gpo Sudoers list command
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
b402c764 by David Mulder at 2020-12-09T17:38:28+00:00
samba-tool: Add a gpo command for listing Sudoers Group Policies
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
b0ccebd3 by David Mulder at 2020-12-09T17:38:28+00:00
samba-tool: Test gpo Sudoers add command
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
5f9d2456 by David Mulder at 2020-12-09T17:38:28+00:00
samba-tool: Add a gpo command for adding Sudoers Group Policy
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
f67a3644 by David Mulder at 2020-12-09T17:38:28+00:00
samba-tool: Test gpo Sudoers remove command
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
f509550f by David Mulder at 2020-12-09T17:38:28+00:00
samba-tool: Add a gpo command for removing Sudoers Group Policy
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
5b49e0ac by David Mulder at 2020-12-09T17:38:28+00:00
samba-tool: Test gpo Security set command
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
eea46a38 by David Mulder at 2020-12-09T17:38:28+00:00
samba-tool: Add a gpo command for setting Security Group Policy
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
aba8ece1 by David Mulder at 2020-12-09T17:38:28+00:00
samba-tool: Test gpo Security list
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
111f07fd by David Mulder at 2020-12-09T17:38:28+00:00
samba-tool: Add a gpo command for listing Security Group Policies
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
f74dea08 by David Mulder at 2020-12-09T17:38:28+00:00
samba-tool: Test gpo smb.conf list command
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
fff3e0eb by David Mulder at 2020-12-09T17:38:28+00:00
samba-tool: Add a gpo command for listing smb.conf Group Policies
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
2705d39b by David Mulder at 2020-12-09T17:38:28+00:00
samba-tool: Test gpo smb.conf set command
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
ef5ea147 by David Mulder at 2020-12-09T17:38:28+00:00
samba-tool: Add a gpo command for setting smb.conf Group Policy
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
4fa938e7 by David Mulder at 2020-12-09T18:42:29+00:00
WHATSNEW: samba-tool gpo manage command
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Autobuild-User(master): David Mulder <dmulder at samba.org>
Autobuild-Date(master): Wed Dec 9 18:42:29 UTC 2020 on sn-devel-184
- - - - -
aec02dc9 by Volker Lendecke at 2020-12-11T18:29:32+00:00
lib: Make dnsquery.h #ifdef align to our conventions
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f25248fe by Volker Lendecke at 2020-12-11T18:29:32+00:00
libcli: Add required #includes to libcli/dns/dns.h
Also, make it safe against being included twice
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
18128188 by Volker Lendecke at 2020-12-11T18:29:32+00:00
libcli: Add required #includes to dnsquery.h
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
60b96580 by Volker Lendecke at 2020-12-11T18:29:32+00:00
build: Wrap a long line
There will be one more .c file
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
31d85404 by Volker Lendecke at 2020-12-11T18:29:32+00:00
libcli: Add ads_dns_query_srv_send()/recv()
This issues the "query" for SRV records site-aware and siteless. If
there are SRV records returned without IP addresses, it will issue A
and AAAA requests, waiting up to async_dns_timeout seconds. If that
timeout is reached, ads_dns_query_srv_recv() returns whatever is
around.
Superdebug added by Jeremy <jra at samba.org> :-)
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
b9f91571 by Volker Lendecke at 2020-12-11T18:29:32+00:00
libsmb: Use ads_dns_query_srv() in resolve_ads()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d92a85fb by Volker Lendecke at 2020-12-11T18:29:32+00:00
libsmb: No need to call dns_lookup_list_async() in resolve_ads()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
9d7c048e by Volker Lendecke at 2020-12-11T18:29:32+00:00
libsmb: Use ads_dns_query_srv() in discover_dc_dns()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
7614cce0 by Volker Lendecke at 2020-12-11T18:29:32+00:00
libsmb: No need to call dns_lookup_list_async() in discover_dc_dns()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
61f71f34 by Volker Lendecke at 2020-12-11T18:29:32+00:00
net: Add "sitename" support to "net lookup ldap"
This will be used in a test later
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ef8740ce by Volker Lendecke at 2020-12-11T18:29:32+00:00
net: Use ads_dns_query_srv() in net_lookup_ldap()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
b324e2e1 by Volker Lendecke at 2020-12-11T18:29:32+00:00
net: Use dns_rr_srv->ss_s in "net lookup ldap"
ads_dns_query_srv() always fills it
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
9fa3ce29 by Volker Lendecke at 2020-12-11T18:29:32+00:00
test: test site-aware DC lookup via "net lookup ldap"
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d327f664 by Volker Lendecke at 2020-12-11T18:29:32+00:00
libsmb: Remove unused dns_lookup_list_async()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
49256925 by Volker Lendecke at 2020-12-11T19:30:16+00:00
libsmb: Remove unused ads_dns_query_* routines
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Dec 11 19:30:16 UTC 2020 on sn-devel-184
- - - - -
1c59f49a by Martin Schwenke at 2020-12-15T11:02:34+00:00
bootstrap: Cope with case changes in CentOS 8 repo names
RN: Be more flexible with repository names in CentOS 8 test environments
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14594
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6601b3ac by Martin Schwenke at 2020-12-15T12:03:58+00:00
bootstrap: Update distro list in README.md
Update examples to make them valid.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Martin Schwenke <martins at samba.org>
Autobuild-Date(master): Tue Dec 15 12:03:58 UTC 2020 on sn-devel-184
- - - - -
25a94fa4 by Douglas Bagnall at 2020-12-15T14:32:43+00:00
dbcheck: make rIDSetReferences attr check case-insensitve
Yes, it looks inefficient, but that's because it is just trying to fit
in. Very soon we will fix it it properly.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
6b4ff458 by Douglas Bagnall at 2020-12-15T14:32:43+00:00
dbcheck: check_object() caches of lower case attr names
The construct `'name' in map(str.lower, attrs)` is doubly inefficient,
because not only is it running the lower() function too often, it is
searching linearly in a temporary iterator for membership.
So we make a set, and use that.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
b21287c2 by Douglas Bagnall at 2020-12-15T14:32:43+00:00
dbcheck: do not add duplicate attrs for checking
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
43530f08 by Douglas Bagnall at 2020-12-15T14:32:43+00:00
dbcheck: add a helper function for attr tracking
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
206a028e by Douglas Bagnall at 2020-12-15T14:32:43+00:00
dbcheck: split out attr calculations from check_object()
check_object is too long!
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
0dd736ff by Douglas Bagnall at 2020-12-15T14:32:43+00:00
dbcheck: better disambiguate 'attrs'
We had too many things called 'attrs'; now we have just one, but we
don't want it to look like it is *the* one.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
22447a51 by Douglas Bagnall at 2020-12-15T14:32:43+00:00
dbcheck: reduce useless use of str(attrname)
it's already a string!
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
83371443 by Douglas Bagnall at 2020-12-15T14:32:43+00:00
dbcheck: check_object/userparams: use variable for clarity
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
9bf9b998 by Douglas Bagnall at 2020-12-15T14:32:43+00:00
dbcheck: clarify check_object userparams
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
7a077f15 by Andrew Walker at 2020-12-15T15:32:18+00:00
s3:smbd:trans2.c - add twrp to tmp smb_fname in smbd_do_qfsinfo
Preserve VSS-related timestamp in temporary smb_filename before
calling vfs_stat_fn() in smbd_do_qfsinfo. Otherwise, we can fail
here on smb2_getinfo requests if file does not exist outside of
shadow copy path.
Signed-off-by: Andrew Walker <awalker at ixsystems.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
Autobuild-User(master): Noel Power <npower at samba.org>
Autobuild-Date(master): Tue Dec 15 15:32:18 UTC 2020 on sn-devel-184
- - - - -
436903af by Ralph Boehme at 2020-12-16T09:08:30+00:00
CI: add samba-no-opath
Add a job that builds with O_PATH undefined.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
703c1898 by Ralph Boehme at 2020-12-16T09:08:30+00:00
CI: skip kernel-oplocks tests on older kernels
The kernel of the gitlab shared runners container host has a bug in the
interaction between kernel oplocks and O_PATH opens which was fixed by
387e3746d01c34457d6a73688acd90428725070b in 5.3.1:
<https://kernel.googlesource.com/pub/scm/linux/kernel/git/jlayton/linux/+/refs/tags/locks-v5.3-1%5E%21/>
Don't actually start the OPLOCK5 test is kernel oplocks are not available,
instead of relying on the #ifdef HAVE_KERNEL_OPLOCKS_LINUX magic in torture.c.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
bf7ab878 by Ralph Boehme at 2020-12-16T09:08:30+00:00
vfs: add "is_pathref" to struct files_struct
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c6c65d1f by Ralph Boehme at 2020-12-16T09:08:30+00:00
vfs: add "is_fsa" flag to struct files_struct
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
28f43fda by Ralph Boehme at 2020-12-16T09:08:30+00:00
smbd: add fd_handle.[c|h]
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
50ce9809 by Ralph Boehme at 2020-12-16T09:08:30+00:00
smbd: use fsp_set_fd()
No change in behaviour.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
9db3ff25 by Ralph Boehme at 2020-12-16T09:08:30+00:00
smbd: use fsp_get_io_fd() when accessing a file or it's associated metadata
In all places where we access or modify a file or it's associated metadata, we
use fsp_get_io_fd() to fetch the low-level fd from the fsp. This ensures we
don't accidentally use a pathref fsp where the fd would be opened as root on
systems lacking O_PATH.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f5632b43 by Ralph Boehme at 2020-12-16T09:08:30+00:00
smbd: use fsp_get_pathref_fd() as part of DEBUG and syslog messages
Nothing really dangerous is done with the fds here, so we can safely use
fsp_get_pathref_fd() in these cases.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
0208ca69 by Ralph Boehme at 2020-12-16T09:08:30+00:00
smbd: use fsp_get_pathref_fd() when close()ing fds
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
bc908ea3 by Ralph Boehme at 2020-12-16T09:08:30+00:00
smbd: use fsp_get_pathref_fd() for *at related directory handles
Obviously correct to use fsp_get_pathref_fd() here.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
5648662b by Ralph Boehme at 2020-12-16T09:08:30+00:00
smbd: use fsp_get_pathref_fd() for "internal" xattr functions
We're using xattr data storage for internal reasons in these places, so in all
places it's safe to use a possibly root opened fd.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
450d7f13 by Ralph Boehme at 2020-12-16T09:08:30+00:00
smbd: use fsp_get_pathref_fd() for fstat() calls
If we can access the path to a file, by default we have FILE_READ_ATTRIBUTES
from the containing directory. See the section: "Algorithm to Check Access to an
Existing File" in MS-FSA.pdf.
So it's also safe to use a root opened pathref fd, as the root open is done on
the final component after a chdir() to the parent directory was done while still
impersonating the use. Qed.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
61628ade by Ralph Boehme at 2020-12-16T09:08:30+00:00
smbd: use fsp_get_pathref_fd() for logical fd comparisons
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
0d9afd7a by Ralph Boehme at 2020-12-16T09:08:30+00:00
smbd: use fh_[get|set]_pos() and fh_[get|set]_position_information()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
059dee95 by Ralph Boehme at 2020-12-16T09:08:30+00:00
smbd: use fh_[get|set]_gen_id()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
da786ccd by Ralph Boehme at 2020-12-16T09:08:30+00:00
smbd: use fh_[get|set]_private_options()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
fdb91631 by Ralph Boehme at 2020-12-16T09:08:30+00:00
smbd: use fh_[get|set]_refcount()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
140df321 by Ralph Boehme at 2020-12-16T09:08:30+00:00
smbd: use fd_handle_create()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
dd8fe0cf by Ralph Boehme at 2020-12-16T09:08:30+00:00
smbd: remove redundant initialisation of the fsp fd
This is already set to -1 by fd_handle_create().
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
b56f554f by Ralph Boehme at 2020-12-16T09:08:30+00:00
vfs: make struct fd_handle private
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c39940d8 by Ralph Boehme at 2020-12-16T09:08:30+00:00
s3/lib: add proc fds infrastructure
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1d35fc7f by Ralph Boehme at 2020-12-16T09:08:30+00:00
vfs_error_inject: ignore path_ref_fd's
This avoids failing opens triggered by filename_convert() ->
openat_pathref_fsp().
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1f94c3ee by Ralph Boehme at 2020-12-16T09:08:30+00:00
vfs: add struct connection_struct flag "have_proc_fds"
Allows the VFS layer to tell the higher layers if fds opened by the openat() VFS
implementation are visible objects inside a /proc/PID/fd/FD filesystem.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
2af46c7f by Ralph Boehme at 2020-12-16T09:08:30+00:00
vfs: add fsp flag "have_proc_fds"
This flag is used by the VFS layer to tell the FSA layer that it is allowed to
reopen an fsp by using an exisiting pathref fd with /proc/PID/fd/FD to open a
full fd.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
11e2a856 by Ralph Boehme at 2020-12-16T09:08:30+00:00
vfs_default: fix indentation
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
6d16e580 by Ralph Boehme at 2020-12-16T09:08:30+00:00
vfs_default: initialize conn->have_proc_fds
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
3105e53f by Ralph Boehme at 2020-12-16T09:08:30+00:00
vfs_default: support pathref fd's in vfswrap_fgetxattr()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
0f353bca by Ralph Boehme at 2020-12-16T09:08:30+00:00
vfs_default: support pathref fd's in vfswrap_flistxattr()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a46f987c by Ralph Boehme at 2020-12-16T09:08:30+00:00
vfs_default: support pathref fd's in vfswrap_fremovexattr()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
9b3c80f8 by Ralph Boehme at 2020-12-16T09:08:30+00:00
vfs_default: support pathref fd's in vfswrap_fsetxattr()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
011252c6 by Ralph Boehme at 2020-12-16T09:08:30+00:00
vfs_fruit: skip Netatalk locking checks for path-ref fd's
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
b2e6d7b0 by Ralph Boehme at 2020-12-16T09:08:30+00:00
vfs_posixacl: support pathref fd's in posixacl_sys_acl_get_fd()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c9889c19 by Ralph Boehme at 2020-12-16T09:08:30+00:00
vfs_posixacl: support pathref fd's in posixacl_sys_acl_set_fd()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
879d8a3b by Ralph Boehme at 2020-12-16T09:08:30+00:00
smbd/posix_acls: support pathref fd's in posix_sys_acl_blob_get_fd()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
cf3c48cb by Ralph Boehme at 2020-12-16T09:08:30+00:00
vfs_default: implement pathref opens in vfswrap_openat()
If the system supports O_PATH we use that, otherwise we fallback to root opens.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
fd882574 by Ralph Boehme at 2020-12-16T09:08:30+00:00
vfs_ceph: implement pathref opens in cephwrap_openat()
Ceph supports O_PATH since v0.93 from 2015:
https://ceph.io/geen-categorie/v0-93-hammer-release-candidate-released/
This seems to be old enough so we can hopefully use this without a runtime
version check.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
7d1e6e83 by Ralph Boehme at 2020-12-16T09:08:30+00:00
vfs_glusterfs: implement pathref opens with become_root() fallback
Until glusterfs supports O_PATH, fallback to become_root().
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a14db893 by Ralph Boehme at 2020-12-16T09:08:30+00:00
s3: add full_path_from_dirfsp_atname()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f8980821 by Ralph Boehme at 2020-12-16T09:08:30+00:00
vfs_shadow_copy2: deal with real dirfsps in shadow_copy2_openat()
Prepare shadow_copy2_openat() for real dirfsps flying by.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
eb6bbb4f by Ralph Boehme at 2020-12-16T09:08:30+00:00
smbd: check for pathref fd's in vfs_set_blocking()
Don't try to set pathref fd's to non-blocking, they're not used with IO.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
abb7ab2c by Ralph Boehme at 2020-12-16T09:08:30+00:00
smbd: already set fsp fd in non_widelink_open()
A subsequent commit will add a consumer of the fd to non_widelink_open() (by
calling SMB_VFS_FSTAT()), so we need to set the fd already here. And it makes
more sense anyway. :)
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a272ca54 by Ralph Boehme at 2020-12-16T09:08:30+00:00
smbd: catch O_PATH opens of symlinks in in non_widelink_open()
Calling openat() with O_PATH|O_NOFOLLOW will open a handle on the symlink
itself. That would be a nice feature if it would be supported on more platforms,
but being a Linux only thing, we have to preserve the behaviour of failing to
open a handle on symlinks.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
abc00b95 by Ralph Boehme at 2020-12-16T09:08:30+00:00
smbd: pass a dirfsp to fd_open() and rename it to fd_openat()
For now no change in behaviour as all callers still pass conn->cwd_fsp. This
just prepared fd_openat() to deal with real dirfsp's pass by callers later on
when adding calls to fd_openat(dirfspm ...) in the directory enumeration loop.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
99f60a74 by Ralph Boehme at 2020-12-16T09:08:30+00:00
smbd: pass dirfsp down to non_widelink_open() and process_symlink_open()
Callers still all pass conn->cwd_fsp so no change in behaviour yet.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d680e9aa by Ralph Boehme at 2020-12-16T09:08:30+00:00
smbd: remove unused cwdfsp from non_widelink_open()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ade0af78 by Ralph Boehme at 2020-12-16T09:08:30+00:00
smbd: use orig_fsp_name as variable name in non_widelink_open()
No change in behaviour.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
65c4f615 by Ralph Boehme at 2020-12-16T09:08:30+00:00
smbd: simplify setting and resetting fsp->fsp_name in non_widelink_open()
Instead of setting and resetting the name to the relative name every time we
call into the VFS, just set it once and reset it at the end and when recursing
via process_symlink_open().
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
12d75a83 by Ralph Boehme at 2020-12-16T09:08:30+00:00
smbd: deal with real dirfsps in non_widelink_open()
If we get a real dirfsp, skip the parent-directory logic. Just pass the dirfsp
to SMB_VFS_OPENAT() which by now supports real dirfsps.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
241dd9d9 by Ralph Boehme at 2020-12-16T09:08:30+00:00
smbd: pass private_flags to open_file()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
204c7b24 by Ralph Boehme at 2020-12-16T09:08:30+00:00
smbd: maps NT_STATUS_STOPPED_ON_SYMLINK to NT_STATUS_OBJECT_PATH_NOT_FOUND in open_file()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
b6dfcae0 by Ralph Boehme at 2020-12-16T09:08:30+00:00
smbd: convert non_widelink_open() and process_symlink_open() to return NTSTATUS
non_widelink_open() now also returns NT_STATUS_STOPPED_ON_SYMLINK in case an
attempt was made to either
1. open a symlink from a POSIX client, or
2. open a symlink from a Windows client but any of the symlink behaviour
configuring options "follow symlink", "wide links" or "allow insecure wide
links" prevents access to the symlink target
Caller open_file() has already been updated to map NT_STATUS_STOPPED_ON_SYMLINK
to NT_STATUS_NT_STATUS_OBJECT_PATH_NOT_FOUND.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
2b45b9a0 by Ralph Boehme at 2020-12-16T09:08:30+00:00
smbd: always fstat in non_widelink_open()
This way we can avoid stating twice: once here and possibly a second time in
the caller open_file().
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c1c2dd6c by Ralph Boehme at 2020-12-16T09:08:30+00:00
smbd: remove SMB_VFS_FSTAT() from open_file()
This is now done in non_widelink_open().
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
7626bba6 by Ralph Boehme at 2020-12-16T09:08:30+00:00
smbd: add openat_pathref_fsp()
open_pathref_fsp() opens an "embedded" fsp inside smb_fname as
smb_fname->fsp. We call such an fsp a "pathref" fsp.
On system that support O_PATH the low level openat() is done with O_PATH. On
systems that lack support for O_PATH, we impersonate the root user as a
fallback.
Setting "is_pathref" in the fsp_flags before calling fd_openat() is what
triggers the special low-level behaviour inside the VFS.
The use of pathref fsps allows updating all callers of path based VFS functions
like
dos_mode(smb_fname)
-> SMB_VFS_GET_DOS_ATTRIBUTES(smb_fname)
-> SMB_VFS_GETXATTR(smb_fname)
to use the handle based VFS function like
fdos_mode(smb_fname->fsp)
-> SMB_VFS_FGET_DOS_ATTRIBUTES(fsp)
-> SMB_VFS_FGETXATTR(fsp)
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d764c183 by Ralph Boehme at 2020-12-16T09:08:30+00:00
smbd: add smb_fname_fsp_unlink()
Remove the link between an smb_fname and it's embedded smb_fname->fsp.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
994f8890 by Ralph Boehme at 2020-12-16T09:08:30+00:00
smbd: add move_smb_fname_fsp_link()
Function to move fsps from one smb_fname to another.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d5edf302 by Ralph Boehme at 2020-12-16T09:08:30+00:00
smbd: maintain correct destructor order in fsp_free()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
b2685e28 by Ralph Boehme at 2020-12-16T09:08:30+00:00
smbd: use move_smb_fname_fsp_link() in fsp_set_smb_fname()
This ensures that fsp->fsp_name->fsp is again set to the fsp and also preserves
the link fsp->fsp_name->fsp_link.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
cff6dff5 by Ralph Boehme at 2020-12-16T09:08:30+00:00
smbd: README.Coding fixes in file_find_dif()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
05633454 by Ralph Boehme at 2020-12-16T09:08:30+00:00
smbd: reduce indentation in file_find_dif()
No change in behaviour.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
24dd647c by Ralph Boehme at 2020-12-16T09:08:30+00:00
smbd: ignore non FSA fsps in file_find_dif()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
927c297b by Ralph Boehme at 2020-12-16T09:08:31+00:00
smbd: add need_fsa arg and logic to file_find_di_(first|next)
All callers except rename_open_files() can ignore non FSA fsps.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
4d29ab04 by Ralph Boehme at 2020-12-16T09:08:31+00:00
smbd: use common exit in filename_convert_internal()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
9a5a1fe1 by Ralph Boehme at 2020-12-16T09:08:31+00:00
smbd: use open_pathref_fsp() in filename_convert_internal()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
67a73548 by Ralph Boehme at 2020-12-16T09:08:31+00:00
s3/libadouble: use openat_pathref_fsp() in ad_convert_xattr()
Ensures we have a pathref handle in the smb_fname we pass to
SMB_VFS_CREATE_FILE().
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
be4a4b51 by Ralph Boehme at 2020-12-16T09:08:31+00:00
s3/libadouble: use openat_pathref_fsp() in ad_convert_finderinfo()
Ensures we have a pathref handle in the smb_fname we pass to
SMB_VFS_CREATE_FILE().
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e70c6187 by Ralph Boehme at 2020-12-16T09:08:31+00:00
s3/libadouble: use openat_pathref_fsp() in ad_unconvert_open_ad()
Ensures we have a pathref handle in the smb_fname we pass to
SMB_VFS_CREATE_FILE().
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
349c5737 by Ralph Boehme at 2020-12-16T09:08:31+00:00
s3/libadouble: use openat_pathref_fsp() in ad_unconvert_get_streams()
Ensures we have a pathref handle in the smb_fname we pass to
SMB_VFS_CREATE_FILE().
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e4bb359a by Ralph Boehme at 2020-12-16T09:08:31+00:00
s3/libadouble: use openat_pathref_fsp() in ad_collect_one_stream()
Ensures we have a pathref handle in the smb_fname we pass to
SMB_VFS_CREATE_FILE().
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
368b8158 by Ralph Boehme at 2020-12-16T09:08:31+00:00
s3/libadouble: use openat_pathref_fsp() in ad_open_rsrc()
Ensures we have a pathref handle in the smb_fname we pass to
SMB_VFS_CREATE_FILE().
As the create_disposition is FILE_OPEN we just return the error if
openat_pathref_fsp() fails
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e8a49d0e by Ralph Boehme at 2020-12-16T09:08:31+00:00
s3/libadouble: use openat_pathref_fsp() in readdir_attr_meta_finderi_stream()
Ensures we have a pathref handle in the smb_fname we pass to
SMB_VFS_CREATE_FILE().
As the create_disposition is FILE_OPEN we just return the error if
openat_pathref_fsp() fails
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
cbe25e17 by Ralph Boehme at 2020-12-16T09:08:31+00:00
printing: use openat_pathref_fsp() in file_version_is_newer()
Ensures we have a pathref handle in the smb_fname we pass to
SMB_VFS_CREATE_FILE().
As the create_disposition is FILE_OPEN we just return the error if
openat_pathref_fsp() fails
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ef5e913b by Ralph Boehme at 2020-12-16T09:08:31+00:00
printing: use openat_pathref_fsp() in file_version_is_newer()
Ensures we have a pathref handle in the smb_fname we pass to
SMB_VFS_CREATE_FILE().
As the create_disposition is FILE_OPEN we just return the error if
openat_pathref_fsp() fails
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a74f0af1 by Ralph Boehme at 2020-12-16T09:08:31+00:00
printing: use openat_pathref_fsp() in get_correct_cversion()
Ensures we have a pathref handle in the smb_fname we pass to
SMB_VFS_CREATE_FILE().
As the create_disposition is FILE_OPEN we just return the error if
openat_pathref_fsp() fails
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e5adfe64 by Ralph Boehme at 2020-12-16T09:08:31+00:00
smbd: use openat_pathref_fsp() in get_file_handle_for_metadata()
Ensures we have a pathref handle in the smb_fname we pass to
SMB_VFS_CREATE_FILE().
As the create_disposition is FILE_OPEN we just return the error if
openat_pathref_fsp() fails
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
0bdaba47 by Ralph Boehme at 2020-12-16T09:08:31+00:00
smbd: use openat_pathref_fsp() in open_streams_for_delete()
Ensures we have a pathref handle in the smb_fname we pass to
SMB_VFS_CREATE_FILE().
As the create_disposition is FILE_OPEN we just return the error if
openat_pathref_fsp() fails
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
14b0cc6b by Ralph Boehme at 2020-12-16T09:08:31+00:00
smbd: use openat_pathref_fsp() in reply_search()
Ensures we have a pathref handle in the smb_fname we pass to
SMB_VFS_CREATE_FILE().
As the create_disposition is FILE_OPEN we just return the error if
openat_pathref_fsp() fails
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
36b03af0 by Ralph Boehme at 2020-12-16T09:08:31+00:00
printing: use openat_pathref_fsp() in driver_unlink_internals()
Ensures we have a pathref handle in the smb_fname we pass to
SMB_VFS_CREATE_FILE().
As the create_disposition is FILE_OPEN we just return the error if
openat_pathref_fsp() fails
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
492ca581 by Ralph Boehme at 2020-12-16T09:08:31+00:00
smbd: use openat_pathref_fsp() rename_internals()
Ensures we have a pathref handle in the smb_fname we pass to
SMB_VFS_CREATE_FILE().
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
9bdac4f8 by Ralph Boehme at 2020-12-16T09:08:31+00:00
smbd: use openat_pathref_fsp() in copy_file()
Ensures we have a pathref handle in the smb_fname we pass to
SMB_VFS_CREATE_FILE().
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
aedaa97e by Ralph Boehme at 2020-12-16T09:08:31+00:00
smbd: un-const smb_fname in get_posix_fsp()
Avoids making a copy of smb_fname which allows using smb_fname->fsp if there is
one.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
83ecda17 by Ralph Boehme at 2020-12-16T09:08:31+00:00
smbd: use openat_pathref_fsp() in call_trans2findfirst()
Ensures we have a pathref handle in the smb_fname we pass to
SMB_VFS_CREATE_FILE().
Also drop pathref fsp from filename_convert() in call_trans2findfirst(), because
the call to filename_convert() is on the path from the client including the
search mask.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
924e7a70 by Ralph Boehme at 2020-12-16T09:08:31+00:00
smbd: unconst smb_fname arg of all setfileinfo worker functions
This allows avoiding making copies of the smb_fname when it needs to be passed
to a function that takes a non-const smb_fname.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
bf4b1b9b by Ralph Boehme at 2020-12-16T09:08:31+00:00
smbd: avoid a smb_fname copy in smb_set_file_size()
Now that we get a non-const smb_fname we can use that for the call to
SMB_VFS_CREATE_FILE().
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e6650c47 by Ralph Boehme at 2020-12-16T09:08:31+00:00
net: use openat_pathref_fsp() in net_vfs_get_ntacl()
Ensures we have a pathref handle in the smb_fname we pass to
SMB_VFS_CREATE_FILE().
As the create_disposition is FILE_OPEN we just return the error if
openat_pathref_fsp() fails
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
dab50f39 by Ralph Boehme at 2020-12-16T09:08:31+00:00
smbd: prevent non-POSIX stat-opens of symlinks in open_file()
Also adjust the test that checks for this.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
94dea7a2 by Ralph Boehme at 2020-12-16T09:08:31+00:00
smbd: call open_pathref_fsp() in unlink_internals() in wildcard matching loop
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
945bdc7c by Ralph Boehme at 2020-12-16T09:08:31+00:00
smbd: we DO NEED the low level fd
In order to make everything handle based, we will need the basefile handle when
eg the client requests setting any of the filemetadata that is common across all
streams, eg the file's timestamps.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c21890d1 by Ralph Boehme at 2020-12-16T09:08:31+00:00
smbd: replace a stat() with an fstat() in create_file_unixpath()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d00d09fd by Ralph Boehme at 2020-12-16T09:08:31+00:00
smbd: reuse smb_fname->fsp in create_file_default()
This is the big bang for the internal pathref fsps: up to this point the pathref
fsps were lingering around unused inside smb_fname->fsp.
With this change, the internal fsp will be the one that is going to be returned
from SMB_VFS_CREATE_FILE() if the client requested access mask matches the
criteria in open_file():
uint32_t need_fd_mask =
FILE_READ_DATA |
FILE_WRITE_DATA |
FILE_APPEND_DATA |
FILE_EXECUTE |
WRITE_DAC_ACCESS |
WRITE_OWNER_ACCESS |
SEC_FLAG_SYSTEM_SECURITY |
READ_CONTROL_ACCESS;
As long as the client doesn't request any of the access rights listed above, we
reuse the smb_fname->fsp, otherwise we close the smb_fname->fsp and call
fd_open() to open a new fsp.
In the future we can remove the four non-IO related access rights from the list:
WRITE_DAC_ACCESS |
WRITE_OWNER_ACCESS |
SEC_FLAG_SYSTEM_SECURITY |
READ_CONTROL_ACCESS
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
4bcb3d7a by Ralph Boehme at 2020-12-16T09:08:31+00:00
vfs_xattr_tdb: don't leak the fd into the caller
This is subtle: generally fsp_set_fd(fd) is called in the caller of
SMB_VFS_OPENAT() in non_widelink_open().
fsp_set_fd() has a check that asserts certain combindations of the existing
fsp->fh->fd and the new fd. Both being valid fds is not allowed.
Therefor inside the VFS we must reset fsp->fh->fd if we've set it.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
37003ec7 by Ralph Boehme at 2020-12-16T09:08:31+00:00
vfs_fruit: disable fd reopening optimisations for the two special macOS streams
I couldn't figure out why the reopen fails a few vfs.fruit tests, so for now
disable the optimisations. It only affects the two special Mac streams, so it's
not *that* bad, but definitely something we would want to improve on in the near
future.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
5770cdd7 by Ralph Boehme at 2020-12-16T09:08:31+00:00
smbd: optimisation using pathref fd to open real fd if possible
This is an optimisation that avoids going through the expensive
non_widelink_open() logic a second time. It depends on a usable /proc/%d/fd/%d
filesystem and this is checked and set as "can_reopen" flag by the VFS in the
openat() function in the fsp.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
626b4e57 by Ralph Boehme at 2020-12-16T09:08:31+00:00
s3/torture: add torture_conn_set_sockopt() wrapper
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
0ccd24b4 by Ralph Boehme at 2020-12-16T09:08:31+00:00
s3/torture: add POSIX-LS-WILDCARD test
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c8a2530b by Ralph Boehme at 2020-12-16T09:08:31+00:00
s3/torture: add POSIX-LS-SINGLE test
Note that uses SMB2 for the "Windows client" (aka non-POSIX) connection as SMB1
directory listing code translates a directory listing with a search mask that
matches an existing file to a CREATE which won't cut it for our test as we're
targetting the directory listing code.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
562ae8eb by Ralph Boehme at 2020-12-16T09:08:31+00:00
s3/torture: add POSIX-READLINK test
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a63a3972 by Ralph Boehme at 2020-12-16T09:08:31+00:00
s3/torture: add POSIX-STAT test
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
9d075d80 by Ralph Boehme at 2020-12-16T09:08:31+00:00
smbd: add vfs_stat()
Deals with POSIX paths and either calls lstat() for POSIX or stat().
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
37e6783f by Ralph Boehme at 2020-12-16T09:08:31+00:00
smbd: use vfs_stat() in dptr_ReadDirName()
This is subtle: we inherit the smb_fname flags from the directory to its
directory entries while listing a directory. This means if were listing a
directory in POSIX context, we now treat all entries as POSIX paths and
correctly call lstat() on the entries instead of stat().
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
985c1be5 by Ralph Boehme at 2020-12-16T09:08:31+00:00
smbd: use vfs_stat() in more places
This replaces the code in a bunch of places where we choose between stat() and
lstat() based on req->posix_pathname. The new code inside vfs_stat() is based on
checking the smb_fname flag SMB_FILENAME_POSIX_PATH.
req->posix_pathname is inherited from the global POSIX pathnames state and the
smb_fname flags is also inherited from that indirectly via the UCF flags.
Tl;dr: no change in behaviour. :)
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
dba8593c by Ralph Boehme at 2020-12-16T09:08:31+00:00
vfs: Add dirfsp arg to SMB_VFS_READDIR()
This allows for optimisations in VFS module: by passing the dirfsp as an
additional arg, the function can check fsp->fsp_name->flags which may include eg
SMB_FILENAME_POSIX_PATH to trigger POSIX pathname processing.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
dd368479 by Ralph Boehme at 2020-12-16T09:08:31+00:00
vfs_default: simplify vfswrap_readdir()
No change in behaviour.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
36d72d8a by Ralph Boehme at 2020-12-16T09:08:31+00:00
vfs_default: return stat info for symlinks in POSIX context
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
86edc662 by Ralph Boehme at 2020-12-16T09:08:31+00:00
smbd: use get_dosmode in smbd_dirptr_8_3_mode_fn()
Caller currently always passes true, but this will change soonish with a change
to smbd_dirptr_get_entry().
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c98d1113 by Ralph Boehme at 2020-12-16T09:08:31+00:00
smbd: call open_pathref_fsp() in smbd_dirptr_get_entry()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
8e3798dd by Ralph Boehme at 2020-12-16T09:08:31+00:00
smbd: factor out smbd_check_access_rights_sd() from smbd_check_access_rights()
No change in behaviour.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
2aac9100 by Ralph Boehme at 2020-12-16T09:08:31+00:00
smbd: add smbd_check_access_rights_fsp()
Handle based version of smbd_check_access_rights().
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
435c0f88 by Ralph Boehme at 2020-12-16T09:08:31+00:00
smbd: adjust allocation size check across handles in smbd_do_qfilepathinfo()
Check all open files if either we don't have an fsp or if the fsp is not a full
FSA fsp, ie not one which was created by SMB_VFS_CREATE_FILE() but by
openat_pathref_fsp().
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1bc943dd by Ralph Boehme at 2020-12-16T09:08:31+00:00
smbd: check for valid FSA fsp in smb_query_posix_acl()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
9535af36 by Ralph Boehme at 2020-12-16T09:08:31+00:00
smbd: check for valid FSA fsp in smb_set_posix_acl()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
3da8af16 by Ralph Boehme at 2020-12-16T09:08:31+00:00
smbd: unconst fsp arg of check_access_fsp()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
192897b4 by Ralph Boehme at 2020-12-16T09:08:31+00:00
smbd: deal with non FSA fsps in check_access_fsp()
For fsps coming out of openat_pathref_fsp() and not SMB_VFS_CREATE_FILE(),
fsp->access_mask will be 0 and we check the requested rights against the
permissions of the object opened by the fsp.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
3d8237a8 by Ralph Boehme at 2020-12-16T09:08:31+00:00
smbd: check for non FSA fsps in smb_file_rename_information()
If the fsp is a non FSA fsp created by openat_pathref_fsp(), we can't pass it to
rename_internals_fsp(). We have to go via rename_internals() which internally
uses SMB_VFS_CREATE_FILE() to open an fsp which ensure we go through the lease
checking code.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d9e9f063 by Ralph Boehme at 2020-12-16T09:08:31+00:00
smbd: use SMB_VFS_CREATE_FILE() in call_trans2mkdir()
Use SMB_VFS_CREATE_FILE() instead of the create_directory() in order to have a
fsp that we can pass to set_ea().
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
2bcb268b by Ralph Boehme at 2020-12-16T09:08:31+00:00
smbd: use pathref fsp in call_trans2qfilepathinfo()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a716c556 by Ralph Boehme at 2020-12-16T09:08:31+00:00
smbd: use pathref fsp in call_trans2setfilepathinfo()
This means we're now passing a valid fsp to all setinfo functions. The only
special case being when dealing with a symlink in POSIX context.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
5bec9621 by Ralph Boehme at 2020-12-16T09:08:31+00:00
smbd: use check_access_fsp() in set_ea()
We now always have a fsp.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
cc0e740a by Ralph Boehme at 2020-12-16T09:08:31+00:00
smbd: in reply_setatr() pass pathref fsp to smb_set_file_time()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
752bc388 by Ralph Boehme at 2020-12-16T09:08:31+00:00
smbd: always use check_access_fsp() in smb_set_file_basic_info()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ef9afe38 by Ralph Boehme at 2020-12-16T09:08:31+00:00
smbd: always use check_access_fsp() in smb_set_info_standard()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
4ac20da4 by Ralph Boehme at 2020-12-16T09:08:31+00:00
smbd: use fsp in smb_set_file_time()
Ensure we have a valid fsp whos name we pass to file_ntimes(). Remember,
file_ntimes() by default ends up calling SMB_VFS_GET_DOS_ATTRIBUTES() under the
hood in order to get/set the creation date.
As any fsp->fsp_name contains a backpointer to the fsp ie
fsp->fsp_name->fsp == fsp
passing set_fsp->fsp_name to file_ntimes() allows replacing the path based
SMB_VFS_GET_DOS_ATTRIBUTES() with SMB_VFS_FGET_DOS_ATTRIBUTES() under the hoods.
Also use the base_fsp->fsp_name for the base name in case of setting the
timestamps on a stream.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
da93d88e by Ralph Boehme at 2020-12-16T09:08:31+00:00
vfs_gpfs: fix bogus compiler warning
The next commit adds the first call inside Samba to the VFS function
SMB_VFS_FGET_DOS_ATTRIBUTES() and therefor also to
vfs_gpfs_fget_dos_attributes(). No idea why gcc is generating this warning:
[4127/4716] Compiling source3/modules/vfs_aio_fork.c
../../source3/modules/vfs_gpfs.c: In function ‘vfs_gpfs_fget_dos_attributes’:
../../source3/modules/vfs_gpfs.c:1728:2: error: ‘file_id’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
1728 | update_stat_ex_file_id(&fsp->fsp_name->st, file_id);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
compilation terminated due to -Wfatal-errors.
cc1: all warnings being treated as errors
This change fixes the error.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ccd3352b by Ralph Boehme at 2020-12-16T09:08:31+00:00
smbd: add fdos_mode()
Note that this continues using the braindead dual path/handle based API mistake,
but only in order to reuse the util functions and because this is an
intermediate step to support transitioning to an all handle based flow.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
06906b1d by Ralph Boehme at 2020-12-16T09:08:31+00:00
smbd: use fdos_mode() in smbd_dirptr_lanman2_mode_fn()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
180e0a7d by Ralph Boehme at 2020-12-16T09:08:31+00:00
smbd: use fdos_mode() in smbd_dirptr_8_3_mode_fn()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
54b4321f by Ralph Boehme at 2020-12-16T09:08:31+00:00
smbd: use fdos_mode() in file_set_sparse()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c83516f3 by Ralph Boehme at 2020-12-16T09:08:31+00:00
vfstest: use filename_convert() in cmd_utime()
Ensures we have a pathref fsp when calling SMB_VFS_NTIMES().
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ea2def33 by Ralph Boehme at 2020-12-16T09:08:31+00:00
smbd: un-const smb_fname_dst_in arg of rename_internals_fsp()
A subsequent commit is going to modify smb_fname_dst_in.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
8e9887c2 by Ralph Boehme at 2020-12-16T09:08:31+00:00
smbd: drop pathref from smb_fname_dst_in in rename_internals_fsp()
The pathref is not needed anymore below this point and it conflicts with the
code that checks for open handles on the destination just below.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
147c3f2e by Ralph Boehme at 2020-12-16T09:08:31+00:00
smbd: use fdos_mode() in set_create_timespec_ea()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
bde16030 by Ralph Boehme at 2020-12-16T09:08:31+00:00
smbd: use fdos_mode() in vfs_default_durable_reconnect()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a649ebed by Ralph Boehme at 2020-12-16T09:08:31+00:00
smbd: use fdos_mode() in mark_file_modified()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ec9afe04 by Ralph Boehme at 2020-12-16T09:08:31+00:00
smbd: use fdos_mode() in reply_ntcreate_and_X()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f432bc56 by Ralph Boehme at 2020-12-16T09:08:31+00:00
smbd: use fdos_mode() in call_nt_transact_create()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
7386dc73 by Ralph Boehme at 2020-12-16T09:08:31+00:00
smbd: use fdos_mode() in copy_internals()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
6e512835 by Ralph Boehme at 2020-12-16T09:08:31+00:00
smbd: use fdos_mode() in check_base_file_access()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
93357758 by Ralph Boehme at 2020-12-16T09:08:32+00:00
smbd: use fdos_mode() in open_file_ntcreate()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
8bdf3f30 by Ralph Boehme at 2020-12-16T09:08:32+00:00
smbd: use fdos_mode() in reply_getatr()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
594bfdea by Ralph Boehme at 2020-12-16T09:08:32+00:00
smbd: use fdos_mode() in reply_open()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
b3e5feb9 by Ralph Boehme at 2020-12-16T09:08:32+00:00
smbd: use fdos_mode() in reply_open_and_X()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
7d0c60ff by Ralph Boehme at 2020-12-16T09:08:32+00:00
smbd: use fdos_mode() in can_rename()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
988a838a by Ralph Boehme at 2020-12-16T09:08:32+00:00
smbd: use fdos_mode() in do_unlink()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
8dbac0d5 by Ralph Boehme at 2020-12-16T09:08:32+00:00
smbd: call rename_open_files() a bit earlier in rename_internals_fsp()
This prepares for using handle based SMB_VFS_FSTAT() and fdos_mode() a few lines
below. As some VFS modules will use the fsp->fsp_name we have to make sure to
rename it first.
Fwiw, notify_rename() is moved as well as it needs to original name in
fsp->fsp_name.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f19b01a1 by Ralph Boehme at 2020-12-16T09:08:32+00:00
smbd: use SMB_VFS_FSTAT() in rename_internals_fsp()
While at it, use the open handle on the renamed file to call fstat() instead of
stat().
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
58e103a7 by Ralph Boehme at 2020-12-16T09:08:32+00:00
smbd: README.Coding fixes in rename_internals_fsp()
No change in behaviour.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
812e59c6 by Ralph Boehme at 2020-12-16T09:08:32+00:00
smbd: use fdos_mode() in rename_internals_fsp()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
96a88265 by Ralph Boehme at 2020-12-16T09:08:32+00:00
smbd: use fdos_mode() in copy_file()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
0977f137 by Ralph Boehme at 2020-12-16T09:08:32+00:00
smbd: use fdos_mode() in reply_getattrE()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
608085af by Ralph Boehme at 2020-12-16T09:08:32+00:00
smbd: use fdos_mode() in setup_close_full_information()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
05b31b47 by Ralph Boehme at 2020-12-16T09:08:32+00:00
smbd: use fdos_mode() in smbd_smb2_create_after_exec()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ccb68c56 by Ralph Boehme at 2020-12-16T09:08:32+00:00
smbd: use fdos_mode() in call_trans2open()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
72d19c89 by Ralph Boehme at 2020-12-16T09:08:32+00:00
smbd: use fdos_mode() in smbd_do_qfilepathinfo()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
24d75b92 by Ralph Boehme at 2020-12-16T09:08:32+00:00
smbd: pass fsp to smb_set_file_dosmode()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
8eb56168 by Ralph Boehme at 2020-12-16T09:08:32+00:00
smbd: use fdos_mode() in smb_set_file_dosmode()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
62d82326 by Ralph Boehme at 2020-12-16T09:08:32+00:00
smbd: use fdos_mode() in smb_set_file_disposition_info()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e7a90fd7 by Ralph Boehme at 2020-12-16T09:08:32+00:00
smbd: use fdos_mode() in dos_mode_at_vfs_get_dosmode_done()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
2a1bb232 by Ralph Boehme at 2020-12-16T09:08:32+00:00
smbd: use fdos_mode() in tsmsm_set_dos_attributes()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
22d9c31a by Ralph Boehme at 2020-12-16T09:08:32+00:00
smbd: use fdos_mode() in tsmsm_fset_dos_attributes()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
2317583b by Ralph Boehme at 2020-12-16T09:08:32+00:00
smbd: RIP dos_mode()
.--. .-, .-..-.__
.'(`.-` \_.-'-./` |\_( "\__
__.>\ '; _;---,._| / __/`'--)
/.--. : |/' _.--.<| / | |
_..-' `\ /' /` /_/ _/_/
>_.-``-. `Y /' _;---.`|/))))
'` .-''. \|: .' __, .-'"`
.'--._ `-: \/: /' '.\ _|_
/.'`\ :; /' `- `-|-`
-` | | |
:.; : | .-'~^~`-.
|: | .' _ _ `.
|:. | | |_) | |_) |
:. : | | | \ | | |
: ; | | |
: ; | | |
: ; | | dos_mode()|
.:| . : ; | |
-."-/\\\/:::. `\."-._'."-"_\\-| |///."-
" -."-.\\"-."//.-".`-."_\\-.".-\\`=.........=`//-".
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
0f5a28d6 by Ralph Boehme at 2020-12-16T09:08:32+00:00
smbd: use SMB_VFS_FGET_DOS_ATTRIBUTES() in open_file_ntcreate()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d466ba6d by Ralph Boehme at 2020-12-16T09:08:32+00:00
vfs: add and use fget_ea_dos_attribute()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
04b4dc86 by Ralph Boehme at 2020-12-16T09:08:32+00:00
vfs: RIP SMB_VFS_GET_DOS_ATTRIBUTES()
(\ _ /)
( \ O / )
(// \\)
X
/ \
/___\
_____/ \\_____
| + ||
| ||
| SMB_VFS_GET_ ||
| DOS_ATTRIBUTES() ||
| ||
| ||
| ||
| _ ___ _ ||
| | \ | | \ ||
| | | | | | ||
| |_/ | |_/ ||
| | \ | | ||
| | \ | | ||
| | \. _|_. | . ||
| ||
* * | * ** * ** |** **
\)),.,\(/.,(//,,..,,\||(,,.,\\,.((//
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
3db25c1c by Ralph Boehme at 2020-12-16T09:08:32+00:00
smbd: remove unused get_ea_dos_attribute()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a55a2bfb by Ralph Boehme at 2020-12-16T09:08:32+00:00
vfs: SMB_VFS_GET_COMPRESSION() -> SMB_VFS_FGET_COMPRESSION()
Now that handle based fdos_mode() is used everywhere we can be sure that we're
also always getting a handle in SMB_VFS_GET_COMPRESSION() so we can now safely
remove the path parameter. :)
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
0049a34b by Jeremy Allison at 2020-12-16T09:08:32+00:00
smbd: smb_info_set_ea() can only get fsp==NULL in POSIX mode accessing a symlink.
Ensure this is the case and force-return NT_STATUS_ACCESS_DENIED here.
Remove any race condition if anyone modifies the symlink whilst the
operation is in process.
This now allows us to require a valid fsp for operations on EAs.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
898c537a by Jeremy Allison at 2020-12-16T09:08:32+00:00
smbd: set_ea() must have an fsp, so remove uses of the smb_fname parameter.
Next we can remove it.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
874c5fcf by Jeremy Allison at 2020-12-16T10:15:11+00:00
smbd: Remove the smb_fname parameter from set_ea().
We know we must have a valid fsp.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Wed Dec 16 10:15:11 UTC 2020 on sn-devel-184
- - - - -
df73a766 by Stefan Metzmacher at 2020-12-16T12:50:37+00:00
wafsamba: move clang_compilation_database usage behind an --enable-clangdb option
Writing bin/default/compile_commands.json doubles the total time used
for a noop build. That price should only be paid if someone wants to
use it actually.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
3e61d1ff by Stefan Metzmacher at 2020-12-16T12:50:37+00:00
autobuild.py: use --enable-clangdb for the "samba-ctdb" task
The key is that we only enable it for just one task.
I plan to restructure the autobuild tasks, but 'samba-ctdb'
will stay the way it works currently.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
93c576da by Andreas Schneider at 2020-12-16T13:56:49+00:00
auth:creds: Add cli_credentials_dump()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Wed Dec 16 13:56:49 UTC 2020 on sn-devel-184
- - - - -
d74c9dcf by Gary Lockyer at 2020-12-16T23:48:05+00:00
tests python krb5: Add Authorization data ad-type constants
Add constants for the Authorization Data Type values.
RFC 4120 7.5.4. Authorization Data Types
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0f232ed4 by Gary Lockyer at 2020-12-16T23:48:05+00:00
tests python krb5: add test base class
Add a base class for the KDC tests to reduce the amount of code
duplication in the tests.
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1ed461a1 by Gary Lockyer at 2020-12-16T23:48:05+00:00
tests python krb5: initial TGS tests
Initial tests on the KDC TGS
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8004cf7a by Gary Lockyer at 2020-12-17T00:54:51+00:00
pep8 tidy up config
Enable the following warnings:
E126: continuation line over-indented for hanging indent
E131: continuation line unaligned for hanging indent
E203: whitespace before ':'
E221: multiple spaces before operator
E501: line too long
E722: do not use bare 'except'
These were originally chosen so that as much of the existing samba code
passed. With the intention of integrating PEP8 checking into build
process. But the PEP8 output does not integrate into the known fail
mechanism, so this approach was abandoned.
setup.cfg is the default PEP8 config file having these exceptions
enabled means that new code can be added with those issues. Also tools
like pyls (python language server) use setup.cfg.
Disable the following warnings:
E402: module level import not at top of file
Samba has a significant amount of code setting
sys.path.insert(0, "bin/python")
W503: Line break before binary operator
We need to have a preference, and PEP8 expresses a weak preference
for disabling 503
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu Dec 17 00:54:51 UTC 2020 on sn-devel-184
- - - - -
577d4f1a by Björn Baumbach at 2020-12-17T13:59:37+00:00
docs:smbdotconf: fix a typo in oldpasswordallowedperiod.xml
Signed-off-by: Björn Baumbach <bb at sernet.de>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
98119189 by Björn Baumbach at 2020-12-17T13:59:37+00:00
blackbox/test_samba-tool_ntacl.sh: script requires two arguments
Signed-off-by: Björn Baumbach <bb at sernet.de>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f40da74e by Björn Baumbach at 2020-12-17T13:59:37+00:00
s3:libsmb: set min smb protocol when enforcing smb1 on connect
Otherwise the connect fails if the configured client min protocol is
higher than NT1.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14105
Signed-off-by: Björn Baumbach <bb at sernet.de>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
76121ae7 by Björn Baumbach at 2020-12-17T13:59:38+00:00
s3:libsmb: set correct min and max smb protocol when smb2 is enforced on connect
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14105
Pair-programmed-with: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Björn Baumbach <bb at sernet.de>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
560e4b1b by Stefan Metzmacher at 2020-12-17T13:59:38+00:00
libcli/smb: add smbXcli_conn_send_queue()
This is useful in order to test async requests
tevent_queue_wait_send/recv() can be used to block
the queue between requests or wait for the queue to be flushed.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
084c2240 by Stefan Metzmacher at 2020-12-17T13:59:38+00:00
s3:pylibsmb: PyErr_NTSTATUS_IS_ERR_RAISE => PyErr_NTSTATUS_NOT_OK_RAISE
We want to raise an exception for everything that's not NT_STATUS_OK.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
fde65c2f by Stefan Metzmacher at 2020-12-17T13:59:38+00:00
s3:pylibsmb: add echo() support
In tests it's sometimes to have a no-op in order to check the
transport is still alive.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
3ffb8175 by Stefan Metzmacher at 2020-12-17T13:59:38+00:00
s3:pylibsmb: add notify() support
The operation is a bit different from others,
as results are returned in an async fashion.
It returns a request handle.
notify_req = conn.notify(fnum=fnum,
buffer_size=0xffff,
completion_filter=libsmb.FILE_NOTIFY_CHANGE_ALL,
recursive=True)
# ... do other operations on conn.*() ...
changes = notify_req.get_changes(wait=False)
# changes is likely to be None if no result arrived yet
# ... do other operations on conn.*() ...
changes = notify_req.get_changes(wait=True)
# changes is a list of change dictionaries
# each containing "name" (a string) and
# "action" (an integer, e.g. libsmb.NOTIFY_ACTION_REMOVED)
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
752a8f87 by Stefan Metzmacher at 2020-12-17T13:59:38+00:00
s3:pylibsmb: remove unused SECINFO_DEFAULT_FLAGS
commit 42be033b0b0c02413a74f984c8622b5baed2689a removed the last
reference.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
0ccdce67 by Stefan Metzmacher at 2020-12-17T13:59:38+00:00
libsmb_samba_internal: don't send SECINFO_[UN]PROTECTED_{S,D}ACL by default
We want to get the default behavior.
It's also pointless to set PROTECTED and UNPROTECTED at the same time..
These are defined in MS-DTYP 2.4.7 SECURITY_INFORMATION with a brief
description, but they aren't referenced in anywhere in MS-DTYP itself,
nor in MS-FSA are any other document.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
18dd953d by Stefan Metzmacher at 2020-12-17T13:59:38+00:00
libsmb_samba_internal: calculate the access_mask for {g,s}et_acl() based on the secinfo flags
SEC_FLAG_MAXIMUM_ALLOWED will never result in SEC_FLAG_SYSTEM_SECURITY
being granted. As SECINFO_SACL is part of the default secinfo value
(SECINFO_DEFAULT_FLAGS), {g,s}et_acl() will always return
NT_STATUS_ACCESS_DENIED by default.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
b082cf32 by Stefan Metzmacher at 2020-12-17T13:59:38+00:00
python/ntacls.py: let SMBHelper.get_acl() use the default values of self.smb_conn.get_acl()
Now that self.smb_conn.get_acl() has sane default values for secinfo and
access_mask we can remove any additional logic in SMBHelper.
The resulting values are the same.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f4e578aa by Björn Baumbach at 2020-12-17T13:59:38+00:00
python/ntacls.py: add SMBHelper.set_acl() helper function
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Björn Baumbach <bb at sernet.de>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
0133c17c by Björn Baumbach at 2020-12-17T13:59:38+00:00
python/tests: add tests for smb notify and the dependency to the TRAVERSE privilege
The easiest way to run this against Windows was to use a domain
controller and configure an enforce group policy and grant the
"Bypass Traverse Checking" only to the "BUILTIN\Administrators" group.
(Note that "LOCAL SERVICE" and "NETWORK SERVICE" are always added in
the local security policy.
The test runs like this:
SMB_CONF_PATH=/dev/null \
SERVER=172.31.9.188 \
TARGET_HOSTNAME=w2012r2-188.w2012r2-l6.base \
USERNAME=administrator \
PASSWORD=A1b2C3d4 \
NOTIFY_SHARE=torture \
USERNAME_UNPRIV=ldaptestuser \
PASSWORD_UNPRIV=a1B2c3D4 \
python/samba/tests/smb-notify.py -v -f SMBNotifyTests
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Björn Baumbach <bb at sernet.de>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
3e9f0e97 by Björn Baumbach at 2020-12-17T13:59:38+00:00
selftest: add option to pass args to tests to planpythontestsuite()
The logic is basically a copy from planoldpythontestsuite().
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Björn Baumbach <bb at sernet.de>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
bcfce0ec by Björn Baumbach at 2020-12-17T13:59:38+00:00
selftest: add tests for smb notify, using the a special share
That share will get the "honor change notify privilege = yes" option
once it's implemented. For now it's marked as knownfail.
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Björn Baumbach <bb at sernet.de>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
6c95e467 by Björn Baumbach at 2020-12-17T15:01:53+00:00
smbd/notify: add option "honor change notify privilege"
This option can be used to make use of the change notify privilege.
By default notify results are not checked against the file system
permissions.
If "honor change notify privilege" is enabled, a user will only
receive notify results, if he has change notify privilege or sufficient
file system permissions. If a user has the change notify privilege, he
will receive all requested notify results, even if the user does not
have the permissions on the file system.
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Björn Baumbach <bb at sernet.de>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Thu Dec 17 15:01:53 UTC 2020 on sn-devel-184
- - - - -
cbe1485f by Jeremy Allison at 2020-12-17T18:56:28+00:00
smbd: Fix debugs in file_new() and fsp_new().
Allows grep ' files structure ' in the log
to count up and down the number of files allocated.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
8559af63 by Jeremy Allison at 2020-12-17T18:56:28+00:00
smbd: dup_file_fsp() for old DOS style opens also needs to copy the new flags.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
e7f1588e by Jeremy Allison at 2020-12-17T18:56:28+00:00
smbd: If an smb_filename already has a pathref fsp don't overwrite it..
That leaks fsps.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
12dd02d8 by Jeremy Allison at 2020-12-17T18:56:28+00:00
smbd: On error exit in create_file_unixpath(), we can't call close_file() on uncompleted opens.
We can't call directly into close_file(), as that cannot deal
with regular file and directory opens where fsp->fsp_flags.is_fsa
hasn't been set to true (uncompleted opens).
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
59b0fae2 by Jeremy Allison at 2020-12-17T18:56:28+00:00
smbd: Move closing a print file out of close_normal_file() (it isn't a normal file) and into close_file().
Streamlines closing print files and allows close_normal_file()
to restrict itself to is_fsa fsps.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
7c5476ba by Ralph Boehme at 2020-12-17T18:56:28+00:00
smbd: mark fsp as valid FSA fsp after Durable Handle reconnect succeeded
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
de806498 by Jeremy Allison at 2020-12-17T18:56:28+00:00
smbd: Ensure close_directory() and close_normal_file() only deal with is_fsa files.
This must be the case, so assert it.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
ebf37cfc by Ralph Boehme at 2020-12-17T18:56:28+00:00
smbd: remove fd_close() from open_directory()
fd_close() was accidentally added twice by
d00d09fdcf73a5839ae4f82cf8e953bb761bfbfb. If it would have been removed by
5770cdd7635a018817418f58bd37268aedebd6a9 that adds the reopen_from_procfd()
optimisation, all would be fine. But fd_close() still being called before
reopen_from_procfd() means we're closing the pathref fd prevening the
optimisation.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
8d0ea8ba by Ralph Boehme at 2020-12-17T18:56:28+00:00
vfs: add acl type arg to SMB_VFS_SYS_ACL_SET_FD()
No change in behaviour, the new arg is not yet used in any module.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
467dbdbd by Ralph Boehme at 2020-12-17T18:56:28+00:00
posixacl_xattr: add support for SMB_ACL_TYPE_DEFAULT in posixacl_xattr_acl_set_fd()
No need to handle pathref fsps here, as that is taken care of by
SMB_VFS_FSETXATTR().
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
3363cddc by Ralph Boehme at 2020-12-17T18:56:28+00:00
vfs_aixacl: use passed in ACL type in aixacl_sys_acl_set_fd()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
6c30d49f by Ralph Boehme at 2020-12-17T18:56:28+00:00
vfs_aixacl2: use ACL type in aixjfs2_sys_acl_set_fd()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a866027e by Ralph Boehme at 2020-12-17T18:56:28+00:00
vfs_fake_acls: add support for SMB_ACL_TYPE_DEFAULT in fake_acls_sys_acl_set_fd()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ba07df5e by Ralph Boehme at 2020-12-17T18:56:28+00:00
vfs_gpfs: add support for SMB_ACL_TYPE_DEFAULT in gpfsacl_sys_acl_set_fd()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
bf369327 by Ralph Boehme at 2020-12-17T18:56:28+00:00
vfs_posixacl: support SMB_ACL_TYPE_DEFAULT in posixacl_sys_acl_set_fd()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
7d9a9993 by Ralph Boehme at 2020-12-17T18:56:28+00:00
vfs_solarisacl: add support for SMB_ACL_TYPE_DEFAULT in solarisacl_sys_acl_set_fd()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
9303683e by Ralph Boehme at 2020-12-17T18:56:28+00:00
vfs_tru64acl: add support for SMB_ACL_TYPE_DEFAULT to tru64acl_sys_acl_set_fd()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
fc6ee68c by Ralph Boehme at 2020-12-17T18:56:28+00:00
vfs_vxfs: add support for SMB_ACL_TYPE_DEFAULT in vxfs_sys_acl_set_fd()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f4c2f867 by Ralph Boehme at 2020-12-17T18:56:28+00:00
vfs_aixacl: handle pathref fsps in aixacl_sys_acl_set_fd()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ee0a6d22 by Ralph Boehme at 2020-12-17T18:56:28+00:00
vfs_aixacl2: handle pathref fsps in aixjfs2_sys_acl_set_fd()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1f4426b4 by Ralph Boehme at 2020-12-17T18:56:28+00:00
vfs_default: add support for SMB_ACL_TYPE_DEFAULT and pathref fsps in vfswrap_sys_acl_set_fd()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
8d323aeb by Ralph Boehme at 2020-12-17T18:56:29+00:00
posix_acls: use SMB_VFS_SYS_ACL_SET_FD() in set_canon_ace_list()
SMB_VFS_SYS_ACL_SET_FD() can now safely be used to set default ACLs on
directories.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
33cbe40c by Ralph Boehme at 2020-12-17T18:56:29+00:00
posix_acls: use SMB_VFS_SYS_ACL_SET_FD() in set_unix_posix_default_acl()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1af5892a by Ralph Boehme at 2020-12-17T18:56:29+00:00
pysmbd: use SMB_VFS_SYS_ACL_SET_FD() in set_sys_acl_conn()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
b54158fb by Ralph Boehme at 2020-12-17T18:56:29+00:00
smbd: move mode logic out of vfswrap_mkdirat() to the caller mkdir_internal()
This is the correct place where this code should be. It also means opaque VFS
modules that implement their own mkdirat() like glusterfs now use this logic.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
3dee234e by Ralph Boehme at 2020-12-17T18:56:29+00:00
vfs_default: remove assert from vfswrap_mkdirat()
vfswrap_mkdirat() deals with real dirfsps just fine now.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
9bafb894 by Ralph Boehme at 2020-12-17T18:56:29+00:00
vfs_unityed_media: support real dirfsps in um_mkdirat()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
2d57908f by Ralph Boehme at 2020-12-17T18:56:29+00:00
vfs_syncops: support real dirfsps in syncops_mkdirat()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
875fd6ee by Ralph Boehme at 2020-12-17T18:56:29+00:00
vfs_media_harmony: support real dirfsps in mh_mkdirat()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
dc4c9528 by Ralph Boehme at 2020-12-17T18:56:29+00:00
vfs_xattr_tdb: support real dirfsps in xattr_tdb_mkdirat()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
6c79c2f2 by Ralph Boehme at 2020-12-17T18:56:29+00:00
vfs_extd_audit: support real dirfsps in audit_mkdirat()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
cb3d8b20 by Ralph Boehme at 2020-12-17T18:56:29+00:00
vfs_audit: support real dirfsps in audit_mkdirat()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
640629b2 by Ralph Boehme at 2020-12-17T18:56:29+00:00
vfs_glusterfs: support real dirfsps in vfs_gluster_mkdirat()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
71a61486 by Ralph Boehme at 2020-12-17T18:56:29+00:00
vfs_linux_xfs_sgid: support real dirfsps in linux_xfs_sgid_mkdirat()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c3fb27d9 by Ralph Boehme at 2020-12-17T18:56:29+00:00
smbd: check for absolute paths in full_path_from_dirfsp_atname()
If the "atname" is an absolute path we can ignore the dirfsp and just return a
copy of the atname.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a6f35e89 by Ralph Boehme at 2020-12-17T18:56:29+00:00
vfs_shadow_copy2: support real dirfsps in shadow_copy2_mkdirat()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
cf07a5cd by Ralph Boehme at 2020-12-17T18:56:29+00:00
vfs_full_audit: support real dirfsps in smb_full_audit_mkdirat()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
62179373 by Ralph Boehme at 2020-12-17T18:56:29+00:00
vfs_time_audit: support real dirfsps in smb_time_audit_mkdirat()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
405d1164 by Ralph Boehme at 2020-12-17T18:56:29+00:00
smbd: open a pathref fsp on the parent directory
Prepares for calling SMB_VFS_MKDIRAT() below with a real dirfsp/atname. As
parent_dir_fname now has a pathref fsp in parent_dir_fname->fsp, make sure to
talloc_free() the parent_dir_fname before leaving the function, so the pathref
fsp is closed right there and not left around until the talloc tos is
destroyed (parent_dir_fname is a child of talloc-tos).
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
83ffeac7 by Ralph Boehme at 2020-12-17T18:56:29+00:00
smbd: pass fsp to mkdir_internal()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
43b5e97a by Ralph Boehme at 2020-12-17T18:56:29+00:00
smbd: after creating a directory, open the fsp as pathref fsp
After the directory has been created by SMB_VFS_MKDIRAT(), open the fsp on the
new directory as pathref fsp so we can use handle based VFS functions.
open_directory() will reopen the fsp as a full fsp, but that doesn't really hurt
thanks to the reopen_from_procfd() optimisation.
Note that smb_dname == fsp->fsp_name.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
74b90806 by Ralph Boehme at 2020-12-17T18:56:29+00:00
smbd: use a real dirfsp/atname in mkdir_internal() with SMB_VFS_MKDIRAT()
Now that all VFS modules support real dirfsps in SMB_VFS_MKDIRAT(), pass the
pathref fsp from the parent directory and the basename of the new directory.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
24a46b9d by Ralph Boehme at 2020-12-17T18:56:29+00:00
smbd: use pathref fsp in change_dir_owner_to_parent()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
6efe41c4 by Ralph Boehme at 2020-12-17T18:56:29+00:00
posix_acls: use pathref fsp in copy_access_posix_acl()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
92b14995 by Ralph Boehme at 2020-12-17T18:56:29+00:00
vfs: RIP SMB_VFS_SYS_ACL_SET_FILE()
.--. .-, .-..-.__
.'(`.-` \_.-'-./` |\_( "\__
__.>\ '; _;---,._| / __/`'--)
/.--. : |/' _.--.<| / | |
_..-' `\ /' /` /_/ _/_/
>_.-``-. `Y /' _;---.`|/))))
'` .-''. \|: .' __, .-'"`
.'--._ `-: \/: /' '.\ _|_
/.'`\ :; /' `- `-|-`
-` | | |
:.; : | .-'~^~`-.
|: | .' _ _ `.
|:. | | |_) | |_) |
:. : | | | \ | | |
: ; | | |
: ; | | SMB_VFS |
: ; | | SYS_ACL |
: ; | | SET_FILE |
.jgs. : ; | |
-."-/\\\/:::. `\."-._'."-"_\\-| |///."-
" -."-.\\"-."//.-".`-."_\\-.".-\\`=.........=`//-".
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d860785f by Ralph Boehme at 2020-12-17T18:56:29+00:00
vfs_acl_xattr: reformatting
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
498831cf by Ralph Boehme at 2020-12-17T18:56:29+00:00
vfs_acl_common: add and use a function exit label
No change in behaviour. A subsequent commit will add more function exit cleanup
logic after the done label.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e6b0797c by Ralph Boehme at 2020-12-17T18:56:29+00:00
vfs_acl_common: add an fsp extension when setting ACL
This allows the module checking for the fsp extension variable setting_nt_acl
and will be used in the module functions for .sys_acl_set_fd_fn (so
sys_acl_set_fd_xattr() and sys_acl_set_fd_tdb()).
This depends on the previous code changes, so
won't be back ported. But for reference the
bug id is below.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14592
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
25ec2881 by Ralph Boehme at 2020-12-17T18:56:29+00:00
vfs_acl_xattr: avoid removing the ACL xattr
...when called as part of setting a new NT ACL.
This depends on the previous code changes, so
won't be back ported. But for reference the
bug id is below.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14592
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a77de71c by Ralph Boehme at 2020-12-17T20:04:22+00:00
vfs_acl_tdb: avoid deleting the NT ACL from the tdb
...when called as part of setting a new NT ACL. This implements the same logic
added to vfs_acl_xattr in the previous commit, to make sure both modules behave
identically.
This depends on the previous code changes, so
won't be back ported. But for reference the
bug id is below.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14592
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Dec 17 20:04:22 UTC 2020 on sn-devel-184
- - - - -
6b5041c0 by Jeremy Allison at 2020-12-18T16:27:38+00:00
smbd: close_file() should never see an internal dirfsp.
Assert this is the case.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Fri Dec 18 16:27:38 UTC 2020 on sn-devel-184
- - - - -
440802c2 by David Mulder at 2020-12-19T07:00:36+00:00
gpo: Add gp_xml_ext parser for group policy
This adds an extension parser for parsing xml
files in the sysvol.
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
932af62e by David Mulder at 2020-12-19T07:00:36+00:00
gpo: Test Group Policy VGP Sudo Rights
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
9b44f7a7 by David Mulder at 2020-12-19T08:11:50+00:00
gpo: Apply Group Policy Sudo Rights from VGP
This adds a Group Policy extension which applies
Sudo rights set by Vintela Group Policy in the
SYSVOL.
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Sat Dec 19 08:11:50 UTC 2020 on sn-devel-184
- - - - -
18d68e85 by Björn Jacke at 2020-12-19T18:20:30+00:00
dns_update.c: handle DNS_QTYPE_ALL
we have code to handle this, we should not refuse the request
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14576
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Björn Jacke <bjacke at samba.org>
Autobuild-Date(master): Sat Dec 19 18:20:30 UTC 2020 on sn-devel-184
- - - - -
d8ed73b7 by Gary Lockyer at 2020-12-21T20:18:35+00:00
tests python krb5: Add key usage constants
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
03676a4a by Gary Lockyer at 2020-12-21T20:18:35+00:00
tests python krb5: use key usage constants
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
c00d5375 by Gary Lockyer at 2020-12-21T21:29:28+00:00
tests python krb5: PEP8 cleanups
Fix all the PEP8 warnings in samba/tests/krb5. With the exception of
rfc4120_pyasn1.py, which is generated from rfc4120.asn1.
As these tests are new, it makes sense to ensure that they conform to
PEP8. And set an aspirational goal for the rest of our python code.
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Gary Lockyer <gary at samba.org>
Autobuild-Date(master): Mon Dec 21 21:29:28 UTC 2020 on sn-devel-184
- - - - -
f30e100b by Björn Jacke at 2020-12-23T12:45:35+00:00
tests: also test v6 for async dns test by using dig
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
98caa173 by Björn Jacke at 2020-12-23T12:45:35+00:00
tests: also test net ads dns (un)register with IPv6
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13706
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
985042d3 by Björn Jacke at 2020-12-23T12:45:35+00:00
dnsupdates: clean up all RRSets and not only type A
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13706
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14244
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8fcde591 by Björn Jacke at 2020-12-23T13:52:41+00:00
net: remove obsolete net ads dns gethostbyname command
net ads dns gethostbyname is doing the same as nslookup / host / dig and it's
quite limited and only supports A records. We should just drop it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13706
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Björn Jacke <bjacke at samba.org>
Autobuild-Date(master): Wed Dec 23 13:52:41 UTC 2020 on sn-devel-184
- - - - -
542ae105 by Archana at 2020-12-30T10:21:08+00:00
vfs_gpfs:Logging filename for smbd_gpfs_set_times_path()
Signed-off-by: ArchanaChidirala <archana.chidirala.chidirala at ibm.com>
Reviewed-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Wed Dec 30 10:21:08 UTC 2020 on sn-devel-184
- - - - -
54963d24 by Stefan Metzmacher at 2021-01-01T11:56:23+00:00
Happy New Year 2021!
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Fri Jan 1 11:56:23 UTC 2021 on sn-devel-184
- - - - -
3e96c95d by Dimitry Andric at 2021-01-04T10:50:07+00:00
lib: Avoid declaring zero-length VLAs in various messaging functions
In messaging_rec_create(), messaging_recv_cb() and
messaging_dispatch_rec(), variable length arrays of file descriptors are
declared using an incoming num_fds parameter.
However, there are several scenarios where num_fds can be zero, and
declaring a zero-length VLA is undefined behavior. This can lead to
segmentation faults and/or other crashes when compiling with recent
versions of clang at high optimization levels.
To avoid ever using zero as the length for these declarations, use
MAX(1, length) instead.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14605
Signed-off-by: Dimitry Andric <dimitry at andric.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Mon Jan 4 10:50:07 UTC 2021 on sn-devel-184
- - - - -
2f6cea06 by Karolin Seeger at 2021-01-04T11:45:30+00:00
script/release.sh: Use new GPG key.
Signed-off-by: Karolin Seeger <kseeger at samba.org>
- - - - -
aabd5812 by Björn Jacke at 2021-01-04T12:51:49+00:00
WHATSNEW: printing changes
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Karolin Seeger <kseeger at samba.org>
Autobuild-User(master): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(master): Mon Jan 4 12:51:49 UTC 2021 on sn-devel-184
- - - - -
1f06d91c by Yvan Masson at 2021-01-04T16:23:03+00:00
Fix small typo in manpage
Signed-off-by: Yvan Masson <yvan at masson-informatique.fr>
Reviewed-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Mon Jan 4 16:23:03 UTC 2021 on sn-devel-184
- - - - -
31943cc9 by Andrew Walker at 2021-01-05T21:30:08+00:00
s3:utils - explicitly free cmdline_messaging_context
Some command line utilities do not free their messaging context
which results in extra entries being left in the msg.lock directory.
Signed-off-by: Andrew Walker <awalker at ixsystems.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Jan 5 21:30:08 UTC 2021 on sn-devel-184
- - - - -
bf7b1658 by Andreas Schneider at 2021-01-06T22:51:35+00:00
lib:util: Add directory_create_or_exists_recursive()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14601
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
38c989fa by Andreas Schneider at 2021-01-06T23:59:58+00:00
s3:lib: Create the cache path of user gencache recursively
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14601
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Jan 6 23:59:58 UTC 2021 on sn-devel-184
- - - - -
2f21d1b0 by Arne Kreddig at 2021-01-07T19:25:38+00:00
vfs_virusfilter: Allocate separate memory for config char*
Instead of using only the pointer to the configuration char* from the
global configuration, vfs_virusfilter now allocates its own memory and
copies the char* from the global configuration.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14606
Signed-off-by: Arne Kreddig <arne at kreddig.net>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Jan 7 19:25:38 UTC 2021 on sn-devel-184
- - - - -
04077435 by Volker Lendecke at 2021-01-08T20:31:33+00:00
auth: Reformat a comment
Will fix a typo next
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
fbe6c6cd by Volker Lendecke at 2021-01-08T20:31:33+00:00
auth: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
768917f6 by Volker Lendecke at 2021-01-08T20:31:33+00:00
dsdb: Fix comment wording
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
dad4410c by Volker Lendecke at 2021-01-08T20:31:33+00:00
dsdb: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c8d9ce3f by Volker Lendecke at 2021-01-08T20:31:33+00:00
lib: Add "hex_byte()" to replace.h
This is required in quite a few places, and replace.h has things like
ZERO_STRUCT already, so this is not completely outplaced.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ad081bf2 by Volker Lendecke at 2021-01-08T20:31:33+00:00
tdb: Use hex_byte() in read_data()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
fd056127 by Volker Lendecke at 2021-01-08T20:31:33+00:00
tdb: Use hex_byte() in parse_hex()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
b6a57c49 by Volker Lendecke at 2021-01-08T20:31:33+00:00
ldb: Use hex_byte() in ldb_binary_decode()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
2ba7fe10 by Volker Lendecke at 2021-01-08T20:31:33+00:00
lib: Use hex_byte() in rfc1738_unescape()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
41e1b340 by Volker Lendecke at 2021-01-08T20:31:33+00:00
lib: Use hex_byte() in ucs2hex_pull()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
6aa672a4 by Volker Lendecke at 2021-01-08T20:31:33+00:00
ctdb: Use hex_byte() in hex_to_data()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d0eaa143 by Volker Lendecke at 2021-01-08T20:31:33+00:00
libsmb: Use hex_byte() in urldecode_talloc()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d82acf76 by Volker Lendecke at 2021-01-08T20:31:33+00:00
lib: give global_contexts.c its own header file
It's a bit shocking how many references we have to global
contexts. Make this a bit more obvious.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
de9b7312 by Volker Lendecke at 2021-01-08T20:31:33+00:00
librpc: Fix an error path memleak
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e7a6dba2 by Volker Lendecke at 2021-01-08T20:31:33+00:00
lib: Make pfh_daemon_config take a const default config
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
7ed99ad1 by Volker Lendecke at 2021-01-08T20:31:33+00:00
rpc_server: Make default prefork configs const
Move 24 bytes from modifyable data to .text segment
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ef7afeb3 by Volker Lendecke at 2021-01-08T20:31:33+00:00
lib: Fix error path memleaks in prefork_create_pool()
A few return statements missed the "TALLOC_FREE(pfp);"
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
56737df4 by Volker Lendecke at 2021-01-08T20:31:33+00:00
lib: Initialize pointers in server_prefork.c
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
8323c834 by Volker Lendecke at 2021-01-08T20:31:33+00:00
passdb: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
21853468 by Volker Lendecke at 2021-01-08T20:31:33+00:00
s3: Remove "developer.c" module
This can't have been built since commit f9acf770e9c12 from 2011 when
smb_register_charset was removed.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f9b2559c by Stefan Metzmacher at 2021-01-08T20:31:33+00:00
s4:torture/fruit: avoid sleep(10000000); if write_stream() fails
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
8f057333 by Stefan Metzmacher at 2021-01-08T20:31:33+00:00
s3:smbd: add vfs_fake_fd_close() helper
When we used vfs_fake_fd() we should use vfs_fake_fd_close()
in order to have things symetric.
This makes code easier to understand and may allow us to change
vfs_fake_fd() internally if required.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14596
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
719c83b4 by Stefan Metzmacher at 2021-01-08T20:31:33+00:00
vfs_fruit: make use of vfs_fake_fd_close()
When we used vfs_fake_fd() we should use vfs_fake_fd_close()
in order to have things symetric.
That may allows us to change vfs_fake_fd() internally if required.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14596
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
40e70cbd by Stefan Metzmacher at 2021-01-08T20:31:33+00:00
vfs_streams_xattr: make use of vfs_fake_fd_close()
When we used vfs_fake_fd() we should use vfs_fake_fd_close()
in order to have things symetric.
That may allows us to change vfs_fake_fd() internally if required.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14596
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
36eb30fd by Ralph Boehme at 2021-01-08T20:31:33+00:00
vfs_fruit: use "fake_fd" instead of "created"
Both have basically the same semantics.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14596
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c5da0842 by Ralph Boehme at 2021-01-08T20:31:33+00:00
vfs_fruit: check fake_fd in fruit_pread_meta_stream()
Don't call into the next VFS backend if we know we still have a fake-fd. Just
return -1 and the caller has the logic to handle this, which results in
returning a AFP_AfpInfo blob initialized with some defaults.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14596
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
564b62a6 by Ralph Boehme at 2021-01-08T21:38:18+00:00
vfs_fruit: fix close for fake_fd
If the next backend doesn't use kernel fd's should not
pass a fake_fd to the next backend.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14596
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Jan 8 21:38:18 UTC 2021 on sn-devel-184
- - - - -
4aa3ff57 by Volker Lendecke at 2021-01-11T13:19:32+00:00
lib: Move sockaddr_storage_to_samba_sockaddr() to lib/
This can be useful outside of source3/libsmb/namequery.c as Samba
moves towards samba_sockaddr.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
- - - - -
2e5d246b by Volker Lendecke at 2021-01-11T13:19:32+00:00
lib: Add samba_sockaddr_[gs]et_port()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
- - - - -
276b9bc2 by Volker Lendecke at 2021-01-11T13:19:32+00:00
rpc_server: Factor out dcesrv_open_ncacn_ip_tcp_sockets()
The main change is to return an allocated array of file descriptors in
dcesrv_open_ncacn_ip_tcp_sockets() instead of filling a preallocated
array of pf_listen_fd structures.
Signed-off-by: Volker Lendecke <vl at samba.org>
- - - - -
666fc24a by Volker Lendecke at 2021-01-11T13:19:32+00:00
rpc_server: Use dcesrv_open_ncacn_ip_tcp_sockets() in dcesrv_setup_ncacn_ip_tcp_sockets()
Avoid duplication of logic with "lp_interfaces_only()"
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
- - - - -
a00e3e8a by Volker Lendecke at 2021-01-11T13:19:32+00:00
rpc_server: Lift logic to fill in pf_listen_fd one level
dcesrv_create_ncacn_ip_tcp_sockets() now returns a struct of fd's
instead of filling a preallocated array: Its only function beyond
dcesrv_open_ncacn_ip_tcp_sockets() is thus gone.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
- - - - -
9c9b0fd6 by Volker Lendecke at 2021-01-11T13:19:32+00:00
rpc_server: Lift ph_listen_fd logic one level
Push filling in struct pf_listen_fd into the daemons using
dcesrv_create_endpoint_sockets().
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
- - - - -
ca967485 by Volker Lendecke at 2021-01-11T13:19:32+00:00
rpc_server: Add dcesrv_create_endpoint_list_fd_listen_fds()
This encapsulates the loop in the three standalone rpc daemons walking
the endpoints in a dcesrv_context.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
- - - - -
79a73b44 by Volker Lendecke at 2021-01-11T13:19:32+00:00
rpc_servers: Fix crash with many interfaces
Previously, the lowlevel routines wrote into the pf_listen_fd arrays
without checking its size.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
- - - - -
912196f4 by Volker Lendecke at 2021-01-11T13:19:32+00:00
rpc_servers: Remove unused variables
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
- - - - -
08da3439 by Volker Lendecke at 2021-01-11T14:25:04+00:00
librpc: Use GUID_buf_string in dcerpc_binding_string()
Avoid a (small) memleak
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Mon Jan 11 14:25:04 UTC 2021 on sn-devel-184
- - - - -
847465b3 by Ralph Boehme at 2021-01-11T20:25:32+00:00
smbd: move S_ISDIR check up a bit in openat_pathref_fsp()
This relies on the caller having stat()ed smb_fname instead of relying on
fd_openat() fstat()ing fsp->fsp_name. Otherwise no change in behaviour..
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
- - - - -
9a3cdb68 by Ralph Boehme at 2021-01-11T20:25:32+00:00
smbd: pass O_DIRECTORY to fd_openat() for directories
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
- - - - -
b31405e3 by Ralph Boehme at 2021-01-11T21:34:52+00:00
vfs_glusterfs: support read dirfsps in vfs_gluster_openat()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Mon Jan 11 21:34:52 UTC 2021 on sn-devel-184
- - - - -
9c16c212 by Volker Lendecke at 2021-01-12T00:10:30+00:00
smbd: Slightly simplify smbd_smb2_create_send()
If we return unconditionally, "else" is not needed
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
8f08390c by Volker Lendecke at 2021-01-12T00:10:30+00:00
lib: Move ucs2_align() to 'charset' subsystem
Fix a circular dependency: util_str_common.c depends on 'charset',
which depends on util_str_common.c. Fix that.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
8c02ebdb by Volker Lendecke at 2021-01-12T00:10:30+00:00
lib: Simplify "weird" charset code
Don't depend on DEBUG. This is a pure developer module, the developer
should be able to figure out what's going on after this has abort()ed..
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
3d0e55b6 by Volker Lendecke at 2021-01-12T00:10:30+00:00
build: Move weird.c and charset_macosxfs.c to ICONV_WRAPPER
iconv.c directly references them, it does not make sense to have it
without them.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
49ab5431 by Volker Lendecke at 2021-01-12T00:10:30+00:00
lib: Avoid all_string_sub() in smb_panic()
smb_panic() should be available everywhere. Avoid a dependency on
all_string_sub(), this pulls in a lot of other dependencies. The only
change is that this uses "strstr" instead of "strstr_m", but having
non-ascii panic actions strings can be called rare.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ae78cf0d by Volker Lendecke at 2021-01-12T00:10:30+00:00
build: Make smb_panic() available as a subsystem of its own
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
8b5eda75 by Volker Lendecke at 2021-01-12T00:10:30+00:00
lib: Move utf16_len[_n]() to lib/util/charset/
util_unistr.c references it, avoid broken dependencies
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
6b73ffb6 by Volker Lendecke at 2021-01-12T00:10:30+00:00
auth4: Use global_sid_System
dom_sid_dup() is much simpler than dom_sid_parse_talloc()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e60c4357 by Volker Lendecke at 2021-01-12T00:10:30+00:00
auth4: Use global_sid_Anonymous
dom_sid_dup() is much simpler than dom_sid_parse_talloc()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
83d85833 by Volker Lendecke at 2021-01-12T00:10:30+00:00
rpc_server: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f9f7aafa by Volker Lendecke at 2021-01-12T00:10:30+00:00
rpc_server: Move a variable closer to its use
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
93d387fb by Volker Lendecke at 2021-01-12T00:10:30+00:00
rpc_server: Avoid a pointless ZERO_STRUCTP
We've done talloc_zero() 4 lines above.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ca0104d4 by Volker Lendecke at 2021-01-12T00:10:30+00:00
rpc_server: Fix an error path memleak
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
457afe05 by Volker Lendecke at 2021-01-12T00:10:30+00:00
epmapper3: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
eecd5e87 by Volker Lendecke at 2021-01-12T00:10:30+00:00
epmapper3: Fix a DEBUG message
This is not function dcesrv_interface_register()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d51b4ac5 by Volker Lendecke at 2021-01-12T00:10:30+00:00
rpc_client: Error from rpc_pipe_open_ncalrpc() for path overflow
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
2745f6ec by Volker Lendecke at 2021-01-12T00:10:30+00:00
rpc_client: Fix an error path memleak in rpc_pipe_open_ncalrpc()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ad5aabf8 by Volker Lendecke at 2021-01-12T00:10:30+00:00
rpc_client: Use common "goto fail" for all error cases
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1b054aa0 by Volker Lendecke at 2021-01-12T00:10:30+00:00
rpc_client: Simplify rpc_pipe_open_ncalrpc()
Consolidate close(fd)
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
cc01ba1b by Volker Lendecke at 2021-01-12T00:10:30+00:00
librpc: Align a few integer types
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
922b8d18 by Volker Lendecke at 2021-01-12T00:10:30+00:00
librpc: gen_ndr/dcerpc.h references DATA_BLOB
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
cb1bcba2 by Volker Lendecke at 2021-01-12T00:10:30+00:00
lib: lib/param/param.h references TALLOC_CTX
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
9de2c2c1 by Volker Lendecke at 2021-01-12T00:10:30+00:00
lib: Remove using talloc_stack from lib/util/charset/
'charset' should be as standalone as possible, and for this one use
talloc_stackframe() is not really necessary.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1701041d by Volker Lendecke at 2021-01-12T00:10:30+00:00
lib: Avoid "includes.h" in lib/util/charset/
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1c2460a8 by Volker Lendecke at 2021-01-12T01:19:26+00:00
lib: Fix 'charset' dependencies
With this, 'charset' could be a SAMBA_LIBRARY without any undefined symbols
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Jan 12 01:19:26 UTC 2021 on sn-devel-184
- - - - -
07700d0f by Karolin Seeger at 2021-01-12T09:06:29+00:00
python/wscript: python3-asn1 -> python3-pyasn1
Signed-off-by: Karolin Seeger <kseeger at samba.org>
Reviewed-by: Björn Jacke <bjacke at samba.org>
- - - - -
649cfefb by Karolin Seeger at 2021-01-12T09:06:29+00:00
WHATSNEW: Add new parameters.
Signed-off-by: Karolin Seeger <kseeger at samba.org>
- - - - -
081afc49 by Karolin Seeger at 2021-01-12T10:12:02+00:00
WHATSNEW: Change order.
Signed-off-by: Karolin Seeger <kseeger at samba.org>
Autobuild-User(master): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(master): Tue Jan 12 10:12:02 UTC 2021 on sn-devel-184
- - - - -
ab770017 by Jeremy Allison at 2021-01-13T17:02:34+00:00
s3: smbd: Factor out setting up case parameters for a share to a function - conn_setup_case_options().
Will allow it to be reused in the msdfs temporary share code.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14612
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
- - - - -
39ce7332 by Jeremy Allison at 2021-01-13T18:14:31+00:00
s3: smbd: Add call to conn_setup_case_options() to create_conn_struct_as_root().
Ensures temporary DFS share doesn't leave the case parameters set
as zero (i.e.:
conn->case sensitive = 0
conn->share_case_preserve = 0
and default case is lower
which can cause problems doing a DFS_GET_REFERRALS request).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14612
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
Autobuild-User(master): Anoop C S <anoopcs at samba.org>
Autobuild-Date(master): Wed Jan 13 18:14:31 UTC 2021 on sn-devel-184
- - - - -
33806a9e by Andreas Schneider at 2021-01-13T20:28:34+00:00
s3:utils: Remove unused header and deps from destroy_netlogon_creds_cli
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
c6ce7f2d by Andreas Schneider at 2021-01-13T20:28:34+00:00
s3:utils: Fix header and deps of mvxattr
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
e0ef27f0 by Andreas Schneider at 2021-01-13T20:28:34+00:00
s3:utils: Remove unused popt_common.h header from net_rpc_shell.c
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
e8eecc8a by Andreas Schneider at 2021-01-13T20:28:34+00:00
s3:utils: Remove unused popt_common.h header from net_vfs.c
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
0f482794 by Andreas Schneider at 2021-01-13T20:28:34+00:00
s3:utils: Remove unused popt_common.h header from log2pcaphex.c
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
999cbc47 by Andreas Schneider at 2021-01-13T20:28:34+00:00
s3:waf: Do not link smbspool against popt_samba3
This isn't used at all.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
ce3a3c7e by Andreas Schneider at 2021-01-13T20:28:34+00:00
s3:waf: Do not link tevent_glib_glue_test against popt_samba3
This isn't used at all.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
be18d600 by Andreas Schneider at 2021-01-13T20:28:34+00:00
s3:libsmb: Pass cli_credentials to get_ipc_connect()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
78c4043a by Andreas Schneider at 2021-01-13T20:28:34+00:00
s3:libsmb: Pass cli_credentials to get_ipc_connect_master_ip()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
181afa9f by Andreas Schneider at 2021-01-13T21:32:52+00:00
s3:libsmb: Use cli_credentials directly
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Wed Jan 13 21:32:52 UTC 2021 on sn-devel-184
- - - - -
4e624478 by Gary Lockyer at 2021-01-13T23:52:38+00:00
s4 auth ntlm: Fix integer overflow in authsam_password_check_and_record
Fix a ubsan detected integer overflow.
../../source4/auth/ntlm/auth_sam.c:445:56: runtime error:
signed integer overflow: 60 * 600000000
cannot be represented in type 'int'
In practice this meant that the default for the smb.conf parameter
"old password allowed period" was approximately 16 seconds, rather than
the intended 60 minutes. Similarly the value used would be 22.5 times
less than the value specified in smd.conf.
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Jan 13 23:52:38 UTC 2021 on sn-devel-184
- - - - -
3fdfb79a by Stefan Metzmacher at 2021-01-14T11:30:38+00:00
s3:smbd: rearrange move_smb_fname_fsp_link a bit
We only modify smb_fname_src on success.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
932c27e2 by Stefan Metzmacher at 2021-01-14T11:30:38+00:00
s3:smbd: let fsp_smb_fname_link() set both sides of the link
We also need to be sure both sides were not linked before.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
1ab038b7 by Stefan Metzmacher at 2021-01-14T11:30:38+00:00
s3:smbd: let fsp_set_smb_fname() always link fsp to fsp->fsp_name->fsp
This was only done if fsp->fsp_name already existed, but not the first time.
This also makes sure we modify fsp->fsp_name and fsp->name_hash only on success.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
347edf7e by Stefan Metzmacher at 2021-01-14T11:30:38+00:00
s3:smbd: split out a fsp_attach_smb_fname() helper function
It's useful to watch this using: git show --histogram
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
cff29e58 by Stefan Metzmacher at 2021-01-14T11:30:38+00:00
s3:smbd: let openat_pathref_fsp() allocate fsp->fsp_name directly on fsp
Otherwise we'll always keep the current talloc_stackframe arround.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
c2e7256b by Stefan Metzmacher at 2021-01-14T11:30:38+00:00
s3:smbd: let openat_pathref_fsp() make use of fsp_attach_smb_fname()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
30134630 by Stefan Metzmacher at 2021-01-14T11:30:38+00:00
s3:smbd: let open_pathref_base_fsp() make use of smb_fname_fsp_unlink()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
d6949f0f by Stefan Metzmacher at 2021-01-14T11:30:38+00:00
s3:smbd: let open_directory() also use fd_open_atomic() as reopen_from_procfd() fallback
Calling fd_open_atomic() without O_CREAT is the same as calling
fd_openat() directly, so we can also use it to open an existing
directory.
In the next step we'll move the reopen_from_procfd() fallback logic to
a single helper function.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
38ae1599 by Stefan Metzmacher at 2021-01-14T11:30:38+00:00
s3:smbd: don't pass an unused smb_fname to reopen_from_procfd()
Both callers pass in a helper variable that points to
fsp->fsp_name and it was only used for a debug message,
so we can simply use fsp_str_dgb() instead.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
8d79764a by Stefan Metzmacher at 2021-01-14T11:30:38+00:00
s3:smbd: introduce a reopen_from_fsp() helper function
In future we may move the reopen logic to the VFS,
but for now we just keep it in one place.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
9b1dc2a4 by Stefan Metzmacher at 2021-01-14T11:30:38+00:00
s3:smbd: make sure openat_pathref_fsp() calls fd_close(fsp->base_fsp);
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
e1a10b58 by Stefan Metzmacher at 2021-01-14T11:30:38+00:00
s3:smbd: let call_trans2findfirst() use file_free() instead of fsp_free()
This makes sure we call vfs_remove_all_fsp_extensions() before
fsp_free() is called from within file_free(). And allows us to
make 'fsp_free()' static in the next commits.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
eae7ce8a by Ralph Boehme at 2021-01-14T11:30:38+00:00
s3:smbd: turn assignment into assert check in call_trans2findfirst()
The pathref fsp link destructor will set smb_dname->fsp to NULL. Turning this
into an assert to give a hint at readers of the code trying to understand the
mechanics.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
bcac1dab by Ralph Boehme at 2021-01-14T11:30:38+00:00
s3:smbd: close pathref fsp in call_trans2findfirst()
Before freeing the fsp we have to close the handle.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
81b6931b by Stefan Metzmacher at 2021-01-14T11:30:38+00:00
s3:smbd: let vfs_default_durable_reconnect() use file_free()
We should always go through file_free(), which calls fsp_free() at the end.
Most things in file_free() may not apply to all
vfs_default_durable_reconnect() cases, but we want fsp_free() to become
static to files.c
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
7dc9a84b by Stefan Metzmacher at 2021-01-14T11:30:38+00:00
s3:smbd: make fsp_free() static, it should only ever be called by file_free()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
22bebaf8 by Stefan Metzmacher at 2021-01-14T11:30:38+00:00
s3:smbd: split out create_internal_fsp() from create_internal_dirfsp()
That will be useful in other places as well.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
87b4a8f3 by Stefan Metzmacher at 2021-01-14T11:30:38+00:00
s3:smbd: fix the error cleanup in create_file_unixpath()
We always need to cleanup the base_fsp!
Signed-off-by: Stefan Metzmacher <metze at samba.org>
- - - - -
42c60703 by Stefan Metzmacher at 2021-01-14T11:30:38+00:00
s3:smbd: remove duplicate assignment of base_fsp in create_file_unixpath()
This has already been set a few lines above. The duplicate was the result of
restructuring create_file_unixpath() a few months ago, allocating fsp in
create_file_unixpath() instead of in the callees open_file_ntcreate() or
open_directory() respectively.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
928382f2 by Stefan Metzmacher at 2021-01-14T11:30:38+00:00
s3:smbd: add fsp_set_base_fsp() helper
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
930b6bb3 by Stefan Metzmacher at 2021-01-14T11:30:38+00:00
s3:smbd: make use of fsp_set_base_fsp() when changing fsp->base_fsp
This allows us to add some more logic for bi-directional linking between
base and stream fsp in the next commits.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
20187c6f by Stefan Metzmacher at 2021-01-14T11:30:38+00:00
s3:smbd: make sure a SHUTDOWN_CLOSE applies to a stream fsp before its base fsp
Before we had open_pathref_fsp() we had the stream fsp before the base
fsp in the linked list we traverse for SHUTDOWN_CLOSE.
Now the order has changed. I could have used some DLIST_PROMOTE()
hacks, but that's still fragile.
Now we reference both fsp's via ->base_fsp and ->stream_fsp.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
9c277b27 by Stefan Metzmacher at 2021-01-14T11:30:38+00:00
s3:smbd: allow close_file() with a non-fsa fsp for {SHUTDOWN,ERROR}_CLOSE
Such an fsp was typically created via create_internal_fsp() and
opened via fd_openat() without going through SMB_VFS_CREATE_FILE(),
so they should be closed via fd_close().
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
da052dde by Stefan Metzmacher at 2021-01-14T12:40:56+00:00
s3:smbd: simplify the error handling in create_file_unixpath()
We can just call close_file(req, fsp, ERROR_CLOSE), as it handles
non-fsa fsp's and base_fsp's just fine.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Thu Jan 14 12:40:56 UTC 2021 on sn-devel-184
- - - - -
5ef25729 by Volker Lendecke at 2021-01-14T13:29:35+00:00
tdb: Fix CID 1471761 String not null terminated
This is a false positive (in is length 3 initialized to 0), but this
patch does not hurt
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
- - - - -
8d5fb1ad by Volker Lendecke at 2021-01-14T13:29:35+00:00
vfs_fruit: Fix CID 1471760 Dereference null return value
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
- - - - -
acca9ec4 by Volker Lendecke at 2021-01-14T13:29:35+00:00
vfs_fruit: Fix CID 1471764 Dereference null return value
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
- - - - -
dcc8f37a by Volker Lendecke at 2021-01-14T13:29:35+00:00
rpc_server: Simplify find_policy_by_hnd_internal()
Best viewed with "git show -b". Use the typical pattern of an early
error return.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
- - - - -
8488b16f by Volker Lendecke at 2021-01-14T13:29:35+00:00
rpc_server: Use make_base_pipes_struct() in dcesrv_ncacn_accept_step2()
make_server_pipes_struct() is just a simple wrapper.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
- - - - -
562e4865 by Volker Lendecke at 2021-01-14T13:29:35+00:00
rpc_server: Use make_base_pipes_struct() in make_internal_rpc_pipe_socketpair()
make_server_pipes_struct() is just a simple wrapper.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
- - - - -
a21867bc by Volker Lendecke at 2021-01-14T13:29:35+00:00
rpc_server: Remove unused make_server_pipes_struct()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
- - - - -
51f5631b by Volker Lendecke at 2021-01-14T13:29:35+00:00
tsocket: Fix a few typos
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
- - - - -
33f7aac8 by Volker Lendecke at 2021-01-14T13:29:35+00:00
rpc_server: Make dcerpc_ncacn_accept() take tsocket_address **
dcerpc_ncacn_accept() talloc_move's the addresses away from the
caller's talloc hierarchy. Don't leave pointers around in the caller.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
- - - - -
834f9e15 by Volker Lendecke at 2021-01-14T13:29:35+00:00
lib: Fix typos
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
- - - - -
cc9ade9b by Volker Lendecke at 2021-01-14T13:29:35+00:00
lib: Initialize variables in prefork_listen_accept_handler()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
- - - - -
50dada72 by Volker Lendecke at 2021-01-14T13:29:35+00:00
rpc_server: Direct pointer initialization in dcesrv_ncacn_np_accept_done()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
- - - - -
6482bee2 by Volker Lendecke at 2021-01-14T13:29:35+00:00
rpc_server: Move setting ip-based socket options
All ncacn_ip_tcp listener sockets are created via
dcesrv_create_ncacn_ip_tcp_socket(). Moving setting the socket options
out of dcesrv_setup_ncacn_ip_tcp_socket() to remove a special case for
TCP from the dcesrv_setup_* family of routines.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
- - - - -
94f48f34 by Volker Lendecke at 2021-01-14T13:29:35+00:00
rpc_server: Add dcesrv_setup_ncacn_listener()
This is supposed to replace the protocol-specific dcerpc_setup_*
functions. They are all very similar except the way to create the
socket file descriptor. By handing out the anonymous structure
"listen_state" for an error path the listener tevent_fd structs can be
cancelled individually or handed over to other talloc parents.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
- - - - -
8004fb4a by Volker Lendecke at 2021-01-14T13:29:35+00:00
rpc_server: Use dcesrv_setup_ncacn_listener() in dcesrv_setup_endpoint_sockets()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
- - - - -
9bb5b326 by Volker Lendecke at 2021-01-14T14:35:58+00:00
rpc_server: Remove protocol-specific dcerpc_setup_ routines
These are all just stream sockets, being taken care of by
dcesrv_setup_ncacn_listener()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Thu Jan 14 14:35:58 UTC 2021 on sn-devel-184
- - - - -
6c421f52 by Ralph Boehme at 2021-01-14T16:05:10+00:00
s3/rpc_server: add deps of rpc_mdssvc_module
This allows removing allow_undefined_symbols=True.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Thu Jan 14 16:05:10 UTC 2021 on sn-devel-184
- - - - -
9eef705e by Ralph Boehme at 2021-01-14T17:55:33+00:00
pysmbd: call vfs_stat() in set_sys_acl_conn()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c77140fd by Ralph Boehme at 2021-01-14T17:55:33+00:00
libadouble: call vfs_stat() in ad_convert_xattr()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
93f4cb97 by Ralph Boehme at 2021-01-14T17:55:33+00:00
libadouble: call vfs_stat() in ad_convert_finderinfo()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f84bc4b0 by Ralph Boehme at 2021-01-14T17:55:33+00:00
libadouble: assert valid stat in ad_unconvert_get_streams()
All callers already stat the path, just add a check that asserts this.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
21c76654 by Ralph Boehme at 2021-01-14T17:55:33+00:00
printing: call vfs_stat() in driver_unlink_internals()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d1726b8e by Ralph Boehme at 2021-01-14T17:55:33+00:00
smbd: call vfs_stat() in mkdir_internal()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
965c6d89 by Ralph Boehme at 2021-01-14T17:55:33+00:00
smbd: inherit st_ex_mode to basename from stream name in create_file_unixpath()
This ensures smb_fname_base knows if it's a file or directory.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
63e6653b by Ralph Boehme at 2021-01-14T19:00:05+00:00
vfs: The New VFS
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Jan 14 19:00:05 UTC 2021 on sn-devel-184
- - - - -
fdcdfcee by Stefan Metzmacher at 2021-01-15T07:26:29+00:00
libcli/smb: Change some checks to SMB_ASSERTS
If we end up here, it's definitely a programming error in the basic
parsing layer of the SMB2 packet.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14607
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
0abb5ca6 by Jeremy Allison at 2021-01-15T07:26:29+00:00
libcli/smb: Allow smb2cli_validate_negotiate_info_done() to ignore NT_STATUS_INVALID_PARAMETER.
This can be returned from NetApp Ontap 7.3.7 SMB server
implementations. Now we have ensured smb2_signing_check_pdu()
cannot return NT_STATUS_INVALID_PARAMETER on a signing error
it's safe to check this error code here. Windows 10
clients ignore this error from the NetApp.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14607
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
508ed5b4 by Stefan Metzmacher at 2021-01-15T07:26:29+00:00
libcli/smb: split out smb2cli_ioctl_parse_buffer()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14607
Pair-Programmed-With: Volker Lendecke <vl at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Volker Lendecke <vl at samba.org>
- - - - -
3db56602 by Stefan Metzmacher at 2021-01-15T07:26:29+00:00
s4:torture/smb2: add samba3.smb2.ioctl.bug14607
FSCTL_SMBTORTURE_IOCTL_RESPONSE_BODY_PADDING8 will be used
to trigger an SMB2 IOCTL response with extra padding.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14607
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
39c0d2b6 by Stefan Metzmacher at 2021-01-15T07:26:29+00:00
smbd: implement FSCTL_SMBTORTURE_IOCTL_RESPONSE_BODY_PADDING8 as reproducer for bug 14607
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14607
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
4c6c71e1 by Stefan Metzmacher at 2021-01-15T08:36:34+00:00
libcli/smb: allow unexpected padding in SMB2 IOCTL responses
A NetApp Ontap 7.3.7 SMB server add 8 padding bytes to an
offset that's already 8 byte aligned.
RN: Work around special SMB2 IOCTL response behavior of NetApp Ontap 7.3.7
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14607
Pair-Programmed-With: Volker Lendecke <vl at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Fri Jan 15 08:36:34 UTC 2021 on sn-devel-184
- - - - -
97089ab7 by Björn Baumbach at 2021-01-15T15:24:37+00:00
doc/samba-tool: describe command parameters for "group listmembers" command
Signed-off-by: Björn Baumbach <bb at sernet.de>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
ac621a06 by Björn Baumbach at 2021-01-15T15:24:37+00:00
doc/samba-tool: describe command parameters for "user list" command
Signed-off-by: Björn Baumbach <bb at sernet.de>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
7dad13cc by Björn Baumbach at 2021-01-15T15:24:37+00:00
samba-tool: Optionally hide disabled/expired accounts in "user list"
--hide-expired Do not list expired user accounts
--hide-disabled Do not list disabled user accounts
Signed-off-by: Björn Baumbach <bb at sernet.de>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
e84f8bdf by Björn Baumbach at 2021-01-15T16:34:11+00:00
samba-tool: Optionally hide disabled/expired accounts in "group listmembers"
--hide-expired Do not list expired group members
--hide-disabled Do not list disabled group members
Signed-off-by: Björn Baumbach <bb at sernet.de>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Fri Jan 15 16:34:11 UTC 2021 on sn-devel-184
- - - - -
8291c13f by Jeremy Allison at 2021-01-15T20:56:28+00:00
s3: VFS: ceph: Fix cephwrap_mkdirat() to cope with real directory fsps.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
30d98575 by Jeremy Allison at 2021-01-15T20:56:28+00:00
s3: VFS: ceph: Fix cephwrap_mknodat() to cope with real directory fsps.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
163a6802 by Jeremy Allison at 2021-01-15T20:56:28+00:00
s3: VFS: glusterfs: Fix missing END_PROFILE() in mkdirat() return.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
30af87f4 by Jeremy Allison at 2021-01-15T20:56:28+00:00
s3: VFS: glusterfs: Fix vfs_gluster_mknodat() to cope with a real dirfsp.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
ebcde172 by Jeremy Allison at 2021-01-15T20:56:28+00:00
s3: smbd: Move creation of parent_fname out of lp_inherit_permissions() clause in smb_unix_mknod().
We will need this for the upcoming openat_pathref_fsp() use.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
77fc6894 by Jeremy Allison at 2021-01-15T20:56:28+00:00
s3: smbd: Change smb_unix_mknod() to use a real directory fsp for SMB_VFS_MKNODAT().
New VFS change.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
5feabb64 by Ralph Boehme at 2021-01-15T20:56:28+00:00
vfs: update status of SMB_VFS_MKNODAT()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
33e1f3ca by Ralph Boehme at 2021-01-15T20:56:28+00:00
pysmbd: use real dirfsp for SMB_VFS_MKDIRAT()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
2a11c8f7 by Ralph Boehme at 2021-01-15T20:56:28+00:00
vfs: update status of SMB_VFS_MKDIRAT()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
b96c2cf0 by Ralph Boehme at 2021-01-15T22:01:55+00:00
vfs: directory enumeration is now handle based
Remove obsolete description. Also remove SMB_VFS_STATX() as I don't see a need
for that atm.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Jan 15 22:01:55 UTC 2021 on sn-devel-184
- - - - -
c8e8ea23 by Jeremy Allison at 2021-01-17T04:43:31+00:00
s3: VFS: ceph: Fix cephwrap_symlinkat() to cope with real directory fsps.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
35f2c764 by Jeremy Allison at 2021-01-17T04:43:31+00:00
s3: VFS: glusterfs: Fix vfs_gluster_symlinkat() to cope with a real dirfsp.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
f09ea26e by Jeremy Allison at 2021-01-17T04:43:31+00:00
s3: smbd: Change smb_set_file_unix_link() to use a real directory fsp for SMB_VFS_SYMLINKAT().
New VFS change.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
009b5265 by Jeremy Allison at 2021-01-17T05:48:14+00:00
vfs: update status of SMB_VFS_SYMLINKAT()
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Sun Jan 17 05:48:14 UTC 2021 on sn-devel-184
- - - - -
6fd55797 by Andreas Schneider at 2021-01-19T16:15:21+00:00
libcli:smb: Fix a typo in a debug message
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Tue Jan 19 16:15:21 UTC 2021 on sn-devel-184
- - - - -
13485bce by Björn Baumbach at 2021-01-21T13:57:30+01:00
WHATSNEW.txt: Miscellaneous samba-tool changes
Signed-off-by: Björn Baumbach <bb at sernet.de>
Reviewed-by: Karolin Seeger <kseeger at samba.org>
- - - - -
715b208b by Karolin Seeger at 2021-01-21T13:57:30+01:00
script/release.sh: always select the GPG key by it's ID
Signed-off-by: Karolin Seeger <kseeger at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
- - - - -
38a278b1 by Karolin Seeger at 2021-01-21T13:57:45+01:00
ReleaseKey: add GnuPG key transition statement for the Samba release key
Signed-off-by: Karolin Seeger <kseeger at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
- - - - -
80d14464 by Karolin Seeger at 2021-01-21T13:58:22+01:00
WHATSNEW: Add release notes for Samba 4.14.0rc1.
Signed-off-by: Karolin Seeger <kseeger at samba.org>
- - - - -
60cae14d by Karolin Seeger at 2021-01-21T13:58:22+01:00
VERSION: Disable GIT_SNAPSHOT for the 4.14.0rc1 release.
Signed-off-by: Karolin Seeger <kseeger at samba.org>
- - - - -
17c3e4a7 by Karolin Seeger at 2021-01-21T13:58:22+01:00
VERSION: Bump version up to 4.15.0pre1...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Karolin Seeger <kseeger at samba.org>
- - - - -
ff16c74e by Karolin Seeger at 2021-01-21T13:58:22+01:00
WHATSNEW: Start release notes for Samba 4.15.0pre1.
Signed-off-by: Karolin Seeger <kseeger at samba.org>
- - - - -
1052314d by Stefan Metzmacher at 2021-01-21T13:35:33+00:00
s3:adouble: rewrite ad_open_rsrc() as adouble_open_rsrc_fsp() using create_internal_fsp()
"._" AppleDouble files are hidden by vfs_fruit by default, so there's no
need to go through a full SMB_VFS_CREATE_FILE() for them.
They don't need an smbXsrv_open_global.tdb entry nor a locking.tdb
entry, so we just open them with fd_openat().
This avoids a recursion deadlock in get_share_mode_lock() when closing
the ':AFP_Resource' stream.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
db743ab0 by Stefan Metzmacher at 2021-01-21T13:35:33+00:00
share_mode_lock: DEBUG/ASSERT recursion deadlock detection
This situation should never happen!
The known trigger is fixed with the change to adouble_open_rsrc_fsp()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
c45a8d75 by Stefan Metzmacher at 2021-01-21T13:35:33+00:00
s3:adouble: allow ad_fget/ad_get_internal to be used with a backend fsp
Up to now we only passed in stream fsp, but that will change shortly.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
d62c670c by Stefan Metzmacher at 2021-01-21T13:35:33+00:00
s3:adouble: add adouble_open_from_base_fsp()
For now we only support ADOUBLE_RSRC, but that might change in future.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
94799dc8 by Stefan Metzmacher at 2021-01-21T13:35:33+00:00
vfs_fruit: let fruit_open_rsrc_adouble() return errno = EISDIR
That hopefully makes the check that ':AFP_Resource' can't
be created on directories.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
0b8c6e73 by Stefan Metzmacher at 2021-01-21T13:35:33+00:00
vfs_fruit: add fruit_get_complete_fio() helper
This will make it easier to hide some fsp extension later.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
480516e3 by Stefan Metzmacher at 2021-01-21T14:47:53+00:00
vfs_fruit: make use of adouble_open_from_base_fsp(ADOUBLE_RSRC) in fruit_open_rsrc_adouble()
The key is that we return a fake_fd to the caller and only open
the '._' file in the background.
The next vfs backend should only see the fsp from
adouble_open_from_base_fsp, while the vfs backends above
should only see the fake_fd.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Thu Jan 21 14:47:53 UTC 2021 on sn-devel-184
- - - - -
e6af3396 by Jeremy Allison at 2021-01-21T21:48:30+00:00
VFS: cap: Fixup cap_mknodat() to cope with translating dirfsp path.
Missed in my original fixes.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Böhme <slow at samba.org>
- - - - -
4135a5cc by Jeremy Allison at 2021-01-21T21:48:30+00:00
VFS: full_audit: Fixup smb_full_audit_mknodat() to log the dirfsp path.
Missed in my original fixes.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Böhme <slow at samba.org>
- - - - -
db5744f0 by Jeremy Allison at 2021-01-21T21:48:30+00:00
VFS: media_harmony: Fixup mh_mknodat() to correctly use the dirfsp path.
Missed in my original fixes.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Böhme <slow at samba.org>
- - - - -
2f74056a by Jeremy Allison at 2021-01-21T21:48:30+00:00
VFS: shadow_copy2: Fixup shadow_copy2_mknodat() to correctly use the dirfsp path.
Missed in my original fixes.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Böhme <slow at samba.org>
- - - - -
4c004d16 by Jeremy Allison at 2021-01-21T21:48:30+00:00
VFS: syncops: Fixup all uses of the SYNCOPS_NEXT_SMB_FNAME macro to correctly use the dirfsp path.
Remove the temp solution added to syncops_mkdirat()
as we now have a generic fix.
Missed in my original fixes.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Böhme <slow at samba.org>
- - - - -
9884d178 by Jeremy Allison at 2021-01-21T21:48:30+00:00
VFS: time_audit: Fixup smb_time_audit_mknodat() to log the dirfsp path.
Missed in my original fixes.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Böhme <slow at samba.org>
- - - - -
83686ff1 by Jeremy Allison at 2021-01-21T21:48:30+00:00
VFS: unityed_media: Fix um_mkdirat() to correctly look at the full pathname.
Missed in the original mkdirat fixes.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Böhme <slow at samba.org>
- - - - -
e02b3484 by Jeremy Allison at 2021-01-21T21:48:30+00:00
VFS: unityed_media: Fixup um_mknodat() to correctly use the dirfsp path.
Missed in my original fixes.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Böhme <slow at samba.org>
- - - - -
e1fc8413 by Ralph Boehme at 2021-01-21T21:48:30+00:00
selftest: use correct DNS domain name for wrapper hosts file
For some reason the join fails to register the DNS records when provisioning the
member env:
Using short domain name -- SAMBA2008R2
Joined 'IDMAPADMEMBER' to dns domain 'samba2008r2.example.com'
DNS Update for idmapadmember.samba.example.com failed: ERROR_DNS_UPDATE_FAILED
At the same time the hosts file used by the wrappers contains the wrong fqdn. As
a result the test that the next commit is going do add fails due do the broken
DNS resolution:
...
UNEXPECTED(failure): samba3.blackbox.winbind_ignore_domain.test_winbind_ignore_domains_ok_krb5(ad_member_idmap_ad:local)
REASON: Exception: Exception: do_connect: Connection to idmapadmember.samba2008r2.example.com failed (Error NT_STATUS_UNSUCCESSFUL)
...
Checking DNS in the testenv, first the working record for the main DC:
testenv$ dig @10.53.57.64 dc7.samba2008r2.example.com +short
10.53.57.27
testenv$ bin/samba-tool dns query dc7 samba2008r2.example.com dc7 A -U Administrator%locDCpass7
Name=, Records=1, Children=0
A: 10.53.57.27 (flags=f0, serial=1, ttl=900)
Now the failing idmapadmember:
testenv$ dig @10.53.57.64 idmapadmember.samba2008r2.example.com +short
testenv$ bin/samba-tool dns query dc7 samba2008r2.example.com idmapadmember A -U Administrator%locDCpass7
ERROR: Record or zone does not exist.
Fixing the hosts file lets the tests work, fixing the broken DNS record
registration is a task for another day.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14602
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
81edc65e by Ralph Boehme at 2021-01-21T21:48:30+00:00
winbind: move config-reloading code to winbindd_dual.c
In preperation of forwarding MSG_SMB_CONF_UPDATED to all childs.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14602
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
0c4497f8 by Ralph Boehme at 2021-01-21T21:48:30+00:00
winbind: set logfile after reloading config
lp_load_global() will overwrite whatever we've set with lp_set_logfile().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14602
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
072ef480 by Ralph Boehme at 2021-01-21T21:48:30+00:00
winbind: handle MSG_SMB_CONF_UPDATED in the winbinds children
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14602
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
32197d21 by Ralph Boehme at 2021-01-21T21:48:30+00:00
selftest: add a test for "winbind:ignore domains"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14602
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
894caca7 by Ralph Boehme at 2021-01-21T21:48:30+00:00
winbind: move "winbind:ignore domain" logic to a seperate function
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14602
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
4cefdf03 by Ralph Boehme at 2021-01-21T21:48:30+00:00
winbind: check for allowed domains in winbindd_dual_pam_auth()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14602
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c17bc9c6 by Ralph Boehme at 2021-01-21T21:48:30+00:00
winbind: check for allowed domains in winbindd_dual_pam_auth_crap()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14602
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
4bc17600 by Ralph Boehme at 2021-01-21T21:48:30+00:00
winbind: check for allowed domains in winbindd_dual_pam_chng_pswd_auth_crap()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14602
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
88e92faa by Ralph Boehme at 2021-01-21T21:48:30+00:00
winbind: check for allowed domains in winbindd_dual_pam_chauthtok()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14602
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
da474ddd by Ralph Boehme at 2021-01-21T21:48:30+00:00
winbind: check for allowed domains in winbindd_pam_auth_pac_verify()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14602
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
df5fe2d8 by Ralph Boehme at 2021-01-21T21:48:30+00:00
s3/auth: implement "winbind:ignore domains"
Under the following conditions a user from an ignored domain might be able to
authenticate:
- using Kerberos
- successfully previous authentication so the idmap and name caches are filled
- winbind not running (fwiw, winbindd is mandatory on a domain member)
- nscd running with a cached getpwnam for the ignored user (otherwise auth fails
because getpwnam fails)
- lookup_name() function being modified to look into the name cache before
contacting winbindd. Currently it talks directly to winbindd and that will
check the cache.
Currently, authentication will only fail because creating the local token for
the user fails because an LSA lookupname RPC call fails (because winbindd is not
running).
All of this makes a successfull authentication unlikelly, but that is more by
accident then by design.
To ensures that if winbindd is not running and as such winbindd itself can not
enforce the restriction, also implement the ignored domains check in the auth
system as a last line of defense.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14602
RN: "winbind:ignore domains" doesn't prevent user login from trusted domain
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
73528f26 by Ralph Boehme at 2021-01-21T22:56:20+00:00
winbind: remove legacy flags fallback
Some very old NT4 DCs might have not returned the account flags filled in. This
shouldn't be a problem anymore. Additionally, on a typical domain member server,
this request is (and can only be) send to the primary domain, so this will not
work with accounts from trusted domains.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Jan 21 22:56:20 UTC 2021 on sn-devel-184
- - - - -
d8339056 by Stefan Metzmacher at 2021-01-22T11:32:46+00:00
s3:idmap_hash: reliable return ID_TYPE_BOTH
idmap_hash used to bounce back the requested type,
which was ID_TYPE_UID, ID_TYPE_GID or ID_TYPE_NOT_SPECIFIED
before as the winbindd parent always used a lookupsids.
When the lookupsids failed because of an unknown domain,
the idmap child weren't requested at all and the caller
sees ID_TYPE_NOT_SPECIFIED.
This module should have supported ID_TYPE_BOTH since
samba-4.1.0, similar to idmap_rid and idmap_autorid.
Now that the winbindd parent will pass ID_TYPE_BOTH in order to
indicate that the domain exists, it's better to always return
ID_TYPE_BOTH instead of a random mix of ID_TYPE_UID, ID_TYPE_GID
or ID_TYPE_BOTH. In order to request a type_hint it will return
ID_REQUIRE_TYPE for ID_TYPE_NOT_SPECIFIED, which means that
the parent at least assures that the domain sid exists.
And the caller still gets ID_TYPE_NOT_SPECIFIED if the
domain doesn't exist.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Fri Jan 22 11:32:46 UTC 2021 on sn-devel-184
- - - - -
d6c3faa1 by Volker Lendecke at 2021-01-22T19:54:37+00:00
rpc_server: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
7d0981f5 by Volker Lendecke at 2021-01-22T19:54:37+00:00
lib: Avoid an "includes.h"
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c5c9406b by Volker Lendecke at 2021-01-22T19:54:37+00:00
lib: Use hex_byte() in strhex_to_str()
I had completely missed that one in the last round...
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d6d49638 by Volker Lendecke at 2021-01-22T19:54:37+00:00
vfs: Simplify vfs_gluster_getwd()
Avoid a malloc, we allocate PATH_MAX chars on the stack elsewhere too
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ec4850d5 by Volker Lendecke at 2021-01-22T19:54:37+00:00
rpc_server: Slightly simplify dcesrv_bind()
We have already dereferenced call->conn in a variable, use that.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
b417fd19 by Volker Lendecke at 2021-01-22T19:54:37+00:00
rpc_server: Slightly simplify dcesrv_bind()
Factor out dereferencing conn->dce_ctx
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
40e49589 by Volker Lendecke at 2021-01-22T19:54:38+00:00
lib: Make accept_recv() return struct samba_sockaddr
Avoid casting problems by using the samba_sockaddr union
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
5a018c70 by Volker Lendecke at 2021-01-22T19:54:38+00:00
smbcacls: Simplify sec_desc_parse()
Don't use SMB_CALLOC_ARRAY for just one element.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
3fa00ac3 by Volker Lendecke at 2021-01-22T19:54:38+00:00
libsmb: Simplify sec_desc_parse()
Avoid CALLOC for just one struct dom_sids
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d4bbaee8 by Volker Lendecke at 2021-01-22T19:54:38+00:00
libsmb: Simplify add_ace()
Use ADD_TO_ARRAY()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f8f58301 by Volker Lendecke at 2021-01-22T19:54:38+00:00
smbcacls: Simplify add_ace_with_ctx()
Use ADD_TO_ARRAY()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
90ea83b7 by Volker Lendecke at 2021-01-22T19:54:38+00:00
libcli: make_sec_acl() copies the ace_list, make that const
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
791b477c by Volker Lendecke at 2021-01-22T19:54:38+00:00
sharesec: Simplify add_ace()
Use ADD_TO_ARRAY
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c3ea181e by Volker Lendecke at 2021-01-22T19:54:38+00:00
smbd: Simplify sendfile_short_send()
Allocate 1024 bytes on the stack instead of using calloc
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
b4077f79 by Volker Lendecke at 2021-01-22T19:54:38+00:00
librpc: Fix a small memleak in epm_floor_string()
Use GUID_buf_string(), don't leak the output of GUID_string()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
fa9d4570 by Volker Lendecke at 2021-01-22T19:54:38+00:00
lib: Align integer types
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
181eb572 by Volker Lendecke at 2021-01-22T19:54:38+00:00
torture: Align integer types
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
10d3a1c0 by Volker Lendecke at 2021-01-22T19:54:38+00:00
rpc_server: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f055d3f7 by Volker Lendecke at 2021-01-22T19:54:38+00:00
rpc_server: Fix a "bool==true" condition
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e593f969 by Volker Lendecke at 2021-01-22T19:54:38+00:00
lib: Make accept_recv() return the listening socket
This is helpful if you are in a listening loop with the same receiver
for many sockets doing the same thing.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
b9f6e25f by Volker Lendecke at 2021-01-22T21:07:57+00:00
torture: Fix a gcc qualifier ordering warning
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Jan 22 21:07:57 UTC 2021 on sn-devel-184
- - - - -
29503c5b by Martin Schwenke at 2021-01-25T09:48:09+00:00
lib: Fix the build on FreeBSD
Commit 7d0981f5e78bc881ca6521932379c69604c33a38 broke the build on
FreeBSD:
[1589/3917] Compiling lib/util/util_runcmd.c
../../lib/util/util_runcmd.c:310:7: warning: implicit declaration of function 'WIFEXITED' is invalid in C99 [-Wimplicit-function-declaration]
if (WIFEXITED(status)) {
^
../../lib/util/util_runcmd.c:311:13: warning: implicit declaration of function 'WEXITSTATUS' is invalid in C99 [-Wimplicit-function-declaration]
status = WEXITSTATUS(status);
^
../../lib/util/util_runcmd.c:312:14: warning: implicit declaration of function 'WIFSIGNALED' is invalid in C99 [-Wimplicit-function-declaration]
} else if (WIFSIGNALED(status)) {
^
../../lib/util/util_runcmd.c:313:13: warning: implicit declaration of function 'WTERMSIG' is invalid in C99 [-Wimplicit-function-declaration]
status = WTERMSIG(status);
^
4 warnings generated.
[1590/3917] Linking bin/default/source4/dsdb/libsamdb-common-samba4.so
ld: error: undefined symbol: WIFEXITED
>>> referenced by util_runcmd.c
>>> lib/util/util_runcmd.c.94.o:(samba_runcmd_io_handler)
ld: error: undefined symbol: WEXITSTATUS
>>> referenced by util_runcmd.c
>>> lib/util/util_runcmd.c.94.o:(samba_runcmd_io_handler)
ld: error: undefined symbol: WIFSIGNALED
>>> referenced by util_runcmd.c
>>> lib/util/util_runcmd.c.94.o:(samba_runcmd_io_handler)
ld: error: undefined symbol: WTERMSIG
>>> referenced by util_runcmd.c
>>> lib/util/util_runcmd.c.94.o:(samba_runcmd_io_handler)
clang: error: linker command failed with exit code 1 (use -v to see invocation)
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Mon Jan 25 09:48:09 UTC 2021 on sn-devel-184
- - - - -
d0260cb8 by Volker Lendecke at 2021-01-25T11:09:30+00:00
vfs: Remove an unused variable from zfs_get_nt_acl_common()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
da3b00f5 by Volker Lendecke at 2021-01-25T12:16:11+00:00
vfs: Fix the FreeBSD build
fd_handle is private now
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Mon Jan 25 12:16:11 UTC 2021 on sn-devel-184
- - - - -
f0aa3901 by Volker Lendecke at 2021-01-26T00:10:31+00:00
rpc_server: Remove an unused function parameter
dcesrv_create_endpoint_sockets() doesn't need dce_ctx.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
cc456ac8 by Volker Lendecke at 2021-01-26T00:10:31+00:00
rpc_server: Pass dcerpc_binding to dcesrv_create_ncalrpc_socket()
It does not need a dcesrv_endpoint.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e74d5208 by Volker Lendecke at 2021-01-26T00:10:31+00:00
rpc_server: Pass dcerpc_binding to dcesrv_create_ncacn_ip_tcp_sockets()
It does not need a dcesrv_endpoint.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1c889f44 by Volker Lendecke at 2021-01-26T00:10:31+00:00
rpc_server: Pass dcerpc_binding to dcesrv_create_ncacn_np_socket()
It does not need a dcesrv_endpoint.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
27987e31 by Volker Lendecke at 2021-01-26T00:10:31+00:00
rpc_server: Factor out e->ep_description in dcesrv_create_endpoint_sockets()
e->ep_description is used a lot in this function.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
125c605e by Volker Lendecke at 2021-01-26T00:10:31+00:00
rpc_server: Move socket creation to rpc_sock_helper.[ch]
dcesrv_create_ncacn_ip_tcp_sockets() already was there, move the rest
as well. This makes dcesrv_create_ncacn_np_socket() static to
rpc_sock_helper.c.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d4e46cae by Volker Lendecke at 2021-01-26T00:10:31+00:00
rpc_server: Consolidate transport-specific socket creation
We had the transport switch in two places, put them together into
dcesrv_create_binding_sockets(). This makes the transport-specific
socket creation functions static to rpc_sock_helper.c.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
585b093c by Volker Lendecke at 2021-01-26T00:10:31+00:00
lib: Provide a meaningful errno if FD_CLOEXEC is missing
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
17a8fa6d by Volker Lendecke at 2021-01-26T01:13:53+00:00
rpc_server: Add CLOEXEC to the listening sockets
We don't want to leak them into exec'ed processes.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Jan 26 01:13:53 UTC 2021 on sn-devel-184
- - - - -
c44dad3a by Ralph Boehme at 2021-01-26T02:55:28+00:00
vfs_error_inject: add unlinkat hook
Note that a failure is only injected if the owner of the parent directory is not
the same as the current user.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14617
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f3f8fdfb by Ralph Boehme at 2021-01-26T02:55:28+00:00
selftest: add force_user_error_inject share in maptoguest env
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14617
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
aa1f09cd by Ralph Boehme at 2021-01-26T02:55:28+00:00
selftest: add a test that verifies unlink works when "force user" is set
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14617
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e06f86bb by Ralph Boehme at 2021-01-26T04:04:14+00:00
smbd: use fsp->conn->session_info for the initial delete-on-close token
There's a correctly set up session_info at fsp->conn->session_info, we can just
use that.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14617
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Jan 26 04:04:14 UTC 2021 on sn-devel-184
- - - - -
7114150f by Ralph Boehme at 2021-01-26T20:05:39+00:00
vfs_aixacl: fix regression from f4c2f867f035fcbe3d547d5635d058b0aec7636a
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14620
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Björn Jacke <bjacke at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Tue Jan 26 20:05:39 UTC 2021 on sn-devel-184
- - - - -
33d2071b by David Mulder at 2021-01-27T06:30:31+00:00
gpo: Test Group Policy VGP Symlink Policy
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
7ac29c8e by David Mulder at 2021-01-27T06:30:31+00:00
gpo: Apply Group Policy Symlink Policy from VGP
This adds a Group Policy extension which applies
symlink policies set by Vintela Group Policy in the
SYSVOL.
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
b9cba185 by David Mulder at 2021-01-27T06:30:31+00:00
samba-tool: Test gpo manage symlink list command
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
7e70d72d by David Mulder at 2021-01-27T06:30:31+00:00
samba-tool: Add a gpo command for listing VGP Symbolic Link Group Policy
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
7b2ecefd by David Mulder at 2021-01-27T06:30:31+00:00
samba-tool: Test gpo manage symlink add command
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
3fc89829 by David Mulder at 2021-01-27T06:30:31+00:00
samba-tool: Add a gpo command for adding VGP Symbolic Link Group Policy
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
5794c670 by David Mulder at 2021-01-27T06:30:31+00:00
samba-tool: Test gpo manage symlink remove command
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
709a6d64 by David Mulder at 2021-01-27T07:32:03+00:00
samba-tool: Add a gpo command for removing VGP Symbolic Link Group Policy
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Jan 27 07:32:03 UTC 2021 on sn-devel-184
- - - - -
1e471494 by Stefan Metzmacher at 2021-01-27T09:56:29+00:00
Makefile: add support for 'make testonly'
That skips any attempt to recompile before running the tests.
Some times that's useful for debugging and we'll
use it to split the build and test stages in autobuild and gitlab-ci
later.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
02301222 by Stefan Metzmacher at 2021-01-27T09:56:29+00:00
selftest: allow a prefix under /m/username/
We only want to match/replace only a '.' pathname component
not any single character pathname compoment!
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
719eccd4 by Stefan Metzmacher at 2021-01-27T09:56:29+00:00
selftest:Samba4: avoid File::Path 'make_path' in setup_dns_hub_internal()
While spliting the build and test stages I hit strange permission
problems, when a parent directory is missing,
which can be avoided by using plain mkdir() on each level.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
15b39160 by Stefan Metzmacher at 2021-01-27T09:56:29+00:00
selftest/Samba4: make more use of get_cmd_env_vars()
This simplifies the code a lot and makes it much easier to
add new environment variables in future.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
dce0bdc3 by Stefan Metzmacher at 2021-01-27T09:56:29+00:00
selftest/Samba4: correctly pass KRB5CCNAME to provision
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
568c7d38 by Stefan Metzmacher at 2021-01-27T09:56:29+00:00
selftest/Samba4: allow get_cmd_env_vars() to take an overwrite dictionary
This way we can use it on even in some special cases, where we combine
variables from multiple environments.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
e0d9b656 by Stefan Metzmacher at 2021-01-27T09:56:29+00:00
s3:selftest: run test_smbclient_tarmode.pl with a fixed subdirectory name
$PREFIX is the the value from --with-selftest-prefix.
The result of the test should not depend on --with-selftest-prefix,
the 'long_path' test in particular.
If the path is to long smbclient (via libarchive) will only
put the full path into a PAX HEADER as 'path' keyword,
that's fine in general, modern tools handle it just fine.
But Perl's Archive::Tar don't handle it and only seems
truncated file names.
I have a fix for Archive::Tar, see:
https://git.samba.org/?p=metze/samba/wip.git;a=shortlog;h=c75037d0a06a96cdaca3f3b20a6d237e768b075b
But finishing that is a task for another day, for now I just want to remove
the dependency to --with-selftest-prefix.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
d06f2c22 by Stefan Metzmacher at 2021-01-27T11:01:32+00:00
s4:selftest: use plansmbtorture4testsuite() for 'rpc.echo'
This makes sure "--basedir=$SELFTEST_TMPDIR" is passed to smbtorture.
Tests should not create files in the build nor the source directory!
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Wed Jan 27 11:01:32 UTC 2021 on sn-devel-184
- - - - -
86343125 by Stefan Metzmacher at 2021-01-27T17:07:09+00:00
selftest: make/use a copy of GNUPGHOME
That makes it possible to run tests from a read only source tree.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
7a5df2de by Stefan Metzmacher at 2021-01-27T17:07:09+00:00
script/autobuild.py: split out a rmdir_force() helper function
That also tries to re-add write permissions before removing.
In future we'll have jobs changing there directory to read-only.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
9883ac45 by Stefan Metzmacher at 2021-01-27T18:17:17+00:00
script/autobuild.py: let cleanup() ignore errors from rmdir_force() by default
It's not useful to generate a python backtrace from within the cleanup code.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Wed Jan 27 18:17:17 UTC 2021 on sn-devel-184
- - - - -
1e47c04a by Steven Price at 2021-01-27T19:26:03+00:00
clitar: restore mtime on files
The documentation for smbclient states that when extracting a tar
archive:
Restored files have their creation times (mtime) set to the
date saved in the tar file.
However this behaviour was lost in commit 2945596011cc ("clitar.c: fresh
new compilable file.").
Add a call to cli_setatr() to set both the mtime and the mode of files
after they have been extracted.
Signed-off-by: Steven Price <steven at ecrips.co.uk>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Wed Jan 27 19:26:03 UTC 2021 on sn-devel-184
- - - - -
e4c8cd07 by Jeremy Allison at 2021-01-28T07:03:30+00:00
smbd: In conn_force_tdis_done() when forcing a connection closed force a full reload of services.
Prevents reload_services() caching the fact it might be
called multiple times in a row.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14604
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
bc6aa4ed by Jeremy Allison at 2021-01-28T07:03:30+00:00
VFS: cap: Fixup cap_symlinkat() to cope with translating dirfsp path.
Missed in my original fixes.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
50205189 by Jeremy Allison at 2021-01-28T07:03:30+00:00
VFS: full_audit: Fixup smb_full_audit_symlinkat() to log the dirfsp path.
Missed in my original fixes.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
e4a36336 by Jeremy Allison at 2021-01-28T07:03:30+00:00
VFS: media_harmony: Fixup mh_symlinkat() to correctly use the dirfsp path..
Missed in my original fixes.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
ec27c4c4 by Jeremy Allison at 2021-01-28T07:03:30+00:00
VFS: shadow_copy2: Fixup shadow_copy2_symlinkat() to correctly use the dirfsp path.
Missed in my original fixes.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
1ede5601 by Jeremy Allison at 2021-01-28T07:03:30+00:00
VFS: syncops: SMB_VFS_SYMLINKAT only changes one directory so we can use the SYNCOPS_NEXT_SMB_FNAME macro directly.
Missed in my original fixes.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
4e9bb2d7 by Jeremy Allison at 2021-01-28T07:03:30+00:00
VFS: time_audit: Fixup smb_time_audit_symlinkat() to log the dirfsp path.
Missed in my original fixes.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
b324626a by Jeremy Allison at 2021-01-28T08:10:18+00:00
VFS: unityed_media: Fixup um_symlinkat() to correctly use the dirfsp path..
Missed in my original fixes.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Thu Jan 28 08:10:18 UTC 2021 on sn-devel-184
- - - - -
c454697e by Ralph Boehme at 2021-01-28T08:11:49+00:00
vfs: make fsp arg of vfs_[memctx|fetch]_fsp_extension const
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
9838dd21 by Ralph Boehme at 2021-01-28T08:11:49+00:00
vfs_audit: support real dirfsps in audit_unlinkat()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
b6e6594c by Ralph Boehme at 2021-01-28T08:11:49+00:00
vfs_cap: support real dirfsps in cap_unlinkat()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
85878f71 by Ralph Boehme at 2021-01-28T08:11:49+00:00
vfs_catia: forward pathref fsp in catia_unlinkat()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a1c9782d by Ralph Boehme at 2021-01-28T08:11:49+00:00
vfs_catia: support real dirfsps in catia_unlinkat()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
fa058d16 by Ralph Boehme at 2021-01-28T08:11:49+00:00
vfs_ceph: support real dirfsps in cephwrap_unlinkat()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
2a51ed75 by Ralph Boehme at 2021-01-28T08:11:49+00:00
vfs_default: support real dirfsps in vfswrap_unlinkat()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f82e89c2 by Ralph Boehme at 2021-01-28T08:11:49+00:00
vfs_extd_audit.c: support real dirfsps in audit_unlinkat()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1e5c760e by Ralph Boehme at 2021-01-28T08:11:49+00:00
vfs_full_audit: support real dirfsps in smb_full_audit_unlinkat()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
613ca5a7 by Ralph Boehme at 2021-01-28T08:11:49+00:00
vfs_glusterfs: support real dirfsps in vfs_gluster_unlinkat()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
0e813748 by Ralph Boehme at 2021-01-28T08:11:49+00:00
vfs_media_harmony: support real dirfsps in mh_unlinkat()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f7a3eb36 by Ralph Boehme at 2021-01-28T08:11:49+00:00
vfs_posix_eadb: support real dirfsps in posix_eadb_unlink_internal()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
304e7955 by Ralph Boehme at 2021-01-28T08:11:49+00:00
vfs_posix_eadb: support real dirfsps in posix_eadb_rmdir_internal()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
469ff4ad by Ralph Boehme at 2021-01-28T08:11:49+00:00
vfs_posix_eadb: support real dirfsps in posix_eadb_unlinkat()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
65b0a017 by Ralph Boehme at 2021-01-28T08:11:49+00:00
vfs_recycle: support real dirfsps in recycle_unlinkat()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e3e1170d by Ralph Boehme at 2021-01-28T08:11:49+00:00
vfs_streams_depot: remove indentation
Makes the code easier to read.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d5ca1246 by Ralph Boehme at 2021-01-28T08:11:49+00:00
vfs_streams_depot: support real dirfsps in streams_depot_unlink_internal()
Also remove the smb_fname_base variable, just use full_fname. If
is_named_stream(full_fname)) returns false, full_fname->stream_name will be
NULL.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
07077801 by Ralph Boehme at 2021-01-28T08:11:49+00:00
vfs_streams_depot: support real dirfsps in streams_depot_rmdir_internal()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
da8d1409 by Ralph Boehme at 2021-01-28T08:11:49+00:00
vfs_streams_depot: support real dirfsps in streams_depot_unlinkat()
Now that our callees support real dirfsps, remove the assert.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d9f95b8c by Ralph Boehme at 2021-01-28T08:11:49+00:00
smbd: add synthetic_pathref()
Similar to synthetic_smb_fname(), but also opens a pathref fsp.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1032bf08 by Ralph Boehme at 2021-01-28T08:11:49+00:00
vfs_fruit: use synthetic_pathref() in readdir_attr_meta_finderi_stream()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
bc1070d2 by Ralph Boehme at 2021-01-28T08:11:49+00:00
printing: use synthetic_pathref() in driver_unlink_internals()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f1607cda by Ralph Boehme at 2021-01-28T08:11:49+00:00
smbd: use synthetic_pathref() in delete_all_streams()
This ensures backends can use the pathref fsp as needed.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
274ed8c0 by Ralph Boehme at 2021-01-28T08:11:49+00:00
vfs_streams_xattr: use pathref in streams_xattr_unlink_internal()
All callers now pass an smb_fname that has a valid pathref fsp.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ffd6bcdf by Ralph Boehme at 2021-01-28T08:11:49+00:00
vfs_fruit: fix use after free in delete_invalid_meta_stream()
sname is used in the DBG_ERR message.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
7bc983f5 by Ralph Boehme at 2021-01-28T08:11:49+00:00
vfs_fruit: use synthetic_pathref() in delete_invalid_meta_stream()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f81bec1b by Ralph Boehme at 2021-01-28T08:11:49+00:00
vfs_time_audit: support real dirfsps in smb_time_audit_unlinkat()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
2d31aef9 by Ralph Boehme at 2021-01-28T08:11:49+00:00
vfs_unityed_media: support real dirfsps in um_unlinkat()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
39f432ac by Ralph Boehme at 2021-01-28T08:11:49+00:00
vfs_virusfilter: support real dirfsps in virusfilter_vfs_unlinkat()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
5abc1e7a by Ralph Boehme at 2021-01-28T08:11:49+00:00
vfs_xattr_tdb: support real dirfsps in xattr_tdb_unlinkat()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
8e155cbe by Ralph Boehme at 2021-01-28T08:11:49+00:00
vfs_acl_common: support real dirfsps in acl_common_remove_object()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
cb90a8dc by Ralph Boehme at 2021-01-28T08:11:49+00:00
vfs_fruit: use SMB_VFS_FREMOVEXATTR() in fruit_unlink_meta_netatalk()
Use the pathref fsp from the caller.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c231d886 by Ralph Boehme at 2021-01-28T08:11:49+00:00
vfs_fruit: support real dirfsps in fruit_unlink_rsrc_stream()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
951fefec by Ralph Boehme at 2021-01-28T08:11:49+00:00
vfs_fruit: support real dirfsps in fruit_unlink_rsrc_adouble()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
de85bcce by Ralph Boehme at 2021-01-28T08:11:49+00:00
vfs_fruit: support real dirfsps in fruit_unlinkat()
Now that all callees are updated, we can remove the assert.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
dd42681f by Ralph Boehme at 2021-01-28T08:11:49+00:00
s4/torture: move deletion out of close loop in torture_smb2_maxfid()
A subsequent commit is changing the delete-on-close code in the fileserver to
open a handle on the parent directory of the file that is to be deleted.
If we've consumed all available handles, that open would fail causing a test
failure. As it's not really needed for the test semantics, don't set
delete-on-close when closing the handles, instead let the subsequent
smb2_deltree() do the cleanup.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
6085f6c8 by Ralph Boehme at 2021-01-28T08:11:49+00:00
smbd: add parent_pathref()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
9b8b62a8 by Ralph Boehme at 2021-01-28T08:11:49+00:00
smbd: use parent_pathref() in mkdir_internal()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
65c90e62 by Ralph Boehme at 2021-01-28T08:11:49+00:00
smbd: use parent_pathref() in smb_unix_mknod()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
02dd66bf by Ralph Boehme at 2021-01-28T08:11:49+00:00
smbd: use parent_pathref() in smb_set_file_unix_link()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
2995e0d5 by Ralph Boehme at 2021-01-28T08:11:49+00:00
pysmbd: use parent_pathref() in py_smbd_mkdir()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
0831369a by Ralph Boehme at 2021-01-28T08:11:49+00:00
smbd: use real dirfsp and atname when deleting file in close_remove_share_mode()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
007a352c by Ralph Boehme at 2021-01-28T08:11:49+00:00
smbd: simplify recursive_rmdir()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
64068399 by Ralph Boehme at 2021-01-28T08:11:49+00:00
smbd: add some space in recursive_rmdir()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
21859695 by Ralph Boehme at 2021-01-28T08:11:49+00:00
smbd: add dir_hnd_fetch_fsp()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a1ca5740 by Ralph Boehme at 2021-01-28T08:11:49+00:00
smbd: use real dirfsp for SMB_VFS_UNLINKAT() in recursive_rmdir()
Also use synthetic_pathref() to ensure atname->fsp has a valid pathref as some
backends may make use of it.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d579394d by Ralph Boehme at 2021-01-28T08:11:49+00:00
smbd: README.Coding fixes in rmdir_internals()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
60ddee64 by Ralph Boehme at 2021-01-28T08:11:49+00:00
smbd: simplify rmdir_internals()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
065f39a3 by Ralph Boehme at 2021-01-28T08:11:49+00:00
smbd: reduce indentation in rmdir_internals()
No change in behaviour. Best viewed with
$ git show -w
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
5f4592d1 by Ralph Boehme at 2021-01-28T08:11:49+00:00
smbd: use real dirfsp with SMB_VFS_UNLINKAT() in rmdir_internals()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f6f4baf9 by Ralph Boehme at 2021-01-28T08:11:49+00:00
smbd: use real dirfsp for SMB_VFS_UNLINKAT() in create_msdfs_link()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1c60b516 by Ralph Boehme at 2021-01-28T08:11:49+00:00
smbd: use real dirfsp for SMB_VFS_CREATE_DFS_PATHAT() in create_msdfs_link()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
b3375098 by Ralph Boehme at 2021-01-28T08:11:49+00:00
vfs: update status of SMB_VFS_CREATE_DFS_PATHAT()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e5262e28 by Ralph Boehme at 2021-01-28T08:11:49+00:00
smbd: use real dirfsp for SMB_VFS_UNLINKAT() in remove_msdfs_link()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
0f3db9b6 by Ralph Boehme at 2021-01-28T08:11:49+00:00
smbd: use real dirfsp for SMB_VFS_UNLINKAT() in py_smbd_unlink()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d2acd962 by Ralph Boehme at 2021-01-28T08:11:49+00:00
s3/libadouble: remove dirfsp arg from ad_convert()
ad_convert() doesn't really need the dirfsp in most places. Only
ad_convert_delete_adfile() would use it, so instead open a dirfsp internally for
this function in a later commit.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
00ec67eb by Ralph Boehme at 2021-01-28T08:11:49+00:00
s3/libadouble: remove dirfsp arg from ad_convert_delete_adfile()
Going to open a dirfsp in the function itself in a later commit.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ba2e691f by Ralph Boehme at 2021-01-28T08:11:49+00:00
s3/libadouble: use real dirfsp in ad_convert_delete_adfile()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
9f08ddf6 by Ralph Boehme at 2021-01-28T09:16:30+00:00
vfs: update status of SMB_VFS_UNLINKAT()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Jan 28 09:16:30 UTC 2021 on sn-devel-184
- - - - -
c8c2aef0 by Ralph Boehme at 2021-01-28T15:21:02+00:00
vfs: restore platform specific POSIX sys_acl_set_file() functions
92b149954237a445594c993b79a860c63113d54b removed SMB_VFS_SYS_ACL_SET_FILE() and
all the VFS module implementations. But sys_acl_set_file() in vfs_default calls
into sys_acl_set_file() in sysacls.c which calls back into platform specific
modules.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14619
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Björn Jacke <bjacke at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Thu Jan 28 15:21:02 UTC 2021 on sn-devel-184
- - - - -
9374313f by Volker Lendecke at 2021-01-28T16:58:35+00:00
libndr: Simplify ndr_print_GUID()
Fix a small memleak of the tmp GUID_string
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
- - - - -
2e3e297b by Volker Lendecke at 2021-01-28T16:58:35+00:00
librpc: Add a NULL check to dcerpc_binding_build_tower()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
- - - - -
a35c8a0e by Volker Lendecke at 2021-01-28T16:58:35+00:00
librpc: Add ndr_syntax_id_buf_string()
Same pattern as GUID_buf_string()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
- - - - -
243ce602 by Volker Lendecke at 2021-01-28T16:58:35+00:00
librpc: Use ndr_syntax_id_buf_string() in dcerpc_sec_vt_pctx_check()
"mem_ctx" is no longer needed
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
- - - - -
eed12572 by Volker Lendecke at 2021-01-28T16:58:35+00:00
librpc: Use ndr_syntax_id_buf_string() in dcerpc_binding_set_abstract_syntax()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
- - - - -
fcf60f15 by Volker Lendecke at 2021-01-28T16:58:35+00:00
librpc: Simplify dcerpc_binding_set_abstract_syntax()
It might be a question of style, but I find it simpler this way.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
- - - - -
064eab8b by Volker Lendecke at 2021-01-28T16:58:35+00:00
dsdb: Avoid an unneeded #include
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
- - - - -
15934ace by Samuel Cabrero at 2021-01-28T16:58:35+00:00
s4-torture: Add a test for GUID_from_data_blob
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
522ef9e6 by Samuel Cabrero at 2021-01-28T16:58:35+00:00
s4-torture: Add a test for ndr_syntax_id_from_string()
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
2b9ba992 by Volker Lendecke at 2021-01-28T16:58:35+00:00
lib: Simplify parse_guid_string() and ndr_syntax_id_from_string()
Return "bool" instead of NTSTATUS, use hex_byte() instead of
read_hex_bytes(). And parse directly into a struct GUID instead of the
components. 99 lines less code.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
- - - - -
c1614edf by Volker Lendecke at 2021-01-28T16:58:35+00:00
libwbclient: Fix wbcStringToGuid
The "x" sscanf conversion specifier requires an unsigned int. It is
likely that this is actually a uint32_t, don't rely on that.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
- - - - -
08757d21 by Volker Lendecke at 2021-01-28T16:58:35+00:00
rpc_server: Introduce "goto nomem;" to dcesrv_endpoint_connect()
Avoid the control-flow changing NT_STATUS_HAVE_NO_MEMORY macro.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
- - - - -
895f459b by Volker Lendecke at 2021-01-28T16:58:35+00:00
epmapper: Simplify _epm_Map()
We have a routine to compare ndr_syntax_id, don't do it manually.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
- - - - -
4df6c594 by Volker Lendecke at 2021-01-28T16:58:35+00:00
librpc: Simplify dcerpc_binding_string()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
- - - - -
ce91a899 by Volker Lendecke at 2021-01-28T16:58:35+00:00
librpc: Simplify dcerpc_binding_string()
Make it follow a more conventional memory handling style for reallocs.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
- - - - -
38ebfe2e by Volker Lendecke at 2021-01-28T16:58:35+00:00
epmapper: Simplify endpoints_match()
strequal() deals fine with either string being NULL. We only have to
take of the case where both are NULL.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
- - - - -
9d512a09 by Volker Lendecke at 2021-01-28T16:58:35+00:00
librpc: Simplify dcesrv_check_or_create_context()
Use ndr_syntax_id_buf_string(), avoid a talloc/talloc_free
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
- - - - -
7528b788 by Volker Lendecke at 2021-01-28T16:58:35+00:00
librpc: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
- - - - -
230a8933 by Volker Lendecke at 2021-01-28T16:58:35+00:00
lib: Fix file_ploadv_send()/_recv()
When reading more than 1024 bytes, don't insert '\0' bytes in between
those chunks.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
- - - - -
9c1d7632 by Volker Lendecke at 2021-01-28T16:58:35+00:00
librpc: Convert find_interface_by_uuid to search by syntax_id
All callers manually dissected the syntax id for this API.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
- - - - -
ecd95fc5 by Volker Lendecke at 2021-01-28T16:58:35+00:00
librpc: Simplify find_interface_by_syntax_id()
Directly use ndr_syntax_id_equal() instead of duplicating it with
interface_match_by_uuid().
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
- - - - -
e14fc159 by Volker Lendecke at 2021-01-28T18:03:53+00:00
librpc: Simplify find_interface_by_binding()
Use find_interface_by_syntax_id() instead of duplicating the loop.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Thu Jan 28 18:03:53 UTC 2021 on sn-devel-184
- - - - -
1e79ff44 by Jeremy Allison at 2021-02-01T18:38:23+00:00
s3: smbd: Add missing lock free and file close in error path.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon Feb 1 18:38:23 UTC 2021 on sn-devel-184
- - - - -
02fe2d05 by Andreas Schneider at 2021-02-01T21:50:32+00:00
s4:gensec: Fix overflow issues in switch statement
error: overflow converting case value to switch condition type (-1765328344 to 2529638952) [-Werror,-Wswitch]
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1ffacac5 by Andreas Schneider at 2021-02-01T21:50:32+00:00
lib:ldb: Add missing break in switch statement
error: unannotated fall-through between switch labels [-Werror,-Wimplicit-fallthrough]
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
16088d6c by Andreas Schneider at 2021-02-01T21:50:32+00:00
s3:lib: Add missing break in switch statement
error: unannotated fall-through between switch labels [-Werror,-Wimplicit-fallthrough]
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e8fb2378 by Andreas Schneider at 2021-02-01T21:50:32+00:00
s3:printing: Add missing break in switch statement
error: unannotated fall-through between switch labels [-Werror,-Wimplicit-fallthrough]
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
4b398bb4 by Andreas Schneider at 2021-02-01T21:50:32+00:00
s4:rpc_server: Add missing break in switch statement
error: unannotated fall-through between switch labels [-Werror,-Wimplicit-fallthrough]
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
b549fdb6 by Andreas Schneider at 2021-02-01T21:50:32+00:00
s3:rpcclient: Add missing break in switch statement
error: unannotated fall-through between switch labels [-Werror,-Wimplicit-fallthrough]
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a531f834 by Andreas Schneider at 2021-02-01T21:50:32+00:00
s3:smbd: Add missing break in switch statement
error: unannotated fall-through between switch labels [-Werror,-Wimplicit-fallthrough]
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a8782009 by Andreas Schneider at 2021-02-01T21:50:32+00:00
s4:ntvfs: Add missing break in switch statement
error: unannotated fall-through between switch labels [-Werror,-Wimplicit-fallthrough]
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
3c4dd384 by Andreas Schneider at 2021-02-01T21:50:32+00:00
s4:registry: Add missing break in switch statement
error: unannotated fall-through between switch labels [-Werror,-Wimplicit-fallthrough]
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
546dbf6c by Andreas Schneider at 2021-02-01T21:50:32+00:00
s4:registry: Mark fall through switch statement
error: unannotated fall-through between switch labels [-Werror,-Wimplicit-fallthrough]
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
0d985d5f by Andreas Schneider at 2021-02-01T21:50:32+00:00
s3:printing: Correctly mark fall through switch statements
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a47fdd9e by Andreas Schneider at 2021-02-01T21:50:32+00:00
libndr: Use better and more clear check for empty flags
warning: converting the result of '<<' to a boolean always evaluates to true [-Wtautological-constant-compare]
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
5d1eef26 by Andreas Schneider at 2021-02-01T21:50:32+00:00
lib:texpect: Check the format string of err()
error: format string is not a string literal [-Werror,-Wformat-nonliteral]
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
53012b10 by Andreas Schneider at 2021-02-01T21:50:32+00:00
lib:krb5_wrap: Check the format string of krb5_warnx()
error: format string is not a string literal [-Werror,-Wformat-nonliteral]
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
878b4a71 by Andreas Schneider at 2021-02-01T21:50:32+00:00
s3:libsmb: Use C99 initializer for py_cli_notify_state_methods
error: missing field 'ml_meth' initializer [-Werror,-Wmissing-field-initializers]
{ NULL }
^
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
9d82f90b by Andreas Schneider at 2021-02-01T21:50:32+00:00
selftest: Disable detection of ODR violations
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
0a93f536 by Andreas Schneider at 2021-02-01T22:55:09+00:00
s3:smbd: Fix invalid memory access in posix_sys_acl_blob_get_fd()
We are handing down an out of scope buffer.
