[Pkg-samba-maint] [Git][samba-team/samba][master] 2365 commits: VERSION: Bump version up to 4.17.0pre1...
Michael Tokarev (@mjt)
gitlab at salsa.debian.org
Sun Oct 30 17:14:46 GMT 2022
Michael Tokarev pushed to branch master at Debian Samba Team / samba
Commits:
a3de4316 by Jule Anger at 2022-01-24T11:21:32+00:00
VERSION: Bump version up to 4.17.0pre1...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Jule Anger <janger at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
- - - - -
d844bc6c by Stefan Metzmacher at 2022-01-24T12:15:09+00:00
ldb: bump version to 2.6.0 for Samba 4.17.x releases
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Jule Anger <janger at samba.org>
Autobuild-User(master): Jule Anger <janger at samba.org>
Autobuild-Date(master): Mon Jan 24 12:15:09 UTC 2022 on sn-devel-184
- - - - -
be1935da by Stefan Metzmacher at 2022-01-24T15:25:36+00:00
WHATSNEW: Start release notes for Samba 4.17.0pre1.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
- - - - -
0651fa47 by Stefan Metzmacher at 2022-01-24T15:25:36+00:00
dcesrv_core: wrap gensec_*() calls in [un]become_root() calls
This is important for the source3/rpc_server code as it might
be called embedded in smbd and may not run as root with access
to our private tdb/ldb files.
Note this is only really needed for 4.15 and older, as
we no longer run the rpc_server embedded in smbd,
but we better be consistent for now.
This should be able to fix the problem the printing no longer works
on Windows 7 with 2021-10 monthly rollup patch (KB5006743).
Windows uses NTLMSSP with privacy at the DCERPC layer on top
of NCACN_NP (smb).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14867
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
58b09e10 by Stefan Metzmacher at 2022-01-24T15:25:36+00:00
lib/util: split out a dump_data_block16() helper
This simplifies the logic a lot for me.
It also fixes some corner cases regarding whitespaces in the
output, that's why we have to mark a few tests as knownfail,
they will be fixed in the next commit.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14956
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
9110a885 by Stefan Metzmacher at 2022-01-24T15:25:36+00:00
blackbox.ndrdump: adjust example files to changed dump_data() output.
The cleanup using dump_data_block16() fixed the space handling.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14956
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
b489b7fe by Stefan Metzmacher at 2022-01-24T15:25:36+00:00
lib/util: add dump_data_diff*() helpers
That will make it easy to see the difference
between two memory buffers.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14956
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
d1a7f392 by Stefan Metzmacher at 2022-01-24T15:25:36+00:00
ndrdump: make use of dump_data_file_diff() in order to show differences
This makes it much easier to detect differences in the given and
generated buffers.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14956
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
1dc385cb by Stefan Metzmacher at 2022-01-24T15:25:36+00:00
blackbox.ndrdump: adjust example files to the usage of dump_data_diff output.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14956
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
8da26cb6 by Stefan Metzmacher at 2022-01-24T15:25:36+00:00
s4:torture/ndr: demonstrate the ndr_push_string(STR_NOTERM|REMAINING) of "" is wrong
convert_string_talloc() never returns a string with len=0 and always
implies zero termination byte(s).
For ndr_push_string this is unexpected as we need to be compatible on
the wire and push 0 bytes for an empty string.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14956
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
43648e95 by Stefan Metzmacher at 2022-01-24T15:25:36+00:00
librpc/ndr: let ndr_push_string() let s_len == 0 result in d_len = 0
convert_string_talloc_handle() tries to play an the safe side
and always returns a null terminated array.
But for NDR we need to be correct on the wire...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14956
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
12464bd4 by Stefan Metzmacher at 2022-01-24T16:18:34+00:00
blackbox.ndrdump: fix test_ndrdump_fuzzed_NULL_struct_ntlmssp_CHALLENGE_MESSAGE test
This actually reveals that ndr_push_string() for TargetName="" was
failing before because it resulted in 1 byte for a subcontext with
TargetLen=0.
This is fixed now and we no longer expect ndrdump to exit with 1.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14956
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Mon Jan 24 16:18:34 UTC 2022 on sn-devel-184
- - - - -
62bd38f7 by Jeremy Allison at 2022-01-25T20:51:36+00:00
s3: smbd: Cleanup - Split out smbd_fetch_security_desc() from smbd_do_query_security_desc().
This is part one of a cleanup to split this up into a fetch()/marshal()
pair. Allows easy modification of the sd before returning if we need
to add the SMB2+unix mode information here on a SMB2 posix handle.
Also makes the code much clearer.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: David Mulder <dmulder at suse.com>
- - - - -
65774b51 by Jeremy Allison at 2022-01-25T20:51:36+00:00
s3: smbd: Cleanup - Split out smbd_marshall_security_desc() from smbd_do_query_security_desc().
This is part two of a cleanup to split this up into a fetch()/marshal()
pair. Allows easy modification of the sd before returning if we need
to add the SMB2+unix mode information here on a SMB2 posix handle.
Also makes the code much clearer.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: David Mulder <dmulder at suse.com>
- - - - -
1224d463 by Jeremy Allison at 2022-01-25T20:51:36+00:00
s3: smbd: Cleanup - In smbd_do_query_security_desc() we don't need a talloc frame.
Just free the marshalled sd before returning.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: David Mulder <dmulder at suse.com>
- - - - -
d85461c4 by Jeremy Allison at 2022-01-25T21:43:59+00:00
s3: smbd: Rename "unix extensions" -> "smb1 unix extensions".
Make 'unix extensions' a synonym for "smb1 unix extensions".
This will allow us to have a separate "smb2 unix extensions"
parameter that we can examine separately.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: David Mulder <dmulder at suse.com>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Jan 25 21:43:59 UTC 2022 on sn-devel-184
- - - - -
dbbad4b5 by Pavel Filipenský at 2022-01-26T11:44:32+00:00
s4:libnet: Fix trailing whitespace in libnet_vampire.c
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
851fc9d6 by Pavel Filipenský at 2022-01-26T11:44:32+00:00
s4:libnet: Fix uninitialized value "seq_num"
Found by covscan.
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
891201f1 by Douglas Bagnall at 2022-01-26T11:44:32+00:00
s3/torture/pdbtest: fix always false condition
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9320
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
f3768274 by Douglas Bagnall at 2022-01-26T11:44:32+00:00
pytest:auth_log: expect TLS connections when using ldaps
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
309f1982 by Douglas Bagnall at 2022-01-26T12:39:52+00:00
s4/auth/simple_bind: correctly report TLS state
It went wrong in 366f8cf0903e3583fda42696df62a5337f22131f
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Wed Jan 26 12:39:52 UTC 2022 on sn-devel-184
- - - - -
36c861e2 by FeRD (Frank Dana) at 2022-01-27T10:53:50+00:00
printing/bgqd: Disable systemd notifications
samba-bgqd daemon is started by existing Samba daemons. When running
under systemd, those daemons control systemd notifications and
samba-bgqd messages need to be silenced.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14947
Signed-off-by: FeRD (Frank Dana) <ferdnyc at gmail.com>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Alexander Bokovoy <ab at samba.org>
Autobuild-Date(master): Thu Jan 27 10:53:50 UTC 2022 on sn-devel-184
- - - - -
0eecfddd by Ralph Boehme at 2022-01-28T10:22:31+00:00
s3/rpc_server: install elasticsearch_mappings.json
This was removed accidentally remvoed by
a7c65958a15149918415b7456d6f20ee8c9669d2 because the original code
only installed the json file if the mdssvc was built as module:
if bld.SAMBA3_IS_ENABLED_MODULE('rpc_mdssvc_module'):
bld.INSTALL_FILES(bld.env.SAMBA_DATADIR,
'mdssvc/elasticsearch_mappings.json')
Installing the json file should just depend on Elasticsearch support
being enabled, regardless of the removed module support.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14961
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
Autobuild-User(master): Noel Power <npower at samba.org>
Autobuild-Date(master): Fri Jan 28 10:22:31 UTC 2022 on sn-devel-184
- - - - -
63e00f81 by Andreas Schneider at 2022-01-28T12:36:34+00:00
s4:kdc: Add a HDB to SDB mask
For most flags the mapping is 1 to 1, but it's not always
the case anymore.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14960
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
2a0d6c11 by Andreas Schneider at 2022-01-28T12:36:34+00:00
s4:kdc: Remove trailing spaces in hdb-samba4.c
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14960
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
6063e801 by Andreas Schneider at 2022-01-28T13:33:22+00:00
s4:kdc: Translate HDB flags to SDB flags
We used to have a 1 to 1 mapping, but now we have
a conflict with these:
#define SDB_F_FORCE_CANON 16384
#define HDB_F_PRECHECK 16384
We currently don't really care about HDB_F_PRECHECK,
so we can just filter it out.
In the long run we may change the SDB flags space to uint64...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14960
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Fri Jan 28 13:33:22 UTC 2022 on sn-devel-184
- - - - -
c58ede44 by Joseph Sutton at 2022-01-31T15:27:37+00:00
CVE-2022-0336: pytest: Add a test for an SPN conflict with a re-added SPN
This test currently fails, as re-adding an SPN means that later checks
do not run.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14950
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
1a5dc817 by Joseph Sutton at 2022-01-31T15:27:37+00:00
CVE-2022-0336: s4/dsdb/samldb: Don't return early when an SPN is re-added to an object
If an added SPN already exists on an object, we still want to check the
rest of the element values for conflicts.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14950
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
a9211cfe by Ralph Boehme at 2022-01-31T15:27:37+00:00
CVE-2021-44142: libadouble: add defines for icon lengths
>From https://www.ietf.org/rfc/rfc1740.txt
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14914
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
96083abc by Ralph Boehme at 2022-01-31T15:27:37+00:00
CVE-2021-44142: smbd: add Netatalk xattr used by vfs_fruit to the list of private Samba xattrs
This is an internal xattr that should not be user visible.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14914
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c61a0650 by Ralph Boehme at 2022-01-31T15:27:37+00:00
CVE-2021-44142: libadouble: harden ad_unpack_xattrs()
This ensures ad_unpack_xattrs() is only called for an ad_type of ADOUBLE_RSRC,
which is used for parsing ._ AppleDouble sidecar files, and the buffer
ad->ad_data is AD_XATTR_MAX_HDR_SIZE bytes large which is a prerequisite for all
buffer out-of-bounds access checks in ad_unpack_xattrs().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14914
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
eb087934 by Ralph Boehme at 2022-01-31T15:27:37+00:00
CVE-2021-44142: libadouble: add basic cmocka tests
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14914
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
751d7696 by Ralph Boehme at 2022-01-31T15:27:37+00:00
CVE-2021-44142: libadouble: harden parsing code
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14914
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1f7e870d by Jeremy Allison at 2022-01-31T15:27:37+00:00
CVE-2021-44141: s3: torture: Add samba3.blackbox.test_symlink_traversal.SMB2.
Add to knownfail.d/symlink_traversal
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14911
Signed-off-by: Jeremy Allison <jra at samba.org>
- - - - -
3bc85d61 by Jeremy Allison at 2022-01-31T15:27:37+00:00
CVE-2021-44141: s3: torture: Add samba3.blackbox.test_symlink_traversal.SMB1.
Add to knownfail.d/symlink_traversal.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14911
Signed-off-by: Jeremy Allison <jra at samba.org>
- - - - -
4e75e24b by Jeremy Allison at 2022-01-31T15:27:37+00:00
CVE-2021-44141: s3: torture: Add samba3.blackbox.test_symlink_traversal.SMB1.posix
Add to knownfail.d/symlink_traversal.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14911
Signed-off-by: Jeremy Allison <jra at samba.org>
- - - - -
3e9f6d70 by Jeremy Allison at 2022-01-31T15:27:37+00:00
CVE-2021-44141: s3: torture: In test_smbclient_s3, change the error codes expected for test_widelinks() and test_nosymlinks() from ACCESS_DENIED to NT_STATUS_OBJECT_NAME_NOT_FOUND.
For SMB1/2/3 (minus posix) we need to treat bad symlinks
as though they don't exist.
Add to knwownfail.d/symlink_traversal
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14911
Signed-off-by: Jeremy Allison <jra at samba.org>
- - - - -
f5b28d8a by Jeremy Allison at 2022-01-31T15:27:37+00:00
CVE-2021-44141: s3: torture: Change expected error return for samba3.smbtorture_s3.plain.POSIX.smbtorture.
Trying to open a symlink as a terminal component should return
NT_STATUS_OBJECT_NAME_NOT_FOUND, not NT_STATUS_OBJECT_PATH_NOT_FOUND.
Mark as knownfail.d/simple_posix_open until we fix the server.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14911
Signed-off-by: Jeremy Allison <jra at samba.org>
- - - - -
458c7555 by Jeremy Allison at 2022-01-31T15:27:37+00:00
CVE-2021-44141: s3: smbd: For SMB1+POSIX clients trying to open a symlink, always return NT_STATUS_OBJECT_NAME_NOT_FOUND.
Matches the error return from openat_pathref_fsp().
NT_STATUS_OBJECT_PATH_NOT_FOUND is for a bad component in a path, not
a bad terminal symlink.
Remove knownfail.d/simple_posix_open, we now pass.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14911
Signed-off-by: Jeremy Allison <jra at samba.org>
- - - - -
43455edd by Jeremy Allison at 2022-01-31T15:27:37+00:00
CVE-2021-44141: s3: smbd: Inside check_reduced_name() ensure we return the correct error codes when failing symlinks.
NT_STATUS_OBJECT_PATH_NOT_FOUND for a path component failure.
NT_STATUS_OBJECT_NAME_NOT_FOUND for a terminal component failure.
Remove:
samba3.blackbox.test_symlink_traversal.SMB1.posix
samba3.blackbox.smbclient_s3.*.Ensure\ widelinks\ are\ restricted\(.*\)
samba3.blackbox.smbclient_s3.*.follow\ symlinks\ \=\ no\(.*\)
in knownfail.d/symlink_traversal as we now pass these. Only one more fix
remaining to get rid of knownfail.d/symlink_traversal completely.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14911
Signed-off-by: Jeremy Allison <jra at samba.org>
- - - - -
be138920 by Jeremy Allison at 2022-01-31T15:27:37+00:00
CVE-2021-44141: s3: smbd: Fix a subtle bug in the error returns from filename_convert().
If filename_convert() fails to convert the path, we never call
check_name(). This means we can return an incorrect error code
(NT_STATUS_ACCESS_DENIED) if we ran into a symlink that points
outside the share to a non-readable directory. We need to make
sure in this case we always call check_name().
Remove knownfail.d/symlink_traversal.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14911
Signed-off-by: Jeremy Allison <jra at samba.org>
- - - - -
a44435c6 by Jeremy Allison at 2022-01-31T15:27:37+00:00
CVE-2021-44141: s3: torture: Add a test samba3.blackbox.test_symlink_rename.SMB1.posix that shows we still leak target info across a SMB1+POSIX rename.
Add a knownfail.d/posix_sylink_rename
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14911
Signed-off-by: Jeremy Allison <jra at samba.org>
- - - - -
e4e5539e by Jeremy Allison at 2022-01-31T16:26:26+00:00
CVE-2021-44141: s3: smbd: Inside rename_internals_fsp(), we must use vfs_stat() for existence, not SMB_VFS_STAT().
We need to take SMB1+POSIX into account here and do an LSTAT if it's
a POSIX name.
Remove knownfail.d/posix_sylink_rename
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14911
Signed-off-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Mon Jan 31 16:26:26 UTC 2022 on sn-devel-184
- - - - -
e9ad1896 by Jeremy Allison at 2022-02-01T16:30:37+00:00
s3: smbd: Add an SMB2 server flag posix_extensions_negotiated.
This allows the server to only enable smb2 unix open handles if
the smb.conf parameter is set and the client client correctly
negotiated smb2 unix on the connection.
Currently there is no "smb2 unix extensions" parameter so
this can never be set to true.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
722d0d3c by Jeremy Allison at 2022-02-01T16:30:37+00:00
libcli: Add SMB2 posix negotiate context flag.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
0711040d by Jeremy Allison at 2022-02-01T16:30:37+00:00
s3: smbd: Add the definition for SMB2_FILE_POSIX_INFORMATION info level.
Will be used by smb2_getinfo. Not yet used or available.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
2e72b9cd by Jeremy Allison at 2022-02-01T16:30:37+00:00
s3: smbd: Add the definition for SMB2_FIND_POSIX_INFORMATION info level.
Will be used by smb2_query_directory. Not yet used or available.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
955f0886 by Jeremy Allison at 2022-02-01T16:30:37+00:00
s3: smbd: Add lp_smb2_unix_extensions() function. Always returns false for now.
For now *always* returns false. This allows me to
add code into smbd contingent on lp_smb2_unix_extensions()
which I know will not be executed until all the parts
are in place. Then the real parameter can be added
(default to off) and testing added.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
7a5fea26 by Jeremy Allison at 2022-02-01T16:30:37+00:00
s3: smbd: lp_widelinks(). Turn off widelinks if either SMB1 or SMB2 unix extensions are turned on.
NB. Currently it's impossible to turn on SMB2 unix extensions.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
fadb2d60 by Jeremy Allison at 2022-02-01T16:30:37+00:00
s3: smbd: Update widelinks_warning() to cope with SMB1 and SMB2 unix extensions.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
f68fffa8 by Jeremy Allison at 2022-02-01T16:30:37+00:00
s3: smbd: Plumb in POSIX lock requests through SMB2 lock calls if done on a POSIX handle. Currently not allowed.
Note there is currently no way to create a POSIX file
handle in SMB2 so this code can't be accessed.
This will remain so until client and server code are ready to
turn on SMB2 POSIX extensions and the tests are in place.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
85c67111 by Jeremy Allison at 2022-02-01T16:30:37+00:00
s3: smbd: smbd_smb2_request_process_negprot() - Allow SMB2 unix extensions to be negotiated. Currently not allowed.
As lp_smb2_unix_extensions() currently always returns false,
this code path cannot be executed. This will change once the
whole client and server fixes are in place and tests are passing.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
2b2b41c8 by Jeremy Allison at 2022-02-01T17:25:45+00:00
s3: smbd: Add two new functions in a new file, smb2_posix.c: smb2_posix_cc_info(), store_smb2_posix_info()
Not yet used.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Tue Feb 1 17:25:45 UTC 2022 on sn-devel-184
- - - - -
69f2352c by Volker Lendecke at 2022-02-01T19:09:34+00:00
mdssvc: Align an integer type
In libjansson 2.13.1 json_array_size() returns a size_t
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
888275ee by Volker Lendecke at 2022-02-01T19:09:34+00:00
torture: Align an integer type
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
191c15f5 by Volker Lendecke at 2022-02-01T19:09:34+00:00
smbd: Modernize a debug statement
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ea8a6537 by Volker Lendecke at 2022-02-01T19:09:34+00:00
smbd: Make directory_has_default_posix_acl() just take "dirfsp"
conn is not referenced anymore, and we only need the files_struct
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a1d5ae30 by Volker Lendecke at 2022-02-01T19:09:34+00:00
smbd: chmod_acl_internals() does not need connection_struct anymore
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1d6762d8 by Volker Lendecke at 2022-02-01T19:09:34+00:00
smbd: copy_access_posix_acl() just needs fsps these days
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e93f4635 by Volker Lendecke at 2022-02-01T19:09:34+00:00
smbd: Simplify reopen_from_fsp() with an early return
Review with git show -b
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
95c7d234 by Volker Lendecke at 2022-02-01T20:04:44+00:00
vfs: Simplify fake_acls_stat() with an early return
Review with "git di -b"
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Feb 1 20:04:44 UTC 2022 on sn-devel-184
- - - - -
ac3c8c53 by Pavel Filipenský at 2022-02-01T20:13:29+00:00
lib:replace: Fix trailing whitespace in os2_delete.c
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1905c77a by Pavel Filipenský at 2022-02-01T21:09:21+00:00
lib:replace: Fix NULL issue reported by covscan
Found by covscan. Coding style kept as in the rest of the file.
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Feb 1 21:09:21 UTC 2022 on sn-devel-184
- - - - -
68e62962 by Stefan Metzmacher at 2022-02-02T17:36:35+00:00
selftest/quick: add smb2.session
We run the quicktest on each linux distro as part of samba-o3 builds.
We should make sure smb2 signing/enctyption works on all of them
and all different system libraries.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14968
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
99182af4 by Stefan Metzmacher at 2022-02-02T17:36:35+00:00
libcli/smb: fix error checking in smb2_signing_decrypt_pdu() invalid ptext_len
When the ptext_size != m_total check fails, we call this:
status = gnutls_error_to_ntstatus(rc, NT_STATUS_INTERNAL_ERROR);
goto out;
As rc is 0 at that point we'll exit smb2_signing_decrypt_pdu()
with NT_STATUS_OK, but without copying the decrypted data
back into the callers buffer. Which leads to strange errors
in the caller.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14968
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
735f3d7d by Stefan Metzmacher at 2022-02-02T18:29:08+00:00
libcli/smb: let smb2_signing_decrypt_pdu() cope with gnutls_aead_cipher_decrypt() ptext_len bug
The initial implementation of gnutls_aead_cipher_decrypt() had a bug and
used:
*ptext_len = ctext_len;
instead of:
*ptext_len = ctext_len - tag_size;
This got fixed with gnutls 3.5.2.
As we only require gnutls 3.4.7 we need to cope with this...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14968
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Wed Feb 2 18:29:08 UTC 2022 on sn-devel-184
- - - - -
0ecc5885 by Jeremy Allison at 2022-02-02T20:54:29+00:00
s4: test: Add samba4.libsmbclient.rename test. Currently fails for SMB3.
Add knownfail.d/libsmbclient_rename
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14938
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
ca60f635 by Jeremy Allison at 2022-02-02T21:50:31+00:00
lib: libsmbclient: Ensure cli_rename() always sets cli->raw_status.
Identical change as used in cli_unlink(), cli_mkdir(), cli_rmdir()
cli_chkpath() to ensure SMB2 calls correctly set raw_status for
libsmbclient uses.
Remove knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14938
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Feb 2 21:50:31 UTC 2022 on sn-devel-184
- - - - -
6509715c by David Seifert at 2022-02-03T13:18:29+00:00
tevent: add missing `#include <sys/types.h>`
The following functions use `pid_t` in their interface:
* `tevent_req_profile_get_status`
* `tevent_req_profile_set_status`
BUG: https://bugs.gentoo.org/828720
Signed-off-by: David Seifert <soap at gentoo.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Thu Feb 3 13:18:29 UTC 2022 on sn-devel-184
- - - - -
0c6554aa by Andreas Schneider at 2022-02-03T14:31:01+00:00
bootstrap: Fix CentOS8 runner
CentOS8 is EOL since December 31, 2021. The packages move to vault.centos.org.
We should migrate to CentOS8 Stream soon.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Thu Feb 3 14:31:01 UTC 2022 on sn-devel-184
- - - - -
d7deb876 by Jeremy Allison at 2022-02-04T11:10:33+00:00
s3: tests: Add a new test test_msdfs_hardlink() that does simple hardlinks on MSDFS root shares.
We pass this already as the cmd_hardlink in smbclient doesn't
do the DFS path conversion on the hardlink target. But it's
good to have the test.
Note we need to add the new test to "selftest/knownfail.d/smb1-tests"
as test_smbclient_s3.sh is run against the (ad_member|nt4_member)
environments first using NT1 (SMB1) protocol and then using SMB3,
but the (ad_member|nt4_member) environments don't support SMB1.
Seems a bit strange to me, but all the other SMB1 tests inside
test_smbclient_s3.sh have already been added to "selftest/knownfail.d/smb1-tests"
so just go with the test environment.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14169
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
44cc9fb0 by Jeremy Allison at 2022-02-04T11:10:33+00:00
s3: tests: Add a new test test_msdfs_rename() that does simple renames on MSDFS root shares.
We fail this on SMB2 for a subtle reason.
Our client code called from smbclient only sets the SMB2_HDR_FLAG_DFS flag
in the outgoing packet on the SMB2_CREATE call, and SMB2 rename does the
following operations:
SMB2_CREATE(src_path) // We set SMB2_HDR_FLAG_DFS here for a MSDFS share.
SMB2_SETINFO: SMB2_FILE_RENAME_INFO(dst_path). // We don't set SMB2_HDR_FLAG_DFS
However, from smbclient, dst_path is a MSDFS path but we don't set the flag,
so even though the rename code inside smbd will cope with a MSDFS path
(as used in the SMB1 SMBmv call) it fails as the correct flag isn't set.
Add knownfail selftest/knownfail.d/msdfs-rename.
Note we need to add the new test to "selftest/knownfail.d/smb1-tests"
as test_smbclient_s3.sh is run against the (ad_member|nt4_member)
environments first using NT1 (SMB1) protocol and then using SMB3,
but the (ad_member|nt4_member) environments don't support SMB1.
Seems a bit strange to me, but all the other SMB1 tests inside
test_smbclient_s3.sh have already been added to "selftest/knownfail.d/smb1-tests"
so just go with the test environment.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14169
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
2abba0ea by Jeremy Allison at 2022-02-04T11:10:33+00:00
s3: libsmb: Add cli_dfs_target_check() function.
Strips any DFS prefix from a target name that will be passed
to an SMB1/2/3 rename or hardlink call. Returns a pointer
into the original target name after the prefix. Not yet used.
If the incoming filename is *NOT* a DFS prefix, the
original filename is returned unchanged.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14169
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
4bdbe3c2 by Jeremy Allison at 2022-02-04T11:10:33+00:00
s3: libsmb: Call cli_dfs_target_check() from cli_smb2_hardlink_send().
Currently we don't pass MSDFS names as targets here, but a caller
may erroneously do this later, and for non-DFS names this is a no-op.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14169
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
cf3e5724 by Jeremy Allison at 2022-02-04T11:10:33+00:00
s3: libsmb: Call cli_dfs_target_check() from cli_ntrename_internal_send()..
Currently we don't pass MSDFS names as targets here, but a caller
may erroneously do this later, and for non-DFS names this is a no-op.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14169
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
dd0317f6 by Jeremy Allison at 2022-02-04T11:10:33+00:00
s3: libsmb: Call cli_dfs_target_check() from cli_smb1_rename_send().
Strips off any DFS prefix from the target if passed in.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14169
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
4473aea9 by Jeremy Allison at 2022-02-04T11:10:33+00:00
s3: libsmb: Call cli_dfs_target_check() from cli_cifs_rename_send().
Strips off any DFS prefix from the target if passed in.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14169
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
b9b82f36 by Jeremy Allison at 2022-02-04T12:02:36+00:00
s3: libsmb: Call cli_dfs_target_check() from cli_smb2_rename_send().
Strips off any DFS prefix from the target if passed in.
Remove knownfail selftest/knownfail.d/msdfs-rename.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14169
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
Autobuild-User(master): Noel Power <npower at samba.org>
Autobuild-Date(master): Fri Feb 4 12:02:36 UTC 2022 on sn-devel-184
- - - - -
b2c301ad by Volker Lendecke at 2022-02-04T19:36:53+00:00
sharesec: Add SEC_DIR_DELETE_CHILD to CHANGE permissions
Otherwise you can't rename or delete files using CHANGE permissions using
the sharesec or shareacls utility
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Feb 4 19:36:53 UTC 2022 on sn-devel-184
- - - - -
136ec5bc by Andreas Schneider at 2022-02-04T21:11:40+00:00
bootstrap: Migrate to CentOS8 Stream
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Fri Feb 4 21:11:40 UTC 2022 on sn-devel-184
- - - - -
dcd65e1c by Stefan Metzmacher at 2022-02-06T13:39:09+00:00
script/autobuild.py: let nm_grep_symbols ignore __gcov_ symbols
Currently the gcov build currently fails with the following error:
samba-libs: [allshared-no-public-nss_winbind] Running nm ./bin/plugins/libnss_winbind.so.2 | egrep -v ' (__bss_start|_edata|_init|_fini|_end)' | egrep -v ' T _nss_winbind_' |egrep ' [BDGTRVWS] ' && exit 1; exit 0; in '/tmp/samba-testbase/samba-libs/.'
0000000000232458 B __gcov_error_file
0000000000226340 D __gcov_master
000000000001c080 T __gcov_sort_n_vals
00000000002324a0 B __gcov_var
samba-libs: [allshared-no-public-nss_winbind] failed 'nm ./bin/plugins/libnss_winbind.so.2 | egrep -v ' (__bss_start|_edata|_init|_fini|_end)' | egrep -v ' T _nss_winbind_' |egrep ' [BDGTRVWS] ' && exit 1; exit 0;' with status 1
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Sun Feb 6 13:39:09 UTC 2022 on sn-devel-184
- - - - -
d717a581 by Volker Lendecke at 2022-02-07T19:00:34+00:00
lib: Fix CID 1465285 Double close
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ede2328c by Volker Lendecke at 2022-02-07T19:00:34+00:00
smbd: Fix CID 1497981: Null pointer dereferences (REVERSE_INULL)
brown paper bag quality, sorry...
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ec58a8ea by Volker Lendecke at 2022-02-07T19:00:34+00:00
libsmb: Avoid a call to SMBC_errno()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
098fc00f by Volker Lendecke at 2022-02-07T19:00:34+00:00
libsmb: Avoid a call to SMBC_errno()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c78f0a96 by Volker Lendecke at 2022-02-07T19:00:34+00:00
libsmb: Avoid two calls to SMBC_errno()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
3844fe87 by Volker Lendecke at 2022-02-07T19:00:34+00:00
libsmb: Avoid a call to SMBC_errno()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c9030fb5 by Volker Lendecke at 2022-02-07T19:00:34+00:00
libsmb: Avoid a call to SMBC_errno()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
0b351cda by Volker Lendecke at 2022-02-07T19:00:34+00:00
libsmb: Avoid a call to SMBC_errno()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d4f8fdd6 by Volker Lendecke at 2022-02-07T19:00:34+00:00
libsmb: Convert SMBC_getatr() to NTSTATUS
This avoids a few calls to SMBC_errno()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
0b55d739 by Volker Lendecke at 2022-02-07T19:00:34+00:00
smbd: Fix open_pathref_base_fsp()'s implicit conn_cwd assumption
Opening a stream base file only worked if "dirfsp == conn->cwd_fsp":
We have replaced fsp->fsp_name with the full dirfsp->relative pathname
at the point where open_pathref_base_fsp() is called. In case dirfsp
is already a subdirectory in a share, this breaks because the
open_pathref_base_fsp() uses fsp->fsp_name, not the original
dirfsp-relative one.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
18501707 by Volker Lendecke at 2022-02-07T19:00:34+00:00
smbd: Avoid an "else" in file_set_dosmode()
Review with git show -b
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c2ac6a9c by Volker Lendecke at 2022-02-07T19:00:34+00:00
smbd: Pass "dirfsp" and "smb_fname" to fd_open_atomic()
Dereference fsp once instead of four times
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
abd1525d by Volker Lendecke at 2022-02-07T19:00:34+00:00
vfs: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
fe275259 by Volker Lendecke at 2022-02-07T19:58:57+00:00
lib: Simplify pm_process()
No need to duplicate the fopen/fclose
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon Feb 7 19:58:57 UTC 2022 on sn-devel-184
- - - - -
c266ed40 by Ralph Boehme at 2022-02-08T19:27:29+00:00
s3/libads: simplify storing existing ads->ldap.ss
We just need temporal storage for ads->ldap.ss, no need to store it as a struct
samba_sockaddr.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14674
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2354
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
3ee69045 by Ralph Boehme at 2022-02-08T20:24:12+00:00
s3/libads: ensure a sockaddr variable is correctly zero initialized
is_zero_addr() doesn't work with addresses that have been zero-initialized.
This fixes the logic added in c863cc2ba34025731a18ac735f714b5b888504da.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14674
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2354
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Feb 8 20:24:12 UTC 2022 on sn-devel-184
- - - - -
cd06574b by Samuel Cabrero at 2022-02-09T20:20:36+00:00
s3:winbind: Reduce the level and improve a couple of debug messages
The commit 1d5c546 changed the debug message printed when setting
winbind to offline state and offline logons are disabled from
level 10 to level 0. This message isn't really an error and might
scare some users, e.g. https://bugzilla.suse.com/show_bug.cgi?id=1195573
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Feb 9 20:20:36 UTC 2022 on sn-devel-184
- - - - -
1c173497 by Volker Lendecke at 2022-02-10T18:16:36+00:00
smbd: Slightly simplify create_file_unixpath()
Avoid the "needs_fsp_unlink" variable, describe the talloc hierarchy a
bit differently in the comments.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
9966b5e2 by Volker Lendecke at 2022-02-10T18:16:36+00:00
smbd: Move the call to file_free() out of close_directory()
Call file_free() just once
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
2293ca5b by Volker Lendecke at 2022-02-10T18:16:36+00:00
smbd: Move the call to file_free() out of close_normal_file()
Call file_free() just once
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
244c5a7d by Volker Lendecke at 2022-02-10T18:16:36+00:00
smbd: Move the call to file_free() out of close_fake_file()
Centralize calling file_free(), but leave close_fake_file() in for API
symmetry reasons.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
363ac753 by Volker Lendecke at 2022-02-10T18:16:36+00:00
smbd: Call file_free() just once in close_file()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f5bc73a2 by Volker Lendecke at 2022-02-10T18:16:36+00:00
smbd: NULL out "fsp" in close_file()
Quite a few places already had this in the caller, but not all. Rename
close_file() to close_file_free() appropriately. We'll factor out
close_file_smb() doing only parts of close_file_free() later.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d1341d66 by Volker Lendecke at 2022-02-10T18:16:36+00:00
smbd: No base fsps to close_file_free() from file_close_conn()
close_file_free() needs to handle base fsps specially. This can be
simplified a lot if we pass the the open files a second time in case
we encountered base_fsps that we could not immediately delete.
file_close_conn() is not our hot code path, and also we don't expect
many thousand open files that we need to walk a second time.
A subsequent patch will simplify close_file_free(), the complicated
logic is now in files.c, where it IMHO belongs because
file_set_base_fsp() are here as well.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
61f57ba2 by Volker Lendecke at 2022-02-10T18:16:36+00:00
smbd: Factor out close_file_in_loop() from file_close_conn_fn()
To be reused in file_close_user(). Deliberately a separate commit to
make the previous commit easier to understand.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1fbd9877 by Volker Lendecke at 2022-02-10T18:16:36+00:00
smbd: No base fsps to close_file_free() from file_close_user()
Same logic as the change for file_close_conn()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
93fe9c83 by Volker Lendecke at 2022-02-10T18:16:36+00:00
smbd: Simplify the flow in close_file_free()
We are no longer called on base_fsp's in SHUTDOWN_CLOSE. That
simplifies the logic in the common case, we now have a linear flow for
the very often-called close_file()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
5f1ceead by Volker Lendecke at 2022-02-10T18:16:36+00:00
torture: Add a test to show that full_audit uses a ptr after free
Run vfstest with this vfstest.cmd under valgrind and you'll see what
happens. Exact explanation a few patches further down...
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e751c623 by Volker Lendecke at 2022-02-10T18:16:36+00:00
smbd: Factor out fsp_unbind_smb() from file_free()
For example, remove our entry from smbXsrv_open_global.tdb
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e91b59c4 by Volker Lendecke at 2022-02-10T18:16:36+00:00
smbd: Introduce close_file_smb()
This does almost everything that close_file_free() does, but it leaves
the fsp around.
A normal close_file() now calls fsp_unbind_smb() twice. Functionally
this is not a problem, fsp_unbind_smb() is idempotent. The only
potential performance penalty might come from the loops in
remove_smb2_chained_fsp(), but those only are potentially large with
deeply queued smb2 requests. If that turns out to be a problem, we'll
cope with it later. The alternative would be to split up file_free()
into even more routines and make it more difficult to figure out which
of the "rundown/unbind/free" routines to call in any particular
situation.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
434e6d4b by Volker Lendecke at 2022-02-10T19:11:33+00:00
smbd: Only file_free() a self-created fsp in create_file_unixpath()
This fixes a use-after-free in smb_full_audit_create_file() when
calling SMB_VFS_CREATE_FILE with fsp->fsp_name as smb_fname.
create_file_unixpath() has this comment:
* This is really subtle. If someone passes in an smb_fname
* where smb_fname actually is taken from fsp->fsp_name, then
* the lifetime of these objects is meant to be the same.
so it seems legitimate to call CREATE_FILE this way.
When CREATE_FILE runs into an error, create_file_unixpath() does a
file_free, which also takes fsp->fsp_name with
it. smb_full_audit_create_file() wants to log the failure including
the smb_fname after NEXT_CREATE_FILE has exited, but this will then
use the already free'ed data.
Fix by only doing the file_free() on an fsp that
create_file_unixpath() created itself.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Feb 10 19:11:33 UTC 2022 on sn-devel-184
- - - - -
9693f7ea by Andreas Schneider at 2022-02-10T21:14:32+00:00
selftest: Do not force -d0 for smbd/nmbd/winbindd
We have the env variable SERVER_LOG_LEVEL which allows you to change
the log level on the command line. If we force -d0 this will not work.
make test TESTS="samba" SERVER_LOG_LEVEL=10
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
9f34babe by Pavel Filipenský at 2022-02-10T21:14:32+00:00
s3:modules: Implement dummy virus scanner that uses filename matching
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14971
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
2fd518e5 by Pavel Filipenský at 2022-02-10T21:14:32+00:00
docs-xml:manpages: Document 'dummy' virusfilter and 'virusfilter:infected files'
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14971
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
547b4c59 by Pavel Filipenský at 2022-02-10T21:14:33+00:00
selftest: Fix trailing whitespace in Samba3.pm
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14971
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
a25c714c by Pavel Filipenský at 2022-02-10T21:14:33+00:00
s3:selftest: Add test for virus scanner
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14971
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Pair-Programmed-With: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
3f1c958f by Pavel Filipenský at 2022-02-10T22:09:06+00:00
s3:modules: Fix virusfilter_vfs_openat
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14971
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Pair-Programmed-With: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Feb 10 22:09:06 UTC 2022 on sn-devel-184
- - - - -
29f11005 by Sergey V. Lobanov at 2022-02-11T07:58:57+00:00
wafsamba: replace 'echo -n' with printf
This patch makes samba_cross.py compatible with old bash (e.g. 3.2)
Signed-off-by: Sergey V. Lobanov <sergey at lobanov.in>
Reviewed-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Fri Feb 11 07:58:57 UTC 2022 on sn-devel-184
- - - - -
21b380ca by Volker Lendecke at 2022-02-11T20:54:37+00:00
smbd: Introduce fsp_is_alternate_stream()
To me this is more descriptive than "fsp->base_fsp != NULL". If this
turns out to be a performance problem, I would go and make this a
static inline in smbd/proto.h.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ac58b0b9 by Volker Lendecke at 2022-02-11T20:54:37+00:00
smbd: Introduce metadata_fsp()
Centralize the pattern
if (fsp->base_fsp != NULL) {
fsp = fsp->base_fsp;
}
with a descriptive name.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
aacb3618 by Volker Lendecke at 2022-02-11T20:54:37+00:00
smbd: Use fsp_is_alternate_stream() where an fsp is available
Make it clear that being an alternate data stream handle is much more
a fsp property than a file name property.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
30bbff38 by Volker Lendecke at 2022-02-11T20:54:37+00:00
vfs: Simplify streams_xattr_unlinkat()
It would be a logic error to call rmdir on a stream. This simplifies
the logic a bit.
Signed-off-by: Volker Lendecke <vl at samba.org>
- - - - -
862fdc7c by Volker Lendecke at 2022-02-11T20:54:37+00:00
vfstest: Align two integer types
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
929ccd3d by Volker Lendecke at 2022-02-11T20:54:37+00:00
smbd: Safeguards for getpwuid
Attempt to fix
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14900
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
60a72933 by Volker Lendecke at 2022-02-11T20:54:37+00:00
libsmb: Use fstrcpy where possible
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
b066dba4 by Volker Lendecke at 2022-02-11T20:54:37+00:00
ndrdump: Small simplification
Remove the talloc_steal(), we can allocate on mem_ctx directly
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c8eb75cc by Volker Lendecke at 2022-02-11T20:54:37+00:00
torture: Align integer types
finfo.stream_info.out.num_streams is declared as "unsigned int"
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
18437fd6 by Volker Lendecke at 2022-02-11T21:53:22+00:00
smbd: Simplify smbd_dirptr_lanman2_mode_fn()
Avoid an else, we return in the "true" branch
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Feb 11 21:53:22 UTC 2022 on sn-devel-184
- - - - -
188a9021 by Martin Schwenke at 2022-02-14T01:47:31+00:00
ctdb-recoverd: Always cancel election in progress
Election-in-progress is set by unknown leader broadcast, so needs to
be cleared in all cases when election completes.
This was seen in a case where the leader node stalled, so didn't send
leader broadcasts for some time. The node continued to hold the
cluster lock, so another node could not become leader. However, after
the node returned to normal it still did not send leader broadcasts
because election-in-progress was never cleared.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14958
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
9b3fab05 by Martin Schwenke at 2022-02-14T01:47:31+00:00
ctdb-recoverd: Consistently have caller set election-in-progress
The problem here is that election-in-progress must be set to
potentially avoid restarting the election broadcast timeout in
main_loop(), so this is already done by leader_handler().
Have force_election() set election-in-progress for all election types
and do not bother setting it in cluster_lock_election().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14958
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
bf55a011 by Martin Schwenke at 2022-02-14T01:47:31+00:00
ctdb-recoverd: Always send unknown leader broadcast when starting election
This is currently missed when the cluster lock is lost.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14958
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
0e74e03c by Martin Schwenke at 2022-02-14T01:47:31+00:00
ctdb-recoverd: Consistently log start of election
Elections should now be quite rare, so always log when one begins.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14958
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
265e44ab by Martin Schwenke at 2022-02-14T01:47:31+00:00
ctdb-tests: Factor out functions to detect when generation changes
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14958
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
331c435c by Martin Schwenke at 2022-02-14T02:46:01+00:00
ctdb-tests: Add a test for stalled node triggering election
A stalled node probably continues to hold the cluster lock, so confirm
elections work in this case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14958
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay at samba.org>
Autobuild-Date(master): Mon Feb 14 02:46:01 UTC 2022 on sn-devel-184
- - - - -
23293050 by Martin Schwenke at 2022-02-14T03:36:38+00:00
ctdb-tests: Add iteration support for protocol tests
The current method of repeatedly running a binary has huge overhead,
especially with valgrind.
protocol_test_iterate_tag() allows output that is usually used for
hinting where a test failure occurred to be replaced with a tag
stored in a buffer, which is printed on test failure.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
17d792e9 by Martin Schwenke at 2022-02-14T04:32:29+00:00
ctdb-tests: Iterate protocol tests internally
Instead of repeatedly running a test binary.
Run time for these tests reduces from ~90s to ~75s.
When run under valgrind, the run time for protocol_test_001.sh reduces
from ~390s to <1s.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay at samba.org>
Autobuild-Date(master): Mon Feb 14 04:32:29 UTC 2022 on sn-devel-184
- - - - -
2b9917d7 by Andreas Schneider at 2022-02-15T11:35:31+00:00
builtools: Make abi_gen.sh less prone to errors
The mold linker has more hidden symbols and we would need to filter them out
with nm, where objdump tells us which symbols are actually hidden. So we just
need to filter out whatever is hidden.
The use of awk makes it also easier to get what we want.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
d409c238 by Andreas Schneider at 2022-02-15T11:35:31+00:00
bootstrap: If the mold linker is available prefer it over gold
The gold linker will be deprecated soon. However we got a new linker called
mold:
https://github.com/rui314/mold/
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
3bc00dfd by Andreas Schneider at 2022-02-15T12:31:43+00:00
bootstrap: Install mold linker on Fedora 35
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Tue Feb 15 12:31:43 UTC 2022 on sn-devel-184
- - - - -
fe84ae55 by Andreas Schneider at 2022-02-16T16:08:32+00:00
s3:winbindd: Add a sanity check for the range
What we want to avoid:
$ ./bin/testparm -s | grep "idmap config"
idmap config * : rangesize = 10000
idmap config * : range = 10000-19999
idmap config * : backend = autorid
$ ./bin/wbinfo --name-to-sid BUILTIN/Administrators
S-1-5-32-544 SID_ALIAS (4)
$ ./bin/wbinfo --sid-to-gid S-1-5-32-544
10000
$ ./bin/wbinfo --name-to-sid ADDOMAIN/alice
S-1-5-21-4058748110-895691256-3682847423-1107 SID_USER (1)
$ ./bin/wbinfo --sid-to-gid S-1-5-21-984165912-589366285-3903095728-1107
failed to call wbcSidToGid: WBC_ERR_DOMAIN_NOT_FOUND
Could not convert sid S-1-5-21-984165912-589366285-3903095728-1107 to gid
If only one range is configured we are either not able to map users/groups
from our primary *and* the BUILTIN domain. We need at least two ranges to also
cover the BUILTIN domain!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14967
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
db6d4da3 by Andreas Schneider at 2022-02-16T16:08:32+00:00
s3:utils: Add a testparm check for idmap autorid
What we want to avoid:
$ ./bin/testparm -s | grep "idmap config"
idmap config * : rangesize = 10000
idmap config * : range = 10000-19999
idmap config * : backend = autorid
$ ./bin/wbinfo --name-to-sid BUILTIN/Administrators
S-1-5-32-544 SID_ALIAS (4)
$ ./bin/wbinfo --sid-to-gid S-1-5-32-544
10000
$ ./bin/wbinfo --name-to-sid ADDOMAIN/alice
S-1-5-21-4058748110-895691256-3682847423-1107 SID_USER (1)
$ ./bin/wbinfo --sid-to-gid S-1-5-21-984165912-589366285-3903095728-1107
failed to call wbcSidToGid: WBC_ERR_DOMAIN_NOT_FOUND
Could not convert sid S-1-5-21-984165912-589366285-3903095728-1107 to gid
If only one range is configured we are either not able to map users/groups
from our primary *and* the BUILTIN domain. We need at least two ranges to also
cover the BUILTIN domain!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14967
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
7e5afd8f by Andreas Schneider at 2022-02-16T17:04:53+00:00
docs-xml: Fix idmap_autorid documentation
What we want to avoid:
$ ./bin/testparm -s | grep "idmap config"
idmap config * : rangesize = 10000
idmap config * : range = 10000-19999
idmap config * : backend = autorid
$ ./bin/wbinfo --name-to-sid BUILTIN/Administrators
S-1-5-32-544 SID_ALIAS (4)
$ ./bin/wbinfo --sid-to-gid S-1-5-32-544
10000
$ ./bin/wbinfo --name-to-sid ADDOMAIN/alice
S-1-5-21-4058748110-895691256-3682847423-1107 SID_USER (1)
$ ./bin/wbinfo --sid-to-gid S-1-5-21-984165912-589366285-3903095728-1107
failed to call wbcSidToGid: WBC_ERR_DOMAIN_NOT_FOUND
Could not convert sid S-1-5-21-984165912-589366285-3903095728-1107 to gid
If only one range is configured we are either not able to map users/groups
from our primary *and* the BUILTIN domain. We need at least two ranges to also
cover the BUILTIN domain!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14967
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Wed Feb 16 17:04:53 UTC 2022 on sn-devel-184
- - - - -
984a426f by Björn Jacke at 2022-02-16T19:49:31+00:00
dnsp.idl: add missing DNS_RPC_RECORD defines
taken from MSDN 2.2.2.2.5:
https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-dnsp/ac793981-1c60-43b8-be59-cdbb5c4ecb8a
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
30bf1cd9 by Björn Jacke at 2022-02-16T20:43:55+00:00
dns.idl/dnsp.idl: add missing DNS ressource record types
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Feb 16 20:43:55 UTC 2022 on sn-devel-184
- - - - -
4e464fc9 by Bjoern Jacke at 2022-02-16T21:38:12+00:00
vfs_gpfs: use linux oplock specific funcions only when available
Signed-off-by: Bjoern Jacke <bj at sernet.de>
Reviewed-by: Christof Schmitt <cs at samba.org>
Autobuild-User(master): Christof Schmitt <cs at samba.org>
Autobuild-Date(master): Wed Feb 16 21:38:12 UTC 2022 on sn-devel-184
- - - - -
e1674e10 by Volker Lendecke at 2022-02-17T17:13:34+00:00
libsmb: Avoid a call to SMBC_errno()
This involves converting cli_print_queue() to NTSTATUS. No caller
looked at the number of jobs returned.
Review with "git show -b", most of the patch is indentation
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ea8198ac by Volker Lendecke at 2022-02-17T17:13:34+00:00
libsmb: Avoid a call to SMBC_errno()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
6f9c20cc by Volker Lendecke at 2022-02-17T17:13:34+00:00
vfs: Use fsp_get_pathref_fd() in aio_pthread
We only use the fd as "dirfd" in openat, so we don't need an I/O fd
here.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1ef6800e by Volker Lendecke at 2022-02-17T17:13:34+00:00
smbd: Slightly simplify openat_pathref_fsp()
We don't need to look at the full share-relative path to figure out if
we have a stream name, the original smb_fname is sufficient for this.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
6e77185f by Volker Lendecke at 2022-02-17T17:13:35+00:00
smbd: Use fsp_is_alternate_stream(), we checked for fsp!=NULL above
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
7ba970b0 by Volker Lendecke at 2022-02-17T17:13:35+00:00
vfs: Use is_named_stream() for checking if we have an ADS
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
219dc590 by Volker Lendecke at 2022-02-17T17:13:35+00:00
smbd: Only open base_fsp for non-"::$DATA" streams
"is_named_stream()" is more what we really mean here. Make this line robust
against callers passing in "::$DATA".
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
259a716c by Volker Lendecke at 2022-02-17T17:13:35+00:00
smbd: Simplify open_file_ntcreate()
For streams our caller create_file_unixpath() has already taken care
of properly initializing fsp->base_fsp, so we can rely on
fsp_is_alternate_stream() here instead of looking at the file name.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
61dd0096 by Volker Lendecke at 2022-02-17T17:13:35+00:00
smbd: Filter out "::$DATA" for query name information
Make this piece of code robust against having "::$DATA" passed in.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
6d7f0790 by Volker Lendecke at 2022-02-17T17:13:35+00:00
smbd: Use ISDOT/ISDOTDOT
This is simpler to read for me
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
826ae22c by Volker Lendecke at 2022-02-17T17:13:35+00:00
vfs: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a31ab494 by Volker Lendecke at 2022-02-17T17:13:35+00:00
vfs: Don't go through strnorm(..., CASE_LOWER)
With a fixed CASE_LOWER we should go directly to the lowerlevel call, this
makes it more obvious to me.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
2649d654 by Volker Lendecke at 2022-02-17T18:11:18+00:00
smbd: Make strnorm() static to filename.c
The caller in vfs_prealloc was a bit unneeded, and strnorm is only
called here.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Feb 17 18:11:18 UTC 2022 on sn-devel-184
- - - - -
fb55d84e by Martin Schwenke at 2022-02-17T18:12:51+00:00
util: Drop unused variable num_chars
clang complains:
../../lib/util/genrand_util.c:99:9: error: variable 'num_chars' set but not used [-Werror,-Wunused-but-set-variable]
size_t num_chars = 0;
^
That is, the variable is initialised and incremented but the value is
never used.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
32d2584c by Martin Schwenke at 2022-02-17T18:12:51+00:00
util: Drop unused variable num_received
clang complains:
../../source4/libcli/clilist.c:111:6: error: variable 'num_received' set but not used [-Werror,-Wunused-but-set-variable]
int num_received = 0;
^
../../source4/libcli/clilist.c:268:6: error: variable 'num_received' set but not used [-Werror,-Wunused-but-set-variable]
int num_received = 0;
^
That is, the variable is initialised and updated but the value is
never used.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
98594d33 by Martin Schwenke at 2022-02-17T18:12:51+00:00
util: Drop unused variable mask_perms
clang complains:
../../source3/smbd/posix_acls.c:2783:9: error: variable 'mask_perms' set but not used [-Werror,-Wunused-but-set-variable]
mode_t mask_perms = 0;
^
That is, the variable is initialised and updated but the value is
never used.
This potentially points to a bug in commit
f735551b9edef66b152261cf6eb2f29b7b69d65b from 2002.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
ad9a4141 by Martin Schwenke at 2022-02-17T18:12:52+00:00
vfs_not_implemented: do not mark structs with _PUBLIC_
Commit 5d295e41af4e9316aee1b4cf1c3087663b7c06a4 accidentally marked
some structs with _PUBLIC_, which causes clang to complain:
../../source3/modules/vfs_not_implemented.c:594:1: error: attribute 'visibility' is ignored, place it after "struct" to apply attribute to type declaration [-Werror,-Wignored-attributes]
_PUBLIC_
^
../../lib/replace/replace.h:917:33: note: expanded from macro '_PUBLIC_'
^
../../source3/modules/vfs_not_implemented.c:642:1: error: attribute 'visibility' is ignored, place it after "struct" to apply attribute to type declaration [-Werror,-Wignored-attributes]
_PUBLIC_
^
../../lib/replace/replace.h:917:33: note: expanded from macro '_PUBLIC_'
^
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
7471afaa by Martin Schwenke at 2022-02-17T18:12:52+00:00
source4/torture: Avoid unused variable
clang complains:
../../source4/torture/basic/delete.c:2342:7: error: variable 'correct' set but not used [-Werror,-Wunused-but-set-variable]
bool correct = true;
^
That is, the variable is initialised and updated but the value is
never used. Similar functions return this variable, so try that.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
1ccb1874 by Martin Schwenke at 2022-02-17T18:12:52+00:00
source4/torture: Drop unused variable tdif
clang complains:
../../source4/torture/basic/denytest.c:1805:11: error: variable 'tdif' set but not used [-Werror,-Wunused-but-set-variable]
int64_t tdif;
^
That is, the variable is initialised and updated but the value is
never used.
Perhaps it is meant to be used in the nearby torture_comment() call,
but it has been this was since commit
cb1cff90f165d82cbbf1dd87e475a1b13984d45e from 2004. Just drop it.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
2b649604 by Martin Schwenke at 2022-02-17T18:12:52+00:00
source4/torture: Drop unused variable mask
clang complains:
../../source4/torture/smb2/notify.c:871:11: error: variable 'mask' set but not used [-Werror,-Wunused-but-set-variable]
uint32_t mask;
^
That is, the variable is initialised and updated but the value is
never used.
Looks to have been this way since commit
15d93a5d8e21893e1cca5c989dbf97010aae1622 from 2009. Just drop it.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
a7c32135 by Martin Schwenke at 2022-02-17T19:06:24+00:00
source4/torture: Drop unused variable attribute
clang complains:
../../source4/client/client.c:1569:11: error: variable 'attribute' set but not used [-Werror,-Wunused-but-set-variable]
uint16_t attribute = FILE_ATTRIBUTE_SYSTEM | FILE_ATTRIBUTE_HIDDEN;
^
That is, the variable is initialised and updated but the value is
never used.
Commit 2f377d5101783ed4d8c96a46aaec61895cc7b6ad from 2004 dropped the
use of this variable.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Thu Feb 17 19:06:25 UTC 2022 on sn-devel-184
- - - - -
bf22548d by Jeremy Allison at 2022-02-18T19:12:30+00:00
s4: torture: Add new SMB2 lease test test_lease_duplicate_create().
Checks we return INVALID_PARAMETER when trying to create a
new file with a duplicate lease key on the same share.
Checked against Windows10. Samba already passes this
but we didn't have a test before.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14737
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: David Mulder <dmulder at suse.com>
- - - - -
ca3896b6 by Jeremy Allison at 2022-02-18T19:12:30+00:00
s4: torture: Add new SMB2 lease test test_lease_duplicate_open().
Checks we return INVALID_PARAMETER when trying to open a
different file with a duplicate lease key on the same share.
Checked against Windows10. Currently fails against smbd
so add knownfail.d/smb2-lease-duplicateopen
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14737
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: David Mulder <dmulder at suse.com>
- - - - -
408be543 by Jeremy Allison at 2022-02-18T20:12:12+00:00
s3: smbd: Fix our leases code to return the correct error in the non-dynamic share case.
We now return INVALID_PARAMETER when trying to open a
different file with a duplicate lease key on the same
(non-dynamic) share. This will enable us to pass another
Windows test suite leases test.
We now behave the same as Windows10.
Remove knownfail.d/smb2-lease-duplicateopen
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14737
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: David Mulder <dmulder at suse.com>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Feb 18 20:12:12 UTC 2022 on sn-devel-184
- - - - -
183ab5ce by Björn Jacke at 2022-02-18T22:17:33+00:00
acl: fix function arguments for AIX' and Solaris' sys_acl_get_fd()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14974
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
396c1716 by Bjoern Jacke at 2022-02-18T22:17:33+00:00
vfs_aixacl: add proper header file
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7239
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
89e90398 by Björn Jacke at 2022-02-18T22:17:33+00:00
wscript: s/default/required/ _static_modules for the acl modules
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14974
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e225ab70 by Björn Jacke at 2022-02-18T22:17:33+00:00
readlink test: inverse return code
We need to return 0 in case readlink is *broken* here - this is because our waf
CHECK_CODE function does only allow generating defines in case the test succeeds
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13631
Signed-off-by: Bjoern Jacke <bj at sernet.de>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
45cb14ac by Björn Jacke at 2022-02-18T23:12:51+00:00
waf: re-add missing readlink test
this was another portability regression that came with the moving to waf
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13631
Signed-off-by: Bjoern Jacke <bj at sernet.de>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Feb 18 23:12:51 UTC 2022 on sn-devel-184
- - - - -
33186bdf by Andreas Schneider at 2022-02-21T09:14:31+00:00
editorconfig: Final newlines are pycodestyle
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
6b8d30e0 by Andreas Schneider at 2022-02-21T09:14:31+00:00
third_party:waf: Print the version of waf at the end of the update script
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
fb175576 by Andreas Schneider at 2022-02-21T10:06:27+00:00
third_party: Update waf to verison 2.0.23
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Mon Feb 21 10:06:27 UTC 2022 on sn-devel-184
- - - - -
7009fb1a by Andreas Schneider at 2022-02-21T15:03:24+00:00
s3:utils: Fix missing space in testparm output
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Mon Feb 21 15:03:24 UTC 2022 on sn-devel-184
- - - - -
521e1195 by Andreas Schneider at 2022-02-21T19:36:45+00:00
autobuild: Rewrite the symbol checking
This should be less error prone.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Mon Feb 21 19:36:45 UTC 2022 on sn-devel-184
- - - - -
a2590298 by Martin Schwenke at 2022-02-22T00:17:11+00:00
util: CID 1499409: Memory - corruptions (OVERLAPPING_COPY)
This is quite bizarre:
*** CID 1499409: Memory - corruptions (OVERLAPPING_COPY)
/lib/util/debug.c: 1742 in dbghdrclass()
1736 sizeof(tvbuf.buf),
1737 "%ld seconds since the Epoch", (long)t);
1738 }
1739 }
1740
1741 ensure_hostname();
>>> CID 1499409: Memory - corruptions (OVERLAPPING_COPY)
>>> In the call to function "snprintf", the object pointed to by argument "state.hostname" may overlap with the object pointed to by argument "state.header_str".
1742 state.hs_len = snprintf(state.header_str,
1743 sizeof(state.header_str),
1744 "%s %s %s[%u]: ",
1745 tvbuf.buf,
1746 state.hostname,
1747 state.prog_name,
Coverity doesn't explicitly say so but the only way this can happen is
if state.hostname is not NUL-terminated within its declared length.
ensure_hostname() and debug_set_hostname() ensure NUL-termination, but
the caching effect of ensure_hostname() probably stops Coverity from
being certain about anything.
Try making Coverity happy by using a precision to limit the number of
characters from hostname that can be used.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Martin Schwenke <martins at samba.org>
Autobuild-Date(master): Tue Feb 22 00:17:12 UTC 2022 on sn-devel-184
- - - - -
2cef24a5 by Volker Lendecke at 2022-02-22T09:21:29+00:00
smbd: Initialize a pointer
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
afd037df by Volker Lendecke at 2022-02-22T09:21:29+00:00
smbd: Make OpenDir_fsp() return NTSTATUS
Preparation for making OpenDir return NTSTATUS
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
be201475 by Volker Lendecke at 2022-02-22T09:21:29+00:00
smbd: Factor out OpenDir_ntstatus()
We might have callers interested in the exact NTSTATUS error code.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
9027cc35 by Volker Lendecke at 2022-02-22T09:21:29+00:00
smbd: can_delete_directory_fsp() returns NTSTATUS
Don't go via errno
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
7e3c51ee by Volker Lendecke at 2022-02-22T09:21:29+00:00
vfs: walk_streams() returns NTSTATUS
Don't go via errno
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
f143eeae by Volker Lendecke at 2022-02-22T09:21:29+00:00
smbd: Initialize a pointer
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
5204da2a by Volker Lendecke at 2022-02-22T09:21:29+00:00
smbd: Convert get_real_filename_full_scan() to OpenDir_ntstatus()
Get us a better error message without going through the lossy errno.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
118b63bb by Volker Lendecke at 2022-02-22T09:21:29+00:00
smbd: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
1912a0d6 by Volker Lendecke at 2022-02-22T09:21:29+00:00
smbd: We have the fsp available, use fsp_is_alternate_stream()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
5030bba1 by Volker Lendecke at 2022-02-22T10:16:44+00:00
samba-dcerpcd: Silence a DEBUG message
This is not worth a debuglevel 1 message
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Tue Feb 22 10:16:44 UTC 2022 on sn-devel-184
- - - - -
38a1e4c5 by Andreas Schneider at 2022-02-22T15:23:35+00:00
editorconfig: Change shell to tabs with tab width 8
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a9eebca9 by Andreas Schneider at 2022-02-22T15:23:35+00:00
configure: Reformat wrapper script
shfmt -w -p -i 0 -fn configure
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2d5d88ff by Andreas Schneider at 2022-02-22T15:23:35+00:00
buildtools: Reformat shell scripts
shfmt -f buildtools | xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1b8b6ac8 by Andreas Schneider at 2022-02-22T15:23:35+00:00
docs-xml: Reformat shell scripts
shfmt -f docs-xml | xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3990c33e by Andreas Schneider at 2022-02-22T16:20:58+00:00
examples: Reformat shell scripts
shfmt -f examples/ | xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Tue Feb 22 16:20:58 UTC 2022 on sn-devel-184
- - - - -
ef9017a1 by Martin Schwenke at 2022-02-23T01:08:37+00:00
ctdb-tests: Dump a stack trace on abort
Debugging a test failure here without GDB is not possible. Dumping a
stack trace gives a good hint.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
0f373443 by Martin Schwenke at 2022-02-23T01:08:37+00:00
ctdb-tests: Fix missing #include for sigaction(2)
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
0d8084ed by Martin Schwenke at 2022-02-23T02:02:06+00:00
ctdb-protocol: CID 1499395: Uninitialized variables (UNINIT)
Issue is reported here:
853 case CTDB_CONTROL_DB_VACUUM: {
854 struct ctdb_db_vacuum db_vacuum;
855
>>> CID 1499395: Uninitialized variables (UNINIT)
>>> Using uninitialized value "db_vacuum.full_vacuum_run" when calling "ctdb_db_vacuum_len".
856 CHECK_CONTROL_DATA_SIZE(ctdb_db_vacuum_len(&db_vacuum));
857 return ctdb_control_db_vacuum(ctdb, c, indata, async_reply);
858 }
The problem is that ctdb_bool_len() unnecessarily dereferences its
argument, which in this case is &db_vacuum.full_vacuum_run. Not a
security issue because the value copied by dereferencing is not used.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay at samba.org>
Autobuild-Date(master): Wed Feb 23 02:02:06 UTC 2022 on sn-devel-184
- - - - -
576bdb08 by Stefan Metzmacher at 2022-02-23T07:50:38+00:00
s3:py_net: allow machinepass=None to py_net_join_member()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14984
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
59ac7824 by Stefan Metzmacher at 2022-02-23T07:50:38+00:00
samba-tool/join_member: let py_net_join_member() choose the password
It means we'll let trust_pw_new_value() generate the password.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14984
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
3b91be36 by Stefan Metzmacher at 2022-02-23T07:50:38+00:00
provision: use 120 characters for the dns account password
We should use the same as for the computer account.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14984
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
6bb7c0f2 by Stefan Metzmacher at 2022-02-23T07:50:38+00:00
upgradehelpers.py: let update_machine_account_password() use 120 character passwords
We already changed provision to use 120 character passwords with commit
609ca657652862fd9c81fd11f818efb74f72ff55.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14984
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
725c94d5 by Stefan Metzmacher at 2022-02-23T07:50:38+00:00
provision: add a comment that the value of krbtgtpass is ignored in the backend
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14984
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
ad0b5561 by Stefan Metzmacher at 2022-02-23T07:50:38+00:00
upgradehelpers.py: add a comment to update_krbtgt_account_password()
The backend generates its own random krbtgt password values.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14984
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
5e238633 by Stefan Metzmacher at 2022-02-23T08:49:54+00:00
s3:trusts_utils: use a password length of 120 for machine accounts
This is important when we change the machine password against
an RODC that proxies the request to an RWDC.
An RODC using NetrServerPasswordSet2() to proxy PasswordUpdateForward via
NetrLogonSendToSam() ignores a return of NT_STATUS_INVALID_PARAMETER
and reports NT_STATUS_OK as result of NetrServerPasswordSet2().
This hopefully found the last hole in our very robust machine account
password handling logic inside of trust_pw_change().
The lesson is: try to be as identical to how windows works as possible,
everything else may use is untested code paths on Windows.
A similar problem was fixed by this commit:
commit 609ca657652862fd9c81fd11f818efb74f72ff55
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Wed Feb 24 02:03:25 2021 +1300
provision: Decrease the length of random machine passwords
The current length of 128-255 UTF-16 characters currently causes
generation of crypt() passwords to typically fail. This commit
decreases the length to 120 UTF-16 characters, which is the same as
that used by Windows.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14621
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14984
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Wed Feb 23 08:49:54 UTC 2022 on sn-devel-184
- - - - -
cc30757d by Andreas Schneider at 2022-02-23T10:57:28+00:00
selftest: Add ad member with idmap_autorid backend
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
14a98f3f by Andreas Schneider at 2022-02-23T10:57:28+00:00
s3:tests: Run test_idmap_rid.sh against admem_idmap_autorid
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
a5bcbc23 by Andreas Schneider at 2022-02-23T11:54:01+00:00
autobuild: Run admem_idmap_autorid tests
They will be part of the samba-admem runners.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Wed Feb 23 11:54:01 UTC 2022 on sn-devel-184
- - - - -
3dbcd20d by Samuel Cabrero at 2022-02-23T15:20:32+00:00
s3:libads: Fix memory leak in kerberos_return_pac() error path
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
ed14513b by Samuel Cabrero at 2022-02-23T15:20:32+00:00
lib:krb5_wrap: Improve debug message and use newer debug macro
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
1b5b4107 by Samuel Cabrero at 2022-02-23T15:20:32+00:00
lib:krb5_wrap: Fix wrong debug message and use newer debug macro
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
00b1f44a by Samuel Cabrero at 2022-02-23T15:20:32+00:00
s3:libads: Return canonical principal and realm from kerberos_return_pac()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14979
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
0f4f3307 by Samuel Cabrero at 2022-02-23T15:20:32+00:00
s3:winbind: Store canonical principal and realm in ccache entry
They will be used later to refresh the tickets.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14979
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
8246ccc2 by Samuel Cabrero at 2022-02-23T16:17:29+00:00
s3:winbind: Use the canonical principal name to renew the credentials
The principal name stored in the winbindd ccache entry might be an
enterprise principal name if enterprise principals are enabled. Use
the canonical name to renew the credentials.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14979
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Wed Feb 23 16:17:29 UTC 2022 on sn-devel-184
- - - - -
1e880641 by Andreas Schneider at 2022-02-24T09:15:34+00:00
lib:fuzzing: Reformat shell scripts
shfmt -f lib/fuzzing/ | xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9b0273fa by Andreas Schneider at 2022-02-24T09:15:34+00:00
lib:ldb: Reformat shell scripts
shfmt -f lib/ldb/ | xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
59b9639e by Andreas Schneider at 2022-02-24T09:15:34+00:00
lib:replace: Reformat shell scripts
shfmt -f lib/replace/ | xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7fab6d53 by Andreas Schneider at 2022-02-24T09:15:34+00:00
lib:tdb: Reformat shell scripts
shfmt -f lib/tdb/ | xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5b70f21d by Andreas Schneider at 2022-02-24T09:15:34+00:00
lib:tevent: Reformat shell scripts
shfmt -f lib/tevent/ | xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d42f08d1 by Andreas Schneider at 2022-02-24T09:15:34+00:00
nsswitch: Reformat shell scripts
shfmt -f nsswitch/ | xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
38498024 by Andreas Schneider at 2022-02-24T10:13:36+00:00
packaging: Reformat shell scripts
shfmt -f packaging/ | xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Thu Feb 24 10:13:36 UTC 2022 on sn-devel-184
- - - - -
76bbda35 by Andreas Schneider at 2022-02-28T10:22:34+00:00
editorconfig: We always inserted a new line so keep doing that
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Mon Feb 28 10:22:34 UTC 2022 on sn-devel-184
- - - - -
1e3e22cc by Ralph Boehme at 2022-02-28T20:01:36+00:00
CI: remove shares referencing removed functionality
The whole "smbd:force sync [user|root] [path|chdir] safe threadpool" stuff was
removed long ago by 29dd6f3e59055a17fa3d6a63619773f940e63374.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14957
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ecf56c1d by Ralph Boehme at 2022-02-28T20:01:36+00:00
smbd: check "store dos attributes" settings in the async dosmode code
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14957
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ffdb1c3e by Ralph Boehme at 2022-02-28T20:01:36+00:00
CI: add test "smb2.async_dosmode"
Verifies async-dosmode sync fallback works with shadow_copy2 which returns
ENOSYS for SMB_VFS_GET_DOS_ATTRIBUTES_SEND().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14957
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
97caec07 by Ralph Boehme at 2022-02-28T20:01:36+00:00
smbd: also check for NT_STATUS_NOT_SUPPORTED
If a VFS module fails SMB_VFS_GETXATTRAT_SEND/RECV with ENOSYS like currently
vfs_shadow_copy2 or any other module that uses
vfs_not_implemented_getxattrat_send() the ENOSYS error that
vfs_not_implemented_getxattrat_send() sets gets mapped to
NT_STATUS_NOT_SUPPORTED by map_nt_error_from_unix().
Unfortunately when checking whether the async SMB_VFS_GETXATTRAT_SEND() failed
and to determine if the sync fallback should be triggered, we currently only
check for NT_STATUS_NOT_IMPLEMENTED which is the error we get when "store dos
attributes" is disabled.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14957
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
48f81b4e by Ralph Boehme at 2022-02-28T20:01:36+00:00
CI: enable "smbd async dosmode" on shadow_write share
Existing tests don't care, upcoming new test needs it.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1097b1d0 by Ralph Boehme at 2022-02-28T20:01:36+00:00
CI: add a test for async dosmode on a file in a shadow_copy2 snapshot
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
afc2103d by Ralph Boehme at 2022-02-28T20:53:35+00:00
vfs_shadow_copy2: remove async getxattrat
vfswrap_getxattrat_send() is handle based using smb_fname->fsp. As
the open of smb_fname->fsp was processed by this module, the handle
is already correctly opened on the file in the snapshot. In the end
this means we can just call directly call the next function here.
Note that the same reasoning might apply to other modules that use
vfs_not_implemented_getxattrat_send(), but checking and adjusting those is a job
for another day. Currently they will continue to go via the sync fallback of the
caller.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon Feb 28 20:53:35 UTC 2022 on sn-devel-184
- - - - -
f6fe8692 by Stefan Metzmacher at 2022-03-01T17:11:35+00:00
s4:sam: Don't use talloc_steal for msg attributes in authsam_make_user_info_dc()
This is most likely not a problem for the current callers,
but that it is unexpected and will likely cause problems with future
changes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14993
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14995
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ef95fb43 by Joseph Sutton at 2022-03-01T17:11:35+00:00
auth: Cope with NULL upn_name in PAC
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14995
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
6d8fec70 by Joseph Sutton at 2022-03-01T17:11:35+00:00
third_party/heimdal_build: Add KDC_LIB macro definitions
This is an adaptation to Heimdal:
commit 7bb00a40eabbed2bc1c268f5244bfb9736d9bebe
Author: Luke Howard <lukeh at padl.com>
Date: Tue Jan 4 13:08:35 2022 +1100
kdc: fix Windows build
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14995
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
9936038f by Joseph Sutton at 2022-03-01T17:11:35+00:00
s4:kdc: Don't pass empty PAC buffers to krb5_pac_add_buffer()
Heimdal will no longer allow us to pass a dummy zero-length buffer to
krb5_pac_add_buffer(), so we have to pass a buffer of length 1 instead.
This is an adaption to Heimdal:
commit 190263bb7a56fc775b50a6cd0dc91820d2b2e5eb
Author: Jeffrey Altman <jaltman at secure-endpoints.com>
Date: Wed Jan 19 22:55:33 2022 -0500
assert non-NULL ptrs before calling mem funcs
The definitions of memcpy(), memmove(), and memset() state that
the behaviour is undefined if any of the pointer arguments are
NULL, and some compilers are known to make use of this to
optimise away existing NULL checks in the source.
Change-Id: I489bc256e3eac7ff41d91becb0b43aba73dbb3f9
Link: https://www.imperialviolet.org/2016/06/26/nonnull.html
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14995
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
9eb27f29 by Joseph Sutton at 2022-03-01T18:07:50+00:00
third_party/heimdal_build: Determine whether time_t is signed
Without this, Heimdal will assume time_t is unsigned, and a wrong
assumption will cause 'infinite' ticket lifetimes to be reckoned as from
the past, and thus requests will fail with KDC_ERR_NEVER_VALID.
This is an adaptation to Heimdal:
commit 9ae9902249732237aa1711591604a6adf24963fe
Author: Nicolas Williams <nico at twosigma.com>
Date: Tue Feb 15 17:01:00 2022 -0600
cf: Check if time_t is signed
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14995
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Tue Mar 1 18:07:50 UTC 2022 on sn-devel-184
- - - - -
d255044e by Volker Lendecke at 2022-03-01T20:09:28+00:00
lib: Use cp_smb_filename_nostream() in adouble_path()
No need to TALLOC_FREE(smb_fname->stream_name) later
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
cb020197 by Volker Lendecke at 2022-03-01T20:09:28+00:00
lib: Simplify parent_dirname() by using talloc_strndup()
Don't duplicate the talloc_strndup() functionality.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
bdf68d64 by Volker Lendecke at 2022-03-01T20:09:29+00:00
vfs: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
2b6e557e by Volker Lendecke at 2022-03-01T20:09:29+00:00
vfs: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
40b7c862 by Volker Lendecke at 2022-03-01T20:09:29+00:00
vfs: Set errno in an error return
Don't leak an unrelated errno
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
579c475f by Volker Lendecke at 2022-03-01T20:09:29+00:00
smbd: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
8c977435 by Volker Lendecke at 2022-03-01T20:59:55+00:00
smbd: Fix a use-after-free
stat_cache_lookup() allocates its result on top of talloc_tos().
filename_convert_smb1_search_path() creates a talloc_stackframe(),
which makes the names which were supposed to be allocated on the "ctx"
parameter of filename_convert_smb1_search_path() go away too
early. Reparent the results from stat_cache_lookup() properly.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14989
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Mar 1 20:59:55 UTC 2022 on sn-devel-184
- - - - -
fccf9859 by Joseph Sutton at 2022-03-01T22:34:34+00:00
third_party/heimdal_build: Define fallthrough macro for switch statements
This is an adaptation to Heimdal:
commit ddc61136100b32346c4c4efa2bb6ddb5baedfb3e
Author: Nicolas Williams <nico at twosigma.com>
Date: Fri Jan 14 16:32:04 2022 -0600
Use fallthrough statement attribute
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14995
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
51569b31 by Joseph Sutton at 2022-03-01T22:34:34+00:00
third_party/heimdal: import lorikeet-heimdal-202203010107 (commit 0e7a12404c388e831fe6933fcc3c86e7eb334825)
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14995
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f2ca9c5d by Joseph Sutton at 2022-03-01T22:34:34+00:00
third_party/heimdal_build: Add source files to build
This is an adaptation to Heimdal:
commit be708ca3cf98900c61919f8ff7ced4428b5d1f32
Author: Nicolas Williams <nico at twosigma.com>
Date: Wed Dec 22 17:01:12 2021 -0600
gsskrb5: Add simple name attributes support
This adds Kerberos mechanism support for:
- composite principal name export/import
- getting rudimentary name attributes from GSS names using
gss_get_name_attribute():
- all (raw) authorization data from the Ticket
- all (raw) authorization data from the Authenticator
- transit path
- realm
- component count
- each component
- gss_inquire_name()
- gss_display_name_ext() (just for the hostbased service name type
though)
The test exercises almost all of the functionality, except for:
- getting the PAC
- getting authz-data from the Authenticator
- getting the transit path
TBD (much) later:
- amend test_context to do minimal name attribute checks as well
- gss_set_name_attribute() (to request authz-data)
- gss_delete_name_attribute()
- getting specific authorization data elements via URN fragments (as
opposed to all of them)
- parsing the PAC, extracting SIDs (each one as a separate value)
- some configurable local policy (?)
- plugin interface for additional local policy
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14995
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a2f7987d by Joseph Sutton at 2022-03-01T22:34:34+00:00
s4:kdc: Refactor HDB API
This is an adaptation to Heimdal:
commit b1dcc1a47485165ada778ef3c3463cfc0779d183
Author: Luke Howard <lukeh at padl.com>
Date: Fri Dec 31 17:24:58 2021 +1100
kdc: refactor Samba-specific auditing API in terms of existing API
Make Samba-specific HDB auth status API a wrapper on the existing auditing API,
with a view towards unifying the two APIs in a future commit.
The term "auth status" is replaced with "auth event", and the HDB auth_status
method is replaced with a more general purpose audit method which has access to
the entire request structure.
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14995
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7989ef0a by Joseph Sutton at 2022-03-01T22:34:34+00:00
s4:kdc: Adapt to removal of auth event details
This is an adaptation to Heimdal:
commit e15e711b13e2fb33f4480a054cba60b6c4c0183b
Author: Luke Howard <lukeh at padl.com>
Date: Sat Jan 1 18:05:51 2022 +1100
kdc: remove auth_event_details audit key
The auth event details audit key (formerly, parameter to auth_status)
contained, variously, an encryption type name; a PKINIT client certificate
name; or, a GSS initiator name. Audit these instead using individual keys that
reflect the values' contents.
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14995
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0d37a192 by Joseph Sutton at 2022-03-01T22:34:34+00:00
s4:kdc: Add 'not authorised' auth events
This is an adaptation to Heimdal:
commit d683780b1d728bf8c5b794a1f66842e5a25bd360
Author: Luke Howard <lukeh at padl.com>
Date: Sat Jan 1 23:44:05 2022 +1100
kdc: separate PKINIT/GSS authorization failure
Create a new audit event for PKINIT/GSS authorization (impersonation) failure
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14995
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a5799cea by Joseph Sutton at 2022-03-01T22:34:34+00:00
s4:kdc: Add referral policy callback
This is now used instead of a configuration option.
This is an adaption to Heimdal:
commit 3fa47f5a1a422e178d968a8ec0d59889eaa71548
Author: Luke Howard <lukeh at padl.com>
Date: Sun Jan 2 21:51:43 2022 +1100
kdc: add referral_policy callback to windc plugin
Add a referral policy hook to the TGS as a more elegant way of resolving
referral detection for Samba). The hook can either rewrite the server_princ in
the request, or it can return an error to disable built-in referral processing.
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14995
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
83586e8f by Joseph Sutton at 2022-03-01T22:34:34+00:00
s4:kdc: Rename windc to kdc plugin
This is an adaptation to Heimdal:
commit fcff5933ade652343d7c169659da92fac0e6e0d4
Author: Luke Howard <lukeh at padl.com>
Date: Mon Jan 3 11:10:18 2022 +1100
kdc: rename windc to kdc plugin
Rename the "windc" plugin API to the more general "kdc" plugin API, for two
reasons: the Heimdal KDC uses the Windows PAC even when not emulating a domain
controller, and the plugin API has accreted methods that are not specific to
emulating a domain controller (such as referral_policy and finalize_reply).
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14995
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f234361a by Joseph Sutton at 2022-03-01T22:34:34+00:00
s4:kdc: Adapt to removal of auth audit event types
This is an adaptation to Heimdal:
commit 06f8985c55fcd23e3efe0017ed2480c5b3c4524f
Author: Luke Howard <lukeh at padl.com>
Date: Wed Jan 5 09:42:03 2022 +1100
hdb: consolidate preauth audit event types
Instead of having distinct preauth success/failure events for different
mechanisms, have a single event; the mechanism can be disambiguated by querying
the HDB_REQUEST_KV_PA_NAME key.
Note: there is still an explicit event for long-term key-based success/failure
in order to help the backend implement lockout.
Audit failure (HDB_AUTH_EVENT_PREAUTH_FAILED) in the main preauth loop, rather
than in each mechanism. Success is still audited in the mechanism to allow
client pre-authentication success to be noted even if something subsequent
(e.g. encoding a reply, memory allocation) fails. The generic catch-all for
success remains.
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14995
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b9f4ea8b by Joseph Sutton at 2022-03-01T22:34:35+00:00
third_party/heimdal_build: Add SFU source file
This is an adaptation to Heimdal:
commit 0287558838de79313e38026d2f0905ffc987d0b8
Author: Luke Howard <lukeh at padl.com>
Date: Fri Dec 24 13:49:55 2021 +1100
kdc: move Services for User implementation out of krb5tgs.c
Move the Services for User (SFU/S4U) implementation -- protocol transition and
constrained delegation -- into its own compilation unit, with an interface that
only takes an astgs_request_t, so it can be easily factored out into a plugin
module in the future.
This refactoring is also careful to update all client names in the request
structure after the SFU/S4U validation has successfully completed.
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14995
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
675f913e by Joseph Sutton at 2022-03-01T22:34:35+00:00
s4:kdc: Explicitly set plugin minor version
This is an adaptation to Heimdal:
commit 7cc4b7a9e624f5eecfbb38607d4cc0870a895671
Author: Luke Howard <lukeh at padl.com>
Date: Wed Jan 5 13:08:11 2022 +1100
kdc: KDC plugin API contract notes
Add some notes about the KDC plugin API contract, and require plugins to
explicitly indicate which version of the API they support (remove the macro
alias for the current version).
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14995
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7cb68fdb by Joseph Sutton at 2022-03-01T22:34:35+00:00
third_party/heimdal_build: Don't generate .x source files
This is an adaptation to Heimdal:
commit 9427796f1a65906f12768b28abdb5a928222f3c6
Author: Jeffrey Altman <jaltman at secure-endpoints.com>
Date: Wed Jan 5 15:45:23 2022 -0500
Generate .x source files as .c source files
The generated .x source and .hx header files are plain C source files..
Generate them as .c source files and avoid unnecessary file copying
and special makefile rules.
Change-Id: Ifc4bbe3c46dd357fdd642040ad964c7cfe1d395c
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14995
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
068f2bf1 by Joseph Sutton at 2022-03-01T22:34:35+00:00
s4:kdc: Increment plugin minor version
This is an adaptation to Heimdal:
commit 40e4a4df09c2d6c3ba7bf14df1dee74a0bc18110
Author: Luke Howard <lukeh at padl.com>
Date: Mon Jan 10 12:50:37 2022 +1100
kdc: use astgs_request_t for client/server name (TGS)
Store the client and server principal name from the TGT and request
(respectively) in the astgs_request_t rather than using local variables.
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14995
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
94d387ab by Joseph Sutton at 2022-03-01T22:34:35+00:00
s4:kdc: Adapt to hdb_entry_ex removal
Rather than having a 'free_entry' member that can be called to free an
hdb_entry, we now implement the free function in HDB. We perform the
free only if the context pointer is non-NULL.
We also remove the ZERO_STRUCTP() in sdb_entry_to_hdb_entry(), as the
context pointer is now part of the 'hdb_entry' structure itself, and
this would undesirably zero it out.
This is an adaptation to Heimdal commits:
commit c5551775e204d00c7ee8055ab6ddbba7e0590584
Author: Luke Howard <lukeh at padl.com>
Date: Fri Jan 7 12:15:55 2022 +1100
hdb: decorate HDB_entry with context member
Decorate HDB_entry with context and move free_entry callback into HDB structure
itself. Requires updating hdb_free_entry() signature to include HDB parameter.
A follow-up commit will consolidate hdb_entry_ex (which has a single hdb_entry
member) into hdb_entry.
commit 0e8c4ccc6ee0123ea39e53e8917fc3f6bb74e8c8
Author: Luke Howard <lukeh at padl.com>
Date: Fri Jan 7 12:54:40 2022 +1100
hdb: eliminate hdb_entry_ex
Remove hdb_entry_ex and revert to the original design of hdb_entry (except with
an additional context member in hdb_entry which is managed by the free_entry
method in HDB).
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14995
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9399a15f by Joseph Sutton at 2022-03-01T22:34:35+00:00
s4:kdc: Adapt to removal of publicly accessible request structure members
We now have to use the accessor functions instead.
This is an adaptation to Heimdal:
commit ec24edf7005c340018450a202d27ca75fcf322d4
Author: Luke Howard <lukeh at padl.com>
Date: Thu Jan 20 09:15:24 2022 +1100
kdc: add accessor functions for KDC request structure
Add accessor functions for use by Samba and other plugin developers.
Documentation is in kdc/kdc-accessors.h.
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14995
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c9b0b4bf by Andrew Bartlett at 2022-03-01T22:34:35+00:00
s4-kdc: Adapt to move from HDB auditing to KDC auditing constants
This is to adapt to:
commit 6530021f09a5cab631be19a1b5898a0ba6b32f16
Author: Luke Howard <lukeh at padl.com>
Date: Thu Jan 13 14:37:29 2022 +1100
kdc: move auth event definitions into KDC header
Move KDC auth event macro definitions out of hdb.h and into a new KDC header,
kdc-audit.h.
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14995
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
791be84c by Stefan Metzmacher at 2022-03-01T23:28:22+00:00
s4:kdc: hdb_samba4_audit() is only called once per request
So we need to restructure the logic a bit.
NOTE: This commit finally works again!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14995
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Joseph Sutton <jsutton at samba.org>
Autobuild-Date(master): Tue Mar 1 23:28:22 UTC 2022 on sn-devel-184
- - - - -
751237a2 by Jeremy Allison at 2022-03-02T21:04:34+00:00
s3: VFS: ceph_snapshots: Move two more uses of OpenDir() -> OpenDir_nstatus().
Eventually we can replace OpenDir() with OpenDir_ntatatus().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
a1f4d74a by Jeremy Allison at 2022-03-02T21:04:34+00:00
s3: VFS: fruit: Move two more uses of OpenDir() -> OpenDir_nstatus().
Eventually we can replace OpenDir() with OpenDir_ntatatus().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
a138d0f2 by Jeremy Allison at 2022-03-02T21:04:34+00:00
s3: VFS: shadow_copy: Move one more use of OpenDir() -> OpenDir_nstatus().
Eventually we can replace OpenDir() with OpenDir_ntatatus().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
bc9439a4 by Jeremy Allison at 2022-03-02T21:04:34+00:00
s3: VFS: syncops: Move one more use of OpenDir() -> OpenDir_nstatus().
Eventually we can replace OpenDir() with OpenDir_ntatatus().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
51b7475d by Jeremy Allison at 2022-03-02T21:04:34+00:00
s3: smbd: In recursive_rmdir(), Move one more use of OpenDir() -> OpenDir_nstatus()
Eventually we can replace OpenDir() with OpenDir_ntatatus().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
535b29af by Jeremy Allison at 2022-03-02T21:04:34+00:00
s3: smbd: In rmdir_internals(), Move one more use of OpenDir() -> OpenDir_nstatus()
Eventually we can replace OpenDir() with OpenDir_ntatatus().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
2aff668e by Jeremy Allison at 2022-03-02T21:04:34+00:00
s3: smbd: In count_dfs_links(), Move one more use of OpenDir() -> OpenDir_nstatus()
Eventually we can replace OpenDir() with OpenDir_ntatatus().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
e66be49a by Jeremy Allison at 2022-03-02T21:04:34+00:00
s3: smbd: In form_junctions(), Move one more use of OpenDir() -> OpenDir_nstatus()
Eventually we can replace OpenDir() with OpenDir_ntatatus().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
b331082b by Jeremy Allison at 2022-03-02T21:04:34+00:00
s3: torture: In cmd_vfs, Move two more uses of OpenDir() -> OpenDir_nstatus().
Now we can replace OpenDir() with OpenDir_ntatatus().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
c0bbf6f4 by Jeremy Allison at 2022-03-02T21:04:34+00:00
s3: smbd: Remove now unused OpenDir().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
0c113e65 by Jeremy Allison at 2022-03-02T21:58:32+00:00
s3: smbd: Rename OpenDir_ntstatus() -> OpenDir().