Found by AddressSanitizer.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14627
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon Feb 1 22:55:10 UTC 2021 on sn-devel-184
- - - - -
30450bff by Andreas Schneider at 2021-02-02T18:48:35+00:00
python:subunit: Use UTC timezone from datatime module
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
273a3c08 by Andreas Schneider at 2021-02-02T18:48:35+00:00
selftest: Directly import python-iso8601
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
35459b75 by Andreas Schneider at 2021-02-02T19:53:35+00:00
selftest: Add support for python-dateutil >= 2.7.1
This uses the more widespread python-dateutil instead of python-iso8601.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Tue Feb 2 19:53:35 UTC 2021 on sn-devel-184
- - - - -
068f4a97 by Jeremy Allison at 2021-02-02T19:54:34+00:00
s3: tests: Add regression test for bug 13992.
Subtle extra test. Mark as knownfail for now.
'^ user1$' must appear MORE THAN ONCE, as it can read more than one
share. The previous test found user1, but only once as the bug only
allows reading the security descriptor for one share, and we were
unlucky that the first share security descriptor returned allows
user1 to read from it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13992
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
faba89ad by Jeremy Allison at 2021-02-02T19:54:34+00:00
s3: libsmb: Ensure we disconnect the temporary SMB1 tcon pointer on failure to set up encryption.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13992
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
dc701959 by Jeremy Allison at 2021-02-02T19:54:34+00:00
s3: smbtorture3: Ensure we *always* replace the saved saved_tcon even in an error condition.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13992
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
f9ca91bd by Jeremy Allison at 2021-02-02T19:54:34+00:00
s3: smbtorture3: Ensure run_tcon_test() always replaces any saved tcon and shuts down correctly even in error paths.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13992
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
e93e6108 by Jeremy Allison at 2021-02-02T19:54:34+00:00
s3: torture: Change the SMB1-only UID-REGRESSION-TEST to do an explicit copy of the tcon struct in use.
For this test only, explicitly copy the SMB1 tcon struct,
don't use cli_state_save_tcon()//cli_state_restore_tcon()
as these calls will soon change to just manipulate the pointer
to avoid TALLOC_FREE() on the tcon struct which calls
destructors on child pipe data.
In SMB1 this test calls cli_tdis() twice with an invalid
vuid and expects the SMB1 tcon struct to be preserved
across the calls.
SMB1 cli_tdis() frees cli->smb1.tcon so we must put back
a deep copy into cli->smb1.tcon to be able to safely call
cli_tdis() again.
This is a test-only hack. Real client code
uses cli_state_save_tcon()/cli_state_restore_tcon()
if it needs to temporarily swap out the active
tcon on a client connection.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13992
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
4f80f5f9 by Jeremy Allison at 2021-02-02T21:05:25+00:00
s3: libsmb: cli_state_save_tcon(). Don't deepcopy tcon struct when temporarily swapping out a connection on a cli_state.
This used to make a deep copy of either
cli->smb2.tcon or cli->smb1.tcon, but this leaves
the original tcon pointer in place which will then get
TALLOC_FREE()'d when the new tree connection is made on
this cli_state.
As there may be pipes open on the old tree connection with
talloc'ed state allocated using the original tcon pointer as a
talloc parent we can't deep copy and then free this pointer
as that will fire the destructors on the pipe memory and
mark them as not connected.
This call is used to temporarily swap out a tcon pointer
(whilst keeping existing pipes open) to allow a new tcon
on the same cli_state and all users correctly call
cli_state_restore_tcon() once they are finished with
the new tree connection.
Just return the existing pointer and set the old value to NULL.
We know we MUST be calling cli_state_restore_tcon() below
to restore the original tcon tree connection pointer before
closing the session.
Remove the knownfail.d entry.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13992
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Feb 2 21:05:25 UTC 2021 on sn-devel-184
- - - - -
12ca2e37 by Andreas Schneider at 2021-02-03T04:19:36+00:00
selftest: Fix libasan preload
libasan.so needs to be the first library which is preloaded or it wont
work.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
144b32ae by Andreas Schneider at 2021-02-03T04:19:36+00:00
s4:kdc:mit: Fix heap-use-after-free
We need to duplicate the string as lp_load() will free the s4_conf_file
pointer and set it again.
Found with AddressSanitizer.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1ec1c35a by Andrew Bartlett at 2021-02-03T04:19:36+00:00
selftest: Confirm that we fix any errors on the Deleted Objects container itself
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14593
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
da627106 by Andrew Bartlett at 2021-02-03T05:29:11+00:00
dbcheck: Check Deleted Objects and reduce noise in reports about expired tombstones
These reports (about recently deleted objects)
create concern about a perfectly normal part of DB operation.
We must not operate on objects that are expired or we might reanimate them,
but we must fix "Deleted Objects" if it is wrong (mostly it is set as being
deleted in 9999, but in alpha19 we got this wrong).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14593
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed Feb 3 05:29:11 UTC 2021 on sn-devel-184
- - - - -
bebbf621 by Andreas Schneider at 2021-02-03T09:53:32+00:00
lib:util: Add basic memcache unit test
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14625
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
00543ab3 by Andreas Schneider at 2021-02-03T09:53:32+00:00
lib:util: Add cache oversize test for memcache
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14625
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
0bdbe50f by Andreas Schneider at 2021-02-03T10:57:01+00:00
lib:util: Avoid free'ing our own pointer
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14625
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Wed Feb 3 10:57:01 UTC 2021 on sn-devel-184
- - - - -
5572ae29 by Ralph Boehme at 2021-02-05T06:22:35+00:00
CI: verify a symlink has FILE_ATTRIBUTE_NORMAL set
Not that it really makes sense to set FILE_ATTRIBUTE_NORMAL for symlinks in
POSIX client context, but that's what we had before 4.14.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14629
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d78964c4 by Ralph Boehme at 2021-02-05T06:22:35+00:00
smbd: don't overwrite _mode if neither a msdfs symlink nor get_dosmode is requested
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14629
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
4f30c044 by Ralph Boehme at 2021-02-05T06:22:35+00:00
s3/libadouble: stat path before calling openat_pathref_fsp() in ad_unconvert_open_ad()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ab82dbc5 by Ralph Boehme at 2021-02-05T06:22:35+00:00
smbd: stat path before calling openat_pathref_fsp() in unlink_internals()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e636e20f by Ralph Boehme at 2021-02-05T06:22:35+00:00
smbd: fix a resource leak in create_file_unixpath()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
aa0ef26d by Ralph Boehme at 2021-02-05T06:22:35+00:00
smbd: call stat before openat_pathref_fsp() in create_file_unixpath()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
91edc50d by Ralph Boehme at 2021-02-05T06:22:35+00:00
smbd: remove a redundant fstat()in create_file_unixpath()
openat_pathref_fsp() deep inside already calls fstat().
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c31fe2f9 by Ralph Boehme at 2021-02-05T06:22:35+00:00
smbd: stat path before calling openat_pathref_fsp() in open_pathref_base_fsp()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
b3a0d6a1 by Ralph Boehme at 2021-02-05T06:22:35+00:00
smbd: move smb_fname creation to earlier point in smbd_dirptr_get_entry()
No change in behaviour. Makes way for the next commit adding additional logic.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
87e97e1b by Ralph Boehme at 2021-02-05T06:22:35+00:00
smbd: stat path before calling openat_pathref_fsp() in smbd_dirptr_get_entry()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
48bc561d by Ralph Boehme at 2021-02-05T06:22:35+00:00
smbd: expect valid stat info in openat_pathref_fsp()
We're never creating files here, so instead of waiting for the underlying open()
to return ENOENT, just check that we have valid stat info, expecting all callers
to have called SMB_VFS_[L]STAT() on the smb_fname.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
cd3d970c by Ralph Boehme at 2021-02-05T06:22:35+00:00
smbd: simplify error codepath in openat_pathref_fsp()
No change in behaviour: the cleanup code at the fail label does the same as the
cleanup this patch removes. It has an extra fd_close() that is not existing in
the removed cleanup, but as fsp->fd is -1, that's a noop.
And when previously the
return NT_STATUS_OBJECT_NAME_NOT_FOUND;
returns an an explicit status code, when now doing goto fail status will also be
set to NT_STATUS_OBJECT_NAME_NOT_FOUND.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
977f3764 by Ralph Boehme at 2021-02-05T06:22:35+00:00
smbd: don't return NT_STATUS_STOPPED_ON_SYMLINK in openat_pathref_fsp()
NT_STATUS_STOPPED_ON_SYMLINK is returned when trying to open a symlink, most
callers are not interested in this.
Some callers that would want to know whether openat_pathref_fsp() failed
specifically on a symlink are setup_close_full_information(),
smbd_dirptr_get_entry(), unlink_internals() and filename_convert_internal(), so
we fix those callers to handle the symlink case themselves.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
6e7142ba by Ralph Boehme at 2021-02-05T06:22:35+00:00
net: remove NT_STATUS_STOPPED_ON_SYMLINK status code check from openat_pathref_fsp()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
0d454f34 by Ralph Boehme at 2021-02-05T06:22:35+00:00
smbd: remove NT_STATUS_STOPPED_ON_SYMLINK status code check from get_file_handle_for_metadata()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
5479f76e by Ralph Boehme at 2021-02-05T06:22:35+00:00
smbd: remove NT_STATUS_STOPPED_ON_SYMLINK status code check from synthetic_pathref()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
fb82fac0 by Ralph Boehme at 2021-02-05T06:22:35+00:00
smbd: remove NT_STATUS_STOPPED_ON_SYMLINK status code check from parent_pathref()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f1213745 by Ralph Boehme at 2021-02-05T06:22:35+00:00
smbd: remove NT_STATUS_STOPPED_ON_SYMLINK status code check from open_streams_for_delete()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
300d851a by Ralph Boehme at 2021-02-05T06:22:35+00:00
smbd: remove NT_STATUS_STOPPED_ON_SYMLINK status code check from create_file_unixpath()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
6c2dad2a by Ralph Boehme at 2021-02-05T06:22:35+00:00
smbd: remove NT_STATUS_STOPPED_ON_SYMLINK status code check from reply_search()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f21eb28c by Ralph Boehme at 2021-02-05T06:22:35+00:00
smbd: remove NT_STATUS_STOPPED_ON_SYMLINK status code check from rename_internals()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
8999c7d6 by Ralph Boehme at 2021-02-05T06:22:35+00:00
smbd: remove NT_STATUS_STOPPED_ON_SYMLINK status code check from rename_internals()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
544767f7 by Ralph Boehme at 2021-02-05T06:22:35+00:00
smbd: remove NT_STATUS_STOPPED_ON_SYMLINK status code check from copy_file()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
5898f576 by Ralph Boehme at 2021-02-05T06:22:35+00:00
smbd: remove NT_STATUS_STOPPED_ON_SYMLINK status code check from copy_file()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1b3d70e9 by Ralph Boehme at 2021-02-05T07:26:44+00:00
smbd: remove NT_STATUS_STOPPED_ON_SYMLINK status code check from call_trans2findfirst()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Fri Feb 5 07:26:44 UTC 2021 on sn-devel-184
- - - - -
6a81f431 by Martin Schwenke at 2021-02-08T22:33:14+00:00
ctdb-tests: Actually wait for record to migrate to lmaster node
This test has been failing with:
Wait until record is migrated to lmaster node 0
<30|BAD: node 0 is not dmaster
dmaster: 1
rsn: 8
flags: 0x00010000 MIGRATED_WITH_DATA
data(6) = "value1"
*** TEST COMPLETED (RC=1) AT 2021-02-02 06:18:48, CLEANING UP...
This should never happen. If this really fails then the wait should
time out.
The problem is that wait_until() does:
"$@" || _rc=$?
and vacuum_test_key_dmaster() currently calls ctdb_test_fail() on
failure, which causes the shell to exit. Instead, pass a variant to
wait_until() that simply returns the correct status instead of
exiting.
An alternative would be to change the statement in wait_until() to do:
("$@") || _rc=$?
so it captures the exit. However, this is a global change and
requires more thought.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f7ef066f by David Mulder at 2021-02-08T22:33:14+00:00
gpo: Test Group Policy VGP Files Policy
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
0b66bf65 by David Mulder at 2021-02-08T22:33:14+00:00
gpo: Apply Group Policy Files Policy from VGP
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
926cdeb1 by David Mulder at 2021-02-08T22:33:14+00:00
samba-tool: Test gpo manage files list command
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a786e30f by David Mulder at 2021-02-08T22:33:14+00:00
samba-tool: Add a gpo command for listing VGP Files Group Policy
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a974cd94 by David Mulder at 2021-02-08T22:33:14+00:00
samba-tool: Test gpo manage files add command
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
6334307a by David Mulder at 2021-02-08T22:33:14+00:00
samba-tool: Add a gpo command for adding VGP Files Group Policy
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c1d67b27 by David Mulder at 2021-02-08T22:33:14+00:00
samba-tool: Test gpo manage files remove command
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d6f9172c by David Mulder at 2021-02-08T23:36:57+00:00
samba-tool: Add a gpo command for removing VGP Files Group Policy
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon Feb 8 23:36:57 UTC 2021 on sn-devel-184
- - - - -
557b968b by Jeremy Allison at 2021-02-09T00:10:29+00:00
Revert "VFS: shadow_copy2: Fixup shadow_copy2_symlinkat() to correctly use the dirfsp path."
This isn't needed as the existing code will refuse a new name with
a non-zero twp in the target name.
This reverts commit ec27c4c44d1e9035639e033689fa739518f17132.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Böhme <slow at samba.org>
- - - - -
6aa371b3 by Jeremy Allison at 2021-02-09T00:10:29+00:00
Revert "VFS: shadow_copy2: Fixup shadow_copy2_mknodat() to correctly use the dirfsp path."
This isn't needed as the existing code will refuse a new name with
a non-zero twp in the target name.
This reverts commit 2f74056a916aef9925cae76016378b993560e22b.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Böhme <slow at samba.org>
- - - - -
422da56f by Jeremy Allison at 2021-02-09T00:10:29+00:00
s3: VFS: cap: Fix cap_linkat() to cope with real directory fsps.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Böhme <slow at samba.org>
- - - - -
ea027e31 by Jeremy Allison at 2021-02-09T00:10:29+00:00
s3: VFS: ceph: Fix cephwrap_linkat() to cope with real directory fsps.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Böhme <slow at samba.org>
- - - - -
2d6011e8 by Jeremy Allison at 2021-02-09T00:10:29+00:00
s3: VFS: gluster: Fix vfs_gluster_linkat() to cope with real directory fsps.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Böhme <slow at samba.org>
- - - - -
2952cfe0 by Jeremy Allison at 2021-02-09T00:10:29+00:00
s3: VFS: full_audit: Fix smb_full_audit_linkat() to cope with real directory fsps.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Böhme <slow at samba.org>
- - - - -
035909ec by Jeremy Allison at 2021-02-09T00:10:29+00:00
s3: VFS: media_harmony: Fix mh_linkat() to cope with real directory fsps.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Böhme <slow at samba.org>
- - - - -
005cbeae by Jeremy Allison at 2021-02-09T00:10:29+00:00
s3: VFS: time_audit: Fix smb_time_audit_linkat() to cope with real directory fsps.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Böhme <slow at samba.org>
- - - - -
a3f64950 by Jeremy Allison at 2021-02-09T00:10:29+00:00
s3: VFS: unityed_media: Fix um_linkat() to cope with real directory fsps.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Böhme <slow at samba.org>
- - - - -
11ea133e by Jeremy Allison at 2021-02-09T00:10:29+00:00
s3: VFS: syncops: Fix syncops_linkat() to cope with real directory fsps.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Böhme <slow at samba.org>
- - - - -
4fd18c27 by Jeremy Allison at 2021-02-09T00:10:29+00:00
s3: smbd: Centralize error exits to an 'out' label in hardlink_internals().
Makes it easier to add TALLOC_FREE's that are always called.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Böhme <slow at samba.org>
- - - - -
6f4a0136 by Jeremy Allison at 2021-02-09T00:10:29+00:00
s3: smbd: Change hardlink_internals() to use a real directory fsp for SMB_VFS_LINKAT().
New VFS change.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Böhme <slow at samba.org>
- - - - -
7fe39391 by Jeremy Allison at 2021-02-09T01:15:58+00:00
vfs: update status of SMB_VFS_LINKAT()
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Böhme <slow at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Feb 9 01:15:58 UTC 2021 on sn-devel-184
- - - - -
20f0a3b1 by Björn Jacke at 2021-02-09T02:05:36+00:00
pam_winbind: improve pam message if minimum password age strikes
if minimum password age strikes we should output the next possible password
change time and not other password restriction policies.
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1691cd77 by Andreas Schneider at 2021-02-09T03:08:42+00:00
s3:testparm: Warn about 'server schannel = no'
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Tue Feb 9 03:08:42 UTC 2021 on sn-devel-184
- - - - -
f9ed4f70 by Paul Wise at 2021-02-09T03:09:34+00:00
HEIMDAL: krb5_storage_free(NULL) should work
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12505
Signed-off-by: Paul Wise <pabs3 at bonedaddy.net>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Original-author: Nicolas Williams <nico at twosigma.com>
(cherry-picked from heimdal commit b3db07d5f0e03f6a1a0a392e70f9675e19a6d6af)
- - - - -
29fa9739 by Gary Lockyer at 2021-02-09T03:09:34+00:00
s3 lib system: Fix clang compilation error
Fix clang compilation error:
error: format string is not a string literal [-Werror,-Wformat-nonliteral]
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
6816135a by Gary Lockyer at 2021-02-09T04:16:43+00:00
s3 lib system: Change signature of sys_proc_fd_path
It's always called with sizeof(buf)
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Feb 9 04:16:43 UTC 2021 on sn-devel-184
- - - - -
e9c1cc4e by David Mulder at 2021-02-09T20:22:36+00:00
gpo: Test Group Policy OpenSSH for VGP
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ddf1cbd3 by David Mulder at 2021-02-09T20:22:36+00:00
gpo: Apply Group Policy OpenSSH settings from VGP
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
61394e5d by David Mulder at 2021-02-09T20:22:36+00:00
samba-tool: Test gpo manage openssh list command
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
3c47a814 by David Mulder at 2021-02-09T20:22:36+00:00
samba-tool: Add a gpo command for listing VGP OpenSSH Group Policy
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
be8f0d8d by David Mulder at 2021-02-09T20:22:36+00:00
samba-tool: Test gpo manage openssh set command
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d0529682 by David Mulder at 2021-02-09T21:24:14+00:00
samba-tool: Add a gpo command for setting VGP OpenSSH Group Policy
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Feb 9 21:24:14 UTC 2021 on sn-devel-184
- - - - -
cc610291 by Stefan Metzmacher at 2021-02-10T14:00:32+00:00
examples/fuse/smb2mount: fix compiler warning on ubuntu20.04 with -O3
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
9178e72d by Stefan Metzmacher at 2021-02-10T14:00:32+00:00
selftest/gdb_backtrace: use 'unset LD_PRELOAD'
We may have bugs in socket_wrapper and others, we don't want
to inject these bugs into the debugger.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
ab943bab by Stefan Metzmacher at 2021-02-10T14:00:32+00:00
third_party: Update socket_wrapper to version 1.3.2
This brings support for fd-passing of INET sockets.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11899
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
d8fa464a by Stefan Metzmacher at 2021-02-10T14:00:32+00:00
s3:pysmbd: fix fd leak in py_smbd_create_file()
Various 'samba-tool domain backup' commands use this and will
fail if there's over ~1000 files in the sysvol folder.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13898
Signed-off-by: Stefan Metzmacher <metze at samba.org>
- - - - -
df75d82c by Björn Jacke at 2021-02-10T15:06:49+00:00
classicupgrade: treat old never expires value right
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14624
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Wed Feb 10 15:06:49 UTC 2021 on sn-devel-184
- - - - -
551532d0 by xzhao9 at 2021-02-10T21:00:28+00:00
s3:registry Renaming get_charset() to smbreg_get_charset()
Rename to smbreg_get_charset() function to avoid naming conflict
with MariaDB.
Signed-off-by: xzhao9 <i at xuzhao.net>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: David Mulder <dmulder at suse.com>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Feb 10 21:00:28 UTC 2021 on sn-devel-184
- - - - -
c27c97ab by David Mulder at 2021-02-11T17:21:33+00:00
gpo: Test that empty Security sections are removed
Ensure that empty sections are removed when
calling samba-tool gpo manage security set.
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ff427957 by David Mulder at 2021-02-11T17:21:33+00:00
gpo: Ensure empty Security sections are removed
Failing to remove the empty section causes tests
to fail, and is also just bad practice.
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
55d43224 by David Mulder at 2021-02-11T17:21:33+00:00
gpo: Test that Security gpext rsop lists only own policies
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
8fa53985 by David Mulder at 2021-02-11T18:28:09+00:00
gpo: Security gpext rsop list only own policies
The rsop should only list the policies from
that extension, not from all policies in the
same file.
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Feb 11 18:28:09 UTC 2021 on sn-devel-184
- - - - -
b6b69253 by Gary Lockyer at 2021-02-12T00:10:50+00:00
nsswitch pam_winbind: Fix clang compilation error
Fix clang compilation error:
error: format string is not a string literal [-Werror,-Wformat-nonliteral]
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Feb 12 00:10:50 UTC 2021 on sn-devel-184
- - - - -
ca6cad5f by Jeremy Allison at 2021-02-13T00:17:31+00:00
s3: VFS: expand_msdfs: Since we moved to SMB_VFS_READ_DFS_PATHAT() this module has looked at the wrong function.
Fix it to work as a redirection of SMB_VFS_READ_DFS_PATHAT()
instead of SMB_VFS_READLINKAT().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
- - - - -
545ba865 by Jeremy Allison at 2021-02-13T00:17:31+00:00
s3: VFS: cap: Fix cap_readlinkat() to cope with real directory fsps.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
- - - - -
7933ee40 by Jeremy Allison at 2021-02-13T00:17:31+00:00
s3: VFS: ceph: Fix cephwrap_readlinkat() to cope with real directory fsps..
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
- - - - -
3e256f50 by Jeremy Allison at 2021-02-13T00:17:31+00:00
s3: VFS: ceph_snapshots: Fix ceph_snap_gmt_readlinkat() to cope with real directory fsps.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
- - - - -
b500162b by Jeremy Allison at 2021-02-13T00:17:31+00:00
s3: VFS: full_audit: Fix smb_full_audit_readlinkat() to cope with real directory fsps.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
- - - - -
2786a564 by Jeremy Allison at 2021-02-13T00:17:31+00:00
s3: VFS: glusterfs: Fix vfs_gluster_readlinkat() to cope with real directory fsps.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
- - - - -
89f11668 by Jeremy Allison at 2021-02-13T00:17:31+00:00
s3: VFS: media_harmony: Fix mh_readlinkat() to cope with real directory fsps.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
- - - - -
7973e09f by Jeremy Allison at 2021-02-13T00:17:31+00:00
s3: VFS: shadow_copy2: Fix shadow_copy2_readlinkat() to cope with real directory fsps.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
- - - - -
b1ddc4bb by Jeremy Allison at 2021-02-13T00:17:31+00:00
3: VFS: snapper: Fix snapper_gmt_readlinkat() to cope with real directory fsps.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
- - - - -
9077983f by Jeremy Allison at 2021-02-13T00:17:31+00:00
s3: VFS: time_audit: Fix smb_time_audit_readlinkat() to cope with real directory fsps.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
- - - - -
e884793c by Jeremy Allison at 2021-02-13T00:17:31+00:00
s3: VFS: unityed_media: Fix um_readlinkat() to cope with real directory fsps.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
- - - - -
92ec8a00 by Jeremy Allison at 2021-02-13T00:17:31+00:00
s3: smbd: Factor out the SMB1 UNIX extensions read symlink code into a function.
Will make it much easier to convert to a dirfsp later.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
- - - - -
0cbb9400 by Jeremy Allison at 2021-02-13T00:17:31+00:00
s3: smbd: Change smb_unix_read_symlink() to use a real directory fsp for SMB_VFS_READLINKAT().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
- - - - -
d05ecd26 by Jeremy Allison at 2021-02-13T01:19:49+00:00
vfs: update status of SMB_VFS_READLINKAT()
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Sat Feb 13 01:19:49 UTC 2021 on sn-devel-184
- - - - -
7c2f2d31 by David Mulder at 2021-02-13T23:50:36+00:00
gpo: Test that VGP Sudoers policy handles group principals
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
35cf85d2 by David Mulder at 2021-02-13T23:50:36+00:00
gpo: VGP Sudoers policy must handle group principals
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ca60a0cb by David Mulder at 2021-02-13T23:50:36+00:00
samba-tool: Test gpo manage vgp sudoers list command
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
77717392 by David Mulder at 2021-02-13T23:50:36+00:00
samba-tool: Replace gpo command for listing Sudoers Group Policy
Replace it with the VGP command for listing
sudoers entries in an xml file.
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
7f3c2b69 by David Mulder at 2021-02-13T23:50:36+00:00
samba-tool: Test VGP sudoers add command
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
30e0ba2e by David Mulder at 2021-02-13T23:50:36+00:00
samba-tool: Replace gpo command for adding Sudoers Group Policy
Replace it with the VGP command for adding
sudoers entries in an xml file.
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
430e065f by David Mulder at 2021-02-13T23:50:36+00:00
samba-tool: Test gpo manage vgp sudoers remove command
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
09a8f409 by David Mulder at 2021-02-14T00:53:41+00:00
samba-tool: Replace gpo command for removing Sudoers Group Policy
Replace it with the VGP command for removing
sudoers entries from an xml file.
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Sun Feb 14 00:53:41 UTC 2021 on sn-devel-184
- - - - -
8c1fd86d by Ralph Boehme at 2021-02-17T18:48:36+00:00
printing: use correct error out in file_version_is_newer() when openat_pathref_fsp() fails
Fixes a regression introduced by cbe25e1777d0c43c21e8acc2cea79fd03fdaf2ea: if
there's no existing file, openat_pathref_fsp() will fail with
NT_STATUS_OBJECT_NAME_NOT_FOUND which must be handled the same way it is done by
the SMB_VFS_CREATE_FILE() call below.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14635
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
70063c52 by Ralph Boehme at 2021-02-17T18:48:36+00:00
printing: use correct error out in file_version_is_newer() when openat_pathref_fsp() fails
Fixes a regression introduced by ef5e913bca584f0232d5bfff14df4ccba2dda35c: if
there's no existing file, openat_pathref_fsp() will fail with
NT_STATUS_OBJECT_NAME_NOT_FOUND which must be handled the same way it is done by
the SMB_VFS_CREATE_FILE() call below.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14635
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
718f7b1a by Ralph Boehme at 2021-02-17T19:53:00+00:00
printing: use correct error out in get_correct_cversion() when openat_pathref_fsp() fails
Fixes a regression introduced by a74f0af1a91fe0bbc68e4d41d65f43ec383ae8bf: if
there's no existing file, openat_pathref_fsp() will fail with
NT_STATUS_OBJECT_NAME_NOT_FOUND which must be handled the same way it is done by
the SMB_VFS_CREATE_FILE() call below.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14635
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
Autobuild-User(master): Günther Deschner <gd at samba.org>
Autobuild-Date(master): Wed Feb 17 19:53:00 UTC 2021 on sn-devel-184
- - - - -
5b7c2c3b by Douglas Bagnall at 2021-02-22T14:45:38+00:00
selftest/gdb_backtrace: add an off switch
Sometime you know a test is going to crash and produce a LOT of
backtrace, and you already know what it will look like. For those
times you can set
PLEASE_NO_GDB_BACKTRACE=1
and there will be no backtrace, which can save quite a bit of time and
thousands of lines of log file. (In particular, backtraces of Python
programs can take over a minute to complete).
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: David Mulder <dmulder at suse.com>
- - - - -
80faba10 by Douglas Bagnall at 2021-02-22T14:45:38+00:00
pytest:segfault: avoid gdb_backtrace on knownfail
We know that test_net_replicate_init__3() segfaults. It is a knownfail
and we don't need to see the gdb backtrace every time.
This saves nearly two minutes on `make test TESTS=segfault`.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: David Mulder <dmulder at suse.com>
- - - - -
9e19b148 by Douglas Bagnall at 2021-02-22T14:45:38+00:00
selftest: preforkrestartdc doesn't need gdb-backtraces
There are tests in this environment that kill processes with SEGV
signals, which causes a backtrace that is entirely spurious from a
debugging point of view.
We can turn that off, saving processor time and moments of developer
confusion.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: David Mulder <dmulder at suse.com>
- - - - -
f154fe8d by Douglas Bagnall at 2021-02-22T14:45:38+00:00
pytest/segfaults: drop a useless line
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: David Mulder <dmulder at suse.com>
- - - - -
bc7224fb by Douglas Bagnall at 2021-02-22T14:45:38+00:00
pytest/segfault: fix the rpc.echo test
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: David Mulder <dmulder at suse.com>
- - - - -
e49a0b44 by Douglas Bagnall at 2021-02-22T15:50:55+00:00
ldb: remove some 'if PY3's in tests
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: David Mulder <dmulder at suse.com>
Autobuild-User(master): David Mulder <dmulder at samba.org>
Autobuild-Date(master): Mon Feb 22 15:50:55 UTC 2021 on sn-devel-184
- - - - -
b13b2d8c by David Mulder at 2021-02-24T20:51:30+00:00
gpo: Test Group Policy VGP Startup Script Policy
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
15cec2ac by David Mulder at 2021-02-24T20:51:30+00:00
gpo: Apply Group Policy Startup Scripts from VGP
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
329b6c39 by David Mulder at 2021-02-24T20:51:30+00:00
samba-tool: Test gpo manage script startup list command
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d2219611 by David Mulder at 2021-02-24T20:51:30+00:00
samba-tool: Add a gpo command for listing VGP Startup Scripts Group Policy
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f6a0bd8b by David Mulder at 2021-02-24T20:51:30+00:00
samba-tool: Test gpo manage script startup add command
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e5efe172 by David Mulder at 2021-02-24T20:51:30+00:00
samba-tool: Add a gpo command for adding VGP Startup Scripts Group Policy
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
91655e6d by David Mulder at 2021-02-24T20:51:30+00:00
samba-tool: Test gpo manage script startup remove command
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
85d24068 by David Mulder at 2021-02-24T22:01:08+00:00
samba-tool: Add a gpo command for removing VGP Startup Scripts Group Policy
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Feb 24 22:01:08 UTC 2021 on sn-devel-184
- - - - -
3d91fe07 by Peter Eriksson at 2021-02-25T20:46:02+00:00
s3: VFS: nfs4_acls. Add missing TALLOC_FREE(frame) in error path.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14648
Signed-off-by: Peter Eriksson <pen at lysator.liu.se>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: David Mulder <dmulder at samba.org>
Autobuild-User(master): David Mulder <dmulder at samba.org>
Autobuild-Date(master): Thu Feb 25 20:46:02 UTC 2021 on sn-devel-184
- - - - -
22e0b538 by Noel Power at 2021-02-26T21:28:33+00:00
s3/smbd: call get_ea_list_from_file with smb_fname->fsp
A step to transition away from using smb_fname & fsp
paramater combination with this function.
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ecd9b751 by Noel Power at 2021-02-26T21:28:33+00:00
s3/modules: Ensure vfs_streaminfo gets passed valid pathref smb_filename
the smb_filename/smb_filename->fsp passed to vfs_streaminfo
eventually is passed to SMB_VFS_FLISTXATTR, we need to ensure this is
properly setup and not NULL
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
6d353212 by Noel Power at 2021-02-26T21:28:33+00:00
s3/smbd: use SMB_VFS_FLISTXATTR() alone (also added assert fsp is not NULL)
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
dfc80b4c by Noel Power at 2021-02-26T21:28:33+00:00
s3/smbd: modify get_ea_names_from_file signature fn to take fsp alone
Removes the smb_filename function parameter
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
5cbab2eb by Noel Power at 2021-02-26T21:28:33+00:00
s3/smbd: use smb_fname->fsp for get_ea_list_from_file_path in estimate_ea_size()
Additionally ensure get_ea_list_from_file_path is called with base file.
Previously fsp was set to NULL if fsp pointed to a ntfs stream which in
turn ensured that 'base_path' from the smb_fname was used (which points
to the base file). Now we get a pathref fsp (pointing to the base file)
instead
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
eca6e435 by Noel Power at 2021-02-26T21:28:33+00:00
s3/smbd: modify estimate_ea_size fn signature to take fsp only
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
94c441c4 by Noel Power at 2021-02-26T21:28:33+00:00
s3/smbd: modify get_ea_list_from_file_path fn signature to take fsp only
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
9e0b123e by Noel Power at 2021-02-26T21:28:33+00:00
s3/smbd: prepare get_ea_list_from_file to receive fsp alone
A step to transition away from using smb_fname & fsp
parameter combination with this function by using
the fsp provided by smb_filename->fsp
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
772b0a00 by Noel Power at 2021-02-26T21:28:33+00:00
s3/smbd: no longer pass smb_fname to get_ea_list_from_file
Finally remove the smb_fname paramater as it is no longer used
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
0088d39b by Noel Power at 2021-02-26T21:28:33+00:00
s3/smbd: rename get_ea_list_from_path -> get_ea_list_from_fsp
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
9c0660fb by Noel Power at 2021-02-26T21:28:33+00:00
s3/smbd: remove connection_struct param from get_ea_list_from_file
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
435119c4 by Noel Power at 2021-02-26T21:28:33+00:00
s3/torture: migrate SMB_VFS_FLISTXATTR calls to SMB_VFS_FLISTXATTR
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ac5de42e by Noel Power at 2021-02-26T21:28:33+00:00
s3/smsbd: prepare to remove connection_struct param from get_ea_list_from_file_path
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
aaea5cc4 by Noel Power at 2021-02-26T21:28:33+00:00
s3/smbd: remove connection_struct from get_ea_list_from_file_path
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
341abce3 by Noel Power at 2021-02-26T21:28:33+00:00
s3/smbd: Create new file get_ea_list_from_fsp_new (not used)
On the way to removing get_ea_list_from_file_path and replacing
it with get_ea_list_from_fsp create a copy of get_ea_list_from_file_path
called get_ea_list_from_fsp_new. It is ifdef'ed out for the moment
as it isn't used yet
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
b9ea876f by Noel Power at 2021-02-26T21:28:33+00:00
s3/smbd: rename get_ea_list_from_fsp_new to get_ea_list_from_fsp
And remove the old get_ea_list_from_fsp
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
df447afa by Noel Power at 2021-02-26T21:28:33+00:00
s3/smbd: replace get_ea_list_from_file_path with get_ea_list_from_fsp
Additionally remove the old get_ea_list_from_file_path.
get_ea_list_from_file_path & new get_ea_list_from_fsp are identical
except for test for an addition test
+ if (is_ntfs_stream_smb_fname(fsp->fsp_name)) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
This test should should be fine here too.
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f958b6b8 by Noel Power at 2021-02-26T21:28:33+00:00
s3/smbd: let canonicalize_ea_name accept fsp and fstring only in sig
Remove the connection_struct & smb_fname parameters from
canonicalize_ea_name, they arent needed (and can be got from
files_struct)
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
de839463 by Noel Power at 2021-02-26T21:28:33+00:00
s3/smbd: Adjust estimate_ea_size to take files_struct alone
Remove connection_struct parameter (and use fsp->conn)
instead.
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1d1b80e5 by Noel Power at 2021-02-26T21:28:33+00:00
s3/smbd: Remove connection_struct from get_ea_names_from_file
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
46226cb2 by Noel Power at 2021-02-26T21:28:33+00:00
VFS: Remove SMB_VFS_LISTXATTR, no longer used
---------------
/ \
/ REST \
/ IN \
/ PEACE \
/ \
| |
| SMB_VFS_LISTXATTR |
| |
| |
| 10 February |
| 2021 |
| |
| |
*| * * * | *
_________)/\\_//(\/(/\)/\//\/\////|_)_______
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d6ddb8aa by Noel Power at 2021-02-26T22:35:04+00:00
vfs: update status of SMB_VFS_LISTXATTR
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Feb 26 22:35:04 UTC 2021 on sn-devel-184
- - - - -
bb00979c by Björn Baumbach at 2021-03-01T03:50:35+00:00
selftest: fix typos in README files
Signed-off-by: Björn Baumbach <bb at sernet.de>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
485743da by Björn Baumbach at 2021-03-01T03:50:35+00:00
s3:libsmb: fix a typo in a comment
Signed-off-by: Björn Baumbach <bb at sernet.de>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3174c6dd by Björn Baumbach at 2021-03-01T03:50:35+00:00
s4:dsdb/dirsync: fix a typo in a comment
Signed-off-by: Björn Baumbach <bb at sernet.de>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
26f63e64 by Björn Baumbach at 2021-03-01T03:50:35+00:00
samba-tool user: fix some typos
Signed-off-by: Björn Baumbach <bb at sernet.de>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
fdc44a14 by Björn Baumbach at 2021-03-01T03:50:35+00:00
samba-tool user: use remote domain information
Required, when running get_account_attributes() against a remote samdb.
avoid:
ERROR(<class 'AttributeError'>): uncaught exception - 'NoneType' object has no attribute 'get'
File "bin/python/samba/netcmd/__init__.py", line 186, in _run
return self.run(*args, **kwargs)
File "bin/python/samba/netcmd/user.py", line 2769, in run
obj = self.get_account_attributes(samdb, username,
File "bin/python/samba/netcmd/user.py", line 1250, in get_account_attributes
realm = self.lp.get("realm")
Signed-off-by: Björn Baumbach <bb at sernet.de>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
71e8b24b by Stefan Metzmacher at 2021-03-01T03:50:35+00:00
pyldb: catch potential overflow error in py_timestring
Pair-Programmed-With: Björn Baumbach <bb at sernet.de>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Björn Baumbach <bb at sernet.de>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
06851084 by Stefan Metzmacher at 2021-03-01T03:50:35+00:00
pyglue: add float2nttime() and nttime2float()
The float value is what the native python time.time()
returns, it's basically a struct timespec converted to
double/float.
Pair-Programmed-With: Björn Baumbach <bb at sernet.de>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Björn Baumbach <bb at sernet.de>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
98ee82d4 by Stefan Metzmacher at 2021-03-01T03:50:35+00:00
samba-tool user: use an implicit_attrs list instead of add_ATTR variables
We'll extent GetPasswordCommand.get_password_attributes() to handle
more virtual formats in future. It'll be much easier to
to maintain a list of attributes we need to filter out again.
sAMAccountName and userPrincipalName are always implicitly
requested in order to keep the existing code sane.
supplementalCredentials and unicodePwd are requested by default
when generating virtual password attributes.
Pair-Programmed-With: Björn Baumbach <bb at sernet.de>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Björn Baumbach <bb at sernet.de>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4d049132 by Stefan Metzmacher at 2021-03-01T03:50:35+00:00
samba-tool user: add ';format=[GeneralizedTime,UnixTime,TimeSpec]' support
These are useful to convert various time values to other formats.
Pair-Programmed-With: Björn Baumbach <bb at sernet.de>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Björn Baumbach <bb at sernet.de>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c6a57000 by Stefan Metzmacher at 2021-03-01T03:50:35+00:00
samba-tool user: add ';format=[GeneralizedTime,UnixTime,TimeSpec]' support in "samba-tool user show"
This is useful to convert various time values to other formats.
Pair-Programmed-With: Björn Baumbach <bb at sernet.de>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Björn Baumbach <bb at sernet.de>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f13b1da0 by Björn Baumbach at 2021-03-01T03:50:35+00:00
test: samba-tool user show: Test ';format=[GeneralizedTime,UnixTime,TimeSpec] attributes
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Björn Baumbach <bb at sernet.de>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
65f21ed5 by Samuel Cabrero at 2021-03-01T03:50:35+00:00
lib:util: Move variable initialization out of conditional compilation block
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
309c81e7 by Samuel Cabrero at 2021-03-01T03:50:35+00:00
daemons: Do not notify systemd in child processes started by main samba
When samba runs as ADDC only the main 'samba' daemon have to notify
its status to systemd because our systemd unit files contains implied
NotifyAccess=main since commit d1740fb3d5a72cb49e30b330bb0b01e7ef3e09cc..
This commit adds a function to disable the systemd notification in the
smbd and winbinddd child processes started by the main 'samba' daemon in
AD DC mode to avoid warnings like:
systemd[1]: samba-ad-dc.service: Got notification message from PID 26194,
but reception only permitted for main PID 26187
systemd[1]: samba-ad-dc.service: Got notification message from PID 26222,
but reception only permitted for main PID 26187
$ pstree -p
...
├─samba(26187)─┬─tfork(26189)(26188)───s3fs[master](26189)───tfork(26194)(26193)───smbd(26194)─┬─cleanupd(+
│ │ ├─lpqd(2623+
│ │ └─smbd-noti+
│ ├─tfork(26191)(26190)───rpc[master](26191)─┬─tfork(26198)(26195)───rpc(0)(26198)
│ │ ├─tfork(26200)(26199)───rpc(1)(26200)
│ │ ├─tfork(26206)(26201)───rpc(2)(26206)
│ │ └─tfork(26212)(26207)───rpc(3)(26212)
│ ├─tfork(26196)(26192)───nbt[master](26196)
│ ├─tfork(26202)(26197)───wrepl[master](26202)
│ ├─tfork(26204)(26203)───ldap[master](26204)─┬─tfork(26242)(26241)───ldap(0)(26242)
│ │ ├─tfork(26244)(26243)───ldap(1)(26244)
│ │ ├─tfork(26246)(26245)───ldap(2)(26246)
│ │ └─tfork(26248)(26247)───ldap(3)(26248)
│ ├─tfork(26208)(26205)───cldap[master](26208)
│ ├─tfork(26210)(26209)───kdc[master](26210)───tfork(26218)(26215)───krb5kdc(26218)
│ ├─tfork(26213)(26211)───drepl[master](26213)
│ ├─tfork(26216)(26214)───winbindd[master(26216)───tfork(26222)(26219)───winbindd(26222)───wi+
│ ├─tfork(26220)(26217)───ntp_signd[maste(26220)
│ ├─tfork(26223)(26221)───kcc[master](26223)
│ ├─tfork(26225)(26224)───dnsupdate[maste(26225)
│ └─tfork(26227)(26226)───dns[master](26227)
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1c3e7f0f by Jelmer Vernooij at 2021-03-01T04:56:15+00:00
Suggest running './configure' rather than 'waf configure'..
waf actively discourages system-wide waf installs, so the latter is unlikely
to work.
Signed-off-by: Jelmer Vernooij <jelmer at jelmer.uk>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Mon Mar 1 04:56:15 UTC 2021 on sn-devel-184
- - - - -
1c9add54 by Trever L. Adams at 2021-03-01T21:44:55+00:00
s3:modules:vfs_virusfilter: Recent talloc changes cause infinite start-up failure
Recent talloc changes cause the current check for failure to allocate to be incorrectly triggered.
This patch ensures the original parameter is not NULL before attempting any talloc or strstr.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14634
RN: Fix failure of vfs_virusfilter starting due to talloc changes
Signed-off-by: Trever L. Adams" <trever.adams at gmail.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
Autobuild-User(master): Noel Power <npower at samba.org>
Autobuild-Date(master): Mon Mar 1 21:44:55 UTC 2021 on sn-devel-184
- - - - -
99656019 by Björn Jacke at 2021-03-03T11:31:34+00:00
wscript: use --as-needed only if tested successfully
Some OSes like Solaris based OmiOS don't support this.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14288
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
29992fdb by Volker Lendecke at 2021-03-03T12:36:13+00:00
vfs_aixacl2: Fix "mem_ctx" and "ppdesc" smb_fget_nt_acl_nfs4 args
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Björn Jacke <bjacke at samba.org>
Autobuild-User(master): Björn Jacke <bjacke at samba.org>
Autobuild-Date(master): Wed Mar 3 12:36:13 UTC 2021 on sn-devel-184
- - - - -
84b634c6 by Volker Lendecke at 2021-03-05T10:18:07+00:00
locking: Fix an uninitialized variable read
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14636
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
654c18a2 by Volker Lendecke at 2021-03-05T11:22:07+00:00
g_lock: Fix uninitalized variable reads
If dbwrap_watched_watch_recv() returns IO_TIMEOUT, "blockerdead" might
be an uninitialized non-false, and further down we'll remove the wrong
exclusive locker.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14636
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Fri Mar 5 11:22:07 UTC 2021 on sn-devel-184
- - - - -
5fe75361 by Samuel Cabrero at 2021-03-06T02:20:05+00:00
winbind: Remove noisy error message in wb_open_internal_pipe()
Before merging the s4 and s3 RPC servers the make_internal_rpc_pipe_p()
function did not fail when the requested interface was not registered in
the calling process because it did not check the return value of
rpc_srv_get_pipe_cmds(). If the interface was not registed, the pointer
to the interface functions was NULL and later, when dispatching a call,
rpcint_dispatch() returned NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE in this
case.
After merging the RPC servers, the rpc_pipe_open_internal() function
will return NT_STATUS_RPC_INTERFACE_NOT_FOUND if the interface is not
registered in the calling process. This causes a noisy error message in
winbind when it tries to open the dssetup pipe to the primary domain and
it is not an AD domain.
The callers of wb_open_internal_pipe() when connecting to the domain
already logs the error at level greather or equal to five. This commit
moves the dupplicated and noisy error message at level zero from
wb_open_internal_pipe() to its callers outside winbindd_cm.c.
This error can be seen in winbindd logs of ad_member and nt4_member test
environments.
[2021/03/01 16:49:38.486004, 0, pid=12456] ../../source3/winbindd/winbindd_cm.c:1893(wb_open_internal_pipe)
open_internal_pipe: Could not connect to dssetup pipe: NT_STATUS_RPC_INTERFACE_NOT_FOUND
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
7d2faa27 by Samuel Cabrero at 2021-03-06T02:20:05+00:00
librpc: Lower dcesrv_call_dispatch_local() errors from DBG_ERR to DBG_INFO
Before merging the s3 and s4 RPC servers the rpcint_dispatch function
was not logging any error.
This commit lowers from DBG_ERR to DBG_INFO the importance of error
messages when dispatching local RPC calls. There are some situations
where RPC functions return RPC faults and this is not a fatal condition.
One example is _lsa_QueryInfoPolicy2.
This change prevents a noisy error logged when winbindd tries to connect to
its primary domain in the nt4_member and ad_member test environments:
[2021/03/01 16:49:38.486111, 0, pid=12456] ../../librpc/rpc/dcesrv_core.c:2990(dcesrv_call_dispatch_local)
dcesrv_call_dispatch_local: DCE/RPC fault in call lsarpc:2E - DCERPC_NCA_S_OP_RNG_ERROR
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
84be2156 by Volker Lendecke at 2021-03-06T02:20:05+00:00
dsdb: Fix CID 1473453: Null pointer dereferences
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e0426187 by Volker Lendecke at 2021-03-06T02:20:05+00:00
dsdb: Fix CID 1473454: Null pointer dereferences
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
927346d9 by Stefan Metzmacher at 2021-03-06T02:20:05+00:00
docs-xml: clarify "smb2 disable lock sequence checking" section
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14534
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
18818dba by Stefan Metzmacher at 2021-03-06T02:20:05+00:00
smbd: let smbd_request_guid() use smb1req->xconn->channel_id
The unique identifier of a channel/connection is the channel_id,
the pointer of 'xconn' can be reused.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14534
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a2007699 by Stefan Metzmacher at 2021-03-06T02:20:05+00:00
s4:torture/smb2: use %t (timestamp) instead of %R for lease.dynamic_share test
This test should be independent of the protocol in order to be
independent of multi-channel support of the server.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14534
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c784f8c9 by Stefan Metzmacher at 2021-03-06T02:20:05+00:00
selftest: enable 'server multi channel support = yes'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14534
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c9ff0864 by Stefan Metzmacher at 2021-03-06T02:20:05+00:00
smbd: improve smbXsrv_connection_dbg() for debugging multi-channel problems
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14534
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
106121a9 by Stefan Metzmacher at 2021-03-06T02:20:05+00:00
smbd: introduce a smbXsrv_connection_destructor()
For now it only prints a debug message, but that's already very
useful for multi-channel debugging.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14534
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
2cf16284 by Stefan Metzmacher at 2021-03-06T02:20:05+00:00
s4:torture/smb2: add a smb2.session.two_logoff test
This reproduces a bug where two SMB2_LOGOFF messages kill the whole
client smbd when multi-channel is used, instead of just removing the
logical session.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14532
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
253a4de8 by Stefan Metzmacher at 2021-03-06T02:20:05+00:00
smbXsrv_tcon: explicitly set tcon->db_rec = NULL after tcon->db_rec = local_rec
There's no know problem that we fix for the
smbXsrv_tcon_disconnect_all_callback() case,
but it might prevent future problems.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14532
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
638c4435 by Stefan Metzmacher at 2021-03-06T02:20:05+00:00
smbXsrv_session: set session->db_rec = NULL after session->db_rec = local_rec
This actually fixes crashes due to stale pointers.
With multi-channel and with 2 (or more) connections,
we'll call smbXsrv_session_disconnect_xconn() when a connection
gets disconnected, but we'll leave smbXsrv_client and all other
connections in place.
However smbXsrv_session_disconnect_xconn_callback() left
a stale session->db_rec pointer in place, which means
a following smbXsrv_session_logoff() will call
dbwrap_record_delete(local_rec) on a stale pointer.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14532
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
2a0626c3 by Stefan Metzmacher at 2021-03-06T02:20:05+00:00
s4:torture/smb2: add smb2.lease.timeout-disconnect test
This reproduces a problem that is triggered when
smbd_server_connection_terminate() is called recursively.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14533
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f1f5c365 by Stefan Metzmacher at 2021-03-06T02:20:05+00:00
smbd: make sure that xconn is alive for the lifetime of smbXsrv_connection_shutdown_send/recv
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14533
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
b145434f by Stefan Metzmacher at 2021-03-06T03:30:06+00:00
smbXsrv_client: move the connection passing to smb2srv_client_mc_negprot_send/recv
We need a full request/response pair in order to avoid races in
the multichannel connection passing.
smb2srv_client_mc_negprot_send/recv locks the
db record for the given client_guid.
If there's no entry found, we add ourself and
return NT_STATUS_OK.
If there's an existing process for that client guid
we start messaging_filtered_read_send()
dbwrap_watched_watch_send() before calling
smb2srv_client_connection_pass().
Then we release the lock and wait for either
MSG_SMBXSRV_CONNECTION_PASSED to arrive or
retry if dbwrap_watched_watch_recv signaled
a change in the database.
If we got MSG_SMBXSRV_CONNECTION_PASSED we'll
return NT_STATUS_MESSAGE_RETRIEVED in order to
signal that the other process will take care of
the connection and we terminate the current process.
All that is done completely async, which means that
the IDLE_CLOSED_TIMEOUT (60 seconds) may trigger
deadtime_fn(), which will send itself a MSG_SHUTDOWN.
So the process that accepted the tcp connection
exists if there was no MSG_SMBXSRV_CONNECTION_PASSED
within 60 seconds.
However the fd may still exists in the kernel (and
the new connection may still be handed to the other
process. If that process somehow exists before
there's no way to prevent a connection termination
for the client.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14433
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Sat Mar 6 03:30:06 UTC 2021 on sn-devel-184
- - - - -
f914b42d by David Mulder at 2021-03-08T17:58:37+00:00
gpo: Test to ensure that samba-gpupdate doesn't require ad-dc
Running samba-gpupdate on a client is causing an
error in gp_access_ext, due to it attempting to
access sam.ldb before detecting whether we are on
an ad-dc.
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a5928566 by David Mulder at 2021-03-08T17:58:37+00:00
gpo: Ensure that samba-gpupdate doesn't require ad-dc
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
66ac3c19 by David Mulder at 2021-03-08T17:58:37+00:00
gpo: Add admxload warning about Windows templates
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a8b4b808 by David Mulder at 2021-03-08T17:58:37+00:00
gpo: Improve the samba-gpupdate --rsop output
Use the CSE name based on the class name, not the
module name. Also ignore the Local Policy gpo.
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d4d9d859 by David Mulder at 2021-03-08T17:58:37+00:00
gpo: vgp_openssh_ext create the config dir
We should create the /etc/ssh/sshd_config.d dir
if it doesn't exist.
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
9a00edcc by David Mulder at 2021-03-08T17:58:37+00:00
gpo: Add rsop output for vgp_openssh_ext
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d771314e by David Mulder at 2021-03-08T17:58:37+00:00
gpo: Ensure that vgp_sudoers_ext handles missing/dispersed principal names
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c2ce101b by David Mulder at 2021-03-08T17:58:37+00:00
gpo: vgp_sudoers_ext handle missing and dispersed principal names
If we don't anticipate a missing principal name,
the extension crashes. Also, principal names could
be in dispersed listelements.
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e5e0a9a7 by David Mulder at 2021-03-08T19:08:07+00:00
gpo: Don't free talloc pointer held elsewhere
Freeing this pointer produces the following error:
ERROR: talloc_free with references at ../../libgpo/pygpo.c:481
reference at ../../pytalloc_util.c:164
reference at ../../pytalloc_util.c:164
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon Mar 8 19:08:07 UTC 2021 on sn-devel-184
- - - - -
f200c693 by David Mulder at 2021-03-08T19:45:30+00:00
gpo: Test Group Policy VGP MOTD Policy
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
efc9bce8 by David Mulder at 2021-03-08T19:45:30+00:00
gpo: Apply Group Policy MOTD setting from VGP
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f8d68d9f by David Mulder at 2021-03-08T19:45:30+00:00
samba-tool: Test gpo manage motd list command
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
0fbc5e54 by David Mulder at 2021-03-08T19:45:30+00:00
samba-tool: Add a gpo command for listing VGP MOTD Group Policy
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
4715a0ee by David Mulder at 2021-03-08T19:45:30+00:00
samba-tool: Test gpo manage motd set command
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
5046912c by David Mulder at 2021-03-08T19:45:30+00:00
samba-tool: Add a gpo command for setting VGP MOTD Group Policy
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
9df279dd by David Mulder at 2021-03-08T19:45:30+00:00
gpo: Test Group Policy VGP Issue Policy
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
2461c89c by David Mulder at 2021-03-08T19:45:30+00:00
gpo: Apply Group Policy Issue setting from VGP
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
bb47a68c by David Mulder at 2021-03-08T19:45:30+00:00
samba-tool: Test gpo manage issue list command
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
0f5af87f by David Mulder at 2021-03-08T19:45:30+00:00
samba-tool: Add a gpo command for listing VGP Issue Group Policy
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
7593e067 by David Mulder at 2021-03-08T19:45:30+00:00
samba-tool: Test gpo manage issue set command
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
77f96a30 by David Mulder at 2021-03-08T20:57:50+00:00
samba-tool: Add a gpo command for setting VGP Issue Group Policy
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon Mar 8 20:57:50 UTC 2021 on sn-devel-184
- - - - -
1ea49c42 by Volker Lendecke at 2021-03-09T22:36:28+00:00
samba: Fix indentation
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
6d104979 by Volker Lendecke at 2021-03-09T22:36:28+00:00
rpc_server: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ca1f6740 by Volker Lendecke at 2021-03-09T22:36:28+00:00
rpc_server: Align integer types
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
06b740e2 by Volker Lendecke at 2021-03-09T22:36:28+00:00
ctdb: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
dab79346 by Volker Lendecke at 2021-03-09T22:36:28+00:00
lib: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
409da523 by Volker Lendecke at 2021-03-09T22:36:28+00:00
rpc_client: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
72cc8dce by Volker Lendecke at 2021-03-09T22:36:28+00:00
lib: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
8d4f0242 by Volker Lendecke at 2021-03-09T22:36:28+00:00
winbindd: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
dd56d415 by Volker Lendecke at 2021-03-09T22:36:28+00:00
rpc_server: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
b1ba5d58 by Volker Lendecke at 2021-03-09T22:36:28+00:00
librpc: Fix a typo, while there linewrap the comment
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ce9df508 by Volker Lendecke at 2021-03-09T22:36:28+00:00
smbd: Fix a typo (recieve->receive), reformat comment
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
dead4d05 by Volker Lendecke at 2021-03-09T22:36:28+00:00
librpc: Fix typos
While there, wrap the long comment lines
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
2fc974fd by Volker Lendecke at 2021-03-09T22:36:28+00:00
lib: Fix an uninitialized variable read
If cli_rpc_pipe_open_noauth() fails, we end up in TALLOC_FREE() of
"p", which is uninitialized.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
15dad4db by Volker Lendecke at 2021-03-09T22:36:28+00:00
lib: Make socket options output less chatty
All the socket options were a large block in debug output. Put them on
one line.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
4b8dc750 by Volker Lendecke at 2021-03-09T22:36:28+00:00
lib: Avoid ZERO_STRUCT in pidfile_pid()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
723a4648 by Volker Lendecke at 2021-03-09T22:36:28+00:00
lib: Avoid a memleak in pidfile_unlink()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
4f83814d by Volker Lendecke at 2021-03-09T22:36:28+00:00
lib: Avoid a cast in messages_dgm
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
9db63646 by Volker Lendecke at 2021-03-09T22:36:28+00:00
lib: Align integer types
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e0ce7169 by Volker Lendecke at 2021-03-09T22:36:28+00:00
rpcclient: talloc_stackframe() panics on failure
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
49efd611 by Volker Lendecke at 2021-03-09T22:36:28+00:00
rpc_client: Save a few lines with direct struct initialization
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
3a7f099b by Volker Lendecke at 2021-03-09T22:36:28+00:00
rpc_server: talloc_stackframe() panics on failure
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a53cc3ad by Volker Lendecke at 2021-03-09T22:36:28+00:00
epmapper: talloc_stackframe() panics on failure
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
3e58a4d9 by Volker Lendecke at 2021-03-09T22:36:28+00:00
rpc_server: Use direct struct initialization instead of ZERO_STRUCT
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
559b4df1 by Volker Lendecke at 2021-03-09T22:36:28+00:00
rpc_server: Use any_nt_status_not_ok() in srv_netlog_nt.c
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
da906fbc by Volker Lendecke at 2021-03-09T22:36:28+00:00
lib: Protect "messaging_dgm_init()" from NULL dirs
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
bcbfae42 by Volker Lendecke at 2021-03-09T22:36:28+00:00
lib: Fix samba_sockaddr_[get|set]_port
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
9d656edf by Volker Lendecke at 2021-03-09T22:36:28+00:00
libcli: Add a NULL check to tstream_npa
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
833fcdc0 by Volker Lendecke at 2021-03-09T22:36:28+00:00
libcli: Simplify tstream_npa_connect_readv_done()
tevent_req_error takes care of the ==0 case
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c7421383 by Volker Lendecke at 2021-03-09T22:36:28+00:00
librpc: Simplify struct dcesrv_handle
This saves a tiny bit of memory: dom_sid_dup() allocates a full struct
dom_sid, although it might not have to. Save the additional talloc
object and the pointer, be more cache-friendly
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
023f68cb by Volker Lendecke at 2021-03-09T22:36:28+00:00
g_lock: Add extensive debug information
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
81d01a1a by Volker Lendecke at 2021-03-09T22:36:28+00:00
lib: Fix file_ploadv_send/recv cleanup
We have to first TALLOC_FREE() the waiting event before closing the
pipe. Otherwise EPOLL_CTL_DEL is unhappy and might remove an unrelated
file descriptor.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
b5705cc7 by Volker Lendecke at 2021-03-09T22:36:28+00:00
srvsrvc: Reload conf after changing a share
The call to messaging_send_all() skips ourselves. This is tested in
source3/script/tests/test_rpcclientsrvsvc.sh, which right now we only
survive because the rpcclient call spawns a new smbd, which reloads
smb.conf. Once you start running srvsvcd in a long-running daemon,
this fails.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f815ad9b by Volker Lendecke at 2021-03-09T22:36:28+00:00
smbd: Fix a DEBUG message
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
26bc7312 by Volker Lendecke at 2021-03-09T23:45:51+00:00
winbindd: Apply some const to normalize_name_map()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Mar 9 23:45:51 UTC 2021 on sn-devel-184
- - - - -
202d4d6d by Andrew Bartlett at 2021-03-10T06:58:39+00:00
lib/param: Remove unused functions in lib/param/loadparm.c
The lib/param code does not service smbd, no home directories nor printers are handled
in this codebase and these functions are uncalled.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14658
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
5cdc0652 by Andrew Bartlett at 2021-03-10T06:58:39+00:00
lib/param: Remove lpcfg_volume_label() and only caller in NTVFS file server
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
d7e620ff by Andrew Bartlett at 2021-03-10T08:06:25+00:00
lib/util: Replace buggy string_sub_talloc() with talloc_string_sub() in lib/util
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14658
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Wed Mar 10 08:06:25 UTC 2021 on sn-devel-184
- - - - -
cc098f1c by Douglas Bagnall at 2021-03-10T08:42:33+00:00
ldb_match: trailing chunk must match end of string
A wildcard search is divided into chunks by the asterisks. While most
chunks match the first suitable string, the last chunk matches the
last possible string (unless there is a trailing asterisk, in which
case this distinction is moot).
We always knew this in our hearts, but we tried to do it in a funny
complicated way that stepped through the string, comparing here and
there, leading to CVE-2019-3824 and missed matches (bug 14044).
With this patch, we just jump to the end of the string and compare it.
As well as being correct, this should also improve performance, as the
previous algorithm involved a quadratic loop of erroneous memmem()s.
See https://tools.ietf.org/html/rfc4517
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14044
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Björn Jacke <bjacke at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
33a95a1e by Douglas Bagnall at 2021-03-10T08:42:33+00:00
ldb: add tests for ldb_wildcard_compare
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14044
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Björn Jacke <bjacke at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
fa933399 by Douglas Bagnall at 2021-03-10T08:42:33+00:00
ldb_match: remove redundant check
We already ensure the no-trailing-asterisk case ends at the end of the
string.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14044
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Björn Jacke <bjacke at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
bb17b4e1 by Douglas Bagnall at 2021-03-10T09:51:25+00:00
ldb: dn tests use cmocka print functions
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14044
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Björn Jacke <bjacke at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed Mar 10 09:51:25 UTC 2021 on sn-devel-184
- - - - -
e5e39a83 by David Mulder at 2021-03-10T21:43:34+00:00
python: Test samdb import
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a7897cc6 by David Mulder at 2021-03-10T21:43:34+00:00
samba-tool: Enable pydsdb without ad dc
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
fed09b30 by David Mulder at 2021-03-10T21:43:34+00:00
samba-tool: Enable pydns without ad dc
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b659ec94 by David Mulder at 2021-03-10T21:43:34+00:00
python: Disable calls to _dsdb_garbage_collect_tombstones without addc
dsdb._dsdb_garbage_collect_tombstones isn't
built without the addc, so ignore calls to it
in samdb.
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
65510204 by Sachin Prabhu at 2021-03-10T22:55:17+00:00
smbd: Ensure errno is preserved across fsp destructor
The errno can be overwritten by the calls made by the fsp destructor.
This can cause problems if the original errno was required by subsequent
calls.
Signed-off-by: Jeremy Allison <jra at samba.org>
Signed-off-by: Sachin Prabhu <sprabhu at redhat.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed Mar 10 22:55:17 UTC 2021 on sn-devel-184
- - - - -
db2afa57 by Christof Schmitt at 2021-03-11T07:28:37+00:00
winbind: Only use unixid2sid mapping when module reports ID_MAPPED
Only consider a mapping to be valid when the idmap module reports
ID_MAPPED. Otherwise return the null SID.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14663
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
79dd4b13 by Christof Schmitt at 2021-03-11T07:28:37+00:00
idmap_rfc2307: Do not return SID from unixids_to_sids on type mismatch
The call to winbind_lookup_name already wrote the result in the id_map
array. The later check for the type detected a mismatch, but that did
not remove the SID from the result struct.
Change this by first assigning the SID to a temporary variable and only
write it to the id_map array after the type checks.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14663
Signed-off-by: Christof Schmitt <cs at samba.org>
- - - - -
0e789ba1 by Christof Schmitt at 2021-03-11T08:38:41+00:00
idmap_nss: Do not return SID from unixids_to_sids on type mismatch
The call to winbind_lookup_name already wrote the result in the id_map
array. The later check for the type detected a mismatch, but that did
not remove the SID from the result struct.
Change this by first assigning the SID to a temporary variable and only
write it to the id_map array after the type checks.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14663
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Thu Mar 11 08:38:41 UTC 2021 on sn-devel-184
- - - - -
ecd83a58 by Noel Power at 2021-03-11T17:50:30+00:00
s3/smbd: set_ea SMB_VFS_FSETXATTR => SMB_VFS_FSETXATTR
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
6b725386 by Noel Power at 2021-03-11T17:50:30+00:00
s3/lib: adouble SMB_VFS_SETXATTR => SMB_VFS_FSETXATTR
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a241e9b3 by Noel Power at 2021-03-11T17:50:30+00:00
s3/modules: posixacl convert from SMB_VFS_SETXATTR -> SMB_VFS_FSETXATTR
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
0f0b945c by Noel Power at 2021-03-11T17:50:30+00:00
s3/smbd: posix_acls SMB_VFS_SETXATTR -> SMB_VFS_FSETXATTR
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
14564477 by Noel Power at 2021-03-11T17:50:30+00:00
s3/modules: ensure catia_set_dos_attributes passes on pathref
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
73a46ac9 by Noel Power at 2021-03-11T17:50:30+00:00
s3/smb3: ensure file_set_dosmode is passed valid smb_fname->fsp
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
470b6223 by Noel Power at 2021-03-11T17:50:30+00:00
s3/smb3: ensure file_set_dosmode is passed valid smb_fname->fsp
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
b05b13cc by Noel Power at 2021-03-11T17:50:30+00:00
s3/smb3: ensure file_set_dosmode is passed valid smb_fname->fsp
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
40312064 by Noel Power at 2021-03-11T17:50:30+00:00
s3/smbd: set_create_timespec_ea should create smb_fname with valid fsp
we need to call file_set_dosmode (which ends up calling
SMB_VFS_FSETXATTR via set_ea_dos_attribute) has smb_fname set up
with a valid smb_fname->fsp
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
221573de by Noel Power at 2021-03-11T17:50:30+00:00
s3/smbd: SMB_VFS_SETXATTR => SMB_VFS_FSETXATTR
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
64277538 by Noel Power at 2021-03-11T17:50:30+00:00
s3/smbd: Detect and fail attempt to set_ea_dos_attribute on link
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
17054bfa by Noel Power at 2021-03-11T17:50:30+00:00
s3/modules: vfs_acl_xattr SMB_VFS_SETXATTR -> SMB_VFS_FSETXATTR
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
147183e2 by Noel Power at 2021-03-11T17:50:30+00:00
streams_xattr_openat SMB_VFS_SETXATTR -> SMB_VFS_FSETXATTR
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c02cdcd5 by Noel Power at 2021-03-11T17:50:30+00:00
s3/modules: streams_xattr_pwrite SMB_VFS_SETXATTR -> SMB_VFS_FSETXATTR
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ee4afd59 by Noel Power at 2021-03-11T17:50:30+00:00
s3/modules: streams_xattr_ftruncate SMB_VFS_SETXATTR -> SMB_VFS_FSETXATTR
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
86d645a7 by Noel Power at 2021-03-11T17:50:30+00:00
s3/modules: streams_xattr: Fix fname passed to SETXATTR
we see to be overwritting the 'old' stream, this change fixes it
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
055e8723 by Noel Power at 2021-03-11T17:50:30+00:00
s3/modules: streams_xattr_renameat SMB_VFS_SETXATTR -> SMB_VFS_FSETXATTR
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1fd550f2 by Noel Power at 2021-03-11T17:50:30+00:00
s3/modules: stream_dir make sure mark_file_valid is called with fsp
can we get this further up the call path ???
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1a8b3844 by Noel Power at 2021-03-11T17:50:30+00:00
s3/torture: SMB_VFS_SETXATTR -> SMB_VFS_FSETXATTR
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e592cb8d by Noel Power at 2021-03-11T17:50:30+00:00
s3/lib: SMB_VFS_NEXT_SETXATTR -> SMB_VFS_NEXT_FSETXATTR
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
40a376e1 by Noel Power at 2021-03-11T17:50:30+00:00
s3/modules: fake_acls: SMB_VFS_NEXT_SETXATTR -> SMB_VFS_NEXT_FSETXATTR
Ensure fake_acls_sys_acl_set_file gets properly setup smb_filename
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
b9efb0a5 by Noel Power at 2021-03-11T17:50:30+00:00
s3/modules: fake_acls_lchown use SMB_VFS_NEXT_FSET
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a7e2ecca by Noel Power at 2021-03-11T17:50:30+00:00
s2/modules: nfs4acl_smb4acl_set_fn SMB_VFS_NEXT_SETXATTR -> SMB_VFS_NEXT_FFSETXATTR
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a7d81d8e by Noel Power at 2021-03-11T17:50:30+00:00
s3/modules: ceph_snapshots: Add missing fsetxattr_fn implementation
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
fabfe6fb by Noel Power at 2021-03-11T17:50:30+00:00
s3/modules: shadow_copy2: Add new fsetxattr_fn implementation
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
48d18f45 by Noel Power at 2021-03-11T17:50:30+00:00
s3/modules: snapper: Add missing fsetxattr_fn impl
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
82e14026 by Noel Power at 2021-03-11T17:50:30+00:00
VFS: Remove SMB_VFS_SETXATTR, no longer used
---------------
/ \
/ REST \
/ IN \
/ PEACE \
/ \
| |
| SMB_VFS_SETXATTR |
| |
| |
| 19 February |
| 2021 |
| |
| |
*| * * * | *
_________)/\\_//(\/(/\)/\//\/\////|_)_______
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Signed-off-by: Noel Power <noel.power at suse.com>
- - - - -
9c682d79 by Noel Power at 2021-03-11T18:58:46+00:00
Update status of SMB_VFS_SETXATTR
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Mar 11 18:58:46 UTC 2021 on sn-devel-184
- - - - -
bba91c46 by David Mulder at 2021-03-11T20:29:41+00:00
samba-tool: Ensure that gpo manage sudoers handles missing/dispersed principal names
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Björn Baumbach <bb at sernet.de>
- - - - -
88c9c291 by David Mulder at 2021-03-11T20:29:41+00:00
samba-tool: gpo manage sudoers handle missing and dispersed principal names
If we don't anticipate a missing principal name,
samba-tool crashes. Also, principal names could
be in dispersed listelements.
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Björn Baumbach <bb at sernet.de>
- - - - -
6054564d by David Mulder at 2021-03-11T20:29:41+00:00
samba-gpupdate: Enable the Startup Scripts Extension
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Björn Baumbach <bb at sernet.de>
- - - - -
554f2134 by David Mulder at 2021-03-11T20:29:41+00:00
samba-gpupdate: Test that sysvol paths download in case-insensitive way
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14665
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Björn Baumbach <bb at sernet.de>
- - - - -
2d6bed49 by David Mulder at 2021-03-11T20:29:41+00:00
samba-gpupdate: Check sysvol download paths in case-insensitive way
https://bugzilla.samba.org/show_bug.cgi?id=14665
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Björn Baumbach <bb at sernet.de>
- - - - -
6686db11 by Björn Baumbach at 2021-03-11T21:41:04+00:00
samba-tool gpo: add missing newline to admxload warning
Signed-off-by: Björn Baumbach <bb at sernet.de>
Reviewed-by: David Mulder <dmulder at suse.com>
Autobuild-User(master): Björn Baumbach <bb at sernet.de>
Autobuild-Date(master): Thu Mar 11 21:41:04 UTC 2021 on sn-devel-184
- - - - -
c45e0896 by Douglas Bagnall at 2021-03-11T21:42:43+00:00
util: don't mark impure functions as pure
nothing that allocates memory can be pure, unless it guarantees to
allocate exactly the same pointer very time (which it does not).
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f67f95f0 by Douglas Bagnall at 2021-03-11T21:42:43+00:00
util:str_sub: talloc_free on error
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
46e6f6ef by Douglas Bagnall at 2021-03-11T21:42:43+00:00
ldb: correct comments in attrib_handers val_to_int64
c.f. the identical static function in lib/ldb-samba/ldif_handlers.c
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
11f3c852 by Stefan Metzmacher at 2021-03-11T22:50:02+00:00
s4:libnet_rpc: avoid reusing the assoc_group_id of the lsa connection
This was an unexpected side effect introduced in commit
1b17d9a587bf3600d449c2481fe1191793479e32.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Mar 11 22:50:02 UTC 2021 on sn-devel-184
- - - - -
7662a77c by Ralph Boehme at 2021-03-11T23:43:32+00:00
selftest: add a test for %U variable expansion in spoolssd
This targets the nt4_dc testenv which luckily already runs with spoolssd
enabled.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14668
MR: https://gitlab.com/samba-team/samba/-/merge_requests/1834
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Björn Baumbach <bb at sernet.de>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
16a1aefb by Ralph Boehme at 2021-03-12T00:54:01+00:00
smbd: call set_current_user_info() in smbd_become_authenticated_pipe_user()
The current_user_info is updated at the SMB level, but currently not at the RPC
level in the RPC impersonation function smbd_become_authenticated_pipe_user().
For RPC services running embedded this is not an issue as the SMB level
impersonation has already taken care of current_user_info, but for RPC services
running as external daemons, eg spoolssd, the omission of updating
current_user_info results in variable expansion of eg %U (username) to be
broken.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14668
MR: https://gitlab.com/samba-team/samba/-/merge_requests/1834
RN: %U variable expansion not working in spoolsd
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Björn Baumbach <bb at sernet.de>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Mar 12 00:54:01 UTC 2021 on sn-devel-184
- - - - -
e4540a6b by Jeremy Allison at 2021-03-12T19:25:34+00:00
VFS: ceph: Ensure cephwrap_flistxattr() only uses an io fd for a handle based call.
Otherwise fall back to pathname based. This is the same as the
fallback used in vfs_default.c
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
cb782687 by Jeremy Allison at 2021-03-12T19:25:34+00:00
VFS: ceph: Ensure cephwrap_fsetxattr() only uses an io fd for a handle based call.
Otherwise fall back to pathname based. This is the same as the
fallback used in vfs_default.c
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
d89565ce by Jeremy Allison at 2021-03-12T19:25:34+00:00
VFS: glusterfs: Ensure vfs_gluster_flistxattr() only uses an io fd for a handle based call.
Otherwise fall back to pathname based. This is the same as the
fallback used in vfs_default.c
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
fd1b09bb by Jeremy Allison at 2021-03-12T20:38:03+00:00
VFS: glusterfs: Ensure vfs_gluster_fsetxattr() only uses an io fd for a handle based call.
Otherwise fall back to pathname based. This is the same as the
fallback used in vfs_default.c
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Mar 12 20:38:03 UTC 2021 on sn-devel-184
- - - - -
bdba1cd0 by Jeremy Allison at 2021-03-16T17:09:31+00:00
s3: VFS: Remove vfs_tru64acl.[c|h]
Support was discontinued for the entire Tru64 OS on 31 December 2012.
Signed-off-by: Jeremy Allison <jra at samba.org>
- - - - -
6fb31722 by Volker Lendecke at 2021-03-16T17:09:31+00:00
winbind: Simplify winbindd_samr.c
talloc_stackframe() panics on failure
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
6e41d1f3 by Volker Lendecke at 2021-03-16T17:09:31+00:00
printing: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c58e9aa4 by Volker Lendecke at 2021-03-16T17:09:31+00:00
tests: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
b6b0c0cb by Volker Lendecke at 2021-03-16T17:09:31+00:00
lib: Use FIONREAD in wait_for_read_send/recv
ENOTSOCK looks ugly in straces...
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e09f29ee by Volker Lendecke at 2021-03-16T17:09:31+00:00
printing: Remove simple wrapper function pcap_printer_read_fn()
There's only one caller that was trivial to convert
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
46cc9b51 by Volker Lendecke at 2021-03-16T17:09:31+00:00
printing: Introduce printer_list_printername_exists()
Replace pcap_printername_ok(). Slightly different semantics: If the
printer list db has a corrupted record, this is not detected.
Why this patch? pcap_printername_ok() is a simple wrapper around the
tdb accessing function, and this reduces a dependency on pcap.c
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e338d4fa by Volker Lendecke at 2021-03-16T17:09:31+00:00
printing: Move rap2jobid functions to their own file
This will make it easier to split out the spoolss functions later
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
403eabe4 by Volker Lendecke at 2021-03-16T17:09:31+00:00
librpc: Add "private_data" to struct dcesrv_context_callbacks
Not used right now, but we should never have callbacks without a
"private_data" pointer. Some of the callbacks could even today benefit
from this.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
8d37c632 by Volker Lendecke at 2021-03-16T17:09:31+00:00
rpc_server4: Make "srv_callbacks" static
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c8f47dfc by Volker Lendecke at 2021-03-16T17:09:32+00:00
torture: Make srv_cb static
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
9614273a by Volker Lendecke at 2021-03-16T17:09:32+00:00
librpc: Make "dcesrv_context->callbacks" a pointer
This structure just grew from 3 to 6 pointers, avoid making a copy of
this. All callers of dcesrv_init_context() have this as a static
struct in the C object, so a pointer to that won't change.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
cf43f331 by Volker Lendecke at 2021-03-16T17:09:32+00:00
lib: Make pidfile_path_create() return the existing PID on conflict
Use F_GETLK to get the lock holder PID, this is more accurate than
reading the file contents: A conflicting process might not have
written its PID yet. Also, F_GETLK easily allows to do a retry if the
lock holder just died.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
088386bb by Volker Lendecke at 2021-03-16T17:09:32+00:00
lib: Decouple is_myname() from init_names()
In a new binary I forgot "init_names()" in main and it crashed in
auth3. We should not have to call init_names() everywhere I guess.
The my_netbios_names() array is free of duplicates, but as we don't
expect more than a handful of netbios aliases this does not matter for
just checking existence of a name. And moreover, a properly configured
smb.conf doesn't have tons of dups in "netbios aliases" anyway.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
5831e8f2 by Volker Lendecke at 2021-03-16T17:09:32+00:00
lib: Unfold calls to my_netbios_names() in util_names.c
This will all go away in a few patches, this is an intermediate step.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
57d548b5 by Volker Lendecke at 2021-03-16T17:09:32+00:00
nmbd: Move my_netbios_names() to nmbd
nmbd is the heaviest user of this. The only other user was
is_myname(), which is used in quite a few places in source3.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
bb5bf508 by Volker Lendecke at 2021-03-16T17:09:32+00:00
lib: Remove init_names()
is_myname() looks at lp_* directly, nmbd maintains its own list: We don't
need the baroque loadparm handler anymore.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e6c64076 by Volker Lendecke at 2021-03-16T17:09:32+00:00
auth3: Align integer types
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c6ccf1b9 by Volker Lendecke at 2021-03-16T17:09:32+00:00
auth3: Make it a bit easier to #include "source3/include/auth.h"
Avoid using "uchar" in source3/auth/proto.h, this is #defined in includes.h
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
35ecbb32 by Volker Lendecke at 2021-03-16T17:09:32+00:00
rpc_server: Save roundtrips into samr for machine pwd changes
We already have the machine SID, no need to look it up again.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
386f62fb by Volker Lendecke at 2021-03-16T17:09:32+00:00
rpc_server: Initialize variables in get_md4pw()
My gcc complained at one point about uninitialized vars
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
b546b87b by Volker Lendecke at 2021-03-16T17:09:32+00:00
rpcclient: Avoid a few implicit NULL assignments
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
cf2a943b by Volker Lendecke at 2021-03-16T17:09:32+00:00
rpcclient: Simplify do_cmd
Reduce indentation by an early "continue;", simplify if-expression
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e8564027 by Volker Lendecke at 2021-03-16T17:09:32+00:00
rpcclient: Add RPC_RTYPE_BINDING
Purely transport-related commands don't need the cli_state.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
698c6de6 by Volker Lendecke at 2021-03-16T17:09:32+00:00
rpcclient: Convert binding-related commands to RPC_RTYPE_BINDING
Purely cosmetic at this point, will become useful soon
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
18f31978 by Volker Lendecke at 2021-03-16T17:09:32+00:00
rpcclient: Factor out cmd_set_auth()
sign, seal and packet did exactly the same wrt authentication
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
174b9115 by Volker Lendecke at 2021-03-16T17:09:32+00:00
winbindd: Improve a DEBUG message in sam_name_to_sid()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d50bf88d by Volker Lendecke at 2021-03-16T17:09:32+00:00
rpcclient: Fix a DBG msg: This is not dcerpc_winreg_int_openkey()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
9e3f0fa3 by Volker Lendecke at 2021-03-16T17:09:32+00:00
rpc_server: Fix a -Werror=format-truncation error
gcc gets this wrong, it believes %u can write up to
"2147483647" (2^31-1). Silence this with an easy patch.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d26b7002 by Douglas Bagnall at 2021-03-16T17:09:32+00:00
autobuild: fuzz: correctly spell AFL build option
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c9f51f16 by Douglas Bagnall at 2021-03-16T17:09:32+00:00
fuzz/afl main: don't treat fuzzer as fuzzee
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
17602fef by Douglas Bagnall at 2021-03-16T17:09:32+00:00
fuzz:afl main: add a diagnostic message
LLVMFuzzerTestOneInput() NEVER returns non-zero, but if it does, we might as well
know what made it do so
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e0dd4d0a by Douglas Bagnall at 2021-03-16T17:09:32+00:00
fuzz: add a LLVMFuzzerInitialize() to all fuzzers
To compile the AFL binaries, we need every fuzzer to have a consistent
set of functions. Some fuzzers require the initialize function, so all
the rest must have an empty one.
AFL binaires are handy for testing the fuzz results in a less magical
environment than libfuzzer/honggfuzz give you.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
fb229276 by Douglas Bagnall at 2021-03-16T17:09:32+00:00
fuzz:afl main: run the initialisation function
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f5c8b1aa by David Disseldorp at 2021-03-16T18:17:42+00:00
Bug 9931: change pytalloc source to LGPL
pytalloc is currently GPL, while the rest of talloc is LGPL.
This situation arose because pytalloc was originally developed under
source4/scripting/python/, and moved into talloc proper with commit
0f043c197c473c801fc32c727194b5a2d6ae232f ("Move pytalloc to talloc
directory.", October 2008).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9931
Signed-off-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jelmer Vernooij <jelmer at samba.org>
Reviewed-by: Björn Jacke <bjacke at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Mar 16 18:17:43 UTC 2021 on sn-devel-184
- - - - -
78208c62 by Ralph Boehme at 2021-03-16T22:08:10+00:00
selftest: fix cleanup of test_printing_var_exp.sh
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14668
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Mar 16 22:08:10 UTC 2021 on sn-devel-184
- - - - -
a9e7d0be by Stefan Metzmacher at 2021-03-17T00:49:32+00:00
libcli/smb: prepare smb2_key_derivation() for keys larger than 16-bytes
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
3066a02b by Stefan Metzmacher at 2021-03-17T00:49:32+00:00
libcli/smb: pass the length of the resulting key to smb2_key_derivation()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
2a4ba7b6 by Stefan Metzmacher at 2021-03-17T00:49:32+00:00
libcli/smb: split out smb2_signing_calc_signature() from smb2_signing_check_pdu()
We only need one function to calculate the signature of an SMB2 packet.
And that only need the logic based on a gnutls_mac_algorithm_t once.
The next step will convert smb2_signing_sign_pdu() to also use
smb2_signing_calc_signature(). Doing that in a separate commit
should make sure we don't introduce a symetric bug.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f54fb828 by Stefan Metzmacher at 2021-03-17T00:49:32+00:00
libcli/smb: assert that smb2_signing_{sign,check}_pdu() gets 2-4 iovec elements
We expect the following:
* SMB2 HDR
* SMB2 BODY FIXED
* (optional) SMB2 BODY DYN
* (optional) PADDING
Everything else is a bug.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
17b99809 by Stefan Metzmacher at 2021-03-17T00:49:32+00:00
libcli/smb: make use of smb2_signing_calc_signature() in smb2_signing_sign_pdu()
We only need to logic to calculate the signature once...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e4c1a005 by Stefan Metzmacher at 2021-03-17T00:49:32+00:00
libcli/smb: add smb2_signing_derivations_fill_const_stack()
This will allow us to have the logic in one place only
in future.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
8e2f3e65 by Stefan Metzmacher at 2021-03-17T00:49:32+00:00
libcli/smb: make use of smb2_signing_derivations_fill_const_stack() smb2cli_session_set_session_key()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d815b0fd by Stefan Metzmacher at 2021-03-17T00:49:32+00:00
smb2_sesssetup: use smb2_signing_derivations_fill_const_stack()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ead89447 by Stefan Metzmacher at 2021-03-17T00:49:32+00:00
smbXsrv_session: let smbXsrv_session_global_verify_record() use talloc_keep_secret() for keys
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
3e43962f by Stefan Metzmacher at 2021-03-17T00:49:32+00:00
libcli/smb: maintain smbXcli_conn.smb2.server.sign_algo
This prepares the negotiation of signing algorithms in future.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
9da2f672 by Stefan Metzmacher at 2021-03-17T00:49:32+00:00
smb2_negotiate: maintain xconn->smb2.server.sign_algo
This prepares the negotiation of signing algorithms in future.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
5b648fe9 by Stefan Metzmacher at 2021-03-17T00:49:32+00:00
libcli/smb: add smb2_signing_key_{copy,sign_create,cipher_create}() helpers
These will simplify the callers a lot.
In important part is to also remember the sign and cipher algo ids.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
bba8d34a by Stefan Metzmacher at 2021-03-17T00:49:32+00:00
libcli/smb: make use of smb2_signing_key_{copy,sign_create,cipher_create}() in smbXcli_base.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
da7dcc44 by Stefan Metzmacher at 2021-03-17T00:49:32+00:00
smbd: make use of smb2_signing_key_{copy,sign_create,cipher_create}() helpers
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
2885fbfd by Stefan Metzmacher at 2021-03-17T00:49:32+00:00
smb2_server: use struct smb2_signing_key for first_enc_key and last_sign_key
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
5d4c63d8 by Stefan Metzmacher at 2021-03-17T00:49:32+00:00
libcli/smb: make smb2_signing_key_destructor static
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
7c870761 by Stefan Metzmacher at 2021-03-17T00:49:32+00:00
libcli/smb: no longer pass protocol to smb2_signing_{sign,check}_pdu()
The signing algorithm is already passed via
smb2_signing_key->sign_algo_id.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f65e609f by Stefan Metzmacher at 2021-03-17T00:49:32+00:00
libcli/smb: no longer pass protocol to smb2_signing_{encrypt,decrypt}_pdu()
The cipher algorithm is already passed via
smb2_signing_key->chipher_algo_id.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
452f0cd1 by Stefan Metzmacher at 2021-03-17T00:49:32+00:00
libcli/smb: don't copy the key to a stack variable in smb2_signing_{encrypt,decrypt}_pdu()
The key size should always match now.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a11dab16 by Stefan Metzmacher at 2021-03-17T00:49:32+00:00
libcli/smb: introduce struct struct smb311_capabilities
This will be filled later with supported ciphers and other
things that can be negotiated in SMB >= 3.1.1.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
5b514048 by Stefan Metzmacher at 2021-03-17T00:49:32+00:00
s4:libcli/raw: add smb3_capabilities to struct smbcli_options
Currently this will be zeroed in lpcfg_smbcli_options(),
but will later allow advanced callers to pass values to
smbXcli_conn_create().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c34b86a3 by Stefan Metzmacher at 2021-03-17T00:49:32+00:00
libcli/smb: pass smb3_capabilities to smbXcli_conn_create()
Passing NULL means use none.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c0868882 by Stefan Metzmacher at 2021-03-17T00:49:32+00:00
libcli/smb: introduce struct smb3_encryption_capabilities
This will allow us to control the offered ciphers from the callers
later.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
78549ea0 by Stefan Metzmacher at 2021-03-17T00:49:32+00:00
s3:libsmb: fill in smb3_capabilities.ciphers
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
fe7fe76c by Stefan Metzmacher at 2021-03-17T00:49:32+00:00
s4:param: let lpcfg_smbcli_options() fill smb3_capabilities.ciphers
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
44e76fcc by Stefan Metzmacher at 2021-03-17T00:49:32+00:00
libcli/smb: make use of smb3_capabilities.encryption
This avoids a hardcoded list of possible ciphers.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
30fa5a45 by Stefan Metzmacher at 2021-03-17T00:49:32+00:00
s4:torture/smb2: improve smb2.notify.invalid-reauth
This demonstrates that the session is gone after a failed reauth.
This is different compared to a failing session bind.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
457b9898 by Stefan Metzmacher at 2021-03-17T00:49:32+00:00
s4:torture/smb2: add smb2.session.bind_negative_{smb202,smb210,smb2to3,smb3to2,smb3to3}
'smb2.session.bind_negative_smb202' is similar to the MultipleChannel_Negative_SMB2002 test
from the Windows Protocol Test Suite.
It demonstrates that the server needs to do lookup
in the global session table in order to get the signing
and error code of invalid session setups correct.
In order to work out the details I've added more similar tests.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
341ad1ae by Stefan Metzmacher at 2021-03-17T00:49:32+00:00
s4:torture: add a torture_user2_credentials() helper to pass additional credentials
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
20450089 by Stefan Metzmacher at 2021-03-17T00:49:32+00:00
s4:torture/smb2: add smb2.session.bind_{invalid_auth,different_user}
These demonstrate that a failing bind does not destroy
the existing session and binding with a different user results
in ACCESS_DENIED.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c4bec67f by Stefan Metzmacher at 2021-03-17T00:49:32+00:00
s3:selftest: pass alice credentials to the smb2.session tests for ad_dc
This allows us to test session binds with different users.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
3242a0b0 by Stefan Metzmacher at 2021-03-17T00:49:32+00:00
smbXsrv_session: split out smbXsrv_session_remove_channel()
It will be needed in other places and makes the logic in
smbXsrv_session_disconnect_xconn_callback() much simpler.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14532
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
b8ccd239 by Stefan Metzmacher at 2021-03-17T00:49:32+00:00
smb2_server: fallback global session lookup if the session belongs to a different client
The key is that we need to have the signing key in order to pass the
signing checks and give the correct session bind error status.
This should fix the MultipleChannel_Negative_SMB2002 testcase
of the Windows Protocol Test Suite (FileServer).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reported-by: Jones Syue <jonessyue at qnap.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d95e90fe by Stefan Metzmacher at 2021-03-17T00:49:32+00:00
smb2_sesssetup: don't shutdown a session on failure when it's not valid yet on the connection
If someone tries to operate on a session that is not yet valid on the
current connection and the current session setup fails, then we should
not shutdown the session.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
fd9191fb by Stefan Metzmacher at 2021-03-17T00:49:32+00:00
smb2_sesssetup: only set NT_STATUS_MORE_PROCESSING_REQUIRED if a reauth can start
When the session is not valid on the current connection it should not be
possible to start a reauth.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
7733f98f by Stefan Metzmacher at 2021-03-17T00:49:32+00:00
smb2_sesssetup: a bind dialect mismatch should always result in INVALID_PARAMETER
The ACCESS_DENIED errors happened as we didn't expected to signing
algo is attached to the session key. So our client calculated the
wrong signature.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
4ab1b29d by Stefan Metzmacher at 2021-03-17T00:49:32+00:00
smb2_sesssetup: a session bind with a different user results in ACCESS_DENIED
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
8f43c15f by Stefan Metzmacher at 2021-03-17T01:56:37+00:00
smb2_sesssetup: validate that sign_algo and encryption_cipher match on a session bind
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Mar 17 01:56:37 UTC 2021 on sn-devel-184
- - - - -
1a05b58e by Douglas Bagnall at 2021-03-17T05:57:34+00:00
ldb.h: remove undefined async_ctx function signatures
These functions do not exist.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
b3c56229 by Douglas Bagnall at 2021-03-17T05:57:34+00:00
pdb_samba_dsdb: remove #if 0 block
Doing nothng since 2011
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
80a8d2f1 by Douglas Bagnall at 2021-03-17T05:57:34+00:00
ldb/test/ldb_tdb: correct introductory comments
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
48068a58 by Douglas Bagnall at 2021-03-17T05:57:34+00:00
ldb: improve comments for ldb_module_connect_backend()
There is no flags argument.
There are more URI forms.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
467746da by Douglas Bagnall at 2021-03-17T05:57:34+00:00
knownfail: remove python[23] lines
We no longer run any *python2* or *python3* specific tests, so
these knownfail lines are just clutter.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1c1ff48e by Douglas Bagnall at 2021-03-17T07:03:27+00:00
selftest/flapping: remove python[23] lines
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Mar 17 07:03:27 UTC 2021 on sn-devel-184
- - - - -
45e8c32b by Douglas Bagnall at 2021-03-17T17:10:32+00:00
py/provision: remove unused variable, thence import
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ebad0bcb by Douglas Bagnall at 2021-03-17T17:10:32+00:00
py/provision: provision_become_dc(): remove unused arguments
The only caller is source4/param/provision.c, which doesn't supply these arguments,
and they aren't used inside the function.
This makes it just slightly less overwhelming
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f3309818 by Douglas Bagnall at 2021-03-17T17:10:32+00:00
py bindings: write 'bytes', not 'PY_DESC_PY3_BYTES'
Because it is shorter, clearer, and reduces py3compat.h
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
6e61d032 by Douglas Bagnall at 2021-03-17T17:10:32+00:00
py3compat: remove obsolete comments
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c4f338b7 by Douglas Bagnall at 2021-03-17T17:10:32+00:00
kcc: use py3 compatible sort in rarely visited branch
This won't have worked for some time, but nobody has complained,
because nobody uses DS_NTDSSETTINGS_OPT_IS_RAND_BH_SELECTION_DISABLED
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
94d7378f by Douglas Bagnall at 2021-03-17T17:10:32+00:00
pytests: dns_base: remove a py2 compat thing
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
17c14a45 by Douglas Bagnall at 2021-03-17T17:10:32+00:00
samba-tool: domain tombstones expunge reminds on semi-noop
Sometimes people assume `samba-tool domain tombstones expunge` will
expunge tombstones, but in the general case it won't because it only
affects those that have reached the tombstone lifetime, but these are
likely to have already been deleted by the regularly scheduled task.
You need to set the tombstone lifetime to have much effect.
This patch doesn't change the behaviour, but it does warn the user
that they are probably doing nothing of significance.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
8aef8992 by Douglas Bagnall at 2021-03-17T18:23:04+00:00
py.join: remove unused untested get_naming_master
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Mar 17 18:23:04 UTC 2021 on sn-devel-184
- - - - -
10c19882 by Stefan Metzmacher at 2021-03-17T23:53:04+00:00
third_party: Update socket_wrapper to version 1.3.3
This fixes a deadlock abort() when SOCKET_WRAPPER_KEEP_PCAP=1
is used.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14640
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Wed Mar 17 23:53:04 UTC 2021 on sn-devel-184
- - - - -
12b8dbd0 by Jeremy Allison at 2021-03-18T02:57:08+00:00
s3: tests: Change logfile for printing expansion tests.
logfile=/tmp/$USER_printing_var_exp.log -> logfile="${SELFTEST_TMPDIR}/${USER}_printing_var_exp.log"
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Thu Mar 18 02:57:08 UTC 2021 on sn-devel-184
- - - - -
065ed088 by Ralph Boehme at 2021-03-18T16:52:37+00:00
smbd: reset dangling watch_req pointer in poll_open_done
We just freed subreq and a pointer to subreq is stored in open_rec->watch_req,
so we must invalidate the pointer.
Otherwise if the poll open timer fires it will do a
TALLOC_FREE(open_rec->watch_req);
on the dangling pointer which may crash or do something worse like freeing some
other random talloc memory.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14672
CI: https://gitlab.com/samba-team/samba/-/merge_requests/1843
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
171a58ff by Ralph Boehme at 2021-03-18T16:52:37+00:00
smbd: cancel pending poll open timer in poll_open_done()
The retry of the open is scheduled below, avoid rescheduling it a second time in
the open retry timeout function.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14672
CI: https://gitlab.com/samba-team/samba/-/merge_requests/1843
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
591c9196 by Ralph Boehme at 2021-03-18T18:04:09+00:00
smbd: free open_rec state in remove_deferred_open_message_smb2_internal()
The lifetime of open_rec (struct deferred_open_record) ojects is the time
processing the SMB open request every time the request is scheduled, ie once we
reschedule we must wipe the slate clean. In case the request gets deferred
again, a new open_rec will be created by the schedule functions.
This ensures any timer-event tied to the open_rec gets cancelled and doesn't
fire unexpectedly.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14672
CI: https://gitlab.com/samba-team/samba/-/merge_requests/1843
RN: smbd panic when two clients open same file
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Mar 18 18:04:09 UTC 2021 on sn-devel-184
- - - - -
de3dbfda by David Mulder at 2021-03-18T18:50:28+00:00
gpo: Test Group Policy Host Access Configuration for VGP
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a6cb5b8c by David Mulder at 2021-03-18T18:50:28+00:00
gpo: Apply Group Policy Host Access configuration from VGP
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
76868b50 by David Mulder at 2021-03-18T18:50:28+00:00
samba-tool: Test gpo manage access list command
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
3f3c2b5b by David Mulder at 2021-03-18T18:50:28+00:00
samba-tool: Add a gpo command for listing VGP Host Access Group Policy
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
996a0bd2 by David Mulder at 2021-03-18T18:50:28+00:00
samba-tool: Test gpo manage access add command
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
482046c5 by David Mulder at 2021-03-18T18:50:28+00:00
samba-tool: Add a gpo command for adding VGP Host Access Group Policy
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
90acb3cf by David Mulder at 2021-03-18T18:50:28+00:00
samba-tool: Test gpo manage access remove command
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f1a72fc6 by David Mulder at 2021-03-18T20:02:50+00:00
samba-tool: Add a gpo command for removing VGP Host Access Group Policy
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Mar 18 20:02:50 UTC 2021 on sn-devel-184
- - - - -
e5942a71 by Volker Lendecke at 2021-03-19T07:09:37+00:00
rpcclient: Remove pipe_default_auth globals
We have all information in the binding, we don't need those globals.
In case you're looking for tests: We have the combinations in our
blackbox.rpcclient test. They don't actually check whether we really
do the transport wrapping that is announced, some manual wireshark
inspection showed that this does what it's supposed to do. And it took
a quite bit of tweaking in binding_get_auth_info() to make this
survive "make test TESTS=blackbox.rpcclient".
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
87137e34 by Volker Lendecke at 2021-03-19T07:09:37+00:00
rpcclient: Don't put a port into the epm_map request
That's what the server is supposed to fill in for us
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
3ee8960a by Volker Lendecke at 2021-03-19T07:09:37+00:00
rpcclient: No need to use an object id in epm_map
The interface id we're looking for is listed as floor 0 in the
map_tower argument.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a8ab5ab5 by Volker Lendecke at 2021-03-19T07:09:37+00:00
rpc_client: Factor out rpccli_epm_map_interface() from rpc_pipe_get_tcp_port()
Make it usable for ncalrpc as well
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
0426f11b by Volker Lendecke at 2021-03-19T07:09:37+00:00
rpcclient: Let rpc_pipe_open_ncalrpc() figure out the dst sock itself
Let the epmapper take care of this, with "EPMAPPER" being the default
socket that is connected for registration from ep_register()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
2c6bd3c6 by Volker Lendecke at 2021-03-19T07:09:37+00:00
mdfind: Use cli_rpc_pipe_open_noauth() in mdfind util
For the better or worse, we have a wrapper for NCACN_NP
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
55dba998 by Volker Lendecke at 2021-03-19T07:09:37+00:00
librpc: Simplify dcerpc_binding_dup() with common nomem handling
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
8e54ed5a by Volker Lendecke at 2021-03-19T07:09:37+00:00
rpcclient: Enable ncalrpc: transport
Best reviewed with "git show -b". Right now lsarpc in the nt4_dc
environment is not available over ncalrpc, so instead of getusername
we need to use epmlookup for the rpcclient tests
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
72540222 by Volker Lendecke at 2021-03-19T07:09:37+00:00
lib: Properly return errno from open_socket_in()
Before this patch, open_socket_in() relied on quite a bit of code to
not touch errno after for example socket() returned -1. Change this to
explicitly save errno in "ret", such that a later DEBUG() with all its
formatting code can mess it up.
While there, remove the debuglevel parameter. I don't think this
actually useful.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
cf0c773c by Volker Lendecke at 2021-03-19T08:18:26+00:00
messaging: Fix receiving file descriptors
Don't close unconsumed file descriptors in messaging_recv_cb(). Via
multiple registrations on different tevent contexts we might call
messaging_recv_cb() multiple times: All but the first tevent context
handled in the loop in msg_dgm_ref_recv() will not see file
descriptors anymore, it will just get a -1, even if the first
reference had no receiver interested in the fds.
Change the API such that consumers can set the file descriptor to -1
if it's consumed. If nobody wanted them, do the close where they were
created via recvmsg, in messages_dgm.c.
If you want multiple handlers to consume the file descriptors, you
should dup() them in the filter function handed to
messaging_filtered_read_send and save the duplicate in your private
data for later consumption.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Fri Mar 19 08:18:26 UTC 2021 on sn-devel-184
- - - - -
bda05990 by Jeremy Allison at 2021-03-19T14:15:02+00:00
s3: Remove last vestiges of Tru64 ACL support (missed in earlier patch).
Added WHATSNEW.txt note.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Fri Mar 19 14:15:02 UTC 2021 on sn-devel-184
- - - - -
ec4794b5 by Andreas Schneider at 2021-03-19T18:56:33+00:00
s3:param: Fix segfault trying to add pcap printer without a [printers] share
#0 0x00007fb264e75bea in __GI___wait4 (pid=21966, stat_loc=stat_loc at entry=0x7ffdf83a9bc8, options=options at entry=0, usage=usage at entry=0x0) at ../sysdeps/unix/sysv/linux/wait4.c:30
sc_ret = -512
sc_ret = <optimized out>
#1 0x00007fb264e75bab in __GI___waitpid (pid=<optimized out>, stat_loc=stat_loc at entry=0x7ffdf83a9bc8, options=options at entry=0) at waitpid.c:38
No locals.
#2 0x00007fb264df33a3 in do_system (line=<optimized out>) at ../sysdeps/posix/system.c:172
__result = <optimized out>
_buffer = {
__routine = 0x7fb264df35d0 <cancel_handler>,
__arg = 0x7ffdf83a9bd0,
__canceltype = 0,
__prev = 0x0
}
_avail = 1
cancel_args = {
quit = 0x7fb264f6f200 <quit>,
intr = 0x7fb264f6f2a0 <intr>,
pid = 21966
}
status = -1
ret = 0
pid = 21966
sa = {
__sigaction_handler = {
sa_handler = 0x1,
sa_sigaction = 0x1
},
sa_mask = {
__val = {[0] = 65536, [1] = 94088581545700, [2] = 0, [3] = 0, [4] = 0, [5] = 0, [6] = 0, [7] = 1703897678, [8] = 140404174928432, [9] = 140404179009536, [10] = 0, [11] = 140728768044480, [12] = 140404185491504, [13] = 18446744073709551615, [14] = 100, [15] = 140404180125856}
},
sa_flags = 0,
sa_restorer = 0x7ffdf83a9df0
}
omask = {
__val = {[0] = 7296, [1] = 140404179695051, [2] = 94088578316976, [3] = 140404180018176, [4] = 140404180017664, [5] = 140404185449449, [6] = 140728768044176, [7] = 140404185448599, [8] = 140404185458050, [9] = 100, [10] = 140404180125856, [11] = 7322926704, [12] = 140728768044432, [13] = 140404185491192, [14] = 112, [15] = 100}
}
reset = {
__val = {[0] = 6, [1] = 5372865792, [2] = 94088581545600, [3] = 140728768044624, [4] = 100, [5] = 100, [6] = 101, [7] = 94088581545600, [8] = 140728768044288, [9] = 140404173470464, [10] = 140406703357952, [11] = 94088581545600, [12] = 94088581545600, [13] = 94088581545600, [14] = 94088581545600, [15] = 94088581545700}
}
spawn_attr = {
__flags = 12,
__pgrp = 0,
__sd = {
__val = {[0] = 6, [1] = 5372865792, [2] = 94088581545600, [3] = 140728768044624, [4] = 100, [5] = 100, [6] = 101, [7] = 94088581545600, [8] = 140728768044288, [9] = 140404173470464, [10] = 140406703357952, [11] = 94088581545600, [12] = 94088581545600, [13] = 94088581545600, [14] = 94088581545600, [15] = 94088581545700}
},
__ss = {
__val = {[0] = 7296, [1] = 140404179695051, [2] = 94088578316976, [3] = 140404180018176, [4] = 140404180017664, [5] = 140404185449449, [6] = 140728768044176, [7] = 140404185448599, [8] = 140404185458050, [9] = 100, [10] = 140404180125856, [11] = 7322926704, [12] = 140728768044432, [13] = 140404185491192, [14] = 112, [15] = 100}
},
__sp = {
sched_priority = 0
},
__policy = 0,
__pad = {[0] = 0 <repeats 16 times>}
}
#3 0x00007fb2654289f6 in smb_panic_s3 (why=0x7ffdf83a9fd0 "Signal 11: Segmentation fault") at ../../source3/lib/util.c:839
lp_sub = 0x7fb265461a60 <s3_global_substitution>
cmd = 0x5592b47afe30 "/home/asn/workspace/projects/samba/selftest/gdb_backtrace 21964"
result = 32690
__FUNCTION__ = "smb_panic_s3"
#4 0x00007fb2658f6f09 in smb_panic (why=0x7ffdf83a9fd0 "Signal 11: Segmentation fault") at ../../lib/util/fault.c:197
No locals.
#5 0x00007fb2658f6a39 in fault_report (sig=11) at ../../lib/util/fault.c:81
counter = 1
signal_string = "Signal 11: Segmentation fault\000\000\000\000\240:\370\375\177\000\000\000m?@/\214؊\377\245:\370\375\177\000\000\000m?@/\214؊\000\242:\370\375\177", '\000' <repeats 11 times>, "\242:\370\375\177\000\000\351C\231e\262\177\000\000`\240:\370\375\177\000\000\002:\231e\262\177\000\000Р:\370\375\177\000\000\a\000\000\000\061\000\000"
#6 0x00007fb2658f6a4e in sig_fault (sig=11) at ../../lib/util/fault.c:92
No locals.
#7 <signal handler called>
No locals.
#8 0x00007fb2653762b4 in copy_service (pserviceDest=0x5592b4657940, pserviceSource=0x0, pcopymapDest=0x0) at ../../lib/param/loadparm.c:896
src_ptr = 0x1
dest_ptr = 0x5592b4657941
i = 1
bcopyall = true
data = 0x5592b44a9020
#9 0x00007fb2653e1e16 in add_a_service (pservice=0x0, name=0x5592b4476130 "laserjet1102w") at ../../source3/param/loadparm.c:1486
i = 13
tsp = 0x5592b44a9020
__FUNCTION__ = "add_a_service"
#10 0x00007fb2653e2846 in lp_add_printer (pszPrintername=0x5592b4476130 "laserjet1102w", iDefaultService=-1) at ../../source3/param/loadparm.c:1666
comment = 0x7fb2654339ec "From Printcap"
i = 21906
__FUNCTION__ = "lp_add_printer"
#11 0x00007fb2653e59b8 in lp_add_one_printer (name=0x5592b4476130 "laserjet1102w", comment=0x5592b512d5a0 "HP LaserJet Professional p 1102w, hpcups 3.19.6, requires proprietary plugin", location=0x5592b4476200 "", pdata=0x0) at ../../source3/param/loadparm.c:2988
printers = -1
i = 1700139171
#12 0x00007fb26556112f in printer_list_exec_fn (rec=0x7ffdf83aa7e0, private_data=0x7ffdf83aa9f0) at ../../source3/printing/printer_list.c:446
state = 0x7ffdf83aa9f0
time_h = 0
time_l = 17286
name = 0x5592b4476130 "laserjet1102w"
comment = 0x5592b512d5a0 "HP LaserJet Professional p 1102w, hpcups 3.19.6, requires proprietary plugin"
location = 0x5592b4476200 ""
ret = 100
key = {
dptr = 0x5592b456fdd0 "PRINTERLIST/PRN/LASERJET1102W",
dsize = 30
}
value = {
dptr = 0x5592b456fdee "",
dsize = 100
}
__FUNCTION__ = "printer_list_exec_fn"
#13 0x00007fb2646fc747 in db_tdb_traverse_read_func (tdb=0x5592b5377090, kbuf=..., dbuf=..., private_data=0x7ffdf83aa920) at ../../lib/dbwrap/dbwrap_tdb.c:399
ctx = 0x7ffdf83aa920
rec = {
db = 0x5592b4957500,
key = {
dptr = 0x5592b456fdd0 "PRINTERLIST/PRN/LASERJET1102W",
dsize = 30
},
value = {
dptr = 0x5592b456fdee "",
dsize = 100
},
value_valid = true,
storev = 0x7fb2646fc672 <db_tdb_storev_deny>,
delete_rec = 0x7fb2646fc68b <db_tdb_delete_deny>,
private_data = 0x5592b5249b50
}
#14 0x00007fb26372c08d in ?? () from /usr/lib64/libtdb.so.1
No symbol table info available.
#15 0x00007fb26372c21d in tdb_traverse_read () from /usr/lib64/libtdb.so.1
No symbol table info available.
#16 0x00007fb2646fc7b7 in db_tdb_traverse_read (db=0x5592b4957500, f=0x7fb265561001 <printer_list_exec_fn>, private_data=0x7ffdf83aa9f0) at ../../lib/dbwrap/dbwrap_tdb.c:413
db_ctx = 0x5592b5249b50
ctx = {
db = 0x5592b4957500,
f = 0x7fb265561001 <printer_list_exec_fn>,
private_data = 0x7ffdf83aa9f0
}
#17 0x00007fb2646f83ad in dbwrap_traverse_read (db=0x5592b4957500, f=0x7fb265561001 <printer_list_exec_fn>, private_data=0x7ffdf83aa9f0, count=0x0) at ../../lib/dbwrap/dbwrap.c:412
ret = 0
#18 0x00007fb265560d9b in printer_list_traverse (fn=0x7fb265561001 <printer_list_exec_fn>, private_data=0x7ffdf83aa9f0, read_only=true) at ../../source3/printing/printer_list.c:328
db = 0x5592b4957500
status = {
v = 0
}
#19 0x00007fb2655611cc in printer_list_read_run_fn (fn=0x7fb2653e5970 <lp_add_one_printer>, private_data=0x0) at ../../source3/printing/printer_list.c:464
state = {
fn = 0x7fb2653e5970 <lp_add_one_printer>,
private_data = 0x0,
status = {
v = 0
}
}
status = {
v = 0
}
#20 0x00007fb26555c9e6 in load_printers () at ../../source3/printing/load.c:86
status = {
v = 0
}
__func__ = "load_printers"
#21 0x00007fb265599457 in delete_and_reload_printers () at ../../source3/smbd/server_reload.c:80
n_services = -130372992
pnum = 12
snum = 12
pname = 0x5592b55626f0 "\340=\277\264\222U"
ok = true
pcap_last_update = 17286
frame = 0x5592b4797d70
lp_sub = 0x7fb265461a60 <s3_global_substitution>
__FUNCTION__ = "delete_and_reload_printers"
#22 0x00007fb2655404d7 in delete_and_reload_printers_full (ev=0x5592b44a6940, msg_ctx=0x5592b44a92c0) at ../../source3/printing/queue_process.c:131
session_info = 0x5592b55626f0
pinfo2 = 0x0
lp_sub = 0x7fb265461a60 <s3_global_substitution>
n_services = 13
pnum = -1
snum = 13
pname = 0x5592b45003d0 "\240\247F\264\222U"
sname = 0x7ffdf83aab00 "\200\253:\370\375\177"
status = {
v = 0
}
__FUNCTION__ = "delete_and_reload_printers_full"
#23 0x00007fb265540523 in reload_pcap_change_notify (ev=0x5592b44a6940, msg_ctx=0x5592b44a92c0) at ../../source3/printing/queue_process.c:150
No locals.
#24 0x00007fb265555855 in cups_async_callback (event_ctx=0x5592b44a6940, event=0x5592b5562570, flags=1, p=0x5592b4a9b160) at ../../source3/printing/print_cups.c:571
frame = 0x5592b4e26960
cb_args = 0x5592b4a9b160
tmp_pcap_cache = 0x5592b45003d0
ret_ok = true
pcap_data = {
status = {
v = 0
},
count = 1,
printers = 0x5592b5393800
}
pcap_blob = {
data = 0x5592b47a48e0 "\001",
length = 157
}
ndr_ret = NDR_ERR_SUCCESS
i = 1
__FUNCTION__ = "cups_async_callback"
#25 0x00007fb26548b88c in tevent_common_invoke_fd_handler (fde=0x5592b5562570, flags=1, removed=0x0) at ../../lib/tevent/tevent_fd.c:138
handler_ev = 0x5592b44a6940
#26 0x00007fb265496148 in epoll_event_loop (epoll_ev=0x5592b4a30eb0, tvalp=0x7ffdf83aac50) at ../../lib/tevent/tevent_epoll.c:736
fde = 0x5592b5562570
flags = 1
mpx_fde = 0x0
ret = 1
i = 0
events = {[0] = {
events = 17,
data = {
ptr = 0x5592b5562570,
fd = -1252645520,
u32 = 3042321776,
u64 = 94088595907952
}
}}
timeout = 750000
wait_errno = 0
#27 0x00007fb26549678f in epoll_event_loop_once (ev=0x5592b44a6940, location=0x7fb2657c54e0 "../../source3/printing/queue_process.c:424") at ../../lib/tevent/tevent_epoll.c:937
epoll_ev = 0x5592b4a30eb0
tval = {
tv_sec = 749,
tv_usec = 999054
}
panic_triggered = false
#28 0x00007fb2654930fa in std_event_loop_once (ev=0x5592b44a6940, location=0x7fb2657c54e0 "../../source3/printing/queue_process.c:424") at ../../lib/tevent/tevent_standard.c:110
glue_ptr = 0x5592b44aa700
glue = 0x5592b44aa700
ret = 21906
#29 0x00007fb26548aaf7 in _tevent_loop_once (ev=0x5592b44a6940, location=0x7fb2657c54e0 "../../source3/printing/queue_process.c:424") at ../../lib/tevent/tevent.c:772
ret = 21906
nesting_stack_ptr = 0x0
#30 0x00007fb26548ae1e in tevent_common_loop_wait (ev=0x5592b44a6940, location=0x7fb2657c54e0 "../../source3/printing/queue_process.c:424") at ../../lib/tevent/tevent.c:895
ret = 32690
#31 0x00007fb26549319c in std_event_loop_wait (ev=0x5592b44a6940, location=0x7fb2657c54e0 "../../source3/printing/queue_process.c:424") at ../../lib/tevent/tevent_standard.c:141
glue_ptr = 0x5592b44aa700
glue = 0x5592b44aa700
ret = 32690
#32 0x00007fb26548aec1 in _tevent_loop_wait (ev=0x5592b44a6940, location=0x7fb2657c54e0 "../../source3/printing/queue_process.c:424") at ../../lib/tevent/tevent.c:914
No locals.
#33 0x00007fb265541028 in start_background_queue (ev=0x5592b44a6940, msg_ctx=0x5592b44a92c0, logfile=0x0) at ../../source3/printing/queue_process.c:424
fde = 0x5592b53bcee0
ret = 21906
status = {
v = 0
}
pid = 0
state = 0x5592b4bf3d50
pause_pipe = {[0] = -1, [1] = 48}
__FUNCTION__ = "start_background_queue"
#34 0x00007fb265541154 in printing_subsystem_init (ev_ctx=0x5592b44a6940, msg_ctx=0x5592b44a92c0, dce_ctx=0x5592b44ae3e0, start_daemons=true, background_queue=true) at ../../source3/printing/queue_process.c:457
pid = -1
#35 0x00005592b436b820 in main (argc=5, argv=0x7ffdf83ab2e8) at ../../source3/smbd/server.c:2131
bgq = true
ok = false
is_daemon = true
interactive = false
Fork = false
no_process_group = false
log_stdout = true
ports = 0x0
profile_level = 0x0
opt = -1
pc = 0x5592b4496df0
print_build_options = false
main_server_id = {
pid = 21931,
task_id = 0,
vnn = 4294967295,
unique_id = 7715839874465799134
}
OPT_DAEMON = OPT_DAEMON
OPT_INTERACTIVE = OPT_INTERACTIVE
OPT_FORK = OPT_FORK
OPT_NO_PROCESS_GROUP = OPT_NO_PROCESS_GROUP
OPT_LOG_STDOUT = OPT_LOG_STDOUT
long_options = {[0] = {
longName = 0x0,
shortName = 0 '\000',
argInfo = 4,
arg = 0x7fb2650d9400 <poptHelpOptions>,
val = 0,
descrip = 0x5592b43732e1 "Help options:",
argDescrip = 0x0
}, [1] = {
longName = 0x5592b43732ef "daemon",
shortName = 68 'D',
argInfo = 0,
arg = 0x0,
val = 1000,
descrip = 0x5592b43732f6 "Become a daemon (default)",
argDescrip = 0x0
}, [2] = {
longName = 0x5592b4373310 "interactive",
shortName = 105 'i',
argInfo = 0,
arg = 0x0,
val = 1001,
descrip = 0x5592b4373320 "Run interactive (not a daemon) and log to stdout",
argDescrip = 0x0
}, [3] = {
longName = 0x5592b4373351 "foreground",
shortName = 70 'F',
argInfo = 0,
arg = 0x0,
val = 1002,
descrip = 0x5592b4373360 "Run daemon in foreground (for daemontools, etc.)",
argDescrip = 0x0
}, [4] = {
longName = 0x5592b4373391 "no-process-group",
shortName = 0 '\000',
argInfo = 0,
arg = 0x0,
val = 1003,
descrip = 0x5592b43733a8 "Don't create a new process group",
argDescrip = 0x0
}, [5] = {
longName = 0x5592b43733c9 "log-stdout",
shortName = 83 'S',
argInfo = 0,
arg = 0x0,
val = 1004,
descrip = 0x5592b43733d4 "Log to stdout",
argDescrip = 0x0
}, [6] = {
longName = 0x5592b43733e2 "build-options",
shortName = 98 'b',
argInfo = 0,
arg = 0x0,
val = 98,
descrip = 0x5592b43733f0 "Print build options",
argDescrip = 0x0
}, [7] = {
longName = 0x5592b4373404 "port",
shortName = 112 'p',
argInfo = 1,
arg = 0x7ffdf83ab158,
val = 0,
descrip = 0x5592b4373409 "Listen on the specified ports",
argDescrip = 0x0
}, [8] = {
longName = 0x5592b4373427 "profiling-level",
shortName = 80 'P',
argInfo = 1,
arg = 0x7ffdf83ab150,
val = 0,
descrip = 0x5592b4373437 "Set profiling level",
argDescrip = 0x5592b437344b "PROFILE_LEVEL"
}, [9] = {
longName = 0x0,
shortName = 0 '\000',
argInfo = 4,
arg = 0x7fb2654a8140 <popt_common_samba>,
val = 0,
descrip = 0x5592b4373459 "Common samba options:",
argDescrip = 0x0
}, [10] = {
longName = 0x0,
shortName = 0 '\000',
argInfo = 0,
arg = 0x0,
val = 0,
descrip = 0x0,
argDescrip = 0x0
}}
parent = 0x5592b44addf0
frame = 0x5592b448d6b0
status = {
v = 0
}
ev_ctx = 0x5592b44a6940
msg_ctx = 0x5592b44a92c0
dce_ctx = 0x5592b44ae3e0
server_id = {
pid = 21931,
task_id = 0,
vnn = 4294967295,
unique_id = 5659117256920205400
}
se = 0x5592b44c0f90
profiling_level = 0
np_dir = 0x5592b4f2bdc0 "/home/asn/workspace/projects/samba/st/fl2003dc/ncalrpc/np"
lp_sub = 0x7fb265461a60 <s3_global_substitution>
smbd_shim_fns = {
send_stat_cache_delete_message = 0x7fb26563ba6e <smbd_send_stat_cache_delete_message>,
change_to_root_user = 0x7fb265613e99 <smbd_change_to_root_user>,
become_authenticated_pipe_user = 0x7fb265613f4b <smbd_become_authenticated_pipe_user>,
unbecome_authenticated_pipe_user = 0x7fb265614067 <smbd_unbecome_authenticated_pipe_user>,
contend_level2_oplocks_begin = 0x7fb2656bb8df <smbd_contend_level2_oplocks_begin>,
contend_level2_oplocks_end = 0x7fb2656bb902 <smbd_contend_level2_oplocks_end>,
become_root = 0x7fb2656142cc <smbd_become_root>,
unbecome_root = 0x7fb2656142f5 <smbd_unbecome_root>,
exit_server = 0x7fb2656add55 <smbd_exit_server>,
exit_server_cleanly = 0x7fb2656add72 <smbd_exit_server_cleanly>
}
__FUNCTION__ = "main"
__func__ = "main"
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Mar 19 18:56:33 UTC 2021 on sn-devel-184
- - - - -
c344ade7 by Jeremy Allison at 2021-03-22T18:37:34+00:00
s3: VFS: ceph: cephwrap_create_dfs_pathat() isn't restricted to dirfsp->conn->cwd_fsp anymore.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power<npower at samba.org>
- - - - -
ea5c1535 by Jeremy Allison at 2021-03-22T18:37:34+00:00
s3: VFS: gluster: vfs_gluster_create_dfs_pathat() isn't restricted to dirfsp->conn->cwd_fsp anymore.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
49bcb913 by Jeremy Allison at 2021-03-22T18:37:34+00:00
s3: VFS: full_audit: Log full pathname as smb_full_audit_create_dfs_pathat() isn't restricted to dirfsp->conn->cwd_fsp anymore.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power<npower at samba.org>
- - - - -
8f38f886 by Jeremy Allison at 2021-03-22T18:37:34+00:00
s3: VFS: time_audit: Log full pathname as smb_time_audit_create_dfs_pathat() isn't restricted to dirfsp->conn->cwd_fsp anymore.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power<npower at samba.org>
- - - - -
4af98681 by Jeremy Allison at 2021-03-22T18:37:34+00:00
s3: VFS: default: vfswrap_create_dfs_pathat() isn't restricted to dirfsp->conn->cwd_fsp anymore.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power<npower at samba.org>
- - - - -
d6a16ad0 by Trever L. Adams at 2021-03-22T19:44:30+00:00
s3:modules:vfs_virusfilter: Recent New_VFS changes break vfs_virusfilter_openat.
The_New_VFS introduces several changes that broke vfs_virusfilter_openat. The assert to make sure certain checks would work broke.
This patch fixes those breaks and converts to the SMB_VFS_FSTAT_NEXT instead of SMB_VFS_STAT_NEXT.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14671
RN: vfs_virusfilter_openat support New_VFS FSTAT, avoid SMB_ASSERT(fsp_get_pathref_fd(dirfsp) == AT_FDCWD); problem.
Signed-off-by: Trever L. Adams" <trever.adams at gmail.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
Autobuild-User(master): Noel Power <npower at samba.org>
Autobuild-Date(master): Mon Mar 22 19:44:30 UTC 2021 on sn-devel-184
- - - - -
9bb890a2 by Jeremy Allison at 2021-03-22T21:25:31+00:00
s3: vxfs: Remove unused vxfs_listxattr_path().
Missed when SMB_VFS_LISTXATTR() was removed.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: David Mulder <dmulder at samba.org>
- - - - -
321703fb by Jeremy Allison at 2021-03-22T22:36:05+00:00
s3: vxfs: Remove unused vxfs_setxattr_path().
Missed when SMB_VFS_SETXATTR() was removed.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: David Mulder <dmulder at samba.org>
Autobuild-User(master): David Mulder <dmulder at samba.org>
Autobuild-Date(master): Mon Mar 22 22:36:05 UTC 2021 on sn-devel-184
- - - - -
447ad461 by Rowland Penny at 2021-03-23T15:15:02+00:00
man winbind: Remove untrue statement, you can run winbind without running nmbd.
Signed-off-by: Rowland Penny <rpenny at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Tue Mar 23 15:15:02 UTC 2021 on sn-devel-184
- - - - -
54267890 by Joseph Sutton at 2021-03-23T23:38:38+00:00
netcmd: Add test for an offline backup of a directory containing hardlinks
This test verifies that when performing an offline backup of a domain
where the directories to be backed up contain hardlinks, only one
instance of each file is backed up, and that files in the private
directory take precedence.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14027
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz
- - - - -
f52e6e53 by Joseph Sutton at 2021-03-23T23:38:38+00:00
netcmd: Add test for an offline backup of nested directories
This test verifies that when performing an offline backup of a domain
where one of the directories to be backed up is nested inside another,
the contained files are only included once in the backup.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14027
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz
- - - - -
09995f78 by Joseph Sutton at 2021-03-23T23:38:38+00:00
netcmd: Determine which files are to be copied for an offline domain backup
The old behaviour attempted to check for and remove files with duplicate
names, but did not do so due to a bug, and would have left undetermined
which files were given priority when duplicate filenames were present.
Now when hardlinks are present, only one instance of each file is
chosen, with files in the private directory having priority. If one
backup dir is nested inside another, the files contained in the nested
directory are only added once. Additionally, the BIND DNS database is
omitted from the backup.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14027
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz
- - - - -
05b17c98 by Joseph Sutton at 2021-03-23T23:38:38+00:00
netcmd: Avoid database corruption by opting not to create database files during an offline domain backup
If backup dirs contain hardlinks, the backup process could previously
attempt to open an LMDB database already opened during the backup,
causing it to be recreated as a new TDB database. This commit ensures
that new database files are not created during this operation, and that
the main SamDB database is not modified.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14027
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz
- - - - -
17283de8 by Joseph Sutton at 2021-03-24T00:46:31+00:00
netcmd: Fix typos in offline domain backup test
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed Mar 24 00:46:31 UTC 2021 on sn-devel-184
- - - - -
c9222ab8 by Andreas Schneider at 2021-03-24T00:55:32+00:00
s3:netapi: Implement public libnetapi_get_(username|password) functions
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
44ef7f96 by Andreas Schneider at 2021-03-24T00:55:32+00:00
s3:netapi: Use public getters in remote_machine example
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
bcc3945e by Andreas Schneider at 2021-03-24T00:55:32+00:00
s3:netapi: Use public getters in getjoinableous example
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
e79b067e by Andreas Schneider at 2021-03-24T00:55:32+00:00
s3:netapi: Make 'struct libnetapi_ctx' opaque
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
517f94f5 by Andreas Schneider at 2021-03-24T00:55:32+00:00
s3:netapi: Remove unused ctx->krb5_cc_env
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
7bb70f70 by Andreas Schneider at 2021-03-24T00:55:32+00:00
s3:netapi: Add a cli_credentials pointer to struct libnetapi_ctx
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
9285e64a by Andreas Schneider at 2021-03-24T00:55:32+00:00
s3:netapi: Fill also cli_credentials with netapi setters
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
3506800d by Andreas Schneider at 2021-03-24T00:55:32+00:00
s3:netapi: Get username/password from cli_credentials in netapi.c
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
0aeca4e5 by Andreas Schneider at 2021-03-24T00:55:32+00:00
s3:netapi: Get username/password from cli_credentials in joindomain.c
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
fd78554d by Andreas Schneider at 2021-03-24T00:55:32+00:00
s3:netapi: Use public functions for username/password
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
d94053f9 by Andreas Schneider at 2021-03-24T00:55:32+00:00
s3:netapi: Remove username from 'struct libnetapi_ctx'
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
51d5bebc by Andreas Schneider at 2021-03-24T00:55:32+00:00
s3:netapi: Remove password from 'struct libnetapi_ctx'
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
dd7adbfa by Andreas Schneider at 2021-03-24T00:55:32+00:00
s3:netapi: Remove workgroup from 'struct libnetapi_ctx'
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
67d49ac1 by Andreas Schneider at 2021-03-24T00:55:32+00:00
s3:netapi: Remove use_kerberos from struct libnetapi_ctx
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
3f309393 by Andreas Schneider at 2021-03-24T00:55:32+00:00
s3:netapi: Remove use_ccache from 'struct libnetapi_ctx'
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
ca57356b by Andreas Schneider at 2021-03-24T00:55:32+00:00
s4:lib:cmdline: Rename cli_credentials_set_cmdline_callbacks()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
9e5ac70a by Andreas Schneider at 2021-03-24T00:55:32+00:00
auth:creds: Add command line function for standard password callback
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
4e82150d by Andreas Schneider at 2021-03-24T00:55:32+00:00
auth:creds: Use our own cli_credentials_set_cmdline_callbacks()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
6968a325 by Andreas Schneider at 2021-03-24T00:55:32+00:00
s3:netapi: Get rid of set_cmdline_auth_info_*()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
c871c224 by Andreas Schneider at 2021-03-24T02:07:20+00:00
s3:netapi: Add libnetapi_set_creds()
This will be used by the 'net' command in future!
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
Autobuild-User(master): Günther Deschner <gd at samba.org>
Autobuild-Date(master): Wed Mar 24 02:07:20 UTC 2021 on sn-devel-184
- - - - -
bb3dcd40 by Samuel Cabrero at 2021-03-24T02:08:54+00:00
netcmd: Workaround issue backing up offline domain with lmdb >= 0.9.26
The LMDB change "ITS#9278 fix robust mutex cleanup for FreeBSD" released
in version 0.9.26 makes samba-tool domain backup offline to fail with
the following error:
Failed to connect to 'mdb:///tmp/foo/private/sam.ldb.d/CN=CONFIGURATION,DC=FOO,DC=EXAMPLE,DC=COM.ldb' with backend 'mdb': Unable to load ltdb cache records for backend 'ldb_mdb backend'
module samba_dsdb initialization failed : Operations error
Unable to load modules for /tmp/foo/private/sam.ldb.bak-offline: Unable to load ltdb cache records for backend 'ldb_mdb backend'
ERROR(ldb): uncaught exception - Unable to load ltdb cache records for backend 'ldb_mdb backend'
File "/usr/local/samba/lib64/python3.6/site-packages/samba/netcmd/__init__.py", line 186, in _run
return self.run(*args, **kwargs)
File "/usr/local/samba/lib64/python3.6/site-packages/samba/netcmd/domain_backup.py", line 1147, in run
session_info=system_session(), lp=lp)
File "/usr/local/samba/lib64/python3.6/site-packages/samba/samdb.py", line 72, in __init__
options=options)
File "/usr/local/samba/lib64/python3.6/site-packages/samba/__init__.py", line 114, in __init__
self.connect(url, flags, options)
File "/usr/local/samba/lib64/python3.6/site-packages/samba/samdb.py", line 87, in connect
options=options)
The error occurs opening the backed ldb to write the backup date and the
next SID, a call to pthread_mutex_lock in mdb_txn_renew0 (frame 8) returns
EINVAL:
#0 0x00007ff63c2f1bea in wait4 () from /lib64/libc.so.6
#1 0x00007ff63c26f3a3 in do_system () from /lib64/libc.so.6
#2 0x00007ff63bc71e94 in smb_panic_default (why=0x7ffed481b7d0 "Signal 6: Aborted") at ../../lib/util/fault.c:153
#3 0x00007ff63bc72168 in smb_panic (why=0x7ffed481b7d0 "Signal 6: Aborted") at ../../lib/util/fault.c:200
#4 0x00007ff63bc71c82 in fault_report (sig=6) at ../../lib/util/fault.c:81
#5 0x00007ff63bc71c97 in sig_fault (sig=6) at ../../lib/util/fault.c:92
#6 <signal handler called>
#7 0x00007ff63c2178b5 in raise () from /lib64/libpthread.so.0
#8 0x00007ff637602e65 in mdb_txn_renew0 (txn=txn at entry=0x55d6f97fb800) at mdb.c:2710
#9 0x00007ff637603ae8 in mdb_txn_begin (env=0x55d6f85dfa80, parent=0x0, flags=131072, ret=0x55d6f89c0928)
at mdb.c:2912
#10 0x00007ff6376236cc in lmdb_lock_read (module=0x55d6f8c5f4b0) at ../../lib/ldb/ldb_mdb/ldb_mdb.c:585
#11 0x00007ff637641de6 in ldb_kv_cache_load (module=0x55d6f8c5f4b0) at ../../lib/ldb/ldb_key_value/ldb_kv_cache.c:450
#12 0x00007ff637638792 in ldb_kv_init_store (ldb_kv=0x55d6f8af2a80, name=0x7ff637625675 "ldb_mdb backend",
ldb=0x55d6f8cd22b0, options=0x0, _module=0x7ffed481c248) at ../../lib/ldb/ldb_key_value/ldb_kv.c:2166
#13 0x00007ff6376247ba in lmdb_connect (ldb=0x55d6f8cd22b0,
url=0x55d6f85d41f0 "mdb:///tmp/foo/private/sam.ldb.d/CN=CONFIGURATION,DC=FOO,DC=EXAMPLE,DC=COM.ldb", flags=64,
options=0x0, _module=0x7ffed481c248) at ../../lib/ldb/ldb_mdb/ldb_mdb.c:1143
#14 0x00007ff63bd94d2f in ldb_module_connect_backend (ldb=0x55d6f8cd22b0,
url=0x55d6f85d41f0 "mdb:///tmp/foo/private/sam.ldb.d/CN=CONFIGURATION,DC=FOO,DC=EXAMPLE,DC=COM.ldb",
options=0x0, backend_module=0x7ffed481c248) at ../../lib/ldb/common/ldb_modules.c:221
#15 0x00007ff6375a4baf in new_partition_from_dn (ldb=0x55d6f8cd22b0, data=0x55d6f858bed0, mem_ctx=0x55d6f8a03cd0,
dn=0x55d6f9865450, filename=0x55d6f860b6da "sam.ldb.d/CN=CONFIGURATION,DC=FOO,DC=EXAMPLE,DC=COM.ldb",
backend_db_store=0x55d6f9d378e0 "mdb", partition=0x7ffed481c308)
at ../../source4/dsdb/samdb/ldb_modules/partition_init.c:257
#16 0x00007ff6375a57b9 in partition_reload_if_required (module=0x55d6f8972d10, data=0x55d6f858bed0, parent=0x0)
at ../../source4/dsdb/samdb/ldb_modules/partition_init.c:513
#17 0x00007ff6375a3b04 in partition_read_lock (module=0x55d6f8972d10)
at ../../source4/dsdb/samdb/ldb_modules/partition.c:1492
#18 0x00007ff63bd9631e in ldb_next_read_lock (module=0x55d6f8972d10) at ../../lib/ldb/common/ldb_modules.c:662
#19 0x00007ff637484857 in schema_read_lock (module=0x55d6f9377e40)
at ../../source4/dsdb/samdb/ldb_modules/schema_load.c:614
#20 0x00007ff63bd9631e in ldb_next_read_lock (module=0x55d6f9377e40) at ../../lib/ldb/common/ldb_modules.c:662
#21 0x00007ff6374b5402 in samba_dsdb_init (module=0x55d6f91c3cd0)
at ../../source4/dsdb/samdb/ldb_modules/samba_dsdb.c:483
#22 0x00007ff63bd95283 in ldb_module_init_chain (ldb=0x55d6f8cd22b0, module=0x55d6f91c3cd0)
at ../../lib/ldb/common/ldb_modules.c:363
#23 0x00007ff63bd95645 in ldb_load_modules (ldb=0x55d6f8cd22b0, options=0x0)
at ../../lib/ldb/common/ldb_modules.c:445
#24 0x00007ff63bd90663 in ldb_connect (ldb=0x55d6f8cd22b0,
url=0x7ff6377d98f8 "/tmp/foo/private/sam.ldb.bak-offline", flags=64, options=0x0)
at ../../lib/ldb/common/ldb.c:274
#25 0x00007ff63bddb32f in py_ldb_connect (self=0x7ff63778afc0, args=(), Python Exception <class 'gdb.error'> There is no member named ma_keys.:
kwargs=) at ../../lib/ldb/pyldb.c:1235
Deleting the previous samdb instance by setting it to None before opening the
backed ldb workaround the problem until we find the real problem here.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14676
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d7c11151 by Joseph Sutton at 2021-03-24T02:08:54+00:00
netcmd: Fix opening SamDB database for offline backup
When opening the backed-up SamDB database, open the top-level database
without loading any modules so the backend database files aren't
unnecessarily opened. The domain SID is now fetched from the original
database rather than from the backup.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14676
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
- - - - -
aa347996 by Andreas Schneider at 2021-03-24T02:08:54+00:00
auth:creds: Don't include credentials_internal.h twice
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
bf1c294a by Andreas Schneider at 2021-03-24T03:13:05+00:00
auth:creds: Free the uname pointer in cli_credentials_parse_string()
The data is duplicated and we don't need it anymore.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed Mar 24 03:13:05 UTC 2021 on sn-devel-184
- - - - -
ea4bd2c4 by Douglas Bagnall at 2021-03-24T12:05:32+00:00
CVE-2021-20277 ldb tests: ldb_match tests with extra spaces
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14655
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1fe8c790 by Douglas Bagnall at 2021-03-24T12:05:32+00:00
CVE-2021-20277 ldb/attrib_handlers casefold: stay in bounds
For a string that had N spaces at the beginning, we would
try to move N bytes beyond the end of the string.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14655
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1996b79f by Douglas Bagnall at 2021-03-24T12:05:32+00:00
CVE-2020-27840: pytests:segfault: add ldb.Dn validate test
ldb.Dn.validate wraps ldb_dn_explode.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14595
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
dbb3e65f by Douglas Bagnall at 2021-03-24T12:05:32+00:00
CVE-2020-27840 ldb_dn: avoid head corruption in ldb_dn_explode
A DN string with lots of trailing space can cause ldb_dn_explode() to
put a zero byte in the wrong place in the heap.
When a DN string has a value represented with trailing spaces,
like this
"CN=foo ,DC=bar"
the whitespace is supposed to be ignored. We keep track of this in the
`t` pointer, which is NULL when we are not walking through trailing
spaces, and points to the first space when we are. We are walking with
the `p` pointer, writing the value to `d`, and keeping the length in
`l`.
"CN=foo ,DC= " ==> "foo "
^ ^ ^
t p d
--l---
The value is finished when we encounter a comma or the end of the
string. If `t` is not NULL at that point, we assume there are trailing
spaces and wind `d and `l` back by the correct amount. Then we switch
to expecting an attribute name (e.g. "CN"), until we get to an "=",
which puts us back into looking for a value.
Unfortunately, we forget to immediately tell `t` that we'd finished
the last value, we can end up like this:
"CN=foo ,DC= " ==> ""
^ ^ ^
t p d
l=0
where `p` is pointing to a new value that contains only spaces, while
`t` is still referring to the old value. `p` notices the value ends,
and we subtract `p - t` from `d`:
"CN=foo ,DC= " ==> ? ""
^ ^ ^
t p d
l ~= SIZE_MAX - 8
At that point `d` wants to terminate its string with a '\0', but
instead it terminates someone else's byte. This does not crash if the
number of trailing spaces is small, as `d` will point into a previous
value (a copy of "foo" in this example). Corrupting that value will
ultimately not matter, as we will soon try to allocate a buffer `l`
long, which will be greater than the available memory and the whole
operation will fail properly.
However, with more spaces, `d` will point into memory before the
beginning of the allocated buffer, with the exact offset depending on
the length of the earlier attributes and the number of spaces.
What about a longer DN with more attributes? For example,
"CN=foo ,DC= ,DC=example,DC=com" -- since `d` has moved out of
bounds, won't we continue to use it and write more DN values into
mystery memory? Fortunately not, because the aforementioned allocation
of `l` bytes must happen first, and `l` is now huge. The allocation
happens in a talloc_memdup(), which is by default restricted to
allocating 256MB.
So this allows a person who controls a string parsed by ldb_dn_explode
to corrupt heap memory by placing a single zero byte at a chosen
offset before the allocated buffer.
An LDAP bind request can send a string DN as a username. This DN is
necessarily parsed before the password is checked, so an attacker does
not need proper credentials. The attacker can easily cause a denial of
service and we cannot rule out more subtle attacks.
The immediate solution is to reset `t` to NULL when a comma is
encountered, indicating that we are no longer looking at trailing
whitespace.
Found with the help of Honggfuzz.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14595
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9532c44b by Douglas Bagnall at 2021-03-24T12:05:32+00:00
CVE-2020-27840: pytests: move Dn.validate test to ldb
We had the test in the Samba Python segfault suite because
a) the signal catching infrastructure was there, and
b) the ldb tests lack Samba's knownfail mechanism, which allowed us to
assert the failure.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14595
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
293ab5f2 by Stefan Metzmacher at 2021-03-24T13:11:52+00:00
ldb: bump version to 2.4.0, in order to be used for Samba 4.15
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Wed Mar 24 13:11:52 UTC 2021 on sn-devel-184
- - - - -
42883197 by Björn Jacke at 2021-03-24T20:31:30+00:00
dosmode: retry reading dos attributes as root for unreadable files
if there are files that the user can't access, he is still allowed to read the
dos attributes information, so we need to try reading them as root also.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14654
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
2e608468 by Volker Lendecke at 2021-03-24T20:31:30+00:00
winbindd: Fix a startup race with allocate_gid
If you try to allocate a GID before winbind is fully set up,
idmap_child_handle() is still NULL. Add the required
wb_parent_idmap_setup_send()/recv() to allocate_gid().
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14678
RN: Fix a crash in winbind when allocate-gid is called early
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
249b0e32 by Volker Lendecke at 2021-03-24T20:31:30+00:00
libcli: Add file specific access flags to sddl
See
https://docs.microsoft.com/en-us/windows/win32/secauthz/ace-strings
for reference.
We can only use them for decoding, many of our tests depend on our
string representation of the flags.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
656a3d2e by Volker Lendecke at 2021-03-24T20:31:30+00:00
printing: Passing a fn pointer does not need "&"
Just looked a bit weird and different from all other fn pointer
references in Samba.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
49d0268f by Volker Lendecke at 2021-03-24T20:31:30+00:00
printing: Remove code to upgrade from before b0909cfa14f
I think even back then "printing.tdb" would have just been a stale
tdb that would have been better handled externally. It might have been
a product requirement back then, but I think a startup script and not
core code might have been a better choice to handle this.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ebd5322e by Volker Lendecke at 2021-03-24T20:31:30+00:00
printing: Fix typos
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c93fc0ba by Volker Lendecke at 2021-03-24T20:31:30+00:00
printing: Remove "else" branches, reduce indentation
Best reviewed with "git show -b"
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a90d4597 by Volker Lendecke at 2021-03-24T20:31:30+00:00
printing: Align a few integer types
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a4235cda by Volker Lendecke at 2021-03-24T20:31:30+00:00
vfs_ceph: Fix CID 1474440: Null pointer dereferences
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
7d25dfa6 by Volker Lendecke at 2021-03-24T20:31:30+00:00
nmbd: Fix CID 1474439: Incorrect expression
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
263e6e06 by Volker Lendecke at 2021-03-24T20:31:30+00:00
nmbd: Fix socket cleanup in make_subnet()
We can have -errno in the in those variables
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
313ef6a8 by Volker Lendecke at 2021-03-24T21:28:48+00:00
rpc_client: cli_winreg_spoolss.h references spoolss structs
Add required includes
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Mar 24 21:28:48 UTC 2021 on sn-devel-184
- - - - -
505da46b by Stefan Metzmacher at 2021-03-26T03:04:39+00:00
s3: smbd: Raise debug level when synthetic_pathref() can't find the file.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
7415f712 by Andrew Bartlett at 2021-03-26T03:04:39+00:00
smb.conf: Remove "share backend" option
This is a confusing hold-over from the NTVFS fileserver that never became part of
the merged architecture.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ef8623c1 by Andrew Bartlett at 2021-03-26T03:04:39+00:00
build: Consolidate --with-ntvfs-fileserver into --enable-selftest when building the AD DC
This removes from our configure help a feature which we retain only
to support our selftest system.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
5bc1463a by Andrew Bartlett at 2021-03-26T04:06:41+00:00
build: Consolidate --with-dnsupdate with --with-ads (which implied HAVE_KRB5)
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Mar 26 04:06:41 UTC 2021 on sn-devel-184
- - - - -
942c0d21 by Andrew Bartlett at 2021-03-29T02:12:23+00:00
build: Notice if flex is missing at configure time
This may also fix the coverage build by ensuring --noline
is always specified to flex.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14586
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Mon Mar 29 02:12:23 UTC 2021 on sn-devel-184
- - - - -
359c6bd2 by Mathieu Parent at 2021-03-29T16:18:54+00:00
Rename mdfind to mdsearch
GNUstep as an mdfind binary, and both should be co-instalable.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14431
Signed-off-by: Mathieu Parent <math.parent at gmail.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Björn Baumbach <bb at sernet.de>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Mon Mar 29 16:18:54 UTC 2021 on sn-devel-184
- - - - -
2c194c0b by Stefan Metzmacher at 2021-03-29T19:36:37+00:00
vfs_aio_pthread: don't allow async opens when multi channel is enabled.
We will get this supported later, but for now just disable async
opens as fsp->mid may not belong the first xconn of client->connections.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14449
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e63651cf by Stefan Metzmacher at 2021-03-29T19:36:37+00:00
s4:torture/smb2: make use of torture_reset_lease_break_info() in lease.c
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14449
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1714a05b by Stefan Metzmacher at 2021-03-29T19:36:37+00:00
s4:torture/smb2: make use of torture_reset_break_info() in replay.c
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14449
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
aa5f93eb by Stefan Metzmacher at 2021-03-29T19:36:37+00:00
s4:torture/smb2: add smb2_util_lease_state_string()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14449
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ae1c3a0d by Stefan Metzmacher at 2021-03-29T19:36:37+00:00
s4:torture/smb2: provide verbose output when we're waiting for potential lease/oplock breaks
It makes it easier to follow manual tests.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14449
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f5168a21 by Stefan Metzmacher at 2021-03-29T19:36:37+00:00
s4:torture/smb2: add smb2.replay.dhv2-pending* tests
These demonstrate that the replay detection for pending opens
either doesn't exist (for the share_access=NONE => SHARING_VIOLATION
case) or return the wrong status code => ACCESS_DENIED instead of
FILE_NOT_AVAILABLE.
Windows clients transparently retry after FILE_NOT_AVAILABLE,
while they pass ACCESS_DENIED directly to the application.
I'll report that to dochelp at microsoft.com in order to
clarify the situation.
In the meantime I added tests with a '-windows' suffix,
which demostrate the current windows server behavior,
while the tests with a '-sane' suffix expect the behavior
that whould make windows clients happy.
For Samba I'll implement the '-sane' behavior that
detects all replays and returns FILE_NOT_AVAILABLE
if the original request is still pending.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14449
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
87b80493 by Stefan Metzmacher at 2021-03-29T19:36:37+00:00
s4:torture/smb2: add smb2.session.bind2
This demonstrates that a session and it's open handles is destroyed
when the last explicitly bound channel gets disconnected.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14449
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a1918090 by Stefan Metzmacher at 2021-03-29T19:36:37+00:00
smbXsrv_session: smbXsrv_session_remove_channel() should also remove the last channel
There's nothing special regarding the last channel,
as the smb2.session.bind2 test demonstrates.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14449
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
997e9023 by Stefan Metzmacher at 2021-03-29T19:36:37+00:00
smbXsrv_open: intruduce smbXsrv_open_replay_cache to support FILE_NOT_AVAILABLE
Before processing an open we need to reserve the replay cache entry
in order to signal that we're still in progress.
If a reserved record is already present we need to return
FILE_NOT_AVAILABLE in order to let the client retry again.
[MS-SMB2] contains this:
<152> Section 3.2.5.1: For the following error codes, Windows-based clients
will retry the operation up to three times and then retry the operation every 5
seconds until the count of milliseconds specified by Open.ResilientTimeout is
exceeded:
- STATUS_SERVER_UNAVAILABLE
- STATUS_FILE_NOT_AVAILABLE
- STATUS_SHARE_UNAVAILABLE
This works fine for windows clients, but current windows servers seems to
return ACCESS_DENIED instead of FILE_NOT_AVAILABLE.
A Windows server doesn't do any replay detection on pending opens,
which wait for a HANDLE lease to be broken (because of a
SHARING_VIOLATION), at all.
As this is not really documented for the server part of the current [MS-SMB2],
I found the key hint in "SMB 2.2: Bigger. Faster. Scalier - (Parts 1 and 2)"
on page 24. There's a picture showing that a replay gets FILE_NOT_AVAILABLE
as long as the original request is still in progress. See:
https://www.snia.org/educational-library/smb-22-bigger-faster-scalier-parts-1-and-2-2011
A Windows client is unhappy with the current windows server behavior if it
such a situation happens. There's also a very strange interaction with oplock
where the replay gets SHARING_VIOLATION after 35 seconds because it conflicts with
the original open.
I think it's good to follow the intial design from the 2011 presentation and
make the clients happy by using FILE_NOT_AVAILABLE (and differ from Windows).
I'll report that to dochelp at microsoft.com in order to get this hopefully fixed in
their server too).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14449
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
01b675ab by Stefan Metzmacher at 2021-03-29T19:36:37+00:00
smb2_server: let smbd_smb2_flush_send_queue() destroy pending elements on dead connection
Otherwise we'll keep the state of already finished requests arround.
This becomes critical as the next commit will cause us to
let pending requests running and keep the xconn alive for
the lifetime of pending requests, so we would not ever
make progress and deadlock.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14449
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f0e55378 by Stefan Metzmacher at 2021-03-29T19:36:37+00:00
smb2_server: don't cancel pending request if at least one channel is still alive
In order to allow replays of requests on a channel failure, we should
not cancel pending requests, the strategie that seems to make windows
clients happy is to let the requests running and return
NT_STATUS_FILE_NOT_AVAILABLE as long as the original request is still
pending.
Here we introduce xconn->transport.shutdown_wait_queue, this is used
to keep the xconn alive for the lifetime of pending requests.
Now we only cancel pending requests if the disconnected connection
is the last channel for a session.
In that case smbXsrv_session_remove_channel() and
smb2srv_session_shutdown_send() will take care of it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14449
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d4010b9a by Stefan Metzmacher at 2021-03-29T19:36:37+00:00
smbXsrv_session: always cancel pending requests in smb2srv_session_shutdown_send() in the same way
The session is valid for the lifetime of the requests anyway
and there's no point in having special handling for compound requests..
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14449
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
b448eae5 by Stefan Metzmacher at 2021-03-29T20:43:28+00:00
smb2_tcon: also try to cancel pending compound requests on tdis
There's no reason to do something special here.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14449
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon Mar 29 20:43:28 UTC 2021 on sn-devel-184
- - - - -
1432314f by Gary Lockyer at 2021-03-29T23:19:24+00:00
libcli smb smb2: Use correct enumeration type
Clang gives the following error:
../../libcli/smb/smb2_signing.c:547:48: error:
implicit conversion from enumeration type 'gnutls_mac_algorithm_t'
to different enumeration type 'gnutls_digest_algorithm_t'
[-Werror,-Wenum-conversion]
const size_t digest_len = gnutls_hash_get_len(GNUTLS_MAC_SHA256);
~~~~~~~~~~~~~~~~~~~ ^~~~~~~~~~~~~~~~~
Should be using GNUTLS_DIG_SHA256, which is set to GNUTLS_MAC_SHA256.
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Gary Lockyer <gary at samba.org>
Autobuild-Date(master): Mon Mar 29 23:19:24 UTC 2021 on sn-devel-184
- - - - -
b2ee40b5 by Douglas Bagnall at 2021-03-29T23:20:37+00:00
dns common: always check a talloc NULL.
Also, since we're there, avoid sorting an array of 1 element.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
2b9279bd by Douglas Bagnall at 2021-03-29T23:20:37+00:00
dns: add common dns_timestamp util functions
The dns structs have an unsigned 32 bit timestamp in hours since the
beginning of 1601. In a number of places we need to convert from unix
time to this timestamp, or from the timestamp to NTTIME.
You'll see subsequent patches that make use of these functions.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
146c23fb by Douglas Bagnall at 2021-03-29T23:20:37+00:00
pydns: expose dns timestamp utils to python, and test
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a32c229b by Douglas Bagnall at 2021-03-29T23:20:37+00:00
dns: use unix_to_dns_timestamp almost everywhere
In places we change NTTIME to uint32_t, because that is what is
actually wanted.
There is one instance of the calculation that we are not changing,
because there are other problems there.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f1b59e8c by Douglas Bagnall at 2021-03-29T23:20:37+00:00
dsdb/scavange dns: reserve NTTIME type for NTTIME values
We know it "really" just means uint64_t, but we also know it means
100-nanosecond intervals since 1601, and that makes any other use very
confusing (and not just to me, or there wouldn't be these bugs we're
chasing).
In these cases we are talking about 32 bit hours-since-1601 timestamps.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
59f45fa7 by Douglas Bagnall at 2021-03-29T23:20:37+00:00
dsdb/dns scavange: make a helper function static
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
820c7355 by Douglas Bagnall at 2021-03-29T23:20:37+00:00
pytest/dns: remove redundant argument
We are always setting zone to the same thing which we already know,
and we can reduce cognative stress by mentioning it less and not doing
that weird pop thing.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
49f434ca by Douglas Bagnall at 2021-03-29T23:20:37+00:00
pytest/dns: use self.assertIn() and .assertNotIn()
These give a more detailed message than assertTrue(x in y).
They were new in Python 3.1, so we avoided them until recently.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
5f4b7390 by Douglas Bagnall at 2021-03-29T23:20:37+00:00
pytest/dnsserver: extend record_type_int to all types
with improved diagnostics on bad arguments
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
162e6fb2 by Douglas Bagnall at 2021-03-29T23:20:37+00:00
librpc/idl: dnsp tombstone timestamp name matches MS-DNSP
MS-DNSP uses the term "EntombedTime" in e.g. "2.2.2.2.4.23 DNS_RPC_RECORD_TS"
which is more descriptive than the generic "timestamp", and less likely to be
confused with dwTimestamp, which has been our curse. Let's make it grep-able,
google-able, and evocative.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d1c47d0c by Douglas Bagnall at 2021-03-30T00:20:53+00:00
rpc/idl dnsserver s/DNS_RPC_DATA/DNS_RPC_RECORD_DATA/
Following MS-DNSP.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Mar 30 00:20:53 UTC 2021 on sn-devel-184
- - - - -
dc05cdb1 by Andreas Schneider at 2021-03-30T05:48:37+00:00
s3:libnetapi: Remove unused header file
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
c8e477ed by Andreas Schneider at 2021-03-30T05:48:37+00:00
s3:utils: Fix net_context_creds() with machine password
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
29f5372f by Andreas Schneider at 2021-03-30T05:48:37+00:00
s3:utils: Use libnetapi_set_creds() in net_rpc
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
ccfb682f by Andreas Schneider at 2021-03-30T05:48:37+00:00
s3:utils: Use libnetapi_set_creds() in net_rpc_shell
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
2bfe37e0 by Andreas Schneider at 2021-03-30T05:48:37+00:00
s3:utils: Use libnetapi_set_creds() in net_dom
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
2cab43cf by Andreas Schneider at 2021-03-30T05:48:37+00:00
s3:passdb: Add secrets_store_creds()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
db95414c by Andreas Schneider at 2021-03-30T05:48:37+00:00
s3:utils: Use secrets_store_creds() in net utility
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
140007bf by Andreas Schneider at 2021-03-30T06:48:18+00:00
s3:utils: The 'net ads keytab' commands should use machine credentials
If the user doesn't specify a username/password on the command line, we
should use the machine credentials to connect to AD. This is how it is
used by default and we should be able to retrieve SPNs.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Tue Mar 30 06:48:18 UTC 2021 on sn-devel-184
- - - - -
56483a27 by Douglas Bagnall at 2021-03-30T17:53:30+00:00
ldb-samba: avoid leak in dsdb_match_for_dns_to_tombstone_time
After the first time through the loop, tmp_ctx has been freed and
NULLed, so we end up allocating on NULL and never freeing.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14659
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
42148604 by Douglas Bagnall at 2021-03-30T17:53:30+00:00
ldb-samba: avoid VLA in dsdb match dns tombstone
We don't need it (only 64 bytes) and, well, they annoy people.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
9cff0a0c by Douglas Bagnall at 2021-03-30T18:55:28+00:00
ldb-samba: remove redundant negative check
smb_strtoull() already checks for negative numbers, but does
it properly, catching " -2" as well as "-2".