We now have a single OpenDir() function that returns an NTSTATUS.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Wed Mar 2 21:58:32 UTC 2022 on sn-devel-184
- - - - -
f025cc1a by Andreas Schneider at 2022-03-03T00:59:34+00:00
python: Reformat shell scripts
shfmt -f python/ | xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
55cd39b9 by Andreas Schneider at 2022-03-03T00:59:34+00:00
release-scripts: Reformat shell scripts
shfmt -f release-scripts/ | xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
22eb76c6 by Andreas Schneider at 2022-03-03T00:59:34+00:00
script: Reformat shell scripts
shfmt -f script/ | xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1399b243 by Andreas Schneider at 2022-03-03T00:59:34+00:00
selftest: Reformat shell scripts
shfmt -f selftest/ | xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
98aed064 by Andreas Schneider at 2022-03-03T00:59:34+00:00
s3:locale: Reformat shell scripts
shfmt -f source3/locale/ | xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
cb10b870 by Andreas Schneider at 2022-03-03T01:53:16+00:00
s3:script: Reformat shell scripts
shfmt -f source3/script/ | xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu Mar 3 01:53:16 UTC 2022 on sn-devel-184
- - - - -
cd0efd38 by Andreas Schneider at 2022-03-04T14:05:31+00:00
s4:kdc: Align sflags type
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
f1ec950a by Andreas Schneider at 2022-03-04T14:05:31+00:00
s4:kdc: Also cannoicalize krbtgt principals when enforcing canonicalization
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
c9653e51 by Andreas Schneider at 2022-03-04T14:05:31+00:00
selftest: More tests are passing with MIT KRB5 >= 1.20
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
ea7b1caa by Andreas Schneider at 2022-03-04T14:05:31+00:00
s4:mitkdc: Set KRB5_KDB_NO_AUTH_DATA_REQUIRED based on sdb no_auth_data_reqd
This needs to be set so that the MIT KDC >= 1.20 will not call the handle_pac()
function which executes the issue_pac KDB callback.
Pair-Programmed-With: Alexander Bokovoy <ab at samba.org>
Signed-off-by: Alexander Bokovoy <ab at samba.org>
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
f1ca16f3 by Andreas Schneider at 2022-03-04T14:05:31+00:00
s4:mitkdc: Add support for MIT Kerberos 1.20
This also addresses CVE-2020-17049.
MIT Kerberos 1.20 is in pre-release state at the time writing this commit. It
will be released in autumn 2022. We need to support MIT Kerberos 1.19 till
enough distributions have been released with MIT Kerberos 1.20.
Pair-Programmed-With: Robbie Harwood <rharwood at redhat.com>
Signed-off-by: Andreas Schneider <asn at samba.org>
Signed-off-by: Robbie Harwood <rharwood at redhat.com>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
b20606b2 by Andreas Schneider at 2022-03-04T14:05:31+00:00
s4:mitkdc: Add support for S4U2Self & S4U2Proxy
Pair-Programmed-With: Alexander Bokovoy <ab at samba.org>
Signed-off-by: Alexander Bokovoy <ab at samba.org>
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
1201147d by Andreas Schneider at 2022-03-04T14:05:31+00:00
s4:kdc: Implement new Microsoft forwardable flag behavior
Allow delegation to any target if we have delegations set up, but the target is
not specified.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
ea15ecfe by Isaac Boukris at 2022-03-04T14:05:31+00:00
krb5-mit: Enable S4U client support for MIT build
Pair-Programmed-With: Andreas Schneider <asn at samba.org>
Signed-off-by: Andreas Schneider <asn at samba.org>
Signed-off-by: Isaac Boukris <iboukris at gmail.com>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
1a4d43d3 by Andreas Schneider at 2022-03-04T14:05:31+00:00
s4:auth: Remove trailing spaces in sam.c
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
41ffba13 by Andreas Schneider at 2022-03-04T14:05:31+00:00
s4:auth: Also look up msDS-AllowedToActOnBehalfOfOtherIdentity for RBCD
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
5c4afce7 by Andreas Schneider at 2022-03-04T14:05:31+00:00
s4:kdc: Implement samba_kdc_check_s4u2proxy_rbcd()
This will be used by the MIT KDB plugin in the next commits.
A security descriptor created by Windows looks like this:
security_descriptor: struct security_descriptor
revision : SECURITY_DESCRIPTOR_REVISION_1 (1)
type : 0x8004 (32772)
0: SEC_DESC_OWNER_DEFAULTED
0: SEC_DESC_GROUP_DEFAULTED
1: SEC_DESC_DACL_PRESENT
0: SEC_DESC_DACL_DEFAULTED
0: SEC_DESC_SACL_PRESENT
0: SEC_DESC_SACL_DEFAULTED
0: SEC_DESC_DACL_TRUSTED
0: SEC_DESC_SERVER_SECURITY
0: SEC_DESC_DACL_AUTO_INHERIT_REQ
0: SEC_DESC_SACL_AUTO_INHERIT_REQ
0: SEC_DESC_DACL_AUTO_INHERITED
0: SEC_DESC_SACL_AUTO_INHERITED
0: SEC_DESC_DACL_PROTECTED
0: SEC_DESC_SACL_PROTECTED
0: SEC_DESC_RM_CONTROL_VALID
1: SEC_DESC_SELF_RELATIVE
owner_sid : *
owner_sid : S-1-5-32-544
group_sid : NULL
sacl : NULL
dacl : *
dacl: struct security_acl
revision : SECURITY_ACL_REVISION_ADS (4)
size : 0x002c (44)
num_aces : 0x00000001 (1)
aces: ARRAY(1)
aces: struct security_ace
type : SEC_ACE_TYPE_ACCESS_ALLOWED (0)
flags : 0x00 (0)
0: SEC_ACE_FLAG_OBJECT_INHERIT
0: SEC_ACE_FLAG_CONTAINER_INHERIT
0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT
0: SEC_ACE_FLAG_INHERIT_ONLY
0: SEC_ACE_FLAG_INHERITED_ACE
0x00: SEC_ACE_FLAG_VALID_INHERIT (0)
0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS
0: SEC_ACE_FLAG_FAILED_ACCESS
size : 0x0024 (36)
access_mask : 0x000f01ff (983551)
object : union security_ace_object_ctr(case 0)
trustee : S-1-5-21-3001743926-1909451141-602466370-1108
Created with the following powershell code:
$host1 = Get-ADComputer -Identity ServerA
$host2 = Get-ADComputer -Identity ServerB
Set-ADComputer $host2 -PrincipalsAllowedToDelegateToAccount $host1
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
c7be3d1f by Andreas Schneider at 2022-03-04T14:05:31+00:00
s4:mitkdc: Implement mit_samba_check_allowed_to_delegate_from() for RBCD
This just implements a call in the MIT KDB shim layer. It will be used in the
next commits in the KDB plugin.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
d0e4b612 by Andreas Schneider at 2022-03-04T14:05:31+00:00
s4:mitkdc: Implement support for Resource Based Constrained Delegation (RBCD)
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
e908bbb1 by Andreas Schneider at 2022-03-04T14:05:31+00:00
gitlab-ci: Print the krb5 version
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
d1d47a55 by Andreas Schneider at 2022-03-04T14:05:31+00:00
gitlab-ci: Run krb5 tests also with MIT Kerberos 1.20 (prerelease)
This adds test against MIT Kerberos 1.20 (prerelease) in order to test
Bronze Bit, S4U and RBCD functionality supported only in current MIT Kerberos
git master. We created a Fedora COPR package for MIT KRB5 1.20 (prerelease).
MIT Kerberos 1.20 will be released in autumn 2022. As soon as MIT Kerberos 1.20
will be in a Fedora release, these runners will be removed again.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
e25d6c89 by Andreas Schneider at 2022-03-04T14:58:20+00:00
WHATSNEW: Bronze bit, S4U and RBDC support with MIT Kerberos 1.20
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Fri Mar 4 14:58:20 UTC 2022 on sn-devel-184
- - - - -
d1a08623 by Volker Lendecke at 2022-03-04T17:43:42+00:00
smbd: Remove a deref forgotten in c2ac6a9cd7b
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
fd1dca2d by Volker Lendecke at 2022-03-04T17:43:42+00:00
smbd: Inherit acl from an fsp instead of a fname
Moving slowly towards passing directory handles instead of names,
representing the idea that we hold a O_PATH file descriptor on
directories.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
fbb4bd36 by Volker Lendecke at 2022-03-04T17:43:42+00:00
smbd: Pass dirfsp instead of an fname to open_file()
Moving slowly towards passing directory handles instead of names,
representing the idea that we hold a O_PATH file descriptor on
directories.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
be6cc4cc by Volker Lendecke at 2022-03-04T17:43:42+00:00
smbd: Log close_file_free() failure in copy_internals()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
f60ca2e2 by Volker Lendecke at 2022-03-04T17:43:42+00:00
smbd: Pass dirfsp instead of a parent filename to unix_mode
This converts a STAT (with potential symlink race problems) into an
FSTAT on the O_PATH fd we have for the directory
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
29761770 by Volker Lendecke at 2022-03-04T17:43:42+00:00
smbd: Remove unused "lret" variable from file_set_dosmode()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
5567d5bc by Volker Lendecke at 2022-03-04T17:43:42+00:00
smbd: Save a few lines in file_set_dosmode() with "goto done;"
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
ab692aa6 by Volker Lendecke at 2022-03-04T17:43:42+00:00
smbd: Fix indentation in rename_internals_fsp()
This one space character makes it more obvious where in the copmlex
if-expression lp_store_dos_attributes() lives.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
b3514a57 by Volker Lendecke at 2022-03-04T17:43:42+00:00
smbd: Make complex if-expression in file_set_dosmode() easier to read
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
28522bb3 by Jeremy Allison at 2022-03-04T17:43:42+00:00
s3: smbd: Cleanup - make recursive_rmdir() return a more expressive NTSTATUS not bool.
Next cleanup the internals of rmdir_internals() to do an early map
of errno -> NTSTATUS to avoid mapping back and forth.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
df7efdf0 by Jeremy Allison at 2022-03-04T18:39:48+00:00
s3: smbd: Cleanup - Make rmdir_internals() use NTSTATUS internally without depending on errno.
As we already need to return NTSTATUS, map errno to NTSTATUS directly at point of failure
and don't depend on keeping it around. No change in client-visible behavior but makes
rmdir_internals() easier to understand (for me at least).
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Fri Mar 4 18:39:48 UTC 2022 on sn-devel-184
- - - - -
3f977cd6 by Pavel Filipenský at 2022-03-05T08:04:28+00:00
s3:lib: Fix possible 32-bit arithmetic overflow
Reported by covscan.
Potentially overflowing expression "glue->gtimeout * 1000" with type "int"
(32 bits, signed) is evaluated using 32-bit arithmetic, and then used in
a context that expects an expression of type "uint64_t" (64 bits, unsigned).
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Sat Mar 5 08:04:28 UTC 2022 on sn-devel-184
- - - - -
64160686 by Samuel Cabrero at 2022-03-06T23:05:40+00:00
s3:winbind: Move the function to list trusted domains to winbindd_dual_srv.c
This function will be converted to a local RPC call handler so move it
to the file including ndr_winbindd_scompat.c.
Updated debug message and use newer debug macros.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d05b5366 by Samuel Cabrero at 2022-03-06T23:05:40+00:00
s3:winbind: Remove list_all_domains condition always false
The 'list_all_domains' flag in a winbind request is only set by the
torture_winbind_struct_list_trustdom() test, in fact to check the flag
is ignored.
The WINBINDD_LIST_TRUSTDOM command received by winbind parent is handled
by winbindd_list_trusted_domains() which fills the response from the
cached domain list and does not handle the flag.
The WINBINDD_LIST_TRUSTDOM command sent from the parent to the domain
childs when the rescan timer expires do not set this flag, so this
commit removes the code handling it in the child.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e07f8901 by Samuel Cabrero at 2022-03-06T23:05:40+00:00
s3:winbind: Convert ListTrustedDomains parent/child call to NDR
By using NDR we avoid manual marshalling (netr_DomainTrust array
to text string) and unmarshalling (parse the received text string
back to a netr_DomainTrust array).
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
95b19633 by Samuel Cabrero at 2022-03-06T23:05:40+00:00
examples: Update winbindd.stp and its generator script
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f33f73f8 by Stefan Metzmacher at 2022-03-06T23:05:40+00:00
third_party/heimdal: import lorikeet-heimdal-202203031927 (commit 7abc451ddd74d0c2e57dbb32f3198bde8def73ab)
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14865
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
27ee5ad7 by Stefan Metzmacher at 2022-03-06T23:05:40+00:00
s4:kdc: let pac functions in wdc-samba4.c take astgs_request_t
NOTE: This commit finally works again!
This aligns us with the following Heimdal change:
commit 11d8a053f50c88256b4d49c7e482c2eb8f6bde33
Author: Stefan Metzmacher <metze at samba.org>
AuthorDate: Thu Feb 24 18:27:09 2022 +0100
Commit: Luke Howard <lukeh at padl.com>
CommitDate: Thu Mar 3 09:58:48 2022 +1100
kdc-plugin: also pass astgs_request_t to the pac related functions
This is more consistent and allows the pac hooks to be more flexible.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14865
Signed-off-by: Stefan Metzmacher <metze at samba.org>
- - - - -
0f5d7ff1 by Stefan Metzmacher at 2022-03-06T23:05:40+00:00
s4:kdc: redirect pre-authentication failures to an RWDC
The most important case is that we still have a previous
password cached at the RODC and the inbound replication
hasn't wiped the cache yet and we also haven't triggered
a new replication yet.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14865
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
39d85c34 by Pavel Filipenský at 2022-03-06T23:05:40+00:00
s3:script: Blackbox tests for the rpcclient DFS commands
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
1ed9ece3 by Pavel Filipenský at 2022-03-06T23:05:40+00:00
s3:rpcclient: Fix trailing whitespace in cmd_dfs.c
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
e9e2aead by Pavel Filipenský at 2022-03-07T00:00:32+00:00
s3:rpcclient: Fix crash in rpcclient
rpcclient SERVER -c 'dfsenum 5' dumps core
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Mon Mar 7 00:00:32 UTC 2022 on sn-devel-184
- - - - -
b108e039 by Jule Anger at 2022-03-07T14:35:36+00:00
s3:tests: Add a test to check the output of smbstatus.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14999
Signed-off-by: Jule Anger <janger at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
9e9e6955 by Jule Anger at 2022-03-07T15:27:48+00:00
s3:utils: assign ids to struct to list shares correctly
The commit "99d1f1fa10d smbd: Remove unused "struct connections_key"" removes
also the assignment of information to connections_data, which are needed to list
shares.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14999
Signed-off-by: Jule Anger <janger at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Jule Anger <janger at samba.org>
Autobuild-Date(master): Mon Mar 7 15:27:48 UTC 2022 on sn-devel-184
- - - - -
e16cd031 by Archana at 2022-03-08T11:32:36+00:00
ctdb-packaging: Remove deprecated networking command netstat and replace with "ss" command
Signed-off-by: Archana Chidirala <archana.chidirala.chidirala at ibm.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
7debfe7a by Archana at 2022-03-08T12:30:53+00:00
ctdb-tools: Remove deprecated networking commands and replace with new commands
The changes are made to replace the deprecated network commands
(ifconfig,netstat) with the new commands
(ip addr,ss) respectively
Signed-off-by: Archana Chidirala <archana.chidirala.chidirala at ibm.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Tue Mar 8 12:30:53 UTC 2022 on sn-devel-184
- - - - -
d972f64b by Jeremy Allison at 2022-03-08T22:12:37+00:00
s3: smbd: notify_mid_maps is used by both SMB1 and SMB2.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: David Mulder <dmulder at samba.org>
- - - - -
41393579 by Jeremy Allison at 2022-03-08T22:12:37+00:00
s3: Simple rename 'struct smb_signing_state' -> 'struct smb1_signing_state'
This is only used by the SMB1 signing code, except for one
bool for SMB2 which we will replace next.
Signed-off-by: Jeremy Allison <jra at samba.org>
Signed-off-by: David Mulder <dmulder at samba.org>
- - - - -
b51b055f by Jeremy Allison at 2022-03-08T22:12:37+00:00
s3: smbd: Add 'bool signing_mandatory' to struct smbXsrv_connection.smb2 component.
Not yet used.
Signed-off-by: Jeremy Allison <jra at samba.org>
Signed-off-by: David Mulder <dmulder at samba.org>
- - - - -
3f9d528f by Jeremy Allison at 2022-03-08T22:12:37+00:00
s3: smbd: Add smb2_srv_init_signing(). Initializes conn->smb2.signing_mandatory.
Not yet used.
Signed-off-by: Jeremy Allison <jra at samba.org>
Signed-off-by: David Mulder <dmulder at samba.org>
- - - - -
1f3f6e20 by Jeremy Allison at 2022-03-08T22:12:37+00:00
s3: smbd: Split srv_init_signing() into 2 static functions smb1_srv_init_signing() and smb2_srv_init_signing().
Correctly initialize and look at xconn->smb2.signing_mandatory
for the SMB2 signing state (this gets set correctly for the AD-DC
case etc. inside smb2_srv_init_signing()).
Signed-off-by: Jeremy Allison <jra at samba.org>
Signed-off-by: David Mulder <dmulder at samba.org>
- - - - -
b879d475 by Jeremy Allison at 2022-03-08T22:12:37+00:00
s3: smbd: Look at the correct signing state for the debug messages in make_connection_snum().
The rest of the changes should now be just renaming
the SMB1 signing functions to make it clear they are
SMB1 specific.
Signed-off-by: Jeremy Allison <jra at samba.org>
Signed-off-by: David Mulder <dmulder at samba.org>
- - - - -
aee7bfa0 by Jeremy Allison at 2022-03-08T22:12:37+00:00
s3: libcli: Rename static smb_signing_reset_info() -> smb1_signing_reset_info()
Signed-off-by: Jeremy Allison <jra at samba.org>
Signed-off-by: David Mulder <dmulder at samba.org>
- - - - -
cba8ba32 by Jeremy Allison at 2022-03-08T22:12:37+00:00
s3: libcli: Rename smb_signing_init_ex() -> smb1_signing_init_ex()
Signed-off-by: Jeremy Allison <jra at samba.org>
Signed-off-by: David Mulder <dmulder at samba.org>
- - - - -
6ae33a62 by Jeremy Allison at 2022-03-08T22:12:37+00:00
s3: libcli: Rename smb_signing_init() -> smb1_signing_init()
Signed-off-by: Jeremy Allison <jra at samba.org>
Signed-off-by: David Mulder <dmulder at samba.org>
- - - - -
7e82ac3a by Jeremy Allison at 2022-03-08T22:12:37+00:00
s3: libcli: Rename smb_signing_good() -> smb1_signing_good()
Fix the debugs that also used this name.
Signed-off-by: Jeremy Allison <jra at samba.org>
Signed-off-by: David Mulder <dmulder at samba.org>
- - - - -
00d8b05d by Jeremy Allison at 2022-03-08T22:12:37+00:00
s3: libcli: Rename smb_signing_md5() -> smb1_signing_md5()
Fix the debug that also used this name.
Signed-off-by: Jeremy Allison <jra at samba.org>
Signed-off-by: David Mulder <dmulder at samba.org>
- - - - -
e563725a by Jeremy Allison at 2022-03-08T22:12:37+00:00
s3: libcli: Rename smb_signing_next_seqnum() -> smb1_signing_next_seqnum()
Signed-off-by: Jeremy Allison <jra at samba.org>
Signed-off-by: David Mulder <dmulder at samba.org>
- - - - -
fd932558 by Jeremy Allison at 2022-03-08T22:12:37+00:00
s3: libcli: Rename smb_signing_cancel_reply() -> smb1_signing_cancel_reply()
Signed-off-by: Jeremy Allison <jra at samba.org>
Signed-off-by: David Mulder <dmulder at samba.org>
- - - - -
6a68caff by Jeremy Allison at 2022-03-08T22:12:37+00:00
s3: libcli: Rename smb_signing_sign_pdu() -> smb1_signing_sign_pdu()
Fix the debugs that also used this name.
Signed-off-by: Jeremy Allison <jra at samba.org>
Signed-off-by: David Mulder <dmulder at samba.org>
- - - - -
84a498fe by Jeremy Allison at 2022-03-08T22:12:37+00:00
s3: libcli: Rename smb_signing_check_pdu() -> smb1_signing_check_pdu()
Fix the debugs that also used this name.
Signed-off-by: Jeremy Allison <jra at samba.org>
Signed-off-by: David Mulder <dmulder at samba.org>
- - - - -
8dd252ad by Jeremy Allison at 2022-03-08T22:12:37+00:00
s3: libcli: Rename smb_signing_activate() -> smb1_signing_activate()
Fix the debugs that also used this name.
Signed-off-by: Jeremy Allison <jra at samba.org>
Signed-off-by: David Mulder <dmulder at samba.org>
- - - - -
0c8bc1bf by Jeremy Allison at 2022-03-08T22:12:37+00:00
s3: libcli: Rename smb_signing_is_active() -> smb1_signing_is_active()
Signed-off-by: Jeremy Allison <jra at samba.org>
Signed-off-by: David Mulder <dmulder at samba.org>
- - - - -
2fd29169 by Jeremy Allison at 2022-03-08T22:12:37+00:00
s3: libcli: Remove unused smb_signing_is_allowed()
Signed-off-by: Jeremy Allison <jra at samba.org>
Signed-off-by: David Mulder <dmulder at samba.org>
- - - - -
e42fc9bc by Jeremy Allison at 2022-03-08T22:12:37+00:00
s3: libcli: Rename smb_signing_is_desired() -> smb1_signing_is_desired()
Signed-off-by: Jeremy Allison <jra at samba.org>
Signed-off-by: David Mulder <dmulder at samba.org>
- - - - -
79633b42 by Jeremy Allison at 2022-03-08T22:12:37+00:00
s3: libcli: Rename smb_signing_is_mandatory() -> smb1_signing_is_mandatory()
Signed-off-by: Jeremy Allison <jra at samba.org>
Signed-off-by: David Mulder <dmulder at samba.org>
- - - - -
7a385775 by Jeremy Allison at 2022-03-08T22:12:37+00:00
s3: libcli: Rename smb_signing_set_negotiated() -> smb1_signing_set_negotiated()
Signed-off-by: Jeremy Allison <jra at samba.org>
Signed-off-by: David Mulder <dmulder at samba.org>
- - - - -
0b391fc1 by Jeremy Allison at 2022-03-08T22:12:37+00:00
s3: libcli: Rename smb_signing_is_negotiated() -> smb1_signing_is_negotiated()
Signed-off-by: Jeremy Allison <jra at samba.org>
Signed-off-by: David Mulder <dmulder at samba.org>
- - - - -
3e021c37 by Jeremy Allison at 2022-03-08T22:12:37+00:00
s3: libcli: Rename smb_key_derivation() -> smb1_key_derivation()
Signed-off-by: Jeremy Allison <jra at samba.org>
Signed-off-by: David Mulder <dmulder at samba.org>
- - - - -
777fbb37 by Jeremy Allison at 2022-03-08T22:12:37+00:00
s3: smbd: Rename srv_check_sign_mac() -> smb1_srv_check_sign_mac().
Signed-off-by: Jeremy Allison <jra at samba.org>
Signed-off-by: David Mulder <dmulder at samba.org>
- - - - -
fa9c48ae by Jeremy Allison at 2022-03-08T22:12:37+00:00
s3: smbd: Rename srv_calculate_sign_mac() -> smb1_srv_calculate_sign_mac().
Signed-off-by: Jeremy Allison <jra at samba.org>
Signed-off-by: David Mulder <dmulder at samba.org>
- - - - -
ed648848 by Jeremy Allison at 2022-03-08T22:12:37+00:00
s3: smbd: Rename srv_cancel_sign_response() -> smb1_srv_cancel_sign_response().
Signed-off-by: Jeremy Allison <jra at samba.org>
Signed-off-by: David Mulder <dmulder at samba.org>
- - - - -
93eaaccf by Jeremy Allison at 2022-03-08T22:12:37+00:00
s3: smbd: Rename srv_set_signing_negotiated() -> smb1_srv_set_signing_negotiated().
Signed-off-by: Jeremy Allison <jra at samba.org>
Signed-off-by: David Mulder <dmulder at samba.org>
- - - - -
e0ad956c by Jeremy Allison at 2022-03-08T22:12:37+00:00
s3: smbd: Rename srv_is_signing_active() -> smb1_srv_is_signing_active().
Signed-off-by: Jeremy Allison <jra at samba.org>
Signed-off-by: David Mulder <dmulder at samba.org>
- - - - -
b8ce6949 by Jeremy Allison at 2022-03-08T22:12:37+00:00
s3: smbd: Rename srv_is_signing_negotiated() -> smb1_srv_is_signing_negotiated().
Signed-off-by: Jeremy Allison <jra at samba.org>
Signed-off-by: David Mulder <dmulder at samba.org>
- - - - -
239178ae by Jeremy Allison at 2022-03-08T23:05:19+00:00
s3: smbd: Rename srv_set_signing() -> smb1_srv_set_signing()
Signed-off-by: Jeremy Allison <jra at samba.org>
Signed-off-by: David Mulder <dmulder at samba.org>
Autobuild-User(master): David Mulder <dmulder at samba.org>
Autobuild-Date(master): Tue Mar 8 23:05:19 UTC 2022 on sn-devel-184
- - - - -
a30a7626 by Stefan Metzmacher at 2022-03-10T03:16:35+00:00
python:tests: let insta_creds() also copy the bind_dn from the template
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
90754591 by Stefan Metzmacher at 2022-03-10T03:16:35+00:00
dsdb/tests: passwords.py don't need to import BasePasswordTestCase
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5a3214c9 by Stefan Metzmacher at 2022-03-10T03:16:35+00:00
dsdb/tests: let all BasePasswordTestCase tests provide self.host_url[_ldaps]
This will make further changes easier.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
03ba5af3 by Stefan Metzmacher at 2022-03-10T03:16:35+00:00
dsdb/tests: make use of assertLoginFailure helper
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
751ce671 by Stefan Metzmacher at 2022-03-10T03:16:35+00:00
dsdb/tests: introduce assertLoginSuccess
This makes it possible to catch failures with knownfail entries.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0b1fbc9d by Stefan Metzmacher at 2022-03-10T03:16:35+00:00
dsdb/tests: prepare BasePasswordTestCase for simple bind tests
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3625d138 by Stefan Metzmacher at 2022-03-10T03:16:35+00:00
dsdb/tests: add test_login_basics_simple()
This demonstrates that 'old password allowed period' also
applies to LDAP simple binds and not only to GSS-SPNEGO/NTLMSSP binds.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15001
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
012bd9f5 by Stefan Metzmacher at 2022-03-10T03:16:35+00:00
s3:auth: let make_user_info_netlogon_interactive() set USER_INFO_INTERACTIVE_LOGON
This is not really relevant for now, as USER_INFO_INTERACTIVE_LOGON is
not evaluated in the source3/auth stack. But better add it to
be consistent.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15001
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2ad44686 by Stefan Metzmacher at 2022-03-10T03:16:35+00:00
s4:auth_sam: use USER_INFO_INTERACTIVE_LOGON as inducation for an interactive logon
Using != AUTH_PASSWORD_RESPONSE is not the correct indication
due to the local mappings from AUTH_PASSWORD_PLAIN via
AUTH_PASSWORD_HASH to AUTH_PASSWORD_RESPONSE.
It means an LDAP simble bind will now honour
'old password allowed period'.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15001
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
62fb6c1d by Garming Sam at 2022-03-10T03:16:35+00:00
rodc: Add tests for simple BIND alongside NTLMSSP binds
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5c04c013 by Stefan Metzmacher at 2022-03-10T03:16:35+00:00
s3:rpc_client: let rpccli_netlogon_network_logon() fallback to workstation = lp_netbios_name()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14641
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
31db7048 by Stefan Metzmacher at 2022-03-10T03:16:35+00:00
s4:auth: a simple bind uses the DCs name as workstation
I've seen that in LogonSamLogonEx request triggered
by a simple bind with a user of a trusted domain
within the same forest. Note simple binds don't
work with users for another forest/external domain,
as the DsCrackNames call on the bind_dn fails.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14641
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a6fb598d by Stefan Metzmacher at 2022-03-10T03:16:35+00:00
s4:auth: encrypt_user_info() should set password_state instead of mapped_state
user_info->mapped_state has nothing to do with enum auth_password_state,
user_info->password_state is the one that holds the auth_password_state value.
Luckily user_info->password_state was never referenced in the
encrypt_user_info() callers.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9a4ac8ab by Stefan Metzmacher at 2022-03-10T03:16:35+00:00
auth/ntlmssp: don't set mapped_state explicitly in auth_usersupplied_info
We already use talloc_zero() and mapped_state will be removed in the
next commits.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
859c7817 by Stefan Metzmacher at 2022-03-10T03:16:35+00:00
s4:smb_server: don't set mapped_state explicitly in auth_usersupplied_info
We already use talloc_zero() and mapped_state will be removed in the
next commits.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
99efe5f4 by Stefan Metzmacher at 2022-03-10T03:16:35+00:00
s4:dsdb: don't set mapped_state in auth_usersupplied_info for audit logging
mapped_state is completely irrelevant for audit logging and
will also be removed in the next commits.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ca694864 by Stefan Metzmacher at 2022-03-10T03:16:35+00:00
s4:kdc: don't set mapped_state in auth_usersupplied_info for audit logging
mapped_state is completely irrelevant for audit logging and
will also be removed in the next commits.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
52787b9c by Stefan Metzmacher at 2022-03-10T03:16:35+00:00
s4:rpc_server/samr: don't set mapped_state in auth_usersupplied_info for audit logging
mapped_state is completely irrelevant for audit logging and
will also be removed in the next commits.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c7b8c71b by Stefan Metzmacher at 2022-03-10T03:16:35+00:00
s4:auth: check for user_info->mapped.account_name if it needs to be filled
mapped_state is a special hack for authenticate_ldap_simple_bind_send()
in order to avoid some additional work in authsam_check_password_internals().
But that code will be changed in the next commits, so we can simplify
the logic and only check for user_info->mapped.account_name being NULL..
As it's the important factor that user_info->mapped.account_name is
non-NULL down in the auth stack.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a12683bd by Stefan Metzmacher at 2022-03-10T03:16:35+00:00
s4:auth: fix confusing DEBUG message in authsam_want_check()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c56cb12f by Stefan Metzmacher at 2022-03-10T03:16:35+00:00
s3:auth: make_user_info_map() should not set mapped_state
mapped_state is only evaluated in authsam_check_password_internals()
of auth_sam.c in source4, so setting it in the auth3 code
doesn't make any difference. I've proved that with
an SMB_ASSERT() and a full pipeline not triggering it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e1d2c59d by Stefan Metzmacher at 2022-03-10T03:16:35+00:00
nsswitch: let test_wbinfo.sh also test wbinfo -a $USERNAME@$DOMAIN
When winbindd forwards wbinfo -a via netrLogonSamLogon* to a remote
DC work fine for upn names, e.g. administrator at DOMAIN.
But it currently fails locally on a DC against the local sam.
For the RODC only work because it forwards the request to
an RWDC.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15003
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8dfdbe09 by Stefan Metzmacher at 2022-03-10T03:16:35+00:00
winbindd: don't set mapped_state in winbindd_dual_auth_passdb()
mapped_state is a special hack for authenticate_ldap_simple_bind_send()
in order to avoid some additional work in authsam_check_password_internals()
This doesn't apply here. We should also handle wbinfo -a
authentication UPN names, e.g. administrator at DOMAIN,
even if the account belongs to the local sam.
With this change the behavior is consistent also locally on DCs and
also an RODC can handle these requests locally for cached accounts.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15003
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
427125d1 by Stefan Metzmacher at 2022-03-10T03:16:35+00:00
s4:auth: rename user_info->mapped_state to user_info->cracknames_called
This makes it much clearer what it is used for and
it is a special hack for authenticate_ldap_simple_bind_send()
in order to avoid some additional work in
authsam_check_password_internals().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
24b580ca by Stefan Metzmacher at 2022-03-10T03:16:35+00:00
auth: let auth logging prefer user_info->orig_client.{account,domain}_name if available
The optional user_info->orig_client.{account,domain}_name are
the once really used by the client and should be used in
audit logging. But we still fallback to
user_info->client.{account,domain}_name.
This will be important for the next commit.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
40f2070d by Stefan Metzmacher at 2022-03-10T04:10:54+00:00
s4:auth: let authenticate_ldap_simple_bind() pass down the mapped nt4names
authenticate_ldap_simple_bind*() needs to pass the
result of the cracknames operation into the auth stack
as user_info->client.{account,domain}_name, because
user_info->client.{account,domain}_name is also used
when forwarding the request via netrLogonSamLogon*
to a remote server, for exactly that the values are
also used in order to map a AUTH_PASSWORD_PLAIN into
AUTH_PASSWORD_RESPONSE, where the NTLMv2 response
contains the account and domain names passed in the
netr_IdentityInfo value.
Otherwise it would not be possible to forward the
LDAP simple bind authentication request to a remote
DC.
Currently this only applies to an RODC that forwards
the request to an RWDC.
But note that LDAP simple binds (as on Windows) only
work for users in the DCs forest, as the DsCrackNames
need to work and it can't work for users of remote
forests. I tested that in a DC of a forest root domain,
if rejected the LDAP simple bind against a different forest,
but allowed it for a users of a child domain in the
same forest. The NTLMSSP bind worked in both cases.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu Mar 10 04:10:54 UTC 2022 on sn-devel-184
- - - - -
4f4c40bc by Jeremy Allison at 2022-03-10T16:54:32+00:00
s3: smbd: Rename smbd_server_connection_read_handler() smbd_smb1_server_connection_read_handler()
Matches the name for the SMB2 connection read handler we're about to use.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: David Mulder <dmulder at samba.org>
- - - - -
5c180649 by Jeremy Allison at 2022-03-10T16:54:32+00:00
s3: smbd: Add SMB2-only smbd_smb2_server_connection_read_handler().
Restricts negotiation to SMB2-only. This will make it easier
to remove the SMB1-only parts of the server later.
The only allowed pre-SMB2 requests are a NBSSrequest
(to set the client NetBIOS name) and a 'normal' NBSSmessage
containing an SMB1 negprot. This allows smbd_smb2_server_connection_read_handler()
to work with older clients that use an initial SMB1negprot to
bootstrap into SMB2.
Eventually all other parts of the SMB1 server will
be removed.
Not yet used.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: David Mulder <dmulder at samba.org>
- - - - -
db94eefd by Jeremy Allison at 2022-03-10T17:53:26+00:00
s3: smbd: Plumb in and use smbd_smb2_server_connection_read_handler() when server min protocol > NT1 (i.e. SMB2-only).
This will allow us to remove the SMB1 server specific code
when we disable SMB1, and still retain the ability to negotiate
up from SMB1 -> SMB2 for old clients.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: David Mulder <dmulder at samba.org>
Autobuild-User(master): David Mulder <dmulder at samba.org>
Autobuild-Date(master): Thu Mar 10 17:53:26 UTC 2022 on sn-devel-184
- - - - -
c51f9ab2 by Volker Lendecke at 2022-03-10T18:23:35+00:00
vfs: Don't mask shadow_copy2_convert()'s errno
If it's really ENOMEM, shadow_copy2_convert() did set this itself. It
might also return ENOENT for example. Found this while working on
other patches.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
812cb602 by Volker Lendecke at 2022-03-10T18:23:35+00:00
vfs: Add SMB_VFS_FSTATAT
Useful if you want to stat/fstat/lstat relative to a directory without
doing chdir first.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
854e8091 by Volker Lendecke at 2022-03-10T18:23:36+00:00
vfs: Convert get_real_filename() to NTSTATUS
This makes it possible to more easily handle STOPPED_ON_SYMLINK vs
OBJECT_PATH_NOT_FOUND vs OBJECT_NAME_NOT_FOUND and so on. The next
patch needs this to properly handle symlinks.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
688604a4 by Volker Lendecke at 2022-03-10T19:19:06+00:00
smbd: Simplify non_widelink_open()
Don't depend on fsp->fsp_flags.is_directory: We can always take the
parent directory fname, chdir into it and openat(O_PATH|O_NOFOLLOW)
the relative file name. To properly handle the symlink case without
having O_PATH, upon failure we need the call to
fstatat(AT_SYMLINK_NOFOLLOW) as a replacement for the fstat-call that
we can do when we successfully opened the relative file name with
O_NOFOLLOW.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Mar 10 19:19:06 UTC 2022 on sn-devel-184
- - - - -
b7bc1f6d by Andrew Bartlett at 2022-03-11T11:05:55+00:00
s4-kdc: Fix memory leak in FAST cookie handling
The call to sdb_free_entry() was forgotten.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15000
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Fri Mar 11 11:05:55 UTC 2022 on sn-devel-184
- - - - -
67bdc922 by Stefan Metzmacher at 2022-03-11T17:10:29+00:00
third_party/heimdal: import lorikeet-heimdal-202203101709 (commit 47863866da25cc21d292ce335a976b8b33fa1864)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15002
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15005
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
12b62308 by Stefan Metzmacher at 2022-03-11T17:10:29+00:00
docs-xml: add 'kdc enable fast' option
This will be useful to test against a KDC without FAST support
and find/prevent regressions.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15002
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15005
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
2db7589d by Stefan Metzmacher at 2022-03-11T17:10:29+00:00
s4:kdc: make use of the 'kdc enable fast' option
This will useful to test against a KDC without FAST support
and find/prevent regressions.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15002
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15005
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
f1a71e24 by Stefan Metzmacher at 2022-03-11T17:10:29+00:00
selftest: use 'kdc enable fast = no' for fl2000 fl2003
This makes sure we still run tests against KDCs without FAST support
and it already found a few regressions.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15002
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15005
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
9b48e7f7 by Stefan Metzmacher at 2022-03-11T18:06:47+00:00
third_party/heimdal: import lorikeet-heimdal-202203101710 (commit df8d801544144949931cd742169be1207b239c3d)
This fixes the regressions against KDCs without FAST support.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15002
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15005
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Fri Mar 11 18:06:47 UTC 2022 on sn-devel-184
- - - - -
0c05ea15 by Volker Lendecke at 2022-03-11T18:22:28+00:00
smbd: Avoid some casts
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
ed9ee7ed by Volker Lendecke at 2022-03-11T18:22:28+00:00
printing: Fix a DBG message
openat_pathref_fsp() returns NTSTATUS, errno might be wrong here
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
1b304efe by Volker Lendecke at 2022-03-11T18:22:28+00:00
vfs: Format a comment
I know, whitespace change, but this was just too ugly :-)
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
7153c2c4 by Volker Lendecke at 2022-03-11T18:22:28+00:00
smbd: Avoid two else statements
We return in the if-clause
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
0dda3040 by Volker Lendecke at 2022-03-11T18:22:28+00:00
smbd: Avoid an else
We continue; in the if clause
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
8cee31c6 by Volker Lendecke at 2022-03-11T18:22:28+00:00
smbd: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
0e4cc565 by Volker Lendecke at 2022-03-11T18:22:28+00:00
smbd: get_acl_group_bits() needs a fsp, not a name
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
469a7ebf by Volker Lendecke at 2022-03-11T18:22:28+00:00
smbd: Simplify dos_mode_check_compressed()
btrfs_fget_compression() is the only real implementation of
VFS_GET_COMPRESSION. It does not use the mem_ctx argument, so it seems
unnecessary to do a full malloc()/free() cycle here. Moreover, if this
was actually required, talloc_stackframe() would be more appropriate
these days as deep within the smbd even loop it does not go through
the libc malloc, but just increments a pointer.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
749c62ed by Volker Lendecke at 2022-03-11T18:22:28+00:00
smbd: Simplify dos_mode_from_name() with ISDOT()/ISDOTDOT()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
0fedcf59 by Volker Lendecke at 2022-03-11T18:22:28+00:00
smbd: Pass dirfsp instead of fname to inherit_new_acl
Move to referencing directories via fsp's instead of names where we
have them around
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
e316f82b by Volker Lendecke at 2022-03-11T18:22:28+00:00
smbd: Pass "dirfsp" and "smb_fname" to reopen_from_fsp()
Lift the conn->cwd_fsp reference one level, we might want to pass in a
real dirfsp in the future.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
93d2defa by Volker Lendecke at 2022-03-11T18:22:28+00:00
smbd: Always use O_NONBLOCK in openat_pathref_fsp()
There's no reason why we would ever want to block on open(O_PATH). The
only cases that to me right now seem relevant is oplock breaks and
FIFOs, which can block forever. Oplock breaks don't happen for
O_PATH (hopefully...) but for the non-O_PATH case we don't want to
block either but we do handle this higher up.
We're handling EWOULDBLOCK for the oplock case correctly in
open_file_ntcreate() by setting up polling. So far we haven't done
this for the implicit openat_pathref_fsp() from filename_convert()
yet. But as our kernel oplock implementation lacks in functionality
big time anyway I would rather fail an open with NETWORK_BUSY than to
sit waiting for an oplock break for 30 seconds.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
4e70b754 by Volker Lendecke at 2022-03-11T18:22:28+00:00
smbd: Mark fsp as directory after calling fstat()
Everything else is racy, and this is cheap to check.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
2bbdaca8 by Volker Lendecke at 2022-03-11T18:22:28+00:00
smbd: No need to set O_DIRECTORY in openat_pathref_fsp()
If I read Linux' man 2 open right (and susv4 agrees), O_DIRECTORY is
around to make sure opendir() is not raced against non-directory
files. opendir() needs to make sure the underlying object is actually
a directory. O_DIRECTORY is not required for opening directories in
RDONLY mode, regardless of having O_PATH or not.
At this point in openat_pathref_fsp() we don't care about the type of
the underlying object, we do fstat() and distinguish between files and
directories later according to the mode returned from fstat().
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
e7b93310 by Volker Lendecke at 2022-03-11T18:22:28+00:00
smbd: Don't require a valid stat for openat_pathref_fsp()
With the simplifications in non_widelink_open() (don't depend on the
is_directory fsp flag) the main reason for requiring a valid stat
struct in openat_pathref_fsp() is gone. With this change
openat_pathref_fsp() is now capable of being the very first (and
authoritative) name-referencing operation with openat(O_PATH) for a
name.
Without having the stat information around before calling
openat_pathref_fsp(), the call to check_same_dev_ino() becomes
obsolete here.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
de439cd0 by Volker Lendecke at 2022-03-11T18:22:28+00:00
smbd: Return ISLNK from non_widelink_open() in smb_fname
Soon we want to not require stat() calls before entering
openat_pathref_fsp() anymore but rely on the fstat on the O_PATH file
handle (alternatively the call to fstatat(AT_SYMLINK_NOFOLLOW)) done
properly from within fd_openat(). The callers of non_widelink_open()
expect the stat information to be correct in "smb_fname". Copy it in
case of not opening a symlink in the posix case.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
d8e966da by Volker Lendecke at 2022-03-11T19:19:21+00:00
smbd: Remove a few vfs_stat() calls
openat_pathref_fsp() does not need them anymore
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Fri Mar 11 19:19:21 UTC 2022 on sn-devel-184
- - - - -
d2ac90cd by Andreas Schneider at 2022-03-16T13:28:30+00:00
testprogs: Add test that local krb5.conf has been created
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
567b1996 by Andreas Schneider at 2022-03-16T13:28:30+00:00
s3:libads: Remove trailing spaces in kerberos.c
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
313f03c7 by Andreas Schneider at 2022-03-16T13:28:30+00:00
s3:libads: Leave early on error in get_kdc_ip_string()
This avoids useless allocations.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
7f721dc2 by Andreas Schneider at 2022-03-16T13:28:30+00:00
s3:libads: Improve debug messages for get_kdc_ip_string()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
81203283 by Andreas Schneider at 2022-03-16T13:28:30+00:00
s3:libads: Use talloc_asprintf_append() in get_kdc_ip_string()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
652c8ce1 by Andreas Schneider at 2022-03-16T13:28:30+00:00
s3:libads: Allocate all memory on the talloc stackframe
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
cca189d0 by Andreas Schneider at 2022-03-16T13:28:30+00:00
s3:libads: Remove obsolete free's of kdc_str
This is allocated on the stackframe now!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
12c843ad by Andreas Schneider at 2022-03-16T13:28:30+00:00
s3:libads: Check print_canonical_sockaddr_with_port() for NULL in get_kdc_ip_string()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
68d181ee by Andreas Schneider at 2022-03-16T14:26:36+00:00
s3:libads: Fix creating local krb5.conf
We create an KDC ip string entry directly at the beginning, use it if we
don't have any additional DCs.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
Autobuild-User(master): Günther Deschner <gd at samba.org>
Autobuild-Date(master): Wed Mar 16 14:26:36 UTC 2022 on sn-devel-184
- - - - -
fb13c7c9 by Archana at 2022-03-16T18:51:37+00:00
vfs: Getting exact attribute value during gpfs_stat_x calls
To properly update the filesize on all cluster nodes simultaneously
Signed-off-by: Archana Chidirala <archana.chidirala.chidirala at ibm.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
70b9977a by Elia Geretto at 2022-03-16T19:44:18+00:00
s3:libsmb: Fix errno for failed authentication in SMBC_server_internal()
In SMBC_server_internal(), when authentication fails, the errno value is
currently hard-coded to EPERM, while it should be EACCES instead. Use the
NT_STATUS map to set the appropriate value.
This bug was found because it breaks listing printers protected by
authentication in GNOME Control Panel.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14983
Signed-off-by: Elia Geretto <elia.f.geretto at gmail.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Mar 16 19:44:18 UTC 2022 on sn-devel-184
- - - - -
b01388da by Joseph Sutton at 2022-03-17T00:41:33+00:00
s4-kdc: Handle previously unhandled auth event types
Cases to handle KDC_AUTH_EVENT_VALIDATED_LONG_TERM_KEY and
KDC_AUTH_EVENT_PREAUTH_SUCCEEDED were removed in:
commit 791be84c3eecb95e03611458e2305bae272ba267
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Mar 2 10:10:08 2022 +1300
s4:kdc: hdb_samba4_audit() is only called once per request
Normally these auth event types are overwritten with the
KDC_AUTH_EVENT_CLIENT_AUTHORIZED event type, but if a client passes the
pre-authentication check, and happens to fail the client access check
(e.g. because the account is disabled), we get error messages of the
form:
hdb_samba4_audit: Unhandled hdb_auth_status=9 => INTERNAL_ERROR
To avoid such errors, use the error code provided in the request
structure to obtain a relevant status code in cases not handled
explicitly.
For unexpected values we return KRB5KRB_ERR_GENERIC
in order to hopefully prevent success. And within make test
we panic in order let a ci run fail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15015
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5294dc80 by Stefan Metzmacher at 2022-03-17T00:41:33+00:00
s4:kdc: tunnel the check_client_access status to hdb_samba4_audit()
Otherwise useful information gets lost while converting
from NTSTATUS to krb5_error and back to NTSTATUS again.
E.g. NT_STATUS_ACCOUNT_DISABLED would be audited as
NT_STATUS_ACCOUNT_LOCKED_OUT.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15015
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
18dbdf6a by Andreas Schneider at 2022-03-17T00:41:33+00:00
python:tests: Fix type error in raw_testcase.py
This fixes a lot of tests with Python 3.8. Stacktrace example:
File "python/samba/tests/krb5/as_req_tests.py", line 249, in test_as_req_enc_timestamp_rc4_dummy
self._run_as_req_enc_timestamp(
File "python/samba/tests/krb5/as_req_tests.py", line 129, in _run_as_req_enc_timestamp
as_rep, kdc_exchange_dict = self._test_as_exchange(
File "python/samba/tests/krb5/raw_testcase.py", line 3982, in _test_as_exchange
rep = self._generic_kdc_exchange(kdc_exchange_dict,
File "python/samba/tests/krb5/raw_testcase.py", line 2029, in _generic_kdc_exchange
return check_rep_fn(kdc_exchange_dict, callback_dict, rep)
File "python/samba/tests/krb5/raw_testcase.py", line 2328, in generic_check_kdc_rep
self.check_reply_padata(kdc_exchange_dict,
File "python/samba/tests/krb5/raw_testcase.py", line 2998, in check_reply_padata
got_patypes = tuple(pa['padata-type'] for pa in rep_padata)
TypeError: 'NoneType' object is not iterable
This adds additional checks for rep_padata.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
94e9b338 by Andreas Schneider at 2022-03-17T00:41:33+00:00
s4:kdc: Fix return code in mit_samba_update_pac()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
70b4660c by Andreas Schneider at 2022-03-17T00:41:33+00:00
s4:kdc: Make sure ret is set if we goto bad_option
The ret variable is just used to set the error message for logging.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
27dd3d9f by Andreas Schneider at 2022-03-17T00:41:33+00:00
s4:kdc: Fix comparison in samba_kdc_check_s4u2proxy()
CID 1502873: Control flow issues (NO_EFFECT)
>>> This greater-than-or-equal-to-zero comparison of an unsigned value is always
true. "el->num_values >= 0U".
This is probably just a paranoia check as num_values should be set to at least
1 if the we have an LDAP entry.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
1f24724b by Andreas Schneider at 2022-03-17T00:41:33+00:00
auth: Add required headers to auth_sam_reply.h
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
a84cabf4 by Andreas Schneider at 2022-03-17T00:41:33+00:00
lib:krb5_wrap: Implement smb_krb5_principal_is_tgs()
This will be used later and allows to remove static implementations.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
95cdbe17 by Andreas Schneider at 2022-03-17T00:41:34+00:00
s4:kdc: Cleanup include files in pac-glue.c
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
27554581 by Andreas Schneider at 2022-03-17T00:41:34+00:00
s4:kdc: Make pac parameter of samba_client_requested_pac() const
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
0828cbd4 by Andreas Schneider at 2022-03-17T00:41:34+00:00
s4:kdc: Implement common samba_kdc_update_pac()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
b59c55e0 by Andreas Schneider at 2022-03-17T00:41:34+00:00
s4:kdc: Use samba_kdc_update_pac() in mit_samba_reget_pac()
This is for MIT Kerberos <= 1.19
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
c78f5b72 by Andreas Schneider at 2022-03-17T00:41:34+00:00
s4:kdc: Use samba_kdc_update_pac() in mit_samba_update_pac()
This is for MIT Kerberos >= 1.20.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
2380c7ea by Andreas Schneider at 2022-03-17T00:41:34+00:00
s4:kdc: Remove ks_is_tgs_principal()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
1a28d97f by Andreas Schneider at 2022-03-17T00:41:34+00:00
s4:kdc: Remove trailing whitespace in wdc-samba4.c
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
c4ecb667 by Andreas Schneider at 2022-03-17T00:41:34+00:00
s4:kdc: Use samba_kdc_update_pac() in Heimdal DB plugin
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
2a8ae72b by Joseph Sutton at 2022-03-17T00:41:34+00:00
samba-tool: Fix typo
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
591db0cc by Joseph Sutton at 2022-03-17T00:41:34+00:00
dsdb audit tests: Fix flapping test
Use gettimeofday() to obtain the current time for comparison, to be
consistent with audit_logging.c. On Linux, time() may occasionally
return a smaller value than gettimeofday(), despite being called later.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
95abdbcb by Joseph Sutton at 2022-03-17T00:41:34+00:00
dsdb audit tests: Use assert_in_range() for comparing timestamps
This can make the code clearer. assert_in_range() takes only integer
parameters, but POSIX allows us to assume that time_t is an integer.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
52afaa0c by Joseph Sutton at 2022-03-17T00:41:34+00:00
s4:policy: Fix ACE type comparison
SEC_ACE_TYPE_ values are not flags, so this comparison does not behave
as intended. Modify the check to more closely match the comment.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
27dd0afb by Joseph Sutton at 2022-03-17T00:41:34+00:00
python/ntacls.py: Fix ACE type comparison
SEC_ACE_TYPE_ values are not flags, so this comparison does not behave
as intended. Modify the check to more closely match the one in
gp_create_gpt_security_descriptor().
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
005866b1 by Joseph Sutton at 2022-03-17T00:41:34+00:00
s4-smbtorture: Fix typo in assertion message
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
def505e6 by Joseph Sutton at 2022-03-17T01:36:59+00:00
wafsamba: Fix call to sorted()
In Python 3, sorted() does not take a 'cmp' parameter, so we need to use
the 'key' parameter instead.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu Mar 17 01:36:59 UTC 2022 on sn-devel-184
- - - - -
5b41c871 by Andrew Bartlett at 2022-03-17T01:57:38+00:00
selftest: Use more torture_assert_goto() et al in rpc.samlogon test
This testsuite can otherwise fail with an error, which cannot be covered with
a knownfail.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
28fc8df7 by Andrew Bartlett at 2022-03-17T01:57:38+00:00
selftest: Allow samba.tests.ntlm_auth to fail rather than error checking --diagnostics
This allows a knownfail entry to be written for this test.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
5e9cb0ad by Andrew Bartlett at 2022-03-17T01:57:38+00:00
selftest: Remove duplicate run of rpc.samr tests against ad_dc as "samba3"
Running these tests twice is a waste (sorry, thas was my choice when
merging s3 and s4 to just run all the tests against the AD DC) and
more importantly means that tests are run in "samba3" mode against
the AD DC, making it difficult to change the tests to expect a different
behaivour against the AD DC compared to the NT4 DC.
To assure that we have not lost tests, I ran:
grep command st/subunit | grep ad_dc| cut -f 2 -d\" | cut -f 2- -d. | sort | uniq -c
The output is:
--- /tmp/2 2022-02-11 21:00:54.033610748 +1300
+++ /tmp/now 2022-02-11 21:01:13.849823721 +1300
@@ -1,32 +1,21 @@
- 2 rpc.samr.
- 2 rpc.samr.handletype.
2 rpc.samr.handletype with .
2 rpc.samr.handletype with bigendian.
2 rpc.samr.handletype with validate.
- 2 rpc.samr.large-dc.
2 rpc.samr.large-dc on ncacn_np with .
- 2 rpc.samr.machine.auth.
2 rpc.samr.machine.auth with .
2 rpc.samr.machine.auth with bigendian.
2 rpc.samr.machine.auth with validate.
2 rpc.samr on ncacn_np with .
- 2 rpc.samr.passwords.
- 2 rpc.samr.passwords.badpwdcount.
2 rpc.samr.passwords.badpwdcount on ncacn_np with .
2 rpc.samr.passwords.lockout on ncacn_np with .
2 rpc.samr.passwords on ncacn_np with .
- 2 rpc.samr.passwords.pwdlastset.
2 rpc.samr.passwords.pwdlastset on ncacn_np with .
2 rpc.samr.passwords.validate on ncacn_ip_tcp with bigendian.
2 rpc.samr.passwords.validate on ncacn_ip_tcp with seal,padcheck.
2 rpc.samr.passwords.validate on ncacn_ip_tcp with validate.
- 2 rpc.samr.passwords.validate over ncacn_ip_tcp .
- 2 rpc.samr.priv.
2 rpc.samr.priv with .
2 rpc.samr.priv with bigendian.
2 rpc.samr.priv with validate.
- 2 rpc.samr.users.
2 rpc.samr.users on ncacn_np with .
- 2 rpc.samr.users.privileges.
2 rpc.samr.users.privileges on ncacn_np with .
4 tests.dcerpc.samr_change_password.
It is clear that the tests are all still being run at least once against the AD DC.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
4e21be7e by Andrew Bartlett at 2022-03-17T01:57:38+00:00
selftest: Remove duplicate run of rpc.lsa tests against ad_dc as "samba3"
Running these tests twice is a waste (sorry, thas was my choice when
merging s3 and s4 to just run all the tests against the AD DC) and
more importantly means that tests are run in "samba3" mode against
the AD DC, making it difficult to change the tests to expect a different
behaivour against the AD DC compared to the NT4 DC.
To assure that we have not lost tests, I ran:
grep command st/subunit | grep ad_dc| cut -f 2 -d\" | cut -f 2- -d. | sort | uniq -c
The two blocks (for rpc.lsa and rpc.lsa.*) are because the rpc.lsa.*
subtests were not previously run under ncacn_ip_tcp: and this is the
minimal change.
The output is:
--- /tmp/3 2022-02-12 14:01:50.435761067 +1300
+++ /tmp/now 2022-02-12 14:01:37.427595351 +1300
@@ -13,9 +13,8 @@
2 rpc.lsa-getuser on ncalrpc with validate.
2 rpc.lsa-getuser with bigendian.
2 rpc.lsa-getuser with seal,padcheck.
2 rpc.lsa-getuser with validate.
- 2 rpc.lsa.lookupnames.
2 rpc.lsa.lookupnames with .
2 rpc.lsa.lookupnames with bigendian.
2 rpc.lsa.lookupnames with validate.
2 rpc.lsalookup on ncacn_ip_tcp with bigendian.
@@ -26,9 +25,8 @@
2 rpc.lsalookup on ncacn_np with validate.
2 rpc.lsalookup on ncalrpc with bigendian.
2 rpc.lsalookup on ncalrpc with seal,padcheck.
2 rpc.lsalookup on ncalrpc with validate.
- 2 rpc.lsa.lookupsids.
2 rpc.lsa.lookupsids with .
2 rpc.lsa.lookupsids with bigendian.
2 rpc.lsa.lookupsids with validate.
2 rpc.lsalookup with bigendian.
@@ -42,15 +40,11 @@
2 rpc.lsa on ncacn_np with validate.
2 rpc.lsa on ncalrpc with bigendian.
2 rpc.lsa on ncalrpc with seal,padcheck.
2 rpc.lsa on ncalrpc with validate.
- 2 rpc.lsa over ncacn_ip_tcp .
- 2 rpc.lsa over ncacn_np .
- 2 rpc.lsa.privileges.
2 rpc.lsa.privileges with .
2 rpc.lsa.privileges with bigendian.
2 rpc.lsa.privileges with validate.
- 2 rpc.lsa.secrets.
2 rpc.lsa.secrets on ncacn_np with with -k no --option=clientusespnego=no.
2 rpc.lsa.secrets on ncacn_np with with -k no --option=clientusespnego=no --option=clientntlmv2auth=yes.
2 rpc.lsa.secrets on ncacn_np with with -k no --option=clientusespnego=yes.
2 rpc.lsa.secrets on ncacn_np with with -k no --option=clientusespnego=yes --option=clientntlmv2auth=yes.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
9cec421d by Andrew Bartlett at 2022-03-17T01:57:38+00:00
selftest: run s4member tests less
The s4member test environment is a historical artifact, provisioned like an
AD DC using sam.ldb and joined using the historical S4 join code.
Once running however it is nothing particualr special in winbindd, so
there is no need to run the tests against ad_member and s4member.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
1144adde by Andrew Bartlett at 2022-03-17T01:57:38+00:00
dsdb: No longer supply exact password hashes in a control to indicate password changes
This returns the API for password changes via (eg) kpasswd to the
previous design as at 7eebcebbab8f62935bd1d5460e58b0a8f2cc30e8
where a control but no partiuclar values were specified.
This avoids the issues that were attempted to be addressed between
7eebcebbab8f62935bd1d5460e58b0a8f2cc30e8 and 786c41b0954b541518d1096019e1ce7ca11e5e98
by still keeping the ACL check from 23bd3a74176be4a1f8d6d70b148ababee397cf8c.
The purpose of this change is to move away from the NT hash (unicodePwd) being
the primary password in Samba, to allow installations to operate without this
unsalted hash.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
0a907c2f by Andrew Bartlett at 2022-03-17T01:57:38+00:00
dsdb: Return dsdb_password_change control name to DSDB_CONTROL_PASSWORD_CHANGE_OLD_PW_CHECKED_OID
This makes it clearer that the purpose of this control is to indicate that the password
was already checked (by an out-of-band mechanism, eg kpasswd) and so can safely be changed
subject to ACLs etc.
This essentially reverts bbb9dc806e4399c65dee9b5dc2cde0bfaa9609bd
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
557b1ab5 by Andrew Bartlett at 2022-03-17T01:57:38+00:00
kdc: Remove pre-check for existing NT and LM hash from kpasswd
We no longer use the old NT and LM hash as proof of performing a
password change, and this removes the privileged status of these
attributes.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
338492d3 by Andrew Bartlett at 2022-03-17T01:57:38+00:00
s4-rpc_server: Remove pre-check for existing NT and LM hash from netlogon
We no longer use the old NT and LM hash as proof of performing a
password change, and this removes the privileged status of these
attributes.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
09eaf740 by Andrew Bartlett at 2022-03-17T01:57:38+00:00
s4/dsdb: Remove LM password generation and storage from password_hash
We no longer generate nor store the LM hash in the Samba AD DC.
This adds much to the knownfail, some future commits will trim this
back down by making the tests understand that the server will not
support or store the LM hash.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
2dbc8b98 by Andrew Bartlett at 2022-03-17T01:57:38+00:00
s4-auth: Disable LM authenticaton in the AD DC despite "lanman auth = yes"
LM authentication is very weak and a very bad idea, so has been deprecated since
Samba 4.11.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
6aaa1245 by Andrew Bartlett at 2022-03-17T01:57:38+00:00
s4-auth: Do not supply the LM hash to the AD DC authentication code
This still passes in the value in the LM field for checking
in case it is an NT response or LMv2.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
0f53bfe7 by Andrew Bartlett at 2022-03-17T01:57:38+00:00
s4-rpc_server: Do not use LM hash in password changes
We now only change passwords based on the NT hash.
This means we no longer support samr_OemChangePasswordUser2()
and we do not check the LM verifier din samr_ChangePasswordUser3()
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
f161e3f1 by Andrew Bartlett at 2022-03-17T01:57:38+00:00
dsdb: Remove parsing of LM password hash from "dBCSPwd" attribute
This means Samba will essentially ignore this attribute, not even attempting
to read it from the AD DC sam.ldb
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
45af51fd by Andrew Bartlett at 2022-03-17T01:57:38+00:00
selftest: Cope with LM hash not being stored in the tombstone_reanimation test
The removal of LM hash storage changes the expected metadata.
We do not need to track these values exactly to prove the
behaviour here.
This is not due to the changes in password_hash directly, which in
update_final_msg() sets DSDB_FLAG_INTERNAL_FORCE_META_DATA to force
a push out of the removed attribute to the replication state.
However at the stage of a subsequent LDAP Delete there is no longer
a lmPwdHistory nor dBCSPwd attribute, in the directory, so there is
no subsequent version bump to remove them when building a tombstone.
Samba's behaviour is different to that seen by Metze on windows 2022,
where he sees dBCSPwd removed (for the no LM store case) but
lmPwdHistory kept. We in Samba choose to differ, not storing an
ambiguous LM hsitory (of "" values likely), so allowing any version
for these two attributes is the sensible choice.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
a2fa7f42 by Andrew Bartlett at 2022-03-17T01:57:38+00:00
selftest: Allow RPC-SAMR to cope with OemChangePasswordUser2 being un-implemented
This is important to allow, after other changes, for the Samba AD DC to again
pass rpc.samr after the removal of LM hash support from the DC.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
75c54d54 by Andrew Bartlett at 2022-03-17T01:57:38+00:00
dsdb: Remove LM hash parameter from samdb_set_password() and callers
This fixes the rpc.samr test because we no longer specify an LM hash
to the DSDB layer only to have it rejected by password_hash.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
4234e9b0 by Andrew Bartlett at 2022-03-17T01:57:38+00:00
s3-ntlm_auth: Convert table of tests in --diagnostics to designated initialisers
This makes it easeir to set some as "LM auth".
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
d0b922bd by Andrew Bartlett at 2022-03-17T01:57:38+00:00
ntlm_auth: Adapt --diagnostics mode to expect that the DC does not support LANMAN by default
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
faea2f8a by Andrew Bartlett at 2022-03-17T01:57:38+00:00
selftest: Remove auth_log test for RAP password change
RAP is SMB1, the password change routine requires LM hashes and so everything
here is going away or has now gone, so remove the test.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
ac79ce22 by Andrew Bartlett at 2022-03-17T01:57:38+00:00
torture: Update rpc.samlogon to match Win19 and newer Samba behaviour for LM key
Not all cases are covered, but this much covers the areas that Samba and Win19
will agree on.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
cb691c51 by Andrew Bartlett at 2022-03-17T01:57:38+00:00
torture: Do not expect LM passwords to be accepted except by samba3
This allows Samba as an AD DC (compared with the fileserver/NT4-like DC mode) to match
windows and refuse all LM passwords, no matter what.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
ef1dbcdc by Andrew Bartlett at 2022-03-17T02:47:13+00:00
torture: Allow Samba as an AD DC to use zeros for LM key
This is simple, explainable and secure.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu Mar 17 02:47:13 UTC 2022 on sn-devel-184
- - - - -
c26ee3ba by Joseph Sutton at 2022-03-17T23:11:37+00:00
python:tests: Add tests for SDDL SID strings
We get the server to decode the SDDL by putting the SID strings in the
defaultSecurityDescriptor of a new class and making an object of that
class. We then check that the resulting SID is what we expect.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
d55b717f by Joseph Sutton at 2022-03-17T23:11:37+00:00
python: Use explicit SIDs instead of SDDL abbreviations
This is to prepare for changing the SDDL string values.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
9b913fcb by Joseph Sutton at 2022-03-17T23:11:37+00:00
s4:rpc_server/lsa: Use explicit SID instead of SDDL abbreviation
This is to prepare for the SDDL string being removed.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
e61fa573 by Joseph Sutton at 2022-03-17T23:11:37+00:00
sddl: Fix incorrect SDDL SID strings
Change the values to match those used by Windows.
Verified with PowerShell commands of the form:
New-Object Security.Principal.SecurityIdentifier ER
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
732d17a1 by Joseph Sutton at 2022-03-17T23:11:37+00:00
sddl: Add new SDDL SID strings
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
1137ebc6 by Joseph Sutton at 2022-03-17T23:11:37+00:00
sddl: Remove SDDL SID strings unsupported by Windows
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
80b22a78 by Joseph Sutton at 2022-03-17T23:11:37+00:00
python: Restore SDDL abbreviations for SIDs
This time we use the correct values.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
e7296066 by Joseph Sutton at 2022-03-17T23:11:37+00:00
selftest: Simplify krb5 test environments
It's not necessary to repeat the required environment variables for
every test.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
a9025b68 by Joseph Sutton at 2022-03-17T23:11:37+00:00
tests/krb5: Improve mock RODC creation
Use a unique name for the mock RODC. Don't assign to _rodc_ctx until the
RODC has been created, so we don't try to use a mock RODC that failed to
create.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
c91af5f1 by Joseph Sutton at 2022-03-18T00:11:25+00:00
tests/krb5: Simplify logic
This code can be made part of the previous 'else' branch.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Joseph Sutton <jsutton at samba.org>
Autobuild-Date(master): Fri Mar 18 00:11:25 UTC 2022 on sn-devel-184
- - - - -
26334df7 by Joseph Sutton at 2022-03-18T11:55:30+00:00
s4:kdc: Fix copy-paste typo
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
90e58027 by Joseph Sutton at 2022-03-18T11:55:30+00:00
tests/krb5: Remove accounts in reverse order of addition
This prevents problems if accounts are added as children of other
accounts.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
539cdaa7 by Joseph Sutton at 2022-03-18T11:55:30+00:00
tests/krb5: Add more encryption type constants
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
042137f8 by Joseph Sutton at 2022-03-18T11:55:30+00:00
tests/krb5: Add account to cleanup list before adding it to database
This ensures accounts are still cleaned up if a test fails before adding
it to the cleanup list.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
c80cd8c9 by Joseph Sutton at 2022-03-18T11:55:30+00:00
tests/krb5: Remove unused import
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
ded5115f by Joseph Sutton at 2022-03-18T11:55:30+00:00
tests/krb5: Add helper function to modify ticket flags
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
b308240c by Joseph Sutton at 2022-03-18T11:55:30+00:00
selftest/dbcheck: Fix up msDS-RevealedUsers links with deleted target DN
Replicating test accounts to the RODC and then deleting them caused
stale msDS-RevealedUsers links to remain in the database.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
eba1a9d9 by Joseph Sutton at 2022-03-18T11:55:30+00:00
auth/credentials: Add encrypt_samr_password()
This method encrypts a samr_Password structure with the current session
key, which allows for interactive SamLogon from Python.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
3e0c94a3 by Joseph Sutton at 2022-03-18T11:55:30+00:00
tests/krb5: Add tests for the Protected Users group
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
fd765aaa by Joseph Sutton at 2022-03-18T11:55:30+00:00
tests/password_lockout: Test NTLM and SAMR password changes with Protected Users
Test that NTLM and SAMR password changes cannot be used for Protected
Users, and that lockouts are not triggered for attempting to use them.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
410b8b7e by Joseph Sutton at 2022-03-18T11:55:30+00:00
tests/passwords: Test that LDAP password changes work for Protected Users
We want to disable SAMR password changes for Protected Users, but need
to ensure that other methods of changing the password still work.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
fb0f65b0 by Joseph Sutton at 2022-03-18T11:55:30+00:00
s4:provision_users.ldif: Add Protected Users group
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
3a8670c4 by Joseph Sutton at 2022-03-18T11:55:30+00:00
dsdb/common: Add helper function for determining if account is in Protected Users group
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
831c245a by Stefan Metzmacher at 2022-03-18T11:55:30+00:00
s4:kdc: simplify samba_kdc_message2entry by using data_blob_string_const("computer")
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
233ce6b2 by Joseph Sutton at 2022-03-18T11:55:30+00:00
s4:kdc: Add function to get user_info_dc from database
The resulting user_info_dc is kept in the 'samba_kdc_entry' structure,
so it can be reused between calls.
This allows us to simplify samba_kdc_get_pac_blobs(), as it no longer
need to return a user_info_dc structure.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
402d5f59 by Joseph Sutton at 2022-03-18T11:55:30+00:00
s4:kdc: Add KDC support for Protected Users group
Accounts in the Protected Users group acting as clients lack support for
the RC4 encryption type. TGTs issued to such accounts have a lifetime
restricted to four hours, and are unable to be proxied or forwarded.
To determine at lookup time whether a client account is a member of
Protected Users, we now also create an auth_user_info_dc structure when
creating the database entry for an AS-REQ, rather than only when
creating a PAC for a TGT, or when recreating the PAC from an RODC-issued
TGT.
This means that the user's groups are now expanded even for AS-REQs that
result in an error (such as a PREAUTH_REQUIRED error), but this is
required to be able to correctly determine the account's available
encryption types, which are needed soon after fetching the user account.
Currently, the TGT lifetime may exceed four hours (for Heimdal
specifically). This may happen if PKINIT is used, and either the
pkinit_max_life_from_cert_extension option is TRUE and
pkinit_max_life_bound is greater than four hours, or
pkinit_max_life_from_cert is greater than four hours.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
16a7ce0c by Joseph Sutton at 2022-03-18T11:55:30+00:00
s4:auth: Disable NTLM authentication for Protected Users
We also move the authentication to after checking whether the user is
protected, so that if a user in the Protected Users group tries to
authenticate with a wrong password, the bag password count is not
incremented and the account is not locked out. This does not match
MS-APDS, but matches the behaviour of Windows.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
62cf7a4a by Joseph Sutton at 2022-03-18T11:55:30+00:00
s4:rpc_server/samr: Simplify lp_ctx expression
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
bf509bf7 by Joseph Sutton at 2022-03-18T11:55:30+00:00
tests/sam: Ensure that Protected Users group cannot be deleted
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
4f1b7684 by Joseph Sutton at 2022-03-18T11:55:30+00:00
functionalprep.sh: Add test for samba-tool add group --special
Test that we can add the special Protected Users group, and that we get
an appropriate error message when attempting to add it a second time.
We add these tests here so that we can make use of an old provision that
does not already have the Protected Users group added.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
7b710a05 by Joseph Sutton at 2022-03-18T11:55:30+00:00
samba-tool group: Add --special parameter to add predefined special group
This allows default security groups that have been added since Windows
Server 2008 R2, such as Protected Users, to be created in pre-existing
domains. An error message is generated if a group already exists with
the same name, DN, or SID.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
cf8048cd by Joseph Sutton at 2022-03-18T12:45:17+00:00
s4:rpc_server/samr: Use extended DN when searching for user
Switch to dsdb_search() for looking up the user for changing the
password, and specify that we want extended DNs. Using the SID or GUID
avoids a race condition if the DN of the user changes.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Fri Mar 18 12:45:17 UTC 2022 on sn-devel-184
- - - - -
c88938b3 by Thomas Debesse at 2022-03-21T12:57:33+00:00
WHATSNEW: IRC is irc.libera.chat according to https://www.samba.org/samba/irc.html
Signed-off-by: Thomas Debesse <dev at illwieckz.net>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
59e67dc8 by Andrew Bartlett at 2022-03-21T13:52:06+00:00
WHATSNEW: Mention our matrix room as well
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Jule Anger <janger at samba.org>
Autobuild-Date(master): Mon Mar 21 13:52:06 UTC 2022 on sn-devel-184
- - - - -
5fe341d2 by Jeremy Allison at 2022-03-22T16:49:34+00:00
s3: torture: Add 2 new tests SMB2-DEL-ON-CLOSE-NONWRITE-DELETE-NO, SMB2-DEL-ON-CLOSE-NONWRITE-DELETE-YES.
We currently allow setting the delete on close bit for
a directory containing only explicitly hidden/vetoed files
in the case where "delete veto files = yes" *and*
"delete veto files = no". For the "delete veto files = no"
case we should be denying setting the delete on close bit
when the client tries to set it (that's the only time Windows
looks at the bit and returns an error to the user). We
already do the in the dangling symlink case, we just
missed it in the !is_visible_fsp() case.
Mark SMB2-DEL-ON-CLOSE-NONWRITE-DELETE-NO as knownfail
for now.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15023
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
80503b46 by Jeremy Allison at 2022-03-22T17:48:25+00:00
s3: smbd: Don't allow setting the delete on close bit on a directory if it contains non-visible files and "delete veto files = no"..
Remove knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15023
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Mar 22 17:48:25 UTC 2022 on sn-devel-184
- - - - -
c886d58b by Andreas Schneider at 2022-03-23T11:33:33+00:00
gitlab-ci: Remove unused variable for ubuntu1604
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
0e81b796 by Andreas Schneider at 2022-03-23T11:33:33+00:00
gitlab-ci: Use Ubuntu 20.04 for Coverity
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
4993faea by Andreas Schneider at 2022-03-23T11:33:33+00:00
gitlab-ci: Drop Fedora 34
It should be enough to run on the latest Fedora version. This should save us
some CI minutes. We have CentOS runners and I would prefer to add CentOS9
Stream.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
0b10962d by Andreas Schneider at 2022-03-23T11:33:33+00:00
gitlab-ci: Update to openSUSE 15.3
This drops openSUSE 15.1 and 15.2 to save some CI resources.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
1bde388b by Andreas Schneider at 2022-03-23T11:33:33+00:00
gitlab-ci: Drop Debian 10
It should be enough to build on the latest Debian version. We have older
Ubuntu versions already.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
c0f5af21 by Andrew Bartlett at 2022-03-23T12:31:47+00:00
lib/replace: Do not typedef int bool
We need a genuine boolean type, as otherwise expressions like
bool foo = (4 & 4);
if (foo == true) {
exit(1);
} else {
exit(2);
}
could evaluate differently on non-modern platforms, and
that would be a real pain to debug.
_Bool and bool are in C99
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15028
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Wed Mar 23 12:31:47 UTC 2022 on sn-devel-184
- - - - -
dbde99a0 by Stefan Metzmacher at 2022-03-23T13:27:45+00:00
replace: add explicit function pointer casting from dlsym() to avoid warnings
This avoids a lot of warnings on AIX.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Wed Mar 23 13:27:45 UTC 2022 on sn-devel-184
- - - - -
280e9191 by Volker Lendecke at 2022-03-23T16:57:28+00:00
smbd: Make non_widelink_open() robust for non-cwd dirfsp
If you pass in dirfsp!=conn->cwd_fsp and a stream fsp, we don't chdir
to the parent pathname, and thus we also don't overwrite
fsp->base_fsp.
fsp->base_fsp!=NULL is thus the wrong condition to restore the
original base fsp name: If we open a stream with a non-cwd_fsp dirfsp,
we would overwrite fsp->base_fsp->fsp_name with NULL.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
313d207d by Volker Lendecke at 2022-03-23T16:57:28+00:00
lib: Slightly simplify add_interface()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
3353174d by Volker Lendecke at 2022-03-23T16:57:28+00:00
lib: Add a pair of {}
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
393176e9 by Volker Lendecke at 2022-03-23T16:57:28+00:00
lib: Use talloc_zero, save a ZERO_STRUCT
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
bd692c1f by Volker Lendecke at 2022-03-23T16:57:28+00:00
smbd: Avoid an "else"
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
3505285c by Volker Lendecke at 2022-03-23T16:57:28+00:00
smbd: Fix a misleading comment
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a0c897ba by Volker Lendecke at 2022-03-23T16:57:28+00:00
smbd: Use ISDOT/ISDOTDOT in ReadDirName()
With those macros, we check n[0] twice now, but I think the compiler
should either optimize that out or if it can't this will be in the CPU
cache, so the second check should be practially free. I can't imagine
this makes any difference but the better readability.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
202a8a53 by Volker Lendecke at 2022-03-23T16:57:28+00:00
smbclient: strequal() -> ISDOT/ISDOTDOT
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
80d72b53 by Volker Lendecke at 2022-03-23T17:53:08+00:00
smbd: Make an if-statement in ReadDirName() a bit more readable
Align to make the () structure more obvious
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Mar 23 17:53:09 UTC 2022 on sn-devel-184
- - - - -
ab0946a7 by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: strictly have 2 16-bit parts in krbtgt kvnos
Even if the msDS-KeyVersionNumber of the main krbtgt
account if larger than 65535, we need to have
the 16 upper bits all zero in order to avoid
mixing the keys with an RODC.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14951
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7312bca8 by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: remove unused mkvno from sdb_key
This is not related to the kvno of the key,
the mkvno tells the HDB layer that the keys need to
be decrypted with a master key (with the given [m]kvno).
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ba6fccf4 by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: let sdb_entry_to_hdb_entry() initialize *h at the beginning
This is clearer and make further changes easier.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6152db35 by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: let sdb_entry_ex_to_krb5_db_entry() initialize 'k' at the beginning
This is clearer and make further changes easier.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
829bb366 by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: let sdb_free_entry clear sdb_entry_ex at the end
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
244e1880 by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:libnet: sdb_free_entry() already clears everything
There's no need to know about '.free_entry'.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4f6a34df by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:libnet: ask for SDB_F_ADMIN_DATA in order to create a keytab entry
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ff03d88d by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: remove unused sdb_entry_ex->free_entry()
It seems we need to take a closer look at the
memory hierachy of the sdb_entry related code.
I'll check that during the next commits,
but for now just remove use the unused hook.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
97dbdb48 by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: call krb5_free_keyblock_contents() in free_sdb_key()
This is much clearer than doing it in sdb_free_entry() already.
It also simplifies the next cleanups.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ccd11c2c by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: don't leak salt in free_sdb_key()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a77933f9 by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: let samba_kdc_entry_destructor() call sdb_free_entry()
It's basically the same as free_sdb_entry(), but the next
step will make free_sdb_entry() private.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9bc5aedd by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: make free_sdb_entry() static
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d2f471f9 by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: rename free_sdb_key() as public sdb_key_free() function
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9c7de9a5 by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: split out a sdb_keys_free() helper function
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
732d9cee by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: remove unused samba_kdc_entry->entry_ex
It will only ever point to an sdb_entry_ex
and becomes a stale pointer fast, as
sdb_free_entry() called before any talloc_free()
can happen (with a destructor still set).
Note the talloc parent of samba_kdc_entry
is the samba_kdc_db_context longterm context.
The next commits will fill samba_kdc_entry_destructor
with logic again, but for now remove the unused code.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2323f9d2 by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: let sdb_entry have a typed samba_kdc_entry pointer
Both layers are owned by us so there's no need for an void
pointer.
This simplifies the code a lot and allows further cleanups.
Eventually we can remove sdb_entry_ex and only use sdb_entry,
as Heimdal also removed hdb_entry_ex.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
788ccb8c by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: make the logic between ZERO_STRUCTP(entry_ex) and sdb_free_entry(entry_ex) clearer
samba_kdc_[trust_]message2entry() always starts with
ZERO_STRUCTP(entry_ex) and cleans up on error with
sdb_free_entry(entry_ex), leaving a cleared structure again.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14054
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c2eb5086 by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: let samba_kdc_entry take references to sdb_entry and kdc_entry
kdc_entry can be hdb_entry or krb5_db_entry.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
cd295a89 by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: expose a sdb_entry_to_krb5_db_entry() function
We'll remove sdb_entry_ex soon.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f8d9cdb5 by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: expose sdb_entry_to_hdb_entry() function
We'll remove sdb_entry_ex soon.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c95a0bca by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: expose a sdb_entry_free() function
We'll remove sdb_entry_ex soon.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
28924f35 by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: add a samba_kdc_sort_keys() function using TYPESAFE_QSORT()
This is better than calloc/free each time.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
35508449 by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: only pass sdb_keys to samba_kdc_set_fixed_keys()
This prepares the removal of sdb_entry_ex.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b8c0f406 by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: only pass keys to samba_kdc_set_random_keys()
This prepares the removal of sdb_entry_ex.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c3171a73 by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: remove Primary:Kerberos usage from samba_kdc_message2entry_keys()
Most likely the kerberos libraries don't support DES anymore, so
there's no point in exposing them at all.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
79565856 by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: split out a samba_kdc_fill_user_keys() helper function
This will simplify further changes, e.g. asking for a specific kvno
or returning the password history in order to prevent
badPwdCount updates with passwords in the history.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d5951bbf by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: remove unused principal argument to samba_kdc_trust_message2entry()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4878ea14 by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: only pass sdb_entry to samba_kdc_message2entry_keys()
sdb_entry_ex will be removed as it just contains sdb_entry.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
477ea29e by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: s/entry_ex->entry\./entry->/g in samba_kdc_message2entry()
We should avoid using entry_ex->entry as sdb_entry_ex will be removed.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
049c9060 by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: only ZERO and free sdb_entry in samba_kdc_message2entry()
sdb_entry_ex only contains sdb_entry, so this is still doing
the same, but we want to remove sdb_entry_ex soon.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f81e3b49 by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: s/entry_ex->entry\./entry->/g in samba_kdc_trust_message2entry()
We should avoid using entry_ex->entry as sdb_entry_ex will be removed.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
57829933 by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: only ZERO and free sdb_entry in samba_kdc_trust_message2entry()
sdb_entry_ex only contains sdb_entry, so this is still doing
the same, but we want to remove sdb_entry_ex soon.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d3770c7d by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: only pass sdb_entry to samba_kdc_trust_message2entry()
It no longer needs sdb_entry_ex.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e5eb8c8c by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: only pass sdb_entry to samba_kdc_message2entry()
It no longer needs sdb_entry_ex.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e528c93c by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: samba_kdc_lookup_realm() only needs sdb_entry
sdb_entry_ex will be removed shortly.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b8c738a9 by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: samba_kdc_fetch_client() only needs sdb_entry
sdb_entry_ex will be removed shortly.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e74a8992 by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: samba_kdc_fetch_krbtgt() only needs sdb_entry
sdb_entry_ex will be removed shortly.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ac1cdffe by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: samba_kdc_fetch_server() only needs sdb_entry
sdb_entry_ex will be removed shortly.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
158132c9 by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: samba_kdc_seq() only needs sdb_entry
sdb_entry_ex will be removed shortly.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a71b74b2 by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: hdb_samba4_fetch_fast_cookie() don't need sdb_entry_ex
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
dceae1bb by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: use sdb_entry_to_hdb_entry() directly
We should avoid sdb_entry_ex, as it will be removed soon.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
225c610f by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: remove unused sdb_entry_ex_to_hdb_entry_ex()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f223f215 by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: use sdb_entry_to_krb5_db_entry() directly
We should avoid sdb_entry_ex, as it will be removed soon.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
83b3695b by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: remove unused sdb_entry_ex_to_kdb_entry_ex()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3cba1641 by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: samba_kdc_fetch() only needs sdb_entry
sdb_entry_ex will be removed shortly.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
14487c40 by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: samba_kdc_{first,next}key() only need sdb_entry
sdb_entry_ex will be removed shortly.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
68dfb463 by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:libnet: avoid using sdb_entry_ex and use sdb_entry directly
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
59262192 by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: avoid using sdb_entry_ex in samba_wdc_reget_pac()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
61548c7c by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: avoid using sdb_entry_ex in mit_samba_get_principal()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e7b101e1 by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: avoid using sdb_entry_ex in mit_samba_get_{first,next}key()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
bf9ec0a6 by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: avoid using sdb_entry_ex in netr_samlogon_generic_logon()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f917a20f by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: avoid using sdb_entry_ex in hdb_samba4_fetch_kvno()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
57bf9752 by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: avoid using sdb_entry_ex in hdb_samba4_{first,next}key()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d05f2323 by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: finally remove unused 'struct sdb_entry_ex'
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d062225e by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: pass flags and kvno down to samba_kdc_message2entry_keys()
We need a ways to ask for a specific kvno if SDB_F_KVNO_SPECIFIED
is requested. And also include the old and older keys from
the password history in the next commits.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14054
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5f28a948 by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: add old and older keys to sdb_entry
This is the first step to return the password history
in order to avoid badPwdCount updates for failing
pre-authentication with passwords from the recent history.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14054
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
01e7425f by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: teach samba_kdc_message2entry_keys() to handle old and older keys too
We return the requested kvno if given, otherwise we include the
old and older keys for CLIENT|FOR_AS_REQ or SDB_F_ADMIN_DATA lookups.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14054
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2d9fd385 by Andrew Bartlett at 2022-03-24T09:19:33+00:00
s4:kdc: Pass supported enctypes to samba_kdc_set_fixed_keys()
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
- - - - -
548169a3 by Andrew Bartlett at 2022-03-24T09:19:33+00:00
s4:kdc: Pass supported enctypes to samba_kdc_set_random_keys()
We should not supprise the callers by returning more keys than we asked to
filter by and avoids duplicating the protected_users logic within
samba_kdc_set_fixed_keys().
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
- - - - -
2684856a by Andrew Bartlett at 2022-03-24T09:19:33+00:00
s4:kdc: Add const to "msg" parameter in samba_kdc_message2entry_keys()
This will help with a future caller.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
2340a9a4 by Andrew Bartlett at 2022-03-24T09:19:33+00:00
s4:kdc: Pull auth_sam_trigger_repl_secret() up one layer to samba_kdc_message2entry()
This avoids making a call out in samba_kdc_message2entry_keys() and allows
for potential reuse of the key parsing code.
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
- - - - -
29eb7e24 by Andrew Bartlett at 2022-03-24T09:19:33+00:00
s4:kdc: Move supported enc-type handling out of samba_kdc_message2entry_keys()
By putting this in the caller we potentially allow samba_kdc_message2entry_keys()
to be reused by a non-KDC caller.
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
- - - - -
d1d65d27 by Andrew Bartlett at 2022-03-24T10:17:32+00:00
s4:kdc: Expose samba_kdc_message2entry_keys()
This allows the KDC to share the supplementalCredentials parsing code
with other parts of Samba that could use it.
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Thu Mar 24 10:17:32 UTC 2022 on sn-devel-184
- - - - -
0036617a by Jeremy Allison at 2022-03-24T16:28:37+00:00
s4: torture: Add regression test for re-opening a durable handle after calling SMB2 setinfo (end of file).
This is an implementation of a test written by Apple for their
client. Currently fails to reconnect due to btime being overwritten
incorrectly in the SMB2 setinfo path.
Add knownfail.d/durable-v2-setinfo
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15022
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
9f62a149 by Jeremy Allison at 2022-03-24T16:28:37+00:00
s3: smbd: In set_ea_dos_attribute() cause root fallback code to exit via the same place.
We're going to add another action on success next.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15022
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
2fc0820a by Jeremy Allison at 2022-03-24T16:28:37+00:00
s3: smbd: In set_ea_dos_attribute(), if we've stored btime and set XATTR_DOSINFO_CREATE_TIME successfully, we need to clear ST_EX_IFLAG_CALCULATED_BTIME.