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Mar 30 18:55:28 UTC 2021 on sn-devel-184
- - - - -
c7762a2b by Jeremy Allison at 2021-03-30T19:16:34+00:00
s3: torture: Add a test for setting and getting ACLs on stream handles (SMB2-STREAM-ACL).
It shows this isn't done correctly for streams_xattr.
A common config is:
vfs_objects = streams_xattr acl_xattr
to store both streams and Windows ACLs in xattrs.
Unfortunately getting and setting ACLs using handles
opened on stream files isn't being done correctly
in Samba.
This test passes against Windows 10.
This adds tests that prove this doesn't work. Next
patch will add the fix and remove the knownfail.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
ff48422e by Jeremy Allison at 2021-03-30T20:14:35+00:00
s3: smbd: Fix SMB_VFS_FGET_NT_ACL/SMB_VFS_FSET_NT_ACL on stream handles.
As this is done on existing files, we know that
fsp->base_fsp != NULL and fsp->base_fsp->fh->fd != -1
(i.e. it's a pathref fd) for stream handles.
When getting and setting ACLs on stream handles,
use the fsp->base_fsp instead (as Windows does).
This not only fixes streams_xattr, but will
allow us to later analyze and remove all
special casing code for get/set ACLs on streams
handles.
Remove the knownfail.d/stream-acl file.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Mar 30 20:14:35 UTC 2021 on sn-devel-184
- - - - -
8d9a0b8d by Jeremy Allison at 2021-03-31T05:12:37+00:00
s4: torture. Add smb2.lease.rename_wait test to reproduce regression in delay rename for lease break code.
Passes against Windows 10. Add to knownfail, the
next commit will fix this.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14679
CI: https://gitlab.com/samba-team/samba/-/merge_requests/1875
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
10d75386 by Ralph Boehme at 2021-03-31T06:13:39+00:00
s3: smbd: fix deferred renames
This was broken by c7a9e0e4cdfb22e66533b5c8e20af3cfdb8ae78c.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14679
CI: https://gitlab.com/samba-team/samba/-/merge_requests/1875
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at amba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Wed Mar 31 06:13:39 UTC 2021 on sn-devel-184
- - - - -
4c3fb2a5 by Ralph Boehme at 2021-03-31T11:11:31+00:00
pidl: set the per-request memory context in the pidl generator
The talloc memory context referenced by the pipe_struct mem_ctx member is used
as talloc parent for RPC response data by the RPC service implementations..
In Samba versions up to 4.10 all talloc children of p->mem_ctx were freed after
a RPC response was delivered by calling talloc_free_children(p->mem_ctx). Commit
60fa8e255254d38e9443bf96f2c0f31430be6ab8 removed this call which resulted in all
memory allocations on this context not getting released, which can consume
significant memory in long running RPC connections.
Instead of putting the talloc_free_children(p->mem_ctx) back, just use the
mem_ctx argument of the ${pipename}_op_dispatch_internal() function which is a
dcesrv_call_state object created by dcesrv_process_ncacn_packet() and released
by the RPC server when the RPC request processing is finished.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14675
CI: https://gitlab.com/samba-team/samba/-/merge_requests/1861
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
481176ec by Ralph Boehme at 2021-03-31T11:11:31+00:00
spools: avoid leaking memory into the callers mem_ctx
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14675
CI: https://gitlab.com/samba-team/samba/-/merge_requests/1861
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
12f516e4 by Volker Lendecke at 2021-03-31T12:14:01+00:00
rpc_server3: Fix a memleak for internal pipes
state->call should not be talloc'ed off a long-lived context
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14675
CI: https://gitlab.com/samba-team/samba/-/merge_requests/1861
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Wed Mar 31 12:14:01 UTC 2021 on sn-devel-184
- - - - -
1b183f57 by Andreas Schneider at 2021-03-31T21:20:23+00:00
selftest: Allow to set the 'log level' for clients
This allows to set the 'log level' for clients on the command line:
make test TESTS=wurst CLIENT_LOG_LEVEL=10
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Mar 31 21:20:23 UTC 2021 on sn-devel-184
- - - - -
97e657b8 by Joseph Sutton at 2021-04-01T17:50:49+00:00
asn1: Remove unused function asn1_check_enumerated()
This function was reported as containing a bug, but it is unused and so
can be safely removed.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=4153
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: David Mulder <dmulder at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Apr 1 17:50:49 UTC 2021 on sn-devel-184
- - - - -
74720bd9 by Volker Lendecke at 2021-04-01T19:32:36+00:00
lib: Add required includes to source3/lib/background.h
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
cabd67d6 by Volker Lendecke at 2021-04-01T19:32:36+00:00
lib: Fix rundown of jobs sent with background_job_send()
When using this with a trigger message in smbd it will crash at
rundown in messaging_deregister because the global messaging context
can be TALLOC_FREE'ed before the background job is freed.
Using messaging_filtered_send already takes care of this situation
properly.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
6f4e6fc6 by Volker Lendecke at 2021-04-01T19:32:36+00:00
test: Add a test for background_job_send crash
I haven't figured out how to properly add a crashing test to
"knownfail", so this is added after the fix.
Signed-off-by: Volker Lendecke <vl at samba.org>
- - - - -
23056f53 by Volker Lendecke at 2021-04-01T19:32:36+00:00
smbd: Factor out a bool expr into a descriptive variable
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
6a667648 by Volker Lendecke at 2021-04-01T19:32:36+00:00
printing: Align integer types
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
206c99f6 by Volker Lendecke at 2021-04-01T19:32:36+00:00
srv_winreg: Align integer types
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
4e174b5a by Volker Lendecke at 2021-04-01T19:32:36+00:00
dynconfig: Introduce and expose SAMBA_LIBEXECDIR
Right now the smbspool_krb5_wrapper lives there, but we'll have more
in the future.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
0736a9f5 by Volker Lendecke at 2021-04-01T19:32:36+00:00
wbinfo: Allow SID for -R
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
3a03c0a1 by Volker Lendecke at 2021-04-01T19:32:36+00:00
tstream_npa: Keep "named_pipe_auth_req" around in tstream_npa_accept_existing_send()/recv()
This will make it simpler to return a copy of the struct
named_pipe_auth_req_info4 in the next commit.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
bbfdf270 by Volker Lendecke at 2021-04-01T19:32:36+00:00
tstream_npa: Return named_pipe_auth_req_info4 from accept_existing
Callers might want the full picture. We need to make
named_pipe_auth_req_info4 public for that.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1b47dd65 by Volker Lendecke at 2021-04-01T19:32:36+00:00
tstream_npa: Allow NULL output parameters
When reading the info4, the substructs might not be interesting for
you.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e742661b by Volker Lendecke at 2021-04-01T20:36:19+00:00
tstream: Add tstream_npa_existing_stream()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Apr 1 20:36:19 UTC 2021 on sn-devel-184
- - - - -
11aac9d0 by Ralph Boehme at 2021-04-06T14:39:46+00:00
smbd: reduce loglevel for failed openat_pathref_fsp() calls
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14685
CI: https://gitlab.com/samba-team/samba/-/merge_requests/1884
RN: Log clutter from filename_convert_internal()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Tue Apr 6 14:39:46 UTC 2021 on sn-devel-184
- - - - -
49a0f617 by Samuel Cabrero at 2021-04-06T15:54:54+00:00
oss-fuzz: Update build script to be compatible with rpm distros
The /etc/default/locale file does not exists in the rpm family distros
so the do_build.sh script failed with:
./lib/fuzzing/oss-fuzz/do_build.sh: line 31: /etc/default/locale: No
such file or directory
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: David Mulder <dmulder at samba.org>
Autobuild-User(master): Samuel Cabrero <scabrero at samba.org>
Autobuild-Date(master): Tue Apr 6 15:54:54 UTC 2021 on sn-devel-184
- - - - -
30e0cac4 by Volker Lendecke at 2021-04-06T22:29:33+00:00
rpc_server: tstream_npa_connect_recv() returns errno into sys_errno
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
57246e1f by Volker Lendecke at 2021-04-06T22:29:34+00:00
winbindd: Avoid deadlock in sam_name_to_sid()
"Unix Users" and "Unix Groups" can recurse into nsswitch and thus into
winbind. In the binding process, we have winbindd_off(), but if we
pass the lookupNames request to a forked lsad, lsad does not
necessarily have that setting. So lsad might turn back to winbind,
which could lead to a deadlock. Handle the nsswitch lookups in
winbind.
While there, also do the simple wellknown names and the "DOMAIN\" type
3 lookups directly in winbind.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c06be36e by Volker Lendecke at 2021-04-06T22:29:34+00:00
winbindd: Use samr instead of lsa in sam_name_to_sid()
After the "Unix Users/Groups" and wkn names have been taken care of,
all that remains here is our domain (BUILTIN or workgroup). We don't
need any of the fancy routing in lsa_lookupnames, and samr_LookupNames
is a lot less prone to deadlocks back into winbind.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
82e30f32 by Volker Lendecke at 2021-04-06T22:29:34+00:00
winbindd: Make sam_sid_to_name use samr instead of lsa
Same argument as with name_to_sid: We don't need the lsa lookup
routing, and samr is less prone to deadlocking.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
bf1012ee by Volker Lendecke at 2021-04-06T22:29:34+00:00
winbindd: Use samr in sam_rids_to_names() instead of lsa
Same argument as with previous patches: We don't need fancy lsa
routing and samr is less prone to deadlock back into winbind
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
02eef74e by Volker Lendecke at 2021-04-06T22:29:34+00:00
winbindd: Remove unused code
Those calls were only used in winbindd_samr which now does direct and
simpler samr calls.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
69a3d0fa by Volker Lendecke at 2021-04-06T22:29:34+00:00
gensec: Remove gensec_security_all(), it was only used internally
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
8945d997 by Volker Lendecke at 2021-04-06T22:29:34+00:00
rpc: Give dcerpc_util.c its own header
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
4d3b6506 by Volker Lendecke at 2021-04-06T23:33:14+00:00
librpc: Remove the gensec dependency from library dcerpc-binding
This means yet another library, but having to depend on gensec just
for dcerpc_parse_binding() and basic packet parsing seems like a bit
overkill to me.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Apr 6 23:33:14 UTC 2021 on sn-devel-184
- - - - -
ff1c3af6 by Martin Schwenke at 2021-04-07T02:17:34+00:00
build: Only add -Wl,--as-needed when supported
If -Wl,--as-needed is added to EXTRA_LDFLAGS (via ADD_LDFLAGS, as per
commit 996560191ac6bd603901dcd6c0de5d239e019ef4) then on some
platforms (at least CentOS 8 and Fedora 33), any indirect/recursive
dependencies (i.e. private libraries) are added to both the
binary (reqid_test in the CTDB case) and to samba-util.so. However,
only samba-util.so has rpath set to find private libraries.
When ld.so tries to resolve these dependencies for the binary it
fails. This may be a bug on those platforms, but it occurs reliably
and our users will also hit the bug. For binaries that have other
private library dependencies (e.g. bundled talloc) rpath will contain
the private library directory so the duplicate private library
dependencies are then found... that is, when it works, it works by
accident!
For some reason (deep in waf or wafsamba) if -Wl,--as-needed is added to
LINKFLAGS (as is done in conf.add_as_needed()) then it works: the direct
dependencies are only added to samba-util.so and the same depenencies
(indirect dependencies for binaries) are not added incorrectly to the
binaries.
So, without changing 1/2 of waf/wafsamba the simplest fix is to revert
to adding -Wl,--as-needed to LINKFLAGS, which was the case before
commit 996560191ac6bd603901dcd6c0de5d239e019ef4.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14288
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Bjoern Jacke <bj at sernet.de>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2b2f4f51 by Douglas Bagnall at 2021-04-07T02:17:34+00:00
ldb: fix ldb_comparison_fold off-by-one overrun
We run one character over in comparing all the bytes in two ldb_vals.
In almost all circumstances both ldb_vals would have an allocated '\0'
in the overrun position, but it is best not to rely on that.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
24ddc1ca by Douglas Bagnall at 2021-04-07T03:16:39+00:00
ldb/attrib_handler casefold: simplify space dropping
As seen in CVE-2021-20277, ldb_handler_fold() has been making mistakes
when collapsing spaces down to a single space.
This patch fixes the way it handles internal spaces (CVE-2021-20277
was about leading spaces), and involves a rewrite of the parsing loop.
The bug has a detailed description of the problem.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14656
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed Apr 7 03:16:39 UTC 2021 on sn-devel-184
- - - - -
05d70f92 by Joseph Sutton at 2021-04-07T09:18:30+00:00
provision tests: Add test for the CryptSHA256 and CryptSHA512 password hashing schemes
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14621
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
88b3d344 by Joseph Sutton at 2021-04-07T09:18:30+00:00
s4:dsdb/password_hash: Don't generate crypt() password for krbtgt account
Since the length of the krbtgt password after conversion to UTF-8 form is
typically greater than the maximum accepted by crypt(), the call usually
fails. This commit disables generation of crypt() passwords for this specific
account, as it's not necessary.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14621
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
609ca657 by Joseph Sutton at 2021-04-07T09:18:30+00:00
provision: Decrease the length of random machine passwords
The current length of 128-255 UTF-16 characters currently causes
generation of crypt() passwords to typically fail. This commit
decreases the length to 120 UTF-16 characters, which is the same as
that used by Windows.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14621
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0730b936 by Joseph Sutton at 2021-04-07T09:18:30+00:00
s4:dsdb/password_hash: Add additional check for crypt() and crypt_r() failure
While crypt_rn() always returns a null pointer in the event of
failure, crypt() and crypt_r() may instead return a string starting
with the character '*'. This commit adds a check to detect failure in
this case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14621
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e656d8b1 by Joseph Sutton at 2021-04-07T09:18:30+00:00
provision tests: Add a test for hashing overly long passwords
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14621
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
de28d915 by Joseph Sutton at 2021-04-07T09:18:30+00:00
s4:dsdb/password_hash: Add a more useful error message for passwords too long to be hashed
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14621
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1e559f95 by Samuel Cabrero at 2021-04-07T09:18:30+00:00
selftest: Test RPC handles and association groups from different connection
Add a test to check if a RPC handle can be used from a different connection
than the one where it was created, when the same association group is
requested in the bind operation of the second connection.
The association group handling is one of the differences between the S3
and S4 RPC server implementations provided by the implementation
callbacks after the merge.
Association groups work fine in the S4 implementation as the RPC server
runs in one process, except for the 'smbd' embedded services provided
by the S3 implementation like winreg (see lp_enforce_ad_dc_settings()).
In the S3 implementation, association groups should work in the same
process, but the merge introduced a bug where a new association group is
always created even when it already exists in the same process.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
f5178ef1 by Samuel Cabrero at 2021-04-07T09:18:30+00:00
s3: rpc_server: Search for already created association groups
If the client requests to join to an association group in the bind operation
try to find it and do not create a new one.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
aac8be54 by Samuel Cabrero at 2021-04-07T09:18:30+00:00
s3: rpc_server: Store new association groups in the id tree
Right now a new association group is created for each connection
assigning the legacy 0x53F0 id, but it is not stored anywhere. When a
second client request to join an association group by its id it is not
found and a new one is created with the same ID.
In practise, it means the association groups are not working even in the
same server process.
This commit stores the created association group in the idtree, but to
make use of it assigns a random id instead of the historical 0x53F0.
The test assoc_group_ok2 was wrongly passing before this change because
the same id 0x53F0 was assigned to all association groups.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
4d5fb7d2 by Bernd Kuhls at 2021-04-07T09:18:30+00:00
dcesrv_core: fix build
Move include of system/network.h to avoid a build error:
In file included from ../../lib/replace/system/network.h:35,
from ../../librpc/rpc/dcesrv_core.c:2658:
usr/include/unistd.h: At top level:
usr/include/unistd.h:675:16: error: conflicting types for ‘geteuid’
675 | extern __uid_t geteuid (void) __THROW;
Signed-off-by: Bernd Kuhls <bernd.kuhls at t-online.de>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3e531bb8 by Joseph Sutton at 2021-04-07T09:18:30+00:00
auth/credentials: Add test for binding with a domain SID
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10319
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
6b575838 by Joseph Sutton at 2021-04-07T09:18:30+00:00
cracknames: Add support for SID string format
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10319
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
7679995b by Joseph Sutton at 2021-04-07T09:18:30+00:00
auth/credentials: Add test for binding with a canonical name
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
7c2b26a4 by Joseph Sutton at 2021-04-07T09:18:30+00:00
auth/credentials: Add test for binding with an extended canonical name
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
c08f174c by Joseph Sutton at 2021-04-07T09:18:30+00:00
cracknames: Allow auto-conversion from an extended canonical name
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
2f0ef147 by Joseph Sutton at 2021-04-07T10:24:17+00:00
auth/credentials: Remove unneeded try/except syntax
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed Apr 7 10:24:17 UTC 2021 on sn-devel-184
- - - - -
eb3a578b by Jeremy Allison at 2021-04-07T14:36:37+00:00
s3: torture: Add an SMB1 POSIX specific test POSIX-SYMLINK-PARENT.
This creates a directory, then a symlink to a directory,
and then checks we can POSIX create and delete file, directory,
symlink and hardlink filesystem objects under the symlink
parent directory.
Mark as knownfail until next commit.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
d590d913 by Jeremy Allison at 2021-04-07T15:39:45+00:00
s3: smbd: Fix parent_pathref() to cope with symlink parents.
We know that the parent name must
exist, and the name has been canonicalized
even if this was a POSIX pathname.
Ensure that we follow symlinks for
the parent. See the torture test
POSIX-SYMLINK-PARENT for details.
Remove knownfail entry.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Wed Apr 7 15:39:45 UTC 2021 on sn-devel-184
- - - - -
9f80f787 by Jeremy Allison at 2021-04-07T16:26:28+00:00
VFS: nfs4acl_xattr: Ensure nfs4acl_get_blob() always gets a valid fsp pointer.
This means adding a synthetic_pathref() call into the
nfs4acl_xattr version of SMB_VFS_GET_NT_ACL_AT() which
is the pathname-based ACL fetch call.
One place where this (smb_fname->fsp == NULL)
can happen is from open when checking parent
directory ACL - check_parent_access() currently
isn't always passed a smb_fname with a valid
fsp and check_parent_access() currently doesn't
open a pathref smb_fname->fsp itself (eventually
it should be passed in a pathref from the caller).
There are also a few other places inside smbd
that call smbd_check_access_rights() also without
a pathref fsp.
This check should be moved into the
callers inside smbd to ensure that smb_fname->fsp
is always valid here, and in a later patchset (not
part of this set) I will do just that.
Ultimately it may be possible to remove
pathname based SMB_VFS_GET_NT_ACL_AT(), this
requires further investigation.
But until then, we need this change.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
b094144a by Jeremy Allison at 2021-04-07T16:26:28+00:00
VFS: nfs4acl_xattr: Ensure remove smb_fname argument from nfs4acl_get_blob().
Now we know we always have a valid fsp, use it.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
a2fd9df1 by Jeremy Allison at 2021-04-07T16:26:28+00:00
VFS: nfs4acl_xattr: Change nfs4acl_validate_blob() to use the fsp instead of the name.
Changes use of SMB_VFS_REMOVEXATTR() -> SMB_VFS_FREMOVEXATTR().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
ea1b763b by Jeremy Allison at 2021-04-07T16:26:28+00:00
VFS: ceph: Allow cephwrap_fremovexattr() to cope with pathref fsps.
Ensure it only uses an io fd for a handle based call.
Otherwise fall back to pathname based. This is the same as the
fallback used in vfs_default.c
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
0c335a32 by Jeremy Allison at 2021-04-07T16:26:28+00:00
VFS: gluster: Allow vfs_gluster_fremovexattr() to cope with pathref fsps.
Ensure it only uses an io fd for a handle based call.
Otherwise fall back to pathname based. This is the same as the
fallback used in vfs_default.c
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
bee6b16c by Jeremy Allison at 2021-04-07T16:26:28+00:00
VFS: fake_acls: Clean up fake_acls_sys_acl_delete_def_file().
Change SMB_VFS_NEXT_REMOVEXATTR() -> SMB_VFS_NEXT_FREMOVEXATTR().
It doesn't need to do STAT calls, it's always called
with an fsp->fsp_name smb_filename. This will change
later to a handle-based call.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
4d978b94 by Jeremy Allison at 2021-04-07T16:26:28+00:00
lib: adouble: Use FREMOVEXATTR in preference to REMOVEXATTR.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
f6cd9a54 by Jeremy Allison at 2021-04-07T16:26:28+00:00
VFS: streams_xattr: In streams_xattr_renameat(), change SMB_VFS_REMOVEXATTR() -> SMB_VFS_FREMOVEXATTR().
Note that now we're doing this by handle
not by pathname we must do it on the base_fsp,
as we have to remove the actual xattr on the base file.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
3b0778be by Jeremy Allison at 2021-04-07T16:26:28+00:00
VFS: posixacl_xattr: In posixacl_xattr_acl_delete_def_file() change SMB_VFS_REMOVEXATTR() -> SMB_VFS_FREMOVEXATTR().
We know this is safe as SMB_VFS_SYS_ACL_DELETE_DEF_FILE() is only
ever called on an fsp->fsp_name.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
4f977b61 by Jeremy Allison at 2021-04-07T16:26:28+00:00
s3: smbd: Change SMB_VFS_REMOVEXATTR -> SMB_VFS_FREMOVEXATTR.
We no longer need pathname based xattr remove.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
14ac9296 by Jeremy Allison at 2021-04-07T16:26:28+00:00
s3: torture: Change cmd_removexattr to use SMB_VFS_FREMOVEXATTR().
The last user of SMB_VFS_REMOVEXATTR() is gone, I can now
remove the internal VFS functions implementing it.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
b2a06e71 by Jeremy Allison at 2021-04-07T16:26:28+00:00
s3: VFS: vxfs: Remove vxfs_remove_xattr() - no longer called.
Also remove supporting function from lib_vxfs.c.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
b0e34a47 by Jeremy Allison at 2021-04-07T16:26:28+00:00
s3: VFS: xattr_tdb: Remove xattr_tdb_removexattr(). No longer called.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
ce9b1698 by Jeremy Allison at 2021-04-07T16:26:28+00:00
s3: VFS: cap: Remove cap_removexattr(). No longer called.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
2e8e6c31 by Jeremy Allison at 2021-04-07T16:26:28+00:00
s3: VFS: catia: Remove catia_removexattr(). No longer called.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
899f520e by Jeremy Allison at 2021-04-07T16:26:28+00:00
s3: VFS: ceph: Remove cephwrap_removexattr(). No longer called.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
469e7dc2 by Jeremy Allison at 2021-04-07T16:26:28+00:00
s3: VFS: ceph_snapshots: Remove ceph_snap_gmt_removexattr(). No longer called.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
699c829b by Jeremy Allison at 2021-04-07T16:26:28+00:00
s3: VFS: full_audit: Remove smb_full_audit_removexattr(). No longer called.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
f227fd22 by Jeremy Allison at 2021-04-07T16:26:28+00:00
s3: VFS: glusterfs: Remove vfs_gluster_removexattr(). No longer called.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
e12449e0 by Jeremy Allison at 2021-04-07T16:26:28+00:00
s3: VFS: media_harmony: Remove mh_removexattr(). No longer called.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
b9a5cd87 by Jeremy Allison at 2021-04-07T16:26:28+00:00
s3: VFS: posix_eadb: Remove posix_eadb_removexattr(). No longer called.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
b88d3473 by Jeremy Allison at 2021-04-07T16:26:28+00:00
s3: VFS: shadow_copy2: Remove shadow_copy2_removexattr(). No longer called.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
a1afcc07 by Jeremy Allison at 2021-04-07T16:26:28+00:00
s3: VFS: snapper: Remove snapper_gmt_removexattr(). No longer called.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
ff9ab093 by Jeremy Allison at 2021-04-07T16:26:28+00:00
s3: VFS: time_audit: Remove smb_time_audit_removexattr(). No longer called.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
721c604d by Jeremy Allison at 2021-04-07T16:26:28+00:00
s3: VFS: unityed_media: Remove um_removexattr(). No longer called.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
38a06183 by Jeremy Allison at 2021-04-07T16:26:28+00:00
VFS: Remove SMB_VFS_REMOVEXATTR, no longer used
---------------
/ \
/ REST \
/ IN \
/ PEACE \
/ \
| |
| SMB_VFS_REMOVEXATTR |
| |
| |
| 22 March |
| 2021 |
| |
| |
*| * * * | *
_________)/\\_//(\/(/\)/\//\/\////|_)_______
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
4a41d970 by Jeremy Allison at 2021-04-07T17:32:07+00:00
Update status of SMB_VFS_REMOVEXATTR
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Wed Apr 7 17:32:07 UTC 2021 on sn-devel-184
- - - - -
5d26aa40 by Anubhav Rakshit at 2021-04-08T16:13:34+00:00
torture: Add couple of compound related test cases to verify that server should return NTSTATUS of the failed Create for succeeding requests.
We already pass samba3.smb2.compound.related5, but mark related4 as knownfail.
Signed-off-by: Anubhav Rakshit <anubhav.rakshit at gmail.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
97fc7395 by Anubhav Rakshit at 2021-04-08T16:13:34+00:00
torture: smbtorture test case to verify Compound related handling
This test case checks what happens when we have an intermediate request
failure and how it impacts rest of the chain.
Signed-off-by: Anubhav Rakshit <anubhav.rakshit at gmail.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
422302ac by Anubhav Rakshit at 2021-04-08T16:13:34+00:00
torture: add smbtorture testcase "related7" for failure in compound related chain
We want to verify what Windows does when the first request of the
chain has failed and an async request is part of the chain. We see
Windows fails the async request with the same error. Also the async
request is immediately failed.
Signed-off-by: Anubhav Rakshit <anubhav.rakshit at gmail.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
7f73cde0 by Ralph Boehme at 2021-04-08T16:13:34+00:00
torture: add smbtorture compound SMB2 requests test "related8"
This verifies that if the initial create fails with
NT_STATUS_OBJECT_NAME_NOT_FOUND, compount related operations fail with the same
error.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
b97b5ca0 by Ralph Boehme at 2021-04-08T16:13:34+00:00
torture: add another smbtorture compound SMB2 requests test "related9"
This test verifies that if a compound related request is not preceeded by a
request that generates or contains a File-ID, the request fails with
NT_STATUS_INVALID_PARAMETER.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
fc6eba61 by Ralph Boehme at 2021-04-08T17:30:50+00:00
smbd: SMB2 Compound related chain handling when generation of FileId has failed
Issue:
We have a scenario where an application sends a Compound Related chain
consisting of:
SMB2_CREATE
SMB2_IOCTL
SMB2_SET_INFO
SMB2_CLOSE
SMB2_CREATE failed with NT_STATUS_ACCESS_DENIED and subsequent
requests all fail. In Samba they return NT_STATUS_FILE_CLOSED.
When I tried the same against a Win2k12 server, I noticed that all the
failed requests of the chain would return NT_STATUS_ACCESS_DENIED.
I believe this behaviour is also mentioned in the [MS-SMB2] Specs
3.3.5.2.7.2: Handling Compounded Related Requests
"When the current operation requires a FileId and the previous
operation either contains or generates a FileId, if the previous
operation fails with an error, the server SHOULD<223> fail the current
operation with the same error code returned by the previous
operation."
Fix:
Save NTATUS of a failed Create request. When we process subsequent
requests of the chain we check if the previous Create has failed. In
case of a Create failure we returned the saved NTSTATUS.
Signed-off-by: Anubhav Rakshit <anubhav.rakshit at gmail.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Apr 8 17:30:50 UTC 2021 on sn-devel-184
- - - - -
8bdd2420 by Noel Power at 2021-04-08T17:38:37+00:00
s3/smbd: VFS Fix incorrect VFS_FIND
smb_vfs_call_fset_dos_attributes is looking for the wrong function
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e2ca529d by Noel Power at 2021-04-08T17:38:37+00:00
s3/smbd: SMB_VFS_SET_DOS_ATTRIBUTES -> SMB_VFS_FSET_DOS_ATTRIBUTES
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
0332ddde by Noel Power at 2021-04-08T18:38:40+00:00
VFS: Remove SMB_VFS_SET_DOS_ATTRIBUTE, no longer used
-------------------
/ \
/ REST \
/ IN \
/ PEACE \
/ \
| |
| SMB_VFS_SET_DOS_ATTRIBUTE |
| |
| |
| 3 March |
| 2021 |
| |
| |
*| * * * * * | *
_________)/\\_//(\/(/\)/\//\/\////\\/|_)_______
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Apr 8 18:38:40 UTC 2021 on sn-devel-184
- - - - -
bdc25673 by Douglas Bagnall at 2021-04-08T21:54:35+00:00
pydns: rename s/CNameRecord/CNAMERecord/ for consistency
Everything else is TXTRecord, SRVRrcord, SOARecord.
Making CNAME the same allows easier lookups.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
16254139 by Douglas Bagnall at 2021-04-08T21:54:35+00:00
py/dnsserver: replace obsolete comments with useful ones
The replaced comment was about a long fixed Python reference counting bug..
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
dbffeeef by Douglas Bagnall at 2021-04-08T21:54:35+00:00
py/provision/sambadns: rename CNameRecord -> CNAMERecord
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
3bb4dbec by Douglas Bagnall at 2021-04-08T21:54:35+00:00
py/provision/sambadns: Add a comment about DNS types
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
bddce1f7 by Douglas Bagnall at 2021-04-08T21:54:35+00:00
py/dnsserver: remove workaround of fixed bug
We used to do something wrong with the refcounts, but we don't anymore,
so we don't need this confusing nonsense.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
d84d10bb by Douglas Bagnall at 2021-04-08T21:54:35+00:00
py/dnsserver: add .from_string() methods
The logic to parse DNS value strings (e.g. "example.com 10" for an MX,
which needs to be split on the space) is repeated at least in
samba-tool dns and tests/dcerpc/dnsserver.py. Here we bring it
together so we can do it once.
The sep= keyword allows callers to separate on all runs of
whitespace (the default, as samba-tool dns does) or, using sep='', to
separate on true spaces only.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
a572a260 by Douglas Bagnall at 2021-04-08T21:54:35+00:00
py/dnsserver: add record_from_string helper function
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
4ce9a0d4 by Douglas Bagnall at 2021-04-08T21:54:35+00:00
py/dnsserver add flag from string function
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
a59dcfcf by Douglas Bagnall at 2021-04-08T21:54:35+00:00
pytest/dcerpcdnsserver: use record_from_string helper
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
579e56bc by Douglas Bagnall at 2021-04-08T21:54:35+00:00
pytest/dcerpc/dnsserver.py: use dnsserver.flag_from_string
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
55c4f75a by Douglas Bagnall at 2021-04-08T21:54:35+00:00
pytests/dns: import dnsserver.TXTRecord directly
Not through samba-tool, which should not be used as a library.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
df60fe15 by Douglas Bagnall at 2021-04-08T21:54:35+00:00
pytests/dns: use dnsserver.record_from_string
not netcmd.dns.data_to_dns_record, which is a UI function.
The only practical difference is it will raise DNSParseError, not CommandError.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
87e71cd6 by Douglas Bagnall at 2021-04-08T21:54:35+00:00
samba-tool dns: use dnsserver.record_from_string
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
99a88cf8 by Douglas Bagnall at 2021-04-08T21:54:35+00:00
samba-tool dns: use dnsserver.flag_from_string()
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
c033fdf5 by Douglas Bagnall at 2021-04-08T23:03:52+00:00
pytests/dns_forwarder: remove unused import
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Douglas Bagnall <dbagnall at samba.org>
Autobuild-Date(master): Thu Apr 8 23:03:52 UTC 2021 on sn-devel-184
- - - - -
d3444531 by Andreas Schneider at 2021-04-09T10:46:28+00:00
s3:auth: Use cli_credentials_init_server()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
eb7bfe2f by Andreas Schneider at 2021-04-09T10:46:28+00:00
s4:ldap_server: Use cli_credentials_init_server()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
fb0dae0e by Andreas Schneider at 2021-04-09T10:46:28+00:00
s4:ntvfs: Use cli_credentials_init_server()
This also removes cifs:domain option for the machine account case.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0ce0570d by Andreas Schneider at 2021-04-09T10:46:28+00:00
s4:ntvfs: Use cli_credentials_init_server()
This also removes cifs:domain option for the machine account case.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4b2e7da3 by Andreas Schneider at 2021-04-09T10:46:28+00:00
s4:rpc_server: Use cli_credentials_init_server()
This also removes dcerpc_remote:domain option for the machine account case.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
048e7716 by Andreas Schneider at 2021-04-09T11:48:00+00:00
s4:torture: Use cli_credentials_init_server()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Fri Apr 9 11:48:00 UTC 2021 on sn-devel-184
- - - - -
1efa9ffd by Samuel Cabrero at 2021-04-09T15:20:02+00:00
s3-iremotewinspool: set the per-request memory context
The iremotewinspool service is not using the pidl autogenerated code.
Set the per-request memory context following the changes made is commit
5a7e9ade9a4cdfa68900c6a64b639f53c0da47ad.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14675
CI: https://gitlab.com/samba-team/samba/-/merge_requests/1890
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Fri Apr 9 15:20:02 UTC 2021 on sn-devel-184
- - - - -
9386e6ef by Jeremy Allison at 2021-04-09T20:48:17+00:00
s3: VFS: streams_xattr: Now we know we will never be doing ACL operations on streams, delete the now unneeded code.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Böhme <slow at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Apr 9 20:48:17 UTC 2021 on sn-devel-184
- - - - -
1a68d34c by Noel Power at 2021-04-11T22:27:34+00:00
VFS: Fix version SMB_VFS_GET_DOS_ATTRIBUTES was removed in
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
f923d1f4 by Ralph Boehme at 2021-04-11T22:27:34+00:00
vfs_default: require fchmod()
This has been part of POSIX for long enough in 2021.
Signed-off-by: Ralph Boehme <slow at samba.org>
- - - - -
6ad10836 by Ralph Boehme at 2021-04-11T22:27:34+00:00
s3/modules: fchmod: fallback to path based chmod if pathref
Signed-off-by: Noel Power <noel.power at suse.com>
Signed-off-by: Ralph Boehme <slow at samba.org>
- - - - -
fcf696bf by Noel Power at 2021-04-11T22:27:34+00:00
VFS: gluster: Allow vfs_gluster_fchmod() to cope with pathref fsps.
Ensure it only uses an io fd for a handle based call.
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
a749da2a by Noel Power at 2021-04-11T22:27:34+00:00
VFS: ceph: Allow cephwrap_fchmod() to cope with pathref fsps.
Ensure it only uses an io fd for a handle based call.
Otherwise fall back to pathname based.
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
74ecb467 by Noel Power at 2021-04-11T22:27:34+00:00
s3/modules: make chmod_acl_module_common less strict so fchmod can run
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
c1e9aea0 by Noel Power at 2021-04-11T22:27:34+00:00
s3/modules: VFS: ceph_snapshots: Add new fchmod_fn implementation
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
f54ec00e by Noel Power at 2021-04-11T22:27:34+00:00
s3/modules: VFS: fruit: Add new fchmod_fn implementation
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
a412b5cc by Noel Power at 2021-04-11T22:27:34+00:00
s3/modules: VFS: shadow_copy2: Add new fchmod_fn implementation
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
7501407f by Noel Power at 2021-04-11T22:27:34+00:00
s3/modules: VFS: snapper: Add new fchmod_fn implementation
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
9722732b by Noel Power at 2021-04-11T22:27:34+00:00
s3/smbd: SMB_VFS_CHMOD -> SMB_VFS_FCHMOD
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
34949219 by Noel Power at 2021-04-11T22:27:34+00:00
s3/smbd: file_set_dosmode SMB_VFS_CHMOD => SMB_VFS_FCHMOD
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
cb571d2b by Noel Power at 2021-04-11T22:27:34+00:00
s3/modules: nfs4acl_xattr_fset_nt_acl VFS_SMB_NEXT_CHMOD => VFS_SMB_NEXT_FCHMOD
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
dda3d953 by Noel Power at 2021-04-11T22:27:34+00:00
s3/modules: linux_xfs_sgid_mkdirat() SMB_VFS_NEXT_FCHMOD => SMB_VFS_NEXT_CHMOD
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
5cad228f by Noel Power at 2021-04-11T22:27:34+00:00
s3/torture: Make cmd_chmod now use SMB_VFS_FCHMOD
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
726160a8 by Noel Power at 2021-04-11T22:27:34+00:00
s3/modules: VFS: acl_tdb: Remove call to chmod_acl_module_common()
Signed-off-by: Noel Power <noel.power at suse.com>
- - - - -
a773d5e3 by Noel Power at 2021-04-11T22:27:34+00:00
s3/modules: VFS: acl_xattr: Remove call to chmod_acl_module_common()
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
d8712364 by Noel Power at 2021-04-11T22:27:34+00:00
s3/modules: VFS: acl_common: Remove chmod_acl_module_common() function
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
f4e1598b by Noel Power at 2021-04-11T22:27:34+00:00
s3/modules: VFS: audit: Remove audit_chmod
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
b1a5c292 by Noel Power at 2021-04-11T22:27:34+00:00
s3/modules: VFS: cap: remove cap_chmod
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
bf90930a by Noel Power at 2021-04-11T22:27:34+00:00
s3/modules: VFS: catia: Remove catia_chmod() function
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
25c53f14 by Noel Power at 2021-04-11T22:27:34+00:00
s3/modules: VFS: ceph: Remove cephwrap_chmod() function
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
27ae0e1e by Noel Power at 2021-04-11T22:27:34+00:00
s3/modules: VFS: cep_snapshots: remove ceph_snap_gmt_chmod() function
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
8f680b45 by Noel Power at 2021-04-11T22:27:34+00:00
s3/modules: VFS: extd_audit: Remove audit_chmod() function
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
87223ed5 by Noel Power at 2021-04-11T22:27:34+00:00
s3/modules: VFS: fake_acls: Remove fake_acls_chmod() function
Also remove fake_acls_sys_acl_set_file() which is no longer called
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
3df8106e by Noel Power at 2021-04-11T22:27:34+00:00
s3/modules: VFS: fruit: Remove fruit_chmod
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
2bcd5b92 by Noel Power at 2021-04-11T22:27:34+00:00
s3/modules: VFS: full_audit: Remove smb_full_audit_chmod() function
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
9cfbd8cb by Noel Power at 2021-04-11T22:27:34+00:00
s3/modules: VFS: Remove vfs_gluster_chmod() function
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
2505719c by Noel Power at 2021-04-11T22:27:34+00:00
s3/modules: VFS: gpfs: Remove vfs_gpfs_chmod() function
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
9999205a by Noel Power at 2021-04-11T22:27:34+00:00
s3/modules: VFS: media_harmony: Remove mh_chmod
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
04d6f4a1 by Noel Power at 2021-04-11T22:27:34+00:00
s3/modules: VFS: shadow_copy2: Remove shadow_copy2_chmod
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
ad45e014 by Noel Power at 2021-04-11T22:27:34+00:00
s3/modules: VFS: snapper: Remove snapper_gmt_chmod
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
ca6764af by Noel Power at 2021-04-11T22:27:34+00:00
s3/modules: VFS: time_audit: Remove smb_time_audit_chmod
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
8b24b864 by Noel Power at 2021-04-11T22:27:34+00:00
s3/modules: VFS: unityed_media: Remove um_chmod function
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
534de9b2 by Noel Power at 2021-04-11T23:25:31+00:00
VFS: Remove SMB_VFS_CHMOD, no longer used
---------------
/ \
/ REST \
/ IN \
/ PEACE \
/ \
| |
| SMB_VFS_CHMOD |
| |
| |
| 08 April |
| 2021 |
| |
| |
*| * * * | *
_________)/\\_//(\/(/\)/\//\/\////|_)_______
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Noel Power <npower at samba.org>
Autobuild-Date(master): Sun Apr 11 23:25:31 UTC 2021 on sn-devel-184
- - - - -
768d48fc by Gary Lockyer at 2021-04-12T00:38:26+00:00
tests python krb5: MS-KILE client principal look-up
Tests of [MS-KILE]: Kerberos Protocol Extensions
section 3.3.5.6.1 Client Principal Lookup
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Isaac Boukris <iboukris at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Mon Apr 12 00:38:26 UTC 2021 on sn-devel-184
- - - - -
e4ad0aa3 by Noel Power at 2021-04-12T11:11:06+00:00
VFS: Update status of SMB_VFS_CHMOD
Missed when SMB_VFS_CHMOD() was removed.
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Noel Power <npower at samba.org>
Autobuild-Date(master): Mon Apr 12 11:11:06 UTC 2021 on sn-devel-184
- - - - -
5b0d3b20 by Philipp Gesang at 2021-04-12T20:07:47+00:00
lib/audit_logging/test: fix typos
Signed-off-by: Philipp Gesang <philipp.gesang at intra2net.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Mon Apr 12 20:07:47 UTC 2021 on sn-devel-184
- - - - -
cef28acb by Stefan Metzmacher at 2021-04-13T08:23:35+00:00
s3:script:tests: create temporary files under $PREFIX/SELFTEST_TMPDIR
Tests should not create files in the build nor the source directory!
They should cope with read only access to them.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
3d618689 by Stefan Metzmacher at 2021-04-13T08:23:35+00:00
python:tests:samba_tool: create temporary files under $SELFTEST_TMPDIR
Tests should not create files in the build nor the source directory!
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
d260d2c5 by Stefan Metzmacher at 2021-04-13T08:23:35+00:00
s4:client:tests: create temporary files under $PREFIX/SELFTEST_TMPDIR
Tests should not create files in the build nor the source directory!
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
467cfaf8 by Stefan Metzmacher at 2021-04-13T08:23:35+00:00
testprogs:blackbox: create temporary files under $PREFIX/SELFTEST_TMPDIR
Tests should not create files in the build nor the source directory!
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
0e7a7440 by Stefan Metzmacher at 2021-04-13T08:23:35+00:00
script/autobuild.py: change the task definitions into an dictionary
The will make it easier to add more meta data properties to task
definitions.
Use 'git show -w' to see the minimal diff.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
2933c027 by Stefan Metzmacher at 2021-04-13T08:23:35+00:00
script/autobuild.py: split out a CLEAN_SOURCE_TREE_CMD
This works for all cases even if the builder runs in a subdirectory.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
ba6f6a3c by Stefan Metzmacher at 2021-04-13T08:23:35+00:00
script/autobuild.py: pass --with-selftest-prefix via make instead of configure
We do start for almost all jobs, just samba-ctdb keeps passing it via
configure in order to have a regression test for it.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
e315ce40 by Stefan Metzmacher at 2021-04-13T08:23:35+00:00
script/autobuild.py: defer cp and git clone
This will make further reconstruction easier.
Use 'git show -w' to see the minimal diff.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
404cd173 by Stefan Metzmacher at 2021-04-13T08:23:35+00:00
script/autobuild.py: store the directory for the running builder in self.builder_dir
For now it keeps being the same as self.test_source_dir, but that will
change soon.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
95849d3d by Stefan Metzmacher at 2021-04-13T08:23:35+00:00
script/autobuild.py: add support for dependencies
This will make it possible to split build and test stages
in the next steps.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
37619d39 by Stefan Metzmacher at 2021-04-13T08:23:35+00:00
script/autobuild.py: split out "samba-{def,mit}-build"
This means we avoid a lot of cpu usage for the build.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
dc162943 by Stefan Metzmacher at 2021-04-13T08:23:35+00:00
.gitlab-ci.yml: print out information of the available cpus
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
4df7f2b6 by Stefan Metzmacher at 2021-04-13T08:23:35+00:00
.gitlab-ci.yml: split out samba-{def,mit}-build into the build_first stage
It's enough to have 2 jobs in build_first, so we can move 'samba-fips'
out of it again.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
101237b4 by Stefan Metzmacher at 2021-04-13T08:23:35+00:00
.gitlab-ci.yml: specify explicit job timeouts
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
e466bac9 by Stefan Metzmacher at 2021-04-13T08:23:35+00:00
.gitlab-ci.yml: be more resilient to intrastructure failures
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
307edf82 by Stefan Metzmacher at 2021-04-13T08:23:35+00:00
script/autobuild.py: split out samba-{nt4,h5l,no-opath}-build
These will be used to move the build stages from private gitlab runner
jobs to shared runners.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
2e8b58bc by Stefan Metzmacher at 2021-04-13T08:23:35+00:00
.gitlab-ci.yml: let private runners also make use of pre-builds
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
c2a725b2 by Stefan Metzmacher at 2021-04-13T08:23:35+00:00
script/autobuild.py: move ad_dc_backup to samba-ad-dc-6
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
63853b82 by Stefan Metzmacher at 2021-04-13T08:23:35+00:00
script/autobuild.py: split samba-ad-dc-backup into samba-ad-back{1,2}
This will make it possible to run them in parallel (hopefully on shared
gitlab runners).
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
a786ff99 by Stefan Metzmacher at 2021-04-13T08:23:35+00:00
.gitlab-ci.yml: move samba-ad-back{1,2} and samba-schemaupgrade to shared runners
This seems to work quite reliable now.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
c378d4dd by Stefan Metzmacher at 2021-04-13T08:23:35+00:00
.gitlab-ci.yml: move the content to .gitlab-ci-main.yml
We introduce an indirection from
gitlab-ci.yml via .gitlab-ci-default.yml to .gitlab-ci-main.yml
We do that in order to introduce a .gitlab-ci-coverage.yml later
as that will have to use different settings in future.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
23a54f47 by Stefan Metzmacher at 2021-04-13T08:23:35+00:00
.gitlab-ci-main.yml: build coverity using --with-cluster-support
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
a0a1988a by Stefan Metzmacher at 2021-04-13T08:23:35+00:00
bootstrap/.gitlab-ci.yml: make sure we force gitlab.com runners for now
We've just added our own runners with 'docker' and 'gce'.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
6999e080 by Stefan Metzmacher at 2021-04-13T08:23:35+00:00
.gitlab-ci*.yml: only use gitlab.org shared runners if possible
We no longer fallback to our private runner, lets see how that works
out...
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
45522798 by Stefan Metzmacher at 2021-04-13T08:23:35+00:00
.gitlab-ci-main.yml: specify the image only by SAMBA_CI_JOB_IMAGE
That way we can construct the url just in one place,
we can also add SAMBA_CI_JOB_IMAGE to the ccache identifier.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
31898072 by Stefan Metzmacher at 2021-04-13T08:23:35+00:00
script/autobuild.py: skip lcov step for samba-fips
This doesn't really work and only generates an empty samba-fips.info
file.
Someone familiar with gcov/lcov should look at this and fix it.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
95a9c3b2 by Stefan Metzmacher at 2021-04-13T08:23:35+00:00
script/autobuild.py: split samba-no-opath into two tests
This was is basically a combination of 'samba-nt4' and
'samba-fileserver'.
As a single job it used more than 1h only for testing,
while the samba-no-nopath-build uses ~ 10mins (with a filled ccache).
Now we have two test jobs with ~ 30mins.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
6f5546ae by Stefan Metzmacher at 2021-04-13T08:23:35+00:00
script/autobuild.py: split samba-nopython out of samba-minimal-smbd again
This was using more than 1h as a single job.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
7387da74 by Stefan Metzmacher at 2021-04-13T08:23:35+00:00
script/autobuild.py: split samba-ad-dc-4* tests into two
As single job they used more than 1h.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
d5759794 by Stefan Metzmacher at 2021-04-13T09:33:14+00:00
add .gitlab-ci-coverage.yml for a scheduled build
This will be used by the https://gitlab.com/samba-team/samba
configuration, while https://gitlab.com/samba-team/devel/samba
will still use .gitlab-ci.yml (via the legacy .gitlab-ci-private.yml).
The key point is the usage of the more powerful n1-standard-2
runners for testing.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Tue Apr 13 09:33:14 UTC 2021 on sn-devel-184
- - - - -
bfb9cd8b by Andreas Schneider at 2021-04-13T19:17:56+00:00
waf: Check correctly if gnutls has been compiled with fips mode support
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Tue Apr 13 19:17:56 UTC 2021 on sn-devel-184
- - - - -
75957313 by Volker Lendecke at 2021-04-16T09:38:35+00:00
auth4: Make auth_anonymous pseudo-async
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
43a1e428 by Volker Lendecke at 2021-04-16T09:38:35+00:00
auth4: Make auth_developer pseudo-async
This is a simpler approach to really just wrap the code.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a6f42ab8 by Volker Lendecke at 2021-04-16T09:38:35+00:00
auth4: Make auth_unix pseudo-async
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f852fb4c by Volker Lendecke at 2021-04-16T09:38:35+00:00
auth4: Make auth_sam pseudo-async
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
254af19b by Volker Lendecke at 2021-04-16T09:38:35+00:00
auth4: Remove sync check_password from auth_operations
Remove complexity in the data structures, and pushes the async-ness
one level down.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8ff6ad74 by Philipp Gesang at 2021-04-16T09:38:35+00:00
lib/util: fix timespec normalization
When fixing up timespec structs, negative values for the ns part
should be taken into account. Also, the range for a valid ns part
is [0, 1000000000), not [0, 1000000000].
Signed-off-by: Philipp Gesang <philipp.gesang at intra2net.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8e3b369c by Philipp Gesang at 2021-04-16T10:27:41+00:00
allow tests to be run against a PAM-less build
Indexing the config hash table fails for PAM related values:
Traceback (most recent call last):
File "/src/samba/samba/selftest/tests.py", line 49, in <module>
pam_set_items_so_path = config_hash["PAM_SET_ITEMS_SO_PATH"]
KeyError: 'PAM_SET_ITEMS_SO_PATH'
Error creating recipe from python3 /src/samba/samba/selftest/tests.py| at /src/samba/samba/selftest/selftest.pl line 645.
which prevents the test suite from running when built
--without-pam. Access those values using the get() method
instead.
Signed-off-by: Philipp Gesang <philipp.gesang at intra2net.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Fri Apr 16 10:27:41 UTC 2021 on sn-devel-184
- - - - -
fbf95a64 by Andrew Bartlett at 2021-04-19T07:07:01+00:00
auth4: Remove unused auth_unix
auth_unix was in the source4/auth/ntlm for two reasons:
- inherited from earlier Samba before the Samba4 fork
- To support the ejs-backed SWAT (web administration tool)
Neither of these are good reasons to keep this unused code
around, there is very unlikely to be a need to support
plaintext PAM authentication in this part of the code in the
future.
See b16362fab65d0700bd6a8cf6569a9e21c7e6b069 for some
context on the historical use case.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Mon Apr 19 07:07:01 UTC 2021 on sn-devel-184
- - - - -
564e0660 by Samuel Cabrero at 2021-04-19T12:28:30+00:00
s3: VFS: default: ntimes profile not ended when times not changed
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
4cc06106 by Samuel Cabrero at 2021-04-19T12:28:30+00:00
build: Do not check for unused functions futimes() and futimens()
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
ee3ea1bc by Samuel Cabrero at 2021-04-19T12:28:30+00:00
VFS: Add SMB_VFS_FNTIMES
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
c7712ec0 by Samuel Cabrero at 2021-04-19T12:28:30+00:00
s3: VFS: catia: Implement SMB_VFS_FNTIMES()
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
f07f3a5c by Samuel Cabrero at 2021-04-19T12:28:30+00:00
s3: VFS: ceph: Implement SMB_VFS_FNTIMES()
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
31091cc5 by Samuel Cabrero at 2021-04-19T12:28:30+00:00
s3: VFS: ceph_snapshots: Implement SMB_VFS_FNTIMES()
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
5e0def5e by Samuel Cabrero at 2021-04-19T12:28:30+00:00
s3: VFS: delay_inject: Implement SMB_VFS_FNTIMES()
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
5d84ad71 by Samuel Cabrero at 2021-04-19T12:28:30+00:00
s3: VFS: fruit: Implement SMB_VFS_FNTIMES()
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
7125279a by Samuel Cabrero at 2021-04-19T12:28:30+00:00
s3: VFS: glusterfs: Implement SMB_VFS_FNTIMES()
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
28174fc1 by Samuel Cabrero at 2021-04-19T12:28:30+00:00
gpfswrap: Add wrapper for gpfs_set_times()
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
02d624c4 by Samuel Cabrero at 2021-04-19T12:28:30+00:00
s3: VFS: gpfs: Implement SMB_VFS_FNTIMES()
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
6d9fc8de by Samuel Cabrero at 2021-04-19T12:28:30+00:00
s3: VFS: shadow_copy2: Implement VFS_SMB_FNTIMES()
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
c942e2bd by Samuel Cabrero at 2021-04-19T12:28:30+00:00
s3: VFS: snapper: Implement SMB_VFS_FNTIMES()
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
ed287c35 by Samuel Cabrero at 2021-04-19T12:28:30+00:00
s3: smbd: Use new debug macros
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
bccbc5bb by Samuel Cabrero at 2021-04-19T12:28:30+00:00
s3: smbd: Update file times right before closing the underlying fd
Next commits will update file_ntimes() to use handle-based SMB_VFS_FNTIMES().
Move the update_write_time_on_close() call immediately before closing the fd.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
11969032 by Samuel Cabrero at 2021-04-19T12:28:30+00:00
s3: smbd: Pass full fsp to file_ntimes()
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
0a13237d by Samuel Cabrero at 2021-04-19T12:28:30+00:00
s3: smbd: Use SMB_VFS_FNTIMES() instead of SMB_VFS_NTIMES()
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
1e677da5 by Samuel Cabrero at 2021-04-19T12:28:30+00:00
s3: VFS: recycle: set the recycled file times using SMB_VFS_FNTIMES()
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
ae904439 by Samuel Cabrero at 2021-04-19T12:28:30+00:00
s3: torture: Change cmd_utime to use SMB_VFS_FNTIMES()
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
17a7f2ca by Samuel Cabrero at 2021-04-19T12:28:30+00:00
s3: VFS: cap: Remove SMB_VFS_NTIMES()
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
2e3608b0 by Samuel Cabrero at 2021-04-19T12:28:30+00:00
s3: VFS: catia: Remove SMB_VFS_NTIMES()
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
0456cad1 by Samuel Cabrero at 2021-04-19T12:28:30+00:00
s3: VFS: ceph: Remove SMB_VFS_NTIMES()
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
248151ba by Samuel Cabrero at 2021-04-19T12:28:30+00:00
s3: VFS: ceph_snapshots: Remove SMB_VFS_NTIMES()
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
059b565a by Samuel Cabrero at 2021-04-19T12:28:30+00:00
s3: VFS: delay_inject: Remove SMB_VFS_NTIMES()
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
23c27b7f by Samuel Cabrero at 2021-04-19T12:28:30+00:00
s3: VFS: fruit: Remove SMB_VFS_NTIMES()
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
7c70be05 by Samuel Cabrero at 2021-04-19T12:28:30+00:00
s3: VFS: full_audit: Remove SMB_VFS_NTIMES()
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
bd01e5a4 by Samuel Cabrero at 2021-04-19T12:28:30+00:00
s3: VFS: glusterfs: Remove SMB_VFS_NTIMES()
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
fad792aa by Samuel Cabrero at 2021-04-19T12:28:30+00:00
s3: VFS: gpfs: Remove SMB_VFS_NTIMES()
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
bc4bef5e by Samuel Cabrero at 2021-04-19T12:28:30+00:00
gpfswrap: Remove wrapper for gpfs_set_times_path()
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
bec491dd by Samuel Cabrero at 2021-04-19T12:28:30+00:00
s3: VFS: media_harmony: Remove SMB_VFS_NTIMES()
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
0b9ead07 by Samuel Cabrero at 2021-04-19T12:28:30+00:00
s3: VFS: not_implemented: Remove SMB_VFS_NTIMES()
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
395c3922 by Samuel Cabrero at 2021-04-19T12:28:30+00:00
s3: VFS: shadow_copy2: Remove SMB_VFS_NTIMES()
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
f2d1eb38 by Samuel Cabrero at 2021-04-19T12:28:30+00:00
s3: VFS: snapper: Remove SMB_VFS_NTIMES()
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
b60693cb by Samuel Cabrero at 2021-04-19T12:28:30+00:00
s3: VFS: time_audit: Remove SMB_VFS_NTIMES()
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
adb952f0 by Samuel Cabrero at 2021-04-19T12:28:30+00:00
s3: VFS: unityed_media: Remove SMB_VFS_NTIMES()
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
34f5594f by Samuel Cabrero at 2021-04-19T12:28:30+00:00
s3: VFS: default: Remove SMB_VFS_NTIMES()
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
aa2ab7fe by Samuel Cabrero at 2021-04-19T13:19:35+00:00
s3: VFS: Remove SMB_VFS_NTIMES(), no longer used
---------------
/ \
/ REST \
/ IN \
/ PEACE \
/ \
| |
| SMB_VFS_NTIMES |
| |
| |
| 13 April |
| 2021 |
| |
| |
*| * * * | *
_________)/\\_//(\/(/\)/\//\/\////|_)_______
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Samuel Cabrero <scabrero at samba.org>
Autobuild-Date(master): Mon Apr 19 13:19:35 UTC 2021 on sn-devel-184
- - - - -
cc4e6a90 by Andreas Schneider at 2021-04-19T14:37:04+00:00
s3:script: Remove findsmb from default installation
This tool is the only client tool which requires perl. Distributions are
removing perl from the default installation now.
Also this is a wrapper around nmblookup which is obsolete in the AD
world. However it might still be used by someone so move it just to
examples/scripts/nmb/
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Mon Apr 19 14:37:04 UTC 2021 on sn-devel-184
- - - - -
a5daae9a by Volker Lendecke at 2021-04-19T18:18:31+00:00
lib: Fix includes in strv.h
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
8cdc0900 by Volker Lendecke at 2021-04-19T18:18:31+00:00
lib: Fix includes in util_tdb.h
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
60602dda by Volker Lendecke at 2021-04-19T18:18:31+00:00
lib: Fix nonempty line endings
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
047e9a0c by Volker Lendecke at 2021-04-19T18:18:31+00:00
lib: Remove unused tdb_traverse_delete_fn()
We have tdb_wipe_all() for that now.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
7f0a8799 by Volker Lendecke at 2021-04-19T18:18:31+00:00
lib: Simplify tdb_fetch_uint32_t()
With tdb_parse_record() we don't need malloc/SAFE_FREE
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
604c1645 by Volker Lendecke at 2021-04-19T18:18:31+00:00
lib: Simplify tdb_fetch_int32()
With tdb_parse_record we don't need malloc/SAFE_FREE.
The semantics are a bit different from tdb_parse_uint32: We just return
-1 on error, but this could be overloaded with a valid -1 record value.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
43dcca63 by Volker Lendecke at 2021-04-19T18:18:31+00:00
printing: Make winreg_get_printer() a bit easier to read
EMPTY_STRING does not gain clarity over "" for me.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ea47224f by Volker Lendecke at 2021-04-19T18:18:31+00:00
printing: Make winreg_get_printer() a bit easier to understand
This is more lines, but the FILL_STRING macro did not really gain much
in clarity for me.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c61316c9 by Volker Lendecke at 2021-04-19T18:18:31+00:00
printing: Straighten winreg_get_printer() slightly
Use the common done: exit for everything. This involves initializing
the handles on the stack, but this is good practice anyway.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ca078a71 by Volker Lendecke at 2021-04-19T18:18:31+00:00
printing: talloc_stackframe() aborts on failure
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
3a5c2582 by Volker Lendecke at 2021-04-19T18:18:31+00:00
rpc_client: Direct struct initialization in dcerpc_winreg_enumvals()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
11111835 by Volker Lendecke at 2021-04-19T18:18:31+00:00
rpc_client: talloc_stackframe() aborts on failure
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
bf87771f by Volker Lendecke at 2021-04-19T18:18:31+00:00
registry: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c0edfd91 by Volker Lendecke at 2021-04-19T18:18:31+00:00
winbindd: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
999a412d by Volker Lendecke at 2021-04-19T18:18:31+00:00
auth3: Use talloc_move() instead of talloc_steal()
More recent coding style, avoid ambiguities about ownership
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
58645666 by Volker Lendecke at 2021-04-19T18:18:31+00:00
auth3: Fix a error path memleak
(find the missing TALLOC_FREE() in the - part of the patch...)
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
17ba76b9 by Volker Lendecke at 2021-04-19T18:18:31+00:00
lib: Replace a call to TALLOC_ZERO()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d3074426 by Volker Lendecke at 2021-04-19T18:18:31+00:00
vfs: Replace a call to TALLOC_ZERO()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
529c5cb5 by Volker Lendecke at 2021-04-19T18:18:31+00:00
vfs: Remove a call to TALLOC_ZERO()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
44f6258a by Volker Lendecke at 2021-04-19T18:18:31+00:00
lib: Remove two unused historic macros
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
8536bf7f by Volker Lendecke at 2021-04-19T18:18:31+00:00
auth: Simplify DEBUG statements in make_auth3_context_for_ntlm()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
218adb74 by Volker Lendecke at 2021-04-19T18:18:31+00:00
smbd: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
062a0c14 by Volker Lendecke at 2021-04-19T18:18:31+00:00
auth3: Simplify check_samba4_security()
First set up "server_info" in a local variable and once it's fully set
up, assign it to the out parameter "pserver_info".
Pointer dereferencing obfuscates the code for me.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
12b52322 by Volker Lendecke at 2021-04-19T18:18:31+00:00
auth3: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
42906e97 by Volker Lendecke at 2021-04-19T18:18:31+00:00
auth3: Fix a few error path memleaks in create_local_token()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1a696c9a by Volker Lendecke at 2021-04-19T18:18:31+00:00
create_local_token: Add error checks
add_sid_to_array_unique() only fails for ENOMEM, and other parts of
the auth stack would probably crash under ENOMEM anyway. But this is
authorization-related code that should be as clean as possible.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
8b6c6fd1 by Volker Lendecke at 2021-04-19T18:18:31+00:00
auth3: Remove auth_skel.c
Authentication is a very complex topic, and someone who is able to
write a custom auth module turning a struct auth_usersupplied_info
into a struct auth_serversupplied_info should be able to live without
this skeleton module.
This module also gave an example to load a secondary authentication
module via a module parameter (the call to load_module()). We have
abandoned this practice, and since the "auth methods" parameter has
gone we don't use this anymore internally.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d1454535 by Volker Lendecke at 2021-04-19T18:18:31+00:00
auth3: Make load_auth_module() static
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a20c4b18 by Volker Lendecke at 2021-04-19T18:18:32+00:00
dsdb: Slightly tune get_new_descriptor()
DBG_DEBUG only calls its arguments if required according to the debug
level. A simple talloc_new/TALLOC_FREE in the normal case should be
much cheaper than the full sddl_encode().
I just stumbled across this code, this is has not shown up in any
profiles. I just think it's cleaner this way.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1f4f6a43 by Volker Lendecke at 2021-04-19T18:18:32+00:00
auth3: Remove unnecessary talloc_unlink() calls
The structures we unlinked have been talloc_reference()ed in gensec
and thus don't need the second talloc parent anymore. But this
talloc_unlink isn't necessary because tmp_ctx is free()ed a few lines
down.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
015cfe2e by Volker Lendecke at 2021-04-19T18:18:32+00:00
auth3: Add an error check to auth_generic_prepare()
gensec_set_credentials() can fail
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
dab8e9eb by Volker Lendecke at 2021-04-19T18:18:32+00:00
libcli: Simplify sddl_encode_ace()
Use GUID_buf_string() instead of GUID_string() for encoding objects,
no need to check for NULL anymore.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ebea5639 by Volker Lendecke at 2021-04-19T18:18:32+00:00
py_security: Avoid casts in py_random_sid()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d298623c by Volker Lendecke at 2021-04-19T18:18:32+00:00
librpc: Use GUID_buf_string() in python wrappers
No need for the talloc'ed strings
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
439b7ccd by Volker Lendecke at 2021-04-19T18:18:32+00:00
librpc: Add py_descriptor_richcmp() equality function
Only a python3 version. Do we still need the python2 flavor?
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
0f986790 by Volker Lendecke at 2021-04-19T18:18:32+00:00
torture: Move sddl tests to python
This kind of test is better hosted in python than in C. More lines,
but the ones in source4/libcli/security/tests/sddl.c were preeetty
long...
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
bd0f6671 by Volker Lendecke at 2021-04-19T18:18:32+00:00
auth3: Make auth3_session_info_create() static
Only used in the static artifical session creation
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
62782a14 by Volker Lendecke at 2021-04-19T19:07:01+00:00
lib: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon Apr 19 19:07:01 UTC 2021 on sn-devel-184
- - - - -
667fd04c by pavel.filipensky at 2021-04-20T06:42:50+00:00
s3:passdb: Fix 'return 1' in secrets_store_creds()
The recently introduced function secrets_store_creds() should always
use 'return false' in case of a failure. It is not only spelling issue
since 'return 1' actually means 'return true'.
Signed-off-by: Pavel Filipensky <pavel.filipensky at gmail.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Tue Apr 20 06:42:50 UTC 2021 on sn-devel-184
- - - - -
25a2b732 by David Mulder at 2021-04-20T07:39:37+00:00
gpo: Open ssh config to write bytes
Reopening the existing config file fails because
we fail to open to write bytes.
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
249565c6 by Jeremy Allison at 2021-04-20T07:39:37+00:00
s3: torture: Add samba3.smbtorture_s3.plain.POSIX-SYMLINK-CHMOD
Shows we must protect against a null fsp handle when doing POSIX chmod on a symlink,
whether the symlink points to a real object or is dangling.
Add to knownfail for now. Commit 9722732b1867e359304594ada72ff40cd1341be5
removed the fsp == NULL protection for POSIX, and we need to put it back.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
5c3470c0 by Jeremy Allison at 2021-04-20T08:23:42+00:00
s3: smbd: Prevent fchmod on a symlink.
Remove selftest/knownfail.d/symlink_chmod.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Tue Apr 20 08:23:42 UTC 2021 on sn-devel-184
- - - - -
6f451e24 by Stefan Metzmacher at 2021-04-20T11:42:37+00:00
heimdal_build: use TO_LIST from wafsamba.samba_utils
Signed-off-by: Stefan Metzmacher <metze at samba.org>
[abartlet at samba.org: adapted from patch in Metze's
wip.git/master-heimdal to current master
without the other patches]
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
01dac7b9 by Andrew Bartlett at 2021-04-20T11:42:37+00:00
heimdal_build: Do not use LMDB in Heimdal even if we have it in Samba
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
4367eeb7 by Andrew Bartlett at 2021-04-20T11:42:37+00:00
selftest: Improve test names in kinit test for improved debugging
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
52950460 by Stefan Metzmacher at 2021-04-20T11:42:37+00:00
wafsamba: let 'use_hostcc=True' result in -D_SAMBA_HOSTCC_
That's easier for the callers.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
5172e1b0 by Stefan Metzmacher at 2021-04-20T11:42:37+00:00
lib/replace: don't set -D_SAMBA_HOSTCC_ explicitly
use_hostcc=True already triggers this.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
c5047548 by Stefan Metzmacher at 2021-04-20T11:42:37+00:00
heimdal_build: avoid cflags='-DSOCKET_WRAPPER_DISABLE=1 -D_SAMBA_HOSTCC_'
SOCKET_WRAPPER_DISABLE is unused for a long time already
and _SAMBA_HOSTCC_ is implied by use_hostcc=True now.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
[abartlet at samba.org: Adapted to current master from Metze's wip.git/master/heimdal
branch]
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
05a1ca2f by Joseph Sutton at 2021-04-20T11:42:37+00:00
util: Ensure debugger can be attached to process
samba_start_debugger() attempts to start a debugger attached to the
calling process by calling system() to start a background process.
However, if the spawned shell exits before the debugger has had a chance
to attach, the debugger process will no longer be a child of the parent
process (as it will have been reparented).
If the system does not allow tracing by non-child processes, attachment
may fail as a result.
This commit replaces the system() call and the implicit shell around
xterm with an explicit fork()/exec() so that the debugger remains a
child of the calling process, ensuring the attachment succeeds unless
tracing is disabled completely.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlet <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
416c9bbc by Joseph Sutton at 2021-04-20T12:33:40+00:00
util: Ensure debugger is not started until it is allowed to attach
Use a pipe to ensure that the debugger is not started until after the
prctl() call allowing it to attach to the parent, avoiding a potential
race condition.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Tue Apr 20 12:33:40 UTC 2021 on sn-devel-184
- - - - -
e0303556 by Volker Lendecke at 2021-04-20T23:19:28+00:00
libcli: Factor out sddl_map_flag()
We have to look at more than one map, "FRSD" is not correctly handled
right now for example. This factors out walking a map to make walking
multiple maps easier.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
b113a3bb by Volker Lendecke at 2021-04-20T23:19:28+00:00
torture: Show sddl_decode() failure for "GWFX" access mask
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
58c6c031 by Volker Lendecke at 2021-04-21T00:04:36+00:00
libcli: Fix parsing access flags from multiple tables
We have to look at all available mappings for parsing sddl for each
special flag set. "GW" and "FX" come from two different tables, but
the previous code settled on one table and then expected both "GW" and
"FX" to come from that same table. Change the code to look at all
tables per special flag set.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Apr 21 00:04:36 UTC 2021 on sn-devel-184
- - - - -
0d30d74e by Andrew Bartlett at 2021-04-21T09:15:35+00:00
debug: Synchronise "log level" in smb.conf with the code
This is done by pasting in the contents of default_classname_table[]
in lib/util/debug.c into
cut -f 2 -d \"| xargs -i sh -c 'echo "\t<listitem><para><parameter moreinfo=\"none\">{}</parameter></para></listitem>"'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14689
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
2e533664 by Andrew Bartlett at 2021-04-21T09:15:35+00:00
docs: Add missing documentation on dsdb_group_audit and dsdb_group_audit_json
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14689
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
a778a3a6 by Andrew Bartlett at 2021-04-21T09:15:35+00:00
docs: Add proper explination on why transactions need to be audited.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14689
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
364b8be9 by Andrew Bartlett at 2021-04-21T09:15:35+00:00
docs: Further discourage the use of the "event notification" options
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14689
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
d03e7ffc by Andrew Bartlett at 2021-04-21T09:15:35+00:00
docs: underline special words in the audit logging part of "log level" in man smb.conf
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14689
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
38fe888f by Andrew Bartlett at 2021-04-21T09:15:35+00:00
docs: Expand the "log level" docs on audit logging
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14689
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
0f29b8c2 by Douglas Bagnall at 2021-04-21T10:04:14+00:00
samba-tool: add dns zoneoptions for aging control
This adds a subcommand for altering zone parameters.
At the moment the only options are related to record aging (a.k.a
scavenging). The code is structured to make it easy to add more
integer or boolean options, but it is not clear that this would be
useful; many other parameters are not used or would only have
deleterious effects.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed Apr 21 10:04:14 UTC 2021 on sn-devel-184
- - - - -
bbfdd632 by David Mulder at 2021-04-21T20:51:31+00:00
s3: Add s3 net python bindings
This adds python bindings for the s3 net ads
join and leave commands.
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e5a32d4a by David Mulder at 2021-04-21T20:51:31+00:00
python: Test s3 net join and leave
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d01a588c by David Mulder at 2021-04-21T20:51:31+00:00
python: glue function for detecting if selftest is enabled
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
34a6575a by David Mulder at 2021-04-21T21:40:13+00:00
samba-tool: Use s3 net join for member join
The s4 member join code has been broken for some
time. Modify samba-tool to instead use the
working s3 member join code.
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): David Mulder <dmulder at samba.org>
Autobuild-Date(master): Wed Apr 21 21:40:13 UTC 2021 on sn-devel-184
- - - - -
e1a321e8 by Andreas Schneider at 2021-04-22T17:57:30+00:00
lib:texpect: Do not link against nsl
I do not see what would use that in texpect.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
620de975 by Andreas Schneider at 2021-04-22T17:57:30+00:00
lib:util: Remove NIS support from string_match()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
622e84cf by Andreas Schneider at 2021-04-22T17:57:30+00:00
s3:lib: Remove NIS support from substitute
%N is often used to get the netbios name (local machine name). So we
need to keep it.
This is covered by samba.tests.s3passdb.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
edda7a32 by Andreas Schneider at 2021-04-22T17:57:30+00:00
s3:smbd: Remove NIS support
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
29229021 by Andreas Schneider at 2021-04-22T17:57:30+00:00
lib:replace: Remove NIS support
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a72bc3e1 by Andreas Schneider at 2021-04-22T17:57:30+00:00
docs-xml: Update documentation for removal of NIS support
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
993ae77f by Gordon Ross at 2021-04-22T18:48:30+00:00
Fix sigsegv in check_stream in smbtorture smb2.streams.io
torture_comment calls need a struct torture_context arg,
not its mem_ctx child. Use talloc_parent(). Also
need to call torture_result somewhere on failure.
Signed-off-by: Gordon Ross <gordon.ross at tintri.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: David Mulder <dmulder at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Apr 22 18:48:30 UTC 2021 on sn-devel-184
- - - - -
84cf5c15 by Gary Lockyer at 2021-04-23T07:35:32+00:00
lib:ldb: Use a 1MiB lmdb so the test also passes on aarch64 CentOS stream
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
17294c6b by Andreas Schneider at 2021-04-23T08:26:00+00:00
lib:ldb: Change page size of guidindexpackv1.ldb
As this is a TDB file, the file has been backed up using tdbbackup to
get a different page size. This fixes running the repack.py test on
aarch64.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Fri Apr 23 08:26:00 UTC 2021 on sn-devel-184
- - - - -
2e973ea5 by Andreas Schneider at 2021-04-25T21:17:31+00:00
lib:replace: Fix resource leak in os2_delete test
Found by covscan
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
dca03ffa by Andreas Schneider at 2021-04-25T21:17:31+00:00
lib:replace: Fix a memleak in test_strdup()
Found by covscan
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
68cb9a0e by Andreas Schneider at 2021-04-25T21:17:31+00:00
lib:replace: Fix a memleak in test_strndup()
Found by covscan
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a9ad677e by Andreas Schneider at 2021-04-25T21:17:31+00:00
lib:replace: Fix memory leak in test_asprintf()
Found by covscan
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
16d1abb6 by Andreas Schneider at 2021-04-25T22:02:19+00:00
lib:replace: Fix possible resource leaks in test_closefrom()
Found by covscan
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Sun Apr 25 22:02:20 UTC 2021 on sn-devel-184
- - - - -
6fcde09f by Björn Baumbach at 2021-04-26T12:32:35+00:00
pyldb: fix a typo
Signed-off-by: Björn Baumbach <bb at sernet.de>
Reviewed-by: Rowland penny <rpenny at samba.org>
- - - - -
86f2b8da by Björn Baumbach at 2021-04-26T12:32:35+00:00
test samba-tool group listmembers: test listing contacts as group members
Make sure that contacts are listed as group members, even if the
--hide-expired option is used.
Expect failure. Fix follows up.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14692
Signed-off-by: Björn Baumbach <bb at sernet.de>
Reviewed-by: Rowland penny <rpenny at samba.org>
- - - - -
2e2426e5 by Björn Baumbach at 2021-04-26T13:21:43+00:00
samba-tool group listmembers: always list objects which can not expire
Otherwise for example contacts wouldn't be listed when the
--hide-expired option is used. Contacts typically do not have the
accountExpires attribute.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14692
Signed-off-by: Björn Baumbach <bb at sernet.de>
Reviewed-by: Rowland penny <rpenny at samba.org>
Autobuild-User(master): Björn Baumbach <bb at sernet.de>
Autobuild-Date(master): Mon Apr 26 13:21:43 UTC 2021 on sn-devel-184
- - - - -
3ba5ed73 by Volker Lendecke at 2021-04-27T13:24:35+00:00
printing: Remove the pause_pipe[] from queue_process.c
Since c80f70390c37 we don't need this explicit pipe anymore.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
7997a090 by Volker Lendecke at 2021-04-27T13:24:35+00:00
printing: Remove dead code
This was already covered a few lines above.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
ce97c671 by Volker Lendecke at 2021-04-27T13:24:35+00:00
printing: Reduce indentation in start_background_queue()
We don't need the "if(pid==0)" here, we've covered "if(pid!=0)" a few
lines above.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
8d2eb62a by Volker Lendecke at 2021-04-27T13:24:35+00:00
printing: Avoid zombies in the background daemon
Whatever you read about waitpid() tells you should should run it in a
loop.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
8728bf91 by Volker Lendecke at 2021-04-27T13:24:35+00:00
smbd: Replace call to close_low_fds() with direct calls
Check the errors from close_low_fd(). Also, close_low_fds() does not
really add a lot of value, for example there's no caller that closes
stderr.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
00b57391 by Volker Lendecke at 2021-04-27T13:24:35+00:00
lib: Directly call close_low_fd() in become_daemon()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
349bd015 by Volker Lendecke at 2021-04-27T13:24:35+00:00
lib: Remove close_low_fds()
There were only two callers, it did not do proper error handling, and
it was confusing to call.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
ad7628b2 by Volker Lendecke at 2021-04-27T13:24:35+00:00
gensec: Slightly simplify gensec_generate_session_info_pac()
Reduce indentation by an early error return and by introducing a
helper variable.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
cdd9d423 by Volker Lendecke at 2021-04-27T13:24:35+00:00
auth3: Apply some const to auth3_context_set_challenge()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
b150982d by Volker Lendecke at 2021-04-27T13:24:35+00:00
auth3: Use auth3_context_set_challenge() in auth3_set_challenge()
Don't duplicate what's already there.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
ee431a29 by Volker Lendecke at 2021-04-27T13:24:35+00:00
auth3: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
4e034e8f by Volker Lendecke at 2021-04-27T13:24:35+00:00
auth3: if (ret==False) just looks weird
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
a01f680e by Volker Lendecke at 2021-04-27T13:24:35+00:00
passdb: Add error checks in samu_set_unix_internal()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
117f0015 by Volker Lendecke at 2021-04-27T13:24:35+00:00
auth: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
c9508b97 by Volker Lendecke at 2021-04-27T14:14:22+00:00
auth3: talloc_strackframe() panics on failure
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Tue Apr 27 14:14:22 UTC 2021 on sn-devel-184
- - - - -
ca6a8037 by Andreas Schneider at 2021-04-27T17:51:36+00:00
lib:replace: Fix a posible double free
CID 1477397
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Apr 27 17:51:36 UTC 2021 on sn-devel-184
- - - - -
b5984c3d by Andrew Bartlett at 2021-04-28T03:43:34+00:00
.gitlab-ci.yml and autobuild: Publish the current HTML docs with the code coverage
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
225fefe6 by Andrew Bartlett at 2021-04-28T03:43:34+00:00
torture: Avoid -Werror=strict-overflow in -O3 coverage build
The test_getinfo() function only needs to return if this happens
not how many times.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
190e15df by Andrew Bartlett at 2021-04-28T03:43:34+00:00
tests: Fix "-Werror=maybe-uninitialized" errors only seen with -O3 and --enable-coverage
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
742ae617 by Andrew Bartlett at 2021-04-28T03:43:34+00:00
s3-modules: Fix "-Werror=maybe-uninitialized" errors only seen with -O3 and --enable-coverage
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
836ad937 by Andrew Bartlett at 2021-04-28T03:43:34+00:00
.gitlab-ci.yml: Return code coverage reporting for "none" tasks
This was lost early on with 54f26cfcf2587a2b1d97f466a886fa89a116eea1
which did not take into account code coverage, which stopped running
for these tasks very early on with
71595201bea9b3fa28357065fa137806f9220f38.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
a4cce28b by Andrew Bartlett at 2021-04-28T03:43:34+00:00
.gitlab-ci.yml: Always build the ubuntu1804-samba-o3 with --enable-coverage
This ensures that the coverage build always works, as it can trigger different warnings.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
aecb2b77 by Douglas Bagnall at 2021-04-28T03:43:34+00:00
python: remove all 'from __future__ import print_function'
This made Python 2's print behave like Python 3's print().
In some cases, where we had:
from __future__ import print_function
"""Intended module documentation..."""
this will have the side effect of making the intended module documentation
work as the actual module documentation (i.e. becoming __doc__), because
it is once again the first statement in the module.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c3a95b22 by Douglas Bagnall at 2021-04-28T03:43:34+00:00
python: remove all 'from __future__ import division'
This made '//' and '/' in Python 2 behave as in Python 3.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ba4aa2e8 by Douglas Bagnall at 2021-04-28T03:43:34+00:00
python/hostconfig: remove 'from __future__ import absolute_import'
obsolete in Python 3.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e84924fd by Douglas Bagnall at 2021-04-28T03:43:34+00:00
python: remove 'from __future__ import unicode_literals'
as well as a comment about Python 2 strings, which we don't want to be
reminded of.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2ccd5c09 by Viktor Dukhovni at 2021-04-28T03:43:34+00:00
HEIMDAL: Avoid yydebug compiler warning
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry-picked from Heimdal commit 17d6d0ac1e8597e91d723399cbe9af9ea2e13f42)
- - - - -
3bb4a0df by Andrew Bartlett at 2021-04-28T03:43:34+00:00
heimdal_build: Make HEIMDAL_BINARY be based on HEIMDAL_SUBSYSTEM
This is imporatant as it ensures that the warning -> error
logic and overrides are done for source files directly
listed in a HEIMDAL_BINARY and a HEIMDAL_SUBSYSTEM.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
c2c09113 by Andrew Bartlett at 2021-04-28T03:43:34+00:00
heimdal: use correct prototype of yyparse()
As noted in 92c6891c368cae5c2402727c1f66f1c60778199d in upstream
Heimdal yyparse() returns an int.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
e45980ff by Andrew Bartlett at 2021-04-28T03:43:34+00:00
build: Use bison at build time rather than lexyacc.sh to build the embedded heimdal
Because the filenames are changed to the *.tab.{h,c} format
a transitional header is added.
While the built compilers differ, the output of the compilers
and the resulting .o files have been verified not to have changed
on Ubuntu 20.04.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
0e6e5f9c by Andreas Schneider at 2021-04-28T03:43:34+00:00
s3:utils: Link py_net only against needed cmdline_contexts library
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d45eddb5 by Andreas Schneider at 2021-04-28T03:43:34+00:00
file_server: Add a missing no memory check
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ceccb618 by Andreas Schneider at 2021-04-28T03:43:34+00:00
file_server: Pass the 'samba' daemon config file to smbd
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0b8433cf by Andreas Schneider at 2021-04-28T03:43:34+00:00
s4:winbind: Add a missing no memory check
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
24c4fcf8 by Andreas Schneider at 2021-04-28T03:43:34+00:00
s3:winbind: Pass the 'samba' daemon config file to winbindd
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c54d5dbe by Andreas Schneider at 2021-04-28T03:43:34+00:00
selftest: Specify /dev/null as the smbd config file
smbd will require a smb.conf later.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
293a941f by Andreas Schneider at 2021-04-28T03:43:34+00:00
docs-xml: Use 'desired' and 'required' for option 'client signing'
For a better user experience we use disabled, desired, required
everywhere now. The arguments auto and mandatory are still working and
synonyms.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9fb88e6e by Andreas Schneider at 2021-04-28T03:43:34+00:00
docs-xml: Use 'desired' and 'required' for option 'client ipc signing'
For a better user experience we use disabled, desired, required
everywhere now. The arguments auto and mandatory are still working and
synonyms.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
fca9c568 by Andreas Schneider at 2021-04-28T03:43:34+00:00
tests: Use ldbsearch '--scope instead of '-s'
We should use long options in tests to make clear what we are trying to
do.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
86f7bc7a by Andreas Schneider at 2021-04-28T03:43:34+00:00
testprogs: Use --suppress-prompt instead of -s for testparm
We should use long options in tests to make clear what we are trying to
do.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f291b8f1 by Andreas Schneider at 2021-04-28T03:43:34+00:00
tests: Use --configfile instead of -s
We should use long options in tests to make clear what we are trying to
do.
Also the -s short option will be removed for --configfile later.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b2bad13c by Andreas Schneider at 2021-04-28T03:43:34+00:00
s3:tests: Check for 'Client started' in the log
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1cd23371 by Andreas Schneider at 2021-04-28T03:43:34+00:00
lib:param: Add 'client use kerberos' config parameter
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
08be2824 by Andreas Schneider at 2021-04-28T03:43:34+00:00
selftest: Check the return code of setup_namespaces()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a0072659 by Andreas Schneider at 2021-04-28T03:43:34+00:00
s4:rpc_server: Set Kerberos to desired
This is required for ncalrpc_as_system to work. In FIPS enabled mode,
'client use kerberos' is forced to required. We need to allow
non-kerberos use for ncalrpc_as_system here.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
521f77c6 by Andreas Schneider at 2021-04-28T03:43:34+00:00
auth:creds: Add obtained arg to cli_credentials_set_kerberos_state()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5a751ea5 by Andreas Schneider at 2021-04-28T03:43:34+00:00
auth:creds:tests: Add test for cli_credentials_set_kerberos_state()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4c435370 by Andreas Schneider at 2021-04-28T03:43:34+00:00
lib:param: Add 'client protection' config option
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7accd900 by Andreas Schneider at 2021-04-28T03:43:34+00:00
auth:creds: Use 'client protection' option for smb sign and encrypt defaults
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2fbc63ca by Andreas Schneider at 2021-04-28T03:43:34+00:00
auth:creds: Add obtained arg to cli_credentials_set_gensec_features()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f65a32fa by Andreas Schneider at 2021-04-28T03:43:34+00:00
auth:creds:tests: Add test for cli_credentials_set_gensec_features()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f33844b7 by Andreas Schneider at 2021-04-28T03:43:34+00:00
auth:creds: Add cli_credentials_get_username_and_obtained()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3b78f4f0 by Andreas Schneider at 2021-04-28T03:43:34+00:00
auth:creds:tests: Add test for cli_credentials_get_username_and_obtained()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
bd2b1825 by Andreas Schneider at 2021-04-28T03:43:34+00:00
auth:creds: Add cli_credentials_get_password_and_obtained()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
fcba4eb4 by Andreas Schneider at 2021-04-28T03:43:34+00:00
auth:creds:tests: Add test for cli_credentials_get_password_and_obtained()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5470da07 by Andreas Schneider at 2021-04-28T03:43:34+00:00
lib:cmdline: Add initial code for new cmdline option parser
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6c812505 by Andreas Schneider at 2021-04-28T03:43:34+00:00
lib:cmdline: Add client credentials
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e54f5f95 by Andreas Schneider at 2021-04-28T03:43:34+00:00
lib:cmdline: Add callback for loading the config file
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
726ccf1d by Andreas Schneider at 2021-04-28T03:43:34+00:00
lib:cmdline: Parse cmdline options with popt
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
054d11f7 by Andreas Schneider at 2021-04-28T03:43:34+00:00
lib:cmdline: Implement legacy kerberos options
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
095bed6a by Andreas Schneider at 2021-04-28T03:43:34+00:00
lib:cmdline: Set kerberos=required for --use-krb5-ccache=CCACHE
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d945ed03 by Andreas Schneider at 2021-04-28T03:43:34+00:00
lib:cmdline: Add samba_cmdline_burn()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8560c310 by Andreas Schneider at 2021-04-28T03:43:34+00:00
lib:cmdline: Add sanity check for options
Make sure we don't have duplicate options!
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
eb573067 by Andreas Schneider at 2021-04-28T04:32:47+00:00
docs-xml: Add doc entities for the options of the new cmdline parser
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed Apr 28 04:32:47 UTC 2021 on sn-devel-184
- - - - -
7e63e84d by Andreas Schneider at 2021-04-28T08:47:21+00:00
WHATSNEW: Document removal of NIS support
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Karolin Seeger <kseeger at samba.org>
Autobuild-User(master): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(master): Wed Apr 28 08:47:21 UTC 2021 on sn-devel-184
- - - - -
87927173 by Andreas Schneider at 2021-04-29T03:58:37+00:00
s3:nmbd: Migrate nmbd to new cmdline option parser
This removes --log-stdout as we already have --debug-stdout in the
common options!
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d8f84205 by Andreas Schneider at 2021-04-29T03:58:37+00:00
s3:smbd: Migrate smbd to new cmdline option parser
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c23f75cd by Andreas Schneider at 2021-04-29T03:58:37+00:00
s3:winbind: Migrate winbindd to new cmdline option parser
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c7b1d2d1 by Andreas Schneider at 2021-04-29T03:58:37+00:00
lib:util: Add debug_get_log_type() function
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3467214c by Andreas Schneider at 2021-04-29T03:58:37+00:00
s3: Remove --log-stdout from daemons
The common cmdline parser provides --debug-stdout.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4be015dd by Andreas Schneider at 2021-04-29T03:58:37+00:00
docs-xml: Update nmbd manpage for new cmdline opition parser
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
93dfd527 by Andreas Schneider at 2021-04-29T03:58:37+00:00
docs-xml: Update smbd manpage for new cmdline opition parser
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0531f6f5 by Andreas Schneider at 2021-04-29T03:58:37+00:00
docs-xml: Update winbindd manpage for new cmdline opition parser
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7d675bda by Andreas Schneider at 2021-04-29T03:58:37+00:00
s4:samba: Pass a talloc memory context to binary_smbd_main()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
236c35f7 by Andreas Schneider at 2021-04-29T03:58:37+00:00
s4:samba: Migrate samba daemon to new cmdline option parser
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0d243b32 by Andreas Schneider at 2021-04-29T03:58:37+00:00
docs-xml: Update samba.8 manpage for new cmdline opition parser
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
32868286 by Andreas Schneider at 2021-04-29T03:58:37+00:00
s3:utils: Tell users that workgroup/realm is required for ADS mode
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14695
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
757c49f6 by Andreas Schneider at 2021-04-29T04:48:37+00:00
s3:winbind: For 'security = ADS' require realm/workgroup to be set
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14695
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu Apr 29 04:48:37 UTC 2021 on sn-devel-184
- - - - -
75ad8416 by Volker Lendecke at 2021-04-29T09:55:51+00:00
CVE-2021-20254 passdb: Simplify sids_to_unixids()
Best reviewed with "git show -b", there's a "continue" statement that
changes subsequent indentation.
Decouple lookup status of ids from ID_TYPE_NOT_SPECIFIED
Add comments to explain the use of the three lookup
loops.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14571
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(master): Thu Apr 29 09:55:51 UTC 2021 on sn-devel-184
- - - - -
9b2c17e5 by Andreas Schneider at 2021-04-29T15:01:29+00:00
s3:winbindd: Simplfy sequence number caching
The sequence number is used to detect if the cache is still valid. It
expires when the `winbind cache time` is over. After that time we want
to fetch new information from a DC to make sure we are up to date.
If a DC goes down and we recreate the connection, we want to expire the
caches sooner. So we reset the sequence number and the next call should
refill the caches.
Using the current time as the sequence number is more reliable, as the
sequence number of two DCs could in theory be equal. All we have to do
is to make sure we reset it after we reconnect to a DC.
Previously the sequence number check was based on the AD database change
sequence number. Now this is based on a current time value which gets
reset after a successful (re)connect.
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Andreas Schneider <asn at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
edad81c8 by Andreas Schneider at 2021-04-29T15:01:29+00:00
s3:winbindd: Do not call backends sequence number code
This is not needed anymore.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
371bc987 by Andreas Schneider at 2021-04-29T15:01:29+00:00
s3:winbindd: Remove obsolete sequence_number callback from msrpc backend
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
2d809394 by Andreas Schneider at 2021-04-29T15:01:29+00:00
s3:winbindd: Remove obsolete sequence_number callback from samr backend
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
f3c60376 by Andreas Schneider at 2021-04-29T15:01:29+00:00
s3:winbindd: Remove obsolete sequence_number callback from ads backend
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
255a63ab by Andreas Schneider at 2021-04-29T15:01:29+00:00
s3:winbindd: Remove unused rpc_sequence_number()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
7524e6e7 by Ralph Boehme at 2021-04-29T15:01:29+00:00
winbindd: remove obsolete sequence_number() from winbindd_reconnect_ads.c
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
27c53355 by Ralph Boehme at 2021-04-29T15:01:29+00:00
winbindd: remove obsolete sequence_number() from winbindd_reconnect.c
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
54343f50 by Ralph Boehme at 2021-04-29T15:49:16+00:00
winbindd: remove obsolete sequence_number from struct winbindd_methods
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Thu Apr 29 15:49:16 UTC 2021 on sn-devel-184
- - - - -
47d79d7e by Jeremy Allison at 2021-04-29T21:27:58+00:00
s3: smbd: SMB1 SMBsplwr doesn't send a reply packet on success.
Missing call to set up req->outbuf means no reply is sent.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14696
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Apr 29 21:27:58 UTC 2021 on sn-devel-184
- - - - -
fd28e8ae by David Mulder at 2021-04-29T22:27:20+00:00
gpo: Correct name of files gpo
This is important, since having the incorrect
name will prevent policies from removing
correctly on an unapply, or when the policy
is deleted from AD.
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Apr 29 22:27:20 UTC 2021 on sn-devel-184
- - - - -
03ef73ac by Andreas Schneider at 2021-05-06T12:40:28+00:00
lib:cmdline: Improve error message for duplicate options
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlet <abartlet at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
b1963ab7 by Andreas Schneider at 2021-05-06T12:40:28+00:00
lib:cmdline: Rename to cmdline_sanity_checker
Will give nicer output if we find duplicates!
$ net help
cmdline_sanity_checker: Duplicate option --long|-l detected!
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlet <abartlet at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
4596211e by Andreas Schneider at 2021-05-06T12:40:28+00:00
lib:cmdline: Also set logfilebase for -l|--log-basename
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlet <abartlet at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
e8780be8 by Andreas Schneider at 2021-05-06T12:40:29+00:00
lib:cmdline: We need to always set a log file
We need to always set a log file name based on the process name. This
defines e.g. the log file for smbd.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
249b9650 by Andreas Schneider at 2021-05-06T13:29:27+00:00
lib:cmdline: Align integer types
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Thu May 6 13:29:28 UTC 2021 on sn-devel-184
- - - - -
24d574f7 by Richard Sharpe at 2021-05-07T03:20:46+00:00
s3: utils: Remove debug2html utility. Not used, installed or tested.
No reference to it on the web since the year 2000.
Signed-off-by: Richard Sharpe <realrichardsharpe at gmail.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri May 7 03:20:46 UTC 2021 on sn-devel-184
- - - - -
0e1695df by Günther Deschner at 2021-05-07T06:23:32+00:00
Fix gcc11 compiler issue "-Werror=maybe-uninitialized"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14699
../../source4/dsdb/common/util_links.c: In function ‘ndr_guid_compare’:
../../source4/dsdb/common/util_links.c:38:29: error: ‘v1_data’ may be used uninitialized [-Werror=maybe-uninitialized]
38 | struct ldb_val v1 = data_blob_const(v1_data, sizeof(v1_data));
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from ../../source4/../lib/util/samba_util.h:48,
from ../../source4/include/includes.h:62,
from ../../source4/dsdb/common/util_links.c:22:
../../lib/util/data_blob.h:116:20: note: by argument 1 of type ‘const void *’ to ‘data_blob_const’ declared here
116 | _PUBLIC_ DATA_BLOB data_blob_const(const void *p, size_t length);
| ^~~~~~~~~~~~~~~
../../source4/dsdb/common/util_links.c:37:17: note: ‘v1_data’ declared here
37 | uint8_t v1_data[16];
| ^~~~~~~
cc1: all warnings being treated as errors
[1729/3991] Compiling source3/smbd/smbXsrv_open.c
../../libcli/auth/smbencrypt.c: In function ‘decode_wkssvc_join_password_buffer’:
../../libcli/auth/smbencrypt.c:1045:32: error: ‘_confounder’ may be used uninitialized [-Werror=maybe-uninitialized]
1045 | DATA_BLOB confounder = data_blob_const(_confounder, 8);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from ../../source4/../lib/util/samba_util.h:48,
from ../../source4/include/includes.h:62,
from ../../libcli/auth/smbencrypt.c:24:
../../lib/util/data_blob.h:116:20: note: by argument 1 of type ‘const void *’ to ‘data_blob_const’ declared here
116 | _PUBLIC_ DATA_BLOB data_blob_const(const void *p, size_t length);
| ^~~~~~~~~~~~~~~
../../libcli/auth/smbencrypt.c:1044:17: note: ‘_confounder’ declared here
1044 | uint8_t _confounder[8];
| ^~~~~~~~~~~
cc1: all warnings being treated as errors
[2624/3991] Compiling source4/torture/rpc/samr.c
../../source3/rpc_client/cli_samr.c: In function ‘dcerpc_samr_chgpasswd_user2’:
../../source3/rpc_client/cli_samr.c:158:33: error: ‘old_nt_hash’ may be used uninitialized [-Werror=maybe-uninitialized]
158 | DATA_BLOB session_key = data_blob_const(old_nt_hash, 16);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from ../../source3/../lib/util/samba_util.h:48,
from ../../source3/include/includes.h:256,
from ../../source3/rpc_client/cli_samr.c:24:
../../lib/util/data_blob.h:116:20: note: by argument 1 of type ‘const void *’ to ‘data_blob_const’ declared here
116 | _PUBLIC_ DATA_BLOB data_blob_const(const void *p, size_t length);
| ^~~~~~~~~~~~~~~
../../source3/rpc_client/cli_samr.c:152:17: note: ‘old_nt_hash’ declared here
152 | uint8_t old_nt_hash[16];
| ^~~~~~~~~~~
../../source3/rpc_client/cli_samr.c: In function ‘dcerpc_samr_chgpasswd_user3’:
../../source3/rpc_client/cli_samr.c:365:33: error: ‘old_nt_hash’ may be used uninitialized [-Werror=maybe-uninitialized]
365 | DATA_BLOB session_key = data_blob_const(old_nt_hash, 16);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from ../../source3/../lib/util/samba_util.h:48,
from ../../source3/include/includes.h:256,
from ../../source3/rpc_client/cli_samr.c:24:
../../lib/util/data_blob.h:116:20: note: by argument 1 of type ‘const void *’ to ‘data_blob_const’ declared here
116 | _PUBLIC_ DATA_BLOB data_blob_const(const void *p, size_t length);
| ^~~~~~~~~~~~~~~
../../source3/rpc_client/cli_samr.c:358:17: note: ‘old_nt_hash’ declared here
358 | uint8_t old_nt_hash[16];
| ^~~~~~~~~~~
cc1: all warnings being treated as errors
[3399/3991] Compiling source3/rpcclient/cmd_spotlight.c
../../source3/smbd/smbXsrv_open.c: In function ‘smbXsrv_open_set_replay_cache’:
../../source3/smbd/smbXsrv_open.c:936:26: error: ‘data’ may be used uninitialized [-Werror=maybe-uninitialized]
936 | DATA_BLOB blob = data_blob_const(data, ARRAY_SIZE(data));
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from ../../source3/../lib/util/samba_util.h:48,
from ../../source3/include/includes.h:256,
from ../../source3/smbd/smbXsrv_open.c:21:
../../lib/util/data_blob.h:116:20: note: by argument 1 of type ‘const void *’ to ‘data_blob_const’ declared here
116 | _PUBLIC_ DATA_BLOB data_blob_const(const void *p, size_t length);
| ^~~~~~~~~~~~~~~
../../source3/smbd/smbXsrv_open.c:935:17: note: ‘data’ declared here
935 | uint8_t data[SMBXSRV_OPEN_REPLAY_CACHE_FIXED_SIZE];
| ^~~~
cc1: all warnings being treated as errors
../../source3/rpcclient/cmd_spotlight.c: In function ‘cmd_mdssvc_fetch_properties’:
../../source3/rpcclient/cmd_spotlight.c:60:18: error: ‘share_path’ may be used uninitialized [-Werror=maybe-uninitialized]
60 | status = dcerpc_mdssvc_open(b, mem_ctx,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
61 | &device_id,
| ~~~~~~~~~~~
62 | &unkn1,
| ~~~~~~~
63 | &unkn2,
| ~~~~~~~
64 | argv[2],
| ~~~~~~~~
65 | argv[1],
| ~~~~~~~~
66 | share_path,
| ~~~~~~~~~~~
67 | &share_handle);
| ~~~~~~~~~~~~~~
In file included from ../../source3/rpcclient/cmd_spotlight.c:24:
source3/../librpc/gen_ndr/ndr_mdssvc_c.h:26:10: note: by argument 8 of type ‘const char *’ to ‘dcerpc_mdssvc_open’ declared here
26 | NTSTATUS dcerpc_mdssvc_open(struct dcerpc_binding_handle *h,
| ^~~~~~~~~~~~~~~~~~
../../source3/rpcclient/cmd_spotlight.c:40:14: note: ‘share_path’ declared here
40 | char share_path[1025];
| ^~~~~~~~~~
cc1: all warnings being treated as errors
../../source4/torture/rpc/samr.c: In function ‘test_ChangePasswordUser2’:
../../source4/torture/rpc/samr.c:2266:19: error: ‘old_nt_hash’ may be used uninitialized [-Werror=maybe-uninitialized]
2266 | = data_blob_const(old_nt_hash, sizeof(old_nt_hash));
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from ../../source4/../lib/util/samba_util.h:48,
from ../../source4/include/includes.h:62,
from ../../source4/torture/rpc/samr.c:24:
../../lib/util/data_blob.h:116:20: note: by argument 1 of type ‘const void *’ to ‘data_blob_const’ declared here
116 | _PUBLIC_ DATA_BLOB data_blob_const(const void *p, size_t length);
| ^~~~~~~~~~~~~~~
../../source4/torture/rpc/samr.c:2263:17: note: ‘old_nt_hash’ declared here
2263 | uint8_t old_nt_hash[16], new_nt_hash[16];
| ^~~~~~~~~~~
../../source4/torture/rpc/samr.c: In function ‘test_ChangePasswordUser2_ntstatus’:
../../source4/torture/rpc/samr.c:2371:19: error: ‘old_nt_hash’ may be used uninitialized [-Werror=maybe-uninitialized]
2371 | = data_blob_const(old_nt_hash, sizeof(old_nt_hash));
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from ../../source4/../lib/util/samba_util.h:48,
from ../../source4/include/includes.h:62,
from ../../source4/torture/rpc/samr.c:24:
../../lib/util/data_blob.h:116:20: note: by argument 1 of type ‘const void *’ to ‘data_blob_const’ declared here
116 | _PUBLIC_ DATA_BLOB data_blob_const(const void *p, size_t length);
| ^~~~~~~~~~~~~~~
../../source4/torture/rpc/samr.c:2368:17: note: ‘old_nt_hash’ declared here
2368 | uint8_t old_nt_hash[16], new_nt_hash[16];
| ^~~~~~~~~~~
../../source4/torture/rpc/samr.c: In function ‘test_ChangePasswordUser3’:
../../source4/torture/rpc/samr.c:2478:38: error: ‘old_nt_hash’ may be used uninitialized [-Werror=maybe-uninitialized]
2478 | DATA_BLOB old_nt_hash_blob = data_blob_const(old_nt_hash, 16);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from ../../source4/../lib/util/samba_util.h:48,
from ../../source4/include/includes.h:62,
from ../../source4/torture/rpc/samr.c:24:
../../lib/util/data_blob.h:116:20: note: by argument 1 of type ‘const void *’ to ‘data_blob_const’ declared here
116 | _PUBLIC_ DATA_BLOB data_blob_const(const void *p, size_t length);
| ^~~~~~~~~~~~~~~
../../source4/torture/rpc/samr.c:2473:17: note: ‘old_nt_hash’ declared here
2473 | uint8_t old_nt_hash[16], new_nt_hash[16];
| ^~~~~~~~~~~
../../source4/torture/rpc/samr.c: In function ‘test_ChangePasswordRandomBytes’:
../../source4/torture/rpc/samr.c:2794:19: error: ‘old_nt_hash’ may be used uninitialized [-Werror=maybe-uninitialized]
2794 | = data_blob_const(old_nt_hash,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
2795 | sizeof(old_nt_hash));
| ~~~~~~~~~~~~~~~~~~~~
In file included from ../../source4/../lib/util/samba_util.h:48,
from ../../source4/include/includes.h:62,
from ../../source4/torture/rpc/samr.c:24:
../../lib/util/data_blob.h:116:20: note: by argument 1 of type ‘const void *’ to ‘data_blob_const’ declared here
116 | _PUBLIC_ DATA_BLOB data_blob_const(const void *p, size_t length);
| ^~~~~~~~~~~~~~~
../../source4/torture/rpc/samr.c:2792:17: note: ‘old_nt_hash’ declared here
2792 | uint8_t old_nt_hash[16], new_nt_hash[16];
| ^~~~~~~~~~~
cc1: all warnings being treated as errors
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
17ae9974 by Günther Deschner at 2021-05-07T06:23:32+00:00
Fix gcc11 compiler issue "-Werror=stringop-overflow="
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14699
[3548/3991] Compiling source3/winbindd/winbindd_pam.c
../../source3/winbindd/winbindd_pam.c: In function ‘winbindd_dual_pam_auth_cached’:
../../source3/winbindd/winbindd_pam.c:1069:18: error: ‘winbindd_get_creds’ accessing 128 bytes in a region of size 8 [-Werror=stringop-overflow=]
1069 | result = winbindd_get_creds(domain,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~
1070 | state->mem_ctx,
| ~~~~~~~~~~~~~~~
1071 | &sid,
| ~~~~~
1072 | &my_info3,
| ~~~~~~~~~~
1073 | &cached_nt_pass,
| ~~~~~~~~~~~~~~~~
1074 | &cached_salt);
| ~~~~~~~~~~~~~
../../source3/winbindd/winbindd_pam.c:1069:18: note: referencing argument 5 of type ‘const uint8_t **’ {aka ‘const unsigned char **’}
../../source3/winbindd/winbindd_pam.c:1069:18: error: ‘winbindd_get_creds’ accessing 128 bytes in a region of size 8 [-Werror=stringop-overflow=]
../../source3/winbindd/winbindd_pam.c:1069:18: note: referencing argument 6 of type ‘const uint8_t **’ {aka ‘const unsigned char **’}
In file included from ../../source3/winbindd/winbindd.h:359,
from ../../source3/winbindd/winbindd_pam.c:26:
../../source3/winbindd/winbindd_proto.h:251:10: note: in a call to function ‘winbindd_get_creds’
251 | NTSTATUS winbindd_get_creds(struct winbindd_domain *domain,
| ^~~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
8f12793c by Andreas Schneider at 2021-05-07T06:23:32+00:00
lib:replace: Do not build strndup test with gcc 11 or newer
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14699
gcc11 with -O3 detects that the size is incorrect:
lib/replace/tests/testsuite.c:286:13: error: ‘strndup’ specified bound 10 exceeds source size 4 [-Werror=stringop-overread]
286 | x = strndup("bla", 10);
| ^~~~~~~~~~~~~~~~~~
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
75556656 by Andreas Schneider at 2021-05-07T06:23:32+00:00
bootstrap: Remove libnsl as we dropped NIS support
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
ac78b921 by Andreas Schneider at 2021-05-07T07:18:01+00:00
bootstrap: Add Fedora 34 CI runner
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Fri May 7 07:18:02 UTC 2021 on sn-devel-184
- - - - -
21934c09 by Andrew Walker at 2021-05-10T20:16:21+00:00
s3:smbd - support streams larger than 64 KiB
Add support for streams that are larger than 64 KiB in size. Upper
and lower bound are controlled by the parameters smbd max_xattr_size.
Testing against ReFS on Windows (where ADS size is limited in size
shows the server responding with STATUS_FILESYSTEM_LIMITATION.
Do the same in samba for this case.
Currently, large xattrs are supported in FreeBSD.
Signed-off-by: Andrew Walker <awalker at ixsystems.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon May 10 20:16:21 UTC 2021 on sn-devel-184
- - - - -
556b114f by Joseph Sutton at 2021-05-11T07:03:35+00:00
audit logging tests: Fix flapping test
On Linux, gettimeofday() uses the clock's microsecond field to adjust
the returned time in seconds, while time() only takes the seconds field
into account. As a result, time() would occasionally return a smaller
value than gettimeofday(), despite being called later.
Changing the time() calls to gettimeofday() as used in audit_logging.c
makes the time values consistent.
https://stackoverflow.com/questions/22917318/time-and-gettimeofday-return-different-seconds
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Tue May 11 07:03:35 UTC 2021 on sn-devel-184
- - - - -
64af0aeb by Noel Power at 2021-05-11T15:49:28+00:00
VFS: Add SMB_VFS_FSTREAMINFO
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f2a24351 by Noel Power at 2021-05-11T15:49:28+00:00
s3: VFS: catia: Implement SMB_VFS_FSTREAMINFO
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
8e469af3 by Noel Power at 2021-05-11T15:49:28+00:00
s3: vfs: fruit: Implement SMB_VFS_FSTREAMINFO
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
de29a2a0 by Noel Power at 2021-05-11T15:49:28+00:00
s3: VFS: glusterfs: Initialise fstreaminfo_fn to NULL
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a23667a0 by Noel Power at 2021-05-11T15:49:28+00:00
s3: VFS: streams_depot SMB_VFS_FSTREAMINFO impl
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a8eb80a5 by Noel Power at 2021-05-11T15:49:28+00:00
s3: VFS: streams_xattr: Add impl for SMB_VFS_FSTREAMINFO
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
4842710a by Noel Power at 2021-05-11T15:49:28+00:00
s3/smbd: add new toplevel vfs_fstreaminfo wrapper
This will allow for calling SMB_VFS_FSTREAMINFO in a piecemeal
fashion, at the end of the patch set vfs_fstreaminfo will replace
vfs_streaminfo
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
40d44601 by Noel Power at 2021-05-11T15:49:28+00:00
s3/smbd: ntrans: vfs_streaminfo -> vfs_fstreaminfo
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
89e2dbaf by Noel Power at 2021-05-11T15:49:28+00:00
s3/smbd: trans2: vfs_streaminfo -> vfs_fstreaminfo
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
2b9b1c24 by Noel Power at 2021-05-11T15:49:28+00:00
s3/smbd: close vfs_streaminfo->vfs_fstreaminfo
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
8331852d by Noel Power at 2021-05-11T15:49:28+00:00
s3/smbd: filename: vfs_streaminfo -> vfs_fstreaminfo
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
250b2496 by Noel Power at 2021-05-11T15:49:28+00:00
s3/smbd: open: vfs_streaminfo -> vfs_fstreaminfo
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
631ab9ef by Noel Power at 2021-05-11T15:49:28+00:00
s3/lib: adouble: vfs_streaminfo -> vfs_fstreaminfo
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
4bca55ae by Noel Power at 2021-05-11T15:49:28+00:00
s3/module: VFS: fruit: vfs_streaminfo -> vfs_fstreaminfo
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
697dd778 by Noel Power at 2021-05-11T15:49:28+00:00
s3: Remove vfs_streaminfo function
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d7894f63 by Noel Power at 2021-05-11T15:49:28+00:00
s3/modules: VFS: catia: Remove SMB_VFS_STREAMINFO
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
98c20b3a by Noel Power at 2021-05-11T15:49:28+00:00
s3/modules: VFS: fruit: Remove SMB_VFS_STREAMINFO
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c6eef9cd by Noel Power at 2021-05-11T15:49:28+00:00
s3/modules: VFS: media_harmony: Remove SMB_VFS_STREAMINFO
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1faf2ed2 by Noel Power at 2021-05-11T15:49:28+00:00
s3/modules: VFS: streams_depo: Remove SMB_VFS_STREAMINFO
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
8df9d738 by Noel Power at 2021-05-11T15:49:28+00:00
s3/modules: VFS: stream_xattr: Remove SMB_VFS_STREAMINFO
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
9fca2ae7 by Noel Power at 2021-05-11T15:49:28+00:00
s3/modules: VFS: unityed_media: Remove SMB_VFS_STREAMINFO
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a8e786cf by Jeremy Allison at 2021-05-11T15:49:28+00:00
s3/modules: VFS: glusterfs: Remove SMB_VFS_STREAMINFO
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1928459d by Noel Power at 2021-05-11T15:49:28+00:00
s3: VFS: Remove SMB_VFS_STREAMINFO(), no longer used
---------------
/ \
/ REST \
/ IN \
/ PEACE \
/ \
| |
| SMB_VFS_STREAMINFO |
| |
| |
| 28 April |
| 2021 |
| |
| |
*| * * * | *
_________)/\\_//(\/(/\)/\//\/\////|_)_______
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
3f57c6bb by Noel Power at 2021-05-11T16:38:40+00:00
VFS: Update status of SMB_VFS_STREAMINFO
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue May 11 16:38:40 UTC 2021 on sn-devel-184
- - - - -
6e0680ce by Jeremy Allison at 2021-05-11T22:08:36+00:00
s3: smbd: Allow check_parent_exists() to return the errno from STAT/LSTAT on the parent name.
Not yet used.
This will allow us to avoid an duplicate STAT/LSTAT system call
on the parent pathname in a hot code path of the caller in the next commit.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe at gmail.com>
- - - - -
33f45491 by Jeremy Allison at 2021-05-11T22:52:58+00:00
s3: smbd: Remove a STAT/LSTAT call on the parent pathname in a hot code path.
This optimization uses the stored errno result from check_parent_exists()
which already did a STAT/LSTAT if needed.
Best viewed with 'git show -b'.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe at gmail.com>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue May 11 22:52:58 UTC 2021 on sn-devel-184
- - - - -
209a4bb3 by Volker Lendecke at 2021-05-11T22:56:37+00:00
printing: Consolidate add_to_jobs_list()
add_to_jobs_changed() and add_to_jobs_added() only differed in the key
string.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e33db552 by Volker Lendecke at 2021-05-11T22:56:37+00:00
smbd: Make share_mode_lock.h includable on its own
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
5212464b by Volker Lendecke at 2021-05-11T22:56:37+00:00
lib: Simplify str_list_make_empty()
We have talloc_zero_array() for this.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f7181ec7 by Volker Lendecke at 2021-05-11T22:56:37+00:00
printing: Simplify calling print commands
We have fstr_sprintf for this
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
b180ca8c by Volker Lendecke at 2021-05-11T22:56:37+00:00
param: Enable including source3/param/param_proto.h without vfs.h
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
46d47994 by Volker Lendecke at 2021-05-11T22:56:37+00:00
printing: Factor out register_printing_bq_handlers()
The printing background jobs can be provided independently of the
start_background_queue() implementation.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
695938b6 by Volker Lendecke at 2021-05-11T22:56:37+00:00
lib: Add parent_watch_fd()
Make the parent watcher pipe used in reinit_after_fork() available for
external users that can't call reinit_after_fork().
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ecf9ba38 by Volker Lendecke at 2021-05-11T22:56:37+00:00
lib: Add str_list_add_printf()
Build up execv argument lists
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
bad19e20 by Volker Lendecke at 2021-05-11T22:56:37+00:00
printing: Introduce samba-bgqd
This is a separate binary executed from start_background_queue(). As
such it does not really gain much, but the idea is to move all the
code this runs out of the smbd and spoolssd binaries to just link
here.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
4d54b602 by Volker Lendecke at 2021-05-11T23:45:21+00:00
printing: Avoid a few references to background_lpq_updater_pid
We have the bgqd in the pidfile now
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue May 11 23:45:21 UTC 2021 on sn-devel-184
- - - - -
401ae83d by Richard Sharpe at 2021-05-12T20:29:32+00:00
s3: lib: If we're reporting getaddrinfo fail, print the name we were looking up in the same debug.
Signed-off-by: Richard Sharpe <realrichardsharpe at gmail.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
79b848fe by Andreas Schneider at 2021-05-12T20:29:32+00:00
selftest: Also add SERVER_LOG_LEVEL support for s3 targets
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
fbe68dcb by Andreas Schneider at 2021-05-12T20:29:32+00:00
selftest: Pass down the machine account name to provision_ad_member
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
6219eb52 by Andreas Schneider at 2021-05-12T20:29:32+00:00
selftest: Add ad_member_offline_logon env
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a04a5885 by Andreas Schneider at 2021-05-12T20:29:32+00:00
selftest: Turn on offline logon for ad_member_offline_logon
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
eef192b1 by Andreas Schneider at 2021-05-12T20:29:32+00:00
selftest: Add skip_wait to check_or_start
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
763e0323 by Andreas Schneider at 2021-05-12T20:29:32+00:00
selftest: Set winbind offline in ad_member_offline_logon target
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
08434e41 by Andreas Schneider at 2021-05-12T20:29:32+00:00
testprogs: Add test for offline logon support
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
8c5e9417 by Andreas Schneider at 2021-05-12T20:29:32+00:00
autobuild: Add ad_member_offline_logon
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1d5c546c by Andreas Schneider at 2021-05-12T20:29:32+00:00
s3:winbind: Remove global variable for winbindd_offline_state
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
b7ac9486 by Andreas Schneider at 2021-05-12T20:29:32+00:00
s3:winbind: Code cleanup for initialize_winbindd_cache()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
2b9a1fea by Andreas Schneider at 2021-05-12T21:19:03+00:00
lib:util: Fix return value of tdb_fetch_uint32_byblob()
The initialize_winbindd_cache() function uses tdb_fetch_uint32_byblob()
to check if the cache version is valid and up to date. As
tdb_fetch_uint32_byblob() returns false for a successful fetch, we
always remove the winbind cache database. This breaks the winbind
offline logon feature.
This also affects other caches and pdb.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14702
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed May 12 21:19:03 UTC 2021 on sn-devel-184
- - - - -
9be3be8a by Jeremy Allison at 2021-05-14T01:50:25+00:00
build: wscript. Fix the build on FreeBSD with the clang ld.lld-XX linker.
FreeBSD is broken. It doesn't include 'extern char **environ'
in any shared library, but statically inside crt0.o.
If we're running on a FreeBSD with the GNU linker ld we
can get around this by explicitly telling the linker to
ignore 'environ' as an unresolved symbol in a shared library.
However, the clang linker ld.lld-XX is broken in that it
doesn't have that option.
First try to see if have '-Wl,--ignore-unresolved-symbol,environ'
and just use that if so.
If not, we have to use '-Wl,--allow-shlib-undefined' instead
and remove all instances of '-Wl,-no-undefined'.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri May 14 01:50:25 UTC 2021 on sn-devel-184
- - - - -
6df8709f by Samuel Cabrero at 2021-05-14T20:04:28+00:00
VFS: Add SMB_VFS_FREADDIR_ATTR()
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
45578328 by Samuel Cabrero at 2021-05-14T20:04:28+00:00
s3: VFS: fruit: Implement SMB_VFS_FREADDIR_ATTR()
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
289b9b13 by Samuel Cabrero at 2021-05-14T20:04:28+00:00
s3: smbd: Switch from SMB_VFS_READDIR_ATTR() to SMB_VFS_FREADDIR_ATTR()
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
36a074bb by Samuel Cabrero at 2021-05-14T20:04:28+00:00
s3: smbd: Skip calling SMB_VFS_FREADDIR_ATTR() for symlinks
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
- - - - -
cb563e63 by Samuel Cabrero at 2021-05-14T20:04:28+00:00
s3: VFS: catia: Remove SMB_VFS_READDIR_ATTR()
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1fa6d75b by Samuel Cabrero at 2021-05-14T20:04:28+00:00
s3: VFS: fruit: Remove SMB_VFS_READDIR_ATTR()
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
96f1af04 by Samuel Cabrero at 2021-05-14T20:04:28+00:00
s3: VFS: Remove SMB_VFS_READDIR_ATTR(), no longer used
----------------
/ \
/ REST \
/ IN \
/ PEACE \
/ \
| |
| SMB_VFS_READDIR_ATTR |
| |
| |
| 13 May |
| 2021 |
| |
| |
*| * * * | *
_________)/\\_//(\/(/\)/\//\/\///\/|_)_______
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
52744d35 by Samuel Cabrero at 2021-05-14T20:52:47+00:00
nmbd: Reduce the wait interface loop sleep time
Under some circumstances the network-online.target can be reached
without an IPv4 address, for example when using systemd-networkd and
having systemd-networkd-wait-online.service disabled. This will trigger
a five seconds sleep which seems a bit excessive. It is specially
critical when winbind.service is enabled as it won't be started until
nmbd.service is running, delaying the systemd-logind.service five seconds..
Reduce the sleep time from 5 seconds to 250ms to exit the loop as soon
as possible.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri May 14 20:52:47 UTC 2021 on sn-devel-184
- - - - -
33bb6ad3 by Joseph Sutton at 2021-05-17T21:39:38+00:00
samba-tool:testparm: Test that --section-name works without --parameter-name
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14143
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Rowland Penny <rpenny at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e5456386 by Joseph Sutton at 2021-05-17T21:39:38+00:00
samba-tool:testparm: Fix error with --section-name
Pass the correct parameters into LoadparmService.dump() so that
--section-name works properly.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14143
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Rowland Penny <rpenny at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
11f26877 by Joseph Sutton at 2021-05-17T21:39:38+00:00
samba-tool:testparm: Test error handling for unknown sections and parameters
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14143
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Rowland Penny <rpenny at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7d7017b3 by Joseph Sutton at 2021-05-17T21:39:38+00:00
samba-tool:testparm: Display nicer parameter dump error messages
Now we catch errors for unknown sections or parameters and turn them
into CommandErrors.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14143
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Rowland Penny <rpenny at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3ef2b588 by Douglas Bagnall at 2021-05-17T21:39:38+00:00
dlz torture: update to supported DLZ API
Bind 9.8 went EOL in 2014, but we still run our tests using the API
version that it alone uses.
This patch changes it to use the API of versions 9.10 onwards.
We don't change what we test or make use of the new API, just pass
around some NULL pointers.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3103d948 by Douglas Bagnall at 2021-05-17T21:39:38+00:00
dlz: do not build for Bind 9.8 or 9.9
If we drop support for versions before Bind 9.10 (which itself went
EOL in 2018) we can get rid of a whole lot of ifdefs for old API
versions that no-one should be using.
This patch stops the build, the next one clears out the ifdefs.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a204e42c by Douglas Bagnall at 2021-05-17T22:29:01+00:00
dlz: remove support for ancient binds
We no longer support versions of bind that have
DLZ_DLOPEN_VERSION != 3, so we no longer need all these ifdefs.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Mon May 17 22:29:01 UTC 2021 on sn-devel-184
- - - - -
f188c9d7 by Volker Lendecke at 2021-05-18T10:42:32+00:00
ctdb: fix typos
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14475
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
9398d4b9 by Volker Lendecke at 2021-05-18T10:42:32+00:00
ctdb: Call run_event_recv() in a callback function
Triggers a different code path in run_event_* and aligns it more what
the ctdb eventd really does.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14475
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
07ab9b7a by Volker Lendecke at 2021-05-18T10:42:32+00:00
ctdb: Introduce a helper variable in run_event_test.c
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14475
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
19290f10 by Volker Lendecke at 2021-05-18T10:42:32+00:00
ctdb: Wait for SIGCHLD if script timed out
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14475
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
f320d1a7 by Volker Lendecke at 2021-05-18T10:42:32+00:00
ctdb: Introduce output before and after the 10-second timeout
This will lead to a crash in run_event_test.c soon
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14475
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
adef87a6 by Volker Lendecke at 2021-05-18T10:42:32+00:00
ctdb: Fix a crash in run_proc_signal_handler()
If a script times out the caller can talloc_free() the script_list
output of run_event_recv, which talloc_free's proc->output from
run_proc.c as well. If the script generates further output after the
timeout and then exits after a while, the SIGCHLD handler in the
eventd tries to read into proc->output, which was already free'ed.
Fix this by not doing just a talloc_steal but a talloc_move. This way
proc_read_handler() called from run_proc_signal_handler() does not try
to realloc the stale reference to proc->output but gets a NULL
reference.
I don't really know how to do a knownfail in ctdb, so this commit
actually activates catching the signal by waiting long enough for
22.bar to exit and generate the SIGCHLD.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14475
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
bebe313c by Andreas Schneider at 2021-05-18T11:32:41+00:00
lib:cmdline: Fix setting 'log file' from smb.conf
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Tue May 18 11:32:41 UTC 2021 on sn-devel-184
- - - - -
7127cba1 by Jeremy Allison at 2021-05-18T17:29:34+00:00
s3: VFS: Add SMB_VFS_SYS_ACL_DELETE_DEF_FD(),
Not yet used. Eventually will replace SMB_VFS_SYS_ACL_DELETE_DEF_FILE().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
- - - - -
b5344570 by Jeremy Allison at 2021-05-18T17:29:34+00:00
s3: VFS: aixacl: Add aixacl_sys_acl_delete_def_fd().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
- - - - -
ca733d8b by Jeremy Allison at 2021-05-18T17:29:34+00:00
s3: VFS: aixacl2: Add aixjfs2_sys_acl_delete_def_fd().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
- - - - -
0d9e30a1 by Jeremy Allison at 2021-05-18T17:29:34+00:00
s3: VFS: posixacl_xattr: Add posixacl_xattr_acl_delete_def_fd().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
2c2396a2 by Jeremy Allison at 2021-05-18T17:29:34+00:00
s3: VFS: ceph: Make ceph call posixacl_xattr_acl_delete_def_fd().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
2a99e67c by Jeremy Allison at 2021-05-18T17:29:34+00:00
s3: VFS: glusterfs: Make gluster call posixacl_xattr_acl_delete_def_fd().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
1eeb650b by Jeremy Allison at 2021-05-18T17:29:34+00:00
s3: VFS: gpfs: Add gpfsacl_sys_acl_delete_def_fd().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
d39b1931 by Jeremy Allison at 2021-05-18T17:29:34+00:00
s3: VFS: fake_acls: Add fake_acls_sys_acl_delete_def_fd().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
f6d91e33 by Jeremy Allison at 2021-05-18T17:29:34+00:00
s3: VFS: hpuxacl. Add hpuxacl_sys_acl_delete_def_fd().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
a2862968 by Jeremy Allison at 2021-05-18T17:29:34+00:00
s3: VFS: nfs4acl_xattr. Add nfs4acl_xattr_fail__sys_acl_delete_def_fd().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
c72c4b5b by Jeremy Allison at 2021-05-18T17:29:34+00:00
s3: VFS: posixacl: Add posixacl_sys_acl_delete_def_fd().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
88a2e9f9 by Jeremy Allison at 2021-05-18T17:29:34+00:00
s3: VFS: solarisacl: Add solarisacl_sys_acl_delete_def_fd().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
33b76a6f by Jeremy Allison at 2021-05-18T17:29:34+00:00
s3: VFS: zfsacl: Add zfsacl_fail__sys_acl_delete_def_fd().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
f75e93ef by Jeremy Allison at 2021-05-18T17:29:34+00:00
s3: lib: sysacls: Add sys_acl_delete_def_fd().
In the default (posix) case goes to posixacl_sys_acl_delete_def_fd().
For all other systems goes to their relevent backends.
Now we can fill in the delete_def_fd() function in vfs_default.c
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
165de1ca by Jeremy Allison at 2021-05-18T17:29:34+00:00
s3: VFS: default. In vfswrap_sys_acl_delete_def_file() remove the placeholder code and call sys_acl_delete_def_fd().
This will redirect to the correct backend.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
fd16f9da by Jeremy Allison at 2021-05-18T17:29:34+00:00
s3: smbd: Change SMB_VFS_SYS_ACL_DELETE_DEF_FILE() -> SMB_VFS_SYS_ACL_DELETE_DEF_FD().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
b6700044 by Jeremy Allison at 2021-05-18T17:29:34+00:00
s3: torture: cmd_sys_acl_delete_def_file: Move SMB_VFS_SYS_ACL_DELETE_DEF_FILE() -> SMB_VFS_SYS_ACL_DELETE_DEF_FD().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
9e1d79db by Jeremy Allison at 2021-05-18T17:29:34+00:00
s3: VFS: aixacl: Remove aixacl_sys_acl_delete_def_file().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
981fbf55 by Jeremy Allison at 2021-05-18T17:29:34+00:00
s3: VFS: aixacl2: Remove aixjfs2_sys_acl_delete_def_file().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
109dfac0 by Jeremy Allison at 2021-05-18T17:29:34+00:00
s3: VFS: cap: Remove cap_sys_acl_delete_def_file().
No longer used.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
- - - - -
51c732a6 by Jeremy Allison at 2021-05-18T17:29:34+00:00
s3: VFS: catia: Remove catia_sys_acl_delete_def_file().
No longer used.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
ce5fb5b4 by Jeremy Allison at 2021-05-18T17:29:34+00:00
s3: VFS: ceph: Remove sys_acl_delete_def_file_fn() pointer.
No longer used.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
331d772c by Jeremy Allison at 2021-05-18T17:29:34+00:00
s3: VFS: fake_acls: Remove fake_acls_sys_acl_delete_def_file().
No longer used.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.com>
- - - - -
d646c54c by Jeremy Allison at 2021-05-18T17:29:34+00:00
s3: VFS: glusterfs: Remove sys_acl_delete_def_file_fn pointer.
No longer used.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
fedbbc9f by Jeremy Allison at 2021-05-18T17:29:34+00:00
s3: VFS: gpfs: Remove gpfsacl_sys_acl_delete_def_file().
No longer used.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
9cde624d by Jeremy Allison at 2021-05-18T17:29:34+00:00
s3: VFS: hpuxacl: Remove hpuxacl_sys_acl_delete_def_file().
No longer used.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
46bc4555 by Jeremy Allison at 2021-05-18T17:29:34+00:00
s3: VFS: media_harmony: Remove mh_sys_acl_delete_def_file().
No longer used.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
3607212b by Jeremy Allison at 2021-05-18T17:29:34+00:00
s3: VFS: nfsacl_xattr: Remove nfs4acl_xattr_fail__sys_acl_delete_def_file().
No longer used.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
25507668 by Jeremy Allison at 2021-05-18T17:29:34+00:00
s3: VFS: solarisacl: Remove solarisacl_sys_acl_delete_def_file().
No longer used.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
cfa44483 by Jeremy Allison at 2021-05-18T17:29:34+00:00
s3: VFS: unityed_media: Remove um_sys_acl_delete_def_file().
No longer used.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
39901d17 by Jeremy Allison at 2021-05-18T17:29:34+00:00
s3: VFS: zfsacl: Remove zfsacl_fail__sys_acl_delete_def_file().
No longer used.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
97821542 by Jeremy Allison at 2021-05-18T17:29:34+00:00
s3: VFS: posixacl: Remove sys_acl_delete_def_file_fn pointer.
Leave the called function as that's in the public API.
We will be able to get rid of it when we delete sys_acl_delete_def_file()
after all the callers are gone.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
bf34438e by Jeremy Allison at 2021-05-18T17:29:34+00:00
s3: VFS: posixacl_xattr: Remove posixacl_xattr_acl_delete_def_file().
No longer used.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
569474f1 by Jeremy Allison at 2021-05-18T17:29:34+00:00
vfs: RIP SMB_VFS_SYS_ACL_DELETE_DEF_FILE()
.--. .-, .-..-.__
.'(`.-` \_.-'-./` |\_( "\__
__.>\ '; _;---,._| / __/`'--)
/.--. : |/' _.--.<| / | |
_..-' `\ /' /` /_/ _/_/
>_.-``-. `Y /' _;---.`|/))))
'` .-''. \|: .' __, .-'"`
.'--._ `-: \/: /' '.\ _|_
/.'`\ :; /' `- `-|-`
-` | | |
:.; : | .-'~^~`-.
|: | .' _ _ `.
|:. | | |_) | |_) |
:. : | | | \ | | |
: ; | | |
: ; | | SMB_VFS |
: ; | | SYS_ACL |
: ; | |DELETE_DEF |
.jgs. : ; | FILE |
-."-/\\\/:::. `\."-._'."-"_\\-| |///."-
" -."-.\\"-."//.-".`-."_\\-.".-\\`=.........=`//-".
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
0680a383 by Jeremy Allison at 2021-05-18T17:29:34+00:00
s3: smbd: Remove all references to utility and backend functions supporting sys_acl_delete_def_file().
No longer used.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
b4c597b6 by Jeremy Allison at 2021-05-18T18:19:28+00:00
s3: VFS: Update status of SMB_VFS_SYS_ACL_DELETE_DEF_FILE() and SMB_VFS_SYS_ACL_DELETE_DEF_FD().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue May 18 18:19:28 UTC 2021 on sn-devel-184
- - - - -
28679507 by Jeremy Allison at 2021-05-18T19:23:25+00:00
s3: lib: Fix the solaris build. Commit 8d0ea8bafa00 added SMB_ACL_TYPE_T type to solarisacl_sys_acl_set_fd() in the .c file, but not the .h.
The fact no one noticed means currently no one is
building master on Solaris/Illumos/OmniOS.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue May 18 19:23:25 UTC 2021 on sn-devel-184
- - - - -
1ea2de56 by Joseph Sutton at 2021-05-19T01:32:34+00:00
auth:creds: Remove unused variable
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
2d05268a by Joseph Sutton at 2021-05-19T01:32:34+00:00
auth:creds: Fix parameter in creds.set_named_ccache()
Use the passed-in value for 'obtained' rather than always using
CRED_SPECIFIED.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
50ade4ca by Joseph Sutton at 2021-05-19T01:32:34+00:00
pygensec: Fix method documentation
This changes the docstrings to use the correct method names.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
6f144d49 by Joseph Sutton at 2021-05-19T01:32:34+00:00
Revert "s4-test: fixed ndrdump test for top level build"
This essentially reverts commit
b84c0a9ed6d556eb2d3797d606edcd03f9766606, but the datapath is now in the
source4 directory.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
74fb2cc4 by Joseph Sutton at 2021-05-19T01:32:34+00:00
krb5ccache.idl: Add definition for a Kerberos credentials cache
Based on specifications found at
https://web.mit.edu/kerberos/krb5-devel/doc/formats/ccache_file_format.html
This is primarily designed for parsing and storing a single Kerberos
ticket, due to the limitations of PIDL.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
1f17b1ed by Joseph Sutton at 2021-05-19T01:32:34+00:00
librpc: Test parsing a Kerberos 5 credentials cache with ndrdump
This is the format used by the FILE: credentials cache type.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
2d88a6ff by Joseph Sutton at 2021-05-19T01:32:34+00:00
krb5: Add Python functions to create a credentials cache containing a service ticket
This is a FILE: format credentials cache readable by the MIT/Heimdal
Kerberos libraries. This allows us to glue the Python ASN1 Kerberos
system to the MIT/Heimdal one.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
c15f26ec by Joseph Sutton at 2021-05-19T01:32:34+00:00
python: Add credentials cache test
Test that we can use a credentials cache with a user's service ticket
obtained with our Python code to connect to a service using the normal
credentials system backed on to MIT/Heimdal Kerberos 5 libraries. This
will allow us to validate the output of the MIT/Heimdal libraries in the
future.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
7663b5c3 by Joseph Sutton at 2021-05-19T01:32:34+00:00
python: Add LDAP credentials cache test
Test that we can use a credentials cache with a user's service ticket
obtained with our Python code to connect to a service through LDAP.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
072451a0 by Joseph Sutton at 2021-05-19T01:32:34+00:00
python: Add RPC credentials cache test
Test that we can use a credentials cache with a user's service ticket
obtained with our Python code to connect to a service through RPC.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
2b487890 by Joseph Sutton at 2021-05-19T01:32:34+00:00
Revert "libsmb: Use sid_parse()"
This reverts commit afd5d34f5e1d13ba88448b3b94d353aa8361d1a9.
This code originally used ndr_pull_struct_blob() to pull one SID from a
buffer potentially containing multiple SIDs. When this was changed to
use sid_parse(), it was now attempting to parse the whole buffer as a
single SID with ndr_pull_struct_blob_all(), which would cause it to fail
if more than one SID was present.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
db5b34c7 by Joseph Sutton at 2021-05-19T01:32:34+00:00
libsmb: Remove overflow check
Pointer overflow is undefined, so this check does not accomplish
anything.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
9d8aeed3 by Joseph Sutton at 2021-05-19T01:32:34+00:00
libsmb: Avoid undefined behaviour when parsing whoami state
If num_gids is such that the gids array would overflow the rdata buffer,
'p + 8' could produce a result pointing outside the buffer, and thus
result in undefined behaviour. To avoid this, we check num_gids against
the size of the buffer beforehand.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
9e414233 by Joseph Sutton at 2021-05-19T01:32:34+00:00
libsmb: Check to see that whoami is not receiving more data than it requested
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
9b96ebea by Joseph Sutton at 2021-05-19T01:32:34+00:00
libsmb: Ensure that whoami parses all the data provided to it
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
48255943 by Joseph Sutton at 2021-05-19T01:32:34+00:00
pylibsmb: Add posix_whoami()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
78a0b57b by Joseph Sutton at 2021-05-19T01:32:34+00:00
python: Add SMB credentials cache test
Test that we can use a credentials cache with a user's service ticket
obtained with our Python code to connect to a service through SMB.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
290c1dc0 by Joseph Sutton at 2021-05-19T01:32:34+00:00
python: Ensure reference counts are properly incremented
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
66695f0f by Joseph Sutton at 2021-05-19T01:32:34+00:00
python: Fix erroneous increments of reference counts
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
b9006f33 by Joseph Sutton at 2021-05-19T01:32:34+00:00
python: Fix ticket timestamp conversion when local timezone is not UTC
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
7791acb0 by Joseph Sutton at 2021-05-19T02:22:00+00:00
python: Make credentials cache test run against Windows
Windows, unlike Samba, requires the service principal name to be set
when requesting a ticket to that service.
Additionally, default_realm from the libdefaults section of krb5.conf
should be set so that the correct realm is used.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed May 19 02:22:01 UTC 2021 on sn-devel-184
- - - - -
544289b5 by Jeremy Allison at 2021-05-19T08:34:30+00:00
s3: torture: Add test for bug 14708 - POSIX default ACL not mapped into returned Windows ACL for directory handles.
Knownfail for now.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14708
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
b7f62e13 by Jeremy Allison at 2021-05-19T09:22:56+00:00
s3: smbd: Ensure POSIX default ACL is mapped into returned Windows ACL for directory handles.
Remove knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14708
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
Autobuild-User(master): Noel Power <npower at samba.org>
Autobuild-Date(master): Wed May 19 09:22:56 UTC 2021 on sn-devel-184
- - - - -
c216e056 by Andreas Schneider at 2021-05-19T20:01:00+00:00
selftest: Rename offline logon env to ad_member_offlogon
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed May 19 20:01:00 UTC 2021 on sn-devel-184
- - - - -
e4474ac0 by Andreas Schneider at 2021-05-20T02:58:36+00:00
s3:client: Migrate smbclient to new cmdline option parser
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
64b8a3ab by Andreas Schneider at 2021-05-20T02:58:36+00:00
s3:client: Remove duplicate name-resolv (R) options
Detected by samba_popt_get_context(), see next commit.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7b70a72b by Andreas Schneider at 2021-05-20T02:58:36+00:00
s3:client: Use samba_popt_get_context()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
74b2a52e by Andreas Schneider at 2021-05-20T02:58:36+00:00
docs-xml: Update smbclient manpage for new cmdline opition parser
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ff7d4a65 by Andreas Schneider at 2021-05-20T02:58:36+00:00
testprogs: Add more smbclient kerberos tests for new cmdline options
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
894b8b3c by Andreas Schneider at 2021-05-20T02:58:36+00:00
s3:rpcclient: Pass cli_credentials to do_cmd()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4f9c07c0 by Andreas Schneider at 2021-05-20T02:58:36+00:00
s3:rpcclient: Pass cli_credentials to process_cmd()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4fb4da39 by Andreas Schneider at 2021-05-20T02:58:36+00:00
s3:rpcclient: Migrate rpcclient to new cmdline option parser
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
75088fdb by Andreas Schneider at 2021-05-20T02:58:36+00:00
docs-xml: Update rpcclient manpage for new cmdline opition parser
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ba7c2cee by Andreas Schneider at 2021-05-20T02:58:36+00:00
testprogs: Rename test_rpc_getusername_legacy()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7fa1ae04 by Andreas Schneider at 2021-05-20T02:58:36+00:00
testprogs: Add additional rpcclient tests for new cmdline options
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0433896e by Andreas Schneider at 2021-05-20T02:58:36+00:00
lib:cmdline: Add a debug only option
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9caa71ef by Andreas Schneider at 2021-05-20T02:58:36+00:00
lib:cmdline: Add SAMBA_CMDLINE_CONFIG_NONE
This will prevent loading a config file. This will be needed for
testparm.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b87c36cb by Andreas Schneider at 2021-05-20T02:58:36+00:00
s3:param: Migrate test_lp_load to new cmdline option parser
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0f6c86b2 by Andreas Schneider at 2021-05-20T02:58:36+00:00
s3:lib: Migrate smbconftort to new cmdline option parser
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f81fe73f by Andreas Schneider at 2021-05-20T02:58:36+00:00
s3:rpc_server: Migrate test_mdsparser_es to new cmdline option parser
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
279c95ce by Andreas Schneider at 2021-05-20T02:58:36+00:00
s3:torture: Migrate vfstest to new cmdline option parser
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a19b9a2d by Andreas Schneider at 2021-05-20T02:58:36+00:00
docs-xml: Update vfstest manpage for new cmdline opition parser
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
de159c40 by Andreas Schneider at 2021-05-20T02:58:36+00:00
s3:torture: Migrate pdbtest to new cmdline option parser
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
09fed102 by Andreas Schneider at 2021-05-20T03:49:30+00:00
s3:utils: Migrate tevent_glib_tracker to new cmdline option parser
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu May 20 03:49:30 UTC 2021 on sn-devel-184
- - - - -
73e68c38 by Andreas Schneider at 2021-05-20T11:12:28+00:00
s3:smbd: Initialize command for spools printer control
./../source3/smbd/lanman.c: In function ‘api_WPrintQueueCtrl’:
../../source3/smbd/lanman.c:3342:9: error: ‘command’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
170d2f85 by Andreas Schneider at 2021-05-20T12:01:06+00:00
gitlab-ci: Install devel files for tracker-sparql (spotlight backend)
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Thu May 20 12:01:06 UTC 2021 on sn-devel-184
- - - - -
24fb40a8 by Dmytro Bagrii at 2021-05-20T15:07:28+00:00
lib:util: Fix log level for normal startup message
Message "daemon 'smbd' finished starting up and ready to serve connections"
indicates normal startup but printed with 'error' log level and may be mistakenly
treated as error during logs analisys. This patch changes log level to 'info'.
Signed-off-by: Dmytro Bagrii <dimich.dmb at gmail.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Thu May 20 15:07:28 UTC 2021 on sn-devel-184
- - - - -
5a976b42 by Jeremy Allison at 2021-05-20T19:59:44+00:00
s3: smbd: Change set_create_timespec_ea() to take the existing fsp.
Removes an unneeded synthetic_pathref() call.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Thu May 20 19:59:44 UTC 2021 on sn-devel-184
- - - - -
570ec75c by Noel Power at 2021-05-21T14:14:38+00:00
s3/smbd: Fix stray line introduced in 470b6223e7283ce1308e0b273eb893d20ab72d5b
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Fri May 21 14:14:38 UTC 2021 on sn-devel-184
- - - - -
ac9042ff by Ralph Boehme at 2021-05-24T16:05:32+00:00
torture: add a test that verifies SMB2 close fields without postqueryattrib
The server must set all fields to 0 if postqueryattrib is not set.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14714
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f96cc297 by Ralph Boehme at 2021-05-24T16:56:22+00:00
smbd: correctly initialize close timestamp fields
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14714
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon May 24 16:56:22 UTC 2021 on sn-devel-184
- - - - -
6917e324 by Jeremy Allison at 2021-05-24T16:57:37+00:00
s3: smbd: Remove use of synthetic_pathref() in rename_internals_fsp().
As we're renaming an open file we don't need to do another
open, we already have an fsp here.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
- - - - -
0c2ceb04 by Jeremy Allison at 2021-05-24T16:57:37+00:00
s3: torture: Add regression test for renaming SMB1+POSIX symlinks, dangling and real.
Mark as knownfail.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
- - - - -
1d781bbf by Jeremy Allison at 2021-05-24T17:47:40+00:00
s3: smbd: Allow SMB1+UNIX extensions rename of dangling symlink.
Remove knownfail. Only in master, so no bug number needed.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
Autobuild-User(master): Noel Power <npower at samba.org>
Autobuild-Date(master): Mon May 24 17:47:40 UTC 2021 on sn-devel-184
- - - - -
139cefce by Pavel Filipenský at 2021-05-25T00:23:37+00:00
s3:rpcclient: Document command of witness protocol
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
2d7740f6 by Pavel Filipenský at 2021-05-25T00:23:37+00:00
docs: Update list of available commands in rpcclient
The list of available commands in rpcclient.1 manpage is updated to
match the current state, which is visible via help commnad of rpcclient.
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
9d9ed421 by Pavel Filipenský at 2021-05-25T00:23:37+00:00
docs-xml: Update smbcacls manpage
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7d6608d1 by Andreas Schneider at 2021-05-25T00:23:37+00:00
s3:utils: Migrate profiles to new cmdline option parser
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
00cbce7b by Andreas Schneider at 2021-05-25T00:23:37+00:00
docs-xml: Update profiles manpage for new cmdline opition parser
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8e1fe474 by Andreas Schneider at 2021-05-25T00:23:37+00:00
s3:utils: Migrate dbwrap_tool to new cmdline option parser
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
17513416 by Andreas Schneider at 2021-05-25T00:23:37+00:00
docs-xml: Update dbwrap_tool manpage for new cmdline opition parser
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
60427f51 by Andreas Schneider at 2021-05-25T00:23:37+00:00
s3:utils: Remove duplicate '-R' option from nmblookup
-R is already use for 'name-resolve'. The long option --recursive is
still working and available.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4a8a77c2 by Andreas Schneider at 2021-05-25T00:23:37+00:00
s3:utils: Migrate nmblookup to new cmdline option parser
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e2b2baeb by Andreas Schneider at 2021-05-25T00:23:37+00:00
docs-xml: Update nmblookup manpage for new cmdline opition parser
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a5a2636e by Andreas Schneider at 2021-05-25T00:23:37+00:00
lib:cmdline: Add a --option only parser for testparm
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e63bf24d by Andreas Schneider at 2021-05-25T00:23:37+00:00
s3:utils: Migrate testparm to new cmdline option parser
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
667da24b by Andreas Schneider at 2021-05-25T00:23:37+00:00
docs-xml: Update testparm manpage for new cmdline opition parser
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6b4710b5 by Andreas Schneider at 2021-05-25T00:23:37+00:00
s3:utils: Migrate mdfind to new cmdline option parser
The signing_state is correctly handled by --client-protection now!
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c88a8a3c by Andreas Schneider at 2021-05-25T00:23:37+00:00
docs-xml: Update mdfind manpage for new cmdline opition parser
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f0cd9afa by Andreas Schneider at 2021-05-25T00:23:37+00:00
lib:cmdline: Add a --configfile only parser for ntlm_auth
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c96e94fb by Andreas Schneider at 2021-05-25T00:23:37+00:00
s3:utils: Migrate ntlm_auth to new cmdline option parser
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
54f14587 by Andreas Schneider at 2021-05-25T00:23:37+00:00
docs-xml: Update ntlm_auth manpage for new cmdline opition parser
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ee5e420d by Andreas Schneider at 2021-05-25T00:23:37+00:00
s3:utils: Migrate smbstatus to new cmdline option parser
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6bb6e0c5 by Andreas Schneider at 2021-05-25T00:23:37+00:00
docs-xml: Update smbstatus manpage for new cmdline opition parser
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
77466309 by Andreas Schneider at 2021-05-25T00:23:37+00:00
s3:utils: Migrate dbwrap_torture to new cmdline option parser
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
824c355e by Andreas Schneider at 2021-05-25T00:23:37+00:00
s3:utils: Migrate smbcontrol to new cmdline option parser
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0a6d6a28 by Andreas Schneider at 2021-05-25T00:23:37+00:00
docs-xml: Update smbcontrol manpage for new cmdline opition parser
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d8b6e843 by Andreas Schneider at 2021-05-25T00:23:37+00:00
s3:utils: Migrate spilt_tokens to new cmdline option parser
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4f81d845 by Andreas Schneider at 2021-05-25T00:23:37+00:00
s3:utils: Remove '-V' for '--viewsddl' from sharesec
The '-V' is already used for '-V|--version' in the common options.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b41a0cd1 by Andreas Schneider at 2021-05-25T00:23:37+00:00
s3:utils: Migrate sharesec to new cmdline option parser
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
95e82b5b by Andreas Schneider at 2021-05-25T00:23:37+00:00
docs-xml: Update sharesec manpage for new cmdline opition parser
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
aff65c07 by Andreas Schneider at 2021-05-25T00:23:37+00:00
s3:utils: Migrate pdbedit to the new cmdline option parser
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a4c0666f by Andreas Schneider at 2021-05-25T01:14:09+00:00
docs-xml: Update pdbedit manpage for new cmdline opition parser
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Tue May 25 01:14:09 UTC 2021 on sn-devel-184
- - - - -
2f0cfe82 by Jeremy Allison at 2021-05-27T17:25:42+00:00
s3: smbd: Fix uninitialized memory read in process_symlink_open() when used with vfs_shadow_copy2().
Valgrind trace follows.
==3627798== Invalid read of size 1
==3627798== at 0x483FF46: strlen (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
==3627798== by 0x55DE412: strdup (strdup.c:41)
==3627798== by 0x4F4657E: smb_xstrdup (util.c:660)
==3627798== by 0x4C62C2E: vfs_ChDir (vfs.c:988)
==3627798== by 0x4C4A51C: process_symlink_open (open.c:656)
==3627798== by 0x4C4ADE7: non_widelink_open (open.c:862)
==3627798== by 0x4C4AFB7: fd_openat (open.c:918)
==3627798== by 0x4BBE895: openat_pathref_fsp (files.c:506)
==3627798== by 0x4C48A00: filename_convert_internal (filename.c:2027)
==3627798== by 0x4C48B77: filename_convert (filename.c:2067)
==3627798== by 0x4C32408: call_trans2qfilepathinfo (trans2.c:6173)
==3627798== by 0x4C3C5DA: handle_trans2 (trans2.c:10143)
==3627798== Address 0xda8bc90 is 96 bytes inside a block of size 217 free'd
==3627798== at 0x483DA3F: free (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
==3627798== by 0x4FCA3C9: _tc_free_internal (talloc.c:1222)
==3627798== by 0x4FCA481: _talloc_free_internal (talloc.c:1248)
==3627798== by 0x4FCB825: _talloc_free (talloc.c:1792)
==3627798== by 0xDB248DD: store_cwd_data (vfs_shadow_copy2.c:1473)
==3627798== by 0xDB24BEF: shadow_copy2_chdir (vfs_shadow_copy2.c:1542)
==3627798== by 0x4C662A4: smb_vfs_call_chdir (vfs.c:2257)
==3627798== by 0x4C62B48: vfs_ChDir (vfs.c:940)
==3627798== by 0x4C4A51C: process_symlink_open (open.c:656)
==3627798== by 0x4C4ADE7: non_widelink_open (open.c:862)
==3627798== by 0x4C4AFB7: fd_openat (open.c:918)
==3627798== by 0x4BBE895: openat_pathref_fsp (files.c:506)
==3627798== Block was alloc'd at
==3627798== at 0x483C7F3: malloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
==3627798== by 0x4FC9365: __talloc_with_prefix (talloc.c:783)
==3627798== by 0x4FC94FF: __talloc (talloc.c:825)
==3627798== by 0x4FCCFDC: __talloc_strlendup (talloc.c:2454)
==3627798== by 0x4FCD096: talloc_strdup (talloc.c:2470)
==3627798== by 0xDB24977: store_cwd_data (vfs_shadow_copy2.c:1476)
==3627798== by 0xDB24BEF: shadow_copy2_chdir (vfs_shadow_copy2.c:1542)
==3627798== by 0x4C662A4: smb_vfs_call_chdir (vfs.c:2257)
==3627798== by 0x4C62B48: vfs_ChDir (vfs.c:940)
==3627798== by 0x4C4A92D: non_widelink_open (open.c:755)
==3627798== by 0x4C4AFB7: fd_openat (open.c:918)
==3627798== by 0x4BBE895: openat_pathref_fsp (files.c:506)
==3627798==
Even though SMB_VFS_CONNECTPATH() returns a const char,
vfs_shadow_copy2() can free and reallocate this whilst
in use inside process_symlink_open().
Take a copy to make sure we don't reference free'd memory.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14721
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Böhme <slow at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu May 27 17:25:43 UTC 2021 on sn-devel-184
- - - - -
31ea8ea8 by Ralph Boehme at 2021-05-27T19:01:29+00:00
torture/smb2: ACL inheritance flags test with non-canonical behaviour
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
86e09013 by Ralph Boehme at 2021-05-27T19:01:29+00:00
smbd: pass fsp to canonicalize_inheritance_bits()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
9f57a319 by Ralph Boehme at 2021-05-27T19:51:57+00:00
loadparam: add option "acl flag inherited canonicalization"
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu May 27 19:51:57 UTC 2021 on sn-devel-184
- - - - -
e9a804c9 by Andrew Walker at 2021-05-27T22:07:45+00:00
s3:param:py_param - allocate buffer for nt_name and comment
nt_name and comment are allocated via talloc_strdup(). Length
is not guaranteed to be sizeof(fstring) and so rather than use
fstrcpy into a possibly NULL buffer, free original string, then
talloc_strdup() the one provided to us.