This is no longer a calculated field, every call to fdos_mode() will
set it as non-calculated.
https://bugzilla.samba.org/show_bug.cgi?id=15022
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
d460118b by Jeremy Allison at 2022-03-24T16:28:37+00:00
s3: VFS: vxfs: All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
If doing an SMB_VFS_FSTAT() returning onto the stat struct stored in the fsp,
we must call vfs_stat_fsp() as this preserves the iflags.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15022
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
2b246dbf by Jeremy Allison at 2022-03-24T16:28:37+00:00
s3: smbd: mdssvc: All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
If doing an SMB_VFS_FSTAT() returning onto the stat struct stored in the fsp,
we must call vfs_stat_fsp() as this preserves the iflags.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15022
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
ec2fb9d2 by Jeremy Allison at 2022-03-24T16:28:37+00:00
s3: smbd: open_internal_dirfsp() add missing file_free() in error path.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15022
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
a604dd02 by Jeremy Allison at 2022-03-24T16:28:37+00:00
s3: smbd: open_internal_dirfsp(). All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
If doing an SMB_VFS_FSTAT() returning onto the stat struct stored in the fsp,
we must call vfs_stat_fsp() as this preserves the iflags.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15022
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
18694c81 by Jeremy Allison at 2022-03-24T16:28:37+00:00
s3: smbd: non_widelink_open(). All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
If doing an SMB_VFS_FSTAT() returning onto the stat struct stored in the fsp,
we must call vfs_stat_fsp() as this preserves the iflags.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15022
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
cfadecca by Jeremy Allison at 2022-03-24T16:28:37+00:00
s3: smbd: open_file(). All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
If doing an SMB_VFS_FSTAT() returning onto the stat struct stored in the fsp,
we must call vfs_stat_fsp() as this preserves the iflags.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15022
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
064c5770 by Jeremy Allison at 2022-03-24T16:28:37+00:00
s3: smbd: mkdir_internal(). 1 of 2. All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
If doing an SMB_VFS_FSTAT() returning onto the stat struct stored in the fsp,
we must call vfs_stat_fsp() as this preserves the iflags.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15022
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
7f5c4848 by Jeremy Allison at 2022-03-24T16:28:37+00:00
s3: smbd: mkdir_internal(). 2 of 2. All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
If doing an SMB_VFS_FSTAT() returning onto the stat struct stored in the fsp,
we must call vfs_stat_fsp() as this preserves the iflags.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15022
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
b53a69f4 by Jeremy Allison at 2022-03-24T16:28:37+00:00
s3: smbd: rename_internals_fsp(). All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
If doing an SMB_VFS_FSTAT() returning onto the stat struct stored in the fsp,
we must call vfs_stat_fsp() as this preserves the iflags.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15022
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
8d3812da by Jeremy Allison at 2022-03-24T16:28:37+00:00
s3: smbd: call_trans2qfilepathinfo(). All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
If doing an SMB_VFS_FSTAT() returning onto the stat struct stored in the fsp,
we must call vfs_stat_fsp() as this preserves the iflags.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15022
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
6a25b699 by Jeremy Allison at 2022-03-24T16:28:37+00:00
s3: smbd: call_trans2setfilepathinfo(). All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags..
If doing an SMB_VFS_FSTAT() returning onto the stat struct stored in the fsp,
we must call vfs_stat_fsp() as this preserves the iflags.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15022
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
c4193f11 by Jeremy Allison at 2022-03-24T16:28:37+00:00
s3: pysmbd.c: init_files_struct(). All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
If doing an SMB_VFS_FSTAT() returning onto the stat struct stored in the fsp,
we must call vfs_stat_fsp() as this preserves the iflags.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15022
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
fbc6cdfb by Jeremy Allison at 2022-03-24T16:28:37+00:00
s3: cmd_vfs: cmd_open(). All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
If doing an SMB_VFS_FSTAT() returning onto the stat struct stored in the fsp,
we must call vfs_stat_fsp() as this preserves the iflags.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15022
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
23d5c909 by Jeremy Allison at 2022-03-24T16:28:37+00:00
s3: cmd_vfs: cmd_set_nt_acl(). All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
If doing an SMB_VFS_FSTAT() returning onto the stat struct stored in the fsp,
we must call vfs_stat_fsp() as this preserves the iflags.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15022
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
7fb2038f by Jeremy Allison at 2022-03-24T16:28:37+00:00
s3: smbd: smbd_smb2_getinfo_send(). All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
If doing an SMB_VFS_FSTAT() returning onto the stat struct stored in the fsp,
we must call vfs_stat_fsp() as this preserves the iflags.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15022
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
c4f9c372 by Jeremy Allison at 2022-03-24T17:21:29+00:00
s3: smbd: smbd_smb2_setinfo_send(). All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
If doing an SMB_VFS_FSTAT() returning onto the stat struct stored in the fsp,
we must call vfs_stat_fsp() as this preserves the iflags.
This is the last SMB_VFS_FSTAT that uses fsp->fsp_name->st, so
remove knownfail.d/durable-v2-setinfo
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15022
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Mar 24 17:21:29 UTC 2022 on sn-devel-184
- - - - -
c788ed7b by David Mulder at 2022-03-24T23:40:47+00:00
samba-gpupdate: Implement enhanced logging
This ports the enhanced logging capabilities from
AltLinux gpupdate. It generates log messages such
as:
2022-03-02 11:28:54.872|[E40104]| Failed to set interfaces for zone | {'val': 'work'}
2022-03-02 11:28:55.017|[E40104]| Failed to set interfaces for zone | {'val': 'home'}
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Mar 24 23:40:47 UTC 2022 on sn-devel-184
- - - - -
00ea6549 by Samuel Cabrero at 2022-03-25T17:03:29+00:00
s3:winbind: Convert wcache_opnum_cacheable() to a whitelist
It avoids having to explicitly blacklist new DCE/RPC calls.
This is the current list of non cacheable calls:
NDR_WBINT_PING
NDR_WBINT_QUERYSEQUENCENUMBER
NDR_WBINT_ALLOCATEUID
NDR_WBINT_ALLOCATEGID
NDR_WBINT_CHECKMACHINEACCOUNT
NDR_WBINT_CHANGEMACHINEACCOUNT
NDR_WBINT_PINGDC
NDR_WBINT_LISTTRUSTEDDOMAINS
It includes the ListTrustedDomains call recently converted to a local
RPC call.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
0d668dfb by Samuel Cabrero at 2022-03-25T17:03:29+00:00
s3:winbind: Return NTSTATUS from wbint_Ping() RPC function
There are no users of this function but the next commit will convert the
struct-based WINBINDD_PING call to a local RPC wbint_Ping() call.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
3e747891 by Samuel Cabrero at 2022-03-25T17:03:29+00:00
s3:winbind: Convert Ping parent/child call to NDR
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
41c72ae9 by Samuel Cabrero at 2022-03-25T17:57:18+00:00
examples: Update winbindd.stp and its generator script
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Fri Mar 25 17:57:18 UTC 2022 on sn-devel-184
- - - - -
f7447267 by Ralph Boehme at 2022-03-25T19:05:06+00:00
smbd: expand DEBUG statement in smbd_dirptr_get_entry() to include the dir and direntry name
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Mar 25 19:05:06 UTC 2022 on sn-devel-184
- - - - -
206909d5 by Thomas Debesse at 2022-03-25T20:25:28+00:00
s4: dns: Add customizable dns port option
Signed-off-by: Thomas Debesse <dev at illwieckz.net>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Mar 25 20:25:28 UTC 2022 on sn-devel-184
- - - - -
bd590c03 by Andreas Schneider at 2022-03-25T20:58:33+00:00
s4:kdc: Improve debug message of samba_kdc_fetch_server()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7b226a66 by Andreas Schneider at 2022-03-25T20:58:33+00:00
s4:kdc: Remove trailing white spaces in kdc-service-mit.c
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5636c59a by Andreas Schneider at 2022-03-25T20:58:33+00:00
s4:kdc: If we set the kerberos debug level to 10 write a trace file
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e2b9df1c by Andreas Schneider at 2022-03-25T20:58:33+00:00
s4:tests: Run Heimdal PKINIT tests only against ad_dc env
There is not difference kerberos-wise between those two envs.
This reverts 661e1a229e85f566c5fc5d43ea03fbb29847439a.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
28f57a75 by Andreas Schneider at 2022-03-25T20:58:33+00:00
s4:kdc: Add Smart Card and file based PKINIT support
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b39176f7 by Andreas Schneider at 2022-03-25T20:58:33+00:00
selftest: Setup PKINIT for MIT Kerberos
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4d0ea9e3 by Andreas Schneider at 2022-03-25T20:58:33+00:00
testprogs: Fix kerberos_kinit with additional options
The additional options need to come before we specify the principal
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9baac4a8 by Andreas Schneider at 2022-03-25T20:58:33+00:00
testprogs: Rename test_pkinit_heimdal.sh
We want one common test which works against Heimdal and MIT Kerberos.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ff0b3a9e by Andreas Schneider at 2022-03-25T20:58:33+00:00
testprogs: Format test_pkinit_simple.sh with shfmt
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a0deaed6 by Andreas Schneider at 2022-03-25T20:58:33+00:00
testprogs: Fix calculating failed in test_pkinit_simple.sh
We only want to increase it if a test is failing. If something is expected to
fail, we should not count that as failed.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e1728858 by Andreas Schneider at 2022-03-25T20:58:33+00:00
testprogs: Manually reformat testit commands in test_pkinit_simple.sh
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3aa7df56 by Andrew Bartlett at 2022-03-25T20:58:33+00:00
testprogs: Change from $foo to "${foo}" variable style
This is selected from and to improve the understanding of:
testprogs: A PKINIT test which runs against Heimdal and MIT Kerberos
There is no need to specify the enctype and it isn't supported with MIT
Kerberos.
Signed-off-by: Andreas Schneider <asn at samba.org>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
c27f17df by Andreas Schneider at 2022-03-25T20:58:33+00:00
testprogs: Remove the usage of enctype in test_pkinit_simple.sh
This is not needed anymore and the default is AES in the meantime.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6a125b0a by Andreas Schneider at 2022-03-25T20:58:33+00:00
testprogs: A PKINIT test which runs against Heimdal and MIT Kerberos
There is no need to specify the enctype and it isn't supported with MIT
Kerberos.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f0f47eed by Andreas Schneider at 2022-03-25T20:58:33+00:00
testprogs: Rename test_pkinit_pac_heimdal.sh
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
970f1100 by Andreas Schneider at 2022-03-25T20:58:33+00:00
testprogs: Reformat test_pkinit_pac.sh with shfmt
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
06da77a3 by Andreas Schneider at 2022-03-25T20:58:33+00:00
testprogs: Manually reformat test_pkinit_pac.sh
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
67294a23 by Andreas Schneider at 2022-03-25T21:54:11+00:00
testprogs: A PKINIT PAC test which runs against Heimdal and MIT Kerberos
There is no need to specify the enctype and it isn't supported by MIT Kerberos
anyway.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Fri Mar 25 21:54:11 UTC 2022 on sn-devel-184
- - - - -
bd1fd3de by Andreas Schneider at 2022-03-28T02:17:37+00:00
s4:selftest: Remove ad_dc_ntvfs env from several tests
It doesn't make sense to run tests against ad_dc and ad_dc_ntvfs in
those cases.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e4ea06ec by Joseph Sutton at 2022-03-28T02:17:37+00:00
samba-tool delegation: Add function to display security descriptor for RBCD
We also check some features of the security descriptor, and display
warnings if they are not as expected.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14954
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
572f90bd by Joseph Sutton at 2022-03-28T02:17:37+00:00
samba-tool delegation show: Display information for RBCD
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14954
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9a480f27 by Joseph Sutton at 2022-03-28T02:17:37+00:00
samba-tool delegation: Add commands to add/remove principals for RBCD
These commands allow updating the
msDS-AllowedToActOnBehalfOfOtherIdentity attribute with principals
allowed to delegate to an account.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14954
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
52f96294 by Joseph Sutton at 2022-03-28T02:17:37+00:00
samba-tool delegation: Clarify msDS-AllowedToDelegateTo delegation command documentation
This makes the difference between msDS-AllowedToDelegateTo and
msDS-AllowedToActOnBehalfOfOtherIdentity more clear.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14954
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3dccf63e by Joseph Sutton at 2022-03-28T02:17:37+00:00
samba-tool: Return correct result for _get_user_realm_domain()
We were returning the realm and the domain in the wrong order.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0bd4bc40 by Joseph Sutton at 2022-03-28T03:11:51+00:00
samba-tool: Check specified domain and realm against our own
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Mon Mar 28 03:11:51 UTC 2022 on sn-devel-184
- - - - -
127f728d by Christof Schmitt at 2022-03-28T09:10:58+00:00
vfs_gpfs: Initialize litemask to 0
The change from commit fb13c7c94f to query exact values for atime,
mtime, ctime and size is not necessary, as none of these are used in
this codepath. Initiale litemask to 0 instead.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15027
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Mon Mar 28 09:10:58 UTC 2022 on sn-devel-184
- - - - -
14e71127 by Andrew Bartlett at 2022-03-28T10:06:01+00:00
waf: Document the confusing --nonshared-binary, --builtin-libraries, --private-libraries and --bundled-libraries
These options are confusing to all who encounter them.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=8731
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Mon Mar 28 10:06:01 UTC 2022 on sn-devel-184
- - - - -
1884bc11 by Andrew Bartlett at 2022-03-29T02:33:34+00:00
s4-auth: Remove unused acct_flags parameter
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
360bb864 by Andrew Bartlett at 2022-03-29T02:33:34+00:00
s4-auth: Do not trigger RODC replication unless missing all passwords
With the NT hash becoming optional we cannot make blind assumptions that
a missing value means we are on an RODC needing the password replicated.
Instead, check for supplementalCredentials as well.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
86f7e4e6 by Andrew Bartlett at 2022-03-29T02:33:34+00:00
s4-auth: Only build auth_developer module in developer mode
This is a silly module for provoking NTSTATUS replies for testing and
was useful many moons ago for determining the NTSTATUS -> DOS table that
windows uses.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
d7a91a85 by Andrew Bartlett at 2022-03-29T03:32:57+00:00
s4-auth: Remove last traces of LanMan authentiation support in the AD DC.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Tue Mar 29 03:32:57 UTC 2022 on sn-devel-184
- - - - -
1f78a8e3 by Volker Lendecke at 2022-03-29T21:32:34+00:00
smbd: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
91ac9ce0 by Volker Lendecke at 2022-03-29T21:32:34+00:00
lib: GENCACHE_RAM isn't used anymore
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
af1719a9 by Volker Lendecke at 2022-03-29T21:32:34+00:00
smbd: Fix create_file_unixpath()'s stream handling
Make create_file_unixpath() robust against callers explicitly passing
in ":$DATA" as a stream name indicating the default stream. Right now
we NULL this out in callers, but this might change in the future.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
103dc3f9 by Volker Lendecke at 2022-03-29T21:32:34+00:00
smbd: Add a DEBUG to create_file_unixpath()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
50bac246 by Volker Lendecke at 2022-03-29T21:32:34+00:00
smbd: Simplify reply_rmdir()
We don't need to check this here, create_file_default and callees take
care of this.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e41f8001 by Volker Lendecke at 2022-03-29T21:32:34+00:00
smbd: Don't NULL out the "::$DATA" in openat_pathref_fsp()
Slight simplification now possible after introducing and using
fsp_is_alternate_stream() almost everywhere.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
825dcc6a by Volker Lendecke at 2022-03-29T22:24:38+00:00
smbd: Don't NULL out "::$DATA"
Slight simplification now possible after introducing and using
fsp_is_alternate_stream() almost everywhere.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Mar 29 22:24:38 UTC 2022 on sn-devel-184
- - - - -
42eeed05 by Stefan Metzmacher at 2022-03-29T22:32:32+00:00
buildtools: remove unused testwaf.sh
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
10d69da1 by Stefan Metzmacher at 2022-03-29T22:32:32+00:00
lib/fuzzing/README.md: don't use waf directly
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0be4f567 by Stefan Metzmacher at 2022-03-29T22:32:32+00:00
s4:selftest/provisions: make use of 'make testenv' and avoid direct waf
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a6b1e4b5 by Stefan Metzmacher at 2022-03-29T22:32:32+00:00
wafsamba: let test_duplicate_symbol.sh export PYTHONHASHSEED=1
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
22c46d9f by Stefan Metzmacher at 2022-03-29T22:32:32+00:00
configure/Makefile: export PYTHONHASHSEED=1 in all 'configure/Makefile' scripts
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
aa02cf3c by Stefan Metzmacher at 2022-03-29T22:32:32+00:00
ctdb/packaging/RPM: don't use waf directly
./configure && make && make install is will always work.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
420bbb1d by Stefan Metzmacher at 2022-03-29T23:31:38+00:00
wafsamba: require PYTHONHASHSEED=1 to be exported
This avoids a lot of trouble with random build failures,
if people try to use waf directly.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Tue Mar 29 23:31:38 UTC 2022 on sn-devel-184
- - - - -
36ccb98a by Stefan Metzmacher at 2022-03-30T11:13:35+00:00
python/join: improve logging of join_replicate()
It's useful to have timestamps to see the
time used for replication and committing.
We also warn the user that the committing stage
may take some time.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8597cc9d by Stefan Metzmacher at 2022-03-30T11:13:35+00:00
s4:dsdb/descriptor: split out struct descriptor_transaction
This will make it easier to add more details to the per transaction
state.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4c32f46a by Stefan Metzmacher at 2022-03-30T11:13:35+00:00
s4:dsdb/descriptor: add statistics for security descriptor propagation
In order to analyze the security descriptor propagation we remember
how much work we registered/processed.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b812ade4 by Stefan Metzmacher at 2022-03-30T11:13:35+00:00
s4:dsdb/descriptor: skip duplicates in descriptor_extended_sec_desc_propagation()
During replication we may need to fallback to using DRS_GET_TGT,
which means that we'll get a lot of objects more than once,
the most important one it the partition root object.
It means we'll also do the security descriptor propagation more than
once for these objects, which is extrememly costly for the partition
root objects and other objects near the root.
I analyzed a domain where we collected ~ 50000 descriptor_changes
registrations for the initial replication of ~ 22000 objects
in the database.
For that domain we spend ~ 4 hours for the security descriptor
propagation in descriptor_prepare_commit(), while the replication
itself was finished in less than 2 minutes.
With this change we reduce the number of registered/processed
descriptor_changes down to ~ 22000, while is reduces the time
from ~ 4 hours to just ~ 3 minutes 20 seconds!
The statitics changed from:
descriptor_prepare_commit: changes: num_registered=50000
descriptor_prepare_commit: changes: num_processed=50000
descriptor_prepare_commit: objects: num_processed=12000000
to:
descriptor_prepare_commit: changes: num_registrations=50000
descriptor_prepare_commit: changes: num_registered=22000
descriptor_prepare_commit: changes: num_processed=22000
descriptor_prepare_commit: objects: num_processed=80800
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ce38b30c by Stefan Metzmacher at 2022-03-30T11:13:35+00:00
s4:dsdb/descriptor: pass parent guid to dsdb_module_schedule_sd_propagation()
This is preparation to optimize the security descriptor propagation
in the following commits.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
bd1e667a by Stefan Metzmacher at 2022-03-30T11:13:35+00:00
s4:dsdb/descriptor: sort descriptor_changes tree based
For the hot code path, e.g. the commit after the initial replication,
we typically have one descriptor_changes for each object in the
database.
It means that we most likely have 5 naming contexts/partitions.
Except of their head/root object have a valid parent_guid,
so can move all of them into the tree structure.
Now we start the processing at the partition root objects,
which means that we also process all child objects in
the same run. While processing these objects we are most
likely able to mark their related descriptor_changes structure
as done removing it from the hierarchy.
With the 22000 object domain it reduces the time spend in
the commit stage from 3m 20s down to 2m 50s.
The statistics are changed from:
descriptor_prepare_commit: changes: num_registrations=50000
descriptor_prepare_commit: changes: num_registered=22000
descriptor_prepare_commit: changes: num_processed=22000
descriptor_prepare_commit: objects: num_processed=80800
to:
descriptor_prepare_commit: changes: num_registrations=50000
descriptor_prepare_commit: changes: num_registered=22000
descriptor_prepare_commit: changes: num_toplevel=5
descriptor_prepare_commit: changes: num_processed=5200
descriptor_prepare_commit: objects: num_processed=68800
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f7f65ceb by Stefan Metzmacher at 2022-03-30T12:06:21+00:00
s4:dsdb/descriptor: skip duplicates in descriptor_sd_propagation_object()
We're now sure that the security descriptor propagation happened
first for parent objects.
It means we can safely skip processing the same object twice in
descriptor_sd_propagation_object().
For the database with ~ 22000 objects it reduced the commit time
from 2m 50s down to 2m 24s.
The statistics are changed from:
descriptor_prepare_commit: changes: num_registrations=50000
descriptor_prepare_commit: changes: num_registered=22000
descriptor_prepare_commit: changes: num_toplevel=5
descriptor_prepare_commit: changes: num_processed=5200
descriptor_prepare_commit: objects: num_processed=68800
to:
descriptor_prepare_commit: changes: num_registrations=50000
descriptor_prepare_commit: changes: num_registered=22000
descriptor_prepare_commit: changes: num_toplevel=5
descriptor_prepare_commit: changes: num_processed=5200
descriptor_prepare_commit: objects: num_processed=22000
descriptor_prepare_commit: objects: num_skipped=41600
It means that we have "changes: num_registered" and
"objects: num_processed" exactly match the number
of replicated objects.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Wed Mar 30 12:06:21 UTC 2022 on sn-devel-184
- - - - -
e01c5992 by Jeremy Allison at 2022-03-30T14:16:29+00:00
s3: tests.py: Only run smb2.rename against fileserver.
No need to run this against nt4_dc or ad_dc.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15038
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
e862a2d9 by Jeremy Allison at 2022-03-30T14:16:29+00:00
s4: torture: Add CHECK_VAL macro to smb2/rename.c. Not yet used.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15038
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
4725ef5c by Jeremy Allison at 2022-03-30T14:16:29+00:00
s4: torture: Add CHECK_CREATED macro to smb2/rename.c. Not yet used.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15038
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
1301e646 by Jeremy Allison at 2022-03-30T14:16:29+00:00
s4: torture: Add test_smb2_close_full_information() test to smb2.rename.
Creates a file, opens it again on two different connections
and then renames it. When we close and ask for SMB2_CLOSE_FLAGS_FULL_INFORMATION
we expect this to succeed and return valid data on the handles that did not do
the rename request.
This currently succeeds by accident on master, so we are not
adding a knownfail.d/ file here. When we back-port this test
to 4.16.next, 4.15.next we will add a knownfail.d file.
The rename request zeros out the fsp->fsp_name->st field on the handles
that are open but are not being renamed, marking them as INVALID_STAT.
This should not happen on any open handle. Fix to follow will
preserve the field on rename in both the local connection and
different connection case.
Master gets away with this as in this branch, openat_pathref_fsp(),
which we use in the setup_close_full_information() call to fetch
the SMB2_CLOSE_FLAGS_FULL_INFORMATION data doesn't require an
existing VALID_STAT struct in order to open the file. This
hides the fact the rename zeroed out fsp->fsp_name->st.
4.16.x and 4.15.x don't have this fix, so expose the bug.
Regardless, even in master we should not zero out any
fsp->fsp_name->st values on rename.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15038
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
5e1aa469 by Jeremy Allison at 2022-03-30T14:16:29+00:00
s3: smbd: Preserve the fsp->fsp_name->st bufs across rename_open_files()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15038
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
06bfac21 by Jeremy Allison at 2022-03-30T15:07:09+00:00
s3: smbd: Preserve the fsp->fsp_name->st buf across a MSG_SMB_FILE_RENAME message.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15038
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Wed Mar 30 15:07:09 UTC 2022 on sn-devel-184
- - - - -
f734e960 by Ralph Boehme at 2022-03-31T17:53:29+00:00
CI: avoid smb2.twrp being run by plansmbtorture4testsuite() directly
This should only be run by a blackbox test.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15035
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ba9c5ba8 by Ralph Boehme at 2022-03-31T17:53:29+00:00
CI: add a test listing a snapshotted directory
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15035
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
9fa67ba8 by Ralph Boehme at 2022-03-31T18:47:42+00:00
vfs_shadow_copy2: implement readdir()
RN: shadow_copy2 fails listing snapshotted dirs with shadow:fixinodes
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15035
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Mar 31 18:47:42 UTC 2022 on sn-devel-184
- - - - -
24f4bea5 by Ralph Boehme at 2022-03-31T23:01:37+00:00
vfs_fruit: change default for "fruit:zero_file_id" option to yes
After discussion with folks at Apple it should be safe these days to rely on the
Mac to generate its own File-Ids and let Samba return 0 File-Ids.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
8532d7b3 by Ralph Boehme at 2022-03-31T23:01:37+00:00
CI: consolidate SMB2-FILEID and SMB2-FILEID-UNIQUE torture test suites
We don't need seperate test suites here, all tests are related to
File-Ids.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
8ad0febd by Ralph Boehme at 2022-03-31T23:01:37+00:00
vfs: bump VFS version to 47
The VFS version bump to 47 was missed when adding SMB_VFS_FSTATAT(). While at
it, fix the version history.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
643da37f by Ralph Boehme at 2022-03-31T23:01:37+00:00
smbd: remove itime and file_id logic and code
This bases File-Ids on the inode numbers again. The whole stuff was
added because at that time Apple clients
1. would be upset by inode number reusage and
2. had a client side bug in their fallback implemetentation that
assigns File-Ids on the client side in case the server provides
File-Ids of 0.
After discussion with folks at Apple it should be safe these days to
rely on the Mac to generate its own File-Ids and let Samba return 0
File-Ids.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
4b029699 by Ralph Boehme at 2022-03-31T23:58:54+00:00
smbd: consolidate nested if expressions
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Mar 31 23:58:54 UTC 2022 on sn-devel-184
- - - - -
59d1044e by Andreas Schneider at 2022-04-01T10:29:31+00:00
Add missing final newline to end of c file
find $(pwd) -type f -name "*.c" | xargs sed -i -e '$a\'
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
012d81d0 by Andreas Schneider at 2022-04-01T10:29:31+00:00
Add missing final newline to end of sh file
find $(pwd) -type f -name "*.sh" | xargs sed -i -e '$a\'
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ac7d0b45 by Andreas Schneider at 2022-04-01T11:20:35+00:00
Move LSP stuff to buildtools/devel_env.sh
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Fri Apr 1 11:20:35 UTC 2022 on sn-devel-184
- - - - -
b3ab69a4 by Volker Lendecke at 2022-04-01T20:19:29+00:00
torture: Introduce error labels for vfstest's cmd_open()
Next patch will have another error exit
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
fbce308d by Volker Lendecke at 2022-04-01T20:19:29+00:00
torture: Create a base_fsp for a named stream in vfstest
This will enable a simplification in the stream-handling openat vfs
routines.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
702af7f8 by Volker Lendecke at 2022-04-01T20:19:29+00:00
vfs: Ensure we have a base fsp openat() for named streams
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
b15c2497 by Volker Lendecke at 2022-04-01T20:19:29+00:00
vfs: streams_xattr uses fsetxattr by now, remove an assert
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
57bcbbca by Volker Lendecke at 2022-04-01T20:19:29+00:00
smbd: Don't loose base_fsp statinfo in non_widelink_open
smb_fname_rel came from SMB_VFS_PARENT_PATHNAME() without a reference
to the underlying base_fsp. We want to pass the existing stat-info to
the VFS objects, so when creating the relative base fsp_name we should
copy the stat-info from the base fsp we were handed, not the fake one
that we just made up in SMB_VFS_PARENT_PATHNAME()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
edc4c910 by Volker Lendecke at 2022-04-01T21:18:37+00:00
vfs: Simplify streams_depot_openat()
We don't need an explicit stat(), VALID_STAT on the existing base_fsp
is sufficient.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Apr 1 21:18:37 UTC 2022 on sn-devel-184
- - - - -
79132b33 by Andreas Schneider at 2022-04-04T07:59:51+00:00
script: Fix check_symbols() with gcov build
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Mon Apr 4 07:59:51 UTC 2022 on sn-devel-184
- - - - -
41717363 by Volker Lendecke at 2022-04-04T11:45:24+00:00
lib: Stay ASCII-compatible for toupper_m/tolower_m
This is an alternative patch for MR2339: It seems that Windows AD in
turkish locale is ASCII-compatible with 'i'. Björn tells me that the
turkish locale is the only one where upper/lower casing letters in the
ASCII range is not compatible to ASCII.
Simplify our code by not calling the locale-specific standard
toupper/tolower for the ASCII range but rely on our tables.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Mon Apr 4 11:45:24 UTC 2022 on sn-devel-184
- - - - -
7b98e6fc by Andreas Schneider at 2022-04-04T18:38:36+00:00
waf: Import Logs in wscript_configure_system_gnutls
We do not use Options, but we do use Logs.warn()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
efc2de0d by Andreas Schneider at 2022-04-04T18:38:36+00:00
waf: Check for GnuTLS earlier
As GnuTLS is an essential part we need to check for it early so we can react on
GnuTLS features in other wscripts.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a543d38c by Andreas Schneider at 2022-04-04T19:31:28+00:00
third_party:waf: Do not recurse in aesni-intel if GnuTLS provides the cipher
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon Apr 4 19:31:28 UTC 2022 on sn-devel-184
- - - - -
157d2dd7 by David Mulder at 2022-04-05T00:54:37+00:00
gpo: Certificate Auto Enrollment default Kerberos auth
Certificate Auto Enrollment uses Kerberos to
authenticate to AD. If someone configures their
cepces.conf to use a different default
authentication, then samba-gpupdate fails. Force
Kerberos auth from samba-gpupdate.
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
63bbdbae by David Mulder at 2022-04-05T01:44:33+00:00
gpo: Improve Certificate Auto Enroll Debug messages
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Apr 5 01:44:33 UTC 2022 on sn-devel-184
- - - - -
2f6b3178 by Martin Schwenke at 2022-04-06T06:34:37+00:00
ctdb-packaging: Move RPM spec file to examples directory
We used to use this for building test packages for standalone CTDB.
However, our testing has now changed to use binary tarballs. We
believe we were the only users of this spec file and expect CTDB to
only be installed as part of a top-level Samba build, especially in
RPM form.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
93824b8c by Vinit Agnihotri at 2022-04-06T06:34:37+00:00
packaging: move CTDB service file to top-level
Signed-off-by: Vinit Agnihotri <vagnihotri at ddn.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
bcd66e17 by Martin Schwenke at 2022-04-06T06:34:37+00:00
ctdb-common: Add function ctdb_tunable_load_file()
Allows direct loading of tunables from a file.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
5fa0c86b by Martin Schwenke at 2022-04-06T06:34:37+00:00
ctdb-tests: Reformat script
Samba is reformatting shell scripts using
shfmt -w -p -i 0 -fn
so update this one before editing.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
c413838f by Martin Schwenke at 2022-04-06T06:34:37+00:00
ctdb-tests: Strip trailing newlines from expected result output
This allows the provided output to be specified a little more
carelessly. As per the comment, trailing newlines can't be matched
anyway, so this is notionally a bug fix.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
38113493 by Martin Schwenke at 2022-04-06T06:34:37+00:00
ctdb-tests: Add function test_case(), tweak unit test header format
Instead of documenting test cases with a comment, this allows them to
be documented via an argument to a function that is printed when the
test case is run. This makes it easier locate test case failures when
commands used by test cases look similar,
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
b14f2a20 by Martin Schwenke at 2022-04-06T06:34:37+00:00
ctdb-tests: Add unit tests for tunables code
This aims to test ctdb_tunable_load_file() but also exercises
ctdb_tunable_names() and ctdb_tunable_get_value().
ctdb_tunable_set_value() is indirectly exercised via
ctdb_tunable_load_file().
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
a509ee05 by Martin Schwenke at 2022-04-06T06:34:37+00:00
ctdb-daemon: New function ctdb_tunables_load()
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
f49446cb by Martin Schwenke at 2022-04-06T06:34:37+00:00
ctdb-daemon: Load tunables from ctdb.tunables
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
0902553d by Martin Schwenke at 2022-04-06T06:34:37+00:00
ctdb-scripts: No longer load tunables via 00.ctdb.script setup event
Drop related tests.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
208034ec by Martin Schwenke at 2022-04-06T06:34:37+00:00
ctdb-doc: Update documentation for tunables configuration
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
3caddaaf by Martin Schwenke at 2022-04-06T06:34:37+00:00
ctdb-config: Drop CTDB_STARTUP_TIMEOUT
This was added to be able to notice startup failures when unknown
tunables were present in the configuration. Tunables are now set by
the daemon, so this is no longer necessary.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
cb438ecf by Martin Schwenke at 2022-04-06T06:34:37+00:00
ctdb-scripts: Drop all public IPs in the "shutdown" event
This is functionally the same as ctdb_release_all_ips().
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
6fb08a65 by Martin Schwenke at 2022-04-06T06:34:37+00:00
ctdb-daemon: Don't release all public IPs during shutdown sequence
This further untangles public IP handling from the main daemon.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
aca59722 by Martin Schwenke at 2022-04-06T06:34:37+00:00
ctdb-scripts: Remove failsafe that drops all IPs on failed shutdown
IPs are dropped in the shutdown event.
If a watchdog is necessary to ensure public IPs aren't on interfaces
when CTDB isn't running, then see ctdb-crash-cleanup.sh.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
a1e78cc3 by Martin Schwenke at 2022-04-06T06:34:37+00:00
ctdb-scripts: Drop uses of ctdbd_wrapper
The only value this now provides is use of a notification script to
log when start/stop are called. This was used for debugging strange
start/stop failures, which have not been recently seen. Also, systemd
does a good job of logging start/stop.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
8deec3bc by Martin Schwenke at 2022-04-06T06:34:37+00:00
ctdb-scripts: Drop unused ctdbd_wrapper
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
39f70481 by Martin Schwenke at 2022-04-06T07:32:04+00:00
WHATSNEW: Document some CTDB changes
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay at samba.org>
Autobuild-Date(master): Wed Apr 6 07:32:04 UTC 2022 on sn-devel-184
- - - - -
f1765f91 by Jeremy Allison at 2022-04-06T16:15:36+00:00
s3: smbget: Fix auth_fn, order of //server/share parameters is mixed in prompt.
Found by <voetelink at nrg.eu>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14831
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
7ad4047b by Volker Lendecke at 2022-04-06T16:15:36+00:00
streams_depot: Pass base_sbuf to stream_smb_fname()
In streams_depot_openat() we're sure to have a valid base_fsp with a
valid stat around. We don't need the additional SMB_VFS_NEXT_STAT() in
stream_dir() in this case.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d79194b2 by Volker Lendecke at 2022-04-06T16:15:36+00:00
streams_depot: Only create the subdirectories with O_CREAT
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a27bbfc8 by Volker Lendecke at 2022-04-06T17:09:59+00:00
streams_depot: Simplify stream_dir()
The only place where we could have entered the mark_valid() code path
is via openat(). In openat(":stream") with O_CREAT fsp->base_fsp() is
fully opened from within create_file_unixpath(). Change
streams_depot_openat() to call the FSETXATTR from mark_file_valid()
directly. This means we don't need the expensive synthetic_pathref()
call from stream_dir() anymore.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Apr 6 17:09:59 UTC 2022 on sn-devel-184
- - - - -
1b014618 by Pavel Filipenský at 2022-04-07T08:55:37+00:00
selftest: Create users "jackthemapper" and "jacknomapper"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15041
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Noel Power <npower at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
26e4268d by Pavel Filipenský at 2022-04-07T08:55:37+00:00
selftest: Create groups "jackthemappergroup" and "jacknomappergroup"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15041
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
0feeb6d5 by Pavel Filipenský at 2022-04-07T08:55:37+00:00
selftest: Add to "username.map" mapping for jackthemappergroup
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15041
Only for environment ad_member_idmap_nss.
* !jacknompapper = \@jackthemappergroup
jackthemaper from group jackthemappergroup is mapped to jacknompapper
* !root = jacknomappergroup
since there is no '@' or '+' prefix, it is not an UNIX group mapping
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
af8747a2 by Pavel Filipenský at 2022-04-07T08:55:37+00:00
s3:tests Test "username map" for UNIX groups
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15041
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
6dc463d3 by Pavel Filipenský at 2022-04-07T09:49:44+00:00
s3:auth: Fix user_in_list() for UNIX groups
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15041
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
Autobuild-User(master): Noel Power <npower at samba.org>
Autobuild-Date(master): Thu Apr 7 09:49:44 UTC 2022 on sn-devel-184
- - - - -
ef341e0f by Volker Lendecke at 2022-04-07T16:33:28+00:00
modules: Use conn->cwd_fsp in fruit_open_rsrc_adouble()
None of the adouble infrastructure is really prepared for a dirfsp
that is not conn->cwd_fsp, there are quite a few direct references to
it in adouble.c. This needs conversion, but at this point we need to
make fruit_openat() robust against a non-cwd_fsp dirfsp argument.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
0d05bc2e by Volker Lendecke at 2022-04-07T16:33:28+00:00
smbd: Align open_file() argument order with reopen_from_fsp()
dirfsp first, then dirfsp-relative atname, then fsp. smb_fname_atname
will be used soon.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
6e6ced4b by Volker Lendecke at 2022-04-07T17:30:29+00:00
smbd: Use dirfsp and atname passed to open_file()
Give non_widelink_open() to use the cheaper path without the full
chdir() logic when called via open_file_ntcreate()/open_file().
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Apr 7 17:30:29 UTC 2022 on sn-devel-184
- - - - -
77343f8f by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Add WITH_SMB1SERVER enabled for now
This adds the definition WITH_SMB1SERVER, enabled
by default for now meant for removing smb1 server
code. This will be removed and replaced with a
configure option later.
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
2266fd4c by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Move message.c -> smb1_message.c
message.c only contains smb1 code.
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
92b6efe3 by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Move sesssetup.c -> smb1_sesssetup.c
sesssetup.c only contains smb1 code.
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e00b09ce by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Move lanman.c -> smb1_lanman.c
lanman.c only contains smb1 code.
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
630d946d by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Disable build for SMB1 only files
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
35b184b5 by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Allow disabling SMB1 in struct smbXsrv_connection
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c510bd33 by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Move schedule_aio_read_and_X to smb1_aio.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
6a17ce32 by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Move schedule_aio_write_and_X to smb1_aio.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
3b1c02e4 by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Move aio.c -> smb2_aio.c
aio.c now contians only smb2 code
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
49f7763d by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Move nt_status_np_pipe to smb2_ipc.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d42a78f6 by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Move ipc.c -> smb1_ipc.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
23615a27 by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Move negprot_spnego to smb2_negprot.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
dd633d56 by David Mulder at 2022-04-07T17:37:29+00:00
smbd: negprot_spnego allow disabling smb1 spnego set
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1139ad7b by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Move negprot.c -> smb1_negprot.c
negprot.c only contains smb1 code.
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
24488743 by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Move set_sd to smb2_nttrans.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
7e88a86a by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Move set_sd_blob to smb2_nttrans.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
17e04761 by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Move copy_internals to smb2_nttrans.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
0ed7f06e by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Move smbd_do_query_security_desc to smb2_nttrans.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a5292f0b by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Move smbd_do_query_getinfo_quota to smb2_nttrans.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
feb6c593 by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Move nttrans.c -> smb1_nttrans.c
nttrans.c now contians only smb1 code
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
bb346639 by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Move new_break_message_smb1 to smb1_oplock.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
bed19efa by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Move send_break_message_smb1 to smb1_oplock.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1e0b0402 by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Disable smb1 oplock calls when smb1 is disabled
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
4f0a8e5b by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Move oplock.c -> smb2_oplock.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c3503721 by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Move reply_open_pipe_and_X to smb1_pipes.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
3d371386 by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Move reply_pipe_write_and_X to smb1_pipes.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
0a68f9d4 by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Move reply_pipe_read_and_X to smb1_pipes.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
2069d235 by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Move pipes.c -> smb2_pipes.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
08fa5527 by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Move check_path_syntax* to smb2_reply.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
0e3a46fc by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Move srvstr_get_path* to smb2_reply.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a8e1f65c by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Move srvstr_pull_req_talloc to smb2_reply.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
0d21c676 by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Move check_fsp_open to smb2_reply.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
347c7af9 by David Mulder at 2022-04-07T17:37:29+00:00
smbd: move check_fsp to smb2_reply.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f0396b9a by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Move check_fsp_ntquota_handle to smb2_reply.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
95d96068 by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Move reply_special to smb2_reply.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
56ac1efc by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Move unlink_internals to smb2_reply.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
01ee69a9 by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Move fake_sendfile to smb2_reply.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a8985a8a by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Move sendfile_short_send to smb2_reply.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
4140d179 by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Move rename_internals_fsp to smb2_reply.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
160849a8 by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Move rename_internals to smb2_reply.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
fdf5727c by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Move copy_file to smb2_reply.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a85436ac by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Move get_lock_offset to smb2_reply.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
0be7643b by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Move smbd_do_unlocking to smb2_reply.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
3daa70d7 by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Move reply.c -> smb1_reply.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
b431ec8d by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Disable call to smb1_srv_is_signing_active without smb1
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
0ad4a38a by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Move make_connection to smb1_service.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
cafa8260 by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Move service.c -> smb2_service.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
047df615 by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Move smb2_srv_init_signing to smb2_signing.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
7893b3cb by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Move srv_init_signing to smb2_signing.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
3e38df7d by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Disable call to smb1_srv_init_signing without smb1
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
7439d7eb by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Move signing.c -> smb1_signing.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e8c36c25 by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Split process_smb() into process_smb1() and process_smb2()
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
8914b9ca by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Split srv_send_smb into smb1_srv_send/smb2_srv_send
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
08aa1619 by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Move srv_send_smb/smb2_srv_send to smb2_process.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e287f7c2 by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Move srv_set_message to smb2_process.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
cd111f72 by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Move read_packet_remainder to smb2_process.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
b2313722 by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Split receive_smb_talloc into smb1_receive_talloc/smb2_receive_talloc
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
7e55512a by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Move receive_smb_talloc/smb2_receive_talloc to smb2_process.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
4a4be535 by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Move remove_deferred_open_message_smb to smb2_process.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
86452205 by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Move schedule_deferred_open_message_smb to smb2_process.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f1cc153e by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Move open_was_deferred to smb2_process.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
8e3f8099 by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Move get_deferred_open_message_state to smb2_process.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
9e451746 by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Separate smb1 code from push_deferred_open_message_smb
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
5582077b by David Mulder at 2022-04-07T17:37:30+00:00
smbd: Move push_deferred_open_message_smb to smb2_process.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
92d18a35 by David Mulder at 2022-04-07T17:37:30+00:00
smbd: Move reply_outbuf and construct_reply_common_req to smb2_process.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f2fc4227 by David Mulder at 2022-04-07T17:37:30+00:00
smbd: Move process_smb to smb2_process.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
137d2989 by David Mulder at 2022-04-07T17:37:30+00:00
smbd: Disable smb1 in smbXsrv_connection_init_tables
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
635bf851 by David Mulder at 2022-04-07T17:37:30+00:00
smbd: Move smbXsrv_connection_init_tables to smb2_process.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
7a8f77ac by David Mulder at 2022-04-07T17:37:30+00:00
smbd: Move smbXsrv_connection_dbg to smb2_process.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e153f427 by David Mulder at 2022-04-07T17:37:30+00:00
smbd: Disable smb1 in smbd_add_connection
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
3d37047f by David Mulder at 2022-04-07T17:37:30+00:00
smbd: Disable smb1 in smbd_server_connection_handler
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c43c9ef3 by David Mulder at 2022-04-07T17:37:30+00:00
smbd: Disable smb1 in smbd_smb2_server_connection_read_handler
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
6f792afe by David Mulder at 2022-04-07T17:37:30+00:00
smbd: Move smbd_add_connection to smb2_process.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
2e0e49f4 by David Mulder at 2022-04-07T17:37:30+00:00
smbd: Disable smb1 in smbd_process
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
43672e15 by David Mulder at 2022-04-07T17:37:30+00:00
smbd: Move smbd_process to smb2_process.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
7e1ff0ff by David Mulder at 2022-04-07T17:37:30+00:00
smbd: Move process.c -> smb1_process.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
34feb418 by David Mulder at 2022-04-07T17:37:30+00:00
smbd: Move smb1_utils.h include to smbd.h
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
88b07d3b by David Mulder at 2022-04-07T17:37:30+00:00
smbd: Move send_trans2_replies to smb1_trans2.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
547f5c78 by David Mulder at 2022-04-07T17:37:30+00:00
smbd: Move smb_set_posix_lock to smb1_trans2.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
aab698e5 by David Mulder at 2022-04-07T17:37:30+00:00
smbd: Move reply_trans2 to smb1_trans2.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
97136a7a by David Mulder at 2022-04-07T17:37:30+00:00
smbd: Move reply_transs2 to smb1_trans2.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
481b7bfd by Jeremy Allison at 2022-04-07T17:37:30+00:00
s3: smbd: Move reply_findclose() from trans2.c to smb1_reply.c
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: David Mulder <dmulder at suse.com>
- - - - -
b2e52ab9 by Jeremy Allison at 2022-04-07T17:37:30+00:00
s3: smbd: Move reply_findnclose() from trans2.c to smb1_reply.c
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: David Mulder <dmulder at suse.com>
- - - - -
85753e46 by David Mulder at 2022-04-07T17:37:30+00:00
smbd: Move trans2.c -> smb2_trans2.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e081b25e by David Mulder at 2022-04-07T17:37:30+00:00
torture: Disable vfs chain test dependant on SMB1
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
b70c88fb by David Mulder at 2022-04-07T17:37:30+00:00
smbd: Disable use of smb_fn_name without SMB1 in error.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
941ed7ef by David Mulder at 2022-04-07T17:37:30+00:00
smbd: Disable SMB_QUERY_CIFS_UNIX_INFO when SMB1 is disable
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
858a49d1 by David Mulder at 2022-04-07T17:37:30+00:00
smbd: Disable SMB_SET_POSIX_LOCK when SMB1 is disabled
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f810a113 by David Mulder at 2022-04-07T17:37:30+00:00
smbd: Remove duplicate read_nttrans_ea_list function prototype
Because this stray prototype was mixed in with
the smb1 code, it caused the smb2-only build to
fail. Instead of duplicating the function
prototype, lets just include the correct header.
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
8084c432 by David Mulder at 2022-04-07T17:37:30+00:00
smbd: Disable use of smb_fn_name when SMB1 is disabled
perfcount_test.c was using the smb_fn_name
function, which doesn't exist when SMB1 is
disabled.
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ed23ce77 by David Mulder at 2022-04-07T17:37:30+00:00
smbd: Move valid_smb_header to smb2_process.c
valid_smb_header is needed for a multi-protocol
negotiation.
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f0ae7fba by David Mulder at 2022-04-07T17:37:30+00:00
smbd: Move init_smb_request to smb2_process.c
init_smb_request is needed for a multi-protocol
negotiation.
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
aa61db2d by David Mulder at 2022-04-07T17:37:30+00:00
smbd: Enable multi-protocol negotiate w/out SMB1
This enables the multi-protocol negotiate when
the SMB1 build is disabled. It requires enabling
parts of the SMB1 negotiation.
Signed-off-by: David Mulder <dmulder at suse.com>
Signed-off-by: Jeremy Allison <jra at samba.org>
- - - - -
085b16e0 by David Mulder at 2022-04-07T17:37:30+00:00
smbd: Process error reply if SMB1 negprot parsing fails
Signed-off-by: David Mulder <dmulder at suse.com>
Signed-off-by: Jeremy Allison <jra at samba.org>
- - - - -
536330d2 by David Mulder at 2022-04-07T17:37:30+00:00
smbd: Move reply_pipe_write to smb1_pipes.c
Signed-off-by: David Mulder <dmulder at suse.com>
Signed-off-by: Jeremy Allison <jra at samba.org>
- - - - -
a48bf243 by David Mulder at 2022-04-07T17:37:30+00:00
smbd: Remove uses of srv_send_smb
Replace them with direct calls to smb1_srv_send
and smb2_srv_send.
Signed-off-by: David Mulder <dmulder at suse.com>
Signed-off-by: Jeremy Allison <jra at samba.org>
- - - - -
e17ad24c by David Mulder at 2022-04-07T17:37:30+00:00
smbd: Remove srv_send_smb
Signed-off-by: David Mulder <dmulder at suse.com>
Signed-off-by: Jeremy Allison <jra at samba.org>
- - - - -
d949073e by Jeremy Allison at 2022-04-07T17:37:30+00:00
s3: smbd: Rename valid_smb_header() -> valid_smb1_header()
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: David Mulder <dmulder at suse.com>
- - - - -
9caa467c by Jeremy Allison at 2022-04-07T17:37:30+00:00
s3: smbd: Rename srv_set_message() -> srv_smb1_set_message().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: David Mulder <dmulder at suse.com>
- - - - -
2d5e97f2 by Jeremy Allison at 2022-04-07T17:37:30+00:00
s3: smbd: Rename construct_reply_common() -> construct_smb1_reply_common().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: David Mulder <dmulder at suse.com>
- - - - -
c453cfbf by Jeremy Allison at 2022-04-07T17:37:30+00:00
s3: smbd: Rename construct_reply_common_req() -> construct_smb1_reply_common_req()
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: David Mulder <dmulder at suse.com>
- - - - -
97fd5e56 by Jeremy Allison at 2022-04-07T17:37:30+00:00
s3: smbd: Rename create_outbuf() -> create_smb1_outbuf()
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: David Mulder <dmulder at suse.com>
- - - - -
1574443b by Jeremy Allison at 2022-04-07T17:37:30+00:00
s3: smbd: Rename reply_outbuf() -> reply_smb1_outbuf().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: David Mulder <dmulder at suse.com>
- - - - -
0de91444 by Jeremy Allison at 2022-04-07T17:37:30+00:00
s3: smbd: Rename init_smb_request() -> init_smb1_request().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: David Mulder <dmulder at suse.com>
- - - - -
a9b57276 by David Mulder at 2022-04-07T17:37:30+00:00
configure: Add option for disabling the smb1 server
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
b6d41620 by David Mulder at 2022-04-07T17:37:30+00:00
configure: Fail smbd w/o smb1 if selftest when configured with ad_dc
When we build with samba selftest and ad_dc, we must
include smb1 in smbd.
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
8d62b7ac by David Mulder at 2022-04-07T17:37:30+00:00
ci: Create samba-fileserver-without-smb1 environment
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
efcaeff2 by Jeremy Allison at 2022-04-07T18:33:31+00:00
WHATSNEW.txt: Add explaination of --without-smb1-server and --with-smb1-server configure options.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: David Mulder <dmulder at suse.com>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Apr 7 18:33:31 UTC 2022 on sn-devel-184
- - - - -
321c51e1 by Samuel Cabrero at 2022-04-08T20:13:37+00:00
s3:winbind: Move functions to enable or disable cache to winbindd-lib subsystem
The source3/winbindd/winbindd.c file does not belong to 'winbindd-lib'
subsystem. Funtions called from winbindd-lib must be part of it.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
3250de22 by Samuel Cabrero at 2022-04-08T20:13:37+00:00
s3:winbind: Move imessaging context init function to winbindd-lib subsystem
The source3/winbindd/winbindd.c file does not belong to 'winbindd-lib'
subsystem. Funtions called from winbindd-lib must be part of it.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
334a4aa1 by Samuel Cabrero at 2022-04-08T20:13:37+00:00
s3:winbind: Move the function to get the privileged pipe dir to winbindd-lib subsystem
The source3/winbindd/winbindd.c file does not belong to 'winbindd-lib'
subsystem. Funtions called from winbindd-lib must be part of it.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d4169816 by Samuel Cabrero at 2022-04-08T20:13:37+00:00
s3:winbind: Move function to flush cache to winbindd-lib subsystem
The source3/winbindd/winbindd.c file does not belong to 'winbindd-lib'
subsystem. Funtions called from winbindd-lib must be part of it.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
11d0266c by Samuel Cabrero at 2022-04-08T20:13:37+00:00
s3:winbind: Move servide reload related functions to winbindd-lib subsystem
The source3/winbindd/winbindd.c file does not belong to 'winbindd-lib'
subsystem. Funtions called from winbindd-lib must be part of it.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1903cf39 by Samuel Cabrero at 2022-04-08T20:13:37+00:00
s3:winbind: Rename terminate() function to winbindd_terminate()
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
dfba83e1 by Samuel Cabrero at 2022-04-08T20:13:37+00:00
s3:winbind: Move sigterm handling functions to winbindd-lib subsystem
The source3/winbindd/winbindd.c file does not belong to 'winbindd-lib'
subsystem. Funtions called from winbindd-lib must be part of it.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
12ef1543 by Samuel Cabrero at 2022-04-08T20:13:37+00:00
s3:winbind: Move sighup handling related functions to winbindd-lib subsystem
The source3/winbindd/winbindd.c file does not belong to 'winbindd-lib'
subsystem. Funtions called from winbindd-lib must be part of it.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a1a696a8 by Samuel Cabrero at 2022-04-08T20:13:37+00:00
s3:winbind: Refactor check_info3_in_group() to take a wbint_SidArray struct
Refactor the check_info3_in_group() function to take a wbint_SidArray
struct. The sid strings stored in extra_data are parsed into a
wbint_SidArray in a separated function.
Later, winbindd_dual_pam_auth() will be converted to a local RPC
call handler and the wbint_SidArray containing the required membership
will be part of the 'r' struct.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e0fadfd0 by Samuel Cabrero at 2022-04-08T20:13:37+00:00
s4:rpc_server: Fix duplicated function name between s3 and s4
It can lead to link errors:
/usr/lib64/gcc/x86_64-suse-linux/11/../../../../x86_64-suse-linux/bin/ld: source3/rpc_server/rpc_server.c.24.o: in function `dcesrv_assoc_group_find':
/home/scabrero/workspace/samba/samba/bin/default/../../source3/rpc_server/rpc_server.c:229: multiple definition of `dcesrv_assoc_group_find'; source4/rpc_server/dcerpc_server.c.5.o:/home/scabrero/workspace/samba/samba/bin/default/../../source4/rpc_server/dcerpc_server.c:121: first defined here
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
68096b56 by Samuel Cabrero at 2022-04-08T20:13:37+00:00
s4:rpc_server: Fix duplicated function name between s3 and s4
It can lead to link errors:
/usr/lib64/gcc/x86_64-suse-linux/11/../../../../x86_64-suse-linux/bin/ld: source3/rpc_server/rpc_server.c.24.o: in function `dcesrv_transport_terminate_connection':
/home/scabrero/workspace/samba/samba/bin/default/../../source3/rpc_server/rpc_server.c:242: multiple definition of `dcesrv_transport_terminate_connection'; source4/rpc_server/dcerpc_server.c.5.o:/home/scabrero/workspace/samba/samba/bin/default/../../source4/rpc_server/dcerpc_server.c:710: first defined here
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
3944b586 by Samuel Cabrero at 2022-04-08T20:13:37+00:00
selftest: Extend test_wbc_logon_user to test WBFLAG_PAM_UNIX_NAME flag
Use the same function append_unix_username() uses to build the expected
value as it depends on the server role. This requires linking
winbindd-lib.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
5439ecf7 by Samuel Cabrero at 2022-04-08T20:13:37+00:00
selftest: Add a test for PamLogOff
This test also verifies the KRB5CCNAME environment variable is set after
a successful PAM authentication with Kerberos.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ed2afdd3 by Samuel Cabrero at 2022-04-08T20:13:37+00:00
s3:winbind: Refactor append_unix_username(), do not take winbindd_response struct as parameter
Refactor the append_unix_username() function to do not take a
winbindd_response struct as parameter but its members. The
unix username is returned as an out parameter and the caller is
responsible for setting it in the winbindd_response struct.
Later winbindd_dual_pam_auth() will be converted to a local RPC
call handler and the netr_Validation will be returned in the 'r' struct
from the child to the parent. The parent will then fill the
winbindd_response struct.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
aebe79b7 by Samuel Cabrero at 2022-04-08T20:13:37+00:00
s3:winbind: Refactor append_afs_token(), do not take winbindd_response struct as parameter
Refactor the append_afs_token() function to do not take a
winbindd_response as a parameter but its members directly. The AFS token
is returned as an out parameter in a DATA_BLOB, and the caller is
responsible for setting it the extra_data winbindd_response field and
extending the winbindd_response length.
Later winbindd_dual_pam_auth() will be converted to a local RPC
call handler and the netr_Validation will be returned in the 'r' struct
from the child to the parent. The parent will then fill the
winbindd_response struct.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
38b94791 by Samuel Cabrero at 2022-04-08T20:13:37+00:00
s3:winbind: Refactor winbindd_dual_pam_auth_kerberos(), do not take winbindd_cli_state struct parameter
Refactor winbindd_dual_pam_auth_kerberos() to do not take a
winbindd_cli_state struct as parameter but its members. The kerberos
ccache name is returned as an out parameter and the caller is
responsible for copying it in the winbindd_response struct.
Later winbindd_dual_pam_auth() will be converted to a local RPC call
handler and it will not receive a winbindd_cli_state as argument so
reduce passing this struct around.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
cca932d3 by Samuel Cabrero at 2022-04-08T20:13:37+00:00
s3:winbind: Refactor winbindd_dual_pam_auth_kerberos(), return netr_Validation
Map netr_SamInfo6 to netr_Validation in winbindd_dual_pam_auth_kerberos()
instead of doing it in the caller.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
7a388811 by Samuel Cabrero at 2022-04-08T20:13:37+00:00
s3:winbind: Refactor winbindd_dual_pam_auth_cached(), use temporary memory context
This function allocates a lot of intermedite variables, use a temporary
memory context.
The out variable info3 is assigned using talloc_steal() because the
local my_info3 is used below.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
6e017e21 by Samuel Cabrero at 2022-04-08T20:13:37+00:00
s3:winbind: Refactor winbindd_dual_pam_auth_cached(), delay out variable assignment
Delay the assignment of the out varible and assign it only if
returning NT_STATUS_OK, the caller does not use the returned
netr_SamInfo3 if the function does not return NT_STATUS_OK.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d9747504 by Samuel Cabrero at 2022-04-08T20:13:37+00:00
s3:winbind: Refactor winbindd_dual_pam_auth_cached(), return krb5ccname as out parameter
Later winbindd_dual_pam_auth() will be converted to a local RPC
handler and it will not receive a winbindd_cli_state struct as parameter.
Avoid passing around this struct.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e0f798f2 by Samuel Cabrero at 2022-04-08T20:13:37+00:00
s3:winbind: Refactor winbindd_dual_pam_auth_cached(), avoid winbindd_cli_state parameter
Later winbindd_dual_pam_auth() will be converted to a local RPC
handler and it will not receive a winbindd_cli_state struct as parameter.
Avoid passing around this struct.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1f8d70f1 by Samuel Cabrero at 2022-04-08T20:13:37+00:00
s3:winbind: Refactor winbindd_dual_pam_auth_cached(), return netr_Validation
Map netr_SamInfo3 to netr_Validation in this function instead of doing
it in the caller.
Later winbindd_dual_pam_auth() will be converted to a local RPC
handler and it will return the netr_Validation in the 'r' struct.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1e892e79 by Samuel Cabrero at 2022-04-08T20:13:37+00:00
s3:winbind: Refactor fake_password_policy(), take netr_Validation as argument
Later winbindd_dual_pam_auth() will be converted to a local RPC call
handler and it will return a netr_Validation from the child. This
function will be moved to the parent to fill the winbindd_response
struct.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d7739859 by Samuel Cabrero at 2022-04-08T20:13:37+00:00
s3:winbind: Refactor log_authentication(), do not take winbindd_cli_state struct parameter
Later winbindd_dual_pam_auth() will be converted to a local RPC call
handler and it will not receive a winbindd_cli_state parameter. Avoid
passing this struct around.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
0dbdc276 by Samuel Cabrero at 2022-04-08T20:13:37+00:00
s3:winbind: Make extra_data_to_sid_array() public
Later winbindd_dual_pam_auth() will be converted to a local RPC call
handler and the parent will call this function to fill the 'r' struct.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c957d2dd by Samuel Cabrero at 2022-04-08T20:13:37+00:00
s3:winbind: Set local and remote addresses in the crafted dcesrv_conn
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ddc551f4 by Samuel Cabrero at 2022-04-08T20:13:37+00:00
s3:winbind: Convert PamAuth from struct based to NDR based
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
be23ffbc by Samuel Cabrero at 2022-04-08T21:06:01+00:00
examples: Update winbindd.stp and generate script
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Apr 8 21:06:01 UTC 2022 on sn-devel-184
- - - - -
3198b94a by Pavel Filipenský at 2022-04-11T16:56:35+00:00
tevent: Fix trailing whitespaces
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
ddc8f4f4 by Pavel Filipenský at 2022-04-11T16:56:35+00:00
tevent: Move the code below the trigger check
This makes the next commit smaller.
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
dfbb3818 by Pavel Filipenský at 2022-04-11T16:56:35+00:00
tevent: Use internally an empty trigger function for blocker requests
This avoids special magic, but keeps the same external behavior.
It makes the following changes easier to understand.
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
f681ef2f by Pavel Filipenský at 2022-04-11T16:56:35+00:00
tevent: Add tevent queue tracing support
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
a20d41ac by Pavel Filipenský at 2022-04-11T17:51:08+00:00
tevent:tests: Test queue entry tags
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Mon Apr 11 17:51:08 UTC 2022 on sn-devel-184
- - - - -
78805376 by Samuel Cabrero at 2022-04-12T18:54:50+00:00
s3:winbind: Fix uninitialized validation_level variable
Found by oss-fuzz:
../../source3/winbindd/winbindd_pam.c:2879:7: error: variable 'validation_level' is used uninitialized whenever 'if' condition is true [-Werror,-Wsometimes-uninitialized]
if (!(state->request->flags & WBFLAG_BIG_NTLMV2_BLOB) ||
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../source3/winbindd/winbindd_pam.c:3003:6: note: uninitialized use occurs here
validation_level,
^~~~~~~~~~~~~~~~
../../source3/winbindd/winbindd_pam.c:2879:3: note: remove the 'if' if its condition is always false
if (!(state->request->flags & WBFLAG_BIG_NTLMV2_BLOB) ||
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../source3/winbindd/winbindd_pam.c:2879:7: error: variable 'validation_level' is used uninitialized whenever '||' condition is true [-Werror,-Wsometimes-uninitialized]
if (!(state->request->flags & WBFLAG_BIG_NTLMV2_BLOB) ||
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../source3/winbindd/winbindd_pam.c:3003:6: note: uninitialized use occurs here
validation_level,
^~~~~~~~~~~~~~~~
../../source3/winbindd/winbindd_pam.c:2879:7: note: remove the '||' if its condition is always false
if (!(state->request->flags & WBFLAG_BIG_NTLMV2_BLOB) ||
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../source3/winbindd/winbindd_pam.c:2853:27: note: initialize the variable 'validation_level' to silence this warning
uint16_t validation_level;
^
= 0
1 warning and 2 errors generated.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15044
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Apr 12 18:54:50 UTC 2022 on sn-devel-184
- - - - -
e1f29b09 by Samuel Cabrero at 2022-04-13T12:59:30+00:00
s3:winbind: Do not use domain's private data to store the SAMR pipes
The domain's private_data pointer is also used to store a ADS_STRUCT,
which is not allocated using talloc and there are many places casting
this pointer directly.
The recently added samba.tests.pam_winbind_setcred was randomly failing
and after debugging it the problem was that kerberos authentication was
failing because the time_offset passed to kerberos_return_pac() was
wrong. This time_offset was retrieved from ads->auth.time_offset, where
the ads pointer was directly casted from domain->private_data but
private_data was pointing to a winbind_internal_pipes struct.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15046
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
91395e66 by Samuel Cabrero at 2022-04-13T12:59:30+00:00
s3:winbind: Simplify open_cached_internal_pipe_conn()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15046
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
3cb25643 by Samuel Cabrero at 2022-04-13T12:59:30+00:00
s3:winbind: Do not use domain's private data to store the ADS_STRUCT
The ADS_STRUCT is not allocated using talloc and there are many places
casting this pointer directly so use a typed pointer.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15046
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
a6d6ae3c by Samuel Cabrero at 2022-04-13T12:59:30+00:00
s3:winbind: Remove no longer used domain's private_data pointer
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15046
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
db7e296f by Samuel Cabrero at 2022-04-13T12:59:30+00:00
selftest: Use selftest's TMPDIR to store the krb5 ccache in pam_winbind tests
Using /tmp directly can lead to errors if multiple autobuilds are
running at the same time. Using tempfile.gettempdir() will look for
$TMPDIR environment variable.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
685006c8 by Samuel Cabrero at 2022-04-13T12:59:30+00:00
selftest: Use selftest's TMPDIR to store the krb5 ccache in pam_winbind_setcred test
Using /tmp directly can lead to errors if multiple autobuilds are
running at the same time. Using tempfile.gettempdir() will look for
$TMPDIR environment variable.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
21d1a950 by Stefan Metzmacher at 2022-04-13T12:59:30+00:00
librpc:idl: Add comments to assert identity string in security.idl
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
dbbb5ca1 by Andreas Schneider at 2022-04-13T12:59:30+00:00
s4:kdc: Set debug class for pac-glue
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
f8c3b68f by Stefan Metzmacher at 2022-04-13T12:59:30+00:00
python:tests: Fix standalone run of kdc_tgs_tests
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
a5c8077a by Andreas Schneider at 2022-04-13T12:59:30+00:00
python:tests: Check code error code in test_s4u2self_rodc_revealed
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
c29d5fcb by Andreas Schneider at 2022-04-13T12:59:30+00:00
s4:mit-samba: Pass flags to ks_get_pac()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
2a79a5ee by Andreas Schneider at 2022-04-13T12:59:30+00:00
s4:mit-samba: Pass flags to mit_samba_get_pac()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
461dc44e by Andreas Schneider at 2022-04-13T12:59:30+00:00
s4:kdc: pass down SAMBA_KDC_FLAG_PROTOCOL_TRANSITION to samba_kdc_update_pac()
This gives samba_kdc_update_pac() a chance to detect S4U2Self.
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Andreas Schneider <asn at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
- - - - -
887f0cf2 by Andreas Schneider at 2022-04-13T12:59:30+00:00
s4:kdc: Fix S4U2Proxy in RODC case to return an error
Tested also against Windows Server 2022.
Details:
https://lists.samba.org/archive/cifs-protocol/2022-April/003673.html
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Andreas Schneider <asn at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
- - - - -
4b684c32 by Stefan Metzmacher at 2022-04-13T12:59:30+00:00
python:tests: Add support to print krb5 keys as string
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
fc8a2943 by Stefan Metzmacher at 2022-04-13T12:59:30+00:00
python:tests: Allow to print krb5 encryption keys as string
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
61b22319 by Andreas Schneider at 2022-04-13T12:59:30+00:00
python:tests: Add support for expected groups in krb5 tests
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
e03665fb by Andreas Schneider at 2022-04-13T12:59:30+00:00
python:tests: Add support for unexpected groups in krb5 tests
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
d6b6702e by Stefan Metzmacher at 2022-04-13T12:59:30+00:00
python:tests: Reorder variables
Those will be needed earlier in the next commit.
Pair-Programmed-With: Andreas Schneider <asn at samba.org>
Signed-off-by: Andreas Schneider <asn at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
- - - - -
5902e87e by Andreas Schneider at 2022-04-13T12:59:30+00:00
python:tests: Add krb5 tests for asserted identity
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Andreas Schneider <asn at samba.org>
- - - - -
e6a2c3c3 by Andreas Schneider at 2022-04-13T12:59:30+00:00
s4:torture: let remote_pac test for asserted identity sids
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Andreas Schneider <asn at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
- - - - -
a14acd0c by Andreas Schneider at 2022-04-13T12:59:30+00:00
s4:selftest: Do not print the env twice
This makes it easier to write knownfail rules
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
9b03e31f by Andreas Schneider at 2022-04-13T12:59:30+00:00
s4:dsdb:tests: Also pass tests if asserted identity is present
We should make sure that we use NTLMSSP or Kerberos consistently
for the tests and don't mix them.
We're also much stricter and symmetric_difference() to
check if the sets are actually the same.
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Andreas Schneider <asn at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
- - - - -
9ad03f51 by Andreas Schneider at 2022-04-13T13:54:27+00:00
s4:kdc: Add asserted identity SID to identify whether S4U2Self has occurred
Because the KDC does not limit protocol transition (S4U2Self), two new
well-known SIDs are available to give this control to the resource
administrator. These SIDs identify whether protocol transition (S4U2Self) has
occurred, and can be used with standard access control lists to grant or limit
access as needed.
See
https://docs.microsoft.com/en-us/windows-server/security/kerberos/kerberos-constrained-delegation-overview
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Andreas Schneider <asn at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Wed Apr 13 13:54:27 UTC 2022 on sn-devel-184
- - - - -
9332606a by Christian Ambach at 2022-04-21T06:03:38+00:00
s3:utils:smbcacls fix a typo
Signed-off-by: Christian Ambach <ambi at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
- - - - -
c285bcfb by Christian Ambach at 2022-04-21T06:59:12+00:00
lib/cmdline: fix a typo
Signed-off-by: Christian Ambach <ambi at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Thu Apr 21 06:59:12 UTC 2022 on sn-devel-184
- - - - -
d948cb1c by John Mulligan at 2022-04-21T14:41:32+00:00
lib/smbconf: add an initial set of python bindings
The smbconf library provides a generic interface for Samba configuration
backends. In order to access these backends, including the read-write
registry backend, we add a new python binding for smbconf - the general
interface library.
This initial set of bindings covers some basic read-only calls. This
includes function calls for listing shares (config sections) and getting
the parameters of the shares. The `init_txt` construction function must
be used to get a new SMBConf object. This is done so that other
backends, specifically the registry backend from source3 can be used in
the future. Those will provide their own construction funcs.
Signed-off-by: John Mulligan <jmulligan at redhat.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz
Reviewed-by: David Mulder <dmulder at suse.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
84480a1e by John Mulligan at 2022-04-21T15:33:38+00:00
python/samba/tests: add SMBConfTests suite
Add an initial suite of tests for the smbconf python bindings.
Currently only simple read-only methods are available.
Signed-off-by: John Mulligan <jmulligan at redhat.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz
Reviewed-by: David Mulder <dmulder at suse.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Autobuild-User(master): Günther Deschner <gd at samba.org>
Autobuild-Date(master): Thu Apr 21 15:33:38 UTC 2022 on sn-devel-184
- - - - -
e2392729 by Anoop C S at 2022-04-25T13:23:18+00:00
libsmbconf: Avoid initial declaration inside 'for' loop
Building Samba on CentOS 7 with GCC version 4.8.5 results in the
following error:
[2725/3398] Compiling libcli/echo/tests/echo.c
../../lib/smbconf/pysmbconf.c: In function 'py_from_smbconf_service':
../../lib/smbconf/pysmbconf.c:72:2: error: 'for' loop initial
declarations are only allowed in C99 mode
for (uint32_t i = 0; i < svc->num_params; i++) {
^
../../lib/smbconf/pysmbconf.c:72:2: note: use option -std=c99 or
-std=gnu99 to compile your code
../../lib/smbconf/pysmbconf.c: In function 'obj_share_names':
../../lib/smbconf/pysmbconf.c:181:2: error: 'for' loop initial
declarations are only allowed in C99 mode
for (uint32_t i = 0; i < num_shares; i++) {
^
../../lib/smbconf/pysmbconf.c: In function 'obj_get_config':
../../lib/smbconf/pysmbconf.c:267:2: error: 'for' loop initial
declarations are only allowed in C99 mode
for (uint32_t i = 0; i < num_shares; i++) {
^
Therefore declare variables right at the start aligning to default C90
standard available with GCC version on CentOS 7.
Signed-off-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Mon Apr 25 13:23:18 UTC 2022 on sn-devel-184
- - - - -
756cd0ee by Andreas Schneider at 2022-04-26T19:22:29+00:00
s3:passdb: Remove trailing spaces in lookup_sid.c
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15054
Signed-off-by: Andreas Schneider <asn at cryptomilk.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
2a03fb91 by Andreas Schneider at 2022-04-26T19:22:29+00:00
s3:passdb: Add support to handle UPNs in lookup_name()
This address an issue if sssd is running and handling nsswitch. If we look up
a user with getpwnam("DOMAIN\user") it will return user at REALM in the passwd
structure. We need to be able to deal with that.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15054
Signed-off-by: Andreas Schneider <asn at cryptomilk.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ed8e4668 by Andreas Schneider at 2022-04-26T19:22:29+00:00
s3:passdb: Use already defined pointer in lookup_name_smbconf()
Signed-off-by: Andreas Schneider <asn at cryptomilk.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
26903107 by Andreas Schneider at 2022-04-26T19:22:30+00:00
s3:passdb: Refactor lookup_name_smbconf()
This will be changed to support UPNs too in the next patch.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15054
Signed-off-by: Andreas Schneider <asn at cryptomilk.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
28fc44f2 by Andreas Schneider at 2022-04-26T20:16:33+00:00
s3:passdb: Also allow to handle UPNs in lookup_name_smbconf()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15054
Signed-off-by: Andreas Schneider <asn at cryptomilk.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Apr 26 20:16:33 UTC 2022 on sn-devel-184
- - - - -
830b561c by Volker Lendecke at 2022-04-26T21:41:29+00:00
vfs: Remove unused last_lock_failure from files_struct
Save 72 bytes per open file handle
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
cdef9770 by Volker Lendecke at 2022-04-26T21:41:29+00:00
dsdb: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
22032eef by Volker Lendecke at 2022-04-26T21:41:29+00:00
passdb: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
4ef1b096 by Volker Lendecke at 2022-04-26T21:41:29+00:00
ldap_server: Fix typos
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ef846e66 by Volker Lendecke at 2022-04-26T21:41:29+00:00
ldb: Avoid "==true/false" in a boolean expression
That's what we have boolean variables and expressions for
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
41a9d958 by Volker Lendecke at 2022-04-26T21:41:29+00:00
ldb: Save a few lines with TALLOC_FREE()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
894a1c19 by Volker Lendecke at 2022-04-26T21:41:29+00:00
ldb: Introduce "colon" variable in ldb_module_connect_backend()
Easier debugging, avoid a second call to strchr()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
9ab0f91b by Volker Lendecke at 2022-04-26T21:41:29+00:00
passdb: Split lines in make_pdb_method_name()
Looks nicer
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ce0f483a by Volker Lendecke at 2022-04-26T21:41:29+00:00
passdb: Introduce helper variables in make_pdb_method_name()
Easier debugging
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d2f3ac2f by Volker Lendecke at 2022-04-26T21:41:29+00:00
lib: Remove an unused includes.h
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
aa27b662 by Volker Lendecke at 2022-04-26T21:41:29+00:00
lib: Remove an unneeded includes.h
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
8a3e3a0d by Volker Lendecke at 2022-04-26T21:41:29+00:00
lib: Remove an unneeded includes.h
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
5f2ef356 by Volker Lendecke at 2022-04-26T21:41:29+00:00
lib: Remove an unneeded includes.h
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
fb36f23a by Volker Lendecke at 2022-04-26T21:41:29+00:00
lib: Remove an unneeded includes.h
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
6bf8243c by Volker Lendecke at 2022-04-26T21:41:29+00:00
lib: Remove smb_threads from includes.h
Only used in libsmb_context.c
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
54050236 by Volker Lendecke at 2022-04-26T21:41:29+00:00
ldb: Avoid an "else"
We return in the if-branch, easier to read this way.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
734e4377 by Volker Lendecke at 2022-04-26T21:41:29+00:00
smbd: fd_handle.h does not need includes.h
Move includes.h for struct files_struct to fd_handle.c. Both
printing.c and smb1_utils.c depended on fd_handle.h to include the
prototypes. Do that explicitly in those files.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f2eee5c5 by Volker Lendecke at 2022-04-26T21:41:29+00:00
smbd: Remove unused arguments from dup_file_fsp()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
eed6869d by Volker Lendecke at 2022-04-26T22:38:59+00:00
smbd: Slightly simplify call_trans2qpipeinfo()
Pass down "fsp" and "info_level", no need to parse this inside
call_trans2qpipeinfo() when the caller also has to do it.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Apr 26 22:38:59 UTC 2022 on sn-devel-184
- - - - -
03d0dd26 by Christof Schmitt at 2022-04-28T07:59:47+00:00
vfs_gpfs: Ignore pathref fds for gpfs:recalls check
Setting gpfs:recalls=no should prevent data access to offline files.
Since Samba 4.14, the VFS openat function is also called with O_PATH to
get a reference to the path. These accesses should not be blocked,
otherwise this would prevent offline files from being included in
directory listings.
Fix this by skipping the check for pathref fds.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15055
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Thu Apr 28 07:59:47 UTC 2022 on sn-devel-184
- - - - -
804a19ca by Volker Lendecke at 2022-04-28T13:12:33+00:00
smbd: Pass up stat-info from openat_pathref_fsp() on error
If openat_pathref_fsp() fails, callers might want to inspect the stat
info. If we really failed on STOPPED_ON_SYMLINK, the caller might need
to know this, although openat_pathref_fsp() masked this error.
As there is no smb_fname->fsp returned from openat_pathref_fsp() on
error, we need to pass this up in smb_fname itself.
This essentially reverts de439cd03047, which does basically the same
thing but is too specific. We need to cover the general !O_PATH case
more broadly.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
02f6130c by Volker Lendecke at 2022-04-28T13:12:33+00:00
vfs: Add SMB_VFS_GET_REAL_FILENAME_AT
In a patchset that I'm working on right now there's the need to call
getrealfilename while the code does have a pathref fsp already
around. Doing the name-based call including non_widelink_open is not
necessary in this case. Start by adding the _at based call to the VFS.
For now, fall back to the name-based call. glusterfs-fuse will in a
future patch be converted to fgetxattr.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
df29512b by Volker Lendecke at 2022-04-28T13:12:33+00:00
smbd: Add openat_internal_dir_from_pathref()
If we have a directory pathref fsp, do an openat(dirfd, ".", O_RDONLY)
to cheaply get a real directory handle.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
973212e8 by Volker Lendecke at 2022-04-28T13:12:33+00:00
smbd: Add OpenDir_from_pathref
Like OpenDir() starting from a directory pathref fsp
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
dcdc2585 by Volker Lendecke at 2022-04-28T13:12:33+00:00
smbd: Introduce get_real_filename_full_scan_at()
Make get_real_filename_full_scan() a wrapper.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
c4d4fa68 by Volker Lendecke at 2022-04-28T13:12:33+00:00
smbd: Add get_real_filename_at()
Make get_real_filename() a wrapper.
Right now shadow_copy2 does a fallback to do get_real_filename() on
the twrp=0 tree in case of snapdirseverywhere because snapdirs can be
somewhere deep in the tree, and doing that correctly would be a
full-tree walk. I'd say that snapdirseverywhere is impossible to
implement if you want symlink safety, i.e. careful top-down tree
traversal together with snapdirseverywhere. If you have
snapdirseverywhere you need to pass down the full path very deep down,
which contradicts our fd-based approach we want to take.
Also, I believe that our test does not 100% correctly reflect what
actually is there: My understanding is that if you activate
snapdirseverywhere for example in GPFS, you see all snapshots at every
level (this would need to be verified). Our test does something more
nasty: It creates and tests a specific snapshot only at one place deep
in the directory hierarchy, which makes it impossible to find without
the full path.
This is all a big mess, but for now we need to deal with it. This adds
the twrp=0 fallback to core smbd, but I don't see any other way to do
that properly. And I do want a fd-based getrealfilename....
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
cf60c51d by Volker Lendecke at 2022-04-28T13:12:33+00:00
vfs: Implement ceph_snap_gmt_get_real_filename_at()
Copy the logic from ceph_snap_gmt_get_real_filename(). This is
untested in autobuild, but as ceph is broken anyway due to
812cb602e3be, we need to talk to the ceph developers before 4.17.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
ba6f7cfe by Volker Lendecke at 2022-04-28T13:12:33+00:00
vfs: Implement vfs_gluster_fuse_get_real_filename_at()
Needs testing in a real gluster environment
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
5aca0056 by Volker Lendecke at 2022-04-28T13:12:33+00:00
vfs: Implement vfs_gluster_get_real_filename_at()
gluster seems not to implement O_PATH, so it should be possible to do
a glfs_fgetxattr() on the pathref dirfsp.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
b21cd4c8 by Volker Lendecke at 2022-04-28T13:12:33+00:00
vfs: Implement vfs_gpfs_get_real_filename_at()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
2e1d2083 by Volker Lendecke at 2022-04-28T13:12:33+00:00
vfs: Implement shadow_copy2_get_real_filename_at()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
2c05ebe9 by Volker Lendecke at 2022-04-28T13:12:33+00:00
vfs: Implement snapper_gmt_get_real_filename_at()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
89bffa14 by Volker Lendecke at 2022-04-28T13:12:33+00:00
smbd: Use SMB_VFS_GET_REAL_FILENAME_AT() in dptr_ReadDirName()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
de9986fb by Volker Lendecke at 2022-04-28T13:12:33+00:00
vfs: Remove name-based SMB_VFS_GET_REAL_FILENAME()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
6086a73f by Volker Lendecke at 2022-04-28T13:12:33+00:00
Revert "vfs: remove dirfsp arg from SMB_VFS_CREATE_FILE()"
This reverts commit 322574834f1e71bc01f21be9059ca4d386517c84.
Not strictly a revert anymore, but for future work we do need "dirfsp"
in create_file_default() passed through the VFS.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
eb3c47ac by Ralph Boehme at 2022-04-28T13:12:33+00:00
CI: use native Python functions to detect system and release
This ensures we detect the runtime system and release, not the ones
when Samba was build. It's necessary to detect the correct kernel
version we're running on because for kernels before 5.3.1 O_PATH opens
unnecessarily broke kernel oplocks, which breaks our tests. And in
gitlab it can happen that we build on kernels after 5.3.1 and later
run on older kernels. In this situation we can't run kernel oplock
tests.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
c1a3104a by Volker Lendecke at 2022-04-28T13:12:33+00:00
smbd: Pass dirfsp to create_file_unixpath()
Will be used soon.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
29fa2f51 by Volker Lendecke at 2022-04-28T13:12:33+00:00
smbd: Only create an artificial dirfsp when necessary
parent_pathref() is expensive, and we should avoid it if possible.
Not effective at this point, we always pass in NULL, but will be used
soon.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
fde4363f by Volker Lendecke at 2022-04-28T13:12:33+00:00
smbd: Add filename_convert_dirfsp()
As part of the filename_convert() process, keep a pathref dirfsp of
the containing directory for later use. This avoids having to do
another non_widelink_open() on every SMB2_CREATE and ntcreate&x in
later patches.
Future work will be to go through other filename_convert() calls and
make them use filename_convert_dirfsp(). If we manage to convert all
of them except the one in filename_convert_dirfsp() itself, we can
simplify filename_convert() and unix_convert() significantly.
Too large a patch, but I don't know how to split this up into smaller
logic pieces.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
5efa2ddd by Volker Lendecke at 2022-04-28T13:12:33+00:00
smbd: Use filename_convert_dirfsp() in reply_ntcreate_and_X()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
922261d7 by Volker Lendecke at 2022-04-28T14:02:53+00:00
smbd: Use filename_convert_dirfsp() in smbd_smb2_create_send()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Thu Apr 28 14:02:53 UTC 2022 on sn-devel-184
- - - - -
07081d03 by Stefan Metzmacher at 2022-04-28T15:23:24+00:00
script/autobuild.py: allow to run from within git rebase -i
The 'git clone' used by autobuild.py fails if
GIT_DIR and GIT_WORK_TREE are already defined in the
environment.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Thu Apr 28 15:23:24 UTC 2022 on sn-devel-184
- - - - -
bb329d4d by Jeremy Allison at 2022-04-29T14:57:29+00:00
s4: torture: Add a new test - samba3.smb2.durable-open.stat-open.
Passes against Windows. Shows that Windows allows a durable handle
on a leased open for READ_ATTRUBUTES only (a stat open).
Mark as knownfail for now.
NB. Not sure why we are testing smb2.durable-open against ad_dc
as that provisioning has "smb2 leases = no" which precludes
granting durable handles. Not changing for this bug but this
should be looked at in future.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15042
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
fe7daae8 by Jeremy Allison at 2022-04-29T15:50:21+00:00
s3: smbd: Allow a durable handle on a leased stat-open.
Remove knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15042
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Fri Apr 29 15:50:21 UTC 2022 on sn-devel-184
- - - - -
d900e939 by Samuel Cabrero at 2022-04-30T00:10:34+00:00
s3:winbind: Pass the challenge to winbind_dual_SamLogon() as a data blob
Next commits will covert the winbindd_dual_pam_auth_crap() function to a
local RPC call handler receiving the challenge as a DATA_BLOB in the 'r'
struct.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
8f7adb9e by Samuel Cabrero at 2022-04-30T00:10:34+00:00
s3:winbind: Remove unnecesary condition to reduce indentation level
Best viewed with git show --ignore-space-change.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
fc4cb625 by Samuel Cabrero at 2022-04-30T00:10:34+00:00
s3:winbind: Remove unnecessary jump to label
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
efc97296 by Samuel Cabrero at 2022-04-30T00:10:34+00:00
s3:winbind: Use uint8_t for authoritative flag
It is the type used in the winbindd_response struct.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
74a511a8 by Samuel Cabrero at 2022-04-30T00:10:34+00:00
s3:winbind: Move big NTLMv2 blob checks to parent process
The winbindd_dual_pam_auth_crap() function will be converted to a local
RPC call handler and it won't receive a winbindd_cli_state struct. Move
the checks accessing this struct to the parent.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d4564d98 by Samuel Cabrero at 2022-04-30T00:10:34+00:00
s3:rpc_client: Fix memory allocation hierarchy
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f8fa3331 by Samuel Cabrero at 2022-04-30T00:10:34+00:00
s3:winbind: Use temp memory context in winbindd_pam_auth_pac_verify()
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
0b4d581d by Samuel Cabrero at 2022-04-30T00:10:34+00:00
s3:winbind: Refactor winbindd_pam_auth_crap_{send,recv}
Move the code filling the winbindd_response to a common place,
winbindd_pam_auth_crap_recv().
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
dd69be80 by Samuel Cabrero at 2022-04-30T00:10:34+00:00
s3:winbind: Refactor winbindd_pam_auth_crap_{send,recv}
The winbindd_dual_pam_auth_crap() will be converted to a local RPC call
handler and the winbindd_response won't be filled by the child process
but in the parent's winbindd_pam_auth_crap_recv() function.
Move all code filling the winbindd_response struct to a common place,
winbindd_pam_auth_crap_recv().
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c68f21f2 by Samuel Cabrero at 2022-04-30T00:10:34+00:00
s3:winbind: Convert PAM_AUTH_CRAP from struct based to NDR based
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
7b573599 by Samuel Cabrero at 2022-04-30T00:10:34+00:00
examples: Update winbind.stp and generate script
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1dfa1932 by Samuel Cabrero at 2022-04-30T01:07:12+00:00
s3:winbind: Remove unused functions
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Sat Apr 30 01:07:12 UTC 2022 on sn-devel-184
- - - - -
f661ef67 by Ralph Boehme at 2022-05-02T19:13:31+00:00
smbd: add fstat_before_close fsp flag and logic
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
4c7921e5 by Ralph Boehme at 2022-05-02T19:13:31+00:00
smbd: pass fsp as pointer-pointer to smbd_smb2_close()
Prepares for NULLing state->in_fsp in the next commit.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1808e5c1 by Ralph Boehme at 2022-05-02T19:13:31+00:00
smbd: optimize and streamline smbd_smb2_close()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
03894de3 by Joseph Sutton at 2022-05-02T19:13:31+00:00
rpc_server/lsa: Match Windows security descriptor
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
7e2cc5ed by Joseph Sutton at 2022-05-02T19:13:31+00:00
s4/dsdb/repl_meta_data: Receive function arguments in correct order
The incorrect ordering was introduced in commit
b9c5417b523c4c53cb275c12ec84bbc849705bec.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15007
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
bc22d5eb by Stefan Metzmacher at 2022-05-02T19:13:31+00:00
lib/util: add tests for data_blob_append() with the resulting blob length=0
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15050
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
8ca99c25 by Stefan Metzmacher at 2022-05-02T19:13:31+00:00
lib/util: data_blob_append() should not fail if both parts have length=0
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15050
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
54c6cf86 by Stefan Metzmacher at 2022-05-02T20:13:10+00:00
libcli/smb: allow SMB2 Negotiate responses with security_offset = 0 and security_length = 0
This fixes connections against the Azure SMB3 server.
It's not possible to demonstrate the bug with a test and a knownfail
entry, because it fails to even startup the test environments,
but the following change to our server demonstrates the problem
and shows the fix works:
diff --git a/source3/smbd/smb2_negprot.c b/source3/smbd/smb2_negprot.c
index da567951c0bf..25fdaea2df7b 100644
--- a/source3/smbd/smb2_negprot.c
+++ b/source3/smbd/smb2_negprot.c
@@ -711,6 +711,8 @@ NTSTATUS smbd_smb2_request_process_negprot(struct smbd_smb2_request *req)
}
}
+ security_buffer = data_blob_null;
+
if (out_negotiate_context_blob.length != 0) {
static const uint8_t zeros[8];
size_t pad = 0;
@@ -759,6 +761,8 @@ NTSTATUS smbd_smb2_request_process_negprot(struct smbd_smb2_request *req)
return smbd_smb2_request_error(req, NT_STATUS_NO_MEMORY);
}
+ security_offset = 0;
+
SSVAL(outbody.data, 0x00, 0x40 + 1); /* struct size */
SSVAL(outbody.data, 0x02,
security_mode); /* security mode */
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15050
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon May 2 20:13:10 UTC 2022 on sn-devel-184
- - - - -
e93d73b6 by Andrew Bartlett at 2022-05-02T23:15:37+00:00
docs: Explain the impact of "ntlm auth = disabled" on simple bind forwarding
An RODC will forward an LDAP Simple bind, just like any other authentication,
when the password is not present locally.
If the full DC does not support NTLMv2 authentication this forwarded password
will be rejected. A future Samba version should prefer Kerberos or send the
plaintext, but we can not change the MS Windows behaviour, so we document this.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
bfbae4f9 by Andreas Schneider at 2022-05-02T23:15:37+00:00
s3:tests: Reformat dlopen.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b4ee11d0 by Andreas Schneider at 2022-05-02T23:15:37+00:00
s3:tests: Reformat printing_var_exp_lpr_cmd.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
facc2c00 by Andreas Schneider at 2022-05-02T23:15:37+00:00
s3:tests: Reformat test_acl_xattr.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6aaf527f by Andreas Schneider at 2022-05-02T23:15:37+00:00
s3:tests: Reformat test_aio_outstanding.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a3d0655e by Andreas Schneider at 2022-05-02T23:15:37+00:00
s3:tests: Reformat test_async_req.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9d32559f by Andreas Schneider at 2022-05-02T23:15:37+00:00
s3:tests: Reformat test_chdir_cache.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0d29cbf0 by Andreas Schneider at 2022-05-02T23:15:37+00:00
s3:tests: Reformat test_close_denied_share.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
45b64848 by Andreas Schneider at 2022-05-03T00:10:53+00:00
s3:tests: Reformat test_deadtime.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Tue May 3 00:10:53 UTC 2022 on sn-devel-184
- - - - -
490e5f4d by Martin Schwenke at 2022-05-03T09:19:31+00:00
ctdb-mutex: Don't pass NULL to tevent_req_is_unix_error()
If there is an error then this pointer is unconditionally
dereferenced.
However, the only possible error appears to be ENOMEM, where a crash
caused by dereferencing a NULL pointer isn't a terrible outcome. In
the absence of a security issue this is probably not worth
backporting.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
d52b497d by Martin Schwenke at 2022-05-03T09:19:31+00:00
ctdb-locking: Don't pass NULL to tevent_req_is_unix_error()
If there is an error then this pointer is unconditionally
dereferenced.
However, the only possible error appears to be ENOMEM, where a crash
caused by dereferencing a NULL pointer isn't a terrible outcome. In
the absence of a security issue this is probably not worth
backporting.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
6d3c9e64 by Martin Schwenke at 2022-05-03T09:19:31+00:00
ctdb-tests: Use test_case() to help document test cases
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
d57d624a by Martin Schwenke at 2022-05-03T09:19:31+00:00
ctdb-build: Drop unnecessary uses of include/ sub-directory
None of these include any files from the include/ sub-directory.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
73b27def by Martin Schwenke at 2022-05-03T09:19:31+00:00
build: Add missing ctdb-client dependencies
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
d39377d6 by Martin Schwenke at 2022-05-03T09:19:31+00:00
ctdb-tests: Provide a method to dump the stack on abort
Some tests make generous use of assert() and it can be difficult to
guess the cause of failures without resorting to GDB. This provides
some help.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
64275fc1 by Martin Schwenke at 2022-05-03T10:13:23+00:00
ctdb-tests: Add backtrace on abort to some tests
These are easier to debug with a backtrace.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay at samba.org>
Autobuild-Date(master): Tue May 3 10:13:23 UTC 2022 on sn-devel-184
- - - - -
a49a5702 by David Mulder at 2022-05-03T20:55:32+00:00
gpo: Correct CA Initilization to obey [MS-CAESO]
fetch_certification_authorities() did not
correctly obey the [MS-CAESO] spec.
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
45d76eca by David Mulder at 2022-05-03T20:55:32+00:00
gpo: Certificate Auto Enroll correctly check templates
[MS-CAESO] 4.4.5.3.2.4 and 4.4.5.3.2.4.2 explain
to fetch templates via cep, then to gather attrs
for the templates after. This code was reversed.
This will matter when implementing advanced
endpoint configuration.
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
6171dfc5 by David Mulder at 2022-05-03T20:55:32+00:00
gpo: Fix crash in Cert Auth Enroll RSOP
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ab2ef316 by David Mulder at 2022-05-03T20:55:32+00:00
gpo: Generalize Cert Auto Enroll CA data
This will simplify fetching CAs from the
Registry.pol in a follow up commit.
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a54d7074 by David Mulder at 2022-05-03T20:55:32+00:00
gpo: Test Cert Auto Enroll Advanced Config
Adds advanced configuration to the testing of
certificate auto enrollment. Currently fails.
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ddeedcb6 by David Mulder at 2022-05-03T21:48:57+00:00
gpo: Add Cert Auto Enroll Advanced Config
Advanced configuration for Certifcate Auto
Enrollment is stored on the sysvol, and needs
to be parsed/used when provided.
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue May 3 21:48:57 UTC 2022 on sn-devel-184
- - - - -
5348bd80 by Andrew Bartlett at 2022-05-05T00:27:33+00:00
dsdb: Clarify that most errors in make_error_and_update_badPwdCount() are not returned
This is mainly just to be clear, and was done while failing to work around compiler
warnings.
For the curious it was gcc version 4.8.5 20150623 (Red Hat 4.8.5-44) (CentOS 7)
build with -O3, which gave with other, later patches:
../../source4/dsdb/samdb/ldb_modules/password_hash.c: In function ‘check_password_restrictions_and_log’:
../../source4/dsdb/samdb/ldb_modules/password_hash.c:3231:5: error: assuming signed overflow does not occur when simplifying conditional to constant [-Werror=strict-overflow]
if (ret == LDB_SUCCESS) {
^
Regardless, we make it clear that all values assigned to "ret" are
local small constants.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
332b874a by Joseph Sutton at 2022-05-05T00:27:33+00:00
samba-tool tests: Remove unused variable
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c3b2dae0 by Joseph Sutton at 2022-05-05T00:27:33+00:00
samba-tool user: Remove unused imports
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f85f6f89 by Joseph Sutton at 2022-05-05T00:27:33+00:00
samba-tool user: Consistently return a tuple
We would get an error when get_userPassword_hash() returned None, as
get_virtual_crypt_value() would try to unpack the result as a 2-element
tuple.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a9caf760 by Andrew Bartlett at 2022-05-05T00:27:33+00:00
selftest: Rework password_lockout_base.py to allow logon_basics test to be run in ad_dc_no_ntlm
We need to ensure that even if NTLM is disabled, that the test
can still bootstrap and fail normally.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
127fe361 by Andrew Bartlett at 2022-05-05T00:27:33+00:00
selftest: Run some tests in the ad_dc_no_ntlm environment to show expected behaviour
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
08904752 by Joseph Sutton at 2022-05-05T00:27:33+00:00
tests/passwords: Remove unused imports
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c294f729 by Joseph Sutton at 2022-05-05T00:27:33+00:00
tests/passwords: Add tests for password history with simple binds
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2f17cbf3 by Joseph Sutton at 2022-05-05T00:27:33+00:00
tests/krb5: Allow passing expected etypes to get_keys()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7a36b018 by Andrew Bartlett at 2022-05-05T01:19:54+00:00
dsdb: Do not reuse "ret" variable as return code and for memcmp() comparison
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu May 5 01:19:54 UTC 2022 on sn-devel-184
- - - - -
cdecce9c by Andreas Schneider at 2022-05-05T02:47:38+00:00
s3:tests: Reformat test_delete_veto_files_only_rmdir.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
fcbcfc86 by Andreas Schneider at 2022-05-05T02:47:38+00:00
s3:tests: Reformat test_dfree_command.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4d79f8e1 by Andreas Schneider at 2022-05-05T02:47:38+00:00
s3:tests: Reformat test_dfree_quota.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7366bd11 by Andreas Schneider at 2022-05-05T02:47:38+00:00
s3:tests: Reformat test_dropbox.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
cc606c7c by Andreas Schneider at 2022-05-05T03:42:13+00:00
s3:tests: Reformat test_durable_handle_reconnect.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu May 5 03:42:13 UTC 2022 on sn-devel-184
- - - - -
ce1a0119 by Andreas Schneider at 2022-05-05T11:00:35+00:00
s3:tests: Reformat test_failure.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ce301a78 by Andreas Schneider at 2022-05-05T11:00:35+00:00
s3:tests: Reformat test_fifo.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2af74a2b by Andreas Schneider at 2022-05-05T11:00:35+00:00
s3:tests: Reformat test_force_close_share.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c72b4805 by Andreas Schneider at 2022-05-05T11:00:35+00:00
s3:tests: Reformat test_force_create_mode.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3c313a21 by Andreas Schneider at 2022-05-05T11:00:35+00:00
s3:tests: Reformat test_force_group_change.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f1e40238 by Andreas Schneider at 2022-05-05T11:00:35+00:00
s3:tests: Reformat test_force_user_unlink.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
cda4db7d by Andreas Schneider at 2022-05-05T11:53:51+00:00
s3:tests: Reformat test_forceuser_validusers.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Thu May 5 11:53:51 UTC 2022 on sn-devel-184
- - - - -
83019310 by Douglas Bagnall at 2022-05-05T13:42:32+00:00
py/gp_cert_auto_enroll_ext: avoid shadowing loop variable
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: David Mulder <dmulder at suse.com>
- - - - -
6d20b7fe by Douglas Bagnall at 2022-05-05T13:42:32+00:00
py/gp_cert_auto_enroll_ext: avoid redundant iteration
self.__read_cep_data() does a 'for end_point_group in end_point_information:',
and we don't need to do it outside
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: David Mulder <dmulder at suse.com>
- - - - -
e008c8f8 by Douglas Bagnall at 2022-05-05T14:39:50+00:00
python/gp_cert_auto_enroll: removed unused imports
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: David Mulder <dmulder at suse.com>
Autobuild-User(master): David Mulder <dmulder at samba.org>
Autobuild-Date(master): Thu May 5 14:39:50 UTC 2022 on sn-devel-184
- - - - -
3453ab99 by John Mulligan at 2022-05-06T17:16:30+00:00
s3/lib/smbconf: replace uses of talloc_tos with talloc_stackframe
There are two calls to talloc_tos in the smbconf registry code.
In order not to make callers of this library have to "know" what
calls need an existing talloc stackframe, convert these uses
to match other functions in the same file that already use
talloc_stackframe.
Signed-off-by: John Mulligan <jmulligan at redhat.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
f0e15774 by John Mulligan at 2022-05-06T17:16:30+00:00
s3/lib/smbconf: add talloc_stackframe to smbconf_init_reg
Previously, if this function was called without an existing stackframe
then uses of talloc_tos in source3/registry trigger a panic. Since we
intend to add patches that allow access to this call with Python
bindings, that will not typically have a talloc_stackframe already, we
add a talloc_stackframe call around the call to
smbconf_init_reg_internal. This hides the use of talloc_tos in the
registry code from higher level code that needs to call smbconf.
Signed-off-by: John Mulligan <jmulligan at redhat.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
f74d163e by John Mulligan at 2022-05-06T17:16:30+00:00
lib/smbconf: move python smbconf type definition to header
Moving the definition of the type to a header file will allow
future reuse of the C-type fields in a different C-API python
module.
Signed-off-by: John Mulligan <jmulligan at redhat.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
fcd50ea4 by John Mulligan at 2022-05-06T17:16:30+00:00
lib/smbconf: add a python function for raising smbconf exceptions
The previous implementation in C was private to the module. Add
a small python wrapper function so that a different python module
may reuse the implementation.
The python level function is prefixed with "_" to mark it as
"private". Only future cooperating modules in the samba sources
should make use of it.
The function is shared at the python level as per the recommendation:
https://stackoverflow.com/a/2136670
Signed-off-by: John Mulligan <jmulligan at redhat.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
733ac02b by John Mulligan at 2022-05-06T17:16:30+00:00
source3/lib/smbconf: add python bindings for init functions
Add functions that allow python to access the registry back-end
initialization function as well as the "general" init function
that parses the back-end out of given string "path".
With the registry back-end it will be possible to implement and
test read-write functions of smbconf API in the future.
Signed-off-by: John Mulligan <jmulligan at redhat.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
67807a64 by John Mulligan at 2022-05-06T17:16:30+00:00
python/samba/tests: add test cases for s3/registry init funcs
A previous change added smbconf initialization functions that allow
access to the registry back-end. Add some simple tests cases that
exercise these new functions.
Signed-off-by: John Mulligan <jmulligan at redhat.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
eb84f67e by John Mulligan at 2022-05-06T17:16:30+00:00
lib/smbconf: add create_share method to SMBConf
Add a create_share method wrapping smbconf_create_share.
Signed-off-by: John Mulligan <jmulligan at redhat.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
ff603de5 by John Mulligan at 2022-05-06T17:16:30+00:00
lib/smbconf: add drop method to SMBConf
Add a drop method wrapping smbconf_drop.
Signed-off-by: John Mulligan <jmulligan at redhat.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
565d8ae8 by John Mulligan at 2022-05-06T17:16:30+00:00
lib/smbconf: add set_parameter method to SMBConf
Add a set_parameter method wrapping smbconf_set_parameter.
Signed-off-by: John Mulligan <jmulligan at redhat.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
35df07d5 by John Mulligan at 2022-05-06T17:16:30+00:00
lib/smbconf: add set_global_parameter method to SMBConf
Add a set_global_parameter method wrapping smbconf_set_global_parameter.
Signed-off-by: John Mulligan <jmulligan at redhat.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
7e4bc419 by John Mulligan at 2022-05-06T17:16:30+00:00
lib/smbconf: add delete_share method to SMBConf
Add a delete_share method wrapping smbconf_delete_share.
Signed-off-by: John Mulligan <jmulligan at redhat.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
2b6bd70c by John Mulligan at 2022-05-06T17:16:30+00:00
lib/smbconf: add create_set_share method to SMBConf
Add the create_set_share method wrapping smbconf_create_set_share.
This method is one of the most complex as it must "unpack" the list
of key-value pairs from python and convert that to a `struct
smbconf_service` for the smbconfig C API.
Signed-off-by: John Mulligan <jmulligan at redhat.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
64a36f5b by John Mulligan at 2022-05-06T17:16:30+00:00
lib/smbconf: add delete_parameter method to SMBConf
Add a delete_parameter method wrapping smbconf_delete_parameter.
Signed-off-by: John Mulligan <jmulligan at redhat.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
cc26fe82 by John Mulligan at 2022-05-06T17:16:30+00:00
lib/smbconf: add delete_global_parameter method to SMBConf
Add a delete_global_parameter method wrapping smbconf_delete_global_parameter.
Signed-off-by: John Mulligan <jmulligan at redhat.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
f9df5704 by John Mulligan at 2022-05-06T18:14:30+00:00
lib/smbconf: add python wrapper functions for transaction management
The smbconf API supports transactions. This changes adds wrapper
functions transaction_start, transaction_commit, and transaction_cancel.
It also adds tests for the functions, one of which demonstrates a
semi-pythonic way to use said functions.
Signed-off-by: John Mulligan <jmulligan at redhat.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri May 6 18:14:30 UTC 2022 on sn-devel-184
- - - - -
2fb3658e by Joseph Sutton at 2022-05-10T05:19:34+00:00
samba-tool processes: Remove unused loop
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
d303a0be by Joseph Sutton at 2022-05-10T05:19:34+00:00
python/xattr: Properly process system.posix_acl_access
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
b9d12c70 by Joseph Sutton at 2022-05-10T05:19:34+00:00
examples: Remove unused imports
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
74c86aa5 by Joseph Sutton at 2022-05-10T05:19:34+00:00
examples: Make netbios.py work with Python 3
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
b2c94d3e by Joseph Sutton at 2022-05-10T05:19:34+00:00
examples: Make samr.py work with Python 3
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
5104a791 by Joseph Sutton at 2022-05-10T05:19:34+00:00
samba-tool gpo tests: Fix unintended string concatenations
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
0eb3041b by Joseph Sutton at 2022-05-10T05:19:34+00:00
samba-tool gpo: Fix unintended string concatenations
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
ba54c9cc by Joseph Sutton at 2022-05-10T05:19:34+00:00
python: Remove unnecessary 'pass' statements
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
ed9d415c by Joseph Sutton at 2022-05-10T05:19:34+00:00
wafsamba: Fix previously unreachable exception path
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
b481ceaa by Joseph Sutton at 2022-05-10T05:19:34+00:00
samba-tool: Don't try to delete local_tdo_handle twice.
This code is unreachable, as local_tdo_handle has already been deleted
and set to None earlier.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
6c1142da by Joseph Sutton at 2022-05-10T05:19:34+00:00
selftest: Remove unreachable return statement
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
6893e2c1 by Joseph Sutton at 2022-05-10T05:19:34+00:00
wintest: Remove unreachable return statement
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
79f591ed by Joseph Sutton at 2022-05-10T05:19:34+00:00
python/wscript: Remove unused format() argument
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
139f00c3 by Joseph Sutton at 2022-05-10T05:19:34+00:00
source4/scripting/bin: Remove unnecessary global declarations
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
455c083e by Joseph Sutton at 2022-05-10T05:19:34+00:00
python: Remove redundant assignments
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
6586ac03 by Joseph Sutton at 2022-05-10T05:19:34+00:00
kcc: Don't reuse outer loop variable for inner loop
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
29365195 by Joseph Sutton at 2022-05-10T06:12:10+00:00
python: Use 'is' for identity when comparing against None
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Tue May 10 06:12:10 UTC 2022 on sn-devel-184
- - - - -
fa0430b2 by Pavel Filipenský at 2022-05-10T17:31:31+00:00
s3:lib: fix trailing whitespaces
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
463f694d by Pavel Filipenský at 2022-05-10T17:31:31+00:00
s3:lib: reset all tevent trace callbacks in reinit_after_fork()
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
With "tevent: add event trace api" we have now more callbacks to reset.
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
7dbb5277 by Pavel Filipenský at 2022-05-10T17:31:31+00:00
debug: fix trailing whitespace
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e48fc192 by Pavel Filipenský at 2022-05-10T17:31:31+00:00
debug: add debug_traceid_set/get() interface
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f2fa3706 by Pavel Březina at 2022-05-10T17:31:31+00:00
s3:winbindd add "'winbind debug traceid" support via tevent tracing
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
7c2d7930 by Pavel Filipenský at 2022-05-10T17:31:31+00:00
docs-xml: document "winbind debug traceid" in smb.conf
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
8da5ec60 by Pavel Filipenský at 2022-05-10T17:31:31+00:00
winbind: enable "debug traceid" in main winbindd
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
4580fd10 by Pavel Filipenský at 2022-05-10T18:25:01+00:00
winbind: send "debug traceid" from winbindd parent to child
Bumping WINBIND_INTERFACE_VERSION to 32
Pair-Programmed-With: Andreas Schneider <asn at samba.org>
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue May 10 18:25:01 UTC 2022 on sn-devel-184
- - - - -
c28e4396 by David Mulder at 2022-05-10T19:13:29+00:00
gpo: Test Centrify Compatible Sudoers Extension
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d68270eb by David Mulder at 2022-05-10T19:13:29+00:00
gpo: Add Centrify Compatible Sudoers Extension
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
fe0aa82b by David Mulder at 2022-05-10T19:13:29+00:00
gpo: Test Centrify Compatible Crontab Extensions
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
17ba8120 by David Mulder at 2022-05-10T20:05:48+00:00
gpo: Add Centrify Compatible Crontab Extensions
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue May 10 20:05:48 UTC 2022 on sn-devel-184
- - - - -
dd568490 by Andrew Bartlett at 2022-05-10T23:05:31+00:00
.gitlab-ci: Work around new git restrictions arising from CVE-2022-24765
It was realised that git would run commands found in a git repo
(eg from configuration).
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
c771d197 by Andrew Bartlett at 2022-05-10T23:05:31+00:00
bootstrap: chown the whole cloned repo, not just the subfolders
Modern git versions have started to notice the possible security issue.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
7244a644 by Andrew Bartlett at 2022-05-10T23:05:31+00:00
bootstrap: matplotlib is not a real Samba dep
This came in via the original list of packages used
at Catalyst when building Samba for testing, in particular
related to an example LDB module to trace LDB requests.
There is no testing need for this even in make test.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
a71c6240 by Joseph Sutton at 2022-05-10T23:05:31+00:00
tests/samba-tool user_wdigest: Remove unused imports
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
05a7092f by Joseph Sutton at 2022-05-10T23:05:31+00:00
tests/samba-tool user_wdigest: Fix flapping test
The randomly-generated password for the user account may be too weak,
causing account creation to fail. This leads to further problems, as the
result of the command is not checked, and connecting over LDAP means
transactions cannot be used, leading to a half-created account and
failing tests.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c87ec2d3 by Joseph Sutton at 2022-05-10T23:05:31+00:00
tests/samba-tool user_wdigest: Add accounts to local database
Adding accounts over LDAP means transactions cannot be used, potentially
leading to problems.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9b0f25ec by Joseph Sutton at 2022-05-10T23:05:31+00:00
tests/samba-tool user_wdigest: Check command results
Ensure that the commands to create and delete the user execute
successfully.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e6b61869 by Joseph Sutton at 2022-05-10T23:05:31+00:00
tests/samba-tool user: Add test for adding a user over LDAP
Ensure that we do not end up with half-created accounts.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e6712751 by Joseph Sutton at 2022-05-10T23:05:31+00:00
samdb: Avoid half-created accounts
If newuser() or newcomputer() create an account over LDAP, and an
attempt to modify it (e.g. to change the password) fails, ensure that we
properly clean up the account. If we are connected over LDAP, we won't
have transactions to clean things up for us.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
187635ff by Joseph Sutton at 2022-05-10T23:05:31+00:00
tests/user_check_password_script: Remove unused imports
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ede2fcb5 by Joseph Sutton at 2022-05-10T23:05:31+00:00
tests/user_check_password_script: Don't try to delete user after failed add
The user account should not exist if account creation failed.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0b214d66 by Andreas Schneider at 2022-05-11T00:04:55+00:00
gitignore: Add .ropeproject for pylsp-rope plugin
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed May 11 00:04:55 UTC 2022 on sn-devel-184
- - - - -
be2e2044 by Jeremy Allison at 2022-05-11T18:06:42+00:00
s3: libsmbclient: Cope with SMB2 servers that return STATUS_USER_SESSION_DELETED on a SMB2_ECHO (SMB2_OP_KEEPALIVE) call with a NULL session.
This is already tested by smb2.session.expire which
shows that Windows and Samba servers don't need this,
but some third party server are returning STATUS_USER_SESSION_DELETED
with a NULL sessionid.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13218
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Bjoern Jacke <bjacke at samba.org>
Autobuild-User(master): Björn Jacke <bjacke at samba.org>
Autobuild-Date(master): Wed May 11 18:06:42 UTC 2022 on sn-devel-184
- - - - -
eddefe3c by Douglas Bagnall at 2022-05-12T02:22:35+00:00
util/base64: decode_data_blob_talloc catches talloc error
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4bcdc3bf by Matt Suiche at 2022-05-12T02:22:35+00:00
compression tests: add LZXpress tests based on [MS-XCA]
MS-XCA contains examples, and we should at least get those right.
Signed-off-by: Matt Suiche <msuiche at comae.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f67ff611 by Matt Suiche at 2022-05-12T02:22:35+00:00
compression tests: add test for legacy compressed data
Signed-off-by: Matt Suiche <msuiche at comae.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a8fb4524 by Matt Suiche at 2022-05-12T02:22:35+00:00
compression: fix lzxpress_decompress
Signed-off-by: Matt Suiche <msuiche at comae.com>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
8f7fbc5c by Matt Suiche at 2022-05-12T02:22:35+00:00
compression: lzxpress_compress: fix no-op shift of 0
Signed-off-by: Matt Suiche <msuiche at comae.com>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
3c2f1f03 by Matt Suiche at 2022-05-12T02:22:35+00:00
compression: fix lzxpress-compress
Signed-off-by: Matt Suiche <msuiche at comae.com>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
eb7f139d by Joseph Sutton at 2022-05-12T02:22:35+00:00
compression tests: Add additional compression tests
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9516b268 by Joseph Sutton at 2022-05-12T02:22:35+00:00
compression: Use explicit data sizes
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d368fa61 by Joseph Sutton at 2022-05-12T02:22:35+00:00
compression: Consistently use PUSH_LE_Uxx macros
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f8feac11 by Joseph Sutton at 2022-05-12T02:22:35+00:00
compression: Simplify redundant branches
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
7fab9f90 by Joseph Sutton at 2022-05-12T02:22:35+00:00
compression: Use correct value for nibble_index
Previously, we were setting this to the wrong value and overwriting
existing output data.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
69244b52 by Joseph Sutton at 2022-05-12T02:22:35+00:00
compression: Use correct value for indic_pos
Previously, we were setting this to the wrong value and overwriting
existing output data.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
ea42717c by Joseph Sutton at 2022-05-12T02:22:35+00:00
compression: Simplify code by removing metadata_size variable
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
b1534457 by Joseph Sutton at 2022-05-12T02:22:35+00:00
compression: Make use of CHECK_{IN,OUT}PUT_BYTES macros
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
f2ea8d4c by Joseph Sutton at 2022-05-12T02:22:35+00:00
compression: Simplify code by making indic_pos an index
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
52982c01 by Joseph Sutton at 2022-05-12T02:22:35+00:00
compression: Make use of PUSH_LE_Uxx macros
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b62fbc4a by Joseph Sutton at 2022-05-12T02:22:35+00:00
compression: Remove redundant nibble_index check
If nibble_index is non-zero, we have already written to it, and so don't
need to check again that it is in bounds.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
6f3f1ba5 by Joseph Sutton at 2022-05-12T02:22:35+00:00
compression: Add range check for indic_pos
This now matches the other use of indic_pos.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
417e0c91 by Joseph Sutton at 2022-05-12T02:22:35+00:00
compression: Remove redundant bounds check
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
bb9115e0 by Joseph Sutton at 2022-05-12T02:22:35+00:00
compression: Remove byte_left variable
We can simplify this code using the identity:
byte_left + uncompressed_pos = uncompressed_size
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
430bcd7a by Joseph Sutton at 2022-05-12T02:22:35+00:00
compression: Fix writing output flags
If indic_bit == 0, the shift amount of 32 - indic_bit == 32 will equal
the width of a 32-bit integer type, and these shifts will invoke
undefined behaviour, which is likely to cause incorrect output. Fix this
by not shifting a 32-bit integer type by 32 bits or more.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
0c813ee5 by Joseph Sutton at 2022-05-12T02:22:35+00:00
compression: Remove helper variables str1 and str2
This simplifies the code and makes it clearer.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
41b88d35 by Joseph Sutton at 2022-05-12T02:22:35+00:00
compression: Add bounds check for first output buffer write
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
1a964210 by Joseph Sutton at 2022-05-12T02:22:35+00:00
compression: Use PUSH_LE_U32 for first output buffer write
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5b1f8ea8 by Joseph Sutton at 2022-05-12T02:22:35+00:00
compression: Reduce scope of variables
This makes the code clearer.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
131eb752 by Joseph Sutton at 2022-05-12T02:22:35+00:00
compression: Remove unneeded loop variable
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
fe5fa7e1 by Joseph Sutton at 2022-05-12T02:22:35+00:00
compression: Replace divisions with shifts
This is more consistent with the compression code.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
877f007f by Joseph Sutton at 2022-05-12T02:22:35+00:00
compression: Use correct values for max len and offset
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
075df819 by Joseph Sutton at 2022-05-12T02:22:35+00:00
compression: Move maximum length calculation out of inner loop
This makes the code clearer.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
d8a90d2a by Douglas Bagnall at 2022-05-12T02:22:35+00:00
compression:tests: test lzxpress in some edge cases
Empty strings and trailing flag blocks.
(found with Honggfuzz and a round-trip fuzzer that aborts if the
strings differ).
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1ca44492 by Douglas Bagnall at 2022-05-12T02:22:35+00:00
compression: fix lzxpress decompress with trailing flags
Every so often, lzxpress adds a 32-bit block of indicator flags to
help decode the next clump of 32 code words. A naive compressor (such
as we have) might do this at the very end for flags that aren't
actually used because there are no more bytes to decompress. If that
happens we need to stop processing, or we'll come to worse outcome at
the next CHECK_INPUT_BYTES.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e36cb10b by Douglas Bagnall at 2022-05-12T02:22:35+00:00
compression: lzxpress decompress empty string as empty string
This mirrors the behaviour of lzxpress_compress, which "encodes" an
empty string as an empty string.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
383a7cfe by Douglas Bagnall at 2022-05-12T02:22:35+00:00
compression: remove always false constant comparison
We set `uncompressed_pos = 0;` unconditionally, just ~10 lines up.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
05c76016 by Douglas Bagnall at 2022-05-12T02:22:35+00:00
compression: add a few comments, including MS-XCA pointers.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
505d2879 by Douglas Bagnall at 2022-05-12T02:22:35+00:00
compression:tests: align test names with functions
You'll thank me if you're ever debugging these and wondering why
'lzxpress4' calls 'lzxpress2' (or is it the other way round?).
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6c9fd8fb by Douglas Bagnall at 2022-05-12T02:22:35+00:00
fuzz: add fuzz_lzxpress_compress
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8a91ffa6 by Douglas Bagnall at 2022-05-12T02:22:35+00:00
fuzz: add lzxpress compress/decompress round-trip
We say it is an error to end up at a different result.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c4e57605 by Andrew Bartlett at 2022-05-12T03:18:42+00:00
s4-samr: Fix missing check for GnuTLS errors from E_old_pw_hash()
Not likely to be an issue in the real world as the earlier calls
will have failed if weak crypto was disabled, but this was missed
in dce944e8a1119034f184336f6b71a28080152a0a.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu May 12 03:18:42 UTC 2022 on sn-devel-184
- - - - -
144878ce by David Mulder at 2022-05-12T17:54:32+00:00
gpo: Supress error caused by ldap Cert Auto Enroll config
When the CA url specified on the SYSVOL is 'LDAP:'
this means that configuration should be fetched
from LDAP. This corrects an error message that
was being reported when the URL appeared improper
but really is not. This does not change the
code behavior (it was still working), but
removes the invalid error.
Signed-off-by: David Mulder <dmulder at suse.com>
Revewed-by: Andreas Schneider <asn at samba.org>
- - - - -
dcdc9859 by David Mulder at 2022-05-12T18:45:41+00:00
gpo: Halt Cert Auto Enroll process if data corrupted
If the CA URL cannot be processed, then halt
processing. Otherwise we'll end up in a broken
state later when trying to read from the end
points with missing data.
Signed-off-by: David Mulder <dmulder at suse.com>
Revewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu May 12 18:45:41 UTC 2022 on sn-devel-184
- - - - -
53a55428 by David Mulder at 2022-05-13T14:46:29+00:00
bootstrap: Add python3-requests dependency
Certificate Auto Enrollment will depend on
python3-requests in order to fetch the
root chain.
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
d3e0eec0 by David Mulder at 2022-05-13T14:46:29+00:00
gpo: Remove sscep depends from Cert Auto Enroll
Certificate Auto Enrollment currently depends on
sscep to retrieve the root certificate chain.
This isn't necessary, since this can be
accomplished with a simple GET.
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
73b12a80 by David Mulder at 2022-05-13T14:46:29+00:00
gpo: Fix Cert Auto Enroll docstrings
These were flagged by pydocstyle.
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
8231eaf8 by David Mulder at 2022-05-13T15:38:53+00:00
gpo: Cert Auto Enroll use ldap trust cert if NDES disabled
If the CA does not have the Network Device
Enrollment Service enabled, we can still use the
certificate from the ldap request (unless this is
a complex request and ldap config isn't present).
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Fri May 13 15:38:53 UTC 2022 on sn-devel-184
- - - - -
6781ab11 by Pavel Filipenský at 2022-05-14T03:49:32+00:00
libcli: Fix trailing whitespace in netlogon.c
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
d4e5712c by Pavel Filipenský at 2022-05-14T03:49:32+00:00
libcli: Covscan: unchecked return value for file_save()
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
679942ea by Pavel Filipenský at 2022-05-14T03:49:32+00:00
s4:libcli: Fix trailing whitespace in netlogon.c
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
9cfed3f3 by Pavel Filipenský at 2022-05-14T03:49:32+00:00
s4:libcli: Covscan: unchecked return value for file_save()
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
238d3603 by Pavel Filipenský at 2022-05-14T03:49:32+00:00
s4:libcli: Fix trailing whitespace in browse.c
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
61275099 by Pavel Filipenský at 2022-05-14T03:49:32+00:00
s4:libcli: Covscan: unchecked return value for file_save()
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
91d1d0e4 by Pavel Filipenský at 2022-05-14T03:49:32+00:00
ctdb: Fix trailing whitespace in rb_tree.c
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
8cb65650 by Pavel Filipenský at 2022-05-14T03:49:32+00:00
ctdb: Covscan: unchecked return value for trbt_traversearray32()
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
ccda9c16 by Pavel Filipenský at 2022-05-14T03:49:32+00:00
auth: Fix trailing whitespace in pycredentials.c
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
3960af99 by Pavel Filipenský at 2022-05-14T03:49:32+00:00
auth: Covscan: unchecked return value for cli_credentials_set_smb_encryption()
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
9da9b516 by Pavel Filipenský at 2022-05-14T03:49:32+00:00
s3:libsmb: Covscan: unchecked return value for cli_credentials_set_smb_encryption()
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
26288594 by Pavel Filipenský at 2022-05-14T03:49:32+00:00
s3:smbd Fix trailing whitespace in files.c
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
d3c67823 by Pavel Filipenský at 2022-05-14T04:41:57+00:00
s3:smbd: Covscan: remove dead code
Covscan:
source3/smbd/files.c:575: check_after_deref: Null-checking "fsp" suggests that it
may be null, but it has already been dereferenced on all paths leading to the check.
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Sat May 14 04:41:57 UTC 2022 on sn-devel-184
- - - - -
767ede00 by Anoop C S at 2022-05-17T19:28:30+00:00
vfs_glusterfs: Fix get_real_filename_at implementation
glfd(gluster fd) used in glfs_fgetxattr() for get_real_filename_at()
implementation doesn't correctly point to required directory fd. Since
GlusterFS still don't support *at() variant syscalls we will have to
rely on full path/name constructed out of dirfsp.
Signed-off-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
0633d883 by Anoop C S at 2022-05-17T20:20:05+00:00
vfs_glusterfs: Fix fdopendir implementation
Directory stream returned for fdopendir() within vfs_glusterfs doesn't
correctly point to required directory fd. Since GlusterFS still don't
support *at() variant syscalls we will have to rely on full path/name
constructed out of fsp.
Signed-off-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue May 17 20:20:05 UTC 2022 on sn-devel-184
- - - - -
04309bc6 by Douglas Bagnall at 2022-05-17T22:13:35+00:00
lzxpress/test: time performance of long boring sequences
We get *very* slow when long runs of the bytes are the same. On this
laptop the test takes 18s; with the next commit it will be 0.006s.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
637e7cbd by Douglas Bagnall at 2022-05-17T23:11:21+00:00
lzxpress: compress shortcut if we've reached maximum length
A simple degenerate case for our compressor has been a large number of
repeated bytes that will match the maximum length (~64k) at all 8192
search positions, 8191 of which searches are in vain because the
matches are not of greater length than the first one.
Here we recognise the inevitable and reduce runtime proportionately.
Credit to OSS-Fuzz.
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47428
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Douglas Bagnall <dbagnall at samba.org>
Autobuild-Date(master): Tue May 17 23:11:21 UTC 2022 on sn-devel-184
- - - - -
268ae191 by Andreas Schneider at 2022-05-18T06:58:35+00:00
s3:tests: Reformat test_give_owner.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
db882106 by Andreas Schneider at 2022-05-18T06:58:35+00:00
s3:tests: Reformat test_groupmap.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
e9079b35 by Andreas Schneider at 2022-05-18T06:58:35+00:00
s3:tests: Reformat test_guest_auth.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
4cc48c8d by Andreas Schneider at 2022-05-18T06:58:35+00:00
s3:tests: Reformat test_homes.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
39cdbec0 by Andreas Schneider at 2022-05-18T06:58:35+00:00
s3:tests: Reformat test_inherit_owner.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
15a0ae9e by Andreas Schneider at 2022-05-18T06:58:35+00:00
s3:tests: Reformat test_large_acl.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
32ca178e by Andreas Schneider at 2022-05-18T06:58:35+00:00
s3:tests: Reformat test_libwbclient_threads.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
e8938c56 by Andreas Schneider at 2022-05-18T06:58:35+00:00
s3:tests: Reformat test_local_s3.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
f2eb4116 by Andreas Schneider at 2022-05-18T06:58:35+00:00
gitlab-ci: Use openSUSE 15.3 for coverity
It provides gcc 10.3 and MIT krb5 1.19. The current coverity version
only supports gcc up to 11.1.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
00e31d9d by Andreas Schneider at 2022-05-18T06:58:35+00:00
lib:util: Do not error for array-bounds warning
This just prints a warning for:
ms_fnmatch.c:95:51: error: array subscript 0 is outside array bounds of
‘struct max_n[0]’ [-Werror=array-bounds]
95 | if (max_n != NULL && max_n->predot &&
|
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
91d8bc7a by Andreas Schneider at 2022-05-18T07:56:52+00:00
gitlab-ci: Update Fedora to version 36
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Wed May 18 07:56:52 UTC 2022 on sn-devel-184
- - - - -
31451318 by Volker Lendecke at 2022-05-18T16:50:34+00:00
selftest: Test for bug 15062 -- list "username" in netshareenum
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15062
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
20cbade5 by Volker Lendecke at 2022-05-18T16:50:34+00:00
srvsvc: Add a central return point to init_srv_share_info_ctr()
Soon there will be cleanup work to do.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15062
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
04e0e02c by Volker Lendecke at 2022-05-18T17:42:20+00:00
srvsvc: Announce [username] in NetShareEnum
This patch has two flaws: First, it does not cover api_RNetShareEnum()
for SMB1, and the second one is: To make this elegant, we would have
to restructure our share handling. It is really only listing shares
for which we have to pull in everything from smb.conf, registry,
usershares and potentially printers. What we should do is modify our
loadparm handling to only load share definitions on demand and for
listing shares handle all the potential sources specially. Add code
that walks the registry shares without adding them to our services
list and so on.
This patch is the quick&dirty way to fix the bug, the alternative
would be weeks or more. And hopefully nobody notices the SMB1
problem...
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15062
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed May 18 17:42:20 UTC 2022 on sn-devel-184
- - - - -
35ca7a17 by Samuel Cabrero at 2022-05-19T17:51:33+00:00
examples: Update winbind.stp, delete removed functions
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c27135ad by Samuel Cabrero at 2022-05-19T17:51:33+00:00
librpc:idl: Add NDR_SECRET flag for ntlm and challenge blobs
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ce0be638 by Samuel Cabrero at 2022-05-19T17:51:33+00:00
s3:winbind: Convert PamLogOff from struct based to ndr based
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
5f213285 by Samuel Cabrero at 2022-05-19T17:51:33+00:00
examples: Update winbind.stp
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
0f3b1d5c by Samuel Cabrero at 2022-05-19T17:51:33+00:00
s3:winbind: Convert winbindd_dual_pam_chng_pswd_auth_crap() from struct based to NDR based
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
57d77200 by Samuel Cabrero at 2022-05-19T17:51:33+00:00
examples: Update winbind.stp
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ba40aad0 by Samuel Cabrero at 2022-05-19T17:51:33+00:00
s3:winbind: Split getting and filling the password policy info
Next commits will convert from struct based to NDR based. The
samr_DomInfo1 struct will be returned by the child to the parent inside
the 'r' struct and the parent will just fill the winbindd_respone..
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
cc0ef447 by Samuel Cabrero at 2022-05-19T17:51:33+00:00
s3:winbind: Convert winbindd_dual_pam_chauthtok() from struct based to NDR based
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
7575e4ef by Samuel Cabrero at 2022-05-19T17:51:33+00:00
examples: Update winbind.stp
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
574c3ed9 by Samuel Cabrero at 2022-05-19T17:51:33+00:00
s3:winbind: Move winbindd_dual_init_connection() function
It will be converted later to a local RPC call handler so it must be in
the file including ndr_winbind_scompat.c
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
5827a4f9 by Samuel Cabrero at 2022-05-19T17:51:33+00:00
s3:winbind: Fix code format and use newer debug macros
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
39005d44 by Samuel Cabrero at 2022-05-19T17:51:33+00:00
s3:winbind: Create a binding handle for each child
Next commits will convert InitConnection from struct based to NDR based
and this call will be directly issued to a domain child so create a 'wbint'
binding handle for domain childs too.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e9286b06 by Samuel Cabrero at 2022-05-19T17:51:33+00:00
s3:winbind: Convert InitConnection from struct based to NDR based
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
95698da9 by Samuel Cabrero at 2022-05-19T17:51:33+00:00
examples: Update winbind.stp
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
9bacf752 by Samuel Cabrero at 2022-05-19T18:50:24+00:00
s3:winbind: Remove struct winbindd_child_dispatch_table
All parent-child communication is based in NDR and dispatched as a local
RPC call.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu May 19 18:50:24 UTC 2022 on sn-devel-184
- - - - -
e7a60eb7 by Volker Lendecke at 2022-05-20T19:02:37+00:00
smbd: Simplify copy_file()
The only two callers did not use "count" and "target_is_directory".
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a771f1d3 by Volker Lendecke at 2022-05-20T19:02:37+00:00
smbd: Simplify copy_file()
Pass in new_create_disposition directly. We can also remove the
if-case (ofun & OPENX_FILE_EXISTS_OPEN) in copy_file, the two callers
don't use it.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
78ebd8af by Volker Lendecke at 2022-05-20T19:02:37+00:00
registry3: Align some integer types
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
8ea8526d by Volker Lendecke at 2022-05-20T19:02:37+00:00
srvsvcd: Use UINT32_MAX where appropriate
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c90aff07 by Volker Lendecke at 2022-05-20T19:02:37+00:00
srvsvcd: Fix shareinfo2 max_connections calculation
lp_max_connections() being an int could be >UINT32_MAX
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
48168614 by Volker Lendecke at 2022-05-20T19:02:37+00:00
srvsvcd: Align integer types
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d4a6e72d by Volker Lendecke at 2022-05-20T19:02:37+00:00
srvsvcd: Directly initialize variables in count_for_all_fn()
Easier to read for me
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
5f82f01a by Volker Lendecke at 2022-05-20T19:02:37+00:00
srvsvcd: Avoid an "else" due to the early return
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
be944dce by Volker Lendecke at 2022-05-20T19:59:07+00:00
srvsvcd: Silence a integer type warning
Okay because lp_csc_policy() is an enum with 4 choices
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri May 20 19:59:07 UTC 2022 on sn-devel-184
- - - - -
03036442 by Douglas Bagnall at 2022-05-23T00:53:09+00:00
s4/dlz: add support for bind 9.18
It seems nothing has changed since 9.16 for our purposes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14986
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Signed-off-by: Andreas Hasenack <andreas at canonical.com>
Pair-programmed-with: Andreas Hasenack <andreas at canonical.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Douglas Bagnall <dbagnall at samba.org>
Autobuild-Date(master): Mon May 23 00:53:09 UTC 2022 on sn-devel-184
- - - - -
d19dfe1e by Andreas Schneider at 2022-05-23T09:34:51+00:00
third_party: Update waf to version 2.0.24
This fixes building of python libraries with Python 3.11!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15071
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Mon May 23 09:34:51 UTC 2022 on sn-devel-184
- - - - -
3bb6b057 by Pavel Filipenský at 2022-05-23T18:25:28+00:00
s3:lib: Fix use_after_free: Using freed pointer "p"
Found by covscan.
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
02a9a160 by Pavel Filipenský at 2022-05-23T18:25:28+00:00
python/gp_cert_auto_enroll: Fix bitwise test in expression
Found by covscan.
result_independent_of_operands: "(e.data & 4) == 1" is always false regardless of the values of its operands. This occurs as the operand of assignment.
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
11e0eb6f by Samuel Cabrero at 2022-05-23T18:25:28+00:00
s3:libads: Print 'gc' and 'no_fallback' fields in ndr_print_ads_struct()
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
4dde5e74 by Samuel Cabrero at 2022-05-23T18:25:28+00:00
s3:libnet: Fix talloc frame not freed in order
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a26f535d by Samuel Cabrero at 2022-05-23T19:18:38+00:00
s3:libads: Clear previous CLDAP ping flags when reusing the ADS_STRUCT
Before commit 1d066f37b9217a475b6b84a935ad51fbec88fe04, when the LDAP
connection wasn't established yet (ads->ldap.ld == NULL), the
ads_current_time() function always allocated and initialized a new
ADS_STRUCT even when ads->ldap.ss had a good address after having called
ads_find_dc().
After that commit, when the ADS_STRUCT is reused and passed to the
ads_connect() call, ads_try_connect() may fail depending on the
contacted DC because ads->config.flags field can contain the flags
returned by the previous CLDAP call. For example, when having 5 DCs:
* 192.168.101.31 has PDC FSMO role
* 192.168.101.32
* 192.168.101.33
* 192.168.101.34
* 192.168.101.35
$> net ads info -S 192.168.101.35
net_ads_info()
ads_startup_nobind()
ads_startup_int()
ads_init()
ads_connect()
ads_try_connect(192.168.101.35)
check_cldap_reply_required_flags(returned=0xF1FC, required=0x0)
ads_current_time()
ads_connect()
ads_try_connect(192.168.101.35)
check_cldap_reply_required_flags(returned=0xF1FC, required=0xF1FC)
The check_cldap_reply_required_flags() call fails because
ads->config.flags contain the flags returned by the previous CLDAP call,
even when the returned and required values match because they have
different semantics:
if (req_flags & DS_PDC_REQUIRED)
RETURN_ON_FALSE(ret_flags & NBT_SERVER_PDC);
translates to:
if (0xF1FC & 0x80)
RETURN_ON_FALSE(0xF1FC & 0x01);
which returns false because 192.168.101.35 has no PDC FSMO role.
The easiest fix for now is to reset ads->config.flags in
ads_current_time() when reusing an ADS_STRUCT before calling
ads_connect(), but we should consider storing the required and returned
flags in different fields or at least use the same bitmap for them
because check_cldap_reply_required_flags() is checking a
netr_DsRGetDCName_flags value using the nbt_server_type bitmap.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14674
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon May 23 19:18:38 UTC 2022 on sn-devel-184
- - - - -
5b649304 by Noel Power at 2022-05-24T09:33:31+00:00
s3/script/tests: Test smbclient -E redirects output to stderr
Add new test to ensure smbclient is writing to stderr (with '-E')
Add knownfail for this test (will be removed when issue is fixed in
later commit)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15075
Signed-off-by: Noel Power <noel.power at suse.com>
- - - - -
56e17981 by Noel Power at 2022-05-24T10:29:27+00:00
s3/client: Restore '-E' handling
Sometimes we really do need to redirect output to stderr
e.g. when using the tar command to output the archive to stdout
we don't want debug or cmdline status messages straying into stdout.
was removed with commit: e4474ac0a540c56548b4d15e38f2e234455e19b6
remove known fail for the test
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15075
Signed-off-by: Noel Power <noel.power at suse.com>
Autobuild-User(master): Noel Power <npower at samba.org>
Autobuild-Date(master): Tue May 24 10:29:27 UTC 2022 on sn-devel-184
- - - - -
976326fa by Michael Tokarev at 2022-05-25T06:19:32+00:00
s3/util/py_net.c: fix samba-tool domain join&leave segfault
We process python args using PyArg_ParseTupleAndKeywords(), and use "p"
type modifier there. According to documentation, this type modifier,
while works for a boolean type, expects an argument of type int. But in
py_net_join_member() and py_net_leave() we use argument of type uint8_t
(no_dns_update, keep_account, r->in.debug). So when PyArg_ParseTupleAndKeywords()
tries to assign a value to &no_dns_update, it updates subsequent, unrelated bytes
too, - which ones depends on the stack and structure layout used by the compiler.
Fix this by using int type for all relevant variables, and by introducing proxy
variable "debug" (of the same type) for r->in.debug.
While at it, also ensure all variables have sensible default values.
Signed-off-by: Michael Tokarev <mjt at tls.msk.ru>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Wed May 25 06:19:32 UTC 2022 on sn-devel-184
- - - - -
4ee29f84 by Uri Simchoni at 2022-05-25T19:54:35+00:00
[ci-images] use podman instead of docker
Use podman as image building tool instead of docker. The image-creation
pipeline still runs on docker only (until gitlab-runner supports
podman), but the pipeline image may emply podman instead of docker to
build images.
Signed-off-by: Uri Simchoni <uri at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
96da1142 by Uri Simchoni at 2022-05-25T19:54:35+00:00
[ci-images] run podman directly instead of docker link
Instead of having a symbolic link from docker to podman,
use podman directly. This is made for better clarity, and
because docker and podman are not 100% intechangeable in this
script.
Signed-off-by: Uri Simchoni <uri at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
37c6a327 by Uri Simchoni at 2022-05-25T20:50:25+00:00
[ci-images] remove use of sudo in image building smoke test
Signed-off-by: Uri Simchoni <uri at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Uri Simchoni <uri at samba.org>
Autobuild-Date(master): Wed May 25 20:50:25 UTC 2022 on sn-devel-184
- - - - -
5e00c230 by Pavel Filipenský at 2022-05-26T19:36:52+00:00
py:gpo: Fix testing of 0x8000 bit
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: David Mulder <dmulder at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): David Mulder <dmulder at samba.org>
Autobuild-Date(master): Thu May 26 19:36:52 UTC 2022 on sn-devel-184
- - - - -
9537ac72 by Douglas Bagnall at 2022-05-30T10:11:28+00:00
cmdline_s4: re-initialise logging once loadparm is ready
The first time round we maybe didn't know which files we wanted to log to.
Suppose, for example, we had an smb.conf with
log level = 1 dsdb_group_json_audit:5@/var/log/group_json.log
we wouldn't see anything in "/var/log/group_json.log", while the level
5 dsdb_group_json_audit messages would go into the main log.
Note that the named file would still be opened by winbindd and others
that use the s3 code, but would remain empty as they don't have anything
to say about dsdb_group_json_audit.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15076
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
3567f413 by Douglas Bagnall at 2022-05-30T11:03:47+00:00
debug: update comments about setup_logging()
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Mon May 30 11:03:47 UTC 2022 on sn-devel-184
- - - - -
80de84d3 by Martin Schwenke at 2022-05-31T05:06:29+00:00
ctdb-daemon: Log per-database summary of resent calls
After a recovery that takes a significant amount of time the logs are
flooded with messages about every resent call.
Log a summary instead and demote per-call messages to INFO level.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
da9decfc by Martin Schwenke at 2022-05-31T05:06:29+00:00
ctdb-daemon: Remove unused #includes of rb_tree.h
ctdb_takeover.c and eventscript.c no longer use this.
ipalloc_common.c has never used it.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
a400f4e7 by Martin Schwenke at 2022-05-31T05:06:29+00:00
ctdb-doc: Fix typos in the policy routing documentation
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
90a96f06 by Martin Schwenke at 2022-05-31T05:06:29+00:00
ctdb-recoverd: Do not ban on unknown error when taking cluster lock
If the cluster filesystem is unavailable then I/O errors may occur.
This is no worse than contention, so don't ban. This avoids having
services unavailable for longer than necessary.
Update the associated test to simply confirm that this results in a
leaderless cluster, and leadership is restored when the lock can once
again be taken.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
b20ee180 by Martin Schwenke at 2022-05-31T05:56:43+00:00
ctdb-tests: Fix a cut and paste error in a comment
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay at samba.org>
Autobuild-Date(master): Tue May 31 05:56:43 UTC 2022 on sn-devel-184
- - - - -
5aa6b85c by Volker Lendecke at 2022-05-31T19:17:34+00:00
winbind: Create local krb5.conf for idmap backend ad
Without this, it can happen that tldap will look at a possibly wrong
/etc/krb5.conf. I have not reliably reproduced this, because a
set_domain_online_request() in the idmap child might interfere with
this, so I could not write a comprehensive test for this. Manual
testing however fixes the issue that wbinfo --sid-to-uid can take ages
asking a potentially nonexisting KDC.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
56f5ea68 by David Mulder at 2022-05-31T20:15:45+00:00
gpo: Move Group Policy code below gp directory
Moves the Group Policy extensions and supporting
code within the existing python/samba/gp directory.
Meant to clean up the clutter that's accumulating
in python/samba.
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue May 31 20:15:45 UTC 2022 on sn-devel-184
- - - - -
3b5b80e9 by Andreas Schneider at 2022-05-31T20:53:35+00:00
s3:printing: Initialize the printcap cache as soon as the bgqd starts
As soon as the background daemon starts, we need to initialize the
printcap cache so that rpcd-spoolssd can serve printers.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15081
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ac16351f by Andreas Schneider at 2022-05-31T21:51:07+00:00
s3:printing: Start samba-bgqd as soon as possible
We need some time to fill the printcap cache.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15081
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue May 31 21:51:07 UTC 2022 on sn-devel-184
- - - - -
a0f7ced6 by Ralph Boehme at 2022-06-03T20:56:35+00:00
vfs_gpfs: indentation and README.Coding fixes
Best viewed with git show -w.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15069
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
- - - - -
ad06d806 by Ralph Boehme at 2022-06-03T20:56:35+00:00
vfs_gpfs: pass fsp to gpfsacl_emu_chmod()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15069
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
- - - - -
5f4625a2 by Ralph Boehme at 2022-06-03T20:56:35+00:00
vfs_gpfs: pass fsp to gpfs_get_nfs4_acl()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15069
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
- - - - -
c26efe0c by Ralph Boehme at 2022-06-03T20:56:35+00:00
vfs_gpfs: pass fsp to gpfsacl_get_posix_acl()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15069
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
- - - - -
3764be70 by Ralph Boehme at 2022-06-03T20:56:35+00:00
vfs_gpfs: use fsp in gpfsacl_get_posix_acl()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15069
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
- - - - -
ac458648 by Ralph Boehme at 2022-06-03T20:56:35+00:00
vfs_gpfs: pass fsp to vfs_gpfs_getacl()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15069
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
- - - - -
1b2c70f4 by Ralph Boehme at 2022-06-03T20:56:35+00:00
vfs_gpfs: pass fsp to gpfs_getacl_with_capability()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15069
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
- - - - -
d373ff3c by Ralph Boehme at 2022-06-03T20:56:35+00:00
lib/util/gpfswrap: add gpfswrap_fgetacl()
Adds handle based version of gpfswrap_getacl().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15069
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
- - - - -
a0dc4c90 by Ralph Boehme at 2022-06-03T20:56:35+00:00
vfs_gpfs: finally: use gpfswrap_fgetacl() instead of gpfswrap_getacl()
Replaces path based gpfswrap_getacl() with handle based version
gpfswrap_fgetacl(). When dealing with files in snapshots fsp->fsp_name points to
the active dataset, which will cause ENOENT failures if files are deleted there
any only present in the snapshot:
[2022/05/06 11:32:55.233435, 4, pid=12962, effective(1460548, 273710), real(1460548, 0)]
calling open_file with flags=0x0 flags2=0x800 mode=0644, access_mask = 0x80, open_access_mask = 0x80
[2022/05/06 11:32:55.233460, 10, pid=12962, effective(1460548, 273710), real(1460548, 0), class=vfs]
gpfs_get_nfs4_acl invoked for dir/subdir/file.txt
[2022/05/06 11:32:55.233495, 5, pid=12962, effective(1460548, 273710), real(1460548, 0), class=vfs]
smbd_gpfs_getacl failed with No such file or directory
[2022/05/06 11:32:55.233521, 9, pid=12962, effective(1460548, 273710), real(1460548, 0), class=vfs]
gpfs_getacl failed for dir/subdir/file.txt with No such file or directory
[2022/05/06 11:32:55.233546, 10, pid=12962, effective(1460548, 273710), real(1460548, 0)]
smbd_check_access_rights_fsp: Could not get acl on dir/subdir/file.txt {@GMT-2022.05.04-11.58.53}: NT_STATUS_OBJECT_NAME_NOT_FOUND
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15069
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
- - - - -
9172c5ff by Ralph Boehme at 2022-06-03T20:56:35+00:00
lib/util/gpfswrap: remove unused gpfswrap_getacl()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15069
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
- - - - -
8ae672f9 by Ralph Boehme at 2022-06-03T20:56:35+00:00
vfs_gpfs: use handle based gpfswrap_get_winattrs()
Fixes detecting offline flag for files in snapshot – no idea if this is
actually expected.
Replaces path based gpfswrap_get_winattrs_path() with handle based version
gpfswrap_get_winattrs(). When dealing with files in snapshots fsp->fsp_name
points to the active dataset, which will cause ENOENT failures if files are
deleted there any only present in the snapshot.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15069
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
- - - - -
3bd75398 by Ralph Boehme at 2022-06-03T21:53:31+00:00
lib/util/gpfswrap: remove unused gpfswrap_get_winattrs_path()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15069
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Jun 3 21:53:31 UTC 2022 on sn-devel-184
- - - - -
b7810f03 by Samuel Cabrero at 2022-06-04T00:27:29+00:00
selftests: Convert "net ads dns async" test to python
The current test uses the dig tool from bind9 but this tool has been
rewritten in 9.17.7 to use bind's netmgr functions instead of isc_socket
(commit 94b7988efb0f9b96415dd2966e6070450d960263).
The problem is that these 'netmgr' functions use libuv internally, and, on
systems supporting it, they end up using the sendmmsg() syscall which is not
catched by socket wrapper so the test fails.
This commit converts the test to python and uses the dnspython module
instead of the dig tool. Backtraces follow as reference.
Backtrace from dig v9.16.28 (working):
#0 0x00007ffff778edee in sendmsg () from /lib64/libc.so.6
#1 0x00000000005e5dee in cmsgsend (s=s at entry=12, level=level at entry=0, type=type at entry=1, res=<optimized out>) at net.c:515
#2 0x00000000005e616c in try_dscp_v4 () at net.c:623
#3 try_dscp () at net.c:696
#4 0x00007ffff7708ad7 in __pthread_once_slow () from /lib64/libc.so.6
#5 0x00000000005e66d7 in initialize_dscp () at net.c:702
#6 isc_net_probedscp () at net.c:707
#7 0x00000000005e8460 in socket_create (manager=0x6b49c0, pf=2, type=<optimized out>, socketp=0x7ffff0012b00, dup_socket=0x0) at socket.c:2454
#8 0x000000000043cfcd in send_udp (query=0x7ffff00129a8) at dighost.c:2897
#9 0x000000000043f9c7 in onrun_callback (task=<optimized out>, event=<optimized out>) at dighost.c:4271
#10 0x00000000005dfefe in task_run (task=0x6b5c70) at task.c:851
#11 isc_task_run (task=0x6b5c70) at task.c:944
#12 0x00000000005ca0ce in isc__nm_async_task (worker=0x6b8970, ev0=0x716250) at netmgr.c:873
#13 process_netievent (worker=worker at entry=0x6b8970, ievent=0x716250) at netmgr.c:952
#14 0x00000000005ca2ba in process_queue (worker=worker at entry=0x6b8970, type=type at entry=NETIEVENT_TASK) at netmgr.c:1021
#15 0x00000000005caa43 in process_all_queues (worker=0x6b8970) at netmgr.c:792
#16 async_cb (handle=0x6b8cd0) at netmgr.c:821
#17 0x00007ffff7898a4d in ?? () from /lib64/libuv.so.1
#18 0x00007ffff78b4217 in ?? () from /lib64/libuv.so.1
#19 0x00007ffff789e40a in uv_run () from /lib64/libuv.so.1
#20 0x00000000005ca31e in nm_thread (worker0=0x6b8970) at netmgr.c:727
#21 0x00000000005e2315 in isc__trampoline_run (arg=0x6b7c40) at trampoline.c:198
#22 0x00007ffff7703767 in start_thread () from /lib64/libc.so.6
#23 0x00007ffff778dc10 in clone3 () from /lib64/libc.so.6
Backtrace from dig v9.17.7 (not working):
#0 0x00007ffff7684480 in syscall () from /lib64/libc.so.6
#1 0x00007ffff754aed0 in uv__sendmmsg (vlen=0, mmsg=0x0, fd=10) at src/unix/linux-syscalls.c:163
#2 uv__udp_mmsg_init () at src/unix/udp.c:74
#3 0x00007ffff7606ad7 in __pthread_once_slow () from /lib64/libc.so.6
#4 0x00007ffff7541bd9 in uv_once (guard=<optimized out>, callback=<optimized out>) at src/unix/thread.c:440
#5 0x00007ffff7539e9b in uv__udp_sendmsg (handle=0x7ffff50535b8) at src/unix/udp.c:415
#6 uv__udp_send (send_cb=0x7ffff7a41db0 <udp_send_cb>, addrlen=<optimized out>, addr=<optimized out>, nbufs=1, bufs=0x7ffff506c720, handle=0x7ffff50535b8, req=0x7ffff506c878) at src/unix/udp.c:773
#7 uv_udp_send (req=req at entry=0x7ffff506c878, handle=handle at entry=0x7ffff50535b8, bufs=bufs at entry=0x7ffff506c720, nbufs=nbufs at entry=1, addr=<optimized out>, send_cb=send_cb at entry=0x7ffff7a41db0 <udp_send_cb>) at src/uv-common.c:464
#8 0x00007ffff7a42308 in udp_send_direct (peer=0x7ffff5dfa988, req=0x7ffff506c700, sock=0x7ffff5053000) at netmgr/udp.c:839
#9 isc__nm_async_udpsend (worker=<optimized out>, ev0=0x7ffff5dfa950) at netmgr/udp.c:780
#10 0x00007ffff7a47de7 in isc__nm_udp_send (handle=<optimized out>, region=0x7ffff5dfaa90, cb=0x555555566250 <send_done>, cbarg=<optimized out>) at netmgr/udp.c:749
#11 0x0000555555562ac2 in send_udp (query=0x7ffff502a000) at /usr/src/debug/bind-9.18.2-1.1.x86_64/bin/dig/dighost.c:2899
#12 udp_ready (handle=0x7ffff5026180, eresult=ISC_R_SUCCESS, arg=<optimized out>) at /usr/src/debug/bind-9.18.2-1.1.x86_64/bin/dig/dighost.c:2974
#13 0x00007ffff7a37d34 in isc__nm_async_connectcb (worker=worker at entry=0x7ffff622f000, ev0=ev0 at entry=0x7ffff5026480) at netmgr/netmgr.c:2704
#14 0x00007ffff7a3ca20 in process_netievent (worker=worker at entry=0x7ffff622f000, ievent=0x7ffff5026480) at netmgr/netmgr.c:940
#15 0x00007ffff7a3d027 in process_queue (worker=worker at entry=0x7ffff622f000, type=type at entry=NETIEVENT_NORMAL) at netmgr/netmgr.c:977
#16 0x00007ffff7a3d203 in process_all_queues (worker=0x7ffff622f000) at netmgr/netmgr.c:733
#17 async_cb (handle=0x7ffff622f360) at netmgr/netmgr.c:762
#18 0x00007ffff7531a4d in uv__async_io (loop=0x7ffff622f010, w=<optimized out>, events=<optimized out>) at src/unix/async.c:163
#19 0x00007ffff754d217 in uv__io_poll (loop=0x7ffff622f010, timeout=<optimized out>) at src/unix/epoll.c:374
#20 0x00007ffff753740a in uv__io_poll (timeout=<optimized out>, loop=0x7ffff622f010) at src/unix/udp.c:122
#21 uv_run (loop=loop at entry=0x7ffff622f010, mode=mode at entry=UV_RUN_DEFAULT) at src/unix/core.c:391
#22 0x00007ffff7a3d624 in nm_thread (worker0=0x7ffff622f000) at netmgr/netmgr.c:664
#23 0x00007ffff7a6c915 in isc__trampoline_run (arg=0x555555599210) at /usr/src/debug/bind-9.18.2-1.1.x86_64/lib/isc/trampoline.c:187
#24 0x00007ffff7601767 in start_thread () from /lib64/libc.so.6
#25 0x00007ffff768bc10 in clone3 () from /lib64/libc.so.6
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Sat Jun 4 00:27:29 UTC 2022 on sn-devel-184
- - - - -
5f0b6565 by Christian Ambach at 2022-06-06T16:46:35+00:00
s3:include fix typo
Signed-off-by: Christian Ambach <ambi at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
5e796523 by Christian Ambach at 2022-06-06T16:46:35+00:00
s3:smbd add missing VolumeCreationTime to FileFsVolumeInformation
Signed-off-by: Christian Ambach <ambi at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
470d4a3b by Christian Ambach at 2022-06-06T16:46:35+00:00
s3:smbd factor out volume serial number generation
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14765
RN: add new smb.conf parameter "volume serial number" to allow overriding the
generated default value
Signed-off-by: Christian Ambach <ambi at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
5f1f3b0f by Christian Ambach at 2022-06-06T16:46:35+00:00
docs-xml: add new parameter volume serial number
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14765
RN: add new smb.conf parameter "volume serial number" to allow overriding
the generated default value
Signed-off-by: Christian Ambach <ambi at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
7ba732ba by Christian Ambach at 2022-06-06T17:42:37+00:00
s3:smbd implement volume serial number parameter
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14765
RN: add new smb.conf parameter "volume serial number" to allow overriding
the generated default value
Signed-off-by: Christian Ambach <ambi at samba.org>
Reviewed=by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon Jun 6 17:42:37 UTC 2022 on sn-devel-184
- - - - -
9ec99ab5 by Volker Lendecke at 2022-06-06T19:22:28+00:00
smbd: Remove unused smb_bufrem() macro
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
777597d0 by Volker Lendecke at 2022-06-06T19:22:28+00:00
smbd: Move message_push_string() to smb1_utils.c
Only used in SMB1 code
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
49b3bbde by Volker Lendecke at 2022-06-06T19:22:28+00:00
lsa_server4: Simplify get_tdo() with dom_sid_str_buf()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
540d4ae6 by Volker Lendecke at 2022-06-06T19:22:28+00:00
lsa_server4: Simplify get_tdo() with talloc_asprintf_addbuf()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f236c42f by Volker Lendecke at 2022-06-06T19:22:28+00:00
smbd: Remove NTCREATEX_FLAG_DELETE_ON_CLOSE
This is only used for print files. Storing it in the fd_handle seems
overkill to me, this can easily be stored directly in the fsp itself,
we have a flag for this.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a395f752 by Volker Lendecke at 2022-06-06T19:22:28+00:00
smbd: Fix CID 1504457 Resource leak
Highly likely that's a false positive because Coverity does not
understand that srv_encrypt_buffer() only allocates when
NT_STATUS_OK(status), but it does not hurt to make it happy this way.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
38e5b39e by Volker Lendecke at 2022-06-06T19:22:28+00:00
smbd: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
b3c2d5d4 by Volker Lendecke at 2022-06-06T19:22:28+00:00
vfs: Remove a typedef
We want to get rid of struct typedefs, and this was quick
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
6dfc5862 by Volker Lendecke at 2022-06-06T19:22:28+00:00
lib: Slightly simplify is_ntfs_stream_smb_fname()
YMMV, but for me the direct return is easier to read
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a01cb7b4 by Volker Lendecke at 2022-06-06T20:17:06+00:00
winbindd: Remove a "wrong" error message
Before 9bacf7529dd child_process_request() returned right after the
callback function without going through the DEBUG message. Restore
that behaviour.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon Jun 6 20:17:06 UTC 2022 on sn-devel-184
- - - - -
41661b77 by Andreas Schneider at 2022-06-07T08:22:28+00:00
s3:tests: Reformat test_net_cache_samlogon.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
b9188763 by Andreas Schneider at 2022-06-07T09:19:43+00:00
s3:tests: Reformat test_net_conf.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Tue Jun 7 09:19:43 UTC 2022 on sn-devel-184
- - - - -
bdc6adaa by Andreas Schneider at 2022-06-08T06:38:30+00:00
s3:tests: Reformat test_net_cred_change.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
cf873c09 by Andreas Schneider at 2022-06-08T06:38:30+00:00
s3:tests: Reformat test_net_dom_join_fail_dc.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
534ae934 by Andreas Schneider at 2022-06-08T06:38:30+00:00
s3:tests: Reformat test_net_lookup.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a0802f55 by Andreas Schneider at 2022-06-08T06:38:30+00:00
s3:tests: Reformat test_net_machine_account.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
de011361 by Andreas Schneider at 2022-06-08T06:38:30+00:00
s3:tests: Reformat test_net_misc.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
08b02d4b by Andreas Schneider at 2022-06-08T06:38:30+00:00
s3:tests: Reformat test_net_registry.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d87d67a2 by Andreas Schneider at 2022-06-08T06:38:30+00:00
s3:tests: Reformat test_net_registry_check.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d1521095 by Andreas Schneider at 2022-06-08T06:38:30+00:00
s3:tests: Reformat test_net_registry_import.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d9217a3e by Andreas Schneider at 2022-06-08T06:38:30+00:00
s3:tests: Reformat test_net_registry_roundtrip.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6b934192 by Andreas Schneider at 2022-06-08T06:38:30+00:00
s3:tests: Reformat test_net_rpc_join.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e1142d35 by Andreas Schneider at 2022-06-08T06:38:30+00:00
s3:tests: Reformat test_net_rpc_join_creds.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7a916f88 by Andreas Schneider at 2022-06-08T06:38:30+00:00
s3:tests: Reformat test_net_rpc_oldjoin.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6170f97b by Andreas Schneider at 2022-06-08T06:38:30+00:00
s3:tests: Reformat test_net_rpc_share_allowedusers.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4c00642e by Andreas Schneider at 2022-06-08T06:38:30+00:00
s3:tests: Reformat test_net_tdb.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
fdc98ff5 by Andreas Schneider at 2022-06-08T07:28:08+00:00
s3:tests: Reformat test_net_usershare.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Wed Jun 8 07:28:08 UTC 2022 on sn-devel-184
- - - - -
1b6d675f by John Mulligan at 2022-06-08T13:13:10+00:00
lib/smbconf: expose smbconf error codes to python wrapper
The smbconf library defines an enum of error codes that can be returned
from the C calls. The error codes were getting stored in the python
SMBConfError type but it was not easy to access or obvious what the
integer code represented.
This change makes it easier to get the returned error code: via a
`error_code` attribute on the exception value. It also exposes the
integer constants to the module. Simple tests for a few of the more
obvious error codes check that this new error handling correctly
exposes the error code values.
Signed-off-by: John Mulligan <jmulligan at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
Autobuild-User(master): Günther Deschner <gd at samba.org>
Autobuild-Date(master): Wed Jun 8 13:13:10 UTC 2022 on sn-devel-184
- - - - -
ae8f5dec by Andreas Schneider at 2022-06-08T13:14:47+00:00
s3:tests: Reformat test_netfileenum.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
478ed598 by Andreas Schneider at 2022-06-08T13:14:47+00:00
s3:tests: Reformat test_offline.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
e01f7d72 by Andreas Schneider at 2022-06-08T13:14:47+00:00
s3:tests: Reformat test_open_eintr.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
162a803d by Andreas Schneider at 2022-06-08T13:14:47+00:00
s3:tests: Reformat test_preserve_case.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
07875d85 by Andreas Schneider at 2022-06-08T13:14:47+00:00
s3:tests: Reformat test_printing_var_exp.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
3b6558d4 by Andreas Schneider at 2022-06-08T13:14:47+00:00
s3:tests: Reformat test_pthreadpool.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
e6225d77 by Andreas Schneider at 2022-06-08T13:14:47+00:00
s3:tests: Reformat test_registry_upgrade.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
e4eecb31 by Andreas Schneider at 2022-06-08T13:14:47+00:00
s3:tests: Reformat test_resolvconf.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
7f3b7a38 by Andreas Schneider at 2022-06-08T13:14:47+00:00
s3:tests: Reformat test_rpcclient.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
66577ad1 by Andreas Schneider at 2022-06-08T13:14:47+00:00
s3:tests: Reformat test_rpcclient_dfs.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
24638a2e by Andreas Schneider at 2022-06-08T13:14:47+00:00
s3:tests: Reformat test_rpcclient_lookup.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
b923da58 by Andreas Schneider at 2022-06-08T13:14:47+00:00
s3:tests: Reformat test_rpcclient_netsessenum.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
48e1458b by Andreas Schneider at 2022-06-08T13:14:47+00:00
s3:tests: Reformat test_rpcclient_pw_nt_hash.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
c4b343e5 by Andreas Schneider at 2022-06-08T13:14:47+00:00
s3:tests: Reformat test_rpcclient_samlogon.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
8e701978 by Andreas Schneider at 2022-06-08T14:13:35+00:00
s3:tests: Reformat test_rpcclientsrvsvc.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Wed Jun 8 14:13:35 UTC 2022 on sn-devel-184
- - - - -
0189ccf9 by Stefan Metzmacher at 2022-06-08T17:02:29+00:00
talloc: version 2.3.4
* Fix build problems
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15071
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
53692735 by Stefan Metzmacher at 2022-06-08T17:02:29+00:00
tevent: version 0.12.1
* Fix build problems
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15071
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
27ceb1c3 by Stefan Metzmacher at 2022-06-08T17:57:53+00:00
tdb: version 1.4.7
* Fix build problems
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15071
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Wed Jun 8 17:57:53 UTC 2022 on sn-devel-184
- - - - -
174a76cc by Robert Sprowson at 2022-06-08T19:50:08+00:00
s3:smbd: Out-by-4 error in smbd read reply max_send clamp
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14443
Signed-off-by: Robert Sprowson <webpages at sprow.co.uk>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Jun 8 19:50:08 UTC 2022 on sn-devel-184
- - - - -
dbf3d217 by Samuel Cabrero at 2022-06-09T21:45:28+00:00
Revert "s3:auth: Fix user_in_list() for UNIX groups"
This partly reverts commit 6dc463d3e2eb229df1c4f620cfcaf22ac71738d4.
Reverted to allow next revert commits to apply cleanly. Do not recreate
selftest/knownfail.d/usernamemap file.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15087
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f74e284a by Samuel Cabrero at 2022-06-09T21:45:28+00:00
Revert "docs-xml: Update documentation for removal of NIS support"
This partly reverts commit a72bc3e15d3ed62e9ad2c0a97ce5d6d653abb048.
Revert only the chunks related to netgroups and skip NIS related ones.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15087
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
21796ef8 by Samuel Cabrero at 2022-06-09T21:45:28+00:00
Revert "s3:smbd: Remove NIS support"
This partly reverts commit edda7a329e5bed442418de9782cec9f567092aae.
Revert the chunks related to netgroups and skip NIS support related ones.
Use getdomainname() from glibc instead of yp_get_default_domain() from
libnsl to get the NIS domain name.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15087
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
b3034f12 by Samuel Cabrero at 2022-06-09T21:45:28+00:00
Revert "lib:util: Remove NIS support from string_match()"
This partly reverts commit 620de975f147ac9427b51ea0e1e3eabda443d4b6.
Drop chunk including system/nis.h, drop wscript_build modifications,
use getdomainname() from glibc instead of yp_get_default_domain() from
libnsl.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15087
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ef1d0476 by Samuel Cabrero at 2022-06-09T22:40:43+00:00
s3:smbd: Free allocated strings before leaving user_in_netgroup() function
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Jun 9 22:40:43 UTC 2022 on sn-devel-184
- - - - -
df11826a by Andrew Bartlett at 2022-06-09T22:49:29+00:00
build: Make build with --disable-fault-hanlding work under --enable-developer
Previously this would leave static functions unused, which the compiler will
not allow for a developer build.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
bd09537e by Andrew Bartlett at 2022-06-09T22:49:29+00:00
build: Possibly link against libexecinfo for backtrace_symbols()
We look for backtrace_symbols() in this library, so we should link against
it if we find it.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
14feb93d by Andrew Bartlett at 2022-06-09T22:49:29+00:00
lib/util: Prefer backtrace_symbols() for internal backtraces
Backtraces when Samba is in PANIC state are better with
backtrace_symbols() than with libunwind on Ubuntu 20.04 x86_64
so move libunwind to a off-by-default option, prompted for
if backtrace_symbols() is not available.
Based on a request by Fco Javier Felix <ffelix at inode64.com>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
ee29c601 by Joseph Sutton at 2022-06-09T22:49:29+00:00
tests/krb5/test_ldap.py: Increase maximum threshold for LDAP timeout
This test often fails because the server takes too long to time out.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
87f68500 by Joseph Sutton at 2022-06-09T22:49:29+00:00
lib/util: Move memcmp_const_time() to util.c
This allows it to be used in more places without needing to introduce
more dependencies.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ae6634c7 by Joseph Sutton at 2022-06-09T22:49:29+00:00
auth: Use constant-time memcmp when comparing sensitive buffers
This helps to avoid timing attacks.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15010
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a554e2ce by Joseph Sutton at 2022-06-09T22:49:29+00:00
lib/util: Change function to data_blob_equal_const_time()
Since data_blob_cmp_const_time() doesn't act as an exact replacement for
data_blob_cmp(), and its return value is only ever compared with zero,
simplify it and emphasize the intention of checking equality by
returning a bool instead.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
feb36dbe by Joseph Sutton at 2022-06-09T22:49:29+00:00
lib/util: Change function to mem_equal_const_time()
Since memcmp_const_time() doesn't act as an exact replacement for
memcmp(), and its return value is only ever compared with zero, simplify
it and emphasize the intention of checking equality by returning a bool
instead.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8d7a091a by Joseph Sutton at 2022-06-09T22:49:29+00:00
lib/util: Reduce sum variable to uint8_t
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a80d783a by Joseph Sutton at 2022-06-09T22:49:29+00:00
lib/util: Add test of data_blob_equal_const_time()
Ensure that it gives the correct results for comparing two data blobs.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
222e1afc by Joseph Sutton at 2022-06-09T22:49:29+00:00
lib/util: Add test of mem_equal_const_time()
Ensure that it gives the correct results for comparing two memory
regions.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
aec2076f by Joseph Sutton at 2022-06-09T22:49:29+00:00
lib/util: Delegate constant time memcmp to gnutls_memcmp()
gnutls_memcmp() is mostly identical to our own implementation, except
that ours will not break if supplied with 4 GiB or more of data.
However, using an external function permits us to disclaim
responsibility if some CPU/compiler combination happens to invalidate
our constant-time guarantee.
For reference, gnutls_memcmp() implementation:
https://gitlab.com/gnutls/gnutls/-/blob/78d9820de0d2eb2f8088e359779ee7342f5f089e/lib/safe-memfuncs.c#L41-67
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e67845a7 by Uri Simchoni at 2022-06-09T23:48:42+00:00
ci-images: install diffutils prior to building images
Ensure the podman image used for generating Samba CI images includes
'diff' utility
Signed-off-by: Uri Simchoni <uri at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu Jun 9 23:48:42 UTC 2022 on sn-devel-184
- - - - -
4f7c6ba5 by Andrew Bartlett at 2022-06-10T06:56:38+00:00
gitlab-ci: Allow --xz compression on our samba-testbase.tar
This may make this faster to upload to our private gitlab server
which is not as close to our runners.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14863
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
6b58061d by Joseph Sutton at 2022-06-10T06:56:38+00:00
bootstrap: Remove duplicate dict key
Commit 86d4836919e29c0bdf927658df641811247534c6 added python36-gpg, but
the duplicate key lower down in the same dict meant it never had any
effect. Now it does.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
73f0621a by Joseph Sutton at 2022-06-10T06:56:38+00:00
bootstrap: Fix [gm]old linker existence check
We used 'test -x $LD_GOLD' to test whether the alternate linker was
available and executable. However, if $LD_GOLD expanded to an empty
string, the 'test' command would be run in single argument mode, see
that '-x' was a non-empty string, and duly return a successful status
code. The result would be a meaningless symlink created, and a
misleading message.
Because 'which' already tests that its argument is executable, the
solution is simply to remove the 'test' command.
We also invert the return code of the 'which' command so that if the
alternate linker is not found, the overall code returned to Docker is
still successful.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
b22ddf5e by Ralph Boehme at 2022-06-10T07:51:02+00:00
gitlab-ci: Add jq
Pair-Programmed-With: Jule Anger <janger at samba.org>
Signed-off-by: Ralph Boehme <slow at samba.org>
Signed-off-by: Jule Anger <janger at samba.org>
[abartlet at samba.org Regenerated sha1sum after rebase
This commit in aid of future tests for smbstatus JSON output]
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Fri Jun 10 07:51:02 UTC 2022 on sn-devel-184
- - - - -
b1cddccf by Andreas Schneider at 2022-06-10T13:53:37+00:00
s3:tests: Reformat test_sacl_set_get.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
6395813c by Andreas Schneider at 2022-06-10T13:53:37+00:00
s3:tests: Reformat test_shadow_copy_torture.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
a4ff172f by Andreas Schneider at 2022-06-10T13:53:37+00:00
s3:tests: Reformat test_shareenum.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
f1a8afe6 by Andreas Schneider at 2022-06-10T13:53:37+00:00
s3:tests: Reformat test_sharesec.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
d637255f by Andreas Schneider at 2022-06-10T13:53:37+00:00
s3:tests: Reformat test_smb1_shadow_copy_torture.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
13795515 by Andreas Schneider at 2022-06-10T13:53:37+00:00
s3:tests: Reformat test_smb1_system_security.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
a63c7e7e by Andreas Schneider at 2022-06-10T13:53:37+00:00
s3:tests: Reformat test_smb2_not_casesensitive.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
ec029126 by Andreas Schneider at 2022-06-10T13:53:37+00:00
s3:tests: Reformat test_smbXsrv_client_dead_rec.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
c0e1566e by Andreas Schneider at 2022-06-10T13:53:37+00:00
s3:tests: Reformat test_smbclient_auth.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
c112b073 by Andreas Schneider at 2022-06-10T13:53:37+00:00
s3:tests: Reformat test_smbclient_basic.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
144f1792 by Andreas Schneider at 2022-06-10T13:53:37+00:00
s3:tests: Reformat test_smbclient_encryption.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
bb626437 by Andreas Schneider at 2022-06-10T13:53:37+00:00
s3:tests: Reformat test_smbclient_encryption_off.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
6990e655 by Andreas Schneider at 2022-06-10T13:53:37+00:00
s3:tests: Reformat test_smbclient_iconv.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
6513aa1d by Andreas Schneider at 2022-06-10T13:53:37+00:00
s3:tests: Reformat test_smbclient_kerberos.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
20e0fef9 by Andreas Schneider at 2022-06-10T13:53:37+00:00
s3:tests: Reformat test_smbclient_krb5.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
b828964f by Andreas Schneider at 2022-06-10T13:53:37+00:00
s3:tests: Reformat test_smbclient_large_file.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
3b672457 by Andreas Schneider at 2022-06-10T13:53:37+00:00
s3:tests: Reformat test_smbclient_list_servers.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
58e815f2 by Andreas Schneider at 2022-06-10T13:53:37+00:00
s3:tests: Reformat test_smbclient_log_basename.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
07d07b70 by Andreas Schneider at 2022-06-10T13:53:37+00:00
s3:tests: Reformat test_smbclient_machine_auth.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
c4d0c741 by Andreas Schneider at 2022-06-10T13:53:37+00:00
s3:tests: Reformat test_smbclient_mget.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
f5ecc958 by Andreas Schneider at 2022-06-10T13:53:37+00:00
s3:tests: Reformat test_smbclient_netbios_aliases.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
6f3e03a6 by Andreas Schneider at 2022-06-10T14:51:39+00:00
s3:tests: Reformat test_smbclient_ntlm.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
Autobuild-User(master): Günther Deschner <gd at samba.org>
Autobuild-Date(master): Fri Jun 10 14:51:39 UTC 2022 on sn-devel-184
- - - - -
17c733d9 by Michael Tokarev at 2022-06-10T18:12:33+00:00
spelling: connnect encrytion exisit expection explicit invalide missmatch paramater paramter partion privilige relase reponse seperate unkown verson authencication progagated
Tree-wide spellcheck for some common misspellings.
source3/utils/status.c has misspelled local variable (unkown_dialect).
"missmatch" is a known historical misspelling, only the incorrect
misspellings are fixed.
source3/locale/net/de.po has the spelling error (unkown) in two msgids -
it probably should be updated with current source.
Signed-off-by: Michael Tokarev <mjt at tls.msk.ru>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
89b7afa3 by Michael Tokarev at 2022-06-10T19:04:57+00:00
libgpo/admx/en-US/samba.adml spelling: authencication paramter
Signed-off-by: Michael Tokarev <mjt at tls.msk.ru>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Jun 10 19:04:57 UTC 2022 on sn-devel-184
- - - - -
2c9a4ef8 by Joseph Sutton at 2022-06-14T07:21:29+00:00
libcli:util: Update werror table
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
45f2e363 by Joseph Sutton at 2022-06-14T07:21:29+00:00
libcli/security: Fix typos
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
5045382c by Joseph Sutton at 2022-06-14T07:21:29+00:00
python: Don't use deprecated escape sequences
Certain escape sequences are not valid in Python string literals, and
will eventually result in a SyntaxError.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
9bd4c8bd by Joseph Sutton at 2022-06-14T07:21:29+00:00
s4:kdc: Add space in error message
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
0dad0e3f by Joseph Sutton at 2022-06-14T07:21:29+00:00
lib:krb5_wrap: Add const to parameters for smb_krb5_create_key_from_string()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
48bff3c4 by Joseph Sutton at 2022-06-14T07:21:29+00:00
dsdb/common: Make some parameters const
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
3dcdd13a by Joseph Sutton at 2022-06-14T08:18:06+00:00
tests/krb5: Use object() rather than auto() to initialise enums
This ensures that when an enum value is expected, a magic constant won't
be supplied instead.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Tue Jun 14 08:18:06 UTC 2022 on sn-devel-184
- - - - -
89e0c732 by Samuel Cabrero at 2022-06-14T09:25:31+00:00
replace: Check for -Wuse-after-free
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15095
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
971441ca by Samuel Cabrero at 2022-06-14T10:16:18+00:00
third_party/heimdal: Fix build with gcc version 12.1
Split lib/krb5/crypto to its own subsystem to built with its own CFLAGS
and avoid the following error:
[1510/4771] Compiling third_party/heimdal/lib/krb5/crypto.c
../../third_party/heimdal/lib/krb5/crypto.c: In function ‘_krb5_internal_hmac’:
../../third_party/heimdal/lib/krb5/crypto.c:302:24: warning: cast discards ‘const’ qualifier from pointer target type [-Wcast-qual]
302 | iov[0].data.data = (void *) data;
| ^
../../third_party/heimdal/lib/krb5/crypto.c: In function ‘derive_key_sp800_hmac’:
../../third_party/heimdal/lib/krb5/crypto.c:2427:18: warning: cast discards ‘const’ qualifier from pointer target type [-Wcast-qual]
2427 | label.data = (void *)constant;
| ^
../../third_party/heimdal/lib/krb5/crypto.c: In function ‘decrypt_internal_derived’:
../../third_party/heimdal/lib/krb5/crypto.c:1280:9: error: pointer ‘p’ may be used after ‘realloc’ [-Werror=use-after-free]
1280 | free(p);
| ^~~~~~~
../../third_party/heimdal/lib/krb5/crypto.c:1278:20: note: call to ‘realloc’ here
1278 | result->data = realloc(p, l);
| ^~~~~~~~~~~~~
../../third_party/heimdal/lib/krb5/crypto.c: In function ‘decrypt_internal_enc_then_cksum’:
../../third_party/heimdal/lib/krb5/crypto.c:1365:9: error: pointer ‘p’ may be used after ‘realloc’ [-Werror=use-after-free]
1365 | free(p);
| ^~~~~~~
../../third_party/heimdal/lib/krb5/crypto.c:1363:20: note: call to ‘realloc’ here
1363 | result->data = realloc(p, l);
| ^~~~~~~~~~~~~
../../third_party/heimdal/lib/krb5/crypto.c: In function ‘decrypt_internal’:
../../third_party/heimdal/lib/krb5/crypto.c:1431:9: error: pointer ‘p’ may be used after ‘realloc’ [-Werror=use-after-free]
1431 | free(p);
| ^~~~~~~
../../third_party/heimdal/lib/krb5/crypto.c:1429:20: note: call to ‘realloc’ here
1429 | result->data = realloc(p, l);
| ^~~~~~~~~~~~~
../../third_party/heimdal/lib/krb5/crypto.c: In function ‘decrypt_internal_special’:
../../third_party/heimdal/lib/krb5/crypto.c:1478:9: error: pointer ‘p’ may be used after ‘realloc’ [-Werror=use-after-free]
1478 | free(p);
| ^~~~~~~
../../third_party/heimdal/lib/krb5/crypto.c:1476:20: note: call to ‘realloc’ here
1476 | result->data = realloc(p, sz);
| ^~~~~~~~~~~~~~
cc1: all warnings being treated as errors
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15095
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Samuel Cabrero <scabrero at samba.org>
Autobuild-Date(master): Tue Jun 14 10:16:18 UTC 2022 on sn-devel-184
- - - - -
81aa4efa by Joseph Sutton at 2022-06-14T15:38:23+00:00
s4:kdc: Make RBCD access check less strict
Windows only requires SEC_ADS_CONTROL_ACCESS for the check to pass.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Tue Jun 14 15:38:23 UTC 2022 on sn-devel-184
- - - - -
a6c9c86b by Ralph Boehme at 2022-06-14T18:27:43+00:00
vfs_btrfs: reduce loglevel message to DEBUG in btrfs_fget_compression()
This restores behaviour of previous versions. The proper fix would be for the
ioctl() to work on O_PATH handles.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15004
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Jun 14 18:27:43 UTC 2022 on sn-devel-184
- - - - -
d9e561a8 by Andreas Schneider at 2022-06-15T06:54:49+00:00
s3:tests: Reformat test_smbclient_s3.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Wed Jun 15 06:54:49 UTC 2022 on sn-devel-184
- - - - -
a8091bd0 by Martin Schwenke at 2022-06-16T12:42:35+00:00
util: Add new debug setting debug_no_stderr_redirect
CTDB doesn't want this redirection of stderr to the log file. It
expects to be able to capture stderr of subprocesses and log them with
a header. This redirection stops that from happening.