Signed-off-by: Andrew Walker <awalker at ixsystems.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu May 27 22:07:45 UTC 2021 on sn-devel-184
- - - - -
1280531a by Andreas Schneider at 2021-05-28T02:55:31+00:00
s3:utils: Pass cli_credentials to connect_one()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
83eea54f by Andreas Schneider at 2021-05-28T02:55:31+00:00
s3:utils: Use cli_credentials in 'struct cacl_callback_state'
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e652f542 by Andreas Schneider at 2021-05-28T02:55:31+00:00
s3:utils: Migrate smbcacls to new cmdline option parser
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
57434b14 by Andreas Schneider at 2021-05-28T02:55:31+00:00
docs-xml: Update smbcacls manpage for new cmdline opition parser
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b58dc505 by Andreas Schneider at 2021-05-28T02:55:31+00:00
s3:utils: Migrate samba-regedit to new cmdline option parser
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c31d9fa8 by Andreas Schneider at 2021-05-28T02:55:31+00:00
docs-xml: Update samba-regedit manpage for new cmdline opition parser
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
fb89a5f3 by Andreas Schneider at 2021-05-28T02:55:31+00:00
s3:utils: Use samba_cmdline_burn() in smbget
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9fccbfd5 by Andreas Schneider at 2021-05-28T02:55:31+00:00
s3:utils: Rename --user to --quota-user in smbcquotas
This conflicts with the common -U|--user option
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7b0b9826 by Andreas Schneider at 2021-05-28T02:55:31+00:00
s3:utils: Migrate smbcquotas to the new cmdline option parser
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5faa0cc8 by Andreas Schneider at 2021-05-28T02:55:31+00:00
docs-xml: Update smbcquotas manpage for new cmdline opition parser
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e8ba85b4 by Andreas Schneider at 2021-05-28T02:55:31+00:00
s3:utils: Migrate smbtree to new cmdline option parser
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8b01db48 by Andreas Schneider at 2021-05-28T02:55:31+00:00
docs-xml: Update smbtree manpage for new cmdline opition parser
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
06a1861c by Andreas Schneider at 2021-05-28T02:55:31+00:00
examples: Pass cli_credentials to connect_one in smb2mount
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f2b80723 by Andreas Schneider at 2021-05-28T02:55:31+00:00
examples: Migrate smb2mount to new cmdline option parser
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
94fc9ca4 by Andreas Schneider at 2021-05-28T02:55:31+00:00
s3:utils: Remove '-l' for '--long' from net
This conflicts with '--log-basename' from the commend cmdline parser.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6fe55b2f by Andreas Schneider at 2021-05-28T02:55:31+00:00
s3:utils: Migrate net to new cmdline option parser
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
91d20d1d by Andreas Schneider at 2021-05-28T02:55:31+00:00
s3:utils: Add cli_credentials and loadparm_context to net_context
Will be filled later.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ea071d27 by Andreas Schneider at 2021-05-28T02:55:31+00:00
s3:utils: Use connection and credentials parser in net util
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1796737e by Andreas Schneider at 2021-05-28T02:55:31+00:00
docs-xml: Update net manpage for new cmdline opition parser
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
84b5440e by Andreas Schneider at 2021-05-28T02:55:31+00:00
s3:libsmb: Use cli_credentials to store traversal creds
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c90b3db9 by Andreas Schneider at 2021-05-28T02:55:31+00:00
s3:printing: Migrate samba-bgqd to new cmdline option parser
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c377845d by Andreas Schneider at 2021-05-28T02:55:31+00:00
s3:lib: Remove popt_samba3
_|_
|
.-'''''-.
.-' '-.
.-' :::::_::::: '-.
___/ ==:...:::-:::...:== \___
/_____________________________\
':'-._________________________.-'_
':::\ @-,`-[-][-^-][-]-`,-@ / _| |_
'::| .-------------------. ||_ @ _|
::|=|* ___ _ ___ *|=|'.| |
':| |' ))_) )) ))_) '| |::.^|
_:|=|' ((`\ (( (( '|=|::::::.
_| || |' _ '| |:::::::.
|_ |=|'2003 _( )_ 2021'|=|':::::.
| || |' ( (_ ~ _) ) '| | ':::'
|^||=|* ) (_) ( *|=| '::'
| '-------------------' .::::'
|_____________________.::::::'
.'___________________.::::::''
|_______________.::::'':::'''
.'_____________.::::::''::::''
.:::'''' .'::::'
.:::::''':. .:::::'
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f753e2f7 by Andreas Schneider at 2021-05-28T03:41:52+00:00
s3:lib: Remove util_cmdline
_ /)
mo / )
|/)\)
/\_
\__|=
( )
__)(__
_____/ \\_____
| _ ___ _ ||
| | \ | | \ ||
| | | | | | ||
| |_/ | |_/ ||
| | \ | | ||
| | \ | | ||
| | \. _|_. | . ||
| ||
| 1992 - 2021 ||
| ||
* | * ** * ** |** **
\))ejm97/.,(//,,..,,\||(,,.,\\,.((//
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Fri May 28 03:41:52 UTC 2021 on sn-devel-184
- - - - -
55d4b343 by Martin Schwenke at 2021-05-28T06:46:29+00:00
ctdb-scripts: Factor out function dump_stacks()
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
ffb56c91 by Martin Schwenke at 2021-05-28T06:46:29+00:00
ctdb-scripts: Avoid direct /proc access
The main reason for this is to facilitate testing.
Avoid some /proc accesses entirely by using ps(1) (which can be
replaced by a stub when testing) because this script might as well be
more portable in case anyone wants to add lock debugging for a
non-Linux platform. While the "state" format specification isn't
POSIX-compliant, it works on both Linux and FreeBSD so it is a
reasonable improvement.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
a3e7fd9c by Martin Schwenke at 2021-05-28T06:46:29+00:00
ctdb-tests: Fix nonsense arguments to ps stub
These were fine (though still lazy) when these tests were the only
user of this stub. However, the ps stub is about to be enhanced, so
fix these uses of it to represent the intended usage.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
2c7dbb04 by Martin Schwenke at 2021-05-28T06:46:29+00:00
ctdb-tests: Add debug_locks.sh testing
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
d0787533 by Amitay Isaacs at 2021-05-28T06:46:29+00:00
ctdb-locking: Pass additional arguments to debug locks script
1. PID of lock helper waiting for lock
2. Scope of lock: "record" or "db"
3. Path to database that lock helper is trying to lock
4. Whether the database uses mutexes: "mutex" or "fcntl"
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
1dfff975 by Martin Schwenke at 2021-05-28T06:46:29+00:00
ctdb-scripts: Move current lock debugging to a function
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
e62ae53e by Martin Schwenke at 2021-05-28T06:46:29+00:00
ctdb-scripts: Update debug_locks.sh to handle arguments
Don't use the arguments yet. They will be used in a simplified
version of the code.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
dd5972b6 by Martin Schwenke at 2021-05-28T06:46:29+00:00
ctdb-scripts: Simplify logic in debug_via_proc_locks()
The path of the TDB is known, so calculate the file ID (device number
+ inode number) from it and use this to directly filter /proc/locks to
find processes holding locks.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
cb55b68b by Amitay Isaacs at 2021-05-28T06:46:29+00:00
ctdb-utils: Add tdb_mutex_check utility
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
99c3b492 by Amitay Isaacs at 2021-05-28T06:46:29+00:00
ctdb-scripts: Add lock debugging for tdb mutex locks
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Signed-off-by: Martin Schwenke <martin at meltin.net>
- - - - -
f7cf8132 by Martin Schwenke at 2021-05-28T07:34:23+00:00
ctdb-tests: Add debug_locks.sh tests for mutexes
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay at samba.org>
Autobuild-Date(master): Fri May 28 07:34:23 UTC 2021 on sn-devel-184
- - - - -
9019e08c by Joseph Sutton at 2021-05-28T09:00:34+00:00
pytest:segfault: Add test for assigning to an inline array
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14065
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
537f2d19 by Joseph Sutton at 2021-05-28T09:50:02+00:00
pidl: Handle assigning to an inline array from Python
When obtaining a reference to items in an assigned-from list, ensure
that we do not try to use the first element of the inline array as a
talloc context, but instead use the talloc context associated with the
Python object.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14065
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Fri May 28 09:50:02 UTC 2021 on sn-devel-184
- - - - -
eeaa1380 by Douglas Bagnall at 2021-06-02T03:56:36+00:00
samba-tool dns: move dns_record_match to dnsserver.py
This function is used here and in tests, but the tests should not be
importing things from netcmd.dns, which is really supposed to be UI
code. So we move to a common place.
the only difference is the function raises DNSParseError instead of
CommandError, and netcmd.dns has to catch and wrap that.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b11ea9d7 by Douglas Bagnall at 2021-06-02T03:56:36+00:00
samba-tool dns: remove unused imports
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
074f9e14 by Douglas Bagnall at 2021-06-02T03:56:36+00:00
pytest:samba-tool dns: more robust clean-up
If setUp() fails (and here we have a big .setUp), .tearDown is not run,
and that can leave the zone undeleted, breaking all the other tests who
expect to be able to recreate it.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2f7aa81a by Douglas Bagnall at 2021-06-02T03:56:36+00:00
samba-tool dns zoneoptions: timestamp manipulation options
There was a bug in Samba before 4.9 that marked all records intended
to be static with a current timestamp, and all records intended to be
dynamic with a zero timestamp. This was exactly the opposite of
correct behaviour.
It follows that a domain which has been upgraded past 4.9, but on
which aging is not enabled, records intended to be static will have a
timestamp from before the upgrade date (unless their nodes have
suffered a DNS update, which due to another bug, will change the
timestmap). The following command will make these truly static:
$ samba-tool dns zoneoptions --mark-old-records-static=2018-07-23 -U...
where '2018-07-23' should be replaced by the approximate date of the
upgrade beyond 4.9.
It seems riskier making blanket conversions of static records into
dynamic records, but there are sometimes useful patterns in the names
given to machines that we can exploit. For example, if there is a
group of machines with names like 'desktop-123' that are all supposed
to using dynamic DNS, the adminstrator can go
$ samba-tool dns zoneoptions --mark-records-dynamic-regex='desktop-\d+'
and there's a --mark-records-static-regex for symmetry.
These options are deliberately long and cumbersome to type, so people
have a chance to think before they get to the end. We also introduce a
'--dry-run' (or '-n') option so they can inspect the likely results
before going ahead.
*NOTE* ageing will still not work properly after this commit, due to
other bugs that will be fixed in other commits.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e583140e by Andrew Bartlett at 2021-06-02T03:56:36+00:00
spoolss: Avoid indirection via ndr_get_array_size()
This is set in the call just above and otherwise we will (in the next commit)
need an intermediate variable once we need to check error codes from
ndr_get_array_size().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14710
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
0cc44780 by Andrew Bartlett at 2021-06-02T03:56:36+00:00
selftest: Add test of NDR marshalling from python, starting with wbint
These patches are to address an issue unpacking a very large
winbind.wbint_Principals array (100,000).
We need the NDR_TOKEN_MAX_LIST_SIZE value exposed as
otherwise a well-meaning incrase of this value would
invalidate the test.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14710
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
c35f4180 by Andrew Bartlett at 2021-06-02T03:56:36+00:00
libndr: Return error code from ndr_token_peek()
This makes it safer to change our code to remove tokens after use
if failing to obtain a token would result in an error.
This means changing ndr_get_array_size() and ndr_get_array_length()
to also return an error code.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14710
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
40aabcb5 by Andrew Bartlett at 2021-06-02T03:56:36+00:00
librpc: Add const to cookie pointer in ndr_check_array_{size,length}
This pointer is only used to find the right token in the list
so can be declared const.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14710
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
139cca7c by Andrew Bartlett at 2021-06-02T03:56:36+00:00
librpc: Use helper function ndr_get_array_size() in ndr_check_array_size()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14710
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
a7d4f93c by Andrew Bartlett at 2021-06-02T03:56:36+00:00
pidl: Avoid leaving array_length NDR tokens around
In many cases these can and should be consumed as soon as
they are used.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14710
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
3bc680c1 by Andrew Bartlett at 2021-06-02T03:56:36+00:00
pidl: Avoid leaving array_size NDR tokens around
In many cases these can and should be consumed as soon as
they are used.
This is not a complete fix, we don't clean up the array_size
token after using it split between an NDR_SCALARS and
an NDR_BUFFERS pass, but it is much better than it was
and helps the winbind case with a large number of groups
(eg 100,000) as otherwise we hit the 65535 NDR token limit.
(This is an arbitary Samba-only limit to avoid DoS conditions)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14710
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
58b5513d by Andrew Bartlett at 2021-06-02T04:46:39+00:00
selftest: standardise and shorten winbind socket name
The full path to the winbindd socket must fit within a struct sockaddr_un and this helps us work
where this is quite deep on the server.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall at samba.org>
Autobuild-Date(master): Wed Jun 2 04:46:39 UTC 2021 on sn-devel-184
- - - - -
c500d99e by Jeremy Allison at 2021-06-02T05:39:30+00:00
s3: lib: Fix talloc heirarcy error in parent_smb_fname().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14722
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
0e75f9ff by Jeremy Allison at 2021-06-02T05:39:30+00:00
s3: VFS: Add SMB_VFS_PARENT_PATHNAME().
Not yet used.
Default is NTSTATUS version of parent_smb_fname(). Now
to replace all users of parent_smb_fname() with
SMB_VFS_PARENT_PATHNAME() and then remove parent_smb_fname().
Needed due to snapdirseverywhere code in vfs_shadow_copy2.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
71f69b6c by Jeremy Allison at 2021-06-02T05:39:30+00:00
s3: VFS: shadow_copy2. Implement SMB_VFS_PARENT_PATHNAME().
Allows the snapdirseverywhere code to still find
snapshots even when not in the parent path.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
9cd853da by Jeremy Allison at 2021-06-02T05:39:30+00:00
s3: VFS: acl_common. parent_smb_fname() -> SMB_VFS_PARENT_PATHNAME().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
d0e84e28 by Jeremy Allison at 2021-06-02T05:39:30+00:00
s3: VFS: error_inject. parent_smb_fname() -> SMB_VFS_PARENT_PATHNAME()..
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
fb5749fa by Jeremy Allison at 2021-06-02T05:39:30+00:00
s3: VFS: gpfs. parent_smb_fname() -> SMB_VFS_PARENT_PATHNAME().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
97c12be0 by Jeremy Allison at 2021-06-02T05:39:30+00:00
s3: VFS: linux_xfs_sgid. parent_smb_fname() -> SMB_VFS_PARENT_PATHNAME().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
ad99ee75 by Jeremy Allison at 2021-06-02T05:39:30+00:00
s3: smbd: In can_delete_file_in_directory(), parent_smb_fname() -> SMB_VFS_PARENT_PATHNAME().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
b2027f98 by Jeremy Allison at 2021-06-02T05:39:30+00:00
s3: smbd: In parent_pathref(), parent_smb_fname() -> SMB_VFS_PARENT_PATHNAME().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
0dde001c by Jeremy Allison at 2021-06-02T05:39:30+00:00
s3: smbd: copy_internals(). parent_smb_fname() -> SMB_VFS_PARENT_PATHNAME().
Off-topic. This function is insane and should be removed..
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
38410ea2 by Jeremy Allison at 2021-06-02T05:39:30+00:00
s3: smbd: In check_parent_access(), parent_smb_fname() -> SMB_VFS_PARENT_PATHNAME().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
4f5928d2 by Jeremy Allison at 2021-06-02T05:39:30+00:00
s3: smbd: open_file_ntcreate(), parent_smb_fname() -> SMB_VFS_PARENT_PATHNAME().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
0dc842b4 by Jeremy Allison at 2021-06-02T05:39:30+00:00
s3: smbd: In inherit_new_acl(), parent_smb_fname() -> SMB_VFS_PARENT_PATHNAME().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
6263338f by Jeremy Allison at 2021-06-02T05:39:30+00:00
s3: smbd: non_widelink_open(), parent_smb_fname() -> SMB_VFS_PARENT_PATHNAME().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
2e41ffe1 by Jeremy Allison at 2021-06-02T05:39:31+00:00
s3: smbd: parent_dirname_compatible_open(), parent_smb_fname() -> SMB_VFS_PARENT_PATHNAME().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
7dc7a2c0 by Jeremy Allison at 2021-06-02T05:39:31+00:00
s3: smbd: check_reduced_name_with_privilege(), parent_smb_fname() -> SMB_VFS_PARENT_PATHNAME().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
50a6da63 by Jeremy Allison at 2021-06-02T05:39:31+00:00
s3: smbd: check_reduced_name(), parent_smb_fname() -> SMB_VFS_PARENT_PATHNAME().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
b0f28dcd by Jeremy Allison at 2021-06-02T06:30:36+00:00
s3: smbd: Remove parent_smb_fname(), no longer used.
Moved into the VFS as SMB_VFS_PARENT_PATHNAME() to
allow modules to process the returned parent dirname.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Wed Jun 2 06:30:36 UTC 2021 on sn-devel-184
- - - - -
292abd28 by Jeremy Allison at 2021-06-03T20:23:38+00:00
s3: smbd: Fix bug (only in master) introduced by 60ddee64f6e6c178766325591e80d63a673ad111.
Commit 60ddee64f6e6c178766325591e80d63a673ad111 - smbd: simplify rmdir_internals()
had a bug where it carefully set unlink_flags but then didn't use them in the
following SMB_VFS_UNLINKAT() call.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Thu Jun 3 20:23:38 UTC 2021 on sn-devel-184
- - - - -
8089f519 by Volker Lendecke at 2021-06-04T16:47:34+00:00
dbwrap: Remove unused dbwrap_try_fetch_locked()
Small simplification, this has not been used since 2014 when the
notifyd went in. Can easily be added if needed again.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a41af25e by Volker Lendecke at 2021-06-04T16:47:34+00:00
dbwrap: Remove "db_context->try_fetch_locked()" fn pointer
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
3f4d85f7 by Volker Lendecke at 2021-06-04T16:47:34+00:00
dbwrap_ctdb: Remove "tryonly" from fetch_locked_internal()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
4388ad2a by Volker Lendecke at 2021-06-04T16:47:34+00:00
lib: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
93a28a5f by Volker Lendecke at 2021-06-04T16:47:34+00:00
printing: Simplify pack_devicemode()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d4e5ce90 by Volker Lendecke at 2021-06-04T16:47:34+00:00
printing: Factor out remove_from_jobs_list()
remove_from_jobs_changed() and remove_from_jobs_added() only differed
by the keystr.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
87a0a204 by Volker Lendecke at 2021-06-04T16:47:34+00:00
rpc_server: Avoid a cast
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
b6191956 by Volker Lendecke at 2021-06-04T16:47:34+00:00
lib: Open tdb files with O_CLOEXEC
After an exec() the fd's don't make sense anymore
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
8ee391bb by Volker Lendecke at 2021-06-04T16:47:34+00:00
tevent: Remove single-use ev_str_list_[length|add]
This also adds proper error checks, the previous code could (very
theoretically) have leaked memory if an intermediate _add had failed.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
7f967589 by Volker Lendecke at 2021-06-04T16:47:34+00:00
rpc_server: Use correct PRIu16 for printf of a uint16
Don't rely on correct casting
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
5acb37fd by Volker Lendecke at 2021-06-04T16:47:34+00:00
nsswitch: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
b9f903fb by Volker Lendecke at 2021-06-04T16:47:34+00:00
libnet: Align a few integer types
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c2092cfc by Volker Lendecke at 2021-06-04T16:47:34+00:00
libnet: Initialize pointers
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
581ebbcc by Volker Lendecke at 2021-06-04T16:47:34+00:00
smbd: Simplify share_mode_entry_do()
Looking at the logic of "ha[d|ve]_share_mode_entry" d->modified=true
can only happen if we remove the last share mode entry . Make this
more explicit, avoid booleans.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
9cb3e431 by Volker Lendecke at 2021-06-04T17:34:06+00:00
lib: Slightly simplify server_id_set_disconnected()
The NULL assert is not really required, it will crash nicely if that's
not fulfilled.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Jun 4 17:34:06 UTC 2021 on sn-devel-184
- - - - -
f9ffed06 by Andreas Schneider at 2021-06-08T12:35:34+00:00
lib:cmdline: Also set logfile for the debug system
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Tue Jun 8 12:35:34 UTC 2021 on sn-devel-184
- - - - -
d3c0d68a by Stefan Metzmacher at 2021-06-08T14:13:28+00:00
s3:cmdline: Use D_ERR() instead of DBG_ERR() for talloc log
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
7645aca4 by Stefan Metzmacher at 2021-06-08T14:58:58+00:00
lib:cmdline: Use getprogname() to avoid possible issues with setproctitle()
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Tue Jun 8 14:58:58 UTC 2021 on sn-devel-184
- - - - -
8a427783 by Jeremy Allison at 2021-06-08T20:44:41+00:00
smbd: fix pathref unlinking in create_file_unixpath()
This is really subtle. If someone passes in an smb_fname where smb_fname
actually is taken from fsp->fsp_name, then the lifetime of these objects is
meant to be the same.
This is commonly the case from an SMB1 path-based call
(eg call_trans2qfilepathinfo()) where we use the pathref fsp
(smb_fname->fsp) as the handle. In this case we must not unlink smb_fname->fsp
from it's owner.
The asserts below:
SMB_ASSERT(fsp->fsp_name->fsp != NULL);
SMB_ASSERT(fsp->fsp_name->fsp == fsp);
ensure the required invarients are met.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14732
Pair-Programmed-With: Ralph Boehme <slow at samba.org>
Signed-off-by: Jeremy Allison <jra at samba.org>
Signed-off-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Tue Jun 8 20:44:41 UTC 2021 on sn-devel-184
- - - - -
fc8b3f18 by Jeremy Allison at 2021-06-09T13:14:29+00:00
s3: VFS: posixacl: Missing acl_free() in error code path.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
250a5df6 by Jeremy Allison at 2021-06-09T13:14:29+00:00
s3: VFS: posixacl: Fix the fallback code in posixacl_sys_acl_set_fd().
We weren't maping or using the incoming SMB_ACL_TYPE_T type
parameter correctly.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
a80456e6 by Jeremy Allison at 2021-06-09T13:14:29+00:00
s3: VFS: shadow_copy2: Code cleanup. In shadow_copy2_get_shadow_copy_data() preserve errno accross cleanup syscalls.
This VFS function should really return an NTSTATUS but that is
a patch for another day.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
99c02ff6 by Jeremy Allison at 2021-06-09T13:14:29+00:00
s3: smbd: Cleanup. open_file_ntcreate(). This returns NTSTATUS, don't set errno explicitly internally.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
aaba2918 by Jeremy Allison at 2021-06-09T13:14:29+00:00
s3: smbd: Cleanup. open_file(). This returns NTSTATUS, don't set errno explicitly internally.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
68124e2a by Jeremy Allison at 2021-06-09T13:14:29+00:00
s3: smbd: Cleanup. open_file(). If SMB_VFS_FSTAT() fails report the error..
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
f1ca59b8 by Jeremy Allison at 2021-06-09T13:14:29+00:00
s3: smbd: Make open_file() fail early for an existing directory we are trying to open.
Makes sure we keep the pathref fd open for the NT_FILE_IS_A_DIRECTORY case.
Signed-off-by: Jeremy Allison <jra at samba.org>
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
d2d52ebb by Jeremy Allison at 2021-06-09T13:14:29+00:00
s3: smbd: In open_file(), remove post-open check for opening a directory.
Now we do an early check for opening a directory, this code
could never have been triggered.
The only case we need to consider now is when the filesystem
object exists as a file when we enter open_file() and another
smbd removes and then re-creates the object as a directory before we
call reopen_from_fsp(). In that case, we will open the object,
and come back out to open_file_ntcreate(), where the race
condition detection code that calls check_same_dev_ino()
will catch the case and error out the client request.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
ae8313a4 by Jeremy Allison at 2021-06-09T13:14:29+00:00
s3: smbd: In open_directory() move the call to smbd_check_access_rights() until after the fsp is set up.
This doesn't matter now, but later we will move to a handle-based call to
check access rights, so we will need the full handle setup.
Add a fd_close(fsp) in the error path now this is done after the fd open.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
7a591e90 by Jeremy Allison at 2021-06-09T13:14:30+00:00
s3: smbd: Cleanup - fix the comment for dptr_SearchDir().
It doesn't and never has skipped VETO or unreadable files.
It's only used in call_trans2findnext() in the SMB1 code
given a name already returned to the client to find a
resume position. Even if the client gave us a name that
it had never been given to it (client bug or malicious
client) we'd just start the search from the wrong position,
which doesn't cause problems (we still check for VETO
or unreadable before returning any names).
Worst thing that actually happens is the client messes
up their own search, which is what you'd expect from
giving an incorrect resume name.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
12ede173 by Jeremy Allison at 2021-06-09T13:14:30+00:00
s3: smbd: Cleanup - make SearchDir() static.
It's only used in dir.c
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
ae5cb84f by Jeremy Allison at 2021-06-09T13:14:30+00:00
s3: smbd: Subtle change to semantics needed for smbd_check_access_rights_fsp().
smbd_check_access_rights() is checking permissions on a file *before*
open, so getting ACCESS_DENIED and mapping to NT_STATUS_OK when
reading the security descriptor is fine, as if we really don't have
access the open will fail.
smbd_check_access_rights_fsp() takes place *after* the open (pathref
or otherwise), so being unable to get the security decriptor should
be reported back to the caller and not mapped to NT_STATUS_OK.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
c11f25b7 by Jeremy Allison at 2021-06-09T13:14:30+00:00
s3: smbd: Fix smbd_check_access_rights_fsp() to cope with fake/printer fsp's.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
153da186 by Jeremy Allison at 2021-06-09T13:14:30+00:00
s3: smbd: smbd_check_access_rights_fsp(), for a symlink handle just check the handle bits.
For the pathname verison of this function smbd_check_access_rights()
we return the st_mode bits turned into an NT ACL for a symlink.
For a symlink the mode bits are always 'lrwxrwxrwx' which means
smbd_check_access_rights() version always returned NT_STATUS_OK
for any access rights requested on a symlink.
For smbd_check_access_rights_fsp() to a symlink use the handle
access bits as this is a better representation of the access
allowed.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
d880116f by Jeremy Allison at 2021-06-09T13:14:30+00:00
s3: smbd: rmdir_internals(). Coding cleanup. Always use ISDOT(dname) || ISDOTDOT(dname).
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
92d143db by Jeremy Allison at 2021-06-09T13:14:30+00:00
s3: smbd: rmdir_internals(). Coding cleanup. Move TALLOC_FREE(dir_hnd) into the generic exit path.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
b3ca3190 by Jeremy Allison at 2021-06-09T13:14:30+00:00
s3: smbd: rmdir_internals(), when calling synthetic_pathref() for a directory entry we've already stat()'ed, re-use the stat struct.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
ddc226c8 by Jeremy Allison at 2021-06-09T13:14:30+00:00
s3: smbd: recursive_rmdir(), when calling synthetic_pathref() for a directory entry we've already stat()'ed, re-use the stat struct.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
8f9606b2 by Jeremy Allison at 2021-06-09T13:14:30+00:00
s3: smbd: Remove the NULL fsp use of refuse_symlink().
It makes no sense here and will allow us to rename
refuse_symlink() -> refuse_symlink_fsp() and clean it up.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
580d691c by Jeremy Allison at 2021-06-09T13:14:30+00:00
s3: smbd: Change refuse_symlink() -> refuse_symlink_fsp()
Simplify the interals to check for everything that
would make an fsp something that is open on a symlink.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
c66305f4 by Jeremy Allison at 2021-06-09T13:14:30+00:00
s3: smbd: Make refuse_symlink_fsp() public so we can reuse in nttrans.c
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
a706a544 by Jeremy Allison at 2021-06-09T13:14:30+00:00
s3: smbd: Re-use refuse_symlink_fsp() in set/get security descriptors.
Now we have one common function for refusing access on symlinks.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
5504a550 by Noel Power at 2021-06-09T13:14:30+00:00
VFS: SMB_VFS_SYS_ACL_GET_FD: Add SMB_ACL_TYPE_T type arg
preparatory patch for api change to SMB_VFS_SYS_ACL_GET_FD to add new
SMB_ACL_TYPE_T arg to SMB_VFS_SYS_ACL_GET_FD.
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
e5924446 by Noel Power at 2021-06-09T13:14:30+00:00
VFS: SMB_VFS_SYS_ACL_GET_FD: Modify api to take additional type param
Modify all implementations (and the definitions) related to
SMB_VFS_SYS_ACL_GET_FD to accept additional SMB_ACL_TYPE_T type param.
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
7e884903 by Jeremy Allison at 2021-06-09T13:14:30+00:00
s3: smbd: In smb_query_posix_acl(), remove a use of SMB_VFS_SYS_ACL_GET_FILE().
We can now use SMB_VFS_SYS_ACL_GET_FD() on the directory fsp instead.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
b62d90f9 by Jeremy Allison at 2021-06-09T13:14:30+00:00
s3: VFS: vxfs: Change use of SMB_VFS_SYS_ACL_GET_FILE() -> SMB_VFS_SYS_ACL_GET_FD().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
a8e49253 by Jeremy Allison at 2021-06-09T13:14:30+00:00
s3: torture: cmd_sys_acl_get_file(), SMB_VFS_SYS_ACL_GET_FILE() -> SMB_VFS_SYS_ACL_GET_FD().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
91cd0e87 by Noel Power at 2021-06-09T13:14:30+00:00
s3/smbd: make posix_sys_acl_blob_get_fd actually use handle api with the changes to underlying sys_acl_get_fd_fn we now can pass the acl type down
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
d2ff049b by Jeremy Allison at 2021-06-09T13:14:30+00:00
s3: smbd: Ensure we only call get_acl_group_bits() with a valid smb_fname->fsp.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
9042bdd0 by Jeremy Allison at 2021-06-09T13:14:30+00:00
s3: smbd: In get_acl_group_bits(), SMB_VFS_SYS_ACL_GET_FILE() -> SMB_VFS_SYS_ACL_GET_FD().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
23217ced by Jeremy Allison at 2021-06-09T13:14:30+00:00
s3: smbd: directory_has_default_posix_acl(), SMB_VFS_SYS_ACL_GET_FILE() -> SMB_VFS_SYS_ACL_GET_FD().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
5f3599fa by Jeremy Allison at 2021-06-09T13:14:30+00:00
s3: smbd: copy_access_posix_acl(), SMB_VFS_SYS_ACL_GET_FILE() -> SMB_VFS_SYS_ACL_GET_FD().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
e81aa6e3 by Jeremy Allison at 2021-06-09T13:14:30+00:00
s3: torture: Change cmd_sys_acl_blob_get_file() to be handle based.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
13319679 by Jeremy Allison at 2021-06-09T13:14:30+00:00
s3: smbd: Add check_parent_access_fsp().
Next migrate check_parent_access() users over to it.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
8d5e5095 by Jeremy Allison at 2021-06-09T13:14:30+00:00
s3: smbd: Make mkdir_internal() use check_parent_access_fsp().
We already have a parent pathref fsp here.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
daadab4a by Jeremy Allison at 2021-06-09T13:14:30+00:00
s3: smbd: Change rename_internals_fsp() to use check_parent_access_fsp().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
7aa5acb8 by Jeremy Allison at 2021-06-09T13:14:30+00:00
s3: smbd: Get a parent pathref in create_file_unixpath().
Not yet used.
We will be passing this down to open_directory() and
open_file_ntcreate() and using it within create_file_unixpath()
as all of these functions need a parent pathref to check parent
ACLs etc.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
00baf898 by Jeremy Allison at 2021-06-09T13:14:30+00:00
s3: smbd: Pass in the newly created parent_dir_fname and smb_fname_atname to open_directory().
Not yet used.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
7a06544d by Jeremy Allison at 2021-06-09T13:14:30+00:00
s3: smbd: Pass parent_dir_fname_in, smb_fname_atname_in to mkdir_internal().
Not yet used. Next step will be to use them to replace the
internal parent_dir_fname,base_name variables inside mkdir_internal().
Annotate them so we know what these extra params are.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
da5762de by Jeremy Allison at 2021-06-09T13:14:30+00:00
s3: smbd: In mkdir_internal() assign the passed in parent_dir_fname_in, smb_fname_atname_in to the local variables.
We don't need the parent_pathref() and more, and as we don't
own parent_dir_fname anymore, don't free it on exit.
Next step will be to remove the local variables.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
8d4a73db by Jeremy Allison at 2021-06-09T13:14:30+00:00
s3: smbd: In mkdir_internal(), use the passed in 'smb_fname_atname' instead of a local 'base_name' variable.
atname is a better name, as base_name refers to the name without streams
and this is nothing to do with streams.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
748f693a by Jeremy Allison at 2021-06-09T13:14:30+00:00
s3: smbd: In mkdir_internal(), remove the local parent_dir_fname. We pass it in from the caller now.
This will allow us to change directory_has_default_acl() to
directory_has_default_acl_fsp() later.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
64bd0ae3 by Jeremy Allison at 2021-06-09T13:14:30+00:00
s3: smbd: Pass parent_dir_fname_in, smb_fname_atname_in from create_file_unixpath() to open_file_ntcreate().
Not yet used.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
066729f8 by Jeremy Allison at 2021-06-09T13:14:30+00:00
s3: smbd: In open_file_ntcreate() initialize the local parent_dir_fname from the passed in parent_dir_fname_in.
We can now remove the call to parent_smb_fname().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
1509ba3c by Jeremy Allison at 2021-06-09T13:14:30+00:00
s3: smbd: In open_file_ntcreate(), remove the local parent_dir_fname and rename the passed in parameter to be the same.
open_file() can now use parent_dir_fname->fsp for handle-based
access calls.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
0e88fc37 by Jeremy Allison at 2021-06-09T13:14:30+00:00
s3: smbd: Change open_file() to use check_parent_access_fsp() instead of check_parent_access().
No more uses of check_parent_access().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
58022661 by Jeremy Allison at 2021-06-09T13:14:30+00:00
s3: smbd: Remove check_parent_access().
No more callers.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
a87182b2 by Jeremy Allison at 2021-06-09T13:14:30+00:00
s3: Add directory_has_default_acl_fsp().
Not yet used.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
428bceb1 by Jeremy Allison at 2021-06-09T13:14:30+00:00
s3: smbd: Change directory_has_default_acl() -> directory_has_default_acl_fsp().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
8d615e90 by Jeremy Allison at 2021-06-09T13:14:30+00:00
s3: smbd: Remove directory_has_default_acl().
No more users.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
110de2f4 by Jeremy Allison at 2021-06-09T13:14:30+00:00
s3: smbd: Pass parent_dir_fname parameter to inherit_new_acl().
Not yet used.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
3bd2cfc2 by Jeremy Allison at 2021-06-09T13:14:30+00:00
s3: smbd: Inside inherit_new_acl(), change from SMB_VFS_GET_NT_ACL_AT() -> SMB_VFS_FGET_NT_ACL().
One more pathname-based call gone.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
5c9f8f69 by Noel Power at 2021-06-09T13:14:30+00:00
s3/smbd: pysmbd: SMB_VFS_SYS_ACL_GET_FILE -> SMB_VFS_SYS_ACL_GET_FD
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
32b92d7c by Noel Power at 2021-06-09T13:14:30+00:00
s3/smbd: pysmbd: Ensure SMB_VFS_GET_NT_ACL_AT() has an fsp when called.
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
1c8c2095 by Jeremy Allison at 2021-06-09T13:14:30+00:00
s3: smbd: get_nt_acl_conn(), SMB_VFS_GET_NT_ACL_AT() -> SMB_VFS_FGET_NT_ACL()
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
82efcc23 by Jeremy Allison at 2021-06-09T13:14:30+00:00
s3: torture: cmd_get_nt_acl(), SMB_VFS_GET_NT_ACL_AT() -> SMB_VFS_FGET_NT_ACL()
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
8723bec3 by Jeremy Allison at 2021-06-09T13:14:30+00:00
s3: eventlog: get_nt_acl_no_snum(), SMB_VFS_GET_NT_ACL_AT() -> SMB_VFS_FGET_NT_ACL().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
2d79eddb by Jeremy Allison at 2021-06-09T13:14:30+00:00
s3: smbd: Add can_write_to_fsp(). Not yet used.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
dc069500 by Jeremy Allison at 2021-06-09T13:14:30+00:00
s3: smbd: In reply_ntcreate_and_X(), can_write_to_file() -> can_write_to_fsp().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
66dd8612 by Jeremy Allison at 2021-06-09T13:14:30+00:00
s3: smbd: call_nt_transact_create(), can_write_to_file() -> can_write_to_fsp().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
161836b2 by Jeremy Allison at 2021-06-09T13:14:30+00:00
s3: smbd: set_ea_dos_attribute(), can_write_to_file() -> can_write_to_fsp().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
92eff16d by Jeremy Allison at 2021-06-09T13:14:30+00:00
s3: smbd: Change acl_group_override() -> acl_group_override_fsp().
We always have a valid fsp here. Inside acl_group_override_fsp()
change can_write_to_file() -> can_write_to_fsp().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
d0fced71 by Jeremy Allison at 2021-06-09T13:14:30+00:00
s3: smbd: dos_mode_from_sbuf(), can_write_to_file() -> can_write_to_fsp().
Code with MS-DFS link where smb_fname->fsp == NULL.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
fad211a7 by Jeremy Allison at 2021-06-09T13:14:30+00:00
s3: smbd: file_set_dosmode(), can_write_to_file() -> can_write_to_fsp().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
868457d7 by Jeremy Allison at 2021-06-09T13:14:30+00:00
s3: smbd: file_ntimes(), can_write_to_file() -> can_write_to_fsp().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
b8ef83e1 by Jeremy Allison at 2021-06-09T13:14:30+00:00
s3: smbd: reply_setatr(), smbd_check_access_rights() -> smbd_check_access_rights_fsp().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
c970badb by Jeremy Allison at 2021-06-09T13:14:30+00:00
s3: smbd: set_ea_dos_attribute(), smbd_check_access_rights() -> smbd_check_access_rights_fsp().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
b25109d4 by Jeremy Allison at 2021-06-09T13:14:30+00:00
s3: smbd: Add is_visible_fsp().
Not yet used.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
53877296 by Jeremy Allison at 2021-06-09T13:14:30+00:00
s3: smbd: Add user_can_read_fsp().
Change is_visible_fsp() to use it.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
c064758f by Jeremy Allison at 2021-06-09T13:14:30+00:00
s3: smbd: Add user_can_write_fsp().
Change is_visible_fsp() to use it.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
e6377a90 by Jeremy Allison at 2021-06-09T13:14:30+00:00
s3: smbd: Change recursive_rmdir(), is_visible_file() -> is_visible_fsp().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
452dbd10 by Jeremy Allison at 2021-06-09T13:14:30+00:00
s3: smbd: In rmdir_internals(), Change is_visible_file() -> is_visible_fsp().
This needs some slight re-arranging, as previously
is_visible_file() preceeds the call to recursive_rmdir().
As we have to move the call to is_visible_fsp()
until after we have direntry_fname->fsp, then
we must also move the recursive_rmdir() to be
after is_visible_fsp().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
bf36c885 by Jeremy Allison at 2021-06-09T13:14:30+00:00
s3: smbd: Allow rmdir_internals() to cope with veto'ed symlinks.
We are only dealing with VETO'ed objects
here. If it's a symlink, just delete the
link without caring what it is pointing
to as this operation is safe.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
41238eb4 by Jeremy Allison at 2021-06-09T13:14:30+00:00
s3: smbd: rmdir_internals(), fix the initial directory scan pass to use is_visible_fsp().
Add the same symlink accomodation as before.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
146f7bf4 by Jeremy Allison at 2021-06-09T13:14:30+00:00
s3: smbd: In unlink_internals(), is_visible_file() -> is_visible_fsp()..
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
5987fab7 by Jeremy Allison at 2021-06-09T13:14:30+00:00
s3: smbd: rename_internals(), is_visible_file() -> is_visible_fsp().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
12cb1369 by Jeremy Allison at 2021-06-09T13:14:30+00:00
s3: smbd: reply_copy(), is_visible_file() -> is_visible_fsp().
Offtopic, the function reply_copy() is insane and should be removed.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
138078c9 by Jeremy Allison at 2021-06-09T13:14:30+00:00
s3: smbd: Fix old bug in reply_copy() where is_visible_file(), now is_visible_fsp() wasn't checking VETO files.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
25debb60 by Jeremy Allison at 2021-06-09T13:14:30+00:00
s3: smbd: is_visible_file() is now static to dir.c.
Once fully replaced in there it can be removed.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
2dfd3038 by Jeremy Allison at 2021-06-09T13:14:30+00:00
s3: smbd: Allow is_visible_fsp() to cope with POSIX symlinks/MSDFS links.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
5d761421 by Jeremy Allison at 2021-06-09T13:14:30+00:00
s3: smbd: In can_delete_directory_fsp() explicitly call IS_VETO_PATH().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
f8a88473 by Jeremy Allison at 2021-06-09T13:14:30+00:00
s3: smbd: In can_delete_directory_fsp(), is_visible_file() -> is_visible_fsp().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
d3161dd1 by Jeremy Allison at 2021-06-09T13:14:30+00:00
s3: smbd: In smbd_dirptr_get_entry(), add an early check for VETO_PATH.
Eventually we will be able to remove the 'bool use_veto' parameter
from is_visible_fsp().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
a66b7de7 by Jeremy Allison at 2021-06-09T13:14:30+00:00
s3: smbd: In smbd_dirptr_get_entry() add a call to is_visible_fsp().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
75f7c11b by Jeremy Allison at 2021-06-09T13:14:30+00:00
s3: smbd: Remove is_visible_file() from dptr_ReadDirName().
dptr_ReadDirName() is only called from smbd_dirptr_get_entry(),
which is now doing it's own call to is_visible_fsp().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
9f2f4aff by Jeremy Allison at 2021-06-09T13:14:30+00:00
s3: smbd: Now all callers of is_visible_fsp() pass 'false' for the use_veto parameter, remove it.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
f47f5550 by Jeremy Allison at 2021-06-09T13:14:30+00:00
s3: smbd: Now smbd_dirptr_get_entry() is doing the filtering, dptr_normal_ReadDirName() is an unneeded wrapper for ReadDirName().
Just call ReadDirName() directly.
This also means:
is_visible_file()
user_can_read_file()
user_can_write_file()
are no longer used, so commen them out for subsequent removal.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
a9be0e26 by Jeremy Allison at 2021-06-09T13:14:30+00:00
s3: smbd: Remove dptr_normal_ReadDirName().
No longer used.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
b98cf3a1 by Jeremy Allison at 2021-06-09T13:14:30+00:00
s3: smbd: Remove is_visible_file().
No longer used.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
b5e12fed by Jeremy Allison at 2021-06-09T13:14:30+00:00
s3: smbd: Remove user_can_read_file().
No longer used.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
0c8f9281 by Jeremy Allison at 2021-06-09T13:14:30+00:00
s3: smbd: Remove user_can_write_file().
No longer used.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
b56fc4b0 by Jeremy Allison at 2021-06-09T13:14:30+00:00
s3: smbd: Remove can_write_to_file(). Pathname call no longer used.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
342a0c92 by Jeremy Allison at 2021-06-09T13:14:30+00:00
s3: VFS: shadow_copy2: In shadow_copy2_get_shadow_copy_data(), check for DIR_LIST access once we already have a handle on the snap directory.
There's no sense in opening a synthetic pathref first in
order to check for DIR_LIST access, then open again to
do the SMB_VFS_NEXT_FDOPENDIR() for listing.
Just open once, and check for DIR_LIST access on the
open handle before calling SMB_VFS_NEXT_FDOPENDIR() for listing.
We no longer need check_access_snapdir(), which is
static, so comment it out. Removal next.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
b3d54e20 by Jeremy Allison at 2021-06-09T13:14:30+00:00
s3: VFS: vfs_shadow_copy2: Remove check_access_snapdir().
No longer used.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
4d0bda46 by Jeremy Allison at 2021-06-09T13:14:30+00:00
s3: VFS: ceph_snapshots: In ceph_snap_enum_snapdir(), re-use the directory handle for checking SEC_DIR_LIST permission.
Similar change to the one that went into shadow_copy2.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
ff8a41a1 by Jeremy Allison at 2021-06-09T13:14:30+00:00
s3: VFS: ceph_snapshots: In ceph_snap_gmt_convert_dir(), re-use the directory handle for checking SEC_DIR_LIST permission.
Similar change to the one that went into shadow_copy2.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
e5c9cfb0 by Jeremy Allison at 2021-06-09T13:14:30+00:00
s3: smbd: In notify, user_can_stat_name_under_fsp(), smbd_check_access_rights -> smbd_check_access_rights_fsp
Signed-off-by: Jeremy Allison <jra at samba.org>
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
26dc10bd by Jeremy Allison at 2021-06-09T13:14:30+00:00
s3: smbd: open_file(), smbd_check_access_rights() -> smbd_check_access_rights_fsp().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
11910757 by Jeremy Allison at 2021-06-09T13:14:30+00:00
s3: smbd: check_base_file_access(), smbd_check_access_rights() -> smbd_check_access_rights_fsp().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
af291abe by Jeremy Allison at 2021-06-09T13:14:30+00:00
s3: smbd: open_directory(), smbd_check_access_rights() -> smbd_check_access_rights_fsp().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
3f61369d by Jeremy Allison at 2021-06-09T13:14:30+00:00
s3: smbd: open_file(), smbd_check_access_rights() -> smbd_check_access_rights_fsp().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
b8d43466 by Jeremy Allison at 2021-06-09T13:14:30+00:00
s3: smbd: open_file(). Cleanup debug message to refer to correct function..
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
bed09bc2 by Jeremy Allison at 2021-06-09T13:14:30+00:00
s3: smbd: open_file(). Cleanup debug message to refer to correct function..
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
845aaadc by Jeremy Allison at 2021-06-09T13:14:30+00:00
s3: smbd: open_directory(). Cleanup debug message to refer to correct function.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
2c32cb18 by Jeremy Allison at 2021-06-09T13:14:30+00:00
s3: smbd: Add new smbd_calculate_access_mask_fsp() function.
Commented out as not yet used.
Signed-off-by: Noel Power <noel.power at suse.com>
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
03352e98 by Jeremy Allison at 2021-06-09T13:14:30+00:00
s3: smbd: Add smbd_calculate_access_mask_fsp().
Not yet used but this now uses smbd_calculate_maximum_allowed_access_fsp(),
so uncomment it.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
07a81f69 by Jeremy Allison at 2021-06-09T13:14:31+00:00
s3: smbd: Change check_base_file_access() to take an fsp as the first argument.
Internally, change check_base_file_access(), smbd_calculate_access_mask() -> smbd_calculate_access_mask_fsp().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
7c80e085 by Jeremy Allison at 2021-06-09T13:14:31+00:00
s3: smbd: smbd_smb2_create_after_exec(), smbd_calculate_access_mask() -> smbd_calculate_access_mask_fsp().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
3293cc8d by Jeremy Allison at 2021-06-09T13:14:31+00:00
s3: VFS: fruit: fruit_freaddir_attr(), smbd_calculate_access_mask() -> smbd_calculate_access_mask_fsp().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
5abb0409 by Jeremy Allison at 2021-06-09T13:14:31+00:00
s3: smbd: open_file_ntcreate(), smbd_calculate_access_mask() -> smbd_calculate_access_mask_fsp().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
18d9282c by Jeremy Allison at 2021-06-09T13:14:31+00:00
s3: smbd: open_directory(), smbd_calculate_access_mask() -> smbd_calculate_access_mask_fsp().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
1146fb38 by Jeremy Allison at 2021-06-09T13:14:31+00:00
s3: smbd: open_fake_file(). Move the smbd_calculate_access_mask() check until after we've initialized the file handle.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
99ed7693 by Jeremy Allison at 2021-06-09T13:14:31+00:00
s3: smbd: open_fake_file(), smbd_calculate_access_mask() -> smbd_calculate_access_mask_fsp().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
f700460c by Jeremy Allison at 2021-06-09T13:14:31+00:00
s3: smbd: Remove smbd_calculate_access_mask(). No longer used.
Comment out smbd_calculate_maximum_allowed_access() as it is
a static function and we just removed the only caller.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
1e90d91b by Jeremy Allison at 2021-06-09T13:14:31+00:00
s3: smbd: Remove smbd_calculate_maximum_allowed_access(). No longer used.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
7e4a9a1e by Jeremy Allison at 2021-06-09T13:14:31+00:00
s3: smbd: In can_delete_file_in_directory(), move a fast-path exit to before any pathname manipulation.
If we're root we always return true on a writable share.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
e370c082 by Jeremy Allison at 2021-06-09T13:14:31+00:00
s3: smbd: In can_delete_file_in_directory(), remove the assertion that dirfsp == conn->cwd_fsp.
Allow a real parent directory fsp to be passed in. We're not doing this
yet but this will allow more efficient calling from the open code
where we have the parent directory fsp available.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
5e268266 by Jeremy Allison at 2021-06-09T13:14:31+00:00
s3: smbd: In can_delete_file_in_directory(), get a real parent pathref.
Not yet used but we will use this to get the parent ACL via handle.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
120ce4f5 by Jeremy Allison at 2021-06-09T13:14:31+00:00
s3: smbd: can_delete_file_in_directory(), we no longer need to do the SMB_VFS_STAT() call.
All code paths must have a valid stat here.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
dd7c489c by Jeremy Allison at 2021-06-09T13:14:31+00:00
s3: smbd: can_delete_file_in_directory(), smbd_check_access_rights() -> smbd_check_access_rights_fsp().
Last user of smbd_check_access_rights().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
eaff826a by Jeremy Allison at 2021-06-09T13:14:31+00:00
s3: smbd: Remove smbd_check_access_rights(). No longer used.
There are now no more callers of SMB_VFS_GET_NT_ACL_AT().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
6503bb48 by Jeremy Allison at 2021-06-09T13:14:31+00:00
s3: smbd: smbd_calculate_maximum_allowed_access_fsp(), add parent dirfsp parameter and pass to can_delete_file_in_directory().
Pass the same fsp->conn->cwd_fsp parameter to can_delete_file_in_directory()
dirfsp for now.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
492d105b by Jeremy Allison at 2021-06-09T13:14:31+00:00
s3: smbd: smbd_calculate_access_mask_fsp(). Add dirfsp parameter.
Pass this down into smbd_calculate_maximum_allowed_access_fsp().
Currently pass fsp->conn->cwd_fsp everywhere.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
eea3a3c1 by Jeremy Allison at 2021-06-09T13:14:31+00:00
s3: smbd: open_file_ntcreate(). Start passing a real parent dirfsp to smbd_calculate_access_mask_fsp().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
7d4f4c83 by Jeremy Allison at 2021-06-09T13:14:31+00:00
s3: smbd: open_directory(). Start passing a real parent dirfsp to smbd_calculate_access_mask_fsp().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
3b1d2ddc by Jeremy Allison at 2021-06-09T13:14:31+00:00
s3: smbd: parent_override_delete(). Add dirfsp parameter.
Pass down to can_delete_file_in_directory().
Always pass conn->cwd_fsp for now.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
88881510 by Jeremy Allison at 2021-06-09T13:14:31+00:00
s3: smbd: smbd_check_access_rights_sd(). Add dirfsp parameter.
Pass down to parent_override_delete().
Always pass fsp->conn->cwd_fsp for now.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
699356a2 by Jeremy Allison at 2021-06-09T13:14:31+00:00
s3: smbd: smbd_check_access_rights_fsp(). Add dirfsp parameter.
Pass down to smbd_check_access_rights_sd().
Always pass conn->cwd_fsp for now.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
63fb55cd by Jeremy Allison at 2021-06-09T13:14:31+00:00
s3: smbd: open_file(). Pass down the real parent_dir->fsp to smbd_check_access_rights_fsp().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
6ef5ed23 by Jeremy Allison at 2021-06-09T13:14:31+00:00
s3: smbd: open_directory(). Pass down the real parent_dir->fsp to smbd_check_access_rights_fsp().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
ca5d2c35 by Jeremy Allison at 2021-06-09T13:14:31+00:00
s3 VFS: glusterfs: Remove get_nt_acl_at_fn().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
7da81bfb by Jeremy Allison at 2021-06-09T13:14:31+00:00
s3: VFS: shadow_copy2: Remove shadow_copy2_get_nt_acl_at().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
2cff96d9 by Jeremy Allison at 2021-06-09T13:14:31+00:00
s3: VFS: afsacl: Remove afsacl_get_nt_acl_at().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
d677cee9 by Jeremy Allison at 2021-06-09T13:14:31+00:00
s3: VFS: aixacl2: Remove aixjfs2_get_nt_acl_at().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
aab4970b by Jeremy Allison at 2021-06-09T13:14:31+00:00
s3: VFS: acl_tdb. Remove acl_tdb_get_nt_acl_at().
Comment out get_acl_blob_at() as no longer used.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
403cf571 by Jeremy Allison at 2021-06-09T13:14:31+00:00
s3: VFS: acl_tdb: Remove unused get_acl_blob_at().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
fd8a2cfd by Jeremy Allison at 2021-06-09T13:14:31+00:00
s3: VFS: acl_xattr: Remove acl_xattr_get_nt_acl_at().
Comment out get_acl_blob_at() as no longer used.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
45341cee by Jeremy Allison at 2021-06-09T13:14:31+00:00
s3: VFS: acl_xattr: Remove unused get_acl_blob_at().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
ccc9613e by Jeremy Allison at 2021-06-09T13:14:31+00:00
s3: VFS: catia. Remove catia_get_nt_acl_at().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
e96b2dee by Jeremy Allison at 2021-06-09T13:14:31+00:00
s3: VFS: ceph_snapshots. Remove ceph_snap_gmt_get_nt_acl_at().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
058ac279 by Jeremy Allison at 2021-06-09T13:14:31+00:00
s3: VFS: gpfs. Remove gpfsacl_get_nt_acl_at().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
72cf25f6 by Jeremy Allison at 2021-06-09T13:14:31+00:00
s3: VFS: media_harmony. Remove mh_get_nt_acl_at().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
7994c0c2 by Jeremy Allison at 2021-06-09T13:14:31+00:00
s3: VFS: nfs4acl_xattr: Remove nfs4acl_xattr_get_nt_acl_at().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
e24e5ec7 by Jeremy Allison at 2021-06-09T13:14:31+00:00
s3: VFS: snapper: Remove snapper_gmt_get_nt_acl_at().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
7d2a2d5f by Jeremy Allison at 2021-06-09T13:14:31+00:00
s3: VFS: zfsacl: Remove zfsacl_get_nt_acl_at().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
613fed31 by Jeremy Allison at 2021-06-09T13:14:31+00:00
s3: VFS: acl_common: Remove get_nt_acl_common_at().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
a28a6867 by Jeremy Allison at 2021-06-09T13:14:31+00:00
s3: VFS: acl_common: Remove the pathname-based calls in validate_nt_acl_blob().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
737c6814 by Jeremy Allison at 2021-06-09T13:14:31+00:00
s3: VFS: acl_common: Remove the dirfsp parameter from validate_nt_acl_blob().
No longer needed.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
3cbf0acc by Jeremy Allison at 2021-06-09T13:14:31+00:00
vfs: RIP SMB_VFS_GET_NT_ACL_AT()
.--. .-, .-..-.__
.'(`.-` \_.-'-./` |\_( "\__
__.>\ '; _;---,._| / __/`'--)
/.--. : |/' _.--.<| / | |
_..-' `\ /' /` /_/ _/_/
>_.-``-. `Y /' _;---.`|/))))
'` .-''. \|: .' __, .-'"`
.'--._ `-: \/: /' '.\ _|_
/.'`\ :; /' `- `-|-`
-` | | |
:.; : | .-'~^~`-.
|: | .' _ _ `.
|:. | | |_) | |_) |
:. : | | | \ | | |
: ; | | |
: ; | | SMB_VFS |
: ; | | GET_NT_ |
: ; | | ACL_AT |
.jgs. : ; | |
-."-/\\\/:::. `\."-._'."-"_\\-| |///."-
" -."-.\\"-."//.-".`-."_\\-.".-\\`=.........=`//-".
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
b0842364 by Jeremy Allison at 2021-06-09T13:14:31+00:00
s3: VFS: Update status of SMB_VFS_NT_ACL_AT.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
ccef64da by Jeremy Allison at 2021-06-09T13:14:31+00:00
s3: smbd: Remove posix_get_nt_acl().No longer used.
Comment out load_inherited_info() as that was the
only caller.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
7eb20651 by Jeremy Allison at 2021-06-09T13:14:31+00:00
s3: VFS: aixacl: Remove aixacl_sys_acl_get_file().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
c0694d44 by Jeremy Allison at 2021-06-09T13:14:31+00:00
s3: VFS: aixacl2: Remove aixjfs2_sys_acl_get_file().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
7d6b47f0 by Jeremy Allison at 2021-06-09T13:14:31+00:00
s3: VFS: cap: Remove cap_sys_acl_get_file().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
71bcd205 by Jeremy Allison at 2021-06-09T13:14:31+00:00
s3: VFS: catia: Remove catia_sys_acl_get_file().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
4ba0d4be by Jeremy Allison at 2021-06-09T13:14:31+00:00
s3: VFS: ceph: Remove call to posixacl_xattr_acl_get_file().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
316235ef by Jeremy Allison at 2021-06-09T13:14:31+00:00
s3: VFS: fake_acls: Remove fake_acls_sys_acl_get_file().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
a5b7ccb1 by Jeremy Allison at 2021-06-09T13:14:31+00:00
s3: VFS: glusterfs: Remove call to posixacl_xattr_acl_get_file().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
a46e9aaa by Jeremy Allison at 2021-06-09T13:14:31+00:00
s3: VFS: gpfs: Remove gpfsacl_sys_acl_get_file().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
a1298c3f by Jeremy Allison at 2021-06-09T13:14:31+00:00
s3: VFS: hpuxacl: Make hpuxacl_sys_acl_get_file() static.
Called internally as HPUX has no fd-based acl functions.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
c0d70d4d by Jeremy Allison at 2021-06-09T13:14:31+00:00
s3: VFS: media_harmony: Remove mh_sys_acl_get_file().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
155a660e by Jeremy Allison at 2021-06-09T13:14:31+00:00
s3: VFS: nfs4acl_xattr: Remove nfs4acl_xattr_fail__sys_acl_get_file().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
d24b6c7a by Jeremy Allison at 2021-06-09T13:14:31+00:00
s3: VFS: solarisacl: Make solarisacl_sys_acl_get_file() static. Still called internally.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
8a6e8428 by Jeremy Allison at 2021-06-09T13:14:31+00:00
s3: VFS: unityed_media: Remove um_sys_acl_get_file().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
99650deb by Jeremy Allison at 2021-06-09T13:14:31+00:00
s3: VFS: zfsacl: Remove zfsacl_fail__sys_acl_get_file().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
b828784c by Jeremy Allison at 2021-06-09T13:14:31+00:00
s3: VFS: posixacl: Remove call to posixacl_sys_acl_get_file().
We can't remove the code yet until the callers inside sysacl.c
are gone. We must remove the VFS function first.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
bb038f2b by Jeremy Allison at 2021-06-09T13:14:31+00:00
s3: VFS: RIP SMB_VFS_SYS_ACL_GET_FILE()
(\ _ /)
( \ O / )
(// \\)
X
/ \
/___\
_____/ \\_____
| + ||
| ||
| SMB_VFS_SYS_ ||
| ACL_GET_FILE() ||
| ||
| ||
| ||
| _ ___ _ ||
| | \ | | \ ||
| | | | | | ||
| |_/ | |_/ ||
| | \ | | ||
| | \ | | ||
| | \. _|_. | . ||
| ||
* * | * ** * ** |** **
\)),.,\(/.,(//,,..,,\||(,,.,\\,.((//
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
d427df22 by Jeremy Allison at 2021-06-09T13:14:31+00:00
s3: VFS: Update status of SMB_VFS_SYS_ACL_GET_FILE
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
0ecc56cb by Jeremy Allison at 2021-06-09T13:14:31+00:00
s3: VFS: afsacl: Remove afsacl_sys_acl_blob_get_file().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
b75e459b by Jeremy Allison at 2021-06-09T13:14:31+00:00
s3: VFS: aixacl: Remove call to posix_sys_acl_blob_get_file().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
07fe1afb by Jeremy Allison at 2021-06-09T13:14:31+00:00
s3: VFS: aixaxcl2: Remove aixjfs2_sys_acl_blob_get_file().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
6605b05e by Jeremy Allison at 2021-06-09T13:14:31+00:00
s3: VFS: ceph: Remove call to posix_sys_acl_blob_get_file().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
eeb2a3ce by Jeremy Allison at 2021-06-09T13:14:31+00:00
s3: VFS: fake_acls: Remove call to posix_sys_acl_blob_get_file().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
eff0afa6 by Jeremy Allison at 2021-06-09T13:14:31+00:00
s3: VFS: glusterfs: Remove call to posix_sys_acl_blob_get_file().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
6a0d1274 by Jeremy Allison at 2021-06-09T13:14:31+00:00
s3: VFS: gpfs: Remove gpfsacl_sys_acl_blob_get_file().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
e7165637 by Jeremy Allison at 2021-06-09T13:14:31+00:00
s3: VFS: hpuxacl: Remove call to posix_sys_acl_blob_get_file().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
24382af0 by Jeremy Allison at 2021-06-09T13:14:31+00:00
s3: VFS: nfs4acl_xattr: Remove call to nfs4acl_xattr_fail__sys_acl_blob_get_file().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
ed988917 by Jeremy Allison at 2021-06-09T13:14:31+00:00
s3: VFS: Remove call to posix_sys_acl_blob_get_file().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
5bd95225 by Jeremy Allison at 2021-06-09T13:14:31+00:00
s3: VFS: Remove zfsacl_fail__sys_acl_blob_get_file().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
c8f468d2 by Jeremy Allison at 2021-06-09T13:14:31+00:00
s3: VFS: posixacl: Remove call to posix_sys_acl_blob_get_file().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
71b278d1 by Jeremy Allison at 2021-06-09T13:14:31+00:00
s3: VFS: RIP SMB_VFS_SYS_ACL_BLOB_GET_FILE()
(\ _ /)
( \ O / )
(// \\)
X
/ \
/___\
_____/ \\_____
| + ||
| ||
| SMB_VFS_SYS_ACL ||
| BLOB_GET_FILE() ||
| ||
| ||
| ||
| _ ___ _ ||
| | \ | | \ ||
| | | | | | ||
| |_/ | |_/ ||
| | \ | | ||
| | \ | | ||
| | \. _|_. | . ||
| ||
* * | * ** * ** |** **
\)),.,\(/.,(//,,..,,\||(,,.,\\,.((//
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
386f75f3 by Jeremy Allison at 2021-06-09T13:14:31+00:00
s3: VFS: Update status of SMB_VFS_SYS_ACL_BLOB_GET_FILE
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
8ed07fa8 by Jeremy Allison at 2021-06-09T13:14:31+00:00
s3: lib: sysacls: Remove sys_acl_get_file(). No longer used.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
bfe2d8f5 by Jeremy Allison at 2021-06-09T13:14:31+00:00
s3: VFS: posixacl: Remove posixacl_sys_acl_get_file().
No longer used.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
d5e3dcc8 by Jeremy Allison at 2021-06-09T13:14:31+00:00
s3: VFS: non_posix_acls: Remove non_posix_sys_acl_blob_get_file_helper(). No longer used.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
ac77b2c6 by Jeremy Allison at 2021-06-09T13:14:31+00:00
s3: lib: sysacls: Add the 'SMB_ACL_TYPE_T type' parameter to sys_acl_set_fd().
Pass it through to the backends. The default posixacl_sys_acl_set_fd()
already copes with this anyway, as does the AIX, and Solaris backends.
The HPUX code isn't compiled and was broken anyway (there was a
missmatch of the number of parameters being passed to the
sys_acl_set_fd_fn backend hpuxacl_sys_acl_set_fd()), and HPUX
doesn't have fd-based ACLs, so just switch to calling hpuxacl_sys_acl_set_file().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
4266b6a7 by Jeremy Allison at 2021-06-09T13:14:31+00:00
s3: VFS: hpuxacl: Fix the funtion signature for hpuxacl_sys_acl_set_fd()
This is really unmaintained code and should be removed unless
someone from HP steps up..
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
30318562 by Jeremy Allison at 2021-06-09T13:14:31+00:00
s3: VFS: default: Remove the sys_proc_fd_path() fallback code in vfswrap_sys_acl_set_fd().
Just pass through to sys_acl_set_fd(), which goes to posixacl_sys_acl_set_fd()
on posix ACL systems.
We already have identical code in posixacl_sys_acl_set_fd()
and these fallbacks are really system specific so we shouldn't
be doing them in more than one place.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
f0c22f74 by Jeremy Allison at 2021-06-09T13:14:31+00:00
s3: lib: sysacls: Remove all implementations of sys_acl_set_file().
No longer called.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
2f4c5b9b by Jeremy Allison at 2021-06-09T13:14:31+00:00
s3: VFS: posixacl: Remove posixacl_sys_acl_set_file().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
fcca720e by Jeremy Allison at 2021-06-09T13:14:31+00:00
s3: VFS: aixacl: Remove aixacl_sys_acl_set_file().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
96ef8454 by Jeremy Allison at 2021-06-09T14:04:13+00:00
s3: VFS: solarisacl: Remove solarisacl_sys_acl_set_file().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Wed Jun 9 14:04:13 UTC 2021 on sn-devel-184
- - - - -
14383909 by Andreas Schneider at 2021-06-09T16:54:23+00:00
lib:mscat: Don't use deprecated types
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Wed Jun 9 16:54:23 UTC 2021 on sn-devel-184
- - - - -
1cd65280 by David Mulder at 2021-06-09T16:55:50+00:00
gpo: Add GNOME Settings ADMX templates
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
97593a49 by David Mulder at 2021-06-09T16:55:50+00:00
gpo: Test Group Policy GNOME Setting
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
694dc56f by David Mulder at 2021-06-09T17:44:25+00:00
gpo: Apply Group Policy GNOME Settings
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Jun 9 17:44:25 UTC 2021 on sn-devel-184
- - - - -
1e338d51 by Ralph Boehme at 2021-06-09T19:47:34+00:00
smbtorture: verify attributes on fake quota file handle
The expected DOS attributes are taken from a Windows 2016 server. The expected
timestamps are what Samba has returned before commit 572d4e3a56eef00e29f9348:
NTTIME(0), ie no value.
The upcoming fix will restore this behaviour. Windows of course does
return *some* timestamps, but as it's neither documented nor was I able to
figure out where they would be coming from, as well as the Windows client apparently
doesn't care, I didn't bother with implementing some sophisticated heuristic to
return some timestamps.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14731
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
51b0fd0c by Ralph Boehme at 2021-06-09T19:47:34+00:00
smbd: add dosmode_from_fake_filehandle()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14731
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e093eaed by Ralph Boehme at 2021-06-09T19:47:34+00:00
smbd: handle fake file handles in fdos_mode()
This ensures SMB requests on the quote fake file "$Extend/$Quota" don't hit the
VFS, where specifically in vfs_gpfs we log an error message if we fail to read
the DOS attributes for a file with
vfs_gpfs_get_dos_attributes: Getting winattrs failed for $Extend/$Quota
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14731
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
52a42111 by Ralph Boehme at 2021-06-09T20:38:02+00:00
smbd: return correct timestamps for quota fake file
Prior to 572d4e3a56eef00e29f93482daa21647af7310d0 it was sufficient to
initialize struct timespec to zero to return NTTIME 0 (ie not set) over
SMB.
This fixes the same problem from bug 14714 where the timestamps in an SMB2 CLOSE
response.
Windows of course does return *some* timestamps, but as it's neither documented
nor was I able to figure out where they would be coming from, as well as the
Windows client apparently doesn't care, I didn't bother with implementing some
sophisticated heuristic to return some timestamps.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14731
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Jun 9 20:38:02 UTC 2021 on sn-devel-184
- - - - -
29e8c30f by David Mulder at 2021-06-09T22:26:42+00:00
samba-tool: gpo admxload mkdir -p
Ensure all directories in the path are created,
otherwise admx upload fails here.
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Autobuild-User(master): David Mulder <dmulder at samba.org>
Autobuild-Date(master): Wed Jun 9 22:26:42 UTC 2021 on sn-devel-184
- - - - -
8fa8bbe1 by Andreas Schneider at 2021-06-10T00:24:22+00:00
s3:tests: Fix the test_smbclient_netbios_aliases
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Jun 10 00:24:22 UTC 2021 on sn-devel-184
- - - - -
a9ef5555 by Douglas Bagnall at 2021-06-10T00:29:32+00:00
samba-tool domain: improve error message when `patch` fails
The old message confused even the wisest among us:
https://lists.samba.org/archive/samba/2021-May/236021.html
and while /user/bin/patch might be overly specific, it should point
people in the right direction.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
8eb307f2 by Douglas Bagnall at 2021-06-10T00:29:32+00:00
python: remove obsolete samba_external directory
It seems this was once meant to contain third-party python libraries
that we hoped would already be on the system, of which there was only
ever one candidate, dnspython, which we moved then stopped bundling
years ago.
The ancestor of this directory, 'source4/scripting/python/samba_external/'
was unused since 4bbc3ff037026c72f3249f59c1b5af69a6ad6d69 (2010) and
the current location has never done anything.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ef863de1 by Douglas Bagnall at 2021-06-10T00:29:32+00:00
s3:pylibsmb: avoid small leaks in cli_notify_get_changes
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
b54a2404 by Douglas Bagnall at 2021-06-10T00:29:32+00:00
s3:pylibsmb: improve return types (false => NULL)
NULL, a.k.a. (void *)false;
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
997b90e0 by Douglas Bagnall at 2021-06-10T00:29:32+00:00
idl: two comment typos in two lines
it is the density that got to me.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
8515973d by Douglas Bagnall at 2021-06-10T00:29:32+00:00
samba-tool dns zoneoptions --help improvement
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
fe91e643 by Douglas Bagnall at 2021-06-10T00:29:32+00:00
samba-tool: stick to the point with --version
We were doing this:
$ bin/samba-tool --version
samba-tool: no such subcommand: --version
4.15.0pre1-DEVELOPERBUILD
$
which is silly. Now we'll just see the version.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
76728792 by Douglas Bagnall at 2021-06-10T01:17:52+00:00
selftest/gdb_backtrace: remove duplicate assignment.
See 18 or so lines up.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Jun 10 01:17:52 UTC 2021 on sn-devel-184
- - - - -
f44918e6 by Jeremy Allison at 2021-06-10T09:16:22+00:00
s3: VFS: default: Add proc_fd's fallback for vfswrap_fchown().
https://bugzilla.samba.org/show_bug.cgi?id=14734
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
Autobuild-User(master): Noel Power <npower at samba.org>
Autobuild-Date(master): Thu Jun 10 09:16:22 UTC 2021 on sn-devel-184
- - - - -
9b7bef7f by Andreas Schneider at 2021-06-10T10:31:33+00:00
s3:smbd: Make sure smb_fname is set and not NULL in dos_mode_post()
Found by covscan.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
d6eff9c4 by Andreas Schneider at 2021-06-10T10:31:33+00:00
librpc: Make sure num_protocols is initialized
Found by covscan.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
8204e5f9 by Andreas Schneider at 2021-06-10T10:31:33+00:00
s3:smbd: Remove unnessesary NULL check for fsp
We already dereference fsp earlier. So if it is NULL it already
segfaulted much earlier.
Found by covscan.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
eef0f736 by Andreas Schneider at 2021-06-10T11:22:18+00:00
s3:smbd: Remove unnessesary NULL check for req
We already dereference req earlier. So if it is NULL it already
segfaulted much earlier.
Found by covscan.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Noel Power <npower at samba.org>
Autobuild-User(master): Noel Power <npower at samba.org>
Autobuild-Date(master): Thu Jun 10 11:22:19 UTC 2021 on sn-devel-184
- - - - -
5c7ba35b by Ralph Boehme at 2021-06-10T19:22:23+00:00
smbd: remove unneeded code from dos_mode_at_vfs_get_dosmode_done()
This is not used anymore since e7a90fd7a173d8e3cd5a2bb163df61758b2b973f.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Jun 10 19:22:23 UTC 2021 on sn-devel-184
- - - - -
210e7628 by Jeremy Allison at 2021-06-10T20:45:31+00:00
smbd: remove more dead code from dos_mode_at_vfs_get_dosmode_done()
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
a6022562 by Jeremy Allison at 2021-06-10T21:36:11+00:00
s3: smbd: Cleanup - Remove #ifdef'ed out load_inherited_info().
I commented this out but forgot to remove in the
previous mega-patch.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Jun 10 21:36:11 UTC 2021 on sn-devel-184
- - - - -
e1d362c4 by Andreas Schneider at 2021-06-11T00:36:32+00:00
s3:tests: Fix passing the configuration to Smbclient_netbios_aliases test
Signed-Off-By: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e165dcc7 by Andreas Schneider at 2021-06-11T01:26:36+00:00
selftest: Only set netbios aliases for the ad_member env
The provision_ad_member() function is reused by different
setup_ad_member*() functions. Each environment needs to have unique
netbios aliases as they are all in the same network.
The aliases should only be set for the 'ad_member' environment.
Signed-Off-By: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Jun 11 01:26:36 UTC 2021 on sn-devel-184
- - - - -
51afb64d by Joseph Sutton at 2021-06-11T07:41:38+00:00
selftest: Remove duplicate variable assignment
This line currently produces a warning.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
fec996ff by Joseph Sutton at 2021-06-11T07:41:38+00:00
samldb: Fix function name typo in error message
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
e7754b56 by Joseph Sutton at 2021-06-11T07:41:38+00:00
pytest: Fix typo in docstring
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
bb4d06e1 by Joseph Sutton at 2021-06-11T07:41:38+00:00
sambadns: Fix docstring for create_dns_dir()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
79a898e2 by Joseph Sutton at 2021-06-11T07:41:38+00:00
pyldb: Add test for Message.items()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
3e4ec0a9 by Joseph Sutton at 2021-06-11T07:41:38+00:00
pyldb: Fix Message.items() for a message containing elements
Previously, message elements were being freed before the call to
Py_BuildValue(), resulting in an exception being raised. Additionally,
only the first element of the returned list was ever assigned to.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
c6b2846c by Joseph Sutton at 2021-06-11T07:41:38+00:00
testprogs: Test that dns.keytab is created after a dns upgrade
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
f5c26f72 by Joseph Sutton at 2021-06-11T07:41:38+00:00
samba_upgradedns: Create binddns_dir if it doesn't already exist
Without doing this, the upgrade process can fail if the directory is not
present, e.g. after restoring from an offline backup (which specifically
ignores this directory).
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
ae5964be by Derek Lambert at 2021-06-11T07:41:38+00:00
sambadns: Create BINDDNS_DIR/dns.keytab link to PRIVATE_DIR/dns.keytab on DC join
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14181
Signed-off-by: Derek Lambert <dlambert at dereklambert.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
9f1e5637 by Joseph Sutton at 2021-06-11T07:41:38+00:00
provision: Refactor another usage of create_dns_dir_keytab_link
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14181
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14535
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
e8c242be by Joseph Sutton at 2021-06-11T07:41:38+00:00
netcmd: Fix error-checking condition
This condition probably meant to check the argument of the most recently
thrown exception, rather than the previous one again.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14669
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
658e5a6c by Joseph Sutton at 2021-06-11T07:41:38+00:00
netcmd: Ignore rIDUsedPool attribute in offline domain backup test
The RID Set of the newly created DC account has all its values
initialised to zero. If the rIDUsedPool attribute was previously
non-zero, then the restore process will cause its value to change.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14669
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
11dae9cf by Joseph Sutton at 2021-06-11T07:41:38+00:00
tests: Specify additional modules for 'vfs objects' parameter
This helps to avoid a warning 'vfs objects specified without required AD
DC module'.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
fb0d71b3 by Joseph Sutton at 2021-06-11T07:41:38+00:00
netcmd: Use correct path for state directory during offline backup
During the restore process, we use make_smbconf() to create a new
smb.conf file with the default paths. The default location for 'state
directory' is 'state', but we currently rename this directory to
'statedir' on backing up, so it will end up pointing to a non-existent
directory. This commit ensures the names are consistent.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
9bfba62c by Joseph Sutton at 2021-06-11T07:41:38+00:00
netcmd: Refactor seizing DNS roles while restoring from a backup
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
4feb353f by Andrew Bartlett at 2021-06-11T07:41:38+00:00
dbcheck: check correct RID set attributes when looking for SID conflicts
The previous code would only work for the first rid set ever given to a DC
because the names are so misleading.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13632
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
b7e6a1c5 by Joseph Sutton at 2021-06-11T07:41:38+00:00
netcmd: Add tests for performing an offline backup immediately after joining a domain
This currently fails due to the DC not having a rIDNextRID attribute,
which is required for the restore process.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14669
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
cc98e03e by Joseph Sutton at 2021-06-11T07:41:38+00:00
dsdb: Add next_free_rid() function to allocate a RID without modifying the database
If used to generate SIDs for objects, care should be taken, as the
possibility for having duplicate objectSIDs can arise.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14669
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
7c7cad81 by Joseph Sutton at 2021-06-11T07:41:38+00:00
python/tests/dsdb: Add tests for RID allocation functions
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14669
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
59d293b6 by Joseph Sutton at 2021-06-11T07:41:38+00:00
netcmd: Use next_free_rid() function to calculate a SID for restoring a backup
This means we won't get errors if the DC doesn't have a rIDNextRID
attribute, but we will still error if there is no RID Set or if all its
pools are exhausted.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14669
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
2a3b82ae by Joseph Sutton at 2021-06-11T07:41:38+00:00
ridalloc: Don't skip the first RID of a pool
Previously, if either of the rIDPreviousAllocation and rIDNextRID
attributes were not present in a RID Set, the first RID in
rIDAllocationPool was skipped over when determining their values.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
739d7e54 by Joseph Sutton at 2021-06-11T07:41:38+00:00
netcmd: Avoid conflicting SIDs when creating an offline backup
To allow the new DC object to be created in a restored domain while
avoiding conflicts with existing SIDS, we fetch a SID that is available
at the time of backing up and store it in the backed-up database.
However, if a new security principal is created on this DC during the
backup process, the stored SID may be reused for that object, resulting
in an error on restoration.
By getting the SID for restore only after all the database files have
been backed up, we ensure that the chosen SID does not conflict with any
objects in the backed-up database.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
5bf75d01 by Joseph Sutton at 2021-06-11T07:41:38+00:00
dbcheck: Refactor RID Set check to use free_rid_bounds()
This function provides a simpler method of getting the bounds of the
range of RIDs we want to check. We also now check that the low bound is
less than the high bound for both rIDAllocationPool and
rIDPreviousAllocationPool.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
18394daf by Joseph Sutton at 2021-06-11T08:28:28+00:00
dbcheck: formatting
Reduce the length of some lines to 79 characters or less.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Fri Jun 11 08:28:28 UTC 2021 on sn-devel-184
- - - - -
3031e807 by Joseph Sutton at 2021-06-11T08:38:34+00:00
python:subunit: Fix skipping a test with no reason given
Not specifying a reason means addSkip() is passed an empty string rather
than None. As a result, this condition was never hit, and the call to
_addOutcome() had an incorrect parameter.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
18b78fa4 by Joseph Sutton at 2021-06-11T08:38:34+00:00
python:subunit: Remove write_traceback()
This functionality is already present in the Python unittest framework,
and so is not necessary to include here.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
421dc7fc by Joseph Sutton at 2021-06-11T08:38:34+00:00
python:subunit: Avoid misleading "Test was never started" error message
subunithelper.py keeps track of tests that have been started, and
displays an error message if a test reports an outcome without having
previously been started. However, it makes the assumption that a test
has finished once it has reported a single outcome. This means that a
misleading error message will be displayed if it receives multiple
outcomes from the same test (which can happen if a test using the Python
unittest framework does not complete successfully, and the cleanup
subsequently fails), and any actual errors from the cleanup remain
undisplayed.
This commit ensures that only a single outcome is reported for each
test, and only after the test has finished. Outcomes are buffered up
until the stopTest() function is called, when a single outcome is
determined and all errors received for that test are output.
FilterOps still needs to output test outcomes immediately rather than
buffering them, otherwise they are never picked up and passed on to the
remote test case by subunithelper.parse_results(). This would result in
an error as the test would be considered to have never finished.
Example subunitrun output before the change:
time: 2021-04-28 01:28:49.862123Z
test: samba.tests.example.ExampleTests.test
time: 2021-04-28 01:28:49.862215Z
failure: samba.tests.example.ExampleTests.test [
Traceback (most recent call last):
File "bin/python/samba/tests/example.py", line 28, in test
self.fail()
AssertionError: None
]
time: 2021-04-28 01:28:49.862407Z
failure: samba.tests.example.ExampleTests.test [
Traceback (most recent call last):
File "bin/python/samba/tests/example.py", line 31, in tearDown
self.fail()
AssertionError: None
]
time: 2021-04-28 01:28:49.862467Z
time: 2021-04-28 01:28:49.862510Z
and after:
time: 2021-04-28 01:29:19.949347Z
test: samba.tests.example.ExampleTests.test
time: 2021-04-28 01:29:19.949440Z
time: 2021-04-28 01:29:19.949590Z
time: 2021-04-28 01:29:19.949640Z
failure: samba.tests.example.ExampleTests.test [
Traceback (most recent call last):
File "bin/python/samba/tests/example.py", line 28, in test
self.fail()
AssertionError: None
Traceback (most recent call last):
File "bin/python/samba/tests/example.py", line 31, in tearDown
self.fail()
AssertionError: None
]
time: 2021-04-28 01:29:19.949702Z
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f6025d9f by Douglas Bagnall at 2021-06-11T08:38:34+00:00
dlz_bind9: remove redundant logging in b9_record_match()
This log message will never be seen. We know because:
1. Always (two places) we are comparing an incoming record against a
database record.
2. The incoming record has come from b9_parse(), which makes the same
check.
3. If the database record is bad, we will never get here because the
first check is b9_record_match() is
if (rec1->wType != rec2->wType) {
return false;
}
and rec1->wType is not going to equal the corrupt database record's
wType, because point 2.
OK, but why? So we can shift this into dnsserver_common.c, because
the internal dns server has an inferior record_match() and it could do
with sharing this one.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
070e7113 by Douglas Bagnall at 2021-06-11T08:38:34+00:00
dns: merge dlz/internal dns_records_match()
We have had three nearly identical functions called
dns_record[s]_match. This patch merges two of them, attempting to keep
the good bits and not the bugs.
That means:
1. We use the AAAA match from dlz, which is agnostic to all the
billions of ways you can write the same IPv6 address (case sensitivity
is just the beginning).
2. We lean more on the TXT match from dns_utils, because the dlz used
a weird bitwise &= operator, but we adjust to exit early.
3. Keep HINFO from dlz (for now).
4. Use the dns_name_equal() that was already in dns_common, which was
used by dlz. dns_utils had a strange one that probably did the same
thing.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
341febfb by Douglas Bagnall at 2021-06-11T08:38:34+00:00
dns common: dns_records_match() matches tombstones
This will be needed by the RPC server. Other callers already filter
out tombstones, so this is OK.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
51ace4d0 by Douglas Bagnall at 2021-06-11T08:38:34+00:00
dns_record_match: drop pretense of HINFO support
We don't support it really, and if we did there is no sense in which
it could be updated, which is the context in which this function is
used.
(modern HINFO returns the constant string "RFC8482". See RFC 8482).
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
64e63780 by Douglas Bagnall at 2021-06-11T08:38:34+00:00
dlz: remove pretense of HINFO support
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b7077203 by Douglas Bagnall at 2021-06-11T08:38:34+00:00
dns: merge dns_records_match and dns_record_match
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e37437f1 by Douglas Bagnall at 2021-06-11T08:38:34+00:00
pydns: expose dns_records_match() as dsdb_dns.records.match()
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
581d7a52 by Douglas Bagnall at 2021-06-11T08:38:34+00:00
pytest:dns_base: make_txt_update can set arbitrary TTL
Also, improve a variable name.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e9a26561 by Douglas Bagnall at 2021-06-11T08:38:34+00:00
py: samba.dnsserver: add helper for record buffers
We *always* make these steps when we get a record.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
41524996 by Douglas Bagnall at 2021-06-11T09:29:23+00:00
pytests: add dns_aging, embracing and extending ageing tests
This incorporates tests from various dns*.py files, but makes them
correct.
All but one of these tests pass against Windows 2012r2.
Further patches will remove the broken tests in other files, and fix
Samba so it passes these.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Fri Jun 11 09:29:23 UTC 2021 on sn-devel-184
- - - - -
72ace149 by Jeremy Allison at 2021-06-11T09:30:53+00:00
s3: smbd: Protect dos_mode_at_send() from running into a symlink.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power<npower at samba.org>
- - - - -
34a6ed21 by Noel Power at 2021-06-11T09:30:53+00:00
s3/smbd: call dos_mode_post with fsp
Next commit can remove smb_name param from dos_mode_post
signature.
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
77f15f58 by Noel Power at 2021-06-11T09:30:53+00:00
s3/smbd: dos_mode_post: remove smb_fname param
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org
- - - - -
eb8d1265 by Noel Power at 2021-06-11T09:30:53+00:00
s3/smbd: dos_mode_check_compressed: remove smb_fname, conn fn parms
smb_fname is unused and we can get conn from the fsp passed in
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
0f5c6c0a by Noel Power at 2021-06-11T09:30:53+00:00
s3/smbd: Remove unecessary 'else' block
This is an inconsequential cosmetic change, it just caught my eye
as looking a bit out of place compared to the surrounding code style.
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
748189b2 by Noel Power at 2021-06-11T09:30:53+00:00
VFS: vxfs: ifdef out vxfs_sys_acl_set_fd
as the sys_acl_set_fd_fn definition for vxfs_sys_acl_set_fd is ifdef'ed
out we also need ifdef out the vxfs_sys_acl_set_fd implementation itself
otherwise we get the following error.
source3/modules/vfs_vxfs.c:484:12: error: ‘vxfs_sys_acl_set_fd’ defined but not used [-Werror=unused-function]
static int vxfs_sys_acl_set_fd(vfs_handle_struct *handle,
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f4f1206c by Noel Power at 2021-06-11T09:30:53+00:00
VFX: vxfs: Fixup some warnings
../../source3/modules/vfs_vxfs.c:343:6: error: unused variable ‘i’ [-Werror=unused-variable]
int i, offset = 0;
^
../../source3/modules/vfs_vxfs.c:342:17: error: unused variable ‘n_id’ [-Werror=unused-variable]
uint32_t e_id, n_id;
^~~~
../../source3/modules/vfs_vxfs.c:342:11: error: unused variable ‘e_id’ [-Werror=unused-variable]
uint32_t e_id, n_id;
^~~~
../../source3/modules/vfs_vxfs.c:341:35: error: unused variable ‘n_perm’ [-Werror=unused-variable]
uint16_t e_type, n_type, e_perm, n_perm;
^~~~~~
../../source3/modules/vfs_vxfs.c:341:27: error: unused variable ‘e_perm’ [-Werror=unused-variable]
uint16_t e_type, n_type, e_perm, n_perm;
^~~~~~
../../source3/modules/vfs_vxfs.c: In function ‘vxfs_compare’:
../../source3/modules/vfs_vxfs.c:407:6: error: unused variable ‘i’ [-Werror=unused-variable]
int i, count = 0;
^
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
4f20d310 by Jeremy Allison at 2021-06-11T10:17:46+00:00
s3: smbd: Remove erroneous TALLOC_FREE(smb_fname_parent) in change_file_owner_to_parent() error path.
Caller is still using this !
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14736
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power<npower at samba.org>
Autobuild-User(master): Noel Power <npower at samba.org>
Autobuild-Date(master): Fri Jun 11 10:17:46 UTC 2021 on sn-devel-184
- - - - -
0ec865d9 by Julien ROPÉ at 2021-06-11T19:28:10+00:00
Fix for https://bugzilla.samba.org/show_bug.cgi?id=9634
Add an option to smb.conf to list authorized zone transfer clients.
Implement restriction in dlz_bind9 module to allow transfers only to selected IPs.
Deny zone transfer by default in dlz_bind9.
Adds test for the restriction in DNZ zone transfer clients.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9634
Signed-off-by: Julien ROPÉ <jrope at linagora.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Jun 11 19:28:10 UTC 2021 on sn-devel-184
- - - - -
582030ba by Jeremy Allison at 2021-06-15T11:06:23+00:00
s3: torture: Add POSIX-SYMLINK-GETPATHINFO regression test.
This ensure we never blunder into indirecting a NULL fsp pointer
in the server. We already pass this, but this test will ensure
we continue to do so as we make fileserver changes.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power<npower at samba.org>
Autobuild-User(master): Noel Power <npower at samba.org>
Autobuild-Date(master): Tue Jun 15 11:06:23 UTC 2021 on sn-devel-184
- - - - -
aa147153 by Volker Lendecke at 2021-06-15T18:11:35+00:00
rpc_server: Don't rely on TCP-bind() to return EADDRINUSE
socket_wrapper can't do EADDRINUSE because unix domain sockets don't
do it.
This currently works correctly because right now all RPC servers
either use explicit ports or all listen on the same socket.
The new code uses a static variable, so it only helps if a single
process listens for multiple RPC sockets. It won't work if multiple
processes start listening. But in case samba-dcerpcd goes in this will
be exactly the right thing to do.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
76c1b77e by Volker Lendecke at 2021-06-15T18:11:35+00:00
rpc_server: Make errno return of get_logged_on_userlist explicit
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
35a43de1 by Volker Lendecke at 2021-06-15T18:11:35+00:00
rpc_server: Make get_domain_userlist() independent of errno
In the "num_users==0" case (previously just return NULL) we depended
on errno==0 implicitly. When list_sessions() above in this routine had
to open smbXsrv_session_global, it could however happen that errno was
set. If then there were no users, get_domain_userlist() returned NULL
with errno set, which the callers interpreted then as a real error.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f877d832 by Volker Lendecke at 2021-06-15T18:11:35+00:00
libsmb: Factor out cli_status_to_errno() from cli_errno()
cli_errno() calls far too many trivial but subtle functions, all
referencing cli->raw_status. This might be the first step towards
getting rid of that.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
5f5c45a1 by Volker Lendecke at 2021-06-15T18:11:35+00:00
libsmbclient: Avoid a call to SMBC_errno() in SMBC_mkdir_ctx()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
7d0b6904 by Volker Lendecke at 2021-06-15T19:02:18+00:00
docs: Improve wording, fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Jun 15 19:02:18 UTC 2021 on sn-devel-184
- - - - -
4be71c7a by Andrew Bartlett at 2021-06-15T22:41:34+00:00
heimdal_build: Rework Heimdal warning handling
If we have all the right -Wno-error flags then we can enable warnings
more generally, otherwise just set -Wno-strict-overflow (if available)
Adapted from patches by Stefan Metzmacher <metze at samba.org> in his
branch to update Heimdal.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
f810e911 by Andrew Bartlett at 2021-06-15T22:41:34+00:00
heimdal_build: Set up new build groups for the Heimdal hostcc components
This is based on various patches by Stefan Metzmacher in the patch set for
the Heimdal upgrade.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
a1fa1f69 by Andrew Bartlett at 2021-06-15T22:41:34+00:00
heimdal_build: check for secure_getenv
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
7b4aef78 by Andrew Bartlett at 2021-06-15T22:41:34+00:00
gse_krb5: Provide keytab name in fill_mem_keytab_from_dedicated_keytab() error strings.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
d62917d3 by Stefan Metzmacher at 2021-06-15T22:41:34+00:00
heimdal_build: Provide C defines showing which Kerberos library is in use
Squashed from patches by Stefan Metzmacher as part of his Heimdal update branch
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
59eac15a by Stefan Metzmacher at 2021-06-15T22:41:34+00:00
build: in SAMBA_BINARY use TO_LIST(cflags)
This avoids unfortunate issues when the cflags is
already a list, as then -fPIC becomes ['-f', 'P', 'I', 'C'].
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d84c4f68 by Stefan Metzmacher at 2021-06-15T22:41:34+00:00
heimdal_build: Add C99 struct initializer in source4/heimdal_build/krb5-glue.c
This avoids uninitiliased structure members in this dummy
structure we include to avoid including more of Heimdal.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1f724a9f by Andrew Bartlett at 2021-06-15T23:25:27+00:00
heimdal_build: Use lib/asn1/rfc2459.opt rather than hard-coded
Based on patch by Stefan Metzmacher in his Heimdal upgrade branch
lib/asn1/rfc2459.opt imported from
lorikeet-heimdal-abartlet/lorikeet-heimdal-201107241840-plus-recent-changes
which is the closest tree I could find, and matches the options being
removed from the wscript_build file.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Tue Jun 15 23:25:27 UTC 2021 on sn-devel-184
- - - - -
db876e95 by Andreas Schneider at 2021-06-16T00:34:38+00:00
testprogs: Remove --debuglevel from test_kinit_trusts_mit.sh
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ea6c2fbf by Andreas Schneider at 2021-06-16T00:34:38+00:00
s4:client: Use a creds helper variable
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b49a8605 by Andreas Schneider at 2021-06-16T00:34:38+00:00
s4:client: Migrate smbclient4 to new cmdline option parser
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c0121347 by Andreas Schneider at 2021-06-16T00:34:38+00:00
testprogs: Use new kerberos options for smbclient(4) tests
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
48a5f934 by Andreas Schneider at 2021-06-16T00:34:38+00:00
s4:client: Migrate cifsdd to new cmdline option parser
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
30fb11da by Andreas Schneider at 2021-06-16T00:34:38+00:00
s4:torture: Remove unused include
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
59c97b09 by Andreas Schneider at 2021-06-16T00:34:38+00:00
s4:torture: Write better error on invalid cmdline option
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
10caa859 by Andreas Schneider at 2021-06-16T00:34:38+00:00
s4:torture: For NTLM make sure we have CRED_USE_KERBEROS_DESIRED
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
092d26af by Andreas Schneider at 2021-06-16T00:34:38+00:00
s4:torture: Pass the pkinit ccache via a torture variable
Mixing -Uuser%password and --krb5-ccache doesn't really work on the
cmdline as -U overwrited the ccache.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a40bc1d0 by Andreas Schneider at 2021-06-16T00:34:38+00:00
s4:torture: Migrate smbtorture to new cmdline option parser
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4b4fd534 by Andreas Schneider at 2021-06-16T00:34:38+00:00
testprogs: Add smbtorture tests with new options
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2a0471df by Andreas Schneider at 2021-06-16T00:34:38+00:00
s4:torture: Change -U|--user to --user1 and --user2
The '-U' option is already defined by the default cmdline parser!
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b4c1f438 by Andreas Schneider at 2021-06-16T00:34:38+00:00
s4:torture: Migrate gentest to new cmdline option parser
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c0034d30 by Andreas Schneider at 2021-06-16T00:34:38+00:00
s4:torture: Change -U|--user to --user1 and --user2
The '-U' option is already defined by the default cmdline parser!
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
caafb3cd by Andreas Schneider at 2021-06-16T00:34:38+00:00
s4:torture: Migrate locktest to new cmdline option parser
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ba32b542 by Andreas Schneider at 2021-06-16T00:34:38+00:00
s4:torture: Migrate masktest to new cmdline option parser
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a593065c by Andreas Schneider at 2021-06-16T00:34:38+00:00
lib:ldb: Use C99 initializers for builtin_popt_options[]
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c2c7c1f5 by Andreas Schneider at 2021-06-16T00:34:38+00:00
lib:ldb-samba: Improve calculate_popt_array_length()
Note that memcmp() doesn't work well with padding bytes. So avoid it!
(gdb) ptype/o struct poptOption
/* offset | size */ type = struct poptOption {
/* 0 | 8 */ const char *longName;
/* 8 | 1 */ char shortName;
/* XXX 3-byte hole */
/* 12 | 4 */ unsigned int argInfo;
/* 16 | 8 */ void *arg;
/* 24 | 4 */ int val;
/* XXX 4-byte hole */
/* 32 | 8 */ const char *descrip;
/* 40 | 8 */ const char *argDescrip;
/* total size (bytes): 48 */
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1d3af5d3 by Andreas Schneider at 2021-06-16T00:34:38+00:00
lib:ldb-samba: Use talloc_zero_array() and use ldb as the mem context
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d37462d7 by Andreas Schneider at 2021-06-16T01:25:28+00:00
lib:ldb-samba: Migrate samba extensions to new cmdline option parser
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed Jun 16 01:25:28 UTC 2021 on sn-devel-184
- - - - -
e2486d76 by Ralph Boehme at 2021-06-16T05:08:29+00:00
mdssvc: use a helper variable in mds_add_result()
No change in behaviour.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14740
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
8847f46f by Ralph Boehme at 2021-06-16T05:08:29+00:00
mdssvc: don't fail mds_add_result() if result is not found in CNID set
Just skip adding the result to the pending results set, don't return an
error. Returning an error triggers an error at the MDSSVC RPC error which is NOT
what we want here.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14740
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1ef2828e by Ralph Boehme at 2021-06-16T05:08:29+00:00
mdssvc: pass messaging context to mds_init_ctx()
This is needed in a subsequent commit. Note that I prefer to do the event
context unwrapping in the caller and pass both the event and messaging context
explicitly to mds_init_ctx().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14740
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
16c39b81 by Ralph Boehme at 2021-06-16T05:08:29+00:00
smbd: pass tevent context to create_conn_struct_as_root()
The next commit will add another caller of create_conn_struct_as_root() that is
going to pass a long-lived tevent context.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14740
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
9a2d6bcf by Ralph Boehme at 2021-06-16T05:08:29+00:00
smbd: add create_conn_struct_cwd()
Compared to create_conn_struct_tos_cwd() this takes a TALLOC_CTX and
tevent_context as additional arguments and the resulting connection_struct is
stable across the lifetime of mem_ctx and ev.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14740
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
8b681cfb by Ralph Boehme at 2021-06-16T05:08:29+00:00
mdssvc: maintain a connection struct in the mds_ctx
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14740
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
6de3a884 by Ralph Boehme at 2021-06-16T05:08:29+00:00
mdssvc: chdir() to the conn of the RPC request
In preperation of calling VFS functions.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14740
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
620b9914 by Ralph Boehme at 2021-06-16T05:59:12+00:00
mdssvc: avoid direct filesystem access, use the VFS
This ensures mdssvc uses the same FileIDs as the fileserver as well as Spotlight
can be used working on a virtual filesystem like GlusterFS.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14740
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Wed Jun 16 05:59:13 UTC 2021 on sn-devel-184
- - - - -
ac10058d by Jeremy Allison at 2021-06-16T11:10:36+00:00
s3: torture: Add POSIX-SYMLINK-SETPATHINFO regression test.
This ensure we never blunder into indirecting a NULL fsp pointer
in the server. Currently this crashes the server in several info
levels.
Add knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14742
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
263c95ae by Jeremy Allison at 2021-06-16T11:58:00+00:00
s3: smbd: Fix smbd crash on dangling symlink with posix connection calling several non-posix info levels.
Tidy up fsp == NULL checks. Remove knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14742
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
Autobuild-User(master): Noel Power <npower at samba.org>
Autobuild-Date(master): Wed Jun 16 11:58:00 UTC 2021 on sn-devel-184
- - - - -
c9350fef by Andrew Bartlett at 2021-06-16T14:43:17+00:00
heimdal_build: Improve error and warning handling on old and new compilers
The previous commit 1eadeaed0a6ca3a58eb9fd176a7ae5bcc28f64ef had a couple of
errors, the unpicky flags were being set on all builds (not just old
compiler builds) due to confusing variable names, and Ubuntu 16.04
would not build (for fuzzing) because it thought some variables
were maybe-uninitialized.
This keeps stricter warnings->errors on modern compilers while
allowing the full build, even in the near future when a modern
Heimdal is imported.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Wed Jun 16 14:43:17 UTC 2021 on sn-devel-184
- - - - -
d39715b8 by Garming Sam at 2021-06-17T04:21:30+00:00
join: provision_fill does not return anything
Discovered by Semmle code analysis:
https://lgtm.com/projects/g/samba-team/samba
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
d0483b55 by Garming Sam at 2021-06-17T04:21:30+00:00
perf_tests: Implicit string concatenation
Discovered by Semmle code analysis:
https://lgtm.com/projects/g/samba-team/samba
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
1f2ce49b by Garming Sam at 2021-06-17T04:21:30+00:00
upgradeprovision: Remove duplicate key
Discovered by Semmle code analysis:
https://lgtm.com/projects/g/samba-team/samba
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
1c3821c9 by Garming Sam at 2021-06-17T05:12:03+00:00
netcmd: Incorrect arguments to Exception constructor
Discovered by Semmle code analysis:
https://lgtm.com/projects/g/samba-team/samba
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall at samba.org>
Autobuild-Date(master): Thu Jun 17 05:12:03 UTC 2021 on sn-devel-184
- - - - -
50047588 by Douglas Bagnall at 2021-06-18T03:39:28+00:00
torture: talloc_string_sub tests for utf-8 brevity
If we allow overly long UTF-8 sequences (in the tests, encoding '\0'
as 2, 3, or 4 bytes), it might be possible for bad strings to slip
through.
We fail. But wait for the next commit.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14684
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1ea18166 by Douglas Bagnall at 2021-06-18T03:39:28+00:00
util/iconv: reject improperly packed UTF-8
If we allow a string that encodes say '\0' as a multi-byte sequence,
we are open to confusion where we mix NUL terminated strings with
sized data blobs, which is to say EVERYWHERE.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14684
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
4711ad9e by Douglas Bagnall at 2021-06-18T04:27:16+00:00
util/charset: warn loudly on unexpected E2BIG
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Jun 18 04:27:17 UTC 2021 on sn-devel-184
- - - - -
21d4aec1 by Jeremy Allison at 2021-06-18T16:32:28+00:00
s3: smbd: open_directory(). Cleanup. We don't need 'int flags' here.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
610c3ff8 by Jeremy Allison at 2021-06-18T16:32:28+00:00
s3: smbd: Change change_dir_owner_to_parent() -> change_dir_owner_to_parent_fsp().
Operate on handles only.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
f9022f65 by Jeremy Allison at 2021-06-18T16:32:28+00:00
s3: smbd: change_dir_owner_to_parent_fsp(). Don't re-stat the pathref..
Optimization now becomes clear. We already have a valid stat of the parent
directory so we don't need to re-do a system call.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
d6f6e5f7 by Jeremy Allison at 2021-06-18T16:32:28+00:00
s3: smbd: Make change_file_owner_to_parent() static.
Only used inside open.c.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
bdc749ca by Jeremy Allison at 2021-06-18T16:32:28+00:00
s3: smbd: Change change_file_owner_to_parent() -> change_file_owner_to_parent_fsp().
Same changes as for change_dir_owner_to_parent_fsp().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
c8e8633b by Jeremy Allison at 2021-06-18T16:32:28+00:00
s3: smbd: change_file_owner_to_parent_fsp(). Don't re-stat the pathref.
Optimization now becomes clear. We already have a valid stat of the parent
directory so we don't need to re-do a system call.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
5ae2d4e4 by Jeremy Allison at 2021-06-18T17:21:31+00:00
s3: smbd: Optimization in non_widelink_open(). Don't need to vfs_ChDir(parent_dir_fname) if parent is "."
Save several system calls if we're operating at the root of the share..
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Fri Jun 18 17:21:31 UTC 2021 on sn-devel-184
- - - - -
4079efae by Andreas Schneider at 2021-06-18T18:14:11+00:00
s3:modules: Reduce debug level if file doesn't exists on dfs share
There is software out there trying to open desktop.ini in every
directory. Avoid spamming the logs with error messages.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Jun 18 18:14:11 UTC 2021 on sn-devel-184
- - - - -
779d0f02 by David Mulder at 2021-06-20T22:06:36+00:00
samba-tool: Enable samba-tool without ad dc (but with ads)
Much of samba-tool can operate without the full AD DC,
for remote operations.
However the samba-tool gpo command depends on ads being
built. Without ads, every samba-tool command
crashes because ads imports fail.
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
fb5fe30e by David Mulder at 2021-06-20T22:06:36+00:00
samba-tool: Disable AD DC options in samba-tool domain
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f241fe5d by David Mulder at 2021-06-20T22:06:36+00:00
dns: Enable dnsserver_common install when not ad dc
dnsserver_common is enabled without the ad-dc to
prevent imports from failing when samba-tool is
called where the ad-dc was not built. The
server-side dns code is used in the client when
we do direct LDAP modification of DNS records.
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a45ea91c by David Mulder at 2021-06-20T22:06:36+00:00
samba-tool: Ensure commands don't crash without ad-dc
This simply ensures against import errors when
samba is built without the ad-dc. Calling every
help message guarantees the imports succeeded.
The test is intentionally run against the
fileserver test environment, because it's
configured --without-ad-dc and does not disable
ads.
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f47ea871 by Andreas Schneider at 2021-06-20T22:06:36+00:00
python:tests: Fix contact_edit test with system libldb
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
084e8616 by Andreas Schneider at 2021-06-20T22:06:36+00:00
python:tests: Fix user_edit test with system libldb
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c09a56ea by Andreas Schneider at 2021-06-20T22:52:05+00:00
python:tests: Fix group_edit test with system libldb
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Sun Jun 20 22:52:05 UTC 2021 on sn-devel-184
- - - - -
c1504ae5 by Douglas Bagnall at 2021-06-20T23:26:32+00:00
pytests: dns_aging get informative assertions
When trying to understand the results of these tests, it is not very
helpful to have messages like:
AssertionError: 3685511 != 3685343
when the only thing you want to know is the difference between these two
numbers. So here we make timestamp specific assertions.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
701e21ad by Douglas Bagnall at 2021-06-20T23:26:32+00:00
pytest: adjust dns_aging to handle some non-TXT records
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
559384be by Douglas Bagnall at 2021-06-20T23:26:32+00:00
pytest: add A and AAAA aging tests
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0423b0b8 by Douglas Bagnall at 2021-06-20T23:26:32+00:00
pytest: dns_aging: use assert_timestamps_equal() widely
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d7d4fd98 by Douglas Bagnall at 2021-06-20T23:26:32+00:00
pytest: dns_aging: remind developers to use fl2003
By "developers", I of course mean "me".
Other environments insist on secure updates, which these tests don't
do.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
983955a2 by Douglas Bagnall at 2021-06-20T23:26:32+00:00
pytest: dns_aging: correct typo mis-assertions in 2 tests
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ad6d5a9c by Douglas Bagnall at 2021-06-20T23:26:32+00:00
pytest: dns_aging: add helper for DNS delete updates
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b1730288 by Douglas Bagnall at 2021-06-20T23:26:32+00:00
pytest: dns_aging: helper to get non-tombstoned records
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3cee6c94 by Douglas Bagnall at 2021-06-20T23:26:32+00:00
pytest: dns_aging: remove/fix unused helper functions
self.rpc_delete_txt() will be used next commit.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a7c0a17c by Douglas Bagnall at 2021-06-20T23:26:32+00:00
pytest: dns_aging tests deletions using DNS update
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b5c01f56 by Douglas Bagnall at 2021-06-20T23:26:32+00:00
pytest: dns_aging: try queries of recently tombstoned nodes
Windows fails this one.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0c5dc26d by Douglas Bagnall at 2021-06-20T23:26:32+00:00
pytest: dns_aging: add Samba-specific scavenging test
We can't make scavenging happen on demand on Windows, so we just
concentrate on Samba here.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
16875db2 by Douglas Bagnall at 2021-06-20T23:26:32+00:00
pytest: dns_aging: remove a test that fails on Windows
This fails on Windows due to apparent races between the RPC, DNS, and
LDAP servers. There is no point having it sit there doing nothing.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
bdd755a6 by Douglas Bagnall at 2021-06-20T23:26:32+00:00
pytest dns_aging: test tombstone timestamp ranges
We have always used hours where we are meant to use NTTIME. Let's make
sure we don't break old tombstones.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
dbfbbd42 by Douglas Bagnall at 2021-06-20T23:26:32+00:00
dns scavenging: tombstone deletion uses correct time units
Before we were comparing hours to 1e-7 second units.
Now we do it both ways. That's because in dns_tombstone_records (in
this same file) we have been putting hour timestamps in EntombedTime,
but this field is supposed to have NTTIME timestamps, and those
timestamps won't have updated themselves.
This wouldn't matter much in pure Samba networks if we weren't also
using the correct timestamp in dns_common_replace().
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
546c64b3 by Douglas Bagnall at 2021-06-20T23:26:32+00:00
dns scavenging: correctly set tombstome timestamp
In a DNS tombstone record, the dwTimestamp is, as always, uint32_t hours
since 1601, while the wType-switched .data.EntombedTime timestamp is NTTIME.
We had that wrong, putting the hours in both places.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8f8eb929 by Douglas Bagnall at 2021-06-20T23:26:32+00:00
dns scavenging: avoid a small memory leak
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
25be60a1 by Douglas Bagnall at 2021-06-20T23:26:32+00:00
dns scavenging: avoid another small memory leak
We weren't freeing the zones, which is admittedly tricky with the dlink
list.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2c6a0265 by Douglas Bagnall at 2021-06-20T23:26:32+00:00
dns scavenging: avoid setting same flags twice
We already did this with db_msg_add_empty(), ~20 lines up.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2d98d733 by Douglas Bagnall at 2021-06-20T23:26:32+00:00
dns scavenging: ensure usual ownership of element values
An ldb message, its elements, and their values usually all share a
little talloc sub-tree with each other and nobody else. It is
conceivable that somewhere we rely on that.
In this case we were sharing an out-of-subtree values array across
multiple messages, which seems to be asking for trouble.
Also, add a comment explaining what we want.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
95e9da2f by Douglas Bagnall at 2021-06-20T23:26:32+00:00
dns scavenging: avoid passing blobs
We can construct these ldb values for each zone with minimal cost and
it is less bamboozling to do so.
While we're fiddling with signatures, we can make this used-once local
function static.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
444b8178 by Douglas Bagnall at 2021-06-20T23:26:32+00:00
dns scavenging: simplify copy_current_records
We don't need to pull and push to make a byte identical copy of an ldb
value, nor do we need a temporary array.
As part of this, we avoid leaving a dangling el->num_values pointing
into space where there were no actually allocated values, which is not
how we do things, even briefly.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4a2bfd24 by Douglas Bagnall at 2021-06-20T23:26:32+00:00
dns scavenging: avoid useless copy of msg
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9fb69274 by Douglas Bagnall at 2021-06-20T23:26:32+00:00
dns scavenging: tighten lifetime of filtered records
We were ending up with everything lasting as long as
kccsrv_periodic_run(), which could add to quite a pile.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ef7daa51 by Douglas Bagnall at 2021-06-20T23:26:32+00:00
dns scavenging: log tombstone inconsistency
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f52ce9f9 by Douglas Bagnall at 2021-06-20T23:26:32+00:00
dns scavenging: avoid leak in dns_tombstone_records
As always, we forget to free our zones. Also to check our zones.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3dd5ae46 by Douglas Bagnall at 2021-06-20T23:26:32+00:00
dns scavenging: ensure tombstoned node has one record
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
020c76a5 by Douglas Bagnall at 2021-06-20T23:26:32+00:00
dns scavenging: add an explanatory comment
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2af06390 by Douglas Bagnall at 2021-06-20T23:26:32+00:00
dsdb periodic: DNS: split aging from tombstone deletion
We have been conflating two things (under the term "scavenging"):
1. aging out stale DNS records into tombstones, which only happens if
this feature is switched on in general and for the zone.
2. removing expired DNS tombstones, which should always happen
(because we tombstone nodes in *other* ways).
With this patch, we un-conflate.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4982beaa by Andreas Schneider at 2021-06-20T23:26:32+00:00
s4:registry: Migrate regshell to new cmdline option parser
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
bd52627e by Andreas Schneider at 2021-06-20T23:26:32+00:00
s4:registry: Migrate regdiff to new cmdline option parser
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8123c90e by Andreas Schneider at 2021-06-20T23:26:32+00:00
s4:registry: Migrate regtree to new cmdline option parser
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
12ba3d9d by Andreas Schneider at 2021-06-20T23:26:32+00:00
s4:registry: Migrate regpatch to new cmdline option parser
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
91c8c480 by Andreas Schneider at 2021-06-20T23:26:32+00:00
s4:utils: Migrate oLschema2ldif to new cmdline option parser
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2e520fea by Andreas Schneider at 2021-06-20T23:26:32+00:00
libcli:nbt: Migrate nmblookup4 to new cmdline option parser
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
387bb56b by Andreas Schneider at 2021-06-20T23:26:32+00:00
nsswitch: Migrate wbinfo to new cmdline option parser
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
212038bb by Andreas Schneider at 2021-06-20T23:26:32+00:00
docs-xml: Update wbinfo.1 manpage for new cmdline opition parser
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
70a09d2c by Andreas Schneider at 2021-06-20T23:26:32+00:00
librpc:tools: Remove '-l' which conflicts with '-l|--log-basename'
The common cmdline parser already provides '-l'.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a8052d70 by Andreas Schneider at 2021-06-20T23:26:32+00:00
librpc:tools: Migrate ndrdump to new cmdline option parser
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9f514b37 by Andreas Schneider at 2021-06-20T23:26:32+00:00
s4:lib: Remove obsolete popt cmdline parser
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
32a71e50 by Andreas Schneider at 2021-06-20T23:26:32+00:00
winexe: Use the new cmdline option parser
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14616
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f4bf1b2f by Andreas Schneider at 2021-06-20T23:26:32+00:00
winexe: Some code cleanup and fixes
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
84f7db5f by Andreas Schneider at 2021-06-20T23:26:32+00:00
docs-xml: Update winexe.1 manpage for new cmdline opition parser
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7f27bbd5 by Andreas Schneider at 2021-06-20T23:26:32+00:00
docs-xml: Use new cmdline entities for traffic_replay.7 manpage
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
36bb6686 by Andreas Schneider at 2021-06-20T23:26:32+00:00
python: Streamline option parser of python tools
The python tools, especially samba-tool should have the same option set
as the rest of the client utils.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
fad6786e by Andreas Schneider at 2021-06-20T23:26:32+00:00
docs-xml: Update samba-tool manpage for option parser changes
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
69368d8a by Andreas Schneider at 2021-06-20T23:26:32+00:00
docs-xml: Remove unused manpage entities
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
18eabaf3 by Andreas Schneider at 2021-06-20T23:26:32+00:00
lib:cmdline: Improve doxygen documentation
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
84de4eb1 by Andreas Schneider at 2021-06-21T00:10:21+00:00
WHATSNEW: Improved cmdline user experience
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Mon Jun 21 00:10:21 UTC 2021 on sn-devel-184
- - - - -
e9e6d156 by Andrew Bartlett at 2021-06-21T00:58:31+00:00
python/samba/tests: Remove DCs joined to test samba-tool behaviour
Otherwise we have the live DCs spamming the logs looking for the
long-gone test servers:
Failed to connect host fd00::5357:5f0b on port 135 - NT_STATUS_OBJECT_NAME_NOT_FOUND
Failed to connect host fd00::5357:5f0b (6f44653d-18c8-4bf4-b2e7-6f85cf7b0f74._msdcs.addom.samba.example.com) on port 135 - NT_STATUS_OBJECT_NAME_NOT_FOUND.
Failed to connect host 10.53.57.11 on port 135 - NT_STATUS_OBJECT_NAME_NOT_FOUND
Failed to connect host 10.53.57.11 (6f44653d-18c8-4bf4-b2e7-6f85cf7b0f74._msdcs.addom.samba.example.com) on port 135 - NT_STATUS_OBJECT_NAME_NOT_FOUND.
Failed to connect host 10.53.57.12 on port 135 - NT_STATUS_OBJECT_NAME_NOT_FOUND
This avoids spamming the GitLab pipeline logs with a lot of noise,
as there is a size limit to the output, as well as being cleaner.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
- - - - -
bbff4f5e by Andrew Bartlett at 2021-06-21T00:58:31+00:00
testprogs/blackbox: Remove joined dc for ldapcmp
We don't need this DC once the ldapcmp is over, and it avoids
the running DC spamming the logs looking for it.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
- - - - -
91f5b5f3 by Andrew Bartlett at 2021-06-21T01:46:58+00:00
selftest: Remove -d10 from test startup
It looks like "python:tests: Add SAMR password change tests for fips"
(which is also the title of 9a3ba502d8193b25799ef92917efafd52de2e8c2,
but this is also unrelated) and was a probalby a rebase artifact,
being a debugging aid that should have been omitted.
This reverts commit ebd687335b9accfdbae7dbc65c9882ab4d5c0986.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
Autobuild-User(master): Gary Lockyer <gary at samba.org>
Autobuild-Date(master): Mon Jun 21 01:46:58 UTC 2021 on sn-devel-184
- - - - -
8d32cdf1 by Douglas Bagnall at 2021-06-22T01:14:37+00:00
python dns: dns_record_match() matches IPv6 semantically
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b24b8233 by Douglas Bagnall at 2021-06-22T01:14:37+00:00
pytest: dns_aging: test RPC updates of disparate types
Can a TXT record be replaced by an A record in an RPC update?
According to Windows, yes.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6fb83b45 by Douglas Bagnall at 2021-06-22T01:14:37+00:00
pytest: dns_aging: test delete multiple records
Using dns.DNS_QCLASS_ANY we can delete all the records of a certain
type. What happens to other timestamps? The answer should be nothing.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b2453a0f by Douglas Bagnall at 2021-06-22T01:14:37+00:00
pytest: samba-tool dns: allow valid updates
Without this patch we will get errors like this when in-place RPC
updates start to work:
AssertionError: unexpectedly None : Successfully updated record
'192.168.0.1' to '192.168.0.1', even though the latter is of type
'A' where 'A' was expected.
That's because we have always rejected updates that try to modify an
existing record. We shouldn't.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
663a154e by Douglas Bagnall at 2021-06-22T01:14:37+00:00
pytest: samba-tool dns: allow identical updates
We know this should work from tests of the underlying RPC calls on
Windows (see dns_aging).
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
61355d36 by Douglas Bagnall at 2021-06-22T01:14:37+00:00
pytest dns_aging: add simple delete tests
When records are added and deleted and added again, Windows gets all
kinds of ideas about what should happen, and many of our tests explore
that. Here we focus the simplest case with a variety of timestamp
combinations.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
eac8d6b3 by Douglas Bagnall at 2021-06-22T01:14:37+00:00
pytest dns_aging: add sibling tests
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ebfa200b by Douglas Bagnall at 2021-06-22T01:14:37+00:00
pytest: dns_aging: fix two tests (bad arithmetic)
oops.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7fbb8f8e by Douglas Bagnall at 2021-06-22T01:14:37+00:00
pytest dns_aging: add windows_variation
We want to sometimes be able to say "we know Windows fails, it fails
like this, it is OK", so that when we run the tests on Windows we know
the failures are not unexpected.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ad6637af by Douglas Bagnall at 2021-06-22T01:14:37+00:00
pytest: dns_aging sibling test fails on windows
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
de2b775e by Douglas Bagnall at 2021-06-22T01:14:37+00:00
pytest: dns_aging: do not insist on non-aging timestamp updates
With Windows, when aging is off, the record timestamps are updated
anyway, but the timestamp change is not replicated.
We are not going to do it like that. With aging off, our records will
keep their first timestamp.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
24493ccc by Douglas Bagnall at 2021-06-22T01:14:37+00:00
pytest samba-tool dns: avoid testing update of '.' PTR
This will fail for reasons that maybe we don't care about.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
aa97974c by Douglas Bagnall at 2021-06-22T01:14:37+00:00
pytest segfaults: add a couple more failing tests
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
97b9f45a by Douglas Bagnall at 2021-06-22T01:14:37+00:00
pytest/dns_forwarder: remove unused function and imports
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5e559528 by Douglas Bagnall at 2021-06-22T01:14:37+00:00
pytest: dcerpc/dnsserver: fix tombstone test
It worked accidentally, like all our tombstone tests.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
43ab8a4a by David Mulder at 2021-06-22T01:14:37+00:00
samdb: Create user in wellknown user container
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9143
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4602f4fc by David Mulder at 2021-06-22T01:14:37+00:00
samdb: Create group in wellknown user container
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9143
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
fee11c35 by David Mulder at 2021-06-22T01:14:37+00:00
samdb: Create computer in wellknown user container
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9143
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
151f432c by David Mulder at 2021-06-22T01:14:37+00:00
samba-tool: Demote computer to wellknown container
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9143
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0db57db8 by David Mulder at 2021-06-22T01:14:37+00:00
samba-tool: Provision search DnsAdmins from wellknown container
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9143
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e267cea8 by David Mulder at 2021-06-22T01:14:37+00:00
samba-tool: dbcheck search DnsAdmins from wellknown container
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9143
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
002ef728 by Amitay Isaacs at 2021-06-22T02:05:17+00:00
torture: Fix build on freebsd, missing deps on cmdline
Missing dependency causes build failure on freebsd.
[2928/3944] Compiling source4/torture/util_smb.c
In file included from ../../source4/torture/util_smb.c:22:
../../lib/cmdline/cmdline.h:22:10: fatal error: 'popt.h' file not found
^~~~~~~~
1 error generated.
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Tue Jun 22 02:05:17 UTC 2021 on sn-devel-184
- - - - -
c04df97e by Jeremy Allison at 2021-06-22T13:44:34+00:00
s3: VFS: Cleanup. Remove SMB_VFS_FSYNC() macro.
This hasn't been used since bc71cd035c816de4ca98002860496bf8f5d50fe3.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
ec0c2710 by Jeremy Allison at 2021-06-22T13:44:34+00:00
s3: lib: In adouble_path(), if the parent directory name is ".", don't prepend "./" to the outgoing filename.
We expect smb_fname->base_name values to not contain "./name".
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
8848ebf5 by Jeremy Allison at 2021-06-22T13:44:34+00:00
s3: VFS: syncops. Add 'connection_struct *conn' to syncops_smb_fname().
Not yet used. This will allow us to make syncops really stackable later.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
1687df4d by Jeremy Allison at 2021-06-22T13:44:34+00:00
s3: VFS: Add 'connection_struct *conn' parameter to syncops_two_names().
Not yet used. This will allow us to make syncops really stackable later.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
6d1972b7 by Jeremy Allison at 2021-06-22T13:44:34+00:00
s3: VFS: syncops: Add 'connection_struct *conn' to syncops_sync_directory().
Remove 'const' from 'char *dname' parameter. This is always a talloc
allocated pointer.
Not yet used. This will allow us to make syncops really stackable later.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
fbeefe3b by Jeremy Allison at 2021-06-22T13:44:34+00:00
s3: VFS: syncops: Remove direct system calls and use OpenDir()/smb_vfs_fsync_sync()/TALLOC_FREE() to sync a directory.
syncops is now *really* stackable.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
5da0d75d by Jeremy Allison at 2021-06-22T13:44:34+00:00
s3: VFS: syncops: Do early returns in SYNCOPS_NEXT_SMB_FNAME() macro.
Makes the macro much clearer.
We should always do the operation first, then try the sync.
Failure to sync is not reported as an error, so failure
to create the full_fname shouldn't fail the operation either.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
d76abb32 by Jeremy Allison at 2021-06-22T13:44:34+00:00
s3: VFS: syncops. Do early return in syncops_linkat()
We should always do the operation first, then try the sync.
Failure to sync is not reported as an error, so failure
to create the full_fnames shouldn't fail the operation either.
Makes the code path clearer.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
abc21094 by Jeremy Allison at 2021-06-22T13:44:34+00:00
s3: VFS: syncops. Do early return in syncops_renameat().
Makes the code path clearer.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
bb8e66cd by Jeremy Allison at 2021-06-22T13:44:34+00:00
s3: smbd: Make copy_internals() public. vfs_crossrename() will be changed to use this.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
5c18f074 by Jeremy Allison at 2021-06-22T13:44:34+00:00
s3: VFS: crossrename. Use real dirfsp for SMB_VFS_RENAMEAT()
Finally fix the promise from the docs that this module is stackable. Re-use copy_internals().
This is a horrible module that must be removed !
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
7785da8d by Jeremy Allison at 2021-06-22T13:44:34+00:00
s3: VFS: audit: Use real dirfsp for SMB_VFS_RENAMEAT()
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
a9832db6 by Jeremy Allison at 2021-06-22T13:44:34+00:00
s3: VFS: cap: Use real dirfsp for SMB_VFS_RENAMEAT()
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
5235ffea by Jeremy Allison at 2021-06-22T13:44:34+00:00
s3: VFS: ceph: Use real dirfsp for SMB_VFS_RENAMEAT()
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
770357f6 by Jeremy Allison at 2021-06-22T13:44:34+00:00
s3: VFS: extd_audit: Use real dirfsp for SMB_VFS_RENAMEAT()
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
f02f55e8 by Jeremy Allison at 2021-06-22T13:44:34+00:00
s3: VFS: full_audit.c: Use real dirfsp for SMB_VFS_RENAMEAT()
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
69f38589 by Jeremy Allison at 2021-06-22T13:44:34+00:00
s3: VFS: glusterfs: Use real dirfsp for SMB_VFS_RENAMEAT()
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
2c5ead7f by Jeremy Allison at 2021-06-22T13:44:34+00:00
s3: VFS: media_harmony: Use real dirfsp for SMB_VFS_RENAMEAT()
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
11ec689c by Noel Power at 2021-06-22T13:44:34+00:00
s3: VFS: virusfilter: Use real dirfsp for SMB_VFS_RENAMEAT()
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c04d6e84 by Jeremy Allison at 2021-06-22T13:44:34+00:00
s3: VFS: syncops: Use real dirfsp for SMB_VFS_RENAMEAT()
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
a2f3c4f5 by Jeremy Allison at 2021-06-22T13:44:34+00:00
s3: VFS: time_audit: Use real dirfsp for SMB_VFS_RENAMEAT()
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
395cee80 by Jeremy Allison at 2021-06-22T13:44:34+00:00
s3: VFS: unityed_media: Use real dirfsp for SMB_VFS_RENAMEAT()
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
e5274ecd by Jeremy Allison at 2021-06-22T13:44:34+00:00
s3: VFS: streams_depot: Use real dirfsp for SMB_VFS_RENAMEAT()
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
ab01a36d by Jeremy Allison at 2021-06-22T13:44:34+00:00
s3: VFS: streams_xattr: Use real dirfsp for SMB_VFS_RENAMEAT()
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
5059d37f by Jeremy Allison at 2021-06-22T13:44:34+00:00
s3: smbd: Make SMB_VFS_RENAMEAT() a relative call.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
fb665462 by Jeremy Allison at 2021-06-22T14:34:06+00:00
s3: VFS: Update status of SMB_VFS_RENAMEAT.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
Autobuild-User(master): Noel Power <npower at samba.org>
Autobuild-Date(master): Tue Jun 22 14:34:06 UTC 2021 on sn-devel-184
- - - - -
1a2ca143 by Andreas Schneider at 2021-06-23T08:19:30+00:00
lib:ldb-samba: Set log level for ldb tracing to 11
We should not enable ldb tracing on debug level 10 which is meant for
Samba debug logs and not trace logs.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
0fe2ae66 by Andreas Schneider at 2021-06-23T09:03:42+00:00
lib:ldb-samba: Use debug level defines
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Wed Jun 23 09:03:42 UTC 2021 on sn-devel-184
- - - - -
246a1966 by Jeremy Allison at 2021-06-23T09:04:36+00:00
s3: VFS: posixacl_xattr: Remove posixacl_xattr_acl_get_file(). No longer used.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
1139f96c by Jeremy Allison at 2021-06-23T09:56:00+00:00
s3: VFS: posixacl_xattr: Remove posixacl_xattr_acl_set_file(). No longer used.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
Autobuild-User(master): Noel Power <npower at samba.org>
Autobuild-Date(master): Wed Jun 23 09:56:00 UTC 2021 on sn-devel-184
- - - - -
abb022b9 by Andreas Schneider at 2021-06-23T09:56:37+00:00
docs-xml: Fix description of `winbind use krb5 enterprise principals`
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
106c2b39 by Andreas Schneider at 2021-06-23T09:56:37+00:00
docs-xml: Enable `winbind use krb5 enterprise principals` by default
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
3e0fbc79 by Andreas Schneider at 2021-06-23T09:56:37+00:00
docs-xml: Disable `winbind scan trusted domains` by default
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
62875044 by Andreas Schneider at 2021-06-23T10:46:22+00:00
WHATSNEW: Document changes of trusted domains scanning and enterpise principals
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Wed Jun 23 10:46:22 UTC 2021 on sn-devel-184
- - - - -
e40d4527 by Martin Schwenke at 2021-06-25T09:16:31+00:00
ctdb-daemon: Close server socket when switching to client
The socket is set close-on-exec but that doesn't help for processes
that do not exec(). This should be done for all child processes.
This has been seen in testing where "ctdb shutdown" waits for the
socket to close before succeeding. It appears that lingering
vacuuming processes have not closed the socket when becoming clients
so they cause "ctdb shutdown" to hang even though the main daemon
process has exited. The cause of the lingering vacuuming processes
has been previously examined but still isn't understood.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
23b2fab2 by Martin Schwenke at 2021-06-25T09:16:31+00:00
ctdb-common: Drop unused include of mkdir_p.h
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
fc0da6b0 by Martin Schwenke at 2021-06-25T09:16:31+00:00
ctdb-tests: Force stub version of service in eventscript tests
Fedora 34 now has a shell function for the which command, which causes
these uses of which to return the enclosing function definition rather
than the executable file as expected.
The event script unit tests always expect the stub service command to
be used, so the conditional in these functions is unnecessary.
$CTDB_HELPER_BINDIR already conveniently points to the stub directory,
so use it here.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
466aa8b6 by Martin Schwenke at 2021-06-25T10:06:48+00:00
ctdb-scripts: Ignore ShellCheck SC3013 for test -nt
In ShellCheck 0.7.2, POSIX compatibility warnings got their own SC3xxx
error codes, so now both the old and new codes need to be ignored.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay at samba.org>
Autobuild-Date(master): Fri Jun 25 10:06:48 UTC 2021 on sn-devel-184
- - - - -
0d78398b by Jeremy Allison at 2021-06-25T15:53:31+00:00
s4: torture: Improve error messages in check_stream() and read_stream() to include the filename and NTSTATUS.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
a6df051d by Jeremy Allison at 2021-06-25T15:53:31+00:00
s3: smbd: In openat_pathref_fsp(), just check we're opening the same file type, not dev and inode.
As this is an internal open and we don't have any
locks around, we don't have to mandate the dev and ino
pair are the same (and in fact not doing so fixes bugs
when this is called by VFS modules that like to play tricks
with ino number on stream paths (fruit, and streams_xattr
are the two that currently do this).
There's no security advantage to checking that, as the
fd_openat() ensures this is safe. As fd_openat() does an
FSTAT on the handle, update the smb_fname stat info with
the "correct" values from the handle.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
bd0bad6f by Jeremy Allison at 2021-06-25T15:53:31+00:00
s3: smbd: On startup file_name_hash() can be called with an absolute pathname.
This occurs on first CHDIR to the root of the share.
Ensure we don't add conn->connectpath twice when doing
creating the file name hash.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
b63ac2ed by Jeremy Allison at 2021-06-25T15:53:31+00:00
s3: smbd: Move the call to fsp_set_fd(conn->cwd_fsp, AT_FDCWD) to just after SMB_VFS_CHDIR().
Once SMB_VFS_CHDIR() has been called and returned success, cwd_fsp *must* be AT_FDCWD.
We needs this so that SMB_VFS_STAT() can work correctly with
at startup time with modules that need to create pathref fsp's.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
2dd7ac6a by Jeremy Allison at 2021-06-25T15:53:31+00:00
s3: smbd: get_ea_value(). If we have an fsp, *always* use it for SMB_VFS_FGETXATTR().
If the underlying fd is -1, we want this to fail with EBADF.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
4670cf1d by Jeremy Allison at 2021-06-25T15:53:31+00:00
s3: smbd: Temporarily add protection to get_ea_value() for fsp==NULL and smb_fname==NULL.
This will go away once get_ea_value() is fully handle-based
and renamed to get_ea_value_fsp().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
f694b363 by Jeremy Allison at 2021-06-25T15:53:31+00:00
s3: modules: acl_xattr: getxattr_do(). Remove the smb_fname parameter.
It was always NULL. Always use the passed in fsp.
If the underlying fd is -1, we want this to fail with EBADF.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
757b7d5c by Jeremy Allison at 2021-06-25T15:53:31+00:00
s3: smbd: fload_inherited_info(). Always use SMB_VFS_FGETXATTR().
If the underlying fd is -1, we want this to fail with EBADF.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
198413da by Jeremy Allison at 2021-06-25T15:53:31+00:00
s3: smbd: get_ea_list_from_fsp(). Make it clear we're using only the fsp by replacing the fsp->fsp_name with NULL.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
ff09fc77 by Jeremy Allison at 2021-06-25T15:53:31+00:00
s3: torture: In cmd_getxattr(), SMB_VFS_GETXATTR() -> SMB_VFS_FGETXATTR().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
303d15e1 by Jeremy Allison at 2021-06-25T15:53:31+00:00
s3: lib: adouble: Protect ad_read_meta() from accidently using a NULL fsp..
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
981f7143 by Jeremy Allison at 2021-06-25T15:53:31+00:00
s3: lib: adouble: Remove ad_set() - Dead code. Not used anywhere.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
c308ffa4 by Jeremy Allison at 2021-06-25T15:53:31+00:00
s3: VFS: streams_depot: file_is_valid(), SMB_VFS_GETXATTR() -> SMB_VFS_FGETXATTR().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
13778b4c by Jeremy Allison at 2021-06-25T15:53:31+00:00
s3: VFS: fake_acls: In fake_acls_lstat() - remove call to get_full_smb_filename().
It serves no purpose here. We no longer need the frame pointer.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
cf51681a by Jeremy Allison at 2021-06-25T15:53:31+00:00
s3: VFS: fake_acls: In fake_acls_lstat() - get a pathref on whatever the link points to and use the handle-based functions.
Add a recursion guard so that synthetic_pathref() can't
recurse into itself by calling SMB_VFS_LSTAT().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
6e6f532c by Jeremy Allison at 2021-06-25T15:53:31+00:00
s3: VFS: fake_acls: In fake_acls_stat() - remove call to get_full_smb_filename().
It serves no purpose here. We no longer need the frame pointer.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
d2b78728 by Jeremy Allison at 2021-06-25T15:53:31+00:00
s3: VFS: fake_acls: In fake_acls_stat() - if we have a pathref fsp, use it.
We will add a pathref open for the case where we don't next.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
243bce41 by Jeremy Allison at 2021-06-25T15:53:31+00:00
s3: VFS: fake_acls: In fake_acls_stat() - use openat_pathref_fsp() to always get a pathref fsp.
Add a recursion guard so that openat_pathref_fsp() doesn't
end up recursing into itself when it calls SMB_VFS_STAT().
We now always have a valid fsp inside fake_acls_stat().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
2e518078 by Jeremy Allison at 2021-06-25T15:53:31+00:00
s3: VFS: fake_acls: In fake_acls_stat() - Now we always have a valid fsp, remove the calls to the path-based functions.
Comment out fake_acls_uid()/fake_acls_gid(), they are no longer used.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
da18c677 by Jeremy Allison at 2021-06-25T15:53:31+00:00
s3: VFS: fake_acls: Remove unused fake_acls_uid()/fake_acls_gid().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
fe9575c8 by Jeremy Allison at 2021-06-25T15:53:31+00:00
s3: VFS: ceph_snapshots: Add ceph_snap_get_btime_fsp().
Handle-based copy of ceph_snap_get_btime(). Uses
SMB_VFS_NEXT_FGETXATTR() instead of SMB_VFS_NEXT_GETXATTR().
Commented out as nothing uses it yet. This will change shortly.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
abe3a396 by Jeremy Allison at 2021-06-25T15:53:31+00:00
s3: VFS: ceph_snapshots: In ceph_snap_fill_label() - pass in dirfsp instead of the raw path.
We will use this for openat_pathref_fsp() later.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
8fc84ac1 by Jeremy Allison at 2021-06-25T15:53:31+00:00
s3: VFS: ceph_snapshots: In ceph_snap_fill_label(), use ceph_snap_get_btime_fsp() instead of ceph_snap_get_btime().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
2298974b by Jeremy Allison at 2021-06-25T15:53:31+00:00
s3: VFS: ceph_snapshots: In ceph_snap_gmt_convert_dir() - change to use ceph_snap_get_btime_fsp().
Comment out ceph_snap_get_btime() as it has no more callers.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
0f04e1a4 by Jeremy Allison at 2021-06-25T15:53:31+00:00
s3: VFS: ceph_snapshots: Remove ceph_snap_get_btime().
No longer used.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
28f7846f by Jeremy Allison at 2021-06-25T15:53:31+00:00
s3: VFS: streams_xattr: In streams_xattr_pwrite() - remove conditional.
We know fsp->base_fsp must be valid here for SMB_VFS_FSETXATTR().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
2fdbac2c by Jeremy Allison at 2021-06-25T15:53:31+00:00
s3: VFS: streams_xattr: In streams_xattr_pwrite() - use the fsp->base_fsp argument for get_ea_value().
We know it must be valid here.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
b8190ce3 by Jeremy Allison at 2021-06-25T15:53:31+00:00
s3: VFS: streams_xattr: In streams_xattr_pwrite() - remove smb_fname_base..
No longer used and we were leaking it onto the talloc_tos() anyway.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
fbfd4183 by Jeremy Allison at 2021-06-25T15:53:31+00:00
s3: VFS: streams_xattr: In streams_xattr_pread() - use the fsp->base_fsp argument for get_ea_value().
We know it must be valid here.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
435c3f9e by Jeremy Allison at 2021-06-25T15:53:31+00:00
s3: VFS: streams_xattr: In streams_xattr_pread() - remove smb_fname_base.
No longer used and we were leaking it onto the talloc_tos() anyway.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
5d12971c by Jeremy Allison at 2021-06-25T15:53:31+00:00
s3: VFS: streams_xattr: In streams_xattr_ftruncate() - remove conditional..
We know fsp->base_fsp must be valid here for SMB_VFS_FSETXATTR()
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
caf61fc8 by Jeremy Allison at 2021-06-25T15:53:31+00:00
s3: VFS: streams_xattr: In streams_xattr_ftruncate() - use the fsp->base_fsp argument for get_ea_value().
We know it must be valid here.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
fa3609fb by Jeremy Allison at 2021-06-25T15:53:31+00:00
s3: VFS: streams_xattr: In streams_xattr_ftruncate() - remove smb_fname_base.
No longer used and we were leaking it onto the talloc_tos() anyway.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
82c95d13 by Jeremy Allison at 2021-06-25T15:53:31+00:00
s3: VFS: streams_xattr: In walk_xattr_streams() use smb_fname->fsp for get_ea_value().
We know this is a valid fsp as we have already used it above inside
walk_xattr_streams() as an argument to get_ea_names_from_file().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
3c0594d4 by Jeremy Allison at 2021-06-25T15:53:31+00:00
s3: VFS: streams_xattr: In streams_xattr_openat() we can assume fsp->base_fsp != NULL.
It should have been opened/created by this point.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
520a78d9 by Jeremy Allison at 2021-06-25T15:53:31+00:00
s3: VFS: streams_xattr: Add an fsp parameter to get_xattr_size().
Not yet used.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
cacce8ba by Jeremy Allison at 2021-06-25T15:53:31+00:00
s3: VFS: streams_xattr: Use fsp->base_fsp for the fsp parameter to get_xattr_size() in streams_xattr_fstat().
We no longer need the 'struct smb_filename *smb_fname_base' here.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
d515c13b by Jeremy Allison at 2021-06-25T15:53:31+00:00
s3: VFS: streams_xattr: Simplify streams_xattr_lstat().
There can never be EA's on a symlink. Windows will never
see a symlink, and in SMB_FILENAME_POSIX_PATH mode we don't
allow EA's on a symlink.
All of the previous code boiled down to errno = ENOENT, return -1
so make that explicit.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
d1a0e9b8 by Jeremy Allison at 2021-06-25T15:53:31+00:00
s3: VFS: streams_xattr: Bring streams_xattr_stat_base() inline into streams_xattr_stat().
That was its only caller.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
33521d2d by Jeremy Allison at 2021-06-25T15:53:31+00:00
s3: VFS: streams_xattr: In streams_xattr_stat(), make use of smb_fname->fsp->base_fsp if it has one.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
5f54eb55 by Jeremy Allison at 2021-06-25T15:53:31+00:00
s3: VFS: streams_xattr: Use openat_pathref_fsp() to create a smb_fname->fsp (and the smb_fname->fsp->base_fsp) if the incoming name doesn't have one.
Use new smb_fname->fsp->base_fsp parameter in get_xattr_size(), change name parameter to NULL.
If openat_pathref_fsp() fails, return the correct error code (thanks Ralph!).
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
0c210a84 by Jeremy Allison at 2021-06-25T15:53:31+00:00
s3: VFS: streams_xattr: In streams_xattr_stat() - ~S_IFMT already removes S_IFDIR.
We don't need to do this separately.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
a117624b by Jeremy Allison at 2021-06-25T15:53:31+00:00
s3: VFS: streams_xattr: Rename get_xattr_size() -> get_xattr_size_fsp().
It now only needs 2 parameters, fsp and EA name.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
e30094e6 by Jeremy Allison at 2021-06-25T15:53:31+00:00
s3: smbd: Rename get_ea_value() -> get_ea_value_fsp().
Remove the connection struct and smb_filename parameters.
There are now no more callers of SMB_VFS_GETXATTR().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
c2fde31b by Jeremy Allison at 2021-06-25T16:37:59+00:00
s3: smbd: Cleanup - rename get_ea_names_from_file() -> get_ea_names_from_fsp().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Fri Jun 25 16:37:59 UTC 2021 on sn-devel-184
- - - - -
b5339048 by Jeremy Allison at 2021-06-28T20:03:33+00:00
s3: VFS: fake_acls. Add missing NULL check for return of cp_smb_filename().
Found by Coverity.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon Jun 28 20:03:33 UTC 2021 on sn-devel-184
- - - - -
fa608837 by Douglas Bagnall at 2021-06-29T02:19:35+00:00
rpc:dnsserver: split off record rank setting logic
We want to do this also in update (in following commits), and we later
will want to fix the logic.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9fb87134 by Douglas Bagnall at 2021-06-29T02:19:35+00:00
rpc:dnsserver: allow update replacing with similar record
We have been refusing to handle the case where the replaced record
matches the replacement according to dns_record_match() (meaning the
wType and data are semantically identical). In Windows this is
explicitly used for changing TTL.
There are further changes we need to properly handle this case.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8b3d2556 by Douglas Bagnall at 2021-06-29T02:19:35+00:00
rpc dnsserver: updates reset more than timestamp
This is based on observed Windows behaviour.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0fa98cd3 by Douglas Bagnall at 2021-06-29T02:19:35+00:00
rpc dnsserver: set the record rank
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
14ce22f4 by Douglas Bagnall at 2021-06-29T02:19:35+00:00
rpc dnsserver: improve handling of serial numbers
This is not correct, but it gets closer. We need to save the updated
serial number in the SOA.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
701c5584 by Douglas Bagnall at 2021-06-29T02:19:35+00:00
rpc/dnsserver: check talloc_strndup return
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1d6dfd5b by Andreas Schneider at 2021-06-29T02:19:35+00:00
auth:creds: Return a bool for cli_credentials_set_conf()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
cdf8859b by Andreas Schneider at 2021-06-29T02:19:35+00:00
auth:creds: Check return code of cli_credentials_set_conf()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ced8390c by Andreas Schneider at 2021-06-29T02:19:35+00:00
s3:auth: Check return code of cli_credentials_set_conf()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b18fa931 by Andreas Schneider at 2021-06-29T02:19:35+00:00
s3:libsmb: Check return code of cli_credentials_set_conf()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0f130446 by Andreas Schneider at 2021-06-29T02:19:35+00:00
s3:passdb: Check return code of cli_credentials_set_conf()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5281a659 by Andreas Schneider at 2021-06-29T02:19:35+00:00
s3:winbindd: Check return code of cli_credentials_set_conf()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2f700ebd by Andreas Schneider at 2021-06-29T02:19:35+00:00
s4:auth: Check return code of cli_credentials_set_conf()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6fb3cd8d by Andreas Schneider at 2021-06-29T02:19:35+00:00
s4:auth: Check return code of cli_credentials_set_conf()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9c84bea5 by Andreas Schneider at 2021-06-29T02:19:35+00:00
s4:dns:bind_dlz: Check return codes of cli_credentials functions
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0ea40414 by Andreas Schneider at 2021-06-29T02:19:35+00:00
s4:dns_server: Check return code of cli_credentials_set_conf()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
cfe9fb23 by Andreas Schneider at 2021-06-29T02:19:35+00:00
s4:kpasswd: Check return code of cli_credentials_set_conf()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5dd3a0cc by Andreas Schneider at 2021-06-29T02:19:35+00:00
s4:rpc_server: Check return code of cli_credentials_set_conf()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f7ff694c by Andreas Schneider at 2021-06-29T02:19:35+00:00
auth:creds: Add sanity check for env variables
CID 710829
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9f786df2 by Andreas Schneider at 2021-06-29T02:19:35+00:00
auth:creds: Return bool for cli_credentials_guess()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9f69e93b by Andreas Schneider at 2021-06-29T02:19:35+00:00
lib:cmdline: Ignore the return code of cli_credentials_guess()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
304cb910 by Andreas Schneider at 2021-06-29T02:19:35+00:00
auth:creds: Check return code of cli_credentials_guess()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
08585bcf by Andreas Schneider at 2021-06-29T02:19:35+00:00
s3:libnetapi: Check return code of cli_credentials_guess()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ee9dc1fb by Andreas Schneider at 2021-06-29T02:19:35+00:00
s3:libsmb: Check return code of cli_credentials_guess()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
feaf0d1a by Andreas Schneider at 2021-06-29T02:19:35+00:00
s4:dsdsb: Check return code of cli_credentials_guess()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5f70396e by Pavel Filipenský at 2021-06-29T03:07:17+00:00
idl: secrets_domain_info1_change is not a recursive structure
575d39048e3b4f619d65d65303ac809c40c5d495 has marked
several structures as recursive, they contain typically a
backpointer named '* next'. secrets_domain_info1 is not self
recursive, it only contains a pointer named '*next_change'.
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Tue Jun 29 03:07:17 UTC 2021 on sn-devel-184
- - - - -
9ca41e19 by Noel Power at 2021-06-29T08:21:37+00:00
VFS: Add initial implemenataion for SMB_VFS_FCHFLAGS
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
69ef500b by Noel Power at 2021-06-29T08:21:37+00:00
VFS: ceph: Add SMB_VFS_FCHFLAGS implementation
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
afad1ce9 by Noel Power at 2021-06-29T08:21:38+00:00
VFS: ceph_snapshots: Add SMB_VFS_FCHFLAGS implementation
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a6c45ba0 by Noel Power at 2021-06-29T08:21:38+00:00
VFS: glusterfs: Add SMB_VFS_FCHFLAGS implementation
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d8e5ffa9 by Noel Power at 2021-06-29T08:21:38+00:00
VFS: shadow_copy2: Add SMB_VFS_FCHFLAGS implementation
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a346647e by Noel Power at 2021-06-29T08:21:38+00:00
VFS: snapper: Add SMB_VFS_FCHFLAGS implementation
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
4b98fc69 by Noel Power at 2021-06-29T08:21:38+00:00
s3/smbd: smb_set_file_unix_info2: SMB_VFS_CHFLAGS -> SMB_VFS_FCHFLAGS
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
2e24d9c5 by Noel Power at 2021-06-29T08:21:38+00:00
VFS: ceph: Remove SMB_VFS_CHFLAGS
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
11e1deaf by Noel Power at 2021-06-29T08:21:38+00:00
VFS: ceph_snapshot Remove SMB_VFS_CHFLAGS
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f60235f2 by Noel Power at 2021-06-29T08:21:38+00:00
VFS: catia: Remove SMB_VFS_CHFLAGS
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a7eb3a71 by Noel Power at 2021-06-29T08:21:38+00:00
VFS: glusterfs Remove SMB_VFS_CHFLAGS
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
205532f3 by Noel Power at 2021-06-29T08:21:38+00:00
VFS: media_harmony: Remove SMB_VFS_CHFLAGS
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
3d71465b by Noel Power at 2021-06-29T08:21:38+00:00
VFS: shadow_copy2: Remove SMB_VFS_CHFLAGS
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
8f243bb8 by Noel Power at 2021-06-29T08:21:38+00:00
VFS: snapper: Remove SMB_VFS_CHFLAGS
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ceb1403d by Noel Power at 2021-06-29T08:21:38+00:00
VFS: unityed_media: Remove SMB_VFS_CHFLAGS
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f3008db0 by Noel Power at 2021-06-29T08:21:38+00:00
VFS: Remove SMB_VFS_CHFLAGS, not used anymore
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d1ca3137 by Noel Power at 2021-06-29T09:10:00+00:00
s3: VFS: Update status of SMB_VFS_CHFLAGS
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Noel Power <npower at samba.org>
Autobuild-Date(master): Tue Jun 29 09:10:00 UTC 2021 on sn-devel-184
- - - - -
7d101c82 by Jeremy Allison at 2021-06-29T22:08:02+00:00
s3: VFS: fake_acls. Remove two static 'recursion' global booleans..
Ralph made me feel really guilty about this, so I cleaned it up :-).
This may also be the way we can finally get rid of SMB_VFS_GETXATTR()
from adouble.c too.
This will go away once we have SMB_VFS_STATX() and we will
have a way for a caller to as for specific stat fields in a
granular way. Then we will know exactly what fields the caller
wants, so we won't have to fill in everything.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Jun 29 22:08:02 UTC 2021 on sn-devel-184
- - - - -
4dcc0422 by Ralph Boehme at 2021-06-30T16:51:29+00:00
replace: copy_file_range()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12033
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e2d524d4 by Ralph Boehme at 2021-06-30T16:51:29+00:00
vfs_default: properly track written bytes for copy-chunk
No change in behavour, this just makes the logic slightly more
understandable. In theory it would also allow the logic to be adjusted for
allowing short reads which is not quite clear from MS-SMB2 if we should allow
it. The file could be truncated while we're reading it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12033
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
4f1a0290 by Ralph Boehme at 2021-06-30T16:51:29+00:00
lib: add sys_io_ranges_overlap()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12033
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e72be521 by Ralph Boehme at 2021-06-30T16:51:29+00:00
smbd: use sys_io_ranges_overlap() in fsctl_dup_extents_check_overlap()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12033
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
accaa2f1 by Ralph Boehme at 2021-06-30T17:40:23+00:00
vfs_default: use copy_file_range()
Original file on an XFS filesystem:
$ ls -l /mnt/test/1048578-file
-rw-rw-r--. 1 slow slow 1048578 Jun 25 11:40 /mnt/test/1048578-file
$ xfs_bmap /mnt/test/1048578-file
/mnt/test/1048578-file:
0: [0..2055]: 192..2247
Copy created with cp --reflink=never:
$ xfs_bmap /mnt/test/1048578-file-reflink-never
/mnt/test/1048578-file-reflink-never:
0: [0..2055]: 2248..4303
Copy created with cp --reflink=always
$ xfs_bmap /mnt/test/1048578-file-reflink-always
/mnt/test/1048578-file-reflink-always:
0: [0..2055]: 192..2247
Copy done from a Windows client:
$ xfs_bmap /mnt/test/1048578-file\ -\ Copy
/mnt/test/1048578-file - Copy:
0: [0..2055]: 192..2247
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12033
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Jun 30 17:40:23 UTC 2021 on sn-devel-184
- - - - -
0a459c6b by Stefan Metzmacher at 2021-07-01T13:02:31+00:00
s3:torture: add STR-MATCH-MSWILD test for is_in_path()
I want to assert at least some of the behavior as the
next commits will add a new abstraction that should
at least partly behave the same.
Note: case_[in]sensitive_idx is the index to the patterns
in the namelist, set to -1 on non-match, otherwise to
a value >= 0.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
845a5991 by Stefan Metzmacher at 2021-07-01T13:02:31+00:00
s3:lib: add a new samba_path_matching* infrastructure
This aims to replace the current is_in_path() code in the long run.
For now it implements samba_path_matching_mswild_create()
in order to replace is_in_path() in the long run.
But there will be other "backends" using regexec() too.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
bc39450d by Stefan Metzmacher at 2021-07-01T13:02:31+00:00
s3:lib: add samba_path_matching_regex_sub1_create()
This will allow the usage 'POSIX Basic Regular Expression'
instead of 'ms wildcard' strings.
We allow exactly one 'subexpression' starting with '\(' and
ending with '\)' in order to find a replacement (byte) region
in the matching string.
This will be used in the vfs_preopen module in the following
commits.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
e2e3b032 by Stefan Metzmacher at 2021-07-01T13:02:31+00:00
lib/util: improve debug message about unknown classes
debug classes registered by vfs modules are not available immediately.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
ebe5203c by Stefan Metzmacher at 2021-07-01T13:02:31+00:00
docs-xml: document dynamic debug classes from modules
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
c6aaa364 by Stefan Metzmacher at 2021-07-01T13:02:31+00:00
vfs_preopen: introduce "preopen" debug class
It might be useful to change the level/location
of debug messages specific to this module.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
a843e74b by Stefan Metzmacher at 2021-07-01T13:02:31+00:00
vfs_preopen: only try to preopen if we can construct an absolute path
So we make sure the dirfsp contains an absolute path to begin with
and smb_fname is a relative name within the directory.
Note: dirfsp->fsp_name->base_name[0] is only '/' because currently all callers pass
conn->cwd_fsp as dirfsp ... though there's already one caller that calls
fd_openat() with a real dirfsp, that is in vfs_fruit though on the
resource fork stream so doesn't really effect us currently.
If more callers are changed in future the situation may change,
but I guess then this is not the only place with potential problems.
We most likely need a generic helper function that returns the absolute
path of a dirfsp and use it here.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
68832c91 by Stefan Metzmacher at 2021-07-01T13:02:31+00:00
vfs_preopen: make use of new samba_path_matching_* infrastructure
There should not be any logic change in this commit,
for now we'll keep the same ms wildcard matching we had before.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
d34c291d by Stefan Metzmacher at 2021-07-01T13:02:31+00:00
vfs_preopen: only reset the queue state if preopen_parse_fname() found matching digits
Otherwise there's no point in stopping the existing queue to continue
via pending preopen_helper_readable() invocations.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
0900ab40 by Stefan Metzmacher at 2021-07-01T13:02:31+00:00
vfs_preopen: completely reset the queue if the name structure changes
There's no point in trying to check if the current number is part
of the existing queue. This makes the logic at least more unstandable
to me.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
1197c87c by Stefan Metzmacher at 2021-07-01T13:02:31+00:00
vfs_preopen: introduce helper variables in preopen_parse_fname()
Calculating the start_idx and num_digits at the first possible place
will make the following commits much easier.
At the end we just want to assign the return values without any logic.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
e51a2e6e by Stefan Metzmacher at 2021-07-01T13:02:31+00:00
vfs_preopen: cap the queue length to the maximum number that fits into the digits space
If we have a single digit we only replace up to '9', which also fits
into a single digit.
We operate on numbers from 0 to 9999999999999999999 independent of the
architecture.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
430cbfc7 by Stefan Metzmacher at 2021-07-01T13:02:31+00:00
vfs_preopen: make use of any hints from samba_path_matching_check_last_component()
samba_path_matching_check_last_component() may return the start and end
offset of a submatch (for us the bytes where the digits are expected).
We use that in order to allow preopen_parse_fname() to just
look at these bytes and ignore any trailing digits after the submatch.
For the current use of samba_path_matching_mswild_create(),
there's no difference as we'll always get replace_start=-1 and
replace_end=-1. But the next commit will make optional use of
samba_path_matching_regex_sub1_create(), which will change the situation
and allow to return hints we got from regexec().
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
67159410 by Stefan Metzmacher at 2021-07-01T13:02:31+00:00
docs-xml:vfs_preopen.8: improve the documentation of the current detection algorithm
We should be more verbose that the first digits in a name are taken by
default, if at least 3 digits were found.
There might be cases were the last group of digits describe the
increasing frame number, while the fixed name already contains
3 digits. This is currently not supported.
It's also possible to provide more than one pattern.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
ade3b164 by Stefan Metzmacher at 2021-07-01T13:02:31+00:00
vfs_preopen: introduce support for "preopen:posix-basic-regex = yes"
This will allow the usage of patterns as
'POSIX Basic Regular Expression'
vfs objects = preopen
preopen:posix-basic-regex = yes
preopen:names = /Re7599Ex\([0-9]\).*\.txt/test\([0-9]*\)\.dat/
The key is that exactly one 'subexpression' starting with '\(' and
ending with '\)' is specified in order to select the position where
the digits are searched.
E.g. given a file name 'Re7599Ex01234.txt' will actually preopen:
Re7599Ex01234.txt
Re7599Ex11234.txt
Re7599Ex21234.txt
Re7599Ex31234.txt
Re7599Ex41234.txt
As '\([0-9]\)' will only match the first digit after 'Re7599Ex'.