Unfortunately this has to be a negative option (i.e. "no" in the name)
so that the default of 0/false maintains existing behaviour.
Note that the default behaviour is sub-optimal because it causes raw
data (i.e. debug data without a header) to appear in the log.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15090
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
1596a3e8 by Martin Schwenke at 2022-06-16T12:42:35+00:00
ctdb-common: Tell file logging not to redirect stderr
This allows ctdb_set_child_logging() to work.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15090
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
88f35cf8 by Martin Schwenke at 2022-06-16T12:42:35+00:00
ctdb-daemon: Drop unused prefix, logfn, logfn_private
These aren't set anywhere in the code.
Drop the log argument because it is also no longer used.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15090
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
e752f841 by Martin Schwenke at 2022-06-16T13:33:10+00:00
ctdb-daemon: Use DEBUG() macro for child logging
Directly using dbgtext() with file logging results in a log entry with
no header, which is wrong. This is a regression, introduced in commit
10d15c9e5dfe4e8595d0b322c96f474fc7078f46. Prior to this, CTDB's
callback for file logging would always add a header.
Use DEBUG() instead dbgtext(). Note that DEBUG() effectively compares
the passed script_log_level with DEBUGLEVEL, so an explicit check is
no longer necessary.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15090
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Thu Jun 16 13:33:10 UTC 2022 on sn-devel-184
- - - - -
fe78d3c0 by Jeremy Allison at 2022-06-17T01:28:29+00:00
s3: test: Add tests to show we still connect to a full_audit share with a bad success or fail VFS names.
Add knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15098
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ec91a583 by Jeremy Allison at 2022-06-17T01:28:29+00:00
s3: VFS: full_audit: Use correct DBG_ print messages in init_bitmap().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15098
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
69bb8853 by Jeremy Allison at 2022-06-17T01:28:29+00:00
s3: VFS: full_audit. Ensure the module doesn't load if an operation name is miss-spelled or otherwise unknown.
Document this new behavior. Remove knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15098
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6368b82f by Andreas Schneider at 2022-06-17T01:28:29+00:00
s3:tests: Reformat test_smbclient_tarmode.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
42e96b64 by Andreas Schneider at 2022-06-17T01:28:29+00:00
s3:tests: Reformat test_smbcquota.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0754d46c by Andreas Schneider at 2022-06-17T01:28:29+00:00
s3:tests: Reformat test_smbd_error.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a1520e4e by Andreas Schneider at 2022-06-17T01:28:29+00:00
s3:tests: Reformat test_smbd_no_krb5.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8b039153 by Andreas Schneider at 2022-06-17T01:28:29+00:00
s3:tests: Reformat test_smbget.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
627934bc by Andreas Schneider at 2022-06-17T01:28:29+00:00
s3:tests: Reformat test_smbpasswd.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2eea4409 by Andreas Schneider at 2022-06-17T01:28:29+00:00
s3:tests: Reformat test_smbspool.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7731fd6e by Andreas Schneider at 2022-06-17T01:28:29+00:00
s3:tests: Reformat test_smbstatus.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ce6a31d2 by Andreas Schneider at 2022-06-17T01:28:29+00:00
s3:tests: Reformat test_smbtorture_s3.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1f94e871 by Andreas Schneider at 2022-06-17T01:28:29+00:00
s3:tests: Reformat test_substitutions.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b8693606 by Andreas Schneider at 2022-06-17T01:28:29+00:00
s3:tests: Reformat test_success.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8722450d by Andreas Schneider at 2022-06-17T01:28:29+00:00
s3:tests: Reformat test_symlink_rename_smb1_posix.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0714a6b4 by Andreas Schneider at 2022-06-17T01:28:30+00:00
s3:tests: Reformat test_symlink_traversal_smb1.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
fcedbfbb by Andreas Schneider at 2022-06-17T01:28:30+00:00
s3:tests: Reformat test_symlink_traversal_smb1_posix.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
25ad724c by Andreas Schneider at 2022-06-17T01:28:30+00:00
s3:tests: Reformat test_symlink_traversal_smb2.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
66cabb8f by Douglas Bagnall at 2022-06-17T01:28:30+00:00
s3/smbd: stdin fstat failure is a failure
It seems we forgot we were in main.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c668b5ca by Douglas Bagnall at 2022-06-17T01:28:30+00:00
tests: test source4 cmdline/smb.conf log level
The 'log level' line in smb.conf allows messages from different log
classes to be sent to different places, but we have not tested that
this works. Now we do, somewhat.
The test involves running a special binary based on a stripped down
source4/samba/server.c that just starts up, parses the command line
and a given smb.conf, then logs messages from multiple classes and
exits.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ab949131 by Douglas Bagnall at 2022-06-17T01:28:30+00:00
tests: adapt logging test for s3.
There is one knownfail, where it seems an smb.conf like
log file = foo
log level = 2 tdb:2 at baa ldb:3
will send the ldb logs to 'baa' instead of 'foo' (i.e., the last
opened log file, rather than the default log file).
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
dfc9cf38 by Douglas Bagnall at 2022-06-17T01:28:30+00:00
tests: rename logging test source
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b94c8057 by Douglas Bagnall at 2022-06-17T01:28:30+00:00
debug: drop an '#if _SAMBA_BUILD_ == 3'
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1a6890a9 by Douglas Bagnall at 2022-06-17T01:28:30+00:00
debug: add DBG_DEV()
This can be a useful macro when you are trying to track the behaviour
of one process out of the dozens that samba starts up, and when your
interest is in following it over time, not necessarily in a single
stack.
In DEVELOPER mode, if you call 'debug_developer_enable()' in the
process you're following, then any instances of DBG_DEV() will work
like DBG_ERR(), also adding ":DEV:12345:" where "12345" is the pid of
th current process.
Within debug.c itself, the macro always writes to stderr, because the
debug.c functions are not all reentrant.
When not in DEVELOPER MODE, the macro evaluates to nothing.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c7254de6 by Douglas Bagnall at 2022-06-17T01:28:30+00:00
util/debug: share classname table with tests
The executables generated from lib/util/tests/test_logging.c are used
by the samba.tests.logfiles tests to test logging with various
smb.confs that assign classes to various files at different levels
etc.
Previously test_logging.c had its own version of the table; now it
shares one with debug.c
We put the table in a sub-directory (lib/util/debug-classes/), because
adding local_include=True to the wscript_build stanza causes the
compiler confusion between <time.h> and lib/util/time.h.
Note: there are still two other lists of the class names, in
python/samba/tests/logfiles.py and
docs-xml/smbdotconf/logging/loglevel.xml.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
247a39bb by Douglas Bagnall at 2022-06-17T01:28:30+00:00
torture/dlz: putrr callback recognises more than A records
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15040
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9b47d818 by Douglas Bagnall at 2022-06-17T01:28:30+00:00
torture/dlz: reserve test_ prefix for actual tests
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15040
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5d89c90a by Douglas Bagnall at 2022-06-17T01:28:30+00:00
torture/dlz: minor reformatting for README.Coding
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15040
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
937c2cd3 by Douglas Bagnall at 2022-06-17T01:28:30+00:00
torture/bind_dlz: return the right kind of failure
torture_fail() is a macro that returns false, which evaluates to ISC_R_SUCCESS
in int context.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15040
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d0d18934 by Douglas Bagnall at 2022-06-17T01:28:30+00:00
torture: add torture_assertf()
Often we go 'torture_assert(tctx, expr, talloc_asprintf(tctx, "foo
%s", foo));' which is just a pain.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15040
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
aae68994 by Douglas Bagnall at 2022-06-17T01:28:30+00:00
tortures/dlz: more DNS update tests
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15040
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
590d2e16 by Michael Saxl at 2022-06-17T01:28:30+00:00
dlz_bind9: call dns_name_is_static before adding space for record
dns_name_is_static is called after adding a uninitialized element to
recs. There is a chance that the uninizialized memory reads a element
with dwTimeStamp=0 and wType!=0. In that case dns_name_is_static will
return true
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15040
Signed-off-by: Michael Saxl <mike at mwsys.mine.bz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f1017c6f by Douglas Bagnall at 2022-06-17T01:28:30+00:00
dns/dlz: remember old timestamp for dynamic records
If we don't tell dns_common_replace() the old timestamp, it will
think the node is static because the timestamp is 0.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15040
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8261545a by Douglas Bagnall at 2022-06-17T01:28:30+00:00
bind_dlz: some commentary for b9_format
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
eaf829ad by Douglas Bagnall at 2022-06-17T02:18:32+00:00
s4/torture/unix_info2: return NULL on failure
false is also NULL, but NULL is NULLer.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Fri Jun 17 02:18:32 UTC 2022 on sn-devel-184
- - - - -
39672a96 by Noel Power at 2022-06-17T16:20:35+00:00
Add new dfs node msdfs-share pointing to new msdfs-share2
Also add another node within msdfs-share2 pointing to normal share
This patch is in preperation for creating a test for 'del' &
'deltree' on DFS shares. The extra redirection is necessary to
reproduce the bug
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15100
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
db1b4df0 by Noel Power at 2022-06-17T16:20:35+00:00
Add test smbclient 'del' of file (on DFS share)
del of a file on a DFS share results in NT_STATUS_OBJECT_PATH_NOT_FOUND
Addionally add a knownfail (will be removed in following patch to
fix the bug)
We also need to add a knownfail (which will not be removed) for the
new test which will fail in smb1 envs
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15100
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
7c4cb498 by Noel Power at 2022-06-17T16:20:35+00:00
s3/client: fix dfs delete, resolve dfs path
since 4cc4938a2866738aaff4dc91550bb7a5ad05d7fb do_list seems
to deal with non dfs root path, hence we need to resolve the
path before calling cli_unlink.
Also remove the knownfail
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15100
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
23a5a05d by Noel Power at 2022-06-17T16:20:35+00:00
Add test smbclient 'delree' of dir (on DFS share)
deltree of a file on a DFS share results in NT_STATUS_OBJECT_PATH_NOT_FOUND
Addionally add a knownfail for this (to be removed in subsequent patch
to fix bug)
We also need to add a knownfail (which will not be removed) for the
new test which will fail in smb1 envs
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15100
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
81fdcf95 by Noel Power at 2022-06-17T17:12:07+00:00
s3/client: fix dfs deltree, resolve dfs path
since 4cc4938a2866738aaff4dc91550bb7a5ad05d7fb do_list seems
to deal with non dfs root path, hence we need to resolve the
path before calling cli_unlink.
Also remove the knownfail
We additionally have to also remove the fallback to remove 'file3'
int the smbcacls_dfs_propagate_inherit.teardown as the deltree
that happens in the baseclass now succeeds.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15100
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Jun 17 17:12:07 UTC 2022 on sn-devel-184
- - - - -
238b2cbb by Jeremy Allison at 2022-06-20T13:25:31+00:00
s3: tests: Add test that shows smbd crashes using vfs_fruit with fruit:resource = stream on deleting a file.
Add knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15099
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
808a7b8b by Jeremy Allison at 2022-06-20T14:24:20+00:00
s3: VFS: streams_xattr: Add the same accommodation to streams_xattr_unlinkat() as used in streams_xattr_renameat().
vfs_fruit passes a synthetic filename here where smb_fname->fsp==NULL
when configured to use "fruit:resource = stream" so we need to use
synthetic_pathref() to get an fsp on the smb_fname->base_name
in order to call SMB_VFS_FREMOVEXATTR().
This is the same change we already use in streams_xattr_renameat()
and streams_xattr_stat(), the other pathname operations we implement
here.
Remove knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15099
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
Autobuild-User(master): Noel Power <npower at samba.org>
Autobuild-Date(master): Mon Jun 20 14:24:20 UTC 2022 on sn-devel-184
- - - - -
7897bc8c by Björn Jacke at 2022-06-20T18:18:15+00:00
security.idl: add missing BUILTIN SIDs
see:
https://docs.microsoft.com/en-us/windows/win32/secauthz/well-known-sids
https://docs.microsoft.com/en-us/windows/security/identity-protection/access-control/active-directory-security-groups
https://docs.microsoft.com/en-us/troubleshoot/windows-server/identity/security-identifiers-in-windows
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon Jun 20 18:18:15 UTC 2022 on sn-devel-184
- - - - -
a7fe9b56 by Andreas Schneider at 2022-06-22T09:12:31+00:00
s3:tests: Reformat test_testparm_s3.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
7dce28b7 by Andreas Schneider at 2022-06-22T09:12:31+00:00
s3:tests: Reformat test_tevent_glib_glue.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
85603a5e by Andreas Schneider at 2022-06-22T09:12:31+00:00
s3:tests: Reformat test_timestamps.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
a10f4dff by Andreas Schneider at 2022-06-22T09:12:31+00:00
s3:tests: Reformat test_usernamemap.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
a8303298 by Andreas Schneider at 2022-06-22T09:12:31+00:00
s3:tests: Reformat test_valid_users.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
79ef1f64 by Andreas Schneider at 2022-06-22T09:12:31+00:00
s3:tests: Reformat test_veto_rmdir.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
a73b4bf8 by Andreas Schneider at 2022-06-22T09:12:31+00:00
s3:tests: Reformat test_virus_scanner.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
c9f328b7 by Andreas Schneider at 2022-06-22T09:12:31+00:00
s3:tests: Reformat test_wbinfo_lookuprids_cache.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
e652a764 by Andreas Schneider at 2022-06-22T09:12:31+00:00
s3:tests: Reformat test_wbinfo_sids2xids.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
ee972c11 by Andreas Schneider at 2022-06-22T09:12:31+00:00
s3:tests: Reformat test_winbind_ignore_domains.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
7677b89a by Andreas Schneider at 2022-06-22T09:12:31+00:00
s3:tests: Reformat test_zero_data.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
4bb7f293 by Andreas Schneider at 2022-06-22T09:12:31+00:00
s3:tests: Reformat wb_pad.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
a8c6b30e by Andreas Schneider at 2022-06-22T09:12:31+00:00
s3:tests: Reformat full_audit_segfault/run.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
e862d7e7 by Andreas Schneider at 2022-06-22T09:12:31+00:00
s3:tests: Reformat stream-depot/run.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
5467252f by Andreas Schneider at 2022-06-22T09:12:31+00:00
s3:tests: Reformat vfstest-acl/run.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
5cfd0b9f by Andreas Schneider at 2022-06-22T09:12:31+00:00
s3:tests: Reformat vfstest-catia/run.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
3d57bb74 by Andreas Schneider at 2022-06-22T10:10:48+00:00
s3:tests: Reformat xattr-tdb-1/run.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
Autobuild-User(master): Günther Deschner <gd at samba.org>
Autobuild-Date(master): Wed Jun 22 10:10:48 UTC 2022 on sn-devel-184
- - - - -
e9e5b3ae by Andreas Schneider at 2022-06-22T10:53:36+00:00
testprogs: Fix auth with smbclient and krb5 ccache
--use-kerberos=required will ask the user to provide a username and
password to do a kinit. The test will open a password prompt in this
case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15104
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
2dbd3210 by Andreas Schneider at 2022-06-22T10:53:36+00:00
lib:cmdline: Fix error handling of --use-kerberos=desired|required|off
Best reviewed with `git show -b`
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15104
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
7cc340f9 by Andreas Schneider at 2022-06-22T10:53:36+00:00
lib:cmdline: Fix error handling of --use-krb5-ccache=CCACHE
Best reviewed with `git show -b`
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15104
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
f68374aa by Andreas Schneider at 2022-06-22T11:49:23+00:00
lib:cmdline: Fix error handling of --client-protection=sign|encrypt|off
Best reviewed with `git show -b`
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15104
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Wed Jun 22 11:49:23 UTC 2022 on sn-devel-184
- - - - -
f3de9f6c by Andrew Bartlett at 2022-06-22T15:50:33+00:00
build: Allow &pathconfig XML entities to be used in all manpages, not just smb.conf
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15101
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
45094bd8 by Andrew Bartlett at 2022-06-22T15:50:33+00:00
docs-xml: Use &pathconfig.WINBINDD_SOCKET_DIR; to avoid reference to old /tmp/.winbindd
We can now write docs that follow how the software on this system was
built, which is much less confusing for users. Also /tmp/.winbindd
has not been used for a long time.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15101
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
6f96bb40 by Andrew Bartlett at 2022-06-22T15:50:33+00:00
docs: Show current system path for smb.conf in &smb.conf entity
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
9788e92b by Andrew Bartlett at 2022-06-22T16:43:30+00:00
build: Ensure that SAMBA_GENERATOR() tasks fail on error
Previously the error from inside the shell was eaten.
This showed up particularly as a failure to notice errors when running xsltproc
to build the manpages.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Wed Jun 22 16:43:30 UTC 2022 on sn-devel-184
- - - - -
994c262b by Ralph Boehme at 2022-06-22T18:05:32+00:00
vfs_gpfs: use sys_fstatat() in stat_with_capability()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12421
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Bjoern Jacke <bjacke at samba.org>
- - - - -
7011573e by Björn Jacke at 2022-06-22T18:05:32+00:00
docs-xml: add nfs4.xml.include documenting the generic NFS4 ACL parameters
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
- - - - -
f0d92e8d by Björn Jacke at 2022-06-22T18:05:32+00:00
docs_xml: use the nfs4 parameter include file in gpfs man page
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
- - - - -
1c2b9625 by Björn Jacke at 2022-06-22T18:05:32+00:00
docs_xml: use the nfs4 parameter include file in zfsacl man page
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
- - - - -
10040589 by Björn Jacke at 2022-06-22T18:57:52+00:00
docs-xml: add missing generic nfs4 parameters in nfs4_xattr man page
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
Autobuild-User(master): Christof Schmitt <cs at samba.org>
Autobuild-Date(master): Wed Jun 22 18:57:53 UTC 2022 on sn-devel-184
- - - - -
8458449d by Andreas Schneider at 2022-06-24T09:48:38+00:00
s3:waf: Fix version number of public libsmbconf
Error: ldconfig: /lib64/libsmbconf.so.0 is not a symbolic link
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15108
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Fri Jun 24 09:48:38 UTC 2022 on sn-devel-184
- - - - -
a43a1ebe by Martin Schwenke at 2022-06-24T09:49:32+00:00
ctdb-tests: Reformat script
Samba is reformatting shell scripts using
shfmt -w -p -i 0 -fn
so update this one before editing.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
09fd1e55 by Martin Schwenke at 2022-06-24T09:49:32+00:00
ctdb-scripts: Move nfslock out of basic_stop() and basic_start()
These are only called in one place and should be done inline, since
that is less confusing.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
cd018d0f by Martin Schwenke at 2022-06-24T09:49:32+00:00
ctdb-scripts: Simplify and rename basic_stop() and basic_start()
Drop the argument. These now just stop/start the overall NFS service,
so rename them appropriately.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
8b8660d8 by Martin Schwenke at 2022-06-24T09:49:32+00:00
ctdb-scripts: Refactor the manual RPC service start/stop
This logic needs improving, so factor the decision making into new
functions service_or_manual_stop() and service_or_manual_start().
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
337ef7c1 by Martin Schwenke at 2022-06-24T09:49:32+00:00
ctdb-scripts: Set NFS services to "AUTO" if started by another service
For example, in Sys-V init "rquotad" is started by the main "nfs"
service. At the moment the call-out can't distinguish between this
case and "should never be run". Services set to "AUTO" are
hand-stopped/started via service_stop()/service_start() on failure via
restart_after.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
7f3a0c7e by Martin Schwenke at 2022-06-24T09:49:32+00:00
ctdb-scripts: Parameterise /etc directory to aid testing
At the moment test results can be influenced by real system
configuration files.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
0b728a4e by Martin Schwenke at 2022-06-24T09:49:33+00:00
ctdb-tests: Improve Debian-style event script unit testing
Tests can be run by hand using different distro styles, such as:
CTDB_NFS_DISTRO_STYLE=systemd-debian \
./tests/run_tests.sh ./tests/UNIT/eventscripts/{06,60}.nfs.*
This fixes known problems for Debian styles, so the tests now pass for
the following values of CTDB_NFS_DISTRO_STYLE:
systemd-redhat
sysvinit-redhat
systemd-debian
sysvinit-debian
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
7f799a8d by Martin Schwenke at 2022-06-24T09:49:33+00:00
ctdb-tests: Fix faking of program stack traces
The current code works in all current cases but is lazy and wrong.
Fix it to avoid breaking on code changes involving different thread
setups.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
0247fd8a by Martin Schwenke at 2022-06-24T09:49:33+00:00
ctdb-scripts: Avoid ShellCheck warning SC2162
SC2162 read without -r will mangle backslashes
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
4cbb0b13 by Martin Schwenke at 2022-06-24T09:49:33+00:00
ctdb-tests: Do not require eval tricks for faking NFS callout
The current code requires the use of eval in the NFS callout handling
to facilitate testing. Improve the code to remove this need.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
80ba6601 by Martin Schwenke at 2022-06-24T10:40:50+00:00
ctdb-scripts: Drop use of eval in CTDB callout handling
eval is not required and causes the follow ShellCheck warning:
SC2294 (warning): eval negates the benefit of arrays. Drop eval to
preserve whitespace/symbols (or eval as string).
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay at samba.org>
Autobuild-Date(master): Fri Jun 24 10:40:50 UTC 2022 on sn-devel-184
- - - - -
cd09d4f4 by Andreas Schneider at 2022-06-24T22:29:33+00:00
third_party: Update nss_wraper to version 1.1.12
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Jun 24 22:29:33 UTC 2022 on sn-devel-184
- - - - -
68c57d9f by Joseph Sutton at 2022-06-26T22:10:29+00:00
tests/krb5: Add test for presence of NT hash
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
18f2a6b2 by Joseph Sutton at 2022-06-26T22:10:29+00:00
s4:kdc: Add helper function to extract AES256 key and salt
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6029e225 by Andrew Bartlett at 2022-06-26T22:10:29+00:00
s4-auth: For LDAP simple bind, fall back to checking the ENCTYPE_AES256_CTS_HMAC_SHA1_96 if stored
Since we don't store a salt per-key, but only a single salt, when we do
not have the NT hash in the unicodePwd (eg ntlm auth = disabled), the check
will fail for a previous password if the account was renamed prior to a
newer password being set.
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
d2a473a7 by Andrew Bartlett at 2022-06-26T22:10:29+00:00
dsdb: Allow password history and password changes without an NT hash
We now allow this to be via the ENCTYPE_AES256_CTS_HMAC_SHA1_96 hash instead
which allows us to decouple Samba from the unsalted NT hash for
organisations that are willing to take this step (for user accounts).
(History checking is limited to the last three passwords only, as
ntPwdHistory is limited to NT hash values, and the PrimaryKerberosCtr4
package only stores three sets of keys.)
Since we don't store a salt per-key, but only a single salt, the check
will fail for a previous password if the account was renamed prior to a
newer password being set.
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
0d9835e1 by Joseph Sutton at 2022-06-26T22:10:29+00:00
auth/credentials: Add cli_credentials_get_aes256_key()
This allows us to generate AES256 keys from a given password and salt.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f33aa94c by Joseph Sutton at 2022-06-26T22:10:29+00:00
auth/credentials: Add get_aes256_key()
This makes it possible to generate AES256 keys in Python from a given
password and salt.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
aa9136ab by Joseph Sutton at 2022-06-26T22:10:29+00:00
samba-tool user: When possible, obtain AES256 key and salt
We will make use of these in the next commit to check that the
supplemental packages are up-to-date with the current password.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e6957c1d by Joseph Sutton at 2022-06-26T22:10:29+00:00
samba-tool user: Accomodate missing unicodePwd in getpassword command
To allow for the NT hash not being stored when NTLM authentication is
disabled, we use the AES256 key instead for verification against the
other packages if the unicodePwd attribute is not present.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e8517ee7 by Andrew Bartlett at 2022-06-26T22:10:29+00:00
WHATSNEW: Announce support for dropping the NT hash
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
f06b40a9 by Andreas Schneider at 2022-06-26T23:08:03+00:00
bootstrap: Use quay.io to download fedora images
The docker registry is rate limited now. This often leads to errors, so
use the Red Hat registry.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Sun Jun 26 23:08:03 UTC 2022 on sn-devel-184
- - - - -
f2b6258b by Ralph Boehme at 2022-06-27T15:50:29+00:00
vfs_acl_xattr: add acl_xattr:security_acl_name option
Pair-Programmed-With: Jeremy Allison <jra at samba.org>
Signed-off-by: Ralph Boehme <slow at samba.org>
- - - - -
5b69b62d by Samuel Cabrero at 2022-06-27T15:50:29+00:00
s3:printing: Fix temporary talloc context leak
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ed89ef46 by Samuel Cabrero at 2022-06-27T15:50:29+00:00
s3:libads: Clear previous CLDAP ping flags when reusing the ADS_STRUCT
Fixes the problem described in commit a26f535dedc651afa2a25dd37113ac71787197ff
but for ads_domain_func_level() function.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
6223dea3 by Samuel Cabrero at 2022-06-27T15:50:29+00:00
s3:libads: Pass the correct ADS_STRUCT pointer to ads_msgfree
The search is performed using the ads_s pointer.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
337d7df4 by Samuel Cabrero at 2022-06-27T15:50:29+00:00
s3:winbind: Remove dupplicated talloc_get_type() call
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
600f081c by Samuel Cabrero at 2022-06-27T15:50:29+00:00
s3:winbind: Fix a memory leak in ads_idmap_cached_connection()
The trust password was leaked.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
6e3135ff by Samuel Cabrero at 2022-06-27T15:50:29+00:00
s3:winbind: Fix a memory leak in ads_cached_connection()
The trust password was leaked.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1b4d33d8 by Samuel Cabrero at 2022-06-27T15:50:29+00:00
s3:libnet: Allocate the machine name string under its container's talloc context
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
392cd137 by Samuel Cabrero at 2022-06-27T15:50:29+00:00
s3:libnet: Allocate the machine name string under its container's talloc context
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
577fdd0f by Samuel Cabrero at 2022-06-27T15:50:29+00:00
pygpo: Make ads_ADSType object inherit from pytalloc_BaseObject
Prepare to allocate ADS_STRUCT under a talloc context.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ee8ff51c by Samuel Cabrero at 2022-06-27T15:50:29+00:00
s3:netapi: Allocate a temporary talloc context for NetGetJoinableOUs_l()
Prepare to allocate ADS_STRUCT under a talloc context.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
9cbe5503 by Samuel Cabrero at 2022-06-27T15:50:29+00:00
s3:libnet: Allocate a temporary talloc context in libnet_connect_ads()
Prepare to allocate ADS_STRUCT under a talloc context. Pass a talloc
context where the ads struct will be moved on success.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
db052963 by Samuel Cabrero at 2022-06-27T15:50:29+00:00
s3:libsmb: Allocate a temporary talloc context for ads_dc_name()
Prepare to allocate ADS_STRUCT under a talloc context.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
6130d113 by Samuel Cabrero at 2022-06-27T15:50:29+00:00
s3:printing: Allocate a temporary talloc context for nt_printer_publish()
Prepare to allocate ADS_STRUCT under a talloc context.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f4d0db0d by Samuel Cabrero at 2022-06-27T15:50:29+00:00
s3:winbind: Pass a memory context to ads_idmap_cached_connection()
Prepare to allocate ADS_STRUCT under a talloc context.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e8d3acd3 by Samuel Cabrero at 2022-06-27T15:50:29+00:00
s3:winbind: Return ADS_STATUS from ads_cached_connection()
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
fd5e1f16 by Samuel Cabrero at 2022-06-27T15:50:29+00:00
s3:winbind: Init pointers to NULL and use new debug macros
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
4350d9cd by Samuel Cabrero at 2022-06-27T15:50:29+00:00
s3:winbind: Allocate a temporary talloc context for ads_idmap_cached_connection()
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
cec0b404 by Samuel Cabrero at 2022-06-27T15:50:29+00:00
s3:winbind: Allocate a temporary memory context for ads_cached_connection()
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
2c753ad6 by Samuel Cabrero at 2022-06-27T15:50:29+00:00
s3:winbind: Pass a memory context to ads_cached_connection_connect()
The ads struct will be allocated under this context.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
5fe49299 by Samuel Cabrero at 2022-06-27T15:50:29+00:00
s3:winbind: Create a temporary talloc context for ads_cached_connection_connect()
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d42849c5 by Samuel Cabrero at 2022-06-27T15:50:29+00:00
s3:winbind: Factor out dcip_check_name_ads()
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
23bc40f6 by Samuel Cabrero at 2022-06-27T15:50:29+00:00
s3:winbind: Early return on error in dcip_check_name_ads()
Also use new debug macros and improve debug message.
Best viewed with "git diff -b".
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
cfa6da86 by Samuel Cabrero at 2022-06-27T15:50:29+00:00
s3:winbind: Allocate a temporary memory context for dcip_check_name_ads()
Prepare to allocate ADS_STRUCT under a talloc context.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
20936391 by Samuel Cabrero at 2022-06-27T15:50:29+00:00
s3:libads: Rename talloc context
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
91630335 by Samuel Cabrero at 2022-06-27T15:50:29+00:00
s3:libads: Allocate temporary memory context for ads_domain_func_level()
Prepare to allocate ADS_STRUCT under talloc context.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
fa6dc883 by Samuel Cabrero at 2022-06-27T15:50:29+00:00
s3:net: Refactor net_ads_lookup(), allocate a talloc context
ADS_STRUCT will be allocated in the talloc context.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
aeaf1e48 by Samuel Cabrero at 2022-06-27T15:50:29+00:00
s3:net: Refactor net_ads_info(), allocate a talloc context
ADS_STRUCT will be allocated in the talloc context.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
88718870 by Samuel Cabrero at 2022-06-27T15:50:29+00:00
s3:net: Refactor net_ads_workgroup(), allocate a talloc context
ADS_STRUCT will be allocated in the talloc context.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
0693b9aa by Samuel Cabrero at 2022-06-27T15:50:29+00:00
s3:net: Pass a memory context to ads_startup_nobind()
The ads struct will be allocated under this context.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
5f587ab0 by Samuel Cabrero at 2022-06-27T15:50:29+00:00
s3:net: Refactor ads_user_add(), allocate a talloc context
ADS_STRUCT will be allocated in the talloc context.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
eaa7411c by Samuel Cabrero at 2022-06-27T15:50:29+00:00
s3:net: Refactor ads_user_info(), allocate a talloc context
ADS_STRUCT will be allocated in the talloc context.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
3c2b813a by Samuel Cabrero at 2022-06-27T15:50:29+00:00
s3:net: Refactor ads_user_delete(), allocate a talloc context
ADS_STRUCT will be allocated in the talloc context.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
937021d5 by Samuel Cabrero at 2022-06-27T15:50:29+00:00
s3:net: Refactor net_ads_user(), allocate a talloc context
ADS_STRUCT will be allocated in the talloc context.
Best viewed using "git diff -b".
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
66a72fbe by Samuel Cabrero at 2022-06-27T15:50:29+00:00
s3:net: Refactor ads_group_add(), allocate a talloc context
ADS_STRUCT will be allocated in the talloc context.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
356aa3e3 by Samuel Cabrero at 2022-06-27T15:50:29+00:00
s3:net: Refactor ads_group_delete(), allocate a talloc context
ADS_STRUCT will be allocated in the talloc context.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
786e0394 by Samuel Cabrero at 2022-06-27T15:50:29+00:00
s3:net: Refactor net_ads_group(), allocate a talloc context
ADS_STRUCT will be allocated in the talloc context.
Best viewed with "git diff -b".
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ce9da6e6 by Samuel Cabrero at 2022-06-27T15:50:29+00:00
s3:net: Refactor net_ads_status(), allocate a talloc context
ADS_STRUCT will be allocated in the talloc context.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
818ed102 by Samuel Cabrero at 2022-06-27T15:50:29+00:00
s3:net: Refactor net_ads_leave(), allocate a talloc context
ADS_STRUCT will be allocated in the talloc context.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f810a41f by Samuel Cabrero at 2022-06-27T15:50:29+00:00
s3:net: Refactor net_ads_join_ok(), allocate a talloc context
ADS_STRUCT will be allocated in the talloc context.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ec00cbc6 by Samuel Cabrero at 2022-06-27T15:50:29+00:00
s3:net: Refactor net_ads_join(), allocate a talloc context
ADS_STRUCT will be allocated in the talloc context.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d92055e0 by Samuel Cabrero at 2022-06-27T15:50:29+00:00
s3:net: Refactor net_ads_dns_register(), allocate a talloc context
ADS_STRUCT will be allocated in the talloc context.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1867b09c by Samuel Cabrero at 2022-06-27T15:50:29+00:00
s3:net: Refactor net_ads_dns_unregister(), allocate a talloc context
ADS_STRUCT will be allocated in the talloc context.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
507c90e2 by Samuel Cabrero at 2022-06-27T15:50:29+00:00
s3:net: Refactor net_ads_printer_search(), allocate a talloc context
ADS_STRUCT will be allocated in the talloc context.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
7f2267cc by Samuel Cabrero at 2022-06-27T15:50:29+00:00
s3:net: Refactor net_ads_printer_info(), allocate a talloc context
ADS_STRUCT will be allocated in the talloc context.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
75a3f380 by Samuel Cabrero at 2022-06-27T15:50:29+00:00
s3:net: Refactor net_ads_printer_publish(), allocate a talloc context
ADS_STRUCT will be allocated in the talloc context.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
bb1a3448 by Samuel Cabrero at 2022-06-27T15:50:30+00:00
s3:net: Refactor net_ads_printer_remove(), allocate a talloc context
ADS_STRUCT will be allocated in the talloc context.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
4e2f7cf5 by Samuel Cabrero at 2022-06-27T15:50:30+00:00
s3:net: Refactor net_ads_password(), allocate a talloc context
ADS_STRUCT will be allocated in the talloc context.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
407e156d by Samuel Cabrero at 2022-06-27T15:50:30+00:00
s3:net: Refactor net_ads_changetrustpw(), allocate a talloc context
ADS_STRUCT will be allocated in the talloc context.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f665c661 by Samuel Cabrero at 2022-06-27T15:50:30+00:00
s3:net: Refactor net_ads_search(), allocate a talloc context
ADS_STRUCT will be allocated in the talloc context.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c0ed4d85 by Samuel Cabrero at 2022-06-27T15:50:30+00:00
s3:net: Refactor net_ads_dn(), allocate a talloc context
ADS_STRUCT will be allocated in the talloc context.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c443b0b1 by Samuel Cabrero at 2022-06-27T15:50:30+00:00
s3:net: Refactor net_ads_sid(), allocate a talloc context
ADS_STRUCT will be allocated in the talloc context.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
484345bd by Samuel Cabrero at 2022-06-27T15:50:30+00:00
s3:net: Refactor net_ads_keytab_flush(), allocate a talloc context
ADS_STRUCT will be allocated in the talloc context.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d4937439 by Samuel Cabrero at 2022-06-27T15:50:30+00:00
s3:net: Refactor net_ads_keytab_add(), allocate a talloc context
ADS_STRUCT will be allocated in the talloc context.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
04fa6e98 by Samuel Cabrero at 2022-06-27T15:50:30+00:00
s3:net: Refactor net_ads_keytab_create(), allocate a talloc context
ADS_STRUCT will be allocated in the talloc context.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d8c84717 by Samuel Cabrero at 2022-06-27T15:50:30+00:00
s3:net: Refactor net_ads_setspn_list(), allocate a talloc context
ADS_STRUCT will be allocated in the talloc context.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d4059d52 by Samuel Cabrero at 2022-06-27T15:50:30+00:00
s3:net: Refactor net_ads_setspn_add(), allocate a talloc context
ADS_STRUCT will be allocated in the talloc context.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
998e9b9a by Samuel Cabrero at 2022-06-27T15:50:30+00:00
s3:net: Refactor net_ads_setspn_delete(), allocate a talloc context
ADS_STRUCT will be allocated in the talloc context.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1b04ae0d by Samuel Cabrero at 2022-06-27T15:50:30+00:00
s3:net: Refactor net_ads_enctypes_list(), allocate a talloc context
ADS_STRUCT will be allocated in the talloc context.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
5a4ccc5e by Samuel Cabrero at 2022-06-27T15:50:30+00:00
s3:net: Refactor net_ads_enctypes_set(), allocate a talloc context
ADS_STRUCT will be allocated in the talloc context.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
923db0f2 by Samuel Cabrero at 2022-06-27T15:50:30+00:00
s3:net: Refactor net_ads_enctypes_delete(), allocate a talloc context
ADS_STRUCT will be allocated in the talloc context.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
2979196d by Samuel Cabrero at 2022-06-27T15:50:30+00:00
s3:net: Exit returning -1 when usage is displayed
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
07487833 by Samuel Cabrero at 2022-06-27T15:50:30+00:00
s3:net: Pass a talloc context to ads_startup()
The ads struct will be allocated under this context.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ba7a3667 by Samuel Cabrero at 2022-06-27T15:50:30+00:00
s3:net: Pass a talloc context to ads_startup_int()
The ads struct will be allocated under this context.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e6cd1be1 by Samuel Cabrero at 2022-06-27T15:50:30+00:00
s3:libads: Remove unused define
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d0054180 by Samuel Cabrero at 2022-06-27T15:50:30+00:00
s3:libads: Move the ads_destroy() function up in the file
Will be static soon
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
50934b85 by Samuel Cabrero at 2022-06-27T15:50:30+00:00
s3:net: Refactor net_ads_check_int(), allocate a talloc context
ADS_STRUCT will be allocated in the talloc context.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d0dc0171 by Samuel Cabrero at 2022-06-27T15:50:30+00:00
s3:libads: Allocate ADS_STRUCT under a talloc context
The ads_destroy() function is now static and only called from the
ADS_STRUCT destructor.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e60d2bc8 by Samuel Cabrero at 2022-06-27T15:50:30+00:00
s3:libads: Remove no longer used is_mine flag from ADS_STRUCT
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
cdef6011 by Samuel Cabrero at 2022-06-27T15:50:30+00:00
s3:libads: Alloc ads->server.realm under ADS_STRUCT talloc context
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
5ec9b8ef by Samuel Cabrero at 2022-06-27T15:50:30+00:00
s3:libads: Allocate ads->server.workgroup under ADS_STRUCT talloc context
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
cc8465f1 by Samuel Cabrero at 2022-06-27T15:50:30+00:00
s3:libads: Allocate ads->server.ldap_server under ADS_STRUCT talloc context
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c1ab3916 by Samuel Cabrero at 2022-06-27T15:50:30+00:00
s3:libads: Allocate ads->auth.realm under ADS_STRUCT talloc context
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d64335ea by Samuel Cabrero at 2022-06-27T15:50:30+00:00
s3:libads: Allocate ads->auth.password under ADS_STRUCT talloc context
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
633ccc55 by Samuel Cabrero at 2022-06-27T15:50:30+00:00
s3:libads: Allocate ads->auth.user_name under ADS_STRUCT talloc context
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ca7ac79f by Samuel Cabrero at 2022-06-27T15:50:30+00:00
s3:libads: Allocate ads->auth.kdc_server under ADS_STRUCT talloc context
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
89c3f224 by Samuel Cabrero at 2022-06-27T15:50:30+00:00
s3:libads: Print ads->auth.ccache_name in ndr_print_ads_struct()
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ed784ed0 by Samuel Cabrero at 2022-06-27T15:50:30+00:00
s3:libads: Allocate ads->auth.ccache_name under ADS_STRUCT talloc context
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
b8a0446a by Samuel Cabrero at 2022-06-27T15:50:30+00:00
s3:libads: Allocate ads->config.realm under ADS_STRUCT talloc context
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
9530ca85 by Samuel Cabrero at 2022-06-27T15:50:30+00:00
s3:libads: Return ADS_STATUS from ads_build_path()
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
b2381e10 by Samuel Cabrero at 2022-06-27T15:50:30+00:00
s3:libads: Return ADS_STATUS from ads_build_dn()
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
dd9e0f11 by Samuel Cabrero at 2022-06-27T15:50:30+00:00
s3:libads: Allocate ads->config.bind_path under ADS_STRUCT talloc context
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
dcf6578d by Samuel Cabrero at 2022-06-27T15:50:30+00:00
s3:libads: Allocate ads->config.ldap_server_name under ADS_STRUCT talloc context
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
40cd9204 by Samuel Cabrero at 2022-06-27T15:50:30+00:00
s3:libads: Allocate ads->config.server_site_name under ADS_STRUCT talloc context
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
9fe2cf1b by Samuel Cabrero at 2022-06-27T15:50:30+00:00
s3:libads: Allocate ads->config.client_site_name under ADS_STRUCT talloc context
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
6ca5eacc by Samuel Cabrero at 2022-06-27T15:50:30+00:00
s3:libads: Allocate ads->config.schema_path under ADS_STRUCT talloc context
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
8ea0dd1a by Samuel Cabrero at 2022-06-27T15:50:30+00:00
s3:libads: Allocate ads->config.config_path under ADS_STRUCT talloc context
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
3d6ec74f by Samuel Cabrero at 2022-06-27T15:50:30+00:00
s3:libads: RIP ads_destroy()
All ADS_STRUCT members are allocated under its talloc context.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
da589447 by Jeremy Allison at 2022-06-27T16:48:31+00:00
s3: net_ads: Cleanup, remove unused talloc_ctx in net_ads_kerberos_kinit().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon Jun 27 16:48:32 UTC 2022 on sn-devel-184
- - - - -
d96a6caf by Andreas Schneider at 2022-06-27T19:47:28+00:00
s4:libads: Fix trailing whitespaces in ldap.c
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
fbf134c8 by Andreas Schneider at 2022-06-27T20:39:31+00:00
s3:libads: Check if we have a valid sockaddr
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon Jun 27 20:39:31 UTC 2022 on sn-devel-184
- - - - -
05601ceb by Martin Schwenke at 2022-06-28T09:24:31+00:00
ctdb-tests: Return error on empty fake ctdbd configuration blocks
These would be unintended errors. The block should be omitted to keep
the default value.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
428bc71f by Vinit Agnihotri at 2022-06-28T09:24:31+00:00
ctdb-tests: Add runstate handling to fake ctdbd
Signed-off-by: Vinit Agnihotri <vagnihotri at ddn.com>
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
794f1258 by Vinit Agnihotri at 2022-06-28T09:24:31+00:00
ctdb-tool: Add UNKNOWN pseudo state
When a node is starting, CTDB reports remote nodes as unhealthy by
default. This can be misleading.
To hide this, report an "UNKNOWN" pseudo state when a remote node is
not disconnected and the runstate is less than or equal to
"FIRST_RECOVERY".
Signed-off-by: Vinit Agnihotri <vagnihotri at ddn.com>
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
be293a12 by Martin Schwenke at 2022-06-28T10:16:59+00:00
ctdb-tests: Add new tool unit tests to cover UNKNOWN state
Signed-off-by: Vinit Agnihotri <vagnihotri at ddn.com>
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay at samba.org>
Autobuild-Date(master): Tue Jun 28 10:16:59 UTC 2022 on sn-devel-184
- - - - -
19b27299 by Jeremy Allison at 2022-06-30T15:35:32+00:00
s3: winbind: Add missing NULL check for returned talloc'ed ADS struct..
Coverity CID: 1506720.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
5903657b by Jeremy Allison at 2022-06-30T16:28:30+00:00
s3: libads: Fix return from malloc check.
We shouldn't be checking *realm != '\0' here, just
the return from malloc.
Coverity CID: 1506719.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Jun 30 16:28:30 UTC 2022 on sn-devel-184
- - - - -
9080cd30 by Andreas Schneider at 2022-06-30T22:08:39+00:00
s3:printing: Do not clear the printer-list.tdb
With the new dcerpc architecture we need to keep printer-list.tdb
around. A spoolss dcerpc call will start rpc-spoolssd which will then
start the background queue process. However in order to enum the
printers we need have a printer-list.tdb. Depending on the number of
printers this task can take several seconds. It is unlinkly that
the printer-list will change all the time, so we might provide outdated
data till it gets refreshed, but this is better than providing no
printer list at all.
If there are a lot of printers, the idle_seconds for the rpc-spoolssd
should be increased so that the background task can finish.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15082
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Jun 30 22:08:39 UTC 2022 on sn-devel-184
- - - - -
013b74e3 by Pavel Filipenský at 2022-07-01T08:12:49+00:00
s4:torture: check return of ndr_pull_init_blob() via torture_assert()
Reported by covscan.
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Fri Jul 1 08:12:49 UTC 2022 on sn-devel-184
- - - - -
b609734c by Michael Tokarev at 2022-07-01T14:35:09+00:00
testparm: clarify "Weak crypto is allowed" message
The message testparm prints about weak crypto is really
misleading: "Weak crypto is allowed" is often interpreted
in a way that smb.conf settings are bad by allowing weak
crypto. While the actual meaning is about the ability to
fall back to weaker crypto for (backwards) compatibility,
and this has nothing to do with samba settings, it is the
gnutls settings. Clarify both of these, and eliminate an
if() and a local variable.
Signed-off-by: Michael Tokarev <mjt at tls.msk.ru>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Fri Jul 1 14:35:09 UTC 2022 on sn-devel-184
- - - - -
c5ef9186 by Stefan Metzmacher at 2022-07-01T17:35:27+00:00
s3:ctdbd_conn: make sure ctdbd_init_async_connection() never returns 0 with conn = NULL
This should not happen anywhere, but it clears the expectation of the
caller and simplifies the error handling there.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
96b77d87 by Stefan Metzmacher at 2022-07-01T18:34:17+00:00
s3:dbwrap_ctdb: improve the error handling in ctdb_async_ctx_init_internal()
We should not map any error from ctdbd_init_async_connection() to EIO.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Jul 1 18:34:17 UTC 2022 on sn-devel-184
- - - - -
17f8ec6f by Samuel Cabrero at 2022-07-04T12:22:16+00:00
s4:mitkdc: Always set SDB_F_FOR_{TGS,AS}_REQ flag for DAL >= 9
The KRB5_KDB_FLAG_REFERRAL_OK is to indicate wether a realm referral is
allowed. In AD this is always allowed. Also there is no way to pass that
indication to the SamDB layer.
Pair-Programmed-With: Andreas Schneider <asn at samba.org>
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Samuel Cabrero <scabrero at samba.org>
Autobuild-Date(master): Mon Jul 4 12:22:16 UTC 2022 on sn-devel-184
- - - - -
96a649ef by Jeremy Allison at 2022-07-04T16:42:28+00:00
s3: libads: Fix coverity false positive.
dn is always returned as NULL on error in ads_build_path(),
but coverity can't see that. Easy change to quieten it.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
Autobuild-User(master): Noel Power <npower at samba.org>
Autobuild-Date(master): Mon Jul 4 16:42:28 UTC 2022 on sn-devel-184
- - - - -
090c46a5 by Stefan Metzmacher at 2022-07-05T15:09:35+00:00
s4:torture/smb2: rename 'smb2.bench-oplock' to 'smb2.bench.oplock'
We should have a toplevel 'smb2.bench' suite for all benchmark tests.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
2dfb334f by Stefan Metzmacher at 2022-07-05T15:09:35+00:00
s4:torture/smb2: add smb2.bench.path-contention-shared
This test tortures contention on a single path where
all opens are shared stat opens without any oplock/lease
interaction.
It opens 'nproc' connections to the share and runs
for 'timelimit' seconds, while it opens and closes
the 'bench_path' on each connection as fast as possible.
The number of concurrent connections can be specified
with:
--option="torture:nprocs=256"
while the default is 4.
The runtime can be specified by
--option='torture:timelimit=30'
the default being 10.
By default the test operates on the share root directory, but
the path can be changed with:
--option='torture:bench_path=Apps\1\2\3\4\5\6\7\8\9\10'
pointing to an existing file or directory.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
3ec4dddb by Stefan Metzmacher at 2022-07-05T15:09:35+00:00
s3:vfs_fileid: move to a single mapping_fn() returning struct file_id
This makes the code much less magic (at least for me) and
it will allow further changes to be made easier.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
2668700f by Stefan Metzmacher at 2022-07-05T15:09:35+00:00
s3:vfs_fileid: maintain an array of nolock inodes
This way 'fsname_norootdir[_ext]' is not overwritten by
'fileid:nolockinode' and both can work independently.
It will also allow us to add more nolock inodes under
other conditions in the following changes.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
a1882538 by Stefan Metzmacher at 2022-07-05T15:09:35+00:00
s3:vfs_fileid: introduce algorithm 'next_module'
This can be use to get just bypass the fileid module for the
common case. But it allows 'fileid:nolockinode' (and in future
other things) to work in order to avoid lock contention
for all 'nolock' inodes.
If we would have started from scratch all the nolock
logic would have been in its own vfs module, just
altering file_id.extid
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
72419736 by Stefan Metzmacher at 2022-07-05T15:09:35+00:00
s3:vfs_fileid: always add the 'nolock' behavior via file_id.extid
file_id.extid was filled with getpid() by 'fsname_norootdir_ext'.
However instead of forcing the existing 'hostname' algorithm for the 'nolock'
case, we'll now generate file_id.extid also based the hostname, vnn
and for 'fsname_norootdir_ext' also the pid.
This simplifies further changes and gives us the ability to generate stable
results for file_id.{devid,inode} based on the main algorithm. This is important
as we have a push_file_id_16() helper function used in places to generate a
stable identifier of the file that is also client visible and might be stored on
stable storage (acl_tdb, xattr_tdb). While the file_id.extid is only used
internally in volatile databases.
Review with: git show --patience
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
48403b0e by Stefan Metzmacher at 2022-07-05T15:09:35+00:00
s3:vfs_fileid: also handle 'fsname_nodirs' via fileid_is_nolock_inode()
This means we'll be able to provide the 'nolock' feature for all
directories also with other algorithms than 'fsname' in future.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
f99b617c by Stefan Metzmacher at 2022-07-05T15:09:35+00:00
s3:vfs_fileid: also imply the generic nolock logic to the legacy 'hostname' algorithm
That way the file_id.extid is consistenly filled for all cases
where we deliberately break lock coherency.
This will simplify further changes and give administrators more
flexibility.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
c040b811 by Stefan Metzmacher at 2022-07-05T15:09:35+00:00
s3:vfs_fileid: introduce 'fileid:nolock_max_slots'
This controlls the maximum number of concurrent locking slots
on each host. It specifies the maximal number of locking.tdb
records for a single inode.
It can be used to deliberately break lock coherency not
only between cluster nodes, but also between processes on
each node.
This allows administrators to control the behavior that's
currently only available by 'fsname_norootdir_ext' to
other cases as well.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
d0d9732a by Stefan Metzmacher at 2022-07-05T15:09:35+00:00
s3:vfs_fileid: introduce 'fileid:nolock_paths'
This brings much more flexibility compared to:
- 'fsname_norootdir', 'fsname_norootdir_ext',
which only allow the nolock behavior for the share root
- 'fileid:nolockinode', which only gets a single inode number,
and ignores the devide id completely.
You can specify path names, which are relative to the shareroot
or absolute.
These names are only evaluated at SMB_VFS_CONNECT() time,
where they are converted into devide and inode pairs.
It means they are completely ignored if the path doesn't
exist yet, or is replaced by a new inode later.
This allows:
- 'fileid:algorithm = fsname_norootdir'
to be replaced by:
'fileid:algorithm = fsname' (the default)
'fileid:nolock_paths = .'
- 'fileid:algorithm = fsname_norootdir_ext'
to be replaced by:
'fileid:algorithm = fsname' (the default)
'fileid:nolock_paths = .'
'fileid:nolock_max_slots = 18446744073709551615'
And 'fileid:nolockinode = 1234567' and be replaced by
'fileid:nolock_paths = Very/Contended/Path' or
'fileid:nolock_paths = . Very/Contended/Path1 /data/conteded.dir',
if the share root and two additional inodes should be handled
by the 'nolock' behavior.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
dc478f48 by Stefan Metzmacher at 2022-07-05T15:09:35+00:00
s3:vfs_fileid: add 'fileid:nolock_all_dirs = BOOL'
This adds the feature of the 'fsname_nodirs' algorithm,
but provides it for all algorithms, including 'next_module'.
This can be used to deliberately break lock coherency, but
keep the devid/inode pair untouched, e.g.
vfs objects = fileid
fileid:algorithm = next_module
fileid:nolock_all_dirs = yes
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
a63087f5 by Stefan Metzmacher at 2022-07-05T15:09:35+00:00
s3:vfs_fileid: add 'fileid:nolock_all_inodes = BOOL'
This adds the feature of the 'hostname' algorithm,
but provides it for all algorithms, including 'next_module'.
This can be used to deliberately break lock coherency, but
keep the devid/inode pair untouched, as this will only
alter file_id.extid:
vfs objects = fileid
fileid:algorithm = next_module
fileid:nolock_all_inodes = yes
This should be preferred unless someone is already using the
'hostname' algorithm.
Note this is only for testing (or read only shares if at all...)
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
4f5faa80 by Stefan Metzmacher at 2022-07-05T16:01:10+00:00
docs-xml:manpages: update vfs_fileid.8.xml for the recent changes
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Tue Jul 5 16:01:10 UTC 2022 on sn-devel-184
- - - - -
b8f3d8d0 by Ralph Boehme at 2022-07-08T09:04:28+00:00
smbd: if close fails just log it, don't crash
Originally I added the assert here as we can't return the error being in a
talloc destructor. But OEMs prefer error log messages over crashes.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Fri Jul 8 09:04:28 UTC 2022 on sn-devel-184
- - - - -
20f63b79 by Andreas Schneider at 2022-07-08T09:05:56+00:00
s4:client: Reformat shell scripts
shfmt -f source4/client/ | xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
- - - - -
bf9b2d7a by Andreas Schneider at 2022-07-08T09:05:56+00:00
s4:librpc: Reformat shell scripts
shfmt -f source4/librpc/ | xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
- - - - -
d82c0991 by Andreas Schneider at 2022-07-08T09:05:56+00:00
s4:script: Reformat shell scripts
shfmt -f source4/script/ | xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
- - - - -
8e2f5020 by Andreas Schneider at 2022-07-08T09:05:56+00:00
s4:scripting: Reformat shell scripts
shfmt -f source4/scripting/ | xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
- - - - -
beaac6bb by Andreas Schneider at 2022-07-08T09:05:56+00:00
s4:torture: Reformat shell scripts
shfmt -f source4/torture/ | xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
- - - - -
c4c086ec by Andreas Schneider at 2022-07-08T09:59:19+00:00
s4:utils: Reformat shell scripts
shfmt -f source4/utils/ | xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
Autobuild-User(master): Pavel Filipensky <pfilipensky at samba.org>
Autobuild-Date(master): Fri Jul 8 09:59:19 UTC 2022 on sn-devel-184
- - - - -
2ec93ac6 by Ralph Boehme at 2022-07-09T09:04:46+00:00
smbd: follow-up fix for "if close fails just log it, don't crash"
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Björn Baumbach <bb at sernet.de>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Sat Jul 9 09:04:46 UTC 2022 on sn-devel-184
- - - - -
b1056442 by Samuel Cabrero at 2022-07-12T11:47:30+00:00
s3:winbind: Fix trailing whitespaces and spaces before tabs in winbindd_cred_cache.c
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
9409f1ad by Samuel Cabrero at 2022-07-12T11:47:30+00:00
s3:winbind: Fix trailing whitespaces in winbindd_proto.h
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
266d6ebc by Samuel Cabrero at 2022-07-12T11:47:30+00:00
s3:winbind: Improve debug message to print the service in add_ccache_to_list()
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
28db1443 by Samuel Cabrero at 2022-07-12T11:47:30+00:00
s3:winbind: Improve debug message to print service in smb_krb5_renew_ticket()
Signed-off-by: Samuel Cabrero <scabrero at suse.de>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
2235a4aa by Samuel Cabrero at 2022-07-12T11:47:30+00:00
lib:krb5_wrap: Add debug to ads_krb5_cli_get_ticket()
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
8bef8e3d by Samuel Cabrero at 2022-07-12T11:47:30+00:00
s3:winbind: Create service principal inside add_ccache_to_list()
The function can build the service principal itself, there is no
need to do it in the caller. This removes code duplication.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14979
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
116af0df by Samuel Cabrero at 2022-07-12T12:38:55+00:00
s3:winbind: Use the canonical realm name to renew the credentials
Consider the following AD topology where all trusts are parent-child
trusts:
ADOM.AFOREST.AD
|
ACHILD.ADOM.AFOREST.AD
|
AGRANDCHILD.ACHILD.ADOM.AFOREST.AD <-- Samba joined
When logging into the Samba machine using pam_winbind with kerberos enabled
with user ACHILD\user1, the ccache content is:
Default principal: user1 at ACHILD.ADOM.AFOREST.AD
Valid starting Expires Service principal
07/06/2022 16:09:23 07/06/2022 16:14:23 krbtgt/ACHILD.ADOM.AFOREST.AD at ACHILD.ADOM.AFOREST.AD
renew until 07/13/2022 16:09:23
--> 07/06/2022 16:09:23 07/06/2022 16:14:23 krbtgt/AGRANDCHILD.ACHILD.ADOM.AFOREST.AD at ACHILD.ADOM.AFOREST.AD <-- NOTE this TGT ticket
renew until 07/13/2022 16:09:23
07/06/2022 16:09:23 07/06/2022 16:14:23 SAMBA$@AGRANDCHILD.ACHILD.ADOM.AFOREST.AD
renew until 07/13/2022 16:09:23
But when logging in with user ADOM\user1, the ccache content is:
Default principal: user1 at ADOM.AFOREST.AD
Valid starting Expires Service principal
07/06/2022 16:04:37 07/06/2022 16:09:37 krbtgt/ADOM.AFOREST.AD at ADOM.AFOREST.AD
renew until 07/13/2022 16:04:37
07/06/2022 16:04:37 07/06/2022 16:09:37 SAMBA$@AGRANDCHILD.ACHILD.ADOM.AFOREST.AD
renew until 07/13/2022 16:04:37
MIT does not store the intermediate TGTs when there is more than one hop:
ads_krb5_cli_get_ticket: Getting ticket for service [SAMBA$@AGRANDCHILD.ACHILD.ADOM.AFOREST.AD] using creds from [FILE:/tmp/krb5cc_11105] and impersonating [(null)]
Getting credentials user1 at ADOM.AFOREST.AD -> SAMBA$@AGRANDCHILD.ACHILD.ADOM.AFOREST.AD using ccache FILE:/tmp/krb5cc_11105
Starting with TGT for client realm: user1 at ADOM.AFOREST.AD -> krbtgt/ADOM.AFOREST.AD at ADOM.AFOREST.AD
Requesting TGT krbtgt/AGRANDCHILD.ACHILD.ADOM.AFOREST.AD at ADOM.AFOREST.AD using TGT krbtgt/ADOM.AFOREST.AD at ADOM.AFOREST.AD
Sending request to ADOM.AFOREST.AD
Received answer from stream 192.168.101.32:88
TGS reply is for user1 at ADOM.AFOREST.AD -> krbtgt/ACHILD.ADOM.AFOREST.AD at ADOM.AFOREST.AD with session key rc4-hmac/D88B
--> Received TGT for offpath realm ACHILD.ADOM.AFOREST.AD <-- NOTE this TGT ticket is not stored
Requesting TGT krbtgt/AGRANDCHILD.ACHILD.ADOM.AFOREST.AD at ACHILD.ADOM.AFOREST.AD using TGT krbtgt/ACHILD.ADOM.AFOREST.AD at ADOM.AFOREST.AD
Sending request (1748 bytes) to ACHILD.ADOM.AFOREST.AD
Received answer (1628 bytes) from stream 192.168.101.33:88
TGS reply is for user1 at ADOM.AFOREST.AD -> krbtgt/AGRANDCHILD.ACHILD.ADOM.AFOREST.AD at ACHILD.ADOM.AFOREST.AD with session key rc4-hmac/D015
--> Received TGT for service realm: krbtgt/AGRANDCHILD.ACHILD.ADOM.AFOREST.AD at ACHILD.ADOM.AFOREST.AD <-- NOTE this TGT is not stored
Requesting tickets for SAMBA$@AGRANDCHILD.ACHILD.ADOM.AFOREST.AD, referrals on
Sending request (1721 bytes) to AGRANDCHILD.ACHILD.ADOM.AFOREST.AD
Received answer (1647 bytes) from stream 192.168.101.34:88
TGS reply is for user1 at ADOM.AFOREST.AD -> SAMBA$@AGRANDCHILD.ACHILD.ADOM.AFOREST.AD with session key aes256-cts/345A
Received creds for desired service SAMBA$@AGRANDCHILD.ACHILD.ADOM.AFOREST.AD
Storing user1 at ADOM.AFOREST.AD -> SAMBA$@AGRANDCHILD.ACHILD.ADOM.AFOREST.AD in FILE:/tmp/krb5cc_11105
In the case of ACHILD\user1:
ads_krb5_cli_get_ticket: Getting ticket for service [SAMBA$@AGRANDCHILD.ACHILD.ADOM.AFOREST.AD] using creds from [FILE:/tmp/krb5cc_2000] and impersonating [(null)]
Getting credentials user1 at ACHILD.ADOM.AFOREST.AD -> SAMBA$@AGRANDCHILD.ACHILD.ADOM.AFOREST.AD using ccache FILE:/tmp/krb5cc_2000
Starting with TGT for client realm: user1 at ACHILD.ADOM.AFOREST.AD -> krbtgt/ACHILD.ADOM.AFOREST.AD at ACHILD.ADOM.AFOREST.AD
Requesting TGT krbtgt/AGRANDCHILD.ACHILD.ADOM.AFOREST.AD at ACHILD.ADOM.AFOREST.AD using TGT krbtgt/ACHILD.ADOM.AFOREST.AD at ACHILD.ADOM.AFOREST.AD
Sending request to ACHILD.ADOM.AFOREST.AD
Received answer from stream 192.168.101.33:88
TGS reply is for user1 at ACHILD.ADOM.AFOREST.AD -> krbtgt/AGRANDCHILD.ACHILD.ADOM.AFOREST.AD at ACHILD.ADOM.AFOREST.AD with session key rc4-hmac/0F60
--> Storing user1 at ACHILD.ADOM.AFOREST.AD -> krbtgt/AGRANDCHILD.ACHILD.ADOM.AFOREST.AD at ACHILD.ADOM.AFOREST.AD in FILE:/tmp/krb5cc_2000 <-- NOTE this TGT is stored
Received TGT for service realm: krbtgt/AGRANDCHILD.ACHILD.ADOM.AFOREST.AD at ACHILD.ADOM.AFOREST.AD
Requesting tickets for SAMBA$@AGRANDCHILD.ACHILD.ADOM.AFOREST.AD, referrals on
Sending request (1745 bytes) to AGRANDCHILD.ACHILD.ADOM.AFOREST.AD
Received answer (1675 bytes) from stream 192.168.101.34:88
TGS reply is for user1 at ACHILD.ADOM.AFOREST.AD -> SAMBA$@AGRANDCHILD.ACHILD.ADOM.AFOREST.AD with session key aes256-cts/3576
Received creds for desired service SAMBA$@AGRANDCHILD.ACHILD.ADOM.AFOREST.AD
Storing user1 at ACHILD.ADOM.AFOREST.AD -> SAMBA$@AGRANDCHILD.ACHILD.ADOM.AFOREST.AD in FILE:/tmp/krb5cc_2000
The result is that winbindd can't refresh the tickets for ADOM\user1
because the local realm is used to build the TGT service name.
smb_krb5_renew_ticket: Using FILE:/tmp/krb5cc_11105 as ccache for client 'user1 at ADOM.AFOREST.AD' and service 'krbtgt/AGRANDCHILD.ACHILD.ADOM.AFOREST.AD at AGRANDCHILD.ACHILD.ADOM.AFOREST.AD'
Retrieving user1 at ADOM.AFOREST.AD -> krbtgt/AGRANDCHILD.ACHILD.ADOM.AFOREST.AD at ADOM.AFOREST.AD from FILE:/tmp/krb5cc_11105 with result: -1765328243/Matching credential not found (filename: /tmp/krb5cc_11105)
The canonical realm name must be used instead:
smb_krb5_renew_ticket: Using FILE:/tmp/krb5cc_11105 as ccache for client 'user1 at ADOM.AFOREST.AD' and service 'krbtgt/ADOM.AFOREST.AD at ADOM.AFOREST.AD'
Retrieving user1 at ADOM.AFOREST.AD -> krbtgt/ADOM.AFOREST.AD at ADOM.AFOREST.AD from FILE:/tmp/krb5cc_11105 with result: 0/Success
Get cred via TGT krbtgt/ADOM.AFOREST.AD at ADOM.AFOREST.AD after requesting krbtgt/ADOM.AFOREST.AD at ADOM.AFOREST.AD (canonicalize off)
Sending request to ADOM.AFOREST.AD
Received answer from stream 192.168.101.32:88
TGS reply is for user1 at ADOM.AFOREST.AD -> krbtgt/ADOM.AFOREST.AD at ADOM.AFOREST.AD with session key aes256-cts/8C7B
Storing user1 at ADOM.AFOREST.AD -> krbtgt/ADOM.AFOREST.AD at ADOM.AFOREST.AD in FILE:/tmp/krb5cc_11105
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14979
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Tue Jul 12 12:38:55 UTC 2022 on sn-devel-184
- - - - -
11d3d2ae by Volker Lendecke at 2022-07-12T13:33:14+00:00
rpc_server3: Initialize mangle_fns in classic and spoolss
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15118
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
Autobuild-User(master): Pavel Filipensky <pfilipensky at samba.org>
Autobuild-Date(master): Tue Jul 12 13:33:14 UTC 2022 on sn-devel-184
- - - - -
d5414435 by Ralph Boehme at 2022-07-12T14:45:36+00:00
mdssvc: fix indentation
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15086
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
72468166 by Ralph Boehme at 2022-07-12T14:45:36+00:00
mdssvc: convert mds_init_ctx() to return NTSTATUS
No change in behavour. In preperation for returning a special error to signal
the caller that spotlight is disabled for a share.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15086
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
8e997bd6 by Ralph Boehme at 2022-07-12T14:45:36+00:00
CI: fix check for correct mdsvc resonse when connecting to a share with Spotlight disabled
A Mac SMB server returns an all zero handle and an empty path if Spotlight is
disabled on a share. We must return the exact same error return in order to
trigger client-side searching.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15086
pcap: https://www.samba.org/~slow/pcaps/mac-bigsur-smbserver-spotlight-disabled.pcapng.gz
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
23e6e50c by Ralph Boehme at 2022-07-12T15:42:52+00:00
mdssvc: return all-zero policy handle if spotlight is disabled
A Mac SMB server returns an all zero handle and an empty path if Spotlight is
disabled on a share. We must return the exact same error return in order to
trigger client-side searching.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15086
pcap: https://www.samba.org/~slow/pcaps/mac-bigsur-smbserver-spotlight-disabled.pcapng.gz
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
Autobuild-User(master): Noel Power <npower at samba.org>
Autobuild-Date(master): Tue Jul 12 15:42:52 UTC 2022 on sn-devel-184
- - - - -
a6ccceb9 by Christof Schmitt at 2022-07-13T17:30:30+00:00
nfs4_acls: Correctly skip chown when gid did not change
Commit 86f7af84 introduced a problem that a chown is always attempted,
even when the owning gid did not change. Then the ACL is set in the file
system as root. Fix the check by correctly comparing with gid, not uid.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15120
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Christof Schmitt <cs at samba.org>
Autobuild-Date(master): Wed Jul 13 17:30:30 UTC 2022 on sn-devel-184
- - - - -
df29b9ab by Andreas Schneider at 2022-07-15T12:08:36+00:00
s4:selftest: Reformat shell scripts
shfmt -f source4/selftest/ | xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
- - - - -
bcd9794d by Andreas Schneider at 2022-07-15T12:08:36+00:00
s4:setup: Reformat shell scripts
shfmt -f source4/setup/ | xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
- - - - -
30215a8a by Andreas Schneider at 2022-07-15T13:00:30+00:00
testprogs: Reformat bogus.sh
shfmt -w -p -i 0 -fn testprogs/blackbox/bogus.sh
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
Autobuild-User(master): Pavel Filipensky <pfilipensky at samba.org>
Autobuild-Date(master): Fri Jul 15 13:00:30 UTC 2022 on sn-devel-184
- - - - -
d692c5a6 by Andreas Schneider at 2022-07-15T13:28:37+00:00
s3:selftest: Reformat rpc array
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
- - - - -
c7925747 by Andreas Schneider at 2022-07-15T13:28:37+00:00
s4:selftest: Reformat slow_ncacn_np_tests list
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
- - - - -
3f63393e by Andreas Schneider at 2022-07-15T13:28:37+00:00
s4:selftest: Reformat rpc.samr.passwords plansmbtorture4testsuite
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
- - - - -
9923d505 by Andreas Schneider at 2022-07-15T13:28:37+00:00
s4:torture: Rename rpc.samr.passwords tests
This way it is easier to select them with 'make test'.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
- - - - -
bbc5abfa by Andreas Schneider at 2022-07-15T14:24:49+00:00
selftest: Do not skip working tests
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
Autobuild-User(master): Pavel Filipensky <pfilipensky at samba.org>
Autobuild-Date(master): Fri Jul 15 14:24:49 UTC 2022 on sn-devel-184
- - - - -
8e2d0587 by Pavel Filipenský at 2022-07-15T14:25:37+00:00
debug: Fix whitespace and a typo in debug.h
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
f0e0a953 by Pavel Filipenský at 2022-07-15T14:25:37+00:00
debug: Add DEBUGLF macro with explicit location and function parameters.
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
7b9f87b8 by Pavel Filipenský at 2022-07-15T14:25:37+00:00
librpc:ndr: Update ndr_print_debug() and add macro NDR_PRINT_DEBUG_LEVEL
Bumping the ABI to 3.0.0
This is enhancement of NDR_PRINT_DEBUG macro with following new features:
* debug level can be specified (NDR_PRINT_DEBUG always uses level 1)
* the trace header shows the location and function of the caller
instead of function 'ndr_print_debug', which is not really useful.
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
48cb47f5 by Pavel Filipenský at 2022-07-15T14:25:37+00:00
s3:passdb: Fix trailing whitespaces in machine_account_secrets.c
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
b1f8f5c4 by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s4:lib: Fix trailing whitespaces in tools/regshell.c
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
d3805d53 by Pavel Filipenský at 2022-07-15T14:25:38+00:00
librpc:ndr: Update ndr_print_debug() to the new ndr ABI
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
feb04d99 by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Fix trailing whitespaces in winbindd_group.c
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
1852160e by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Improve logging in winbindd.c
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
14f4ba19 by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Improve logging in wb_xids2sids.c
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
07dd2c71 by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Improve logging in winbindd_group.c
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
2b5c8611 by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Move up some code in winbindd_getusersids.c
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
f8e372e1 by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Improve logging in winbindd_getusersids.c
Test scenario:
$ bin/wbinfo --user-sids `bin/wbinfo -n ADDOMAIN/alice | awk '{print $1}'`
S-1-5-21-2018381343-4210792308-1157936888-1107
S-1-5-21-2018381343-4210792308-1157936888-513
S-1-5-32-545
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
25d38cc6 by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Improve logging in winbindd_dsgetdcname.c
Test scenario:
$ bin/wbinfo --dsgetdcname=ADDOMAIN
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
6cb508ab by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Improve logging in winbindd_endgrent.c
Test scenario:
id ADDOMAIN/alice
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
2fed5d20 by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Improve logging in winbindd_endpwent.c
Test scenario:
$ getent passwd
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
a0666eb6 by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Improve logging in winbindd_getdcname.c
Test scenario:
bin/wbinfo --getdcname=ADDOMAIN
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
ac8f35d6 by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Improve logging in winbindd_getgrent.c
Test scenario:
id ADDOMAIN/alice
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
9c41992d by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Improve logging in winbindd_getgrgid.c
Test scenario:
id ADDOMAIN/alice
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
2ec7ccab by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Improve logging in winbindd_getgrnam.c
Test scenario:
bin/wbinfo --group-info 'ADDOMAIN/domain users'
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
09807998 by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Improve logging in winbindd_getgroups.c
Test scenario:
bin/wbinfo --user-groups 'ADDOMAIN/alice'
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
5e7039a8 by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Improve logging in winbindd_getpwent.c
Test scenario:
$ getent passwd
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
1074e74d by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Improve logging in winbindd_getpwnam.c
Test scenario:
id ADDOMAIN/alice
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
980f8092 by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Improve logging in winbindd_getpwsid.c
Test scenario:
$ bin/wbinfo --name-to-sid ADDOMAIN/alice
S-1-5-21-4248687961-4152985382-2800071106-1107 SID_USER (1)
$ bin/wbinfo --user-sidinfo S-1-5-21-4248687961-4152985382-2800071106-1107
ADDOMAIN/alice:*:2001107:2000513::/home/ADDOMAIN/alice:/bin/false
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
15529612 by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Improve logging in winbindd_getpwuid.c
Test scenario:
$ bin/wbinfo --uid-info 2001107
or
$ bin/wbinfo --uid-info 100000
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
a80a8ded by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Improve logging in winbindd_getsidaliases.c
Test scenario:
$ bin/wbinfo --sid-aliases S-1-5-21-4248687961-4152985382-2800071106-1107
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
2fbc57cf by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Improve logging in winbindd_getuserdomgroups.c
Test scenario:
$ bin/wbinfo --user-domgroups `bin/wbinfo -n ADDOMAIN/alice | awk '{print $1}'`
S-1-5-21-2260029349-2102976898-3003119-1107
S-1-5-21-2260029349-2102976898-3003119-513
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
4d081c77 by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Improve logging in winbindd_list_groups.c
Test scenario:
$ bin/wbinfo -g
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
6620a74a by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Improve logging in winbindd_list_users.c
Test scenario:
$ bin/wbinfo -u
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
fff33f71 by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Improve logging in winbindd_lookupname.c
Test scenario:
bin/wbinfo --name-to-sid=ADDOMAIN/alice
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
4f63a3b7 by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Improve logging in winbindd_pam_auth.c
Test scenario:
$ bin/wbinfo --pam-logon=ADDOMAIN/alice%Secret007
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
53d9cf76 by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Improve logging in winbindd_pam_logoff.c
Test scenario:
$ bin/wbinfo --logoff
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
5eaabe04 by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Improve logging in winbindd_setgrent.c
Test scenario:
id ADDOMAIN/alice
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
3c1d91cd by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Improve logging in winbindd_setpwent.c
Test scenario:
$ getent passwd
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
0f031024 by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Improve logging in winbindd_sids_to_xids.c
Test scenario:
bin/wbinfo --sid-to-uid=S-1-5-21-1961314572-195468382-2567644205-1107
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
7a9bec6a by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Improve logging in winbindd_wins_byip.c
Test scenario:
$ bin/wbinfo --WINS-by-ip=10.53.57.30
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
0f4c7404 by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Improve logging in winbindd_wins_byname.c
Test scenario:
$ bin/wbinfo --WINS-by-name=ADDC
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
f52eeb89 by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Improve logging in winbindd_xids_to_sids.c
Test scenario in ad_dc:local test environment:
bin/wbinfo --unix-ids-to-sids=u100000
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
d21d69e8 by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Improve logging in samlogon_cache.c
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
08e80f87 by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Improve logging in wb_dsgetdcname.c
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
bb801a73 by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Improve logging in wb_getgrsid.c
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
35df8fd8 by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Improve logging in wb_getpwsid.c
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
42ada8ed by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Improve logging in wb_gettoken.c
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
bdd2ce03 by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Improve logging in wb_group_members.c
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
5c0d8054 by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Improve logging in wb_lookupname.c
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
6b4cbb3d by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Improve logging in wb_lookupsid.c
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
7b9bf842 by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Improve logging in wb_lookupsids.c
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
b8f3dec0 by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Improve logging in wb_lookupuseraliases.c
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
513d9c34 by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Improve logging in wb_lookupusergroups.c
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
9435a8bf by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Improve logging in wb_next_grent.c
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
68b8b98c by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Improve logging in wb_next_pwent.c
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
bd1447ca by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Improve logging in wb_query_group_list.c
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
7d751d76 by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Improve logging in wb_queryuser.c
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
5804a4c0 by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Improve logging in wb_query_user_list.c
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
f72f0390 by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Improve logging in wb_sids2xids.c
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
d3b49403 by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Fix trailing whitespace in winbindd.h
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
ef5090b3 by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Change num_sids from int to uint32_t in wb_gettoken_recv()
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
51250c61 by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Change num_sids from int to uint32_t in wb_lookupuseraliases_send()
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
72eacda2 by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Change num_sids from int to uint32_t in wb_lookupusergroups_recv()
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
84ab676c by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Change num_received, num_domains from int to uint32_t in winbindd_list_groups_state
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
69a9b7a5 by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Change num_groups from int to uint32_t in wb_query_group_list_recv()
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
2ef11c4d by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Change num_groups, next_group from int to uint32_t in wb_group_members.c
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
cf33679d by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Change max_groups, num_groups from int to uint32_t in getpwent_state
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
0fb98133 by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Change num_gids from int to uint32_t in winbindd_getgroups_state
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
b17cae66 by Pavel Filipenský at 2022-07-15T15:21:23+00:00
s3:winbind: Change max_users, num_users from int to uint32_t in winbindd_getpwent_state
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Fri Jul 15 15:21:23 UTC 2022 on sn-devel-184
- - - - -
450b8da8 by Andreas Schneider at 2022-07-18T13:46:33+00:00
s3:winbind: Fix pointer access in wb_lookupusergroups_recv()
Fixes CID 1507350
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
e824ee6b by Andreas Schneider at 2022-07-18T13:46:33+00:00
s3:winbind: Add additional debug level check to wb_lookupusergroups_recv()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
934bc0c5 by Andreas Schneider at 2022-07-18T13:46:33+00:00
s3:winbind: Fix pointer access in wb_xids2sids_recv()
CID 1507348
CID 1507349
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
130283cb by Andreas Schneider at 2022-07-18T14:44:07+00:00
s3:winbind: Add additional debug level check to wb_xids2sids_recv()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Mon Jul 18 14:44:07 UTC 2022 on sn-devel-184
- - - - -
2b32d932 by Andreas Schneider at 2022-07-18T21:21:59+00:00
s3:rpcclient: Goto done in cmd_samr_setuserinfo_int()
We need to free the frame or we will run into:
smb_panic (why=0x7fa8c511aa88 "Frame not freed in order.")
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15124
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon Jul 18 21:21:59 UTC 2022 on sn-devel-184
- - - - -
965c6617 by Andreas Schneider at 2022-07-19T00:10:10+00:00
s3:tests: Add test to access msdfs path with smbget
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Jul 19 00:10:10 UTC 2022 on sn-devel-184
- - - - -
f340b884 by Andreas Schneider at 2022-07-19T12:17:35+00:00
waf: Check for -Wno-error=array-bounds flags
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15073
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Tue Jul 19 12:17:35 UTC 2022 on sn-devel-184
- - - - -
88c11736 by Andreas Schneider at 2022-07-20T11:09:36+00:00
testprogs: Reformat common-links.sh
shfmt -w -p -i 0 -fn testprogs/blackbox/common-links.sh
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
- - - - -
4c12840e by Andreas Schneider at 2022-07-20T11:59:26+00:00
testprogs: Reformat common_test_fns.inc
shfmt -w -p -i 0 -fn testprogs/blackbox/common_test_fns.inc
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
Autobuild-User(master): Pavel Filipensky <pfilipensky at samba.org>
Autobuild-Date(master): Wed Jul 20 11:59:26 UTC 2022 on sn-devel-184
- - - - -
3d95220a by Andreas Schneider at 2022-07-20T18:23:49+00:00
Add a .clang-format file
How to use:
Install 'git-format-clang' which is part of the clang suite (Fedora:
git-clang-format, openSUSE: clang-tools).
Now do your changes and stage them with `git add`. Once they are staged
format the code using `git clang-format` before you commit.
Now the formatting changed can be viewed with `git diff` against the
staged changes.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Wed Jul 20 18:23:49 UTC 2022 on sn-devel-184
- - - - -
e01b9f11 by Pavel Filipenský at 2022-07-21T13:47:31+00:00
README.Coding: PRINT format specifiers PRIuxx
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
7736ac45 by Pavel Filipenský at 2022-07-21T13:47:31+00:00
s3:winbind: Change '%u' to '%PRIu32' for uint32_t in wb_gettoken.c
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
892975da by Pavel Filipenský at 2022-07-21T13:47:31+00:00
s3:winbind: Change '%u' to '%PRIu32' for uint32_t in wb_group_members.c
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
6aded171 by Pavel Filipenský at 2022-07-21T13:47:31+00:00
s3:winbind: Change '%u' to '%PRIu32' for uint32_t in wb_lookupuseraliases.c
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
547b5193 by Pavel Filipenský at 2022-07-21T13:47:31+00:00
s3:winbind: Change '%u' to '%PRIu32' for uint32_t in wb_lookupusergroups.c
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
d2eb6404 by Pavel Filipenský at 2022-07-21T13:47:31+00:00
s3:winbind: Change '%u' to '%PRIu32' for uint32_t in wb_next_pwent.c
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
55510a93 by Pavel Filipenský at 2022-07-21T13:47:31+00:00
s3:winbind: Change '%u' to '%PRIu32' for uint32_t in wb_query_group_list.c
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
473ed0a5 by Pavel Filipenský at 2022-07-21T13:47:31+00:00
s3:winbind: Change '%u' to '%PRIu32' for uint32_t in wb_query_user_list.c
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
98c67832 by Pavel Filipenský at 2022-07-21T13:47:31+00:00
s3:winbind: Change '%u' to '%PRIu32' for uint32_t in wb_queryuser.c
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
7e715ed0 by Pavel Filipenský at 2022-07-21T13:47:31+00:00
s3:winbind: Change '%u' to '%PRIu32' for uint32_t in wb_sids2xids.c
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
75c90102 by Pavel Filipenský at 2022-07-21T13:47:31+00:00
s3:winbind: Change '%u' to '%PRIu32' for uint32_t in wb_xids2sids.c
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
37a1c25d by Pavel Filipenský at 2022-07-21T13:47:31+00:00
s3:winbind: Change '%u' to '%PRIu32' for uint32_t in wb_lookupsids.c
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
cd49a22c by Pavel Filipenský at 2022-07-21T13:47:31+00:00
s3:winbind: Change '%u' to '%PRIu32' for uint32_t in winbindd_getgrent.c
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
0086ce11 by Pavel Filipenský at 2022-07-21T13:47:31+00:00
s3:winbind: Change '%u' to '%PRIu32' for uint32_t in winbindd_getgrgid.c
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
23b0842b by Pavel Filipenský at 2022-07-21T13:47:31+00:00
s3:winbind: Change '%u' to '%PRIu32' for uint32_t in winbindd_getgrnam.c
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
ec8b50e0 by Pavel Filipenský at 2022-07-21T13:47:31+00:00
s3:winbind: Change '%u' to '%PRIu32' for uint32_t in winbindd_getgroups.c
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
fb4f1e37 by Pavel Filipenský at 2022-07-21T13:47:31+00:00
s3:winbind: Change '%u' to '%PRIu32' for uint32_t in winbindd_getpwent.c
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
98b1f42a by Pavel Filipenský at 2022-07-21T13:47:31+00:00
s3:winbind: Change '%u' to '%PRIu32' for uint32_t in winbindd_getuserdomgroups.c
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
1ff8bbd2 by Pavel Filipenský at 2022-07-21T13:47:31+00:00
s3:winbind: Change '%u' to '%PRIu32' for uint32_t in winbindd_getusersids.c
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
9873b4fd by Pavel Filipenský at 2022-07-21T13:47:31+00:00
s3:winbind: Change '%u' to '%PRIu32' for uint32_t in winbindd_list_groups.c
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
189f5790 by Pavel Filipenský at 2022-07-21T13:47:31+00:00
s3:winbind: Change '%u' to '%PRIu32' for uint32_t in winbindd_list_users.c
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
1b6b6f7d by Pavel Filipenský at 2022-07-21T13:47:31+00:00
s3:winbind: Change '%u' to '%PRIu32' for uint32_t in winbindd_sids_to_xids.c
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
aa5ddc23 by Pavel Filipenský at 2022-07-21T13:47:31+00:00
s3:winbind: Change '%u' to '%PRIu32' for uint32_t in winbindd_xids_to_sids.c
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
213570a0 by Pavel Filipenský at 2022-07-21T13:47:31+00:00
s3:winbind: Change '%u' to '%PRIu32' for uint32_t in winbindd_getsidaliases.c
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
4a61e6dc by Pavel Filipenský at 2022-07-21T13:47:31+00:00
s3:winbind: Add additional debug level check to wb_gettoken_recv()
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
47c48fd0 by Pavel Filipenský at 2022-07-21T13:47:31+00:00
s3:winbind: Add additional debug level check to winbindd_getgroups_recv()
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
a2f30eed by Pavel Filipenský at 2022-07-21T13:47:31+00:00
s3:winbind: Add additional debug level check to winbindd_getsidaliases_send()
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
1a897f1b by Pavel Filipenský at 2022-07-21T14:41:53+00:00
s3:winbind: Add additional debug level check to wb_lookupsids_send()
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Thu Jul 21 14:41:53 UTC 2022 on sn-devel-184
- - - - -
5dcb49bb by Andreas Schneider at 2022-07-22T04:36:30+00:00
third_party: Update socket_wrapper to version 1.3.4
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
21b9734c by dinesh at 2022-07-22T05:27:53+00:00
smbd: Bypass the vfs_gethandle data for default share IPC$
During gpfs_connect for default share of IPC$ not setting the handle data but during the vfs_gpfs_capabilities
for the default share IPC$ the get handle data was called and observing error log failed to get vfs_handle->data!
so to bypass this error log the condition check if IS_IPC share is added in make_connection_snum while calling SMB_VFS_FS_CAPABILITIES
Signed-off-by:Dinesh <dinesh.kumar.reddy at ibm.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Jul 22 05:27:53 UTC 2022 on sn-devel-184
- - - - -
3df39aa7 by Martin Schwenke at 2022-07-22T06:38:32+00:00
ctdb-scripts: Avoid ShellCheck warning SC2164
SC2164 (warning): Use 'cd ... || exit' or 'cd ... || return' in case cd fails.
A problem can only occur if /etc/ctdb/ or an important subdirectory is
removed, which means the script itself would not be found. Use && to
silence ShellCheck.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
a832c8e2 by Martin Schwenke at 2022-07-22T06:38:32+00:00
ctdb-scripts: Reformat using shfmt -w -p -i 0 -fn
About to modify this file, so reformat first as per recent Samba
convention.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
fc485fea by Martin Schwenke at 2022-07-22T06:38:32+00:00
ctdb-scripts: De-clutter validate_percentage()
It always takes 2 arguments.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
dc7aaca8 by Martin Schwenke at 2022-07-22T06:38:32+00:00
ctdb-scripts: Reduce length of very long lines
Use printf to allow easier line breaks and use some early returns.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
5e7bbcb0 by Martin Schwenke at 2022-07-22T06:38:32+00:00
ctdb-scripts: Avoid ShellCheck info SC2162
SC2162 (info): read without -r will mangle backslashes.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
36bd6fd0 by Martin Schwenke at 2022-07-22T06:38:32+00:00
ctdb-scripts: Always check memory usage
If filesystem usage exceeds the unhealthy threshold then checking
memory usage checking is not done. Always do them both.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
e396eb9f by Martin Schwenke at 2022-07-22T07:32:54+00:00
ctdb-scripts: Only run unhealthy call-out when passing threshold
For memory usage, no need to dump all of this data on every failed
monitor event. The first call will be enough to diagnose the problem.