It also means it's now possible to have digits in the fixed part of the
filename, which was the actual motivation for this patchset.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
83563b37 by Stefan Metzmacher at 2021-07-01T13:02:31+00:00
vfs_preopen: add useful debug messages which can be configured on adjustable log levels
The following are the default values:
preopen:nomatch_log_level = 5
preopen:match_log_level = 5
preopen:nodigits_log_level = 1
preopen:founddigits_log_level = 3
preopen:reset_log_level = 5
preopen:push_log_level = 3
preopen:queue_log_level = 10
This gives admins a way to debug/audit the preopen usage.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
11a3a8d9 by Stefan Metzmacher at 2021-07-01T13:48:32+00:00
WHATSNEW: document new preopen:* options
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Thu Jul 1 13:48:32 UTC 2021 on sn-devel-184
- - - - -
0e3ddc27 by Ralph Boehme at 2021-07-01T17:45:49+00:00
vfs_default: use fsp_get_io_fd() for copy_file_range()
Unintentionally used fsp_get_pathref_fd() in the initial patchset.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12033
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Jul 1 17:45:49 UTC 2021 on sn-devel-184
- - - - -
1f413b2b by Stefan Metzmacher at 2021-07-01T17:46:31+00:00
auth/credentials: allow credentials.Credentials to act as base class
In tests it's useful to add more details.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
fef08add by Stefan Metzmacher at 2021-07-01T17:46:31+00:00
Rename python/samba/tests/krb5/{rfc4120_pyasn1_regen.sh => pyasn1_regen.sh}
This is a clearer name for the script
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d4492a8a by Stefan Metzmacher at 2021-07-01T17:46:31+00:00
tests/krb5/rfc4120.asn1: Improve definitions to allow expanded testing
Update and re-generate the ASN.1 to allow an improved testsuite.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c3222870 by Stefan Metzmacher at 2021-07-01T17:46:31+00:00
tests/krb5/raw_testcase.py: Add get_{client,server,krbtgt}_creds()
These helpful functions allow us to build the various credentials
that we will use in validating the KDC responses in this test.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
dff61197 by Stefan Metzmacher at 2021-07-01T17:46:31+00:00
tests/krb5/raw_testcase.py: introduce STRICT_CHECKING=0 in order to relax the checks in future
We should write tests as strict as possible in order to let them run
against Windows servers.
But at the same time we want to allow tests to be useful for Samba
too...
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
61e1b179 by Stefan Metzmacher at 2021-07-01T17:46:31+00:00
tests/krb5/raw_testcase.py: add assertElement*()
These helper functions make writing subsequent Kerberos test
clearer.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
34e079ce by Stefan Metzmacher at 2021-07-01T17:46:31+00:00
tests/krb5/raw_testcase.py: Allow prettyPrint of more RFC-defined values
By setting krb5_asn1.APOptions.prettyPrint = BitString_NamedValues_prettyPrint
we allow the BitString_NamedValues_prettyPrint() routine to show more named values.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3abb3b41 by Stefan Metzmacher at 2021-07-01T17:46:31+00:00
tests/krb5/raw_testcase.py: Allow prettyPrint of more MS-KILE-defined values
By setting krb5_asn1.APOptions.prettyPrint = BitString_NamedValues_prettyPrint
we allow the BitString_NamedValues_prettyPrint() routine to show more named values.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b03fcfeb by Stefan Metzmacher at 2021-07-01T17:46:31+00:00
tests/krb5/raw_testcase.py: split KDC_REQ_BODY_create() from KDC_REQ_create()
This allows us to reuse body in future and calculate checksums on it.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ee2ac2b8 by Stefan Metzmacher at 2021-07-01T17:46:31+00:00
tests/krb5/raw_testcase.py: add KERB_PA_PAC_REQUEST_create()
This allows building the pre-authentication data that encodes
the request for the KDC (or more likely a request not to include)
the KRB5 PAC in the resulting ticket.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e3905035 by Stefan Metzmacher at 2021-07-01T17:46:31+00:00
tests/krb5/raw_testcase.py: add methods to iterate over etype permutations
It's often useful to run tests over a lot of input parameter
permutations.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
69ce2a64 by Stefan Metzmacher at 2021-07-01T17:46:31+00:00
tests/krb5/raw_testcase.py: Add TicketDecryptionKey_from_creds()
This will allow building test_as_req_enc_timestamp()
It also introduces ways to specify keys in hex formated environment
variables ${PREFIX}_{AES256,AES128,RC4}_KEY_HEX.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6e2f2adc by Stefan Metzmacher at 2021-07-01T17:46:31+00:00
tests/krb5/raw_testcase.py: introduce a _generic_kdc_exchange() infrastructure
This will allow us to write tests, which will all cross check almost
every aspect of the KDC response (including encrypted parts).
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
01d86954 by Stefan Metzmacher at 2021-07-01T17:46:31+00:00
tests/krb5/as_req_tests.py: add new tests to cover more of the AS-REQ protocol
Example commands:
Windows 2012R2:
SERVER=172.31.9.188 STRICT_CHECKING=1 DOMAIN=W2012R2-L6 REALM=W2012R2-L6.BASE CLIENT_USERNAME=ldaptestuser CLIENT_PASSWORD=a1B2c3D4 CLIENT_AS_SUPPORTED_ENCTYPES=28 python/samba/tests/krb5/as_req_tests.py AsReqKerberosTests
SERVER=172.31.9.188 STRICT_CHECKING=1 DOMAIN=W2012R2-L6 REALM=W2012R2-L6.BASE CLIENT_USERNAME=administrator CLIENT_PASSWORD=A1b2C3d4 CLIENT_AS_SUPPORTED_ENCTYPES=4 python/samba/tests/krb5/as_req_tests.py AsReqKerberosTests
Windows 2008R2:
SERVER=172.31.9.133 STRICT_CHECKING=1 DOMAIN=W4EDOM-L4 REALM=W4EDOM-L4.BASE CLIENT_USERNAME=cifsmount CLIENT_PASSWORD=A1b2C3d4-08 CLIENT_AS_SUPPORTED_ENCTYPES=28 python/samba/tests/krb5/as_req_tests.py AsReqKerberosTests
SERVER=172.31.9.133 STRICT_CHECKING=1 DOMAIN=W4EDOM-L4 REALM=W4EDOM-L4.BASE CLIENT_USERNAME=administrator CLIENT_PASSWORD=A1b2C3d4 CLIENT_AS_SUPPORTED_ENCTYPES=4 python/samba/tests/krb5/as_req_tests.py AsReqKerberosTests
Samba 4.14:
SERVER=172.31.9.163 STRICT_CHECKING=0 DOMAIN=W4EDOM-L4 REALM=W4EDOM-L4.BASE CLIENT_USERNAME=cifsmount CLIENT_PASSWORD=A1b2C3d4-08 CLIENT_AS_SUPPORTED_ENCTYPES=28 python/samba/tests/krb5/as_req_tests.py AsReqKerberosTests
SERVER=172.31.9.163 STRICT_CHECKING=0 DOMAIN=W4EDOM-L4 REALM=W4EDOM-L4.BASE CLIENT_USERNAME=administrator CLIENT_PASSWORD=A1b2C3d4 CLIENT_AS_SUPPORTED_ENCTYPES=4 python/samba/tests/krb5/as_req_tests.py AsReqKerberosTests
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d91665d3 by Stefan Metzmacher at 2021-07-01T17:46:31+00:00
selftest: run new as_req_tests against fl2008r2dc and fl2003dc
There are a lot of things we should improve in our KDC
in order to work like a Windows KDC.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5412bffb by Joseph Sutton at 2021-07-01T17:46:31+00:00
tests/krb5/kdc_base_test.py: Defer account deletion until tearDownClass() is called
This allows accounts created for permutation tests to be reused, rather
than having to be recreated for every test.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
5afae39d by Joseph Sutton at 2021-07-01T17:46:31+00:00
tests/krb5/raw_testcase.py: Add get_admin_creds()
This method allows obtaining credentials that can be used for
administrative tasks such as creating accounts.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
4f5566be by Joseph Sutton at 2021-07-01T17:46:31+00:00
tests/krb5/kdc_base_test.py: Create database connection only when needed
Now the database connection is only created on its first use, which
means database credentials are no longer required for tests that don't
make use of it.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
364f1ce8 by Joseph Sutton at 2021-07-01T17:46:31+00:00
tests/krb5/kdc_base_test.py: Remove 'credentials' class attribute
Credentials for tests are now obtained using the get_user_creds()
method.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
210e5440 by Joseph Sutton at 2021-07-01T17:46:31+00:00
tests/krb5/kdc_base_test.py: Create loadparm only when needed
Now the .conf file is only loaded on its first use, which means that
SMB_CONF_PATH need not be defined for tests that don't make use of it..
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
7d4a0ed2 by Joseph Sutton at 2021-07-01T17:46:31+00:00
tests/krb5/kdc_base_test.py: Add methods to determine supported encryption types
This is done based on the domain functional level, which corresponds to
the logic Samba uses to decide whether or not to generate a
Primary:Kerberos-Newer-Keys element for the supplementalCredentials
attribute.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
1f2ddd3c by Joseph Sutton at 2021-07-01T17:46:31+00:00
tests/krb5/raw_testcase.py: Add method to obtain Kerberos keys over DRS
This requires admin credentials, and removes the need to pass these keys
as environment variables.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
948bbc9c by Joseph Sutton at 2021-07-01T17:46:31+00:00
tests/krb5/raw_testcase.py: Make env_get_var() a standalone method
This allows it to be used elsewhere in the tests.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
6a77c2b9 by Joseph Sutton at 2021-07-01T17:46:31+00:00
tests/krb5/raw_testcase.py: Add allow_missing_keys parameter for getting creds
This allows us to require encryption keys in the case that a password
would not be required, such as for the krbtgt account.
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
22a90aea by Joseph Sutton at 2021-07-01T17:46:31+00:00
tests/krb5/raw_testcase.py: Cache obtained credentials
If credentials are used more than once, we can now use the credentials
that we already obtained and so avoid fetching them again.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
e1601f2b by Joseph Sutton at 2021-07-01T17:46:31+00:00
tests/krb5/raw_testcase.py: Allow specifying a fallback credentials function
This allows us to use other methods of obtaining credentials if getting
them from the environment fails.
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ec5c2b04 by Joseph Sutton at 2021-07-01T17:46:31+00:00
tests/krb5/raw_testcase.py: Simplify conditionals
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
fd45bea7 by Joseph Sutton at 2021-07-01T17:46:31+00:00
tests/krb5/kdc_base_test.py: Add fallback methods to obtain client and krbtgt credentials
Now if the client credentials are not supplied in the environment, we
can fall back to creating a new user account. Similarly, if the krbtgt
credentials are not supplied, we can fetch the credentials of the
existing krbtgt account.
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0fd71ed3 by Joseph Sutton at 2021-07-01T17:46:31+00:00
tests/krb5/as_req_tests.py: Automatically obtain credentials
The credentials for the client and krbtgt accounts are now fetched
automatically rather than using environment variables, and the client
account is now automatically created.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
d5e350a4 by Stefan Metzmacher at 2021-07-01T17:46:31+00:00
tests/krb5/as_req_tests.py: add simple test_as_req_enc_timestamp test
Example commands:
Windows 2012R2:
SERVER=172.31.9.188 SMB_CONF_PATH=/dev/null STRICT_CHECKING=1 DOMAIN=W2012R2-L6 REALM=W2012R2-L6.BASE CLIENT_USERNAME=ldaptestuser CLIENT_PASSWORD=a1B2c3D4 CLIENT_AS_SUPPORTED_ENCTYPES=28 KRBTGT_KVNO=2 KRBTGT_AES256_KEY_HEX=2eb6d146a2653d333cdbfb641a4efbc3de81af49e878e112bb4f6cbdd73fca52 KRBTGT_RC4_KEY_HEX=4e6d99c30e5fab901ea71f8894289d3b python/samba/tests/krb5/as_req_tests.py AsReqKerberosTests
SERVER=172.31.9.188 SMB_CONF_PATH=/dev/null STRICT_CHECKING=1 DOMAIN=W2012R2-L6 REALM=W2012R2-L6.BASE CLIENT_USERNAME=administrator CLIENT_PASSWORD=A1b2C3d4 CLIENT_AS_SUPPORTED_ENCTYPES=4 KRBTGT_KVNO=2 KRBTGT_AES256_KEY_HEX=2eb6d146a2653d333cdbfb641a4efbc3de81af49e878e112bb4f6cbdd73fca52 KRBTGT_RC4_KEY_HEX=4e6d99c30e5fab901ea71f8894289d3b python/samba/tests/krb5/as_req_tests.py AsReqKerberosTests
SERVER=172.31.9.188 SMB_CONF_PATH=/dev/null STRICT_CHECKING=1 DOMAIN=W2012R2-L6 REALM=W2012R2-L6.BASE ADMIN_USERNAME=administrator ADMIN_PASSWORD=A1b2C3d4 python/samba/tests/krb5/as_req_tests.py
SERVER=172.31.9.188 SMB_CONF_PATH=/dev/null STRICT_CHECKING=1 DOMAIN=W2012R2-L6 REALM=W2012R2-L6.BASE ADMIN_USERNAME=administrator ADMIN_PASSWORD=A1b2C3d4 CLIENT_USERNAME=administrator CLIENT_PASSWORD=A1b2C3d4 CLIENT_AS_SUPPORTED_ENCTYPES=4 CLIENT_KVNO=1 python/samba/tests/krb5/as_req_tests.py
SERVER=172.31.9.188 SMB_CONF_PATH=/dev/null STRICT_CHECKING=1 DOMAIN=W2012R2-L6 REALM=W2012R2-L6.BASE ADMIN_USERNAME=administrator ADMIN_PASSWORD=A1b2C3d4 CLIENT_USERNAME=ldaptestuser CLIENT_PASSWORD=a1B2c3D4 CLIENT_AS_SUPPORTED_ENCTYPES=28 CLIENT_KVNO=4 python/samba/tests/krb5/as_req_tests.py
Windows 2008R2:
SERVER=172.31.9.133 SMB_CONF_PATH=/dev/null STRICT_CHECKING=1 DOMAIN=W4EDOM-L4 REALM=W4EDOM-L4.BASE CLIENT_USERNAME=cifsmount CLIENT_PASSWORD=A1b2C3d4-08 CLIENT_AS_SUPPORTED_ENCTYPES=28 CLIENT_KVNO=17 KRBTGT_KVNO=2 KRBTGT_AES256_KEY_HEX=550aea2ea2719cb81c87692569796d1b3a099d433a93438f53bee798cc2f83be KRBTGT_RC4_KEY_HEX=dbc0d1feaaca3d5abc6794857b7f6fe0 python/samba/tests/krb5/as_req_tests.py
SERVER=172.31.9.133 SMB_CONF_PATH=/dev/null STRICT_CHECKING=1 DOMAIN=W4EDOM-L4 REALM=W4EDOM-L4.BASE CLIENT_USERNAME=administrator CLIENT_PASSWORD=A1b2C3d4 CLIENT_AS_SUPPORTED_ENCTYPES=4 CLIENT_KVNO=1 KRBTGT_KVNO=2 KRBTGT_AES256_KEY_HEX=550aea2ea2719cb81c87692569796d1b3a099d433a93438f53bee798cc2f83be KRBTGT_RC4_KEY_HEX=dbc0d1feaaca3d5abc6794857b7f6fe0 python/samba/tests/krb5/as_req_tests.py
SERVER=172.31.9.133 SMB_CONF_PATH=/dev/null STRICT_CHECKING=1 DOMAIN=W4EDOM-L4 REALM=W4EDOM-L4.BASE ADMIN_USERNAME=administrator ADMIN_PASSWORD=A1b2C3d4 CLIENT_USERNAME=administrator CLIENT_PASSWORD=A1b2C3d4 CLIENT_AS_SUPPORTED_ENCTYPES=4 CLIENT_KVNO=1 python/samba/tests/krb5/as_req_tests.py
SERVER=172.31.9.133 SMB_CONF_PATH=/dev/null STRICT_CHECKING=1 DOMAIN=W4EDOM-L4 REALM=W4EDOM-L4.BASE ADMIN_USERNAME=administrator ADMIN_PASSWORD=A1b2C3d4 CLIENT_USERNAME=cifsmount CLIENT_PASSWORD=A1b2C3d4-08 CLIENT_AS_SUPPORTED_ENCTYPES=28 CLIENT_KVNO=17 python/samba/tests/krb5/as_req_tests.py
SERVER=172.31.9.133 SMB_CONF_PATH=/dev/null STRICT_CHECKING=1 DOMAIN=W4EDOM-L4 REALM=W4EDOM-L4.BASE ADMIN_USERNAME=administrator ADMIN_PASSWORD=A1b2C3d4 python/samba/tests/krb5/as_req_tests.py
Samba:
SERVER=172.31.9.163 SMB_CONF_PATH=/dev/null STRICT_CHECKING=0 DOMAIN=W4EDOM-L4 REALM=W4EDOM-L4.BASE CLIENT_USERNAME=cifsmount CLIENT_PASSWORD=A1b2C3d4-08 CLIENT_AS_SUPPORTED_ENCTYPES=28 CLIENT_KVNO=17 KRBTGT_KVNO=2 KRBTGT_AES256_KEY_HEX=550aea2ea2719cb81c87692569796d1b3a099d433a93438f53bee798cc2f83be KRBTGT_RC4_KEY_HEX=dbc0d1feaaca3d5abc6794857b7f6fe0 python/samba/tests/krb5/as_req_tests.py
SERVER=172.31.9.163 SMB_CONF_PATH=/dev/null STRICT_CHECKING=0 DOMAIN=W4EDOM-L4 REALM=W4EDOM-L4.BASE CLIENT_USERNAME=administrator CLIENT_PASSWORD=A1b2C3d4 CLIENT_AS_SUPPORTED_ENCTYPES=4 CLIENT_KVNO=1 KRBTGT_KVNO=2 KRBTGT_AES256_KEY_HEX=550aea2ea2719cb81c87692569796d1b3a099d433a93438f53bee798cc2f83be KRBTGT_RC4_KEY_HEX=dbc0d1feaaca3d5abc6794857b7f6fe0 python/samba/tests/krb5/as_req_tests.py
SERVER=172.31.9.163 SMB_CONF_PATH=/dev/null STRICT_CHECKING=0 DOMAIN=W4EDOM-L4 REALM=W4EDOM-L4.BASE ADMIN_USERNAME=administrator ADMIN_PASSWORD=A1b2C3d4 CLIENT_USERNAME=administrator CLIENT_PASSWORD=A1b2C3d4 CLIENT_AS_SUPPORTED_ENCTYPES=4 CLIENT_KVNO=1 python/samba/tests/krb5/as_req_tests.py
SERVER=172.31.9.163 SMB_CONF_PATH=/dev/null STRICT_CHECKING=0 DOMAIN=W4EDOM-L4 REALM=W4EDOM-L4.BASE ADMIN_USERNAME=administrator ADMIN_PASSWORD=A1b2C3d4 CLIENT_USERNAME=cifsmount CLIENT_PASSWORD=A1b2C3d4-08 CLIENT_AS_SUPPORTED_ENCTYPES=28 CLIENT_KVNO=17 python/samba/tests/krb5/as_req_tests.py
SERVER=172.31.9.163 SMB_CONF_PATH=/dev/null STRICT_CHECKING=0 DOMAIN=W4EDOM-L4 REALM=W4EDOM-L4.BASE ADMIN_USERNAME=administrator ADMIN_PASSWORD=A1b2C3d4 python/samba/tests/krb5/as_req_tests.py
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d4c38678 by Joseph Sutton at 2021-07-01T17:46:31+00:00
tests/krb5/as_req_tests.py: Check the client kvno
Ensure we have the correct kvno for the client, rather than an 'unknown'
value.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
38122311 by Joseph Sutton at 2021-07-01T17:46:31+00:00
tests/krb5/raw_testcase.py: Check for an explicit 'unspecified kvno' value
This is clearer than using the constant zero, which could be mistaken
for a valid kvno value.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
3e621dcb by Joseph Sutton at 2021-07-01T17:46:31+00:00
tests/krb5: Deduplicate 'host' attribute initialisation
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
fc857ea6 by Joseph Sutton at 2021-07-01T17:46:31+00:00
tests/krb5/as_canonicalization_tests.py: Refactor account creation
Making this test a subclass of KDCBaseTest allows us to make use of its
methods for obtaining credentials and creating accounts, which helps to
eliminate some duplicated code.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
ab221c1b by Joseph Sutton at 2021-07-01T17:46:31+00:00
tests/krb5: Use admin creds for SamDB rather than user creds
This makes the purpose of each set of credentials more consistent, and
makes some tests more convenient to run standalone as they no longer
require user credentials.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
bf71fa03 by Joseph Sutton at 2021-07-01T17:46:31+00:00
s4:torture/krb5/kdc-heimdal: Automatically determine AS-REP enctype to check against
This enables us to more easily switch to a different algorithm to find
the strongest key in _kdc_find_etype().
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
b3ee034b by Stefan Metzmacher at 2021-07-01T18:37:14+00:00
s4:kdc: prefer newer enctypes for preauth responses
This matches Windows KDCs, which was demonstrated by the
krb5.as_req_tests tests.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Thu Jul 1 18:37:14 UTC 2021 on sn-devel-184
- - - - -
edcb095c by Pavel Filipenský at 2021-07-02T11:45:48+00:00
s3:libads: Remove extra new line in keytab list output
net ads keytab list prints extra new line for uknown encoding types,
so it spans over two lines, instead over a single line:
1 AES-128 CTS mode with 96-bit SHA-1 HMAC ADDC$@ADDOM.SAMBA.EXAMPLE.COM
1 UNKNOWN: 3
ADDC$@ADDOM.SAMBA.EXAMPLE.COM
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Fri Jul 2 11:45:48 UTC 2021 on sn-devel-184
- - - - -
4e97e33c by Jeremy Allison at 2021-07-04T17:15:34+00:00
s3: smbd: Code inside non_widelink_open() breaks an invarient inside the VFS. Demonstrate this.
vfs_fruit isn't the bad guy here. It's just a convenient
place to show that non_widelink_open() violates:
fsp->base_fsp->fsp_name->fsp == fsp->base_fsp invarient
Add selftest/knownfail.d/fruit_vfs_invariant to show
what this breaks. Next patch will fix the non_widelink_open()
code and remove the knownfail.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
6a366012 by Jeremy Allison at 2021-07-04T17:15:34+00:00
s3: smbd: Fix fsp->base_fsp->fsp_name->fsp == fsp->base_fsp invarient in non_widelink_open().
Currently in master when we call into openat() in the VFS
we violate the invarient:
fsp->base_fsp->fsp_name->fsp == fsp->base_fsp.
The reason for this is subtle. Inside open.c:non_widelink_open()
we change the fsp->base_fsp to be relative to the new $cwd.
We do this by the following code in open.c:non_widelink_open():
/* Also setup base_fsp to be relative to the new cwd */
if (fsp->base_fsp != NULL) {
base_smb_fname_rel = (struct smb_filename) {
.base_name = smb_fname_rel->base_name,
};
orig_base_fsp_name = fsp->base_fsp->fsp_name;
fsp->base_fsp->fsp_name = &base_smb_fname_rel;
}
Note that fsp->base_fsp->fsp_name now points at a
stack variable struct smb_filename, with smb_fname->fsp == NULL.
This fixes that problem by removing the horrid
stack based smb_filename and changing to use a
talloc'ed fsp->base_fsp->fsp_name, with
correctly linked fsp->base_fsp->fsp_name-> pointer.
Remove the selftest/knownfail.d/fruit_vfs_invariant
file as all vfs_fruit tests now pass again.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
53e04949 by Jeremy Allison at 2021-07-04T17:15:34+00:00
s3: lib: In ad_read_meta(), allow use of SMB_VFS_FGETXATTR() as well as SMB_VFS_GETXATTR().
Eventually we will guarantee a valid smb_fname->fsp here and
will remove SMB_VFS_GETXATTR().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
6eaf0274 by Jeremy Allison at 2021-07-04T17:15:34+00:00
s3: VFS: fruit: Inside fruit_open_meta_netatalk() change to use fsp->base_fsp->fsp_name in ad_get() instead of smb_fname.
We know this will have a valid fsp within.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
342086d7 by Jeremy Allison at 2021-07-04T17:15:34+00:00
s3: VFS: fruit: In fruit_stat_meta_netatalk(), move the call to fruit_stat_base() before the ad_get() call.
Both must succeed for a valid return, and we're next going
to replace ad_get() with a wrapper that calls openat_pathref_fsp(),
which needs a VALID_STAT().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
b2d6ed29 by Jeremy Allison at 2021-07-04T17:15:34+00:00
s3: VFS: fruit: In the fruit handle->fruit_config_data, add a recursion guard we will set before calling openat_pathref_fsp().
Not yet used.
Same technique as used to prevent recursion in stat calls in vfs_fake_acls.c
This will go away once SMB_VFS_STATX() is added and we can select exactly
what fields we are calling stat() to get.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
18b49ad2 by Jeremy Allison at 2021-07-04T17:15:34+00:00
s3: VFS: fruit: Add helper function ad_get_meta_fsp().
Not yet used. We will use this to replace calls
to ad_get(..., ADOUBLE_META). It uses openat_pathref_fsp()
to get a handle before calling into ad_get(..., ADOUBLE_META).
Uses the recursion guard to prevent recursion into openat_pathref_fsp()
from stat calls within.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
88f3ced4 by Jeremy Allison at 2021-07-04T17:15:34+00:00
s3: VFS: fruit: In update_btime(), ad_get() -> ad_get_meta_fsp().
Uncomment ad_get_meta_fsp() as we're now using it.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
99a2a1be by Jeremy Allison at 2021-07-04T17:15:35+00:00
s3: VFS: fruit: In readdir_attr_meta_finderi_netatalk(), ad_get() -> ad_get_meta_fsp().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
d05087d4 by Jeremy Allison at 2021-07-04T17:15:35+00:00
s3: VFS: fruit: In fruit_stat_meta_netatalk(), ad_get() -> ad_get_meta_fsp().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
6a8d052f by Jeremy Allison at 2021-07-04T17:15:35+00:00
s3: VFS: fruit: In fruit_streaminfo_meta_netatalk(), ad_get() -> ad_get_meta_fsp().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
27b8709c by Jeremy Allison at 2021-07-04T17:15:35+00:00
s3: lib: adouble.c: In ad_read_meta() we can now guarantee a valid fsp.
There are now no more callers of SMB_VFS_GETXATTR().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
3996f112 by Jeremy Allison at 2021-07-04T17:15:35+00:00
s3: VFS: cap: Remove cap_getxattr.
No longer used.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
eafc108b by Jeremy Allison at 2021-07-04T17:15:35+00:00
s3: VFS: catia: Remove catia_getxattr.
No longer used.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
3030f479 by Jeremy Allison at 2021-07-04T17:15:35+00:00
s3: VFS: ceph: Remove cephwrap_getxattr.
No longer used.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
2e4e26bb by Jeremy Allison at 2021-07-04T17:15:35+00:00
s3: VFS: ceph_snapshots: Remove ceph_snap_gmt_getxattr.
No longer used.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
7c35fa34 by Jeremy Allison at 2021-07-04T17:15:35+00:00
s3: VFS: glusterfs: Remove vfs_gluster_getxattr.
No longer used.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
e9417e61 by Jeremy Allison at 2021-07-04T17:15:35+00:00
s3: VFS: media_harmony: Remove mh_getxattr.
No longer used.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
6649e898 by Jeremy Allison at 2021-07-04T17:15:35+00:00
s3: VFS: posix_eadb: Remove posix_eadb_getxattr.
No longer used.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
d46a2934 by Jeremy Allison at 2021-07-04T17:15:35+00:00
s3: VFS: shadow_copy2: Remove shadow_copy2_getxattr.
No longer used.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
940aee8c by Jeremy Allison at 2021-07-04T17:15:35+00:00
s3: VFS: snapper: Remove snapper_gmt_getxattr.
No longer used.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
1d3403fe by Jeremy Allison at 2021-07-04T17:15:35+00:00
s3: VFS: unityed_media: Remove um_getxattr.
No longer used.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
f91fbc2a by Jeremy Allison at 2021-07-04T17:15:35+00:00
s3: VFS: vxfs: Remove vxfs_get_xattr.
No longer used.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
ce9cdeb3 by Jeremy Allison at 2021-07-04T17:15:35+00:00
s3: VFS: xattr_tdb: Remove xattr_tdb_getxattr.
No longer used.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
99dd56c5 by Jeremy Allison at 2021-07-04T17:15:35+00:00
vfs: RIP SMB_VFS_GETXATTR()
.--. .-, .-..-.__
.'(`.-` \_.-'-./` |\_( "\__
__.>\ '; _;---,._| / __/`'--)
/.--. : |/' _.--.<| / | |
_..-' `\ /' /` /_/ _/_/
>_.-``-. `Y /' _;---.`|/))))
'` .-''. \|: .' __, .-'"`
.'--._ `-: \/: /' '.\ _|_
/.'`\ :; /' `- `-|-`
-` | | |
:.; : | .-'~^~`-.
|: | .' _ _ `.
|:. | | |_) | |_) |
:. : | | | \ | | |
: ; | | |
: ; | | SMB_VFS |
: ; | | GETXATTR |
: ; | | |
.jgs. : ; | |
-."-/\\\/:::. `\."-._'."-"_\\-| |///."-
" -."-.\\"-."//.-".`-."_\\-.".-\\`=.........=`//-".
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
2458a20e by Jeremy Allison at 2021-07-04T18:01:16+00:00
s3: VFS: Update status of SMB_VFS_GETXATTR.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Sun Jul 4 18:01:16 UTC 2021 on sn-devel-184
- - - - -
c84f7a0a by Douglas Bagnall at 2021-07-05T04:16:34+00:00
dlz_bind9: fix a copy-pasted comment
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1741a066 by Douglas Bagnall at 2021-07-05T04:16:34+00:00
dlz_bind9: insert missing words into error message
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6f956442 by Douglas Bagnall at 2021-07-05T04:16:34+00:00
dns update: emit warnings upon unexpected occurrances
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6bd6b2e9 by Douglas Bagnall at 2021-07-05T04:16:34+00:00
dnsserver/update: add a few comments
Really just signposts.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3a4cb867 by Douglas Bagnall at 2021-07-05T04:16:34+00:00
py/dnsserver: TXTRecord copes with single strings
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7edeb590 by Douglas Bagnall at 2021-07-05T04:16:34+00:00
dnsserver_common: comments about record sorting
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
602dd50b by Douglas Bagnall at 2021-07-05T04:16:34+00:00
dns_common_replace: do logging in needs_add case
The idiom is we return via goto exit.
This was evidently missed from commit
7e2b71d8f7cf7ac72022e1b15c30fc30706e8375
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
26bb958a by Douglas Bagnall at 2021-07-05T04:16:34+00:00
dns_common_replace: comment in needs_add case
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
54b9271e by Douglas Bagnall at 2021-07-05T04:16:34+00:00
s4/dns_common_replace: add comments about tombstones
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7a111c1f by Douglas Bagnall at 2021-07-05T04:16:34+00:00
dns_server: free old zones when reloading
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b80f66f8 by Douglas Bagnall at 2021-07-05T04:16:34+00:00
ldb-samba: dns tombstone matching: constrict value length
We know the only values we want to see are uint32, ie < ~4 billion
(and real values will be 7 digits for hundreds of years).
We also know the caller (we have just checked) is a trusted system
session which won't be padding the thing with spaces. But if they do,
let's call them out.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e6e3dc8b by Douglas Bagnall at 2021-07-05T04:16:34+00:00
pydns: fix a comment in replace_by_dn()
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7c298ee8 by Douglas Bagnall at 2021-07-05T04:16:34+00:00
samba-tool: dns update rejects malformed addresses
Because neither filling out the struct will not necessarily tell you
you got it wrong, and the RPC could succeed in setting an arbitrary
wrong address (typically, an IPv6 address would set an A record to
"255.255.255.255").
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9d3731cd by Douglas Bagnall at 2021-07-05T04:16:34+00:00
dns_common_replace: do not leak
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6d216dc3 by Douglas Bagnall at 2021-07-05T04:16:34+00:00
dns update: zero flags and reserved
This is the observed behaviour on Windows.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0cb833b3 by Douglas Bagnall at 2021-07-05T04:16:34+00:00
fuzz: fix multiple comment headers
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
16c28b36 by Douglas Bagnall at 2021-07-05T04:16:34+00:00
fuzz: add fuzz_parse_lpq_entry
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
fc267567 by Douglas Bagnall at 2021-07-05T05:07:13+00:00
printing: avoid crash in LPRng_time
If the string is too shhort we don't want to atoi() whatever is beyond
the end of it.
Found using Honggfuzz and the fuzz_parse_lpq_entry fuzzer.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Mon Jul 5 05:07:13 UTC 2021 on sn-devel-184
- - - - -
0388a8f3 by Stefan Metzmacher at 2021-07-05T23:00:38+00:00
gensec_krb5: restore ipv6 support for kpasswd
We need to offer as much space we have in order to
get the address out of tsocket_address_bsd_sockaddr().
This fixes a regression in commit
43c808f2ff907497dfff0988ff90a48fdcfc16ef.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14750
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7c3bb491 by Stefan Metzmacher at 2021-07-05T23:51:43+00:00
testprogs: Consistantly use kinit -c $KRB5CCNAME
We want to be really clear which credentials cache we use.
The kerberos_kinit() shell function uses this internally.
-c is the common option between MIT and Heimdal, and is
equivilant to --cache
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Mon Jul 5 23:51:43 UTC 2021 on sn-devel-184
- - - - -
00bab5b3 by Stefan Metzmacher at 2021-07-06T11:08:43+00:00
smbXsrv_{open,session,tcon}: protect smbXsrv_{open,session,tcon}_global_traverse_fn against invalid records
I saw systems with locking.tdb records being part of:
ctdb catdb smbXsrv_tcon_global.tdb
It's yet unknown how that happened, but we should not panic in srvsvc_*
calls because the info0 pointer was NULL.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14752
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Tue Jul 6 11:08:43 UTC 2021 on sn-devel-184
- - - - -
740a2172 by Andreas Schneider at 2021-07-07T05:07:30+00:00
third_party:cmocka: Fix build when used in lib/tevent
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
5203e70a by Pavel Březina at 2021-07-07T05:07:30+00:00
tevent: add support for cmocka unit tests
This adds a placeholder for new cmocka tests for tevent. Tests
are added in individual commits.
Signed-off-by: Pavel Březina <pbrezina at redhat.com>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
fc9dd8ce by Pavel Březina at 2021-07-07T05:07:30+00:00
tevent: add custom tag to events
Adds a new API to set and get an uint64_t tag on fd, timer, signal and
immediate events. This can be used to assign a unique and known id to
the event to allow easy tracking of such event.
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Pavel Březina <pbrezina at redhat.com>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
683c44a7 by Pavel Březina at 2021-07-07T05:07:30+00:00
tevent: add event trace api
Adds new tracing API to trace fd, timer, signal and immediate events
on specific trace points: attach, before handler and dettach.
This can be used in combination with the event tag to keep track
of the currently executed event for purpose of debugging.
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Pavel Březina <pbrezina at redhat.com>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
de4e8a1a by Pavel Březina at 2021-07-07T05:07:31+00:00
tevent: bump the version number to 0.11.0
* Other minor build fixes.
* Add custom tag to events
* Add event trace api
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Pavel Březina <pbrezina at redhat.com>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
ced1d018 by Andreas Schneider at 2021-07-07T05:54:16+00:00
Add editorconfig config file
See https://editorconfig.org/ for details.
(neo)vim: https://github.com/editorconfig/editorconfig-vim
emacs: https://github.com/editorconfig/editorconfig-emacs
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Wed Jul 7 05:54:16 UTC 2021 on sn-devel-184
- - - - -
372e1f30 by Andreas Schneider at 2021-07-07T14:10:28+00:00
s3:tests: Fix wbinfo_lookuprids_cache test with system tdb-tools
If libtdb is used from the system, we should use those tools by default.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d5a0ba47 by Andreas Schneider at 2021-07-07T14:10:28+00:00
selftest: Add the trusted domain realms to krb5.conf
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4b2b5c8f by Andreas Schneider at 2021-07-07T14:10:28+00:00
testprogs: Rename TRUST_CREDS variables in test_trust_utils.sh
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8d71afb4 by Andreas Schneider at 2021-07-07T14:10:28+00:00
testprogs: Show that DOM\user and REALM\user work for auth
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
194d726a by Isaac Boukris at 2021-07-07T14:10:29+00:00
selftest: Fix "outgoing" test in kinit_trust heimdal
Found by the test not failing in one-way trust.
Signed-off-by: Isaac Boukris <iboukris at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a5012df8 by Andreas Schneider at 2021-07-07T14:10:29+00:00
selftest: fl2000dc: Add outgoing trust from fl2000dc to ad_dc
Pair-Programmed-With: Andreas Schneider <asn at samba.org>
Signed-off-by: Andreas Schneider <asn at samba.org>
Signed-off-by: Isaac Boukris <iboukris at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7e9c97ba by Isaac Boukris at 2021-07-07T15:01:22+00:00
selftest: Add test for one-way trust wbinfo auth
Signed-off-by: Isaac Boukris <iboukris at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Wed Jul 7 15:01:22 UTC 2021 on sn-devel-184
- - - - -
252275f3 by Andreas Schneider at 2021-07-08T09:30:40+00:00
lib:tdb: Fix a memory leak on error
Found by covscan.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
0c94e48c by Andreas Schneider at 2021-07-08T09:30:40+00:00
auth:creds: Remove unused simple.c file
This code is tested by the cmocka unit test:
auth/credentials/tests/test_creds.c
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
f1181ade by Samuel Cabrero at 2021-07-08T09:30:40+00:00
s3:lib: Map ECANCELED to NT_STATUS_CANCELLED
Now map_nt_error_from_unix() returns the same value as
map_nt_error_from_unix_common().
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
2b8c73b5 by Samuel Cabrero at 2021-07-08T09:30:40+00:00
libcli: Move map_errno_from_nt_status from s3 lib to common libcli
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
f0a1f178 by Stefan Metzmacher at 2021-07-08T09:30:40+00:00
torture/ndr: make check functions typesafe
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14452
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
- - - - -
cb609016 by Stefan Metzmacher at 2021-07-08T09:30:40+00:00
torture/ndr: add more details to the test names
We can have more than one blob for a given idl function
and we should avoid using the same name for all of them.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14452
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
- - - - -
cf1baa8b by Stefan Metzmacher at 2021-07-08T09:30:40+00:00
torture/ndr: reproduce a problem with witness_AsyncNotify
Credit Oss-Fuzz
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22175
REF: https://oss-fuzz.com/testcase-detail/5686294157197312
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14452
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
- - - - -
8cce23ac by Stefan Metzmacher at 2021-07-08T09:30:40+00:00
witness.idl: fix length calculation for witness_IPaddrInfoList
If r->num is 0, we should not dereference r->addr.
Using ndr_size_witness_IPaddrInfoList() also make this much simpler
and avoids the magic 12.
Credit Oss-Fuzz
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22175
REF: https://oss-fuzz.com/testcase-detail/5686294157197312
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14452
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
- - - - -
51012692 by Samuel Cabrero at 2021-07-08T10:21:25+00:00
lib/tsocket: Free subreq as soon as possible
This is not a memory leak as it is freed when the parent req's state is
freed, but will help in low memory situations.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Thu Jul 8 10:21:25 UTC 2021 on sn-devel-184
- - - - -
595d12ca by Andrew Bartlett at 2021-07-08T12:44:49+00:00
selftest: Print dns_update_cache path into the logs
This sometimes get stuck in a loop and this may help debug it.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Thu Jul 8 12:44:49 UTC 2021 on sn-devel-184
- - - - -
b5427f4c by David Mulder at 2021-07-08T14:43:11+00:00
WHATSNEW: samba-tool without ad-dc
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Autobuild-User(master): David Mulder <dmulder at samba.org>
Autobuild-Date(master): Thu Jul 8 14:43:11 UTC 2021 on sn-devel-184
- - - - -
44aba9c7 by Ralph Boehme at 2021-07-12T15:11:42+00:00
nsswitch: ensure the attrlist_t array is large enough for a NULL sentinel
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14754
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Mon Jul 12 15:11:42 UTC 2021 on sn-devel-184
- - - - -
147dd9d5 by Stefan Metzmacher at 2021-07-12T21:25:21+00:00
libcli/smb: let smb2_negotiate_context_parse() only parse the expected number of contexts
Any garbage at the end needs to be ignored.
This fixes the Negotiate_SMB311_ContextID_NetName test from:
https://github.com/microsoft/WindowsProtocolTestSuites/blob/main/TestSuites/FileServer/src/SMB2/TestSuite/Negotiate/Negotiation.cs#L730
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon Jul 12 21:25:21 UTC 2021 on sn-devel-184
- - - - -
0657db26 by Jeremy Allison at 2021-07-13T08:11:36+00:00
s3: smbd: Explicitly code the semantics of "dos filemode" into the chown code.
We actually don't need this to get the right semantics, as the open or the
set_sd() code catches the correct cases and returns ACCESS_DENIED, but it
makes me much happier to see the prerequisites needed expressed in code here
right at the point of use.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Tue Jul 13 08:11:36 UTC 2021 on sn-devel-184
- - - - -
03e36502 by Jeremy Allison at 2021-07-14T08:09:31+00:00
s3: VFS: fruit. In ad_get_meta_fsp(), we only need a handle on the base file, not the stream.
We'll be calling SMB_VFS_FGETXATTR() on the base fsp anyway.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14756
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
40cf129a by Jeremy Allison at 2021-07-14T08:09:31+00:00
s3: VFS: streams_xattr: In streams_xattr_stat() use synthetic_pathref() with basename
Remove my poor imitation of synthetic_pathref(), just call the real thing..
We need to go through the full VFS stack here to get
the ino correct to get the fsp handle.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14756
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
18a30d93 by Ralph Boehme at 2021-07-14T08:09:31+00:00
smbd: canonicalize SMB_VFS_FSTAT() stat buffer
This helps code inside any module implementing fstat() looking at
fsp->fsp_name->st instead of the passed in stat buf.
I only ran afoul of this in a DEBUG message I added while debugging some inode
related problem.
No change in behaviour.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14756
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
2c9ae4b7 by Ralph Boehme at 2021-07-14T08:09:31+00:00
smbd: put back dev/ino stat/fstat check in openat_pathref_fsp()
This reverts commit a6df051dd5e8c63f2fdfdb20ee01169d2bdb97dd:
"s3: smbd: In openat_pathref_fsp(), just check we're opening the same file type, not dev and inode."
The prior changes mean we can go back to checking dev/ino
matches.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14756
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
b32e56d6 by Ralph Boehme at 2021-07-14T08:09:31+00:00
smbd: update smb_fname statinfo from fsp
fd_openat() has done an FSTAT on the handle so update the smb_fname stat info
with "truth". from the handle.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14756
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
745ded9a by Ralph Boehme at 2021-07-14T08:09:31+00:00
selftest: pass smbclient arg to samba3.blackbox.shadow_copy_torture test
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14756
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
0a0b438b by Ralph Boehme at 2021-07-14T08:09:31+00:00
selftest: enable "shadow:fixinodes" in "shadow_write" share
The existing tests don't care and this will be used in a subsequent commit to
demonstrate that this option is currently broken.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14756
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
3aabc982 by Ralph Boehme at 2021-07-14T08:09:31+00:00
selftest: simplify snapshot directory creation in test_shadow_copy_torture.sh
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14756
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
4a7e483c by Ralph Boehme at 2021-07-14T08:09:31+00:00
selftest: add a test for shadow:fixinodes
This will fail with
Failed to open file \@GMT-2015.10.31-19.40.30\subdir\hardlink. NT_STATUS_ACCESS_DENIED
The open is failing in openat_pathref_fsp():
[2021/07/06 04:58:17.677104, 10, pid=95070, effective(1000, 1000), real(1000, 0)] ../../source3/smbd/files.c:541(openat_pathref_fsp)
openat_pathref_fsp: file [subdir/hardlink {@GMT-2015.10.31-19.40.30}] - dev/ino mismatch. Old (dev=64770, ino=3826943444). New (dev=64770, ino=1746568660).
[2021/07/06 04:58:17.677114, 10, pid=95070, effective(1000, 1000), real(1000, 0)] ../../source3/smbd/files.c:568(openat_pathref_fsp)
openat_pathref_fsp: Opening pathref for [subdir/hardlink {@GMT-2015.10.31-19.40.30}] failed: NT_STATUS_ACCESS_DENIED
The reason is subtle:
shadow_copy2 calculates inode numbers of snapshot files based on the path of the
file. The result of that when doing a path based stat() from filename_convert()
was
[2021/07/06 04:58:17.676159, 10, pid=95070, effective(1000, 1000), real(1000, 0)] ../../source3/smbd/filename.c:1945(filename_convert_internal)
filename_convert_internal: XXX smb_fname [subdir/hardlink {@GMT-2015.10.31-19.40.30}] (dev=64770, ino=3826943444).
which is the "Old" inode shown above.
Later in the open code called from openat_pathref_fsp() -> fd_openat() ->
non_widelink_open() since 4.14 we call SMB_VFS_FSTAT() where fsp->fsp_name will
be set to the new relative *basename* of the file:
[2021/07/06 04:58:17.676917, 10, pid=95070, effective(1000, 1000), real(1000, 0), class=vfs] ../../source3/modules/vfs_default.c:1302(vfswrap_fstat)
vfswrap_fstat: XXX fsp [hardlink {@GMT-2015.10.31-19.40.30}] (dev=64770, ino=3826943444)
So for stat() the hash function in called with the full path relative to the share
root:
subdir/hardlink
while for fstat() the hash function will used
hardlink
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14756
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c7d67458 by Ralph Boehme at 2021-07-14T08:09:31+00:00
vfs_shadow_copy2: ensure we call convert_sbuf() in shadow_copy2_*stat() on already converted paths with absolute path
shadow_copy2_strip_snapshot() will happily return without modifying the passed
timestamp=0 if the path is already converted and refers to an object in a
snapshot, eg (first debug line from extra debugging patch [1]):
[10 2021/07/02 08:19:28.811424 pid=738290 ../../source3/modules/vfs_shadow_copy2.c:1303 shadow_copy2_fstat]
shadow_copy2_fstat: fsp [test.txt {@GMT-2000.01.02-03.04.05}]
[10 2021/07/02 08:19:28.811449 pid=738290 ../../source3/modules/vfs_shadow_copy2.c:607 _shadow_copy2_strip_snapshot_internal]
_shadow_copy2_strip_snapshot_internal: [from shadow_copy2_fstat()] Path 'test.txt {@GMT-2000.01.02-03.04.05}'
[10 2021/07/02 08:19:28.811474 pid=738290 ../../source3/modules/vfs_shadow_copy2.c:619 _shadow_copy2_strip_snapshot_internal]
_shadow_copy2_strip_snapshot_internal: abs path '/gpfs0/smb_snapshots2/filesetone/.snapshots/@GMT-2000.01.02-03.04.05/test.txt'
[10 2021/07/02 08:19:28.811496 pid=738290 ../../source3/modules/vfs_shadow_copy2.c:1924 shadow_copy2_snapshot_to_gmt]
shadow_copy2_snapshot_to_gmt: match @GMT-%Y.%m.%d-%H.%M.%S: @GMT-2000.01.02-03.04.05
[10 2021/07/02 08:19:28.811536 pid=738290 ../../source3/modules/vfs_shadow_copy2.c:566 check_for_converted_path]
check_for_converted_path: path |/gpfs0/smb_snapshots2/filesetone/.snapshots/@GMT-2000.01.02-03.04.05/test.txt| is already converted. connect path = |/gpfs0/smb_snapshots2/filesetone/.snapshots/@GMT-2000.01.02-03.04.05|
As check_for_converted_path() detects an "already converted path",
_shadow_copy2_strip_snapshot_internal() just returns without modifying the value
of the timestamp.
By using shadow_copy2_strip_snapshot_converted() instead of
shadow_copy2_strip_snapshot() we can check if the path is in fact referring to a
VSS object by checking the "converted" bool.
An alternative way would have been directly checking fsp->fsp_name->twrp != 0,
but that would be a new semantic in the module, I'll leave this excersize for
the future when we clean up the usage of shadow_copy2_strip_snapshot() in the
whole module.
This change also switches to using the absolute paths in both place where
convert_sbuf() is called.
[1]
@@ -1309,8 +1348,16 @@ static int shadow_copy2_fstat(vfs_handle_struct *handle, files_struct *fsp,
saved_errno = errno;
}
+ DBG_DEBUG("fsp [%s]\n", fsp_str_dbg(fsp));
RN: vfs_shadow_copy2 fixinodes not correctly updating inode numbers
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14756
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f66d3621 by Ralph Boehme at 2021-07-14T08:09:31+00:00
s3: expect fstatat() and dirfd()
FreeBSD, AIX and Solaris all have this.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
8804d240 by Jeremy Allison at 2021-07-14T08:09:31+00:00
s3: lib: Add sys_fstatat() wrapper.
Does the usual things we need with fake_dir_create_times.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
cc6e433b by Jeremy Allison at 2021-07-14T08:09:31+00:00
s3: VFS: default. Fix vfswrap_readdir() to use sys_fstatat().
Change struct stat st -> SMB_STRUCT_STAT st
and just copy the struct on success, as sys_fstatat()
already does the init_stat_ex_from_stat() for us.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
106beab5 by Jeremy Allison at 2021-07-14T08:09:31+00:00
s2: VFS: default. Fix vfswrap_read_dfs_pathat() to use fsp_get_pathref_fd() not fsp_get_io_fd().
We don't need an io fd here, and we only get away
with it as we have the assert above:
SMB_ASSERT(dirfsp == dirfsp->conn->cwd_fsp);
This will be removed next.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
9fa5e171 by Jeremy Allison at 2021-07-14T08:09:31+00:00
s3: VFS: default. In vfswrap_read_dfs_pathat() use sys_fstatat().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
4da6a9f4 by Jeremy Allison at 2021-07-14T08:09:31+00:00
s3: VFS: default. In vfswrap_read_dfs_pathat(), cope with relative pathnames.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
ac0ff0e1 by Jeremy Allison at 2021-07-14T08:09:31+00:00
s3: VFS: cap: Fix cap_read_dfs_pathat() to cope with relative paths.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
43970634 by Jeremy Allison at 2021-07-14T08:09:31+00:00
s3: VFS: ceph: In cephwrap_read_dfs_pathat(), cope with relative pathnames.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
288eec96 by Jeremy Allison at 2021-07-14T08:09:31+00:00
s3: VFS: full_audit. In smb_full_audit_read_dfs_pathat(), cope with relative pathnames.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
a3664ca2 by Jeremy Allison at 2021-07-14T08:09:31+00:00
s3: VFS: glusterfs. In vfs_gluster_read_dfs_pathat(), cope with relative pathnames.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
84070c3e by Jeremy Allison at 2021-07-14T08:09:31+00:00
s3: VFS: shadow_copy2. In shadow_copy2_read_dfs_pathat(), cope with relative pathnames.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
165d0998 by Jeremy Allison at 2021-07-14T08:09:31+00:00
s3: VFS: time_audit. In smb_time_audit_read_dfs_pathat(), cope with relative pathnames.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
523bc61c by Jeremy Allison at 2021-07-14T08:09:31+00:00
s3: smbd: In smbd_dirptr_get_entry(), postpone TALLOC_FREE(atname) as we're going to pass this to mode_fn().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
88e56a71 by Jeremy Allison at 2021-07-14T08:09:31+00:00
s3: smbd: Pass dirfsp, atname down to mode_fn() passed to smbd_dirptr_get_entry().
Not yet used.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
3b71ead1 by Jeremy Allison at 2021-07-14T08:09:31+00:00
s3: smbd: Add dirfsp, atname parameters to check_msdfs_link().
Replace the old connection_struct *conn parameter.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
c62807e3 by Jeremy Allison at 2021-07-14T08:09:31+00:00
s3: smbd: In is_msdfs_link(), change to dirfsp, atname parameters.
Remember to update the smb_fname->st struct inside check_msdfs_link(),
as we now pass the atname to is_msdfs_link(), not the smb_fname.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
f35c6a48 by Jeremy Allison at 2021-07-14T08:09:31+00:00
s3: smbd: In dfs_path_lookup(), use relative dirfsp, atname lookups in SMB_VFS_READ_DFS_PATHAT() for the whole path optimization.
Note parent_pathref() must succeed before we can call SMB_VFS_READ_DFS_PATHAT().
Otherwise, just skip the whole path optimization and go onto the path walk code.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
1538b44d by Jeremy Allison at 2021-07-14T08:09:31+00:00
s3: smbd: In dfs_path_lookup(), use relative dirfsp, atname lookups in SMB_VFS_READ_DFS_PATHAT() for the pathname walk fallback.
Note that parent_pathref() must succeed before we call SMB_VFS_READ_DFS_PATHAT().
If parent_pathref() fails, just step back a component without calling
SMB_VFS_READ_DFS_PATHAT().
There are no longer any non-relative uses of SMB_VFS_READ_DFS_PATHAT().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
e168a95c by Jeremy Allison at 2021-07-14T08:58:29+00:00
s3: VFS: Update status of SMB_VFS_READ_DFS_PATHAT.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Wed Jul 14 08:58:30 UTC 2021 on sn-devel-184
- - - - -
9cc62b56 by Günther Deschner at 2021-07-14T16:49:29+00:00
librpc/ndr: do not print strings when NDR_SECRET is used
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
dc40f23a by Günther Deschner at 2021-07-14T16:49:29+00:00
librpc: add "Offline Domain Join" (ODJ) IDL
This IDL is based on
https://github.com/MicrosoftDocs/win32/blob/docs/desktop-src/NetMgmt/odj-idl.md
and has been licensed by Microsoft under the terms of the MIT License.
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
8ff68786 by Günther Deschner at 2021-07-14T16:49:29+00:00
librpc: compile ODJ idl
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
91ff0584 by Günther Deschner at 2021-07-14T16:49:29+00:00
librpc: add custom odj_switch_level_from_guid()
This function maintains an arbitrary mapping of GUID strings to
integers. This is required as only integers can be used as
discriminators for autogenerated ODJ unions.
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
9963da12 by Günther Deschner at 2021-07-14T16:49:29+00:00
librpc: more work on ODJ IDL
A lot of nested use of serialization stream pointers
([MS-RPCE] 2.2.6 Type Serialization Version 1).
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
705f9954 by Günther Deschner at 2021-07-14T16:49:29+00:00
librpc: make sure the 4 byte _pad in ODJ_WIN7BLOB is never 0
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
bd5dce66 by Günther Deschner at 2021-07-14T16:49:29+00:00
s4-torture: add odj ndr testsuite
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
9d9a1132 by Günther Deschner at 2021-07-14T16:49:30+00:00
s3-libnet_join: add new provision_computer_account_only flag
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
f37d5ea2 by Günther Deschner at 2021-07-14T16:49:30+00:00
s3-libnet_join: let libnetjoin return a netr_DsRGetDCNameInfo
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
9a0db8c8 by Günther Deschner at 2021-07-14T16:49:30+00:00
s3-rpc_client: add copy_netr_DsRGetDCNameInfo() helper
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
ada1ed29 by Günther Deschner at 2021-07-14T16:49:30+00:00
s3-libnet_join: return the allocated netr_DsRGetDCNameInfo struct
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
402d9032 by Günther Deschner at 2021-07-14T16:49:30+00:00
s3-libnet_join: add some libnet_JoinCtx-to-ODJ helpers
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
80b8bbe4 by Günther Deschner at 2021-07-14T16:49:30+00:00
s3-libnet_join: add libnet_odj_find_win7blob to libnet_offline_join
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
793277c0 by Günther Deschner at 2021-07-14T16:49:30+00:00
s3-libnet_join: add libnet_odj_find_joinprov3()
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
36db8fae by Günther Deschner at 2021-07-14T16:49:30+00:00
s3-libnet_join: return account rid in libnet_JoinCtx
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
beaab062 by Günther Deschner at 2021-07-14T16:49:30+00:00
s3-librpc: add ODJ_PROVISION_DATA pointer to libnet_JoinCtx
It will be used later to pass in offline domain join structs to serve
request offline domain join requests.
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
0d755034 by Günther Deschner at 2021-07-14T16:49:30+00:00
s3-libnet_join: fully implement libnet_odj_compose_OP_JOINPROV3_PART
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
91dcc7c8 by Günther Deschner at 2021-07-14T16:49:30+00:00
s3-libnet_join: add request_offline_join flag
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
22d500ec by Günther Deschner at 2021-07-14T16:49:30+00:00
s3-dsgetdcname: the returned dcinfo unc should always be prefixed
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
997fbcbc by Günther Deschner at 2021-07-14T16:49:30+00:00
s3-dsgetdcname: return dcinfo also when delivering from the cache.
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
1581d63b by Günther Deschner at 2021-07-14T16:49:30+00:00
s3-libnet_join: add support for libnet_DomainOfflineJoin
libnet_DomainOfflineJoin will consume the provided offline domain join
blob and lay out libnet_Join information to properly store join metadata
in the local database.
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
de329620 by Günther Deschner at 2021-07-14T16:49:30+00:00
s3-libnet_join: use joinprov3 struct in libnet_DomainOfflineJoin()
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
7a997294 by Günther Deschner at 2021-07-14T16:49:30+00:00
s3-dsgetdcname: add dsgetonedcname()
The idea is to run the same DC validation steps as for dsgetdcname()
just omit the query list of DCs via DNS/netbios step but instead
validate a given DC right away.
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
8f3b9944 by Günther Deschner at 2021-07-14T16:49:30+00:00
s3-libnet_join: use dsgetonedcname to validate given DC
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
33ed555e by Günther Deschner at 2021-07-14T16:49:30+00:00
s3-libnet_join: set netbios name as well when modification is requested
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
79938479 by Günther Deschner at 2021-07-14T16:49:30+00:00
s3-libnet_join: check for netbios name correctness as well
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
eff9610e by Günther Deschner at 2021-07-14T16:49:30+00:00
s3-libnet_join: always check config correctness while joining offline
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
adcdb696 by Günther Deschner at 2021-07-14T16:49:30+00:00
re-run make libnetapi ....
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
927390ba by Günther Deschner at 2021-07-14T16:49:30+00:00
s3-libnetapi: add libnetapi_get_use_kerberos()
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
1c62cac7 by Günther Deschner at 2021-07-14T16:49:30+00:00
s3-libnetapi: add libnetapi_set_logfile()
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
4d65b263 by Günther Deschner at 2021-07-14T16:49:30+00:00
s3-libnetapi: add missing NetJoinFlags for netapi
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
44bd5049 by Günther Deschner at 2021-07-14T16:49:30+00:00
s3-libnetapi: add offline domain join related error codes (not WERRORs)
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
3cfe6636 by Günther Deschner at 2021-07-14T16:49:30+00:00
s3-libnetapi: add netapi_read_file helper
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
fc51b38e by Günther Deschner at 2021-07-14T16:49:30+00:00
s3-libnetapi: add netapi_save_file_ucs2() to example code
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
b19a145e by Günther Deschner at 2021-07-14T16:49:30+00:00
s3-libnetapi: add NetProvisionComputerAccount() to IDL
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
3f71d1fa by Günther Deschner at 2021-07-14T16:49:30+00:00
s3-libnetapi: add NetProvisionComputerAccount() boilerplate
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
8bf2a3f9 by Günther Deschner at 2021-07-14T16:49:30+00:00
s3-libnetapi: add NetProvisionComputerAccount to api.
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
962c8039 by Günther Deschner at 2021-07-14T16:49:30+00:00
s3-libnetapi: add NetProvisionComputerAccount example code
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
3c8254a2 by Günther Deschner at 2021-07-14T16:49:30+00:00
s3-libnetapi: implement NetProvisionComputerAccount_l
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
c97dac6d by Günther Deschner at 2021-07-14T16:49:30+00:00
s3-libnetapi: add NetRequestOfflineDomainJoin to IDL
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
0816a3d9 by Günther Deschner at 2021-07-14T16:49:30+00:00
s3-libnetapi: add NetRequestOfflineDomainJoin() boilerplate.
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
c1f937bf by Günther Deschner at 2021-07-14T16:49:30+00:00
s3-libnetapi: add NetRequestOfflineDomainJoin to api
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
e7a8aeee by Günther Deschner at 2021-07-14T16:49:30+00:00
s3-libnetapi: add NetRequestOfflineDomainJoin example code
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
3e3269d3 by Günther Deschner at 2021-07-14T16:49:30+00:00
s3-libnetapi: implement NetRequestOfflineDomainJoin_l
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
ec6fd45d by Günther Deschner at 2021-07-14T16:49:30+00:00
s3-libnetapi: add djoin tool
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
575407dc by Günther Deschner at 2021-07-14T16:49:30+00:00
s3-net: add "net offlinejoin" command
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
a8ad0eb4 by Günther Deschner at 2021-07-14T16:49:30+00:00
docs: document "net offlinejoin" set of commands
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
7938d94d by Günther Deschner at 2021-07-14T17:38:21+00:00
s4-selftest: add net offlinejoin tests
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
Autobuild-User(master): Günther Deschner <gd at samba.org>
Autobuild-Date(master): Wed Jul 14 17:38:21 UTC 2021 on sn-devel-184
- - - - -
5ecda3bc by Andreas Schneider at 2021-07-14T21:06:36+00:00
s3:winbind: Remove trailing whitespaces in winbindd.c
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
ea5b7309 by Andreas Schneider at 2021-07-14T21:06:36+00:00
s3:winbind: Remove trailing whitespaces in winbindd_cm.c
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
9f632405 by Andreas Schneider at 2021-07-14T21:06:36+00:00
s3:winbind: Remove trailing whitespaces in winbindd_dual.c
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
17c86a2c by Isaac Boukris at 2021-07-14T21:06:36+00:00
s3:winbind: Get rid of the winbind dc-connect child
The new code uses PING_DC to tell the child to try to go online.
Pair-Programmed-With: Andreas Schneider <asn at samba.org>
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Andreas Schneider <asn at samba.org>
Signed-off-by: Isaac Boukris <iboukris at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
- - - - -
bc1ee7ca by Stefan Metzmacher at 2021-07-14T21:06:36+00:00
talloc: version 2.3.3
- python: Ensure reference counts are properly incremented
- Bug 9931: change pytalloc source to LGPL
Signed-off-by: Stefan Metzmacher <metze at samba.org>
- - - - -
1ad5df9f by Stefan Metzmacher at 2021-07-14T21:06:36+00:00
tdb: version 1.4.4
- Fix a memory leak on error
- python: remove all 'from __future__ import print_function'
- Fix CID 1471761 String not null terminated
- Use hex_byte() in parse_hex()
- Use hex_byte() in read_data()
- fix studio compiler build
- Fix some signed/unsigned comparisons
- also use __has_attribute macro to check for attribute support
- Fix clang 9 missing-field-initializer warnings
- pytdb tests: add test for storev()
- pytdb: add python binding for storev()
- tdbtorture: Use ARRAY_DEL_ELEMENT()
- py3: Remove #define PyInt_FromLong PyLong_FromLong
- py3: Remove #define PyInt_AsLong PyLong_AsLong
- py3: Remove #define PyInt_Check PyLong_Check
- tdb: Align integer types
Signed-off-by: Stefan Metzmacher <metze at samba.org>
- - - - -
12bc55ff by Stefan Metzmacher at 2021-07-14T21:06:36+00:00
ldb: version 2.4 will be used for Samba 4.15
- Improve calculate_popt_array_length()
- Use C99 initializers for builtin_popt_options[]
- pyldb: Fix Message.items() for a message containing elements
- pyldb: Add test for Message.items()
- tests: Use ldbsearch '--scope instead of '-s'
- pyldb: fix a typo
- Change page size of guidindexpackv1.ldb
- Use a 1MiB lmdb so the test also passes on aarch64 CentOS stream
- attrib_handler casefold: simplify space dropping
- fix ldb_comparison_fold off-by-one overrun
- CVE-2020-27840: pytests: move Dn.validate test to ldb
- CVE-2020-27840 ldb_dn: avoid head corruption in ldb_dn_explode
- CVE-2021-20277 ldb/attrib_handlers casefold: stay in bounds
- CVE-2021-20277 ldb tests: ldb_match tests with extra spaces
- improve comments for ldb_module_connect_backend()
- test/ldb_tdb: correct introductory comments
- ldb.h: remove undefined async_ctx function signatures
- correct comments in attrib_handers val_to_int64
- dn tests use cmocka print functions
- ldb_match: remove redundant check
- add tests for ldb_wildcard_compare
- ldb_match: trailing chunk must match end of string
- pyldb: catch potential overflow error in py_timestring
- ldb: remove some 'if PY3's in tests
- Add missing break in switch statement
Signed-off-by: Stefan Metzmacher <metze at samba.org>
- - - - -
9d047192 by Stefan Metzmacher at 2021-07-14T21:06:36+00:00
s3:tests: use SAMBA_DEPRECATED_SUPPRESS=1 for backbox tests
These tests should not depend on the number of deprecation warnings
Signed-off-by: Stefan Metzmacher <metze at samba.org>
- - - - -
fdcae287 by Stefan Metzmacher at 2021-07-14T21:57:11+00:00
selftest: use SAMBA_DEPRECATED_SUPPRESS=1 for all tests
The deprecation warnings are filling the logs and make it hard to
find/see real problems.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Wed Jul 14 21:57:11 UTC 2021 on sn-devel-184
- - - - -
36023cb5 by Stefan Metzmacher at 2021-07-15T00:06:31+00:00
s4:torture:libsmbclient: make use of PROTOCOL_* enum values instead of of hardcoded int values
We should also test protocol versions which are not our default.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
7816d70f by Stefan Metzmacher at 2021-07-15T00:06:31+00:00
libcli/smb: no longer use experimental dialects 2.2.2, 2.2.4, 3.1.0 on the wire
These were only used in Windows development versions but not in
production.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
2a16bb71 by Stefan Metzmacher at 2021-07-15T00:06:31+00:00
smb2_negprot: no longer use experimental dialects 2.2.2, 2.2.4, 3.1.0 on the wire
These were only used in Windows development versions but not in
production.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ea102d3b by Stefan Metzmacher at 2021-07-15T00:06:31+00:00
s3:torture: replace PROTOCOL_SMB2_22 with PROTOCOL_SMB3_00
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1cd3394d by Stefan Metzmacher at 2021-07-15T00:06:31+00:00
s3:smbd: replace PROTOCOL_SMB2_22 with PROTOCOL_SMB3_00
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
3c8067a6 by Stefan Metzmacher at 2021-07-15T00:06:31+00:00
libcli/smb: replace PROTOCOL_SMB2_22 with PROTOCOL_SMB3_00
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
acb724c8 by Stefan Metzmacher at 2021-07-15T00:06:31+00:00
docs-xml: remove support for "SMB2_22"
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
8c05c979 by Stefan Metzmacher at 2021-07-15T00:06:31+00:00
libcli/smb: remove unused PROTOCOL_SMB2_22 definition
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
880d2e18 by Stefan Metzmacher at 2021-07-15T00:06:31+00:00
s3:smbd: replace PROTOCOL_SMB2_24 with PROTOCOL_SMB3_00
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
8a30ad66 by Stefan Metzmacher at 2021-07-15T00:06:31+00:00
libcli/smb: replace PROTOCOL_SMB2_24 with PROTOCOL_SMB3_00
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
fde7128b by Stefan Metzmacher at 2021-07-15T00:06:31+00:00
docs-xml: remove support for "SMB2_24"
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a12c4a7b by Stefan Metzmacher at 2021-07-15T00:06:31+00:00
libcli/smb: remove unused PROTOCOL_SMB2_24 definition
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
7f850733 by Stefan Metzmacher at 2021-07-15T00:06:31+00:00
s3:smbd: replace PROTOCOL_SMB3_10 with PROTOCOL_SMB3_11
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
cb86d581 by Stefan Metzmacher at 2021-07-15T00:06:31+00:00
libcli/smb: replace PROTOCOL_SMB3_10 with PROTOCOL_SMB3_11
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
41cf9f89 by Stefan Metzmacher at 2021-07-15T00:06:31+00:00
docs-xml: remove support for "SMB3_10"
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
2a575dfd by Stefan Metzmacher at 2021-07-15T00:06:31+00:00
libcli/smb: remove unused PROTOCOL_SMB3_10 definition
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e25a9e8f by Stefan Metzmacher at 2021-07-15T00:06:31+00:00
WHATSNEW: document the removal of SMB2_22, SMB2_24 and SMB3_10
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
66673f08 by Stefan Metzmacher at 2021-07-15T00:06:31+00:00
s4:torture: let smb2.session.bind_negative_* also test without session keys
This checks the result of a 2nd session setup without the BIND flags
and also without signing being already enabled.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a262568e by Stefan Metzmacher at 2021-07-15T00:06:31+00:00
s4:torture: let smb2.session.bind_negative_* tests also use a different client guid
Testing also with a different client guid between channels
triggers (at least in samba) a different code path compaired
to the tests using the same client guid.
Testing both already revealed a bug.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
2b36af83 by Stefan Metzmacher at 2021-07-15T00:06:31+00:00
s3:smbd: let smb2srv_session_lookup_global() clear the signing/encryption_flags
When we make use of this we only in order to provide the correct
error codes anyway.
This actually fixes even more error codes.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
aa29d899 by Stefan Metzmacher at 2021-07-15T00:06:31+00:00
s3:smbd: fix a NULL pointer deference caused by smb2srv_update_crypto_flags()
When we used a fake session structure from
smb2srv_session_lookup_global() there's no point in updating
any database.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1781910d by Stefan Metzmacher at 2021-07-15T00:06:31+00:00
s3:smbd: make sure smbXsrv_session_update() doesn't segfault with table == NULL
There might be other places than smb2srv_update_crypto_flags(), which
may call smbXsrv_session_update() with a fake session, they should
return in error instead of segfaulting.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f8f4a9fa by Stefan Metzmacher at 2021-07-15T00:06:31+00:00
s3:smbd: remove dead code from smbd_smb2_request_dispatch()
We have '} else if (signing_required || (flags & SMB2_HDR_FLAG_SIGNED)) {'
before...
Use 'git show -U52' to see the whole story...
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
95a3bf58 by Stefan Metzmacher at 2021-07-15T00:06:31+00:00
s3:smbd: fallback to smb2srv_session_lookup_global() for session setups with failed signing
The motivation is to get the same error responses as a windows server.
We already fallback to smb2srv_session_lookup_global() in other places
where we don't have a valid session in the current smbd process.
If signing is failing while verifying a session setup request,
we should do the same if we don't have a valid channel binding
for the connection yet.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f6277278 by Stefan Metzmacher at 2021-07-15T00:06:31+00:00
lib/param: add lpcfg_parm_is_unspecified() helper
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
7f03d7c8 by Stefan Metzmacher at 2021-07-15T00:06:31+00:00
lib/param: enable "server multi channel support" by default on Linux and FreeBSD
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
4a7bd4c0 by Stefan Metzmacher at 2021-07-15T00:06:31+00:00
WHATNEW: document "server multi channel support" change
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a702d781 by Stefan Metzmacher at 2021-07-15T00:06:31+00:00
smb2_negprot: make use of struct smb311_capabilities.encryption
This makes the code more generic and allow the supported ciphers
to be easily added or depend on the configuration later.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
5ca01e48 by Stefan Metzmacher at 2021-07-15T00:06:31+00:00
docs-xml: add "client/server smb3 encryption algorithms" options
This gives administrators more control over the used algorithms.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
374f26aa by Stefan Metzmacher at 2021-07-15T00:06:31+00:00
libcli/smb: add helpers to parse client/server smb3 encryption algorithms into struct smb311_capabilities
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
53e37124 by Stefan Metzmacher at 2021-07-15T00:06:31+00:00
s3:libsmb: make use of 'client smb3 encryption algorithms'
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e0ba6f40 by Stefan Metzmacher at 2021-07-15T00:06:31+00:00
s4:param: make use of 'client smb3 encryption algorithms'
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
71b06682 by Stefan Metzmacher at 2021-07-15T00:06:31+00:00
s3:smbd: make use of 'server smb3 encryption algorithms'
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
cf1459f4 by Stefan Metzmacher at 2021-07-15T00:06:31+00:00
libcli/smb: let 'client smb3 encryption algorithms' disable aes-128-ccm for SMB3_0*
SMB 3.0 and 3.0.2 require aes-128-ccm, so we need to reject them unless
'client smb3 encryption algorithms' allows them.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
9e6d3df6 by Stefan Metzmacher at 2021-07-15T00:06:31+00:00
libcli/smb: add smb311_capabilities_check() helper
It checks that the resulting algorithms (most likely for
dialects < 3.1.1) are actually allowed.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
9b123bc9 by Stefan Metzmacher at 2021-07-15T00:06:31+00:00
s3:smbd: let 'server smb3 encryption algorithms' disable aes-128-ccm for SMB3_0*
SMB 3.0 and 3.0.2 require aes-128-ccm, so we need to reject them unless
'client smb3 encryption algorithms' allows them.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d10153c8 by Stefan Metzmacher at 2021-07-15T00:06:31+00:00
libcli/smb: add aes-256-{gcm,ccm} support to smb2_signing_[en|de]crypt_pdu()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
033716d9 by Stefan Metzmacher at 2021-07-15T00:06:31+00:00
lib/param: offer aes-256-{gcm,ccm} encryption by default
We match Windows and keep aes-128-{gcm,ccm} first...
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
24142c37 by Stefan Metzmacher at 2021-07-15T00:06:31+00:00
libcli/smb: add SMB2_TRANSPORT_CAPABILITIES related defines to smb2_constants.h
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
6b775f03 by Stefan Metzmacher at 2021-07-15T00:06:31+00:00
libcli/smb: add SMB2_RDMA_TRANSFORM_CAPABILITIES related defines to smb2_constants.h
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
6447ae60 by Stefan Metzmacher at 2021-07-15T00:06:31+00:00
libcli/smb: add SMB2_SIGNING_CAPABILITIES related defines to smb2_constants.h
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f435de59 by Stefan Metzmacher at 2021-07-15T00:06:31+00:00
s3:smbd: only allow cancel with the same session
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
b576123d by Stefan Metzmacher at 2021-07-15T00:06:31+00:00
s3:smbstatus: pretty print the use of new signing/encryption algorithms
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
90bc67f3 by Stefan Metzmacher at 2021-07-15T00:06:31+00:00
s3:smbd: make sure STATUS_PENDING responses are never signed
It's important to match Windows here in order to avoid reusing
a NONCE for AES-128-GMAC signing.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c3638255 by Stefan Metzmacher at 2021-07-15T00:06:31+00:00
s3:smbd: make sure we don't try to sign CANCEL response PDUs
Normally these are never generated, but it can happen when the
signing check fails.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
eeb09dfa by Stefan Metzmacher at 2021-07-15T00:06:31+00:00
libcli/smb: add smb2cli_conn_server_{signing,encryption}_algo()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e720ce4f by Stefan Metzmacher at 2021-07-15T00:06:31+00:00
libcli/smb: skip session setup signing for REQUEST_OUT_OF_SEQUENCE, NOT_SUPPORTED and ACCESS_DENIED
We should propagate these errors to the caller instead of masking them
with ACCESS_DENIED. And for ACCESS_DENIED we should not disconnect the
connection.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
89f0552c by Stefan Metzmacher at 2021-07-15T00:06:31+00:00
libcli/smb: make sure we always send a valid MID in cancel PDUs
This is important as with AES-128-GMAC signing, the nonce will be
derived from the MID.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
4d33b08c by Stefan Metzmacher at 2021-07-15T00:06:31+00:00
libcli/smb: make sure smb2_signing_calc_signature() never generates a signature without a valid MID
This is important as AES-128-GMAC signing will derive the NONCE from the MID.
It also means a STATUS_PENDING response must never be signed.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
3706b27a by Stefan Metzmacher at 2021-07-15T00:06:31+00:00
libcli/smb: prepare support for SMB2_SIGNING_CAPABILITIES negotiation
For now client_sign_algos->num_algos will always be 0,
but that'll change in the next commits.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
4a61410f by Stefan Metzmacher at 2021-07-15T00:06:31+00:00
s3:smbd: prepare support for SMB2_SIGNING_CAPABILITIES
But notice that srv_sign_algos->num_algos is always 0 for now,
but that'll change in the next commits.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
be71039b by Stefan Metzmacher at 2021-07-15T00:06:31+00:00
docs-xml: add "client/server smb3 signing algorithms" options
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
982bdcf4 by Stefan Metzmacher at 2021-07-15T00:06:31+00:00
libcli/smb: actually make use of "client/server smb3 signing algorithms"
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
220c0199 by Stefan Metzmacher at 2021-07-15T00:06:31+00:00
s4:torture: force AES_CMAC or HMAC_SHA256 for some SMB 3.1.1 tests
Allowing GMAC in future will generate different results, so
make sure the tests keep working as is.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
3f843e56 by Stefan Metzmacher at 2021-07-15T00:06:31+00:00
libcli/smb: add support for SMB2_SIGNING_AES128_GMAC
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
8ace9449 by Stefan Metzmacher at 2021-07-15T00:06:31+00:00
docs-xml: offer aes-128-gmac by default
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1025e1bf by Stefan Metzmacher at 2021-07-15T00:06:32+00:00
s4:torture: more smb2.session.bind_negative_smb3* combinations
This tests all kind of signing/encryption algorithm mismatches
and passes against Windows with GMAC signing support.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
898caeae by Stefan Metzmacher at 2021-07-15T00:06:32+00:00
s3:smbd: improve the error returns for invalid session binding requests
This brings us closer to what a Windows Server with GMAC signing
returns.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c5cd5c9d by Stefan Metzmacher at 2021-07-15T00:57:24+00:00
WHATSNEW: add client/server smb3 signing/encryption algorithms
We can add more about this in the final 4.15.0 release notes later.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Thu Jul 15 00:57:24 UTC 2021 on sn-devel-184
- - - - -
6e7ffa8d by Jeremy Allison at 2021-07-15T05:02:30+00:00
s3: tests: Our tests for "smbd async dosmode = yes" haven't been working correctly as the parameter has been set incorrectly.
If must be "smbd async dosmode", not "smbd:async dosmode"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14758
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
8f8d0eaa by Jeremy Allison at 2021-07-15T05:02:30+00:00
s3: tests: Add "SMB2-LIST-DIR-ASYNC" test.
Add as knownfail.
Shows our "smbd async dosmode" code wasn't working.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14758
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
d1ffcc80 by Jeremy Allison at 2021-07-15T05:02:30+00:00
s3: smbd: Allow "smbd async dosmode = yes" to return valid DOS attributes again.
We already have a valid smb_fname->fsp, don't drop
it when returning from smbd_dirptr_lanman2_entry()
to allow it to be reused inside dos_mode_at_send().
Remove knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14758
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
e0b327f2 by Jeremy Allison at 2021-07-15T05:02:30+00:00
s3: VFS: default: Move vfswrap_fgetxattr() before the async versions.
We want to re-use this and don't want to have to add forward
declarations.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14758
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
24dc3ca6 by Jeremy Allison at 2021-07-15T05:02:30+00:00
s3: VFS: default: Add 'handle' member to struct vfswrap_getxattrat_state
Not yet used.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14758
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
2b4062b4 by Jeremy Allison at 2021-07-15T05:02:30+00:00
s3: VFS: default. In vfswrap_getxattrat_do_sync() always use the pathref fsp.
This is always called via a path that mandates
smb_fname->fsp is valid.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14758
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
447c9380 by Jeremy Allison at 2021-07-15T05:48:04+00:00
s3: VFS: default. In vfswrap_getxattrat_do_async() always use the pathref fsp.
This is always called via a path that mandates
smb_fname->fsp is valid.
https://bugzilla.samba.org/show_bug.cgi?id=14758
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Thu Jul 15 05:48:05 UTC 2021 on sn-devel-184
- - - - -
96154829 by Karolin Seeger at 2021-07-15T09:17:51+02:00
WHATSNEW: Fix typos.
Signed-off-by: Karolin Seeger <kseeger at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
47c50755 by Karolin Seeger at 2021-07-15T09:18:02+02:00
WHATSNEW: Up to Samba 4.15.0rc1.
Signed-off-by: Karolin Seeger <kseeger at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
6a6f6044 by Karolin Seeger at 2021-07-15T09:17:51+02:00
VERSION: Disable GIT_SNAPSHOT for the Samba 4.15.0rc1 release.
Signed-off-by: Karolin Seeger <kseeger at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
34b168b4 by Karolin Seeger at 2021-07-15T09:38:41+02:00
VERSION: Bump version up to 4.16.0pre1...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Karolin Seeger <kseeger at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
cca9ce59 by Karolin Seeger at 2021-07-15T09:43:05+02:00
WHATSNEW: Start release notes for Samba 4.16.0pre1.
Signed-off-by: Karolin Seeger <kseeger at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
9c0a174a by David Mulder at 2021-07-15T19:13:29+00:00
gpo: Add Certificate Auto Enrollment Policy
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
9f0e6f3c by David Mulder at 2021-07-15T19:13:29+00:00
gpo: Fix up rsop output of ca certificate
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
fd6df535 by David Mulder at 2021-07-15T19:13:29+00:00
gpo: Test Certificate Auto Enrollment Policy
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f813f8a5 by David Mulder at 2021-07-15T20:03:45+00:00
Update WHATSNEW for Certificate Auto Enrollment
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Jul 15 20:03:45 UTC 2021 on sn-devel-184
- - - - -
b3c9823d by Stefan Metzmacher at 2021-07-15T23:04:34+00:00
s4:torture/smb2: add smb2.read.bug14607 test
This test will use a FSCTL_SMBTORTURE_GLOBAL_READ_RESPONSE_BODY_PADDING8
in order to change the server behavior of READ responses regarding
the data offset.
It will demonstrate the problem in smb2cli_read*() triggered
by NetApp Ontap servers.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14607
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
5ecac656 by Stefan Metzmacher at 2021-07-15T23:04:34+00:00
s3:smbd: introduce a body_size variable in smbd_smb2_request_read_done
This will simplify the following changes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14607
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ef57fba5 by Stefan Metzmacher at 2021-07-15T23:04:34+00:00
s3:smbd: implement FSCTL_SMBTORTURE_GLOBAL_READ_RESPONSE_BODY_PADDING8
This turns the 'smb2.read.bug14607' test from 'skip' into 'xfailure',
as the 2nd smb2cli_read() function will now return
NT_STATUS_INVALID_NETWORK_RESPONSE.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14607
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1faf15b3 by Stefan Metzmacher at 2021-07-15T23:04:34+00:00
libcli/smb: make smb2cli_ioctl_parse_buffer() available as smb2cli_parse_dyn_buffer()
It will be used in smb2cli_read.c soon...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14607
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
155348cd by Stefan Metzmacher at 2021-07-15T23:53:55+00:00
libcli/smb: allow unexpected padding in SMB2 READ responses
Make use of smb2cli_parse_dyn_buffer() in smb2cli_read_done()
as it was exactly introduced for a similar problem see:
commit 4c6c71e1378401d66bf2ed230544a75f7b04376f
Author: Stefan Metzmacher <metze at samba.org>
AuthorDate: Thu Jan 14 17:32:15 2021 +0100
Commit: Volker Lendecke <vl at samba.org>
CommitDate: Fri Jan 15 08:36:34 2021 +0000
libcli/smb: allow unexpected padding in SMB2 IOCTL responses
A NetApp Ontap 7.3.7 SMB server add 8 padding bytes to an
offset that's already 8 byte aligned.
RN: Work around special SMB2 IOCTL response behavior of NetApp Ontap 7.3.7
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14607
Pair-Programmed-With: Volker Lendecke <vl at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Fri Jan 15 08:36:34 UTC 2021 on sn-devel-184
RN: Work around special SMB2 READ response behavior of NetApp Ontap 7.3.7
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14607
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Jul 15 23:53:55 UTC 2021 on sn-devel-184
- - - - -
1f047831 by Andreas Schneider at 2021-07-16T03:45:19+00:00
s3:utils: Use better error message for smbtree
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Jul 16 03:45:19 UTC 2021 on sn-devel-184
- - - - -
b4a301a6 by Andreas Schneider at 2021-07-19T14:38:34+00:00
selftest: Add PYTHONPATH for lsp servers to devel_env.sh
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
63cc9250 by Andreas Schneider at 2021-07-19T15:27:14+00:00
gitignore: Add .cache directory
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Mon Jul 19 15:27:14 UTC 2021 on sn-devel-184
- - - - -
d961830c by Volker Lendecke at 2021-07-19T17:44:08+00:00
examples: Make winreg.py sample work with python3 in current master
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon Jul 19 17:44:08 UTC 2021 on sn-devel-184
- - - - -
939aed04 by Martin Schwenke at 2021-07-20T04:43:37+00:00
utils: Use Python 3
Due to the number of flake8 and pylint warnings it is unclear if the
source has Python 3 incompatibilities. These will be cleaned up in
subsequent commits.
Signed-off-by: "L.P.H. van Belle" <belle at bazuin.nl>
Reviewed-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Jose A. Rivera <jarrpa at samba.org>
- - - - -
bd0b2bb6 by Martin Schwenke at 2021-07-20T04:43:37+00:00
utils: Clean up ctdb_etcd_lock using autopep8
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Jose A. Rivera <jarrpa at samba.org>
- - - - -
e66637a0 by Martin Schwenke at 2021-07-20T04:43:37+00:00
utils: Reorder imports so that standard imports are first
Avoids numerous pylint warnings.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Jose A. Rivera <jarrpa at samba.org>
- - - - -
af5aecce by Martin Schwenke at 2021-07-20T04:43:37+00:00
utils: Move argument processing into function and call from main()
Removes the need for the global variables currently associated with
this processing. Also removes unnecessarily double-handling the
defaults, which are assigned to the global variables and set via
add_argument().
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Jose A. Rivera <jarrpa at samba.org>
- - - - -
e323d16a by Martin Schwenke at 2021-07-20T04:43:37+00:00
utils: Inline defaults and help strings
Removes an unnecessary level of indirection: defaults and help strings
are now where they are expected. Also removes some global variables.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Jose A. Rivera <jarrpa at samba.org>
- - - - -
12d3e215 by Martin Schwenke at 2021-07-20T04:43:37+00:00
utils: Simplify log level logic, drop global variable
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Jose A. Rivera <jarrpa at samba.org>
- - - - -
98c7a38b by Martin Schwenke at 2021-07-20T04:43:37+00:00
utils: Tweak exception handling to stop flake8 complaining
Don't bother with "as e" to avoid warning about unused variable.
Don't use bare "except:" (though pylint still complains about this
version).
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Jose A. Rivera <jarrpa at samba.org>
- - - - -
319e2734 by Martin Schwenke at 2021-07-20T04:43:37+00:00
utils: Reformat lines that are longer than 80 columns
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Jose A. Rivera <jarrpa at samba.org>
- - - - -
b724c1e6 by Martin Schwenke at 2021-07-20T05:29:18+00:00
utils: Avoid pylint warning
pylint warns:
Use lazy % formatting in logging functions
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Jose A. Rivera <jarrpa at samba.org>
Autobuild-User(master): Martin Schwenke <martins at samba.org>
Autobuild-Date(master): Tue Jul 20 05:29:18 UTC 2021 on sn-devel-184
- - - - -
aacd3ecb by Günther Deschner at 2021-07-20T10:57:35+00:00
tdb: Fix invalid syntax in tdb.h
Defining _PUBLIC_ in the same way as in talloc.h resolves an issue with
a previous fix for Solaris Studio compiler 12.4 that prefixed all calls
in tdb.h with _PUBLIC_. Thanks to Lukas Slebodnik
<lslebodn at redhat.com>.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14762
Guenther
Signed-off-by: Günther Deschner <gd at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
bedeeb0b by Stefan Metzmacher at 2021-07-20T11:48:37+00:00
tdb: version 1.4.5
* fix standalone usage of tdb.h
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Tue Jul 20 11:48:38 UTC 2021 on sn-devel-184
- - - - -
a92b05ec by David Mulder at 2021-07-20T15:25:37+00:00
gpo: Ensure Network Device Enrollment Service if sscep fails
Prompt the user to check that Network Device
Enrollment Service is installed and configured
if sscep fails to download the certificate root
chain.
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
4a5f6d88 by David Mulder at 2021-07-20T15:25:37+00:00
gpo: Warn when fetching the supported templates fails
When Certificate Auto Enrollment fails to fetch
the list of supported templates, display a
warning.
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f97f94e9 by David Mulder at 2021-07-20T15:25:37+00:00
gpo: Improve debug when extension fails to apply
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
5512416a by Stefan Metzmacher at 2021-07-20T15:25:37+00:00
gnutls: allow gnutls_aead_cipher_encryptv2 with gcm before 3.6.15
The memory leak bug up to 3.6.14 was only related to ccm, but gcm was
fine.
This avoids talloc+memcpy on more systems, e.g. ubuntu 20.04,
and brings ~ 20% less cpu overhead, see:
https://hackmd.io/@asn/samba_crypto_benchmarks
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14764
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
407b4582 by Stefan Metzmacher at 2021-07-20T15:25:37+00:00
s4:torture/smb2: add tests to check all signing and encryption algorithms
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14764
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
0ac71061 by Stefan Metzmacher at 2021-07-20T16:13:28+00:00
s3:smbd: really support AES-256* in the server
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14764
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Jul 20 16:13:28 UTC 2021 on sn-devel-184
- - - - -
e0fa3e35 by Andreas Schneider at 2021-07-21T06:30:31+00:00
bootstrap: Install krb5-workstation on Fedora based distros
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
42e3fda5 by Andreas Schneider at 2021-07-21T06:30:31+00:00
autobuild: Exclude fips envs from samba and samba-mitkrb5
The FIPS envs only work on Fedora. Ubuntu doesn't have FIPS support!
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
84b9f586 by Andreas Schneider at 2021-07-21T07:19:00+00:00
s3:tests: Add smbclient kerberos tests for ad_dc and ad_dc_fips
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Wed Jul 21 07:19:00 UTC 2021 on sn-devel-184
- - - - -
e51e9d01 by Andreas Schneider at 2021-07-21T11:27:36+00:00
python:waf: Correctly check for python-dateutil
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
ee9dfff6 by Andreas Schneider at 2021-07-21T12:18:30+00:00
bootstrap: Install python3-dateutil instead of python3-iso8601 on RPM distros
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Wed Jul 21 12:18:30 UTC 2021 on sn-devel-184
- - - - -
bb7b957e by Günther Deschner at 2021-07-21T12:52:34+00:00
s3-torture: give torture test binaries their own wscript_build
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
11c9eb0c by Günther Deschner at 2021-07-21T13:41:26+00:00
s3-torture: Only install vfstest manpage when vfstest binary gets installed.
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Günther Deschner <gd at samba.org>
Autobuild-Date(master): Wed Jul 21 13:41:26 UTC 2021 on sn-devel-184
- - - - -
7b796b5b by Andreas Schneider at 2021-07-22T14:47:09+00:00
lib:cmdline: Use lp_load_global() for servers
As for client we need to enable support for 'config backend = registry'.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Thu Jul 22 14:47:09 UTC 2021 on sn-devel-184
- - - - -
7fb741b3 by Pavel Filipenský at 2021-07-27T10:09:03+00:00
krb5_wrap: remove unused code
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Tue Jul 27 10:09:03 UTC 2021 on sn-devel-184
- - - - -
18976a95 by Andreas Schneider at 2021-07-28T06:23:37+00:00
selftest: Re-format long lines in selftesthelpers.py
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3db299e5 by Andreas Schneider at 2021-07-28T06:23:37+00:00
selftest: Add support for setting ENV variables in plansmbtorture4testsuite()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
48289b69 by Andreas Schneider at 2021-07-28T06:23:37+00:00
selftest: Add support for setting ENV variables in plantestsuite()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
eabf9803 by Andreas Schneider at 2021-07-28T06:23:37+00:00
s3:selftests: Pass env variables to fips tests
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a324fc01 by Andreas Schneider at 2021-07-28T06:23:37+00:00
s4:selftests: Pass env variables to fips tests
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ebd00fbd by Andreas Schneider at 2021-07-28T06:23:37+00:00
selftest: Pass env variables to fips tests
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
696972c8 by Andreas Schneider at 2021-07-28T07:12:55+00:00
selftest: Remove fips env variables from client env
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Wed Jul 28 07:12:55 UTC 2021 on sn-devel-184
- - - - -
b004ebb1 by Jeremy Allison at 2021-07-28T14:16:31+00:00
s3: smbd: Allow async dosmode to cope with ".." pathnames where we close smb_fname->fsp to prevent meta-data leakage.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14759
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
2acad276 by Jeremy Allison at 2021-07-28T15:07:54+00:00
s3: smbd: Don't leak meta-data about the containing directory of the share root.
This is a subtle one. In smbd_dirptr_get_entry() we now
open a pathref fsp on all entries - including "..".
If we're at the root of the share we don't want
a handle to the directory above it, so silently
close the smb_fname->fsp for ".." names to prevent
it from being used to return meta-data to the client
(more than we already have done historically by
calling pathname functions on "..").
The marshalling returned entries and async DOS
code copes with smb_fname->fsp == NULL perfectly
well.
Only in master, but will need fixing for 4.15.rc1
or 2.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14759
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Wed Jul 28 15:07:54 UTC 2021 on sn-devel-184
- - - - -
78185130 by Volker Lendecke at 2021-07-31T16:58:41+00:00
samba-bgqd: Fix samba-bgqd with "clustering=yes"/"include=registry"
With the above combination, some flavor of lp_load() already
initializes global_event_ctx, for which the closeall_except() later on
will happily close the epoll fd for. If we want to close all file
descriptors at startup, this must be the very first thing overall.
Can't really write a proper test for this with knownfail that is
removed with the fix, because if we have clustering+include=registry,
the whole clusteredmember environment does not even start up.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Sat Jul 31 16:58:41 UTC 2021 on sn-devel-184
- - - - -
e71e373a by Ralph Boehme at 2021-08-02T17:14:34+00:00
smbd: drop requirement for full open for READ_CONTROL_ACCESS, WRITE_DAC_ACCESS and WRITE_OWNER_ACCESS
This was needed before we had pathref fsps, with pathref fsps we can do
operation requiring WRITE_OWNER_ACCESS, WRITE_DAC_ACCESS and READ_CONTROL_ACCESS
on the pathref fsp.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14700
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
6d928eb1 by Ralph Boehme at 2021-08-02T18:05:04+00:00
smbd: only open full fd for directories if needed
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14700
RN: File owner not available when file unreadable
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon Aug 2 18:05:04 UTC 2021 on sn-devel-184
- - - - -
2daf3e79 by Andreas Schneider at 2021-08-03T09:28:38+00:00
auth:gensec: Use lpcfg_weak_crypto()
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Andreas Schneider <asn at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
868a9577 by Andreas Schneider at 2021-08-03T09:28:38+00:00
s4:rpc_server: Allow to set user password in FIPS mode
Only in case we have an SMB encrypted connection ...
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1326e7d6 by Andreas Schneider at 2021-08-03T09:28:38+00:00
s4:libnet: Remove trailing whitespaces
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
17cc20eb by Andreas Schneider at 2021-08-03T09:28:38+00:00
s4:libnet: Allow libnet_SetPassword() for encrypted SMB connections
This is needed for smbtorture to join a domain in FIPS mode.
FYI: The correct way would be to join using LDAP as the s3 code is doing it. But
this requires a bigger rewrite.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d6c7a2a7 by Andreas Schneider at 2021-08-03T09:28:38+00:00
netlogon:schannel: If weak crypto is disabled, do not announce RC4 support.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e8a2c2fe by Andreas Schneider at 2021-08-03T09:28:38+00:00
selftest: Fix setting environ for plansmbtorture4testsuite()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
fd5b3158 by Andreas Schneider at 2021-08-03T09:28:38+00:00
s4:selftest: Pass environ to plansmbtorture4testsuite()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f1df0c4d by Andreas Schneider at 2021-08-03T09:28:39+00:00
s4:torture: Remove trailing whitespaces in rpc.c
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
23e5b7cc by Andreas Schneider at 2021-08-03T10:18:26+00:00
s4:torture: Add rpc netlogon fips test
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Tue Aug 3 10:18:26 UTC 2021 on sn-devel-184
- - - - -
93bac5f1 by Stefan Metzmacher at 2021-08-03T11:10:27+00:00
winbindd_pam: add NT4 DC handling into winbind_samlogon_retry_loop()
Handle the case where a NT4 DC does not fill in the acct_flags in
the samlogon reply info3. Yes, in 2021, there are still admins
arround with real NT4 DCs.
NT4 DCs reject authentication with workstation accounts with
NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT, even if
MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT is specified.
We no longer call dcerpc_samr_QueryUserInfo(level=16)
to get the acct_flags, as we only ever got
ACB_NORMAL back (maybe with ACB_PWNOEXP in addition),
which is easy to calculate on our own.
This was removed in commit (for 4.15.0rc1):
commit 73528f26eea24033a7093e5591b8f89ad2b8644e
Author: Ralph Boehme <slow at samba.org>
AuthorDate: Mon Jan 11 14:59:46 2021 +0100
Commit: Jeremy Allison <jra at samba.org>
CommitDate: Thu Jan 21 22:56:20 2021 +0000
winbind: remove legacy flags fallback
Some very old NT4 DCs might have not returned the account flags filled in. This
shouldn't be a problem anymore. Additionally, on a typical domain member server,
this request is (and can only be) send to the primary domain, so this will not
work with accounts from trusted domains.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Jan 21 22:56:20 UTC 2021 on sn-devel-184
It means one more caller of the problematic cm_connect_sam()
function is removed! SAMR connections may not be allowed for
machine accounts with modern AD DCs.
For network logons NT4 DCs also skip the
account_name, so we have to fallback to the
one given by the client. We have code to cope
with that deeply hidden inside of netsamlogon_cache_store().
Up to Samba 4.7 netsamlogon_cache_store() operated on the
info3 structure that was passed to the caller of winbind_dual_SamLogon()
and pass propagated up to auth_winbind in smbd.
But for Samba 4.8 the following commit:
commit f153c95176b7759e10996b24b66d9917945372ed
Author: Ralph Boehme <slow at samba.org>
Date: Mon Dec 11 16:25:35 2017 +0100
winbindd: let winbind_dual_SamLogon return validation
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
actually changed the situation and only a temporary info3 structure
was passed into netsamlogon_cache_store(), which means
account_name was NULL and get propagated as "" into auth_winbind
in smbd, where getpwnam() is no longer possible and every
smb access gets NT_STATUS_LOGON_FAILURE.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14772
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Tue Aug 3 11:10:27 UTC 2021 on sn-devel-184
- - - - -
e2962b42 by Andreas Schneider at 2021-08-03T18:36:37+00:00
configure: Do not put arguments into double quotes
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14777
This could create an issue that arguments don't get split by python and then the
following could happen:
./configure --libdir=/usr/lib64 --enable-clangdb
LIBDIR='/usr/lib64 --enable-clangdb'
This ends then up in parameters.all.xml:
<!ENTITY pathconfig.LIBDIR '/usr/lib64 --enable-clangdb'>
The python parser then errors out:
xml.etree.ElementTree.ParseError: not well-formed (invalid token)
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Tue Aug 3 18:36:37 UTC 2021 on sn-devel-184
- - - - -
aab5cc95 by Andreas Schneider at 2021-08-03T19:44:31+00:00
s3:winbindd: Add a check for the path length of 'winbindd socket directory'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14779
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
000f389d by Andreas Schneider at 2021-08-03T20:35:49+00:00
gitlab: Use shorter names for Samba AD DC env with MIT KRB5
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14779
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Tue Aug 3 20:35:49 UTC 2021 on sn-devel-184
- - - - -
4f093ae6 by Jeremy Allison at 2021-08-05T06:15:14+00:00
s3: VFS: ceph. Fix enumerating directories. dirfsp->fh->fd != AT_FDCWD in this case.
Same as the fix for glusterfs.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14766
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Thu Aug 5 06:15:14 UTC 2021 on sn-devel-184
- - - - -
41d90630 by Andreas Schneider at 2021-08-05T09:46:30+00:00
mit-samba: Define debug class for kdb module
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
dd813823 by Andreas Schneider at 2021-08-05T09:46:30+00:00
mit-samba: Send the logging to the kdc log facility
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
60159e03 by Andreas Schneider at 2021-08-05T09:46:30+00:00
mit-samba: Use talloc_get_type_abort() instead of casting
This is safer to use and fixes compiler warnings.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
104fc353 by Andreas Schneider at 2021-08-05T10:33:18+00:00
mit-samba: Only set the function opening bracket once
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Thu Aug 5 10:33:18 UTC 2021 on sn-devel-184
- - - - -
4d44db02 by Volker Lendecke at 2021-08-05T18:09:11+00:00
docs: Add vfs_expand_msdfs manpage
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12707
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Aug 5 18:09:11 UTC 2021 on sn-devel-184
- - - - -
7e6b818f by Andrew Bartlett at 2021-08-06T05:53:44+00:00
ktutil: Print the numeric enctype if krb5_enctype_to_string() fails
Sadly krb5_enctype_to_string() fails when des-cbc-crc encyrption
type is removed, leaving a failure the operate rather than
falling back to anything useful.
So fall back to printing 3 in the absense of anything more
useful. A future fix could be to hard-code this mapping
in the smb_krb5_enctype_to_string() wrapper.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Fri Aug 6 05:53:44 UTC 2021 on sn-devel-184
- - - - -
069d23f0 by David Gajewski at 2021-08-06T17:19:57+00:00
s3: VFS: solarisacl: Fix compile error (missed variable rename).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14773
Signed-off-by: David Gajewski <dgajews at math.utoledo.edu>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Fri Aug 6 17:19:57 UTC 2021 on sn-devel-184
- - - - -
e52ce697 by Volker Lendecke at 2021-08-06T17:22:30+00:00
rpcclient: Align integer types
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
fa8c0379 by Volker Lendecke at 2021-08-06T17:22:30+00:00
lib: Fix a potential error path memleak
Don't directly overwrite the pointer for a realloc. On failure, the
original pointer is still valid.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
621f561a by Volker Lendecke at 2021-08-06T17:22:30+00:00
lib;smbd: Fix the -Os build by initializing variables
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d2a08f5d by Volker Lendecke at 2021-08-06T17:22:30+00:00
samdb: Fix an uninitialized variable read
When the "(status == LDB_SUCCESS && msg != NULL)" condition in this
routine is not evaluating to true, "new_rid" is read uninitialized,
comparing it against ~0. Initialize new_rid and compare it against
UINT32_MAX instead of ~0.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
4a99fe42 by Volker Lendecke at 2021-08-06T17:22:30+00:00
net3: Save a few lines with any_nt_status_not_ok()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
3eaa2bcb by Volker Lendecke at 2021-08-06T17:22:30+00:00
net3: Simplify name_to_sid(): dom_sid_parse checks for "S-" prefix
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
de1b9579 by Volker Lendecke at 2021-08-06T17:22:30+00:00
net: Align some integer types
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
5cb5fadc by Volker Lendecke at 2021-08-06T17:22:30+00:00
libnetapi: Save lines with any_nt_status_not_ok()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
dbb1047e by Volker Lendecke at 2021-08-06T17:22:30+00:00
rpc_client: Simplify rpc_pipe_bind_step_one_done()
With just one case handled specially in a switch statement and the
rest being default:, a simple if-statement can reduce indentation.
Best viewed with "git show -b".
I wonder if the second "if (pauth->auth_type == DCERPC_AUTH_TYPE_NONE)"
leads to reachable code, this should have been taken care of already
further up. But for now I did the 1:1 translation of existing code.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f6c9e280 by Volker Lendecke at 2021-08-06T17:22:30+00:00
rpc_client: Replace ZERO_STRUCTP with struct assignment
Give the compiler simpler hints
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c8768551 by Volker Lendecke at 2021-08-06T17:22:30+00:00
rpc_client: Simplify create_rpc_bind_req()
In former times this switch statement had more than one branch
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
cf8601e7 by Volker Lendecke at 2021-08-06T17:22:30+00:00
rpc_client: Save 65 .text bytes with -Os
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
cac5e828 by Volker Lendecke at 2021-08-06T17:22:30+00:00
rpc_client: Avoid two casts with proper printf specifiers
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e80d390b by Volker Lendecke at 2021-08-06T17:22:30+00:00
lib: Use TALLOC_FREE() in data_blob_free()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
7c2b6a71 by Volker Lendecke at 2021-08-06T17:22:30+00:00
libsmbclient: Avoid a call to SMBC_errno() in SMBC_chmod_ctx()
Directly use the return value from cli_setatr(), don't go via the cli_state
struct member
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
5e98b7df by Volker Lendecke at 2021-08-06T17:22:30+00:00
libsmbclient: Avoid a call to SMBC_errno() in SMBC_open_ctx()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
19df9a2e by Volker Lendecke at 2021-08-06T17:22:30+00:00
libsmbclient: Avoid a call to SMBC_errno() in SMBC_read_ctx()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
4bd69f1e by Volker Lendecke at 2021-08-06T17:22:30+00:00
libsmbclient: Avoid a call to SMBC_errno() in SMBC_splice_ctx()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
009b6e74 by Volker Lendecke at 2021-08-06T17:22:30+00:00
libsmbclient: Avoid a call to SMBC_errno() in SMBC_attr_server()
I think this also fixes the errno return, cli_shutdown() can do a lot and set
errno in between.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1881240d by Volker Lendecke at 2021-08-06T17:22:30+00:00
libsmbclient: Avoid a call to SMBC_errno() in SMBC_notify_ctx()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a1cbb8bc by Volker Lendecke at 2021-08-06T17:22:30+00:00
net: Use dbwrap_do_locked() in wipedbs_delete_records()
Eventually I'd like to get rid of dbwrap_fetch_locked()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
9e8f7910 by Volker Lendecke at 2021-08-06T17:22:30+00:00
smbd: Fix fetch_share_mode_send() error return
The "return" is unnecessary here, but in case the code changes later
on, it won't be forgotten. Also, we need to tell the callers that we
found an invalid record.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
62f206a2 by Volker Lendecke at 2021-08-06T18:09:06+00:00
smbd: Simplify mark_share_mode_disconnected()
We can use reset_share_mode_entry() for this purpose. 32 lines less
code.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Aug 6 18:09:06 UTC 2021 on sn-devel-184
- - - - -
39db53a1 by Ralph Boehme at 2021-08-10T17:50:32+00:00
selftest: add a test for the "deadtime" parameter
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14783
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
45a33b25 by Ralph Boehme at 2021-08-10T18:41:43+00:00
s3/rpc_server: track the number of policy handles with a talloc destructor
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14783
RN: smbd "deadtime" parameter doesn't work anymore
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Aug 10 18:41:43 UTC 2021 on sn-devel-184
- - - - -
22a58a51 by Ralph Boehme at 2021-08-10T18:44:30+00:00
libreplace: properly give headers to conf.CHECK_CODE when checking for copy_file_range_syscall
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14786
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
4354823c by Ralph Boehme at 2021-08-10T19:37:14+00:00
libreplace: properly execute SYS_copy_file_range check
It seems some systems (like Centos 7) have the SYS_copy_file_range define but
fail the syscall when actually being called. The current configure check is only
compiled, not run so erroneously reports a working SYS_copy_file_range.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14786
RN: Insufficient libreplace check for SYS_copy_file_range check
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Aug 10 19:37:14 UTC 2021 on sn-devel-184
- - - - -
6b6770c2 by Jeremy Allison at 2021-08-11T19:16:29+00:00
s3: smbd: Split out smb2_ioctl_smbtorture() into a separate file.
We will be adding async supporting code to this, and we don't want to
clutter up smb2_ioctl.c.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14769
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
62cd9509 by Jeremy Allison at 2021-08-11T19:16:29+00:00
s3: libcli: Add FSCTL_SMBTORTURE_FSP_ASYNC_SLEEP.
Prepare for async FSCTL tests on an fsp.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14769
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
0f4a8d26 by Jeremy Allison at 2021-08-11T19:16:29+00:00
s3: smbd: Add smbd_fsctl_torture_async_sleep() server-side code.
Commented out as not yet called.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14769
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
c551d33c by Jeremy Allison at 2021-08-11T19:16:29+00:00
s3: smbd: Call smbd_fsctl_torture_async_sleep() when we get FSCTL_SMBTORTURE_FSP_ASYNC_SLEEP.
Now all we need is the client-side test.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14769
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
7e7ea761 by Jeremy Allison at 2021-08-11T19:16:29+00:00
s4: torture: Add test for smb2.ioctl.bug14769.
Add knownfails.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14769
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
c0135096 by Jeremy Allison at 2021-08-11T20:02:57+00:00
s3: smbd: For FSCTL calls that go async, add the outstanding tevent_reqs to the aio list on the file handle.
Remove knownfails.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14769
RN: smbd panic on force-close share during offload write
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Wed Aug 11 20:02:57 UTC 2021 on sn-devel-184
- - - - -
21302649 by Stefan Metzmacher at 2021-08-11T22:12:32+00:00
s3:libsmb: start encryption as soon as possible after the session setup
For the SMB1 UNIX CIFS extensions we create a temporary IPC$ tcon,
if there's no tcon yet.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14793
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
289b7a15 by Stefan Metzmacher at 2021-08-11T23:03:11+00:00
s3:libsmb: close the temporary IPC$ connection in cli_full_connection()
We don't need the temporary IPC$ connection used for the
SMB1 UNIX CIFS extensions encryption setup anymore,
so we can also let the server close it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14793
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Aug 11 23:03:11 UTC 2021 on sn-devel-184
- - - - -
2e2d2eaa by Stefan Metzmacher at 2021-08-12T08:07:29+00:00
wafsamba: add support git worktree to vcs_dir_contents()
.git is not always a directory, with 'git worktree' it's a file.
Note we could also use 'git rev-parse --show-toplevel', but that's
a patch for another day.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
c7f85146 by Stefan Metzmacher at 2021-08-12T08:07:29+00:00
script/bisect-test.py: add support git worktree
.git is not always a directory, with 'git worktree' it's a file.
Note we could also use 'git rev-parse --show-toplevel', but that's
a patch for another day.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
8858cf72 by Stefan Metzmacher at 2021-08-12T08:56:13+00:00
wscript: fix installing pre-commit with 'git worktree'
.git is not always a directory, with 'git worktree' it's a file.
'git rev-parse --git-path hooks' is the generic way to find the
patch for the githooks.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Thu Aug 12 08:56:13 UTC 2021 on sn-devel-184
- - - - -
45f6bf18 by Andreas Schneider at 2021-08-12T19:19:28+00:00
s3:winbind: Do not start if the priviliged socket path is too long
https://bugzilla.samba.org/show_bug.cgi?id=14792
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
25941a1f by Andreas Schneider at 2021-08-12T20:08:25+00:00
s3:winbindd: Pass the right variable to the debug message
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14779
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Aug 12 20:08:25 UTC 2021 on sn-devel-184
- - - - -
c25f72f4 by Ralph Boehme at 2021-08-13T10:57:31+00:00
vfs_default: detect EOPNOTSUPP and ENOSYS errors from copy_file_range()
When building in a RHEL 7 container on a RHEL 8 host, the current configure
check will detect a working SYS_copy_file_range() syscall.
Later when the resulting smbd binary is run in a RHEL 7 container on a RHEL
7 (vs 8 on the build host) host, SYS_copy_file_range() will fail with
EOPNOTSUPP.
Since the kernel support for copy_file_range() included a fallback in case
filesystems didn't implement it, the caching of copy_file_range() support can be
made a global via the static try_copy_file_range bool, there's no need to deal
with per-fileystem behaviour differences. For the curious: SYS_copy_file_range()
appeared in Linux 4.5, fallback code being vfs_copy_file_range() ->
do_splice_direct().
On current kernels the fallback function is generic_copy_file_range() (which
still calls do_splice_direct()) called from the filesystem backends directly or
from vfs_copy_file_range() -> do_copy_file_range().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14795
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
1641e6c5 by Ralph Boehme at 2021-08-13T11:45:17+00:00
libreplace: remove now unused USE_COPY_FILE_RANGE define
The only user was removed in the previous commit. We still need the preceeding
checks however, based on that replace.c provides a copy_file_range() fallback.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14795
RN: copy_file_range() may fail with EOPNOTSUPP
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Fri Aug 13 11:45:17 UTC 2021 on sn-devel-184
- - - - -
6d676cac by David Mulder at 2021-08-13T19:14:30+00:00
gpo: Enable user policy application
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
cd63893d by David Mulder at 2021-08-13T19:14:30+00:00
gpo: Enable Scripts ADMX for User Policy
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f04431b1 by David Mulder at 2021-08-13T19:14:30+00:00
gpo: Test Group Policy User Scripts
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
80e3daed by David Mulder at 2021-08-13T19:14:30+00:00
gpo: Apply Group Policy User Scripts
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
7a04052d by David Mulder at 2021-08-13T19:14:30+00:00
gpo: Ignore symlink failure on sscep renew
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e3a956e0 by David Mulder at 2021-08-13T19:14:31+00:00
gpo: Decode the bytes for cepces-submit failure
When displaying the error from cepces-submit,
make sure to decode the bytes (otherwise it is
hard to read). Also print the error to debug
instead of warn (it may dump a traceback).
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
0f26dbe0 by David Mulder at 2021-08-13T20:06:31+00:00
gpo: Print getcert message to debug
Otherwise re-running gpupdate to enforce policy
displays 'already exists' messages, which
confusingly appear to be a failure, but are
actually intentional behavior.
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Aug 13 20:06:31 UTC 2021 on sn-devel-184
- - - - -
86fddfa3 by Andreas Schneider at 2021-08-16T16:28:36+00:00
lib:replace: Remove trailing spaces from testsuite.c
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1ce08f72 by Andreas Schneider at 2021-08-16T17:20:37+00:00
testsuite: Fix build with gcc >= 11.1.1
Pair-Programmed-With: Jeremy Allison <jra at samba.org>
Signed-off-by: Andreas Schneider <asn at samba.org>
Signed-off-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon Aug 16 17:20:37 UTC 2021 on sn-devel-184
- - - - -
fd19cae8 by Ralph Boehme at 2021-08-17T10:31:29+00:00
s3/lib/dbwrap: check if global_messaging_context() succeeded
The subsequent messaging_ctdb_connection() will fail an assert if messaging is
not up and running, maybe it's a bit better to add a check if
global_messaging_context() actually succeeded.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14787
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
4809f4a6 by Ralph Boehme at 2021-08-17T11:23:15+00:00
registry: check for running as root in clustering mode
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14787
RN: net conf list crashes when run as normal user
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Tue Aug 17 11:23:15 UTC 2021 on sn-devel-184
- - - - -
814df05f by Joseph Sutton at 2021-08-18T22:28:33+00:00
pygensec: Fix memory leaks
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
6818d204 by Joseph Sutton at 2021-08-18T22:28:33+00:00
pygensec: Don't modify Python bytes objects
gensec_update() and gensec_unwrap() can both modify their input buffers
(for example, during the inplace RRC operation on GSSAPI tokens).
However, buffers obtained from Python bytes objects must not be modified
in any way. Create a copy of the input buffer so the original isn't
modified.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
4797ced8 by Joseph Sutton at 2021-08-18T22:28:33+00:00
tests/krb5: Fix ms_kile_client_principal_lookup_test errors
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
9eb4c4b7 by Joseph Sutton at 2021-08-18T22:28:33+00:00
tests/krb5: Fix comment typo
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
7013a8ed by Joseph Sutton at 2021-08-18T22:28:33+00:00
tests/krb5: Fix method name typo
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
df662336 by Joseph Sutton at 2021-08-18T22:28:33+00:00
tests/krb5: formatting
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
1320ac0f by Joseph Sutton at 2021-08-18T22:28:33+00:00
tests/krb5: Remove unneeded statements
A return statement is redundant as the last statement in a method, as
methods will otherwise return None. Also, code blocks consisting of a
single 'pass' statement can be safely omitted.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
38b3a361 by Joseph Sutton at 2021-08-18T22:28:33+00:00
tests/krb5: Use more compact dict lookup
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
41c3e410 by Joseph Sutton at 2021-08-18T22:28:33+00:00
tests/krb5: Simplify Python syntax
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
a2b183c1 by Joseph Sutton at 2021-08-18T22:28:33+00:00
tests/krb5: Remove magic constants
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
67ff7239 by Joseph Sutton at 2021-08-18T22:28:33+00:00
tests/krb5: Fix including enc-authorization-data
Remove the EncAuthorizationData parameters from AS_REQ_create(), since
it should only be present in the TGS-REQ form. Also, fix a call to
EncryptedData_create() to supply the key usage when creating
enc-authorization-data.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
bad5f4ee by Joseph Sutton at 2021-08-18T22:28:33+00:00
tests/krb5: Fix callback_dict parameter
Items contained in a default-created callback_dict should not be carried
over between unrelated calls to {as,tgs}_as_exchange_dict().
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
a0c6538a by Joseph Sutton at 2021-08-18T22:28:33+00:00
tests/krb5: Fix encpart_decryption_key with MIT KDC
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
8194b2a2 by Joseph Sutton at 2021-08-18T22:28:33+00:00
tests/krb5: Expect e-data except when the error code is KDC_ERR_GENERIC
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
d6a242e2 by Joseph Sutton at 2021-08-18T22:28:33+00:00
tests/krb5: Check Kerberos protocol version number
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
17d5a267 by Joseph Sutton at 2021-08-18T22:28:33+00:00
tests/krb5: Use credentials kvno when creating password key
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
a5e5f8fd by Joseph Sutton at 2021-08-18T22:28:33+00:00
tests/krb5: Allow cf2 to automatically use the enctype of the first key
RFC6113 states: "Unless otherwise specified, the resulting enctype of
KRB-FX-CF2 is the enctype of k1." This change means the enctype no
longer has to be specified manually.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
2c80f7f8 by Joseph Sutton at 2021-08-18T22:28:33+00:00
tests/krb5: Refactor get_pa_data()
The function now returns a single padata object rather than a list,
making it easier to combine multiple padata elements into a request. The
new name 'get_enc_timestamp_pa_data' also makes it clearer as to what
the method generates.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
f5a906f7 by Joseph Sutton at 2021-08-18T22:28:33+00:00
tests/krb5: Add get_enc_timestamp_pa_data_from_key()
This makes it easier to create encrypted timestamp padata when the key
has already been obtained.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
cb332d83 by Joseph Sutton at 2021-08-18T22:28:33+00:00
tests/krb5: Add method to return dict containing padata elements
This makes checking multiple padata elements easier.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
fe8912e4 by Joseph Sutton at 2021-08-18T22:28:33+00:00
tests/krb5: Make _test_as_exchange() return value more consistent
Always return the reply and the kdc_exchange_dict so that the caller has
more potentially useful information.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
bab7503e by Joseph Sutton at 2021-08-18T22:28:33+00:00
tests/krb5: Add get_EpochFromKerberosTime()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
ce379edf by Joseph Sutton at 2021-08-18T22:28:33+00:00
tests/krb5: Use encryption with admin credentials
This ensures that account creation using admin credentials succeeds.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
4790b6b0 by Joseph Sutton at 2021-08-18T22:28:33+00:00
tests/krb5: Allow specifying additional details when creating an account
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
50d743ba by Joseph Sutton at 2021-08-18T22:28:33+00:00
tests/krb5: Add more methods for obtaining machine and service credentials
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
f5689bb8 by Joseph Sutton at 2021-08-18T22:28:33+00:00
tests/krb5: Add method to calculate account salt
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
28fb50f5 by Joseph Sutton at 2021-08-18T22:28:34+00:00
tests/krb5: Add check_reply() method to check for AS or TGS reply
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
21c64fda by Joseph Sutton at 2021-08-18T22:28:34+00:00
tests/krb5: Always specify expected error code
Now the expected error code is always determined by the test code itself
rather than by generic_check_as_error().
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
8fe9589d by Joseph Sutton at 2021-08-18T22:28:34+00:00
tests/krb5: Include kdc_options in kdc_exchange_dict
Make kdc_options an element of kdc_exchange_dict instead of a parameter
to _generic_kdc_exchange(). This allows testing code to adjust the reply
checking based on the options that were specified in the request.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
78818655 by Joseph Sutton at 2021-08-18T22:28:34+00:00
tests/krb5: Only allow specifying one of check_rep_fn and check_error_fn
This means that there can no longer be surprises where a test receives a
reply when it was expecting an error, or vice versa.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
ba3c92f7 by Joseph Sutton at 2021-08-18T22:28:34+00:00
tests/krb5: Ensure in assertElementPresent() that container elements are not empty
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
3d1066e9 by Joseph Sutton at 2021-08-18T22:28:34+00:00
tests/krb5: Assert that more variables are not None
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
98dc19e8 by Joseph Sutton at 2021-08-18T22:28:34+00:00
tests/krb5: Check version number of obtained ticket
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
6df0e406 by Joseph Sutton at 2021-08-18T22:28:34+00:00
tests/krb5: Make checking less strict
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
4951a105 by Joseph Sutton at 2021-08-18T22:28:34+00:00
tests/krb5: Check nonce in EncKDCRepPart
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
4824dd4e by Joseph Sutton at 2021-08-18T22:28:34+00:00
tests/krb5: Add generate_ap_req() method
This method will be useful to generate an AP-REQ for use as FAST armor.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
b6f96dd6 by Joseph Sutton at 2021-08-18T22:28:34+00:00
tests/krb5: Ensure generated padata is not None
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
025737de by Joseph Sutton at 2021-08-18T22:28:34+00:00
tests/krb5: Generate AP-REQ for TGS request in _generic_kdc_exchange()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
ec702900 by Joseph Sutton at 2021-08-18T22:28:34+00:00
tests/krb5: Add more ASN1 definitions for FAST
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
69a66c0d by Joseph Sutton at 2021-08-18T22:28:34+00:00
tests/krb5: Add more methods to create ASN1 objects for FAST
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
aafc8689 by Joseph Sutton at 2021-08-18T22:28:34+00:00
tests/krb5: Add method to generate FAST encrypted challenge padata
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
08089406 by Joseph Sutton at 2021-08-18T22:28:34+00:00
tests/krb5: Add methods to calculate keys for FAST
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
74f332c6 by Joseph Sutton at 2021-08-18T22:28:34+00:00
tests/krb5: Rename generic_check_as_error() to generic_check_kdc_error()
This method will also be useful in checking TGS-REP error replies.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
d554b6dc by Joseph Sutton at 2021-08-18T22:28:34+00:00
tests/krb5: Include authenticator_subkey in AS-REQ exchange dict
This is needed for FAST.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
5c2cd71a by Joseph Sutton at 2021-08-18T22:28:34+00:00
tests/krb5: Modify generate_ap_req() to also generate FAST armor AP-REQ
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
0df385fc by Joseph Sutton at 2021-08-18T22:28:34+00:00
tests/krb5: Add FAST armor generation to _generic_kdc_exchange()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
16ce1a1d by Joseph Sutton at 2021-08-18T22:28:34+00:00
tests/krb5: Allow specifying parameters specific to the outer request body
This is useful for testing FAST.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
b6248811 by Joseph Sutton at 2021-08-18T22:28:34+00:00
tests/krb5: Add method to check PA-FX-FAST-REPLY
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
4ca05402 by Joseph Sutton at 2021-08-18T22:28:34+00:00
tests/krb5: Add method to verify ticket checksum for FAST
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
d878bd64 by Joseph Sutton at 2021-08-18T22:28:34+00:00
tests/krb5: Check FAST response
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
dc7dac95 by Joseph Sutton at 2021-08-18T22:28:34+00:00
tests/krb5: Add functions to get dicts of request padata
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
99e3b909 by Joseph Sutton at 2021-08-18T22:28:34+00:00
tests/krb5: Add methods to determine whether elements were included in the request
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
0c029e78 by Joseph Sutton at 2021-08-18T22:28:34+00:00
tests/krb5: Check encrypted-pa-data
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
2ee87dbf by Joseph Sutton at 2021-08-18T22:28:34+00:00
tests/krb5: Add expected_cname_private parameter to kdc_exchange_dict
This is useful for testing the 'hide client names' FAST option.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
ea1ed63e by Joseph Sutton at 2021-08-18T22:28:34+00:00
tests/krb5: Include authdata in kdc_exchange_dict
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
1389ba34 by Joseph Sutton at 2021-08-18T22:28:34+00:00
tests/krb5: Add generate_simple_fast() method to generate FX-FAST padata
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
79b9aac6 by Joseph Sutton at 2021-08-18T22:28:34+00:00
tests/krb5: Add check_rep_padata() method to check padata in reply
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
705e45e3 by Joseph Sutton at 2021-08-18T22:28:34+00:00
tests/krb5: Don't expect RC4 in ETYPE-INFO2 for a non-error reply
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
5edbabeb by Joseph Sutton at 2021-08-18T22:28:34+00:00
tests/krb5: Remove unused variables
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
dbe98005 by Joseph Sutton at 2021-08-18T22:28:34+00:00
tests/krb5: Add get_krbtgt_sname() method
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
7a27b756 by Joseph Sutton at 2021-08-18T22:28:34+00:00
tests/krb5: Check sname is krbtgt for FAST generic error
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
056fb718 by Joseph Sutton at 2021-08-18T22:28:34+00:00
tests/krb5: Check reply FAST padata if request included FAST
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
44a44109 by Joseph Sutton at 2021-08-18T22:28:34+00:00
tests/krb5: Adjust reply padata checking depending on whether FAST was sent
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
2f7919db by Joseph Sutton at 2021-08-18T22:28:34+00:00
tests/krb5: Check PADATA-ENCRYPTED-CHALLENGE in reply
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
95b54078 by Joseph Sutton at 2021-08-18T22:28:34+00:00
tests/krb5: Check PADATA-FX-COOKIE in reply
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
ab4e7028 by Joseph Sutton at 2021-08-18T22:28:34+00:00
tests/krb5: Make check_rep_padata() also work for checking TGS replies
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
29070e74 by Joseph Sutton at 2021-08-18T22:28:34+00:00
tests/krb5: Make generic_check_kdc_error() also work for checking TGS replies
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
0c857f67 by Joseph Sutton at 2021-08-18T22:28:34+00:00
tests/krb5: Check PADATA-PAC-OPTIONS in reply
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
66e1eb58 by Joseph Sutton at 2021-08-18T22:28:34+00:00
tests/krb5: Allow generic_check_kdc_error() to check inner FAST errors
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
aa2c221f by Joseph Sutton at 2021-08-18T22:28:34+00:00
tests/krb5: Check PADATA-FX-ERROR in reply
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
b7b62957 by Gary Lockyer at 2021-08-18T22:28:34+00:00
initial FAST tests
Currently incomplete, and tested only against MIT Kerberos.
[abartlet at samba.org
Originally "WIP inital FAST tests"
Samba's general policy that we don't push WIP patches, we polish
into a 'perfect' patch stream.
However, I think there are good reasons to keep this patch distinct
in this particular case.
Gary is being modest in titling this WIP (now removed from the title
to avoid confusion). They are not WIP in the normal sense of
partially or untested code or random unfinished thoughts. The primary
issue is that at that point where Gary had to finish up he had
trouble getting FAST support enabled on Windows, so couldn't test
against our standard reference. They are instead good, working
initial tests written against the RFC and tested against Samba's AD DC
in the mode backed by MIT Kerberos.
This preserves clear authorship for the two distinct bodies of work,
as in the next patch Joseph was able to extend and improve the tests
significantly. ]
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
984a0db0 by Joseph Sutton at 2021-08-18T23:20:13+00:00
tests/krb5: Add FAST tests
Example command:
SERVER=addc STRICT_CHECKING=0 SMB_CONF_PATH=/dev/null \
KRB5_CONFIG=krb5.conf DOMAIN=ADDOMAIN REALM=ADDOM.SAMBA.EXAMPLE.COM \
ADMIN_USERNAME=Administrator ADMIN_PASSWORD=locDCpass1 \
PYTHONPATH=bin/python python/samba/tests/krb5/fast_tests.py
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed Aug 18 23:20:14 UTC 2021 on sn-devel-184
- - - - -
161cee6f by Noel Power at 2021-08-19T16:14:30+00:00
s4: torture: CHECK ret value and fail if false
If we reach 'done' with ret == false without setting
the torture result we get unexpected results e.g.
Exception: Exception: Unknown error/failure. Missing torture_fail() or torture_assert_*() call?
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14760
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
5fdf4219 by Jeremy Allison at 2021-08-19T16:14:30+00:00
s3: selftest: Add a test for vfs_streams_depot with the target path outside of the share.
Mark as knownfail.d/simpleserver_streams
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14760
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
- - - - -
1e323200 by Jeremy Allison at 2021-08-19T16:14:30+00:00
s3: VFS: vfs_streams_depot: Factor out the code that gets the absolute stream rootdir into a function.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14760
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
- - - - -
649f544a by Jeremy Allison at 2021-08-19T17:04:44+00:00
s3: VFS: streams_depot: Allow "streams directory" outside of share path to work again.
As we're dealing with absolute paths here, we just need
to temporarily replace the connectpath whilst enumerating
streams.
Remove knownfail file.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14760
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Aug 19 17:04:44 UTC 2021 on sn-devel-184
- - - - -
72b4fe93 by Jeremy Allison at 2021-08-20T09:56:49+00:00
s3: smbd: Ensure all returns from OpenDir() correctly set errno.
Complex code paths inside open_internal_dirfsp() can return an
NTSTATUS, but trample on the matching errno. We need to make
sure if open_internal_dirfsp() fails, errno matches the NTSTATUS
return.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14805
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
Autobuild-User(master): Noel Power <npower at samba.org>
Autobuild-Date(master): Fri Aug 20 09:56:49 UTC 2021 on sn-devel-184
- - - - -
2d6cdb54 by Andreas Schneider at 2021-08-24T12:29:32+00:00
selftest: Add python path for compiled python modules like ldb
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
423f808f by Andrew Bartlett at 2021-08-24T12:29:32+00:00
samba-tool domain backup offline: Use passed in samdb when backing up sam.ldb
This avoids opening the database again by having the caller pass in
the DB open
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14676
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
958931ad by Andrew Bartlett at 2021-08-24T12:29:32+00:00
samba-tool: Rework transations/locks to hold a lock during mdb backup
We now also get sidForRestore under that lock, rather than
after the backup.
This avoids using the database again after the backup process
While not entirely clear how/why this matters with LMDB
as seen in Fedora 34, likely due to the same issues
seen with 0.9.26 or later fixed by commmit
bb3dcd403ced922574a89011dd3814c4fe87dd76.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14676
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
78942ad7 by Andrew Bartlett at 2021-08-24T13:22:04+00:00
samba-tool domain backup: Use tdbbackup on metadata.tdb
metadata.tdb is inside sam.ldb.d/ but should be backed up with tdbbackup.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Tue Aug 24 13:22:04 UTC 2021 on sn-devel-184
- - - - -
5e2ac224 by Volker Lendecke at 2021-08-24T17:32:28+00:00
librpc: Simplify GUID_zero() with a direct struct return
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
0cddd3f2 by Volker Lendecke at 2021-08-24T17:32:28+00:00
librpc: Simplify GUID_string2() by using GUID_buf_string()
Avoid unnecessary talloc
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
9857c562 by Volker Lendecke at 2021-08-24T17:32:28+00:00
librpc: Simplify GUID_hexstring()
A temporary talloc context seems unnecessary to me.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
b79ed122 by Volker Lendecke at 2021-08-24T17:32:28+00:00
rpc_server: Simplify open_np_file()
No need to go via a string to create the SID describing the SMB3
encryption, we can directly use sid_append_rid().
This by the way fixes a bug: SID_MAX_SIZE is the maximum length of the
binary SID, not the maximum string length for a SID.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ebac118d by Volker Lendecke at 2021-08-24T17:32:28+00:00
rpc_server: Slightly simplify set_user_info_21()
Instead of adding the NULL check to data_blob_talloc_zero() put "out"
on the stack.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
2154bb50 by Volker Lendecke at 2021-08-24T17:32:28+00:00
rpc_server: Slightly simplify set_user_info_18()
Instead of adding the NULL check to data_blob_talloc_zero() put "out"
on the stack.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
da740895 by Volker Lendecke at 2021-08-24T17:32:28+00:00
rpc_server: Remove an unused function declaration
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
95a2540d by Volker Lendecke at 2021-08-24T17:32:28+00:00
rpc_server: Align integer types
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
12942576 by Volker Lendecke at 2021-08-24T17:32:28+00:00
rpc_server: Simplify _samr_CreateUser2()
Use a variable that we just set a line before, don't duplicate the
priv name.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
7e810091 by Volker Lendecke at 2021-08-24T17:32:28+00:00
rpc_server: Fix a comment
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
8b45a42b by Volker Lendecke at 2021-08-24T17:32:28+00:00
lib: Improve comment wording
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
3fb8eebf by Volker Lendecke at 2021-08-24T17:32:28+00:00
rpc_client: Slightly simplify rpc_transport_np_init_pipe_open()
Avoid an unnecessary else, use tevent_req_nterror() in if-clause
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
dbb1226c by Volker Lendecke at 2021-08-24T17:32:28+00:00
libsmb: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
3e3cc4ea by Volker Lendecke at 2021-08-24T17:32:28+00:00
rpc_client: Fix a small memleak
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
b0c06577 by Volker Lendecke at 2021-08-24T17:32:28+00:00
rpc_client: Early TALLOC_FREE() in prepare_verification_trailer()
We don't need "t" from here on anymore
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
106c0468 by Volker Lendecke at 2021-08-24T17:32:28+00:00
rpc_client: Slightly simplify rpc_api_pipe_req_send()
tevent_req_create() zero-initializes "state"
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
2a4e7850 by Volker Lendecke at 2021-08-24T17:32:28+00:00
rpc_client: Adapt rpc_api_pipe_req_send() to talloc_req conventions
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c4aea464 by Volker Lendecke at 2021-08-24T17:32:28+00:00
rpc_client: Avoid ZERO_STRUCTP in prepare_verification_trailer()
Direct struct assignments are easier to read for me, but YMMV.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a3f7f279 by Volker Lendecke at 2021-08-24T17:32:28+00:00
rpc_client: Adapt rpc_pipe_bind_send() to talloc_req conventions
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
89a0f256 by Volker Lendecke at 2021-08-24T17:32:28+00:00
rpc_client: Use struct init/assignment
Don't leave structures/unions partially uninitialized
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e8dda842 by Volker Lendecke at 2021-08-24T17:32:28+00:00
rpc_client: Use ndr_syntax_id_equal() in check_bind_response()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
398e3840 by Volker Lendecke at 2021-08-24T17:32:29+00:00
rpc_client: Adapt rpc_api_pipe_send() to recent coding conventions
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
8c7b4106 by Volker Lendecke at 2021-08-24T17:32:29+00:00
rpc_client: Adapt rpc_write_send() to tevent_req conventions
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
3bfc7802 by Volker Lendecke at 2021-08-24T17:32:29+00:00
winbind: Remove an unused include
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d1168805 by Volker Lendecke at 2021-08-24T17:32:29+00:00
rpc_client: Simplify rpccli_bh_disconnect_recv()
Use tevent_req_simple_recv_ntstatus()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
56328aef by Volker Lendecke at 2021-08-24T17:32:29+00:00
rpc_client: Use tevent_req_nterror() properly
Signed-off-by: Volker Lendecke <vl at samba.org>
- - - - -
dc4371f7 by Volker Lendecke at 2021-08-24T17:32:29+00:00
rpc_client: Avoid casts
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f8c828b8 by Volker Lendecke at 2021-08-24T17:32:29+00:00
rpc_client: Simplify rpc_api_pipe_auth3_done()
Use tevent_req_simple_finish_ntstatus()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
68a3e478 by Volker Lendecke at 2021-08-24T17:32:29+00:00
rpc_client: Simplify get_complete_frag_got_rest()
tevent_req_simple_finish_ntstatus() is made precisely for this simple
case where we just pass on a subreq's NTSTATUS
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
39c0e3ea by Volker Lendecke at 2021-08-24T17:32:29+00:00
rpc_client: Simplify get_complete_frag_got_header()
Use tevent_req_oom()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
7df7bf44 by Volker Lendecke at 2021-08-24T17:32:29+00:00
rpc_client: Simplify get_complete_frag_got_header()
tevent_req_nterror() returns a bool, no separate check required
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
965ebcae by Volker Lendecke at 2021-08-24T17:32:29+00:00
rpc_client: Simplify get_complete_frag_send()
tevent_req_oom() and tevent_req_nomem() instead of explicit
NT_STATUS_NO_MEMORY; do an early return if done.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
19482ebb by Volker Lendecke at 2021-08-24T17:32:29+00:00
torture: Remove rpc_open_tcp test program
Its initial commit in 2008 stated that it still needs to be integrated
into the test suite. As far as I can see, this never happened.
Why remove it? Without this we can make rpc_open_tcp() static for
easier refactoring.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
730e2903 by Volker Lendecke at 2021-08-24T17:32:29+00:00
rpc_client: Make rpc_pipe_open_tcp() static
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
17b6c25b by Volker Lendecke at 2021-08-24T17:32:29+00:00
rpc_client: Use tevent_req_nterror() properly in cli_api_pipe
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d244d16c by Volker Lendecke at 2021-08-24T17:32:29+00:00
rpc_client: Align cli_api_pipe_send() with tevent_req() conventions
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
76b7bc5f by Volker Lendecke at 2021-08-24T17:32:29+00:00
winbindd: NULL-initialize a pointer
Patches from the dcerpc patchset will create warnings out of this not
being initialized.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
2a20c8b2 by Volker Lendecke at 2021-08-24T18:22:56+00:00
rpcclient: Add unixinfo commands
The unixinfo pipe might go away in the future, but right now we have
it around. This code is simple and can go away again when unixinfo
dies.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Aug 24 18:22:56 UTC 2021 on sn-devel-184
- - - - -
24c09f91 by Björn Jacke at 2021-08-24T18:33:32+00:00
ntvfs: add missing COM/LPT ports that are also reserved names
see also:
https://docs.microsoft.com/en-us/windows/win32/fileio/naming-a-file?redirectedfrom=MSDN
BUG: https://bugzilla.samba.org/show_bug.cgi?id=8776
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c653f805 by Björn Jacke at 2021-08-24T18:33:32+00:00
mangle_hash2: add missing COM/LPT ports that are also reserved names
see also:
https://docs.microsoft.com/en-us/windows/win32/fileio/naming-a-file?redirectedfrom=MSDN
BUG: https://bugzilla.samba.org/show_bug.cgi?id=8776
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
6248eab5 by Björn Jacke at 2021-08-24T19:26:59+00:00
mangle_hash2: remove LOCK$ from list of reserved names
see also:
https://docs.microsoft.com/en-us/windows/win32/fileio/naming-a-file?redirectedfrom=MSDN
BUG: https://bugzilla.samba.org/show_bug.cgi?id=8776
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Aug 24 19:26:59 UTC 2021 on sn-devel-184
- - - - -
b4d8c62c by Jeremy Allison at 2021-08-25T16:22:37+00:00
s3: mdssvc: Correctly disconnect the VFS connection inside the mds_ctx destructor.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14809
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
857045f3 by Jeremy Allison at 2021-08-25T17:09:23+00:00
s3: smbd: In create_conn_struct_cwd(), don't TALLOC_FREE() an unallocated pointer on error.
Just return the status - if create_conn_struct_as_root() fails
the connection struct never gets returned.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14809
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Wed Aug 25 17:09:23 UTC 2021 on sn-devel-184
- - - - -
a41425eb by Jeremy Allison at 2021-08-25T18:02:05+00:00
s4: ntvfs: Missed comma in 24c09f913d82528ada14013e3d673d277cf04a93, string would be concatenated.
Sorry for the mistake, I missed that in the review.
Caught by Coverity.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Björn Jacke <bjacke at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Aug 25 18:02:05 UTC 2021 on sn-devel-184
- - - - -
167ad961 by Andrew Bartlett at 2021-08-26T06:16:35+00:00
autobuild.py: Explain why each job is removed from the default set
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
6145c388 by Andrew Bartlett at 2021-08-26T06:16:35+00:00
gitlab-ci/autobuild: Add new build confirming behaviour on older MIT Kerberos
Because the MIT KDC builds are moving to current MIT and out of the default autobuild
this ensures that on our default host, which is closer to what most of our
users operate, Samba still works with Kerberos.
This uses the ktest environment that does not require the KDC to exist
and instead uses a static ccache and keytab.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
649b0741 by Andrew Bartlett at 2021-08-26T06:16:35+00:00
gitlab-ci: Move MIT builds to current Fedora so we can test against a current MIT KDC
Fedora packages current MIT builds pretty fast so we base our
MIT KDC tests there, as this avoids backporting and tests against
the most current code.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
ff267c3c by Andrew Bartlett at 2021-08-26T06:16:35+00:00
autobuild.py: Do not build MIT builds by default (eg sn-devel)
This avoids the need for MIT KDC tests and the MIT KDC glue code to
operate against the older MIT 1.16 found on Ubuntu 18.04, which
is our current build environment.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
554bdfa8 by Andrew Bartlett at 2021-08-26T06:16:35+00:00
build: Move minimum MIT krb5 version to 1.19 to align with what is tested
This avoid shipping untested code and aligns with the version
used in GitLab CI for all the MIT builds.
The "bronze bit" (CVE-2020-17049) security fixes will need
a new MIT KDB version in any case, this prepares the ground
by removing the older version support.
(knownfail_mit_kdc updates taken from a patch by
Andreas Schneider <asn at samba.org> that did this optionally)
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
9b9fd2a0 by Andrew Bartlett at 2021-08-26T07:05:44+00:00
mit-kdc: Remove build time support for KDB_API < 10
The previous commits restricted to MIT KDC build to MIT 1.19 and this removes the
#ifdef in the code of what will become untested code.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Thu Aug 26 07:05:44 UTC 2021 on sn-devel-184
- - - - -
5d53b848 by Stefan Metzmacher at 2021-08-26T13:06:09+00:00
wafsamba: always generate compile_commands.json again, but only when the samba dependencies changed
This means the costs of the generation on a empty build are not paid
anymore, which was the reason for the explicit --enable-clangdb option.
Pair-Programmed-With: Andreas Schneider <asn at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Thu Aug 26 13:06:09 UTC 2021 on sn-devel-184
- - - - -
bcd6bed7 by Ralph Boehme at 2021-08-26T19:18:31+00:00
smbd: avoid calling creating a pathref in smb_set_file_dosmode()
We already have a fsp with a valid fsp->base_fsp if it's a stream.
Also remove the struct smb_filename arg, it's not needed, the only caller
already checks for a valid fsp.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14771
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
- - - - -
145e739c by Ralph Boehme at 2021-08-26T19:18:31+00:00
vfs_gpfs: call SMB_VFS_NEXT_CONNECT() before running some module initialization code
No change in behaviour. Prepares for a subsequent commit that checks for IPC shares.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14771
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
- - - - -
070dce22 by Stefan Metzmacher at 2021-08-26T19:18:31+00:00
vfs_gpfs: don't check for struct gpfs_config_data in vfs_gpfs_[l]stat()
This is unused and the config object won't be avilable for IPC$ anymore with the
next commit.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14771
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
- - - - -
1a3ac7a9 by Ralph Boehme at 2021-08-26T19:18:31+00:00
vfs_gpfs: make vfs_gpfs_connect() a no-op on IPC shares
We don't ever expect any filesystem IO operations to be called on an IPC shares,
so there's no need to initialize the module here.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14771
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
- - - - -
730f8c49 by Ralph Boehme at 2021-08-26T19:18:31+00:00
vfs_gpfs: check for O_PATH support in gpfswrap_fstat_x()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14771
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
- - - - -
fde1b981 by Ralph Boehme at 2021-08-26T19:18:31+00:00
vfs_gpfs: add path based fallback for gpfswrap_fstat_x() on pathref handles
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14771
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
- - - - -
3679f54f by Ralph Boehme at 2021-08-26T19:18:31+00:00
vfs_gpfs: remove ENOSYS fallback from vfs_gpfs_fset_dos_attributes()
This API call has existed for a long time, so we can safely assume that this
always works.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14771
Pair-Programmed-With: Christof Schmitt <cs at samba.org>
Signed-off-by: Ralph Boehme <slow at samba.org>
Signed-off-by: Christof Schmitt <cs at samba.org>
- - - - -
882a466e by Ralph Boehme at 2021-08-26T19:18:31+00:00
vfs_gpfs: add sys_proc_fd_path() fallback to vfs_gpfs_fset_dos_attributes()
gpfs_set_winattrs() is a modifying operation, my expectation thus is that it is
not allowed on pathref (O_PATH) handles even though a recent Linux kernel commit
44a3b87444058b2cb055092cdebc63858707bf66 allowed calling utimensat() on pathref
handles.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14771
RN: Some VFS operations on pathref (O_PATH) handles fail on GPFS
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
- - - - -
443608ee by Ralph Boehme at 2021-08-26T19:18:31+00:00
vfs_gpfs: deal with pathref fsps in vfs_gpfs_fntimes()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14771
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
- - - - -
9a237e16 by Ralph Boehme at 2021-08-26T19:18:31+00:00
vfs_gpfs: pass fsp to smbd_gpfs_set_times()
No change in behaviour. Prepares for dealing with pathref fsps in
smbd_gpfs_set_times().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14771
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
- - - - -
1bbdb818 by Ralph Boehme at 2021-08-26T19:18:31+00:00
vfs_gpfs: remove ENOSYS fallback from vfs_gpfs_fntimes()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14771
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
- - - - -
93a48399 by Ralph Boehme at 2021-08-26T19:18:31+00:00
lib/gpfswrap: add gpfs_set_times_path() wrapper
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14771
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
- - - - -
fead05a4 by Ralph Boehme at 2021-08-26T20:08:51+00:00
vfs_gpfs: deal with pathrefs fsps in smbd_gpfs_set_times()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14771
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Thu Aug 26 20:08:51 UTC 2021 on sn-devel-184
- - - - -
c5bbb177 by David Mulder at 2021-08-30T21:08:36+00:00
gpo: Test Group Policy Firefox Extension
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d5118eb6 by David Mulder at 2021-08-30T21:57:09+00:00
gpo: Add Group Policy Firefox Extension
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon Aug 30 21:57:09 UTC 2021 on sn-devel-184
- - - - -
638c6d42 by Andrew Bartlett at 2021-08-31T00:12:53+00:00
selftest: Remove skip of samba4.rpc.unixinfo
This test, and the rpcclient getwpuid call on a "real" system
with nss_winbind (under docker in my test) also works fine.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14691
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Aug 31 00:12:53 UTC 2021 on sn-devel-184
- - - - -
1209c89d by Bjoern Jacke at 2021-08-31T09:54:35+00:00
util_sock: fix assignment of sa_socklen
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14800
Autobuild-User(master): Björn Jacke <bjacke at samba.org>
Autobuild-Date(master): Tue Aug 31 09:54:35 UTC 2021 on sn-devel-184
- - - - -
8b078bbf by Andrew Bartlett at 2021-09-02T05:03:31+00:00
selftest: Modernise user_account_control.py tests use a common self.OU
We set and use a single self.OU to ensure consistancy and
reduce string duplication.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
8c455268 by Andrew Bartlett at 2021-09-02T05:03:31+00:00
selftest: Use addCleanup rather than tearDown in user_account_control.py
self.addCleanup() is called regardless of the test failure or error status
and so is more reliable, particularly during development.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
fb6c0b9e by Andrew Bartlett at 2021-09-02T05:03:31+00:00
pydsdb: Add API to return strings of known UF_ flags
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
8701ce49 by Andrew Bartlett at 2021-09-02T05:03:31+00:00
selftest: Use @DynamicTestCase in user_account_control test_uac_bits_unrelated_modify()
This is a nice easy example of how the test generation
code works, and it combined nicely with the earlier
patch to return string names from the UF_ constants.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
60f1b6cf by Andrew Bartlett at 2021-09-02T05:03:31+00:00
selftest: Replace internal loop in test_uac_bits_add() using @DynamicTestClass
This generates a single test per bit which is easier to
debug. Elsewhere we use this pattern where we want to
be able to put some cases in a knownfail, which is otherwise
not possible.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
17ae0319 by Andrew Bartlett at 2021-09-02T05:03:31+00:00
selftest: Replace internal loop in test_uac_bits_set() using @DynamicTestClass
This generates a single test per bit which is easier to
debug. Elsewhere we use this pattern where we want to
be able to put some cases in a knownfail, which is otherwise
not possible.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
40b65fcb by Andrew Bartlett at 2021-09-02T05:56:12+00:00
script/autobuild.py: Restore MIT ADDC tests against fl2008*
Commit 7387da74e6f0e33de5f80b9a5e59f268541f52cd incorrectly
ran the fl2000dc and fl2003dc tests twice, rather than the
fl2008dc and fl2008r2dc tests in samba-ad-dc-4b-mitkrb5.
(Now ad-dc-mit-4b)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14815
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall at samba.org>
Autobuild-Date(master): Thu Sep 2 05:56:12 UTC 2021 on sn-devel-184
- - - - -
e9c8ac4a by Andrew Bartlett at 2021-09-02T13:41:28+00:00
bootstrap: Update to get newer krb5 on Fedora 34
We need the update FEDORA-2021-20b495cb94 (krb5) to
get a fix for CVE-2021-37750 (explicit NULL deref on KDC)
so our CI will pass as we have a test for this.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
5805a7c4 by Andrew Bartlett at 2021-09-02T13:41:28+00:00
bootstrap: SAMBA_CI_CONTAINER_TAG is now in .gitlab-ci-main.yml
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
d9edad89 by Andrew Bartlett at 2021-09-02T13:41:28+00:00
Update common on currently supported Fedora versions
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
79dda329 by Joseph Sutton at 2021-09-02T13:41:28+00:00
tests/krb5: Make e-data checking less strict
Without this additional 'self.strict_checking' check, the tests in the
following patches do not get far enough to trigger a crash with the MIT
KDC, instead failing when obtaining a TGT for the user or machine.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14770
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
36798f5b by Joseph Sutton at 2021-09-02T13:41:28+00:00
tests/krb5: Make cname checking less strict
Without this additional 'self.strict_checking' check, the tests in the
following patches do not get far enough to trigger a crash with the MIT
KDC.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
15f9f040 by Joseph Sutton at 2021-09-02T13:41:28+00:00
tests/krb5: Add test for sending PA-ENCRYPTED-CHALLENGE without FAST
Note: This test crashed the MIT KDC prior to MIT commit
fc98f520caefff2e5ee9a0026fdf5109944b3562 which was given
CVE-2021-36222.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14770
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
0cb4b939 by Luke Howard at 2021-09-02T13:41:28+00:00
CVE-2021-3671 HEIMDAL kdc: validate sname in TGS-REQ
In tgs_build_reply(), validate the server name in the TGS-REQ is present before
dereferencing.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14770
[abartlet at samba.org backported from from Heimdal
commit 04171147948d0a3636bc6374181926f0fb2ec83a via reference
to an earlier patch by Joseph Sutton]
RN: An unuthenticated user can crash the AD DC KDC by omitting the server name in a TGS-REQ
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
b8e25155 by Joseph Sutton at 2021-09-02T13:41:28+00:00
CVE-2021-3671 tests/krb5: Add tests for omitting sname in outer request
Note: Without the previous patch, 'test_fast_tgs_outer_no_sname' would
crash the Heimdal KDC.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14770
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
3330eaf3 by Andrew Bartlett at 2021-09-02T13:41:28+00:00
tests/krb5: Remove harmful and a-typical return in as_req testcase
A test in a TestCase class should not return a value, the
test is determined by the assertions raised.
Other changes will shortly cause kdc_exchange_dict[preauth_etype_info2]
to not always be filled, so we need to remove this
rudundent code.
This also fixes a *lot* of tests against the MIT KDC
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14770
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
e373c646 by Joseph Sutton at 2021-09-02T13:41:28+00:00
tests/krb5: Check e-data element for TGS-REP errors without FAST
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14770
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
1e4d7573 by Joseph Sutton at 2021-09-02T13:41:28+00:00
tests/krb5: Check PADATA-PW-SALT element in e-data
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14770
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
bbbb13ca by Joseph Sutton at 2021-09-02T13:41:28+00:00
tests/krb5: Add tests for omitting sname in request
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14770
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
c6d7e19e by Joseph Sutton at 2021-09-02T13:41:28+00:00
tests/krb5: Allow specifying parameters specific to the inner FAST request body
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14770
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
24914ae1 by Joseph Sutton at 2021-09-02T13:41:28+00:00
tests/krb5: Add tests for omitting sname in inner request
Note: the test 'test_fast_tgs_inner_no_sname' crashes the MIT KDC..
This is fixed in MIT Krb5 commit d775c95af7606a51bf79547a94fa52ddd1cb7f49
and was given CVE-2021-37750
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14770
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
ebd673e9 by Joseph Sutton at 2021-09-02T13:41:28+00:00
tests/krb5: Allow expected_error_mode to be a container type
This allows a range of possible error codes to be checked against, for
cases when the particular error code returned is not so important.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14770
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
b0f4455e by Luke Howard at 2021-09-02T13:41:28+00:00
kdc: KRB5KDC_ERR_{C,S}_PRINCIPAL_UNKNOWN if missing field
If missing cname or sname in AS-REQ, return KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN and
KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN. This matches MIT behaviour.
[abartlet at samba.org Backported from Heimdal commit 892a1ffcaad98157e945c540b81f65edb14d29bd
and knownfail added]
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14770
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
10baaf08 by Andrew Bartlett at 2021-09-02T14:28:31+00:00
tests/krb5: Allow KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN for a missing sname
This allows our code to still pass with the error code that
MIT and Heimdal have chosen
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14770
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Thu Sep 2 14:28:31 UTC 2021 on sn-devel-184
- - - - -
39c2ec72 by Ralph Boehme at 2021-09-02T14:29:35+00:00
winbindd: call wb_parent_idmap_setup_send() in wb_queryuser_send()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14804
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
d0f6d543 by Ralph Boehme at 2021-09-02T15:20:06+00:00
winbind: ensure wb_parent_idmap_setup_send() gets called in winbindd_allocate_uid_send()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14804
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Thu Sep 2 15:20:06 UTC 2021 on sn-devel-184
- - - - -
e41bc0f4 by Andreas Schneider at 2021-09-02T20:30:31+00:00
third_party: Add a script to update waf
./third_party/waf/update.sh
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
59ed0992 by Andreas Schneider at 2021-09-02T21:22:17+00:00
third_party: Update waf to version 2.0.22
New in waf 2.0.22
* Fix stdin propagation with faulty vcvarsall scripts #2315
* Enable mixing Unix-style paths with destdir on Windows platforms #2337
* Fix shell escaping unit test parameters #2314
* Improve extras/clang_compilation_database and extras/swig compatibility #2336
* Propagate C++ flags to the Cuda compiler in extras/cuda #2311
* Fix detection of Qt 5.0.0 (preparation for Qt6) #2331
* Enable Haxe processing #2308
* Fix regression in MACOSX_DEPLOYMENT_TARGET caused by distutils #2330
* Fix extras/wafcache concurrent trimming issues #2312
* Fix extras/wafcache symlink handling #2327
The import was done like this:
./third_party/waf/update.sh
Then changing buildtools/bin/waf and buildtools/wafsamba/wafsamba.py
by hand.
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Andreas Schneider <asn at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu Sep 2 21:22:17 UTC 2021 on sn-devel-184
- - - - -
efcd1af1 by Joseph Sutton at 2021-09-04T00:10:37+00:00
dsdb/samdb/ldb_modules: Use correct member of union
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
15f0d34d by Joseph Sutton at 2021-09-04T00:10:37+00:00
s4/dnsserver: Don't call memcpy() with a NULL pointer
Doing so is undefined behaviour.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
3d490c22 by Joseph Sutton at 2021-09-04T00:10:37+00:00
s4/dnsserver: Fix NULL check
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ad3498ab by Joseph Sutton at 2021-09-04T00:10:37+00:00
libcli/smb: Don't call memcpy() with a NULL pointer
Doing so is undefined behaviour.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
b59fc435 by Joseph Sutton at 2021-09-04T00:10:37+00:00
python: Fix usage strings
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
02b18730 by Joseph Sutton at 2021-09-04T00:55:32+00:00
Fix Python docstrings
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Sat Sep 4 00:55:32 UTC 2021 on sn-devel-184
- - - - -
e8b4599e by Andrew Bartlett at 2021-09-05T02:28:29+00:00
selftest: Split up targets for samba_tool_drs from samba_tool_drs_showrepl
These now run in the disconnected sets schema_dc/schema_pair_dc and
ad_dc/vampire_dc/promoted_dc. By aiming at different sets ofservers
we can't cause cross-contamination in terms of which servers are
listed as outbound connections.
Also, by running the tests only once we reduce the chaces of trouble
by half.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
75a5ed66 by Andrew Bartlett at 2021-09-05T02:28:29+00:00
selftest: Only run samba_tool_drs_showrepl test once
This test is not slow, but there is no value running it twice.
Running this test twice just increases the chances we might
loose a race as it shows and validates live replication data.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
8affe4a1 by Andrew Bartlett at 2021-09-05T02:28:29+00:00
dsdb: Be careful to avoid use of the expensive talloc_is_parent()
The wrong talloc API was selected while addressing a memory leak.
commit ee2fe56ba0ef6626b634376e8dc2185aa89f8c99
Author: Aaron Haslett <aaronhaslett at catalyst.net.nz>
Date: Tue Nov 27 11:07:44 2018 +1300
drepl: memory leak fix
Fixes a memory leak where schema reference attached to ldb
instance is lost before it can be freed.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14042
Signed-off-by: Aaron Haslett <aaronhaslett at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Autobuild-User(master): Garming Sam <garming at samba.org>
Autobuild-Date(master): Wed Jul 17 06:17:10 UTC 2019 on sn-devel-184
By using talloc_get_parent() walking the entire talloc tree is
avoided.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14806
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
b40761b4 by Andrew Bartlett at 2021-09-05T02:28:29+00:00
selftest: Add a test for LookupSids3 and LookupNames4 in python
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14807
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ae57d22e by Andrew Bartlett at 2021-09-05T03:19:26+00:00
s4-lsa: Cache sam.ldb handle in lsa_LookupSids3/LookupNames4
Since 5c0345ea9bb34695dcd7be6c913748323bebe937 this
would not have been implicitly cached via the ldb_wrap
cache, due to the recording of the remote IP address
(which is a good thing).
This creates a more explicit and direct correct
cache on the connection.
The common code, including the SCHANNEL check is
placed into a helper function.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14807
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Sun Sep 5 03:19:26 UTC 2021 on sn-devel-184
- - - - -
6590bb0b by Andrew Bartlett at 2021-09-06T02:32:51+00:00
selftest: Add prefix to new schema attributes to avoid flapping dsdb_schema_attributes
If two of these unit tests run in the same second they could
select the same name, as the name was only based on the time
and a common prefix.
As observed by Jeremy Allison. Thanks for the report!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14819
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon Sep 6 02:32:51 UTC 2021 on sn-devel-184
- - - - -
a54d9ffc by Jeremy Allison at 2021-09-06T08:30:31+00:00
s3: smbd: Add fifo test for the DISABLE_OPATH case.
Currently we hang when trying to list a directory
containing a fifo when configured with DISABLE_OPATH.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14816
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
2f2c53c4 by Jeremy Allison at 2021-09-06T09:51:54+00:00
s3: smbd: Fix openat_pathref_fsp() to cope with FIFO's in the filesystem.
Remove skip test for the DISABLE_OPATH case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14816
RN: Fix pathref open of a filesystem fifo in the DISABLE_OPATH build
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Mon Sep 6 09:51:54 UTC 2021 on sn-devel-184
- - - - -
aaa3c6a4 by Ralph Boehme at 2021-09-06T13:26:35+00:00
lib/cmdline: add POPT_COMMON_DAEMON daemon popt options
Note: interactive=true implies fork=false. This matches the semantics
that currently 3/4 daemons implement manually.
Not used so far, no change in behaviour.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14803
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
877183ac by Ralph Boehme at 2021-09-06T13:26:35+00:00
lib/cmdline: restore pre-4.15 logging behaviour for daemons
For servers ensure logging is configured to go to a logfile unless in
interactive mode by calling setup_logging() before lp_load_global() is
called.
In 4.14 servers had the chance to call setup_logging(getprogname(),
DEBUG_FILE) before they called lp_load_*() explicitly in the server.
Now in 4.15 lp_load_*() is called internally when parsing the command
line arguments triggered by the server running the poptGetNextOpt()
loop, so it's too late when the server calls
setup_logging(getprogname(), DEBUG_FILE) as lots of debugging from
lp_load_()* was already written to DEBUG_DEFAULT_STDERR.
Note that there's a chicken and egg problem *within* this patchset:
this change here breaks stdout logging for servers until the servers
are converted to use the new POPT_COMMON_DAEMON. The only way to
address that would be squashing all changes into one patchset, but for
the sake of reviewability (is that an actual english word? :)) I chose
to split the changes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14803
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
ae22442d by Ralph Boehme at 2021-09-06T13:26:35+00:00
smbd: use POPT_COMMON_DAEMON
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14803
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
a20f63b3 by Ralph Boehme at 2021-09-06T13:26:35+00:00
nmbd: use POPT_COMMON_DAEMON
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14803
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
9d82454c by Ralph Boehme at 2021-09-06T13:26:35+00:00
winbindd: use POPT_COMMON_DAEMON
Note: this also changes logging to go to stderr instead of stdout which is the
same behaviour as smbd and nmbd (starting with 4.15).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14803
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
28686f87 by Ralph Boehme at 2021-09-06T14:23:15+00:00
s4/samba: POPT_COMMON_DAEMON
Note: this also changes logging to go to stderr instead of stdout which is the
same behaviour as smbd, nmbd and winbindd (starting with 4.15).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14803
RN: smbd/winbindd started in daemon mode generate output on stderr/stdout
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Mon Sep 6 14:23:15 UTC 2021 on sn-devel-184
- - - - -
44566f59 by Volker Lendecke at 2021-09-07T18:26:33+00:00
rpc_server3: Include the right "dcerpc.h" from a SAMBA_SUBSYSTEM
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f585f011 by Volker Lendecke at 2021-09-07T18:26:33+00:00
auth: Simplify is_our_machine_account()
Use strnequal instead of duplicating a string
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ba237d94 by Volker Lendecke at 2021-09-07T18:26:33+00:00
auth: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
6ebed6b5 by Volker Lendecke at 2021-09-07T18:26:33+00:00
samba-tool: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
3347bfce by Volker Lendecke at 2021-09-07T18:26:33+00:00
samba_dnsupdate: Fix deprecation warnings
We should not call samba-tool with -k anymore
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
2b86cff4 by Ralph Boehme at 2021-09-07T19:24:57+00:00
lib/replace: drop runtime copy_file_range() check
This reverts commit 4354823c5146753ef8a3791bc8562379096659b8
"libreplace: properly execute SYS_copy_file_range check".
We now use a runtime check in the user of copy_file_range().
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Sep 7 19:24:57 UTC 2021 on sn-devel-184
- - - - -
91c024df by Jeremy Allison at 2021-09-08T06:38:21+00:00
s3: auth: Andrew noticed f585f01148ab2d8f84c96b12e018742f5f17bcb0 doesn't keep the same logic.
This should make it identical.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Wed Sep 8 06:38:21 UTC 2021 on sn-devel-184
- - - - -
16e907f8 by Alenka Glukhovskaya at 2021-09-08T15:44:42+00:00
Added russian translate file
Signed-off-by: Alenka Glukhovskaya <alenka at altlinux.org>
Signed-off-by: Elena Mishina <lepata at altlinux.org>
Reviewed-by: David Mulder <dmulder at suse.com>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
Autobuild-User(master): David Mulder <dmulder at samba.org>
Autobuild-Date(master): Wed Sep 8 15:44:42 UTC 2021 on sn-devel-184
- - - - -
867c6ff9 by Stefan Metzmacher at 2021-09-08T16:37:07+00:00
docs-xml: use upper case for "{client,server} smb3 {signing,encryption} algorithms" values
This matches what smbstatus prints out. Note there's also the removal of
an '-' in "hmac-sha-256" => HMAC-SHA256".
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14825
RN: "{client,server} smb3 {signing,encryption} algorithms" should use the same strings as smbstatus output
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Wed Sep 8 16:37:07 UTC 2021 on sn-devel-184
- - - - -
a3637426 by Andrew Bartlett at 2021-09-09T00:05:32+00:00
docs: Ensure to rebuild manpages if samba.entities or samba.version changes
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14791
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
9b50d2e5 by Andrew Bartlett at 2021-09-09T00:05:32+00:00
docs: Document all the other ways to send a password to smbclient et al
This was previously hidden knowlege not easily available to
administrators and end users.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14791
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
18e08c70 by Andrew Bartlett at 2021-09-09T00:52:09+00:00
docs: Avoid duplicate information on USER and PASSWD, reference the common section
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14791
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Sep 9 00:52:09 UTC 2021 on sn-devel-184
- - - - -
2fe8d3ee by Uri Simchoni at 2021-09-09T00:53:54+00:00
fuzzing/oss-fuzz: fix image build recipe for Ubuntu 20.04
Update the build_image.sh script to install Ubuntu 20.04 packages
instead of Ubuntu 16.04 on the oss-fuzz container - this will
allow the oss-fuzz container to be based on Ubuntu 20.04.
REF: https://github.com/google/oss-fuzz/issues/6301#issuecomment-911705365
Signed-off-by: Uri Simchoni <uri at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e608dcd2 by Uri Simchoni at 2021-09-09T00:53:54+00:00
configure: allow configure script to accept parameters with spaces
Specifically this enables passing two linker flags to the --fuzz-target-ldflags
configure argument.
Signed-off-by: Uri Simchoni <uri at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
541f9ee5 by Uri Simchoni at 2021-09-09T00:53:54+00:00
fuzzing/oss-fuzz: fix RPATH comments for post-Ubuntu-16.04 era
Remove what appears to be a copy+paste error in one place, and
explain that RPATH/RUNPATH is set by the linker, not by chrpath
utility.
Signed-off-by: Uri Simchoni <uri at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f94b1d3b by Uri Simchoni at 2021-09-09T00:53:54+00:00
fuzzing/oss-fuzz: fix samba build script for Ubuntu 20.04
Add a linker flag to generate fuzzer binaries with an RPATH
header instead of RUNPATH.
Signed-off-by: Uri Simchoni <uri at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4f300d67 by Uri Simchoni at 2021-09-09T00:53:54+00:00
fuzzing/oss-fuzz: strip RUNPATH from dependencies
Strip all RUNPATH headers from all dependency shared objects that
we copy to the fuzzing target, as those libraries aren't placed
in their original place.
Signed-off-by: Uri Simchoni <uri at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4366c3bb by Uri Simchoni at 2021-09-09T01:45:09+00:00
gitlab-ci: run samba-fuzz autobuild target on Ubuntu 20.04-based image
REF: https://github.com/google/oss-fuzz/issues/6301#issuecomment-911705365
Signed-off-by: Uri Simchoni <uri at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu Sep 9 01:45:09 UTC 2021 on sn-devel-184
- - - - -
82a075d4 by Martin Schwenke at 2021-09-09T01:46:49+00:00
ctdb-recoverd: Add a helper variable
Improves readability and simplifies subsequent changes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14784
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
620d0787 by Martin Schwenke at 2021-09-09T01:46:49+00:00
ctdb-recoverd: Update the local node map before pushing out flags
The resulting code structure looks a little weird. However, there is
another condition that requires the flags to be pushed that will be
inserted before the continue statement in a subsequent commit..
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14784
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
8305f6a7 by Martin Schwenke at 2021-09-09T01:46:49+00:00
ctdb-recoverd: Push flags for a node if any remote node disagrees
This will usually happen if flags on the node in question change, so
keeping the code simple and pushing to all nodes won't hurt. When all
nodes come up there might be differences in connected nodes, causing
such "fix ups". Receiving nodes will ignore no-op pushes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14784
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
49dc5d8c by Martin Schwenke at 2021-09-09T01:46:49+00:00
ctdb-protocol: Add new controls to disable and enable nodes
These are CTDB_CONTROL_DISABLE_NODE and CTDB_CONTROL_ENABLE_NODE.
For consistency these match CTDB_CONTROL_STOP_NODE and
CTDB_CONTROL_CONTINUE_NODE. It would be possible to add a single
control but it would need to take data.
The aim is to finally fix races in flag handling. Previous fixes have
improved the situation but they have only narrowed the race window.
The problem is that the recovery daemon on the master node pushes
flags to nodes the same way that disable and enable are implemented.
So the following sequence is still racy:
1. Node A is disabled
2. Recovery master pulls flags from all nodes including A
3. Node A is enabled
4. Recovery master notices A is disabled and pushes a flag update to
all nodes including node A
5. Node A is erroneously marked disabled
Node A can not tell if the MODIFY_FLAGS control is from a "ctdb
disable" command or a flag update from the recovery master.
The solution is to use a different mechanism for disable/enable and
for a node to ignore MODIFY_FLAGS controls for their own flags.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14784
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
6845dca8 by Martin Schwenke at 2021-09-09T01:46:49+00:00
ctdb-protocol: Add marshalling for controls DISABLE_NODE/ENABLE_NODE
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14784
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
e0a7b5a9 by Martin Schwenke at 2021-09-09T01:46:49+00:00
ctdb-daemon: Add a helper variable
Simplifies a subsequent change.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14784
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
1ac7bc75 by Martin Schwenke at 2021-09-09T01:46:49+00:00
ctdb-daemon: Factor out a function to get node structure from PNN
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14784
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
60c1ef14 by Martin Schwenke at 2021-09-09T01:46:49+00:00
ctdb-daemon: Start as disabled means PERMANENTLY_DISABLED
DISABLED is UNHEALTHY | PERMANENTLY_DISABLED, which is not what is
intended here. Luckily, it doesn't do any harm because nodes are
marked unhealthy at startup anyway.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14784
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
15a6489c by Martin Schwenke at 2021-09-09T01:46:49+00:00
ctdb_daemon: Implement controls DISABLE_NODE/ENABLE_NODE
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14784
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
6fe6a54e by Martin Schwenke at 2021-09-09T01:46:49+00:00
ctdb-client: Add client code for disable/enable controls
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14784
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
59140546 by Martin Schwenke at 2021-09-09T01:46:49+00:00
ctdb-tools: Use disable and enable controls in tool
Note that there a change from broadcast to a directed control here.
This is OK because the recovery master will push flags if any nodes
disagree with the canonical flags fetched from a node.
Static function ctdb_ctrl_modflags() is no longer used to drop it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14784
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
eec44e28 by Martin Schwenke at 2021-09-09T01:46:49+00:00
ctdb-daemon: Correct the condition for logging unchanged flags
Don't trust the old flags from the recovery master.
Surrounding code will change in future comments, including the use of
old-style debug macros, so just make this change clear.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14784
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
b6d25d07 by Martin Schwenke at 2021-09-09T01:46:49+00:00
ctdb-daemon: Update logging for flag changes
When flags change, promote the message to NOTICE level and switch the
message to the style that is currently generated by
ctdb-recoverd.c:monitor_handler(). This will allow monitor_handler()
to go away in future.
Drop logging when flags do not change. The recovery master now logs
when it pushes flags for a node, so the lack of a corresponding
"changed flags" message here indicates that no update was required.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14784
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
0132bd5a by Martin Schwenke at 2021-09-09T01:46:49+00:00
ctdb-daemon: Modernise remaining debug macro in this function
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14784
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
e7525676 by Martin Schwenke at 2021-09-09T01:46:49+00:00
ctdb-daemon: Don't bother sending CTDB_SRVID_SET_NODE_FLAGS
The code that handles this message is
ctdb_recoverd.c:monitor_handler(). Although it appears to do
something potentially useful, it only logs the flags changes. All
changes made are to local structures - there are no actual
side-effects.
It used to trigger a takeover run when the DISABLED flag changed.
This was dropped back in commit
662f06de9fdce7b1bc1772a4fbe43de271564917.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14784
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
916c5ee1 by Martin Schwenke at 2021-09-09T01:46:49+00:00
ctdb-recoverd: Mark CTDB_SRVID_SET_NODE_FLAGS obsolete
CTDB_SRVID_SET_NODE_FLAGS is no longer sent so drop monitor_handler()
and replace with srvid_not_implemented(). Mark the SRVID obsolete in
its comment.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14784
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
ae10a8a4 by Martin Schwenke at 2021-09-09T01:46:49+00:00
ctdb-daemon: Simplify ctdb_control_modflags()
Now that there are separate disable/enable controls used by the ctdb
tool this control can ignore any flag updates for the current nodes.
These only come from the recovery master, which depends on being able
to fetch flags for all nodes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14784
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
7f697b19 by Martin Schwenke at 2021-09-09T01:46:49+00:00
ctdb-daemon: Ignore flag changes for disconnected nodes
If this node is not connected to a node then we shouldn't know
anything about it. The state will be pushed later by the recovery
master.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14784
Signed-off-by: Martin Schwenke <martin at meltin.net>
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
9e7d2d97 by Martin Schwenke at 2021-09-09T02:38:34+00:00
ctdb-daemon: Don't mark a node as unhealthy when connecting to it
Remote nodes are already initialised as UNHEALTHY when the node list
is initialised at startup (ctdb_load_nodes_file() calls
convert_node_map_to_list()) and when disconnected (ctdb_node_dead()).
So, drop this code.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14784
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay at samba.org>
Autobuild-Date(master): Thu Sep 9 02:38:34 UTC 2021 on sn-devel-184
- - - - -
2c18a982 by Alex Richardson at 2021-09-09T17:43:19+00:00
Don't use sysconf(_SC_NGROUPS_MAX) on macOS for getgroups()
On MacOS sysconf(_SC_NGROUPS_MAX) always returns 16. However, this is not
the value used by getgroups(2). MacOS uses nested groups but getgroups(2)
will return the flattened list which can easily exceed 16 groups. In my
testing getgroups() already returns 16 groups on a freshly installed
system. And on a 10.14 system the root user is in more than 16 groups by
default which makes it impossible to run smbd without this change.
Setting _DARWIN_UNLIMITED_GETGROUPS allows getgroups() to return more than
16 groups. This also changes set_unix_security_ctx() to only set up to
16 groups since that is the limit for initgroups() according to the manpage.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=8773
Signed-off-by: Alex Richardson <Alexander.Richardson at cl.cam.ac.uk>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Sep 9 17:43:19 UTC 2021 on sn-devel-184
- - - - -
1047acce by David Mulder at 2021-09-09T19:55:29+00:00
gpo: Test Chromium Group Policy
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
efba2c44 by David Mulder at 2021-09-09T20:42:35+00:00
gpo: Add Chromium Group Policy
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Sep 9 20:42:35 UTC 2021 on sn-devel-184
- - - - -
8f3ef4e6 by Stefan Metzmacher at 2021-09-10T15:10:30+00:00
lib/cmdline: fix --configfile handling of POPT_COMMON_CONFIG_ONLY used by ntlm_auth
ntlm_auth only every knew about '--configfile' without the '-s' alias,
keep it that way and make sure we actually process the argument via
the OPT_CONFIGFILE handling.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14828
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
fdfc4750 by Ralph Boehme at 2021-09-10T15:10:30+00:00
selftest: fix ---configfile option
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14828
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
9a3b7f13 by Ralph Boehme at 2021-09-10T15:10:30+00:00
manpages: remove duplicate options from smbclient
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14828
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
29910da8 by Ralph Boehme at 2021-09-10T15:10:30+00:00
lib/cmdline: restore s3 option name --max-protocol for MAXPROTOCOL from 4.14
s4 used --maxprotocol, s3 used --max-protocol. We should continue supporting
--max-protocol.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14828
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
09fd46aa by Ralph Boehme at 2021-09-10T15:10:30+00:00
selftest: remove unsupported smbcacls option --get
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14828
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
d179c4f4 by Stefan Metzmacher at 2021-09-10T15:10:30+00:00
smbclient: don't ignore unknown options
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14828
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Ralph Boehme <slow at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
- - - - -
c87cc093 by Ralph Boehme at 2021-09-10T15:10:30+00:00
texpect: don't ignore unknown options
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14828
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
4053a59d by Ralph Boehme at 2021-09-10T15:10:30+00:00
smbstatus: don't ignore unknown options
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14828
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
68450512 by Ralph Boehme at 2021-09-10T15:10:30+00:00
s4/smbclient: don't ignore unknown options
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14828
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
98c977f4 by Ralph Boehme at 2021-09-10T15:10:30+00:00
nmblookup: don't ignore unknown options
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14828
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
08512e3a by Ralph Boehme at 2021-09-10T15:10:30+00:00
source3/lib/smbconf: don't ignore unknown options
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14828
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
d5f36072 by Ralph Boehme at 2021-09-10T15:10:30+00:00
s3/param: don't ignore unknown options
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14828
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
6afa1b34 by Ralph Boehme at 2021-09-10T15:10:30+00:00
rpcclient: don't ignore unknown options
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14828
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
e3c5516d by Ralph Boehme at 2021-09-10T15:10:30+00:00
pdbtest: don't ignore unknown options
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14828
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
96ab7909 by Ralph Boehme at 2021-09-10T15:10:30+00:00
vfstest: don't ignore unknown options
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14828
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
4056bebf by Ralph Boehme at 2021-09-10T15:10:30+00:00
s3/async-tracker: don't ignore unknown options
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14828
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
72a6cf1a by Ralph Boehme at 2021-09-10T15:10:30+00:00
log2pcaphex: don't ignore unknown options
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14828
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
c84916fe by Ralph Boehme at 2021-09-10T15:10:30+00:00
mvxattr: don't ignore unknown options
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14828
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
ff6a1680 by Ralph Boehme at 2021-09-10T15:10:30+00:00
nmblookup: don't ignore unknown options
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14828
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
5536e798 by Ralph Boehme at 2021-09-10T15:10:30+00:00
ntlm_auth: don't ignore unknown options
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14828
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
bcc4756d by Ralph Boehme at 2021-09-10T15:10:30+00:00
pdbedit: don't ignore unknown options
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14828
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
372adfda by Ralph Boehme at 2021-09-10T15:10:30+00:00
profiles: don't ignore unknown options
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14828
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
246d4f7b by Ralph Boehme at 2021-09-10T15:10:30+00:00
regedit: don't ignore unknown options
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14828
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
5a2b4ba0 by Ralph Boehme at 2021-09-10T15:10:30+00:00
sharesec: don't ignore unknown options
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14828
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
3755304b by Ralph Boehme at 2021-09-10T15:10:30+00:00
smbcacls: don't ignore unknown options
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14828
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
46a0da16 by Ralph Boehme at 2021-09-10T15:10:30+00:00
smbcquotas: don't ignore unknown options
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14828
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
d841457a by Ralph Boehme at 2021-09-10T15:10:30+00:00
smbget: don't ignore unknown options
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14828
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
5562674a by Ralph Boehme at 2021-09-10T15:10:30+00:00
smbtree: don't ignore unknown options
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14828
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
b851d482 by Ralph Boehme at 2021-09-10T15:10:30+00:00
split_tokens: don't ignore unknown options
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14828
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
ac292ec4 by Ralph Boehme at 2021-09-10T15:10:30+00:00
testparm: don't ignore unknown options
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14828
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
08532b3d by Ralph Boehme at 2021-09-10T15:10:30+00:00
s4/cifsdd: don't ignore unknown options
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14828
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
5c75b5bd by Ralph Boehme at 2021-09-10T15:10:30+00:00
s4/regdiff: don't ignore unknown options
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14828
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
604ce3d8 by Ralph Boehme at 2021-09-10T15:10:30+00:00
s4/regpatch: don't ignore unknown options
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14828
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
ac86779f by Ralph Boehme at 2021-09-10T15:10:30+00:00
s4/regshell: don't ignore unknown options
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14828
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
ecb27e02 by Ralph Boehme at 2021-09-10T15:10:30+00:00
s4/regtree: don't ignore unknown options
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14828
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
f6be1c18 by Ralph Boehme at 2021-09-10T15:10:30+00:00
s4/torture/gentest: don't ignore unknown options
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14828
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
0c47f244 by Ralph Boehme at 2021-09-10T15:10:30+00:00
s4/torture/locktest: don't ignore unknown options
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14828
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
b053bea0 by Ralph Boehme at 2021-09-10T16:02:10+00:00
s4/torture/masktest: don't ignore unknown options
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14828
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Fri Sep 10 16:02:10 UTC 2021 on sn-devel-184
- - - - -
ed35fce4 by Ralph Boehme at 2021-09-10T18:16:18+00:00
vfs_btrfs: fix btrfs_fget_compression()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14790
RB: vfs_btrfs compression support broken
Reported-by: noel.kuntze at thermi.consulting
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Sep 10 18:16:18 UTC 2021 on sn-devel-184
- - - - -
926db374 by Ralph Boehme at 2021-09-11T21:48:01+00:00
smbd: fix "ea support = no"
Introduced by de83946311d8c1f007c236751280e9f101cc3a29.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14829
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Sat Sep 11 21:48:01 UTC 2021 on sn-devel-184
- - - - -
5950fc66 by Andrew Bartlett at 2021-09-13T04:53:32+00:00
build: Make Python 3.6 the minimum to build now oss-fuzz is upgraded
The exception to allow building, but not operating, with Python 3.5
was only because oss-fuzz provided only Python 3.5 on Ubuntu 16.04.
Ubuntu 20.04 is now the base image provided, so this exception can
be removed.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Uri Simchoni <uri at samba.org>
- - - - -
6b9b0439 by Andrew Bartlett at 2021-09-13T05:41:30+00:00
heimdal: Remove lex.yy.c file left over from a bug in lexyacc.sh
This file was incorrectly added in 6a27fbbfc4c51ae1635b8a5fa51c470ebc9f01e2,
was never referenced on our build system and should have been
removed with c51c15144e3fbdd3ebed301a077c687e23882e09 at least.
That script had a bug and did not remove this filename if
the particular version of lex generated it, and so it
likely was added to git as a result.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Uri Simchoni <uri at samba.org>
Autobuild-User(master): Uri Simchoni <uri at samba.org>
Autobuild-Date(master): Mon Sep 13 05:41:30 UTC 2021 on sn-devel-184
- - - - -
7217c67a by Uri Simchoni at 2021-09-13T21:39:36+00:00
selftest: add a unit test for tsocket_address_inet_from_strings
Signed-off-by: Uri Simchoni <uri at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
95d8cdf0 by Uri Simchoni at 2021-09-13T22:27:59+00:00
tsocket: set errno on some failures of tsocket_address_inet_from_strings
Fix setting errno on all failure modes of
tsocket_address_inet_from_strings.
Signed-off-by: Uri Simchoni <uri at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon Sep 13 22:27:59 UTC 2021 on sn-devel-184
- - - - -
ff2f38fa by Joseph Sutton at 2021-09-13T23:11:35+00:00
krb5pac.idl: Add ticket checksum PAC buffer type
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Isaac Boukris <iboukris at samba.org>
- - - - -
0092b4a3 by Joseph Sutton at 2021-09-13T23:11:35+00:00
security.idl: Add well-known SIDs for FAST
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Isaac Boukris <iboukris at samba.org>
- - - - -
c6badf81 by Joseph Sutton at 2021-09-13T23:11:35+00:00
tests/krb5: Calculate expected salt if not given explicitly
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Isaac Boukris <iboukris at samba.org>
- - - - -
9924dd97 by Joseph Sutton at 2021-09-13T23:11:35+00:00
tests/krb5: Add methods to obtain the length of checksum types
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Isaac Boukris <iboukris at samba.org>
- - - - -
448b661b by Joseph Sutton at 2021-09-13T23:11:35+00:00
tests/krb5: Use signed integers to represent key version numbers in ASN.1
As specified in 'MS-KILE 3.1.5.8: Key Version Numbers', Windows uses
signed 32-bit integers to represent key version numbers. This makes a
difference for an RODC with a msDS-SecondaryKrbTgtNumber greater than
32767, where the kvno should be encoded in four bytes rather than five.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Isaac Boukris <iboukris at samba.org>
- - - - -
08086c43 by Joseph Sutton at 2021-09-13T23:11:35+00:00
tests/krb5: Add KDCOptions flag for constrained delegation
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Isaac Boukris <iboukris at samba.org>
- - - - -
3fd73b65 by Joseph Sutton at 2021-09-13T23:11:35+00:00
tests/krb5: Use more compact dict lookup
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Isaac Boukris <iboukris at samba.org>
- - - - -
bf55786f by Joseph Sutton at 2021-09-13T23:11:35+00:00
tests/krb5: Replace expected_cname_private with expected_anon parameter
This is used in the case where the KDC returns 'WELLKNOWN/ANONYMOUS' as
the cname, and makes the reply checking logic easier to follow. This
also removes the need to fetch the client credentials in the test
methods.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Isaac Boukris <iboukris at samba.org>
- - - - -
7aae0e9b by Joseph Sutton at 2021-09-13T23:11:35+00:00
tests/krb5: Allow specifying an OU to create accounts in
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Isaac Boukris <iboukris at samba.org>
- - - - -
9aa90085 by Joseph Sutton at 2021-09-13T23:11:35+00:00
tests/krb5: Allow specifying additional User Account Control flags for account
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Isaac Boukris <iboukris at samba.org>
- - - - -
9973b51e by Joseph Sutton at 2021-09-13T23:11:35+00:00
tests/krb5: Keep track of account DN in credentials object
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Isaac Boukris <iboukris at samba.org>
- - - - -
1f23b16e by Joseph Sutton at 2021-09-13T23:11:35+00:00
tests/krb5: Move padata generation methods to base class
This allows them to be used directly from RawKerberosTest.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Isaac Boukris <iboukris at samba.org>
- - - - -
c0db1ba5 by Joseph Sutton at 2021-09-13T23:11:35+00:00
tests/krb5: add options to kdc_exchange_dict to specify including PAC-REQUEST or PAC-OPTIONS
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Isaac Boukris <iboukris at samba.org>
- - - - -
bc21ba25 by Joseph Sutton at 2021-09-13T23:11:35+00:00
tests/krb5: Don't create PAC request manually in as_req_tests
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Isaac Boukris <iboukris at samba.org>
- - - - -
7556a4df by Joseph Sutton at 2021-09-13T23:11:35+00:00
tests/krb5: Don't create PAC request or options manually in fast_tests
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Isaac Boukris <iboukris at samba.org>
- - - - -
57126525 by Joseph Sutton at 2021-09-13T23:11:35+00:00
tests/krb5: Remove magic constants
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Isaac Boukris <iboukris at samba.org>
- - - - -
85ddfc1a by Joseph Sutton at 2021-09-13T23:11:35+00:00
tests/krb5: Allow specifying ticket flags expected to be set or reset
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Isaac Boukris <iboukris at samba.org>
- - - - -
1974b872 by Joseph Sutton at 2021-09-13T23:11:35+00:00
tests/krb5: Make time assertion less strict
This assertion could fail if there was a time difference between the KDC
and the client.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Isaac Boukris <iboukris at samba.org>
- - - - -
0afb548a by Joseph Sutton at 2021-09-13T23:11:35+00:00
tests/krb5: Allow Kerberos requests to be sent to DC or RODC
If run inside the 'rodc' testing environment, 'DC_SERVER' and 'SERVER'
refer to the hostnames of the DC and RODC respectively, and this commit
allows either one of them to be used as the KDC for Kerberos exchanges.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Isaac Boukris <iboukris at samba.org>
- - - - -
9cba5f9a by Joseph Sutton at 2021-09-13T23:11:35+00:00
tests/krb5: Check for presence of 'renew-till' element
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Isaac Boukris <iboukris at samba.org>
- - - - -
d3106a8d by Joseph Sutton at 2021-09-13T23:11:35+00:00
tests/krb5: Check 'caddr' element
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Isaac Boukris <iboukris at samba.org>
- - - - -
c3b74629 by Joseph Sutton at 2021-09-13T23:11:35+00:00
tests/krb5: Check for presence of 'key-expiration' element
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Isaac Boukris <iboukris at samba.org>
- - - - -
01378a52 by Joseph Sutton at 2021-09-14T00:01:44+00:00
tests/krb5: Create testing accounts in appropriate containers
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Isaac Boukris <iboukris at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Tue Sep 14 00:01:44 UTC 2021 on sn-devel-184
- - - - -
ce2bc74d by Andrew Bartlett at 2021-09-14T04:44:44+00:00
bootstrap: Remove last references to Ubuntu 16.04
The Ubuntu 16.04 build went away with
4366c3bb71fe9c083dedeae8798547b64a64d2b4 as oss-fuzz moves
to Ubuntu 20.04.
We don't do a special build for the oss-fuzz, this restores the
behaviour before e10910f8de542b0be9b89942791bd37288b7a32a and
d048d7e17d756099e208fa4d6b931a147b0b1489 where oss-fuzz was only
tested as part of the main build. (In the case of a failure the
pipeline would fail, preventing a merge, just the same as for
any other failing test).
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Uri Simchoni <uri at samba.org>
Autobuild-User(master): Uri Simchoni <uri at samba.org>
Autobuild-Date(master): Tue Sep 14 04:44:44 UTC 2021 on sn-devel-184
- - - - -
0fa4766e by Christof Schmitt at 2021-09-14T23:14:36+00:00
smbd: Update comment explaining streams and file-system sharemodes
The function kernel_flock will be deleted, drop the reference to it.
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
facd6e01 by Christof Schmitt at 2021-09-14T23:14:36+00:00
vfs_gpfs: Update comment in vfs_gpfs_kernel_flock
The function kernel_flock will be deleted, drop the reference to it.
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
5488a242 by Christof Schmitt at 2021-09-14T23:14:36+00:00
vfs_gpfs: Remove call to kernel_flock
The function kernel_flock will be deleted.
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e1398c34 by Christof Schmitt at 2021-09-14T23:14:36+00:00
vfs_default: Return ENOTSUP for sharemodes flock call
Remove the call to kernel_flock, as this function will be deleted.
Have the function return ENOTSUP to indicate that this is not supported
by default (without a file-system specific VFS module).
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
b2b7f9e6 by Christof Schmitt at 2021-09-14T23:14:36+00:00
system: Remove kernel_flock
LOCK_MAND will be deprecated in the Linux kernel, so stop using this
feature and remove the kernel_flock function.
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c2d6284a by Christof Schmitt at 2021-09-14T23:14:36+00:00
wscript: Remove config check for LOCK_MAND
The define set from this check is no longer needed.
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
54fe4083 by Christof Schmitt at 2021-09-14T23:14:36+00:00
loadparm: Set default of "kernel share modes" to "no"
selftest: Remove knownfail for smb2.lock.replay_smb3_specification_durable
With the changed default for "kernel share modes", this test can now
acquire durable handles and succeed.
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
079e706e by Christof Schmitt at 2021-09-14T23:14:36+00:00
docs-xml: Update manpage for "kernel share modes" option
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d40f5732 by Christof Schmitt at 2021-09-15T00:04:47+00:00
WHATSNEW: Document changes for "kernel share modes"
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Sep 15 00:04:47 UTC 2021 on sn-devel-184
- - - - -
4ba5e82a by Joseph Sutton at 2021-09-15T07:59:31+00:00
tests/krb5: Allow specifying status code to be checked
This allows us to check the status code that may be sent in an error
reply to a TGS-REQ message.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
a5186f92 by Joseph Sutton at 2021-09-15T07:59:31+00:00
tests/krb5: Get expected cname from TGT for TGS-REQ messages
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
0e99382d by Joseph Sutton at 2021-09-15T07:59:31+00:00
tests/krb5: Get encpart decryption key from kdc_exchange_dict
Instead of using check_padata_fn to get the encpart decryption key, we
can get the key from the AS-REQ preauth phase or from the TGT, depending
on whether the message is an AS-REQ or a TGS-REQ. This allows removal of
check_padata_fn and some duplicated code.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
c9fd8ffd by Joseph Sutton at 2021-09-15T07:59:31+00:00
tests/krb5: Add get_cached_creds() method to create persistent accounts for testing
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
943079fd by Joseph Sutton at 2021-09-15T07:59:31+00:00
tests/krb5: Generate padata for FAST tests
This gives us access to parameters of kdc_exchange_dict and enables us
to simplify the logic.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
a99a7672 by Joseph Sutton at 2021-09-15T07:59:31+00:00
pytest:segfault: Add test for ldb.msg_diff()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14836
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
c2bbe774 by Joseph Sutton at 2021-09-15T07:59:31+00:00
ldb_msg: Don't fail in ldb_msg_copy() if source DN is NULL
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14836
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
19a2af02 by Joseph Sutton at 2021-09-15T07:59:31+00:00
pyldb: Avoid use-after-free in msg_diff()
Make a deep copy of the message elements in msg_diff() so that if either
of the input messages are deallocated early, the result does not refer
to non-existing elements.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14836
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
7bc52cec by Joseph Sutton at 2021-09-15T07:59:31+00:00
tests/krb5: Sign-extend kvno from 32-bit integer
This helps to avoid problems with RODC kvnos that have the high bit set.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
a5bf7aad by Joseph Sutton at 2021-09-15T07:59:31+00:00
tests/krb5: Add method to get RODC krbtgt credentials
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
af633992 by Joseph Sutton at 2021-09-15T07:59:31+00:00
tests/krb5: Add get_secrets() method to get the secret attributes of a DN
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
3cc9e77f by Joseph Sutton at 2021-09-15T07:59:31+00:00
tests/krb5: Allow replicating accounts to the RODC
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
ef5666bc by Joseph Sutton at 2021-09-15T07:59:31+00:00
tests/krb5: Create RODC account for testing
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
35292bd3 by Joseph Sutton at 2021-09-15T07:59:31+00:00
tests/krb5: Allow replicating accounts to the created RODC
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
d12cb477 by Andrew Bartlett at 2021-09-15T08:49:11+00:00
selftest: Update user_account_control tests to pass against Windows 2019
This gets us closer to passing against Windows 2019, without
making major changes to what was tested. More tests are needed,
but it is important to get what was being tested tested again.
Account types (eg UF_NORMAL_ACCOUNT, UF_WORKSTATION_TRUST_ACCOUNT)
are now required on all objects, this can't be omitted any more.
Also for UF_NORMAL_ACCOUNT for these accounts without a password
set |UF_PASSWD_NOTREQD must be included.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed Sep 15 08:49:11 UTC 2021 on sn-devel-184
- - - - -
8d5534d2 by Amitay Isaacs at 2021-09-16T19:42:19+00:00
lib/tsocket: Fix build on Freebsd
This fixes the following build error on freebsd.
[1567/3959] Compiling lib/tsocket/tsocket_bsd.c
../../lib/tsocket/tsocket_bsd.c:415:8: error: use of undeclared identifier 'EAI_ADDRFAMILY'
case EAI_ADDRFAMILY:
^
On FreeBSD EAI_ADDRFAMILY is obsoleted. Here's the relevant excerpt
from netdb.h on FreeBSD 13.
-----------------------------------------------------------------
/*
* Error return codes from gai_strerror(3), see RFC 3493.
*/
#if 0
/* Obsoleted on RFC 2553bis-02 */
#define EAI_ADDRFAMILY 1 /* address family for hostname not supported */
#endif
-----------------------------------------------------------------
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Uri Simchoni <uri at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Sep 16 19:42:19 UTC 2021 on sn-devel-184
- - - - -
48521736 by Volker Lendecke at 2021-09-18T00:02:27+00:00
smbtorture: Fix epmapper.Map_full test
For detailed knownfail on subtests we need torture_assert() calls
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
cf4a868b by Volker Lendecke at 2021-09-18T00:53:28+00:00
debug: Remove "override_logfile"
The only writer to this variable left with c377845d27d4dcd7. The
closest match for override_logfile is is_default_dyn_LOGFILEBASE()
with the opposite logic.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Sat Sep 18 00:53:28 UTC 2021 on sn-devel-184
- - - - -
8a93ef62 by Samuel Cabrero at 2021-09-20T14:31:33+00:00
s3: rpc_server: Avoid creating new handles when received an empty policy_handle
After merging s3 and s4 RPC handles implementations in commit
70fa7e817e48c9faa3c6c7ae3749e4a8ebf3e6c2 a new empty handle is allocated
when find_policy_by_hnd() or close_policy_hnd() is called with an empty
policy_handle (see dcesrv_handle_lookup() implementation).
This new behavior was causing a crash when running samba3.rpc.mdssvc test
with log level >= 10, because a debug message in _mdssvc_close() was
dereferencing the handle's associated data when called from
test_mdssvc_close() with an empty policy_handle.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Mon Sep 20 14:31:33 UTC 2021 on sn-devel-184
- - - - -
86cf8f46 by Volker Lendecke at 2021-09-21T00:13:32+00:00
lib: Simplify sid_linearize()
We have ndr_push_dom_sid() for this
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
07113263 by Volker Lendecke at 2021-09-21T00:13:32+00:00
samba-bgqd: Enable smbcontrol pool-usage
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ad462c27 by Volker Lendecke at 2021-09-21T00:13:32+00:00
rpc_server4: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
917f7902 by Volker Lendecke at 2021-09-21T00:13:32+00:00
winbind: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
df4c03d5 by Volker Lendecke at 2021-09-21T00:13:32+00:00
lib: Add required #includes
dom_sid.h itself references talloc, and security.h references
DATA_BLOB.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
aea82925 by Volker Lendecke at 2021-09-21T00:13:32+00:00
lib: Give util_specialsids.c its own prototype header
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e11881ea by Volker Lendecke at 2021-09-21T00:13:32+00:00
lib: Avoid an "includes.h"
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
6f973a4f by Volker Lendecke at 2021-09-21T00:13:32+00:00
samba-bgqd: Convert closeall_*() to closefrom_*()
Align it with closefrom() in preparation for use elsewhere
Signed-off-by: Volker Lendecke <vl at samba.org>
- - - - -
b09efc8b by Volker Lendecke at 2021-09-21T01:12:12+00:00
lib: Move closefrom_except*() to a separate file
Enable use in other daemons
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Sep 21 01:12:12 UTC 2021 on sn-devel-184
- - - - -
99bf0c1b by Samuel Cabrero at 2021-09-21T10:15:34+00:00
pidl:NDR/ServerCompat.pm: Do not register disabled services
In samba3 it is possible to disable RPC services, for exapmle:
rpc_server:netlogon = disabled
If a service is disabled do not register the interface neither create its
endpoint.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
9c852184 by Samuel Cabrero at 2021-09-21T10:15:34+00:00
librpc:core: Add a function to register an interface passing the binding handle
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
af06d73a by Samuel Cabrero at 2021-09-21T11:00:01+00:00
s3:rpc_server: Do not use the default ncalrpc endpoint for external services
In samba3 it is possible to run some services externally, for example:
rpc_daemon:lsasd = fork
rpc_server:netlogon = disabled
rpc_server:samr = external
rpc_server:lsarpc = external
The external services running in separate processes have to use its own
dedicated ncalrpc endpoint, otherwise will race with main smbd serving the
embedded services to accept connections on ncalrpc default socket. If the
connection ends in an external process and the client tries to bind to an
interface not registered there (like winreg for example) the bind will fail.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Tue Sep 21 11:00:01 UTC 2021 on sn-devel-184
- - - - -
f3b5733d by Christof Schmitt at 2021-09-21T18:47:38+00:00
profile: Remove syscall_kernel_flock profiling
This no longer calls flock, so it should not be part of the system call
profiling.
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c794e773 by Christof Schmitt at 2021-09-21T18:47:38+00:00
VFS: Rename kernel_flock to filesystem_sharemode
With the removal of the call to flock LOCK_MAND, the only remaining use
of this VFS path is to register sharemodes with specific file systems.
Rename the VFS call to reflect that this is no longer related to flock.
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
0a26b238 by Christof Schmitt at 2021-09-21T18:47:38+00:00
VFS: Increase VFS version for renamed function
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a2578d9b by Christof Schmitt at 2021-09-21T18:47:38+00:00
examples/VFS/skel_transparent: Rename kernel_flock to filesystem_sharemode
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
0ae59ffc by Christof Schmitt at 2021-09-21T18:47:38+00:00
examples/VFS/skel_opaque: Rename kernel_flock to filesystem_sharemode
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
264440c9 by Christof Schmitt at 2021-09-21T18:47:38+00:00
s3: Remove definition of removed kernel_flock function
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ad87998a by Christof Schmitt at 2021-09-21T18:47:38+00:00
vfs_full_audit: Rename kernel_flock to filesystem_sharemode
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
73f04003 by Christof Schmitt at 2021-09-21T18:47:38+00:00
docs-xml: Update vfs_full_audit manpage for renamed function
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
0ac9dfd2 by Christof Schmitt at 2021-09-21T18:47:38+00:00
vfs_ceph: Rename kernel_flock to filesystem_sharemode
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
0bd1df93 by Christof Schmitt at 2021-09-21T18:47:38+00:00
vfs_glusterfs: Rename kernel_flock to filesystem_sharemode
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f3bd312a by Christof Schmitt at 2021-09-21T18:47:38+00:00
vfs_time_audit: Rename kernel_flock to filesystem_sharemode
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
272fce3c by Christof Schmitt at 2021-09-21T18:47:38+00:00
vfs_time_audit: Fix message for fcntl VFS call
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
b63ee5c7 by Christof Schmitt at 2021-09-21T18:47:38+00:00
vfs_gpfs: Rename kernel_flock to filesystem_sharemode
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
4209e42a by Christof Schmitt at 2021-09-21T18:47:38+00:00
vfs_streams_xattr: Rename kernel_flock to filesystem_sharemode
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
3224eb8f by Christof Schmitt at 2021-09-21T18:47:38+00:00
vfs_default: Rename kernel_flock to filesystem_sharemode
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
041dfdfc by Christof Schmitt at 2021-09-21T18:47:38+00:00
vfs_catia: Rename kernel_flock to filesystem_sharemode
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
113f6964 by Christof Schmitt at 2021-09-21T18:47:38+00:00
VFS: Update tracking documents for renamed function
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d8972d92 by Christof Schmitt at 2021-09-21T18:47:38+00:00
smbd: Update comment for durable handles
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
fa3f952f by Christof Schmitt at 2021-09-21T18:47:38+00:00
smbd: Rename return variable for requesting filesystem sharemode
flock is no longer used, rename the variable accordingly.
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
0a2b5011 by Christof Schmitt at 2021-09-21T18:47:38+00:00
smbd: Remove return variable for releasing filesystem sharemode
flock is no longer used, the existing "ret" variable can be used
instead.
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e50083ce by Christof Schmitt at 2021-09-21T19:39:10+00:00
smbd: Update debug messages for failed sharemode release
Use new macros, consistent log level and remove reference to flock.
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Christof Schmitt <cs at samba.org>
Autobuild-Date(master): Tue Sep 21 19:39:10 UTC 2021 on sn-devel-184
- - - - -
9a24d8e4 by Michael Adam at 2021-09-21T20:28:49+00:00
lib:cmdline: fix a comment
The default log target was changed in 726ccf1d56b2979c827dd8586d1aeb6cb8de236c
(as a side effect), but the comment was only partially updated.
This patch fixes the comment by completing the orignal change to
correctly reflect current behavior.
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Sep 21 20:28:49 UTC 2021 on sn-devel-184
- - - - -
cde38d36 by Joseph Sutton at 2021-09-21T23:05:41+00:00
python: Don't leak file handles
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Noel Power <npower at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
21a77173 by Joseph Sutton at 2021-09-21T23:05:41+00:00
python/join: Check for correct msDS-KrbTgtLink attribute
Previously, the wrong case was used when checking for this attribute,
which meant krbtgt accounts were not being cleaned up.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Noel Power <npower at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b81f6f3d by Andrew Bartlett at 2021-09-21T23:05:41+00:00
autobuild: allow AUTOBUILD_FAIL_IMMEDIATELY=0 (say from a gitlab variable)
This allows making a push to do a full test ignoring errors without
needing "HACK!!!" commits on top.
Use like this:
git push -o ci.variable='AUTOBUILD_FAIL_IMMEDIATELY=0'
RN: Samba CI runs can now continue past the first error if AUTOBUILD_FAIL_IMMEDIATELY=0 is set
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14841
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
a281ae09 by Joseph Sutton at 2021-09-21T23:05:41+00:00
tests/krb5: Add helper method for modifying PACs
This method can remove or replace a PAC in an authorization-data
container, while additionally returning the original PAC.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Isaac Boukris <iboukris at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0061fa2c by Joseph Sutton at 2021-09-21T23:05:41+00:00
tests/krb5: Check correct flags element
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Isaac Boukris <iboukris at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2a4d53dc by Joseph Sutton at 2021-09-21T23:05:41+00:00
tests/krb5: Refactor tgs_req() to use _generic_kdc_exchange
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Isaac Boukris <iboukris at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1f0654b8 by Joseph Sutton at 2021-09-21T23:05:41+00:00
tests/krb5: Allow tgs_req() to send additional padata
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Isaac Boukris <iboukris at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1a3426da by Joseph Sutton at 2021-09-21T23:05:41+00:00
tests/krb5: Allow tgs_req() to specify different kdc-options
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Isaac Boukris <iboukris at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6403a09d by Joseph Sutton at 2021-09-21T23:05:41+00:00
tests/krb5: Allow tgs_req() to send requests to the RODC
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Isaac Boukris <iboukris at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a5e62d68 by Joseph Sutton at 2021-09-21T23:05:41+00:00
tests/krb5: Allow as_req() to specify different kdc-options
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Isaac Boukris <iboukris at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3504e99d by Joseph Sutton at 2021-09-21T23:05:41+00:00
tests/krb5: Use PAC buffer type constants from krb5pac.idl
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Isaac Boukris <iboukris at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c2260296 by Joseph Sutton at 2021-09-21T23:05:41+00:00
tests/krb5: Don't manually create PAC request and options in fast_tests
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Isaac Boukris <iboukris at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7645dfa5 by Joseph Sutton at 2021-09-21T23:05:41+00:00
tests/krb5: Set DN of created accounts to ldb.Dn type
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Isaac Boukris <iboukris at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5d3a135c by Joseph Sutton at 2021-09-21T23:05:41+00:00
tests/krb5: Allow get_service_ticket() to get tickets from the RODC
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Isaac Boukris <iboukris at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2d69805b by Joseph Sutton at 2021-09-21T23:05:41+00:00
tests/krb5: Allow get_tgt() to get tickets from the RODC
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Isaac Boukris <iboukris at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4ecfa82e by Joseph Sutton at 2021-09-21T23:05:41+00:00
tests/krb5: Allow get_tgt() to specify different kdc-options
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Isaac Boukris <iboukris at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
035a8f19 by Joseph Sutton at 2021-09-21T23:05:41+00:00
tests/krb5: Allow get_tgt() to specify expected and unexpected flags
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Isaac Boukris <iboukris at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
59c1043b by Joseph Sutton at 2021-09-21T23:05:41+00:00
tests/krb5: Move get_tgt() and get_service_ticket() to kdc_base_test
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Isaac Boukris <iboukris at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6193f743 by Joseph Sutton at 2021-09-21T23:05:41+00:00
tests/krb5: Return encpart from get_tgt() as part of KerberosTicketCreds
The encpart is already contained in ticket_creds, so it no longer needs
to be returned as a separate value.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Isaac Boukris <iboukris at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
419e4061 by Joseph Sutton at 2021-09-21T23:05:41+00:00
tests/krb5: Cache obtained tickets
Now tickets obtained with get_tgt() and get_service_ticket() make use of
a cache so they can be reused, unless the 'fresh' parameter is specified
as true.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Isaac Boukris <iboukris at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a562882b by Joseph Sutton at 2021-09-21T23:05:42+00:00
tests/krb5: Add methods for creating zeroed checksums and verifying checksums
Creating a zeroed checksum is needed for signing a PAC.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Isaac Boukris <iboukris at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ec95b304 by Joseph Sutton at 2021-09-21T23:55:39+00:00
tests/krb5: Add RodcPacEncryptionKey type allowing for RODC PAC signatures
Signatures created by an RODC have an RODCIdentifier appended to them
identifying the RODC's krbtgt account.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Isaac Boukris <iboukris at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Tue Sep 21 23:55:39 UTC 2021 on sn-devel-184
- - - - -
702ebb3d by Ralph Boehme at 2021-09-22T16:57:25+00:00
registry: skip root check when running with uid-wrapper enabled
Currently registry config is not used in the clustered testenv, so currently
there's no problem. But once we do add that, the check would be triggered.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14787
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Wed Sep 22 16:57:25 UTC 2021 on sn-devel-184
- - - - -
12b5e72a by Joseph Sutton at 2021-09-23T18:32:29+00:00
tests/krb5: Add method to verify ticket PAC checksums
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1fcde7cb by Joseph Sutton at 2021-09-23T18:32:29+00:00
tests/krb5: Add method for modifying a ticket and creating PAC checksums
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4c67a53c by Joseph Sutton at 2021-09-23T18:32:29+00:00
tests/krb5: Simplify adding authdata to ticket by using modified_ticket()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7cedd383 by Joseph Sutton at 2021-09-23T18:32:29+00:00
tests/krb5: Make get_default_enctypes() return a set of enctype constants
This is often more convenient than a bitfield.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
432eba9e by Joseph Sutton at 2021-09-23T18:32:29+00:00
tests/krb5: Add methods to convert between enctypes and bitfields
These methods are useful for converting a collection of encryption types
into msDS-SupportedEncryptionTypes bit flags, and vice versa.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b6eaf2cf by Joseph Sutton at 2021-09-23T18:32:29+00:00
tests/krb5: Get supported enctypes for credentials from database
Look up the account's msDS-SupportedEncryptionTypes attribute to get the
encryption types that it supports. Move the fallback to RC4 to when the
ticket decryption key is obtained.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
14cd933a by Joseph Sutton at 2021-09-23T18:32:29+00:00
tests/krb5: Correctly check PA-SUPPORTED-ENCTYPES
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
054ec1a8 by Joseph Sutton at 2021-09-23T18:32:29+00:00
tests/krb5: Set key version number for all accounts created with create_account()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
38b4b334 by Joseph Sutton at 2021-09-23T18:32:29+00:00
tests/krb5: Allow tgs_req() to check the returned ticket enc-part
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9d010430 by Joseph Sutton at 2021-09-23T18:32:29+00:00
tests/krb5: Add method to get DC credentials
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f9284d85 by Joseph Sutton at 2021-09-23T18:32:29+00:00
tests/krb5: Fix checking for presence of authorization data
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f2f1f3a1 by Joseph Sutton at 2021-09-23T18:32:29+00:00
tests/krb5: Provide ticket enc-part key to tgs_req()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
394e8db2 by Joseph Sutton at 2021-09-23T18:32:29+00:00
tests/krb5: Simplify account creation
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1458cd90 by Joseph Sutton at 2021-09-23T18:32:29+00:00
tests/krb5: Add get_rodc_krbtgt_creds() to RawKerberosTest
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ea7b550a by Joseph Sutton at 2021-09-23T18:32:29+00:00
tests/krb5: Verify checksums of tickets obtained from the KDC
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c0b81f0d by Joseph Sutton at 2021-09-23T18:32:29+00:00
tests/krb5: Add method to determine if principal is krbtgt
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5b331443 by Joseph Sutton at 2021-09-23T19:28:44+00:00
tests/krb5: Add classes for testing invalid checksums
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu Sep 23 19:28:44 UTC 2021 on sn-devel-184
- - - - -
ef990008 by Volker Lendecke at 2021-09-24T23:55:32+00:00
libcli: Remove unused security_token_is_sid_string()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
acaa89aa by Volker Lendecke at 2021-09-24T23:55:32+00:00
rpc_server: Move a type check in dcesrv_handle_lookup()
This check is independent of whether we found a handle or not, we can
do it before walking the handle list.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1e30fad7 by Volker Lendecke at 2021-09-24T23:55:32+00:00
rpc_server: Simplify dcesrv_handle_lookup()
Reduce indentation with a "break;" from the loop, best reviewed with
git show -b
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
81e27693 by Volker Lendecke at 2021-09-25T00:46:23+00:00
mdssvc: Use ndr_policy_handle_empty()
is_zero_policy_handle() was a duplicate.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Sat Sep 25 00:46:23 UTC 2021 on sn-devel-184
- - - - -
6a041f6a by Joseph Sutton at 2021-09-28T09:44:35+00:00
pytest:segfault: Add test for deleting an ldb.Message dn
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14845
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d7af772d by Joseph Sutton at 2021-09-28T09:44:35+00:00
pyldb: Fix deleting an ldb.Message dn
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14845
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b1adaa51 by Joseph Sutton at 2021-09-28T09:44:35+00:00
pytest:segfault: Add test for deleting an ldb.Control critical flag
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14845
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9d25a21d by Joseph Sutton at 2021-09-28T09:44:35+00:00
pyldb: Fix deleting an ldb.Control critical flag
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14845
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
fb758c32 by Joseph Sutton at 2021-09-28T09:44:35+00:00
s4/torture/drs/python: Fix attribute existence check
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14845
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b018e51d by Joseph Sutton at 2021-09-28T09:44:35+00:00
pyldb: Add test for an invalid ldb.Message index type
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14845
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
22353767 by Joseph Sutton at 2021-09-28T09:44:35+00:00
pyldb: Raise TypeError for an invalid ldb.Message index
Previously, a TypeError was raised and subsequently overridden by a
KeyError.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14845
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
865fe238 by Joseph Sutton at 2021-09-28T09:44:35+00:00
pyldb: Add tests for ldb.Message containment testing
These tests verify that the 'in' operator on ldb.Message is consistent
with indexing and the get() method. This means that the 'dn' element
should always be present, lookups should be case-insensitive, and use of
an invalid type should result in a TypeError.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14845
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
860d8902 by Joseph Sutton at 2021-09-28T09:44:35+00:00
pyldb: Make ldb.Message containment testing consistent with indexing
Previously, containment testing using the 'in' operator was handled by
performing an equality comparison between the chosen object and each of
the message's keys in turn. This behaviour was prone to errors due to
not considering differences in case between otherwise equal elements, as
the indexing operations do.
Containment testing should now be more consistent with the indexing
operations and with the get() method of ldb.Message.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14845
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
77593982 by Matthew Grant at 2021-09-28T09:44:35+00:00
libcli/dns: dns forwarder port doc changes
Documentation changes specifying how list entries for dns forwarder
are to be specified with ability to add trailing target port number.
Signed-off-by: Matthew Grant <grantma at mattgrant.net.nz>
Reviewed-by: Uri Simchoni <uri at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f39a06de by Matthew Grant at 2021-09-28T09:44:35+00:00
lib/tsocket: new function to parse host port strs.
tsocket_address_inet_from_hostport_strings() on top of
tsocket_address_inet_from_strings(), implementing the ability to parse a
port number appended to an IPv6 or IPv4 address. IPv6 addresses can also
optionally have square brackets around them, but these are needed to
specify the port number as colon is used to delimit port from the IP
address in the string.
Note that this code just recognises and parses the strings with port
given, or just IPv6 with square brackets. The rest of the parsing is
passed on to tsocket_address_inet_from strings(), and errors from there
passed back up the stack.
Signed-off-by: Matthew Grant <grantma at mattgrant.net.nz>
Reviewed-by: Uri Simchoni <uri at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
617a5a1d by Matthew Grant at 2021-09-28T09:44:35+00:00
libcli/dns: smb.conf dns forwarder port support
Call new tsocket_address_inet_from_hostport_strings() instead of
tsocket_address_inet_from_strings() to implement setting a port to query
for a DNS forwarder.
Signed-off-by: Matthew Grant <grantma at mattgrant.net.nz>
Reviewed-by: Uri Simchoni <uri at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2a098030 by Matthew Grant at 2021-09-28T09:44:35+00:00
libcli/dns.c: dns forwarder port test changes
Test harness for the dns fowarder setting in smb.conf. Adds IPv6
forwarder as second target DNS forwarder, listening on port 54.
Signed-off-by: Matthew Grant <grantma at mattgrant.net.nz>
Reviewed-by: Uri Simchoni <uri at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c26fcef5 by Uri Simchoni at 2021-09-28T09:44:35+00:00
WHATSNEW: document dns forwarder change
Signed-off-by: Uri Simchoni <uri at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
26214872 by Uri Simchoni at 2021-09-28T09:44:35+00:00
selftest: add more tests for test_address_inet_from_strings
Test the case of NULL address as input
Signed-off-by: Uri Simchoni <uri at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3f466090 by Uri Simchoni at 2021-09-28T10:34:12+00:00
selftest: test tsocket_address_inet_from_hostport_strings
Signed-off-by: Uri Simchoni <uri at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Tue Sep 28 10:34:12 UTC 2021 on sn-devel-184
- - - - -
b0b9663c by Andrew Bartlett at 2021-10-01T18:58:34+00:00
.gitlab-ci: Ignore errors from missing source files in code coverage
This could happen when code coverage is collected from multiple distributions.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1305ec3a by Andrew Bartlett at 2021-10-01T19:43:16+00:00
.gitlab-ci: Allow a 1 hour to build Samba
I have seen cases where the job is pushed to the private runners
(which do not have the ccache) where this takes over 45mins, and
a typical job can be 35 mins so this is too tight.
Triggering the timeout causes a rebuild from scratch, which is
done twice automatically, and is financially costly (we pay
per VM start) and a waste of CPU/energy/etc.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14844
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Oct 1 19:43:16 UTC 2021 on sn-devel-184
- - - - -
b6d60e8f by Andrew Bartlett at 2021-10-01T20:50:36+00:00
samldb: Address birthday paradox adding an RODC
It is possible that the randomly chosen RODC number will be one
that is already in use. The samldb_krbtgtnumber_available()
function was meant to prevent that, but due to a typo did not.
There is no other race here as the whole thing is inside a transaction,
and we have duplicate protection on samAccountName, so the failure
looked like this:
...
Adding CN=krbtgt_TESTRODCDRS5320202,CN=Users,DC=samba,DC=example,DC=com
UNEXPECTED(error): samba4.drs.repl_rodc.python(ad_dc_ntvfs).repl_rodc.DrsRodcTestCase.test_msDSRevealedUsers_admin(ad_dc_ntvfs)
REASON: Exception: Exception: Traceback (most recent call last):
File "/m/abartlet/aMASTER/b1635147/samba-def-build/source4/torture/drs/python/repl_rodc.py", line 111, in setUp
self._create_rodc(self.rodc_ctx)
File "/m/abartlet/aMASTER/b1635147/samba-def-build/source4/torture/drs/python/repl_rodc.py", line 693, in _create_rodc
ctx.join_add_objects()
File "bin/python/samba/join.py", line 641, in join_add_objects
ctx.add_krbtgt_account()
File "bin/python/samba/join.py", line 429, in add_krbtgt_account
ctx.samdb.add(rec, ["rodc_join:1:1"])
_ldb.LdbError: (68, "LDAP error 68 LDAP_ENTRY_ALREADY_EXISTS - <00002071: samldb: samAccountName krbtgt_4405 already in use!> <>")
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14854
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Oct 1 20:50:37 UTC 2021 on sn-devel-184
- - - - -
2d87e0f6 by Jeremy Allison at 2021-10-02T01:38:43+00:00
s4: process_prefork: Make prefork_restart() use an asynchronous timer event instead of calling sleep(X).
This should prevent any long pauses in the calling process, as we get a callback
for the restart after X seconds. To make the code flow more understandable,
always go through a timer event even if the wait time is zero. This
has the same effect as an immediate event as it will call the callback
function as soon as we go back into the event loop.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Sat Oct 2 01:38:43 UTC 2021 on sn-devel-184
- - - - -
cc3081ce by Andreas Schneider at 2021-10-04T10:43:37+00:00
s3:utils: Fix format error
regedit_hexedit.c:166:39: error: format ‘%X’ expects argument of type ‘unsigned
int’, but argument 3 has type ‘size_t’ {aka ‘long unsigned int’}
166 | wprintw(buf->win, "%08X ", off);
| ~~~^ ~~~
| | |
| | size_t {aka long unsigned int}
| unsigned int
| %08lX
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Uri Simchoni <uri at samba.org>
- - - - -
fc69206f by Andreas Schneider at 2021-10-04T11:36:06+00:00
lib:fuzzing: Fix quoting of --fuzz-target-ldflags
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Uri Simchoni <uri at samba.org>
Autobuild-User(master): Uri Simchoni <uri at samba.org>
Autobuild-Date(master): Mon Oct 4 11:36:06 UTC 2021 on sn-devel-184
- - - - -
298515ca by Andrew Bartlett at 2021-10-04T21:07:31+00:00
selftest: Move self.assertRaisesLdbError() to samba.tests.TestCase
This is easier to reason with regarding which cases should work
and which cases should fail, avoiding issues where more success
than expected would be OK because a self.fail() was missed in a
try: block.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
b45190bd by Andrew Bartlett at 2021-10-04T21:55:43+00:00
selftest: Use self.assertRaisesLdbError() in user_account_control.py test
This changes most of the simple pattern with self.samdb.modify()
to use the wrapper. Some other calls still need to be converted, while
the complex decision tree tests should remain as-is for now.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon Oct 4 21:55:43 UTC 2021 on sn-devel-184
- - - - -
76899e23 by Andrew Bartlett at 2021-10-05T19:05:31+00:00
Release ldb 2.4.1
* Corrected python behaviour for 'in' for LDAP attributes
contained as part of ldb.Message (bug 14845)
* Fix memory handling in ldb.msg_diff (bug 14836)
* Corrected python docstrings
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14845
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14836
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14848
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a19016e0 by Andrew Bartlett at 2021-10-05T19:57:51+00:00
Release ldb 2.50 for the future samba 4.16 series
This avoids master having an older or identical LDB version
to Samba 4.15.x while it gains additional changes that may
not all be backported.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Oct 5 19:57:51 UTC 2021 on sn-devel-184
- - - - -
e2256c99 by Volker Lendecke at 2021-10-08T19:28:31+00:00
smbd: Make SID_SAMBA_SMB3 a static SID
No need to parse it
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a767eb55 by Volker Lendecke at 2021-10-08T19:28:31+00:00
rpc_server3: Avoid a literal number available as a constant
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
9b260ff8 by Volker Lendecke at 2021-10-08T19:28:31+00:00
lsa_server3: Align integer types
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
5529aa8c by Volker Lendecke at 2021-10-08T19:28:31+00:00
smbd: Avoid ZERO_STRUCT() with a struct init
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
187529c9 by Volker Lendecke at 2021-10-08T19:28:31+00:00
samba: Save a line with TALLOC_FREE
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
82281ca3 by Volker Lendecke at 2021-10-08T19:28:31+00:00
libcli: Remove unused security_token_has_sid_string()
This should have been removed in ef990008f22, I just was not aware
it's there...
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
70b12600 by Volker Lendecke at 2021-10-08T19:28:31+00:00
libcli: Introduce a helper variable in security_session_user_level()
Makes it easier to read for me
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f24b2163 by Volker Lendecke at 2021-10-08T19:28:31+00:00
libcli: Simplify security_session_user_level()
Use sid_compose(), use struct dom_sid on the stack.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
b266d39d by Volker Lendecke at 2021-10-08T19:28:31+00:00
lib: Avoid a cast in a DBG statement
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
761ede41 by Volker Lendecke at 2021-10-08T19:28:31+00:00
lib: Simplify set_privileges with a struct initialization
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c38e2d5f by Volker Lendecke at 2021-10-08T19:28:31+00:00
lib: Fix a typo in a DEBUG fn prefix by using DBG_
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
668d3459 by Volker Lendecke at 2021-10-08T19:28:31+00:00
idmap_script: Save a few lines with str_list_add_printf()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
423e5726 by Volker Lendecke at 2021-10-08T19:28:31+00:00
libcli: Avoid an includes.h
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
34c08da0 by Volker Lendecke at 2021-10-08T19:28:31+00:00
libcli: Align integer types
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
10ac08fc by Volker Lendecke at 2021-10-08T19:28:31+00:00
rpc_server3: Remove unused fields from struct dcerpc_ncacn_conn
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
55ec7e6d by Volker Lendecke at 2021-10-08T19:28:31+00:00
winbind: Align an integer type
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
20536080 by Volker Lendecke at 2021-10-08T19:28:31+00:00
lib: Add talloc_asprintf_addbuf()
Simplifies building up a string step by step, see next commit
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
18cbeab9 by Volker Lendecke at 2021-10-08T19:28:31+00:00
librpc: Use talloc_asprintf_addbuf() in dcerpc_binding_string()
Saves quite a few lines
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
0853a7a2 by Volker Lendecke at 2021-10-08T19:28:31+00:00
lib: Use talloc_asprintf_addbuf() in utok_string()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
4869497b by Volker Lendecke at 2021-10-08T19:28:31+00:00
winbind: Simplify winbindd_getsidaliases_recv()
Use talloc_asprintf_addbuf(), fix an realloc error path memleak
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
fc4ee9c4 by Volker Lendecke at 2021-10-08T19:28:31+00:00
winbind: Simplify winbindd_getusersids_recv()
Use talloc_asprintf_addbuf(), fix an realloc error path memleak
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
61b06695 by Volker Lendecke at 2021-10-08T19:28:32+00:00
winbind: Simplify winbindd_sids_to_xids_recv()
Use talloc_asprintf_addbuf(), fix an realloc error path memleak
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
3a8374b8 by Volker Lendecke at 2021-10-08T19:28:32+00:00
dsdb: Simplify schema_attribute_description() & friends
Use talloc_asprintf_addbuf()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e5b446fe by Volker Lendecke at 2021-10-08T19:28:32+00:00
libcli: Simplify get_sec_mask_str()
Use talloc_asprintf_addbuf()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
2e3cea27 by Volker Lendecke at 2021-10-08T19:28:32+00:00
rpc_server3: Remove "pipes_struct->call_id"
Unused.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ed9e2850 by Volker Lendecke at 2021-10-08T19:28:32+00:00
rpc_server3: Remove "pipes_struct->opnum"
Also available via dce_call->pkt.u.request.opnum
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
81a7b2e0 by Volker Lendecke at 2021-10-08T19:28:32+00:00
rpc_server3: Remove an outdated comment
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
246a5cea by Volker Lendecke at 2021-10-08T19:28:32+00:00
netlogon: Move netlogon_server_pipe_state to netlogon.idl
Make this available as a shared structure for both source3 and source4
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
426a7b48 by Volker Lendecke at 2021-10-08T19:28:32+00:00
rpc_server3: Use dcesrv_iface_state in netlogon3
Align with the source4/rpc_server/netlogon
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
83ad7e01 by Volker Lendecke at 2021-10-08T19:28:32+00:00
rpc_server3: Remove pipes_struct->private_data
netlogon3 was the only user
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
3afd4bd6 by Ralph Boehme at 2021-10-08T19:28:32+00:00
idl: declare token array of storage_offload_token as in-line
This ensures the order of the struct element is the same as in the IDL
definition. For an conformant array using the [sizeis(n)] syntax the sizeis
member is stored as first element in the marshall buffer.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
8fa7848b by Ralph Boehme at 2021-10-08T19:28:32+00:00
vfs: Add flags and xferlen args to SMB_VFS_OFFLOAD_READ_RECV
We missed these values which follow from MS-FSCC 2.3.80 “FSCTL_OFFLOAD_READ
Reply”:
Flags (4 bytes):
A 32-bit unsigned integer that indicates which flags were returned for this
operation. Possible values for the flags follow. All unused bits are reserved
for future use, SHOULD be set to 0, and MUST be ignored.
OFFLOAD_READ_FLAG_ALL_ZERO_BEYOND_CURRENT_RANGE (0x00000001)
=> The data beyond the current range is logically equivalent to zero.
TransferLength (8 bytes):
A 64-bit unsigned integer that contains the amount, in bytes, of data that the
Token logically represents. This value indicates a contiguous region of the
file from the beginning of the requested offset in the FileOffset field in the
FSCTL_OFFLOAD_READ_INPUT data element (section 2.3.79). This value can be
smaller than the CopyLength field specified in the FSCTL_OFFLOAD_READ_INPUT
data element, which indicates that less data was logically
represented (logically read) with the Token than was requested. The value of
this field MUST be greater than 0x0000000000000000 and MUST be aligned to a
logical sector boundary on the volume.
As we currently only implement COPY_CHUNK over the OFFLOAD VFS interface, the
VFS COPY_CHUNK backend in vfs_default just sets both values to 0 and they are
unused in the SMB frontend.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
2f523a03 by Ralph Boehme at 2021-10-08T19:28:32+00:00
lib: add sys_block_align[_truncate]()
This implements MS-FSA algorithms BlockAlign() and BlockAlignTruncate().
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
3268bcd8 by Ralph Boehme at 2021-10-08T20:21:21+00:00
vfs: add and use a few SMB_VFS_ODX defines
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Oct 8 20:21:21 UTC 2021 on sn-devel-184
- - - - -
954e637d by Jeremy Allison at 2021-10-08T20:38:34+00:00
s3: selftest: Add regression test to show the $cwd cache is misbehaving when we connect as a different user on a share.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14682
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
4fe96583 by Jeremy Allison at 2021-10-08T21:28:04+00:00
s3: smbd: Ensure when we change security context we delete any $cwd cache..
This will ensure we *always* call into the VFS_SMB_CHDIR backends
on security context switch. The $cwd was an optimization that
was only looking at the raw filesystem path. We could delete it
completely but that is a patch for another day.
Remove knownfail on regression test.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14682
RN: vfs_shadow_copy2: core dump in make_relative_path
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Fri Oct 8 21:28:04 UTC 2021 on sn-devel-184
- - - - -
b92589c3 by Pavel Filipenský at 2021-10-12T08:40:34+00:00
s3:winbindd: Fix winbindd child logfile name handling
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14852
Handling of logfile name for main and child winbindd must ensure:
1) Log directory is selected in this order:
* -l option of winbindd
* "log file" parameter in smb.conf
* compile time value '/usr/local/samba/var'
2) Log filename pattern
* parent process uses log.winbindd
* child uses log.wb-<name>
3) Log reopen works for both parent and child (i.e. log filename is not changed)
* kill -HUP <pid>
* smbcontrol <pid> reload-config
This commit removes 3 calls of is_default_dyn_LOGFILEBASE() to make sure that:
- 1st removal: child uses log.wb-<name> after the fork
- 2nd removal: child after HUP signal, does not switch to log.winbindd
- 3rd removal: child after smbcontrol reload-config, does not switch to
log.winbindd
Interesting commits: bfa1b2a8 1484b7f3 3b015a4c d1f7a371
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
12d04d9a by Pavel Filipenský at 2021-10-12T09:30:02+00:00
docs-xml: Update winbindd(8) manpage
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14852
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Tue Oct 12 09:30:02 UTC 2021 on sn-devel-184
- - - - -
3262f696 by Andreas Schneider at 2021-10-12T16:31:36+00:00
docs-xml: Remove trailing spaces in smb.conf.5.xml
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
14db80fe by Andreas Schneider at 2021-10-12T17:24:01+00:00
docs-xml: Use /var/tmp for spooling in smb.conf.5
This is a world writeable directory which exists on Linux distributions by
default already.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Tue Oct 12 17:24:01 UTC 2021 on sn-devel-184
- - - - -
0a376b23 by Jeremy Allison at 2021-10-12T18:14:27+00:00
s3: VFS: zfsacl: Ensure we use a pathref fd, not an io fd, for getting/setting ZFS ACLs.
Don't use path-based calls.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14685
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Böhme <slow at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Oct 12 18:14:27 UTC 2021 on sn-devel-184
- - - - -
530e8d4b by Ralph Boehme at 2021-10-12T22:38:32+00:00
ctdb-scripts: filter out comments in public_addresses file
Note that order of sed expressions matters: the expression to delete
comment lines must come first as the second expression would transform
# comment
to
comment
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14826
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
5426c104 by Martin Schwenke at 2021-10-12T22:38:32+00:00
ctdb-tests: Fix typo in ctdb stub comment matching
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14826
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
4e3676cb by Ralph Boehme at 2021-10-12T22:38:32+00:00
ctdb-tests: add a comment to the generated public_addresses file used by eventscript UNIT tests
test stub code has been updated to handle this, so now let's put it
to work.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14826
RN: Correctly ignore comments in CTDB public addresses file
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
1719ef78 by Martin Schwenke at 2021-10-12T23:24:18+00:00
ctdb-tests: Drop unused function ctdb_get_all_public_addresses()
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Martin Schwenke <martins at samba.org>
Autobuild-Date(master): Tue Oct 12 23:24:18 UTC 2021 on sn-devel-184
- - - - -
2564e96e by Alex Richardson at 2021-10-13T01:42:35+00:00
charset_macosxfs.c: fix compilation on macOS
The DEBUG macro was missing and the CFStringGetBytes() was triggering a
-Werror,-Wpointer-sign build failure.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14862
Signed-off-by: Alex Richardson <Alexander.Richardson at cl.cam.ac.uk>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d3675e66 by Alex Richardson at 2021-10-13T01:42:35+00:00
audit_logging.c: fix compilation on macOS
On macOS tv_usec is an int so failus the build with -Werror,-Wformat.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14862
Signed-off-by: Alex Richardson <Alexander.Richardson at cl.cam.ac.uk>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e4eb1f15 by Alex Richardson at 2021-10-13T01:42:35+00:00
source3/printing/queue_process.c: fix build on macOS
On macOS environ is defined to (*_NSGetEnviron()) in lib/replace/replace.h
and otherwise the `extern char **environ` can be found there.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14862
Signed-off-by: Alex Richardson <Alexander.Richardson at cl.cam.ac.uk>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
6dadf251 by Alex Richardson at 2021-10-13T01:42:35+00:00
sec_ctx.c: Fix -Wunused-function warning on macOS
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14862
Signed-off-by: Alex Richardson <Alexander.Richardson at cl.cam.ac.uk>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1d893f72 by Alex Richardson at 2021-10-13T01:42:35+00:00
source3/smbd/statcache.c: Fix -Wformat build error on macOS
The format string uses PRIx64, so we should be using uint64_t and not
uintmax_t.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14862
Signed-off-by: Alex Richardson <Alexander.Richardson at cl.cam.ac.uk>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
99ee7f3d by Alex Richardson at 2021-10-13T01:42:35+00:00
vfs_preopen.c: Fix -Wformat error on macOS
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14862
Signed-off-by: Alex Richardson <Alexander.Richardson at cl.cam.ac.uk>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
fc2347be by Alex Richardson at 2021-10-13T02:33:05+00:00
Fix detection of rpc/xdr.h on macOS
We need to include rpc/types.h first to include this header.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14862
Signed-off-by: Alex Richardson <Alexander.Richardson at cl.cam.ac.uk>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Oct 13 02:33:05 UTC 2021 on sn-devel-184
- - - - -
7857e124 by Andrew Bartlett at 2021-10-13T11:10:44+00:00
.gitlab-ci.yml: Honour AUTOBUILD_SKIP_SAMBA_O3 in GitLab CI
GitLab CI resources are expensive and often rationed so
provide a way to test other things without testing an -O3
build also, as this will save 9 jobs.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14861
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
dd178d97 by Joseph Sutton at 2021-10-13T12:00:03+00:00
.gitlab-ci: Increase build timeout
While the build will not take > 1hr, uploading the artifacts
needed to pass the build objects to the next stage can take
some time due to the distance between the runners and the
private CI server.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14861
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed Oct 13 12:00:03 UTC 2021 on sn-devel-184
- - - - -
bcc22d00 by Andrew Bartlett at 2021-10-14T00:31:35+00:00
.gitlab-ci.yml: Restore building most of our jobs
We are changing the primary build jobs to use "when"
not "only". These a similar and related GitLab syntax
tools to control when jobs are run.
With 'when' now in use it must be specified on all jobs
that inherit from each other via:
.extends .shared_template
"only" can be left however for the pages and coverity as
these use:
.extends .shared_runner_build_image
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14861
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
8ab0238a by Andrew Bartlett at 2021-10-14T01:21:11+00:00
.gitlab-ci: Avoid duplicate CI on all merge requests
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14861
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu Oct 14 01:21:11 UTC 2021 on sn-devel-184
- - - - -
23214677 by Ralph Boehme at 2021-10-14T09:33:38+00:00
selftest: add a test ignored spotlight/elasticsearch mapping failures
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
c6743237 by Ralph Boehme at 2021-10-14T09:33:38+00:00
mdssvc: prepare for ignore attribute and type mapping errors
Lower the debug levels to debug from error. No change in behaviour.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
8e3372ec by Ralph Boehme at 2021-10-14T09:33:38+00:00
mdssvc: add options to allow ignoring attribute and type mapping errors
This adds two options that are used by the Spotlight query parser to optionally
ignore unknown attributes or types in a query.
elasticsearch:ignore unknown attribute = yes | no (default: no)
elasticsearch:ignore unknown type = yes | no (default: no)
Example Spotlight query with unknown attributes and type:
kMDItemContentType=="public.calendar-event"||kMDItemSubject=="Kalender*"cdw||
kMDItemTitle=="Kalender*"cdw||kMDItemTopic=="Kalender*"cdw||
kMDItemTextContent=="Kalender*"cd||*=="Kalender*"cdw||
kMDItemTextContent=="Kalender*"cdw
The unknown attributes are "kMDItemTopic" and "kMDItemSubject". The unkown type
is "public.calendar-event".
Currently the parser will outright fail to parse the query and the search will
enter an error state.
To give users some control over the mapping the above options can be used to
tell the parser to simply ignore such unknown attributes and types.
(meta.title:Kalender* OR content:Kalender* OR Kalender* OR content:Kalender*)
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
71cef2fa by Ralph Boehme at 2021-10-14T10:20:27+00:00
docs: document new Spotlight Elasticsearch options
elasticsearch:ignore unknown attribute = yes | no (default: no)
elasticsearch:ignore unknown type = yes | no (default: no)
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
Autobuild-User(master): Noel Power <npower at samba.org>
Autobuild-Date(master): Thu Oct 14 10:20:27 UTC 2021 on sn-devel-184
- - - - -
fb29a8eb by Martin Schwenke at 2021-10-14T10:21:30+00:00
debug: Move header_str and hs_len to state
They'll need to be accessible by the backends.
Note that the snprintf() and strlcat() calls can result in
state.hs_len >= sizeof(state.header_str), so state.hs_len needs to be
sanitised before any potential use. Previously this wasn't necessary
because this value was on the stack, so it couldn't be used after
dbghdrclass() returned.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
0e59375a by Martin Schwenke at 2021-10-14T10:21:30+00:00
debug: Add a level of indirection to ring buffer logging
Add an internal function to do the work and call it. It will be
called again in a subsequent commit.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
10f68148 by Martin Schwenke at 2021-10-14T10:21:30+00:00
debug: Factor out function copy_no_nl()
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
9f8be709 by Martin Schwenke at 2021-10-14T10:21:30+00:00
debug: Avoid debug header being separated from debug text
Currently the file backend can produce something like:
HEADER1 HEADER2 TEXT2
TEXT1
when different processes try to log at the same time.
Avoid this by writing the header and text at the same time using
writev(). This means that the header always has to be written by the
backend, so update all backends to do this.
The non-file backends should behave as before when they were invoked
separately to render the header. It might be possible to optimise
some of them (e.g. via sd_journal_sendv) but this requires more
investigation (e.g. sd_journal_sendv()'s handling of newlines) and is
beyond the scope of this change.
state.header_str_no_nl takes the place of msg_no_nl for the header,
since some of the backends need the no-newline version. It is handled
the same was as msg_no_nl: produce the no_nl version exactly once,
whether or not it is needed, since this is better than repeating it in
several backends.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
3085a7d3 by Martin Schwenke at 2021-10-14T10:21:30+00:00
debug: Add length argument to Debug1()
This the first step in avoiding potentially repeated length
calculations in the backends. The length is known at call time for
most usual callers, so pass it down.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
24dc8c5d by Martin Schwenke at 2021-10-14T10:21:30+00:00
debug: Push message length argument down to backend log functions
Optimise because length is now available.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
8cdd20c7 by Martin Schwenke at 2021-10-14T10:21:30+00:00
debug: Rename variable for consistency
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
ee17f530 by Martin Schwenke at 2021-10-14T10:21:30+00:00
debug: Optimise construction of header_str_no_nl
If it isn't used then it isn't copied.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
c5061ebe by Martin Schwenke at 2021-10-14T10:21:30+00:00
debug: Optimise to avoid walking the header string
strlcat() needs to walk to the end of its first argument. However,
but the length of state.header_str is already known, so optimise by
manually appending the extra characters if they will fit.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
cb70eea0 by Martin Schwenke at 2021-10-14T10:21:30+00:00
debug: Optimise early return when header string buffer is full
The existing check is for truncation, not whether the buffer is full.
However, if the buffer is full (i.e. hs_len == sizeof(header_str) - 1)
then there's no use trying subsequent snprintf() calls because there
will be one byte available that already contains the NUL-terminator.
A subsequent call will just do a no-op truncation.
Check for full buffer instead.
This might be confusing because it isn't the standard check that is
done after snprintf() calls. Is it worth it for a rare corner case?
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
62fd771a by Martin Schwenke at 2021-10-14T10:21:30+00:00
debug: Move msg_no_nl to state
This enables an optimisation.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
a9a3555b by Martin Schwenke at 2021-10-14T11:10:40+00:00
debug: Optimise construction of msg_no_nl
If it isn't used then it isn't copied.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Thu Oct 14 11:10:40 UTC 2021 on sn-devel-184
- - - - -
d501ddca by Joseph Sutton at 2021-10-14T18:59:31+00:00
tests/krb5: Rename method parameter
For class methods, the name given to the first parameter is generally 'cls'
rather than 'self'.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8e4b2159 by Joseph Sutton at 2021-10-14T18:59:31+00:00
tests/krb5: Remove unused parameter
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ce433ff8 by Joseph Sutton at 2021-10-14T18:59:31+00:00
tests/krb5: Allow for missing msDS-KeyVersionNumber attribute
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6f1282e8 by Joseph Sutton at 2021-10-14T18:59:31+00:00
tests/krb5: Fix sending PA-PAC-OPTIONS and PA-PAC-REQUEST
These padata were not being sent if other FAST padata was not specified.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1fd00135 by Joseph Sutton at 2021-10-14T18:59:31+00:00
tests/krb5: Fix PA-PAC-OPTIONS checking
Make the check work correctly if bits other than the claims bit are
specified.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
31817c38 by Joseph Sutton at 2021-10-14T18:59:31+00:00
tests/krb5: Rename allowed_to_delegate_to parameter for clarity
This helps to distinguish resourced-based and non-resource-based
constrained delegation.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
bba8cb8d by Joseph Sutton at 2021-10-14T18:59:31+00:00
tests/krb5: Allow created accounts to use resource-based constrained delegation
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
cda50b5c by Joseph Sutton at 2021-10-14T18:59:31+00:00
tests/krb5: Add assertion to make failures clearer
These failures may occur if tests are not run against an RODC.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9d142dc3 by Joseph Sutton at 2021-10-14T18:59:31+00:00
tests/krb5: Introduce helper method for creating invalid length checksums
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ae09219c by Joseph Sutton at 2021-10-14T18:59:31+00:00
tests/krb5: Fix method for creating invalid length zeroed checksum
Previously the base class method was being used.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a927ceca by Joseph Sutton at 2021-10-14T18:59:31+00:00
tests/krb5: Fix checksum generation and verification
The KDC and server checksums may be generated using the same key, but
only the KDC checksum should have an RODCIdentifier. To fix this,
instead of overriding the existing methods, add additional ones for
RODC-specific signatures, so that both types of signatures can be
generated or verified.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
dcf45a15 by Joseph Sutton at 2021-10-14T18:59:31+00:00
tests/krb5: Allow excluding the PAC server checksum
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a4bc712e by Joseph Sutton at 2021-10-14T18:59:31+00:00
tests/krb5: Fix handling authdata with missing PAC
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
012b6fcd by Joseph Sutton at 2021-10-14T18:59:31+00:00
tests/krb5: Fix status code checking
The type used to encode the status code is actually KERB-ERROR-DATA,
rather than PA-DATA.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8f6d369d by Joseph Sutton at 2021-10-14T18:59:31+00:00
tests/krb5: Make expected_sname checking more explicit
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
788b3a29 by Joseph Sutton at 2021-10-14T18:59:31+00:00
tests/krb5: Fix assertElementFlags()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7fba83c6 by Joseph Sutton at 2021-10-14T18:59:31+00:00
tests/krb5: Remove unneeded parameters from ticket cache key
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ab92dc16 by Joseph Sutton at 2021-10-14T18:59:31+00:00
tests/krb5: Fix checking for presence of error data
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7cfc225b by Joseph Sutton at 2021-10-14T18:59:31+00:00
tests/krb5: Add expect_claims parameter to kdc_exchange_dict
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8e1efd8b by Joseph Sutton at 2021-10-14T18:59:31+00:00
heimdal:kdc: Only check for default salt for des-cbc-crc enctype
Previously, this algorithm was preferring RC4 over AES for machine
accounts in the preauth case. This is because AES keys for machine
accounts in Active Directory use a non-default salt, while RC4 keys do
not use a salt. To avoid this behaviour, only prefer keys with default
salt for the des-cbc-crc enctype.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14864
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
aa2e583f by Joseph Sutton at 2021-10-14T18:59:31+00:00
tests/krb5: Check buffer types in PAC with STRICT_CHECKING=1
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0e232fa1 by Joseph Sutton at 2021-10-14T18:59:31+00:00
tests/krb5: Check constrained delegation PAC buffer
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
bb58b4b5 by Joseph Sutton at 2021-10-14T18:59:31+00:00
tests/krb5: Save account SPN
This is useful for testing delegation.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
34020766 by Joseph Sutton at 2021-10-14T18:59:31+00:00
tests/krb5: Allow specifying options and expected flags when obtaining a ticket
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
248249dc by Joseph Sutton at 2021-10-14T18:59:31+00:00
tests/krb5: Supply supported account enctypes in tgs_req()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ef24fe98 by Joseph Sutton at 2021-10-14T18:59:31+00:00
tests/krb5: Add parameter to enforce presence of ticket checksums
This allows existing tests to pass before this functionality is
implemented.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ec4b264b by Joseph Sutton at 2021-10-14T18:59:31+00:00
tests/krb5: Add compatability tests for ticket checksums
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
687c8f94 by Joseph Sutton at 2021-10-14T18:59:31+00:00
tests/krb5: Use correct principal name type
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ee2b7e2c by Joseph Sutton at 2021-10-14T18:59:31+00:00
tests/krb5: Clarify checksum type assertion message
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
72265227 by Joseph Sutton at 2021-10-14T18:59:31+00:00
tests/krb5: Fix padata checking at functional level 2003
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
238f52ba by Joseph Sutton at 2021-10-14T18:59:31+00:00
tests/krb5: Add environment variable to specify KDC FAST support
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
bd22dcd9 by Joseph Sutton at 2021-10-14T18:59:31+00:00
tests/krb5: Check padata types when STRICT_CHECKING=0
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e7c39cc4 by Joseph Sutton at 2021-10-14T18:59:31+00:00
tests/krb5: Check logon name in PAC
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
cf3ca6ac by Joseph Sutton at 2021-10-14T18:59:31+00:00
tests/krb5: Simplify padata checking
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
dfd61366 by Joseph Sutton at 2021-10-14T18:59:31+00:00
tests/krb5: Disable debugging output for tests
This reduces the time spent running the tests in a testenv.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5233f002 by Joseph Sutton at 2021-10-14T18:59:31+00:00
tests/krb5: Provide clearer assertion messages for test failures
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ebe72978 by Joseph Sutton at 2021-10-14T18:59:31+00:00
tests/krb5: Fix sha1 checksum type
Previously, sha1 signatures were being designated as rsa-md5-des3
signatures.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
40e5db4a by Joseph Sutton at 2021-10-14T18:59:31+00:00
selftest/dbcheck: Fix up RODC one-way links
Test accounts were replicated to the RODC and then deleted, causing
state links to remain in the database.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ae2c57fb by Joseph Sutton at 2021-10-14T18:59:31+00:00
tests/krb5: Add TKT_SIG_SUPPORT environment variable
This lets us indicate that service tickets should be issued with ticket
checksums in the PAC.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
bf632217 by Joseph Sutton at 2021-10-14T18:59:31+00:00
tests/krb5: Require ticket checksums if decryption key is available
We perform this check conditionally, because MIT doesn't currently add
ticket checksums.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d86eee2f by Joseph Sutton at 2021-10-14T18:59:31+00:00
tests/krb5: Verify tickets obtained with get_service_ticket()
We only require the ticket checksum with Heimdal, because MIT currently
doesn't add it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
56ccdba5 by Joseph Sutton at 2021-10-14T18:59:31+00:00
tests/krb5: Add constrained delegation tests
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1a08399c by Joseph Sutton at 2021-10-14T18:59:31+00:00
tests/krb5: Don't include empty AD-IF-RELEVANT
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3948701f by Joseph Sutton at 2021-10-14T18:59:31+00:00
tests/krb5: Allow bypassing cache when creating accounts
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3dede18c by Joseph Sutton at 2021-10-14T18:59:31+00:00
tests/krb5: Fix duplicate account creation
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7149eeac by Joseph Sutton at 2021-10-14T18:59:31+00:00
s4:kdc: Simplify samba_kdc_update_pac_blob() to take ldb_context as parameter
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c14c6174 by Joseph Sutton at 2021-10-14T18:59:31+00:00
s4:kdc: Fix debugging messages
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d5002c34 by Joseph Sutton at 2021-10-14T18:59:31+00:00
s4/torture: Expect ticket checksum PAC buffer
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ccabc7f1 by Isaac Boukris at 2021-10-14T18:59:31+00:00
kdc: remove KRB5SignedPath, to be replaced with PAC
KRB5SignedPath was a Heimdal-specific authorization data element used to
protect the authenticity of evidence tickets when used in constrained
delegation (without a Windows PAC).
Remove this, to be replaced with the Windows PAC which itself now supports
signing the entire ticket in the TGS key.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
[jsutton at samba.org Backported from Heimdal commit
bb1d8f2a8c2545bccdf2c9179ce9259bf1050086
- Removed tests
- Removed auditing hook (only present in Heimdal master)
- Added knownfails
]
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d7b03394 by Isaac Boukris at 2021-10-14T18:59:31+00:00
kdc: sign ticket using Windows PAC
Split Windows PAC signing and verification logic, as the signing has to be when
the ticket is ready.
Create sign and verify the PAC KDC signature if the plugin did not, allowing
for S4U2Proxy to work, instead of KRB5SignedPath.
Use the header key to verify PAC server signature, as the same key used to
encrypt/decrypt the ticket should be used for PAC server signature, like U2U
tickets are signed witht the tgt session-key and not with the longterm key,
and so krbtgt should be no different and the header key should be used.
Lookup the delegated client in DB instead of passing the delegator DB entry.
Add PAC ticket-signatures and related functions.
Note: due to the change from KRB5SignedPath to PAC, S4U2Proxy requests
against new KDC will not work if the evidence ticket was acquired from
an old KDC, and vide versa.
Closes: #767
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
[jsutton at samba.org Backported from Heimdal commit
2ffaba9401d19c718764d4bd24180960290238e9
- Removed tests
- Adapted to Samba's version of Heimdal
- Addressed build failures with -O3
- Added knownfails
]
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2d09de5c by Isaac Boukris at 2021-10-14T18:59:31+00:00
krb5: allow NULL parameter to krb5_pac_free()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
[jsutton at samba.org Cherry-picked from Heimdal commit
b295167208a96e68515902138f6ce93972892ec5]
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
27733796 by Isaac Boukris at 2021-10-14T18:59:31+00:00
krb5: rework PAC validation loop
Avoid allocating the PAC on error.
Closes: #836
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
[jsutton at samba.org Cherry-picked from Heimdal commit
6df8be5091363a1c9a9165465ab8292f817bec81]
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d6a472e9 by Luke Howard at 2021-10-14T18:59:31+00:00
krb5: return KRB5KRB_AP_ERR_INAPP_CKSUM if PAC checksum fails
Return KRB5KRB_AP_ERR_INAPP_CKSUM instead of EINVAL when verifying a PAC, if
the checksum is absent or unkeyed.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
[jsutton at samba.org Cherry-picked from Heimdal commit
c4b99b48c4b18f30d504b427bc1961d7a71f631e]
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
db30b71f by Luke Howard at 2021-10-14T18:59:31+00:00
kdc: only set HDB_F_GET_KRBTGT when requesting TGS principal
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
[jsutton at samba.org Backported from Heimdal commit
f1dd2b818aa0866960945edea02a6bc782ed697c
- Removed change to _kdc_find_etype() use_strongest_session_key
parameter since Samba's Heimdal version uses different logic
]
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
75d1a7cd by Luke Howard at 2021-10-14T18:59:31+00:00
kdc: use ticket client name when signing PAC
The principal in the PAC_LOGON_NAME buffer is expected to match the client name
in the ticket. Previously we were setting this to the canonical client name,
which would have broken PAC validation if the client did not request name
canonicalization
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
[jsutton at samba.org Backported from Heimdal commit
3b0856cab2b25624deb1f6e0e67637ba96a647ac
- Renamed variable to avoid shadowing existing variable
]
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
91e684f5 by Luke Howard at 2021-10-14T18:59:31+00:00
kdc: correctly generate PAC TGS signature
When generating an AS-REQ, the TGS signature was incorrectly generated using
the server key, which would fail to validate if the server was not also the
TGS. Fix this.
Patch from Isaac Bourkis <iboukris at gmail.com>.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
[jsutton at samba.org Backported from Heimdal commit
e7863e2af922809dad25a2e948e98c408944d551
- Samba's Heimdal version does not have the generate_pac() helper
function.
- Samba's Heimdal version does not use the 'r' context variable.
]
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
28a5a586 by Joseph Sutton at 2021-10-14T18:59:31+00:00
s4/heimdal/lib/krb5/pac.c: Align PAC buffers to match Windows
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3bdce127 by Joseph Sutton at 2021-10-14T18:59:31+00:00
heimdal: Make _krb5_pac_get_kdc_checksum_info() into a global function
This lets us call it from Samba.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
02fa69c6 by Joseph Sutton at 2021-10-14T18:59:32+00:00
s4:kdc: Check ticket signature
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f6adfefb by Nicolas Williams at 2021-10-14T18:59:32+00:00
krb5: Fix PAC signature leak affecting KDC
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
[jsutton at samba.org Cherry-picked from Heimdal commit
54581d2d52443a9a07ed5980df331f660b397dcf]
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1d3e118f by Jeremy Allison at 2021-10-14T19:51:59+00:00
s3: smbspool. Remove last use of 'extern char **environ;'.
This should come from lib/replace/replace.h to cope with
system (MacOSX etc.) differences.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14862
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu Oct 14 19:51:59 UTC 2021 on sn-devel-184
- - - - -
1cdf8493 by Andrew Bartlett at 2021-10-15T09:09:36+00:00
gitlab-ci: Do not retry for job_execution_timeout
If we timeout, we should just stop at 2 hours, not waste 6 hours (3 x 2 hours).
This is for when the job runs long for any reason, currently the
reasons for a timeout are not transient, we need to either change
the timeout or fix the system. Likewise if the tests get into a loop
or deadlock we want to see that as a failure.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14863
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
ce3d33f4 by Andrew Bartlett at 2021-10-15T09:09:36+00:00
gitlab-ci: Do not download artifacts of unrelated builds
This needs: is overridden in many cases, but ensures none of the other
main jobs start until this build finishes. However this also
ensures we do not download artifacts from any build unless we
specifically depend on it, saving bandwidth
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14863
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
a7ad665e by Andrew Bartlett at 2021-10-15T10:00:47+00:00
selftest/dbcheck: Fix up RODC one-way links (use correct dbcheck rule)
The previous commit was correct on intention, but it was not noticed
as there is a race, that the incorrect rule was appended to.
These links are removed by remove_plausible_deleted_DN_links not
fix_all_old_dn_string_component_mismatch
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Fri Oct 15 10:00:47 UTC 2021 on sn-devel-184
- - - - -
d23d8e85 by Joseph Sutton at 2021-10-17T22:53:37+00:00
heimdal:kdc: Fix ticket signing without a PAC
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e086c619 by Joseph Sutton at 2021-10-17T22:53:37+00:00
tests/krb5: Allow get_tgt() to request including or omitting a PAC
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0dc69c13 by Joseph Sutton at 2021-10-17T22:53:37+00:00
tests/krb5: Allow specifying whether to expect a PAC with _test_as_exchange()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
28835589 by Joseph Sutton at 2021-10-17T22:53:37+00:00
tests/krb5: Add method to get the PAC from a ticket
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9d3a6919 by Joseph Sutton at 2021-10-17T23:40:33+00:00
tests/krb5: Add tests for requesting a service ticket without a PAC
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Sun Oct 17 23:40:33 UTC 2021 on sn-devel-184
- - - - -
c901adaa by Martin Schwenke at 2021-10-18T17:19:17+00:00
bootstrap: Add Debian 11
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14872
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Mon Oct 18 17:19:17 UTC 2021 on sn-devel-184
- - - - -
04f188f4 by Martin Schwenke at 2021-10-19T09:14:10+00:00
bootstrap: Debian 11 has liburing-dev
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14872
Signed-off-by: Martin Schwenke <martin at meltin.net>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Tue Oct 19 09:14:10 UTC 2021 on sn-devel-184
- - - - -
dd07bb81 by Stefan Metzmacher at 2021-10-19T19:23:39+00:00
libcli/smb: use MID=0 for SMB2 Cancel with ASYNC_ID and legacy signing algorithms
We can only assume that servers with support for AES-GMAC-128 signing
will except an SMB2 Cancel with ASYNC_ID and real MID.
This strategy is also used by Windows clients, because
some vendors don't cope otherwise.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14855
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Oct 19 19:23:39 UTC 2021 on sn-devel-184
- - - - -
8a607e75 by Stefan Metzmacher at 2021-10-19T20:20:00+00:00
netlogon_creds_cli: add netlogon_creds_cli_SendToSam_recv() and don't ignore result
This is a low level function that should not ignore results.
If the caller doesn't care it's his choice.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Oct 19 20:20:00 UTC 2021 on sn-devel-184
- - - - -
92e8ce18 by Andrew Bartlett at 2021-10-20T08:31:31+00:00
kdc: Remove UF_NO_AUTH_DATA_REQUIRED from client principals
Tests against Windows 2019 show that UF_NO_AUTH_DATA_REQUIRED
applies to services only, not to clients.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14871
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
031a8287 by Andrew Bartlett at 2021-10-20T08:31:31+00:00
kdc: Correctly strip PAC, rather than error on UF_NO_AUTH_DATA_REQUIRED for servers
UF_NO_AUTH_DATA_REQUIRED on a server/service account should cause
the PAC to be stripped not to given an error if the PAC was still
present.
Tested against Windows 2019
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14871
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
cc3d2759 by Joseph Sutton at 2021-10-20T08:31:31+00:00
tests/krb5: Ensure PAC is not present if expect_pac is false
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14871
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
83a654a4 by Joseph Sutton at 2021-10-20T09:22:43+00:00
tests/krb5: Add tests for constrained delegation to NO_AUTH_DATA_REQUIRED service
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14871
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Wed Oct 20 09:22:43 UTC 2021 on sn-devel-184
- - - - -
7e961f3f by Viktor Dukhovni at 2021-10-20T10:58:37+00:00
HEIMDAL:kdc: Fix transit path validation CVE-2017-6594
Commit f469fc6 (2010-10-02) inadvertently caused the previous hop realm
to not be added to the transit path of issued tickets. This may, in
some cases, enable bypass of capath policy in Heimdal versions 1.5
through 7.2.
Note, this may break sites that rely on the bug. With the bug some
incomplete [capaths] worked, that should not have. These may now break
authentication in some cross-realm configurations.
(similar to heimdal commit b1e699103f08d6a0ca46a122193c9da65f6cf837)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12998
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Wed Oct 20 10:58:37 UTC 2021 on sn-devel-184
- - - - -
a169e013 by Douglas Bagnall at 2021-10-20T12:02:33+00:00
pytest/rodc_rwdc: try to avoid race.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14868
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
6292f059 by Joseph Sutton at 2021-10-20T12:02:33+00:00
selftest: Increase account lockout windows to make test more realiable
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14868
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
aacb18f9 by Douglas Bagnall at 2021-10-20T12:02:33+00:00
pytest: dynamic tests optionally add __doc__
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14869
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
49306f74 by Joseph Sutton at 2021-10-20T12:02:33+00:00
selftest: krb5 account creation: clarify account type as an enum
This makes the code clearer with a symbolic constant rather
than a True/False boolean.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14869
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
d4a75eea by Douglas Bagnall at 2021-10-20T12:02:33+00:00
pytest: s3_net_join: avoid name clash
The net_join test uses "NetJoinTest" (and doesn't properly clean up),
we must use a unique name for this test in s3_net_join.py.
[abartlet at samba.org The hilarious naming conventions come from a time when samba-tool
was known as "net" in the s4 branch]
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14869
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
2c0658d4 by Andrew Bartlett at 2021-10-20T12:02:33+00:00
selftest: Remove duplicate setup of $base_dn and $ldbmodify
These are already set up to the same values above for the full
DC and correct values for the (strange) s4member environment.
By not setting $base_dn again we avoid an error once we start
checking for them.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
459200ca by Andrew Bartlett at 2021-10-20T12:02:33+00:00
selftest: Improve error handling and perl style when setting up users in Samba4.pm
This catches errors and avoids using global varibles (the old
style file handles are global).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14869
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
5d8e7945 by Andreas Schneider at 2021-10-20T12:02:33+00:00
waf: Allow building with MIT KRB5 >= 1.20
gssrpc/xdr.h:105:1: error: function declaration isn’t a prototype
[-Werror=strict-prototypes]
105 | typedef bool_t (*xdrproc_t)();
| ^~~~~~~
This can't be fixed, as the protoype is variadic. It can take up to three
arguments.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14870
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
d998f7f8 by Stefan Metzmacher at 2021-10-20T12:02:33+00:00
selftest/Samba3: remove unused close(USERMAP); calls
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14869
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4dc3c68c by Stefan Metzmacher at 2021-10-20T12:02:33+00:00
selftest/Samba3: replace (winbindd => "yes", skip_wait => 1) with (winbindd => "offline")
This is much more flexible and concentrates the logic in a single place.
We'll use winbindd => "offline" in other places soon.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14870
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a5a6296e by Joseph Sutton at 2021-10-20T12:02:33+00:00
tests/krb5: Decrease length of test account prefix
This allows us more room to test with different account names.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14874
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
7e39994e by Joseph Sutton at 2021-10-20T12:02:33+00:00
tests/krb5: Allow specifying prefix or suffix for test account names
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14874
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
f4785ccf by Joseph Sutton at 2021-10-20T12:02:33+00:00
tests/krb5: Allow creating machine accounts without a trailing dollar
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14874
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
889476d1 by Joseph Sutton at 2021-10-20T12:02:33+00:00
tests/krb5: Allow specifying the UPN for test accounts
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14874
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
25bdf4c9 by Joseph Sutton at 2021-10-20T12:02:33+00:00
tests/krb5: Fix account salt calculation to match Windows
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14874
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
46039baa by Joseph Sutton at 2021-10-20T12:02:33+00:00
tests/krb5: Add tests for account salt calculation
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14874
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
5eeb441b by Andrew Bartlett at 2021-10-20T12:54:54+00:00
dsdb: Allow special chars like "@" in samAccountName when generating the salt
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14874
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Wed Oct 20 12:54:54 UTC 2021 on sn-devel-184
- - - - -
5094d986 by Andrew Bartlett at 2021-10-23T08:07:13+00:00
lib/krb5_wrap: Fix missing error check in new salt code
CID 1492905: Control flow issues (DEADCODE)
This was a regression in 5eeb441b771a1ffe1ba1c69b72e8795f525a58ed.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14874
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Sat Oct 23 08:07:13 UTC 2021 on sn-devel-184
- - - - -
7253405c by David Mulder at 2021-10-25T08:31:31+00:00
gp: Add Firewalld ADMX templates
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Andreas Schneider <asn at cryptomilk.org>
- - - - -
8f347449 by David Mulder at 2021-10-25T08:31:31+00:00
gp: Test Firewalld Group Policy Apply
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Andreas Schneider <asn at cryptomilk.org>
- - - - -
9ac2d5d9 by David Mulder at 2021-10-25T08:31:31+00:00
gp: Apply Firewalld Policy
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Andreas Schneider <asn at cryptomilk.org>
- - - - -
c174e9eb by Joseph Sutton at 2021-10-25T09:23:35+00:00
tests/krb5: Check account name and SID in PAC for S4U tests
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at cryptomilk.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Mon Oct 25 09:23:35 UTC 2021 on sn-devel-184
- - - - -
cd5f5199 by Andreas Schneider at 2021-10-25T14:08:32+00:00
Revert "gp: Apply Firewalld Policy"
This reverts commit 9ac2d5d991d16d1957c720fcda3ff6a9ac78dc13.
Signed-off-by: Andreas Schneider <asn at cryptomilk.org>
Reviewed-by: David Mulder <dmulder at suse.com>
- - - - -
db341882 by Andreas Schneider at 2021-10-25T14:08:32+00:00
Revert "gp: Test Firewalld Group Policy Apply"
This reverts commit 8f347449190c698ec4d2720bbf6ffced853ef797.
Signed-off-by: Andreas Schneider <asn at cryptomilk.org>
Reviewed-by: David Mulder <dmulder at suse.com>
- - - - -
5a75212b by Andreas Schneider at 2021-10-25T15:04:18+00:00
Revert "gp: Add Firewalld ADMX templates"
This reverts commit 7253405c35247dff192e86598b18d524e1602818.
Signed-off-by: Andreas Schneider <asn at cryptomilk.org>
Reviewed-by: David Mulder <dmulder at suse.com>
Autobuild-User(master): David Mulder <dmulder at samba.org>
Autobuild-Date(master): Mon Oct 25 15:04:18 UTC 2021 on sn-devel-184
- - - - -
7c9195e2 by David Mulder at 2021-10-26T14:23:42+00:00
samba-tool: Pick local host if calling samba-tool from DC
It is reasonable to assume, that if we are running a command from a DC,
that a user expects that the command will run against this DC.
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Rowland Penny <rpenny at samba.org>
Autobuild-User(master): David Mulder <dmulder at samba.org>
Autobuild-Date(master): Tue Oct 26 14:23:42 UTC 2021 on sn-devel-184
- - - - -
2be0a19d by David Mulder at 2021-10-26T16:00:28+00:00
Revert "samba-tool: Pick local host if calling samba-tool from DC"
This reverts commit 7c9195e28bc51ac375d609f8306db2456f348167.
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): David Mulder <dmulder at samba.org>
Autobuild-Date(master): Tue Oct 26 16:00:28 UTC 2021 on sn-devel-184
- - - - -
5c664047 by Andreas Schneider at 2021-10-28T12:32:35+00:00
testprogs: Use new cmdline option for kerberos
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14846
Signed-off-by: Andreas Schneider <asn at cryptomilk.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
16d43ccf by Andreas Schneider at 2021-10-28T13:23:34+00:00
lib:cmdline: Fix -k option which doesn't expect anything
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14846
Signed-off-by: Andreas Schneider <asn at cryptomilk.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Thu Oct 28 13:23:34 UTC 2021 on sn-devel-184
- - - - -
f73aff50 by Ralph Boehme at 2021-10-28T18:11:28+00:00
lib: add NTTIME_THAW
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14127
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d8477930 by Ralph Boehme at 2021-10-28T18:11:28+00:00
lib: fix null_nttime() tests
The test was checking -1 twice:
torture_assert(tctx, null_nttime(-1), "-1");
torture_assert(tctx, null_nttime(-1), "-1");
The first line was likely supposed to test the value "0".
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14127
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e2740e48 by Ralph Boehme at 2021-10-28T18:11:28+00:00
lib: use NTTIME_FREEZE in a null_nttime() test
No change in behaviour.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14127
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
5503bde9 by Ralph Boehme at 2021-10-28T18:11:28+00:00
lib: update null_nttime() of -1: -1 is NTTIME_FREEZE
NTTIME_FREEZE is not a nil sentinel value, instead it implies special, yet
unimplemented semantics. Callers must deal with those values specifically and
null_nttime() must not lie about their nature.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14127
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
194faa76 by Ralph Boehme at 2021-10-28T18:11:28+00:00
lib: add a test for null_nttime(NTTIME_THAW)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14127
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
0659069f by Ralph Boehme at 2021-10-28T18:11:28+00:00
torture: add a test for NTTIME_FREEZE and NTTIME_THAW
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14127
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
6ed71ad7 by Ralph Boehme at 2021-10-28T18:11:28+00:00
lib: handle NTTIME_THAW in nt_time_to_full_timespec()
Preliminary handling of NTTIME_THAW to avoid NTTIME_THAW is passed as some
mangled value down to the VFS set timestamps function.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14127
RN: Avoid storing NTTIME_THAW (-2) as value on disk
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
7f6f4777 by Andreas Schneider at 2021-10-28T19:03:04+00:00
third_party: Update pam_wrapper to version 1.1.4
Signed-off-by: Andreas Schneider <asn at cryptomilk.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Oct 28 19:03:04 UTC 2021 on sn-devel-184
- - - - -
866c1633 by Andreas Schneider at 2021-10-29T10:16:15+00:00
editorconfig: Heimdal has mixed spaces and tabs with different width
Signed-off-by: Andreas Schneider <asn at cryptomilk.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Fri Oct 29 10:16:15 UTC 2021 on sn-devel-184
- - - - -
ad0082d7 by Jeremy Allison at 2021-10-29T14:02:34+00:00
s3: smbd: Add two tests showing recursive directory delete of a directory containing veto file and msdfs links over SMB2.
Add knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14878
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
73de1194 by Jeremy Allison at 2021-10-29T14:02:34+00:00
s3: smbd: Fix recursive directory delete of a directory containing veto file and msdfs links.
Remove knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14878
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
942123b9 by Jeremy Allison at 2021-10-29T14:02:34+00:00
s3: smbd: Add two tests showing the ability to delete a directory containing a dangling symlink over SMB2 depends on "delete veto files" setting.
Add knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14879
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
295d7d02 by Jeremy Allison at 2021-10-29T14:02:34+00:00
s3: VFS: streams_depot. Allow unlinkat to cope with dangling symlinks.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14879
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
f254be19 by Jeremy Allison at 2021-10-29T14:02:34+00:00
s3: VFS: xattr_tdb. Allow unlinkat to cope with dangling symlinks.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14879
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
a37d16e7 by Jeremy Allison at 2021-10-29T14:02:34+00:00
s3: smbd: Fix rmdir_internals() to do an early return if lp_delete_veto_files() is not set.
Fix the comments to match what the code actually does. The
exit at the end of the scan directory loop if we find a client
visible filename is a change in behavior, but the previous
behavior (not exist on visible filename, but delete it) was
a bug and in non-tested code. Now it's testd.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14879
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
26fecad2 by Jeremy Allison at 2021-10-29T14:02:34+00:00
s3: smbd: Fix logic in rmdir_internals() to cope with dangling symlinks.
Still need to add the same logic in can_delete_directory_fsp()
before we can delete the knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14879
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
e9ef970e by Jeremy Allison at 2021-10-29T14:02:34+00:00
s3: smbd: Fix logic in can_delete_directory_fsp() to cope with dangling symlinks.
Remove knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14879
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
0b818c6b by Jeremy Allison at 2021-10-29T14:57:14+00:00
s3: docs-xml: Clarify the "delete veto files" paramter.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14879
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Fri Oct 29 14:57:14 UTC 2021 on sn-devel-184
- - - - -
14f56750 by eaglegai at 2021-10-29T20:29:26+00:00
fix undefined-shift in put_res_rec fuzz error: ../../source3/libsmb/nmblib.c:451:4: runtime error: left shift of 65312 by 16 places cannot be represented in type 'int'
Author: eaglegai <eaglegai at 163.com>
Signed-off-by: eaglegai <eaglegai at 163.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Oct 29 20:29:26 UTC 2021 on sn-devel-184
- - - - -
be3a47e2 by Andrew Walker at 2021-10-30T04:34:53+00:00
s3:modules:recycle - fix crash in recycle_unlink_internal
Original logic for separating path from base name assumed
that we were using same string to determine offset when
getting the parent dir name (smb_fname->base_name).
Simplify by using parent_dirname() to split the path
from base name.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14888
Signed-off-by: Andrew Walker <awalker at ixsystems.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Sat Oct 30 04:34:53 UTC 2021 on sn-devel-184
- - - - -
5e1e9d74 by Martin Schwenke at 2021-11-01T06:37:32+00:00
debug: Add debug_syslog_format setting
Without debug_hires_timestamp this produces a syslog style header
containing:
"MON DD HH:MM:SS HOSTNAME PROGNAME[PID] "
With debug_hires_timestamp this produces a syslog style header
containing:
"RFC5424-TIMESTAMP HOSTNAME PROGNAME[PID] "
All other settings are ignored.
This will be made visible via smb.conf in a subsequent commit.
This commit adds some simple hostname handling. It avoids using
get_myname() from util.c because using that potentially pulls in all
manner of dependencies. No real error handling is done. In the worst
case debug_set_hostname() sets the hostname to a truncated version of
the given string. Similarly, in an even weirder world,
ensure_hostname() sets the hostname to a truncation of "unknown".
Both of these are unlikely in all reasonable cases.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
494eb0c2 by Martin Schwenke at 2021-11-01T07:29:47+00:00
debug: Add new smb.conf option "debug syslog format"
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Mon Nov 1 07:29:47 UTC 2021 on sn-devel-184
- - - - -
d3eb2a5d by David Mulder at 2021-11-01T20:29:36+00:00
gp: Add Firewalld ADMX templates
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
cd73e410 by David Mulder at 2021-11-01T20:29:36+00:00
gp: Test Firewalld Group Policy Apply
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
5199eb14 by David Mulder at 2021-11-01T21:16:43+00:00
gp: Apply Firewalld Policy
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon Nov 1 21:16:43 UTC 2021 on sn-devel-184
- - - - -
a8a06672 by Pavel Filipenský at 2021-11-03T08:36:00+00:00
s3:librpc: Improve calling of krb5_kt_end_seq_get()
Remove indentation with early return, best reviewed with
git show -b
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Wed Nov 3 08:36:00 UTC 2021 on sn-devel-184
- - - - -
bbdcd66c by Jeremy Allison at 2021-11-03T14:33:49+00:00
s3: smbd: dirfsp is being used uninitialized inside rmdir_internals().
Not caught be the tests in bugs 14878, 14879 as can_delete_directory_fsp()
doesn't have the same bug.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14892
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Wed Nov 3 14:33:49 UTC 2021 on sn-devel-184
- - - - -
3cb9f8f5 by Ralph Boehme at 2021-11-03T16:45:32+00:00
vfs_fruit: remove a fsp check from ad_fset()
This comes from times before we had pathref fsps. Back then if you wanted to
check if fsp->fh->fd contained a valid value != -1, you'd also first check that
the passed in fsp and fsp->fh are non NULL. With pathref fsps we don't need this
anymore.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14890
RN: Crash in vfs_fruit asking for fsp_get_io_fd() for an XATTR call
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
b919798f by Ralph Boehme at 2021-11-03T17:33:00+00:00
smbd: early out in is_visible_fsp()
This is used in a hot codepath (directory enumeration) so we should avoiding the
string comparisions by adding an early exit.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Nov 3 17:33:00 UTC 2021 on sn-devel-184
- - - - -
adfad639 by Jeremy Allison at 2021-11-04T08:22:34+00:00
s3: smbtorture3: Add test for setting delete on close on a directory, then creating a file within to see if delete succeeds.
Exposes an existing problem where "ret" is overwritten
in the directory scan.
Add knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14892
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
141f3f5f by Jeremy Allison at 2021-11-04T09:10:27+00:00
s3: smbd: Ensure in the directory scanning loops inside rmdir_internals() we don't overwrite the 'ret' variable.
If we overwrite with ret=0, we return NT_STATUS_OK even when we goto err.
This function should be restructured to use NT_STATUS internally,
and make 'int ret' transitory, but that's a patch for another
time.
Remove knownfail.
BUG: BUG: https://bugzilla.samba.org/show_bug.cgi?id=14892
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Thu Nov 4 09:10:27 UTC 2021 on sn-devel-184
- - - - -
c1470b12 by Stefan Metzmacher at 2021-11-04T19:04:31+00:00
s3/libsmb: check for global parametric option "libsmb:client_guid"
Useful in test.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14882
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
1fa006f1 by Ralph Boehme at 2021-11-04T19:04:31+00:00
CI: add a test for bug 14882
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14882
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
8082e2eb by Ralph Boehme at 2021-11-04T19:49:47+00:00
lib/dbwrap: reset deleted record to tdb_null
This allows the calling the following sequence of dbwrap functions:
dbwrap_delete_record(rec);
data = dbwrap_record_get_value(rec);
without triggering the assert rec->value_valid inside dbwrap_record_get_value().
Note that dbwrap_record_storev() continues to invalidate the record, so this
change somewhat blurs our semantics.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14882
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Nov 4 19:49:47 UTC 2021 on sn-devel-184
- - - - -
1fce72f7 by David Mulder at 2021-11-04T20:43:32+00:00
samba-tool: Add domain member leave
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Rowland Penny <rpenny at samba.org>
Autobuild-User(master): David Mulder <dmulder at samba.org>
Autobuild-Date(master): Thu Nov 4 20:43:32 UTC 2021 on sn-devel-184
- - - - -
e9495d2e by Günther Deschner at 2021-11-05T11:43:57+00:00
s3-winexe: Fix winexe core dump (use-after-free)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14893
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Günther Deschner <gd at samba.org>
Autobuild-Date(master): Fri Nov 5 11:43:57 UTC 2021 on sn-devel-184
- - - - -
e556b406 by Andreas Schneider at 2021-11-05T11:44:30+00:00
waf: Fix resolv_wrapper with glibc 2.34
With glibc 2.34 we are not able to talk to the DNS server via socket_wrapper
anymore. The res_* symbols have been moved from libresolv to libc. We are not
able to intercept any traffic inside of libc.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andreas Schneider <asn at cryptomilk.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
80115f9b by Andreas Schneider at 2021-11-05T12:36:55+00:00
gitlab-ci: Add Fedora 35 and drop Fedora 33
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andreas Schneider <asn at cryptomilk.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Fri Nov 5 12:36:55 UTC 2021 on sn-devel-184
- - - - -
f4cad8b2 by David Disseldorp at 2021-11-08T13:27:40+00:00
smbd: check lp_load_printers before reload via NetShareEnum
api_RNetShareEnum() unconditionally attempts to reload printers via
delete_and_reload_printers(). Add a lp_load_printers() check to
obey smb.conf "load printers = off" settings.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14895
Reported-by: Nate Stuyvesant <nstuyvesant at gmail.com>
Signed-off-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Mon Nov 8 13:27:40 UTC 2021 on sn-devel-184
- - - - -
93e59023 by Andrew Bartlett at 2021-11-09T19:45:32+00:00
CVE-2020-25722 dsdb: Tests for our known set of privileged attributes
This, except for where we choose to disagree, does pass
against Windows 2019.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14703
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14778
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14775
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
9ef9746b by Andrew Bartlett at 2021-11-09T19:45:32+00:00
CVE-2020-25722 dsdb: Move krbtgt password setup after the point of checking if any passwords are changed
This allows the add of an RODC, before setting the password, to avoid
this module, which helps isolate testing of security around the
msDS-SecondaryKrbTgtNumber attribute.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14703
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
f478aecc by Andrew Bartlett at 2021-11-09T19:45:32+00:00
CVE-2020-25722 dsdb: Restrict the setting of privileged attributes during LDAP add/modify
The remaining failures in the priv_attrs (not the strict one) test are
due to missing objectclass constraints on the administrator which should
be addressed, but are not a security issue.
A better test for confirming constraints between objectclass and
userAccountControl UF_NORMAL_ACCONT/UF_WORKSTATION_TRUST values would
be user_account_control.py.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14703
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14778
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14775
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
2bdff65b by Andrew Bartlett at 2021-11-09T19:45:32+00:00
CVE-2020-25722 selftest: Extend priv_attrs test - work around UF_NORMAL_ACCOUNT rules on Windows 2019 (requires |UF_PASSWD_NOTREQD or a password) - extend to also cover the sensitive UF_TRUSTED_FOR_DELEGATION
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14703
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14778
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14775
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
23983fb5 by Andrew Bartlett at 2021-11-09T19:45:32+00:00
CVE-2020-25722 selftest: Test combinations of account type and objectclass for creating a user
The idea here is to split out the restrictions seen on Windows 2019
at the schema level, as seen when acting as an administrator.
These pass against Windows 2019 except for the account type swapping
which is not wanted.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14753
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
0d804cfd by Andrew Bartlett at 2021-11-09T19:45:32+00:00
CVE-2020-25722 selftest: allow for future failures in BindTests.test_virtual_email_account_style_bind
This allows for any failures here to be handled via the knownfail system.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14753
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
63eb24f0 by Andrew Bartlett at 2021-11-09T19:45:32+00:00
CVE-2020-25722 selftest: Catch possible errors in PasswordSettingsTestCase.test_pso_none_applied()
This allows future patches to restrict changing the account type
without triggering an error.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14753
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
755e8a53 by Andrew Bartlett at 2021-11-09T19:45:32+00:00
CVE-2020-25722 selftest: Catch errors from samdb.modify() in user_account_control tests
This will allow these to be listed in a knownfail shortly.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14753
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
e5b94eea by Andrew Bartlett at 2021-11-09T19:45:32+00:00
CVE-2020-25722 dsdb: objectclass computer becomes UF_WORKSTATION_TRUST by default
There are a lot of knownfail entries added with this commit. These
all need to be addressed and removed in subsequent commits which
will restructure the tests to pass within this new reality.
This default applies even to users with administrator rights,
as changing the default based on permissions would break
to many assumptions.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14753
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
9c3259e5 by Andrew Bartlett at 2021-11-09T19:45:32+00:00
CVE-2020-25722 dsdb: Improve privileged and unprivileged tests for objectclass/doller/UAC
This helps ensure we cover off all the cases that matter
for objectclass/trailing-doller/userAccountControl
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14753
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
6a8f03c5 by Joseph Sutton at 2021-11-09T19:45:32+00:00
CVE-2020-25722 dsdb: Add tests for modifying objectClass, userAccountControl and sAMAccountName
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14753
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14889
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a00c525a by Andrew Bartlett at 2021-11-09T19:45:32+00:00
CVE-2020-25722 dsdb: Prohibit mismatch between UF_ account types and objectclass.
There are a lot of knownfail entries added with this commit. These
all need to be addressed and removed in subsequent commits which
will restructure the tests to pass within this new reality.
The restriction is not applied to users with administrator rights,
as this breaks a lot of tests and provides no security benefit.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14753
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
dc089158 by Andrew Bartlett at 2021-11-09T19:45:32+00:00
CVE-2020-25722 selftest/priv_attrs: Mention that these knownfails are OK (for now)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14775
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
c77f9cba by Andrew Bartlett at 2021-11-09T19:45:32+00:00
CVE-2020-25722 selftest: Adapt selftest to restriction on swapping account types
This makes many of our tests pass again. We do not pass against Windows 2019 on all
as this does not have this restriction at this time.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14753
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
adf62800 by Andrew Bartlett at 2021-11-09T19:45:32+00:00
CVE-2020-25722 dsdb: samldb_objectclass_trigger() is only called on ADD, so remove indentation
This makes the code less indented and simpler to understand.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14753
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
53d0e5d3 by Andrew Bartlett at 2021-11-09T19:45:32+00:00
CVE-2020-25722 dsdb: Add restrictions on computer accounts without a trailing $
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14753
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
55cc9324 by Andrew Bartlett at 2021-11-09T19:45:32+00:00
CVE-2020-25722 selftest: Adapt sam.py test_isCriticalSystemObject to new UF_WORKSTATION_TRUST_ACCOUNT default
Objects with objectclass computer now have UF_WORKSTATION_TRUST_ACCOUNT
by default and so this test must adapt.
The changes to this test passes against Windows 2019 except for
the new behaviour around the UF_WORKSTATION_TRUST_ACCOUNT default.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14753
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
0b06e9a5 by Andrew Bartlett at 2021-11-09T19:45:32+00:00
CVE-2020-25722 samdb: Fill in isCriticalSystemObject on any account type change
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14753
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
4150264c by Andrew Bartlett at 2021-11-09T19:45:32+00:00
CVE-2020-25722 selftest: Split test_userAccountControl into unit tests
The parts that create and delete a single object can be
safely split out into an individual test.
At this point the parts that fail against Windows 2019 are:
error: __main__.SamTests.test_userAccountControl_computer_add_normal [
_ldb.LdbError: (53, 'LDAP error 53 LDAP_UNWILLING_TO_PERFORM - <0000052D: SvcErr: DSID-031A1236, problem 5003 (WILL_NOT_PERFORM), data 0\n> <>')
error: __main__.SamTests.test_userAccountControl_computer_modify [
_ldb.LdbError: (53, 'LDAP error 53 LDAP_UNWILLING_TO_PERFORM - <0000052D: SvcErr: DSID-031A1236, problem 5003 (WILL_NOT_PERFORM), data 0\n> <>')
error: __main__.SamTests.test_userAccountControl_user_add_0_uac [
_ldb.LdbError: (53, 'LDAP error 53 LDAP_UNWILLING_TO_PERFORM - <0000052D: SvcErr: DSID-031A1236, problem 5003 (WILL_NOT_PERFORM), data 0\n> <>')
error: __main__.SamTests.test_userAccountControl_user_add_normal [
_ldb.LdbError: (53, 'LDAP error 53 LDAP_UNWILLING_TO_PERFORM - <0000052D: SvcErr: DSID-031A1236, problem 5003 (WILL_NOT_PERFORM), data 0\n> <>')
error: __main__.SamTests.test_userAccountControl_user_modify [
_ldb.LdbError: (53, 'LDAP error 53 LDAP_UNWILLING_TO_PERFORM - <0000052D: SvcErr: DSID-031A1236, problem 5003 (WILL_NOT_PERFORM), data 0\n> <>')
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14753
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
756f116b by Andrew Bartlett at 2021-11-09T19:45:32+00:00
CVE-2020-25722 selftest: Adjust sam.py test_userAccountControl_computer_add_trust to new reality
We now enforce that a trust account must be a user.
These can not be added over LDAP anyway, and our C
code in the RPC server gets this right in any case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14753
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
6c03fb65 by Andrew Bartlett at 2021-11-09T19:45:32+00:00
CVE-2020-25722 selftest: New objects of objectclass=computer are workstations by default now
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14753
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
66986eef by Andrew Bartlett at 2021-11-09T19:45:32+00:00
CVE-2020-25722 selftest: Adapt sam.py test to userAccountControl/objectclass restrictions
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14753
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
56eff305 by Andrew Bartlett at 2021-11-09T19:45:32+00:00
CVE-2020-25722 selftest: adapt ldap.py/sam.py test_all tests to new default computer behaviour
Objects of objectclass computer are computers by default now and this changes
the sAMAccountType and primaryGroupID as well as userAccountControl
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14753
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
adfae125 by Andrew Bartlett at 2021-11-09T19:45:32+00:00
CVE-2020-25722 selftest: Allow self.assertRaisesLdbError() to take a list of errors to match with
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14753
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
b001f916 by Andrew Bartlett at 2021-11-09T19:45:32+00:00
CVE-2020-25722 selftest/user_account_control: Allow a broader set of possible errors
This favors a test that confirms we got an error over getting exactly
the right error, at least for now.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14753
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
ccd94963 by Andrew Bartlett at 2021-11-09T19:45:32+00:00
CVE-2020-25722 selftest/user_account_control: more work to cope with UAC/objectclass defaults and lock
This new restriction breaks a large number of assumptions in the tests, like
that you can remove some UF_ flags, because it turns out doing so will
make the 'computer' a 'user' again, and this will fail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14753
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
558f440f by Andrew Bartlett at 2021-11-09T19:45:32+00:00
CVE-2020-25721 krb5pac: Add new buffers for samAccountName and objectSID
These appear when PAC_UPN_DNS_FLAG_HAS_SAM_NAME_AND_SID is set.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14835
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
f7f49db7 by Joseph Sutton at 2021-11-09T19:45:32+00:00
CVE-2020-25718 tests/krb5: Allow tests accounts to replicate to RODC
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14558
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ff6631ec by Joseph Sutton at 2021-11-09T19:45:32+00:00
CVE-2020-25719 CVE-2020-25717 tests/krb5: Modify get_service_ticket() to use _generic_kdc_exchange()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14799
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14561
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
06168fd4 by Joseph Sutton at 2021-11-09T19:45:32+00:00
CVE-2020-25719 CVE-2020-25717 tests/krb5: Add pac_request parameter to get_service_ticket()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14799
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14561
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
43df8d0b by Joseph Sutton at 2021-11-09T19:45:32+00:00
CVE-2020-25722 tests/krb5: Allow creating server accounts
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14776
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4a792ad9 by Joseph Sutton at 2021-11-09T19:45:32+00:00
CVE-2020-25719 tests/krb5: Add is_tgt() helper method
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14686
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
dbedf5b6 by Joseph Sutton at 2021-11-09T19:45:32+00:00
CVE-2020-25719 tests/krb5: Add method to get unique username for test accounts
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14686
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4ac05264 by Joseph Sutton at 2021-11-09T19:45:32+00:00
MS CVE-2020-17049 tests/krb5: Allow tests to pass if ticket signature checksum type is wrong
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
23dc0cbd by Joseph Sutton at 2021-11-09T19:45:32+00:00
CVE-2020-25721 tests/krb5: Check PAC buffer types when STRICT_CHECKING=0
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14835
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
873ac6d8 by Joseph Sutton at 2021-11-09T19:45:32+00:00
CVE-2020-25719 CVE-2020-25717 tests/krb5: Refactor create_ccache_with_user() to take credentials of target service
This allows us to use get_tgt() and get_service_ticket() to obtain
tickets, which simplifies the logic.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14799
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14561
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4125650a by Joseph Sutton at 2021-11-09T19:45:32+00:00
CVE-2020-25719 CVE-2020-25717 tests/krb5: Allow create_ccache_with_user() to return a ticket without a PAC
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14799
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14561
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
89c88a83 by Joseph Sutton at 2021-11-09T19:45:32+00:00
CVE-2020-25722 tests/krb5: Add KDC tests for 3-part SPNs
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14776
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3f7b971d by Joseph Sutton at 2021-11-09T19:45:32+00:00
CVE-2020-25721 ndrdump: Add tests for PAC with UPN_DNS_INFO
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14835
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
bd87905c by Joseph Sutton at 2021-11-09T19:45:32+00:00
CVE-2020-25719 tests/krb5: Add tests for requiring and issuing a PAC
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14561
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
48e5154d by Joseph Sutton at 2021-11-09T19:45:32+00:00
CVE-2020-25719 tests/krb5: Add a test for making an S4U2Self request without a PAC
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14686
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7f7476b0 by Joseph Sutton at 2021-11-09T19:45:32+00:00
CVE-2020-25719 tests/krb5: Add principal aliasing test
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14686
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3af0c36a by Joseph Sutton at 2021-11-09T19:45:32+00:00
CVE-2020-25718 tests/krb5: Add tests for RODC-printed and invalid TGTs
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14558
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
24be2048 by Joseph Sutton at 2021-11-09T19:45:32+00:00
CVE-2020-25719 tests/krb5: Add tests for including authdata without a PAC
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14561
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
903ab1a0 by Joseph Sutton at 2021-11-09T19:45:32+00:00
CVE-2020-25721 tests/krb5: Add tests for extended PAC_UPN_DNS_INFO PAC buffer
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14835
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9fe1b719 by Stefan Metzmacher at 2021-11-09T19:45:32+00:00
CVE-2020-25719 CVE-2020-25717 tests/krb5: Add tests for connecting to services anonymously and without a PAC
At the end of the patchset we assume NT_STATUS_NO_IMPERSONATION_TOKEN if
no PAC is available.
For now we want to look for ACCESS_DENIED as this allows
the test to pass (showing that gensec:require_pac = true
is a useful partial mitigation).
This will also help others doing backports that do not
take the full patch set.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14801
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14799
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14561
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f9b16272 by Stefan Metzmacher at 2021-11-09T19:45:32+00:00
CVE-2020-25719 CVE-2020-25717: selftest: remove "gensec:require_pac" settings
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14799
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14561
[jsutton at samba.org Added knownfail entries]
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b4ea50f8 by Joseph Sutton at 2021-11-09T19:45:32+00:00
CVE-2020-25719 CVE-2020-25717 tests/krb5: Adapt tests for connecting without a PAC to new error codes
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14799
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14561
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
05587361 by Stefan Metzmacher at 2021-11-09T19:45:32+00:00
CVE-2020-25717: s3:winbindd: make sure we default to r->out.authoritative = true
We need to make sure that temporary failures don't trigger a fallback
to the local SAM that silently ignores the domain name part for users.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0e23000f by Stefan Metzmacher at 2021-11-09T19:45:32+00:00
CVE-2020-25717: s4:auth/ntlm: make sure auth_check_password() defaults to r->out.authoritative = true
We need to make sure that temporary failures don't trigger a fallback
to the local SAM that silently ignores the domain name part for users.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6aedd965 by Stefan Metzmacher at 2021-11-09T19:45:32+00:00
CVE-2020-25717: s4:torture: start with authoritative = 1
This is not strictly needed, but makes it easier to audit
that we don't miss important places.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9a235158 by Stefan Metzmacher at 2021-11-09T19:45:32+00:00
CVE-2020-25717: s4:smb_server: start with authoritative = 1
This is not strictly needed, but makes it easier to audit
that we don't miss important places.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
76ec5f94 by Stefan Metzmacher at 2021-11-09T19:45:32+00:00
CVE-2020-25717: s4:auth_simple: start with authoritative = 1
This is not strictly needed, but makes it easier to audit
that we don't miss important places.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
cc6d6310 by Stefan Metzmacher at 2021-11-09T19:45:32+00:00
CVE-2020-25717: s3:ntlm_auth: start with authoritative = 1
This is not strictly needed, but makes it easier to audit
that we don't miss important places.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
cc32b246 by Stefan Metzmacher at 2021-11-09T19:45:32+00:00
CVE-2020-25717: s3:torture: start with authoritative = 1
This is not strictly needed, but makes it easier to audit
that we don't miss important places.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4cda4167 by Stefan Metzmacher at 2021-11-09T19:45:32+00:00
CVE-2020-25717: s3:rpcclient: start with authoritative = 1
This is not strictly needed, but makes it easier to audit
that we don't miss important places.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
27d20fc3 by Stefan Metzmacher at 2021-11-09T19:45:32+00:00
CVE-2020-25717: s3:auth: start with authoritative = 1
This is not strictly needed, but makes it easier to audit
that we don't miss important places.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
79a6616c by Stefan Metzmacher at 2021-11-09T19:45:32+00:00
CVE-2020-25717: auth/ntlmssp: start with authoritative = 1
This is not strictly needed, but makes it easier to audit
that we don't miss important places.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b39b698c by Samuel Cabrero at 2021-11-09T19:45:32+00:00
CVE-2020-25717: loadparm: Add new parameter "min domain uid"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14801
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6771b2f2 by Samuel Cabrero at 2021-11-09T19:45:33+00:00
CVE-2020-25717: selftest: Add ad_member_no_nss_wb environment
This environment creates an AD member that doesn't have
'nss_winbind' configured, while winbindd is still started.
For testing we map a DOMAIN\root user to the local root
account and unix token of the local root user.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14801
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
14b9f905 by Samuel Cabrero at 2021-11-09T19:45:33+00:00
CVE-2020-25717: selftest: Add a test for the new 'min domain uid' parameter
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14801
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
[abartlet at samba.org Fixed knowfail per instruction from metze]
- - - - -
97d54027 by Stefan Metzmacher at 2021-11-09T19:45:33+00:00
CVE-2020-25717: s3:auth: let auth3_generate_session_info_pac() forward the low level errors
Mapping everything to ACCESS_DENIED makes it hard to debug problems,
which may happen because of our more restrictive behaviour in future.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14801
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4b78ad73 by Samuel Cabrero at 2021-11-09T19:45:33+00:00
CVE-2020-25717: s3:auth: Check minimum domain uid
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14801
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
[abartlet at samba.org Removed knownfail on advice from metze]
- - - - -
28fae9c2 by Stefan Metzmacher at 2021-11-09T19:45:33+00:00
CVE-2020-25717: s3:auth: we should not try to autocreate the guest account
We should avoid autocreation of users as much as possible.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14801
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
dd0423bf by Stefan Metzmacher at 2021-11-09T19:45:33+00:00
CVE-2020-25717: s3:auth: no longer let check_account() autocreate local users
So far we autocreated local user accounts based on just the
account_name (just ignoring any domain part).
This only happens via a possible 'add user script',
which is not typically defined on domain members
and on NT4 DCs local users already exist in the
local passdb anyway.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14801
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8f79ee99 by Ralph Boehme at 2021-11-09T19:45:33+00:00
CVE-2020-25717: s3:auth: remove fallbacks in smb_getpwnam()
So far we tried getpwnam("DOMAIN\account") first and
always did a fallback to getpwnam("account") completely
ignoring the domain part, this just causes problems
as we mix "DOMAIN1\account", "DOMAIN2\account",
and "account"!
As we require a running winbindd for domain member setups
we should no longer do a fallback to just "account" for
users served by winbindd!
For users of the local SAM don't use this code path,
as check_sam_security() doesn't call check_account().
The only case where smb_getpwnam("account") happens is
when map_username() via ("username map [script]") mapped
"DOMAIN\account" to something without '\', but that is
explicitly desired by the admin.
Note: use 'git show -w'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14801
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Ralph Boehme <slow at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
52190982 by Stefan Metzmacher at 2021-11-09T19:45:33+00:00
CVE-2020-25717: s3:lib: add lp_allow_trusted_domains() logic to is_allowed_domain()
is_allowed_domain() is a central place we already use to
trigger NT_STATUS_AUTHENTICATION_FIREWALL_FAILED, so
we can add additional logic there.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14801
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
57abb7f8 by Stefan Metzmacher at 2021-11-09T19:45:33+00:00
CVE-2020-25717: s3:auth: don't let create_local_token depend on !winbind_ping()
We always require a running winbindd on a domain member, so
we should better fail a request instead of silently alter
the behaviour, which results in a different unix token, just
because winbindd might be restarted.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14801
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e2d5b4d7 by Alexander Bokovoy at 2021-11-09T19:45:33+00:00
CVE-2020-25717: Add FreeIPA domain controller role
As we want to reduce use of 'classic domain controller' role but FreeIPA
relies on it internally, add a separate role to mark FreeIPA domain
controller role.
It means that role won't result in ROLE_STANDALONE.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14801
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Alexander Bokovoy <ab at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e2d271cb by Stefan Metzmacher at 2021-11-09T19:45:33+00:00
CVE-2020-25719 CVE-2020-25717: auth/gensec: always require a PAC in domain mode (DC or member)
AD domains always provide a PAC unless UF_NO_AUTH_DATA_REQUIRED is set
on the service account, which can only be explicitly configured,
but that's an invalid configuration!
We still try to support standalone servers in an MIT realm,
as legacy setup.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14801
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
[jsutton at samba.org Removed knownfail entries]
- - - - -
935feff8 by Stefan Metzmacher at 2021-11-09T19:45:33+00:00
CVE-2020-25719 CVE-2020-25717: s4:auth: remove unused auth_generate_session_info_principal()
We'll require a PAC at the main gensec layer already.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14801
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
bd8d06ff by Stefan Metzmacher at 2021-11-09T19:45:33+00:00
CVE-2020-25717: s3:ntlm_auth: fix memory leaks in ntlm_auth_generate_session_info_pac()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14801
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c4ddf939 by Stefan Metzmacher at 2021-11-09T19:45:33+00:00
CVE-2020-25717: s3:ntlm_auth: let ntlm_auth_generate_session_info_pac() base the name on the PAC LOGON_INFO only
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14801
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
566c2b29 by Stefan Metzmacher at 2021-11-09T19:45:33+00:00
CVE-2020-25717: s3:auth: let auth3_generate_session_info_pac() delegate everything to make_server_info_wbcAuthUserInfo()
This consolidates the code paths used for NTLMSSP and Kerberos!
I checked what we were already doing for NTLMSSP, which is this:
a) source3/auth/auth_winbind.c calls wbcAuthenticateUserEx()
b) as a domain member we require a valid response from winbindd,
otherwise we'll return NT_STATUS_NO_LOGON_SERVERS
c) we call make_server_info_wbcAuthUserInfo(), which internally
calls make_server_info_info3()
d) auth_check_ntlm_password() calls
smb_pam_accountcheck(unix_username, rhost), where rhost
is only an ipv4 or ipv6 address (without reverse dns lookup)
e) from auth3_check_password_send/auth3_check_password_recv()
server_returned_info will be passed to auth3_generate_session_info(),
triggered by gensec_session_info(), which means we'll call into
create_local_token() in order to transform auth_serversupplied_info
into auth_session_info.
For Kerberos gensec_session_info() will call
auth3_generate_session_info_pac() via the gensec_generate_session_info_pac()
helper function. The current logic is this:
a) gensec_generate_session_info_pac() is the function that
evaluates the 'gensec:require_pac', which defaulted to 'no'
before.
b) auth3_generate_session_info_pac() called
wbcAuthenticateUserEx() in order to pass the PAC blob
to winbindd, but only to prime its cache, e.g. netsamlogon cache
and others. Most failures were just ignored.
c) If the PAC blob is available, it extracted the PAC_LOGON_INFO
from it.
d) Then we called the horrible get_user_from_kerberos_info() function:
- It uses a first part of the tickets principal name (before the @)
as username and combines that with the 'logon_info->base.logon_domain'
if the logon_info (PAC) is present.
- As a fallback without a PAC it's tries to ask winbindd for a mapping
from realm to netbios domain name.
- Finally is falls back to using the realm as netbios domain name
With this information is builds 'userdomain+winbind_separator+useraccount'
and calls map_username() followed by smb_getpwnam() with create=true,
Note this is similar to the make_server_info_info3() => check_account()
=> smb_getpwnam() logic under 3.
- It also calls smb_pam_accountcheck(), but may pass the reverse DNS lookup name
instead of the ip address as rhost.
- It does some MAP_TO_GUEST_ON_BAD_UID logic and auto creates the
guest account.
e) We called create_info3_from_pac_logon_info()
f) make_session_info_krb5() calls gets called and triggers this:
- If get_user_from_kerberos_info() mapped to guest, it calls
make_server_info_guest()
- If create_info3_from_pac_logon_info() created a info3 from logon_info,
it calls make_server_info_info3()
- Without a PAC it tries pdb_getsampwnam()/make_server_info_sam() with
a fallback to make_server_info_pw()
From there it calls create_local_token()
I tried to change auth3_generate_session_info_pac() to behave similar
to auth_winbind.c together with auth3_generate_session_info() as
a domain member, as we now rely on a PAC:
a) As domain member we require a PAC and always call wbcAuthenticateUserEx()
and require a valid response!
b) we call make_server_info_wbcAuthUserInfo(), which internally
calls make_server_info_info3(). Note make_server_info_info3()
handles MAP_TO_GUEST_ON_BAD_UID and make_server_info_guest()
internally.
c) Similar to auth_check_ntlm_password() we now call
smb_pam_accountcheck(unix_username, rhost), where rhost
is only an ipv4 or ipv6 address (without reverse dns lookup)
d) From there it calls create_local_token()
As standalone server (in an MIT realm) we continue
with the already existing code logic, which works without a PAC:
a) we keep smb_getpwnam() with create=true logic as it
also requires an explicit 'add user script' option.
b) In the following commits we assert that there's
actually no PAC in this mode, which means we can
remove unused and confusing code.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14646
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3ed0e5b9 by Stefan Metzmacher at 2021-11-09T19:45:33+00:00
CVE-2020-25717: selftest: configure 'ktest' env with winbindd and idmap_autorid
The 'ktest' environment was/is designed to test kerberos in an active
directory member setup. It was created at a time we wanted to test
smbd/winbindd with kerberos without having the source4 ad dc available.
This still applies to testing the build with system krb5 libraries
but without relying on a running ad dc.
As a domain member setup requires a running winbindd, we should test it
that way, in order to reflect a valid setup.
As a side effect it provides a way to demonstrate that we can accept
smb connections authenticated via kerberos, but no connection to
a domain controller! In order get this working offline, we need an
idmap backend with ID_TYPE_BOTH support, so we use 'autorid', which
should be the default choice.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14646
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2609e429 by Stefan Metzmacher at 2021-11-09T19:45:33+00:00
CVE-2020-25717: s3:auth: let auth3_generate_session_info_pac() reject a PAC in standalone mode
We should be strict in standalone mode, that we only support MIT realms
without a PAC in order to keep the code sane.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e8bb0090 by Stefan Metzmacher at 2021-11-09T19:45:33+00:00
CVE-2020-25717: s3:auth: simplify get_user_from_kerberos_info() by removing the unused logon_info argument
This code is only every called in standalone mode on a MIT realm,
it means we never have a PAC and we also don't have winbindd arround.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
757f1d20 by Stefan Metzmacher at 2021-11-09T19:45:33+00:00
CVE-2020-25717: s3:auth: simplify make_session_info_krb5() by removing unused arguments
This is only ever be called in standalone mode with an MIT realm,
so we don't have a PAC/info3 structure.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
62d1cb4c by Joseph Sutton at 2021-11-09T19:45:33+00:00
CVE-2020-25722 Add test for SPN deletion followed by addition
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14876
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
[abartlet at samba.org Removed transaction hooks, these do nothing over
remote LDAP]
- - - - -
48e3cf96 by Joseph Sutton at 2021-11-09T19:45:33+00:00
CVE-2020-25722 s4:dsdb:tests: Add missing self.fail() calls
Without these calls the tests could pass if an expected error did not
occur.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14832
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
[abartlet at samba.org Included in backport as changing ACLs while
ACL tests are not checking for unexpected success would be bad]
- - - - -
6121f31c by Nadezhda Ivanova at 2021-11-09T19:45:33+00:00
CVE-2020-25722: s4-acl: test Control Access Rights honor the Applies-to attribute
Validate Writes and Control Access Rights should only grant access if the
object is of the type listed in the Right's appliesTo attribute.
Tests to verify this behavior
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14832
Signed-off-by: Nadezhda Ivanova <nivanova at symas.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8da6d0bf by Nadezhda Ivanova at 2021-11-09T19:45:33+00:00
CVE-2020-25722: s4-acl: Make sure Control Access Rights honor the Applies-to attribute
Validate Writes and Control Access Rights only grant access if the
object is of the type listed in the Right's appliesTo attribute. For
example, even though a Validated-SPN access may be granted to a user
object in the SD, it should only pass if the object is of class
computer This patch enforces the appliesTo attribute classes for
access checks from within the ldb stack.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14832
Signed-off-by: Nadezhda Ivanova <nivanova at symas.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
42eb5fee by Andrew Bartlett at 2021-11-09T19:45:33+00:00
CVE-2020-25722 Check all elements in acl_check_spn() not just the first one
Thankfully we are aleady in a loop over all the message elements in
acl_modify() so this is an easy and safe change to make.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14876
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
2c4aee11 by Andrew Bartlett at 2021-11-09T19:45:33+00:00
CVE-2020-25722 Check for all errors from acl_check_extended_right() in acl_check_spn()
We should not fail open on error.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14876
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
de24916a by Douglas Bagnall at 2021-11-09T19:45:33+00:00
CVE-2020-25722 pytests: add reverse lookup dict for LDB error codes
You can give ldb_err() it a number, an LdbError, or a sequence of
numbers, and it will return the corresponding strings. Examples:
ldb_err(68) # "LDB_ERR_ENTRY_ALREADY_EXISTS"
LDB_ERR_LUT[68] # "LDB_ERR_ENTRY_ALREADY_EXISTS"
expected = (ldb.ERR_INSUFFICIENT_ACCESS_RIGHTS,
ldb.ERR_INVALID_CREDENTIALS)
try:
foo()
except ldb.LdbError as e:
self.fail(f"got {ldb_err(e)}, expected one of {ldb_err(expected)}")
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14564
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b919246c by Douglas Bagnall at 2021-11-09T19:45:33+00:00
CVE-2020-25722 pytest: assertRaisesLdbError invents a message if you're lazy
This makes it easier to convert tests that don't have good messages.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14564
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c7e3617c by Douglas Bagnall at 2021-11-09T19:45:33+00:00
CVE-2020-25722 s4/dsdb/cracknames: always free tmp_ctx in spn_alias
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14564
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5a79fca9 by Douglas Bagnall at 2021-11-09T19:45:33+00:00
CVE-2020-25722 s4/cracknames: lookup_spn_alias doesn't need krb5 context
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14564
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7243bd7d by Douglas Bagnall at 2021-11-09T19:45:33+00:00
CVE-2020-25722 samba-tool spn: accept -H for database url
Following the convention and making testing easier
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14564
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
72a2c21f by Douglas Bagnall at 2021-11-09T19:45:33+00:00
CVE-2020-25722 samba-tool spn add: remove --force option
This did not actually *force* the creation of a duplicate SPN, it just
ignored the client-side check for the existing copy. Soon we are going
to enforce SPN uniqueness on the server side, and this --force will not
work. This will make the --force test fail, and if that tests fail, so
will others that depend the duplicate values. So we remove those tests.
It is wrong-headed to try to make duplicate SPNs in any case, which is
probably why there is no sign of anyone ever having used this option.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14564
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8cde2370 by Douglas Bagnall at 2021-11-09T19:45:33+00:00
CVE-2020-25722 tests: blackbox samba-tool spn non-admin test
It is soon going to be impossible to add duplicate SPNs (short of
going behind DSDB's back on the local filesystem). Our test of adding
SPNs on non-admin users doubled as the test for adding a duplicate (using
--force). As --force is gone, we add these tests on Guest after the SPN
on Administrator is gone.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14564
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0a555cf0 by Douglas Bagnall at 2021-11-09T19:45:33+00:00
CVE-2020-25722 s4/provision: add host/ SPNs at the start
There are two reasons for this. Firstly, leaving SPNs unclaimed is
dangerous, as someone else could grab them first. Secondly, in some
circumstances (self join) we try to add a DNS/ SPN a little bit later
in provision. Under the rules we are introducing for CVE-2020-25722,
this will make our later attempts to add HOST/ fail.
This causes a few errors in samba4.blackbox.dbcheck.* tests, which
assert that revivified old domains match stored reference versions.
Now they don't, because they have servicePrincipalNames.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14564
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
55752c12 by Douglas Bagnall at 2021-11-09T19:45:33+00:00
CVE-2020-25722 blackbox/upgrades tests: ignore SPN for ldapcmp
We need to have the SPNs there before someone else nabs them, which
makes the re-provisioned old releases different from the reference
versions that we keep for this comparison.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14564
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
df34c11c by Douglas Bagnall at 2021-11-09T19:45:33+00:00
CVE-2020-25722 pytest: test sAMAccountName/userPrincipalName over ldap
Because the sam account name + the dns host name is used as the
default user principal name, we need to check for collisions between
these. Fixes are coming in upcoming patches.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14564
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
11540375 by Douglas Bagnall at 2021-11-09T19:45:33+00:00
CVE-2020-25722 pytest: test setting servicePrincipalName over ldap
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14564
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ce2930d2 by Douglas Bagnall at 2021-11-09T19:45:33+00:00
CVE-2020-25722 s4/cracknames: add comment pointing to samldb spn handling
These need to stay a little bit in sync. The reverse comment is there.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14564
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
efbf0b77 by Douglas Bagnall at 2021-11-09T19:45:33+00:00
CVE-2020-25722 s4/dsdb/samldb: add samldb_get_single_valued_attr() helper
This takes a string of logic out of samldb_unique_attr_check() that we
are going to need in other places, and that would be very tedious to
repeat.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14564
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b6f4d931 by Douglas Bagnall at 2021-11-09T19:45:33+00:00
CVE-2020-25722 s4/dsdb/samldb: unique_attr_check uses samldb_get_single_valued_attr()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14564
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
45a4a198 by Douglas Bagnall at 2021-11-09T19:45:33+00:00
CVE-2020-25722 s4/dsdb/samldb: check for clashes in UPNs/samaccountnames
We already know duplicate sAMAccountNames and UserPrincipalNames are bad,
but we also have to check against the values these imply in each other.