The node will then go unhealthy, drop clients and memory usage should
then drop.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay at samba.org>
Autobuild-Date(master): Fri Jul 22 07:32:54 UTC 2022 on sn-devel-184
- - - - -
0b5dd076 by Martin Schwenke at 2022-07-22T16:09:31+00:00
ctdb-recoverd: Add function node_flags() and use it in elections
Indexing a node map by PNN is suboptimal.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
19fbc2da by Martin Schwenke at 2022-07-22T16:09:31+00:00
ctdb-recoverd: Add pnn field to banning state structure
This structure is now standalone, so indexing by PNN can be avoided
via a subsequent commit. Index by culprit here to make this commit
simple.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
9898e7c5 by Martin Schwenke at 2022-07-22T16:09:31+00:00
ctdb-recoverd: Clean up banning culprit code
Make this fully self-contained in the recovery daemon and avoid
indexing by PNN.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
440bd86a by Martin Schwenke at 2022-07-22T16:09:31+00:00
ctdb-daemon: Drop unused ban_state element from CTDB node structure
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
ec5f6425 by Martin Schwenke at 2022-07-22T16:09:31+00:00
ctdb-protocol: Add separator argument to ctdb_connection_to_buf()
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
f5a20377 by Martin Schwenke at 2022-07-22T16:09:31+00:00
ctdb-daemon: Modernise debug in ctdb_control_send_arp()
For the tickle ACK logging, render the connection in a buffer. This
produces more complete information.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
d62fcba7 by Martin Schwenke at 2022-07-22T16:09:31+00:00
ctdb-daemon: Avoid spurious error sending ARPs for released IP
A public IP address can be released in between (and probably before)
attempts to send ARPs. One situation when this can occur is when a
cluster is shutting down: node A shuts down first, public IPs from
node A are taken over by node B, node B is shutdown.
Notice this when it occurs and cancel further attempts to send ARPs.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
c77a4fde by Martin Schwenke at 2022-07-22T16:09:31+00:00
ctdb-daemon: Modernise debug in ctdb_add_public_address()
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
b686bbb4 by Martin Schwenke at 2022-07-22T16:09:31+00:00
replace: Add check for if_nameindex()
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
00f1d6d9 by Martin Schwenke at 2022-07-22T16:09:31+00:00
ctdb-common: Use POSIX if_nameindex() to check interface existence
This works as an unprivileged user, so avoids unnecessary errors when
running in test mode (and not as root):
2022-02-18T12:21:12.436491+11:00 node.0 ctdbd[6958]: ctdb_sys_check_iface_exists: Failed to open raw socket
2022-02-18T12:21:12.436534+11:00 node.0 ctdbd[6958]: ctdb_sys_check_iface_exists: Failed to open raw socket
2022-02-18T12:21:12.436557+11:00 node.0 ctdbd[6958]: ctdb_sys_check_iface_exists: Failed to open raw socket
2022-02-18T12:21:12.436577+11:00 node.0 ctdbd[6958]: ctdb_sys_check_iface_exists: Failed to open raw socket
The corresponding porting test would now become pointless because it
would just confirm that "fake" does not exist. Attempt to make it
useful by using a less likely name than "fake" and attempting to
detect the loopback interface.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
db37043b by Martin Schwenke at 2022-07-22T16:09:31+00:00
ctdb-scripts: Avoid ShellCheck warning SC2295
For example:
In /home/martins/samba/samba/ctdb/tools/onnode line 304:
[ "$nodes" != "${nodes%[ ${nl}]*}" ] && verbose=true
^---^ SC2295 (info): Expansions inside ${..} need to be quoted separately, otherwise they match as patterns.
Did you mean:
[ "$nodes" != "${nodes%[ "${nl}"]*}" ] && verbose=true
For more information:
https://www.shellcheck.net/wiki/SC2295 -- Expansions inside ${..} need to b...
Who knew? Thanks ShellCheck!
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
b20ccaa3 by Martin Schwenke at 2022-07-22T16:09:31+00:00
ctdb-scripts: Use "git config" as last resort to parse nfs.conf
Some versions of nfs-utils (e.g. recent CentOS 7) use /etc/nfs.conf
but do not include the nfsconf utility to extract values from the
file. However, git has an excellent conf file parser, so use it as a
last resort.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
e831af7b by Martin Schwenke at 2022-07-22T16:09:31+00:00
ctdb-tests: Work around unreadable file test failure when root
root can read files for which the mode prohibits reading, so this test
case fails when run as root. Work around this when running as root.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
30c40046 by Martin Schwenke at 2022-07-22T17:01:00+00:00
ctdb-build: Add missing dependency on talloc
The include isn't strictly necessary, since it is included via
common/reqid.c anyway. However, it is a useful hint.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay at samba.org>
Autobuild-Date(master): Fri Jul 22 17:01:00 UTC 2022 on sn-devel-184
- - - - -
b4d7540b by David Mulder at 2022-07-22T20:40:51+00:00
gpo: samba-gpupdate use s3 param for registry conf
Cause samba-gpupdate to use an s3 param so that
it can load settings from registry configuration.
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Jul 22 20:40:51 UTC 2022 on sn-devel-184
- - - - -
1ae9f5d3 by Volker Lendecke at 2022-07-23T23:29:38+00:00
winbind: Fix the 32-bit build
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d7fe63c9 by Volker Lendecke at 2022-07-23T23:29:38+00:00
winbind: Fix a "format string is not a string literal" warning
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
0d189001 by Volker Lendecke at 2022-07-23T23:29:38+00:00
lib: Fix the FreeBSD build
"time_t" only comes in via a proper include of <time.h>
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
53db1a08 by Volker Lendecke at 2022-07-23T23:29:38+00:00
torture: Fix the 32-bit build
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
605d6469 by Volker Lendecke at 2022-07-23T23:29:38+00:00
lib: Fix the 32-bit build
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
930426db by Volker Lendecke at 2022-07-24T00:25:48+00:00
lib: On FreeBSD util_paths.c does not find struct stat
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Sun Jul 24 00:25:49 UTC 2022 on sn-devel-184
- - - - -
58d7b76a by Volker Lendecke at 2022-07-25T12:04:33+00:00
smbd: Open up openat_internal_dir_from_pathref() for general dirs
We open "." fixed here, and fd_openat (or rather SMB_VFS_OPENAT) will
tell us if "dirfsp" does not point at a proper directory
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
b4a3c22a by Volker Lendecke at 2022-07-25T12:04:33+00:00
smbd: Avoid a "? True : False"
Just came across this, looked weird...
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
e2d30fd5 by Volker Lendecke at 2022-07-25T12:04:33+00:00
lib: Remove a few #include "includes.h"
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
1d02c462 by Volker Lendecke at 2022-07-25T12:04:33+00:00
lib: Simplify canonicalize_absolute_path()
We don't need the separate "wrote_slash" boolean variable, we can just
look at what we wrote into p[-1]
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
138fdfaa by Volker Lendecke at 2022-07-25T12:04:33+00:00
registry3: Align function types to what is returned
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
3fc5f9f4 by Volker Lendecke at 2022-07-25T12:04:33+00:00
registry3: Align an integer type
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
08f4ee6c by Volker Lendecke at 2022-07-25T12:04:33+00:00
torture3: Fix an error check in torture_delete_fn()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
53f9b32a by Volker Lendecke at 2022-07-25T12:04:33+00:00
smbd: Don't create a fsp->base_fsp for a "::$DATA" stream
"::$DATA" is the main file, we don't need the overhead of base_fsp here.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
b5c17b79 by Volker Lendecke at 2022-07-25T12:04:33+00:00
smbd: Simplify canonicalize_snapshot_path()
All we need to do is to convert the @GMT-Token and move the
rest. Before this patch we did a lot of talloc to move the @GMT token
to the beginning of the path only to cut it off immediately
again. Merge that logic into a simple memmove()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
5c702e03 by Volker Lendecke at 2022-07-25T12:04:33+00:00
smbd: Factor out extract_snapshot_token() from canonicalize_snapshot_path()
We'll use this elsewhere soon.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
d2e5c9c9 by Volker Lendecke at 2022-07-25T12:04:33+00:00
test3: Fix a debug message
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
217e7c16 by Volker Lendecke at 2022-07-25T12:04:33+00:00
libcli: Modernize a few DEBUG statements
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
d67c7c09 by Volker Lendecke at 2022-07-25T12:04:33+00:00
smbd: Update fsp->fsp_flags.is_directory in vfs_stat_fsp()
The type of a fsp should never change, but if this call to
vfs_stat_fsp() is the very first one on this fsp, we must update this
flag.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
dd5e10d6 by Volker Lendecke at 2022-07-25T12:04:33+00:00
smbd: Make fsp_attach_smb_fname() talloc_move() the name to the fsp
For the current callers this does not make a difference, they have
already allocated *_smb_fname as a talloc child of fsp, but the next
patches will add one where it does.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
0c8d55ed by Volker Lendecke at 2022-07-25T12:04:33+00:00
vfs_shadow_copy2: Don't reference dirfsp for streams
A stream open is always relative to fsp->base_fsp. This already holds
the full path name in fsp->base_fsp->fsp_name, so we don't really need
the full_path_from_dirfsp_atname(). full_path_from_dirfsp_atname() is
not really bad, but the next patches will avoid having a dirfsp for
stream opens overall.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
c267c983 by Volker Lendecke at 2022-07-25T12:04:33+00:00
VFS: NULL dirfsp for openat on stream opens
The main optimization is to avoid non_widelink_open() for streams
opens based on the fact that all streams opens are relative to
fsp->base_fsp, which is a pathref fsp already.
Neither streams_xattr nor streams_depot referenced dirfsp for the
streams case. Make this more obvious in the callers by passing NULL
and asserting this: non-streams opens and streams opens are just
different things, streams-opens can and do reference a base fsp and
don't need the non_widelink_open logic.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
7295377a by Volker Lendecke at 2022-07-25T12:04:33+00:00
smbd: Simplify non_widelink_open()
Now that non_widelink_open() does not see streams opens, we don't need
to take care of fsp->base_fsp anymore.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
8420f62c by Volker Lendecke at 2022-07-25T12:04:33+00:00
smbd: Simplify openat_pathref_fsp()
Remove the implicit recursion
openat_pathref_fsp->openat_pathref_base_fsp->openat_pathref_fsp
by introducing openat_pathref_nostream() and use
open_stream_pathref_fsp() where possible. openat_pathref_nostream()
will change its name in further refactoring patches, but for
understanding this patch I think this name is good :-)
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
37fd029e by Volker Lendecke at 2022-07-25T12:04:33+00:00
smbd: A stream open does not need O_NOFOLLOW
Would not have hurt either, but this makes the next patch easier to
verify properly
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
45168bff by Volker Lendecke at 2022-07-25T12:04:33+00:00
smbd: Hand full_fname from openat_pathref_nostream()
Rename it to openat_pathref_fullname(), it will be used for stream
open next
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
afe1b94b by Volker Lendecke at 2022-07-25T12:04:33+00:00
smbd: Open openat_pathref_fullname() for streams
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
52ecf986 by Volker Lendecke at 2022-07-25T12:04:33+00:00
smbd: Simplify openat_pathref_fullname()
Don't set O_RDONLY|O_NONBLOCK in two steps into a variable
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
348f19d3 by Volker Lendecke at 2022-07-25T12:04:33+00:00
smbd: open_stream_pathref_fsp() does not need a dirfsp
It opens relative to fsp->base_fsp
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
f292b1ae by Volker Lendecke at 2022-07-25T12:04:33+00:00
smbd: Simplify open_stream_pathref_fsp()
The main point of this function was to avoid fd_openat() and thus the
expensive non_widelink_open(). Now that fd_openat() has the direct
SMB_VFS_OPENAT() fast-path for streams, we can avoid duplicating the
logic in open_stream_pathref_fsp() again.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
87f03333 by Volker Lendecke at 2022-07-25T12:04:33+00:00
smbd: Some more assert in fd_openat()
Before this patch we asserted that if we have a base_fsp then
smb_fname must have a stream name attached. Now we also assert that if
we don't have a base_fsp smb_fname is not a stream.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
9826da77 by Volker Lendecke at 2022-07-25T12:04:33+00:00
smbd: Make get_real_filename_at public
We'll use this in files.c, which creates a bit of a cyclic
dependency. But files.c has all the lowlevel fsp handling, and we'll
add another routine there next which needs get_real_filename_at()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
d6fcae23 by Volker Lendecke at 2022-07-25T12:04:33+00:00
smbd: Add openat_pathref_dirfsp_nosymlink()
This does a step-by-step path resolution for a directory by splitting
up the path into individual components and does a loop like that
for component in components:
fd = openat(dirfd, component, O_NOFOLLOW);
close(dirfd);
dirfd = fd
and it will report any symlink it finds in a way that will be
indirectly consumable for the smb2 symlink error response.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
7bb8af3f by Volker Lendecke at 2022-07-25T12:04:33+00:00
vfs_error_inject: Ignore openat() from openat_pathref_dirfsp_nosymlink()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
9fc46592 by Volker Lendecke at 2022-07-25T12:04:33+00:00
smbd: Take care of @GMT in SMB1's reply_ntcreate_and_X()
Next we want to avoid filename_convert() to take care of this. The
SMB2 code has a proper TWRP token anyway, so let's push the
@GMT-handling to the SMB1 code that will be converted to
filename_convert_dirfsp().
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
8ff2fe33 by Volker Lendecke at 2022-07-25T12:56:08+00:00
smbd: Userspace symlink eval in filename_convert_dirfsp()
This converts filename_convert_dirfsp to do symlink evaluation in user
space. It uses openat_pathref_dirfsp_nosymlink() to open the dirpath
and looks at the proper NT_STATUS_STOPPED_ON_SYMLINK response. Using
this avoids filename_convert() and thus unix_convert() completely for
the SMB2_CREATE case.
The tests
samba3.blackbox.smbclient_s3.NT1.plain.Recursive ls across MS-DFS links
now correctly stop the symlink lookup recursion with
NT_STATUS_OBJECT_PATH_NOT_FOUND. Previously we did not correcly pass up the
ELOOP coming back from the stat-call.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Mon Jul 25 12:56:08 UTC 2022 on sn-devel-184
- - - - -
087b1b0e by Stefan Metzmacher at 2022-07-25T17:34:33+00:00
tevent: add tevent_cached_getpid() helper
This avoids a getpid() syscall per tevent_loop_once() iteration.
We provide tevent_cached_getpid() also as helper for external consumers
in order to have the logic only once.
Note the change to ABI/tevent-0.12.1.sigs will be reverted
with the bump to 0.13.0.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
673a8551 by Stefan Metzmacher at 2022-07-25T17:34:33+00:00
tevent: tevent_cached_getpid() tests
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
63d4db63 by Stefan Metzmacher at 2022-07-25T17:34:33+00:00
tevent: version 0.13.0
- add tevent_cached_getpid()
Note the changes to ABI/tevent-0.12.1.sigs only
revert the temporary changes made there...
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
bcfb257b by Stefan Metzmacher at 2022-07-25T17:34:33+00:00
lib/messaging: s/getpid/tevent_cached_getpid
Our messaging code is very performance critical and
we should note waste time in getpid() syscalls...
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
94e130fb by Stefan Metzmacher at 2022-07-25T17:34:33+00:00
s3:lib/messages*: s/getpid/tevent_cached_getpid
Our messaging code is very performance critical and
we should note waste time in getpid() syscalls...
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
0f544f33 by Stefan Metzmacher at 2022-07-25T17:34:33+00:00
lib/util: make use of tevent_cached_getpid() in performance critical code
This avoids wasting getpid() calls in a lot of places...
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
cf6cc948 by Stefan Metzmacher at 2022-07-25T18:32:18+00:00
s3:profile: make use of tevent_cached_getpid() in performance critical code
This avoids wasting getpid() during profiling.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon Jul 25 18:32:18 UTC 2022 on sn-devel-184
- - - - -
0d4cb5a6 by Stefan Metzmacher at 2022-07-26T00:31:29+00:00
smbd: split out smbd_check_access_rights_fname and call it before SMB_VFS_FGET_NT_ACL
commit 8e3798dd22276bc1ac8e96004d0e5e974240a7b9 actually came with a
change in behavior..., as SMB_VFS_GET_NT_ACL_AT() (at the time) and
now SMB_VFS_FGET_NT_ACL() is always called even if it's not needed.
E.g. access by root.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Jul 26 00:31:29 UTC 2022 on sn-devel-184
- - - - -
e06413c2 by Stefan Metzmacher at 2022-07-26T13:40:33+00:00
s3:dbwrap_watch: let dbwrap_watched_watch_state_destructor() use DBG_WARNING()
When we (need) to ignore an error from dbwrap_do_locked() within
dbwrap_watched_watch_state_destructor(), we better print this
with log level 1 instead of 10.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
f26b22cc by Stefan Metzmacher at 2022-07-26T13:40:33+00:00
s3:dbwrap_watch: use value_valid = false during dbwrap_watched_do_locked_fn()
This matches db_tdb_do_locked() and the fetch_locked based fallback in
dbwrap_do_locked().
Calling dbwrap_record_get_value() is not allowed from within
dbwrap_do_locked()!
Now that rec.value is only internal, use it to remember the initial
payload value. This will simplify further code changes as it
makes the fetch_locked case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
3f88b700 by Stefan Metzmacher at 2022-07-26T13:40:33+00:00
s3:dbwrap_watch: s/db_watched_subrec/db_watched_record
struct db_watched_record is the private data of
the struct db_record produced by the struct db_context that
uses struct db_watched_ctx.
db_watched_subrec had nothing really todo with the
sub record we got back from db_watched_ctx->backend.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
5af37ae6 by Stefan Metzmacher at 2022-07-26T13:40:33+00:00
s3:dbwrap_watch: s/dbwrap_watched_subrec/dbwrap_watched_record
These functions operate on struct db_watched_record.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
77db4b66 by Stefan Metzmacher at 2022-07-26T13:40:34+00:00
s3:dbwrap_watch: rename struct dbwrap_watched_record variables to 'wrec'
This makes it much easier to understand...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
cdf1c37a by Stefan Metzmacher at 2022-07-26T13:40:34+00:00
s3:dbwrap_watch: move wakeup_value to struct db_watched_record
For the do_locked case they have the same scope, but having
it on db_watched_record will simplify further changes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
420a595c by Stefan Metzmacher at 2022-07-26T13:40:34+00:00
s3:dbwrap_watch: use dbwrap_record_get_db(rec) instead of state->db
We should try to avoid using dbwrap_watched_do_locked_state in low
level code.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
9356b170 by Stefan Metzmacher at 2022-07-26T13:40:34+00:00
s3:dbwrap_watch: use struct db_watched_record as rec->private_data for do_locked too
There's no real reason to pass struct dbwrap_watched_do_locked_state
anymore. The only difference is that we can't use
talloc_get_type_abort().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
7226d0b3 by Stefan Metzmacher at 2022-07-26T13:40:34+00:00
s3:dbwrap_watch: move 'wrec' from dbwrap_watched_do_locked_state to dbwrap_watched_do_locked_fn
We can use a local variable in dbwrap_watched_do_locked_fn.
As 'wrec' should have the same lifetime as 'rec'.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
6702b3b0 by Stefan Metzmacher at 2022-07-26T13:40:34+00:00
s3:dbwrap_watch: use dbwrap_record_get_key() to access the key
We should avoid doing shortcuts if not needed.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
cb012e45 by Stefan Metzmacher at 2022-07-26T13:40:34+00:00
s3:dbwrap_watch: only pass struct db_watched_record to dbwrap_watched_record_*() functions
We get to the main 'struct db_record' via wrec->rec where needed.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
b3f6668f by Stefan Metzmacher at 2022-07-26T13:40:34+00:00
s3:dbwrap_watch: use backend.{rec,initial_value} instead of subrec[_value]
This makes it much clearer to me what it actually is.
Keeping the initial_value with struct db_watched_record will also
simplify further changes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
2342489f by Stefan Metzmacher at 2022-07-26T13:40:34+00:00
s3:dbwrap_watch: add db_record_get_watched_record() helper
This allows safe casting off rec->private_data to get
struct db_watched_record. And that works fetch_locked and do_locked
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
c0febbd3 by Stefan Metzmacher at 2022-07-26T13:40:34+00:00
s3:dbwrap_watch: move the do_locked optimization to dbwrap_watched_record_wakeup()
Both dbwrap_watched_record_storev() and dbwrap_watched_record_delete()
call dbwrap_watched_record_wakeup() as their first action.
So the behavior stays the same, but dbwrap_watched_do_locked_storev()
and dbwrap_watched_do_locked_delete() are not trivial and we
have the wakeup logic isolated in dbwrap_watched_record_wakeup() only.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
095fafbe by Stefan Metzmacher at 2022-07-26T13:40:34+00:00
s3:dbwrap_watch: remove unused dbwrap_watched_do_locked_{storev,delete}()
dbwrap_watched_do_locked_{storev,delete}() was now exactly the
same as dbwrap_watched_{storev,delete}().
We only need to know if dbwrap_watched_record_wakeup() is called from
within dbwrap_watched_do_locked_fn().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
eb89748e by Stefan Metzmacher at 2022-07-26T13:40:34+00:00
s3:dbwrap_watch: split out a db_watched_record_init() helper function
The code to construct a struct db_watched_record is mostly common
between dbwrap_watched_fetch_locked() and dbwrap_watched_do_locked_fn().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
726f468c by Stefan Metzmacher at 2022-07-26T13:40:34+00:00
s3:dbwrap_watch: split out db_watched_record_fini() from db_watched_record_destructor()
That makes it easier to understand that db_watched_record_init() and
db_watched_record_fini() wrap any caller activity on the record,
either during do_locked or between fetch_locked and the related
destructor.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
6e45da1a by Stefan Metzmacher at 2022-07-26T13:40:34+00:00
s3:dbwrap_watch: also the fetch_locked case only needs to wake waiters just once
This is no change in behavior, because:
- The first dbwrap_do_locked(dbwrap_watched_record_wakeup_fn), is
called at the start of dbwrap_watched_record_{storev,delete}().
That means the nested dbwrap_do_locked() will pass the
exact value same (unchanged) value to dbwrap_watched_record_wakeup_fn.
- After the first change we have either removed the whole backend
record in dbwrap_watched_record_delete or dbwrap_watched_record_storev()
removed all watchers and store num_watchers = 0.
- With that any further updates will have no watchers in the backend
record, so dbwrap_do_locked(dbwrap_watched_record_wakeup_fn) will
never do anything useful. It only burns cpu time any may cause memory
fragmentation.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
5021abff by Stefan Metzmacher at 2022-07-26T13:40:34+00:00
s3:dbwrap_watch: remove dbwrap_watched_record_wakeup_fn() indirection
This reduces quite some complexity and will make further changes
(which will follow soon) easier.
Review with git show --patience
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
6b173bf1 by Stefan Metzmacher at 2022-07-26T13:40:34+00:00
s3:dbwrap_watch: split out a dbwrap_watched_watch_add_instance() helper
This will be used in other places soon.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
39cdcec4 by Stefan Metzmacher at 2022-07-26T13:40:34+00:00
s3:dbwrap_watch: move db_record and db_watched_record to dbwrap_watched_do_locked()
This will help in the next commits.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
1c84980d by Stefan Metzmacher at 2022-07-26T13:40:34+00:00
s3:dbwrap_watch: don't use talloc_tos() for messaging_filtered_read_recv()
Async function always have their 'state' context for temporary memory.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
8908af56 by Stefan Metzmacher at 2022-07-26T13:40:34+00:00
s3:dbwrap_watch: let dbwrap_watched_watch_recv() use tevent_req_received()
At the end of the dbwrap_watched_watch_recv() all temporary state should
be destroyed. It also means dbwrap_watched_watch_state_destructor() was
triggered.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
2129d352 by Stefan Metzmacher at 2022-07-26T13:40:34+00:00
s3:dbwrap_watch: remove unused dbwrap_watched_do_locked_state.status
This is never set...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
908eea12 by Stefan Metzmacher at 2022-07-26T13:40:34+00:00
s3:dbwrap_watch: define/use DBWRAP_MAX_WATCHERS
dbwrap backends are unlikely to be able to store
UINT32_MAX*DBWRAP_WATCHER_BUF_LENGTH in a single record
and most likely also not with the whole database!
DBWRAP_MAX_WATCHERS = INT32_MAX/DBWRAP_WATCHER_BUF_LENGTH should be
enough and makes further changes easier as we don't need to care
about size_t overflows.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
1fb9db8c by Stefan Metzmacher at 2022-07-26T13:40:34+00:00
s3:dbwrap_watch: prepare dbwrap_watched_record_storev() to store watchers if requested
It will also delete the low level record in case there are no watchers
should be stored and no data buffers are given.
This is no real change for now as dbwrap_watched_record_wakeup() will
always exit with wrec->watchers.count = 0, but that will change in the next
commits.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
cc9c8b8e by Stefan Metzmacher at 2022-07-26T13:40:34+00:00
s3:dbwrap_watch: filter out records with empty payload during traverse
We will soon have records with just a number of watchers, but without
payload. These records should not be visible during traverse.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
044e018e by Stefan Metzmacher at 2022-07-26T13:40:34+00:00
s3:dbwrap_watch: let dbwrap_watched_delete() call dbwrap_watched_record_storev(num_dbufs=0)
dbwrap_watched_record_storev() will handle the high level storev and
delete, it will find out if we can remove the record as there's no value
and also no watchers to be stored.
This is no real change for now as dbwrap_watched_record_wakeup() will
always exits with wrec->watchers.count = 0, but that will change in the next
commits.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
2eb6a209 by Stefan Metzmacher at 2022-07-26T13:40:34+00:00
s3:dbwrap_watch: use dbwrap_watched_record_storev() to add a new watcher
It means we only have one code path storing the low level record
and that's dbwrap_watched_record_storev on the main record.
It avoids the nested dbwrap_do_locked() and only uses
dbwrap_parse_record() and talloc_memdup() when needed.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
50163da3 by Stefan Metzmacher at 2022-07-26T13:40:34+00:00
s3:dbwrap_watch: remove a watcher via db_watched_record_fini()
The new dbwrap_watched_watch_remove_instance() will just remove ourself
from the in memory array and let db_watched_record_fini() call
dbwrap_watched_record_storev() in order to write the modified version
into the low level backend record.
For now there's no change in behavior, but it allows us to change it
soon....
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
f62beaa2 by Stefan Metzmacher at 2022-07-26T13:40:34+00:00
s3:dbwrap_watch: allow callers of dbwrap_watched_watch_send/recv() to manage the watcher instances
The destructor triggered by dbwrap_watched_watch_recv() will
remove the watcher instance via a dedicated dbwrap_do_locked(),
just calling dbwrap_watched_watch_remove_instance() inside.
But the typical caller triggers a dbwrap_do_locked() again after
dbwrap_watched_watch_recv() returned. Which means we call
dbwrap_do_locked() twice.
We now allow dbwrap_watched_watch_recv() to return the existing
instance id (if it still exists) and removes the destructor.
That way the caller can pass the given instance id to
dbwrap_watched_watch_remove_instance() from within its own dbwrap_do_locked(),
when it decides to leave the queue, because it's happy with the new
state of the record. In order to get the best performance
dbwrap_watched_watch_remove_instance() should be called before any
dbwrap_record_storev() or dbwrap_record_delete(),
because that will only trigger a single low level storev/delete.
If the caller found out that the state of the record doesn't meet the
expectations and the callers wants to continue watching the
record (from its current position, most likely the first one),
dbwrap_watched_watch_remove_instance() can be skipped and the
instance id can be passed to dbwrap_watched_watch_send() again,
in order to resume waiting on the existing instance.
Currently the watcher instance were always removed (most likely from
the first position) and re-added (to the last position), which may
cause unfair latencies.
In order to improve the overhead of adding a new watcher instance
the caller can call dbwrap_watched_watch_add_instance() before
any dbwrap_record_storev() or dbwrap_record_delete(), which
will only result in a single low level storev/delete.
The returned instance id is then passed to dbwrap_watched_watch_send(),
within the same dbwrap_do_locked() run.
It also adds a way to avoid alerting any callers during
the current dbwrap_do_locked() run.
Layers above may only want to wake up watchers
during specific situations and while it's useless to wake
others in other situations.
This will soon be used to add more fairness to the g_lock code.
Note that this commit only prepares the api for the above to be useful,
the instance returned by dbwrap_watched_watch_recv() is most likely 0,
which means the watcher entry was already removed, but that will change
in the following commits.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
b865bb28 by Stefan Metzmacher at 2022-07-26T13:40:34+00:00
s3:g_lock: avoid calling g_lock_store() from g_lock_cleanup_dead()
This matches the behavior of g_lock_cleanup_shared(), which also
only operates on the in memory struct g_lock.
We do a g_lock_store() later during g_lock_trylock() anyway
when we make any progress.
In the case we where a pending exclusive lock holder
we now force a g_lock_store() if g_lock_cleanup_dead()
removed the dead blocker.
This will be useful for the following changes...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
52720516 by Stefan Metzmacher at 2022-07-26T13:40:34+00:00
s3:g_lock: always call g_lock_cleanup_shared() before getting stuck on lck.num_shared != 0
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
2e922679 by Stefan Metzmacher at 2022-07-26T13:40:34+00:00
s3:g_lock: avoid a lot of unused overhead using the new dbwrap_watch features
The key points are:
1. We keep our position in the watcher queue until we got what
we were waiting for. It means the order is now fair and stable.
2. We only wake up other during g_lock_unlock() and only if
we detect that an pending exclusive lock is able to make progress.
(Note: read lock holders are never waiters on their own)
This reduced the contention on locking.tdb records drastically,
as waiters are no longer woken 3 times (where the first 2 times were completely useless).
The following test with 256 commections all looping with open/close
on the same inode (share root) is improved drastically:
smbtorture //127.0.0.1/m -Uroot%test smb2.create.bench-path-contention-shared \
--option='torture:bench_path=' \
--option="torture:timelimit=60" \
--option="torture:nprocs=256"
>From some like this:
open[num/s=50,avslat=6.455775,minlat=0.000157,maxlat=55.683846]
close[num/s=50,avslat=4.563605,minlat=0.000128,maxlat=53.585839]
to:
open[num/s=80,avslat=2.793862,minlat=0.004097,maxlat=46.597053]
close[num/s=80,avslat=2.387326,minlat=0.023875,maxlat=50.878165]
Note the real effect of this commit will releaved together
with a following commit that only wakes one waiter at a time.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
20f3fd02 by Stefan Metzmacher at 2022-07-26T13:40:34+00:00
s3:g_lock: remember an unique_lock_epoch similar to unique_data_epoch
It changes with every lock and unlock.
This will be needed in future in order to differentiate between
lock and data changed.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
e3314309 by Stefan Metzmacher at 2022-07-26T13:40:34+00:00
s3:g_lock: try to keep the watch instance during g_lock_watch_data()
Unless the unique_lock_epoch changes via g_lock_lock()/g_lock_unlock()
we try to keep our existing watch instance alive while waiting
for unique_data_epoch to change.
This will become important in the following commits when the
dbwrap_watch layer will only wake up one watcher at a time
and each woken watcher will wakeup the next one. Without this
commit we would trigger an endless loop as none of the watchers
will ever change unique_data_epoch.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
67af3586 by Stefan Metzmacher at 2022-07-26T13:40:34+00:00
s3:smbXsrv_client: only change the dbwrap_watch instance when the record has changed
This will become important in the following commits when the
dbwrap_watch layer will only wake up one watcher at a time
and each woken watcher will wakeup the next one.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
98269bd5 by Stefan Metzmacher at 2022-07-26T13:40:34+00:00
s3:smbXsrv_session: introduce smb2srv_session_close_previous_cleanup()
This makes sure we cleanup the locked record in all cases.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
6e701d02 by Stefan Metzmacher at 2022-07-26T13:40:34+00:00
s3:smbXsrv_session: only change the dbwrap_watch instance when the record has changed
This will become important in the following commits when the
dbwrap_watch layer will only wake up one watcher at a time
and each woken watcher will wakeup the next one.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
9d999116 by Stefan Metzmacher at 2022-07-26T13:40:34+00:00
s3:dbwrap_watch: only notify the first waiter
In case of a highly contended record we will have a lot of watchers,
which will all race to get g_lock_lock() to finish.
If g_lock_unlock() wakes them all, e.g. 250 of them, we get a thundering
herd, were 249 will only find that one of them as able to get the lock
and re-add their watcher entry (not unlikely in a different order).
With this commit we only wake the first watcher and let it remove
itself once it no longer wants to monitor the record content
(at that time it will wake the new first watcher).
It means the woken watcher doesn't have to race with all others
and also means order of watchers is kept, which means that we
most likely get a fair latency distribution for all watchers.
The following test with 256 commections all looping with open/close
on the same inode (share root) is improved drastically:
smbtorture //127.0.0.1/m -Uroot%test smb2.create.bench-path-contention-shared \
--option='torture:bench_path=' \
--option="torture:timelimit=60" \
--option="torture:nprocs=256"
>From some like this:
open[num/s=80,avslat=2.793862,minlat=0.004097,maxlat=46.597053]
close[num/s=80,avslat=2.387326,minlat=0.023875,maxlat=50.878165]
to:
open[num/s=8800,avslat=0.021445,minlat=0.000095,maxlat=0.179786]
close[num/s=8800,avslat=0.021658,minlat=0.000044,maxlat=0.179819]
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
d5c7e2e2 by Stefan Metzmacher at 2022-07-26T14:32:35+00:00
s3:dbwrap_watch: call dbwrap_watched_trigger_wakeup() outside of the low level record lock
This gives a nice speed up, as it's unlikely for the waiters to hit
contention.
The following test with 256 commections all looping with open/close
on the same inode (share root) is improved drastically:
smbtorture //127.0.0.1/m -Uroot%test smb2.create.bench-path-contention-shared \
--option='torture:bench_path=' \
--option="torture:timelimit=60" \
--option="torture:nprocs=256"
>From some like this:
open[num/s=8800,avslat=0.021445,minlat=0.000095,maxlat=0.179786]
close[num/s=8800,avslat=0.021658,minlat=0.000044,maxlat=0.179819]
to:
open[num/s=10223,avslat=0.017922,minlat=0.000083,maxlat=0.106759]
close[num/s=10223,avslat=0.017694,minlat=0.000040,maxlat=0.107345]
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Tue Jul 26 14:32:35 UTC 2022 on sn-devel-184
- - - - -
a45ba891 by Joseph Sutton at 2022-07-27T10:52:36+00:00
CVE-2022-32746 s4/dsdb/objectclass_attrs: Fix typo
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15009
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
852a79c6 by Joseph Sutton at 2022-07-27T10:52:36+00:00
CVE-2022-32746 s4:dsdb:tests: Add test for deleting a disallowed SPN
If an account has an SPN that requires Write Property to set, we should
still be able to delete it with just Validated Write.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15009
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
d178a061 by Joseph Sutton at 2022-07-27T10:52:36+00:00
CVE-2022-32746 s4/dsdb/partition: Fix LDB flags comparison
LDB_FLAG_MOD_* values are not actually flags, and the previous
comparison was equivalent to
(req_msg->elements[el_idx].flags & LDB_FLAG_MOD_MASK) != 0
which is true whenever any of the LDB_FLAG_MOD_* values are set. Correct
the expression to what it was probably intended to be.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15009
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
64258fd8 by Joseph Sutton at 2022-07-27T10:52:36+00:00
CVE-2022-32746 s4:torture: Fix LDB flags comparison
LDB_FLAG_MOD_* values are not actually flags, and the previous
comparison was equivalent to
(el->flags & LDB_FLAG_MOD_MASK) == 0
which is only true if none of the LDB_FLAG_MOD_* values are set. Correct
the expression to what it was probably intended to be.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15009
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
99b805e4 by Joseph Sutton at 2022-07-27T10:52:36+00:00
CVE-2022-32746 s4/dsdb/acl: Fix LDB flags comparison
LDB_FLAG_MOD_* values are not actually flags, and the previous
comparison was equivalent to
(el->flags & LDB_FLAG_MOD_MASK) == 0
which is only true if none of the LDB_FLAG_MOD_* values are set, so we
would not successfully return if the element was a DELETE. Correct the
expression to what it was intended to be.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15009
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
41b1fe6d by Joseph Sutton at 2022-07-27T10:52:36+00:00
CVE-2022-32746 ldb:rdn_name: Use LDB_FLAG_MOD_TYPE() for flags equality check
Now unrelated flags will no longer affect the result.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15009
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
e3b00264 by Joseph Sutton at 2022-07-27T10:52:36+00:00
CVE-2022-32746 s4/dsdb/repl_meta_data: Use LDB_FLAG_MOD_TYPE() for flags equality check
Now unrelated flags will no longer affect the result.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15009
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
e8ebdb99 by Joseph Sutton at 2022-07-27T10:52:36+00:00
CVE-2022-32746 s4/dsdb/tombstone_reanimate: Use LDB_FLAG_MOD_TYPE() for flags equality check
Now unrelated flags will no longer affect the result.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15009
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
3e443956 by Joseph Sutton at 2022-07-27T10:52:36+00:00
CVE-2022-32746 s4/registry: Use LDB_FLAG_MOD_TYPE() for flags equality check
Now unrelated flags will no longer affect the result.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15009
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
7efe8182 by Joseph Sutton at 2022-07-27T10:52:36+00:00
CVE-2022-32746 ldb: Add flag to mark message element values as shared
When making a shallow copy of an ldb message, mark the message elements
of the copy as sharing their values with the message elements in the
original message.
This flag value will be heeded in the next commit.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15009
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
a2bb5bee by Joseph Sutton at 2022-07-27T10:52:36+00:00
CVE-2022-32746 ldb: Ensure shallow copy modifications do not affect original message
Using the newly added ldb flag, we can now detect when a message has
been shallow-copied so that its elements share their values with the
original message elements. Then when adding values to the copied
message, we now make a copy of the shared values array first.
This should prevent a use-after-free that occurred in LDB modules when
new values were added to a shallow copy of a message by calling
talloc_realloc() on the original values array, invalidating the 'values'
pointer in the original message element. The original values pointer can
later be used in the database audit logging module which logs database
requests, and potentially cause a crash.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15009
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
df487eb2 by Joseph Sutton at 2022-07-27T10:52:36+00:00
CVE-2022-32746 ldb: Add functions for appending to an ldb_message
Currently, there are many places where we use ldb_msg_add_empty() to add
an empty element to a message, and then call ldb_msg_add_value() or
similar to add values to that element. However, this performs an
unnecessary search of the message's elements to locate the new element.
Moreover, if an element with the same attribute name already exists
earlier in the message, the values will be added to that element,
instead of to the intended newly added element.
A similar pattern exists where we add values to a message, and then call
ldb_msg_find_element() to locate that message element and sets its flags
to (e.g.) LDB_FLAG_MOD_REPLACE. This also performs an unnecessary
search, and may locate the wrong message element for setting the flags.
To avoid these problems, add functions for appending a value to a
message, so that a particular value can be added to the end of a message
in a single operation.
For ADD requests, it is important that no two message elements share the
same attribute name, otherwise things will break. (Normally,
ldb_msg_normalize() is called before processing the request to help
ensure this.) Thus, we must be careful not to append an attribute to an
ADD message, unless we are sure (e.g. through ldb_msg_find_element())
that an existing element for that attribute is not present.
These functions will be used in the next commit.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15009
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
0a3aa5f9 by Joseph Sutton at 2022-07-27T10:52:36+00:00
CVE-2022-32746 ldb: Make use of functions for appending to an ldb_message
This aims to minimise usage of the error-prone pattern of searching for
a just-added message element in order to make modifications to it (and
potentially finding the wrong element).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15009
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
f4eb4e64 by Andrew Bartlett at 2022-07-27T10:52:36+00:00
CVE-2022-32746 ldb: Release LDB 2.6.1
* CVE-2022-32746 Use-after-free occurring in database audit logging module (bug 15009)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15009
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4ec784e0 by Joseph Sutton at 2022-07-27T10:52:36+00:00
CVE-2022-32745 s4/dsdb/samldb: Check for empty values array
This avoids potentially trying to access the first element of an empty
array.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15008
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
4a31c480 by Joseph Sutton at 2022-07-27T10:52:36+00:00
CVE-2022-32745 s4/dsdb/util: Use correct value for loop count limit
Currently, we can crash the server by sending a large number of values
of a specific attribute (such as sAMAccountName) spread across a few
message elements. If val_count is larger than the total number of
elements, we get an access beyond the elements array.
Similarly, we can include unrelated message elements prior to the
message elements of the attribute in question, so that not all of the
attribute's values are copied into the returned elements values array..
This can cause the server to access uninitialised data, likely resulting
in a crash or unexpected behaviour.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15008
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
aa728dfc by Joseph Sutton at 2022-07-27T10:52:36+00:00
CVE-2022-32745 s4/dsdb/util: Don't call memcpy() with a NULL pointer
Doing so is undefined behaviour.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15008
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
98814910 by Joseph Sutton at 2022-07-27T10:52:36+00:00
CVE-2022-32745 s4/dsdb/util: Correctly copy values into message element
To use memcpy(), we need to specify the number of bytes to copy, rather
than the number of ldb_val structures.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15008
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
2872ccc9 by Joseph Sutton at 2022-07-27T10:52:36+00:00
CVE-2022-2031 third_party/heimdal: Check generate_pac() return code
If the function fails, we should not issue a ticket missing the PAC.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15047
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
b423c370 by Joseph Sutton at 2022-07-27T10:52:36+00:00
CVE-2022-2031 s4:kpasswd: Account for missing target principal
This field is supposed to be optional.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15047
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15049
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15074
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
714cadfc by Joseph Sutton at 2022-07-27T10:52:36+00:00
CVE-2022-2031 s4:kpasswd: Add MIT fallback for decoding setpw structure
The target principal and realm fields of the setpw structure are
supposed to be optional, but in MIT Kerberos they are mandatory. For
better compatibility and ease of testing, fall back to parsing the
simpler (containing only the new password) structure if the MIT function
fails to decode it.
Although the target principal and realm fields should be optional, one
is not supposed to specified without the other, so we don't have to deal
with the case where only one is specified.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15047
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15049
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15074
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
f152afa7 by Joseph Sutton at 2022-07-27T10:52:36+00:00
CVE-2022-32744 tests/krb5: Correctly handle specifying account kvno
The environment variable is a string, but we expect an integer.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15074
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
a118881f by Joseph Sutton at 2022-07-27T10:52:36+00:00
CVE-2022-2031 tests/krb5: Split out _make_tgs_request()
This allows us to make use of it in other tests.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15047
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
ebccd044 by Joseph Sutton at 2022-07-27T10:52:36+00:00
CVE-2022-32744 tests/krb5: Correctly calculate salt for pre-existing accounts
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15074
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
48eb3354 by Joseph Sutton at 2022-07-27T10:52:36+00:00
CVE-2022-2031 tests/krb5: Add new definitions for kpasswd
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15047
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15049
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15074
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
a5a2fc42 by Joseph Sutton at 2022-07-27T10:52:36+00:00
CVE-2022-2031 tests/krb5: Add methods to create ASN1 kpasswd structures
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15047
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15049
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15074
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
888d58f4 by Joseph Sutton at 2022-07-27T10:52:36+00:00
CVE-2022-2031 tests/krb5: Add 'port' parameter to connect()
This allows us to use the kpasswd port, 464.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15047
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15049
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15074
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
18bd6daf by Joseph Sutton at 2022-07-27T10:52:36+00:00
CVE-2022-2031 tests/krb5: Add methods to send and receive generic messages
This allows us to send and receive kpasswd messages, while avoiding the
existing logic for encoding and decoding other Kerberos message types.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15047
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15049
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15074
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
2bb1f40b by Joseph Sutton at 2022-07-27T10:52:36+00:00
tests/krb5: Fix enum typo
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
1e80767c by Joseph Sutton at 2022-07-27T10:52:36+00:00
tests/krb5: Add option for creating accounts with expired passwords
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
332fd603 by Joseph Sutton at 2022-07-27T10:52:36+00:00
CVE-2022-2031 tests/krb5: Allow requesting a TGT to a different sname and realm
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15047
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15049
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15074
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
6a2ec50b by Joseph Sutton at 2022-07-27T10:52:36+00:00
CVE-2022-2031 tests/krb5: Add kpasswd_exchange() method
Now we can test the kpasswd service from Python.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15047
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15049
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15074
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
4212037a by Joseph Sutton at 2022-07-27T10:52:36+00:00
CVE-2022-32744 selftest: Specify Administrator kvno for Python krb5 tests
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15074
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
192d597c by Joseph Sutton at 2022-07-27T10:52:36+00:00
CVE-2022-2031 tests/krb5: Consider kadmin/* principals as TGS for MIT KRB5 >= 1.20
With MIT Kerberos >= 1.20, we should not expect a ticket checksum in
tickets to principals such as kpasswd/changepw, as they are encrypted
with the krbtgt's key.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15047
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15049
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15074
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
86698b31 by Joseph Sutton at 2022-07-27T10:52:36+00:00
CVE-2022-2031 tests/krb5: Add tests for kpasswd service
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15047
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15049
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15074
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
1f7d94b5 by Joseph Sutton at 2022-07-27T10:52:36+00:00
CVE-2022-2031 s4:kpasswd: Correctly generate error strings
The error_data we create already has an explicit length, and should not
be zero-terminated, so we omit the trailing null byte. Previously,
Heimdal builds would leave a superfluous trailing null byte on error
strings, while MIT builds would omit the final character.
The two bytes added to the string's length are for the prepended error
code.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15047
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15049
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15074
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
f89e5eff by Joseph Sutton at 2022-07-27T10:52:36+00:00
CVE-2022-2031 s4:kpasswd: Don't return AP-REP on failure
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15047
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15049
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15074
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
4e2e767a by Joseph Sutton at 2022-07-27T10:52:36+00:00
CVE-2022-2031 lib:krb5_wrap: Generate valid error codes in smb_krb5_mk_error()
The error code passed in will be an offset from ERROR_TABLE_BASE_krb5,
so we need to subtract that before creating the error. Heimdal does this
internally, so it isn't needed there.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15047
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15049
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15074
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
e0c135e6 by Joseph Sutton at 2022-07-27T10:52:36+00:00
CVE-2022-2031 s4:kpasswd: Return a kpasswd error code in KRB-ERROR
If we attempt to return an error code outside of Heimdal's allowed range
[KRB5KDC_ERR_NONE, KRB5_ERR_RCSID), it will be replaced with a GENERIC
error, and the error text will be set to the meaningless result of
krb5_get_error_message(). Avoid this by ensuring the error code is in
the correct range.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15047
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15049
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15074
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
bbfbbb9f by Joseph Sutton at 2022-07-27T10:52:36+00:00
CVE-2022-2031 gensec_krb5: Add helper function to check if client sent an initial ticket
This will be used in the kpasswd service to ensure that the client has
an initial ticket to kadmin/changepw, and not a service ticket.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15047
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15049
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
ce3b7b27 by Joseph Sutton at 2022-07-27T10:52:36+00:00
CVE-2022-2031 s4:kpasswd: Require an initial ticket
Ensure that for password changes the client uses an AS-REQ to get the
ticket to kpasswd, and not a TGS-REQ.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15047
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15049
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
d6580f35 by Joseph Sutton at 2022-07-27T10:52:36+00:00
s4:kpasswd: Restructure code for clarity
View with 'git show -b'.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
a8068e32 by Andreas Schneider at 2022-07-27T10:52:36+00:00
CVE-2022-2031 testprogs: Add kadmin/changepw canonicalization test with MIT kpasswd
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15047
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
23a03911 by Andreas Schneider at 2022-07-27T10:52:36+00:00
CVE-2022-2031 s4:kdc: Implement is_kadmin_changepw() helper function
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15047
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
c6d93504 by Joseph Sutton at 2022-07-27T10:52:36+00:00
CVE-2022-2031 s4:kdc: Split out a samba_kdc_get_entry_principal() function
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15047
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
186f0c6e by Joseph Sutton at 2022-07-27T10:52:36+00:00
CVE-2022-2031 s4:kdc: Refactor samba_kdc_get_entry_principal()
This eliminates some duplicate branches.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15047
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Pair-Programmed-With: Andreas Schneider <asn at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
c0282bbb by Joseph Sutton at 2022-07-27T10:52:36+00:00
CVE-2022-2031 s4:kdc: Fix canonicalisation of kadmin/changepw principal
Since this principal goes through the samba_kdc_fetch_server() path,
setting the canonicalisation flag would cause the principal to be
replaced with the sAMAccountName; this meant requests to
kadmin/changepw at REALM would result in a ticket to krbtgt at REALM. Now we
properly handle canonicalisation for the kadmin/changepw principal.
View with 'git show -b'.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15047
Pair-Programmed-With: Andreas Schneider <asn at samba.org>
Signed-off-by: Andreas Schneider <asn at samba.org>
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
3e773a39 by Joseph Sutton at 2022-07-27T10:52:36+00:00
CVE-2022-2031 s4:kdc: Limit kpasswd ticket lifetime to two minutes or less
This matches the behaviour of Windows.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15047
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
018bdbc2 by Joseph Sutton at 2022-07-27T10:52:36+00:00
CVE-2022-2031 third_party/heimdal: Add function to get current KDC time
This allows the plugin to check the endtime of a ticket against the
KDC's current time, to see if the ticket will expire in the next two
minutes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15047
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
ffb59905 by Joseph Sutton at 2022-07-27T10:52:36+00:00
CVE-2022-2031 s4:kdc: Reject tickets during the last two minutes of their life
For Heimdal, this now matches the behaviour of Windows. The object of
this requirement is to ensure we don't allow kpasswd tickets, not having
a lifetime of more than two minutes, to be passed off as TGTs.
An existing requirement for TGTs to contain a REQUESTER_SID PAC buffer
suffices to prevent kpasswd ticket misuse, so this is just an additional
precaution on top.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15047
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
bbad8f1d by Joseph Sutton at 2022-07-27T10:52:36+00:00
CVE-2022-32744 s4:kdc: Don't allow HDB keytab iteration
A fallback in krb5_rd_req_ctx() means that Samba's kpasswd service will
try many inappropriate keys to decrypt the ticket supplied to it. For
example, it will accept a ticket encrypted with the Administrator's key,
when it should rather accept only tickets encrypted with the krbtgt's
key (and not an RODC krbtgt). To fix this, declare the HDB keytab using
the HDBGET ops, which do not support iteration.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15074
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
be239c71 by Joseph Sutton at 2022-07-27T10:52:36+00:00
CVE-2022-2031 tests/krb5: Test truncated forms of server principals
We should not be able to use krb at REALM instead of krbtgt at REALM.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15047
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
09e54a7b by Joseph Sutton at 2022-07-27T10:52:36+00:00
CVE-2022-2031 s4:kdc: Don't use strncmp to compare principal components
We would only compare the first 'n' characters, where 'n' is the length
of the principal component string, so 'k at REALM' would erroneously be
considered equal to 'krbtgt at REALM'.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15047
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
827dc6a6 by Joseph Sutton at 2022-07-27T10:52:36+00:00
CVE-2022-32744 s4:kdc: Rename keytab_name -> kpasswd_keytab_name
This makes explicitly clear the purpose of this keytab.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15074
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
2d3bd2d9 by Joseph Sutton at 2022-07-27T10:52:36+00:00
s4:kdc: Remove kadmin mode from HDB plugin
It appears we no longer require it.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
484c6980 by Joseph Sutton at 2022-07-27T10:52:36+00:00
CVE-2022-32744 s4:kdc: Modify HDB plugin to only look up kpasswd principal
This plugin is now only used by the kpasswd service. Thus, ensuring we
only look up the kadmin/changepw principal means we can't be fooled into
accepting tickets for other service principals. We make sure not to
specify a specific kvno, to ensure that we do not accept RODC-issued
tickets.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15074
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
52dd9f8f by Joseph Sutton at 2022-07-27T10:52:36+00:00
CVE-2022-32744 s4:kpasswd: Ensure we pass the kpasswd server principal into krb5_rd_req_ctx()
To ensure that, when decrypting the kpasswd ticket, we look up the
correct principal and don't trust the sname from the ticket, we should
pass the principal name of the kpasswd service into krb5_rd_req_ctx().
However, gensec_krb5_update_internal() will pass in NULL unless the
principal in our credentials is CRED_SPECIFIED.
At present, our principal will be considered obtained as CRED_SMB_CONF
(from the cli_credentials_set_conf() a few lines up), so we explicitly
set the realm again, but this time as CRED_SPECIFIED. Now the value of
server_in_keytab that we provide to smb_krb5_rd_req_decoded() will not
be NULL.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15074
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
fc03cf9f by Joseph Sutton at 2022-07-27T10:52:36+00:00
CVE-2022-2031 tests/krb5: Add test that we cannot provide a TGT to kpasswd
The kpasswd service should require a kpasswd service ticket, and
disallow TGTs.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15047
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15049
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
6a10e890 by Joseph Sutton at 2022-07-27T10:52:36+00:00
CVE-2022-2031 auth: Add ticket type field to auth_user_info_dc and auth_session_info
This field may be used to convey whether we were provided with a TGT or
a non-TGT. We ensure both structures are zeroed out to avoid incorrect
results being produced by an uninitialised field.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15047
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15049
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
0d899591 by Joseph Sutton at 2022-07-27T10:52:36+00:00
CVE-2022-2031 s4:auth: Use PAC to determine whether ticket is a TGT
We use the presence or absence of a REQUESTER_SID PAC buffer to
determine whether the ticket is a TGT. We will later use this to reject
TGTs where a service ticket is expected.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15047
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15049
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
958f2bce by Joseph Sutton at 2022-07-27T10:52:36+00:00
CVE-2022-2031 s4:kpasswd: Do not accept TGTs as kpasswd tickets
If TGTs can be used as kpasswd tickets, the two-minute lifetime of a
authentic kpasswd ticket may be bypassed. Furthermore, kpasswd tickets
are not supposed to be cached, but using this flaw, a stolen credentials
cache containing a TGT may be used to change that account's password,
and thus is made more valuable to an attacker.
Since all TGTs should be issued with a REQUESTER_SID PAC buffer, and
service tickets without it, we assert the absence of this buffer to
ensure we're not accepting a TGT.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15047
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15049
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
3029d9bf by Joseph Sutton at 2022-07-27T10:52:36+00:00
CVE-2022-2031 testprogs: Add test for short-lived ticket across an incoming trust
We ensure that the KDC does not reject a TGS-REQ with our short-lived
TGT over an incoming trust.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15047
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
a6086345 by Jeremy Allison at 2022-07-27T10:52:36+00:00
CVE-2022-32742: s4: torture: Add raw.write.bad-write test.
Reproduces the test code in:
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15085
Add knownfail.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: David Disseldorp <ddiss at samba.org>
- - - - -
3ddc9344 by Jeremy Allison at 2022-07-27T11:46:46+00:00
CVE-2022-32742: s3: smbd: Harden the smbreq_bufrem() macro.
Fixes the raw.write.bad-write test.
NB. We need the two (==0) changes in source3/smbd/smb2_reply.c
as the gcc optimizer now knows that the return from
smbreq_bufrem() can never be less than zero.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15085
Remove knownfail.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: David Disseldorp <ddiss at samba.org>
Autobuild-User(master): Jule Anger <janger at samba.org>
Autobuild-Date(master): Wed Jul 27 11:46:46 UTC 2022 on sn-devel-184
- - - - -
31479d77 by Jeremy Allison at 2022-07-27T16:51:34+00:00
s3: smbd: In openat_pathref_dirfsp_nosymlink() ensure we call fsp_smb_fname_link() to set smb_fname->fsp in the returned smb_fname.
Instead of just assigning smb_fname->fsp = fsp.
This makes the logic match that of openat_pathref_fullname() and parent_pathref()
when returning smb_fnames with associated pathref fsp's.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
22fae651 by Jeremy Allison at 2022-07-27T16:51:34+00:00
s3: smbd: Inside filename_convert_dirfsp_nosymlink() ensure the returned smb_fname is always allocated off mem_ctx.
Without this, if we just return smb_fname_rel->fsp->fsp_name as the smb_fname
then we return something allocated off fsp (which itself is allocated off
the conn struct), not the passed in talloc_ctx.
Do this for both non-stream and stream returns.
This matters for two reasons.
1). If we error out after calling filename_convert_dirfsp()
but before getting to the code inside create_file_unixpath()
that takes ownership of the passed in smb_fname->fsp we will
leak the fsp as the destructor for smb_fname that closes the
fsp will never fire on return to the client, as smb_fname is
owned by smb_fname->fsp, not the talloc_tos() context.
2). Some uses of filename_convert() expect to be able
to TALLOC_FREE the returned smb_fname once they've successfully
called SMB_VFS_CREATE_FILE() as they consider the passed in smb_fname
no longer used. It would be nice to be able to just change
filename_convert() -> filename_convert_dirfsp() without
having to change the lifetime handling of smb_fname.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
4286e359 by Jeremy Allison at 2022-07-27T17:49:51+00:00
s3: smbd: Convert call_nt_transact_create() to use filename_convert_dirfsp().
One less use of filename_convert().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Jul 27 17:49:51 UTC 2022 on sn-devel-184
- - - - -
9849e744 by Douglas Bagnall at 2022-07-28T05:23:28+00:00
util/genrand: don't ignore errors in random number generation
In this case it is probably better to crash out.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15103
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
ffa84f2e by Douglas Bagnall at 2022-07-28T06:18:43+00:00
py/uptodateness: more details in missing dn report
This does not fix bug 15127, but it improves reporting.
https://bugzilla.samba.org/show_bug.cgi?id=15127
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Thu Jul 28 06:18:43 UTC 2022 on sn-devel-184
- - - - -
3efa56aa by Martin Schwenke at 2022-07-28T09:02:08+00:00
ctdb-daemon: Fix printing of tickle ACKs
Commit f5a20377347aba18700d010d4201775fc83a0b1b arguably got this
back-to-front:
2022-07-27T09:50:01.985857+10:00 testn1 ctdbd[17820]: ../../ctdb/server/ctdb_takeover.c:514 sending TAKE_IP for '10.0.1.173'
2022-07-27T09:50:01.990601+10:00 testn1 ctdbd[17820]: Send TCP tickle ACK: 10.0.1.77:33004 -> 10.0.1.173:2049
2022-07-27T09:50:01.991323+10:00 testn1 ctdb-takeover[19758]: TAKEOVER_IP 10.0.1.173 succeeded on node 0
Unfortunately there is an inconsistency somewhere in the connection
tracking code used for tickle ACKs, making this less than obvious.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay at samba.org>
Autobuild-Date(master): Thu Jul 28 09:02:08 UTC 2022 on sn-devel-184
- - - - -
b195e8c0 by Martin Schwenke at 2022-07-28T10:09:34+00:00
ctdb-build: Sort sources in ctdb-util and ctdb_unit_tests
Also, rename ctdb_unit_tests to ctdb_util_tests. The sorting makes
it clear that only items from ctdb-util are tested here.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
7a1c43fc by Martin Schwenke at 2022-07-28T10:09:34+00:00
ctdb-build: Separate test backtrace support into separate subsystem
A convention when testing members of ctdb-util is to include the .c
file so that static functions can potentially be tested. This means
that such tests can't be linked against ctdb-util or duplicate symbols
will be encountered.
ctdb-tests-common depends on ctdb-client, which depends in turn on
ctdb-util, so this can't be used to pull in backtrace support.
Instead, make ctdb-tests-backtrace its own subsystem.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
f9467cdf by Martin Schwenke at 2022-07-28T10:09:34+00:00
ctdb-build: Link in backtrace support for ctdb_util_tests
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
8d04235f by Martin Schwenke at 2022-07-28T10:09:34+00:00
ctdb-common: Add trivial FD monitoring abstraction
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
a8da8810 by Martin Schwenke at 2022-07-28T10:09:34+00:00
ctdb-tests: Add tests for trivial FD monitoring
tmon_ping_test covers complex 2-way interaction between processes
using tmon_ping_send(), including via a socketpair(). tmon_test
covers the more general functionality of tmon_send() but uses a
simpler 1-way harness with wide coverage.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
c396b615 by Martin Schwenke at 2022-07-28T10:09:34+00:00
ctdb-mutex: Consistently use progname in error messages
To avoid error messages having ridiculously long paths, set progname
to basename(argv[0]).
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
7ab2e8f1 by Martin Schwenke at 2022-07-28T10:09:34+00:00
ctdb-mutex: Rename recheck_time to recheck_interval
There will be more timeouts so clarify the intent of this one.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
2ecdbcb2 by Martin Schwenke at 2022-07-28T10:09:34+00:00
ctdb-mutex: Rename wait_for_lost to lock_io_check
This will be generalised to do more I/O-based checks.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
b5db2867 by Martin Schwenke at 2022-07-28T10:09:34+00:00
ctdb-mutex: Do inode checks in a child process
In future this will allow extra I/O tests and a timeout in the parent
to (hopefully) release the lock if the child gets wedged. For
simplicity, use tmon only to detect when either parent or child goes
away. Plumbing a timeout for pings from child to parent will be done
later.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
9daf22a5 by Martin Schwenke at 2022-07-28T10:09:34+00:00
ctdb-mutex: Handle pings from lock checking child to parent
The ping timeout is specified by passing an extra argument to the
mutex helper, representing the ping timeout in seconds.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
c07e81ab by Martin Schwenke at 2022-07-28T10:09:34+00:00
ctdb-mutex: Factor out function fcntl_lock_fd()
Allows blocking mode and start offset to be specified. Always locks a
1-byte range.
Make the lock structure static to avoid initialising the whole
structure each time.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
97a1714e by Martin Schwenke at 2022-07-28T10:09:34+00:00
ctdb-mutex: open() and fstat() when testing lock file
This makes a file descriptor available for other I/O.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
061315cc by Martin Schwenke at 2022-07-28T10:09:34+00:00
ctdb-mutex: Test the lock by locking a 2nd byte range
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
25d32ae9 by Martin Schwenke at 2022-07-28T10:09:34+00:00
ctdb-tests: Terminate event loop if lock is no longer held
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
dde46186 by Martin Schwenke at 2022-07-28T11:10:54+00:00
ctdb-tests: Add tests for cluster mutex I/O timeout
Block the locker helper child by taking a lock on the 2nd byte of the
lock file. This will cause a ping timeout if the process is blocked
for long enough.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
Autobuild-User(master): Martin Schwenke <martins at samba.org>
Autobuild-Date(master): Thu Jul 28 11:10:54 UTC 2022 on sn-devel-184
- - - - -
b24c8f54 by Andreas Schneider at 2022-07-28T11:51:28+00:00
lib:crypto: Reformat wscript
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
a519d57c by Andreas Schneider at 2022-07-28T11:51:28+00:00
lib:crypto: Merge wscript_configure into wscript
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
61aeb774 by Andreas Schneider at 2022-07-28T11:51:28+00:00
lib:crypto: Merge wscript_build into wscript
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
8b22b448 by Andreas Schneider at 2022-07-28T11:51:28+00:00
lib:replace: Add macros to burn data from memory
This will explicitly zero data from memory. This is guaranteed to be not
optimized away.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
dc7f0f15 by Andreas Schneider at 2022-07-28T11:51:28+00:00
lib:crypto: Implement samba_gnutls_aead_aes_256_cbc_hmac_sha512_encrypt()
This is for [MS-SAMR] 3.2.2.4 AES Cipher Usage
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
e42ebd22 by Andreas Schneider at 2022-07-28T11:51:28+00:00
librpc:rpc: Add SAMR encryption and mac key salt definitions
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
10249fbb by Andreas Schneider at 2022-07-28T11:51:28+00:00
lib:crypto: Add test for samba_gnutls_aead_aes_256_cbc_hmac_sha512_encrypt()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
0d059e44 by Andreas Schneider at 2022-07-28T11:51:28+00:00
lib:crypto: Add samba_gnutls_aead_aes_256_cbc_hmac_sha512_decrypt()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
0813ea5b by Andreas Schneider at 2022-07-28T11:51:28+00:00
lib:crypto: Add test for samba_gnutls_aead_aes_256_cbc_hmac_sha512_decrypt()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
ed22f0c4 by Andreas Schneider at 2022-07-28T11:51:28+00:00
libcli:auth: Remove trailing spaces from proto.h
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
5da60573 by Andreas Schneider at 2022-07-28T11:51:28+00:00
libcli:auth: Implement a generic encode_pwd_buffer_from_str()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
1b142b72 by Andreas Schneider at 2022-07-28T11:51:28+00:00
libcli:auth: Add encode_pw_buffer_from_str()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
e181dd7b by Andreas Schneider at 2022-07-28T11:51:28+00:00
libcli:auth: Add test for encode_pwd_buffer514_from_str()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
e845afe1 by Andreas Schneider at 2022-07-28T11:51:28+00:00
samr.idl: Add support for new AES encrypted password buffer
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
308f89ce by Andreas Schneider at 2022-07-28T11:51:28+00:00
samr:idl: add samr_SupportedFeatures for samr_Connect5()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
2ecdbe17 by Andreas Schneider at 2022-07-28T11:51:29+00:00
samr.idl: Add samr_ChangePasswordUser4()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
2454b86c by Andreas Schneider at 2022-07-28T11:51:29+00:00
s3:rpc_client: Implement init_samr_CryptPasswordAES()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
6f60c98c by Andreas Schneider at 2022-07-28T11:51:29+00:00
s3:rpcclient: Encrypt the password buffers only if really needed
If we are in FIPS mode certain ciphers like RC4 are not available, so
we should make sure we do not call them. We will add AES support in the
next patch.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
91121071 by Andreas Schneider at 2022-07-28T11:51:29+00:00
s3:rpcclient: Implement setuserinfo2 level 31
Manually tested against Windows Server 2022.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
e87facfd by Andreas Schneider at 2022-07-28T11:51:29+00:00
libcli:auth: Keep data of extract_pw_from_buffer() secret
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
626b0f48 by Andreas Schneider at 2022-07-28T11:51:29+00:00
libcli:auth: Use extract_pw_from_buffer() in decode_pw_buffer()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
b39abe91 by Andreas Schneider at 2022-07-28T11:51:29+00:00
libcli:auth: Implment a common create_pw_buffer_from_blob()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
12f4bb9c by Andreas Schneider at 2022-07-28T11:51:29+00:00
libcli:auth: Add extract_pwd_blob_from_buffer514()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
2226806c by Andreas Schneider at 2022-07-28T11:51:29+00:00
libcli:auth: Add test for extract_pwd_blob_from_buffer514()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
a246ae99 by Andreas Schneider at 2022-07-28T11:51:29+00:00
s3:rpc_server: Use a done goto label for dcesrv_samr_SetUserInfo()
This will be used in the following commits.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
1b3d7f81 by Andreas Schneider at 2022-07-28T11:51:29+00:00
s4:rpc_server: Use sam_ctx consistently in dcesrv_samr_SetUserInfo()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
1aa40351 by Andreas Schneider at 2022-07-28T11:51:29+00:00
s4:rpc_server: Add transaction for dcesrv_samr_SetUserInfo()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
835de358 by Andreas Schneider at 2022-07-28T11:51:29+00:00
s4:rpc_server: Add samr_set_password_aes()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
cef5bb02 by Andreas Schneider at 2022-07-28T11:51:29+00:00
s4:rpc_server: Implement support for SAMR SetUserInfo(2) level 31
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
2f4a8032 by Andreas Schneider at 2022-07-28T11:51:29+00:00
libcli:auth: Add decode_pwd_string_from_buffer514()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
63c4b16d by Andreas Schneider at 2022-07-28T11:51:29+00:00
libcli:auth: Add test for decode_pwd_string_from_buffer514()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
b54188cb by Andreas Schneider at 2022-07-28T11:51:29+00:00
s3:rpc_server: Set missing debug class for srv_samr_chgpasswd
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
cb2d9429 by Andreas Schneider at 2022-07-28T11:51:29+00:00
s3:rpc_server: Add copy_pwd_expired_to_sam_passwd() for SAMR
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
c975394e by Andreas Schneider at 2022-07-28T11:51:29+00:00
s3:rpc_server: Use copy_pwd_expired_to_sam_passwd() in set_user_info_26()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
c26f6961 by Andreas Schneider at 2022-07-28T11:51:29+00:00
s3:rpc_server: Remove obosolete copy_id26_to_sam_passwd()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
3f72918a by Andreas Schneider at 2022-07-28T11:51:29+00:00
s3:rpc_server: Implement support for SAMR SetUserInfo level 31
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
5797d59b by Andreas Schneider at 2022-07-28T11:51:29+00:00
s4:torture: Implement test for SAMR SetUserInfo(2) level 31
We can't apply this patch earlier as there are no individual tests we could
mark as knownfail. Reorganizing the whole test is a too big task for now.
However this test is working and also found some bugs.
make test TESTS="samba4.rpc.samr.passwords"
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
54766eed by Andreas Schneider at 2022-07-28T11:51:29+00:00
s4:rpc_server: Implement support for SetUserInfo(2) level 32
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
f904f418 by Andreas Schneider at 2022-07-28T11:51:29+00:00
s3:rpc_server: Implement SAMR SetUserInfo(2) level 32
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
d725e4ca by Andreas Schneider at 2022-07-28T11:51:29+00:00
s4:torture: Implement test for SAMR SetUserInfo(2) level 32
make test TESTS="samba4.rpc.samr.passwords"
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
36b6be3c by Andreas Schneider at 2022-07-28T11:51:29+00:00
waf: Check for gnutls_pbkdf2()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
3d6b9ca8 by Andreas Schneider at 2022-07-28T11:51:29+00:00
lib:crypto: Add test for pbkdf2
This is just that we use the right parameters for gnutls_pbkdf2() and
reach the values from Windows.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
9fcd1b74 by Andreas Schneider at 2022-07-28T11:51:29+00:00
lib:util: Remove trailing whitespaces in samba_util.h
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
cc1cac94 by Andreas Schneider at 2022-07-28T11:51:29+00:00
lib:util: Add generate_random_u64_range()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
b46064f8 by Andreas Schneider at 2022-07-28T11:51:29+00:00
s3:rpc_client: Fix trailing whitespaces in cli_samr.c
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
c8daa5fb by Andreas Schneider at 2022-07-28T11:51:29+00:00
s3:rpc_client: Implement dcerpc_samr_chgpasswd_user4()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
c557259d by Andreas Schneider at 2022-07-28T11:51:29+00:00
docs-xml: Remove trailing whitespaces in rpcclient.1.xml
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
fd436879 by Andreas Schneider at 2022-07-28T11:51:29+00:00
s3:rpcclient: Implement cmd chpasswd4
Manually tested against Windows Server 2022.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
56297449 by Andreas Schneider at 2022-07-28T11:51:29+00:00
s4:dsdb: Remove trailing whitespaces from util.c
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
c4ef3dbf by Andreas Schneider at 2022-07-28T11:51:29+00:00
s4:dsdb: Burn the memory of hashes returned by samdb_result_hashes()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
85b7179a by Andreas Schneider at 2022-07-28T11:51:29+00:00
s4:rpc_server: Implement dcesrv_samr_ChangePasswordUser4()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
16e97c5e by Andreas Schneider at 2022-07-28T11:51:29+00:00
s3:passdb: Remove trailing whitespaces
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
68b7863f by Andreas Schneider at 2022-07-28T11:51:29+00:00
s3:passdb: Correctly burn the plaintext_pw with samu_destroy()
memset() can be removed from the optimizer.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
1ca42e12 by Andreas Schneider at 2022-07-28T11:51:29+00:00
s3:rpc_server: Implement dcesrv_samr_ChangePasswordUser4()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
8733fabd by Andreas Schneider at 2022-07-28T11:51:29+00:00
s4:torture: Add test for dcerpc_samr_ChangePasswordUser4
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
da0e0c8a by Andreas Schneider at 2022-07-28T11:51:29+00:00
s4:libnet: Remove unused code in libnet_ChangePassword_samr()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
0c961b16 by Andreas Schneider at 2022-07-28T11:51:29+00:00
s4:libnet: Move code using RC4 into its own function
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
83dac5ce by Andreas Schneider at 2022-07-28T11:51:29+00:00
s4:libnet: Add support for samr_ChangePasswordUser4()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
f39cda78 by Andreas Schneider at 2022-07-28T11:51:29+00:00
s3:test: Print the output to understand what was going wrong
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
8b80b104 by Andreas Schneider at 2022-07-28T11:51:29+00:00
s3:libsmb: Add dcerpc_samr_chgpasswd_user4 to remote_password_change()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
3469895a by Andreas Schneider at 2022-07-28T12:47:31+00:00
s3:winbind: Implement dcerpc_samr_chgpasswd_user4 for PamAuthChangePassword
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Thu Jul 28 12:47:31 UTC 2022 on sn-devel-184
- - - - -
1a653fdc by Jeremy Allison at 2022-07-28T15:38:38+00:00
s3: smbd: Ensure we set fsp->file_id in openat_pathref_dirfsp_nosymlink().
This is a subtle one. The dirfsp returned by openat_pathref_dirfsp_nosymlink()
can be used inside open.c and passed to check_parent_access_fsp() to
check if a delete_on_close flag has been set on an existing "real"
open fsp. So the file_id must be correctly set in order for this
to work. Without it, samba3.base.delete fails in deltest20 when
we convert reply_open_and_X() to use filename_convert_dirfsp().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
be8ac8df by Jeremy Allison at 2022-07-28T15:38:38+00:00
s3: smbd: In filename_split_lcomp() ensure we never return a streamname if posix is set.
POSIX has no streams, even on the root of a directory.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
758ffebb by Jeremy Allison at 2022-07-28T15:38:38+00:00
s3: smbd: Fix the error processing in filename_convert_dirfsp_nosymlink() to match unix_convert() 100%
We need this in order to pass:
samba3.raw.samba3badpath
raw.chkpath
samba3.base.chkpath
Now we can convert all the SMB1 reply_openXXX functions,
and reply_checkpath().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
e82a37d4 by Jeremy Allison at 2022-07-28T15:38:38+00:00
s3: smbd: Convert reply_open() to use filename_convert_dirfsp().
One less use of filename_convert().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
48be22d8 by Jeremy Allison at 2022-07-28T15:38:38+00:00
s3: smbd: Convert reply_open_and_X() to use filename_convert_dirfsp().
One less use of filename_convert().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
952f92cc by Jeremy Allison at 2022-07-28T15:38:38+00:00
s3: smbd: Convert reply_mknew() to use filename_convert_dirfsp().
One less use of filename_convert().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
f599e469 by Jeremy Allison at 2022-07-28T15:38:38+00:00
s3: smbd: Convert reply_ctemp() to use filename_convert_dirfsp().
One less use of filename_convert().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
34056ced by Jeremy Allison at 2022-07-28T15:38:38+00:00
s3: smbd: Convert reply_rmdir() to use filename_convert_dirfsp().
One less use of filename_convert().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
12001941 by Jeremy Allison at 2022-07-28T15:38:38+00:00
s3: smbd: Convert call_trans2open() to use filename_convert_dirfsp().
One less use of filename_convert().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
a70a9c63 by Jeremy Allison at 2022-07-28T15:38:38+00:00
s3: smbd: Convert call_trans2mkdir() to use filename_convert_dirfsp().
One less use of filename_convert().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
33233817 by Jeremy Allison at 2022-07-28T16:34:54+00:00
s3: smbd: Convert reply_checkpath() to use filename_convert_dirfsp().
One less use of filename_convert().
This is the acid test of filename_convert_dirfsp() pathname error
handling.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Thu Jul 28 16:34:54 UTC 2022 on sn-devel-184
- - - - -
ab3d2379 by Yury Lunev at 2022-07-28T18:01:16+00:00
examples/winexe: fix fetching return code of the remote command
ctrl_inbuf field is used to parse remote-side information. A typo was
there that tried to parse return code as "version 0x%x" whereas the
correct way to do it (tested on Windows 10) is to scan for "return_code
%x".
Signed-off-by: Yury Lunev <yury.lunev at gmail.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Jul 28 18:01:16 UTC 2022 on sn-devel-184
- - - - -
d2777007 by Joseph Sutton at 2022-07-28T22:47:37+00:00
CVE-2022-32743 s4-acl: Add tests for validated dNSHostName write
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14833
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
b41691d0 by Joseph Sutton at 2022-07-28T22:47:37+00:00
CVE-2022-32743 tests/py_credentials: Add tests for setting dNSHostName with LogonGetDomainInfo()
Test that the value is properly validated, and that it can be set
regardless of rights on the account.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14833
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
e38b75a5 by Joseph Sutton at 2022-07-28T22:47:37+00:00
CVE-2022-32743 s4:torture/rpc: Fix tests to match Windows
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14833
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
49ac07e7 by Joseph Sutton at 2022-07-28T22:47:37+00:00
CVE-2022-32743 s4/dsdb/util: Add dsdb_msg_get_single_value()
This function simulates an add or modify operation for an ldb message to
determine the final value of a particular single-valued attribute. This
is useful when validating attributes that should stay in sync with other
attributes, such as servicePrincipalName and dNSHostName.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14833
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
0d888f0c by Joseph Sutton at 2022-07-28T22:47:37+00:00
CVE-2022-32743 s4/dsdb/util: Add function to check for a subclass relationship
We need to be able to determine whether an object is a subclass of a
specific objectclass such as 'computer'.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14833
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
b95431ab by Joseph Sutton at 2022-07-28T22:47:37+00:00
CVE-2022-32743 dsdb: Implement validated dNSHostName write
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14833
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
c2ab1f46 by Joseph Sutton at 2022-07-28T22:47:37+00:00
CVE-2022-32743 dsdb/common: Add FORCE_ALLOW_VALIDATED_DNS_HOSTNAME_SPN_WRITE control
Passing this control will grant the right to set validated values for
dNSHostName and servicePrincipalName, and non-validated values for other
attributes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14833
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
f9831259 by Joseph Sutton at 2022-07-28T22:47:37+00:00
CVE-2022-32743 dsdb/modules/acl: Handle FORCE_ALLOW_VALIDATED_DNS_HOSTNAME_SPN_WRITE control
When this control is specified, we'll assume we have Validated Write on
dNSHostName and servicePrincipalName, and Write Property on other
attributes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14833
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
d07641fc by Joseph Sutton at 2022-07-28T22:47:37+00:00
CVE-2022-32743 s4:rpc_server/netlogon: Remove dNSHostName prefix check
This check is not exhaustive (it does not check the suffix of the
dNSHostName), and should be covered by a validated write check in
acl_modify().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14833
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
02c2a8c7 by Joseph Sutton at 2022-07-28T22:47:37+00:00
CVE-2022-32743 s4:rpc_server/netlogon: Always observe NETR_WS_FLAG_HANDLES_SPN_UPDATE flag
Even when there is no old DNS hostname present.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14833
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
f5451423 by Joseph Sutton at 2022-07-28T22:47:37+00:00
CVE-2022-32743 s4:rpc_server/netlogon: Connect to samdb as a user, rather than as system
This allows us to perform validation on a client-specified dNSHostName
value, to ensure that it matches the sAMAccountName.
We might not have any rights to modify the account, so pass the control
FORCE_ALLOW_VALIDATED_DNS_HOSTNAME_SPN_WRITE which allows us to perform
a validated write to dNSHostName and servicePrincipalName (and
unvalidated writes to other attributes, such as operatingSystem).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14833
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
7638abd3 by Joseph Sutton at 2022-07-28T22:47:37+00:00
CVE-2022-32743 dsdb/modules/acl: Account for sAMAccountName without $
If we have an account without a trailing $, we should ensure the
servicePrincipalName matches the entire sAMAccountName. We should not
allow a match against the sAMAccountName prefix of length
strlen(samAccountName) - 1, as that could conflict with a different
account.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14833
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
e1c52ac0 by Joseph Sutton at 2022-07-28T22:47:38+00:00
CVE-2022-32743 dsdb/modules/acl: Allow simultaneous sAMAccountName, dNSHostName, and servicePrincipalName change
If the message changes the sAMAccountName, we'll check dNSHostName and
servicePrincipalName values against the new value of sAMAccountName,
rather than the account's current value. Similarly, if the message
changes the dNSHostName, we'll check servicePrincipalName values against
the new dNSHostName. This allows setting more than one of these
attributes simultaneously with validated write rights.
We now pass 'struct ldb_val' to acl_validate_spn_value() instead of
simple strings. Previously, we were relying on the data inside 'struct
ldb_val' having a terminating zero byte, even though this is not
guaranteed.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14833
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
6b76bc73 by Joseph Sutton at 2022-07-28T22:47:38+00:00
CVE-2022-32743 s4:rpc_server/common: Add dcesrv_samdb_connect_session_info()
This function allows us to connect to samdb as a particular user by
passing in that user's session info.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14833
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
15c86028 by Joseph Sutton at 2022-07-28T23:41:27+00:00
CVE-2022-32743 s4:rpc_server/netlogon: Reconnect to samdb as workstation account
This ensures that the database update can be attributed to the
workstation account, rather than to the anonymous SID, in the audit
logs.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14833
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall at samba.org>
Autobuild-Date(master): Thu Jul 28 23:41:27 UTC 2022 on sn-devel-184
- - - - -
7a6bd227 by Andreas Schneider at 2022-07-29T13:08:36+00:00
lib:replace: Remove <sys/mount.h> from filesys.h
You need to be careful if you include <sys/mount.h> or <linux/mount.h>
at least since glibc 2.36.
Details at:
https://sourceware.org/glibc/wiki/Release/2.36#Usage_of_.3Clinux.2Fmount.h.3E_and_.3Csys.2Fmount.h.3E
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15132
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Fri Jul 29 13:08:36 UTC 2022 on sn-devel-184
- - - - -
3aecd6e7 by Martin Schwenke at 2022-08-01T09:19:55+00:00
ctdb-common: CID 1507498: Control flow issues (DEADCODE)
Fix typo in error checking. While here adjust the bottom of the
range, making errno 0 invalid.
Add corresponding test cases using an alternative syntax for errno packets
(#nnn[;] - trailing ';' is optional).
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay at samba.org>
Autobuild-Date(master): Mon Aug 1 09:19:55 UTC 2022 on sn-devel-184
- - - - -
9459f855 by Andreas Schneider at 2022-08-02T10:11:35+00:00
Revert "lib:replace: Remove <sys/mount.h> from filesys.h"
This reverts commit 7a6bd2279897ed389d10f09e5b315a7bca96e7d4.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15132
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
766151bf by Andreas Schneider at 2022-08-02T11:05:14+00:00
lib:replace: Only include <sys/mount.h> on non-Linux systems
Details at:
https://sourceware.org/glibc/wiki/Release/2.36#Usage_of_.3Clinux.2Fmount.h.3E_and_.3Csys.2Fmount.h.3E
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15132
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Tue Aug 2 11:05:14 UTC 2022 on sn-devel-184
- - - - -
6fd8f7fd by Jeremy Allison at 2022-08-02T19:49:31+00:00
s3: smbd: In filename_convert_dirfsp(), allow SMB1+POSIX to traverse non-terminal symlinks.
This is the behavior of filename_convert() and
we need to allow it for the legacy SMB1+POSIX libsmbclient
libraries already deployed out there.
When we add SMB2 POSIX we must disallow symlink
traversal over any symlinks, the client must
resolve symlinks locally.
Add a note to show this is where we need to add
an error for SMB2+POSIX names with UCF_POSIX_PATHNAMES
set.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
5249cb3d by Jeremy Allison at 2022-08-02T19:49:31+00:00
s3: smbd: In filename_convert_dirfsp_nosymlink(), in SMB1-only POSIX mode, allow a pathname referencing a symlink to be returned.
Doesn't contain a valid smb_fname->fsp pointer of course,
and is only used by the SMB1 code to take a reference to
a smylink name for manipulation (unlinkat, readlinkat etc.).
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
2c4719a0 by Jeremy Allison at 2022-08-02T19:49:32+00:00
s3: smbd: In filename_convert_dirfsp(), don't let an SMB1+POSIX client see a symlink to a directory with no permissions.
This isn't 100% correct, but it gets us close enough
to the old behavior for SMB1+POSIX libsmbclient. If we went through a
symlink, and we got NT_STATUS_ACCESS_DENIED on the directory
containing the target, just don't allow the client to see the
intermediate path.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
b9006f33 by Jeremy Allison at 2022-08-02T19:49:32+00:00
s3: smbd: Inside filename_convert_dirfsp_nosymlink(), don't require UCF_PREP_CREATEFILE when parsing a stream name that doesn't already exist.
We don't require it for a new file. Without this change, we have
to add UCF_PREP_CREATEFILE to the destination flags when we are
doing renames to a destination stream name, but not when doing
renames to a destination file name, which makes for inconsistent API use.
filename_convert_dirfsp() is now a drop in replacement
for filename_convert(), even for the ugly SMB1 POSIX
cases.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
c673ca15 by Jeremy Allison at 2022-08-02T19:49:32+00:00
s3: smbd: Tweak the logic of smb2_file_rename_information().
There's no point in calling filename_convert() and then
just ignoring the returned smb_fname if it's a raw stream name.
Only call filename_convert() if we know it isn't a raw stream
name.
Ignore stream/non-stream mismatches in src and dst in
smb2_file_rename_information, let rename_internals_fsp()
take care of that as the error returns inside rename_internals_fsp()
are tested by raw.streams.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
beb10e8b by Jeremy Allison at 2022-08-02T19:49:32+00:00
s3: smbd: In reply_ntrename(), don't call filename_convert() if we know it's a stream rename.
There is no point in calling filename_convert() on a raw stream name.
It can never find the file anyway (and never returns a valid smb_fname->fsp).
Use the same logic as SMB2_FILE_RENAME_INFORMATION_INTERNAL now does
and generate smb_fname_new directly.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
d9f144ac by Jeremy Allison at 2022-08-02T19:49:32+00:00
s3: smbd: Add src_dirfsp and dst_dirfsp parameters to rename_internals().
Not yet used (but passed to SMB_VFS_CREATE_FILE()).
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
0b33ec49 by Jeremy Allison at 2022-08-02T19:49:32+00:00
s3: smbd: Add dirfsp parameter to unlink_internals().
Not yet used but passed to SMB_VFS_CREATE().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
1d658bbe by Jeremy Allison at 2022-08-02T19:49:32+00:00
s3: smbd: Add dst_dirfsp parameter to rename_internals_fsp().
Not yet used, but when this is fully plumbed though we can
look at optimizing and removing the code inside rename_internals_fsp()
that currently gets it's own dst_dirfsp.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
b80e5113 by Jeremy Allison at 2022-08-02T19:49:32+00:00
s3: smbd: Add old_dirfsp and new_dirfsp parameters to hardlink_internals().
Not yet used.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
a6c34ec3 by Jeremy Allison at 2022-08-02T19:49:32+00:00
s3: smbd: Add src_dirfsp and dst_dirfsp parameters to copy_internals().
Not yet used.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
2a9d7beb by Jeremy Allison at 2022-08-02T19:49:32+00:00
s3: smbd: Add dirfsp parameter to create_directory().
Not yet used but passed down to SMB_VFS_CREATE().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
a457d59e by Jeremy Allison at 2022-08-02T19:49:32+00:00
s3: smbd: Convert reply_getatr() to use filename_convert_dirfsp().
One less use of filename_convert().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
c71368a0 by Jeremy Allison at 2022-08-02T19:49:32+00:00
s3: smbd: Convert reply_setatr() to use filename_convert_dirfsp().
One less use of filename_convert().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
a9ed7f60 by Jeremy Allison at 2022-08-02T19:49:32+00:00
s3: smbd: Convert call_trans2qfilepathinfo() to use filename_convert_dirfsp().
One less use of filename_convert().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
1006b1af by Jeremy Allison at 2022-08-02T19:49:32+00:00
s3: smbd: Convert call_trans2setfilepathinfo() to use filename_convert_dirfsp().
One less use of filename_convert().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
d89ec90c by Jeremy Allison at 2022-08-02T19:49:32+00:00
s3: smbd: Convert _srvsvc_NetGetFileSecurity() to use filename_convert_dirfsp().
One less use of filename_convert().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
c3737300 by Jeremy Allison at 2022-08-02T19:49:32+00:00
s3: smbd: Convert _srvsvc_NetSetFileSecurity() to use filename_convert_dirfsp().
One less use of filename_convert().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
ab939772 by Jeremy Allison at 2022-08-02T19:49:32+00:00
s3: smbd: Convert smbd_smb2_create_durable_lease_check() to use filename_convert_dirfsp().
One less use of filename_convert().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
dc309e60 by Jeremy Allison at 2022-08-02T19:49:32+00:00
s3: smbd: Convert cmd_utime() to use filename_convert_dirfsp().
One less use of filename_convert().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
79257334 by Jeremy Allison at 2022-08-02T19:49:32+00:00
s3: smbd: Convert reply_unlink() to use filename_convert_dirfsp().
One less use of filename_convert().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
b14e4f59 by Jeremy Allison at 2022-08-02T19:49:32+00:00
s3: smbd: Convert reply_mkdir() to use filename_convert_dirfsp().
One less use of filename_convert().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
8b667db0 by Jeremy Allison at 2022-08-02T19:49:32+00:00
s3: smbd: Convert reply_mv() to use filename_convert_dirfsp().
One less use of filename_convert().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
22403ec7 by Jeremy Allison at 2022-08-02T19:49:32+00:00
s3: smbd: Convert reply_ntrename() to use filename_convert_dirfsp().
One less use of filename_convert().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
3b3cab81 by Jeremy Allison at 2022-08-02T19:49:32+00:00
s3: smbd: Convert smb_set_file_unix_hlink() to use filename_convert_dirfsp().
One less use of filename_convert().
Later we should optimize this by passing in
the src_dirfsp from the caller.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
e960f4b3 by Jeremy Allison at 2022-08-02T19:49:32+00:00
s3: smbd: Convert smb2_file_rename_information() to use filename_convert_dirfsp().
One less use of filename_convert().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
0e7a151c by Jeremy Allison at 2022-08-02T19:49:32+00:00
s3: smbd: Convert smb_file_link_information() to use filename_convert_dirfsp().
One less use of filename_convert().
Later we should optimize this by passing in
the src_dirfsp from the caller.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
93b6db33 by Jeremy Allison at 2022-08-02T20:46:38+00:00
s3: smbd: Convert smb_file_rename_information() to use filename_convert_dirfsp().
There is only one last user of filename_convert(), in filename_convert_smb1_search_path().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Aug 2 20:46:38 UTC 2022 on sn-devel-184
- - - - -
3254622a by Ralph Boehme at 2022-08-03T13:00:36+00:00
mdssvc: fix a comment
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14915
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
c0d46796 by Ralph Boehme at 2022-08-03T13:00:36+00:00
mdssvc: update a comment
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14915
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
5b750d6b by Ralph Boehme at 2022-08-03T13:00:36+00:00
mdssvc: consolidate calls of mds_es_search_unset_pending()
Both codepaths were mds_es_search_unset_pending() is currently called end up
going through the higher level callback mds_es_search_done(). Moving the call to
mds_es_search_unset_pending() ensures we call it consistently and don't miss it
in some error code path.
Otherwise no change in behaviour.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14915
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
2fc2c7d4 by Ralph Boehme at 2022-08-03T13:00:36+00:00
mdssvc: move calling mds_es_search_set_pending() to mds_es_next_search_trigger()
This makes the calls to mds_es_search_set_pending() and
mds_es_search_unset_pending() symmetric. No change in behaviour.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14915
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
9b56c703 by Ralph Boehme at 2022-08-03T13:00:36+00:00
mdssvc: prevent a crash when pending search finishes after the client closed the search connection
When a search is in-flight and currently being processed against the
Elasticsearch server, we set s->pending. In the destructor of "s" we check "pending"
and reject deallocation of the object.
One instance where "s" is requested to be deallocated is when the client closes
the top-level per-share search connection. This will implicitly close all
searches associated with the mds_ctx from mds_ctx_destructor_cb():
while (mds_ctx->query_list != NULL) {
/*
* slq destructor removes element from list.
* Don't use TALLOC_FREE()!
*/
talloc_free(mds_ctx->query_list);
}
So when this happens the Elasticsearch backend query object stays around,
alongside with any active tevent_req request and a tevent_req timer set with
tevent_req_set_endtime() in mds_es_search_send().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14915
RN: mdssvc crashes when searches are pending and the client closes the mdssvc IPC pipe
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
9b0e61ff by Ralph Boehme at 2022-08-03T13:00:36+00:00
mdssvc: reapply default search destructor when marking a search non-pending
This is needed to ensure searches that are scheduled more then once to the
Elasticsarch server (because the first run didn't return all results) get
removed from the list of searches in case the user closes the query.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14915
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
1150d121 by Ralph Boehme at 2022-08-03T13:00:36+00:00
mdssvc: fix check if search connection state is gone
This was dead code: before this patchset noone set s->mds_es_ctx->mds_ctx to
NULL. A previous commit changed that so now the mds_es_ctx destructor sets
s->mds_es_ctx to NULL if a search "s" was currently in-flight.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14915
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
ac13935a by Ralph Boehme at 2022-08-03T13:00:36+00:00
mdssvc: don't trigger http reconnect if a search was cancelled
Calling tevent_req_error() triggers a HTTP reconnect in mds_es_search_done() as
mds_es_search_recv() returns the error so we call mds_es_reconnect_on_error().
slq (which is s->slq) or s->mds_es_ctx will be NULL if the user closed a search
or disconnected a share with an active mdssvc IPC pipe, no need to trigger a
HTTP reconnect for those cases.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14915
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
c9ecd33a by Ralph Boehme at 2022-08-03T13:00:36+00:00
mdssvc: fold two if blocks into one
No change in behaviour.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14915
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
61c6a00f by Ralph Boehme at 2022-08-03T14:00:36+00:00
mdssvc: check if the user closed the query before trying to read the HTTP response from Elasticsearch
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14915
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
Autobuild-User(master): Noel Power <npower at samba.org>
Autobuild-Date(master): Wed Aug 3 14:00:36 UTC 2022 on sn-devel-184
- - - - -
9757229b by Andreas Schneider at 2022-08-04T09:11:29+00:00
testprogs: Reformat dbcheck-links.sh
shfmt -w -p -i 0 -fn testprogs/blackbox/dbcheck-links.sh
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
- - - - -
ae345224 by Andreas Schneider at 2022-08-04T09:11:29+00:00
testprogs: Reformat dbcheck-oldrelease.sh
shfmt -w -p -i 0 -fn testprogs/blackbox/dbcheck-oldrelease.sh
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
- - - - -
0cdd2046 by Andreas Schneider at 2022-08-04T10:11:30+00:00
testprogs: Reformat dbcheck.sh
shfmt -w -p -i 0 -fn testprogs/blackbox/dbcheck.sh
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
Autobuild-User(master): Pavel Filipensky <pfilipensky at samba.org>
Autobuild-Date(master): Thu Aug 4 10:11:30 UTC 2022 on sn-devel-184
- - - - -
9bc3ba8f by Andreas Schneider at 2022-08-04T12:56:37+00:00
testprogs: Reformat demote-saveddb.sh
shfmt -w -p -i 0 -fn testprogs/blackbox/demote-saveddb.sh
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
- - - - -
eab5cdb6 by Andreas Schneider at 2022-08-04T12:56:37+00:00
testprogs: Reformat dfree.sh
shfmt -w -p -i 0 -fn testprogs/blackbox/dfree.sh
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
- - - - -
91035d48 by Andreas Schneider at 2022-08-04T12:56:37+00:00
testprogs: Reformat dom_parse.sh
shfmt -w -p -i 0 -fn testprogs/blackbox/dom_parse.sh
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
- - - - -
f2591ff7 by Andreas Schneider at 2022-08-04T12:56:37+00:00
testprogs: Reformat functionalprep.sh
shfmt -w -p -i 0 -fn testprogs/blackbox/functionalprep.sh
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
- - - - -
65b37973 by Andreas Schneider at 2022-08-04T12:56:37+00:00
testprogs: Reformat join_ldapcmp.sh
shfmt -w -p -i 0 -fn testprogs/blackbox/join_ldapcmp.sh
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
- - - - -
084bddcf by Andreas Schneider at 2022-08-04T12:56:37+00:00
testprogs: Reformat ldapcmp_restoredc.sh
shfmt -w -p -i 0 -fn testprogs/blackbox/ldapcmp_restoredc.sh
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
- - - - -
d0f27918 by Andreas Schneider at 2022-08-04T12:56:37+00:00
testprogs: Reformat nsstest.sh
shfmt -w -p -i 0 -fn testprogs/blackbox/nsstest.sh
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
- - - - -
7b4e06d2 by Andreas Schneider at 2022-08-04T12:56:37+00:00
testprogs: Reformat renamedc.sh
shfmt -w -p -i 0 -fn testprogs/blackbox/renamedc.sh
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
- - - - -
a59460d2 by Andreas Schneider at 2022-08-04T12:56:37+00:00
testprogs: Reformat runtime-links.sh
shfmt -w -p -i 0 -fn testprogs/blackbox/runtime-links.sh
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
- - - - -
de6335d4 by Andreas Schneider at 2022-08-04T12:56:37+00:00
testprogs: Reformat schemaupgrade.sh
shfmt -w -p -i 0 -fn testprogs/blackbox/schemaupgrade.sh
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
- - - - -
561e9256 by Andreas Schneider at 2022-08-04T12:56:37+00:00
testprogs: Reformat subunit.sh
shfmt -w -p -i 0 -fn testprogs/blackbox/subunit.sh
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
- - - - -
f222b2a2 by Andreas Schneider at 2022-08-04T12:56:37+00:00
testprogs: Reformat test_chgdcpass.sh
shfmt -w -p -i 0 -fn testprogs/blackbox/test_chgdcpass.sh
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
- - - - -
2c8681cc by Andreas Schneider at 2022-08-04T12:56:37+00:00
testprogs: Reformat test_client_etypes.sh
shfmt -w -p -i 0 -fn testprogs/blackbox/test_client_etypes.sh
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
- - - - -
fcdcad87 by Andreas Schneider at 2022-08-04T12:56:37+00:00
testprogs: Reformat test_client_kerberos.sh
shfmt -w -p -i 0 -fn testprogs/blackbox/test_client_kerberos.sh
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
- - - - -
708582de by Andreas Schneider at 2022-08-04T12:56:37+00:00
testprogs: Reformat test_export_keytab_heimdal.sh
shfmt -w -p -i 0 -fn testprogs/blackbox/test_export_keytab_heimdal.sh
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
- - - - -
848bf1bf by Andreas Schneider at 2022-08-04T12:56:37+00:00
testprogs: Reformat test_export_keytab_mit.sh
shfmt -w -p -i 0 -fn testprogs/blackbox/test_export_keytab_mit.sh
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
- - - - -
da0049b0 by Andreas Schneider at 2022-08-04T12:56:37+00:00
testprogs: Reformat test_kinit_heimdal.sh
shfmt -w -p -i 0 -fn testprogs/blackbox/test_kinit_heimdal.sh
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
- - - - -
8c19e475 by Andreas Schneider at 2022-08-04T12:56:37+00:00
testprogs: Reformat test_kinit_mit.sh
shfmt -w -p -i 0 -fn testprogs/blackbox/test_kinit_mit.sh
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
- - - - -
ce97396e by Andreas Schneider at 2022-08-04T12:56:37+00:00
testprogs: Reformat test_kinit_trusts_heimdal.sh
shfmt -w -p -i 0 -fn testprogs/blackbox/test_kinit_trusts_heimdal.sh
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
- - - - -
a68d75f9 by Andreas Schneider at 2022-08-04T12:56:37+00:00
testprogs: Reformat test_kinit_trusts_mit.sh
shfmt -w -p -i 0 -fn testprogs/blackbox/test_kinit_trusts_mit.sh
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
- - - - -
9d1cf12d by Andreas Schneider at 2022-08-04T12:56:37+00:00
testprogs: Reformat test_kpasswd_heimdal.sh
shfmt -w -p -i 0 -fn testprogs/blackbox/test_kpasswd_heimdal.sh
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
- - - - -
faf8c190 by Andreas Schneider at 2022-08-04T12:56:37+00:00
testprogs: Reformat test_kpasswd_mit.sh
shfmt -w -p -i 0 -fn testprogs/blackbox/test_kpasswd_mit.sh
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
- - - - -
2120b215 by Andreas Schneider at 2022-08-04T13:49:54+00:00
testprogs: Reformat test_ktpass.sh
shfmt -w -p -i 0 -fn testprogs/blackbox/test_ktpass.sh
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Thu Aug 4 13:49:54 UTC 2022 on sn-devel-184
- - - - -
8b9fdc8a by Jeremy Allison at 2022-08-04T17:09:31+00:00
s3: smbd: Add ucf_flags parameter to extract_snapshot_token().
Will be needed to cope with MSDFS paths which can be passed in
to this function.
Note, this a temporary measure until we handle DFS paths better
and will be removed in the next patchset.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
7a823d44 by Jeremy Allison at 2022-08-04T17:09:31+00:00
s3: smbd: Allow extract_snapshot_token() to cope with MSDFS paths.
"raw" MSDFS paths are passed here as \server\share\path.
find_snapshot_token() only looks for a '/' as a separator
in SMB1 shapshot paths.
Allow extract_snapshot_token() to cope with SMB1 MSDFS paths by
converting in place, looking for the @GMT token with a '/'
separator via find_snapshot_token(), and then converting back.
Note, this a temporary measure until we handle DFS paths better
and will be removed in the next patchset.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
74715a75 by Jeremy Allison at 2022-08-04T17:09:31+00:00
s3: smbd: Remove separate talloc_stackframe() from filename_convert_smb1_search_path().
We're soon going to change this to return dirfsp and use convert_filename_dirfsp()
so we need to return values on the passed in talloc ctx.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
2ad3e63f by Jeremy Allison at 2022-08-04T17:09:31+00:00
s3: smbd: Remove const from name_in parameter to filename_convert_smb1_search_path().
We're going to need to convert in place if it's an MSDFS path
with an SMB1 @GMT token.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
df5455c4 by Jeremy Allison at 2022-08-04T17:09:31+00:00
s3: smbd: Change filename_convert_smb1_search_path() to use extract_snapshot_token().
strip_gmt_from_raw_dfs() is now no longer used.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
5eed3f48 by Jeremy Allison at 2022-08-04T17:09:31+00:00
s3: smbd: Remove code for unused strip_gmt_from_raw_dfs().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
acff075a by Jeremy Allison at 2022-08-04T17:09:31+00:00
s3: smbd: In reply_ntrename(), move the call to get_original_lcomp(..newname..) after the call to extract_snapshot_token(..newname..).
This was the last case where the snapshot TWRP token could be
passed into get_original_lcomp(). get_original_lcomp() can now
be changed to ignore TWRP tokens.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
2d9938da by Jeremy Allison at 2022-08-04T17:09:31+00:00
s3: smbd: Remove TWRP handing inside get_original_lcomp().
Now we know all @GMT paths are removed before get_original_lcomp()
is called, we can eliminate this code.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
4112bab9 by Jeremy Allison at 2022-08-04T17:09:31+00:00
s3: smbd: In filename_convert_smb1_search_path(), after we have called dfs_redirect(), the path separator is always '/'.
This will allow us to remove the call to dfs_redirect() from get_original_lcomp().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
5a923ae3 by Jeremy Allison at 2022-08-04T17:09:31+00:00
s3: smbd: We now know get_original_lcomp() never has to deal with an MSDFS pathname.
Remove the call to dfs_redirect() within it.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
7bd5c05f by Jeremy Allison at 2022-08-04T17:09:31+00:00
s3: smbd: Add returned dirfsp pointer to filename_convert_smb1_search_path().
Preparation for convertion of the last filename_convert() -> filename_convert_dirfsp().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
68483583 by Jeremy Allison at 2022-08-04T17:09:31+00:00
s3: smbd: Convert filename_convert_smb1_search_path() to use filename_convert_dirfsp().
There are now no more users of filename_convert().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
ffc19ac9 by Jeremy Allison at 2022-08-04T17:09:31+00:00
s3: smbd: Remove filename_convert().
(\ _ /)
( \ O / )
(// \\)
X
/ \
/___\
_____/ \\_____
| + ||
| ||
| filename_convert ||
| ||
| ||
| ||
| ||
| _ ___ _ ||
| | \ | | \ ||
| | | | | | ||
| |_/ | |_/ ||
| | \ | | ||
| | \ | | ||
| | \. _|_. | . ||
| ||
* * | * ** * ** |** **
\)),.,\(/.,(//,,..,,\||(,,.,\\,.((//
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
87835c69 by Jeremy Allison at 2022-08-04T17:09:31+00:00
s3: smbd: In filename_convert_dirfsp_nosymlink() only use synthetic_smb_fname_split() for fake_files, not printer shares too.
Printer shares can have real filenames.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
f42b5be4 by Jeremy Allison at 2022-08-04T17:09:31+00:00
s3: smbd: Add dirfsp return parameter to driver_unix_convert().
Not yet used, but (dirfsp=NULL) value passed to functions
called after driver_unix_convert().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
46418ddd by Jeremy Allison at 2022-08-04T18:10:43+00:00
s3: smbd: Convert driver_unix_convert() to use filename_convert_dirfsp().
There is now only one user left of unix_convert(), inside
the MSDFS code. I have plans to get rid of this soon.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Aug 4 18:10:43 UTC 2022 on sn-devel-184
- - - - -
0b58dc38 by Volker Lendecke at 2022-08-04T20:44:32+00:00
smbd: Fix the build on FreeBSD
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c89ae5f0 by Volker Lendecke at 2022-08-04T20:44:32+00:00
lib: Align an integer type
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
99020ffe by Volker Lendecke at 2022-08-04T20:44:32+00:00
smbd: Security fix for systems without O_PATH
Further up we add O_PATH manually. Initial development versions of
this code did set the is_pathref, but then I found this potential
problem. I forgot to remove this incarnation of is_pathref=true, doing
it now.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
972dd999 by Volker Lendecke at 2022-08-04T21:46:23+00:00
smbd: Fix a "set but not used" warning
This is copy&paste from reply_negprot() where this variable was used
to set the remote architecture. This isn't used anymore in the
stripped down smb2 version of this.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Aug 4 21:46:23 UTC 2022 on sn-devel-184
- - - - -
f24ef117 by Jeremy Allison at 2022-08-05T09:24:30+00:00
s3: smbd: Change srvstr_get_path_internal() to always call check_path_syntaxXXX(), even on DFS pathnames.
The original design decision to just copy a DFS path and let
parse_dfs_path() take care of it was a horrible mistake.
Fix srvstr_get_path_internal() to always return a
/server/share/path (i.e. a path separated with '/', not '\').
This is a more complex change than I like to allow
DFS path procesing in srvstr_get_path_internal() but
needed as clients (including Samba smbclient) have a
rather "fuzzy" idea of what constitutes a valid DFS path.
If we detect the DFS path isn't valid here we have to
fall back to treating it as a local path.
I also need to modify the DFS parsing in
filename_convert_smb1_search_path() to cope with only '/'
separators.
This also means parse_dfs_path() needs changing to
cope.
The changes here are best reviewed by just applying
the fix and looking at the modified functions:
srvstr_get_path_internal()
parse_dfs_path()
For parse_dfs_path() it's mostly removing bad code
and makes parse_dfs_path() much easier to read.
These changes will enable me to remove some ugly mistakes made
adding ucf_flags to extract_snapshot_token(), as
we can now always assume canonicalized paths.
This is a little messy, but has to be done in
one chunk as the change to srvstr_get_path_internal()
depends on the change to parse_dfs_path().
Thanks to Volker for the insight that made this
cleanup possible.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
e5a49c31 by Jeremy Allison at 2022-08-05T09:24:30+00:00
s3: smbd: Remove 'bool posix_path' from struct dfs_path.
Nothing now sets or looks at it.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
7ef1412f by Jeremy Allison at 2022-08-05T09:24:30+00:00
s3: smbd: Minor cleanup in parse_dfs_path().
allow_wcards parameter is not used or looked at.
Remove it.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
d21cf6bb by Jeremy Allison at 2022-08-05T09:24:30+00:00
s3: smbd: Cleanup - integer align. consumedcnt should be a size_t.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
5c9404f7 by Jeremy Allison at 2022-08-05T09:24:30+00:00
s3: smbd: Remove the ucf_flags parameter from extract_snapshot_token().
Now we always call check_path_syntaxXXX(), even on DFS names
we no longer need this. It was a BAD change, and I should feel BAD :-).
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
5075df45 by Jeremy Allison at 2022-08-05T10:24:22+00:00
s3: smbd: Remove ugly SMB1-specific hack to filename_convert_dirfsp()
This was added due to the error code check in test_symlink_traversal_smb1_posix.sh.
After careful consideration I've realized the error code expected here
is incorrect, and not providing any security benefit.
We already check that trying to fetch a file/traverse through a
symlink that points outside of a share returns NT_STATUS_OBJECT_PATH_NOT_FOUND,
and this is enforced in the symlink checks already inside filename_convert_dirfsp().
If a symlink points to a directory within the share for which
the user has no permissions (as is tested here), then there's no
benefit in mapping the error code from NT_STATUS_ACCESS_DENIED
to NT_STATUS_OBJECT_PATH_NOT_FOUND, as we are not providing any
extra information about the filesystem state the user cannot already
obtain by normal SMB1+POSIX calls.
Change the error code expected in this single test from NT_STATUS_OBJECT_PATH_NOT_FOUND
to NT_STATUS_ACCESS_DENIED.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Fri Aug 5 10:24:23 UTC 2022 on sn-devel-184
- - - - -
e0d96197 by Douglas Bagnall at 2022-08-06T00:45:35+00:00
pytest/netcmd: test samba-tool testparm global section
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: David Mulder <dmulder at suse.com>
- - - - -
1c6e59a7 by Douglas Bagnall at 2022-08-06T00:45:35+00:00
pyparam: expose lpcfg_dump_globals()
This is needed by samba-tool testparm, in the next commit.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15070
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: David Mulder <dmulder at suse.com>
- - - - -
5750d7a1 by Douglas Bagnall at 2022-08-06T00:45:35+00:00
samba-tool: allow testparm to dump global section only
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15070
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: David Mulder <dmulder at suse.com>
- - - - -
0fdd7e16 by Douglas Bagnall at 2022-08-06T01:42:09+00:00
samba-tool gpo: clean up tmpdir after create
'fetch' and 'backup' might also leave files in /tmp, but in those cases
we want the files.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15006
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: David Mulder <dmulder at suse.com>
Autobuild-User(master): Douglas Bagnall <dbagnall at samba.org>
Autobuild-Date(master): Sat Aug 6 01:42:09 UTC 2022 on sn-devel-184
- - - - -
5aaf3894 by Stefan Metzmacher at 2022-08-06T01:43:50+00:00
vfs_glusterfs: add missing END_PROFILE(syscall_openat) to vfs_gluster_openat()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
5fc016f2 by Volker Lendecke at 2022-08-06T01:43:50+00:00
vfs: change openat propotype to match linux openat2
The Linux prototype for openat2 looks like this:
long openat2(int dirfd, const char *pathname,
struct open_how *how, size_t size);
where "struct open_how" is defined in "linux/openat2.h". It is
designed to be extensible with further flags.
The "size" parameter is required because there is no type checking
between userland and kernelspace, so the way for Linux to find which
version of open_how is being passed in is looking at the size:
"open_how" is expected to only every grow with additional fields,
should a change be necessary in the future.
Samba does not have this problem, we can typecheck the struct and
pointers, we expect all VFS modules to be compiled against the current
vfs.h.
For now this adds no functionality, but it will make further patches
much smaller.
Pair-programmed-with: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Volker Lendecke <vl at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ccc26364 by Volker Lendecke at 2022-08-06T01:43:50+00:00
smbd: Pass vfs_open_how through non_widelink_open
process_symlink_open goes with it
Pair-programmed-with: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Volker Lendecke <vl at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c3c5e6c3 by Volker Lendecke at 2022-08-06T01:43:50+00:00
smbd: Pass vfs_open_how through fd_openat
Pair-programmed-with: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Volker Lendecke <vl at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
8693a041 by Volker Lendecke at 2022-08-06T01:43:50+00:00
smbd: Hand vfs_open_how to openat_pathref_fullname
Pair-programmed-with: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Volker Lendecke <vl at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
7cd87156 by Volker Lendecke at 2022-08-06T02:39:11+00:00
vfs: Add struct vfs_open_how.resolve
This prepares the later introduction of VFS_OPEN_HOW_RESOLVE_NO_SYMLINKS,
which will be used to make use of RESOLVE_NO_SYMLINKS on linux with openat2().
Right now all terminal VFS objects reject any resolve bits with ENOSYS.
So we only prepare the vfs layer for now without any real change.
But this will make backports to 4.17 much easier.
Pair-programmed-with: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Volker Lendecke <vl at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Sat Aug 6 02:39:11 UTC 2022 on sn-devel-184
- - - - -
e1387560 by listout at 2022-08-08T06:33:38+00:00
nsswitch/wins: Define NETDB_* for other libc's
Define NETDB_SUCCESS and NETDB_INTERNAL if they are not defined. On
libc's such as musl NETDB_INTERNAL and NETDB_SUCCESS are not defined.
Signed-off-by: listout <brahmajit.xyz at gmail.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
fb937ddc by listout at 2022-08-08T07:28:31+00:00
lib/util/access: source3/auth/user_util: Check for INNETGR
Checking for presence of both netgroup and innetgr. INNETGR is not
defined on libc's such as musl so not checking results in a build error.
Signed-off-by: listout <brahmajit.xyz at gmail.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Mon Aug 8 07:28:31 UTC 2022 on sn-devel-184
- - - - -
82d931d2 by Jeremy Allison at 2022-08-08T09:07:24+00:00
s3: smbd: Oops. DBG_ERR messages I used to debug parse_dfs_path(), should have been DBG_DEBUG.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Mon Aug 8 09:07:24 UTC 2022 on sn-devel-184
- - - - -
6412c39b by Jule Anger at 2022-08-08T12:56:28+00:00
smbstatus: delete wrong EXCLUSIVE+BATCH oplock
It is not possible to have an EXCLUSIVE+BATCH oplock, because a BATCH
oplock includes an EXCLUSIVE oplock. Therefore, an EXCLUSIVE+BATCH-Oplock
and a BATCH-Oplock are the same thing.
Signed-off-by: Jule Anger <janger at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
4ef2d366 by Jule Anger at 2022-08-08T12:56:28+00:00
audit_logging: add method to replace the object for a given key with a new object
Signed-off-by: Jule Anger <janger at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
4f21c6fd by Jule Anger at 2022-08-08T12:56:28+00:00
smbstatus: print errors to stderr instead of stdout
Signed-off-by: Jule Anger <janger at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
04f1d339 by Jule Anger at 2022-08-08T12:56:28+00:00
smbstatus: use variables in print_share_mode instead of printing directly
Signed-off-by: Jule Anger <janger at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
caae58fa by Jule Anger at 2022-08-08T12:56:28+00:00
smbstatus: add struct traverse_state
Signed-off-by: Jule Anger <janger at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
d9c1ff4c by Jule Anger at 2022-08-08T12:56:28+00:00
smbstatus: pass the traverse_state to the traverse methods
The state cannot be used as a context, so a NULL context tmp_ctx must be created.
Signed-off-by: Jule Anger <janger at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
e514bdbc by Jule Anger at 2022-08-08T12:56:28+00:00
smbstatus: move the output of the title lines to their own methods
Signed-off-by: Jule Anger <janger at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
cb8a0d9a by Jule Anger at 2022-08-08T12:56:28+00:00
smbstatus: move the output of the content to their own methods
Signed-off-by: Jule Anger <janger at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
92be5375 by Jule Anger at 2022-08-08T12:56:28+00:00
smbstatus: add enum to handle partial encryption and signing
Signed-off-by: Jule Anger <janger at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
b35f13a3 by Jule Anger at 2022-08-08T12:56:28+00:00
smbstatus: use new enum crypto_degree
Signed-off-by: Jule Anger <janger at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
f604e4d4 by Jule Anger at 2022-08-08T12:56:28+00:00
smbstatus: add frame files for json specific methods
Signed-off-by: Jule Anger <janger at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
15fed37a by Jule Anger at 2022-08-08T12:56:28+00:00
smbstatus: add json items to traverse_struct
Signed-off-by: Jule Anger <janger at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
a64c9078 by Jule Anger at 2022-08-08T12:56:28+00:00
smbstatus: add method add_section_to_json
The method adds an empty json object (value) under a given section name
(key) to a given json object.
Signed-off-by: Jule Anger <janger at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
05362a27 by Jule Anger at 2022-08-08T12:56:28+00:00
smbstatus: add general information to the json output
Adds timestamp, samba version and path to smb.conf to a given json
object.
Signed-off-by: Jule Anger <janger at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
138befe4 by Jule Anger at 2022-08-08T12:56:28+00:00
smbstatus: add a connections dictionary
Adds an empty json dictionary under the key "tcons" and adds foreach
connection a dictionary with information to the shares dictionary.
Only print to stdout, if json_output is not set.
Signed-off-by: Jule Anger <janger at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
7d76fe5f by Jule Anger at 2022-08-08T12:56:28+00:00
smbstatus: add server_id to connections
Signed-off-by: Jule Anger <janger at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
69697555 by Jule Anger at 2022-08-08T12:56:28+00:00
conn_tdb: add sess_id to struct connections_data
Save the session global id as sess_id in the connections_data struct.
Signed-off-by: Jule Anger <janger at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
963e1588 by Jule Anger at 2022-08-08T12:56:28+00:00
smbstatus: add session_id to connections dictionary
Signed-off-by: Jule Anger <janger at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
7585f8d2 by Jule Anger at 2022-08-08T12:56:28+00:00
conn_tdb: change type of connections_data.start to NTTIME
connections_data.start previously had the type time_t, but time_t
only had a precision for seconds. NTTIME has a higer precision,
which is useful for debugging.
Signed-off-by: Jule Anger <janger at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
143d9392 by Jule Anger at 2022-08-08T12:56:28+00:00
smbstatus: add machine readable time to connections
Time has the format "2022-03-31T12:23:30+0200".
Signed-off-by: Jule Anger <janger at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
1abae1c2 by Jule Anger at 2022-08-08T12:56:28+00:00
smbstatus: add encryption and signing to connections
Signed-off-by: Jule Anger <janger at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
836fd468 by Jule Anger at 2022-08-08T12:56:28+00:00
smbstatus: add a sessions dictionary
Adds an empty json dictionary under the key "sessions" and adds foreach
session a dictionary with information to the session dictionary. Uses the
session_id as key.
uid_str and gid_str are needed because both receive their own JSON field.
Only print to stdout, if json_output is not set.
Signed-off-by: Jule Anger <janger at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
fd1bfb79 by Jule Anger at 2022-08-08T12:56:28+00:00
smbstatus: add server_id to sessions
Signed-off-by: Jule Anger <janger at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
3ec6e7e3 by Jule Anger at 2022-08-08T12:56:28+00:00
smbstatus: add encryption and signing to sessions
Signed-off-by: Jule Anger <janger at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
95712e61 by Jule Anger at 2022-08-08T12:56:29+00:00
smbstatus: add a basic dictionary with open files
Adds an empty json dictionary under the key "open_files" and adds foreach
locked file a dictionary with information (path, filename and pending
deletes) to the locked files dictionary. Uses path and filename as key.
Only print to stdout, if json_output is not set.
Signed-off-by: Jule Anger <janger at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
27d026ac by Jule Anger at 2022-08-08T12:56:29+00:00
smbstatus: add file_id information about open files to json output
Adds a dictionary with file_id information (devid, inode and extid) for
each locked file.
Signed-off-by: Jule Anger <janger at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
8d264567 by Jule Anger at 2022-08-08T12:56:29+00:00
smbstatus: add opens to files in json output
At the moment, there is only information about the open files.
Adds a list of its opens for each file. An open is represented as
a dictionary. Contains only the basic information (pid, uid and
time) about the open.
Signed-off-by: Jule Anger <janger at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
dd9dd5bf by Jule Anger at 2022-08-08T12:56:29+00:00
smbstatus: add access mode information about open files to json output
Adds a dictionary named "access_mask" to a open dictionary.
Contains the hex value of the mask, a text representation and booleans
for each attribute.
Signed-off-by: Jule Anger <janger at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
595b0198 by Jule Anger at 2022-08-08T12:56:29+00:00
smbstatus: add oplock information about open files to json output
Adds a dictionary named "oplock" to a opens dictionary.
Contains a string representation and booleans for each oplock type
(EXCLUSIVE, BATCH, LEVEL_II, LEASE).
Signed-off-by: Jule Anger <janger at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
1973c3a9 by Jule Anger at 2022-08-08T12:56:29+00:00
smbstatus: add lease information about open files to json output
Adds a dictionary named "lease" to a opens dictionary.
If leases are used, the dictionary contains a boolean for each type
(READE, WRITE and HANDLE or UNKNOWN) and a string representation of
the lease. Otherwise the dict is left empty.
Signed-off-by: Jule Anger <janger at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
003684dc by Jule Anger at 2022-08-08T12:56:29+00:00
smbstatus: add server_id to open files dictionary
Signed-off-by: Jule Anger <janger at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
c0620250 by Jule Anger at 2022-08-08T12:56:29+00:00
smbstatus: add sharemode information about open files to json output
Signed-off-by: Jule Anger <janger at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
43d811ad by Jule Anger at 2022-08-08T12:56:29+00:00
smbstatus: add general caching information about open files to json output
Adds a dictionary named "caching" to a opens dictionary.
Represents both oplock and leases caching. The dictionary contains a
boolean for each type (READE, WRITE and HANDLE), the hex value and a string
representation.
If no oplocks are used, the dictionary is left empty.
Signed-off-by: Jule Anger <janger at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
fb809a11 by Jule Anger at 2022-08-08T12:56:29+00:00
smbstatus: add machine readable time info to locked files
Time has the format "2022-03-31T12:23:30+0200".
Signed-off-by: Jule Anger <janger at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
6b6b586b by Jule Anger at 2022-08-08T12:56:29+00:00
smbstatus: add service path to byte-range locks
The service/share path was added in 39ddd0a520bc and removed in
3a7d372e2eb5.
Signed-off-by: Jule Anger <janger at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
dc3b10cd by Jule Anger at 2022-08-08T12:56:29+00:00
smbstatus: add a basic byte-range locks dictionary
Adds an empty json dictionary under the key "byte_range_locks"
and adds foreach locked file a dictionary with information
(path and filename) to the byte-range locks dictionary.
Only print to stdout, if json_output is not set.
Signed-off-by: Jule Anger <janger at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
eca61089 by Jule Anger at 2022-08-08T12:56:29+00:00
smbstatus: add server_id to byte-range locks
Signed-off-by: Jule Anger <janger at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
c47d9d28 by Jule Anger at 2022-08-08T12:56:29+00:00
smbstatus: add locks to byte-range locked files in json output
At the moment, there is only information about the byte-range locked files.
Adds a list of its locks for each file. An open is represented as
a dictionary. Contains all information (pid, dev_inode, read_write, start
and size) about the lock.
Signed-off-by: Jule Anger <janger at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
fed1569f by Jule Anger at 2022-08-08T12:56:29+00:00
smbstatus: add file_id information to byte-range locks in json output
Adds a dictionary with file_id information (devid, inode and extid) for
each byte-range locked file.
Signed-off-by: Jule Anger <janger at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
8154df9d by Jule Anger at 2022-08-08T12:56:29+00:00
smbstatus: add a notifies dictionary
Adds an empty json dictionary under the key "notifies" and adds foreach
notify a dictionary with information to the notify dictionary. Uses the
pid as key.
Only print to stdout, if json_output is not set.
Signed-off-by: Jule Anger <janger at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
ed1c94be by Jule Anger at 2022-08-08T12:56:29+00:00
smbstatus: add server_id to notifies
Signed-off-by: Jule Anger <janger at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
78c67402 by Jule Anger at 2022-08-08T12:56:29+00:00
smbstatus: add machine readable creation_time to notify
Signed-off-by: Jule Anger <janger at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
5d6ed73b by Jule Anger at 2022-08-08T12:56:29+00:00
smbstatus: add JSON support for smbstatus
Adds the option --json for all informations except the profiling.
With --json sets the json_output variable to true, so that the json dictionary
can be created and printed.
Signed-off-by: Jule Anger <janger at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
74028253 by Jule Anger at 2022-08-08T12:56:29+00:00
s3:tests: Add a test to check json output of smbstatus
Signed-off-by: Jule Anger <janger at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
03ed8d3a by Jule Anger at 2022-08-08T12:56:29+00:00
smbstatus: add a method to add profile items to json
The method changes the json item of a given traverse_state.
The root dictionary contains for each section a dictionary, which has
a dictionary for each subsection.
Signed-off-by: Jule Anger <janger at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
0ed54cc6 by Ralph Boehme at 2022-08-08T12:56:29+00:00
smbstatus: fix indentation in profile_separator()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jule Anger <janger at samba.org>
- - - - -
803899fd by Jule Anger at 2022-08-08T12:56:29+00:00
smbstatus: add JSON support for smbstatus --profile
Signed-off-by: Jule Anger <janger at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
80d069a7 by Jule Anger at 2022-08-08T14:01:45+00:00
s3:tests: Add a test to check json output of smbstatus profile
Signed-off-by: Jule Anger <janger at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Jule Anger <janger at samba.org>
Autobuild-Date(master): Mon Aug 8 14:01:45 UTC 2022 on sn-devel-184
- - - - -
459107e6 by Jule Anger at 2022-08-08T16:21:26+02:00
WHATSNEW: Up to Samba 4.17.0rc1.
Signed-off-by: Jule Anger <janger at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
- - - - -
abc2296a by Jule Anger at 2022-08-08T16:22:13+02:00
VERSION: Disable GIT_SNAPSHOT for the Samba 4.17.0rc1 release.
Signed-off-by: Jule Anger <janger at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
- - - - -
4cbef001 by Jule Anger at 2022-08-08T16:31:27+02:00
VERSION: Bump version up to 4.17.0rc2...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Jule Anger <janger at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
- - - - -
a8ddc56e by John Mulligan at 2022-08-16T16:31:16+00:00
WHATSNEW: add section for new smbconf python api
Signed-off-by: John Mulligan <jmulligan at redhat.com>
- - - - -
d6afd0d9 by Jule Anger at 2022-08-16T16:31:16+00:00
WHATSNEW: announce new smbstatus json support
Signed-off-by: Jule Anger <janger at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
fd61f48e by Jule Anger at 2022-08-16T17:37:28+00:00
manpages: add smbstatus option --json with sample output
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15147
Signed-off-by: Jule Anger <janger at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit ddbf1b29eee140b3112eb238852bfdc8285eb04f)
Autobuild-User(v4-17-test): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(v4-17-test): Tue Aug 16 17:37:28 UTC 2022 on sn-devel-184
- - - - -
d6c44a93 by Jule Anger at 2022-08-16T18:27:13+00:00
s3:tests: let smbstatus json tests fail if jq is not installed
Signed-off-by: Jule Anger <janger at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 4b91702a6ea2c6474e635d5ae5f7acd9aebbbab7)
- - - - -
7b338dc6 by Volker Lendecke at 2022-08-16T18:27:13+00:00
smbd: Use dirfsp where we have it
One reference to conn->cwd_fsp less, makes "mkdir" look less ugly in
strace.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15146
(cherry picked from commit b1b513eebb0999cdfabab597927305be7d978605)
- - - - -
f82ef749 by Volker Lendecke at 2022-08-16T18:27:13+00:00
smbstatus: Fix the 32-bit build on FreeBSD
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Aug 9 20:04:26 UTC 2022 on sn-devel-184
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15146
(cherry picked from commit 4d015b4b6db20235d6d821204d03b0e1fce1c681)
- - - - -
851d7768 by Stefan Metzmacher at 2022-08-16T18:27:13+00:00
s3:include: remove unused update_stat_ex_file_id() prototype
It was removed by commit 643da37fd139413651a6198fb0f6e550f7de6584
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15146
(cherry picked from commit 8c7e8c5f80f1488456f9dd6225020d29f74458d2)
- - - - -
c12a8d50 by Stefan Metzmacher at 2022-08-16T18:27:13+00:00
smbd: avoid calling SMB_VFS_FGET_NT_ACL() if do_not_check_mask already covers all
This is inspired by 0d4cb5a641e1fea2d369bdc66470a580321366c2,
which avoids SMB_VFS_FGET_NT_ACL() for the root user again.
Opens with just FILE_READ_ATTRIBUTES are very common, so it's worth
optimizing for it.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15146
(cherry picked from commit a0a97d27f7a60dbd86317b51bec0ece2476e8c8d)
- - - - -
691d0fad by Stefan Metzmacher at 2022-08-16T18:27:13+00:00
s3:g_lock: use TDB_VOLATILE to avoid fcntl locks
This improves 'time smbtorture3 //foo/bar -U% local-g-lock-ping-pong -o 50000000'
from ~1.400.000 to ~3.400.000 operations per second any a testsystem.
As we also use TDB_VOLATILE for locking.tdb, this is a much more
realistic test now.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15146
(cherry picked from commit cd01f5134696f7789fbc2933629ac2606feb0b5e)
- - - - -
ca8fab6e by Stefan Metzmacher at 2022-08-16T18:27:13+00:00
s4:param: add --option="libsmb:client_guid=6112f7d3-9528-4a2a-8861-0ca129aae6c4" support...
We already handle this in the source3/libsmb code, but it's good to
have this also for torture tests.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15146
(cherry picked from commit 72caffbe1115c57ad38270eaeb951f6b97bf62b3)
- - - - -
76672394 by Stefan Metzmacher at 2022-08-16T18:27:13+00:00
s4:torture/smb2: teach smb2.bench.path-contention-shared about --option="torture:qdepth=4"
This can now test more than one open/close loop per connection.
time smbtorture //127.0.0.1/m -Uroot%test \
smb2.create.bench-path-contention-shared \
--option='torture:bench_path=' \
--option="torture:timelimit=60" \
--option="torture:nprocs=1" \
--option="torture:qdepth=4"
The default is still 1, but it's very useful for tests.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15146
(cherry picked from commit 8ee783c4803d28cccc39144afa7b78c4b9e0cc2e)
- - - - -
adcf069e by Stefan Metzmacher at 2022-08-16T18:27:13+00:00
s4:torture/smb2: add smb2.bench.echo
This test calls SMB2_Echo in a loop per connection.
For 4 connections with 2 parallel loops use this:
time smbtorture //127.0.0.1/m -Uroot%test smb2.bench.echo \
--option="torture:timelimit=600" \
--option="torture:nprocs=1" \
--option="torture:qdepth=2"
Sometimes the bottleneck is the smbtorture process.
In order to bring the smbd process to 100% cpu, you can use
'--option="libsmb:client_guid=6112f7d3-9528-4a2a-8861-0ca129aae6c4"'
and run multiple instances of the test at the same time,
which both talk to the same smbd process.
This is a very useful test to show how many requests are possible
at the raw SMB2 layer.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Aug 11 19:23:37 UTC 2022 on sn-devel-184
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15146
(cherry picked from commit 23988f19e7cc2823d6c0c0f40af0195d0a3b81bf)
- - - - -
496b9b45 by Jeremy Allison at 2022-08-16T18:27:13+00:00
s3: smbd: Fix cosmetic bug logging pathnames from Linux kernel clients using SMB1 DFS calls.
The Linux kernel SMB1 client has a bug - it sends
DFS pathnames as:
\\server\share\path
instead of:
\server\share\path
Causing us to mis-parse server,share,remaining_path here
and jump into 'goto local_path' at 'share\path' instead
of 'path'.
This doesn't cause an error as the limits on share names
are similar to those on pathnames.
parse_dfs_path() which we call before filename parsing
copes with this by calling trim_char on the leading '\'
characters before processing.
Do the same here so logging of pathnames looks better.
How did I find this ? Lots and lots of manual
testing with the Linux kernel client to make
sure all the recent changes haven't broken Linux
SMB1/2/3 DFS :-).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15144
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15146
(cherry picked from commit 2818fd6910201fd4a18b921933a0b7392a0a8995)
- - - - -
33d00d7e by Jeremy Allison at 2022-08-16T18:27:13+00:00
s3: smbd: Add new function check_path_syntax_smb2_msdfs() for SMB2 MSDFS paths.
#ifdef'ed out as static and not yet used.
We can't just call check_path_syntax() on these as
they are of the form hostname\share[\extrapath]
(where [\extrapath] is optional).
hostname here can be an IPv6 ':' separated address,
which check_path_syntax() fails on due to the streamname
processing.
NB. This also has to cope with out existing (broken)
libsmbclient libraries that sometimes set the DFS
flag and then send a local pathname. Cope by just
calling the normal check_path_syntax() on the
whole pathname in that case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15144
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15146
(cherry picked from commit bcba5502282eb6dcc346d7c63aa3218cda2f9bb0)
- - - - -
deb00940 by Jeremy Allison at 2022-08-16T18:27:13+00:00
s3: smbd: Add helper function check_path_syntax_smb2().
Not yet used, but uses check_path_syntax_smb2_msdfs()
so remove the #ifdef's around that.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15144
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15146
(cherry picked from commit 7bd7fa0a0b46ad6826097a1987595e2ab6f83384)
- - - - -
c940c9ea by Jeremy Allison at 2022-08-16T18:27:13+00:00
s3: smbd: In smbd_smb2_create_send() call the helper function check_path_syntax_smb2().
Previously for DFS names we were skipping this.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15144
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15146
(cherry picked from commit 4fafc3418931de06ea2d91baca1eef8d904cc4e6)
- - - - -
8d09dc16 by Jeremy Allison at 2022-08-16T18:27:13+00:00
s3: smbd: Make sure we have identical check_path_syntax logic in smbd_smb2_create_durable_lease_check(), as for smb2_create.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15144
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15146
(cherry picked from commit a2a097fc3d6a89fb970c1ea3ea75fde93ddb545e)
- - - - -
8031584e by Jeremy Allison at 2022-08-16T18:27:13+00:00
s3: smbd: Ensure smb2_file_rename_information() uses the SMB2 pathname parsers, not the SMB1 parsers.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15144
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15146
(cherry picked from commit 0a4a27ce48bc7090aa821eea5e56f8d44c686716)
- - - - -
3a944329 by Jeremy Allison at 2022-08-16T18:27:13+00:00
s3: smbd: Add TALLOC_CTX * parameter to parse_dfs_path().
Not yet used. Preparing to remove 'struct dfs_path'.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15144
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15146
(cherry picked from commit 2df8a8ab87a1372f2b67880be4454a0285b3104b)
- - - - -
274c8a06 by Jeremy Allison at 2022-08-16T18:27:13+00:00
s3: smbd: Remove use of 'struct dfs_path'. Not needed for a (hostname, servicename, path) tuple.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15144
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15146
(cherry picked from commit f92711f000a3cb658dfb8fffe92ae6bba78b4f91)
- - - - -
8ce26e1e by Jeremy Allison at 2022-08-16T18:27:13+00:00
s3: smbd: Remove definition of struct dfs_path.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15144
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15146
(cherry picked from commit 6c83c674bab8e57ecaf6271eb3a403171bbbacca)
- - - - -
0dd880ab by Jeremy Allison at 2022-08-16T18:27:13+00:00
s3: smbd: Add helper function msdfs_servicename_matches_connection().
Not yet used so commented out.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15144
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15146
(cherry picked from commit 4f5d02f8c0efc1520b2113ce656c78483deb7826)
- - - - -
74dc7cb5 by Jeremy Allison at 2022-08-16T18:27:13+00:00
s3: smbd: Use helper function msdfs_servicename_matches_connection() in parse_dfs_path().
Replaces ugly complex logic.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15144
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15146
(cherry picked from commit c0a1d7c7a8a7f24890e60c7a371498949dec11c2)
- - - - -
c0f9b5f4 by Jeremy Allison at 2022-08-16T18:27:13+00:00
s3: smbd: Use helper function msdfs_servicename_matches_connection() in dfs_redirect().
Replaces ugly complex logic.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15144
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15146
(cherry picked from commit a3c9eb7931cb4da0dd5bc5d600125979dd1a7df5)
- - - - -
d1ba2845 by Jeremy Allison at 2022-08-16T18:27:13+00:00
s3: smbd: Add dfs_filename_convert(). Simple wrapper around parse_dfs_path().
Not yet used.
This is what we will use to replace dfs_redirect() in the filename
conversion code. Keep as a wrapper for now as we might want to
add some error checking around the 'hostname' and 'service'
returns.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15144
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15146
(cherry picked from commit 245d07ab84852b829c029496618e56782d070e83)
- - - - -
9a9b953a by Jeremy Allison at 2022-08-16T18:27:13+00:00
s3: smbd: In get referred_path(), make sure check_path_syntax() is called on returned reqpath.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15144
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15146
(cherry picked from commit da625e4ab4bc670e44fcb6ad7456aa64d0f1f9d2)
- - - - -
7e9fb8e9 by Jeremy Allison at 2022-08-16T18:27:13+00:00
s3: smbd: In get create_junction(), make sure check_path_syntax() is called on returned reqpath.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15144
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15146
(cherry picked from commit a92f4f7af0eaa035deebfb1c930ca0cc12d992d5)
- - - - -
5f68afbd by Jeremy Allison at 2022-08-16T18:27:13+00:00
s3: smbd: Allow openat_pathref_dirfsp_nosymlink() to return NT_STATUS_PATH_NOT_COVERED for a DFS link on a DFS share.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15144
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15146
(cherry picked from commit b5f6809593524e7e9aca1c09ff379e02a1cde61b)
- - - - -
879b42bd by Jeremy Allison at 2022-08-16T18:27:13+00:00
s3: smbd: In filename_convert_dirfsp_nosymlink(), allow a NT_STATUS_PATH_NOT_COVERED error to be returned.
openat_pathref_dirfsp_nosymlink() can now return NT_STATUS_PATH_NOT_COVERED.
Don't convert this automatically into NT_STATUS_OBJECT_PATH_NOT_FOUND..
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15144
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15146
(cherry picked from commit 07ef9e3029b8cca1b92d900d6ed684ca0ac6afe4)
- - - - -
d0a9046c by Jeremy Allison at 2022-08-16T18:27:13+00:00
s3: smbd: In filename_convert_dirfsp_nosymlink(), cope with an MS-DFS link as the terminal component.
If the terminal component was an MSDFS link, openat_pathref_fsp_case_insensitive() will
return NT_STATUS_OBJECT_NAME_NOT_FOUND with a VALID_STAT of a symlink.
If this is the case, check if we actually found a terminal MS-DFS link
at the end of the pathname and return NT_STATUS_PATH_NOT_COVERED.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15144
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15146
(cherry picked from commit d80bedc3c418b6839b1bde78ba8d3db06611be2a)
- - - - -
66bc141d by Jeremy Allison at 2022-08-16T18:27:13+00:00
s3: smbd: Remove call to dfs_redirect() from filename_convert_smb1_search_path().
Use dfs_filename_convert() instead. Code is now much simpler.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15144
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15146
(cherry picked from commit fcf19d91c09edc6dfbf5bd7cbeedcd641030eb31)
- - - - -
38740cee by Jeremy Allison at 2022-08-16T18:27:13+00:00
s3: smbd: Remove call to dfs_redirect() from filename_convert_dirfsp_nosymlink().
Use dfs_filename_convert() instead. There are now no more callers of dfs_redirect().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15144
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15146
(cherry picked from commit d20b60c3200b5e1881cdf4b59da154d1af7e3994)
- - - - -
161324f5 by Jeremy Allison at 2022-08-16T18:27:13+00:00
s3: smbd: Remove dfs_redirect().
A moment of silence please.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15144
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15146
(cherry picked from commit 6b1224b22012b54b1ae20b682daf61c877362a7b)
- - - - -
bd5c6755 by Jeremy Allison at 2022-08-16T18:27:13+00:00
s3: smbd: Add new version of dfs_path_lookup() that uses filename_convert_dirfsp().
Commented out as not yet used but it's easier to see the
new logic this way.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15144
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15146
(cherry picked from commit 22d4f62537199d9454be312a546e251f04022497)
- - - - -
37ce01d6 by Jeremy Allison at 2022-08-16T18:27:13+00:00
s3: smbd: Switch get_referred_path() over to use the new dfs_path_lookup().
New function doesn't need a TWRP argument and returns NT_STATUS_OK
on successful redirect, not NT_STATUS_PATH_NOT_COVERED.
Comment out the old dfs_path_lookup().
There are now no more users of unix_convert().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15144
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15146
(cherry picked from commit 88e8bfec59412fdc0e83251fef60b45d2cc3a884)
- - - - -
0ffe593b by Jeremy Allison at 2022-08-16T18:27:13+00:00
s3: smbd: Remove the old dfs_path_lookup() code.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15144
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15146
(cherry picked from commit cc638c25e0332d366016880d174d9349940cba3f)
- - - - -
fc3f035e by Jeremy Allison at 2022-08-16T18:27:13+00:00
s3: smbd: Remove unix_convert() and associated functions.
All code now uses filename_convert_dirfsp() for race-free
filename conversion.
Best viewed with:
$ git show --patience
----------------
/ \
/ REST \
/ IN \
/ PEACE \
/ \
| |
| unix_convert |
| |
| |
| 9th August |
| 2022 |
| |
| |
*| * * * | *
_________)/\\_//(\/(/\)/\//\/\///\/|_)_______
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15144
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Aug 12 19:18:25 UTC 2022 on sn-devel-184
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15146
(cherry picked from commit 78e4aac76df977cea6cdbcfdf082fd3acdffbd95)
- - - - -
b8a5f41b by Andreas Schneider at 2022-08-16T18:27:13+00:00
s3:util: Initialize json_object structures so we can call json_free()
CID 1507863
CID 1507865
CID 1507866
CID 1507867
CID 1507868
CID 1507869
CID 1507870
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15140
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15146
(cherry picked from commit 4a702cddaebf7e616706e0c728685567e141b493)
- - - - -
7b4e11f1 by Andreas Schneider at 2022-08-16T18:27:13+00:00
s3:utils: Fix NULL check
CID 1507864
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15140
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Aug 12 21:50:23 UTC 2022 on sn-devel-184
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15146
(cherry picked from commit a38fad29803f9e2891b2264ac3258394152e8deb)
- - - - -
c2a69553 by Stefan Metzmacher at 2022-08-16T18:27:13+00:00
s3:tests: add a lot more tests to test_symlink_traversal_smb2.sh
We now also test more path components checking the difference between
OBJECT_NAME_NOT_FOUND and OBJECT_PATH_NOT_FOUND.
We also test with symlinks within the path instead of only checking
symlinks as final path components (at least for the dirfsp part).
This ensures the following commits won't introduce regressions
when adding the openat2(RESOLVE_NO_SYMLINK) optimization.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15146
(cherry picked from commit 085f14857531dab179af66a69962486c7dd2592c)
- - - - -
efb48897 by Stefan Metzmacher at 2022-08-16T18:27:13+00:00
wafsamba: allow cflags for CHECK_TYPE[_IN]()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15146
(cherry picked from commit 2b51bad747551605ba3b70ac3b692107a0cd7aad)
- - - - -
c8c2cbca by Stefan Metzmacher at 2022-08-16T18:27:13+00:00
vfs_io_uring: hide a possible definition of struct open_how in liburing/compat.h
liburing.h will include liburing/compat.h, which either includes
linux/openat2.h or defines struct open_how itself.
This will help with the following changes, which will provide
openat2() via libreplace's system/filesys.h, either including
linux/openat2.h or defining open_how ourself.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15146
(cherry picked from commit cea9451f780d13e528f1722a67eccbbc78b2daf9)
- - - - -
cc9caffa by Stefan Metzmacher at 2022-08-16T18:27:13+00:00
vfs_btrfs: fix include order, includes.h or replace.h should be first
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15146
(cherry picked from commit 2369d0833361faf4a125431e735fce7efb6024d6)
- - - - -
5326bbac by Stefan Metzmacher at 2022-08-16T18:27:13+00:00
lib/replace: add a replacement for openat2() that returns ENOSYS
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15146
(cherry picked from commit ce804b78164a3166a16ca3071028536761fd18d7)
- - - - -
b9a14412 by Stefan Metzmacher at 2022-08-16T18:27:13+00:00
lib/replace: always include <sys/syscall.h> in replace.c if available
It will be used for openat2() soon.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15146
(cherry picked from commit 37ba6df174d73b82e951de401cba7f839ad61ab5)
- - - - -
dd186243 by Stefan Metzmacher at 2022-08-16T18:27:13+00:00
lib/replace: use syscall(__NR_openat2) if available
There's no glibc wrapper for openat2() yet, so we need
to use syscall(__NR_openat2) ourself.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15146
(cherry picked from commit b89001e9226ecb0f4e5c906f7195f0e53cd7d608)
- - - - -
4b1f56aa by Stefan Metzmacher at 2022-08-16T18:27:13+00:00
lib/replace: add fallback defines for __NR_openat2
sys/syscall.h might be older than the runtime kernel.
If the kernel has support for openat2() we should
try to use if anyway.
The callers have to deal with ENOSYS anyway,
so there's no difference if we get that from syscall(__NR_openat2)
or directly from rep_openat2().
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15146
(cherry picked from commit f7618dd31a9f8f6c0dbfdedd1a664eed25e2e449)
- - - - -
b71871a1 by Stefan Metzmacher at 2022-08-16T18:27:13+00:00
lib/replace: let DISABLE_OPATH also undef __NR_openat2
The reason for DISABLE_OPATH is to simulate a non-linux
system, so we should not use openat2() either.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15146
(cherry picked from commit ae1a84f7313bdf4702492451714eacc78ee7745f)
- - - - -
25071a1f by Volker Lendecke at 2022-08-16T18:27:13+00:00
vfs: define VFS_OPEN_HOW_RESOLVE_NO_SYMLINKS
This will allow us to make use of openat2(RESOLVE_NO_SYMLINKS) soon.
The caller should check if connection_struct.open_how_resolve contains
VFS_OPEN_HOW_RESOLVE_NO_SYMLINKS before using it, this avoids waisting
cpu time. But even then the caller must be prepared to handle -1/ENOSYS.
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Volker Lendecke <vl at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15146
(cherry picked from commit f7dc27558329eea7d2c4d75ee101c7f9d3a7afe3)
- - - - -
4ec4806b by Stefan Metzmacher at 2022-08-16T18:27:13+00:00
s3:smbd: let openat_pathref_dirfsp_nosymlink() do a verification loop against . and .. first
I guess we should catch NT_STATUS_OBJECT_NAME_INVALID first,
currently the check is already done in check_path_syntax*,
but we may remove it in future.
But the most important reason for this is the
openat2(RESOLVE_NO_SYMLINK) optimization, which will
be introduced in the following commits.
Review with: git show -w
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15146
(cherry picked from commit 17484d069b92d08b0228fb509ea42ab4c3f496a8)
- - - - -
5d703111 by Stefan Metzmacher at 2022-08-16T18:27:13+00:00
s3:smbd: let openat_pathref_dirfsp_nosymlink() handle ELOOP similar to ENOTDIR
This is no likely to happen as we use O_NOFOLLOW with O_DIRECTORY,
but it's better to be prepared...
This will be more important in the upcoming openat2(RESOLVE_NO_SYMLINK)
case, but we should be consitent...
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15146
(cherry picked from commit 35b99c87ef92df006f8b0a41bbea051f0faeadb9)
- - - - -
40476e83 by Volker Lendecke at 2022-08-16T18:27:13+00:00
s3:smbd: let openat_pathref_dirfsp_nosymlink() try VFS_OPEN_HOW_RESOLVE_NO_SYMLINKS first
This will reduce the amount of syscalls and the related cost drastically
for long path names.
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Volker Lendecke <vl at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15146
(cherry picked from commit d6653067b20e61af1f05423764c8486a1a5445c8)
- - - - -
3ec21a8d by Stefan Metzmacher at 2022-08-16T18:27:13+00:00
vfs_default: prepare O_PATH usage with openat2()
When O_PATH is specified in flags, flag bits other than O_CLOEXEC,
O_DIRECTORY, and O_NOFOLLOW are ignored.
In preparation to use openat2(), which gives an error instead of
ignoring flags, we better remove unexpected flags, callers typically
pass O_RDONLY and O_NONBLOCK.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15146
(cherry picked from commit 8544f4490a0b5e54b807daedddb96778744b62ee)
- - - - -
783e6e75 by Volker Lendecke at 2022-08-16T18:27:13+00:00
vfs_default: Use openat2(RESOLVE_NO_SYMLINKS) if available
This improves the following test:
time smbtorture //127.0.0.1/m -Uroot%test \
smb2.create.bench-path-contention-shared \
--option='torture:bench_path=Apps\1\2\3\4\5\6\7\8\9\10' \
--option="torture:timelimit=600" \
--option="torture:nprocs=1"
From:
open[num/s=14186,avslat=0.000044,minlat=0.000042,maxlat=0.000079]
close[num/s=14185,avslat=0.000027,minlat=0.000025,maxlat=0.000057]
to:
open[num/s=16917,avslat=0.000038,minlat=0.000035,maxlat=0.000340]
close[num/s=16916,avslat=0.000020,minlat=0.000019,maxlat=0.000104]
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Volker Lendecke <vl at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15146
(cherry picked from commit 4708ba2f013c5f5ea5aa5dcf4873c2b4a86fb8ff)
- - - - -
912ee2c9 by Stefan Metzmacher at 2022-08-16T18:27:13+00:00
selftest/Samba3: let nt4_dc* use vfs_default:VFS_OPEN_HOW_RESOLVE_NO_SYMLINKS=no
We should always test the code path without openat2 being available,
even if the kernel supports it.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Mon Aug 15 16:00:26 UTC 2022 on sn-devel-184
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15146
(cherry picked from commit 076c22fbd7ecbf22dbfeb1711609f07fd42f88b0)
- - - - -
80c090c8 by Jeremy Allison at 2022-08-16T18:27:13+00:00
s3: tests: Add samba3.blackbox.test_veto_files.
Shows we currently don't look at smb.conf veto files parameter
when opening a file or directory. Checks multi-component paths.
Also checks veto files that might be hidden behind a mangled
name.
Add knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15143
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15146
(cherry picked from commit c6933673222ea9ae2eb74d5586c9495269f51ea0)
- - - - -
9e32b03e by Jeremy Allison at 2022-08-16T18:27:13+00:00
s3: smbd: Add IS_VETO_PATH check to openat_pathref_dirfsp_nosymlink().
Returns NT_STATUS_OBJECT_PATH_NOT_FOUND for directory component.
Note IS_VETO_PATH only looks at the last component, so we must
do it during the directory walk on each component.
Note, we also have to check after a call to get_real_filename_at()
as it may have demangled the client sent name into a filesystem
name that matches the "veto files" parameter.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15143
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15146
(cherry picked from commit 1c293060204d96bf94427f91eb20eb9decc29a41)
- - - - -
ff46ee6a by Jeremy Allison at 2022-08-16T18:27:13+00:00
s3: smbd: Add IS_VETO_PATH checks to openat_pathref_fsp_case_insensitive().
Returns NT_STATUS_OBJECT_NAME_NOT_FOUND for final component.
Note we have to call the check before each call to
openat_pathref_fsp(), as each call may be using a
different filesystem name. The first name is the
one passed into openat_pathref_fsp_case_insensitive()
by the caller, the second one is a name retrieved from
get_real_filename_cache_key(), and the third one is the name
retrieved from get_real_filename_at(). The last two
calls may have demangled the client given name into
a veto'ed path on the filesystem.
Remove knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15143
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Tue Aug 16 08:26:54 UTC 2022 on sn-devel-184
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15146
(cherry picked from commit 1654eae11b9c13308b2b78f70309eb3a56960619)
- - - - -
c027512a by Stefan Metzmacher at 2022-08-16T18:27:13+00:00
s3:vfs.h: add comment about VFS_OPEN_HOW_RESOLVE_NO_SYMLINKS
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15146
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 5adf051228b56c05fe1205e7a865a497b58e81d9)
- - - - -
8b6cea81 by Stefan Metzmacher at 2022-08-16T19:37:17+00:00
WHATSNEW: SMB Server performance improvements
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(v4-17-test): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(v4-17-test): Tue Aug 16 19:37:17 UTC 2022 on sn-devel-184
- - - - -
9e75207d by Jule Anger at 2022-08-16T22:09:30+02:00
WHATSNEW: Add release notes for Samba 4.17.0rc2.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
8e1f7430 by Jule Anger at 2022-08-16T22:10:35+02:00
VERSION: Disable GIT_SNAPSHOT for the 4.17.0rc2 release.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
877287e6 by Jule Anger at 2022-08-16T22:11:15+02:00
VERSION: Bump version up to Samba 4.17.0rc3...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
dee25057 by Joseph Sutton at 2022-08-23T07:46:18+00:00
libcli/smb: Ensure we call tevent_req_nterror() on failure
Commit 3594c3ae202688fd8aae5f7f5e20464cb23feea9 added a NULL check for
'inhdr', but it meant we didn't always call tevent_req_nterror() when we
should.
Now we handle connection errors. We now also set an error status if the
NULL check fails.
I noticed this when an ECONNRESET error from a server refusing SMB1
wasn't handled, and the client subsequently hung in epoll_wait().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15152
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 40d4912d841e6bcd7cd37810ef101d5f89268ee7)
- - - - -
e3ee5197 by Joseph Sutton at 2022-08-23T07:46:18+00:00
libcli/smb: Set error status if 'iov' pointer is NULL
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15152
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Mon Aug 22 09:03:29 UTC 2022 on sn-devel-184
(cherry picked from commit 75e03ea021afa66842b6e0dea21072b1b8026d58)
- - - - -
6ac28f43 by Stefan Metzmacher at 2022-08-23T07:46:18+00:00
s3:smbd: share_mode_flags_set() takes SMB2_LEASE_* values
We currently only ever pass SMB2_LEASE_READ and both
have the same value of 0x1, so for now it's only cosmetic,
but that will change soon.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15148
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 7592aad4d7a84d0ac66a156a22af3ad77803e55c)
- - - - -
0529214b by Stefan Metzmacher at 2022-08-23T07:46:18+00:00
s4:torture/smb2: add smb2.lease.v[1,2]_bug_15148
This demonstrates the bug that happens with a
write to a file handle holding an R lease,
while there are other openers without any lease.
When one of the other openers writes to the file,
the R lease of the only lease holder isn't broken to NONE.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15148
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 9e5ff607eb1b9c45c8836d3cff9d51b418740b87)
- - - - -
c4c99397 by Stefan Metzmacher at 2022-08-23T07:46:18+00:00
s3:smbd: only clear LEASE_READ if there's no read lease is left
If contend_level2_oplocks_begin_default() skips break it's
own lease, we should not clear SHARE_MODE_LEASE_READ
in share_mode_data->flags.
Otherwise that lease won't see any lease break notifications
for writes from other clients (file handles not using the same lease
key).
So we need to count the number existing read leases (including
the one with the same lease key) in order to know it's
safe to clear SMB2_LEASE_READ/SHARE_MODE_LEASE_READ.
Otherwise the next run (likely from another client)
will get the wrong result from file_has_read_lease().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15148
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Aug 18 19:41:33 UTC 2022 on sn-devel-184
(cherry picked from commit 96e2a82760ea06a89b7387b5cd3e864732afded3)
- - - - -
0725e1ea by Christian Ambach at 2022-08-23T07:46:18+00:00
s3:utils remove documentation of -l as alias for --long
This was removed in 94fc9ca4c506468ab1907d501c0964d67b9d963c, so remove it from
the usage output and manpage.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15145
Signed-off-by: Christian Ambach <ambi at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Wed Aug 17 07:14:21 UTC 2022 on sn-devel-184
(cherry picked from commit 123f1c07c41b40de6a9d53599d3d9a42f1a5e92b)
- - - - -
0b33961e by Jeremy Allison at 2022-08-23T07:46:18+00:00
s3/smbd: Use after free when iterating smbd_server_connection->connections
In SMB2 smbd_smb2_tree_connect() we create a new conn struct
inside make_connection_smb2() then move the ownership to tcon using:
tcon->compat = talloc_move(tcon, &compat_conn);
so the lifetime of tcon->compat is tied directly to tcon.
Inside smbXsrv_tcon_disconnect() we have:
908 ok = chdir_current_service(tcon->compat);
909 if (!ok) {
910 status = NT_STATUS_INTERNAL_ERROR;
911 DEBUG(0, ("smbXsrv_tcon_disconnect(0x%08x, '%s'): "
912 "chdir_current_service() failed: %s\n",
913 tcon->global->tcon_global_id,
914 tcon->global->share_name,
915 nt_errstr(status)));
916 tcon->compat = NULL;
917 return status;
918 }
919
920 close_cnum(tcon->compat, vuid);
921 tcon->compat = NULL;
If chdir_current_service(tcon->compat) fails, we return status without ever having
called close_cnum(tcon->compat, vuid), leaving the conn pointer left in the linked
list sconn->connections.
The caller frees tcon and (by ownership) tcon->compat, still leaving the
freed tcon->compat pointer on the sconn->connections linked list.
When deadtime_fn() fires and walks the sconn->connections list it
indirects this freed pointer. We must call close_cnum() on error also.
Valgrind trace from Noel Power <noel.power at suse.com> is:
==6432== Invalid read of size 8
==6432== at 0x52CED3A: conn_lastused_update (conn_idle.c:38)
==6432== by 0x52CEDB1: conn_idle_all (conn_idle.c:54)
==6432== by 0x5329971: deadtime_fn (smb2_process.c:1566)
==6432== by 0x5DA2339: smbd_idle_event_handler (util_event.c:45)
==6432== by 0x685F2F8: tevent_common_invoke_timer_handler (tevent_timed.c:376)
==6432== Address 0x19074b88 is 232 bytes inside a block of size 328 free'd
==6432== at 0x4C3451B: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==6432== by 0x5B38521: _tc_free_internal (talloc.c:1222)
==6432== by 0x5B39463: _tc_free_children_internal (talloc.c:1669)
==6432== by 0x5B38404: _tc_free_internal (talloc.c:1184)
==6432== by 0x5B39463: _tc_free_children_internal (talloc.c:1669)
==6432== by 0x5B38404: _tc_free_internal (talloc.c:1184)
==6432== by 0x5B39463: _tc_free_children_internal (talloc.c:1669)
==6432== by 0x5B38404: _tc_free_internal (talloc.c:1184)
==6432== by 0x5B39463: _tc_free_children_internal (talloc.c:1669)
==6432== by 0x5B38404: _tc_free_internal (talloc.c:1184)
==6432== by 0x5B385C5: _talloc_free_internal (talloc.c:1248)
==6432== by 0x5B3988D: _talloc_free (talloc.c:1792)
==6432== by 0x5349B22: smbd_smb2_flush_send_queue (smb2_server.c:4828)
==6432== Block was alloc'd at
==6432== at 0x4C332EF: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==6432== by 0x5B378D9: __talloc_with_prefix (talloc.c:783)
==6432== by 0x5B37A73: __talloc (talloc.c:825)
==6432== by 0x5B37E0C: _talloc_named_const (talloc.c:982)
==6432== by 0x5B3A8ED: _talloc_zero (talloc.c:2421)
==6432== by 0x539873A: conn_new (conn.c:70)
==6432== by 0x532D692: make_connection_smb2 (smb2_service.c:909)
==6432== by 0x5352B5E: smbd_smb2_tree_connect (smb2_tcon.c:344)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15128
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
(cherry picked from commit 0bdfb5a5e60df214c088df0782c4a1bcc2a4944a)
- - - - -
c47b7479 by Jeremy Allison at 2022-08-23T07:46:18+00:00
s3/smbd: Use after free when iterating smbd_server_connection->connections
Change conn_free() to just use a destructor. We now
catch any other places where we may have forgetten to
call conn_free() - it's implicit on talloc_free(conn).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15128
Based on code from Noel Power <noel.power at suse.com>.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
Autobuild-User(master): Noel Power <npower at samba.org>
Autobuild-Date(master): Wed Aug 17 09:54:06 UTC 2022 on sn-devel-184
(cherry picked from commit f92bacbe216d2d74ea3ccf3fe0df5c1cc9860996)
- - - - -
5fc9bf0f by Jeremy Allison at 2022-08-23T07:46:18+00:00
s3: smbd: Add "enum file_close_type close_type" parameter to close_cnum().
Not yet used, but needed so we can differentiate between
SHUTDOWN_CLOSE and ERROR_CLOSE in smbXsrv_tcon_disconnect()
if we fail to chdir. In that case we want to close the fd,
but not run any delete-on-close actions.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15128
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
(cherry picked from commit 9203d17106c0e55a30813ff1ed76869c7581a343)
- - - - -
91273a96 by Jeremy Allison at 2022-08-23T07:46:18+00:00
s3: smbd: Add "enum file_close_type close_type" parameter to file_close_conn().
Not yet used.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15128
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
(cherry picked from commit 7005a6354df5522d9f665fb30052c458dfc93124)
- - - - -
76bff908 by Jeremy Allison at 2022-08-23T07:46:18+00:00
s3: smbd: Plumb close_type parameter through close_file_in_loop(), file_close_conn()
Allows close_file_in_loop() to differentiate between SHUTDOWN_CLOSE
(previously it only used this close type) and ERROR_CLOSE - called
on error from smbXsrv_tcon_disconnect() in the error path. In that
case we want to close the fd, but not run any delete-on-close actions.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15128
Signed-off-by: Jeremy Allison <jra at samba.org>
Reivewed-by: Noel Power <npower at samba.org>
Autobuild-User(master): Noel Power <npower at samba.org>
Autobuild-Date(master): Thu Aug 18 14:10:18 UTC 2022 on sn-devel-184
(cherry picked from commit cf5f7b1489930f6d64c3e3512f116ccf286d4605)
- - - - -
208037a7 by Stefan Metzmacher at 2022-08-23T07:46:18+00:00
lib/util: add unlikely() to SMB_ASSERT()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit bf1dd1a188c096093bedc628a14bb037e3209630)
- - - - -
e4538e70 by Stefan Metzmacher at 2022-08-23T07:46:18+00:00
s3:g_lock: add some const to the shared array passed via g_lock_dump*()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit bb3dddcdf11e6c2f5319d64bf2ef20636d0ed82f)
- - - - -
f207ef33 by Stefan Metzmacher at 2022-08-23T07:46:18+00:00
s3:g_lock: avoid useless talloc_array(0) in g_lock_dump()
In the common case we don't have any shared lock holders,
so there's no need to allocate memory for the empty array.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit c75de325710c0fbbd50a0acd3af55404165440d6)
- - - - -
6bf37ba4 by Stefan Metzmacher at 2022-08-23T07:46:18+00:00
s3:smbd: only run validate_oplock_types() with smbd:validate_oplock_types = yes
This is really expensive as share_mode_forall_entries() is currently
doing a talloc_memdup() of the whole record...
This is mainly used to avoid regressions, so only
use smbd:validate_oplock_types = yes in make test,
but skip it for production.
This improves the following test:
time smbtorture //127.0.0.1/m -Uroot%test \
smb2.create.bench-path-contention-shared \
--option='torture:bench_path=file.dat' \
--option="torture:timelimit=60" \
--option="torture:nprocs=256" \
--option="torture:qdepth=1"
From:
open[num/s=8852,avslat=0.014999,minlat=0.000042,maxlat=0.054600]
close[num/s=8850,avslat=0.014136,minlat=0.000025,maxlat=0.054537]
to:
open[num/s=11377,avslat=0.012075,minlat=0.000041,maxlat=0.054107]
close[num/s=11375,avslat=0.010594,minlat=0.000023,maxlat=0.053620]
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 0fbca175ae4763d82f8a414ee3d6354c95d5294e)
- - - - -
411af5fb by Stefan Metzmacher at 2022-08-23T07:46:18+00:00
s3:locking: pass lease_key explicitly to set_share_mode()
We should avoid accessing fsp->lease if possible.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 8b3b316680221487f84a7cfe14f52e8ffd64ba85)
- - - - -
fa8d1905 by Stefan Metzmacher at 2022-08-23T07:46:18+00:00
s3:locking: move get_existing_share_mode_lock() to share_mode_lock.[ch]
This should be where get_share_mode_lock() is located.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit bf8f2258497f7d2a5a5f8d1cacf1a30899ed455c)
- - - - -
e764e40a by Stefan Metzmacher at 2022-08-23T07:46:18+00:00
s3:smbd: inline fsp_lease_type_is_exclusive() logic into contend_level2_oplocks_begin_default
SMB2_LEASE_WRITE is the indication for an exclusive lease,
the fact that a SMB2_LEASE_WRITE can't exists without
SMB2_LEASE_READ is not important here.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 76da56aa65bb9fe7f2f8c4a2e30e278a61db1ff5)
- - - - -
cb63afbd by Stefan Metzmacher at 2022-08-23T07:46:18+00:00
s3:smbd: lease_match_break_fn() only needs leases_db_get() once
get_lease_type() will just call leases_db_get() again...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 60ae7a5a2ed9a03d8693b9b455b7b3696386aeb1)
- - - - -
0b15ebce by Stefan Metzmacher at 2022-08-23T07:46:18+00:00
s3:smbd: let delay_for_oplock_fn() only call leases_db_get() once
get_lease_type() will just call leases_db_get() again for leases,
so only call it for oplocks.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Aug 19 19:39:18 UTC 2022 on sn-devel-184
(cherry picked from commit d4f18f99d3a40a8df00beb006e2731959aa6fad9)
- - - - -
fbcb8db0 by Christian Ambach at 2022-08-23T08:57:28+00:00
WHATSNEW: document new volume serial number smb.conf parameter
Signed-off-by: Christian Ambach <ambi at samba.org>
Autobuild-User(v4-17-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-17-test): Tue Aug 23 08:57:28 UTC 2022 on sn-devel-184
- - - - -
721ea813 by Andreas Schneider at 2022-08-23T10:31:11+00:00
waf: Fix SO version number of libsamba-errors
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15141
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
(cherry picked from commit 563a2c8d7296e77ae12de1c5a1a3797e72294068)
Autobuild-User(v4-17-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-17-test): Tue Aug 23 10:31:11 UTC 2022 on sn-devel-184
- - - - -
f23ef830 by Ralph Boehme at 2022-08-23T13:29:09+00:00
smdb: use fsp_is_alternate_stream() in open_file()
No change in behaviour.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 0d3995cec10c5fae8c8b6a1df312062e38437e6f)
- - - - -
bae285ed by Ralph Boehme at 2022-08-23T13:29:09+00:00
vfs_xattr_tdb: move close_xattr_db()
This just makes the diff of the next commit smaller and easier to digest.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit b26dc252aaf3f4b960bdfdb6a3dfe612b89fcdd5)
- - - - -
aa85dac1 by Ralph Boehme at 2022-08-23T13:29:09+00:00
vfs_xattr_tdb: add a module config
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 451ad315a9bf32c627e1966ec30185542701c87e)
- - - - -
3994f71f by Ralph Boehme at 2022-08-23T13:29:09+00:00
vfs_xattr_tdb: add "xattr_tdb:ignore_user_xattr" option
Allows passing on "user." xattr to the backend. This can be useful for testing
specific aspects of operation on streams when "streams_xattr" is configured as
stream filesystem backend.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 92e0045d7ca7c0b94efd0244ba0e426cad0a05b6)
- - - - -
ab76ab52 by Ralph Boehme at 2022-08-23T13:29:09+00:00
CI: add a test trying to delete a stream on a pathref ("stat open") handle
When using vfs_streams_xattr, for a pathref handle of a stream the system fd
will be a fake fd created by pipe() in vfs_fake_fd().
For the following callchain we wrongly pass a stream fsp to
SMB_VFS_FGET_NT_ACL():
SMB_VFS_CREATE_FILE(..., "file:stream", ...)
=> open_file():
if (open_fd):
-> taking the else branch:
-> smbd_check_access_rights_fsp(stream_fsp)
-> SMB_VFS_FGET_NT_ACL(stream_fsp)
This is obviously wrong and can lead to strange permission errors when using
vfs_acl_xattr:
in vfs_acl_xattr we will try to read the stored ACL by calling
fgetxattr(fake-fd) which of course faild with EBADF. Now unfortunately the
vfs_acl_xattr code ignores the specific error and handles this as if there was
no ACL stored and subsequently runs the code to synthesize a default ACL
according to the setting of "acl:default acl style".
As the correct access check for streams has already been carried out by calling
check_base_file_access() from create_file_unixpath(), the above problem is not
a security issue: it can only lead to "decreased" permissions resulting in
unexpected ACCESS_DENIED errors.
The fix is obviously going to be calling
smbd_check_access_rights_fsp(stream_fsp->base_fsp).
This test verifies that deleting a file works when the stored NT ACL grants
DELETE_FILE while the basic POSIX permissions (used in the acl_xattr fallback
code) do not.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 23bc760ec5d61208c2d8778991e3d7e202eab352)
- - - - -
ba468a9b by Ralph Boehme at 2022-08-23T13:29:09+00:00
smbd: use metadata_fsp() with SMB_VFS_FGET_NT_ACL()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit c949e4b2a42423ac3851e86e489fd0c5d46d7f1f)
- - - - -
1434b66f by Ralph Boehme at 2022-08-23T13:29:09+00:00
smbd: use metadata_fsp() with SMB_VFS_FSET_NT_ACL()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 4ab29e2a345b48ebba652d5154e96adf954a6757)
- - - - -
814fd4e8 by Ralph Boehme at 2022-08-23T13:29:09+00:00
smbd: use metadata_fsp() with SMB_VFS_FGET_DOS_ATTRIBUTES()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 03b9ce84736d536ab2dd8a5ce1a2656e6a90c8c8)
- - - - -
69742bab by Ralph Boehme at 2022-08-23T13:29:09+00:00
smbd: use metadata_fsp() with SMB_VFS_FSET_DOS_ATTRIBUTES()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 55e55804bb2d0f21c1bbe207257bb40555f3b7a2)
- - - - -
107af8fd by Ralph Boehme at 2022-08-23T13:29:09+00:00
smbd: ignore request to set the SPARSE attribute on streams
As per MS-FSA 2.1.1.5 this is a per stream attribute, but our backends don't
support it in a consistent way, therefor just pretend success and ignore the
request.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 3af8f8e8741cc8c889bbf416ccd38a1b702917ec)
- - - - -
7c713f38 by Ralph Boehme at 2022-08-23T13:29:09+00:00
smbd: use metadata_fsp() in get_acl_group_bits()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 06555c6bcb5644fc9eea35b3cbae8d8801c65ab6)
- - - - -
aca81954 by Ralph Boehme at 2022-08-23T13:29:09+00:00
smbd: skip access checks for stat-opens on streams in open_file()
For streams, access is already checked in create_file_unixpath() by
check_base_file_access().
We already skip the access check in this function when doing an IO open of a
file, see above in open_file(), also skip it for "stat opens".
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit f0299abf1b28a14518328710d9f84bef17fd2ecf)
- - - - -
f2272106 by Ralph Boehme at 2022-08-23T13:29:09+00:00
vfs_streams_xattr: restrict which fcntl's are allowed on streams
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 51243e3849736acbbf1d8f52cc02cdec5995fde4)
- - - - -
0d0eff66 by Ralph Boehme at 2022-08-23T13:29:09+00:00
vfs_default: assert all passed in fsp's and names are non-stream type
Enforce fsp is a non-stream one in as many VFS operations as possible in
vfs_default. We really need an assert here instead of returning an error, as
otherwise he can have very hard to diagnose bugs.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Wed Aug 10 16:32:35 UTC 2022 on sn-devel-184
(cherry picked from commit fc45fcfde51b0b0bdcd524c82a0f9eabf7273045)
- - - - -
81be412f by Ralph Boehme at 2022-08-23T13:29:09+00:00
smbtorture: rename smb2.streams.attributes to smb2.streams.attributes1
A subsequent commit adds another streams test named "attributes2", this change
avoids matching the new testname with the existing knownfail entries.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit b5848d391be4f7633745d9c36e432ac8b1c9dba2)
- - - - -
9df07ee0 by Ralph Boehme at 2022-08-23T13:29:09+00:00
smbtorture: add test smb2.stream.attributes2
Specifically torture the creation date is the same for the file and its streams.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit e74b10e17ee5df0f77ac5349242841be8d71c4e8)
- - - - -
25d6dcd8 by Ralph Boehme at 2022-08-23T13:29:09+00:00
smbd: add and use vfs_fget_dos_attributes()
Commit d71ef1365cdde47aeb3465699181656b0655fa04 caused a regression where the
creation date on streams wasn't updated anymore on the stream fsp.
By adding a simple wrapper vfs_fget_dos_attributes() that takes care of
- passing only the base_fsp to the VFS, so the VFS can be completely agnostic of
all the streams related complexity like fake fds,
- propagating any updated btime from the base_fsp->fsp_name to the
stream_fsp->fsp_name
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 3f7d8db9945a325020e4d1574289dea9e8331c29)
- - - - -
4d37152c by Ralph Boehme at 2022-08-23T14:26:49+00:00
smbd: directly pass fsp to SMB_VFS_FGETXATTR() in fget_ea_dos_attribute()
We're now consistently passing the base_fsp to SMB_VFS_FSET_DOS_ATTRIBUTES(), so
we don't need to check for a stream_fsp here anymore.
Additionally vfs_default will assert a non-stream fsp inside
vfswrap_fgetxattr(), so in case any caller wrongly passes a stream fsp, this is
caught in vfs_default.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 968a5ae89f0d0da219e7dd05dd1f7f7c96dbb910)
Autobuild-User(v4-17-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-17-test): Tue Aug 23 14:26:49 UTC 2022 on sn-devel-184
- - - - -
d9f7e8d4 by Jule Anger at 2022-08-23T16:44:07+02:00
WHATSNEW: Add release notes for Samba 4.17.0rc3.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
c15dfcca by Jule Anger at 2022-08-23T16:44:12+02:00
VERSION: Disable GIT_SNAPSHOT for the 4.17.0rc3 release.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
fbd69dab by Jule Anger at 2022-08-23T16:44:18+02:00
VERSION: Bump version up to Samba 4.17.0rc4...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
9f04cb8f by Anoop C S at 2022-08-30T09:48:11+00:00
vfs_glusterfs: Accept fsp with const qualifier
This is in preparation to avoid any `const` qualifier being discarded
warning with future changes to various *_at() calls which has `const
file_struct` arguments.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15157
Signed-off-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 5f51fa9c07e194bcc3c4f39a1bfc2e01139c917b)
- - - - -
a8eab509 by Anoop C S at 2022-08-30T09:48:11+00:00
source3/wscript: Detect glusterfs-api with *at() calls support
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15157
Signed-off-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 3425fa0daf9e32d09c7716692cdfdffdc09856d7)
- - - - -
e0375100 by Anoop C S at 2022-08-30T09:48:11+00:00
vfs_glusterfs: Use glfs_openat() for SMB_VFS_OPENAT
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15157
Signed-off-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 184a9913241acd4f69128ced3370d3bf49b95f3b)
- - - - -
a41e308c by Anoop C S at 2022-08-30T09:48:11+00:00
vfs_glusterfs: Use glfs_mkdirat() for SMB_VFS_MKDIRAT
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15157
Signed-off-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 56c4aab11190b8d48a5b92babea7fc7e78b54b4e)
- - - - -
618c8686 by Anoop C S at 2022-08-30T09:48:11+00:00
vfs_glusterfs: Use glfs_renameat() for SMB_VFS_RENAMEAT
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15157
Signed-off-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 2b721ff22be04cea90086dde2a50f4287d075326)
- - - - -
c9b0459a by Anoop C S at 2022-08-30T09:48:11+00:00
vfs_glusterfs: Use glfs_unlinkat() for SMB_VFS_UNLINKAT
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15157
Signed-off-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 2fa71202ab347fd057bb9b42740e57344e2679e1)
- - - - -
41eb8048 by Anoop C S at 2022-08-30T09:48:11+00:00
vfs_glusterfs: Use glfs_symlinkat() for SMB_VFS_SYMLINKAT
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15157
Signed-off-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit b2746eb5fa64e0ec58e99eed5be10c98ea4e1c1e)
- - - - -
894338ed by Anoop C S at 2022-08-30T09:48:11+00:00
vfs_glusterfs: Use glfs_readlinkat() for SMB_VFS_READLINKAT
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15157
Signed-off-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 58b6cdabc0c3d788b407d3bfa46570311e910180)
- - - - -
1d74f92d by Anoop C S at 2022-08-30T09:48:11+00:00
vfs_glusterfs: Use glfs_linkat() for SMB_VFS_LINKAT
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15157
Signed-off-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 21654af5a5a062d831f7cb1efec1f1b1eb333bd2)
- - - - -
5e155ea4 by Anoop C S at 2022-08-30T09:48:11+00:00
vfs_glusterfs: Use glfs_mknodat() for SMB_VFS_MKNODAT
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15157
Signed-off-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit a4235200383fa4dc2f376ce042ed067a45f105d5)
- - - - -
5e26c570 by Anoop C S at 2022-08-30T09:48:11+00:00
vfs_glusterfs: Use glfs_symlinkat() for SMB_VFS_CREATE_DFS_PATHAT
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15157
Signed-off-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 310a908098b4ff3130a61594c15e91d5e561f357)
- - - - -
9d11c39a by Anoop C S at 2022-08-30T09:48:11+00:00
vfs_glusterfs: Use glfs_readlinkat() for SMB_VFS_READ_DFS_PATHAT
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15157
Signed-off-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 55548d7405ceca1d20e788a459e685c56f2ff139)
- - - - -
d5831b0f by Anoop C S at 2022-08-30T09:48:11+00:00
vfs_glusterfs: Use glfs_fgetxattr() for SMB_VFS_GET_REAL_FILENAME_AT
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15157
Signed-off-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 65f4c4e31e4cc60eb9ebca3858275a29f43d5e12)
- - - - -
ffe95221 by Anoop C S at 2022-08-30T10:45:43+00:00
vfs_glusterfs: Implement SMB_VFS_FSTATAT
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15157
Signed-off-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Aug 26 17:33:15 UTC 2022 on sn-devel-184
(cherry picked from commit b7c460b902800c0156385b2edb82efb07f561c51)
Autobuild-User(v4-17-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-17-test): Tue Aug 30 10:45:43 UTC 2022 on sn-devel-184
- - - - -
a7d399a3 by Jule Anger at 2022-08-30T17:02:40+02:00
WHATSNEW: Add release notes for Samba 4.17.0rc4.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
e6294461 by Jule Anger at 2022-08-30T17:03:19+02:00
VERSION: Disable GIT_SNAPSHOT for the 4.17.0rc4 release.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
3ba0c89f by Jule Anger at 2022-08-30T17:03:48+02:00
VERSION: Bump version up to Samba 4.17.0rc4...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
e9c554c0 by Noel Power at 2022-09-03T08:18:15+00:00
s3/winbindd: Fix bad access to sid array (with debug level >= info)
==6436== at 0xA85F95B: dom_sid_string_buf (dom_sid.c:444)
==6436== by 0xA85FBF2: dom_sid_str_buf (dom_sid.c:515)
==6436== by 0x17EDF8: wb_lookupusergroups_recv (wb_lookupusergroups.c:115)
==6436== by 0x17F964: wb_gettoken_gotgroups (wb_gettoken.c:123)
==6436== by 0x56AD332: _tevent_req_notify_callback (tevent_req.c:141)
==6436== by 0x56AD493: tevent_req_finish (tevent_req.c:193)
==6436== by 0x56AD5C0: tevent_req_trigger (tevent_req.c:250)
==6436== by 0x56AC119: tevent_common_invoke_immediate_handler (tevent_immediate.c:190)
==6436== by 0x56AC268: tevent_common_loop_immediate (tevent_immediate.c:236)
==6436== by 0x56B678A: epoll_event_loop_once (tevent_epoll.c:919)
==6436== by 0x56B31C3: std_event_loop_once (tevent_standard.c:110)
==6436== by 0x56AA621: _tevent_loop_once (tevent.c:825)
==6436==
==6436== Invalid read of size 1
==6436== at 0xA85F95B: dom_sid_string_buf (dom_sid.c:444)
==6436== by 0xA85FBF2: dom_sid_str_buf (dom_sid.c:515)
==6436== by 0x17EDF8: wb_lookupusergroups_recv (wb_lookupusergroups.c:115)
==6436== by 0x17F964: wb_gettoken_gotgroups (wb_gettoken.c:123)
==6436== by 0x56AD332: _tevent_req_notify_callback (tevent_req.c:141)
==6436== by 0x56AD493: tevent_req_finish (tevent_req.c:193)
==6436== by 0x56AD5C0: tevent_req_trigger (tevent_req.c:250)
==6436== by 0x56AC119: tevent_common_invoke_immediate_handler (tevent_immediate.c:190)
==6436== by 0x56AC268: tevent_common_loop_immediate (tevent_immediate.c:236)
==6436== by 0x56B678A: epoll_event_loop_once (tevent_epoll.c:919)
==6436== by 0x56B31C3: std_event_loop_once (tevent_standard.c:110)
==6436== by 0x56AA621: _tevent_loop_once (tevent.c:825)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15160
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Wed Aug 31 15:07:31 UTC 2022 on sn-devel-184
(cherry picked from commit 1788b59bc0aaa8f18186ad9b9945fbd634f02445)
Autobuild-User(v4-17-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-17-test): Sat Sep 3 08:18:15 UTC 2022 on sn-devel-184
- - - - -
b3e04327 by Stefan Metzmacher at 2022-09-05T14:43:34+02:00
WHATSNEW: Make MIT Kerberos 1.20 updates clearer
Make it clearer what also applies to Heimdal and what not.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Björn Jacke <bjacke at samba.org>
- - - - -
8a7551c4 by Stefan Metzmacher at 2022-09-05T14:48:51+02:00
WHATSNEW: add more added/updated parameters
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Björn Jacke <bjacke at samba.org>
- - - - -
229d55ef by Joseph Sutton at 2022-09-05T14:49:00+02:00
WHATSNEW: Document new Protected Users group
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
771aad3b by Ralph Boehme at 2022-09-06T07:05:50+00:00
s4/libcli/smb2: avoid using smb2_composite_setpathinfo() in smb2_util_setatr()
smb2_composite_setpathinfo() uses SEC_FLAG_MAXIMUM_ALLOWED which can
have unwanted side effects like breaking oplocks if the effective access
includes [READ|WRITE]_DATA.