For example, imagine users with SAM account names "Alice" and "Bob" in
the realm "example.com". If they do not have explicit UPNs, by the logic
of MS-ADTS 5.1.1.1.1 they use the implict UPNs "alice at example.com" and
"bob at example.com", respectively. If Bob's UPN gets set to
"alice at example.com", it will clash with Alice's implicit one.
Therefore we refuse to allow a UPN that implies an existing SAM account
name and vice versa.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14564
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
510378f9 by Douglas Bagnall at 2021-11-09T19:45:33+00:00
CVE-2020-25722 s4/dsdb/samldb: check sAMAccountName for illegal characters
This only for the real account name, not the account name implicit in
a UPN. It doesn't matter if a UPN implies an illegal sAMAccountName,
since that is not going to conflict with a real one.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14564
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9235617c by Douglas Bagnall at 2021-11-09T19:45:33+00:00
CVE-2020-25722 s4/dsdb/samldb: check for SPN uniqueness, including aliases
Not only should it not be possible to add a servicePrincipalName that
is already present in the domain, it should not be possible to add one
that is implied by an entry in sPNMappings, unless the user is adding
an alias to another SPN and has rights to alter that one.
For example, with the default sPNMappings, cifs/ is an alias pointing to
host/, meaning if there is no cifs/example.com SPN, the host/example.com
one will be used instead. A user can add the cifs/example.com SPN only
if they can also change the host/example.com one (because adding the
cifs/ effectively changes the host/). The reverse is refused in all cases,
unless they happen to be on the same object. That is, if there is a
cifs/example.com SPN, there is no way to add host/example.com elsewhere.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14564
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
13377f0b by Douglas Bagnall at 2021-11-09T19:45:33+00:00
CVE-2020-25722 s4/dsdb/samldb: reject SPN with too few/many components
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14564
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8abf90a3 by Douglas Bagnall at 2021-11-09T19:45:33+00:00
CVE-2020-25722 s4/dsdb modules: add dsdb_get_expected_new_values()
This function collects a superset of all the new values for the specified
attribute that could result from an ldb add or modify message.
In most cases -- where there is a single add or modify -- the exact set
of added values is returned, and this is done reasonably efficiently
using the existing element. Where it gets complicated is when there are
multiple elements for the same attribute in a message. Anything added
before a replace or delete will be included in these results but may not
end up in the database if the message runs its course. Examples:
sequence result
1. ADD the element is returned (exact)
2. REPLACE the element is returned (exact)
3. ADD, ADD both elements are concatenated together (exact)
4. ADD, REPLACE both elements are concatenated together (superset)
5. REPLACE, ADD both elements are concatenated together (exact)
6. ADD, DEL, ADD adds are concatenated together (superset)
7. REPLACE, REPLACE both concatenated (superset)
8. DEL, ADD last element is returned (exact)
Why this? In the past we have treated dsdb_get_single_valued_attr() as if
it returned the complete set of possible database changes, when in fact it
only returned the last non-delete. That is, it could have missed values
in examples 3-7 above.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14876
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c24a4134 by Douglas Bagnall at 2021-11-09T19:45:33+00:00
CVE-2020-25722 s4/dsdb/samldb: samldb_get_single_valued_attr() check all values
using dsdb_get_expected_new_values().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14876
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4d50fe2f by Douglas Bagnall at 2021-11-09T19:45:33+00:00
CVE-2020-25722 s4/dsdb/samldb: samldb_sam_accountname_valid_check() check all values
Using dsdb_get_expected_new_values().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14876
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2a738275 by Douglas Bagnall at 2021-11-09T19:45:33+00:00
CVE-2020-25722 s4/dsdb/samldb: samldb_schema_add_handle_linkid() checks all values
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14876
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e4762f4c by Douglas Bagnall at 2021-11-09T19:45:33+00:00
CVE-2020-25722 s4/dsdb/samldb: samldb_schema_add_handle_mapiid() checks all values
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14876
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
87382e19 by Douglas Bagnall at 2021-11-09T19:45:33+00:00
CVE-2020-25722 s4/dsdb/samldb: samldb_prim_group_change() checks all values
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14876
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
bdfcea48 by Douglas Bagnall at 2021-11-09T19:45:33+00:00
CVE-2020-25722 s4/dsdb/samldb: samldb_user_account_control_change() checks all values
There is another call to dsdb_get_expected_new_values() in this function
that we change in the next commit.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14876
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
74623b64 by Douglas Bagnall at 2021-11-09T19:45:33+00:00
CVE-2020-25722 s4/dsdb/samldb _user_account_control_change() always add final value
dsdb_get_single_valued_attr() was finding the last non-delete element for
userAccountControl and changing its value to the computed value.
Unfortunately, the last non-delete element might not be the last element,
and a subsequent delete might remove it.
Instead we just add a replace on the end.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14876
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1e0176cf by Douglas Bagnall at 2021-11-09T19:45:33+00:00
CVE-2020-25722 s4/dsdb/samldb: samldb_pwd_last_set_change() checks all values
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14876
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4fb4136a by Douglas Bagnall at 2021-11-09T19:45:33+00:00
CVE-2020-25722 s4/dsdb/samldb: samldb_lockout_time() checks all values
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14876
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d1202040 by Douglas Bagnall at 2021-11-09T19:45:33+00:00
CVE-2020-25722 s4/dsdb/samldb: samldb_group_type_change() checks all values
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14876
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ecb2c3a8 by Douglas Bagnall at 2021-11-09T19:45:33+00:00
CVE-2020-25722 s4/dsdb/samldb: samldb_service_principal_names_change checks values
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14876
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
280c07f5 by Douglas Bagnall at 2021-11-09T19:45:33+00:00
CVE-2020-25722 s4/dsdb/samldb: samldb_fsmo_role_owner_check checks values
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14876
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ed9ec0b0 by Douglas Bagnall at 2021-11-09T19:45:33+00:00
CVE-2020-25722 s4/dsdb/samldb: samldb_fsmo_role_owner_check() wants one value
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14876
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
59201d54 by Douglas Bagnall at 2021-11-09T19:45:33+00:00
CVE-2020-25722 s4/dsdb/pwd_hash: password_hash_bypass gets all values
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14876
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b9962c1e by Douglas Bagnall at 2021-11-09T19:45:33+00:00
CVE-2020-25722 s4/dsdb/pwd_hash: rework pwdLastSet bypass
This tightens the logic a bit, in that a message with trailing DELETE
elements is no longer accepted when the bypass flag is set. In any case
this is an unlikely scenario as this is an internal flag set by a private
control in pdb_samba_dsdb_replace_by_sam().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14876
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5fe2633b by Douglas Bagnall at 2021-11-09T19:45:33+00:00
CVE-2020-25722 s4/dsdb/util: remove unused dsdb_get_single_valued_attr()
Nobody uses it now. It never really did what it said it did. Almost
every use was wrong. It was a trap.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14876
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
72840a97 by Joseph Sutton at 2021-11-09T19:45:33+00:00
CVE-2020-25722 selftest: Adapt ldap.py tests to new objectClass restrictions
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14753
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2249143f by Joseph Sutton at 2021-11-09T19:45:33+00:00
CVE-2020-25718 tests/krb5: Fix indentation
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14558
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6ec80380 by Joseph Sutton at 2021-11-09T19:45:33+00:00
CVE-2020-25719 krb5pac.idl: Add PAC_ATTRIBUTES_INFO PAC buffer type
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14561
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f4ed37ad by Joseph Sutton at 2021-11-09T19:45:33+00:00
CVE-2020-25719 krb5pac.idl: Add PAC_REQUESTER_SID PAC buffer type
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14561
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
336dfc32 by Joseph Sutton at 2021-11-09T19:45:33+00:00
CVE-2020-25719 tests/krb5: Provide expected parameters for both AS-REQs in get_tgt()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14561
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
dd251f26 by Joseph Sutton at 2021-11-09T19:45:33+00:00
CVE-2020-25719 tests/krb5: Allow update_pac_checksums=True if the PAC is not present
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14561
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
383bedd6 by Joseph Sutton at 2021-11-09T19:45:33+00:00
CVE-2020-25719 tests/krb5: Don't expect a kvno for user-to-user
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14873
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
21298ddf by Joseph Sutton at 2021-11-09T19:45:33+00:00
CVE-2020-25719 tests/krb5: Expect 'renew-till' element when renewing a TGT
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14561
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
96025945 by Joseph Sutton at 2021-11-09T19:45:33+00:00
CVE-2020-25719 tests/krb5: Return ticket from _tgs_req()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14561
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a236e2cc by Joseph Sutton at 2021-11-09T19:45:33+00:00
CVE-2020-25719 tests/krb5: Use correct credentials for user-to-user tests
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14873
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
faf47b0b by Joseph Sutton at 2021-11-09T19:45:33+00:00
CVE-2020-25719 tests/krb5: Adjust PAC tests to prepare for new PAC_ATTRIBUTES_INFO buffer
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14561
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
924f3231 by Joseph Sutton at 2021-11-09T19:45:33+00:00
CVE-2020-25719 tests/krb5: Adjust expected error codes for user-to-user tests
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14873
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e647186c by Joseph Sutton at 2021-11-09T19:45:33+00:00
CVE-2020-25719 tests/krb5: tests/krb5: Adjust expected error code for S4U2Self no-PAC tests
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14561
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2158ba1e by Joseph Sutton at 2021-11-09T19:45:33+00:00
CVE-2020-25719 tests/krb5: Extend _get_tgt() method to allow more modifications to tickets
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14561
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
40a3f718 by Joseph Sutton at 2021-11-09T19:45:33+00:00
CVE-2020-25719 tests/krb5: Add _modify_tgt() method for modifying already obtained tickets
https://bugzilla.samba.org/show_bug.cgi?id=14561
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
58455c48 by Joseph Sutton at 2021-11-09T19:45:33+00:00
CVE-2020-25719 tests/krb5: Add testing for PAC_TYPE_ATTRIBUTES_INFO PAC buffer
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14561
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
42405aa4 by Joseph Sutton at 2021-11-09T19:45:33+00:00
CVE-2020-25719 tests/krb5: Add testing for PAC_TYPE_REQUESTER_SID PAC buffer
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14561
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8752b83b by Joseph Sutton at 2021-11-09T19:45:33+00:00
CVE-2020-25719 tests/krb5: Add EXPECT_PAC environment variable to expect pac from all TGS tickets
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14561
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
72f82d94 by Joseph Sutton at 2021-11-09T19:45:33+00:00
CVE-2020-25719 tests/krb5: Add expected parameters to cache key for obtaining tickets
If multiple calls to get_tgt() or get_service_ticket() specify different
expected parameters, we want to perform the request again so that the
checking can be performed, rather than reusing a previously obtained
ticket and potentially skipping checks.
It should be fine to cache tickets with the same expected parameters, as
tickets that fail to be obtained will not be stored in the cache, so the
checking will happen for every call.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14561
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b8c85fe8 by Joseph Sutton at 2021-11-09T19:45:33+00:00
CVE-2020-25719 tests/krb5: Add tests for PAC attributes buffer
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14561
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2e1e57fc by Joseph Sutton at 2021-11-09T19:45:33+00:00
CVE-2020-25719 tests/krb5: Add tests for PAC-REQUEST padata
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14561
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7ff05eb8 by Joseph Sutton at 2021-11-09T19:45:33+00:00
CVE-2020-25719 tests/krb5: Add tests for requester SID PAC buffer
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14561
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
26480ba2 by Joseph Sutton at 2021-11-09T19:45:33+00:00
CVE-2020-25719 tests/krb5: Add test for user-to-user with no sname
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14873
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a461b7d4 by Joseph Sutton at 2021-11-09T19:45:33+00:00
CVE-2020-25719 tests/krb5: Add tests for mismatched names with user-to-user
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14873
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
fa4c9bce by Joseph Sutton at 2021-11-09T19:45:33+00:00
CVE-2020-25719 s4/torture: Expect additional PAC buffers
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14561
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
deccd0dc by Joseph Sutton at 2021-11-09T19:45:33+00:00
CVE-2020-25722 pytest: Raise an error when adding a dynamic test that would overwrite an existing test
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14753
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d0fb22ee by Andreas Schneider at 2021-11-09T19:45:34+00:00
CVE-2020-25719 mit-samba: Make ks_get_principal() internally public
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14561
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4ef445a1 by Andreas Schneider at 2021-11-09T19:45:34+00:00
CVE-2020-25719 mit-samba: Add ks_free_principal()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14561
[abartlet at samba.org As submitted in patch to Samba bugzilla
to address this issue as https://attachments.samba.org/attachment.cgi?id=16724
on overall bug https://bugzilla.samba.org/show_bug.cgi?id=14725]
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
d14a6a88 by Andreas Schneider at 2021-11-09T19:45:34+00:00
CVE-2020-25719 mit-samba: If we use client_princ, always lookup the db entry
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14561
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
61fa8664 by Andreas Schneider at 2021-11-09T19:45:34+00:00
CVE-2020-25719 mit-samba: Add mit_samba_princ_needs_pac()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14561
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2903a505 by Andreas Schneider at 2021-11-09T19:45:34+00:00
CVE-2020-25719 mit-samba: Handle no DB entry in mit_samba_get_pac()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14561
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
43571918 by Andreas Schneider at 2021-11-09T19:45:34+00:00
CVE-2020-25719 mit-samba: Rework PAC handling in kdb_samba_db_sign_auth_data()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14561
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
bdf07fc4 by Andreas Schneider at 2021-11-09T19:45:34+00:00
CVE-2020-25719 mit_samba: The samba_princ_needs_pac check should be on the server entry
This does the same check as the hdb plugin now. The client check is already
done earlier.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14561
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
41a36191 by Andreas Schneider at 2021-11-09T19:45:34+00:00
CVE-2020-25719 mit_samba: Create the talloc context earlier
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14561
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
87a769fc by Andreas Schneider at 2021-11-09T19:45:34+00:00
CVE-2020-25719 s4:kdc: Remove trailing spaces in pac-glue.c
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14561
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
01df6559 by Andreas Schneider at 2021-11-09T19:45:34+00:00
CVE-2020-25719 s4:kdc: Add samba_kdc_validate_pac_blob()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14561
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0db5c69d by Andreas Schneider at 2021-11-09T19:45:34+00:00
CVE-2020-25719 s4:kdc: Check if the pac is valid before updating it
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14561
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2f9245f2 by Joseph Sutton at 2021-11-09T19:45:34+00:00
CVE-2020-25719 s4:kdc: Add KDC support for PAC_ATTRIBUTES_INFO PAC buffer
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14561
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
bacb51d0 by Joseph Sutton at 2021-11-09T19:45:34+00:00
CVE-2020-25719 heimdal:kdc: Require authdata to be present
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14686
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
19719003 by Andrew Bartlett at 2021-11-09T19:45:34+00:00
CVE-2020-25718 kdc: Remove unused samba_kdc_get_pac_blob()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14558
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
4796b0a5 by Andrew Bartlett at 2021-11-09T19:45:34+00:00
CVE-2020-25718 s4-rpc_server: Change sid list functions to operate on a array of struct dom_sid
This is instead of an array of struct dom_sid *.
The reason is that auth_user_info_dc has an array of struct dom_sid
(the user token) and for checking if an RODC should be allowed
to print a particular ticket, we want to reuse that a rather
then reconstruct it via tokenGroups.
This also avoids a lot of memory allocation.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14558
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
cdb5690b by Andrew Bartlett at 2021-11-09T19:45:34+00:00
CVE-2020-25718 s4-rpc_server: Obtain the user tokenGroups earlier
This will allow the creation of a common helper routine that
takes the token SID list (from tokenGroups or struct auth_user_info_dc)
and returns the allowed/denied result.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14558
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
edd3d61f by Andrew Bartlett at 2021-11-09T19:45:34+00:00
CVE-2020-25718 s4-rpc_server: Put RODC reveal/never reveal logic into a single helper function
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14558
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
8ee6753a by Andrew Bartlett at 2021-11-09T19:45:34+00:00
CVE-2020-25718 s4-rpc_server: Put msDS-KrbTgtLinkBL and UF_INTERDOMAIN_TRUST_ACCOUNT RODC checks in common
While these checks were not in the NETLOGON case, there is no sense where
an RODC should be resetting a bad password count on either a
UF_INTERDOMAIN_TRUST_ACCOUNT nor a RODC krbtgt account.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14558
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
60140350 by Andrew Bartlett at 2021-11-09T19:45:34+00:00
CVE-2020-25718 s4-rpc_server: Confirm that the RODC has the UF_PARTIAL_SECRETS_ACCOUNT bit
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14558
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
16f96dbb by Andrew Bartlett at 2021-11-09T19:45:34+00:00
CVE-2020-25718 s4-rpc_server: Provide wrapper samdb_confirm_rodc_allowed_to_repl_to()
This shares the lookup of the tokenGroups attribute.
There will be a new caller that does not want to do this step,
so this is a wrapper of samdb_confirm_rodc_allowed_to_repl_to_sid_list()
rather than part of it
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14558
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
c70710a0 by Andrew Bartlett at 2021-11-09T19:45:34+00:00
CVE-2020-25718 s4-rpc_server: Remove unused attributes in RODC check
In particular the objectGUID is no longer used, and in the NETLOGON case
the special case for msDS-KrbTgtLink does not apply.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14558
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
a831ef74 by Andrew Bartlett at 2021-11-09T19:45:34+00:00
CVE-2020-25718 s4-rpc_server: Explain why we use DSDB_SEARCH_SHOW_EXTENDED_DN in RODC access check
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14558
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
158765d1 by Andrew Bartlett at 2021-11-09T19:45:34+00:00
CVE-2020-25718 s4-rpc_server: Add in debug messages into RODC processing
These are added for the uncommon cases.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14558
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
a9ac1f91 by Andrew Bartlett at 2021-11-09T19:45:34+00:00
CVE-2020-25718 dsdb: Bring sid_helper.c into common code as rodc_helper.c
These common routines will assist the KDC to do the same access
checking as the RPC servers need to do regarding which accounts
a RODC can act with regard to.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14558
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
b176ddba by Andrew Bartlett at 2021-11-09T19:45:34+00:00
CVE-2020-25718 kdc: Confirm the RODC was allowed to issue a particular ticket
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14558
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
80257fa3 by Joseph Sutton at 2021-11-09T19:45:34+00:00
CVE-2020-25718 kdc: Return ERR_POLICY if RODC krbtgt account is invalid
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14558
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
05898cfb by Andrew Bartlett at 2021-11-09T19:45:34+00:00
CVE-2020-25719 kdc: Avoid races and multiple DB lookups in s4u2self check
Looking up the DB twice is subject to a race and is a poor
use of resources, so instead just pass in the record we
already got when trying to confirm that the server in
S4U2Self is the same as the requesting client.
The client record has already been bound to the the
original client by the SID check in the PAC.
Likewise by looking up server only once we ensure
that the keys looked up originally are in the record
we confirm the SID for here.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14686
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
43983170 by Andrew Bartlett at 2021-11-09T19:45:34+00:00
CVE-2020-25721 auth: Fill in the new HAS_SAM_NAME_AND_SID values
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14835
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
a3aee582 by Andrew Bartlett at 2021-11-09T19:45:34+00:00
CVE-2020-25722 Ensure the structural objectclass cannot be changed
If the structural objectclass is allowed to change, then the restrictions
locking an object to remaining a user or computer will not be enforcable.
Likewise other LDAP inheritance rules, which allow only certain
child objects can be bypassed, which can in turn allow creation of
(unprivileged) users where only DNS objects were expected.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14753
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14889
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
1d3548ae by Joseph Sutton at 2021-11-09T19:45:34+00:00
CVE-2020-25719 s4:kdc: Add KDC support for PAC_REQUESTER_SID PAC buffer
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14561
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a5db5c7f by Joseph Sutton at 2021-11-09T19:45:34+00:00
CVE-2020-25719 heimdal:kdc: Check return code
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14873
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f170f1eb by Joseph Sutton at 2021-11-09T19:45:34+00:00
CVE-2020-25719 heimdal:kdc: Move fetching krbtgt entry to before enctype selection
This allows us to use it when validating user-to-user.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14873
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
fd50fecb by Joseph Sutton at 2021-11-09T19:45:34+00:00
CVE-2020-25719 heimdal:kdc: Use sname from request rather than user-to-user TGT client name
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14873
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f08e6ac8 by Joseph Sutton at 2021-11-09T19:45:34+00:00
CVE-2020-25719 heimdal:kdc: Check name in request against name in user-to-user TGT
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14873
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
49a13f0f by Joseph Sutton at 2021-11-09T19:45:34+00:00
CVE-2020-25719 heimdal:kdc: Verify PAC in TGT provided for user-to-user authentication
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14873
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4888e198 by Andrew Bartlett at 2021-11-09T19:45:34+00:00
CVE-2020-25722 kdc: Do not honour a request for a 3-part SPN (ending in our domain/realm) unless a DC
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14776
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
756934f1 by Joseph Sutton at 2021-11-09T19:45:34+00:00
CVE-2020-25719 heimdal:kdc: Require PAC to be present
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14686
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b8c6fa20 by Joseph Sutton at 2021-11-09T19:45:34+00:00
CVE-2020-25718 tests/krb5: Only fetch RODC account credentials when necessary
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14558
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f5baabd9 by Joseph Sutton at 2021-11-09T19:45:34+00:00
CVE-2020-25719 tests/krb5: Add tests for using a ticket with a renamed account
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14561
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
fa65ceb3 by Joseph Sutton at 2021-11-09T19:45:34+00:00
CVE-2020-25718 heimdal:kdc: Add comment about tests for tickets of users not revealed to an RODC
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14886
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
972f0435 by Andrew Bartlett at 2021-11-09T19:45:34+00:00
Revert "CVE-2020-25719 heimdal:kdc: Require authdata to be present"
This reverts an earlier commit that was incorrect.
It is not Samba practice to include a revert, but at this point in
the patch preperation the ripple though the knownfail files is
more trouble than can be justified.
It is not correct to refuse to parse all tickets with no authorization
data, only for the KDC to require that a PAC is found, which is done
in "heimdal:kdc: Require PAC to be present"
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
433092d6 by Andrew Bartlett at 2021-11-09T19:45:34+00:00
CVE-2020-25719 selftest: Always expect a PAC in TGS replies with Heimdal
This is tested in other places already, but this ensures a global
check that a TGS-REP has a PAC, regardless.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14561
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
262f59a7 by Stefan Metzmacher at 2021-11-09T19:45:34+00:00
CVE-2020-25722 pytests: Give computer accounts unique (and valid) sAMAccountNames and SPNs
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14564
Signed-off-by: Stefan Metzmacher <metze at samba.org>
- - - - -
ae47a730 by Joseph Sutton at 2021-11-09T19:45:34+00:00
CVE-2020-25722 selftest: Add test for duplicate servicePrincipalNames on an add operation
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14564
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
5f463431 by Joseph Sutton at 2021-11-09T19:45:34+00:00
CVE-2020-25722 selftest: Ensure check for duplicate servicePrincipalNames is not bypassed for an add operation
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14564
If one of the objectClass checks passed, samldb_add() could return
through one of the samldb_fill_*() functions and skip the
servicePrincipalName uniqueness checking.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
c00e5fc2 by Stefan Metzmacher at 2021-11-09T19:45:34+00:00
CVE-2021-23192: dcesrv_core: add better debugging to dcesrv_fault_disconnect()
It's better to see the location that triggered the fault.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14875
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
- - - - -
2f0bc04a by Stefan Metzmacher at 2021-11-09T19:45:34+00:00
CVE-2021-23192: dcesrv_core: add dcesrv_fault_disconnect0() that skips DCERPC_PFC_FLAG_DID_NOT_EXECUTE
That makes the callers much simpler and allow better debugging.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14875
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
- - - - -
47865653 by Stefan Metzmacher at 2021-11-09T19:45:34+00:00
CVE-2021-23192: python/tests/dcerpc: change assertNotEquals() into assertNotEqual()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14875
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
- - - - -
e21c4051 by Stefan Metzmacher at 2021-11-09T19:45:34+00:00
CVE-2021-23192: python/tests/dcerpc: let generate_request_auth() use g_auth_level in all places
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14875
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
- - - - -
44584f97 by Stefan Metzmacher at 2021-11-09T19:45:34+00:00
CVE-2021-23192: python/tests/dcerpc: fix do_single_request(send_req=False)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14875
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
- - - - -
9ebc679e by Stefan Metzmacher at 2021-11-09T19:45:34+00:00
CVE-2021-23192: python/tests/dcerpc: add tests to check how security contexts relate to fragmented requests
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14875
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
- - - - -
871d672f by Stefan Metzmacher at 2021-11-09T19:45:34+00:00
CVE-2021-23192: dcesrv_core: only the first fragment specifies the auth_contexts
All other fragments blindly inherit it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14875
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
- - - - -
93dad333 by Stefan Metzmacher at 2021-11-09T19:45:34+00:00
CVE-2016-2124: s4:libcli/sesssetup: don't fallback to non spnego authentication if we require kerberos
We should not send NTLM[v2] data on the wire if the user asked for kerberos
only.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12444
Signed-off-by: Stefan Metzmacher <metze at samba.org>
- - - - -
c17f4256 by Stefan Metzmacher at 2021-11-09T19:45:34+00:00
CVE-2016-2124: s3:libsmb: don't fallback to non spnego authentication if we require kerberos
We should not send NTLM[v2] nor plaintext data on the wire if the user
asked for kerberos only.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12444
Signed-off-by: Stefan Metzmacher <metze at samba.org>
- - - - -
923c80ee by Stefan Metzmacher at 2021-11-09T19:45:34+00:00
CVE-2021-3738 s4:torture/drsuapi: don't pass DsPrivate to test_DsBind()
This will make it easier to reuse.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14468
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
73b6ed86 by Stefan Metzmacher at 2021-11-09T19:45:34+00:00
CVE-2021-3738 s4:torture/drsuapi: maintain priv->dc_credentials
We want to use the credentials of the joined dc account
in future tests.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14468
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
45315f22 by Stefan Metzmacher at 2021-11-09T19:45:34+00:00
CVE-2021-3738 s4:torture/drsuapi: maintain priv->admin_credentials
This will be used in the next commits.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14468
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b9deab4c by Stefan Metzmacher at 2021-11-09T19:45:34+00:00
CVE-2021-3738 s4:torture/drsuapi: DsBindAssocGroup* tests
This adds a reproducer for an invalid memory access, when
using the context handle from DsBind across multiple connections
within an association group.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14468
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b173ac58 by Stefan Metzmacher at 2021-11-09T19:45:34+00:00
CVE-2021-3738 auth_util: avoid talloc_tos() in copy_session_info()
We want to use this also in code without existing
stackframe.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14468
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
897c0e8f by Stefan Metzmacher at 2021-11-09T19:45:34+00:00
CVE-2021-3738 s4:rpc_server/common: provide assoc_group aware dcesrv_samdb_connect_as_{system,user}() helpers
We already had dcesrv_samdb_connect_as_system(), but it uses the per
connection memory of auth_session_info and remote_address.
But in order to use the samdb connection on a per association group
context/policy handle, we need to make copies, which last for the
whole lifetime of the 'samdb' context.
We need the same logic also for all cases we make use of
the almost same logic where we want to create a samdb context
on behalf of the authenticated user (without allowing system access),
so we introduce dcesrv_samdb_connect_as_user().
In the end we need to replace all direct callers to samdb_connect()
from source4/rpc_server.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14468
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
af6151ef by Stefan Metzmacher at 2021-11-09T19:45:34+00:00
CVE-2021-3738 s4:rpc_server/drsuapi: make use of assoc_group aware dcesrv_samdb_connect_as_*() helpers
This avoids a crash that's triggered by windows clients using
DsCrackNames across multiple connections within an association group
on the same DsBind context(policy) handle.
It also improves the auditing for the dcesrv_samdb_connect_as_system() case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14468
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
965fe0e9 by Stefan Metzmacher at 2021-11-09T19:45:34+00:00
CVE-2021-3738 s4:rpc_server/dnsserver: make use of dcesrv_samdb_connect_as_user() helper
This is not strictly required, but it makes it easier to audit that
source4/rpc_server no longer calls samdb_connect() directly.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14468
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2a159e6f by Stefan Metzmacher at 2021-11-09T19:45:34+00:00
CVE-2021-3738 s4:rpc_server/lsa: make use of dcesrv_samdb_connect_as_user() helper
This avoids a crash that's triggered by windows clients using
handles from OpenPolicy[2]() on across multiple connections within
an association group.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14468
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5724868c by Stefan Metzmacher at 2021-11-09T19:45:34+00:00
CVE-2021-3738 s4:rpc_server/netlogon: make use of dcesrv_samdb_connect_as_*() helper
This is not strictly required, but it makes it easier to audit that
source4/rpc_server no longer calls samdb_connect() directly and
also improves auditing for the dcesrv_samdb_connect_as_system() case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14468
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3121be69 by Stefan Metzmacher at 2021-11-09T20:37:30+00:00
CVE-2021-3738 s4:rpc_server/samr: make use of dcesrv_samdb_connect_as_*() helper
This avoids a crash that's triggered by windows clients using
handles from samr_Connect*() on across multiple connections within
an association group.
In other cases is not strictly required, but it makes it easier to audit that
source4/rpc_server no longer calls samdb_connect() directly and also
improves the auditing for the dcesrv_samdb_connect_as_system() case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14468
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Jule Anger <janger at samba.org>
Autobuild-Date(master): Tue Nov 9 20:37:30 UTC 2021 on sn-devel-184
- - - - -
a7f6c60c by Stefan Metzmacher at 2021-11-10T11:21:31+00:00
s3:winbindd: fix "allow trusted domains = no" regression
add_trusted_domain() should only reject domains
based on is_allowed_domain(), which now also
checks "allow trusted domains = no", if we don't
have an explicit trust to the domain (SEC_CHAN_NULL).
We use at least SEC_CHAN_LOCAL for local domains like
BUILTIN.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14899
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Wed Nov 10 11:21:31 UTC 2021 on sn-devel-184
- - - - -
711d01ff by Andreas Schneider at 2021-11-10T18:19:32+00:00
auth:creds: Remove trailing spaces
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
c28be406 by Andreas Schneider at 2021-11-10T19:11:53+00:00
auth:creds: Guess the username first via getpwuid(my_id)
If we have a container, we often don't have USER or LOGNAME set.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14883
Tested-by: Anoop C S <anoopcs at samba.org>
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Wed Nov 10 19:11:53 UTC 2021 on sn-devel-184
- - - - -
25043ebb by Ralph Boehme at 2021-11-11T13:49:32+00:00
source3: move lib/substitute.c functions out of proto.h
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14897
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
54f54fc2 by Ralph Boehme at 2021-11-11T13:49:32+00:00
samba-bgqd: fix startup and logging
Let samba-bgqd use the new POPT_COMMON_DAEMON infrastructure.
The calls to setup_logging() can safely be removed as this is already taken care
of by samba_cmdline_init().
To avoid a logfile basename of ".log" when using "%m", we add a call to
set_remote_machine_name().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14897
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
117d45df by Ralph Boehme at 2021-11-11T13:49:32+00:00
winbindd: remove is_default_dyn_LOGFILEBASE() logic
Handling of -l commandline parameter is already implemented by lib/cmdline/.
is_default_dyn_LOGFILEBASE() == true is the default case and this causes us to
temporarily overwrite the configured logfile with LOGFILEBASE/log.winbindd until
winbindd_reload_services_file() restores it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14897
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
948a82bd by Ralph Boehme at 2021-11-11T13:49:32+00:00
lib/debug: fix fd check before dup'ing to stderr
Before I added per-class logfile and we had only one fd for the logfile the code
looked like this:
/* Take over stderr to catch output into logs */
if (state.fd > 0) {
if (dup2(state.fd, 2) == -1) {
/* Close stderr too, if dup2 can't point it -
at the logfile. There really isn't much
that can be done on such a fundamental
failure... */
close_low_fd(2);
}
}
In the current code the equivalent to state.fd is dbgc_config[DBGC_ALL].fd.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14897
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
fa9d9974 by Ralph Boehme at 2021-11-11T13:49:32+00:00
lib/debug: in debug_set_logfile() call reopen_logs_internal()
This simplifies the logging API for callers that typically would want to set
logging by just setup_logging() once without bothering that typically
configuration is loaded (via some lpcfg_load*() or lp_load*() varient) which
will only then pick up the configured logfile from smb.conf without actually
applying the new logifle to the logging subsytem.
Therefor our daemons will additionally call reopen_logs() explicitly in their
startup code after config is loaded, eg
setup_logging(getprogname(), DEBUG_FILE);
...
lpcfg_load(lp_ctx, config_file);
...
reopen_logs();
By calling reopen_logs_internal() implicitly from debug_set_logfile() there's no
need to call reopen_logs() explicitly anymore to apply the logfile.
As reopen_logs() will also apply other logging configuration options, we have to
keep the explicit calls in the daemon code. But at least this allows consistent
logging setup wrt to the logfile in the new cmdline library.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14897
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
120a598e by Ralph Boehme at 2021-11-11T13:49:32+00:00
lib/cmdline: fix indentation
s/whitespace/tab/
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14897
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
97592f16 by Ralph Boehme at 2021-11-11T13:49:32+00:00
lib/cmdline: remember config_type in samba_cmdline_init()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14897
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
06ed4ccb by Ralph Boehme at 2021-11-11T14:42:13+00:00
lib/cmdline: setup default file logging for servers
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14897
RN: samba process doesn't log to logfile
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Thu Nov 11 14:42:13 UTC 2021 on sn-devel-184
- - - - -
57c1e115 by Volker Lendecke at 2021-11-11T15:34:28+00:00
smbd: reopen logs on SIGHUP for notifyd and cleanupd
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Thu Nov 11 15:34:28 UTC 2021 on sn-devel-184
- - - - -
c89799be by Andreas Schneider at 2021-11-11T16:27:12+00:00
docs-xml: Fix smbget manpage
There is no &stdarg.encrypt anymore.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Thu Nov 11 16:27:12 UTC 2021 on sn-devel-184
- - - - -
ca8afc66 by Volker Lendecke at 2021-11-11T19:08:37+00:00
smbd: Give smbXsrv_open.c its own header file
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
99d1f1fa by Volker Lendecke at 2021-11-11T19:08:37+00:00
smbd: Remove unused "struct connections_key"
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c0fda0bd by Volker Lendecke at 2021-11-11T19:08:37+00:00
libsmb: Use cli_ntcreate in cli_chkpath
cli_ntcreate handles smb2, thus remove cli_smb2_chkpath.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
8820101c by Volker Lendecke at 2021-11-11T19:08:37+00:00
smbclient: Use cli_checkpath in "cd" command
No need for special qpathinfo_basic code
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c05bc2d2 by Volker Lendecke at 2021-11-11T19:08:37+00:00
libsmb: Remove "trans_oob()" macro
It was just a 1:1 substitution for smb_buffer_oob()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
fadce102 by Volker Lendecke at 2021-11-11T19:08:37+00:00
libcli: "smb_util.h" needs "ntstatus.h"
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
58c8289b by Volker Lendecke at 2021-11-11T19:08:37+00:00
libsmb: Give reparse_symlink.c its own header
While there, avoid an "includes.h"
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
5823634b by Volker Lendecke at 2021-11-11T19:08:37+00:00
libsmb: Introduce "struct symlink_reparse_struct"
Simplify symlink_reparse_buffer_parse() slightly, failure cleanup
becomes simpler with that, and this struct will be useful elsewhere
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
2bb63e04 by Volker Lendecke at 2021-11-11T19:08:37+00:00
libsmb: Avoid a talloc_stackframe.c dependency
This is simple enough for explicit TALLOC_FREE()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d0759cb6 by Volker Lendecke at 2021-11-11T19:08:37+00:00
libsmb: move reparse_symlink to libcli/smb/
This will be useful for smbXcli_create to parse the symlink error
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
8b89be8c by Volker Lendecke at 2021-11-11T19:08:37+00:00
VFS: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
b7fc6781 by Volker Lendecke at 2021-11-11T19:08:37+00:00
libcli: Remove NT_STATUS_INACCESSIBLE_SYSTEM_SHORTCUT error code
This is the same as STATUS_STOPPED_ON_SYMLINK, and this is what also
wireshark displays. Avoid some confusion.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
72e9b8ce by Volker Lendecke at 2021-11-11T19:08:37+00:00
lib: Fix a debug typo in g_lock.c
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
69546f56 by Volker Lendecke at 2021-11-11T19:08:37+00:00
dbwrap: Remove unused dbwrap_watched_wakeup()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a21bc14e by Volker Lendecke at 2021-11-11T19:08:37+00:00
libsmb: Move cli_qfilename() to its only user in torture.c
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d542cbb9 by Volker Lendecke at 2021-11-11T19:08:37+00:00
smb.conf.5: Fix a typo for "username map script"
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
cde87d62 by Volker Lendecke at 2021-11-11T19:08:37+00:00
smbd: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
5e9a781d by Volker Lendecke at 2021-11-11T19:08:37+00:00
vfs: Fix a few typos
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
68078e56 by Volker Lendecke at 2021-11-11T19:08:37+00:00
libcli4: Remove outdated README file
This has not materialized since 2005. We can easily add it once we
create libsmbclient4.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
05c41a02 by Volker Lendecke at 2021-11-11T19:08:37+00:00
lib: Slightly tune cp_smb_filename_nostream()
Don't talloc_strdup() the stream_name, just to free it again.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d64e180b by Volker Lendecke at 2021-11-11T19:08:37+00:00
smbd: Move "struct fd_handle" into fd_handle.c
A separate header file is not required here, everything goes through
the API published by fd_handle.c. This makes it harder to include the
fd_handle definition and violate the guarantees.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
738dc11c by Volker Lendecke at 2021-11-11T19:08:37+00:00
vfs: Use cp_smb_filename_nostream() in vfswrap_parent_pathname()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
62d21fac by Volker Lendecke at 2021-11-11T19:08:37+00:00
smbd: Fix typos
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
b829d667 by Volker Lendecke at 2021-11-11T19:08:37+00:00
smbd: Avoid casts
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
8f248bee by Volker Lendecke at 2021-11-11T19:08:37+00:00
smbd: Make sure we don't overwrite tmp_buf
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
b063aa1c by Volker Lendecke at 2021-11-11T19:08:37+00:00
lib: Use a direct struct initialization
Don't init with 0 just to overwrite again. Probably the compiler will
figure that out anyway, but to me this looks cleaner.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
240addae by Volker Lendecke at 2021-11-11T19:59:03+00:00
smbd: Convert ret==false into !ret
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Nov 11 19:59:03 UTC 2021 on sn-devel-184
- - - - -
c69b66f6 by Alexander Bokovoy at 2021-11-13T07:01:26+00:00
IPA DC: add missing checks
When introducing FreeIPA support, two places were forgotten:
- schannel gensec module needs to be aware of IPA DC
- _lsa_QueryInfoPolicy should treat IPA DC as PDC
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14903
Signed-off-by: Alexander Bokovoy <ab at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
Autobuild-User(master): Alexander Bokovoy <ab at samba.org>
Autobuild-Date(master): Sat Nov 13 07:01:26 UTC 2021 on sn-devel-184
- - - - -
bfd09364 by Stefan Metzmacher at 2021-11-15T18:10:28+00:00
CVE-2020-25727: idmap_nss: verify that the name of the sid belongs to the configured domain
We already check the sid belongs to the domain, but checking the name
too feels better and make it easier to understand.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14901
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
5ea347d3 by Joseph Sutton at 2021-11-15T18:10:28+00:00
CVE-2020-25717: tests/krb5: Add method to automatically obtain server credentials
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14901
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
fdbee5e0 by Joseph Sutton at 2021-11-15T18:10:28+00:00
CVE-2020-25717: nsswitch/nsstest.c: Lower 'non existent uid' to make room for new accounts
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14901
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
8a9f2aa2 by Joseph Sutton at 2021-11-15T18:10:28+00:00
CVE-2020-25717: selftest: turn ad_member_no_nss_wb into ad_member_idmap_nss
In reality environments without 'nss_winbind' make use of 'idmap_nss'.
For testing, DOMAIN/bob is mapped to the local 'bob',
while DOMAIN/jane gets the uid based on the local 'jane'
vis idmap_nss.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14901
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
[metze at samba.org avoid to create a new ad_member_idmap_nss environment
and merge it with ad_member_no_nss_wb instead]
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
494bf7de by Joseph Sutton at 2021-11-15T18:10:28+00:00
CVE-2020-25717: tests/krb5: Add a test for idmap_nss mapping users to SIDs
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14901
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
[metze at samba.org removed unused tests for a feature that
was removed before merging]
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
0a546be0 by Andrew Bartlett at 2021-11-15T19:01:56+00:00
CVE-2020-25717: s3:auth: Fallback to a SID/UID based mapping if the named based lookup fails
Before the CVE-2020-25717 fixes we had a fallback from
getpwnam('DOMAIN\user') to getpwnam('user') which was very dangerous and
unpredictable.
Now we do the fallback based on sid_to_uid() followed by
getpwuid() on the returned uid.
This obsoletes 'username map [script]' based workaround adviced
for CVE-2020-25717, when nss_winbindd is not used or
idmap_nss is actually used.
In future we may decide to prefer or only do the SID/UID based
lookup, but for now we want to keep this unchanged as much as possible.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14901
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
[metze at samba.org moved the new logic into the fallback codepath only
in order to avoid behavior changes as much as possible]
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Mon Nov 15 19:01:56 UTC 2021 on sn-devel-184
- - - - -
a8c0c2c9 by Ralph Boehme at 2021-11-16T18:51:15+00:00
smbd: get rid of get_file_handle_for_metadata()
This also avoids triggering an assert in get_share_mode_lock(). We already have
a handle, use that one, no need to call get_file_handle_for_metadata().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14907
RN: set_ea_dos_attribute() fallback calling get_file_handle_for_metadata() triggers locking.tdb assert
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Nov 16 18:51:15 UTC 2021 on sn-devel-184
- - - - -
3f0935b3 by Jeremy Allison at 2021-11-16T20:21:37+00:00
s3: smbd: get_real_filename() is actually static to filename.c
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
86e42fb4 by Jeremy Allison at 2021-11-16T20:21:37+00:00
s3: smbd: Add ucf_flags parameter to normalize_filename_case().
Not yet used.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
b460c534 by Jeremy Allison at 2021-11-16T20:21:37+00:00
s3: smbd: Ensure normalize_filename_case() doesn't modify posix names..
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
35ee8a7b by Jeremy Allison at 2021-11-16T20:21:37+00:00
s3: smbd: Add case_sensitive, case_preserve, short_case_preserve to state struct.
Not yet used.
This allows them to be independent of conn settings on
a handle-basis for posix.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
29106576 by Jeremy Allison at 2021-11-16T20:21:37+00:00
s3: smbd: Use state->case_sensitive instead of state->conn->case_sensitive.
No logic change.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
598c07b1 by Jeremy Allison at 2021-11-16T20:21:37+00:00
s3: smbd: Use state->case_preserve instead of state->conn->case_preserve.
No logic change.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
f4354571 by Jeremy Allison at 2021-11-16T20:21:37+00:00
s3: smbd: Use state->short_case_preserve instead of state->conn->short_case_preserve.
No logic changes.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
77f54fc1 by Jeremy Allison at 2021-11-16T20:21:37+00:00
s3: smbd: Turn on case sensitivity for a posix filename lookup.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
d650d9ad by Jeremy Allison at 2021-11-16T20:21:37+00:00
s3: smbd: Add comment to unix_convert() explaining why posix never calls into mangle_is_mangled() here.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
3911ca59 by Jeremy Allison at 2021-11-16T20:21:37+00:00
s3: smbd: In unix_convert_step_search_fail() ensure posix names don't call into name mangling functions.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
1cc5a394 by Jeremy Allison at 2021-11-16T20:21:37+00:00
s3: smbd: In unix_convert() component_was_mangled is always false for posix.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
1240f741 by Jeremy Allison at 2021-11-16T20:21:37+00:00
s3: smbd: Add 'bool case_sensitive' to struct smbd_dirptr_lanman2_state.
Initialize from conn->case_sensitive. Not yet used.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
1b130dec by Jeremy Allison at 2021-11-16T20:21:37+00:00
s3: smbd: Use state->case_sensitive instead of state->conn->case_sensitive.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
af35c684 by Jeremy Allison at 2021-11-16T20:21:37+00:00
s3: smbd: Add case_sensitive to struct smb_Dir.
Not yet used.
This allows it to be independent of conn settings on
a per-handle-basis for SMB2 posix.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
ede3a45d by Jeremy Allison at 2021-11-16T20:21:37+00:00
s3: smbd: Use dir_hnd->case_sensitive instead of conn->case_sensitive.
No logic change.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
ab1e97f8 by Jeremy Allison at 2021-11-16T20:21:37+00:00
s3: smbd: In OpenDir_fsp(), set dir_hnd->case_sensitive to true if FSP_POSIX_FLAGS_OPEN is set.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
e163f22e by Jeremy Allison at 2021-11-16T20:21:37+00:00
s3: smbd: Add dptr_case_sensitive(). Not yet used.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
df8abb5a by Jeremy Allison at 2021-11-16T20:21:37+00:00
s3: smbd: Use dptr_case_sensitive() in directory listing code.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
51b58254 by Jeremy Allison at 2021-11-16T20:21:37+00:00
s3: smbd: In open_file(), use a helper variable instead of always checking sp->posix_flags & FSP_POSIX_FLAGS_OPEN.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
db6902a3 by Jeremy Allison at 2021-11-16T20:21:37+00:00
s3: smbd: In open_file() use the helper variable to select correct case_sensitive setting to is_in_path().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
89d986ec by Jeremy Allison at 2021-11-16T20:21:37+00:00
s3: smbd: Use a helper variable in smbd_smb2_query_directory_send().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
836d6f8a by Jeremy Allison at 2021-11-16T20:21:37+00:00
s3: smbd: Add and use case_sensitive helper variable to unlink_internals().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
026b4318 by Jeremy Allison at 2021-11-16T20:21:37+00:00
s3: smbd: Add and use helper variables case_sensitive, case_preserve in rename_internals_fsp().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
23be0565 by Jeremy Allison at 2021-11-16T20:21:37+00:00
s3: smbd: Add and use helper variable posix_pathname in rename_internals().
We're going to re-use it inside this function.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
395acac7 by Jeremy Allison at 2021-11-16T20:21:37+00:00
s3: smbd: Ensure we never call mangle_is_mangled() for a posix path.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
826ae5c8 by Jeremy Allison at 2021-11-16T20:21:37+00:00
s3: smbd: Add and use helper variables for case_sensitive, case_preserve, short_case_preserve to rename_internals().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
d0d8f32d by Jeremy Allison at 2021-11-16T20:21:37+00:00
s3: smbd: In SMB1 reply_copy(), make req->posix_pathnames a helper variable.
I need to use it elsewhere in here.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
e3c40250 by Jeremy Allison at 2021-11-16T20:21:37+00:00
s3: smbd: SMB1 reply_copy(). Posix pathnames should never call into mangle_is_mangled().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
e2c45a09 by Jeremy Allison at 2021-11-16T20:21:37+00:00
s3: smbd: SMB1 reply_copy(). Posix pathnames always means case_sensitive = true.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
761c9190 by Jeremy Allison at 2021-11-16T20:21:37+00:00
s3: smbd: In unlink_internals() ensure we never call mangle_is_mangled for a posix path.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
1c8ea244 by Jeremy Allison at 2021-11-16T21:06:38+00:00
s3: smbd: In SMB1 call_trans2findnext() add and use a helper variable to ensure we don't call mangle_is_mangled() with a posix name.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Tue Nov 16 21:06:38 UTC 2021 on sn-devel-184
- - - - -
fccb105e by Douglas Bagnall at 2021-11-17T04:36:36+00:00
pytests: check that we don't have bad format characters
Unicode has format control characters that affect the appearance —
including the apparent order — of other characters. Some of these,
like the bidi controls (for mixing left-to-right scripts with
right-to-left scripts) can be used make text that means one thing look
very much like it means another thing.
The potential for duplicity using these characters has recently been
publicised under the name “Trojan Source”, and CVE-2021-42694. A
specific example, as it affects the Rust language is CVE-2021-42574.
We don't have many format control characters in our code — in fact,
just the non-breaking space (\u200b) and the redundant BOM thing
(\ufeff), and this test aims to ensure we keep it that way.
The test uses a series of allow-lists and deny-lists to check most
text files for unknown format control characters. The filtering is
fairly conservative but not exhaustive. For example, XML and text
files are checked, but UTF-16 files are not.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
c3194d0d by Douglas Bagnall at 2021-11-17T04:36:36+00:00
test/bad_chars: ensure our tests could fail
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
4c85693f by Douglas Bagnall at 2021-11-17T04:36:36+00:00
s3/modules/vfs_acl_common.h: use utf-8
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
6ced906e by Douglas Bagnall at 2021-11-17T04:36:37+00:00
test/blackbox/test_samba-tool_ntacl: use utf-8
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
039f876c by Douglas Bagnall at 2021-11-17T04:36:37+00:00
s4/auth/gensec/gensec_krb5_heimdal: use utf-8
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
2868b803 by Douglas Bagnall at 2021-11-17T05:27:39+00:00
lib/replace/timegm: use utf-8
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Wed Nov 17 05:27:39 UTC 2021 on sn-devel-184
- - - - -
9faa3173 by Volker Lendecke at 2021-11-17T17:41:30+00:00
selftest: Add reproducer for bug 14908
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14908
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
d6270525 by Volker Lendecke at 2021-11-17T17:41:30+00:00
lib: Add required includes to source3/include/secrets.h
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14908
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
63c80f25 by Volker Lendecke at 2021-11-17T17:41:30+00:00
cmdline: Add a callback to set the machine account details
source3 clients need to work in clustered mode, the default
cli_credentials_set_machine_account() only looks at the local
secrets.tdb file
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14908
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
cdc0268c by Volker Lendecke at 2021-11-17T18:29:09+00:00
cmdline: Make -P work in clustered mode
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14908
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Wed Nov 17 18:29:09 UTC 2021 on sn-devel-184
- - - - -
e94e649b by Douglas Bagnall at 2021-11-19T12:35:39+00:00
third_party: remove pep8
This was a *partial* copy of the python linting tool that has been
known as 'pycodestyle' since 2017. I say partial copy, because it does
not seem to contain the pep8 binary itself, just some documentation
and tests. It has not been changed since it was added in 2015.
It is GOOD that people run python linters, but this doesn't help them
in the slightest.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
2c3596e7 by Douglas Bagnall at 2021-11-19T12:35:39+00:00
pytest/source_chars: forget thirdparty/pep8 test file
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
19263358 by Douglas Bagnall at 2021-11-19T13:25:16+00:00
third_party/update: forget pep8
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Noel Power <npower at samba.org>
Autobuild-User(master): Noel Power <npower at samba.org>
Autobuild-Date(master): Fri Nov 19 13:25:16 UTC 2021 on sn-devel-184
- - - - -
3c18bb6c by Douglas Bagnall at 2021-11-22T10:28:34+00:00
py/dnsserver: add missing imports
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Noel Power <npower at samba.com>
- - - - -
b5e2651f by Douglas Bagnall at 2021-11-22T10:28:34+00:00
py/dnsserver: add a missing exception variable
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
524ca3c6 by Douglas Bagnall at 2021-11-22T10:28:34+00:00
pytest/dns_aging: use correct variable names
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
5bbf1059 by Douglas Bagnall at 2021-11-22T10:28:34+00:00
pytest/dns_aging: remove duplicate tests
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
b674c57a by Douglas Bagnall at 2021-11-22T10:28:34+00:00
pytest/docs: set_smbconf_arbitrary_opposite() needs param_type
also, we fixed the name ("arbitrary", not "arbitary")..
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
b5e0f33e by Douglas Bagnall at 2021-11-22T11:18:09+00:00
pytest/docs: better spelling of set_smbconf_arbitrary
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Noel Power <npower at samba.org>
Autobuild-User(master): Noel Power <npower at samba.org>
Autobuild-Date(master): Mon Nov 22 11:18:09 UTC 2021 on sn-devel-184
- - - - -
dcfcafdb by Joseph Sutton at 2021-11-25T01:41:30+00:00
CVE-2021-3670 tests/krb5/test_ldap.py: Add test for LDAP timeouts
We allow a timeout of 2x over to avoid this being a flapping test.
Samba is not very accurate on the timeout, which is not otherwise an
issue but makes this test fail sometimes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14694
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
86fe9d48 by Joseph Sutton at 2021-11-25T01:41:30+00:00
CVE-2021-3670 ldap_server: Set timeout on requests based on MaxQueryDuration
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14694
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
e1ab0c43 by Joseph Sutton at 2021-11-25T01:41:30+00:00
CVE-2021-3670 ldap_server: Ensure value of MaxQueryDuration is greater than zero
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14694
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
1d5b1556 by Andrew Bartlett at 2021-11-25T01:41:30+00:00
CVE-2021-3670 ldb: Confirm the request has not yet timed out in ldb filter processing
The LDB filter processing is where the time is spent in the LDB stack
but the timeout event will not get run while this is ongoing, so we
must confirm we have not yet timed out manually.
RN: Ensure that the LDB request has not timed out during filter processing
as the LDAP server MaxQueryDuration is otherwise not honoured.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14694
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
2b3af3b5 by Andrew Bartlett at 2021-11-25T01:41:30+00:00
CVE-2021-3670 ldap_server: Remove duplicate print of LDAP search details
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14694
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
5f059036 by Andrew Bartlett at 2021-11-25T01:41:30+00:00
CVE-2021-3670 dsdb/anr: Do a copy of the potentially anr query before starting to modify it
RN: Do not modify the caller-supplied memory in the anr=* handling to
allow clear logging of the actual caller request after it has been processed.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14694
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
3507e96b by Andrew Bartlett at 2021-11-25T02:30:42+00:00
CVE-2021-3670 ldap_server: Clearly log LDAP queries and timeouts
This puts all the detail on one line so it can be searched
by IP address and connecting SID.
This relies on the anr handling as otherwise this log
becomes the expanded query, not the original one.
RN: Provide clear logs of the LDAP search and who made it, including
a warning (at log level 3) for queries that are 1/4 of the hard timeout.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14694
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall at samba.org>
Autobuild-Date(master): Thu Nov 25 02:30:42 UTC 2021 on sn-devel-184
- - - - -
28be1acd by Andreas Schneider at 2021-11-29T08:39:37+00:00
mit-kdc: Use more strict KDC default settings
As we require MIT KRB5 >= 1.19 for the KDC, use more secure defaults..
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
d128a85f by Andreas Schneider at 2021-11-29T08:39:37+00:00
s4:mit-kdb: Reduce includes to only what's needed
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
8b83758b by Andreas Schneider at 2021-11-29T08:39:37+00:00
s4:kdc: Remove trailing spaces in db-glue.c
Signed-off-by: Andreas Schneider <asn at cryptomilk.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
90febd2a by Isaac Boukris at 2021-11-29T09:32:25+00:00
s4:mit-kdb: Force canonicalization for looking up principals
See also
https://github.com/krb5/krb5/commit/ac8865a22138ab0c657208c41be8fd6bc7968148
Pair-Programmed-With: Andreas Schneider <asn at samba.org>
Signed-off-by: Isaac Boukris <iboukris at gmail.com>
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Mon Nov 29 09:32:26 UTC 2021 on sn-devel-184
- - - - -
cbf312f0 by Andreas Schneider at 2021-11-29T19:40:50+00:00
s3:winbind: Fix possible NULL pointer dereference
BUG: https://bugzilla.redhat.com/show_bug.cgi?id=2019888
Signed-off-by: Andreas Schneider <asn at samba.org>
Rewiewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon Nov 29 19:40:50 UTC 2021 on sn-devel-184
- - - - -
ad4d6fb0 by Joseph Sutton at 2021-11-30T02:42:31+00:00
selftest: Check received LDB error code when STRICT_CHECKING=0
We were instead only checking the expected error.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
57b1b761 by Joseph Sutton at 2021-11-30T02:42:31+00:00
tests/krb5: Remove unused variable
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f0b222e3 by Joseph Sutton at 2021-11-30T02:42:31+00:00
tests/krb5: Deduplicate AS-REQ tests
salt_tests was running the tests defined in the base class as well as
its own tests.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
167bd207 by Joseph Sutton at 2021-11-30T02:42:31+00:00
tests/krb5: Run test_rpc against member server
We were instead always running against the DC.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a560c2e9 by Joseph Sutton at 2021-11-30T02:42:31+00:00
tests/krb5: Allow PasswordKey_create() to use s2kparams
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e930274a by Joseph Sutton at 2021-11-30T02:42:31+00:00
tests/krb5: Split out methods to create renewable or invalid tickets
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d9570517 by Joseph Sutton at 2021-11-30T02:42:31+00:00
tests/krb5: Adjust error codes to better match Windows with PacRequestorEnforcement=2
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
28d50187 by Joseph Sutton at 2021-11-30T02:42:31+00:00
tests/krb5: Remove unnecessary expect_pac arguments
The value of expect_pac is not considered if we are expecting an error.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7574ba9f by Joseph Sutton at 2021-11-30T02:42:31+00:00
tests/krb5: Add tests for invalid TGTs
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
778029c1 by Joseph Sutton at 2021-11-30T02:42:31+00:00
tests/krb5: Add tests for TGS requests with a non-TGT
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ec823c2a by Joseph Sutton at 2021-11-30T02:42:31+00:00
tests/krb5: Add TGS-REQ tests with FAST
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ebc9137c by Joseph Sutton at 2021-11-30T02:42:31+00:00
tests/krb5: Align PAC buffer checking to more closely match Windows with PacRequestorEnforcement=2
We set EXPECT_EXTRA_PAC_BUFFERS to 0 for the moment. This signifies that
these checks are currently not enforced, which avoids a lot of test
failures.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ca80c474 by Joseph Sutton at 2021-11-30T02:42:31+00:00
tests/krb5: Add tests for validation with requester SID PAC buffer
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
749349ef by Joseph Sutton at 2021-11-30T02:42:31+00:00
tests/krb5: Add comments for tests that fail against Windows
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
11fb9476 by Joseph Sutton at 2021-11-30T02:42:31+00:00
heimdal:kdc: Fix error message for user-to-user
We were checking the wrong variable to see whether a PAC was found or not..
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9cfb88ba by Joseph Sutton at 2021-11-30T02:42:31+00:00
s4:torture: Fix typo
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f7a2fef8 by Joseph Sutton at 2021-11-30T02:42:31+00:00
heimdal:kdc: Adjust no-PAC error code to match Windows
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d5d22bf8 by Joseph Sutton at 2021-11-30T02:42:31+00:00
kdc: Adjust SID mismatch error code to match Windows
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
bac5f750 by Joseph Sutton at 2021-11-30T02:42:31+00:00
tests/krb5: Add test for S4U2Self with wrong sname
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b6a25f5f by Joseph Sutton at 2021-11-30T02:42:31+00:00
kdc: Match Windows error code for mismatching sname
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
690a00a4 by Joseph Sutton at 2021-11-30T02:42:31+00:00
kdc: Always add the PAC if the header TGT is from an RODC
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
73a48063 by Joseph Sutton at 2021-11-30T02:42:31+00:00
tests/krb5: Add tests for renewal and validation of RODC TGTs with PAC requests
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e61983c7 by Joseph Sutton at 2021-11-30T02:42:31+00:00
Revert "CVE-2020-25719 s4/torture: Expect additional PAC buffers"
This reverts commit fa4c9bcefdeed0a7106aab84df20b02435febc1f.
We should not be generating these additional PAC buffers for service
tickets, only for TGTs.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
90025b6a by Joseph Sutton at 2021-11-30T02:42:31+00:00
kdc: Don't include extra PAC buffers in service tickets
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4b60e951 by Joseph Sutton at 2021-11-30T02:42:31+00:00
kdc: Remove PAC_TYPE_ATTRIBUTES_INFO from RODC-issued tickets
Windows ignores PAC_TYPE_ATTRIBUTES_INFO and always issues a PAC when
presented with an RODC-issued TGT. By removing this PAC buffer from
RODC-issued tickets, we ensure that an RODC-issued ticket will still
result in a PAC if it is first renewed or validated by the main DC.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
192d6edf by Joseph Sutton at 2021-11-30T02:42:31+00:00
tests/krb5: Add a test for S4U2Self with no authorization data required
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1f4f3018 by Joseph Sutton at 2021-11-30T02:42:31+00:00
heimdal:kdc: Always generate a PAC for S4U2Self
If we decided not to put a PAC into the ticket, mspac would be NULL
here, and the resulting ticket would not contain a PAC. This could
happen if there was a request to omit the PAC or the service did not
require authorization data. Ensure that we always generate a PAC.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ee4aa21c by Joseph Sutton at 2021-11-30T02:42:31+00:00
selftest: Properly check extra PAC buffers with Heimdal
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9bd26804 by Joseph Sutton at 2021-11-30T02:42:31+00:00
heimdal:kdc: Do not generate extra PAC buffers for S4U2Self service ticket
Normally samba_wdc_get_pac() is used to generate the PAC for a TGT, but
when generating a service ticket for S4U2Self, we want to avoid adding
the additional PAC_ATTRIBUTES_INFO and PAC_REQUESTER_SID buffers.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
38c5bad4 by Joseph Sutton at 2021-11-30T03:33:26+00:00
kdc: Require that PAC_REQUESTER_SID buffer is present for TGTs
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Tue Nov 30 03:33:26 UTC 2021 on sn-devel-184
- - - - -
03cd1449 by Stefan Metzmacher at 2021-11-30T15:53:34+00:00
script/autobuild.py: fix "nondevel" builds of 'samba-libs'
Commit 3e6af7109eb9d49328b426095580e4bfb2338ceb removed environment
variables like PKG_CONFIG_PATH from the configure run, so we no longer
tested a build against the shared libraries we build before.
We also assert that we no longer build private libraries
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14780
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
893c2460 by Stefan Metzmacher at 2021-11-30T15:53:34+00:00
wafsamba: mark SAMBA_MODULE() with private_library=True
Symbols from modules should have a symbol versioning tag of the
current version.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14780
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
932c408c by Stefan Metzmacher at 2021-11-30T15:53:34+00:00
wafsamba: fix '--private-libraries' option when using 'ALL,!something'
We already had the desired logic in LIB_MUST_BE_BUNDLED(), so we can
just reuse it in LIB_MUST_BE_PRIVATE().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14780
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
d6749f59 by Stefan Metzmacher at 2021-11-30T15:53:34+00:00
wafsamba: SAMBA_GENERATOR() should not alter the callers dep_vars
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14780
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
43b90da1 by Stefan Metzmacher at 2021-11-30T15:53:34+00:00
wafsamba: remove unused private_library argument of PRIVATE_NAME()
The only caller asserts that private_library is True.
Use: git show -U5
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14780
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
da7c41e2 by Stefan Metzmacher at 2021-11-30T15:53:34+00:00
wafsamba: use private extentions also for bundled public libraries
Playing tricks with redefining libraries, which may also be installed in
the system with the same version, isn't really a good thing.
It may work in some cases, but there are so many things which may go
wrong. So if we build a library as private/bundled library we should
change the soname of the library.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14780
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
33e6949d by Stefan Metzmacher at 2021-11-30T15:53:34+00:00
wafsamba: the symbol version string of private libraries should be based on the toplevel project
If we build a private library all symbols should be made private based
on a unique suffix.
When we use a unique soname and a unique symbol version suffix it's very unlikely
to hit conflicts due to inherited libraries.
For the abi checking we still use the original vnum as abi_vnum.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14780
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
3aff74e2 by Stefan Metzmacher at 2021-11-30T15:53:34+00:00
wafsamba: assert for *.sigs source files in abi_build_vscript()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14780
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
295e5270 by Stefan Metzmacher at 2021-11-30T15:53:34+00:00
wafsamba: add SAMBA_SUBSYSTEM(force_empty=False)
We will need to define empty subsystems without any dependency.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14780
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
38ef29bc by Stefan Metzmacher at 2021-11-30T15:53:34+00:00
wafsamba: let reduce_objects() not remove duplicates of BUILTINS even if there are more than one
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14780
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
70da83a8 by Stefan Metzmacher at 2021-11-30T15:53:34+00:00
wafsamba: introduce require_builtin_deps/provide_builtin_linking/builtin_cflags to SAMBA_{SUBSYSTEM,LIBRARY}
The 'provide_builtin_linking=True' option that allows wscript files
to specify that a SAMBA_{SUBSYSTEM,LIBRARY} will also create a
builtin version of them in addition.
The logic behind this is very similar to what we already have with the
'--builtin-libraries=BUILTIN_LIBRARIES' configure option.
This avoids the need for manual definitions of SAMBA_SUBSYSTEMS() with
like this:
bld.SAMBA_SUBSYSTEM('replace-hidden',
source=REPLACE_SOURCE,
group='base_libraries',
hide_symbols=True,
deps='dl attr' + extra_libs)
The builtin version will also make sure that it will include all
dependecies (of internal code) also in the builtin variant.
Note that this is also possible if the dependency also
provided 'provide_builtin_linking=True' in order to limit
the scope.
We now imply '-D_PUBLIC_=_PRIVATE_' and 'hide_symbols=True' for
builtin libraries and subsystems in order to avoid exporting
the symbols of them.
With 'require_builtin_deps=True' a library can specify that it
is only able to use libraries/subsystems marked with
provide_builtin_linking=True. As a result it won't
link against any other SAMBA_LIBRARY() dependency,
but link in everything internal. Only system libraries
still get linked dynamically.
Use 'git show -w' to see a reduced diff.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14780
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
38d37d4a by Stefan Metzmacher at 2021-11-30T15:53:34+00:00
wafsamba: introduce SAMBA[3]_PLUGIN()
This will be used to define plugins we provide to be used
via dbopen/dlsym to external consumers.
SAMBA_PLUGIN() is used instead of SAMBA_LIBRARY() in order
to make it more strict that these plugins can't be used as
normal depedency by other subsystems and libraries.
With require_builtin_deps=True we make sure that only
symbols explicitly marked with _PUBLIC_ are exported
and we only link to system libraries and include all
internal depedencies as builtin subsystems.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14780
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
f168f548 by Stefan Metzmacher at 2021-11-30T15:53:34+00:00
wafsamba: allow SAMBA_LIBRARY() to get and use original 'version-script.map' for private libraries
We'll soon use this for the internal Heimdal build and take the raw
version-script.map files in order to create our own .vscript file
with our private version suffix.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14780
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
e35f2319 by Stefan Metzmacher at 2021-11-30T15:53:34+00:00
heimdal_build: remove unused cflags argument of HEIMDAL_LIBRARY()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14780
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
6c64f3ce by Stefan Metzmacher at 2021-11-30T15:53:34+00:00
heimdal_build: avoid using hardcoded vnum values passed to HEIMDAL_LIBRARY()
For private libraries we don't want versioned sonames,
it's also pointless to use the upstream heimdal vnum values
for our private libraries as the soname is different anyway.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14780
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
c461b906 by Stefan Metzmacher at 2021-11-30T15:53:34+00:00
heimdal_build: let HEIMDAL_LIBRARY() use SAMBA_LIBRARY()
This simplifies a lot and makes sure we always use the
same rules for private libraries.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14780
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
600ebefa by Stefan Metzmacher at 2021-11-30T15:53:34+00:00
libwbclient: fix strict-overflow warning in wbcSidToString()
../../nsswitch/libwbclient/wbc_sid.c:83:5: error: assuming signed overflow does not occur when simplifying conditional [-Werror=strict-overflow]
if (len+1 > sizeof(buf)) {
^
Even this would fail:
../../nsswitch/libwbclient/wbc_sid.c:83:5: error: assuming signed overflow does not occur when simplifying conditional [-Werror=strict-overflow]
if (len >= sizeof(buf)) {
^
Note that this only seems to happen with gcc 7 and when -O3 and
-fvisibility=hidden are used together. E.g. in the opensuse151-samba-o3
builds.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14780
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
35446c27 by Stefan Metzmacher at 2021-11-30T15:53:34+00:00
s3:utils: remove notify_msg.c from smbstatus sources
This is not needed for smbstatus and the symbols are also available
via 'smbd_base', which already contains notify_msg.c.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14780
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
ac8977d1 by Stefan Metzmacher at 2021-11-30T15:53:34+00:00
s3:ntlm_auth: use wbcRequestResponse[Priv]() instead of winbindd_request_response()
We should try to route everything through libwbclient.so, because we'll
soon don't have a single library providing winbindd_request_response().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14780
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
f3c5980f by Stefan Metzmacher at 2021-11-30T15:53:34+00:00
s4:torture/winbind: use wbcRequestResponse() instead of winbindd_request_response()
We should try to route everything through libwbclient.so, because we'll
soon don't have a single library providing winbindd_request_response().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14780
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
41108b9e by Stefan Metzmacher at 2021-11-30T15:53:34+00:00
nsswitch: move winbindd_free_response() as inline function to winbind_struct_protocol.h
nsswitch/wb_common.c will be made completely internal soon.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14780
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
9615395b by Stefan Metzmacher at 2021-11-30T15:53:34+00:00
nsswitch/wbinfo: use wbcRequestResponse() instead of winbindd_request_response()
We should try to route everything through libwbclient.so, because we'll
soon don't have a single library providing winbindd_request_response().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14780
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
a663c964 by Stefan Metzmacher at 2021-11-30T15:53:34+00:00
nsswitch: explicitly mark magic krb5 plugin symbols as _PUBLIC_
The symbols which are used via dlopen()/dlsym() need to be exported,
in future we'll do hide all other symbols.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14780
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
3f9948bd by Stefan Metzmacher at 2021-11-30T15:53:34+00:00
nsswitch: explicitly mark PAM_EXTERN pam_sm_* symbols as _PUBLIC_
The symbols which are used via dlopen()/dlsym() need to be exported,
in future we'll do hide all other symbols.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14780
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
419ca68d by Stefan Metzmacher at 2021-11-30T15:53:34+00:00
nsswitch: explicitly mark NSS_STATUS _nss_winbind_* symbols as _PUBLIC_ on Linux
The symbols which are used via dlopen()/dlsym() need to be exported,
in future we'll do hide all other symbols.
On other platforms, which are implemented as wrappers above the
Linux implementation, we mark the symbols as _PRIVATE_
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14780
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
fa98a44c by Stefan Metzmacher at 2021-11-30T15:53:34+00:00
nsswitch: explicitly mark nss_module_register() _PUBLIC_ on FreeBSD
This is the only symbol which is used via dlopen()/dlsym() and
needs to be exported, in future we'll do hide all other symbols.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14780
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
62d05a81 by Stefan Metzmacher at 2021-11-30T15:53:34+00:00
nsswitch/libwbclient: explicitly mark all wbc* symbols as _PUBLIC_
Some private functions from wbclient_internal.h already
leaked into the ABI. With hide_symbols=True we make sure
this doesn't happen again.
Having wbcRequestResponse[Priv]() as part of the ABI helps us
in order to hide winbindd_[priv_]request_response() soon.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14780
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
05ca7b98 by Stefan Metzmacher at 2021-11-30T15:53:34+00:00
lib/replace: use dlsym(RTLD_DEFAULT,) for {nss,nss_host,uid,socket}_wrapper_enabled()
We should not provide the symbols ourself instead we should just check
if they are already available when we want to check the result.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14780
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
66e90b73 by Stefan Metzmacher at 2021-11-30T15:53:34+00:00
nsswitch: reduce dependecies to private libraries and link static/builtin if possible
Over the last month I got more and more reports,
that it's not possible to use a custom Samba version
on systems with sssd being installed, which depends on some
specific samba libraries installed in the system.
One major problem is that the custom libnss_winbind.so.2
depends on the libreplace-samba4.so of the custom build
and also injects an RPATH into the running process.
When sssd uses any nss library call it will get this,
when it then tries to load some of its plugins via dlopen(),
e.g.
ldd /usr/lib64/sssd/libsss_ad.so| grep samba
libsamba-util.so.0 => /lib64/libsamba-util.so.0
libreplace-samba4.so => /usr/lib64/samba/libreplace-samba4.so
libsamba-security-samba4.so => /usr/lib64/samba/libsamba-security-samba4.so
libsamba-errors.so.1 => /lib64/libsamba-errors.so.1
libsamba-debug-samba4.so => /usr/lib64/samba/libsamba-debug-samba4.so
libgenrand-samba4.so => /usr/lib64/samba/libgenrand-samba4.so
libsocket-blocking-samba4.so => /usr/lib64/samba/libsocket-blocking-samba4.so
libtime-basic-samba4.so => /usr/lib64/samba/libtime-basic-samba4.so
libsys-rw-samba4.so => /usr/lib64/samba/libsys-rw-samba4.so
libiov-buf-samba4.so => /usr/lib64/samba/libiov-buf-samba4.so
When that loads dlopen() will fail as a soname libreplace-samba4.so is
already loaded, but the symbol version within the other one don't match, as the
contain the exact version, e.g. replace_dummy@@SAMBA_4.13.3.
This is just an example and similar things can happen in all situations
where we provide libraries, which are potentially injected into every
process of the running system. These should only depend on libc.so and
related basic system libraries in order to avoid the problem.
We have the following libraries, which are in the that category:
- libnss_winbind.so.2
- libnss_wins.so.2
- pam_winbind.so
- winbind_krb5_locator.so
- async_dns_krb5_locator.so
The rules of library loading are really complex and symbol versioning
is not enough to solve it, only the combination of unique soname and
unique symbol version suffix seem to solve the problem, but injecting
an RPATH is still a problem.
In order to solve the problem I experimented with adding SAMBA_SUBSYSTEM()
definitions with 'hide_symbols=True' in order to do some static linking
of selected components, e.g.
bld.SAMBA_SUBSYSTEM('replace-hidden',
source=REPLACE_SOURCE,
group='base_libraries',
hide_symbols=True,
deps='dl attr' + extra_libs)
It's relatively simple to get to the point where the following are
completely static:
- libnss_winbind.so.2
- libnss_wins.so.2
- pam_winbind.so
- winbind_krb5_locator.so
But 'async_dns_krb5_locator.so' links in almost everything!
It seems we install the krb5 plugins into our own $MODULESDIR/krb5/,
so it may not be so critical, as long it's the admin who created
the desired symlinks into the location the kerberos libraries search
for plugins. Note the at least the locator plugins are always loaded
without any configuration, every .so in a special path are loaded with dlopen().
This is done by every application using kerberos, so we load a lot of samba libraries
into them.
Packagers should not put async_dns_krb5_locator.so (nor a symlink) into
the path that's reachable by libkrb5.so.
As a longterm solution we may want to change async_dns_krb5_locator.so
to use a helper process with posix_spawn() instead of doing everything
within the process.
Note I added hiden_symbols=True to the nss modules for Linux and
FreeBSD only, because these are the only platforms I'm able to test
on. We most likely should do the same on other platforms, but some
with access to the platform should provide a tested patch.
In order to avoid manual definitions of SAMBA_SUBSYSTEMS() with
'-hidden', I added the 'provide_builtin_linking=True' option,
as the logic is very similar to what we already have with the
'--builtin-libraries=BUILTIN_LIBRARIES' configure option.
SAMBA_PLUGIN() is used in order to use SAMBA_LIBRARY() in order
to make it more strict that these plugins can't be used as
normal depedency by other subsystems and libraries.
While being there it was easy enough to make libwbclient.so
also standalone without dependecies to other samba libraries.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14780
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
4862a8ff by Stefan Metzmacher at 2021-11-30T15:53:34+00:00
script/autobuild.py: make sure nss and pam plugins don't link any samba libraries
Note that we exclude libtalloc.so.2 in pam_winbind.so as that simulates
a system libtalloc.so.2.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14780
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
6745968a by Stefan Metzmacher at 2021-11-30T15:53:34+00:00
script/autobuild.py: make sure nss, pam and krb5 plugins don't provide unexpected symbols
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14780
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
5d295e41 by Stefan Metzmacher at 2021-11-30T15:53:34+00:00
vfs_not_implemented: mark all functions with _PUBLIC_
These functions are used directly by other modules.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
ccfefe28 by Stefan Metzmacher at 2021-11-30T16:44:57+00:00
s4:samba: split out a samba_service_init() helper function
The loading function should be in the same SAMBA_LIBRARY()
as the modules.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Tue Nov 30 16:44:57 UTC 2021 on sn-devel-184
- - - - -
75e1000d by Stefan Metzmacher at 2021-11-30T18:30:30+00:00
heimdal_build: consistently pass extra_cflags=cflags to HEIMDAL_CFLAGS()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
de18c9bf by Andrew Bartlett at 2021-11-30T18:30:30+00:00
heimdal_build: Allow errors integer overflow errors in gen.c (only)
This is in preperation for the Heimdal upgrade.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
93de0f01 by Andrew Bartlett at 2021-11-30T18:30:30+00:00
Allow overflow in lib/hx509.c and lib/gssapi/mech/gss_inquire_cred.c
This is in preperation for the Heimdal upgrade (which otherwise
can be compiled with stricter flags).
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
6f7b555d by Andrew Bartlett at 2021-11-30T18:30:30+00:00
heimdal_build: Do not list hx509 files twice
This makes maintaining the file lists easier.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
d6a1a849 by Gary Lockyer at 2021-11-30T18:30:30+00:00
heimdal_build: Use HAVE___ATTRIBUTE__ for unused, noreturn and unused_result
[abartlet at samba.org Squashed with TODO commit from Gary that provided
HEIMDAL_UNUSED_ATTRIBUTE etc]
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0991946a by Andrew Bartlett at 2021-11-30T19:18:59+00:00
heimdal_build: Remove memset_s from roken, already in libreplace
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Tue Nov 30 19:18:59 UTC 2021 on sn-devel-184
- - - - -
04a79139 by Stefan Metzmacher at 2021-12-01T11:04:29+00:00
libcli/smb: split out smb2cli_raw_tcon* from smb2cli_tcon*
This will be used in tests in order to separate the tcon from
validate_negotiate_info.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14788
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
735fc346 by Stefan Metzmacher at 2021-12-01T11:04:29+00:00
s4:torture/smb2: add smb2.ioctl.bug14788.VALIDATE_NEGOTIATE
Demonstrate that smbd fails FSCTL_VALIDATE_NEGOTIATE_INFO
only because the user doesn't have permissions on the share root.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14788
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
1cd948d8 by Stefan Metzmacher at 2021-12-01T11:04:29+00:00
smb2_server: make sure in_ctl_code = IVAL(body, 0x04); reads valid bytes
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14788
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
bd3ba3c9 by Stefan Metzmacher at 2021-12-01T11:04:29+00:00
smb2_server: decouple IOCTL check from signing/encryption states
There's no reason to handle FSCTL_SMBTORTURE_FORCE_UNACKED_TIMEOUT
differently if signing/encryption is used.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14788
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
c850ce96 by Stefan Metzmacher at 2021-12-01T11:04:29+00:00
smb2_server: skip tcon check and chdir_current_service() for FSCTL_VALIDATE_NEGOTIATE_INFO
We should not fail this just because the user doesn't have permissions
on the share root.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14788
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
b3212b35 by Stefan Metzmacher at 2021-12-01T11:04:29+00:00
s4:torture/smb2: test FSCTL_QUERY_NETWORK_INTERFACE_INFO with BUFFER_TOO_SMALL
It seems that we currently don't have BUFFER_TOO_SMALL handling
for FSCTL/IOCTL calls.
FSCTL_QUERY_NETWORK_INTERFACE_INFO is just an easy example
to demonstrate it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14788
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
aab54050 by Stefan Metzmacher at 2021-12-01T11:04:29+00:00
smb2_ioctl: return BUFFER_TOO_SMALL in smbd_smb2_request_ioctl_done()
We should not send more data than the client requested.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14788
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
fb33f145 by Stefan Metzmacher at 2021-12-01T11:04:29+00:00
s4:torture/smb2: FSCTL_QUERY_NETWORK_INTERFACE_INFO gives INVALID_PARAMETER with invalid file ids
An invalid file id for FSCTL_QUERY_NETWORK_INTERFACE_INFO gives
INVALID_PARAMETER instead of FILE_CLOSED.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14788
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
1744dd8c by Stefan Metzmacher at 2021-12-01T11:04:29+00:00
smb2_server: don't let SMB2_OP_IOCTL force FILE_CLOSED for invalid file ids
smbd_smb2_request_process_ioctl() already detailed checks for file_ids,
which not reached before.
.allow_invalid_fileid = true was only used for SMB2_OP_IOCTL.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14788
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
629d161b by Stefan Metzmacher at 2021-12-01T11:04:29+00:00
s4:torture/smb2: FSCTL_QUERY_NETWORK_INTERFACE_INFO should work on noperm share
Demonstrate that smbd fails FSCTL_QUERY_NETWORK_INTERFACE_INFO
only because the user doesn't have permissions on the share root.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14788
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
f4d0bb16 by Stefan Metzmacher at 2021-12-01T11:51:50+00:00
smb2_server: skip tcon check and chdir_current_service() for FSCTL_QUERY_NETWORK_INTERFACE_INFO
We should not fail this just because the user doesn't have
permissions on the share root.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14788
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Wed Dec 1 11:51:50 UTC 2021 on sn-devel-184
- - - - -
492fd5b0 by Andreas Schneider at 2021-12-02T13:59:31+00:00
testprogs: Add rpcclient schannel tests
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14767
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
b3bf5bba by Andreas Schneider at 2021-12-02T13:59:31+00:00
s3:rpc_client: Remove trailing white spaces from cli_pipe.c
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14767
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
016429ac by Günther Deschner at 2021-12-02T13:59:31+00:00
s3:rpc_client: Pass remote name and socket to cli_rpc_pipe_open()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14767
Pair-Programmed-With: Andreas Schneider <asn at samba.org>
Signed-off-by: Guenther Deschner <gd at samba.org>
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
33eb7a1b by Andreas Schneider at 2021-12-02T13:59:31+00:00
s3:rpcclient: Remove trailing white spaces in rpcclient.c
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14767
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
34c57ebe by Andreas Schneider at 2021-12-02T13:59:31+00:00
s3:libnet: Remove tailing whitespaces in libnet_join.c
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14767
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
bb3e0ce8 by Günther Deschner at 2021-12-02T13:59:31+00:00
s3:rpc_client: Pass remote name and socket to cli_rpc_pipe_open_noauth_transport()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14767
Pair-Programmed-With: Andreas Schneider <asn at samba.org>
Signed-off-by: Guenther Deschner <gd at samba.org>
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
be1520d2 by Andreas Schneider at 2021-12-02T13:59:31+00:00
s3:libsmb: Remove trailing white spaces from passchange.c
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
c7ead129 by Günther Deschner at 2021-12-02T13:59:31+00:00
s3:rpc_client: Pass remote name and socket to cli_rpc_pipe_open_with_creds()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14767
Pair-Programmed-With: Andreas Schneider <asn at samba.org>
Signed-off-by: Andreas Schneider <asn at samba.org>
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
62aa7696 by Andreas Schneider at 2021-12-02T13:59:31+00:00
s3:rpc_client: Add remote name and socket to cli_rpc_pipe_open_bind_schannel()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14767
Pair-Programmed-With: Andreas Schneider <asn at samba.org>
Signed-off-by: Guenther Deschner <gd at samba.org>
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
6bf3a39b by Günther Deschner at 2021-12-02T13:59:31+00:00
s3:rpc_client: Pass remote name and socket to cli_rpc_pipe_open_schannel_with_creds()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14767
Pair-Programmed-With: Andreas Schneider <asn at samba.org>
Signed-off-by: Guenther Deschner <gd at samba.org>
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
d1ea9c5a by Andreas Schneider at 2021-12-02T14:49:35+00:00
libcli:auth: Allow to connect to netlogon server offering only AES
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14912
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Thu Dec 2 14:49:35 UTC 2021 on sn-devel-184
- - - - -
f621317e by Andrew Bartlett at 2021-12-03T12:05:42+00:00
dsdb: Use DSDB_SEARCH_SHOW_EXTENDED_DN when searching for the local replicated object
This may allow further processing when the DN normalisation has changed
which changes the indexing, such as seen after fixes for bug 14656.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14656
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14902
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
1e61de83 by Ralph Boehme at 2021-12-03T12:05:42+00:00
CVE-2020-25717: s3-auth: fix MIT Realm regression
This looks like a regression introduced by the recent security fixes. This
commit should hopefully fixes it.
As a quick solution it might be possible to use the username map script based on
the example in https://bugzilla.samba.org/show_bug.cgi?id=14901#c0. We're not
sure this behaves identical, but it might work in the standalone server case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14922
Reported-at: https://lists.samba.org/archive/samba/2021-November/238720.html
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Ralph Boehme <slow at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
- - - - -
5e3df5f9 by Ralph Boehme at 2021-12-03T12:54:04+00:00
smbd: s3-dsgetdcname: handle num_ips == 0
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14923
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Ralph Boehme <slow at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Fri Dec 3 12:54:04 UTC 2021 on sn-devel-184
- - - - -
697abc15 by Douglas Bagnall at 2021-12-03T18:00:34+00:00
samba-tool domain backup: cope better with dangling symlinks
Our previous behaviour was to try to os.stat() the non-existent
target.
The new code greatly improves efficiency for this little task.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14918
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0f7e58b0 by Douglas Bagnall at 2021-12-03T18:00:34+00:00
samba-tool domain backup: backup but do not follow symlinks
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14918
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
dab828f6 by Douglas Bagnall at 2021-12-03T18:53:43+00:00
pytest/source_char: check for mixed direction text
As pointed out in https://lwn.net/Articles/875964, forbidding bidi
marker characters is not always going to be enough to avoid
right-to-left vs left-to-right confusion. Consider this:
$ python -c's = "b = x # 2 * n * m"; print(s); print(s.replace("x", "א").replace("n", "ח"))'
b = x # 2 * n * m
b = א # 2 * ח * m
Those two lines are semantically the same, with the Hebrew letters
"א" and "ח" replacing "x" and "n". But they look like they mean
different things.
It is not enough to say we only allow these scripts (or indeed
non-ascii) in strings and comments, as demonstrated in this example:
$ python -c's = "b = \"x#\" # n"; print(s); print(s.replace("x", "א").replace("n", "ח"))'
b = "x#" # n
b = "א#" # ח
where the second line is visually disordered but looks valid. Any series
of neutral characters between teo RTL characters will be reversed (and
possibly mirrored).
In practice this affects one file, which is a text file for testing
unicode normalisation.
I think, for the reasons shown above, we are unlikely to see legitimate
RTL code outside perhaps of documentation files — but if we do, we can
add those files to the allow-list.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Fri Dec 3 18:53:43 UTC 2021 on sn-devel-184
- - - - -
d6380560 by Ralph Boehme at 2021-12-06T18:24:24+00:00
docs: fix documentation for default of "fruit:zero_file_id"
This got changed by 6e65c283120e3e627f0d8570601263f904529996 without updating
the manpage.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14926
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon Dec 6 18:24:24 UTC 2021 on sn-devel-184
- - - - -
209a3367 by Andrew Bartlett at 2021-12-06T20:56:33+00:00
build: Only use embedded Heimdal include paths in an embedded Heimdal build
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14924
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
98cb41cb by Andrew Bartlett at 2021-12-06T20:56:33+00:00
build: Remove kdc_include except where needed
This include was being set on too many subsystems, including some MIT-related.
This was a problem because it would then trigger the mixing of MIT and Heimdal
krb5.h files. It is now only set on the plugins and services that use the
embedded Heimdal KDC.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14924
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
05c09e8c by Andrew Bartlett at 2021-12-06T21:48:30+00:00
heimdal_build: Prepare for Heimdal upgrade by only building HEIMDAL_ASN1_GEN_HOSTCC when needed.
This will otherwise break the system-heimdal build.
This is correct regardless.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Mon Dec 6 21:48:30 UTC 2021 on sn-devel-184
- - - - -
5e31e8f1 by David Mulder at 2021-12-06T22:08:31+00:00
samba-tool: Create DNS entries on member join
The net ads join command already handles this,
and the call was missing from the python bindings
for samba-tool domain join member.
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
528e5efc by David Mulder at 2021-12-06T22:08:31+00:00
samba-tool: Test DNS record creation on member join
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3bfdbc1e by Andreas Schneider at 2021-12-06T22:08:31+00:00
s3:param: Remove trailing spaces in loadparm.c
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8393adaa by Andreas Schneider at 2021-12-06T22:08:31+00:00
s3:param: Only include smb_ldap.h for LDAP_* defines
There is no need for ads.h which would pull in krb5.h and much more ...
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
93619962 by Andreas Schneider at 2021-12-06T22:08:31+00:00
s4:waf: Fix dependencies for TORTURE_UTIL
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
18788e17 by Andreas Schneider at 2021-12-06T22:08:31+00:00
s3:waf: Fix dependendies for libads
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
61ce2899 by Andreas Schneider at 2021-12-06T22:08:31+00:00
wafsamba: Pass lib to CHECK_DECLS()
This is needed if you have headers in non-standard include paths.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
61404faf by Andreas Schneider at 2021-12-06T22:08:32+00:00
waf:mitkrb5: Detect com_err with pkgconfig first
It is needed as a dependency later!
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
238e4c86 by Andreas Schneider at 2021-12-06T22:08:32+00:00
waf:mitkrb5: Fix MIT KRB5 detection if not in default system location
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8036aa12 by Andreas Schneider at 2021-12-06T22:08:32+00:00
waf:mitkrb5: Always define lib so we get the header include path
If you have libkrb5 in a non-standard include path, we would not check the
latest version but search default paths (e.g. /usr/include) first.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
10983779 by Joseph Sutton at 2021-12-06T22:08:32+00:00
tests/krb5: Only create testing accounts once per test run
This decreases the time that the tests take to run.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3fc9dc23 by Joseph Sutton at 2021-12-06T22:08:32+00:00
tests/krb5: Check logon name in PAC for canonicalization tests
This allows us to ensure that the correct name makes it through to the
PAC.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ff6d325e by Joseph Sutton at 2021-12-06T22:08:32+00:00
tests/krb5: Check ticket cname for Heimdal
This is currently not checked in several places due to STRICT_CHECKING
being set to 0.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
31900a0a by Joseph Sutton at 2021-12-06T22:08:32+00:00
tests/krb5: Add more AS-REQ ENC-TIMESTAMP tests with different encryption types
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
860065a3 by Joseph Sutton at 2021-12-06T22:08:32+00:00
tests/krb5: Add tests for AS-REQ with an SPN
Using a SPN should only be permitted if it is also a UPN, and is not an
enterprise principal.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f8b17214 by Joseph Sutton at 2021-12-06T22:08:32+00:00
tests/krb5: Add tests for enterprise principals with canonicalization
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
23ec41fd by Joseph Sutton at 2021-12-06T22:08:32+00:00
s4:torture: Remove AS_REQ_SELF test stage
This behaviour is already covered by existing Python tests. This test
stage also modifies the request prior to sending it, which can cause
problems with an upgraded Heimdal version.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7eb1e1cc by Joseph Sutton at 2021-12-06T22:57:54+00:00
s4:torture: Remove test combination with enterprise principal without canonicalize flag
This test combination is not needed. Removing it allows us to avoid
modifying requests prior to sending them, which can cause problems with
an upgraded Heimdal version.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Mon Dec 6 22:57:54 UTC 2021 on sn-devel-184
- - - - -
2701293f by Joseph Sutton at 2021-12-07T04:05:34+00:00
s4:torture: Remove pre-send and post-receive callbacks
The client-side testing done by these callbacks is no longer needed, and
the server-side testing is covered by Python-based tests. Removing these
leaves us with a more manageable test of the Kerberos API.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a0d75b1c by Andrew Bartlett at 2021-12-07T04:05:34+00:00
lib/replace: For heimdal_build: Try to use the OS or compiler provided atomic operators
This provides the defines that may be needed to use the
compiler-provided atomics, rather than a fallback.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
dc2222ee by Andrew Bartlett at 2021-12-07T04:05:34+00:00
heimdal_build: Do not build samba4kinit unless building embedded Heimdal
We should not attempt to build local copies of Heimdal utilities against
a system krb5 library.
Inspired by a WIP commit by Stefan Metzmacher <metze at samba.org> in his
lorikeet-heimdal import branch of patches to upgrade to a modern Heimdal.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14924
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
8bd7b316 by Joseph Sutton at 2021-12-07T04:54:35+00:00
kdc: Canonicalize realm for enterprise principals
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Tue Dec 7 04:54:35 UTC 2021 on sn-devel-184
- - - - -
f8e55b36 by Joseph Sutton at 2021-12-07T07:40:33+00:00
tests/krb5: Adjust expected error codes for FAST tests
This allows more of the tests to pass.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1eb1049d by Joseph Sutton at 2021-12-07T07:40:33+00:00
tests/krb5: Don't request renewable tickets
This is not necessary for testing FAST, and was causing some of the
tests to fail.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9c050a4a by Joseph Sutton at 2021-12-07T07:40:33+00:00
tests/krb5: Add test for AD-fx-fast-armor in enc-authorization-data
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
dfe6ef6f by Joseph Sutton at 2021-12-07T07:40:33+00:00
tests/krb5: Add tests for FAST with use-session-key flag and armor ticket
This flag should be ignored and the FAST armor key used instead.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6bf3610c by Joseph Sutton at 2021-12-07T07:40:33+00:00
tests/krb5: Make edata checking less strict
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
45d81d56 by Joseph Sutton at 2021-12-07T07:40:33+00:00
tests/krb5: Allow additional unexpected padata types
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
aa38476d by Joseph Sutton at 2021-12-07T07:40:33+00:00
tests/krb5: Remove magic flag constants
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7d14aedd by Joseph Sutton at 2021-12-07T07:40:33+00:00
tests/krb5: Add test for FAST with invalid ticket checksum
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f03f304d by Joseph Sutton at 2021-12-07T07:40:33+00:00
tests/krb5: Adjust unknown critical FAST option test
Heimdal does not check FAST options when no preauth data is supplied, so
the original test could not pass against Heimdal.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d5cb6a14 by Joseph Sutton at 2021-12-07T07:40:33+00:00
tests/krb5: Don't require claims PAC buffers if STRICT_CHECKING=0
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9844a331 by Joseph Sutton at 2021-12-07T07:40:33+00:00
tests/krb5: Allow 'renew-till' element to be present if STRICT_CHECKING=0
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
221569a1 by Joseph Sutton at 2021-12-07T08:32:42+00:00
tests/krb5: Allow PADATA-ENCRYPTED-CHALLENGE to be missing for skew errors
A skew error means the client just tried using PADATA-ENC-TIMESTAMP or
PADATA-ENCRYPTED-CHALLENGE, so it might not be necessary to announce
them in that case.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Tue Dec 7 08:32:42 UTC 2021 on sn-devel-184
- - - - -
b948aeac by Joseph Sutton at 2021-12-09T02:47:27+00:00
hdb: Initialise HDB structure
Additional fields may be added to this structure without us explicitly
initialising them. This could cause Heimdal to crash upon reading
garbage data, so we should zero-initialise the structure.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu Dec 9 02:47:27 UTC 2021 on sn-devel-184
- - - - -
cd5a5f59 by Andrew Bartlett at 2021-12-09T06:55:33+00:00
build: Add missing dependency on addns
This becomes noticed when we upgrade Heimdal as we do not find
the correct gssapi headers any more.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
102ad9ee by Andrew Bartlett at 2021-12-09T07:42:38+00:00
librpc: match gensec_gssapi and call gsskrb5_set_dns_canonicalize() for Heimdal
This is needed to ensure Heimdal does not attempt to use nss to canonicalize the name.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Thu Dec 9 07:42:38 UTC 2021 on sn-devel-184
- - - - -
ce293eb8 by Stefan Metzmacher at 2021-12-09T13:22:36+00:00
auth/credentials: Handle ENOENT when obtaining ccache lifetime
The new Heimdal may return ENOENT instead of KRB5_CC_END.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
1bacf26d by Stefan Metzmacher at 2021-12-09T13:22:36+00:00
auth/credentials: Fix cli_credentials_shallow_ccache error case
Avoid dangling values if something fails...
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
e2b7a2f7 by Andrew Bartlett at 2021-12-09T14:14:12+00:00
s4-auth: Remove unused headers
These changes were submitted in a patch by
Stefan Metzmacher <metze at samba.org> in his lorikeet-heimdal
import branch of patches to upgrade to a modern Heimdal.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Thu Dec 9 14:14:12 UTC 2021 on sn-devel-184
- - - - -
3d0857c9 by Jeremy Allison at 2021-12-09T18:06:35+00:00
s4: libcli: Add smbcli_unlink_wcard().
We will use this in place of smbcli_unlink() when we
know we are using a wildcard pattern. If can be used
to generally replace smbcli_unlink() as it calls down
to smbcli_unlink() is no wildcard is detected.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
5b7ff5a9 by Jeremy Allison at 2021-12-09T18:06:35+00:00
s4: libcli: In smbcli_deltree() use smbcli_unlink_wcard() in place of smbcli_unlink().
We know we have a wildcard mask here.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
35d8b146 by Jeremy Allison at 2021-12-09T18:06:35+00:00
s4: torture: In raw.notify test use smbcli_unlink_wcard() in place of smbcli_unlink().
We know we have a wildcard mask here.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
78102894 by Jeremy Allison at 2021-12-09T18:06:35+00:00
s4: torture: Use smbcli_unlink_wcard() to remove wildcards in base.chkpath test.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
c697ad1e by Jeremy Allison at 2021-12-09T18:06:35+00:00
s4: torture: Use smbcli_unlink_wcard() to cleanup in base.mangle test.
Avoid using smbcli_unlink() calls with wildcard names.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
367dc3cb by Jeremy Allison at 2021-12-09T18:06:35+00:00
s4: torture: Use smbcli_unlink_wcard() in base.casetable test.
Avoid smbcli_unlink() calls with a wildcard path.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
3a42b351 by Jeremy Allison at 2021-12-09T18:06:35+00:00
s4: torture: Use smbcli_unlink_wcard() to setup and cleanup in masktest.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
770d8375 by Jeremy Allison at 2021-12-09T18:06:35+00:00
s4: libcli: smbcli_unlink() is no longer used with wildcard patterns.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
a0bfb37b by Jeremy Allison at 2021-12-09T18:06:35+00:00
s3: torture: Add torture_deltree() for setup and teardown.
Not yet used.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
3a73178f by Jeremy Allison at 2021-12-09T18:06:35+00:00
s3: torture: In run_smb1_wild_mangle_unlink_test() use torture_deltree() for setup and cleanup.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
7ffc03d5 by Jeremy Allison at 2021-12-09T18:06:35+00:00
s3: torture: In run_smb1_wild_mangle_rename_test() use torture_deltree() for setup and cleanup.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
498b3d92 by Jeremy Allison at 2021-12-09T18:06:35+00:00
s3: torture: In torture_utable(), use torture_deltree() for setup.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
1eeabbf8 by Jeremy Allison at 2021-12-09T18:06:35+00:00
s3: torture: In torture_casetable(), use torture_deltree() for setup and cleanup.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
5a802ae2 by Jeremy Allison at 2021-12-09T18:06:35+00:00
s3: torture: In torture_chkpath_test(), use torture_deltree() for setup and cleanup.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
9398655c by Jeremy Allison at 2021-12-09T18:06:35+00:00
s3: torture: In run_streamerror(), use torture_deltree() for setup.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
6cb9f127 by Jeremy Allison at 2021-12-09T18:06:35+00:00
s3: torture: In test_mask(), use torture_deltree() for setup.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
78ee275c by Jeremy Allison at 2021-12-09T18:06:35+00:00
s3: torture: In torture_mangle(), use torture_deltree() for setup and cleanup.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
ef1d9d31 by Jeremy Allison at 2021-12-09T18:06:35+00:00
s3: torture: In run_smb1_wild_mangle_unlink_test() use a valid pathname for rename target.
The server will not be supporting wildcard rename soon.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
3c9a33ca by Jeremy Allison at 2021-12-09T18:06:35+00:00
s4: torture: Remove the wildcard unlink test code.
This is pre WindowXP SMB1 functionality, and we
need to remove this from the server in order to
move towards SMB2-only, so the test must go.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
fb4e9983 by Jeremy Allison at 2021-12-09T18:06:35+00:00
s4: torture: Remove the wildcard rename test code.
This is pre WindowXP SMB1 functionality, and we
need to remove this from the server in order to
move towards SMB2-only, so the test must go.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
d2aae105 by Jeremy Allison at 2021-12-09T18:06:35+00:00
s3: torture: Remove the wildcard unlink test code.
This is pre WindowXP SMB1 functionality, and we
need to remove this from the server in order to
move towards SMB2-only, so the test must go.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
7f61ff77 by Jeremy Allison at 2021-12-09T18:06:35+00:00
s3: smbd: Remove support for SMBcopy SMB_COM_COPY (0x29)
It's not used in our client code or tested.
>From MS-CIFS.
This command was introduced in the LAN Manager 1.0 dialect
It was rendered obsolete in the NT LAN Manager dialect.
This command was used to perform server-side file copies, but
is no longer used. Clients SHOULD
NOT send requests using this command code.
Servers receiving requests with this command code
SHOULD return STATUS_NOT_IMPLEMENTED (ERRDOS/ERRbadfunc).
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
f46445cb by Jeremy Allison at 2021-12-09T18:06:35+00:00
s3: smbd: In reply_unlink() remove the possibility of receiving a wildcard name.
This was the only user of "has_wild=true" passed to
unlink_internals().
Next commit will remove this functionality from unlink_internals().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
42985702 by Jeremy Allison at 2021-12-09T18:06:35+00:00
s3: smbd: Change unlink_internals() to ignore has_wild parameter.
It's always passed as false now so we can remove the (horrible)
enumeration code for unlink.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
098d63a2 by Jeremy Allison at 2021-12-09T18:06:35+00:00
s3: smbd: Remove 'bool has_wild' parameter from unlink_internals().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
4cfe055c by Jeremy Allison at 2021-12-09T18:06:35+00:00
s3: smbd: Remove UCF_ALWAYS_ALLOW_WCARD_LCOMP flag from pathname processing in reply_mv().
We are no longer supporting wildcard rename via SMBmv (0x7)
as WindowsXP SMB1 and above do not use it.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
f67f25bc by Jeremy Allison at 2021-12-09T18:06:35+00:00
s3: smbd: In smb_file_rename_information() (SMB_FILE_RENAME_INFORMATION info level) prevent destination wildcards.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
ff4bbb12 by Jeremy Allison at 2021-12-09T18:06:35+00:00
s3: smbd: In SMBntrename (0xa5) prevent wildcards in destination name.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
e66148c8 by Jeremy Allison at 2021-12-09T18:06:35+00:00
s3: smbd: In reply_ntrename() remove the UCF_ALWAYS_ALLOW_WCARD_LCOMP flag for destination lookups.
We know the destination will never be a wildcard.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
f44fc915 by Jeremy Allison at 2021-12-09T18:06:35+00:00
s3: smbd: In reply_ntrename(), never set dest_has_wcard.
It can never be true.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
de90620b by Jeremy Allison at 2021-12-09T18:06:35+00:00
s3: smbd: In reply_ntrename() remove 'bool dest_has_wcard' and all uses.
It's always false now.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
885a982b by Jeremy Allison at 2021-12-09T18:06:35+00:00
s3: smbd: Prepare to remove wildcard matching from rename_internals().
src_has_wild and dest_has_wild can never be true.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
3cb5ef1c by Jeremy Allison at 2021-12-09T18:06:35+00:00
s3: smbd: Remove dest_has_wild and all associated code from rename_internals()
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
ff722c0f by Jeremy Allison at 2021-12-09T18:06:35+00:00
s3: smbd: Remove all wildcard code from rename_internals().
We no longer use resolve_wildcards() so comment it out
for later removal. Keep the '{ ... }' block around the
singleton rename for now, to keep the diff small.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
fe92aaa9 by Jeremy Allison at 2021-12-09T18:06:35+00:00
s3: smbd: Remove the commented out resolve_wildcards().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
7ac844ce by Jeremy Allison at 2021-12-09T18:06:35+00:00
s3: smbd: Inside rename_internals() remove '{ ... }' block around singleton rename code.
Best viewed with 'git show -b'
As we're touching the DEBUG() code, change it to modern DBG_NOTICE().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
5190a8bd by Jeremy Allison at 2021-12-09T18:06:35+00:00
s3: smbd: Remove 'const char *src_original_lcomp' parameter from rename_internals().
No longer used.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
4ac91bd0 by Jeremy Allison at 2021-12-09T18:06:35+00:00
s3: smbd: Remove 'const char *src_original_lcomp' from reply_mv()..
No longer used.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
bd98e040 by Jeremy Allison at 2021-12-09T18:57:15+00:00
Update WHATSNEW.txt with removal of wildcard copy, rename and unlink.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Thu Dec 9 18:57:15 UTC 2021 on sn-devel-184
- - - - -
d1934e23 by Volker Lendecke at 2021-12-10T14:02:30+00:00
named_pipe_auth: Bump info4 to info5
We'll add a field soon
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
530fb4fd by Volker Lendecke at 2021-12-10T14:02:30+00:00
named_pipe_auth.idl: Add "need_idle_server"
Once RPC services are done by individual processes, we need to avoid
recursion between processes:
Any RPC server process will be able to serve multiple client requests
simultaneously, but each request is served in a single-threaded
blocking manner.
For example the netlogon RPC service needs to ask samr for
something. The netlogon->samr connection will initially be handled by
a central dispatcher assigning clients to processes. This dispatcher
needs to know that this connection can't end up in the same process
that originated the request.
With this flag an RPC client can request a samr server process that
exclusively serves its own requests and that will not serve anybody
else while serving netlogon.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
1bab7622 by Volker Lendecke at 2021-12-10T14:02:30+00:00
librpc: Add named_pipe_auth_req_info5->transport
This will serve as a check to make sure that in particular a SAMR
client is really root. This is for example used in get_user_info_18()
handing out a machine password.
The unix domain sockets for NCACN_NP can only be contacted by root,
the "np\" subdirectory for those sockets is root/root 0700.
Connecting to such a socket is done in two situations: First, local
real root processes connecting and smbd on behalf of SMB clients
connecting to \\pipe\name, smbd does become_root() there. Via the
named_pipe_auth_req_info4 smbd hands over the SMB session information
that the RPC server blindly trusts. The session information (i.e. the
NT token) is heavily influenced by external sources like the KDC. It
is highly unlikely that we get a system token via SMB, but who knows,
this is information not fully controlled by smbd.
This is where this additional field in named_pipe_auth_req_info5 makes
a difference: This field is set to NCACN_NP by smbd's code, not
directly controlled by the clients. Other clients directly connecting
to a socket in "np\" is root anyway (only smbd can do become_root())
and can set this field to NCALRPC.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
fa445f15 by Volker Lendecke at 2021-12-10T14:02:30+00:00
auth: Fix a typo in auth/gensec/ncalrpc.c
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
00e41d19 by Volker Lendecke at 2021-12-10T14:02:30+00:00
librpc: Get transport out of tstream_npa_accept_existing_recv()
To be used by the RPC servers in the next commit
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
d5fa6263 by Volker Lendecke at 2021-12-10T14:02:30+00:00
rpc_server: Check info5->transport
Eventually, this new mechanism might replace the ncalrpc_as_system mechanism: I
think with this we're much more flexible and even more secure: We rely on the
direct permissions on "np/" and don't have to pretend that the local client
came from a file on /root. We are more flexible because with this mechanism we
can easily fake arbitrary tokens and play with session keys.
However, this would require that the source4 librpc code needs to learn about
this mechanism, which I was not able to complete.
The source3 rpc_server side of this will go away soon, so for now only
allow NCACN_NP there. The check in source4 will stay with us for a
while, so allow NCACN_NP and NCALRPC to be set remotely here. With
NCACN_NP (the case for a client to connect on a named pipe), protect
against accidentially connecting as system.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
afd01424 by Volker Lendecke at 2021-12-10T14:02:30+00:00
test: Prime the kpasswd server
I was getting this failure:
[102(815)/143 at 10m59s] samba4.blackbox.net_ads_dns(ad_member:local)(ad_member:local)
UNEXPECTED(failure): samba4.blackbox.net_ads_dns(ad_member:local).Adding an unprivileged user(ad_member:local)
REASON: Exception: Exception: Could not add user unprivuser. Error setting password Incorrect net address
My preliminary analysis shows that the KRB5KRB_AP_ERR_BADADDR error
message is triggered by the libkrb5 client code. I have not yet shown
this to happen with pure libkrb5, but my theory is the following:
k5_privsafe_check_addrs() fails under the following circumstances: The
kpasswd server is contacted on IPv4 and is slow to reply. After
waiting a bit, libkrb5 also tries to contact kpasswd on
IPv6. kpasswd_sendto_msg_callback() for the IPv6 request changes the
authentication context's local_addr to IPv6. Then the IPv4 request is
replied to, and then k5_privsafe_check_addrs() bails on the address
family in ac->local_addr (IPv6) vs the one received and via the IPv4
connection.
libkrb5's src/lib/krb5/os/changepw.c has this comment:
/*
* TBD: Does this tamper w/ the auth context in such a way
* to break us? Yes - provide 1 per conn-state / host...
*/
I think we're hit by this.
This patch hacks around the situation by priming the kpasswd server
without error checking. If the initial v4 request is quick enough
because the kpasswd server is already started up properly, everything
works flawlessly.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
a60c7b4f by Volker Lendecke at 2021-12-10T14:02:30+00:00
s3:services: Disable rcinit-based service control code
This is a become_root user callout that I have never seen in use in
more than 20 years of Samba. Why disable now? In the next commit I
need to make a change to initializing the registry values for
services, the svcctl service won't be able to do registry transactions
anymore. I'm not sure that going without transactions is 100% safe in
all failure cases, so I decided to propose disabling the problematic
code that might lead to security issues.
One fix might be to add a lot more validation code to
_svcctl_OpenServiceW() to see whether the registry values underlying
the service are sane.
Yes, this is technical debt, but I would question that starting unix
daemons via DCERPC used at all out there.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
f83f7bd6 by Volker Lendecke at 2021-12-10T14:02:30+00:00
s3:rpc_server: Remove direct registry access from svcctl_init_winreg
Once we do registry access via a pipe into a different process, a
registry client won't be able to directly do registry transactions
anymore. In this case, I argue that doing this in a transactioned way
is overkill anyway. svcctl_init_winreg() just sets up some registry
keys, and if that leaves behind some stale entries if it fails
somewhere in the middle, it does not really matter because the only
one looking at these registry keys is the svcctl service, and that
only starts up if the init function was successfully run.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
ebc3918f by Volker Lendecke at 2021-12-10T14:02:30+00:00
s3:rpc_client: Bump debug level for ncalrpc connect error
This does not have to go to syslog by default always, it might be just
a daemon not listening.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
3284ee99 by Volker Lendecke at 2021-12-10T14:02:30+00:00
dcesrv_core: Add dcesrv_context_set_callbacks()
We'll need to set custom callbacks on source3's global_dcesrv_ctx,
which right now is deeply embedded. Once we have everything more
nicely layered, this can go again.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
95659031 by Volker Lendecke at 2021-12-10T14:02:30+00:00
backupkey.idl: Don't listen on \\pipe\ntsvcs
[MS-BKRP] says it SHOULD listen here. In the ad dc, this conflicts
with smbd's srv_ntsvcs_nt.c listening also on nt ntsvcs unix domain
socket. Because "samba" starts smbd after itself, smbd takes over the
socket anyway, backupkey can't have been reached over this transport.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
da90c02b by Volker Lendecke at 2021-12-10T14:02:30+00:00
dcesrv_core: Add dcesrv_loop_next_packet()
This is used by the helpers of samba-dcerpcd: When accepting a DCERPC
client, normally the server engine would read the initial bind
packet. In case of samba-dcerpcd the bind packet will already be read
from the socket, so we need to inject it into the rpc server engine
externally.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
a697814e by Volker Lendecke at 2021-12-10T14:02:30+00:00
idl: Define messages sent between samba-dcerpcd and rpcd's
MSG_RPC_DUMP_STATUS will be like pool-usage carrying a file descriptor to
report status to, the other two are described in rpc_host.idl.
NOALIGN on rpc_worker_status: This makes it easier to count bytes to
push into a static buffer.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
8ffeb18b by Jeremy Allison at 2021-12-10T14:02:30+00:00
docs-xml: Add "rpc start on demand helpers", true by default.
If "true" allow smbd and winbindd to spawn samba-dcerpcd
as a named pipe helper. Allows upgrade without any change
to smb.conf. If samba-dcerpcd is run as a daemon this
must be set to "false".
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
3ca7c640 by Volker Lendecke at 2021-12-10T14:02:30+00:00
s3:rpc_server: Add samba-dcerpcd
Central dispatcher for incoming RPC requests, supported by helpers
that implement RPC services.
Upon startup, it asks all helpers which interfaces and endpoints to
listen on so it doesn't interfere with the samba binary when we're
configured as an Active Directory Domain Controller, then samba-dcerpcd
opens the relevant sockets. Once clients connect, start required helpers
and tell them to shut down once idle for a while.
Can be started as a full standalone daemon without smbd involved or as
a helper daemon started on demand by smbd or winbind or other local
processes trying to connect to a named pipe based RPC service.
NB. To start as a standalone daemon the smb.conf [global] option
"rpc start on demand helpers = false" must be set.
By default "rpc start on demand helpers = true"
in order to allow upgrades without needing an smb.conf change.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
4d75f08f by Volker Lendecke at 2021-12-10T14:02:30+00:00
s3:rpc_client: Add local_np_connect()
This will be used for internal pipe connects. It starts samba_dcerpc
on demand if it's not there yet, so long as smb.conf [global]
has "rpc start on demand helpers = true" (the default setting).
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
d3e1ece1 by Volker Lendecke at 2021-12-10T14:02:30+00:00
s3:rpc_server: Implement the rpcd_* helper-end of the samba-dcerpc protocol
This is the generic code that becomes the
template that all rpcd_* instances that
serve DCERPC can use to provide services to samba-dcerpcd.
The external entry point is:
rpc_worker_main() which takes an argc/argv list
and two functions:
get_interfaces() - List all interfaces that this server provides
get_servers() - Provide the RPC server implementations
Each rpcd_* service needs only to provide
the implementations of get_interfaces() and get_servers()
and call rpc_worker_main() from their main() function
to provide services that can be connected to from samba-dcerpcd.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
188586dd by Volker Lendecke at 2021-12-10T14:02:30+00:00
s3:rpc_client: Add rpc_pipe_open_local_np()
Helper routine to connect to bind to a locally started rpcd_* process's
rpc interface.
Based upon local_np_connect() to start samba-dcerpcd on demand if it's
not there, designed to replace our internal RPC interfaces where the
RPC server runs in the same process. This will be called from winbindd_cm.c
and source3/rpc_server/rpc_ncacn_np.c
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
3aee4c17 by Volker Lendecke at 2021-12-10T14:02:30+00:00
smbcontrol: Add rpc-dump-status
Get status information out of samba-dcerpcd and its RPC helpers.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
c2b8cf05 by Volker Lendecke at 2021-12-10T14:02:30+00:00
s3:printing: Move pcap_cache_loaded() to load.c
A future patch will remove the PRINTING dependency from smbd, but in
delete_and_reload_printers() we still reference it.
Maybe at some later stage we can remove reload_printers() overall, we
don't really need to load the full printer list into every smbd. All
we need is to load them on-demand for explicit listing functions, but
there we can throw them away again. And when someone connects to the
printer, we can also load them on demand.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
a0075a1f by Volker Lendecke at 2021-12-10T14:02:30+00:00
unittest: Remove test_sambafs_srv_pipe
is_known_pipename() will be removed soon
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
a350a000 by Volker Lendecke at 2021-12-10T14:02:30+00:00
s3:rpc_server: Make npa_state_init() public
Will be used later in client tools.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
3fb2fd49 by Volker Lendecke at 2021-12-10T14:02:30+00:00
s3:winbind: Close internal RPC pipes after 5 idle seconds
Even internal pipes have a small cost, external ones will block a
process from exiting soon.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
d522a8cc by Volker Lendecke at 2021-12-10T14:02:30+00:00
s3:rpc_server: Add samba-dcerpcd helper programs
These are rpcd_* binaries.
rpcd_classic collects everything that's not specific
Changes the epmapper to read the epmdb.tdb, which will make the
epmapper tests non-bisectable until the switch is done.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
a7c65958 by Volker Lendecke at 2021-12-10T14:02:30+00:00
s3:rpc_server: Activate samba-dcerpcd
This is the big switch to use samba-dcerpcd for the RPC services in
source3/. It is a pretty big and unordered patch, but I don't see a
good way to split this up into more manageable pieces without
sacrificing bisectability even more. Probably I could cut out a few
small ones, but a major architechtural switch like this will always be
messy.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
9e3ee8c4 by Volker Lendecke at 2021-12-10T14:02:30+00:00
printing: Remove "start_daemons" from printing_subsystem_init()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
730f7dfd by Volker Lendecke at 2021-12-10T14:02:30+00:00
s3:rpc_server: Delete unused code and doc references
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
7b62fa96 by Volker Lendecke at 2021-12-10T14:02:30+00:00
dcesrv_core: Remove unused dcesrv_reinit_context()
This was only used in the prefork source3 rpc servers
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
ea2ec7ea by Jeremy Allison at 2021-12-10T14:52:54+00:00
WHATSNEW. Added section about samba-dcerpcd.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Fri Dec 10 14:52:54 UTC 2021 on sn-devel-184
- - - - -
f7e1a81c by Andreas Schneider at 2021-12-11T00:25:46+00:00
s3:torture: Initialize pointer with NULL
source3/torture/torture.c:4309:17: error: ‘pname’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
4309 | printf("qfilename gave different name? [%s] [%s]\n",
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
4310 | fname, pname);
| ~~~~~~~~~~~~~
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Sat Dec 11 00:25:46 UTC 2021 on sn-devel-184
- - - - -
03333482 by Jeremy Allison at 2021-12-11T07:17:28+00:00
s3: smbd: Move setting of dirtype if FILE_ATTRIBUTE_NORMAL to do_unlink()..
Now we don't use wildcards when calling in unlink_internals()
the logic inside it serves no purpose and can be replaced with
a direct call to do_unlink() (which we will rename to unlink_internals())..
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
e60360c4 by Jeremy Allison at 2021-12-11T07:17:28+00:00
s3: smbd: Move to modern debug calls inside do_unlink().
We will be changing its name next.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
b2a0664d by Jeremy Allison at 2021-12-11T07:17:28+00:00
s3: smbd: Comment out the old unlink_internals(). Rename do_unlink() -> unlink_internals().
One parameter needs changing position. The logic inside unlink_internals()
is no longer needed if it doesn't accept wildcards. filename_convert()
already handles mangled names just fine, so we don't need this logic.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
6db08012 by Jeremy Allison at 2021-12-11T07:17:28+00:00
s3: smbd: Remove the old unlink_internals() implementation.
No longer used. filename_convert() already handles mangled
names just fine, so we don't need this logic.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
d58b9094 by Jeremy Allison at 2021-12-11T07:17:28+00:00
s3: smbd: Handling SMB_FILE_RENAME_INFORMATION, the destination name is a single component.
No errors should be allowed from filename_convert().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
07df94ad by Jeremy Allison at 2021-12-11T07:17:28+00:00
s3: smbd: In rename_internals_fsp(), remove unneeded call to check_name()..
All callers have gone through filename_convert(), which has
already called check_name() on the destination.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
449aa415 by Jeremy Allison at 2021-12-11T07:17:28+00:00
s3: smbd: check_name() is now static to filename.c
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
a325cb09 by Jeremy Allison at 2021-12-11T07:17:28+00:00
s3: smbd: In rename_internals(), remove the name spliting and re-combining code.
filename_convert() handles mangled names just fine, so we don't
need to split the last component and check for mangle.
Now we don't take wildcard names this is not needed. This was the
last caller of split_fname_dir_mask(), so ifdef it out.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
a3acb869 by Jeremy Allison at 2021-12-11T07:17:28+00:00
s3: smbd: Remove split_fname_dir_mask().
No longer used.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
18a1cc63 by Jeremy Allison at 2021-12-11T07:17:28+00:00
s3: smbd: In call_trans2findfirst() we don't need filename_convert_with_privilege() anymore.
It was extra-paranoid code now not needed as the new VFS
version of filename_convert() does the same job.
There are now no remaining callers of filename_convert_with_privilege().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
59b7101a by Jeremy Allison at 2021-12-11T07:17:28+00:00
s3: smbd: Remove filename_convert_with_privilege(). No longer used.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
b18c2aba by Jeremy Allison at 2021-12-11T07:17:28+00:00
s3: smbd: In filename_convert_internal(), remove call to check_name_with_privilege().
We now always pass NULL as struct smb_request *smbreq,
so this code path can never be taken.
Comment out check_name_with_privilege() as it's now
no longer used.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
02f84030 by Jeremy Allison at 2021-12-11T07:17:28+00:00
s3: smbd: Remove unused check_name_with_privilege().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
5425f2aa by Jeremy Allison at 2021-12-11T07:17:28+00:00
s3: smbd: Remove now unused check_reduced_name_with_privilege().
We now only have one function that does this check (check_reduced_name()),
used everywhere.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
14e0dd43 by Jeremy Allison at 2021-12-11T07:17:28+00:00
s3: smbd: filename_convert() is now a one-to-one wrapper around filename_convert_internal().
Remove filename_convert() and rename filename_convert_internal() -> filename_convert().
Move the old DEBUG(..) statements to DBG_XXX() so they don't print the wrong name.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
a568e92e by Jeremy Allison at 2021-12-11T07:17:28+00:00
s3: smbd: In dfs_path_lookup(). If we have a DFS path including a @GMT-token, don't throw away the twrp value when parsing the path.
Not yet used.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
addbf4cc by Jeremy Allison at 2021-12-11T07:17:28+00:00
s3: smbd: Allow dfs_redirect() to return a TWRP token it got from a parsed pathname.
This one is subtle. If an SMB1 request has both a DFS path and a @GMT token,
the unix_convert() inside the DFS path processing will remove the @GMT
token, not allowing the subsequent unix_convert() inside filename_convert()
to see it. By returning it from dfs_redirect() we can ensure it's correctly
added to the smb_filename returned from filename_convert().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
3ca82218 by Jeremy Allison at 2021-12-11T07:17:28+00:00
s3: smbd: Add filename_convert_smb1_search_path() - deals with SMB1 search pathnames.
SMB1search and trans2 findfirst are unique in that
they are the only passed in pathnames that can contain
a terminal wildcard component.
Deal with these two special cases with this new function
that strips off the terminal wildcard and returns as
the mask, and pass the non-wildcard parent directory
component through the standard filename_convert().
Uses new helper function strip_gmt_from_raw_dfs().
When SMB1search and trans2 findfirst have been
converted to use this function, we can strip all
wildcard handling out of filename_convert() as
we now know it will only ever be given valid
pathnames.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
1658fad3 by Jeremy Allison at 2021-12-11T07:17:28+00:00
s3: smbd: Convert reply_search() to use filename_convert_smb1_search_path().
Cleans up this code path nicely !
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
fa45c91c by Jeremy Allison at 2021-12-11T07:17:28+00:00
s3: smbd: Fix call_trans2findfirst() to use filename_convert_smb1_search_path().
filename_convert() no longer has to handle wildcards.
UCF_ALWAYS_ALLOW_WCARD_LCOMP is now unused.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
18125747 by Jeremy Allison at 2021-12-11T07:17:28+00:00
s3: smbd: dfs_path_lookup() no longer deals with wildcards.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
52ca4bf6 by Jeremy Allison at 2021-12-11T07:17:28+00:00
s3: smbd: Remove 'bool search_wcard_flag' from parse_dfs_path().
Never set.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
24002be5 by Jeremy Allison at 2021-12-11T07:17:29+00:00
s3: smbd: parse_dfs_path() can ignore wildcards.
If one is passed to filename_convert(), it will error out there
with NT_STATUS_OBJECT_NAME_INVALID.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
da1417fb by Jeremy Allison at 2021-12-11T07:17:29+00:00
s3: smbd: filename_convert() no longer deals with wildcards.
These are already errored out with NT_STATUS_OBJECT_NAME_INVALID
in the unix_convert() code.
Remove the check.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
e1cc3e3a by Jeremy Allison at 2021-12-11T07:17:29+00:00
s3: smbd: Inside 'struct uc_state', remove allow_wcard_last_component.
This is never allowed.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
6f15f8b6 by Jeremy Allison at 2021-12-11T07:17:29+00:00
s3: smbd: We no longer need determine_path_error().
Now we don't have to consider wildcards just
return NT_STATUS_OBJECT_PATH_NOT_FOUND for
the cases we used to call it.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
6493d39b by Jeremy Allison at 2021-12-11T07:17:29+00:00
s3: smbd: UCF_ALWAYS_ALLOW_WCARD_LCOMP 0x00000002 is no longer used.
Hurrah !
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
1d52a4a4 by Jeremy Allison at 2021-12-11T07:17:29+00:00
s3: smbd: Inside unix_convert(), never set state->name_is_wildcard.
We error out immediately if it's set anyway.
Preparing to remove 'state->name_is_wildcard' structure element.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
b21ba035 by Jeremy Allison at 2021-12-11T07:17:29+00:00
s3: smbd: In unix_convert(), remove all references to state->name_has_wildcard.
It is never set.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
ce6b3ba4 by Jeremy Allison at 2021-12-11T07:17:29+00:00
s3: smbd: In unix_convert() remove the now unneeded block indentation.
We removed the 'if (state->name_has_wildcard) {' clause, so
the block no longer needs indenting.
Best seen with git show -b.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
e6f02698 by Jeremy Allison at 2021-12-11T07:17:29+00:00
s3: smbd: In unix_convert_step() remove all use of 'state->name_was_wildcard'
We know it is never true.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
0ecb5e3e by Jeremy Allison at 2021-12-11T07:17:29+00:00
s3: smbd: In unix_convert_step_stat() remove use of state->name_was_wildcard.
It can never be true.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
25c87b70 by Jeremy Allison at 2021-12-11T08:07:14+00:00
s3: smbd: Remove 'struct uc_state' name_has_wildcard element.
It is never set or looked at.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Sat Dec 11 08:07:14 UTC 2021 on sn-devel-184
- - - - -
57c56d89 by Jeremy Allison at 2021-12-11T11:14:31+00:00
s4: torture: Fix raw.search:test_one_file() to use torture_result() instead of printf.
I think this test pre-dates torture_result.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
00fd039c by Jeremy Allison at 2021-12-11T11:14:31+00:00
s4: torture: In raw.search:test_one_file() remove the leading '\\' in the test filenames.
We'll soon be using this under SMB1+POSIX and neither Windows or POSIX
need a leading '\\' (and SMB1+POSIX sees the '\\' as part of the name).
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
59fa3806 by Jeremy Allison at 2021-12-11T11:14:31+00:00
s3: smbd: Tighten up info level checks for SMB1+POSIX to make sure POSIX was negotiated first.
Add knownfail file
knownfail.d/posix_infolevel_fails
for tests that don't currently negotiate
SMB1+POSIX before using SMB1+POSIX calls.
These are:
samba3.smbtorture_s3.plain.POSIX-BLOCKING-LOCK.smbtorture\(nt4_dc_smb1\)
samba3.blackbox.acl_xattr.NT1.nt_affects_posix.*
samba3.blackbox.acl_xattr.NT1.nt_affects_chown.*
samba3.blackbox.acl_xattr.NT1.nt_affects_chgrp.*
samba3.blackbox.inherit_owner.*.NT1.*verify.*unix\ owner.*
samba3.unix.info2.info2\(nt4_dc_smb1\)
samba3.unix.info2.info2\(ad_dc_smb1\)
samba3.raw.search.one\ file\ search.*
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
4bd1f760 by Jeremy Allison at 2021-12-11T11:14:31+00:00
s3: smbclient: Give a message if we try and use any POSIX command without negotiating POSIX first.
Ensure we only use a POSIX command if POSIX is set up.
Issue the message: Command "posix" must be issued before the "XXXX" command can be used.
After the parameter parsing has been done.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
d681a4b0 by Jeremy Allison at 2021-12-11T11:14:31+00:00
s4: torture: In raw.search:test_one_file() add a second connection.
Change from torture_suite_add_1smb_test() to torture_suite_add_2smb_test().
Not yet used. We will need this to do SMB1+POSIX search calls on
a connection on which we have negotiated SMB1+POSIX.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
aaa6d09f by Jeremy Allison at 2021-12-11T11:14:31+00:00
s4: torture: raw.search: Add setup_smb1_posix(). Call it on the second connection in test_one_file().
Not yet used.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
397cc759 by Jeremy Allison at 2021-12-11T11:14:31+00:00
s4: torture: Fix raw.search:test_one_file() by using the SMB1+POSIX connection for POSIX info levels.
Remove the following entry in knownfail.d/posix_infolevel_fails.
^samba3.raw.search.one\ file\ search.*
from knownfail.d/posix_infolevel_fails
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
6453e5aa by Jeremy Allison at 2021-12-11T11:14:31+00:00
s4: torture: Fix unix.info2 test to actually negotiate SMB1+POSIX before using POSIX calls.
Cope with the minor difference in wildcard search return when
we're actually using SMB1+POSIX on the server (SMB1+POSIX treats
all directory search paths as wildcards).
Remove the following entries in knownfail.d/posix_infolevel_fails.
samba3.unix.info2.info2\(nt4_dc_smb1\)
samba3.unix.info2.info2\(ad_dc_smb1\)
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
e7f2cfb5 by Jeremy Allison at 2021-12-11T11:14:31+00:00
s3: tests: Fix the samba3.blackbox.inherit_owner test to actually negotiate SMB1+POSIX before using POSIX calls.
Remove the following entry in knownfail.d/posix_infolevel_fails.
samba3.blackbox.inherit_owner.*.NT1.*verify.*unix\ owner.*
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
89f284af by Jeremy Allison at 2021-12-11T11:14:31+00:00
s3: tests: Fix the samba3.blackbox.acl_xattr test to actually negotiate SMB1+POSIX before using POSIX calls.
Remove the following entries in knownfail.d/posix_infolevel_fails.
samba3.blackbox.acl_xattr.NT1.nt_affects_posix.*
samba3.blackbox.acl_xattr.NT1.nt_affects_chown.*
samba3.blackbox.acl_xattr.NT1.nt_affects_chgrp.*
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
b5e7e7b6 by Jeremy Allison at 2021-12-11T12:03:36+00:00
s3: smbtorture3: Fix POSIX-BLOCKING-LOCK to actually negotiate SMB1+POSIX before using POSIX calls.
This must be done before doing POSIX calls on a connection.
Remove the final entry in knownfail.d/posix_infolevel_fails
samba3.smbtorture_s3.plain.POSIX-BLOCKING-LOCK.smbtorture\(nt4_dc_smb1\)
And remove the file knownfail.d/posix_infolevel_fails itself.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Sat Dec 11 12:03:36 UTC 2021 on sn-devel-184
- - - - -
1dc80304 by Bernd Kuhls at 2021-12-13T16:22:28+00:00
lib/util: Add signal.h include
Fixes build error with samba-4.15.3 and uClibc:
../../source3/printing/samba-bgqd.c: In function ‘main’:
../../source3/printing/samba-bgqd.c:340:21: error: ‘SIGPIPE’ undeclared (first use in this function); did you mean ‘EPIPE’?
../../source3/printing/samba-bgqd.c:384:14: error: ‘SIGTERM’ undeclared (first use in this function)
Signed-off-by: Bernd Kuhls <bernd.kuhls at t-online.de>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Mon Dec 13 16:22:28 UTC 2021 on sn-devel-184
- - - - -
62dab392 by Volker Lendecke at 2021-12-15T00:15:33+00:00
configure: Check for __atomic_add_fetch() and __atomic_load()
To be used in the tdb_seqnum code soon
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
b9f06ab3 by Volker Lendecke at 2021-12-15T00:15:33+00:00
tdb: Use atomic operations for tdb_[increment|get]_seqnum
With locking.tdb now based on g_lock.c code, we change locking.tdb a
lot more often. I have a customer case where LDX tortures smbd very
hard with 800+ concurrent connections, which now completely falls over
where 4.12 still worked fine. Some debugging showed a thundering herd
on fcntl locking.tdb index 48 (TDB_SEQNUM_OFS). We still use fcntl for
the seqnum, back when we converted the chainlocks to mutexes we did
not consider it to be a problem. Now it is, but all we need to do with
the SEQNUM is to increment it, so an __atomic_add_fetch() of one is
sufficient.
I've taken a look at the C11 standard atomics, but I could not figure
out how to use them properly, to me they seem more general to be
initialized first etc. All we need is a X86 "lock incl 48(%rax)" to be
emitted, and the gcc __atomic_add_fetch seems to do this.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
5b526f45 by Volker Lendecke at 2021-12-15T01:03:56+00:00
tdb: Raw performance torture to beat tdb_increment_seqnum
Running this on sn-devel-184 takes ~14 seconds with the atomic
ops. Without them I did not wait for it to finish. After reducing
NPROCS from 500 to 50 it still ran for more than a minute.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Dec 15 01:03:56 UTC 2021 on sn-devel-184
- - - - -
f00eb848 by Andreas Schneider at 2021-12-15T03:41:32+00:00
s4:mitkdc: Initilalize is_error with errno instead of EPERM(1)
Signed-off-by: Andreas Schneider <asn at cryptomilk.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c69bfa09 by Andreas Schneider at 2021-12-15T03:41:32+00:00
s4:mitkdc: Use talloc_get_type_abort() in ks_get_context()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b46a942f by Andreas Schneider at 2021-12-15T03:41:32+00:00
s4:mitkdc: Reset errno to 0 for com_err messages
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e95fb04c by Andreas Schneider at 2021-12-15T03:41:32+00:00
s4:mitkdc: Add support for pac_attrs and requester_sid
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
731d9c42 by Andreas Schneider at 2021-12-15T03:41:32+00:00
s4:mitkdc: Pass NULL to ks_get_pac() as the client_key
This is unused with MIT KRB5 < 1.20 as this is probably not the right key.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3a3f7fea by Andreas Schneider at 2021-12-15T03:41:32+00:00
s4:mitkdc: Do not allocate the PAC buffer in samba_make_krb5_pac()
This will be allocated by the KDC in MIT KRB5 1.20 and newer.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
abbeb5c2 by Andreas Schneider at 2021-12-15T03:41:32+00:00
s4:mitkdc: Call krb5_pac_init() in kdb_samba_db_sign_auth_data()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7dfcbc4e by Joseph Sutton at 2021-12-15T03:41:32+00:00
tests/krb5: Add tests for PAC buffer alignment
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
31f3e815 by Joseph Sutton at 2021-12-15T03:41:32+00:00
Revert "s4/heimdal/lib/krb5/pac.c: Align PAC buffers to match Windows"
This alignment should be done on the Samba side instead.
This reverts commit 28a5a586c8e9cd155d676dcfcb81a2587ace99d1.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
bba30095 by Joseph Sutton at 2021-12-15T03:41:32+00:00
kdc: Pad UPN_DNS_INFO PAC buffer
Padding this buffer to a multiple of 8 bytes allows the PAC buffer
padding to match Windows.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
030afa6c by Joseph Sutton at 2021-12-15T03:41:32+00:00
s4:torture: Remove comments that are no longer relevant
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3b23ae59 by Joseph Sutton at 2021-12-15T03:41:32+00:00
s4:torture: Fix typo
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1eb91291 by Joseph Sutton at 2021-12-15T03:41:32+00:00
tests/krb5: Generate unique UPNs for enterprise tests
This helps to avoid problems with account creation on Windows due to UPN
uniqueness constraints.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
100be7eb by Joseph Sutton at 2021-12-15T03:41:32+00:00
tests/krb5: Correctly determine whether tickets are service tickets
Previously we expected tickets to contain a ticket checksum if the sname
was not the krbtgt. However, the ticket checksum should not be present
if we are performing an AS-REQ to our own account. Now we determine a
ticket is a service ticket only if the request is also a TGS-REQ.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0f4eca77 by Joseph Sutton at 2021-12-15T04:33:11+00:00
tests/krb5: Add tests for AS-REQ to self with FAST
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed Dec 15 04:33:11 UTC 2021 on sn-devel-184
- - - - -
8767f60a by Jeremy Allison at 2021-12-15T18:36:31+00:00
s3: smbd: In check_parent_exists() use utility function vfs_stat().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
89574ed3 by Jeremy Allison at 2021-12-15T18:36:31+00:00
s3: smbd: In setup_close_full_information() use vfs_stat() helper function.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
c94d919f by Noel Power at 2021-12-15T18:36:31+00:00
s3: smbd: In setup_close_full_information() the posix_open parameter is not needed anymore.
Signed-off-by: Noel Power <npower at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d8f09c1b by Jeremy Allison at 2021-12-15T18:36:31+00:00
s3: smbd: In stat_cache_lookup(), use vfs_stat() utility function.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
- - - - -
da2d61ba by Noel Power at 2021-12-15T18:36:31+00:00
s3: smbd: In stat_cache_lookup(), remove unused posix_paths param.
Signed-off-by: Noel Power <npower at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
b0a41119 by Jeremy Allison at 2021-12-15T18:36:31+00:00
s3: smbd: In smbd_smb2_getinfo_send(), use vfs_stat() utility function.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
- - - - -
04a4cd2a by Jeremy Allison at 2021-12-15T18:36:31+00:00
s3: smbd: In vfs_stat_smb_basename() use vfs_stat() helper function.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
eb0e68d0 by Jeremy Allison at 2021-12-15T18:36:31+00:00
s3: smbd: In parent_dirname_compatible_open(), use helper function vfs_stat().
This is a change in behavior, but the old behavior was incorrect.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
8c0f34f0 by Jeremy Allison at 2021-12-15T18:36:31+00:00
s3: smbd: In call_trans2qfilepathinfo(), TRANSACT2_QFILEINFO case, use helper function vfs_stat().
This isn't a change in behavior, even though the
old comment says: "Always do lstat for UNIX calls".
A previous commit enforces POSIX pathname negotiation
before allowing UNIX info levels to be processed here,
so we can guarantee that SMB_FILENAME_POSIX_PATH is set
on smb_fname if we're allowing a UNIX info level.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
80e3f4e5 by Jeremy Allison at 2021-12-15T18:36:31+00:00
s3: smbd: In call_trans2qfilepathinfo(), TRANSACT2_QPATHINFO on a named stream case, use helper function vfs_stat().
This isn't a change in behavior, even though the
old comment says: "Always do lstat for UNIX calls".
A previous commit enforces POSIX pathname negotiation
before allowing UNIX info levels to be processed here,
so we can guarantee that SMB_FILENAME_POSIX_PATH is set
on smb_fname if we're allowing a UNIX info level.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
de88369c by Jeremy Allison at 2021-12-15T18:36:31+00:00
s3: smbd: In call_trans2qfilepathinfo(), TRANSACT2_QPATHINFO, use helper function vfs_stat().
This isn't a change in behavior, even though the
old comment says: "Always do lstat for UNIX calls".
A previous commit enforces POSIX pathname negotiation
before allowing UNIX info levels to be processed here,
so we can guarantee that SMB_FILENAME_POSIX_PATH is set
on smb_fname if we're allowing a UNIX info level.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
eabcaa2e by Jeremy Allison at 2021-12-15T18:36:31+00:00
s3: smbd: call_trans2setfilepathinfo(), TRANSACT2_SETFILEINFO case, use helper function vfs_stat().
This isn't a change in behavior, even though the
old comment says: "Always do lstat for UNIX calls".
A previous commit enforces POSIX pathname negotiation
before allowing UNIX info levels to be processed here,
so we can guarantee that SMB_FILENAME_POSIX_PATH is set
on smb_fname if we're allowing a UNIX info level.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
d508dff6 by Jeremy Allison at 2021-12-15T18:36:31+00:00
s3: smbd: Inside call_trans2setfilepathinfo(), for the TRANSACT2_SETPATHINFO case, ensure we have a VALID_STAT return from filename_convert().
Remember, filename_convert() can return NT_STATUS_OK
with !VALID_STAT() if the last component doesn't exist,
as this may be an object create.
For call_trans2setfilepathinfo(), there are only 4 info levels
for the TRANSACT2_SETPATHINFO (pathname) case that don't require
an existing filesystem object (i.e. a VALID_STAT()) in the return
from filename_convert() as they can create an object in the
filesystem.
If we don't get a VALID_STAT() and the info level isn't one of
those 4, error out.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
834aa7bb by Jeremy Allison at 2021-12-15T18:36:31+00:00
s3: smbd: Inside call_trans2setfilepathinfo(), for the TRANSACT2_SETPATHINFO case, we don't need to re-stat.
If we need a valid filesystem object, and we have a !VALID_STAT()
return from filename_convert(), the previous commit has already
errored out. We don't need a re-stat call here.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
6000d340 by Jeremy Allison at 2021-12-15T18:36:31+00:00
s3: smbd: In call_trans2qfilepathinfo(), we must have an existing object in the QPATHINFO case.
qpathinfo must operate on an existing file, so we
can exit early if filename_convert() returned the "new file"
NT_STATUS_OK, !VALID_STAT case.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
c8c3c547 by Jeremy Allison at 2021-12-15T19:26:50+00:00
s3: smbd: In call_trans2qfilepathinfo(), remove unneeded vfs_stat().
We know at this point that we have VALID_STAT(smb_fname->st).
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Dec 15 19:26:50 UTC 2021 on sn-devel-184
- - - - -
9bd0fbf5 by Andreas Schneider at 2021-12-15T19:32:30+00:00
s3:lib: Fix memory leak in netapi examples
Found by covscan.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e8e1a74d by Andreas Schneider at 2021-12-15T19:32:30+00:00
s3:lib: Do not close fd = -1 on fail in netapi example
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e25af2bc by Andreas Schneider at 2021-12-15T19:32:30+00:00
lib:util: Check return value of tdb_parse_record()
This makes covscan happy.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
3397e04d by Andreas Schneider at 2021-12-15T19:32:30+00:00
s3:libnet: Initialize struct ODJ_POLICY_DNS_DOMAIN_INFO
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
90fd7674 by Andreas Schneider at 2021-12-15T19:32:30+00:00
ctdb:client: Initialize structs and pointers in ctdb_ctrl_(en|dis)able_node()
Found by covscan.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
116123e9 by Andreas Schneider at 2021-12-15T19:32:30+00:00
s4:dns_server: Remove less-than-zero comparison of an unsigned value
This will never be true. Found by covscan
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
092e1129 by Andreas Schneider at 2021-12-15T19:32:30+00:00
s3:winbindd: Remove dead code from sam_rids_to_names()
domain_name is never NULL in this case. Found by covscan.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
31b9208d by Andreas Schneider at 2021-12-15T19:32:30+00:00
lib:krb_wrap: Add missing error check in smb_krb5_salt_principal_str()
Found by covscan.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
4e9a58f3 by Andreas Schneider at 2021-12-15T19:32:30+00:00
lib:util: Initialize pid
Found by covscan
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
eae4c54e by Andreas Schneider at 2021-12-15T20:22:47+00:00
s3:winbind: Fix using normalized name in sam_name_to_sid()
name is never read again, we want lsa_name to be set.
Found by covscan.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Dec 15 20:22:47 UTC 2021 on sn-devel-184
- - - - -
20c85cc1 by Günther Deschner at 2021-12-16T03:05:30+00:00
pam_winbind: add new pwd_change_prompt option (defaults to off).
This change disables the prompt for the change of an expired password by
default (using the PAM_RADIO_TYPE mechanism if present).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=8691
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Dec 16 03:05:30 UTC 2021 on sn-devel-184
- - - - -
5fa7f73b by Jeremy Allison at 2021-12-16T07:33:09+00:00
s3: smbd: In setup_close_full_information(), remove unneeded vfs_stat().
After openat_pathref_fsp() is successful we know we have a VALID_STAT().
It either returns NT_STATUS_OK or we look at the stat
struct for S_ISLNK so we know we have VALID_STAT().
If it's not successful we error out, so we don't need
another vfs_stat() here.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Dec 16 07:33:09 UTC 2021 on sn-devel-184
- - - - -
36325f1e by Andreas Schneider at 2021-12-20T08:26:45+00:00
python:tests: Don't require an emtpy 'authorization-data' to be present
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Autobuild-User(master): Joseph Sutton <jsutton at samba.org>
Autobuild-Date(master): Mon Dec 20 08:26:45 UTC 2021 on sn-devel-184
- - - - -
00c2425c by Anoop C S at 2021-12-20T10:14:53+00:00
s3/rpc_server: Remove duplicate dependency listing for RPC_SERVICE
Signed-off-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Anoop C S <anoopcs at samba.org>
Autobuild-Date(master): Mon Dec 20 10:14:53 UTC 2021 on sn-devel-184
- - - - -
bd804e0e by Stefan Metzmacher at 2021-12-20T16:10:31+00:00
Revert "python:tests: Don't require an emtpy 'authorization-data' to be present"
This reverts commit 36325f1ee907d38c978229da67de3844f969cd33.
This was not the latest version from:
https://gitlab.com/samba-team/samba/-/merge_requests/2304
The correct version follows...
Signed-off-by: Stefan Metzmacher <metze at samba.org>
- - - - -
2da538a4 by Andreas Schneider at 2021-12-20T17:01:11+00:00
python:tests: Don't require an emtpy 'authorization-data' to be present
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Mon Dec 20 17:01:11 UTC 2021 on sn-devel-184
- - - - -
b5f71e25 by Stefan Metzmacher at 2021-12-24T02:16:33+00:00
dsdb/common: add dsdb_dc_functional_level() helper
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
2926cfb2 by Stefan Metzmacher at 2021-12-24T02:16:33+00:00
s4:rpc_server/dnsserver: make use of dsdb_dc_functional_level()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
454e46c4 by Joseph Sutton at 2021-12-24T02:16:33+00:00
netlogon.idl: Add flags for indicating directory service versions
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
- - - - -
e0b47257 by Joseph Sutton at 2021-12-24T02:16:33+00:00
dsgetdcname: Display new flags in debug output
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
0e515b33 by Stefan Metzmacher at 2021-12-24T02:16:33+00:00
dsdb/netlogon: make use of dsdb_dc_functional_level() in fill_netlogon_samlogon_response()
[MS-ADTS] 6.3.3.2 "Domain Controller Response to an LDAP Ping" indicates
that the resulting flags depend on the server software (behavior)
and not the domain wide functional level.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
55948433 by Joseph Sutton at 2021-12-24T02:16:33+00:00
dsdb/netlogon: Indicate DC functional level support in samlogon response
The DS_SERVER_DS_8 flag is necessary for Windows to detect FAST support.
Note for know we only ever have DS_DOMAIN_FUNCTION_2008_R2 (4) in the
msDS-Behavior-Version attribute of our own NTDSA object. So
for now this is only for manual testing. In future we most likely
want to extend 'samba-tool domain level' to raise the dc level
manually or let 'samba' autoupgrade the value.
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
- - - - -
d9abd7ff by Joseph Sutton at 2021-12-24T02:16:33+00:00
s4:rpc_server/netlogon: adjust the flags logic to MS-NRPC 3.5.4.3.1 DsrGetDcNameEx2
Note that this doesn't change the logic as we still reject
DS_DIRECTORY_SERVICE_{8,9,10}_REQUIRED via the initial DSGETDC_VALID_FLAGS
check. The may change that in future, but may need some tests for it.
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
- - - - -
9a68025a by Stefan Metzmacher at 2021-12-24T03:03:50+00:00
s4:rpc_server/netlogon: adjust the valid_flags based on dsdb_dc_functional_level()
This allows us to let DS_DIRECTORY_SERVICE_{8,9,10}_REQUIRED through
based on the manual changed msDS-Behavior-Version of our NTDSA object.
We still need to have tests depending on the msDS-Behavior-Version
value if the DSGETDC_VALID_FLAGS is really correct at all.
But for now this allows us to test krb5 FAST from Windows clients.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Autobuild-User(master): Joseph Sutton <jsutton at samba.org>
Autobuild-Date(master): Fri Dec 24 03:03:50 UTC 2021 on sn-devel-184
- - - - -
648b476d by Stefan Metzmacher at 2021-12-27T15:45:36+00:00
selftest/Samba3: enable SMB1 for maptoguest
guest authentication is an old school concept,
so we should make sure it also works with SMB1.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14935
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
59e43629 by Stefan Metzmacher at 2021-12-27T15:45:36+00:00
s4:torture/libsmbclient: add libsmbclient.noanon_list test
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14935
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
0a808f6b by Stefan Metzmacher at 2021-12-27T15:45:36+00:00
s4:selftest: run libsmbclient.noanon_list against maptoguest
This demonstrates the problem with guest access being rejected
by default.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14935
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
9d2bf015 by Stefan Metzmacher at 2021-12-27T16:38:11+00:00
s3:libsmb: fix signing regression SMBC_server_internal()
commit d0062d312cbbf80afd78143ca5c0be68f2d72b03 introduced
SMBC_ENCRYPTLEVEL_DEFAULT as default, but the logic to enforce
signing wasn't adjusted, so we required smb signing by default.
That broke guest authentication for libsmbclient using applications.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14935
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Mon Dec 27 16:38:11 UTC 2021 on sn-devel-184
- - - - -
5988607d by Volker Lendecke at 2021-12-30T11:03:35+00:00
smbd: Fix a fd leak when closing a print file
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
28e09580 by Volker Lendecke at 2021-12-30T11:03:35+00:00
pysmbd: Fix file descriptor leaks
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
e6c8b38e by Volker Lendecke at 2021-12-30T11:03:35+00:00
vfs_commit: Reset fsp->fd->fd to -1 after SMB_VFS_CLOSE
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
529e6718 by Volker Lendecke at 2021-12-30T11:03:35+00:00
smbd: Replace SMB_VFS_CLOSE() calls with fd_close()
fd_close() mostly wraps SMB_VFS_CLOSE() but also takes care of refcounting
fsp->fh properly and also makes sure that fsp->fh->fd is set to -1 after close.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
96b10702 by Volker Lendecke at 2021-12-30T11:54:17+00:00
smbd: Assert we don't leak fd's in struct fd_handle
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Thu Dec 30 11:54:17 UTC 2021 on sn-devel-184
- - - - -
07cb2246 by Stefan Metzmacher at 2022-01-01T01:24:21+00:00
Happy New Year 2022!
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Sat Jan 1 01:24:21 UTC 2022 on sn-devel-184
- - - - -
a03aa131 by David Mulder at 2022-01-04T19:58:24+00:00
Remove stray reference to "ldap ssl ads"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14462
"ldap ssl ads" has been deprecated and removed.
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Isaac Boukris <iboukris at gmail.com>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Jan 4 19:58:24 UTC 2022 on sn-devel-184
- - - - -
0ef1254f by Stefan Metzmacher at 2022-01-04T20:07:28+00:00
auth/credentials: cli_credentials_set_ntlm_response() pass session_keys
Otherwise cli_credentials_get_ntlm_response() will return session keys
with a 0 length, which leads to errors in the NTLMSSP code.
This wasn't noticed as cli_credentials_set_ntlm_response() has no
callers yet, but that will change in the next commits.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14932
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e7e521fe by Stefan Metzmacher at 2022-01-04T20:07:28+00:00
s4:torture/rpc: add test for invalid av_pair content in LogonSamLogonEx
A netapp diag tool uses a NTLMv2_CLIENT_CHALLENGE with invalid bytes
as av_pair blob. Which is supposed to be ignored by DCs.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14932
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f123c1a1 by Stefan Metzmacher at 2022-01-04T20:07:28+00:00
libcli/auth: let NTLMv2_RESPONSE_verify_netlogon_creds ignore BUFFER_TOO_SMALL
Windows doesn't complain about invalid av_pair blobs,
we need to do the same.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14932
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
23bedd69 by Stefan Metzmacher at 2022-01-04T20:07:28+00:00
libcli/auth: let NTLMv2_RESPONSE_verify_netlogon_creds ignore invalid netapp requests
We should avoid spamming the logs with wellknown messages like:
ndr_pull_error(Buffer Size Error): Pull bytes 39016
They just confuse admins (and developers).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14932
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e0b705d2 by Stefan Metzmacher at 2022-01-04T20:07:28+00:00
s4:torture/smb2: add smb2.session.ntlmssp_bug14932 test
This demonstrates that an invalid av_pair in NTLMv2_CLIENT_CHALLENGE
should result in NT_STATUS_INVALID_PARAMETER at the NTLMSSP layer.
This is different from the netr_LogonSamLogon*() case, where it is
ignored instead.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14932
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
dd988610 by Stefan Metzmacher at 2022-01-04T20:57:41+00:00
auth/ntlmssp: make sure we return INVALID_PARAMETER for NTLMv2_RESPONSE parsing errors
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14932
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Jan 4 20:57:41 UTC 2022 on sn-devel-184
- - - - -
d0b61ecd by Volker Lendecke at 2022-01-05T00:11:37+00:00
smbd: Save a few lines by using cp_smb_filename_nostream()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
5ce8b395 by Volker Lendecke at 2022-01-05T00:11:37+00:00
smbd: Fix a few typos
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
6c64e698 by Volker Lendecke at 2022-01-05T00:11:37+00:00
smbd: Move fast_string_hash() to mangle_hash.c, the only user
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
9a2f5a52 by Volker Lendecke at 2022-01-05T00:11:37+00:00
smbd: Remove an unneeded anonymous struct declaration
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d60f5832 by Volker Lendecke at 2022-01-05T00:11:37+00:00
smbd: Avoid some casts
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c7e36be5 by Volker Lendecke at 2022-01-05T00:11:37+00:00
lib: Avoid a cast
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
25aa7243 by Volker Lendecke at 2022-01-05T00:11:37+00:00
Remove some unused code
I think that if we want to work on asn1 routines we should use
libtasn1. We already depend on this via gnutls these days.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
22176770 by Volker Lendecke at 2022-01-05T00:11:37+00:00
smbd: Avoid a DEBUGADD statement
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
0f9f1fa0 by Volker Lendecke at 2022-01-05T00:11:37+00:00
rpc_server3: Inline make_internal_ncacn_conn() into rpc_worker.c
This was the only user, and as we have another custom version in
winbind with make_internal_ncacn_conn(), I think this is not really
required to keep around as a separate function.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
2777fde6 by Volker Lendecke at 2022-01-05T00:11:37+00:00
rpc_server3: Inline make_base_pipes_struct() into rpc_worker.c
This is the only user, and in winbind_dual_ndr.c's
make_internal_ncacn_conn we have another creator of pipes_struct. So
it seems not necessary to keep this public.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
5a0155fb by Volker Lendecke at 2022-01-05T00:11:37+00:00
rpc_server3: Remove pipes_struct->local_address
Also available via dcesrv_connection_get_local_address(p->dce_call->conn)
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
640f4403 by Volker Lendecke at 2022-01-05T00:11:37+00:00
rpc_server3: Remove pipes_struct->remote_address
Also available via dcesrv_connection_get_remote_address(p->dce_call->conn)
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
cdc18db7 by Volker Lendecke at 2022-01-05T00:11:37+00:00
rpc_server3: Inline make_base_pipes_struct()
This did not even use all its arguments anymore.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
716727c0 by Volker Lendecke at 2022-01-05T00:11:37+00:00
rpc_server3: Remove pipes_struct->pipe_bound
Only used in pipe_access_check(), superseded by dcesrv_call_auth_info()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
8379d8cd by Volker Lendecke at 2022-01-05T00:11:38+00:00
rpc_server3: Remove pipes_struct->session_info
This is a big patch, but all it does is replace all "p->session_info"
with "session_info" after introducing a local variable from
dcesrv_call_session_info(p->dce_call).