For changing the DOS attributes we only need SEC_FILE_WRITE_ATTRIBUTE. With this
change test_smb2_oplock_batch25() doesn't trigger an oplock break anymore.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15153
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 66e40690bdd41800a01333ce4243bd62ee2b1894)
- - - - -
5fff2048 by Ralph Boehme at 2022-09-06T07:05:50+00:00
smbtorture: check required access for SMB2-GETINFO
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15153
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 9b2d28157107602fcbe659664cf9ca25f08bb30b)
- - - - -
f3886349 by Ralph Boehme at 2022-09-06T07:05:50+00:00
smbd: implement access checks for SMB2-GETINFO as per MS-SMB2 3.3.5.20.1
The spec lists the following as requiring special access:
- for requiring FILE_READ_ATTRIBUTES:
FileBasicInformation
FileAllInformation
FileNetworkOpenInformation
FileAttributeTagInformation
- for requiring FILE_READ_EA:
FileFullEaInformation
All other infolevels are unrestricted.
We ignore the IPC related infolevels:
FilePipeInformation
FilePipeLocalInformation
FilePipeRemoteInformation
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15153
RN: Missing SMB2-GETINFO access checks from MS-SMB2 3.3.5.20.1
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Tue Aug 23 12:54:08 UTC 2022 on sn-devel-184
(cherry picked from commit 6d493a9d568c08cfe5242821ccbd5a5ee1fe5284)
- - - - -
3139a106 by Ralph Boehme at 2022-09-06T07:05:50+00:00
smbtorture: add a test trying to create a stream on share without streams support
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15161
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 3dcdab86f13fabb7a8c6ce71c59a565287d11244)
- - - - -
930380d4 by Ralph Boehme at 2022-09-06T07:05:50+00:00
smbd: return NT_STATUS_OBJECT_NAME_INVALID if a share doesn't support streams
This is what a Windows server returns. Tested with a share residing on a FAT
formatted drive, a Windows filesystem that doesn't support streams.
Combinations tested:
file::$DATA
file:stream
file:stream:$DATA
All three fail with NT_STATUS_OBJECT_NAME_INVALID.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15161
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 201e1969bf31af07e8bd52876ff7f4d72b48a848)
- - - - -
ed1d0112 by Volker Lendecke at 2022-09-06T08:08:12+00:00
smbd: Catch streams on non-stream shares
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15161
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Fri Sep 2 15:56:56 UTC 2022 on sn-devel-184
(cherry picked from commit 3a37e4155c3cd82388652f89b611f2c46fee8525)
Autobuild-User(v4-17-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-17-test): Tue Sep 6 08:08:12 UTC 2022 on sn-devel-184
- - - - -
fc52fe99 by Stefan Metzmacher at 2022-09-06T09:24:13+00:00
s3:tests: let test_smbXsrv_client_dead_rec.sh cleanup the correct files
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15159
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 3fd18a0d5b77a9f78c595852c342d4c8c33fac61)
- - - - -
64daf27d by Stefan Metzmacher at 2022-09-06T09:24:13+00:00
s3:tests: add test_smbXsrv_client_cross_node.sh
This demonstrates that a client-guid connected to ctdb node 0
caused a connection with the same client-guid to be rejected by
ctdb node 1. Node 1 rejects the SMB2 Negotiate with
NT_STATUS_NOT_SUPPORTED, because passing the multi-channel connection
to a different node is not supported.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15159
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 0efcfaa49c3d61f2c8116ebafd55b72d3277d0d8)
- - - - -
095ee4ce by Stefan Metzmacher at 2022-09-06T09:24:13+00:00
smbXsrv_client: correctly check in negotiate_request.length smbXsrv_client_connection_pass[ed]_*
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15159
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 21ef01e7b8368caa050ed82b9d787d1679220b2b)
- - - - -
71c94a07 by Stefan Metzmacher at 2022-09-06T10:27:58+00:00
smbXsrv_client: notify a different node to drop a connection by client guid.
If a client disconnected all its interfaces and reconnects when
the come back, it will likely start from any ip address returned
dns, which means it can try to connect to a different ctdb node.
The old node may not have noticed the disconnect and still holds
the client_guid based smbd.
Up unil now the new node returned NT_STATUS_NOT_SUPPORTED to
the SMB2 Negotiate request, as messaging_send_iov[_from]() will
return -1/ENOSYS if a file descriptor os passed to a process on
a different node.
Now we tell the other node to teardown all client connections
belonging to the client-guid.
Note that this is not authenticated, but if an attacker can
capture the client-guid, he can also inject TCP resets anyway,
to get the same effect.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15159
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Sep 2 20:59:15 UTC 2022 on sn-devel-184
(cherry picked from commit 8591d9424371e173b079d5c8a267ea4c2cb266ad)
Autobuild-User(v4-17-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-17-test): Tue Sep 6 10:27:58 UTC 2022 on sn-devel-184
- - - - -
f83fb43f by Jule Anger at 2022-09-06T16:19:46+02:00
WHATSNEW: Add release notes for Samba 4.17.0rc5.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
28b356ae by Jule Anger at 2022-09-06T16:20:16+02:00
VERSION: Disable GIT_SNAPSHOT for the 4.17.0rc5 release.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
ef5b28a2 by Jule Anger at 2022-09-06T16:20:55+02:00
VERSION: Bump version up to Samba 4.17.0rc6...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
9a5c8f78 by Michael Tokarev at 2022-09-09T12:44:41+03:00
New upstream version 4.17.0~rc5+dfsg
- - - - -
c61c79fd by Jule Anger at 2022-09-13T17:53:11+02:00
WHATSNEW: Add release notes for Samba 4.17.0.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
fbec737d by Jule Anger at 2022-09-13T17:55:28+02:00
VERSION: Disable GIT_SNAPSHOT for the 4.17.0 release.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
31bfee4b by Jule Anger at 2022-09-13T17:56:54+02:00
VERSION: Bump version up to Samba 4.17.1...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
cb2019da by Michael Tokarev at 2022-09-13T20:17:23+03:00
New upstream version 4.17.0+dfsg
- - - - -
cb7fbb42 by Joseph Sutton at 2022-09-19T04:02:12+00:00
s3:rpc_server: Fix typo in error message
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 6932ccf3ccffbd9ab1907c4fb39b46c971e88d49)
- - - - -
1b0f292e by Joseph Sutton at 2022-09-19T04:02:12+00:00
lib:crypto: Zero auth_tag array in encryption test
If samba_gnutls_aead_aes_256_cbc_hmac_sha512_encrypt() does not fill the
array completely, we may be comparing uninitialised bytes.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit f9850c776f81d596ffbd2761c85fe7a72d369bae)
- - - - -
7656b3e7 by Joseph Sutton at 2022-09-19T04:02:12+00:00
s4:torture: Zero samr_UserInfo union in password set test
If init_samr_CryptPasswordAES() does not fill the
u.info31.password.auth_data array completely, we may be comparing
uninitialised bytes.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 03f0e4d55be80a1a6dcc0dba8e6ed74d9da63dc3)
- - - - -
af7c57e0 by Joseph Sutton at 2022-09-19T04:02:12+00:00
lib:crypto: Check for overflow before filling pauth_tag array
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit cec59b82f7041a305c228091a84257c28e0818d5)
- - - - -
1263a8a5 by Joseph Sutton at 2022-09-19T04:02:12+00:00
lib:crypto: Use constant time memory comparison to check HMAC
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 121e439e24a9c03ae900ffca1ae1dda8e059008c)
- - - - -
d4ae8610 by Joseph Sutton at 2022-09-19T04:02:12+00:00
CVE-2021-20251 lib:crypto: Add des_crypt_blob_16() for encrypting data with DES
This lets us access single-DES from Python. This function is used in a
following commit for encrypting an NT hash to obtain the verifier for a
SAMR password change.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit b27a67af0216811d330d8a4c52390cf4fc04b5fd)
- - - - -
518818b3 by Joseph Sutton at 2022-09-19T04:02:12+00:00
CVE-2021-20251 lib:crypto: Add md4_hash_blob() for hashing data with MD4
This lets us access MD4, which might not be available in hashlib, from
Python. This function is used in a following commit for hashing a
password to obtain the verifier for a SAMR password change.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 17b8d164f69a5ed79d9b7b7fc2f3f84f8ea534c8)
- - - - -
0b3604e6 by Joseph Sutton at 2022-09-19T04:02:12+00:00
CVE-2021-20251 lib:crypto: Add Python functions for AES SAMR password change
These functions allow us to perform key derivation and AES256 encryption
in Python. They will be used in a following commit.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 4bb9d85fed8498566bdb87baa71a3147806baafc)
- - - - -
b8254397 by Joseph Sutton at 2022-09-19T04:02:12+00:00
CVE-2021-20251 tests/krb5: Add tests for password lockout race
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 91e2e5616ccd507fcaf097533c5fc25974119c1e)
[jsutton at samba.org Fixed conflicts in usage.py, knownfails, and tests.py
due to not having claims tests]
- - - - -
276d8136 by Andrew Bartlett at 2022-09-19T04:02:12+00:00
CVE-2021-20251 s4-rpc_server: Use authsam_search_account() to find the user
This helps the bad password and audit log handling code as it
allows assumptions to be made about the attributes found in
the variable "msg", such as that DSDB_SEARCH_SHOW_EXTENDED_DN
was used.
This ensures we can re-search on the DN via the embedded GUID,
which in in turn rename-proof.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 439f96a2cfe77f6cbf331d965a387512c2db91c6)
- - - - -
2dc965ad by Gary Lockyer at 2022-09-19T04:02:12+00:00
CVE-2021-20251 auth4: split samdb_result_msds_LockoutObservationWindow() out
samdb_result_msds_LockoutObservationWindow() is split out of
samdb_result_effective_badPwdCount()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 2087b0cd986b8959b2a402b9a1891472e47ca0b0)
- - - - -
d57c4ea9 by Gary Lockyer at 2022-09-19T04:02:12+00:00
CVE-2021-20251 s4 auth: Prepare to make bad password count increment atomic
To ensure that the bad password count is incremented atomically,
and that the successful logon accounting data is updated atomically,
without always opening a transaction, we will need to make a note
of all bad and successful passwords in a side-DB outside the
transaction lock.
This provides the functions needed for that and hooks them in
(future commits will handle errors and use the results).
Based on patches by Gary Lockyer <gary at catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 408717242aad8adf4551f2394eee2d80a06c7e63)
- - - - -
674dbeac by Andrew Bartlett at 2022-09-19T04:02:12+00:00
CVE-2021-20251 auth4: Reread the user record if a bad password is noticed..
As is, this is pointless, as we need a transaction to make this
any less of a race, but this provides the steps towards that goal.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 7b8e32efc336fb728e0c7e3dd6fbe2ed54122124)
- - - - -
2e4c6196 by Gary Lockyer at 2022-09-19T04:02:12+00:00
CVE-2021-20251 s4 auth test: Unit tests for source4/auth/sam.c
cmocka unit tests for the authsam_reread_user_logon_data in
source4/auth/sam.c
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit d6cf245b96fb02edb3bcc52733d040d5f03fb918)
- - - - -
180784c4 by Joseph Sutton at 2022-09-19T04:02:12+00:00
CVE-2021-20251 auth4: Detect ACCOUNT_LOCKED_OUT error for password change
This is more specific than NT_STATUS_UNSUCCESSFUL, and for the SAMR
password change, matches the result the call to samdb_result_passwords()
would give.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 336e303cf1962b56b64c0d9d2b05ac15d00e8692)
- - - - -
d07f34ec by Andrew Bartlett at 2022-09-19T04:02:12+00:00
CVE-2021-20251 s4 auth: make bad password count increment atomic
Ensure that the bad password count is incremented atomically,
and that the successful logon accounting data is updated atomically.
Use bad password indicator (in a distinct TDB) to determine if to open a transaction
We open a transaction when we have seen the hint that this user
has recorded a bad password. This allows us to avoid always
needing one, while not missing a possible lockout.
We also go back and get a transation if we did not take out
one out but we chose to do a write (eg for lastLogonTimestamp)
Based on patches by Gary Lockyer <gary at catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit de4cc0a3dae89f3e51a099282615cf80c8539e11)
- - - - -
e0fdfce1 by Andrew Bartlett at 2022-09-19T04:02:12+00:00
CVE-2021-20251 auth4: Add missing newline to debug message on PSO read failure
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 4a9e0fdccfa218fbb2c3eb87e1a955ade0364b98)
- - - - -
fa22c9bf by Gary Lockyer at 2022-09-19T04:02:12+00:00
CVE-2021-20251 auth4: Return only the result message and free the surrounding result
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit b954acfde258a1909ed60c1c3e1015701582719f)
- - - - -
ffe43511 by Andrew Bartlett at 2022-09-19T04:02:12+00:00
CVE-2021-20251 auth4: Split authsam_calculate_lastlogon_sync_interval() out
authsam_calculate_lastlogon_sync_interval() is split out of authsam_update_lastlogon_timestamp()
Based on work by Gary Lockyer <gary at catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 55147335aec8194b6439169b040556a96db22e95)
- - - - -
11673522 by Andrew Bartlett at 2022-09-19T04:02:12+00:00
CVE-2021-20251 auth4: Inline samdb_result_effective_badPwdCount() in authsam_logon_success_accounting()
By bringing this function inline it can then be split out in a
subsequent commit.
Based on work by Gary Lockyer <gary at catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 712181032a47318576ef35f6a6cf0f958aa538fb)
- - - - -
446cfe34 by Andrew Bartlett at 2022-09-19T04:02:12+00:00
CVE-2021-20251 auth4: Avoid reading the database twice by precaculating some variables
These variables are not important to protect against a race with
and a double-read can easily be avoided by moving them up the file
a little.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit b5f78b7b895a6b92cfdc9221b18d67ab18bc2a24)
- - - - -
3a96ccbb by Joseph Sutton at 2022-09-19T04:02:12+00:00
CVE-2021-20251 s4-auth: Pass through error code from badPwdCount update
The error code may be NT_STATUS_ACCOUNT_LOCKED_OUT, which we use in
preference to NT_STATUS_WRONG_PASSWORD.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit d8a862cb811489abb67d4cf3a7fbd83d05c7e5cb)
- - - - -
254e9489 by Joseph Sutton at 2022-09-19T04:02:12+00:00
CVE-2021-20251 s4:dsdb: Update bad password count inside transaction
Previously, there was a gap between calling dsdb_update_bad_pwd_count()
and dsdb_module_modify() where no transaction was in effect. Another
process could slip in and modify badPwdCount, only for our update to
immediately overwrite it. Doing the update inside the transaction will
help for the following commit when we make it atomic.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit a65147a9e98ead70869cdfa20ffcc9c167dbf535)
- - - - -
4d0cba69 by Joseph Sutton at 2022-09-19T04:02:12+00:00
CVE-2021-20251 s4:dsdb: Make badPwdCount update atomic
We reread the account details inside the transaction in case the account
has been locked out in the meantime. If it has, we return the
appropriate error code.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 96479747bdb5bc5f33d903085f5f69793f369e3a)
- - - - -
5f1bafdd by Joseph Sutton at 2022-09-19T04:02:12+00:00
CVE-2021-20251 s4:kdc: Move logon success accounting code into existing branch
This simplifies the code for the following commit.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 2b593c34c4f5cb82440b940766e53626c1cbec5b)
- - - - -
4adcada4 by Joseph Sutton at 2022-09-19T04:02:12+00:00
CVE-2021-20251 s4:kdc: Check return status of authsam_logon_success_accounting()
If we find that the user has been locked out sometime during the request
(due to a race), we will now return an error code.
Note that we cannot avoid the MIT KDC aspect of the issue by checking
the return status of mit_samba_zero_bad_password_count(), because
kdb_vftabl::audit_as_req() returning void means we cannot pass on the
result.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit b1e740896ebae14ba64250da2f718e1d707e9eed)
- - - - -
5befe31c by Joseph Sutton at 2022-09-19T04:02:12+00:00
CVE-2021-20251 s4:kdc: Check badPwdCount update return status
If the account has been locked out in the meantime (indicated by
NT_STATUS_ACCOUNT_LOCKED_OUT), we should return the appropriate error
code.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit bdfc9d96f8fe5070ab8a189bbf42ccb7e77afb73)
[jsutton at samba.org Fixed knownfail conflicts due to not having claims
tests]
- - - - -
b3f48fae by Joseph Sutton at 2022-09-19T04:02:12+00:00
CVE-2021-20251 s4-rpc_server: Check badPwdCount update return status
If the account has been locked out in the meantime (indicated by
NT_STATUS_ACCOUNT_LOCKED_OUT), we should return the appropriate error
code.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit a268a1a0e304d0702469e4ac146d8af5e7384c39)
- - - - -
13efa626 by Joseph Sutton at 2022-09-19T04:02:12+00:00
CVE-2021-20251 s4:auth_winbind: Check return status of authsam_logon_success_accounting()
This may return an error if we find the account is locked out.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 268ea7bef5af4b9c8a02f4f5856113ff0664d9e8)
- - - - -
5c8bbe3e by Jeremy Allison at 2022-09-19T04:02:12+00:00
CVE-2021-20251 s3: ensure bad password count atomic updates
The bad password count is supposed to limit the number of failed login
attempt a user can make before being temporarily locked out, but race
conditions between processes have allowed determined attackers to make
many more than the specified number of attempts. This is especially
bad on constrained or overcommitted hardware.
To fix this, once a bad password is detected, we reload the sam account
information under a user-specific mutex, ensuring we have an up to
date bad password count.
Discovered by Nathaniel W. Turner.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 8587734bf989aeaafa9d09d78d0f381caf52d285)
- - - - -
3e54aabd by Joseph Sutton at 2022-09-19T04:02:12+00:00
CVE-2021-20251 s3: Ensure bad password count atomic updates for SAMR password change
The bad password count is supposed to limit the number of failed login
attempt a user can make before being temporarily locked out, but race
conditions between processes have allowed determined attackers to make
many more than the specified number of attempts. This is especially
bad on constrained or overcommitted hardware.
To fix this, once a bad password is detected, we reload the sam account
information under a user-specific mutex, ensuring we have an up to
date bad password count.
Derived from a similar patch to source3/auth/check_samsec.c by
Jeremy Allison <jra at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 65c473d4a53fc8a22a0d531aff45203ea3a4d99b)
- - - - -
c3d6964f by Joseph Sutton at 2022-09-19T04:02:12+00:00
lib:util: Check memset_s() error code in talloc_keep_secret_destructor()
Panic if memset_s() fails.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 03a50d8f7d872b6ef701d1207061c88b73d171bb)
- - - - -
beb63ae0 by Joseph Sutton at 2022-09-19T04:02:12+00:00
libcli:auth: Keep passwords from convert_string_talloc() secret
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 6edf88f5c40421b9881666a2e78038ea9c547c24)
- - - - -
3d7a2a36 by Pavel Filipenský at 2022-09-19T04:02:12+00:00
lib:replace: Add macro BURN_STR() to zero memory of a string
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 8564380346ace981b957bb8464f2ecf007032062)
- - - - -
0044f598 by Joseph Sutton at 2022-09-19T04:02:12+00:00
s3:rpc_server: Use BURN_STR() to zero password
This ensures these calls are not optimised away.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 1258746ba85b8702628f95a19aba9afea96eab8b)
- - - - -
b8c123d0 by Joseph Sutton at 2022-09-19T04:02:12+00:00
CVE-2021-20251 s4-rpc_server: Use authsam_search_account() to find the user
This helps the bad password and audit log handling code as it
allows assumptions to be made about the attributes found in
the variable "msg", such as that DSDB_SEARCH_SHOW_EXTENDED_DN
was used.
This ensures we can re-search on the DN via the embedded GUID,
which in in turn rename-proof.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit fabbea25310a31c0409b1c11eaced39bd8cde8dd)
- - - - -
7b28bd10 by Joseph Sutton at 2022-09-19T04:02:12+00:00
CVE-2021-20251 s4-rpc_server: Use user privileges for SAMR password change
We don't (and shouldn't) need system prvileges to perform the password
change, so drop to the privileges of the user by setting
DSDB_SESSION_INFO. We need to reuse the same sam_ctx: creating a new one
with only user privileges would not work, because any database
modifications would be blocked by the transaction taken out on the
original context.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit f74f92aea164af40d9177b332778a76d7ecabcbd)
- - - - -
7fe10442 by Joseph Sutton at 2022-09-19T04:02:12+00:00
CVE-2021-20251 s4-rpc_server: Extend scope of transaction for ChangePasswordUser3
Now the initial account search is performed under the transaction,
ensuring the overall password change is atomic. We set DSDB_SESSION_INFO
to drop our privileges to those of the user before we perform the actual
password change, and restore them afterwards if we need to update the
bad password count.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit fcabcb326d385c1e1daaa8dae9820e33a3868f56)
- - - - -
619ffc2a by Joseph Sutton at 2022-09-19T04:02:12+00:00
CVE-2021-20251 dsdb/common: Remove transaction logic from samdb_set_password()
All of its callers, where necessary, take out a transaction covering the
entire password set or change operation, so a transaction is no longer
needed here.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 7981cba87e3a7256b12bfc5fdd89b136c12979ff)
- - - - -
9aabf782 by Joseph Sutton at 2022-09-19T04:02:12+00:00
CVE-2021-20251 s3:rpc_server: Split change_oem_password() call out of samr_set_password_aes()
Now samr_set_password_aes() just returns the new password in a similar
manner to check_oem_password(). This simplifies the logic for the
following change to recheck whether the account is locked out, and to
update the bad password count.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 1d869a2a666cfada1495d891021de6c2b8567a96)
- - - - -
bb86d2f3 by Joseph Sutton at 2022-09-19T05:03:03+00:00
CVE-2021-20251 s3: Ensure bad password count atomic updates for SAMR AES password change
The bad password count is supposed to limit the number of failed login
attempt a user can make before being temporarily locked out, but race
conditions between processes have allowed determined attackers to make
many more than the specified number of attempts. This is especially
bad on constrained or overcommitted hardware.
To fix this, once a bad password is detected, we reload the sam account
information under a user-specific mutex, ensuring we have an up to
date bad password count.
We also update the bad password count if the password is wrong, which we
did not previously do.
Derived from a similar patch to source3/auth/check_samsec.c by
Jeremy Allison <jra at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Tue Sep 13 00:08:07 UTC 2022 on sn-devel-184
(cherry picked from commit 8ae0c38d54f065915e927bbfe1b656400a79eb13)
Autobuild-User(v4-17-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-17-test): Mon Sep 19 05:03:03 UTC 2022 on sn-devel-184
- - - - -
1b4f782c by Volker Lendecke at 2022-10-07T08:48:17+00:00
vfs_gpfs: Prevent mangling of GPFS timestamps after 2106
gpfs_set_times as of August 2020 stores 32-bit unsigned tv_sec. We
should not silently garble time stamps but reject the attempt to set
an out-of-range timestamp.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15151
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
(cherry picked from commit b954d181cd25d9029d3c222e8d97fe7a3b0b2400)
- - - - -
9364c930 by Volker Lendecke at 2022-10-07T08:48:17+00:00
lib: Map ERANGE to NT_STATUS_INTEGER_OVERFLOW
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15151
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Fri Aug 19 12:43:06 UTC 2022 on sn-devel-184
(cherry picked from commit 06f35edaf129ce3195960905d38af73ec12fc716)
(cherry picked from commit e56c18d356bd3419abebd36e1fae39019cabbfaf)
- - - - -
ecf8a66e by Volker Lendecke at 2022-10-07T08:48:17+00:00
vfs_gpfs: Protect against timestamps before the Unix epoch
In addition to b954d181cd2 we should also protect against timestamps
before the epoch.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15151
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Fri Sep 23 06:50:17 UTC 2022 on sn-devel-184
(cherry picked from commit f6b391e04a4d5974b908f4f375bd2876083aa7b2)
- - - - -
7bef45d9 by Jeremy Allison at 2022-10-07T08:48:17+00:00
s3: smbd: Fix memory leak in smbd_server_connection_terminate_done().
The function smbd_server_connection_terminate_done() does not free subreq
which is allocated in smbXsrv_connection_shutdown_send, this can be a
memory leakage if multi-channel is enabled.
Suggested fix by haihua yang <hhyangdev at gmail.com>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15174
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
Autobuild-User(master): Noel Power <npower at samba.org>
Autobuild-Date(master): Fri Sep 23 09:51:20 UTC 2022 on sn-devel-184
(cherry picked from commit b600b0c8d9690cb5eeded1e5925c8e667c11af04)
- - - - -
df5d4e48 by Andreas Schneider at 2022-10-07T08:48:17+00:00
s3:auth: Flush the GETPWSID in memory cache for NTLM auth
Example valgrind output:
==22502== 22,747,002 bytes in 21,049 blocks are possibly lost in loss record 1,075 of 1,075
==22502== at 0x4C29F73: malloc (vg_replace_malloc.c:309)
==22502== by 0x11D7089C: _talloc_pooled_object (in /usr/lib64/libtalloc.so.2.1.16)
==22502== by 0x9027834: tcopy_passwd (in /usr/lib64/libsmbconf.so.0)
==22502== by 0x6A1E1A3: pdb_copy_sam_account (in /usr/lib64/libsamba-passdb.so.0.27.2)
==22502== by 0x6A28AB7: pdb_getsampwnam (in /usr/lib64/libsamba-passdb.so.0.27.2)
==22502== by 0x65D0BC4: check_sam_security (in /usr/lib64/samba/libauth-samba4.so)
==22502== by 0x65C70F0: ??? (in /usr/lib64/samba/libauth-samba4.so)
==22502== by 0x65C781A: auth_check_ntlm_password (in /usr/lib64/samba/libauth-samba4.so)
==22502== by 0x14E464: ??? (in /usr/sbin/winbindd)
==22502== by 0x151CED: winbind_dual_SamLogon (in /usr/sbin/winbindd)
==22502== by 0x152072: winbindd_dual_pam_auth_crap (in /usr/sbin/winbindd)
==22502== by 0x167DE0: ??? (in /usr/sbin/winbindd)
==22502== by 0x12F29B12: tevent_common_invoke_fd_handler (in /usr/lib64/libtevent.so.0.9.39)
==22502== by 0x12F30086: ??? (in /usr/lib64/libtevent.so.0.9.39)
==22502== by 0x12F2E056: ??? (in /usr/lib64/libtevent.so.0.9.39)
==22502== by 0x12F2925C: _tevent_loop_once (in /usr/lib64/libtevent.so.0.9.39)
==22502== by 0x16A243: ??? (in /usr/sbin/winbindd)
==22502== by 0x16AA04: ??? (in /usr/sbin/winbindd)
==22502== by 0x12F29F68: tevent_common_invoke_immediate_handler (in /usr/lib64/libtevent.so.0.9.39)
==22502== by 0x12F29F8F: tevent_common_loop_immediate (in /usr/lib64/libtevent.so.0.9.39)
==22502== by 0x12F2FE3C: ??? (in /usr/lib64/libtevent.so.0.9.39)
==22502== by 0x12F2E056: ??? (in /usr/lib64/libtevent.so.0.9.39)
==22502== by 0x12F2925C: _tevent_loop_once (in /usr/lib64/libtevent.so.0.9.39)
==22502== by 0x12F4C7: main (in /usr/sbin/winbindd)
You can find one for each string in pdb_copy_sam_account(), in total
this already has 67 MB in total for this valgrind run.
pdb_getsampwnam() -> memcache_add_talloc(NULL, PDB_GETPWSID_CACHE, ...)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15169
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Sep 16 20:30:31 UTC 2022 on sn-devel-184
(cherry picked from commit 9ef2f7345f0d387567fca598cc7008af95598903)
- - - - -
02ededec by Douglas Bagnall at 2022-10-07T08:48:17+00:00
pytest: add file removal helpers for TestCaseInTempDir
In several places we end a test by deleting a number of files and
directories, but we do it rather haphazardly with unintentionally
differing error handling. For example, in some tests we currently have
something like:
try:
shutil.rmtree(os.path.join(self.tempdir, "a"))
os.remove(os.path.join(self.tempdir, "b"))
shutil.rmtree(os.path.join(self.tempdir, "c"))
except Exception:
pass
where if, for example, the removal of "b" fails, the removal of "c" will
not be attempted. That will result in the tearDown method raising an
exception, and we're no better off. If the above code is replaced with
self.rm_files('b')
self.rm_dirs('a', 'c')
the failure to remove 'b' will cause a test error, *unless* the failure
was due to a FileNotFoundError (a.k.a. an OSError with errno ENOENT),
in which case we ignore it, as was probably the original intention.
If on the other hand, we have
self.rm_files('b', must_exist=True)
self.rm_dirs('a', 'c')
then the FileNotFoundError causes a failure (not an error).
We take a little bit of care to stay within self.tempdir, to protect
test authors who accidentally write something like `self.rm_dirs('/')`.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15191
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15189
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
(cherry picked from commit 2359741b2854a8de9d151fe189be80a4bd087ff9)
- - - - -
4486028b by Douglas Bagnall at 2022-10-07T08:48:17+00:00
pytest/downgradedatabase: use TestCaseInTempDir.rm_files
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15191
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15189
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
(cherry picked from commit 85bc1552e3919d049d39a065824172a24933d38b)
- - - - -
79b5156e by Douglas Bagnall at 2022-10-07T08:48:17+00:00
pytest/samdb_api: use TestCaseInTempDir.rm_files
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15191
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15189
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
(cherry picked from commit 4e3dabad0be0900a203896c2c2acb270d31b0a42)
- - - - -
ad768b1c by Douglas Bagnall at 2022-10-07T08:48:17+00:00
pytest/join: use TestCaseInTempDir.rm_files/dirs
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15191
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15189
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
(cherry picked from commit 7455c53fa4f7871b3980f820d22b0fd411195704)
- - - - -
6cc1ac32 by Douglas Bagnall at 2022-10-07T08:48:17+00:00
pytest/samdb: use TestCaseInTempDir.rm_files/.rm_dirs
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15189
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15191
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
(cherry picked from commit 251360d6e58986dd53f0317319544e930dc61444)
- - - - -
e80ec63f by Douglas Bagnall at 2022-10-07T08:48:17+00:00
pytest/samba_tool_drs: use TestCaseInTempDir.rm_files/.rm_dirs
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15191
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15189
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
(cherry picked from commit 3f0aab45c81c9f9b6b87eb68bc785902619dc10d)
- - - - -
4425351f by Douglas Bagnall at 2022-10-07T08:48:17+00:00
pytest/samba_tool_drs_no_dns: use TestCaseInTempDir.rm_files/.rm_dirs
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15191
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15189
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
(cherry picked from commit 24f7d71416753b792d6fe029da6f366adb10383e)
- - - - -
6671f6f5 by Andrew Bartlett at 2022-10-07T08:48:17+00:00
selftest: Prepare for "old Samba" mode regarding getncchanges GET_ANC/GET_TGT
The chgdcpass environment will emulate older verions of Samba
that fail to implement DRSUAPI_DRS_GET_ANC correctly and
totally fails to support DRSUAPI_DRS_GET_TGT.
This will allow testing of a client-side fallback, allowing migration
from sites that run very old Samba versions over DRSUAPI (currently
the only option is to attempt an in-place upgrade).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15189
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15189
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 62b426243f4eaa4978c249b6e6ce90d35aeaefe4)
- - - - -
7bde5d32 by Andrew Bartlett at 2022-10-07T08:48:17+00:00
selftest: Add tests for GetNCChanges GET_ANC using samba-tool drs clone-dc-database
This test, compared with the direct to RPC tests, will succeed, then fail once the
server is changed to emulate Samba 4.5 and and again succeed once the python code
changes to allow skipping the DRSUAPI_DRS_CRITICAL_ONLY step
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15189
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15189
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 7ff743d65dcf27ffe0c6861720e8ce531bfa378d)
- - - - -
a64c4a7e by Andrew Bartlett at 2022-10-07T08:48:17+00:00
s4-rpc_server:getncchanges Add "old Samba" mode regarding GET_ANC/GET_TGT
This emulates older verions of Samba that fail to implement
DRSUAPI_DRS_GET_ANC correctly and totally fails to support
DRSUAPI_DRS_GET_TGT.
This will allow testing of a client-side fallback, allowing migration
from sites that run very old Samba versions over DRSUAPI (currently
the only option is to attempt an in-place upgrade).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15189
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15189
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 314bc44fa9b8fc99c80bfcfff71f2cec67bbda36)
- - - - -
eb939d4b by Andrew Bartlett at 2022-10-07T08:48:17+00:00
selftest: Enable "old Samba" mode regarding GET_ANC/GET_TGT
The chgdcpass server now emulates older verions of Samba that
fail to implement DRSUAPI_DRS_GET_ANC correctly and totally fails to support
DRSUAPI_DRS_GET_TGT.
We now show this is in effect by the fact that tests now fail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15189
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15189
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit b0bbc94d4124d63b1d5a35ccbc88ffd51d520ba0)
- - - - -
79283760 by Andrew Bartlett at 2022-10-07T08:48:17+00:00
s4-libnet: Add messages to object count mismatch failures
This helps explain these better than WERR_GEN_FAILURE.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15189
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15189
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 483c48f52d6ff5e8149ed12bfeb2b6608c946f01)
- - - - -
bac9532f by Andrew Bartlett at 2022-10-07T08:48:17+00:00
python-drs: Add client-side debug and fallback for GET_ANC
Samba 4.5 and earlier will fail to do GET_ANC correctly and will not
replicate non-critical parents of objects with isCriticalSystemObject=TRUE
when DRSUAPI_DRS_CRITICAL_ONLY is set.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15189
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15189
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit bff2bc9c7d69ec2fbe9339c2353a0a846182f1ea)
- - - - -
cb27978c by Anoop C S at 2022-10-07T09:59:55+00:00
vfs_glusterfs: Remove special handling of O_CREAT flag
Special handling of O_CREAT flag in SMB_VFS_OPENAT code path was the
only option to ensure correctness due to a bug in libgfapi as detailed
in issue #3838[1] from GlusterFS upstream. This has been fixed recently
so that O_CREAT is handled correctly within glfs_openat() enbaling us to
remove the corresponding special case from vfs_gluster_openat().
[1] https://github.com/gluster/glusterfs/issues/3838
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15192
Signed-off-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Thu Oct 6 08:34:56 UTC 2022 on sn-devel-184
(cherry picked from commit 9a8bc67f4a5e4afecd648523f43a8e97584fcfd0)
Autobuild-User(v4-17-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-17-test): Fri Oct 7 09:59:55 UTC 2022 on sn-devel-184
- - - - -
41e016e4 by Stefan Metzmacher at 2022-10-18T13:32:10+00:00
smbXsrv_client: ignore NAME_NOT_FOUND from smb2srv_client_connection_passed
If we hit a race, when a client disconnects the connection after the initial
SMB2 Negotiate request, before the connection is completely passed to
process serving the given client guid, the temporary smbd which accepted the
new connection may already detected the disconnect and exitted before
the long term smbd servicing the client guid was able to send the
MSG_SMBXSRV_CONNECTION_PASSED message.
The result was a log message like this:
smbXsrv_client_connection_pass_loop: smb2srv_client_connection_passed() failed => NT_STATUS_OBJECT_NAME_NOT_FOUND
and all connections belonging to the client guid were dropped,
because we called exit_server_cleanly().
Now we ignore NT_STATUS_OBJECT_NAME_NOT_FOUND from
smb2srv_client_connection_passed() and let the normal
event loop detect the broken connection, so that only
that connection is terminated (not the whole smbd process).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15200
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 636ec45c93ad040ba70296aa543884c145b3e789)
- - - - -
abc48aec by Stefan Metzmacher at 2022-10-18T13:32:11+00:00
smbXsrv_client: fix a debug message in smbXsrv_client_global_verify_record()
DBG_WARNING() already adds the function name as prefix.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15200
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit acb3d821deaf06faa16f6428682ecdb02babeb98)
- - - - -
fd4c80fc by Stefan Metzmacher at 2022-10-18T13:32:11+00:00
smbXsrv_client: call smb2srv_client_connection_{pass,drop}() before dbwrap_watched_watch_send()
dbwrap_watched_watch_send() should typically be the last thing to call
before the db record is unlocked, as it's not that easy to undo.
In future we want to recover from smb2srv_client_connection_{pass,drop}()
returning NT_STATUS_OBJECT_NAME_NOT_FOUND and it would add complexity if
would need to undo dbwrap_watched_watch_send() at that point.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15200
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 56c597bc2b29dc3e555f737ba189f521d0e31e8c)
- - - - -
4a44febb by Stefan Metzmacher at 2022-10-18T13:32:11+00:00
smbXsrv_client: make sure we only wait for smb2srv_client_mc_negprot_filter once and only when needed
This will simplify the following changes...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15200
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 8c8d8cf01e01c2726d03fa1c81e0ce9992ee736c)
- - - - -
6d05908e by Stefan Metzmacher at 2022-10-18T13:32:11+00:00
smbXsrv_client: handle NAME_NOT_FOUND from smb2srv_client_connection_{pass,drop}()
If we get NT_STATUS_OBJECT_NOT_FOUND from smb2srv_client_connection_{pass,drop}()
we should just keep the connection and overwrite the stale record in
smbXsrv_client_global.tdb. It's basically a race with serverid_exists()
and a process that doesn't cleanly teardown.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15200
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 5d66d5b84f87267243dcd5223210906ce589af91)
- - - - -
4c6b7983 by Jeremy Allison at 2022-10-18T13:32:11+00:00
s4: smbtorture: Add fsync_resource_fork test to fruit tests.
This shows we currently hang when sending an SMB2_OP_FLUSH on
an AFP_Resource fork.
Adds knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15182
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Böhme <slow at samba.org>
(cherry picked from commit 1b8a8732848169c632af12b7c2b4cd3ee73be244)
- - - - -
54d4b0f6 by Jeremy Allison at 2022-10-18T13:32:11+00:00
s3: VFS: fruit. Implement fsync_send()/fsync_recv().
For type == ADOUBLE_META, fio->fake_fd is true so
writes are already synchronous, just call tevent_req_post().
For type == ADOUBLE_RSRC we know we are configured
with FRUIT_RSRC_ADFILE (because fruit_must_handle_aio_stream()
returned true), so we can just call SMB_VFS_NEXT_FSYNC_SEND()
after replacing fsp with fio->ad_fsp.
Remove knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15182
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Böhme <slow at samba.org>
(cherry picked from commit 35c637f2e6c671acf8fb9c2a67774bd5e74dd7d0)
- - - - -
a1453f16 by Ralph Boehme at 2022-10-18T13:32:11+00:00
vfs_fruit: add missing calls to tevent_req_received()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15182
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Ralph Böhme <slow at samba.org>
(cherry picked from commit a7fba3ff5996330158d3cc6bc24746a59492b690)
- - - - -
e0ae6332 by Noel Power at 2022-10-18T13:32:11+00:00
s3/rpcclient: Duplicate string returned from poptGetArg
popt1.19 fixes a leak that exposes a use as free,
make sure we duplicate return of poptGetArg if
poptFreeContext is called before we use it.
==4407== Invalid read of size 1
==4407== at 0x146263: main (rpcclient.c:1262)
==4407== Address 0x7b67cd0 is 0 bytes inside a block of size 10 free'd
==4407== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==4407== by 0x5B2E8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==4407== by 0x5B2F5D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==4407== by 0x146227: main (rpcclient.c:1251)
==4407== Block was alloc'd at
==4407== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==4407== by 0x5B302EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==4407== by 0x1461BC: main (rpcclient.c:1219)
==4407==
==4407== Invalid read of size 1
==4407== at 0x14627D: main (rpcclient.c:1263)
==4407== Address 0x7b67cd0 is 0 bytes inside a block of size 10 free'd
==4407== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==4407== by 0x5B2E8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==4407== by 0x5B2F5D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==4407== by 0x146227: main (rpcclient.c:1251)
==4407== Block was alloc'd at
==4407== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==4407== by 0x5B302EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==4407== by 0x1461BC: main (rpcclient.c:1219)
==4407==
==4407== Invalid read of size 1
==4407== at 0x4849782: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==4407== by 0x4980E1C: talloc_strdup (talloc.c:2470)
==4407== by 0x488CD96: dcerpc_parse_binding (binding.c:320)
==4407== by 0x1462B1: main (rpcclient.c:1267)
==4407== Address 0x7b67cd0 is 0 bytes inside a block of size 10 free'd
==4407== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==4407== by 0x5B2E8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==4407== by 0x5B2F5D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==4407== by 0x146227: main (rpcclient.c:1251)
==4407== Block was alloc'd at
==4407== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==4407== by 0x5B302EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==4407== by 0x1461BC: main (rpcclient.c:1219)
==4407==
==4407== Invalid read of size 1
==4407== at 0x4849794: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==4407== by 0x4980E1C: talloc_strdup (talloc.c:2470)
==4407== by 0x488CD96: dcerpc_parse_binding (binding.c:320)
==4407== by 0x1462B1: main (rpcclient.c:1267)
==4407== Address 0x7b67cd1 is 1 bytes inside a block of size 10 free'd
==4407== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==4407== by 0x5B2E8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==4407== by 0x5B2F5D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==4407== by 0x146227: main (rpcclient.c:1251)
==4407== Block was alloc'd at
==4407== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==4407== by 0x5B302EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==4407== by 0x1461BC: main (rpcclient.c:1219)
==4407==
==4407== Invalid read of size 8
==4407== at 0x484D3AE: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==4407== by 0x4980DC2: __talloc_strlendup (talloc.c:2457)
==4407== by 0x4980E32: talloc_strdup (talloc.c:2470)
==4407== by 0x488CD96: dcerpc_parse_binding (binding.c:320)
==4407== by 0x1462B1: main (rpcclient.c:1267)
==4407== Address 0x7b67cd0 is 0 bytes inside a block of size 10 free'd
==4407== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==4407== by 0x5B2E8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==4407== by 0x5B2F5D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==4407== by 0x146227: main (rpcclient.c:1251)
==4407== Block was alloc'd at
==4407== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==4407== by 0x5B302EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==4407== by 0x1461BC: main (rpcclient.c:1219)
==4407==
==4407== Invalid read of size 1
==4407== at 0x484D430: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==4407== by 0x4980DC2: __talloc_strlendup (talloc.c:2457)
==4407== by 0x4980E32: talloc_strdup (talloc.c:2470)
==4407== by 0x488CD96: dcerpc_parse_binding (binding.c:320)
==4407== by 0x1462B1: main (rpcclient.c:1267)
==4407== Address 0x7b67cd8 is 8 bytes inside a block of size 10 free'd
==4407== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==4407== by 0x5B2E8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==4407== by 0x5B2F5D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==4407== by 0x146227: main (rpcclient.c:1251)
==4407== Block was alloc'd at
==4407== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==4407== by 0x5B302EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==4407== by 0x1461BC: main (rpcclient.c:1219)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15205
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit d26d3d9bff61f796c9c9ab54990ea078f575ab1e)
- - - - -
4c03cfd6 by Noel Power at 2022-10-18T13:32:11+00:00
s3/param: Fix use after free with popt-1.19
popt1.19 fixes a leak that exposes a use as free,
make sure we duplicate return of poptGetArg if
poptFreeContext is called before we use it.
==5325== Invalid read of size 1
==5325== at 0x4849782: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4859E1C: talloc_strdup (talloc.c:2470)
==5325== by 0x48C0D37: talloc_sub_basic (substitute.c:303)
==5325== by 0x4894B98: lp_load_ex (loadparm.c:4004)
==5325== by 0x489529E: lp_load_with_registry_shares (loadparm.c:4237)
==5325== by 0x10ABD7: main (test_lp_load.c:98)
==5325== Address 0x72da8b0 is 0 bytes inside a block of size 20 free'd
==5325== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4B8F8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x4B905D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x10AB8E: main (test_lp_load.c:90)
==5325== Block was alloc'd at
==5325== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4B912EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x10AB49: main (test_lp_load.c:74)
==5325==
==5325== Invalid read of size 1
==5325== at 0x4849794: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4859E1C: talloc_strdup (talloc.c:2470)
==5325== by 0x48C0D37: talloc_sub_basic (substitute.c:303)
==5325== by 0x4894B98: lp_load_ex (loadparm.c:4004)
==5325== by 0x489529E: lp_load_with_registry_shares (loadparm.c:4237)
==5325== by 0x10ABD7: main (test_lp_load.c:98)
==5325== Address 0x72da8b1 is 1 bytes inside a block of size 20 free'd
==5325== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4B8F8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x4B905D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x10AB8E: main (test_lp_load.c:90)
==5325== Block was alloc'd at
==5325== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4B912EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x10AB49: main (test_lp_load.c:74)
==5325==
==5325== Invalid read of size 8
==5325== at 0x484D3AE: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4859DC2: __talloc_strlendup (talloc.c:2457)
==5325== by 0x4859E32: talloc_strdup (talloc.c:2470)
==5325== by 0x48C0D37: talloc_sub_basic (substitute.c:303)
==5325== by 0x4894B98: lp_load_ex (loadparm.c:4004)
==5325== by 0x489529E: lp_load_with_registry_shares (loadparm.c:4237)
==5325== by 0x10ABD7: main (test_lp_load.c:98)
==5325== Address 0x72da8b0 is 0 bytes inside a block of size 20 free'd
==5325== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4B8F8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x4B905D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x10AB8E: main (test_lp_load.c:90)
==5325== Block was alloc'd at
==5325== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4B912EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x10AB49: main (test_lp_load.c:74)
==5325==
==5325== Invalid read of size 2
==5325== at 0x484D400: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4859DC2: __talloc_strlendup (talloc.c:2457)
==5325== by 0x4859E32: talloc_strdup (talloc.c:2470)
==5325== by 0x48C0D37: talloc_sub_basic (substitute.c:303)
==5325== by 0x4894B98: lp_load_ex (loadparm.c:4004)
==5325== by 0x489529E: lp_load_with_registry_shares (loadparm.c:4237)
==5325== by 0x10ABD7: main (test_lp_load.c:98)
==5325== Address 0x72da8c0 is 16 bytes inside a block of size 20 free'd
==5325== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4B8F8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x4B905D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x10AB8E: main (test_lp_load.c:90)
==5325== Block was alloc'd at
==5325== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4B912EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x10AB49: main (test_lp_load.c:74)
==5325==
==5325== Invalid read of size 1
==5325== at 0x484D430: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4859DC2: __talloc_strlendup (talloc.c:2457)
==5325== by 0x4859E32: talloc_strdup (talloc.c:2470)
==5325== by 0x48C0D37: talloc_sub_basic (substitute.c:303)
==5325== by 0x4894B98: lp_load_ex (loadparm.c:4004)
==5325== by 0x489529E: lp_load_with_registry_shares (loadparm.c:4237)
==5325== by 0x10ABD7: main (test_lp_load.c:98)
==5325== Address 0x72da8c2 is 18 bytes inside a block of size 20 free'd
==5325== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4B8F8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x4B905D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x10AB8E: main (test_lp_load.c:90)
==5325== Block was alloc'd at
==5325== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4B912EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x10AB49: main (test_lp_load.c:74)
==5325==
==5325== Invalid read of size 1
==5325== at 0x4849782: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4859E1C: talloc_strdup (talloc.c:2470)
==5325== by 0x4B3B74B: add_to_file_list (loadparm.c:1023)
==5325== by 0x4894BD4: lp_load_ex (loadparm.c:4011)
==5325== by 0x489529E: lp_load_with_registry_shares (loadparm.c:4237)
==5325== by 0x10ABD7: main (test_lp_load.c:98)
==5325== Address 0x72da8b0 is 0 bytes inside a block of size 20 free'd
==5325== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4B8F8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x4B905D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x10AB8E: main (test_lp_load.c:90)
==5325== Block was alloc'd at
==5325== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4B912EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x10AB49: main (test_lp_load.c:74)
==5325==
==5325== Invalid read of size 1
==5325== at 0x4849794: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4859E1C: talloc_strdup (talloc.c:2470)
==5325== by 0x4B3B74B: add_to_file_list (loadparm.c:1023)
==5325== by 0x4894BD4: lp_load_ex (loadparm.c:4011)
==5325== by 0x489529E: lp_load_with_registry_shares (loadparm.c:4237)
==5325== by 0x10ABD7: main (test_lp_load.c:98)
==5325== Address 0x72da8b1 is 1 bytes inside a block of size 20 free'd
==5325== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4B8F8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x4B905D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x10AB8E: main (test_lp_load.c:90)
==5325== Block was alloc'd at
==5325== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4B912EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x10AB49: main (test_lp_load.c:74)
==5325==
==5325== Invalid read of size 8
==5325== at 0x484D3AE: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4859DC2: __talloc_strlendup (talloc.c:2457)
==5325== by 0x4859E32: talloc_strdup (talloc.c:2470)
==5325== by 0x4B3B74B: add_to_file_list (loadparm.c:1023)
==5325== by 0x4894BD4: lp_load_ex (loadparm.c:4011)
==5325== by 0x489529E: lp_load_with_registry_shares (loadparm.c:4237)
==5325== by 0x10ABD7: main (test_lp_load.c:98)
==5325== Address 0x72da8b0 is 0 bytes inside a block of size 20 free'd
==5325== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4B8F8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x4B905D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x10AB8E: main (test_lp_load.c:90)
==5325== Block was alloc'd at
==5325== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4B912EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x10AB49: main (test_lp_load.c:74)
==5325==
==5325== Invalid read of size 2
==5325== at 0x484D400: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4859DC2: __talloc_strlendup (talloc.c:2457)
==5325== by 0x4859E32: talloc_strdup (talloc.c:2470)
==5325== by 0x4B3B74B: add_to_file_list (loadparm.c:1023)
==5325== by 0x4894BD4: lp_load_ex (loadparm.c:4011)
==5325== by 0x489529E: lp_load_with_registry_shares (loadparm.c:4237)
==5325== by 0x10ABD7: main (test_lp_load.c:98)
==5325== Address 0x72da8c0 is 16 bytes inside a block of size 20 free'd
==5325== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4B8F8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x4B905D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x10AB8E: main (test_lp_load.c:90)
==5325== Block was alloc'd at
==5325== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4B912EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x10AB49: main (test_lp_load.c:74)
==5325==
==5325== Invalid read of size 1
==5325== at 0x484D430: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4859DC2: __talloc_strlendup (talloc.c:2457)
==5325== by 0x4859E32: talloc_strdup (talloc.c:2470)
==5325== by 0x4B3B74B: add_to_file_list (loadparm.c:1023)
==5325== by 0x4894BD4: lp_load_ex (loadparm.c:4011)
==5325== by 0x489529E: lp_load_with_registry_shares (loadparm.c:4237)
==5325== by 0x10ABD7: main (test_lp_load.c:98)
==5325== Address 0x72da8c2 is 18 bytes inside a block of size 20 free'd
==5325== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4B8F8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x4B905D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x10AB8E: main (test_lp_load.c:90)
==5325== Block was alloc'd at
==5325== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4B912EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x10AB49: main (test_lp_load.c:74)
==5325==
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15205
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit ff003fc87b8164610dfd6572347c05308c4b2fd7)
- - - - -
1e865210 by Noel Power at 2022-10-18T13:32:11+00:00
s3/utils: Add missing poptFreeContext
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15205
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 31d3d10b260f05080ca0a3cf9434aa4704d60739)
- - - - -
3a9733ce by Noel Power at 2022-10-18T13:32:11+00:00
s3/utils: Fix use after free with popt 1.19
popt1.19 fixes a leak that exposes a use as free,
make sure we duplicate return of poptGetArg if
poptFreeContext is called before we use it.
==5914== Invalid read of size 1
==5914== at 0x4FDF740: strlcpy (in /usr/lib64/libbsd.so.0.11.6)
==5914== by 0x49E09A9: tdbsam_getsampwnam (pdb_tdb.c:583)
==5914== by 0x49D94E5: pdb_getsampwnam (pdb_interface.c:340)
==5914== by 0x10DED1: print_user_info (pdbedit.c:372)
==5914== by 0x111413: main (pdbedit.c:1324)
==5914== Address 0x73b6750 is 0 bytes inside a block of size 7 free'd
==5914== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5914== by 0x4C508B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==5914== by 0x4C515D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==5914== by 0x1113E6: main (pdbedit.c:1323)
==5914== Block was alloc'd at
==5914== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5914== by 0x4C522EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==5914== by 0x110AE5: main (pdbedit.c:1137)
==5914==
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15205
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit e82699fcca3716d9ed0450263fd83f948de8ffbe)
- - - - -
21890fcb by Noel Power at 2022-10-18T13:32:11+00:00
s3/utils: Fix use after free with popt 1.19
popt1.19 fixes a leak that exposes a use as free,
make sure we duplicate return of poptGetArg if
poptFreeContext is called before we use it.
==6055== Command: ./bin/testparm /etc/samba/smb.conf
==6055==
==6055== Invalid read of size 1
==6055== at 0x4849782: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4C1E50F: __vfprintf_internal (in /usr/lib64/libc.so.6)
==6055== by 0x4C1EB74: buffered_vfprintf (in /usr/lib64/libc.so.6)
==6055== by 0x4C119E9: fprintf (in /usr/lib64/libc.so.6)
==6055== by 0x10EBFA: main (testparm.c:862)
==6055== Address 0x72dab70 is 0 bytes inside a block of size 20 free'd
==6055== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB28B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x4BB35D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EBAC: main (testparm.c:854)
==6055== Block was alloc'd at
==6055== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB42EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EB2E: main (testparm.c:830)
==6055==
==6055== Invalid read of size 1
==6055== at 0x4849794: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4C1E50F: __vfprintf_internal (in /usr/lib64/libc.so.6)
==6055== by 0x4C1EB74: buffered_vfprintf (in /usr/lib64/libc.so.6)
==6055== by 0x4C119E9: fprintf (in /usr/lib64/libc.so.6)
==6055== by 0x10EBFA: main (testparm.c:862)
==6055== Address 0x72dab71 is 1 bytes inside a block of size 20 free'd
==6055== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB28B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x4BB35D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EBAC: main (testparm.c:854)
==6055== Block was alloc'd at
==6055== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB42EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EB2E: main (testparm.c:830)
==6055==
==6055== Invalid read of size 1
==6055== at 0x4C44DD0: _IO_default_xsputn (in /usr/lib64/libc.so.6)
==6055== by 0x4C1E39E: __vfprintf_internal (in /usr/lib64/libc.so.6)
==6055== by 0x4C1EB74: buffered_vfprintf (in /usr/lib64/libc.so.6)
==6055== by 0x4C119E9: fprintf (in /usr/lib64/libc.so.6)
==6055== by 0x10EBFA: main (testparm.c:862)
==6055== Address 0x72dab70 is 0 bytes inside a block of size 20 free'd
==6055== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB28B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x4BB35D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EBAC: main (testparm.c:854)
==6055== Block was alloc'd at
==6055== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB42EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EB2E: main (testparm.c:830)
==6055==
==6055== Invalid read of size 1
==6055== at 0x4C44DDF: _IO_default_xsputn (in /usr/lib64/libc.so.6)
==6055== by 0x4C1E39E: __vfprintf_internal (in /usr/lib64/libc.so.6)
==6055== by 0x4C1EB74: buffered_vfprintf (in /usr/lib64/libc.so.6)
==6055== by 0x4C119E9: fprintf (in /usr/lib64/libc.so.6)
==6055== by 0x10EBFA: main (testparm.c:862)
==6055== Address 0x72dab72 is 2 bytes inside a block of size 20 free'd
==6055== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB28B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x4BB35D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EBAC: main (testparm.c:854)
==6055== Block was alloc'd at
==6055== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB42EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EB2E: main (testparm.c:830)
==6055==
Load smb config files from /etc/samba/smb.conf
==6055== Invalid read of size 1
==6055== at 0x4849782: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4927E1C: talloc_strdup (talloc.c:2470)
==6055== by 0x48B5D37: talloc_sub_basic (substitute.c:303)
==6055== by 0x4889B98: lp_load_ex (loadparm.c:4004)
==6055== by 0x488A29E: lp_load_with_registry_shares (loadparm.c:4237)
==6055== by 0x10EC06: main (testparm.c:864)
==6055== Address 0x72dab70 is 0 bytes inside a block of size 20 free'd
==6055== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB28B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x4BB35D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EBAC: main (testparm.c:854)
==6055== Block was alloc'd at
==6055== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB42EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EB2E: main (testparm.c:830)
==6055==
==6055== Invalid read of size 1
==6055== at 0x4849794: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4927E1C: talloc_strdup (talloc.c:2470)
==6055== by 0x48B5D37: talloc_sub_basic (substitute.c:303)
==6055== by 0x4889B98: lp_load_ex (loadparm.c:4004)
==6055== by 0x488A29E: lp_load_with_registry_shares (loadparm.c:4237)
==6055== by 0x10EC06: main (testparm.c:864)
==6055== Address 0x72dab71 is 1 bytes inside a block of size 20 free'd
==6055== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB28B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x4BB35D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EBAC: main (testparm.c:854)
==6055== Block was alloc'd at
==6055== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB42EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EB2E: main (testparm.c:830)
==6055==
==6055== Invalid read of size 8
==6055== at 0x484D3AE: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4927DC2: __talloc_strlendup (talloc.c:2457)
==6055== by 0x4927E32: talloc_strdup (talloc.c:2470)
==6055== by 0x48B5D37: talloc_sub_basic (substitute.c:303)
==6055== by 0x4889B98: lp_load_ex (loadparm.c:4004)
==6055== by 0x488A29E: lp_load_with_registry_shares (loadparm.c:4237)
==6055== by 0x10EC06: main (testparm.c:864)
==6055== Address 0x72dab70 is 0 bytes inside a block of size 20 free'd
==6055== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB28B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x4BB35D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EBAC: main (testparm.c:854)
==6055== Block was alloc'd at
==6055== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB42EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EB2E: main (testparm.c:830)
==6055==
==6055== Invalid read of size 2
==6055== at 0x484D400: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4927DC2: __talloc_strlendup (talloc.c:2457)
==6055== by 0x4927E32: talloc_strdup (talloc.c:2470)
==6055== by 0x48B5D37: talloc_sub_basic (substitute.c:303)
==6055== by 0x4889B98: lp_load_ex (loadparm.c:4004)
==6055== by 0x488A29E: lp_load_with_registry_shares (loadparm.c:4237)
==6055== by 0x10EC06: main (testparm.c:864)
==6055== Address 0x72dab80 is 16 bytes inside a block of size 20 free'd
==6055== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB28B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x4BB35D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EBAC: main (testparm.c:854)
==6055== Block was alloc'd at
==6055== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB42EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EB2E: main (testparm.c:830)
==6055==
==6055== Invalid read of size 1
==6055== at 0x484D430: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4927DC2: __talloc_strlendup (talloc.c:2457)
==6055== by 0x4927E32: talloc_strdup (talloc.c:2470)
==6055== by 0x48B5D37: talloc_sub_basic (substitute.c:303)
==6055== by 0x4889B98: lp_load_ex (loadparm.c:4004)
==6055== by 0x488A29E: lp_load_with_registry_shares (loadparm.c:4237)
==6055== by 0x10EC06: main (testparm.c:864)
==6055== Address 0x72dab82 is 18 bytes inside a block of size 20 free'd
==6055== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB28B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x4BB35D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EBAC: main (testparm.c:854)
==6055== Block was alloc'd at
==6055== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB42EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EB2E: main (testparm.c:830)
==6055==
==6055== Invalid read of size 1
==6055== at 0x4849782: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4927E1C: talloc_strdup (talloc.c:2470)
==6055== by 0x4B5974B: add_to_file_list (loadparm.c:1023)
==6055== by 0x4889BD4: lp_load_ex (loadparm.c:4011)
==6055== by 0x488A29E: lp_load_with_registry_shares (loadparm.c:4237)
==6055== by 0x10EC06: main (testparm.c:864)
==6055== Address 0x72dab70 is 0 bytes inside a block of size 20 free'd
==6055== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB28B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x4BB35D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EBAC: main (testparm.c:854)
==6055== Block was alloc'd at
==6055== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB42EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EB2E: main (testparm.c:830)
==6055==
==6055== Invalid read of size 1
==6055== at 0x4849794: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4927E1C: talloc_strdup (talloc.c:2470)
==6055== by 0x4B5974B: add_to_file_list (loadparm.c:1023)
==6055== by 0x4889BD4: lp_load_ex (loadparm.c:4011)
==6055== by 0x488A29E: lp_load_with_registry_shares (loadparm.c:4237)
==6055== by 0x10EC06: main (testparm.c:864)
==6055== Address 0x72dab71 is 1 bytes inside a block of size 20 free'd
==6055== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB28B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x4BB35D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EBAC: main (testparm.c:854)
==6055== Block was alloc'd at
==6055== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB42EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EB2E: main (testparm.c:830)
==6055==
==6055== Invalid read of size 8
==6055== at 0x484D3AE: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4927DC2: __talloc_strlendup (talloc.c:2457)
==6055== by 0x4927E32: talloc_strdup (talloc.c:2470)
==6055== by 0x4B5974B: add_to_file_list (loadparm.c:1023)
==6055== by 0x4889BD4: lp_load_ex (loadparm.c:4011)
==6055== by 0x488A29E: lp_load_with_registry_shares (loadparm.c:4237)
==6055== by 0x10EC06: main (testparm.c:864)
==6055== Address 0x72dab70 is 0 bytes inside a block of size 20 free'd
==6055== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB28B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x4BB35D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EBAC: main (testparm.c:854)
==6055== Block was alloc'd at
==6055== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB42EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EB2E: main (testparm.c:830)
==6055==
==6055== Invalid read of size 2
==6055== at 0x484D400: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4927DC2: __talloc_strlendup (talloc.c:2457)
==6055== by 0x4927E32: talloc_strdup (talloc.c:2470)
==6055== by 0x4B5974B: add_to_file_list (loadparm.c:1023)
==6055== by 0x4889BD4: lp_load_ex (loadparm.c:4011)
==6055== by 0x488A29E: lp_load_with_registry_shares (loadparm.c:4237)
==6055== by 0x10EC06: main (testparm.c:864)
==6055== Address 0x72dab80 is 16 bytes inside a block of size 20 free'd
==6055== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB28B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x4BB35D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EBAC: main (testparm.c:854)
==6055== Block was alloc'd at
==6055== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB42EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EB2E: main (testparm.c:830)
==6055==
==6055== Invalid read of size 1
==6055== at 0x484D430: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4927DC2: __talloc_strlendup (talloc.c:2457)
==6055== by 0x4927E32: talloc_strdup (talloc.c:2470)
==6055== by 0x4B5974B: add_to_file_list (loadparm.c:1023)
==6055== by 0x4889BD4: lp_load_ex (loadparm.c:4011)
==6055== by 0x488A29E: lp_load_with_registry_shares (loadparm.c:4237)
==6055== by 0x10EC06: main (testparm.c:864)
==6055== Address 0x72dab82 is 18 bytes inside a block of size 20 free'd
==6055== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB28B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x4BB35D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EBAC: main (testparm.c:854)
==6055== Block was alloc'd at
==6055== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB42EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EB2E: main (testparm.c:830)
==6055==
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15205
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 4b15d8c2a5c8547b84e7926fed9890b5676b8bc3)
- - - - -
ee2858ab by Noel Power at 2022-10-18T13:32:11+00:00
s4/lib/registry: Fix use after free with popt 1.19
popt1.19 fixes a leak that exposes a use as free,
make sure we duplicate return of poptGetArg if
poptFreeContext is called before we use it.
==6357== Command: ./bin/regpatch file
==6357==
Can't load /home/npower/samba-back/INSTALL_DIR/etc/smb.conf - run testparm to debug it
==6357== Syscall param openat(filename) points to unaddressable byte(s)
==6357== at 0x4BFE535: open (in /usr/lib64/libc.so.6)
==6357== by 0x4861432: reg_diff_load (patchfile.c:345)
==6357== by 0x4861CD3: reg_diff_apply (patchfile.c:542)
==6357== by 0x10ADF9: main (regpatch.c:114)
==6357== Address 0x70f79d0 is 0 bytes inside a block of size 5 free'd
==6357== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6357== by 0x4AF38B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==6357== by 0x4AF45D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==6357== by 0x10ADCF: main (regpatch.c:111)
==6357== Block was alloc'd at
==6357== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6357== by 0x4AF52EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==6357== by 0x10ACBD: main (regpatch.c:79)
==6357==
==6357== Invalid read of size 1
==6357== at 0x4849782: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6357== by 0x4B5D50F: __vfprintf_internal (in /usr/lib64/libc.so.6)
==6357== by 0x4B7E719: __vasprintf_internal (in /usr/lib64/libc.so.6)
==6357== by 0x4AD32F0: __dbgtext_va (debug.c:1904)
==6357== by 0x4AD33F2: dbgtext (debug.c:1925)
==6357== by 0x4861515: reg_diff_load (patchfile.c:353)
==6357== by 0x4861CD3: reg_diff_apply (patchfile.c:542)
==6357== by 0x10ADF9: main (regpatch.c:114)
==6357== Address 0x70f79d0 is 0 bytes inside a block of size 5 free'd
==6357== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6357== by 0x4AF38B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==6357== by 0x4AF45D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==6357== by 0x10ADCF: main (regpatch.c:111)
==6357== Block was alloc'd at
==6357== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6357== by 0x4AF52EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==6357== by 0x10ACBD: main (regpatch.c:79)
==6357==
==6357== Invalid read of size 1
==6357== at 0x4849794: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6357== by 0x4B5D50F: __vfprintf_internal (in /usr/lib64/libc.so.6)
==6357== by 0x4B7E719: __vasprintf_internal (in /usr/lib64/libc.so.6)
==6357== by 0x4AD32F0: __dbgtext_va (debug.c:1904)
==6357== by 0x4AD33F2: dbgtext (debug.c:1925)
==6357== by 0x4861515: reg_diff_load (patchfile.c:353)
==6357== by 0x4861CD3: reg_diff_apply (patchfile.c:542)
==6357== by 0x10ADF9: main (regpatch.c:114)
==6357== Address 0x70f79d1 is 1 bytes inside a block of size 5 free'd
==6357== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6357== by 0x4AF38B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==6357== by 0x4AF45D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==6357== by 0x10ADCF: main (regpatch.c:111)
==6357== Block was alloc'd at
==6357== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6357== by 0x4AF52EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==6357== by 0x10ACBD: main (regpatch.c:79)
==6357==
==6357== Invalid read of size 1
==6357== at 0x4B83DD0: _IO_default_xsputn (in /usr/lib64/libc.so.6)
==6357== by 0x4B5D39E: __vfprintf_internal (in /usr/lib64/libc.so.6)
==6357== by 0x4B7E719: __vasprintf_internal (in /usr/lib64/libc.so.6)
==6357== by 0x4AD32F0: __dbgtext_va (debug.c:1904)
==6357== by 0x4AD33F2: dbgtext (debug.c:1925)
==6357== by 0x4861515: reg_diff_load (patchfile.c:353)
==6357== by 0x4861CD3: reg_diff_apply (patchfile.c:542)
==6357== by 0x10ADF9: main (regpatch.c:114)
==6357== Address 0x70f79d0 is 0 bytes inside a block of size 5 free'd
==6357== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6357== by 0x4AF38B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==6357== by 0x4AF45D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==6357== by 0x10ADCF: main (regpatch.c:111)
==6357== Block was alloc'd at
==6357== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6357== by 0x4AF52EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==6357== by 0x10ACBD: main (regpatch.c:79)
==6357==
==6357== Invalid read of size 1
==6357== at 0x4B83DDF: _IO_default_xsputn (in /usr/lib64/libc.so.6)
==6357== by 0x4B5D39E: __vfprintf_internal (in /usr/lib64/libc.so.6)
==6357== by 0x4B7E719: __vasprintf_internal (in /usr/lib64/libc.so.6)
==6357== by 0x4AD32F0: __dbgtext_va (debug.c:1904)
==6357== by 0x4AD33F2: dbgtext (debug.c:1925)
==6357== by 0x4861515: reg_diff_load (patchfile.c:353)
==6357== by 0x4861CD3: reg_diff_apply (patchfile.c:542)
==6357== by 0x10ADF9: main (regpatch.c:114)
==6357== Address 0x70f79d2 is 2 bytes inside a block of size 5 free'd
==6357== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6357== by 0x4AF38B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==6357== by 0x4AF45D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==6357== by 0x10ADCF: main (regpatch.c:111)
==6357== Block was alloc'd at
==6357== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6357== by 0x4AF52EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==6357== by 0x10ACBD: main (regpatch.c:79)
==6357==
Error reading registry patch file `file'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15205
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Fri Oct 14 13:38:55 UTC 2022 on sn-devel-184
(cherry picked from commit 7e0e3f47cd67e4cadc101691cd14837f45d9506a)
- - - - -
fac483e3 by Noel Power at 2022-10-18T13:32:11+00:00
s3/param: Check return of talloc_strdup
followup to commit ff003fc87b8164610dfd6572347c05308c4b2fd7
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15205
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 19eb88bc53e481327bbd437b0c145d5765c6dcec)
- - - - -
d5e39d1b by Noel Power at 2022-10-18T13:32:11+00:00
s3/utils: Check return of talloc_strdup
followup to e82699fcca3716d9ed0450263fd83f948de8ffbe
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15205
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 972127daddc7a32d23fb84d97102557035b06f5b)
- - - - -
93d6f403 by Noel Power at 2022-10-18T14:28:13+00:00
s3/utils: check result of talloc_strdup
follow to commit 4b15d8c2a5c8547b84e7926fed9890b5676b8bc3
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15205
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon Oct 17 19:49:37 UTC 2022 on sn-devel-184
(cherry picked from commit 0326549a052c22e4929e3760fd5011c35e32fe33)
Autobuild-User(v4-17-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-17-test): Tue Oct 18 14:28:13 UTC 2022 on sn-devel-184
- - - - -
68a0ef3b by Stefan Metzmacher at 2022-10-19T08:40:14+00:00
s4:messaging: add imessaging_init_discard_incoming()
We often create imessaging contexts just for sending messages,
but we'll never process incoming messages because a temporary event
context was used and we just queue a lot of imessaging_post_state
structures with immediate events.
With imessaging_init_discard_incoming() we'll discard any incoming messages
unless we have pending irpc requests.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15201
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit a120fb1c724dfaed5a99e34aaf979502586f17c0)
- - - - -
28c65ce3 by Stefan Metzmacher at 2022-10-19T08:40:14+00:00
s3:auth_samba4: make use of imessaging_init_discard_incoming()
Otherwise we'll generate a memory leak of imessaging_post_state/
tevent_immediate structures per incoming message!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15201
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 32df5e4961cf064b72bb496157cc6092126d9b8e)
- - - - -
7540755d by Stefan Metzmacher at 2022-10-19T09:51:29+00:00
s4:messaging: let imessaging_client_init() use imessaging_init_discard_incoming()
imessaging_client_init() is for temporary stuff only, so we should drop
(unexpected) incoming messages unless we expect irpc responses.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15201
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Thu Oct 13 13:32:30 UTC 2022 on sn-devel-184
(cherry picked from commit 266bcedc18efc52e29efde6bad220623a5423e30)
Autobuild-User(v4-17-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-17-test): Wed Oct 19 09:51:29 UTC 2022 on sn-devel-184
- - - - -
09ec2b13 by Jeremy Allison at 2022-10-19T10:51:11+00:00
s4: torture: libsmbclient: Add a torture test to ensure smbc_stat() returns ENOENT on a non-existent file.
Add knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15195
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
(cherry picked from commit 9eda432836bfff3d3d4a365a08a5ecb54f0f2e34)
- - - - -
142a771d by Jeremy Allison at 2022-10-19T11:52:24+00:00
s3: libsmbclient: Fix smbc_stat() to return ENOENT on a non-existent file..
Remove knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15195
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Oct 19 00:13:56 UTC 2022 on sn-devel-184
(cherry picked from commit fd0c01da1c744ae6fd9d8675616d8b6d3531e469)
Autobuild-User(v4-17-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-17-test): Wed Oct 19 11:52:24 UTC 2022 on sn-devel-184
- - - - -
cda9e1cc by Jule Anger at 2022-10-19T14:12:49+02:00
WHATSNEW: Add release notes for Samba 4.17.1.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
ed12d435 by Jule Anger at 2022-10-19T14:13:18+02:00
VERSION: Disable GIT_SNAPSHOT for the 4.17.1 release.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
96e8adf7 by Jule Anger at 2022-10-19T14:13:39+02:00
VERSION: Bump version up to Samba 4.17.2...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
74e5200a by Michael Tokarev at 2022-10-19T21:28:42+03:00
New upstream version 4.17.1+dfsg
- - - - -
16ea178f by Joseph Sutton at 2022-10-24T07:57:56+02:00
CVE-2022-3437 third_party/heimdal: Remove __func__ compatibility workaround
As described by the C standard, __func__ is a variable, not a macro.
Hence this #ifndef check does not work as intended, and only serves to
unconditionally disable __func__. A nonoperating __func__ prevents
cmocka operating correctly, so remove this definition.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15134
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d5a06cd5 by Joseph Sutton at 2022-10-24T07:57:56+02:00
CVE-2022-3437 third_party/heimdal_build: Add gssapi-subsystem subsystem
This allows us to access (and so test) functions internal to GSSAPI by
depending on this subsystem.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15134
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
846fbd04 by Joseph Sutton at 2022-10-24T07:57:56+02:00
CVE-2022-3437 s4/auth/tests: Add unit tests for unwrap_des3()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15134
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2ee62a7c by Joseph Sutton at 2022-10-24T07:57:56+02:00
CVE-2022-3437 third_party/heimdal: Use constant-time memcmp() for arcfour unwrap
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15134
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
abb3f7f1 by Joseph Sutton at 2022-10-24T07:57:56+02:00
CVE-2022-3437 third_party/heimdal: Use constant-time memcmp() in unwrap_des3()
The surrounding checks all use ct_memcmp(), so this one was presumably
meant to as well.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15134
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
24099e34 by Joseph Sutton at 2022-10-24T07:57:56+02:00
CVE-2022-3437 third_party/heimdal: Don't pass NULL pointers to memcpy() in DES unwrap
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15134
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c06f2e9c by Joseph Sutton at 2022-10-24T07:57:56+02:00
CVE-2022-3437 third_party/heimdal: Avoid undefined behaviour in _gssapi_verify_pad()
By decrementing 'pad' only when we know it's safe, we ensure we can't
stray backwards past the start of a buffer, which would be undefined
behaviour.
In the previous version of the loop, 'i' is the number of bytes left to
check, and 'pad' is the current byte we're checking. 'pad' was
decremented at the end of each loop iteration. If 'i' was 1 (so we
checked the final byte), 'pad' could potentially be pointing to the
first byte of the input buffer, and the decrement would put it one
byte behind the buffer.
That would be undefined behaviour.
The patch changes it so that 'pad' is the byte we previously checked,
which allows us to ensure that we only decrement it when we know we
have a byte to check.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15134
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a0cd16f0 by Joseph Sutton at 2022-10-24T07:57:56+02:00
CVE-2022-3437 third_party/heimdal: Check the result of _gsskrb5_get_mech()
We should make sure that the result of 'total_len - mech_len' won't
overflow, and that we don't memcmp() past the end of the buffer.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15134
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0de56695 by Joseph Sutton at 2022-10-24T07:57:56+02:00
CVE-2022-3437 third_party/heimdal: Check buffer length against overflow for DES{,3} unwrap
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15134
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f33f8a51 by Joseph Sutton at 2022-10-24T07:57:56+02:00
CVE-2022-3437 third_party/heimdal: Check for overflow in _gsskrb5_get_mech()
If len_len is equal to total_len - 1 (i.e. the input consists only of a
0x60 byte and a length), the expression 'total_len - 1 - len_len - 1',
used as the 'len' parameter to der_get_length(), will overflow to
SIZE_MAX. Then der_get_length() will proceed to read, unconstrained,
whatever data follows in memory. Add a check to ensure that doesn't
happen.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15134
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3007e320 by Joseph Sutton at 2022-10-24T07:57:56+02:00
CVE-2022-3437 third_party/heimdal: Pass correct length to _gssapi_verify_pad()
We later subtract 8 when calculating the length of the output message
buffer. If padlength is excessively high, this calculation can underflow
and result in a very large positive value.
Now we properly constrain the value of padlength so underflow shouldn't
be possible.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15134
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4fbcfb28 by Volker Lendecke at 2022-10-24T08:00:02+02:00
CVE-2022-3592 smbd: No empty path components in openat_pathref_dirfsp_nosymlink()
Upper layers must have filtered this, everything else is a bug
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15207
Signed-off-by: Volker Lendecke <vl at samba.org>
- - - - -
4e3e3f9c by Volker Lendecke at 2022-10-24T08:00:02+02:00
CVE-2022-3592 torture3: Show that our symlink traversal checks are insecure
This test shows that we don't properly check whether symlink targets
are inside the exported share. Linking to <share-root>a/etc makes us
loop back into filename_convert_dirfsp_nosymlink() with /etc as a
directory name.
On Linux systems with openat2(RESOLVE_NO_SYMLINKS) we pass "/etc"
directly into that call after some checks for "."/".." as invalid file
name components. "/etc" is okay for openat2(), but this test must also
succeed on systems without RESOLVE_NO_SYMLINKS (sn-devel-184 for
example). On systems without RESOLVE_NO_SYMLINKS split up the path
"/etc" into path components, in this case "" and "etc". So we pass ""
down to openat(), which correctly fails with ENOENT.
Summary: Only with RESOLVE_NO_SYMLINKS we're hit by bug 15207, and
this test shows by expecting CONNECTION_DISCONNECTED that we violate
the internal assumption of empty path components with an unexpected
symlink target, making it testable on systems with and without
RESOLVE_NO_SYMLINKS.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15207
Signed-off-by: Volker Lendecke <vl at samba.org>
- - - - -
ace0ebde by Volker Lendecke at 2022-10-24T08:00:02+02:00
CVE-2022-3592 lib: add subdir_of() to source3/lib/util_path.c
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15207
Signed-off-by: Volker Lendecke <vl at samba.org>
- - - - -
e96d2809 by Volker Lendecke at 2022-10-24T08:00:02+02:00
CVE-2022-3592 smbd: Slightly simplify filename_convert_dirfsp()
subdir_of() calculates the share-relative rest for us, don't do the
strlen(connectpath) calculation twice. subdir_of() also checks that
the target properly ends on a directory. With just strncmp a symlink
to x->/aa/etc would qualify as in share /a, so a "get x/passwd" leads to a
pretty unfortunate result. This is the proper fix for bug 15207, so we
need to change the expected error code to OBJECT_PATH_NOT_FOUND
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15207
Signed-off-by: Volker Lendecke <vl at samba.org>
- - - - -
37fa752e by Jule Anger at 2022-10-24T12:32:18+02:00
WHATSNEW: Add release notes for Samba 4.17.2.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
21f99510 by Jule Anger at 2022-10-24T12:50:24+02:00
VERSION: Disable GIT_SNAPSHOT for the 4.17.2 release.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
114c6678 by Michael Tokarev at 2022-10-25T14:15:45+03:00
New upstream version 4.17.2+dfsg
- - - - -
edd64ec7 by Michael Tokarev at 2022-10-30T14:04:54+03:00
d/changelog: start of 4.17
- - - - -
ca7f7402 by Michael Tokarev at 2022-10-30T14:05:04+03:00
update upstream version number
- - - - -
829a79a8 by Michael Tokarev at 2022-10-30T16:01:39+03:00
Update upstream source from tag 'upstream/4.17.2+dfsg'
Update to upstream version '4.17.2+dfsg'
with Debian dir ca7f74022da37513229a6297015ce4d85ca6bb35
- - - - -
44bbcda8 by Michael Tokarev at 2022-10-30T16:03:51+03:00
remove poptGetArg-misuse-fixes-1022826.diff (applied upstream)
This reverts commit 53c8b81c6b8a53b72fc42f57d966d075cb5ad9a4.
- - - - -
0a19f9d4 by Michael Tokarev at 2022-10-30T16:04:39+03:00
remove dont-ignore-errors-in-random-number-generation-CVE-2022-1615.patch
This reverts commit f53483a5169218edd534e5fb4dc3b89419159bc8
the change is included in 4.17.
- - - - -
d52a197b by Michael Tokarev at 2022-10-30T16:05:01+03:00
removed: spelling.patch (partially applied upstream) weak-crypto-allowed-clarify.diff (applied upstream)
- - - - -
4eae5b37 by Michael Tokarev at 2022-10-30T16:05:07+03:00
+spelling.patch: a few more spelling fixes
- - - - -
8f3964b9 by Michael Tokarev at 2022-10-30T16:05:11+03:00
refresh: ctdb-create-piddir.patch
- - - - -
cf3610bd by Michael Tokarev at 2022-10-30T16:05:17+03:00
refresh: fix-nfs-service-name-to-nfs-kernel-server.patch
- - - - -
9cd71611 by Michael Tokarev at 2022-10-30T16:05:24+03:00
d/control: update minimum versions for talloc/tevent/tdb
- - - - -
e97223c2 by Michael Tokarev at 2022-10-30T16:05:28+03:00
d/rules: do not install ctdb.service, it is installed by upstream now
- - - - -
640e810e by Michael Tokarev at 2022-10-30T16:05:34+03:00
d/ctdb.install: do not install ctdb_wrapper (not used anymore)
- - - - -
731622e2 by Michael Tokarev at 2022-10-30T16:05:37+03:00
d/libldb2.symbols, d/d/python3-ldb.symbols.in: add new versions: 2.6.0 2.6.1
- - - - -
b5af5497 by Michael Tokarev at 2022-10-30T16:05:43+03:00
d/libldb2.symbols: mark symbols added in 2.5.2 as added in 2.6.1, remove 2.5.1 & 2.5.2 versions
- - - - -
440b9c9c by Michael Tokarev at 2022-10-30T16:05:46+03:00
d/python3-ldb.symbols.in: remove 2.5.1 & 2.5.2 versions
- - - - -
2a433707 by Michael Tokarev at 2022-10-30T16:05:53+03:00
move libpac-samba4.so.0 from samba to samba-libs (#1021450)
- - - - -
b9ce9fee by Michael Tokarev at 2022-10-30T16:05:58+03:00
d/rules: as of 4.17, no need to explicitly build intermediate targets anymore
- - - - -
d25aa7e1 by Michael Tokarev at 2022-10-30T16:06:03+03:00
d/rules: remove now-unused ${WAFv} macro
- - - - -
cba45ee0 by Michael Tokarev at 2022-10-30T16:22:16+03:00
update changelog; upload 4.17.2+dfsg-1 to experimental
- - - - -
3f665c23 by Michael Tokarev at 2022-10-30T16:22:42+03:00
update changelog; upload 4.17.2+dfsg-2 to experimental
- - - - -
fc0d8801 by Michael Tokarev at 2022-10-30T16:23:49+03:00
d/changelog: include entries from 4.17.x experimental branch
- - - - -
55307373 by Michael Tokarev at 2022-10-30T16:53:06+03:00
d/samba-libs.lintian-overrides: update package-name-doesnt-match-sonames to match all libs
- - - - -
2d1c8533 by Michael Tokarev at 2022-10-30T17:01:44+03:00
update changelog; upload 4.17.2+dfsg-3 to unstable
also mention closing of #1021022 by 4.17.0+dfsg-1
- - - - -
30 changed files:
- + .clang-format
- .editorconfig
- .gitlab-ci-main.yml
- README.Coding.md
- VERSION
- WHATSNEW.txt
- auth/auth_sam_reply.h
- auth/common_auth.h
- auth/credentials/credentials.h
- auth/credentials/credentials_krb5.c
- auth/credentials/pycredentials.c
- auth/gensec/gensec.h
- auth/gensec/schannel.c
- auth/ntlmssp/ntlmssp_ndr.c
- auth/ntlmssp/ntlmssp_server.c
- auth/ntlmssp/ntlmssp_sign.c
- bootstrap/.gitlab-ci.yml
- bootstrap/config.py
- bootstrap/generated-dists/Vagrantfile
- bootstrap/generated-dists/centos7/Dockerfile
- bootstrap/generated-dists/centos7/bootstrap.sh
- bootstrap/generated-dists/centos7/packages.yml
- bootstrap/generated-dists/debian10/Dockerfile → bootstrap/generated-dists/centos8s/Dockerfile
- bootstrap/generated-dists/centos8/bootstrap.sh → bootstrap/generated-dists/centos8s/bootstrap.sh
- bootstrap/generated-dists/centos8/locale.sh → bootstrap/generated-dists/centos8s/locale.sh
- bootstrap/generated-dists/centos8/packages.yml → bootstrap/generated-dists/centos8s/packages.yml
- − bootstrap/generated-dists/debian10/bootstrap.sh
- − bootstrap/generated-dists/debian10/packages.yml
- bootstrap/generated-dists/debian11/Dockerfile
- bootstrap/generated-dists/debian11/bootstrap.sh
The diff was not included because it is too large.
View it on GitLab: https://salsa.debian.org/samba-team/samba/-/compare/05ab8738ef4baf8c0dfd17745604c204d9f44dda...2d1c8533a18354f5a79c4aa146c0b55c276f377c
--
View it on GitLab: https://salsa.debian.org/samba-team/samba/-/compare/05ab8738ef4baf8c0dfd17745604c204d9f44dda...2d1c8533a18354f5a79c4aa146c0b55c276f377c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-samba-maint/attachments/20221030/6b09e329/attachment-0001.htm>
More information about the Pkg-samba-maint
mailing list