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
0a7ecf18 by Volker Lendecke at 2022-01-05T00:11:38+00:00
rpc_server3: Remove pipes_struct->auth
Replace with a call to dcesrv_call_auth_info(p->dce_call)
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
0cae08f2 by Volker Lendecke at 2022-01-05T00:11:38+00:00
rpc_server3: No linked list for pipes_struct anymore
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
0eed31db by Volker Lendecke at 2022-01-05T00:11:38+00:00
winbind: Don't transfer a pointer that's NULL anyway
ncacn_conn was created by make_internal_ncacn_conn with talloc_zero(),
and that does not set session_info for the purely one-shot connection
state in winbindd_dual_ndrcmd().
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
7d92880f by Volker Lendecke at 2022-01-05T00:11:38+00:00
rpc_server3: dcerpc_ncacn_conn->ev_ctx was only set but never used
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
909e3094 by Volker Lendecke at 2022-01-05T00:11:38+00:00
rpc_server3: Remove dcerpc_ncacn_conn->msg_ctx
This was only used inside rpc_worker_new_client(), a leftover from
times where accepting a client was an async process waiting for the
struct named_pipe_auth_req_info4.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
0d315ddb by Volker Lendecke at 2022-01-05T00:11:38+00:00
rpc_server3: Remove dcerpc_ncacn_conn->dce_ctx
This was only used inside rpc_worker_new_client(), a leftover from
times where accepting a client was an async process waiting for the
struct named_pipe_auth_req_info4.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
7c5b247e by Volker Lendecke at 2022-01-05T00:11:38+00:00
rpc_server3: Remove dcerpc_ncacn_conn->tstream
This was only used inside rpc_worker_new_client(), a leftover from
times where accepting a client was an async process waiting for the
struct named_pipe_auth_req_info4.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
10478d39 by Volker Lendecke at 2022-01-05T00:11:38+00:00
rpc_server3: Remove dcerpc_ncacn_conn->remote_client_addr
This was only used inside rpc_worker_new_client(), a leftover from
times where accepting a client was an async process waiting for the
struct named_pipe_auth_req_info4.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
79024fa6 by Volker Lendecke at 2022-01-05T00:11:38+00:00
rpc_server3: Remove dcerpc_ncacn_conn->local_server_addr
This was only used inside rpc_worker_new_client(), a leftover from
times where accepting a client was an async process waiting for the
struct named_pipe_auth_req_info4.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
55cdb612 by Volker Lendecke at 2022-01-05T00:11:38+00:00
rpc_server3: Remove dcerpc_ncacn_conn->session_info
This was only used inside rpc_worker_new_client(), a leftover from
times where accepting a client was an async process waiting for the
struct named_pipe_auth_req_info4.
The talloc hierarchy is correctly maintained, dcesrv_endpoint_connect() takes a
talloc_reference() of session_info.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
bad374ae by Volker Lendecke at 2022-01-05T00:11:38+00:00
rpc_server3: Inline pipes_struct into dcerpc_ncacn_conn
This makes it clear that our internal representation of a rpc client
connection in the source3/ server is struct dcerpc_ncacn_conn and that
struct pipes_struct is only around for API compatibility with the
existing server stubs.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
09708226 by Volker Lendecke at 2022-01-05T00:11:38+00:00
rpc_server3: Inline single-use rpcint_binding_handle_ex()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
aa377c7f by Volker Lendecke at 2022-01-05T00:11:38+00:00
smbd: Modernize a DEBUG statement
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
621ceafe by Volker Lendecke at 2022-01-05T00:11:38+00:00
vfs: Modernize a DEBUG statement
Fix the function name printed
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
42cf3f4f by Volker Lendecke at 2022-01-05T01:02:38+00:00
lib: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Jan 5 01:02:38 UTC 2022 on sn-devel-184
- - - - -
0d9d1546 by Jeremy Allison at 2022-01-06T10:57:30+00:00
s3: selftest: Add two tests that show we try and send an SMB1 request over an SMB2 connection to list servers if "-mSMB3" is selected.
Add knownfail: knownfail.d/list_servers
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14939
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
099c62a6 by Jeremy Allison at 2022-01-06T11:50:32+00:00
s3: smbclient: In do_host_query(), if we need SMB1, ensure we select NT1 as the client max protocol" before continuing.
Remove knownfail: selftest/knownfail.d/list_servers
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14939
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
Autobuild-User(master): Noel Power <npower at samba.org>
Autobuild-Date(master): Thu Jan 6 11:50:32 UTC 2022 on sn-devel-184
- - - - -
9a021280 by Jeremy Allison at 2022-01-06T15:11:38+00:00
s3: smbd: Add "enum brl_flavour" to struct smbd_lock_element.
Initialized correctly but not yet used.
Will allow 'brl_flavour' to be removed from lock calls.
This will allow SMB2 POSIX handles to call with POSIX_LOCK
flavour instead of always using WINDOWS_LOCK (as now).
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
85e131b5 by Jeremy Allison at 2022-01-06T15:11:38+00:00
s3: smbd: Move implicit call to lp_posix_cifsu_locktype() out of init_strict_lock_struct().
Make it explicit. When we add POSIX handles to SMB2 we will only
look at the handle type. lp_posix_cifsu_locktype() already does this,
but hidden inside init_strict_lock_struct() makes it hard to see.
No logic change.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
4a567652 by Jeremy Allison at 2022-01-06T15:11:38+00:00
s3: smbd: Remove lock_flav parameter from smbd_do_locks_try().
This is now contained in the struct smbd_lock_element for
each lock.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
c1d59934 by Jeremy Allison at 2022-01-06T15:11:38+00:00
s3: smbd: In smbd_smb1_do_locks_send() move access of lock_flav until after we know we have locks in the array.
When we remove the lock_flav parameter this will need to look into the array itself.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
b03e0da5 by Jeremy Allison at 2022-01-06T15:11:38+00:00
s3: smbd: Remove lock_flav argument from smbd_smb1_do_locks_send().
And also inside struct smbd_smb1_do_locks_state.
All calls to this always (a) have one or more locks of the same type.
(the setup for smbd_smb1_do_locks_send() ensures there is always
at least one lock) and (b) always set locks[0].lock_flav correctly before calling.
lock_flav is thus a redundent argument. Removing it means
we can never drift out of sync with the lock_flav element
in the passed in locks array.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
8ec30dad by Jeremy Allison at 2022-01-06T15:11:38+00:00
s3: smbd: Remove lock_flav argument from internal function smbd_smb1_do_locks_check()
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
07c74582 by Jeremy Allison at 2022-01-06T15:11:38+00:00
s3: smbd: Remove lock_flav argument from smbd_smb1_brl_finish_by_lock().
We lookup the lock array from the state stored in the passed-in req
and all the locks in an array are always the same flavour, so this
isn't needed.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
ea9dc21a by Jeremy Allison at 2022-01-06T16:03:28+00:00
s3: smbd: Remove now redundent lock_flav parameter from smbd_do_unlocking().
We already stored this in struct smbd_lock_element.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
Autobuild-User(master): Noel Power <npower at samba.org>
Autobuild-Date(master): Thu Jan 6 16:03:28 UTC 2022 on sn-devel-184
- - - - -
30fea0d3 by Jeremy Allison at 2022-01-08T05:43:32+00:00
tests: Add 2 tests for unique fileid's with top bit set (generated from itime) for files and directories.
smb2.fileid_unique.fileid_unique
smb2.fileid_unique.fileid_unique-dir
Create 100 files or directories as fast as we can
against a "normal" share, then read info on them
and ensure (a) top bit is set (generated from itime)
and (b) uniqueness across all generated objects
(checks poor timestamp resolution doesn't create
duplicate fileids).
This shows that even on ext4, this is enough to
cause duplicate fileids to be returned.
Add knownfail.d/fileid-unique
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14928
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
- - - - -
29d69c22 by Jeremy Allison at 2022-01-08T05:43:32+00:00
lib: util: Add a function nt_time_to_unix_timespec_raw().
Not yet used. Does no checks on the converted values.
A later cleanup will allow us to move nt_time_to_unix_timespec()
and nt_time_to_full_timespec() to use common code.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14928
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
- - - - -
23fbf0ba by Jeremy Allison at 2022-01-08T06:35:22+00:00
s3: smbd: Create and use a common function for generating a fileid - create_clock_itime().
This first gets the clock_gettime_mono() value, converts to an NTTIME (as
this is what is stored in the dos attribute EA), then mixes in 8 bits of
randomness shifted up by 55 bits to cope with poor resolution clocks to
avoid duplicate inodes.
Using 8 bits of randomness on top of an NTTIME gives us around 114
years headroom. We can now guarentee returning a itime-based
fileid in a normal share (storing dos attributes in an EA).
Remove knownfail.d/fileid-unique
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14928
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Sat Jan 8 06:35:22 UTC 2022 on sn-devel-184
- - - - -
03734be1 by Volker Lendecke at 2022-01-10T10:59:36+00:00
test: Test rpcclient ncacn_ip_tcp:<ip-address>
Right now connecting to an IP address is broken.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
b5e56a30 by Volker Lendecke at 2022-01-10T11:47:34+00:00
rpcclient: Fix ncacn_ip_tcp:<ip-address>
inet_pton expects "struct in_addr" or "struct in6_addr" as destination
pointer. It does not fill in a struct
sockaddr_storage. interpret_string_addr() takes care of this.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Mon Jan 10 11:47:34 UTC 2022 on sn-devel-184
- - - - -
920611f0 by Jeremy Allison at 2022-01-10T17:49:27+00:00
s3: lib: In create_clock_itime(), use timespec_current() -> clock_gettime(CLOCK_REALTIME..).
CLOCK_MONOTONIC (which we previously used) is reset
when the system is rebooted.
CLOCK_REALTIME is a "wall clock" time. It's still affected by NTP
changes (for Linux we should probably use CLOCK_TAI instead
but that is Linux-specific). For most systems CLOCK_REALTIME
will be good enough.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
745af26a by Jones Syue at 2022-01-10T18:42:02+00:00
s3: includes: Make the comments describing itime consistent. Always use "invented" time.
It gets confusing if we call it "imaginary" or "instantiation"
in different places.
Signed-off-by: Jones Syue <jonessyue at qnap.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon Jan 10 18:42:02 UTC 2022 on sn-devel-184
- - - - -
41ebb7f6 by Pavel Filipenský at 2022-01-10T23:31:33+00:00
s3:modules: VFS CAP symlinkat always fails
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14941
Found by covscan.
Since capnew is initialized by NULL, checking it too early makes the
rest of the function a dead code.
Pair-programmed-with: Andreas Schneider <asn at samba.org>
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
4d7ed39f by Pavel Filipenský at 2022-01-10T23:31:33+00:00
s3:modules: Fix the horrible vfs_crossrename module
It really has to be removed! ;-)
Found by covscan. The code always leaves here as the dst variable
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14940
Pair-programmed-with: Andreas Schneider <asn at samba.org>
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
728600a4 by Pavel Filipenský at 2022-01-10T23:31:33+00:00
s3:smbd: Fix trailing whitespaces in dosmode.c
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
46460025 by Pavel Filipenský at 2022-01-10T23:31:33+00:00
s3:smbd: Fix dereferencing null pointer "fsp"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14942
Remove fsp which is always NULL and replace it with smb_fname->fsp.
Found by covscan.
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
41c86c9d by Pavel Filipenský at 2022-01-10T23:31:33+00:00
s3:rpc_server: Fix possible NULL dereference
Found by covscan.
Pair-Programmed-With: Andreas Schneider <asn at samba.org>
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
5ac87622 by Pavel Filipenský at 2022-01-10T23:31:33+00:00
ctdb:utils: Improve error handling of hex_decode()
This has been found by covscan and make analyzers happy.
Pair-programmed-with: Andreas Schneider <asn at samba.org>
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
82f53c82 by Pavel Filipenský at 2022-01-10T23:31:33+00:00
s3:libnet: Fix dead code in libnet_join.c
Found by covscan.
Pair-programmed-with: Andreas Schneider <asn at samba.org>
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
2e649846 by Pavel Filipenský at 2022-01-10T23:31:33+00:00
s3:libnet: Fix dereference of NULL win7
Found by covscan.
Pair-Programmed-With: Andreas Schneider <asn at samba.org>
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
cebf26d0 by Pavel Filipenský at 2022-01-11T00:22:09+00:00
s3:modules: Fix possible dereference of NULL for fio
We do not check consistently for fio being NULL in this file.
Found by covescan.
Pair-Programmed-With: Andreas Schneider <asn at samba.org>
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Jan 11 00:22:09 UTC 2022 on sn-devel-184
- - - - -
545442ec by Jeremy Allison at 2022-01-11T00:45:28+00:00
lib: util: Make nt_time_to_unix_timespec() call nt_time_to_unix_timespec_raw() for the conversion.
Cleanup to eliminate duplicate code.
The low/high checks are now done against ret.tv_sec,
not 'd', as after calling nt_time_to_unix_timespec_raw()
this is identical to the previous intermediate 'd'
variable.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
- - - - -
c7488bf9 by Jeremy Allison at 2022-01-11T01:36:51+00:00
lib: util: Make nt_time_to_full_timespec() call nt_time_to_unix_timespec_raw() for the conversion.
Cleanup to eliminate duplicate code.
The high check is now done against ret.tv_sec,
not 'd', as after calling nt_time_to_unix_timespec_raw()
this is identical to the previous intermediate 'd'
variable.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Jan 11 01:36:51 UTC 2022 on sn-devel-184
- - - - -
4a0a0d2f by Stefan Metzmacher at 2022-01-11T21:13:37+00:00
s4:torture/rpc: test how CSDVersion="" wipes operatingSystemServicePack
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14936
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1243f52f by Stefan Metzmacher at 2022-01-11T22:03:03+00:00
s4:rpc_server/netlogon: let CSDVersion="" wipe operatingSystemServicePack
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14936
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Jan 11 22:03:03 UTC 2022 on sn-devel-184
- - - - -
e16d29f7 by Stefan Metzmacher at 2022-01-12T02:20:27+00:00
dsdb/schema/tests: let samba4.local.dsdb.syntax call the validate_dn() hook
This demonstrates that our OR-Name syntax is wrong,
which wasn't noticed yet as it's not used in the AD-Schema.
I noticed it by installing the Exchange-Schema on a Samba DC.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
8115fb03 by Stefan Metzmacher at 2022-01-12T02:20:27+00:00
dsdb/schema: fix Object(OR-Name) syntax definition
This is a strange one, it uses DN_BINARY in the drsuapi
representation, while the binary part must be 0 bytes.
and the LDAP/ldb representation is a plain DN (without 'B:').
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
15f332a1 by Stefan Metzmacher at 2022-01-12T02:20:27+00:00
dsdb/common: dsdb_dn_construct_internal() more strict checking
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
8026efd6 by Stefan Metzmacher at 2022-01-12T02:20:27+00:00
dsdb/schema: add no memory checks for {ldb,dsdb}_dn_get_extended_linearized()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
8c0391d3 by Stefan Metzmacher at 2022-01-12T03:09:52+00:00
dsdb/schema: let dsdb_syntax_DN_BINARY_drsuapi_to_ldb return WERR_DS_INVALID_ATTRIBUTE_SYNTAX
When Object(OR-Name) uses dsdb_syntax_DN_BINARY_drsuapi_to_ldb() it
should genrate WERR_DS_INVALID_ATTRIBUTE_SYNTAX if the binary part
is not empty.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Jan 12 03:09:52 UTC 2022 on sn-devel-184
- - - - -
baaedd69 by Volker Lendecke at 2022-01-13T16:13:38+00:00
ctdb-protocol: rindex->strrchr
According to "man rindex" on debian bullseye rindex() was deprecated
in Posix.1-2001 and removed from Posix.1-2008.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
820b0a63 by Volker Lendecke at 2022-01-13T16:13:38+00:00
ctdb-protocol: Save 50 bytes .text segment
Having this as a small static .text is simpler than having to create
this on the stack.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
224e9980 by Volker Lendecke at 2022-01-13T16:13:38+00:00
ctdb-protocol: Allow rfc5952 "[2001:db8::1]:80" ipv6 notation
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14934
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
255fe69c by Martin Schwenke at 2022-01-13T16:13:38+00:00
ctdb-tests: Add extra IPv6 socket parsing tests
Add tests to confirm that square brackets are handled and that
IPv4-mapped IPv6 addresses are parsed as expected.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
7163846a by Martin Schwenke at 2022-01-13T17:02:21+00:00
ctdb-protocol: Print IPv6 sockets with RFC5952 "[2001:db8::1]:80" notation
RFC5952 says the existing style is not recommended and the [] style
should be employed.
There are more optimised ways of adding the square brackets but they
tend to be uglier.
Parsing IPv6 sockets without [] is now tested indirectly by parsing
examples in both styles and comparing the results.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Signed-off-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Thu Jan 13 17:02:21 UTC 2022 on sn-devel-184
- - - - -
5f9dbf3d by Jeremy Allison at 2022-01-14T03:34:47+00:00
s3: smbd: Add missing pop_sec_ctx() in error code path of close_directory()
If delete_all_streams() fails.
Found by Andrew Walker <awalker at ixsystems.com>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14944
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Jan 14 03:34:47 UTC 2022 on sn-devel-184
- - - - -
666a0487 by Martin Schwenke at 2022-01-17T03:43:30+00:00
ctdb-common: Switch initial debug type to DEBUG_DEFAULT_STDERR
This can be overridden by DEBUG_FILE, whereas DEBUG_STDERR can not.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
10d15c9e by Martin Schwenke at 2022-01-17T03:43:30+00:00
ctdb-common: Use Samba's DEBUG_FILE logging
This has support for log rotation (or re-opening).
The log format is updated to use an RFC5424 timestamp and to include a
hostname. The addition of the hostname allows trivial merging of log
files from multiple cluster nodes.
The hostname is faked from the CTDB_BASE environment variable during
testing, as per the comment in the code. It is currently faked in a
similar manner in local_daemons.sh when printing logs, so drop this.
Unit tests need updating because stderr logging no longer produces a
"PROGNAME[PID]: " header.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
d0a19778 by Martin Schwenke at 2022-01-17T03:43:30+00:00
ctdb-common: Separate sock_daemon's SIGHUP and SIGUSR1 handling
SIGHUP is for reopening logs, SIGUSR1 is for reconfigure.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
72773853 by Martin Schwenke at 2022-01-17T03:43:30+00:00
ctdb-common: Add support for reopening logs
Now that CTDB uses Samba's file logging it is possible to reopen the
logs, so that log rotation can be supported.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
4ed37de8 by Martin Schwenke at 2022-01-17T03:43:30+00:00
ctdb-daemon: Add basic top-level log reopening
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
4acfefed by Martin Schwenke at 2022-01-17T03:43:30+00:00
ctdb-recoverd: Add basic log reopening
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
c554a325 by Martin Schwenke at 2022-01-17T03:43:30+00:00
ctdb-daemon: Enable log reopening for recovery daemon
Pass on a SIGHUP to the recovery daemon, which will then reopen its
logs.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
4f14d7c0 by Martin Schwenke at 2022-01-17T03:43:30+00:00
ctdb-event: Reopen logs on SIGHUP
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
51f0380e by Martin Schwenke at 2022-01-17T03:43:30+00:00
ctdb-daemon: Enable log reopening for event daemon
Add and call hook to pass on SIGHUP to eventd.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
97a45f6f by Martin Schwenke at 2022-01-17T03:43:30+00:00
ctdb-recoverd: Add log reopening on SIGHUP to helpers
Recovery and takeover helpers can run for a while and generate
non-trivial logs. They should support log reopening.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
8e949a60 by Martin Schwenke at 2022-01-17T03:43:30+00:00
ctdb-recoverd: Record helper PID in recovery daemon context
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
57a32ceb by Martin Schwenke at 2022-01-17T04:36:30+00:00
ctdb-recoverd: Pass SIGHUP to running helper
The recovery and takeover helpers can run for a while and generate
non-trivial logs, so have them reopen their logs to support log
rotation.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay at samba.org>
Autobuild-Date(master): Mon Jan 17 04:36:30 UTC 2022 on sn-devel-184
- - - - -
c8721d01 by Martin Schwenke at 2022-01-17T10:21:32+00:00
ctdb-recoverd: Factor out and use function this_node_is_leader()
Make the code self-documenting.
This preempts an upcoming change to terminology but doing it now saves
a lot of churn.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
ff0140e4 by Martin Schwenke at 2022-01-17T10:21:32+00:00
ctdb-recoverd: Use this_node_is_leader() in an extra context
This is arguably clearer.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
9dbe7cc8 by Martin Schwenke at 2022-01-17T10:21:32+00:00
ctdb-recoverd: Add PNN to recovery daemon context
This is currently referenced in a number of inconsistent
ways, including:
* pnn
* rec->ctdb->pnn
* ctdb->pnn
* ctdb_get_pnn(ctdb)
* ctdb_get_pnn(rec->ctdb)
The first of these always requires some thought about the context - is
this the node PNN or some other PNN (e.g. argument to function)?
The intention is to always use rec->pnn when referring to the recovery
daemon's PNN.
Doing this also reduces reliance on struct ctdb_context internals.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
57882beb by Martin Schwenke at 2022-01-17T10:21:32+00:00
ctdb-recoverd: Simplify arguments to some election functions
The pnn and nodemap arguments to force_election() and
send_election_request() are always effectively rec->pnn and
rec->nodemap, so simplify.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
67b51916 by Martin Schwenke at 2022-01-17T10:21:32+00:00
ctdb-recoverd: Simplify arguments to do_recovery()
pnn and nodemap are both available via the rec context, so simplify.
vnnmap is unused.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
a5e0ddac by Martin Schwenke at 2022-01-17T10:21:32+00:00
ctdb-recoverd: Simplify arguments to verify_local_ip_allocation()
All other arguments are available via rec, so simplify.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
b7c138ca by Martin Schwenke at 2022-01-17T10:21:32+00:00
ctdb-recoverd: Simplify arguments to ctdb_ban_node()
ban_time argument is always ctdb->tunable.recovery_ban_period, so
build this in and make the calling code more readable.
ctdb_ban_node() already logs how long a node is banned for, so don't
repeatedly log this.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
4af3b10a by Martin Schwenke at 2022-01-17T10:21:32+00:00
ctdb-recoverd: Change argument to srvid_disable_and_reply()
Reduce dependency on struct ctdb_context internals, enable a
subsequent change.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
2ee6763c by Martin Schwenke at 2022-01-17T10:21:32+00:00
ctdb-recoverd: Use rec->pnn everywhere
This is currently referenced in a number of inconsistent
ways, including:
* pnn
* rec->ctdb->pnn
* ctdb->pnn
* ctdb_get_pnn(ctdb)
* ctdb_get_pnn(rec->ctdb)
The first of these always requires some thought about the context - is
this the node PNN or some other PNN (e.g. argument to function)?
rec->pnn is now always used when referring to the recovery daemon's
PNN.
Doing this also reduces reliance on struct ctdb_context internals.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
dd79e9bd by Martin Schwenke at 2022-01-17T10:21:32+00:00
ctdb-recoverd: Rename recmaster field to leader
Recovery master is being renamed to leader. This follows clustering
best practice (e.g. RAFT).
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
94b546c2 by Martin Schwenke at 2022-01-17T10:21:32+00:00
ctdb-recoverd: Logging/comments: recovery master -> leader
There are some remaining instances in this file but they will be
removed in subsequent commits.
Modernise debug macros as appropriate.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
7baadfe2 by Martin Schwenke at 2022-01-17T10:21:32+00:00
ctdb-recoverd: Add and use function this_node_can_be_leader()
This makes the code self-documenting.
In ctdb_election_data() there is a slight behaviour change. An
inactive node will now try to lose an election. This case should not happen
because:
* An inactive node can't win an election round and then send a reply.
* Any inactive node should never start an election. There are
currently places where this happens and they will be fixed later.
There is an instance where this could be used in
validate_recovery_master() but this involves a more serious logic
change. Overhaul this function later.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
ac5a3ca0 by Martin Schwenke at 2022-01-17T10:21:32+00:00
ctdb-recoverd: Only start election if node can be leader
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
c2cfd9c2 by Martin Schwenke at 2022-01-17T10:21:32+00:00
ctdb-recoverd: Add an explicit flag for election in progress
An alternate election method will be added that doesn't use the
election timeout, so this provides a common way for recognising when
an election is in progress.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
3d3767a2 by Martin Schwenke at 2022-01-17T10:21:32+00:00
ctdb-protocol: Add CTDB_SRVID_LEADER
CTDB_SRVID_LEADER will be regularly broadcast to all connected nodes
by the leader.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
789a75ab by Martin Schwenke at 2022-01-17T10:21:32+00:00
ctdb-recoverd: Process leader broadcasts
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
5c7f6da0 by Martin Schwenke at 2022-01-17T10:21:32+00:00
ctdb-recoverd: Send leader broadcasts
These are triggered on 1 second timer, but are only sent if the node
is the current leader and there is no election underway.
If this node can not be the leader then ensure it releases the
recovery lock.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
ef4b8c13 by Martin Schwenke at 2022-01-17T10:21:32+00:00
ctdb-recoverd: Handle leader broadcast timeout
If no leader broadcasts have been received from the leader for more
than 5s then trigger an election.
Apart from being sane behaviour, this avoids elected-before-connected
bugs at startup, where a node elects itself leader before it is
connected to other nodes.
When a node processes a leader broadcast timeout it sends an unknown
leader broadcast to all nodes. That causes cancellation of the leader
broadcast timeout across the cluster. This is particular important at
startup, since nodes may be started in a staggered fashion. Without
this cluster-wide cancellation, a node might notice the lack of
leader, win an election and complete a recovery before other nodes
notice the lack of leader. When the leader broadcast timeout finally
occurs on the other nodes then they'll put the cluster back into an
unnecessary recovery.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
7e53fab0 by Martin Schwenke at 2022-01-17T10:21:32+00:00
ctdb-recoverd: Drop special case for elected-before-connected
This no longer occurs at startup due to the leader broadcast timeout.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
b029ca4d by Martin Schwenke at 2022-01-17T10:21:32+00:00
ctdb-recoverd: Drop leader validation
The introduction of the leader broadcast timeout provides an
alternative to the current leader validation. Using the leader
broadcast may not be as fast but it is more correct.
When the leader node is stopped or banned, the only way of triggering
an election is currently to fetch the leader's node map to check
whether the it is still active. This is because the leader will no
longer push the node map to other nodes. However, having all nodes
fetch the node map from an inactive leader may be unreliable.
Most of the other cases are also handled more reliably by the leader
broadcast timeout.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
ef7e3265 by Martin Schwenke at 2022-01-17T10:21:32+00:00
ctdb-tests: Setup cluster with expected arguments
ctdb_test_init() doesn't actually pass arguments to local_daemons.sh.
This needs to be done using ctdb_nodes_start_custom().
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
037abf86 by Martin Schwenke at 2022-01-17T10:21:32+00:00
ctdb-tests: Avoid a race
See the comment in the code for details.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
011e8800 by Martin Schwenke at 2022-01-17T10:21:33+00:00
ctdb-recoverd: Factor out function cluster_lock_take()
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
0f2250f4 by Martin Schwenke at 2022-01-17T10:21:33+00:00
ctdb-recoverd: Take cluster lock when election completes
It is no longer just a recovery lock but is always held by the cluster
leader.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
5ee664ee by Martin Schwenke at 2022-01-17T10:21:33+00:00
ctdb-recoverd: Terminology change: recovery lock -> cluster lock
No functional changes, just name changes for clarity.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
36ffaaa6 by Martin Schwenke at 2022-01-17T10:21:33+00:00
ctdb-recoverd: Add and use function cluster_lock_enabled()
Now all references to ctdb->recovery_lock are encapsulated in the
cluster lock code.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
358c59f5 by Martin Schwenke at 2022-01-17T10:21:33+00:00
ctdb-recoverd: No longer take cluster lock during recovery
Confirm instead that it is already held.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
958746f9 by Martin Schwenke at 2022-01-17T10:21:33+00:00
ctdb-recoverd: Simplify some stopped/banned checks to inactive checks
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
756dfdfe by Amitay Isaacs at 2022-01-17T10:21:33+00:00
ctdb-tests: Implement srvid_handler for dispatching messages
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
4786982c by Martin Schwenke at 2022-01-17T10:21:33+00:00
ctdb-tests: Add leader broadcasts to fake_ctdbd
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
403db5b5 by Martin Schwenke at 2022-01-17T10:21:33+00:00
ctdb-tests: Factor out getting leader and waiting for leader change
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
01a8d1a4 by Martin Schwenke at 2022-01-17T10:21:33+00:00
ctdb-client: Factor out function ctdb_client_wait_func_timeout()
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
ec90f36c by Martin Schwenke at 2022-01-17T10:21:33+00:00
ctdb-tools: Print "UNKNOWN" when leader PNN is unknown
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
17ba15cc by Martin Schwenke at 2022-01-17T10:21:33+00:00
ctdb-tools: Handle leader broadcasts in ctdb tool
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
92fb68e9 by Martin Schwenke at 2022-01-17T10:21:33+00:00
ctdb-tools: Factor out get_leader()
This seems pointless but it localises a subsequent change and also
starts a terminology change in the tool code.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
e60581d5 by Martin Schwenke at 2022-01-17T10:21:33+00:00
ctdb-tools: Use leader broadcast in get_leader()
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
f02e0974 by Martin Schwenke at 2022-01-17T10:21:33+00:00
ctdb-tools: recovery master -> leader
The following command names are changed:
recmaster -> leader
setrecmasterrole -> setleaderrole
Command output changed for the following commands:
status
getcapabilities
Documentation and tests are updated to reflect these changes.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
58d7fcdf by Martin Schwenke at 2022-01-17T10:21:33+00:00
ctdb-recoverd: Drop recovery master verification
This doesn't make sense if leader broadcasts are used.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
c68267b2 by Martin Schwenke at 2022-01-17T10:21:33+00:00
ctdb-recoverd: Drop calls to ctdb_ctrl_setrecmaster()
Nothing fetches this value anymore.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
16efbca0 by Martin Schwenke at 2022-01-17T10:21:33+00:00
ctdb-daemon: Drop unused old client recmaster functions
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
cda673ff by Martin Schwenke at 2022-01-17T10:21:33+00:00
ctdb-client: Drop unused recmaster functions
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
193b624d by Martin Schwenke at 2022-01-17T10:21:33+00:00
ctdb-protocol: Drop protocol client functions for recmaster controls
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
a7637407 by Martin Schwenke at 2022-01-17T10:21:33+00:00
ctdb-daemon: Drop implementation of {GET,SET}_RECMASTER controls
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
03ae158c by Martin Schwenke at 2022-01-17T10:21:33+00:00
ctdb-protocol: Drop marshalling for {GET,SET}_RECMASTER controls
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
938d64c8 by Martin Schwenke at 2022-01-17T10:21:33+00:00
ctdb-protocol: Mark {GET,SET}_RECMASTER controls obsolete
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
73555e82 by Martin Schwenke at 2022-01-17T10:21:33+00:00
ctdb-recoverd: Use race for cluster lock as election when lock is enabled
If the cluster is partitioned then nodes in one partition can not take
the lock anyway, so election is pointless. It just introduces
unnecessary corner cases.
Instead just race for the lock.
When a node notices a lack of leader and notifies other nodes of an
election via an unknown leader broadcast, the cluster lock election is
hooked into this broadcast.
The test needs to be updated because losing the cluster lock can now
result in a leadership change.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
d752a92e by Martin Schwenke at 2022-01-17T10:21:33+00:00
ctdb-doc: Update documentation for leader and cluster lock
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
f5a39058 by Martin Schwenke at 2022-01-17T10:21:33+00:00
ctdb-config: [cluster] recovery lock -> [cluster] cluster lock
Retain "recovery lock" and mark as deprecated for backward
compatibility.
Some documentation is still inconsistent.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
1dfb2660 by Martin Schwenke at 2022-01-17T10:21:33+00:00
ctdb-config: [legacy] recmaster capability -> [cluster] leader capability
Rename this configuration item and move it into the [cluster]
configuration section.
Update documentation to match.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
34d2ca0a by Martin Schwenke at 2022-01-17T10:21:33+00:00
ctdb-config: Add configuration option [cluster] leader timeout
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
5d317781 by Martin Schwenke at 2022-01-17T10:21:33+00:00
ctdb-tests: Support commenting out local daemons configuration options
Can be used to disable default options, such as cluster lock.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
01313ea2 by Martin Schwenke at 2022-01-17T10:21:33+00:00
ctdb-tests: Improve test coverage for leader role yield and elections
Rename test, clean up node selection. Duplicate for for banning and
removing leader capability cases. Repeat all 3 tests without cluster
lock.
All of the standard election triggers are now tested, with and without
cluster lock. Due to test cluster configuration limitations, the
tests without cluster lock are skipped on a real cluster.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
a940ad93 by Martin Schwenke at 2022-01-17T10:21:33+00:00
ctdb-doc: Update example configuration migration script
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
f7de2132 by Martin Schwenke at 2022-01-17T10:21:33+00:00
ctdb-doc: Remove documentation for recovery process
This is many years out of date and recent changes make it worse. It
is unlikely that anyone has the time to fix this in the near future,
so remove it because it is misleading.
Database recovery steps are well documented in comments in the
recovery helper. Cluster monitoring documentation can be re-added
when things stop changing.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
da2e1047 by Martin Schwenke at 2022-01-17T11:16:14+00:00
WHATSNEW: Document CTDB leader and cluster lock changes
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
Autobuild-User(master): Martin Schwenke <martins at samba.org>
Autobuild-Date(master): Mon Jan 17 11:16:14 UTC 2022 on sn-devel-184
- - - - -
6a463c40 by Andreas Schneider at 2022-01-17T12:23:33+00:00
s3:smbd: handle --build-options without parsing smb.conf
The smb.conf is parsed in post mode of a popt callback. The smbd
--build-options parameter should be handled when first encountered
to avoid requiring smb.conf presence.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14945
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: David Disseldorp <ddiss at samba.org>
- - - - -
7a8c6c36 by David Disseldorp at 2022-01-17T12:23:34+00:00
build: reduce fp.write calls for build_options.c generation
build_options.c is inefficient in multiple ways:
1) it's generated via one python fp.write() call per line
2) the generated code calls output() for each and every build option
This commit reduces fp.write() calls for (1). I observe no change in the
generated build_options.c .
Signed-off-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
493fe1a4 by David Disseldorp at 2022-01-17T13:17:53+00:00
build: reduce printf() calls in generated build_options.c
build_options.c is inefficient in multiple ways:
1) it's generated via one python fp.write() call per line
2) the generated code calls output() for each and every build option
This commit addresses (2), modifying write_build_options_header() and
write_build_options_footer(). write_build_options_section() could also
be collapsed into a single output() call, but this may lead to oversize
string literals, so has been left as is.
I observe no change in smbd --build-options output.
Signed-off-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): David Disseldorp <ddiss at samba.org>
Autobuild-Date(master): Mon Jan 17 13:17:53 UTC 2022 on sn-devel-184
- - - - -
3b26c714 by Joseph Sutton at 2022-01-17T20:05:32+00:00
s4:torture: Make etype list variables static
If they are not made static, these variables end up being used by the
Kerberos libraries after they have gone out of scope.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
492d9f08 by Joseph Sutton at 2022-01-17T20:05:32+00:00
s4:torture: Remove netbios realm and lowercase realm tests
Tests for these are already present in
samba.tests.krb5.as_canonicalization_tests. These tests cause problems
with an upgraded Heimdal version, and we want to stop supporting
non-canonical realm names, so this commit removes them.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
a107bb8b by Joseph Sutton at 2022-01-17T20:05:32+00:00
tests/krb5: Generate unique UPNs for AS-REQ enterprise tests
This helps to avoid problems with account creation due to UPN uniqueness
constraints.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
c51805f9 by Joseph Sutton at 2022-01-17T20:05:32+00:00
tests/krb5: Adjust expected error codes
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
48362a70 by Joseph Sutton at 2022-01-17T20:05:32+00:00
tests/krb5: Add FAST enc-pa-rep tests
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
f94bdb41 by Joseph Sutton at 2022-01-17T20:05:32+00:00
tests/krb5: Check encrypted-pa-data if present
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
775bfc72 by Joseph Sutton at 2022-01-17T20:05:32+00:00
tests/krb5: Add AS-REQ PAC tests
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
e9caa1ed by Joseph Sutton at 2022-01-17T20:05:32+00:00
tests/krb5: Update supported enctype checking
We now do not expect the claims or compound ID bits to be set unless
explicitly specified, nor the DES bits.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
6fc5f229 by Joseph Sutton at 2022-01-17T20:05:32+00:00
kdc: Fix leak
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
12154b98 by Stefan Metzmacher at 2022-01-17T20:05:32+00:00
s4:heimdal_build: make version_script optional to HEIMDAL_LIBRARY()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
879eba27 by Stefan Metzmacher at 2022-01-17T20:05:32+00:00
s4:torture: check for pac_blob==NULL in test_generate_session_info_pac() functions
We should return an error instead of crashing for tickets without a PAC.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
84b76270 by Stefan Metzmacher at 2022-01-17T20:05:32+00:00
s4:auth: debug make_user_info_dc_pac() failures in kerberos_pac_to_user_info_dc()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
19d9504b by Stefan Metzmacher at 2022-01-17T20:55:41+00:00
s4:kdc: improve DEBUG messages in samba_wdc_reget_pac2()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Autobuild-User(master): Joseph Sutton <jsutton at samba.org>
Autobuild-Date(master): Mon Jan 17 20:55:41 UTC 2022 on sn-devel-184
- - - - -
114116b6 by Volker Lendecke at 2022-01-18T20:22:38+00:00
profile3: remove an unused include
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
6df560d3 by Volker Lendecke at 2022-01-18T20:22:38+00:00
printing: Save a few lines with str_list_add_printf()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
2468f041 by Volker Lendecke at 2022-01-18T20:22:38+00:00
smbd: Save a few lines with str_list_add_printf()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
5ef5d1d4 by Volker Lendecke at 2022-01-18T20:22:38+00:00
lib: Save a few lines with str_list_add_printf()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
07101587 by Volker Lendecke at 2022-01-18T20:22:38+00:00
lib: Save a few lines with str_list_add_printf()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
87325613 by Volker Lendecke at 2022-01-18T20:22:38+00:00
lib: Remove unused tstream_npa_socketpair()
This was used in the pre samba-dcerpcd source3 rpc server.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a924e2cb by Volker Lendecke at 2022-01-18T20:22:38+00:00
rpc_host: We have tevent_req_oom() for ENOMEM
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a7fe22fd by Volker Lendecke at 2022-01-18T20:22:38+00:00
torture3: Align two integer types
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
232a1fa4 by Volker Lendecke at 2022-01-18T20:22:38+00:00
smbd: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
4d5c1509 by Volker Lendecke at 2022-01-18T20:22:38+00:00
smbd: Align a few integer types
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ac12207e by Volker Lendecke at 2022-01-18T20:22:38+00:00
libsmb: Avoid a cast
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
84e53769 by Volker Lendecke at 2022-01-18T20:22:38+00:00
net: Align a few integer types
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
3b6b12a1 by Volker Lendecke at 2022-01-18T20:22:38+00:00
libads: Convert sitename_key() to talloc
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
6bcdd346 by Volker Lendecke at 2022-01-18T20:22:38+00:00
winbindd: Replace asprintf() with talloc_asprintf()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
12ca3411 by Volker Lendecke at 2022-01-18T20:22:38+00:00
lib: Remove unused asprintf_strupper_m()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ec6d28e7 by Volker Lendecke at 2022-01-18T21:17:43+00:00
smbd: Remove a duplicate protoype
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Jan 18 21:17:43 UTC 2022 on sn-devel-184
- - - - -
ce4d134d by Andreas Schneider at 2022-01-19T10:49:18+00:00
gitlab-ci: Use Fedora 34 for Coverity Scan
The Coverity Scan tools are not updated very often and miss support for the
latest gcc build. Lets use Fedora 34 for that and stay behind a bit.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Wed Jan 19 10:49:18 UTC 2022 on sn-devel-184
- - - - -
5636bfa9 by Joseph Sutton at 2022-01-19T20:50:34+00:00
netlogon.idl: Add FAST support bits
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
d2a3016a by Stefan Metzmacher at 2022-01-19T20:50:34+00:00
s4:heimdal_build: include heimdal headers relative to heimdal_build
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
40b65c84 by Stefan Metzmacher at 2022-01-19T20:50:35+00:00
s4:heimdal: import lorikeet-heimdal-202201172009 (commit 5a0b45cd723628b3690ea848548b05771c40f14e)
See
https://git.samba.org/?p=lorikeet-heimdal.git;a=shortlog;h=refs/heads/lorikeet-heimdal-202201172009
or
https://gitlab.com/samba-team/devel/lorikeet-heimdal/-/tree/lorikeet-heimdal-202201172009
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
Pair-Programmed-With: Joseph Sutton <josephsutton at catalyst.net.nz>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
b2c96d92 by Andrew Bartlett at 2022-01-19T20:50:35+00:00
s4:heimdal_build: changes required to build after import
For libtommath we do this by using the list from makefile.commo
in in libtommath rather than trying to match the list by hand.
This will be easier to maintain over the long term.
Thanks to work over many years by:
- Gary Lockyer <gary at catalyst.net.nz>
- Stefan Metzmacher <metze at samba.org>
- Andrew Bartlett <abartlet at samba.org>
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
6e8ac61b by Andrew Bartlett at 2022-01-19T20:50:35+00:00
tests: Update latin1 list and ignored file list for new Heimdal import
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
195e099f by Joseph Sutton at 2022-01-19T20:50:35+00:00
s4:kdc: Fix build failure by including <heimbase.h>
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
aaaae360 by Günther Deschner at 2022-01-19T20:50:35+00:00
s4:kdc: Do not encode the NTSTATUS error into a PA-DATA, just linearlise it
This allows another routine to do the wrapping.
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
9e43da24 by Andrew Bartlett at 2022-01-19T20:50:35+00:00
s4:kdc: Update samba_wdc_check_client_access() to match updated Heimdal
This based on a patch in Debian by Samuel Cabrero <scabrero at zentyal.com> in Debian.
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
78937243 by Joseph Sutton at 2022-01-19T20:50:35+00:00
s4:kdc: Adapt samba_wdc_check_client_access() to upstream Heimdal
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
3057e140 by Andrew Bartlett at 2022-01-19T20:50:35+00:00
s4:kdc: Adapt wamba_wdc_check_client_access() to modern Heimdal
Modern Heimdal falls back to kdc_check_flags() internally
when KRB5_PLUGIN_NO_HANDLE is returned, avoiding the need
to call back into the internal KDC APIs.
Selected from patch by by Stefan Metzmacher <metze at samba.org>
from his Heimdal upgrade branch.
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
3d8edb7b by Andrew Bartlett at 2022-01-19T20:50:35+00:00
s4:kdc: Adapt to use new combined windc interface in lorikeet-heimdal
This interface is as requested by Luke Howard towards possibly merging
this feature.
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
5a05066b by Andrew Bartlett at 2022-01-19T20:50:35+00:00
s4:kdc: Update to match updated Heimdal's new HDB version
Including updates to hook into the improved hdb_auth_status
by Stefan Metzmacher <metze at samba.org> from his Heimdal
upgrade branch.
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
52ccce25 by Stefan Metzmacher at 2022-01-19T20:50:35+00:00
tests/auth_log: adjust expected authDescription for test_smb_bad_user
With NO_SUCH_USER we don't know if any pre-authentication was requested,
so with the new Heimdal code we now used use "AS-REQ" instead of
assuming ENC-TS Pre-authentication.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
6395cbe3 by Andrew Bartlett at 2022-01-19T20:50:35+00:00
s4:kerberos: adjust smb_krb5_debug_wrapper() to embedded heimdal
In future we need a real configure check for Heimdal 8.
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
eb5c3bb9 by Stefan Metzmacher at 2022-01-19T20:50:35+00:00
s4:kerberos: adapt the heimdal send_to_kdc hooks to the send_to_kdc/realm plugin interface
With the recent heimdal upgrade we better try to use the send_to_realm()
hooks as it allows us to handle the KDC lookup as well as only getting
each logical request just once in the testing code, which makes it
let dependend on the heimdal internal kdc lookup logic.
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
8329e8d4 by Andrew Bartlett at 2022-01-19T20:50:35+00:00
s4:kdc: Set entry.flags.force_canonicalize to override the new Heimdal behaviour
This is needed to give hdb_samba4 the full control over the returned
principal, rather than the new code in the Heimdal KDC.
Including changes selected from code by Stefan Metzmacher <metze at samba.org>
in his Heimdal upgrade branch.
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
8d7e9366 by Andrew Bartlett at 2022-01-19T20:50:35+00:00
s4:kdc/hdb: Store and retrieve a FX-COOKIE value
Note Windows uses the string "MICROSOFT" as cookie,
so it's wrong to have a per DC cookie, but we need to
adjust the Heimdal logic to support that.
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
0d107482 by Andrew Bartlett at 2022-01-19T20:50:35+00:00
s4:kdc: Adapt KDC to new Heimdal to load samba4 HDB plugin for keytab
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
c7bd176f by Andrew Bartlett at 2022-01-19T20:50:35+00:00
s4:kdc: Move calls using the samba4 name to be right after each other
These all need to be in sync
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
28701dc2 by Gary Lockyer at 2022-01-19T20:50:35+00:00
s4:kdc: cope with upstream rename of configuration parameters.
This copes with the upstream commit:
commit c757eb7fb04a9b0ca883ddb72c1bc75bf5d814f3
Author: Nicolas Williams <nico at cryptonector.com>
Date: Fri Nov 25 17:21:04 2011 -0600
Rename and fix as/tgs-use-strongest-key config parameters
Different ticket session key enctype selection options should
distinguish between target principal type (krbtgt vs. not), not
between KDC request types.
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
[abartlet at samba.org Researched and updated the commit message]
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
3dbf9677 by Andrew Bartlett at 2022-01-19T20:50:35+00:00
s4:kdc/heimdal: Always include the salt in the PA-ETYPE-INFO[2]
This matches Windows and is detected by our samba.tests.krb5.as_canonicalization_tests
test as this always expects the salt, which Windows always provides.
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
ba154d62 by Andrew Bartlett at 2022-01-19T20:50:35+00:00
s4:kdc: Set require_pac and no-ENC_TS in FAST for new Heimdal import
This allows us to continue to avoid CVE-2020-25719 in particular
and pass our tests for expected FAST behaviour as the patches
we requested by upstream to be conditional, not hard-coded.
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
6c2a97d3 by Joseph Sutton at 2022-01-19T20:50:35+00:00
s4:kdc: Add PAC_ATTRIBUTES integration for Heimdal
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
- - - - -
cb382f7c by Joseph Sutton at 2022-01-19T20:50:35+00:00
s4:kdc: Set supported enctypes in KDC entry
This allows us to return the supported enctypes to the client as
PA-SUPPORTED-ENCTYPES padata.
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
0be58f55 by Joseph Sutton at 2022-01-19T20:50:35+00:00
s4:kdc: Return PA-SUPPORTED-ENCTYPES
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
64e539bb by Joseph Sutton at 2022-01-19T20:50:35+00:00
tests/krb5: Add option to check reply padata
So far we have only been checking padata in error replies and with FAST.
We should also check it in the general success case.
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
e5b9cc8f by Andrew Bartlett at 2022-01-19T20:50:35+00:00
selftest: Update SimpleKerberosTests now that Samba supports FAST
Heimdal matches Windows in this respect
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
71685966 by Andrew Bartlett at 2022-01-19T20:50:35+00:00
selftest: knownfail updates after Heimdal Upgrade
The Heimdal upgrade brings the new feature of FAST, allowing more tests to pass.
However it causes a regression in FL2003 for the returned salt format in
the AS-REP, but FL 2003 has not been the default since Samba 4.2 as AES
keys are much stronger and should be preferred.
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
2232d840 by Stefan Metzmacher at 2022-01-19T20:50:35+00:00
selftest: set [libdefaults] fcache_strict_checking = false
We're using uid_wrapper so the checks will fail.
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
0b9c8b9e by Joseph Sutton at 2022-01-19T20:50:35+00:00
selftest: Expect FAST support for both MIT and Heimdal
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
7679d596 by Isaac Boukris at 2022-01-19T20:50:35+00:00
s4:torture: return ETYPE_INFO2 on PREAUTH_FAILED
This is an alternative to 978bc8681e74ffa17f96fd5d4355094c4a26691c
which got overriten by the upgrade merge.
One difference however, is that we don't return ENC_TIMESTAMP like
in PREAUTH_REQUIRED but only ETYPE_INFO2 same as Windows.
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
Signed-off-by: Isaac Boukris <iboukris at gmail.com>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
b59687a7 by Joseph Sutton at 2022-01-19T20:50:35+00:00
s4:torture: Adapt LSA tests to newer Heimdal version
The Heimdal upgrade results in some changes that affect these tests. The
cname is now non-NULL in certain circumstances, the IO counts are
different due to a change between the ordering of capaths and referrals,
some requests no longer fail, and referral tickets are not cached
anymore, and so cannot be checked.
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
9eead485 by Joseph Sutton at 2022-01-19T20:50:35+00:00
s4:torture: Fix Orpheus' Lyre tests
The enc-pa-rep request protection allows these tests to now pass as
expected.
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
a24280dc by Joseph Sutton at 2022-01-19T20:50:35+00:00
s4:torture: Remove PAC-REQUEST check for RESPONSE_TOO_BIG
Needed by the Heimdal upgrade...
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
1954e50f by Joseph Sutton at 2022-01-19T20:50:35+00:00
s4:torture: Adapt KDC canon test to Heimdal upstream changes
NOTE: This commit finally works again!
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
7055827b by Stefan Metzmacher at 2022-01-19T21:41:59+00:00
HEIMDAL: move code from source4/heimdal* to third_party/heimdal*
This makes it clearer that we always want to do heimdal changes
via the lorikeet-heimdal repository.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Autobuild-User(master): Joseph Sutton <jsutton at samba.org>
Autobuild-Date(master): Wed Jan 19 21:41:59 UTC 2022 on sn-devel-184
- - - - -
19fa22b1 by Stefan Metzmacher at 2022-01-20T09:10:28+00:00
s4:dsdb/paged_results: fix segfault in paged_results()
It can happen that the paged_results() failes, e.g. due to
LDB_ERR_TIME_LIMIT_EXCEEDED, if that happens we should not
dereference ares->response, if ares is NULL.
We also should not call ldb_module_done() if paged_results()
fails, as it was already called.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14952
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
7d16a56b by Stefan Metzmacher at 2022-01-20T10:04:39+00:00
s4:dsdb/vlv_pagination: fix segfault in vlv_results()
It can happen that the vlv_results() failes, e.g. due to
LDB_ERR_TIME_LIMIT_EXCEEDED, if that happens we should not
dereference ares->response, if ares is NULL.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14952
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Thu Jan 20 10:04:39 UTC 2022 on sn-devel-184
- - - - -
d1891a0c by Andreas Schneider at 2022-01-20T14:19:02+00:00
autobuild: Fix path for libwbclient ldd checks
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Thu Jan 20 14:19:02 UTC 2022 on sn-devel-184
- - - - -
f60780c8 by Volker Lendecke at 2022-01-20T18:01:41+00:00
libcli/dns: Fix TCP fallback
A customer has come across a DNS server that really just cuts a SRV
reply if it's too long. This makes the packet invalid according to
ndr_pull and according to wireshark. DNS_FLAG_TRUNCATION is however
set. As this seems to be legal according to the DNS RFCs, we need to
hand-parse the first two uint16's and look whether DNS_FLAG_TRUNCATION
is set.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Jan 20 18:01:41 UTC 2022 on sn-devel-184
- - - - -
d0aa04e8 by Stefan Metzmacher at 2022-01-21T20:46:35+00:00
bootstrap: use compat-gnutls37-devel for centos7
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
82a21581 by Volker Lendecke at 2022-01-21T21:42:08+00:00
build: Without getrandom() require gnutls 3.7.2
gnutls before 3.7.2 and without getrandom() will open /dev/urandom at library
initialization time before main() is run. We use closefrom(3) in samba-bgqd and
samba-dcerpd, which closes /dev/urandom, which then breaks gnutls. On system
with getrandom(), no file descriptor is opened and gnutls 3.7.2+ will open and
close /dev/urandom whenever it needs to access it.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Jan 21 21:42:08 UTC 2022 on sn-devel-184
- - - - -
85dbc023 by Stefan Metzmacher at 2022-01-21T23:33:36+00:00
wafsamba: Remove clangdb code which doesn't work
This generates an incomplete database where defines and includes are missing.
Pair-Programmed-With: Andreas Schneider <asn at samba.org>
Signed-off-by: Andreas Schneider <asn at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
- - - - -
6843bdae by Stefan Metzmacher at 2022-01-21T23:33:36+00:00
wafsamba: Add our own implmentation to generate the clangdb
Pair-Programmed-With: Andreas Schneider <asn at samba.org>
Signed-off-by: Andreas Schneider <asn at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
- - - - -
afcdb090 by Pavel Filipenský at 2022-01-21T23:33:36+00:00
s3:utils: set ads->auth.flags using krb5_state
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14955
Pair-Programmed-With: Andreas Schneider <asn at samba.org>
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
49d18f2d by Pavel Filipenský at 2022-01-21T23:33:36+00:00
s3:libads: Remove trailing spaces from sasl.c
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14955
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
7785eb9b by Pavel Filipenský at 2022-01-21T23:33:36+00:00
s3:libads: Disable NTLMSSP for FIPS
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14955
Pair-Programmed-With: Andreas Schneider <asn at samba.org>
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
5f6251ab by Pavel Filipenský at 2022-01-21T23:33:36+00:00
s3:libads: Improve debug messages for SASL bind
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14955
Pair-Programmed-With: Andreas Schneider <asn at samba.org>
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
17ea2ccd by Pavel Filipenský at 2022-01-21T23:33:36+00:00
s3:libads: Disable NTLMSSP if not allowed (for builds without kerberos)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14955
Pair-Programmed-With: Andreas Schneider <asn at samba.org>
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
eb0fa26d by Pavel Filipenský at 2022-01-21T23:33:36+00:00
tests: Add test for disabling NTLMSSP for ldap client connections
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14955
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
9624e60e by Pavel Filipenský at 2022-01-21T23:33:36+00:00
s4:selftest: plan test suite samba4.blackbox.test_weak_disable_ntlmssp_ldap
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14955
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
fcf225a3 by Pavel Filipenský at 2022-01-21T23:33:36+00:00
s3:winbindd: Remove trailing spaces from winbindd_ads.c
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14955
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
f03abaec by Pavel Filipenský at 2022-01-21T23:33:36+00:00
s3:winbindd: Do not set ADS_AUTH_ALLOW_NTLMSSP in FIPS mode
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14955
Pair-Programmed-With: Andreas Schneider <asn at samba.org>
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
fa5413b6 by Pavel Filipenský at 2022-01-22T00:27:52+00:00
s3:libnet: Do not set ADS_AUTH_ALLOW_NTLMSSP in FIPS mode
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14955
Pair-Programmed-With: Andreas Schneider <asn at samba.org>
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Sat Jan 22 00:27:52 UTC 2022 on sn-devel-184
- - - - -
809f4fe2 by Björn Jacke at 2022-01-23T12:51:44+00:00
s4:librpc: raise log level for failed connection attempts
this keeps the log files silent when other DCs are currently not running. We
saw frequent NT_STATUS_HOST_UNREACHABLE messages at log level 0 for now.
https://bugzilla.samba.org/show_bug.cgi?id=11537
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Sun Jan 23 12:51:44 UTC 2022 on sn-devel-184
- - - - -
1c776e54 by Stefan Metzmacher at 2022-01-24T11:21:32+00:00
tdb: version 1.4.6
* Use atomic operations for tdb_[increment|get]_seqnum
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
c6bc927a by Jule Anger at 2022-01-24T11:21:32+00:00
WHATSNEW: Up to Samba 4.16.0rc1.
Signed-off-by: Jule Anger <janger at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
- - - - -
401df670 by Jule Anger at 2022-01-24T11:21:32+00:00
VERSION: Disable GIT_SNAPSHOT for the Samba 4.16.0rc1 release.
Signed-off-by: Jule Anger <janger at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
- - - - -
3fdc553c by Stefan Metzmacher at 2022-01-28T11:17:33+00:00
VERSION: Bump version up to 4.16.0rc2...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(v4-16-test): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(v4-16-test): Fri Jan 28 11:17:33 UTC 2022 on sn-devel-184
- - - - -
20f84f11 by Stefan Metzmacher at 2022-01-30T10:57:11+00:00
dcesrv_core: wrap gensec_*() calls in [un]become_root() calls
This is important for the source3/rpc_server code as it might
be called embedded in smbd and may not run as root with access
to our private tdb/ldb files.
Note this is only really needed for 4.15 and older, as
we no longer run the rpc_server embedded in smbd,
but we better be consistent for now.
This should be able to fix the problem the printing no longer works
on Windows 7 with 2021-10 monthly rollup patch (KB5006743).
Windows uses NTLMSSP with privacy at the DCERPC layer on top
of NCACN_NP (smb).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14867
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 0651fa474cd68b18d8eb9bdc7c4ba5b847ba9ad9)
- - - - -
c4132ef4 by FeRD (Frank Dana) at 2022-01-30T10:57:11+00:00
printing/bgqd: Disable systemd notifications
samba-bgqd daemon is started by existing Samba daemons. When running
under systemd, those daemons control systemd notifications and
samba-bgqd messages need to be silenced.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14947
Signed-off-by: FeRD (Frank Dana) <ferdnyc at gmail.com>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 36c861e25b1d9c5ce44bfcb46247e7e4747930c5)
- - - - -
8097c9b3 by Stefan Metzmacher at 2022-01-30T10:57:11+00:00
lib/util: split out a dump_data_block16() helper
This simplifies the logic a lot for me.
It also fixes some corner cases regarding whitespaces in the
output, that's why we have to mark a few tests as knownfail,
they will be fixed in the next commit.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14956
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 58b09e107cadd7fb8191822d4e7e42657b1ed4c7)
- - - - -
f1cbfdc4 by Stefan Metzmacher at 2022-01-30T10:57:11+00:00
blackbox.ndrdump: adjust example files to changed dump_data() output.
The cleanup using dump_data_block16() fixed the space handling.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14956
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 9110a8854a518befa2908c26076e17a085c5ec48)
- - - - -
1538a574 by Stefan Metzmacher at 2022-01-30T10:57:11+00:00
lib/util: add dump_data_diff*() helpers
That will make it easy to see the difference
between two memory buffers.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14956
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit b489b7feda19b3c0f0fe2300f2c76d416776355b)
- - - - -
c1bd0f0d by Stefan Metzmacher at 2022-01-30T10:57:11+00:00
ndrdump: make use of dump_data_file_diff() in order to show differences
This makes it much easier to detect differences in the given and
generated buffers.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14956
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit d1a7f392a8ceef111a5d6c3d2a3bdb9dcb90db5e)
- - - - -
a55de23f by Stefan Metzmacher at 2022-01-30T10:57:11+00:00
blackbox.ndrdump: adjust example files to the usage of dump_data_diff output.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14956
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 1dc385cb648f0c37b04f4ede6b1c96916e379b23)
- - - - -
9be924f9 by Stefan Metzmacher at 2022-01-30T10:57:11+00:00
s4:torture/ndr: demonstrate the ndr_push_string(STR_NOTERM|REMAINING) of "" is wrong
convert_string_talloc() never returns a string with len=0 and always
implies zero termination byte(s).
For ndr_push_string this is unexpected as we need to be compatible on
the wire and push 0 bytes for an empty string.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14956
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 8da26cb6725b5d853ab481a348a3a672966715b5)
- - - - -
7734584c by Stefan Metzmacher at 2022-01-30T10:57:11+00:00
librpc/ndr: let ndr_push_string() let s_len == 0 result in d_len = 0
convert_string_talloc_handle() tries to play an the safe side
and always returns a null terminated array.
But for NDR we need to be correct on the wire...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14956
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 43648e95a514020da4c7efa62df55d0882e3db85)
- - - - -
4d305426 by Stefan Metzmacher at 2022-01-30T11:52:27+00:00
blackbox.ndrdump: fix test_ndrdump_fuzzed_NULL_struct_ntlmssp_CHALLENGE_MESSAGE test
This actually reveals that ndr_push_string() for TargetName="" was
failing before because it resulted in 1 byte for a subcontext with
TargetLen=0.
This is fixed now and we no longer expect ndrdump to exit with 1.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14956
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Mon Jan 24 16:18:34 UTC 2022 on sn-devel-184
(cherry picked from commit 12464bd4c222d996aac6d6250b7945d63f20f4bc)
Autobuild-User(v4-16-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-16-test): Sun Jan 30 11:52:27 UTC 2022 on sn-devel-184
- - - - -
eaede91a by Joseph Sutton at 2022-01-31T14:26:10+00:00
CVE-2022-0336: pytest: Add a test for an SPN conflict with a re-added SPN
This test currently fails, as re-adding an SPN means that later checks
do not run.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14950
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
e4f18bfa by Joseph Sutton at 2022-01-31T14:26:10+00:00
CVE-2022-0336: s4/dsdb/samldb: Don't return early when an SPN is re-added to an object
If an added SPN already exists on an object, we still want to check the
rest of the element values for conflicts.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14950
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
9d7dd721 by Ralph Boehme at 2022-01-31T14:26:10+00:00
CVE-2021-44142: libadouble: add defines for icon lengths
>From https://www.ietf.org/rfc/rfc1740.txt
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14914
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
36f84786 by Ralph Boehme at 2022-01-31T14:26:10+00:00
CVE-2021-44142: smbd: add Netatalk xattr used by vfs_fruit to the list of private Samba xattrs
This is an internal xattr that should not be user visible.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14914
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
39eb60d9 by Ralph Boehme at 2022-01-31T14:26:10+00:00
CVE-2021-44142: libadouble: harden ad_unpack_xattrs()
This ensures ad_unpack_xattrs() is only called for an ad_type of ADOUBLE_RSRC,
which is used for parsing ._ AppleDouble sidecar files, and the buffer
ad->ad_data is AD_XATTR_MAX_HDR_SIZE bytes large which is a prerequisite for all
buffer out-of-bounds access checks in ad_unpack_xattrs().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14914
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
03c6ba00 by Ralph Boehme at 2022-01-31T14:26:10+00:00
CVE-2021-44142: libadouble: add basic cmocka tests
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14914
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ef822984 by Ralph Boehme at 2022-01-31T14:26:10+00:00
CVE-2021-44142: libadouble: harden parsing code
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14914
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1dcd8183 by Jeremy Allison at 2022-01-31T14:26:10+00:00
CVE-2021-44141: s3: torture: Add samba3.blackbox.test_symlink_traversal.SMB2.
Add to knownfail.d/symlink_traversal
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14911
Signed-off-by: Jeremy Allison <jra at samba.org>
- - - - -
e6ccaced by Jeremy Allison at 2022-01-31T14:26:10+00:00
CVE-2021-44141: s3: torture: Add samba3.blackbox.test_symlink_traversal.SMB1.
Add to knownfail.d/symlink_traversal.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14911
Signed-off-by: Jeremy Allison <jra at samba.org>
- - - - -
ea20599f by Jeremy Allison at 2022-01-31T14:26:10+00:00
CVE-2021-44141: s3: torture: Add samba3.blackbox.test_symlink_traversal.SMB1.posix
Add to knownfail.d/symlink_traversal.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14911
Signed-off-by: Jeremy Allison <jra at samba.org>
- - - - -
c6d70dad by Jeremy Allison at 2022-01-31T14:26:10+00:00
CVE-2021-44141: s3: torture: In test_smbclient_s3, change the error codes expected for test_widelinks() and test_nosymlinks() from ACCESS_DENIED to NT_STATUS_OBJECT_NAME_NOT_FOUND.
For SMB1/2/3 (minus posix) we need to treat bad symlinks
as though they don't exist.
Add to knwownfail.d/symlink_traversal
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14911
Signed-off-by: Jeremy Allison <jra at samba.org>
- - - - -
b8da8b72 by Jeremy Allison at 2022-01-31T14:26:10+00:00
CVE-2021-44141: s3: torture: Change expected error return for samba3.smbtorture_s3.plain.POSIX.smbtorture.
Trying to open a symlink as a terminal component should return
NT_STATUS_OBJECT_NAME_NOT_FOUND, not NT_STATUS_OBJECT_PATH_NOT_FOUND.
Mark as knownfail.d/simple_posix_open until we fix the server.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14911
Signed-off-by: Jeremy Allison <jra at samba.org>
- - - - -
4106af6d by Jeremy Allison at 2022-01-31T14:26:10+00:00
CVE-2021-44141: s3: smbd: For SMB1+POSIX clients trying to open a symlink, always return NT_STATUS_OBJECT_NAME_NOT_FOUND.
Matches the error return from openat_pathref_fsp().
NT_STATUS_OBJECT_PATH_NOT_FOUND is for a bad component in a path, not
a bad terminal symlink.
Remove knownfail.d/simple_posix_open, we now pass.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14911
Signed-off-by: Jeremy Allison <jra at samba.org>
- - - - -
f4202a0b by Jeremy Allison at 2022-01-31T14:26:10+00:00
CVE-2021-44141: s3: smbd: Inside check_reduced_name() ensure we return the correct error codes when failing symlinks.
NT_STATUS_OBJECT_PATH_NOT_FOUND for a path component failure.
NT_STATUS_OBJECT_NAME_NOT_FOUND for a terminal component failure.
Remove:
samba3.blackbox.test_symlink_traversal.SMB1.posix
samba3.blackbox.smbclient_s3.*.Ensure\ widelinks\ are\ restricted\(.*\)
samba3.blackbox.smbclient_s3.*.follow\ symlinks\ \=\ no\(.*\)
in knownfail.d/symlink_traversal as we now pass these. Only one more fix
remaining to get rid of knownfail.d/symlink_traversal completely.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14911
Signed-off-by: Jeremy Allison <jra at samba.org>
- - - - -
86157b3c by Jeremy Allison at 2022-01-31T14:26:10+00:00
CVE-2021-44141: s3: smbd: Fix a subtle bug in the error returns from filename_convert().
If filename_convert() fails to convert the path, we never call
check_name(). This means we can return an incorrect error code
(NT_STATUS_ACCESS_DENIED) if we ran into a symlink that points
outside the share to a non-readable directory. We need to make
sure in this case we always call check_name().
Remove knownfail.d/symlink_traversal.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14911
Signed-off-by: Jeremy Allison <jra at samba.org>
- - - - -
239e915b by Jeremy Allison at 2022-01-31T14:26:10+00:00
CVE-2021-44141: s3: torture: Add a test samba3.blackbox.test_symlink_rename.SMB1.posix that shows we still leak target info across a SMB1+POSIX rename.
Add a knownfail.d/posix_sylink_rename
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14911
Signed-off-by: Jeremy Allison <jra at samba.org>
- - - - -
b88d24e3 by Jeremy Allison at 2022-01-31T14:26:10+00:00
CVE-2021-44141: s3: smbd: Inside rename_internals_fsp(), we must use vfs_stat() for existence, not SMB_VFS_STAT().
We need to take SMB1+POSIX into account here and do an LSTAT if it's
a POSIX name.
Remove knownfail.d/posix_sylink_rename
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14911
Signed-off-by: Jeremy Allison <jra at samba.org>
- - - - -
c278515c by Ralph Boehme at 2022-01-31T14:26:10+00:00
s3/rpc_server: install elasticsearch_mappings.json
This was removed accidentally remvoed by
a7c65958a15149918415b7456d6f20ee8c9669d2 because the original code
only installed the json file if the mdssvc was built as module:
if bld.SAMBA3_IS_ENABLED_MODULE('rpc_mdssvc_module'):
bld.INSTALL_FILES(bld.env.SAMBA_DATADIR,
'mdssvc/elasticsearch_mappings.json')
Installing the json file should just depend on Elasticsearch support
being enabled, regardless of the removed module support.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14961
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
Autobuild-User(master): Noel Power <npower at samba.org>
Autobuild-Date(master): Fri Jan 28 10:22:31 UTC 2022 on sn-devel-184
(cherry picked from commit 0eecfddd071ea54844c56516dd7adc761be03c27)
- - - - -
4c386363 by Jule Anger at 2022-01-31T14:26:10+00:00
WHATSNEW: Add release notes for Samba 4.16.0rc2.
Signed-off-by: Jule Anger <janger at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
- - - - -
a4763bd9 by Jule Anger at 2022-01-31T14:26:10+00:00
VERSION: Disable GIT_SNAPSHOT for the 4.16.0rc2 release.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
29355d0a by Jule Anger at 2022-01-31T15:26:29+00:00
VERSION: Bump version up to Samba 4.16.0rc3...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Jule Anger <janger at samba.org>
Autobuild-User(v4-16-test): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(v4-16-test): Mon Jan 31 15:26:29 UTC 2022 on sn-devel-184
- - - - -
5c55418c by Jeremy Allison at 2022-02-04T07:46:50+00:00
s4: test: Add samba4.libsmbclient.rename test. Currently fails for SMB3.
Add knownfail.d/libsmbclient_rename
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14938
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 0ecc58858360bcc0181a02e52ada3e8327f97c5b)
- - - - -
64aea70f by Jeremy Allison at 2022-02-04T08:41:09+00:00
lib: libsmbclient: Ensure cli_rename() always sets cli->raw_status.
Identical change as used in cli_unlink(), cli_mkdir(), cli_rmdir()
cli_chkpath() to ensure SMB2 calls correctly set raw_status for
libsmbclient uses.
Remove knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14938
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Feb 2 21:50:31 UTC 2022 on sn-devel-184
(cherry picked from commit ca60f6350d566b7ecc822bcbb44fb65a1d150bbe)
Autobuild-User(v4-16-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-16-test): Fri Feb 4 08:41:09 UTC 2022 on sn-devel-184
- - - - -
95aca464 by Jeremy Allison at 2022-02-09T11:09:40+00:00
s3: tests: Add a new test test_msdfs_hardlink() that does simple hardlinks on MSDFS root shares.
We pass this already as the cmd_hardlink in smbclient doesn't
do the DFS path conversion on the hardlink target. But it's
good to have the test.
Note we need to add the new test to "selftest/knownfail.d/smb1-tests"
as test_smbclient_s3.sh is run against the (ad_member|nt4_member)
environments first using NT1 (SMB1) protocol and then using SMB3,
but the (ad_member|nt4_member) environments don't support SMB1.
Seems a bit strange to me, but all the other SMB1 tests inside
test_smbclient_s3.sh have already been added to "selftest/knownfail.d/smb1-tests"
so just go with the test environment.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14169
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
(cherry picked from commit d7deb876053ef45313026b4dea9ee1b376153611)
- - - - -
738fbcca by Jeremy Allison at 2022-02-09T11:09:40+00:00
s3: tests: Add a new test test_msdfs_rename() that does simple renames on MSDFS root shares.
We fail this on SMB2 for a subtle reason.
Our client code called from smbclient only sets the SMB2_HDR_FLAG_DFS flag
in the outgoing packet on the SMB2_CREATE call, and SMB2 rename does the
following operations:
SMB2_CREATE(src_path) // We set SMB2_HDR_FLAG_DFS here for a MSDFS share.
SMB2_SETINFO: SMB2_FILE_RENAME_INFO(dst_path). // We don't set SMB2_HDR_FLAG_DFS
However, from smbclient, dst_path is a MSDFS path but we don't set the flag,
so even though the rename code inside smbd will cope with a MSDFS path
(as used in the SMB1 SMBmv call) it fails as the correct flag isn't set.
Add knownfail selftest/knownfail.d/msdfs-rename.
Note we need to add the new test to "selftest/knownfail.d/smb1-tests"
as test_smbclient_s3.sh is run against the (ad_member|nt4_member)
environments first using NT1 (SMB1) protocol and then using SMB3,
but the (ad_member|nt4_member) environments don't support SMB1.
Seems a bit strange to me, but all the other SMB1 tests inside
test_smbclient_s3.sh have already been added to "selftest/knownfail.d/smb1-tests"
so just go with the test environment.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14169
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
(cherry picked from commit 44cc9fb0e01b3635804f41e03f9b20afc3bfe36c)
- - - - -
62ce0c8f by Jeremy Allison at 2022-02-09T11:09:40+00:00
s3: libsmb: Add cli_dfs_target_check() function.
Strips any DFS prefix from a target name that will be passed
to an SMB1/2/3 rename or hardlink call. Returns a pointer
into the original target name after the prefix. Not yet used.
If the incoming filename is *NOT* a DFS prefix, the
original filename is returned unchanged.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14169
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
(cherry picked from commit 2abba0ea109d7a3a0b0cb4a7030293f70c2d9d8a)
- - - - -
96122869 by Jeremy Allison at 2022-02-09T11:09:40+00:00
s3: libsmb: Call cli_dfs_target_check() from cli_smb2_hardlink_send().
Currently we don't pass MSDFS names as targets here, but a caller
may erroneously do this later, and for non-DFS names this is a no-op.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14169
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
(cherry picked from commit 4bdbe3c2fc0c35635474ae526896b28f55142aca)
- - - - -
01b06586 by Jeremy Allison at 2022-02-09T11:09:41+00:00
s3: libsmb: Call cli_dfs_target_check() from cli_ntrename_internal_send()..
Currently we don't pass MSDFS names as targets here, but a caller
may erroneously do this later, and for non-DFS names this is a no-op.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14169
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
(cherry picked from commit cf3e5724422d8becd045542be196dfea6ac9ec2b)
- - - - -
1304041a by Jeremy Allison at 2022-02-09T11:09:41+00:00
s3: libsmb: Call cli_dfs_target_check() from cli_smb1_rename_send().
Strips off any DFS prefix from the target if passed in.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14169
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
(cherry picked from commit dd0317f6ecb572a80893405daa83e079dbcdf113)
- - - - -
35a250f4 by Jeremy Allison at 2022-02-09T11:09:41+00:00
s3: libsmb: Call cli_dfs_target_check() from cli_cifs_rename_send().
Strips off any DFS prefix from the target if passed in.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14169
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
(cherry picked from commit 4473aea926fe4ddd23a6e0913009bb1a0a1eaa90)
- - - - -
cdcf23aa by Jeremy Allison at 2022-02-09T11:09:41+00:00
s3: libsmb: Call cli_dfs_target_check() from cli_smb2_rename_send().
Strips off any DFS prefix from the target if passed in.
Remove knownfail selftest/knownfail.d/msdfs-rename.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14169
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
Autobuild-User(master): Noel Power <npower at samba.org>
Autobuild-Date(master): Fri Feb 4 12:02:36 UTC 2022 on sn-devel-184
(cherry picked from commit b9b82f3611c56e837e9189f5275ae9a78e647262)
- - - - -
8cbf38a1 by Ralph Boehme at 2022-02-09T11:09:41+00:00
s3/libads: simplify storing existing ads->ldap.ss
We just need temporal storage for ads->ldap.ss, no need to store it as a struct
samba_sockaddr.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14674
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2354
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit c266ed40aeb1b1f59a1811cd4511e32e44a4a719)
- - - - -
188b9616 by Ralph Boehme at 2022-02-09T12:03:17+00:00
s3/libads: ensure a sockaddr variable is correctly zero initialized
is_zero_addr() doesn't work with addresses that have been zero-initialized.
This fixes the logic added in c863cc2ba34025731a18ac735f714b5b888504da.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14674
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2354
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Feb 8 20:24:12 UTC 2022 on sn-devel-184
(cherry picked from commit 3ee690455eb963dedc7955b79316481387d4ac8c)
Autobuild-User(v4-16-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-16-test): Wed Feb 9 12:03:17 UTC 2022 on sn-devel-184
- - - - -
8deee49c by Stefan Metzmacher at 2022-02-13T09:11:16+00:00
selftest/quick: add smb2.session
We run the quicktest on each linux distro as part of samba-o3 builds.
We should make sure smb2 signing/enctyption works on all of them
and all different system libraries.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14968
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 68e62962b08497da8359ddbe4324443818c05cd1)
- - - - -
f400eef0 by Stefan Metzmacher at 2022-02-13T09:11:16+00:00
libcli/smb: fix error checking in smb2_signing_decrypt_pdu() invalid ptext_len
When the ptext_size != m_total check fails, we call this:
status = gnutls_error_to_ntstatus(rc, NT_STATUS_INTERNAL_ERROR);
goto out;
As rc is 0 at that point we'll exit smb2_signing_decrypt_pdu()
with NT_STATUS_OK, but without copying the decrypted data
back into the callers buffer. Which leads to strange errors
in the caller.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14968
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 99182af4ab5a3413311e27c2a193e09babceb01c)
- - - - -
fe8bf1d8 by Stefan Metzmacher at 2022-02-13T10:18:29+00:00
libcli/smb: let smb2_signing_decrypt_pdu() cope with gnutls_aead_cipher_decrypt() ptext_len bug
The initial implementation of gnutls_aead_cipher_decrypt() had a bug and
used:
*ptext_len = ctext_len;
instead of:
*ptext_len = ctext_len - tag_size;
This got fixed with gnutls 3.5.2.
As we only require gnutls 3.4.7 we need to cope with this...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14968
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Wed Feb 2 18:29:08 UTC 2022 on sn-devel-184
(cherry picked from commit 735f3d7dde3daf5d0af2e8a1de60422b88663992)
Autobuild-User(v4-16-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-16-test): Sun Feb 13 10:18:29 UTC 2022 on sn-devel-184
- - - - -
66283579 by Andreas Schneider at 2022-02-14T09:01:11+00:00
s4:kdc: Add a HDB to SDB mask
For most flags the mapping is 1 to 1, but it's not always
the case anymore.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14960
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 63e00f81b5dd05b50e6ac286e87b8637a4ecd7e0)
- - - - -
27c6ad1f by Andreas Schneider at 2022-02-14T09:01:11+00:00
s4:kdc: Remove trailing spaces in hdb-samba4.c
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14960
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 2a0d6c11330c40f5692dc07ed6482c7107035bd4)
- - - - -
bc72fb43 by Andreas Schneider at 2022-02-14T09:58:46+00:00
s4:kdc: Translate HDB flags to SDB flags
We used to have a 1 to 1 mapping, but now we have
a conflict with these:
#define SDB_F_FORCE_CANON 16384
#define HDB_F_PRECHECK 16384
We currently don't really care about HDB_F_PRECHECK,
so we can just filter it out.
In the long run we may change the SDB flags space to uint64...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14960
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 6063e8016fccbefd1c3fe378e3807c77bc04e4ec)
Autobuild-User(v4-16-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-16-test): Mon Feb 14 09:58:46 UTC 2022 on sn-devel-184
- - - - -
2fd16c0c by Andreas Schneider at 2022-02-14T13:32:15+00:00
selftest: Do not force -d0 for smbd/nmbd/winbindd
We have the env variable SERVER_LOG_LEVEL which allows you to change
the log level on the command line. If we force -d0 this will not work.
make test TESTS="samba" SERVER_LOG_LEVEL=10
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 9693f7ea7383c6a51ab58b7c8255b30206f18a3b)
- - - - -
174fcd9f by Pavel Filipenský at 2022-02-14T13:32:15+00:00
s3:modules: Implement dummy virus scanner that uses filename matching
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14971
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 9f34babec7c6aca3d91f226705d3b3996792e5f1)
- - - - -
db32ea07 by Pavel Filipenský at 2022-02-14T13:32:15+00:00
docs-xml:manpages: Document 'dummy' virusfilter and 'virusfilter:infected files'
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14971
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 2fd518e5cc63221c162c9b3f8526b9b7c9e34969)
- - - - -
e95306ed by Pavel Filipenský at 2022-02-14T13:32:15+00:00
selftest: Fix trailing whitespace in Samba3.pm
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14971
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 547b4c595a8513a4be99177edbaa39ce43840f7a)
- - - - -
63f6fac5 by Pavel Filipenský at 2022-02-14T13:32:15+00:00
s3:selftest: Add test for virus scanner
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14971
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Pair-Programmed-With: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit a25c714c34d3e00e0f3c29d2acfa98cf9cdbc544)
- - - - -
e1e2bae5 by Pavel Filipenský at 2022-02-14T14:26:30+00:00
s3:modules: Fix virusfilter_vfs_openat
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14971
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Pair-Programmed-With: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Feb 10 22:09:06 UTC 2022 on sn-devel-184
(cherry picked from commit 3f1c958f6fa9d2991185f4e281a377a295d09f9c)
Autobuild-User(v4-16-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-16-test): Mon Feb 14 14:26:30 UTC 2022 on sn-devel-184
- - - - -
a2604634 by Volker Lendecke at 2022-02-14T17:46:14+00:00
smbd: Slightly simplify create_file_unixpath()
Avoid the "needs_fsp_unlink" variable, describe the talloc hierarchy a
bit differently in the comments.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14975
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 1c1734974fcf1d060bc6bcdbe1858cba1b7e5a73)
- - - - -
692fb63a by Volker Lendecke at 2022-02-14T17:46:14+00:00
smbd: Move the call to file_free() out of close_directory()
Call file_free() just once
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14975
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 9966b5e233ef2ff0368ba5860c824c7cd6420415)
- - - - -
3500cb49 by Volker Lendecke at 2022-02-14T17:46:14+00:00
smbd: Move the call to file_free() out of close_normal_file()
Call file_free() just once
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14975
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 2293ca5b572178404273856f8d8989a5ee7de80c)
- - - - -
b48431f4 by Volker Lendecke at 2022-02-14T17:46:14+00:00
smbd: Move the call to file_free() out of close_fake_file()
Centralize calling file_free(), but leave close_fake_file() in for API
symmetry reasons.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14975
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 244c5a7d31c3a37082b320680f2b71108d77bbd4)
- - - - -
4f9bada5 by Volker Lendecke at 2022-02-14T17:46:14+00:00
smbd: Call file_free() just once in close_file()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14975
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 363ac7533895fda786f56c4fe8346128753f38a5)
- - - - -
d088caa4 by Volker Lendecke at 2022-02-14T17:46:14+00:00
smbd: NULL out "fsp" in close_file()
Quite a few places already had this in the caller, but not all. Rename
close_file() to close_file_free() appropriately. We'll factor out
close_file_smb() doing only parts of close_file_free() later.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14975
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit f5bc73a2ad97647f76143f7962c964f45aa6b1a0)
- - - - -
c0e02d8e by Volker Lendecke at 2022-02-14T17:46:14+00:00
smbd: No base fsps to close_file_free() from file_close_conn()
close_file_free() needs to handle base fsps specially. This can be
simplified a lot if we pass the the open files a second time in case
we encountered base_fsps that we could not immediately delete.
file_close_conn() is not our hot code path, and also we don't expect
many thousand open files that we need to walk a second time.
A subsequent patch will simplify close_file_free(), the complicated
logic is now in files.c, where it IMHO belongs because
file_set_base_fsp() are here as well.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14975
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit d1341d666af12965b4318f89b1d0e1e8769e861e)
- - - - -
9794341b by Volker Lendecke at 2022-02-14T17:46:14+00:00
smbd: Factor out close_file_in_loop() from file_close_conn_fn()
To be reused in file_close_user(). Deliberately a separate commit to
make the previous commit easier to understand.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14975
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 61f57ba24ee2e54abf224118f93bd0ccda44ec41)
- - - - -
e8d165da by Volker Lendecke at 2022-02-14T17:46:14+00:00
smbd: No base fsps to close_file_free() from file_close_user()
Same logic as the change for file_close_conn()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14975
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 1fbd9877fead466a17d697c143cd370c0b27f610)
- - - - -
a61a91d4 by Volker Lendecke at 2022-02-14T17:46:14+00:00
smbd: Simplify the flow in close_file_free()
We are no longer called on base_fsp's in SHUTDOWN_CLOSE. That
simplifies the logic in the common case, we now have a linear flow for
the very often-called close_file()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14975
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 93fe9c83145d31ea11a9cd25049ac527ad4a000d)
- - - - -
4cc60cbd by Volker Lendecke at 2022-02-14T17:46:14+00:00
torture: Add a test to show that full_audit uses a ptr after free
Run vfstest with this vfstest.cmd under valgrind and you'll see what
happens. Exact explanation a few patches further down...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14975
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 5f1ceead7094aefc6ad1f209468e9ea8f009716c)
- - - - -
52117832 by Volker Lendecke at 2022-02-14T17:46:14+00:00
smbd: Factor out fsp_unbind_smb() from file_free()
For example, remove our entry from smbXsrv_open_global.tdb
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14975
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit e751c6237b750adb4cb59df4a42bb9f39354e7e4)
- - - - -
d44c45cb by Volker Lendecke at 2022-02-14T17:46:14+00:00
smbd: Introduce close_file_smb()
This does almost everything that close_file_free() does, but it leaves
the fsp around.
A normal close_file() now calls fsp_unbind_smb() twice. Functionally
this is not a problem, fsp_unbind_smb() is idempotent. The only
potential performance penalty might come from the loops in
remove_smb2_chained_fsp(), but those only are potentially large with
deeply queued smb2 requests. If that turns out to be a problem, we'll
cope with it later. The alternative would be to split up file_free()
into even more routines and make it more difficult to figure out which
of the "rundown/unbind/free" routines to call in any particular
situation.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14975
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit e91b59c4dfb2b35661dbecbc5769584109e23571)
- - - - -
cdc5e9e4 by Volker Lendecke at 2022-02-14T18:36:26+00:00
smbd: Only file_free() a self-created fsp in create_file_unixpath()
This fixes a use-after-free in smb_full_audit_create_file() when
calling SMB_VFS_CREATE_FILE with fsp->fsp_name as smb_fname.
create_file_unixpath() has this comment:
* This is really subtle. If someone passes in an smb_fname
* where smb_fname actually is taken from fsp->fsp_name, then
* the lifetime of these objects is meant to be the same.
so it seems legitimate to call CREATE_FILE this way.
When CREATE_FILE runs into an error, create_file_unixpath() does a
file_free, which also takes fsp->fsp_name with
it. smb_full_audit_create_file() wants to log the failure including
the smb_fname after NEXT_CREATE_FILE has exited, but this will then
use the already free'ed data.
Fix by only doing the file_free() on an fsp that
create_file_unixpath() created itself.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14975
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Feb 10 19:11:33 UTC 2022 on sn-devel-184
(cherry picked from commit 434e6d4b4b45757878642d229d26d146792a3878)
Autobuild-User(v4-16-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-16-test): Mon Feb 14 18:36:26 UTC 2022 on sn-devel-184
- - - - -
1bbb3677 by Volker Lendecke at 2022-02-14T22:18:31+00:00
smbd: Safeguards for getpwuid
Attempt to fix
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14900
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 929ccd3d1afb864ea715fa4d3d8af8f997e5d2aa)
Autobuild-User(v4-16-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-16-test): Mon Feb 14 22:18:31 UTC 2022 on sn-devel-184
- - - - -
5f8796ea by Jule Anger at 2022-02-15T08:10:33+01:00
WHATSNEW: Add release notes for Samba 4.16.0rc3.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
2517bca6 by Jule Anger at 2022-02-15T08:11:16+01:00
VERSION: Disable GIT_SNAPSHOT for the 4.16.0rc3 release.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
caa6785e by Jule Anger at 2022-02-15T08:12:02+01:00
VERSION: Bump version up to Samba 4.16.0rc4...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
07540a8c by Martin Schwenke at 2022-02-15T09:01:14+00:00
ctdb-recoverd: Always cancel election in progress
Election-in-progress is set by unknown leader broadcast, so needs to
be cleared in all cases when election completes.
This was seen in a case where the leader node stalled, so didn't send
leader broadcasts for some time. The node continued to hold the
cluster lock, so another node could not become leader. However, after
the node returned to normal it still did not send leader broadcasts
because election-in-progress was never cleared.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14958
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
(cherry picked from commit 188a9021565bc2c1bec1d7a4830d6f47cdbc44a9)
- - - - -
758e953e by Martin Schwenke at 2022-02-15T09:01:14+00:00
ctdb-recoverd: Consistently have caller set election-in-progress
The problem here is that election-in-progress must be set to
potentially avoid restarting the election broadcast timeout in
main_loop(), so this is already done by leader_handler().
Have force_election() set election-in-progress for all election types
and do not bother setting it in cluster_lock_election().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14958
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
(cherry picked from commit 9b3fab052bd2dccf2fc3fe9bd2b4354dff0b9ebb)
- - - - -
ddda97dc by Martin Schwenke at 2022-02-15T09:01:14+00:00
ctdb-recoverd: Always send unknown leader broadcast when starting election
This is currently missed when the cluster lock is lost.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14958
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
(cherry picked from commit bf55a0117d045e8ca888f7e01591cc2a2bce9223)
- - - - -
d0133dd3 by Martin Schwenke at 2022-02-15T09:01:14+00:00
ctdb-recoverd: Consistently log start of election
Elections should now be quite rare, so always log when one begins.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14958
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
(cherry picked from commit 0e74e03c9cf83d5dc2d97fa9f38ff8fbaa3d2685)
- - - - -
f3047e90 by Martin Schwenke at 2022-02-15T09:01:14+00:00
ctdb-tests: Factor out functions to detect when generation changes
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14958
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
(cherry picked from commit 265e44abc42e1f5b7fef6550cd748459dbef80cb)
- - - - -
79b42f0f by Martin Schwenke at 2022-02-15T09:55:38+00:00
ctdb-tests: Add a test for stalled node triggering election
A stalled node probably continues to hold the cluster lock, so confirm
elections work in this case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14958
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay at samba.org>
Autobuild-Date(master): Mon Feb 14 02:46:01 UTC 2022 on sn-devel-184
(cherry picked from commit 331c435ce520bef1274e076e6ed491400db3b5ad)
Autobuild-User(v4-16-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-16-test): Tue Feb 15 09:55:38 UTC 2022 on sn-devel-184
- - - - -
0d27228e by Andreas Schneider at 2022-02-18T08:05:13+00:00
s3:winbindd: Add a sanity check for the range
What we want to avoid:
$ ./bin/testparm -s | grep "idmap config"
idmap config * : rangesize = 10000
idmap config * : range = 10000-19999
idmap config * : backend = autorid
$ ./bin/wbinfo --name-to-sid BUILTIN/Administrators
S-1-5-32-544 SID_ALIAS (4)
$ ./bin/wbinfo --sid-to-gid S-1-5-32-544
10000
$ ./bin/wbinfo --name-to-sid ADDOMAIN/alice
S-1-5-21-4058748110-895691256-3682847423-1107 SID_USER (1)
$ ./bin/wbinfo --sid-to-gid S-1-5-21-984165912-589366285-3903095728-1107
failed to call wbcSidToGid: WBC_ERR_DOMAIN_NOT_FOUND
Could not convert sid S-1-5-21-984165912-589366285-3903095728-1107 to gid
If only one range is configured we are either not able to map users/groups
from our primary *and* the BUILTIN domain. We need at least two ranges to also
cover the BUILTIN domain!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14967
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
(cherry picked from commit fe84ae5547313e482ea0eba8ddca5b38a033dc8f)
- - - - -
be4e42f0 by Andreas Schneider at 2022-02-18T08:05:13+00:00
s3:utils: Add a testparm check for idmap autorid
What we want to avoid:
$ ./bin/testparm -s | grep "idmap config"
idmap config * : rangesize = 10000
idmap config * : range = 10000-19999
idmap config * : backend = autorid
$ ./bin/wbinfo --name-to-sid BUILTIN/Administrators
S-1-5-32-544 SID_ALIAS (4)
$ ./bin/wbinfo --sid-to-gid S-1-5-32-544
10000
$ ./bin/wbinfo --name-to-sid ADDOMAIN/alice
S-1-5-21-4058748110-895691256-3682847423-1107 SID_USER (1)
$ ./bin/wbinfo --sid-to-gid S-1-5-21-984165912-589366285-3903095728-1107
failed to call wbcSidToGid: WBC_ERR_DOMAIN_NOT_FOUND
Could not convert sid S-1-5-21-984165912-589366285-3903095728-1107 to gid
If only one range is configured we are either not able to map users/groups
from our primary *and* the BUILTIN domain. We need at least two ranges to also
cover the BUILTIN domain!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14967
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
(cherry picked from commit db6d4da3411a910e7ce45fe1fecfabf2864eb9f4)
- - - - -
48929ba6 by Andreas Schneider at 2022-02-18T09:07:13+00:00
docs-xml: Fix idmap_autorid documentation
What we want to avoid:
$ ./bin/testparm -s | grep "idmap config"
idmap config * : rangesize = 10000
idmap config * : range = 10000-19999
idmap config * : backend = autorid
$ ./bin/wbinfo --name-to-sid BUILTIN/Administrators
S-1-5-32-544 SID_ALIAS (4)
$ ./bin/wbinfo --sid-to-gid S-1-5-32-544
10000
$ ./bin/wbinfo --name-to-sid ADDOMAIN/alice
S-1-5-21-4058748110-895691256-3682847423-1107 SID_USER (1)
$ ./bin/wbinfo --sid-to-gid S-1-5-21-984165912-589366285-3903095728-1107
failed to call wbcSidToGid: WBC_ERR_DOMAIN_NOT_FOUND
Could not convert sid S-1-5-21-984165912-589366285-3903095728-1107 to gid
If only one range is configured we are either not able to map users/groups
from our primary *and* the BUILTIN domain. We need at least two ranges to also
cover the BUILTIN domain!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14967
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
(cherry picked from commit 7e5afd8f1f7e5cfab1a8ef7f4293ac465b7cd8de)
Autobuild-User(v4-16-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-16-test): Fri Feb 18 09:07:13 UTC 2022 on sn-devel-184
- - - - -
3fef25f2 by Samuel Cabrero at 2022-02-25T17:12:17+00:00
s3:libads: Fix memory leak in kerberos_return_pac() error path
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 3dbcd20de98cd28683a9c248368e5082b6388111)
- - - - -
7db685f8 by Samuel Cabrero at 2022-02-25T17:12:17+00:00
lib:krb5_wrap: Improve debug message and use newer debug macro
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit ed14513be055cc56eb39785323df2c538a813865)
- - - - -
a4b9a9ce by Samuel Cabrero at 2022-02-25T17:12:17+00:00
lib:krb5_wrap: Fix wrong debug message and use newer debug macro
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 1b5b4107a5081f15ba215f3025056d509fcfcf2a)
- - - - -
85fdd88e by Samuel Cabrero at 2022-02-25T17:12:17+00:00
s3:libads: Return canonical principal and realm from kerberos_return_pac()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14979
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 00b1f44a7e8f66976757535bcbc6bea97fb1c29f)
- - - - -
e3efe2d0 by Samuel Cabrero at 2022-02-25T17:12:17+00:00
s3:winbind: Store canonical principal and realm in ccache entry
They will be used later to refresh the tickets.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14979
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 0f4f330773d272b4d28ff3ba5a41bdd4ba569c8b)
- - - - -
4346dac7 by Samuel Cabrero at 2022-02-25T18:08:19+00:00
s3:winbind: Use the canonical principal name to renew the credentials
The principal name stored in the winbindd ccache entry might be an
enterprise principal name if enterprise principals are enabled. Use
the canonical name to renew the credentials.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14979
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 8246ccc23d064147412bb3475e6431a9fffc0d27)
Autobuild-User(v4-16-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-16-test): Fri Feb 25 18:08:19 UTC 2022 on sn-devel-184
- - - - -
9016cb5c by Björn Jacke at 2022-02-27T19:08:16+00:00
acl: fix function arguments for AIX' and Solaris' sys_acl_get_fd()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14974
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 183ab5ced8377b63ad07d2e810396d3b414f4a7d)
- - - - -
821e16c0 by Björn Jacke at 2022-02-27T19:08:16+00:00
wscript: s/default/required/ _static_modules for the acl modules
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14974
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 89e903985b6968c5becc69b757b23144b1aba66e)
- - - - -
e82833a1 by Bjoern Jacke at 2022-02-27T19:08:16+00:00
vfs_aixacl: add proper header file
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7239
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 396c17160c19c6df43123074bf62268c6ed0f9e4)
- - - - -
76463193 by Björn Jacke at 2022-02-27T19:08:16+00:00
readlink test: inverse return code
We need to return 0 in case readlink is *broken* here - this is because our waf
CHECK_CODE function does only allow generating defines in case the test succeeds
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13631
Signed-off-by: Bjoern Jacke <bj at sernet.de>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit e225ab70db0cc01454d319eaca5265d7e33f396c)
- - - - -
2d87ade0 by Björn Jacke at 2022-02-27T20:03:27+00:00
waf: re-add missing readlink test
this was another portability regression that came with the moving to waf
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13631
Signed-off-by: Bjoern Jacke <bj at sernet.de>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Feb 18 23:12:51 UTC 2022 on sn-devel-184
(cherry picked from commit 45cb14ac80889ac913f7f76dbfaebcb4d5ee14fd)
Autobuild-User(v4-16-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-16-test): Sun Feb 27 20:03:27 UTC 2022 on sn-devel-184
- - - - -
d89d82bd by Jule Anger at 2022-03-01T08:56:31+01:00
WHATSNEW: Add release notes for Samba 4.16.0rc4.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
3b404123 by Jule Anger at 2022-03-01T08:57:23+01:00
VERSION: Disable GIT_SNAPSHOT for the 4.16.0rc4 release.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
91c7a2cb by Jule Anger at 2022-03-01T08:58:07+01:00
VERSION: Bump version up to Samba 4.16.0rc5...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
9fd10105 by Volker Lendecke at 2022-03-02T10:26:30+00:00
smbd: Fix a use-after-free
stat_cache_lookup() allocates its result on top of talloc_tos().
filename_convert_smb1_search_path() creates a talloc_stackframe(),
which makes the names which were supposed to be allocated on the "ctx"
parameter of filename_convert_smb1_search_path() go away too
early. Reparent the results from stat_cache_lookup() properly.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14989
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Mar 1 20:59:55 UTC 2022 on sn-devel-184
(cherry picked from commit 8c97743511e4d53f795f2469a28aabfb96da0dfa)
- - - - -
b668c076 by Stefan Metzmacher at 2022-03-02T10:26:30+00:00
s4:sam: Don't use talloc_steal for msg attributes in authsam_make_user_info_dc()
This is most likely not a problem for the current callers,
but that it is unexpected and will likely cause problems with future
changes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14993
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14995
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit f6fe86924c2ca756083d3628d5dbace0b12d06b0)
- - - - -
635c8b73 by Joseph Sutton at 2022-03-02T10:26:30+00:00
auth: Cope with NULL upn_name in PAC
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14995
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit ef95fb439237910b945b8d6a3ad4a140a8d6d1ea)
- - - - -
77ed10e2 by Joseph Sutton at 2022-03-02T10:26:30+00:00
third_party/heimdal_build: Add KDC_LIB macro definitions
This is an adaptation to Heimdal:
commit 7bb00a40eabbed2bc1c268f5244bfb9736d9bebe
Author: Luke Howard <lukeh at padl.com>
Date: Tue Jan 4 13:08:35 2022 +1100
kdc: fix Windows build
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14995
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 6d8fec7006e8eadf5967a6f2f5add7d3c2c7bd3e)
- - - - -
97011aa3 by Joseph Sutton at 2022-03-02T10:26:30+00:00
s4:kdc: Don't pass empty PAC buffers to krb5_pac_add_buffer()
Heimdal will no longer allow us to pass a dummy zero-length buffer to
krb5_pac_add_buffer(), so we have to pass a buffer of length 1 instead.
This is an adaption to Heimdal:
commit 190263bb7a56fc775b50a6cd0dc91820d2b2e5eb
Author: Jeffrey Altman <jaltman at secure-endpoints.com>
Date: Wed Jan 19 22:55:33 2022 -0500
assert non-NULL ptrs before calling mem funcs
The definitions of memcpy(), memmove(), and memset() state that
the behaviour is undefined if any of the pointer arguments are
NULL, and some compilers are known to make use of this to
optimise away existing NULL checks in the source.
Change-Id: I489bc256e3eac7ff41d91becb0b43aba73dbb3f9
Link: https://www.imperialviolet.org/2016/06/26/nonnull.html
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14995
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 9936038fae72fb440864be543e9afd500444d502)
- - - - -
947ad158 by Joseph Sutton at 2022-03-02T10:26:30+00:00
third_party/heimdal_build: Determine whether time_t is signed
Without this, Heimdal will assume time_t is unsigned, and a wrong
assumption will cause 'infinite' ticket lifetimes to be reckoned as from
the past, and thus requests will fail with KDC_ERR_NEVER_VALID.
This is an adaptation to Heimdal:
commit 9ae9902249732237aa1711591604a6adf24963fe
Author: Nicolas Williams <nico at twosigma.com>
Date: Tue Feb 15 17:01:00 2022 -0600
cf: Check if time_t is signed
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14995
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Tue Mar 1 18:07:50 UTC 2022 on sn-devel-184
(cherry picked from commit 9eb27f296ae2b797803fffbb7f4cb34d8eb06f34)
- - - - -
c9a77ff4 by Joseph Sutton at 2022-03-02T10:26:30+00:00
third_party/heimdal_build: Define fallthrough macro for switch statements
This is an adaptation to Heimdal:
commit ddc61136100b32346c4c4efa2bb6ddb5baedfb3e
Author: Nicolas Williams <nico at twosigma.com>
Date: Fri Jan 14 16:32:04 2022 -0600
Use fallthrough statement attribute
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14995
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit fccf9859786dfb50b317ea2296c2494997f0ae09)
- - - - -
e26fbf42 by Joseph Sutton at 2022-03-02T10:26:30+00:00
third_party/heimdal: import lorikeet-heimdal-202203010107 (commit 0e7a12404c388e831fe6933fcc3c86e7eb334825)
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14995
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 51569b3152a952d07fddaa3a70d60c920618c704)
- - - - -
26880578 by Joseph Sutton at 2022-03-02T10:26:30+00:00
third_party/heimdal_build: Add source files to build
This is an adaptation to Heimdal:
commit be708ca3cf98900c61919f8ff7ced4428b5d1f32
Author: Nicolas Williams <nico at twosigma.com>
Date: Wed Dec 22 17:01:12 2021 -0600
gsskrb5: Add simple name attributes support
This adds Kerberos mechanism support for:
- composite principal name export/import
- getting rudimentary name attributes from GSS names using
gss_get_name_attribute():
- all (raw) authorization data from the Ticket
- all (raw) authorization data from the Authenticator
- transit path
- realm
- component count
- each component
- gss_inquire_name()
- gss_display_name_ext() (just for the hostbased service name type
though)
The test exercises almost all of the functionality, except for:
- getting the PAC
- getting authz-data from the Authenticator
- getting the transit path
TBD (much) later:
- amend test_context to do minimal name attribute checks as well
- gss_set_name_attribute() (to request authz-data)
- gss_delete_name_attribute()
- getting specific authorization data elements via URN fragments (as
opposed to all of them)
- parsing the PAC, extracting SIDs (each one as a separate value)
- some configurable local policy (?)
- plugin interface for additional local policy
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14995
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit f2ca9c5db7e1bb20cfc6705633b48c32b1496334)
- - - - -
9627ee61 by Joseph Sutton at 2022-03-02T10:26:30+00:00
s4:kdc: Refactor HDB API
This is an adaptation to Heimdal:
commit b1dcc1a47485165ada778ef3c3463cfc0779d183
Author: Luke Howard <lukeh at padl.com>
Date: Fri Dec 31 17:24:58 2021 +1100
kdc: refactor Samba-specific auditing API in terms of existing API
Make Samba-specific HDB auth status API a wrapper on the existing auditing API,
with a view towards unifying the two APIs in a future commit.
The term "auth status" is replaced with "auth event", and the HDB auth_status
method is replaced with a more general purpose audit method which has access to
the entire request structure.
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14995
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit a2f7987d58372cfc52bc5f9786c0719439956fee)
- - - - -
115d8e49 by Joseph Sutton at 2022-03-02T10:26:31+00:00
s4:kdc: Adapt to removal of auth event details
This is an adaptation to Heimdal:
commit e15e711b13e2fb33f4480a054cba60b6c4c0183b
Author: Luke Howard <lukeh at padl.com>
Date: Sat Jan 1 18:05:51 2022 +1100
kdc: remove auth_event_details audit key
The auth event details audit key (formerly, parameter to auth_status)
contained, variously, an encryption type name; a PKINIT client certificate
name; or, a GSS initiator name. Audit these instead using individual keys that
reflect the values' contents.
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14995
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 7989ef0aa7b75b2e5af7be445fc64cbf49b2985c)
- - - - -
cef9e6f8 by Joseph Sutton at 2022-03-02T10:26:31+00:00
s4:kdc: Add 'not authorised' auth events
This is an adaptation to Heimdal:
commit d683780b1d728bf8c5b794a1f66842e5a25bd360
Author: Luke Howard <lukeh at padl.com>
Date: Sat Jan 1 23:44:05 2022 +1100
kdc: separate PKINIT/GSS authorization failure
Create a new audit event for PKINIT/GSS authorization (impersonation) failure
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14995
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 0d37a1928100e229bea46701b41d4efa72e10266)
- - - - -
b88d8924 by Joseph Sutton at 2022-03-02T10:26:31+00:00
s4:kdc: Add referral policy callback
This is now used instead of a configuration option.
This is an adaption to Heimdal:
commit 3fa47f5a1a422e178d968a8ec0d59889eaa71548
Author: Luke Howard <lukeh at padl.com>
Date: Sun Jan 2 21:51:43 2022 +1100
kdc: add referral_policy callback to windc plugin
Add a referral policy hook to the TGS as a more elegant way of resolving
referral detection for Samba). The hook can either rewrite the server_princ in
the request, or it can return an error to disable built-in referral processing.
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14995
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit a5799cea037a4613ba4d1073fff6e6151ed06c76)
- - - - -
9e763005 by Joseph Sutton at 2022-03-02T10:26:31+00:00
s4:kdc: Rename windc to kdc plugin
This is an adaptation to Heimdal:
commit fcff5933ade652343d7c169659da92fac0e6e0d4
Author: Luke Howard <lukeh at padl.com>
Date: Mon Jan 3 11:10:18 2022 +1100
kdc: rename windc to kdc plugin
Rename the "windc" plugin API to the more general "kdc" plugin API, for two
reasons: the Heimdal KDC uses the Windows PAC even when not emulating a domain
controller, and the plugin API has accreted methods that are not specific to
emulating a domain controller (such as referral_policy and finalize_reply).
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14995
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 83586e8f5846fff7a8bbe47e743e03166b559584)
- - - - -
b6e2028f by Joseph Sutton at 2022-03-02T10:26:31+00:00
s4:kdc: Adapt to removal of auth audit event types
This is an adaptation to Heimdal:
commit 06f8985c55fcd23e3efe0017ed2480c5b3c4524f
Author: Luke Howard <lukeh at padl.com>
Date: Wed Jan 5 09:42:03 2022 +1100
hdb: consolidate preauth audit event types
Instead of having distinct preauth success/failure events for different
mechanisms, have a single event; the mechanism can be disambiguated by querying
the HDB_REQUEST_KV_PA_NAME key.
Note: there is still an explicit event for long-term key-based success/failure
in order to help the backend implement lockout.
Audit failure (HDB_AUTH_EVENT_PREAUTH_FAILED) in the main preauth loop, rather
than in each mechanism. Success is still audited in the mechanism to allow
client pre-authentication success to be noted even if something subsequent
(e.g. encoding a reply, memory allocation) fails. The generic catch-all for
success remains.
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14995
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit f234361abea4166ce4e10cfa4e7f4096b83480a9)
- - - - -
0918e692 by Joseph Sutton at 2022-03-02T10:26:31+00:00
third_party/heimdal_build: Add SFU source file
This is an adaptation to Heimdal:
commit 0287558838de79313e38026d2f0905ffc987d0b8
Author: Luke Howard <lukeh at padl.com>
Date: Fri Dec 24 13:49:55 2021 +1100
kdc: move Services for User implementation out of krb5tgs.c
Move the Services for User (SFU/S4U) implementation -- protocol transition and
constrained delegation -- into its own compilation unit, with an interface that
only takes an astgs_request_t, so it can be easily factored out into a plugin
module in the future.
This refactoring is also careful to update all client names in the request
structure after the SFU/S4U validation has successfully completed.
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14995
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit b9f4ea8bdb70476d6cc6df962bf6b28805588ed5)
- - - - -
5493c1a5 by Joseph Sutton at 2022-03-02T10:26:31+00:00
s4:kdc: Explicitly set plugin minor version
This is an adaptation to Heimdal:
commit 7cc4b7a9e624f5eecfbb38607d4cc0870a895671
Author: Luke Howard <lukeh at padl.com>
Date: Wed Jan 5 13:08:11 2022 +1100
kdc: KDC plugin API contract notes
Add some notes about the KDC plugin API contract, and require plugins to
explicitly indicate which version of the API they support (remove the macro
alias for the current version).
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14995
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 675f913e54d8fddb9173c1e67b9d14885cc1d878)
- - - - -
8ae5ce46 by Joseph Sutton at 2022-03-02T10:26:31+00:00
third_party/heimdal_build: Don't generate .x source files
This is an adaptation to Heimdal:
commit 9427796f1a65906f12768b28abdb5a928222f3c6
Author: Jeffrey Altman <jaltman at secure-endpoints.com>
Date: Wed Jan 5 15:45:23 2022 -0500
Generate .x source files as .c source files
The generated .x source and .hx header files are plain C source files..
Generate them as .c source files and avoid unnecessary file copying
and special makefile rules.
Change-Id: Ifc4bbe3c46dd357fdd642040ad964c7cfe1d395c
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14995
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 7cb68fdba75c362cdfd8f3bf08bcd9c22bbe4556)
- - - - -
f90e729e by Joseph Sutton at 2022-03-02T10:26:31+00:00
s4:kdc: Increment plugin minor version
This is an adaptation to Heimdal:
commit 40e4a4df09c2d6c3ba7bf14df1dee74a0bc18110
Author: Luke Howard <lukeh at padl.com>
Date: Mon Jan 10 12:50:37 2022 +1100
kdc: use astgs_request_t for client/server name (TGS)
Store the client and server principal name from the TGT and request
(respectively) in the astgs_request_t rather than using local variables.
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14995
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 068f2bf117ab9968011fdb8d60b98bb37d529658)
- - - - -
12a61bb7 by Joseph Sutton at 2022-03-02T10:26:31+00:00
s4:kdc: Adapt to hdb_entry_ex removal
Rather than having a 'free_entry' member that can be called to free an
hdb_entry, we now implement the free function in HDB. We perform the
free only if the context pointer is non-NULL.
We also remove the ZERO_STRUCTP() in sdb_entry_to_hdb_entry(), as the
context pointer is now part of the 'hdb_entry' structure itself, and
this would undesirably zero it out.
This is an adaptation to Heimdal commits:
commit c5551775e204d00c7ee8055ab6ddbba7e0590584
Author: Luke Howard <lukeh at padl.com>
Date: Fri Jan 7 12:15:55 2022 +1100
hdb: decorate HDB_entry with context member
Decorate HDB_entry with context and move free_entry callback into HDB structure
itself. Requires updating hdb_free_entry() signature to include HDB parameter.
A follow-up commit will consolidate hdb_entry_ex (which has a single hdb_entry
member) into hdb_entry.
commit 0e8c4ccc6ee0123ea39e53e8917fc3f6bb74e8c8
Author: Luke Howard <lukeh at padl.com>
Date: Fri Jan 7 12:54:40 2022 +1100
hdb: eliminate hdb_entry_ex
Remove hdb_entry_ex and revert to the original design of hdb_entry (except with
an additional context member in hdb_entry which is managed by the free_entry
method in HDB).
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14995
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 94d387abd5031c12989f925ee5eb733432402d1d)
- - - - -
71912b63 by Joseph Sutton at 2022-03-02T10:26:31+00:00
s4:kdc: Adapt to removal of publicly accessible request structure members
We now have to use the accessor functions instead.
This is an adaptation to Heimdal:
commit ec24edf7005c340018450a202d27ca75fcf322d4
Author: Luke Howard <lukeh at padl.com>
Date: Thu Jan 20 09:15:24 2022 +1100
kdc: add accessor functions for KDC request structure
Add accessor functions for use by Samba and other plugin developers.
Documentation is in kdc/kdc-accessors.h.
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14995
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 9399a15fabb5a1b8470b1069a098132e2fdb7f0f)
- - - - -
794c717b by Andrew Bartlett at 2022-03-02T10:26:31+00:00
s4-kdc: Adapt to move from HDB auditing to KDC auditing constants
This is to adapt to:
commit 6530021f09a5cab631be19a1b5898a0ba6b32f16
Author: Luke Howard <lukeh at padl.com>
Date: Thu Jan 13 14:37:29 2022 +1100
kdc: move auth event definitions into KDC header
Move KDC auth event macro definitions out of hdb.h and into a new KDC header,
kdc-audit.h.
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14995
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
(cherry picked from commit c9b0b4bfc4e2e0b08b21f39bf56fd5395d66d66f)
- - - - -
5b6ca18e by Stefan Metzmacher at 2022-03-02T11:24:26+00:00
s4:kdc: hdb_samba4_audit() is only called once per request
So we need to restructure the logic a bit.
NOTE: This commit finally works again!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14995
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Joseph Sutton <jsutton at samba.org>
Autobuild-Date(master): Tue Mar 1 23:28:22 UTC 2022 on sn-devel-184
(cherry picked from commit 791be84c3eecb95e03611458e2305bae272ba267)
Autobuild-User(v4-16-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-16-test): Wed Mar 2 11:24:26 UTC 2022 on sn-devel-184
- - - - -
5dee3a68 by Douglas Bagnall at 2022-03-07T09:10:18+00:00
pytest:auth_log: expect TLS connections when using ldaps
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit f37682747898591b37405f9e96a8135c15638637)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14996
- - - - -
c240b977 by Douglas Bagnall at 2022-03-07T10:11:22+00:00
s4/auth/simple_bind: correctly report TLS state
It went wrong in 366f8cf0903e3583fda42696df62a5337f22131f
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Wed Jan 26 12:39:52 UTC 2022 on sn-devel-184
(cherry picked from commit 309f1982263677045d407463eb19a2444c165a63)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14996
Autobuild-User(v4-16-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-16-test): Mon Mar 7 10:11:23 UTC 2022 on sn-devel-184
- - - - -
ac61afa5 by Stefan Metzmacher at 2022-03-07T10:54:17+00:00
s3:py_net: allow machinepass=None to py_net_join_member()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14984
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 576bdb08c51c47c390cc390fbefdcfee275b7f0f)
- - - - -
e13a72df by Stefan Metzmacher at 2022-03-07T10:54:17+00:00
samba-tool/join_member: let py_net_join_member() choose the password
It means we'll let trust_pw_new_value() generate the password.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14984
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 59ac782452c4993274fa837256a8b9c5675e707b)
- - - - -
4872e1af by Stefan Metzmacher at 2022-03-07T10:54:17+00:00
provision: use 120 characters for the dns account password
We should use the same as for the computer account.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14984
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 3b91be36581de1007427d539daffdaa62752412d)
- - - - -
66d8622b by Stefan Metzmacher at 2022-03-07T10:54:17+00:00
upgradehelpers.py: let update_machine_account_password() use 120 character passwords
We already changed provision to use 120 character passwords with commit
609ca657652862fd9c81fd11f818efb74f72ff55.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14984
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 6bb7c0f24918329804b7f4fb71908e8fab99e266)
- - - - -
8c9bb2ca by Stefan Metzmacher at 2022-03-07T10:54:17+00:00
provision: add a comment that the value of krbtgtpass is ignored in the backend
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14984
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 725c94d57d3d656bc94633dacbac683a4c11d3e6)
- - - - -
a3172198 by Stefan Metzmacher at 2022-03-07T10:54:17+00:00
upgradehelpers.py: add a comment to update_krbtgt_account_password()
The backend generates its own random krbtgt password values.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14984
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit ad0b5561b492dfa28acfc9604b2358bb8b490703)
- - - - -
5caac70d by Stefan Metzmacher at 2022-03-07T10:54:17+00:00
s3:trusts_utils: use a password length of 120 for machine accounts
This is important when we change the machine password against
an RODC that proxies the request to an RWDC.
An RODC using NetrServerPasswordSet2() to proxy PasswordUpdateForward via
NetrLogonSendToSam() ignores a return of NT_STATUS_INVALID_PARAMETER
and reports NT_STATUS_OK as result of NetrServerPasswordSet2().
This hopefully found the last hole in our very robust machine account
password handling logic inside of trust_pw_change().
The lesson is: try to be as identical to how windows works as possible,
everything else may use is untested code paths on Windows.
A similar problem was fixed by this commit:
commit 609ca657652862fd9c81fd11f818efb74f72ff55
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Wed Feb 24 02:03:25 2021 +1300
provision: Decrease the length of random machine passwords
The current length of 128-255 UTF-16 characters currently causes
generation of crypt() passwords to typically fail. This commit
decreases the length to 120 UTF-16 characters, which is the same as
that used by Windows.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14621
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14984
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Wed Feb 23 08:49:54 UTC 2022 on sn-devel-184
(cherry picked from commit 5e2386336c49fab46c1192db972af5da1e916b32)
- - - - -
423bbea0 by Jeremy Allison at 2022-03-07T10:54:17+00:00
s4: torture: Add new SMB2 lease test test_lease_duplicate_create().
Checks we return INVALID_PARAMETER when trying to create a
new file with a duplicate lease key on the same share.
Checked against Windows10. Samba already passes this
but we didn't have a test before.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14737
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: David Mulder <dmulder at suse.com>
(cherry picked from commit bf22548d11fe67ea3f4ec10dff81773d626e4703)
- - - - -
7995e03b by Jeremy Allison at 2022-03-07T10:54:17+00:00
s4: torture: Add new SMB2 lease test test_lease_duplicate_open().
Checks we return INVALID_PARAMETER when trying to open a
different file with a duplicate lease key on the same share.
Checked against Windows10. Currently fails against smbd
so add knownfail.d/smb2-lease-duplicateopen
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14737
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: David Mulder <dmulder at suse.com>
(cherry picked from commit ca3896b6f8bbcad68f042720feceedfa29ddbd83)
- - - - -
de8fc990 by Jeremy Allison at 2022-03-07T11:49:31+00:00
s3: smbd: Fix our leases code to return the correct error in the non-dynamic share case.
We now return INVALID_PARAMETER when trying to open a
different file with a duplicate lease key on the same
(non-dynamic) share. This will enable us to pass another
Windows test suite leases test.
We now behave the same as Windows10.
Remove knownfail.d/smb2-lease-duplicateopen
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14737
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: David Mulder <dmulder at suse.com>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Feb 18 20:12:12 UTC 2022 on sn-devel-184
(cherry picked from commit 408be54323861c24b6377b804be4428cf45b471e)
Autobuild-User(v4-16-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-16-test): Mon Mar 7 11:49:31 UTC 2022 on sn-devel-184
- - - - -
364b1606 by Jule Anger at 2022-03-08T10:33:17+00:00
s3:tests: Add a test to check the output of smbstatus.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14999
Signed-off-by: Jule Anger <janger at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit b108e039ab13ee9f8f2c629c5b57085a462d14db)
- - - - -
9df5283f by Jule Anger at 2022-03-08T11:31:47+00:00
s3:utils: assign ids to struct to list shares correctly
The commit "99d1f1fa10d smbd: Remove unused "struct connections_key"" removes
also the assignment of information to connections_data, which are needed to list
shares.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14999
Signed-off-by: Jule Anger <janger at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Jule Anger <janger at samba.org>
Autobuild-Date(master): Mon Mar 7 15:27:48 UTC 2022 on sn-devel-184
(cherry picked from commit 9e9e6955ba93691545ea35e39ebdc285cd484406)
Autobuild-User(v4-16-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-16-test): Tue Mar 8 11:31:47 UTC 2022 on sn-devel-184
- - - - -
302f9acb by Stefan Metzmacher at 2022-03-08T13:35:17+00:00
third_party/heimdal: import lorikeet-heimdal-202203031927 (commit 7abc451ddd74d0c2e57dbb32f3198bde8def73ab)
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14865
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit f33f73f82fb2d5d96928ce5910e2d0d939c2ff57)
- - - - -
b8e20583 by Stefan Metzmacher at 2022-03-08T13:35:17+00:00
s4:kdc: let pac functions in wdc-samba4.c take astgs_request_t
NOTE: This commit finally works again!
This aligns us with the following Heimdal change:
commit 11d8a053f50c88256b4d49c7e482c2eb8f6bde33
Author: Stefan Metzmacher <metze at samba.org>
AuthorDate: Thu Feb 24 18:27:09 2022 +0100
Commit: Luke Howard <lukeh at padl.com>
CommitDate: Thu Mar 3 09:58:48 2022 +1100
kdc-plugin: also pass astgs_request_t to the pac related functions
This is more consistent and allows the pac hooks to be more flexible.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14865
Signed-off-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 27ee5ad713b760e8226537d79c529ace1efb07bf)
- - - - -
4b6a6af8 by Stefan Metzmacher at 2022-03-08T14:30:45+00:00
s4:kdc: redirect pre-authentication failures to an RWDC
The most important case is that we still have a previous
password cached at the RODC and the inbound replication
hasn't wiped the cache yet and we also haven't triggered
a new replication yet.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14865
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 0f5d7ff1a9fd14fd412b09883d413d1d660fa7be)
Autobuild-User(v4-16-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-16-test): Tue Mar 8 14:30:45 UTC 2022 on sn-devel-184
- - - - -
c3ee2db1 by Jule Anger at 2022-03-08T15:46:47+01:00
WHATSNEW: Add release notes for Samba 4.16.0rc5.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
3a2c1b12 by Jule Anger at 2022-03-08T15:47:32+01:00
VERSION: Disable GIT_SNAPSHOT for the 4.16.0rc5 release.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
8ac427ee by Jule Anger at 2022-03-08T15:48:22+01:00
VERSION: Bump version up to Samba 4.16.0rc6...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
2aa95f78 by Stefan Metzmacher at 2022-03-14T14:27:13+00:00
third_party/heimdal: import lorikeet-heimdal-202203101709 (commit 47863866da25cc21d292ce335a976b8b33fa1864)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15002
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15005
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
(cherry picked from commit 67bdc922f9836779f1b37805575c5c4eea9ba3e6)
- - - - -
9aa78f15 by Stefan Metzmacher at 2022-03-14T14:27:13+00:00
docs-xml: add 'kdc enable fast' option
This will be useful to test against a KDC without FAST support
and find/prevent regressions.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15002
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15005
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
(cherry picked from commit 12b623088cf48cf9e4a046441810ef20e1f079b8)
- - - - -
46435367 by Stefan Metzmacher at 2022-03-14T14:27:13+00:00
s4:kdc: make use of the 'kdc enable fast' option
This will useful to test against a KDC without FAST support
and find/prevent regressions.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15002
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15005
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
(cherry picked from commit 2db7589d69abebad16b66d933114367f815d5fc3)
- - - - -
e6196c45 by Stefan Metzmacher at 2022-03-14T14:27:13+00:00
selftest: use 'kdc enable fast = no' for fl2000 fl2003
This makes sure we still run tests against KDCs without FAST support
and it already found a few regressions.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15002
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15005
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
(cherry picked from commit f1a71e24864367a55a30813dd642e7ef392b5ac9)
- - - - -
9d819c93 by Stefan Metzmacher at 2022-03-14T14:27:13+00:00
third_party/heimdal: import lorikeet-heimdal-202203101710 (commit df8d801544144949931cd742169be1207b239c3d)
This fixes the regressions against KDCs without FAST support.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15002
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15005
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Fri Mar 11 18:06:47 UTC 2022 on sn-devel-184
(cherry picked from commit 9b48e7f7eda5e368c1192d562c268885c1f68d8b)
- - - - -
1fcb5ed3 by Andrew Bartlett at 2022-03-14T15:24:28+00:00
s4-kdc: Fix memory leak in FAST cookie handling
The call to sdb_free_entry() was forgotten.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15000
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Fri Mar 11 11:05:55 UTC 2022 on sn-devel-184
(cherry picked from commit b7bc1f6dddc1c5fee8a39422823f167db1f24bb2)
Autobuild-User(v4-16-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-16-test): Mon Mar 14 15:24:28 UTC 2022 on sn-devel-184
- - - - -
528ed90d by Stefan Metzmacher at 2022-03-16T13:41:14+00:00
python:tests: let insta_creds() also copy the bind_dn from the template
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit a30a7626254c863f95b98c97ea46ff54b98078ad)
- - - - -
43c4dc75 by Stefan Metzmacher at 2022-03-16T13:41:14+00:00
dsdb/tests: passwords.py don't need to import BasePasswordTestCase
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 90754591a7e4d5a3af70c01425930f4ec063c516)
- - - - -
ff7ffbdf by Stefan Metzmacher at 2022-03-16T13:41:14+00:00
dsdb/tests: let all BasePasswordTestCase tests provide self.host_url[_ldaps]
This will make further changes easier.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 5a3214c99048a88b0a9f509e3b5b38326529b02c)
- - - - -
c35de738 by Stefan Metzmacher at 2022-03-16T13:41:14+00:00
dsdb/tests: make use of assertLoginFailure helper
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 03ba5af3d9eaeb5f0c7c1a1a61ef2ac454eb8392)
- - - - -
4b245891 by Stefan Metzmacher at 2022-03-16T13:41:14+00:00
dsdb/tests: introduce assertLoginSuccess
This makes it possible to catch failures with knownfail entries.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 751ce671a4af32bc1c56433a5a1c8161377856c5)
- - - - -
54bb3569 by Stefan Metzmacher at 2022-03-16T13:41:14+00:00
dsdb/tests: prepare BasePasswordTestCase for simple bind tests
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 0b1fbc9d56e2a25e3f1527ee5bc54880bdc65fc6)
- - - - -
d92b46a4 by Stefan Metzmacher at 2022-03-16T13:41:14+00:00
dsdb/tests: add test_login_basics_simple()
This demonstrates that 'old password allowed period' also
applies to LDAP simple binds and not only to GSS-SPNEGO/NTLMSSP binds.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15001
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 3625d1381592f7af8ec14715c6c2dfa4d9f02676)
- - - - -
cafbb3e7 by Stefan Metzmacher at 2022-03-16T13:41:14+00:00
s3:auth: let make_user_info_netlogon_interactive() set USER_INFO_INTERACTIVE_LOGON
This is not really relevant for now, as USER_INFO_INTERACTIVE_LOGON is
not evaluated in the source3/auth stack. But better add it to
be consistent.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15001
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 012bd9f5b780f7a90cf3bd918f044ea67fae7017)
- - - - -
64b2075c by Stefan Metzmacher at 2022-03-16T13:41:14+00:00
s4:auth_sam: use USER_INFO_INTERACTIVE_LOGON as inducation for an interactive logon
Using != AUTH_PASSWORD_RESPONSE is not the correct indication
due to the local mappings from AUTH_PASSWORD_PLAIN via
AUTH_PASSWORD_HASH to AUTH_PASSWORD_RESPONSE.
It means an LDAP simble bind will now honour
'old password allowed period'.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15001
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 2ad44686229ba02f98de5769c26a3dfeaf5ada2b)
- - - - -
fcec3b21 by Garming Sam at 2022-03-16T13:41:14+00:00
rodc: Add tests for simple BIND alongside NTLMSSP binds
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 62fb6c1dc8527db6cf0f08d4d06e8813707f767a)
- - - - -
80f35f7a by Stefan Metzmacher at 2022-03-16T13:41:14+00:00
s3:rpc_client: let rpccli_netlogon_network_logon() fallback to workstation = lp_netbios_name()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14641
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 5c04c01354944fc3a64bb109bf3e9bf89086cc6f)
- - - - -
9898afd7 by Stefan Metzmacher at 2022-03-16T13:41:14+00:00
s4:auth: a simple bind uses the DCs name as workstation
I've seen that in LogonSamLogonEx request triggered
by a simple bind with a user of a trusted domain
within the same forest. Note simple binds don't
work with users for another forest/external domain,
as the DsCrackNames call on the bind_dn fails.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14641
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 31db704882bbcd569c2abb764ac1d3691ee0a267)
- - - - -
6841fdef by Stefan Metzmacher at 2022-03-16T13:41:14+00:00
s4:auth: encrypt_user_info() should set password_state instead of mapped_state
user_info->mapped_state has nothing to do with enum auth_password_state,
user_info->password_state is the one that holds the auth_password_state value.
Luckily user_info->password_state was never referenced in the
encrypt_user_info() callers.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit a6fb598d9dcbfe21ef285b5f30fabcb88a259c93)
- - - - -
27a8698c by Stefan Metzmacher at 2022-03-16T13:41:14+00:00
auth/ntlmssp: don't set mapped_state explicitly in auth_usersupplied_info
We already use talloc_zero() and mapped_state will be removed in the
next commits.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 9a4ac8ab2e2c8ee48f6bf5a6ecf7988c435ba1c6)
- - - - -
7b31dcbd by Stefan Metzmacher at 2022-03-16T13:41:14+00:00
s4:smb_server: don't set mapped_state explicitly in auth_usersupplied_info
We already use talloc_zero() and mapped_state will be removed in the
next commits.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 859c7817350553259eb09c889bc40afebb60064a)
- - - - -
20be02ec by Stefan Metzmacher at 2022-03-16T13:41:14+00:00
s4:dsdb: don't set mapped_state in auth_usersupplied_info for audit logging
mapped_state is completely irrelevant for audit logging and
will also be removed in the next commits.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 99efe5f4e9ce426b28cef94d858849707ce15739)
- - - - -
b353567a by Stefan Metzmacher at 2022-03-16T13:41:14+00:00
s4:kdc: don't set mapped_state in auth_usersupplied_info for audit logging
mapped_state is completely irrelevant for audit logging and
will also be removed in the next commits.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit ca6948642bc2ff821ec4ca8ab24902b1ba9e8397)
- - - - -
03996701 by Stefan Metzmacher at 2022-03-16T13:41:14+00:00
s4:rpc_server/samr: don't set mapped_state in auth_usersupplied_info for audit logging
mapped_state is completely irrelevant for audit logging and
will also be removed in the next commits.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 52787b9c1e9370133ff4481c62c2e7b9393c2439)
- - - - -
e691165b by Stefan Metzmacher at 2022-03-16T13:41:14+00:00
s4:auth: check for user_info->mapped.account_name if it needs to be filled
mapped_state is a special hack for authenticate_ldap_simple_bind_send()
in order to avoid some additional work in authsam_check_password_internals().
But that code will be changed in the next commits, so we can simplify
the logic and only check for user_info->mapped.account_name being NULL..
As it's the important factor that user_info->mapped.account_name is
non-NULL down in the auth stack.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit c7b8c71b2b71bb9d95c33d403c4204376f443852)
- - - - -
a219a81f by Stefan Metzmacher at 2022-03-16T13:41:14+00:00
s4:auth: fix confusing DEBUG message in authsam_want_check()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit a12683bd1206df4d4d87a3842d92e34a69e172b7)
- - - - -
c46c3410 by Stefan Metzmacher at 2022-03-16T13:41:14+00:00
s3:auth: make_user_info_map() should not set mapped_state
mapped_state is only evaluated in authsam_check_password_internals()
of auth_sam.c in source4, so setting it in the auth3 code
doesn't make any difference. I've proved that with
an SMB_ASSERT() and a full pipeline not triggering it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit c56cb12f347b7582290ce1d4dfe3959d69050bd9)
- - - - -
cd29a661 by Stefan Metzmacher at 2022-03-16T13:41:14+00:00
nsswitch: let test_wbinfo.sh also test wbinfo -a $USERNAME@$DOMAIN
When winbindd forwards wbinfo -a via netrLogonSamLogon* to a remote
DC work fine for upn names, e.g. administrator at DOMAIN.
But it currently fails locally on a DC against the local sam.
For the RODC only work because it forwards the request to
an RWDC.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15003
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit e1d2c59d360fb4e72dafe788b5d9dbb0572bf811)
- - - - -
1e617128 by Stefan Metzmacher at 2022-03-16T13:41:14+00:00
winbindd: don't set mapped_state in winbindd_dual_auth_passdb()
mapped_state is a special hack for authenticate_ldap_simple_bind_send()
in order to avoid some additional work in authsam_check_password_internals()
This doesn't apply here. We should also handle wbinfo -a
authentication UPN names, e.g. administrator at DOMAIN,
even if the account belongs to the local sam.
With this change the behavior is consistent also locally on DCs and
also an RODC can handle these requests locally for cached accounts.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15003
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 8dfdbe095a4c8a7bedd29341656a7c3164517713)
- - - - -
f4e39095 by Stefan Metzmacher at 2022-03-16T13:41:14+00:00
s4:auth: rename user_info->mapped_state to user_info->cracknames_called
This makes it much clearer what it is used for and
it is a special hack for authenticate_ldap_simple_bind_send()
in order to avoid some additional work in
authsam_check_password_internals().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 427125d182252d8aee3dd906ee34a909cdbb8ef3)
- - - - -
7bb17ee5 by Stefan Metzmacher at 2022-03-16T13:41:14+00:00
auth: let auth logging prefer user_info->orig_client.{account,domain}_name if available
The optional user_info->orig_client.{account,domain}_name are
the once really used by the client and should be used in
audit logging. But we still fallback to
user_info->client.{account,domain}_name.
This will be important for the next commit.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 24b580cae23860a0fe6c9d3a285d60564057043d)
- - - - -
bf8f8c59 by Stefan Metzmacher at 2022-03-16T14:40:08+00:00
s4:auth: let authenticate_ldap_simple_bind() pass down the mapped nt4names
authenticate_ldap_simple_bind*() needs to pass the
result of the cracknames operation into the auth stack
as user_info->client.{account,domain}_name, because
user_info->client.{account,domain}_name is also used
when forwarding the request via netrLogonSamLogon*
to a remote server, for exactly that the values are
also used in order to map a AUTH_PASSWORD_PLAIN into
AUTH_PASSWORD_RESPONSE, where the NTLMv2 response
contains the account and domain names passed in the
netr_IdentityInfo value.
Otherwise it would not be possible to forward the
LDAP simple bind authentication request to a remote
DC.
Currently this only applies to an RODC that forwards
the request to an RWDC.
But note that LDAP simple binds (as on Windows) only
work for users in the DCs forest, as the DsCrackNames
need to work and it can't work for users of remote
forests. I tested that in a DC of a forest root domain,
if rejected the LDAP simple bind against a different forest,
but allowed it for a users of a child domain in the
same forest. The NTLMSSP bind worked in both cases.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu Mar 10 04:10:54 UTC 2022 on sn-devel-184
(cherry picked from commit 40f2070d3b2b1b13cc08f7844bfe4945e9f0cd86)
Autobuild-User(v4-16-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-16-test): Wed Mar 16 14:40:08 UTC 2022 on sn-devel-184
- - - - -
34771e19 by Elia Geretto at 2022-03-17T09:14:56+00:00
s3:libsmb: Fix errno for failed authentication in SMBC_server_internal()
In SMBC_server_internal(), when authentication fails, the errno value is
currently hard-coded to EPERM, while it should be EACCES instead. Use the
NT_STATUS map to set the appropriate value.
This bug was found because it breaks listing printers protected by
authentication in GNOME Control Panel.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14983
Signed-off-by: Elia Geretto <elia.f.geretto at gmail.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Mar 16 19:44:18 UTC 2022 on sn-devel-184
(cherry picked from commit 70b9977a46e5242174b4461a7f49d5f640c1db62)
- - - - -
dd6c50b8 by Andreas Schneider at 2022-03-17T09:14:56+00:00
testprogs: Add test that local krb5.conf has been created
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
(cherry picked from commit d2ac90cdd5672330ed9c323fc474f8ba62750a6f)
- - - - -
c20ca210 by Andreas Schneider at 2022-03-17T09:14:56+00:00
s3:libads: Remove trailing spaces in kerberos.c
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
(cherry picked from commit 567b1996796e5d3cf572653f38817d832fa135ca)
- - - - -
2599f531 by Andreas Schneider at 2022-03-17T09:14:56+00:00
s3:libads: Leave early on error in get_kdc_ip_string()
This avoids useless allocations.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
(cherry picked from commit 313f03c78487ae49747b8143220ecbfe8ad9310a)
- - - - -
cce13c77 by Andreas Schneider at 2022-03-17T09:14:56+00:00
s3:libads: Improve debug messages for get_kdc_ip_string()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
(cherry picked from commit 7f721dc2eee0064a1ddd480fcaf77bf1659c7a26)
- - - - -
cfbd47d7 by Andreas Schneider at 2022-03-17T09:14:56+00:00
s3:libads: Use talloc_asprintf_append() in get_kdc_ip_string()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
(cherry picked from commit 812032833aa65729dbbfd4313a6e3fe072c88530)
- - - - -
3c98408b by Andreas Schneider at 2022-03-17T09:14:56+00:00
s3:libads: Allocate all memory on the talloc stackframe
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
(cherry picked from commit 652c8ce1672dfead00c7af6af22e3bb3927764ec)
- - - - -
3c5d0c37 by Andreas Schneider at 2022-03-17T09:14:56+00:00
s3:libads: Remove obsolete free's of kdc_str
This is allocated on the stackframe now!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
(cherry picked from commit cca189d0934790418e27d9d01282370b1e6a057f)
- - - - -
abe01ca6 by Andreas Schneider at 2022-03-17T09:14:56+00:00
s3:libads: Check print_canonical_sockaddr_with_port() for NULL in get_kdc_ip_string()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
(cherry picked from commit 12c843ad0a97fcbaaea738b82941533e5d2aec99)
- - - - -
9272ec1a by Andreas Schneider at 2022-03-17T09:14:56+00:00
s3:libads: Fix creating local krb5.conf
We create an KDC ip string entry directly at the beginning, use it if we
don't have any additional DCs.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
Autobuild-User(master): Günther Deschner <gd at samba.org>
Autobuild-Date(master): Wed Mar 16 14:26:36 UTC 2022 on sn-devel-184
(cherry picked from commit 68d181ee676e17a5cdcfc12c5cc7eef242fdfa6c)
- - - - -
507ececf by Joseph Sutton at 2022-03-17T09:14:56+00:00
s4-kdc: Handle previously unhandled auth event types
Cases to handle KDC_AUTH_EVENT_VALIDATED_LONG_TERM_KEY and
KDC_AUTH_EVENT_PREAUTH_SUCCEEDED were removed in:
commit 791be84c3eecb95e03611458e2305bae272ba267
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Mar 2 10:10:08 2022 +1300
s4:kdc: hdb_samba4_audit() is only called once per request
Normally these auth event types are overwritten with the
KDC_AUTH_EVENT_CLIENT_AUTHORIZED event type, but if a client passes the
pre-authentication check, and happens to fail the client access check
(e.g. because the account is disabled), we get error messages of the
form:
hdb_samba4_audit: Unhandled hdb_auth_status=9 => INTERNAL_ERROR
To avoid such errors, use the error code provided in the request
structure to obtain a relevant status code in cases not handled
explicitly.
For unexpected values we return KRB5KRB_ERR_GENERIC
in order to hopefully prevent success. And within make test
we panic in order let a ci run fail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15015
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit b01388da8a72c11c46bb27e773b354520bc6ac88)
- - - - -
41054b61 by Stefan Metzmacher at 2022-03-17T10:12:38+00:00
s4:kdc: tunnel the check_client_access status to hdb_samba4_audit()
Otherwise useful information gets lost while converting
from NTSTATUS to krb5_error and back to NTSTATUS again.
E.g. NT_STATUS_ACCOUNT_DISABLED would be audited as
NT_STATUS_ACCOUNT_LOCKED_OUT.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15015
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 5294dc80090482d5669126802672eb2c89e269cf)
Autobuild-User(v4-16-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-16-test): Thu Mar 17 10:12:38 UTC 2022 on sn-devel-184
- - - - -
f4236271 by Andrew Bartlett at 2022-03-17T11:23:03+01:00
WHATSNEW: older SMB1 command removal/simpliciation and deprecation
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e79f04a3 by Andrew Bartlett at 2022-03-17T11:23:03+01:00
WHATSNEW for Heimdal upgrade
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
8892af2a by Thomas Debesse at 2022-03-21T10:47:20+01:00
WHATSNEW: IRC is irc.libera.chat according to https://www.samba.org/samba/irc.html
Signed-off-by: Thomas Debesse <dev at illwieckz.net>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
85ce5e7d by Andrew Bartlett at 2022-03-21T10:47:20+01:00
WHATSNEW: Mention our matrix room as well
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9fef6aae by Jule Anger at 2022-03-21T11:05:22+01:00
WHATSNEW: Add release notes for Samba 4.16.0.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
e95d85f7 by Jule Anger at 2022-03-21T11:08:03+01:00
VERSION: Disable GIT_SNAPSHOT for the 4.16.0 release.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
ec6cfc39 by Michael Tokarev at 2022-03-24T13:19:50+03:00
Update d/gbp.conf, d/watch and d/README.source for 4.16
- - - - -
25dc168f by Michael Tokarev at 2022-03-24T13:21:57+03:00
d/copyright, d/gbp.conf: mark non-DFSG RFCs in heimdal sources to remove
- - - - -
9414fcd9 by Michael Tokarev at 2022-03-24T13:24:58+03:00
New upstream version 4.16.0+dfsg
- - - - -
9840c9a7 by Michael Tokarev at 2022-03-24T13:25:11+03:00
d/gbp.conf: do not remove non-existing *.chm from source
- - - - -
7433a79a by Michael Tokarev at 2022-03-24T13:25:47+03:00
Update upstream source from tag 'upstream/4.16.0+dfsg'
Update to upstream version '4.16.0+dfsg'
with Debian dir bd3b6294070ad8eff70be48459863e8360b432f3
- - - - -
75d71a45 by Michael Tokarev at 2022-03-24T15:07:35+03:00
d/changelog: start of 4.16
- - - - -
08db2646 by Michael Tokarev at 2022-03-24T15:07:35+03:00
refresh patches (reduce context in ctdb.conf), comment out add-so-version-to-private-libraries for now
- - - - -
3a162b8f by Michael Tokarev at 2022-03-24T15:07:35+03:00
d/control: update required versions (talloc=2.3.3,tdb=1.4.6,tevent=0.11.0,ldb=2.5.0)
- - - - -
caacc012 by Michael Tokarev at 2022-03-24T15:07:35+03:00
d/control: add myself to Uploaders
- - - - -
8eabb514 by Michael Tokarev at 2022-03-24T15:07:35+03:00
d/rules: --with-dnsupdate has been consolidated with --with-ads
- - - - -
34dd6171 by Michael Tokarev at 2022-03-24T15:07:37+03:00
d/control: add python3-markdown to build-depends
- - - - -
5c0c5b14 by Michael Tokarev at 2022-03-24T15:12:20+03:00
d/control: add libjson-perl to build-depends (needed for heimdal)
- - - - -
175c1ea3 by Michael Tokarev at 2022-03-26T19:49:02+03:00
d/rules: bump talloc and tdb library build-deps to include _PUBLIC_ fix
- - - - -
f5ee633c by Michael Tokarev at 2022-03-28T13:11:46+03:00
d/rules: do not disable samba-cluster-support lib
with samba-cluster-support in --builtin-libraries,
smbd fails to link
- - - - -
7bb2df7e by Michael Tokarev at 2022-03-28T13:11:46+03:00
d/rules: do not remove files after install which are not present in current samba
- - - - -
16caefaf by Michael Tokarev at 2022-03-28T13:11:46+03:00
refresh and re-enable add-so-version-to-private-libraries
- - - - -
516fd8b3 by Michael Tokarev at 2022-03-28T13:11:46+03:00
smbclient: do not install findsmb for now (it is just an example)
- - - - -
dedbc9a2 by Michael Tokarev at 2022-03-28T13:11:46+03:00
all private libraries in libdir/samba are of the form libFOO-samba4.so.0
- - - - -
dca3789e by Michael Tokarev at 2022-03-28T13:11:46+03:00
samba-libs: remove dlz_bind9.so from the list
- - - - -
98286c6a by Michael Tokarev at 2022-03-28T13:11:46+03:00
samba-libs: bump soversion for libnetapi.so(0->1) & libsamba-credentials.so (0=>1)
- - - - -
00a6c17e by Michael Tokarev at 2022-03-28T13:11:46+03:00
ctdb: do not install ctdb_local_daemons
- - - - -
ca0b3c40 by Michael Tokarev at 2022-03-28T13:11:46+03:00
samba-libs: do not install non-existing private libutil-cmdline libcmdline-credentials libpopt-samba3*
- - - - -
115e0e3b by Michael Tokarev at 2022-03-28T13:11:46+03:00
libwbclient0: do not install non-existing private libwinbind-client
- - - - -
a932acb2 by Michael Tokarev at 2022-03-28T13:11:46+03:00
samba-libs: install all of libsmbldap.so.2*
- - - - -
85b2bac3 by Michael Tokarev at 2022-03-28T13:11:46+03:00
samba-libs: install new private libcmdline
- - - - -
aac01fca by Michael Tokarev at 2022-03-28T13:11:46+03:00
samba-libs: install libsamba-cluster-support-samba4.so.0 (was built-into smbd before)
- - - - -
87f84ae8 by Michael Tokarev at 2022-03-28T13:11:46+03:00
samba: install new private libREG-FULL & libRPC-WORKER
- - - - -
970d3785 by Michael Tokarev at 2022-03-28T13:11:46+03:00
samba: install new private libgss-preauth (needed by libkdc)
- - - - -
0c8bd089 by Michael Tokarev at 2022-03-28T13:11:46+03:00
samba: install new samba-bgqd & samba-dcerpc binaries (in libdir/samba/)
- - - - -
c6c4f207 by Michael Tokarev at 2022-03-28T13:11:46+03:00
samba-libs: install private libRPC-SERVER-LOOP (needed by winbindd & samba)
- - - - -
5dcc1a17 by Michael Tokarev at 2022-03-28T13:11:46+03:00
samba: install new libdir/samba/rpc_* services
- - - - -
457bb1f6 by Michael Tokarev at 2022-03-28T13:11:46+03:00
ctdb: install libdir/ctdb/tdb_mutex_check
- - - - -
4f49e4f4 by Michael Tokarev at 2022-03-28T13:11:46+03:00
winbind: install libdir/samba/async_dns_krb5_locator.so
- - - - -
c64d491d by Michael Tokarev at 2022-03-28T13:11:46+03:00
d/rules: allow non-verbose build by using d/rules V=
verbose (-v) waf invocation is just too verbose. For one,
it clobbers all the various warnings emitted during build.
By default it uses usual verbose build, but this can be turned
off by using d/rules V= .
- - - - -
f676a3b1 by Michael Tokarev at 2022-03-28T23:53:56+03:00
d/rules: do not explicitly set DEB_HOST_*, include architecture.mk instead
This reduces d/rules startup cost from 2s to 0.8s on my machine
- - - - -
28f80953 by Michael Tokarev at 2022-03-28T23:54:25+03:00
d/rules: move python definitions up, and use $PYSHORT instead of python3
also drop quotes around PYTHON_CONFIG
- - - - -
5546b224 by Michael Tokarev at 2022-03-28T23:54:25+03:00
libsmbclient: add new version symbol
- - - - -
cdb83c38 by Michael Tokarev at 2022-03-28T23:54:25+03:00
libwbclient0: refresh symbols file. client_socket_addr close_low_fds get_socket_port read_hex_bytes string_sub_once string_sub_talloc are gone
- - - - -
75c130df by Michael Tokarev at 2022-03-28T23:54:25+03:00
d/rules: switch from LD_LIBRARY_PATH to -l for dh_shlibdeps, use common variable for it
- - - - -
b1a28572 by Michael Tokarev at 2022-03-28T23:54:25+03:00
d/make_shlibs: switch to use dpkg-parsechangelog -S, convert backticks to $(), switch to /bin/sh
- - - - -
1f213f15 by Michael Tokarev at 2022-03-28T23:54:25+03:00
debian/make_shlibs: do not exclude non-existing $libdir/plugin dir for dh_makeshlibs
- - - - -
ae6ab152 by Michael Tokarev at 2022-03-28T23:54:25+03:00
open-code d/merge_shlibs.pl into d/make_shlibs
- - - - -
969bf84d by Michael Tokarev at 2022-03-28T23:54:25+03:00
d/copyright: heimdal sources are moved
- - - - -
4dc5e554 by Michael Tokarev at 2022-03-28T23:54:25+03:00
d/rules: stop listing old/random stuff in --bundled-libraries & --builtin-libraries, stop using --minimum-library-version
- - - - -
02ea90a4 by Michael Tokarev at 2022-03-28T23:54:25+03:00
export PYTHONHASHSEED=1 for waf to make include path ordering fixed
https://lists.samba.org/archive/samba-technical/2022-March/137230.html
https://bugzilla.samba.org/show_bug.cgi?id=15033
- - - - -
2676dc40 by Michael Tokarev at 2022-03-28T23:54:25+03:00
debian/samba-libs.lintian-overrides: fix embedded heimdal lintian message
- - - - -
2e926e77 by Michael Tokarev at 2022-03-28T23:54:25+03:00
d/samba-libs.lintian-overrides: fix another lintian warning
- - - - -
ff9d9462 by Michael Tokarev at 2022-03-28T23:54:25+03:00
d/libwbclient0.lintian-overrides: fix renamed internal lib like in samba-libs
- - - - -
61bb1114 by Michael Tokarev at 2022-03-28T23:54:25+03:00
internal-ldb: Copy files from ldb source package
- - - - -
8766c0f9 by Michael Tokarev at 2022-03-28T23:54:25+03:00
internal-ldb: fix private libraries names in ldb install files, list ldb files explicitly
- - - - -
04705f10 by Michael Tokarev at 2022-03-28T23:54:25+03:00
internal-ldb: d/samba-dsdb-modules.install: list modules explicitly (intermixes with libldb)
- - - - -
931810e5 by Mathieu Parent at 2022-03-28T23:54:25+03:00
internal-ldb: Copy control stanzas
- - - - -
5be3e28d by Michael Tokarev at 2022-03-28T23:54:25+03:00
internal-ldb: Update build dependencies
- Import missing dependencies from ldb source
- Remove ldb as buildep
- - - - -
5c79b116 by Michael Tokarev at 2022-03-28T23:54:26+03:00
internal-ldb: d/rules ldb bits
- - - - -
9822508b by Mathieu Parent at 2022-03-28T23:54:26+03:00
internal-ldb: Force LDB as standalone (patch/hack)
- - - - -
6f8570b6 by Michael Tokarev at 2022-03-28T23:54:26+03:00
internal-ldb: use-bzero-instead-of-memset_s.patch to avoid linking of libldb with libreplace-samba4
- - - - -
e43929f3 by Michael Tokarev at 2022-03-28T23:54:26+03:00
internal-ldb: make d/make_shlibs to accept custom version info for specified packages
- - - - -
de9705dd by Michael Tokarev at 2022-03-28T23:54:26+03:00
internal-ldb: d/rules: specify ldb packages version when invoking d/make_shlibs
- - - - -
e43e9319 by Michael Tokarev at 2022-03-31T12:35:35+03:00
switch from including /usr/share/dpkg/architecture.mk back to inline definitions
This effectively reverts commit f676a3b11fa61eb6e2d5546fc5d47972f37d93cf
"d/rules: do not explicitly set DEB_HOST_*, include architecture.mk instead", -
while including architecture.mk made _startup_ time faster, it also
made time before the first external command make(1) invokes significantly
slower, because architecture.mk defines lots of variables ane make(1)
exports _all_ of them before it invokes commands to make the first target..
It'd be nice if architecture.mk were defining all vars in one invocation
of dpkg-architecture (which it allows) instead of invoking it for every
variable. For this, I guess, make(1) needs to support reading makefile
fragments from external commands, which it does not.
This all is not very important in the buildd environment since dpkg/dh
already exports all these variables before invoking d/rules, so we
actually never call dpkg-architecture. But it makes a lot of sense
when debugging build.
- - - - -
5aafd373 by Michael Tokarev at 2022-03-31T12:35:45+03:00
internal-ldb: cache ldb-version-related vars in d/ldb-version.mk
This significantly reduces the startup cost of make and sub-makes.
We store two variables (${LDB_DEB_VERSION} and ${LDB_DEPENDS})
in debian/ldb-version.mk, defining them once in a simple shell
fragment, from lib/ldb/wscript, and include this make fragment
in d/rules. The variables in there needs complex (from the
makefile PoV) commands to set, and they're repeated in each
submake too (think dh sequence). The idea is to generate it
once so it can be directly read by all submakes and need not
be regenerated each time while one debug the build procedure.
There's no need to keep d/ldb-version.mk in git or in the
.debian.tar.gz file, but by keeping it we will avoid removing
this file so it is regenerated on every ./d/rules clean.
- - - - -
80f8cb67 by Michael Tokarev at 2022-03-31T12:35:45+03:00
d/rules: only invoke dh sequence for known targets
- - - - -
7b2817d8 by Michael Tokarev at 2022-03-31T12:35:45+03:00
d/rules: another startup time optimization: cache dh_listpackages output, run it once not 8 times in a row
- - - - -
471fdc92 by Michael Tokarev at 2022-03-31T12:36:15+03:00
update changelog
- - - - -
3fa3e446 by Michael Tokarev at 2022-03-31T12:37:38+03:00
samba-common-bin.postinst: mkdir /run/samba before invoking samba binaries (#953530)
- - - - -
32650b20 by Michael Tokarev at 2022-03-31T12:38:30+03:00
d/rules: do not run waf build step, perform waf install step instead
Stop building samba runnable directly from the build directory
as `waf build' builds, we don't need it.
See comments in the d/rules.
- - - - -
fecb53de by Michael Tokarev at 2022-03-31T12:38:38+03:00
python3-ldb.lintian-overrides: add override for not-linked-against-libc python plugin
- - - - -
9cfe68cf by Michael Tokarev at 2022-03-31T12:38:38+03:00
d/rules, d/clean: rework and cleanup the clean target
there's no need to run $(WAF) clean since we rm whole bin/ dir anyway..
Also, waf leaves quite alot of work/temp files floating around.
In particular, there are several __pycache__/ dirs which either
needs to be explicitly listed or removing with find(1).
Also stop removing files which are not there.
- - - - -
21 changed files:
- + .editorconfig
- + .gitlab-ci-coverage-runners.yml
- + .gitlab-ci-coverage.yml
- + .gitlab-ci-default-runners.yml
- + .gitlab-ci-default.yml
- + .gitlab-ci-main.yml
- .gitlab-ci-private.yml
- .gitlab-ci.yml
- README.Coding.md
- README.contributing
- VERSION
- + VFS-License-clarification.txt
- WHATSNEW.txt
- auth/auth_log.c
- auth/auth_sam_reply.c
- auth/common_auth.h
- auth/credentials/credentials.c
- auth/credentials/credentials.h
- + auth/credentials/credentials_cmdline.c
- auth/credentials/credentials_internal.h
- auth/credentials/credentials_krb5.c
The diff was not included because it is too large.
View it on GitLab: https://salsa.debian.org/samba-team/samba/-/compare/6f32806da3c9fecdb7f49152396ca13a85d7eb25...9cfe68cfa99d6c283f6fc468a626e1a9698ed309
--
View it on GitLab: https://salsa.debian.org/samba-team/samba/-/compare/6f32806da3c9fecdb7f49152396ca13a85d7eb25...9cfe68cfa99d6c283f6fc468a626e1a9698ed309
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-samba-maint/attachments/20220331/6f873987/attachment-0001.htm>
More information about the Pkg-samba-maint
mailing list