[Pkg-samba-maint] [Git][samba-team/samba][master] 2365 commits: VERSION: Bump version up to 4.17.0pre1...
Michael Tokarev (@mjt)
gitlab at salsa.debian.org
Sun Oct 30 17:14:46 GMT 2022
Michael Tokarev pushed to branch master at Debian Samba Team / samba
Commits:
a3de4316 by Jule Anger at 2022-01-24T11:21:32+00:00
VERSION: Bump version up to 4.17.0pre1...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Jule Anger <janger at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
- - - - -
d844bc6c by Stefan Metzmacher at 2022-01-24T12:15:09+00:00
ldb: bump version to 2.6.0 for Samba 4.17.x releases
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Jule Anger <janger at samba.org>
Autobuild-User(master): Jule Anger <janger at samba.org>
Autobuild-Date(master): Mon Jan 24 12:15:09 UTC 2022 on sn-devel-184
- - - - -
be1935da by Stefan Metzmacher at 2022-01-24T15:25:36+00:00
WHATSNEW: Start release notes for Samba 4.17.0pre1.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
- - - - -
0651fa47 by Stefan Metzmacher at 2022-01-24T15:25:36+00:00
dcesrv_core: wrap gensec_*() calls in [un]become_root() calls
This is important for the source3/rpc_server code as it might
be called embedded in smbd and may not run as root with access
to our private tdb/ldb files.
Note this is only really needed for 4.15 and older, as
we no longer run the rpc_server embedded in smbd,
but we better be consistent for now.
This should be able to fix the problem the printing no longer works
on Windows 7 with 2021-10 monthly rollup patch (KB5006743).
Windows uses NTLMSSP with privacy at the DCERPC layer on top
of NCACN_NP (smb).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14867
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
58b09e10 by Stefan Metzmacher at 2022-01-24T15:25:36+00:00
lib/util: split out a dump_data_block16() helper
This simplifies the logic a lot for me.
It also fixes some corner cases regarding whitespaces in the
output, that's why we have to mark a few tests as knownfail,
they will be fixed in the next commit.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14956
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
9110a885 by Stefan Metzmacher at 2022-01-24T15:25:36+00:00
blackbox.ndrdump: adjust example files to changed dump_data() output.
The cleanup using dump_data_block16() fixed the space handling.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14956
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
b489b7fe by Stefan Metzmacher at 2022-01-24T15:25:36+00:00
lib/util: add dump_data_diff*() helpers
That will make it easy to see the difference
between two memory buffers.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14956
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
d1a7f392 by Stefan Metzmacher at 2022-01-24T15:25:36+00:00
ndrdump: make use of dump_data_file_diff() in order to show differences
This makes it much easier to detect differences in the given and
generated buffers.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14956
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
1dc385cb by Stefan Metzmacher at 2022-01-24T15:25:36+00:00
blackbox.ndrdump: adjust example files to the usage of dump_data_diff output.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14956
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
8da26cb6 by Stefan Metzmacher at 2022-01-24T15:25:36+00:00
s4:torture/ndr: demonstrate the ndr_push_string(STR_NOTERM|REMAINING) of "" is wrong
convert_string_talloc() never returns a string with len=0 and always
implies zero termination byte(s).
For ndr_push_string this is unexpected as we need to be compatible on
the wire and push 0 bytes for an empty string.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14956
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
43648e95 by Stefan Metzmacher at 2022-01-24T15:25:36+00:00
librpc/ndr: let ndr_push_string() let s_len == 0 result in d_len = 0
convert_string_talloc_handle() tries to play an the safe side
and always returns a null terminated array.
But for NDR we need to be correct on the wire...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14956
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
12464bd4 by Stefan Metzmacher at 2022-01-24T16:18:34+00:00
blackbox.ndrdump: fix test_ndrdump_fuzzed_NULL_struct_ntlmssp_CHALLENGE_MESSAGE test
This actually reveals that ndr_push_string() for TargetName="" was
failing before because it resulted in 1 byte for a subcontext with
TargetLen=0.
This is fixed now and we no longer expect ndrdump to exit with 1.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14956
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Mon Jan 24 16:18:34 UTC 2022 on sn-devel-184
- - - - -
62bd38f7 by Jeremy Allison at 2022-01-25T20:51:36+00:00
s3: smbd: Cleanup - Split out smbd_fetch_security_desc() from smbd_do_query_security_desc().
This is part one of a cleanup to split this up into a fetch()/marshal()
pair. Allows easy modification of the sd before returning if we need
to add the SMB2+unix mode information here on a SMB2 posix handle.
Also makes the code much clearer.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: David Mulder <dmulder at suse.com>
- - - - -
65774b51 by Jeremy Allison at 2022-01-25T20:51:36+00:00
s3: smbd: Cleanup - Split out smbd_marshall_security_desc() from smbd_do_query_security_desc().
This is part two of a cleanup to split this up into a fetch()/marshal()
pair. Allows easy modification of the sd before returning if we need
to add the SMB2+unix mode information here on a SMB2 posix handle.
Also makes the code much clearer.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: David Mulder <dmulder at suse.com>
- - - - -
1224d463 by Jeremy Allison at 2022-01-25T20:51:36+00:00
s3: smbd: Cleanup - In smbd_do_query_security_desc() we don't need a talloc frame.
Just free the marshalled sd before returning.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: David Mulder <dmulder at suse.com>
- - - - -
d85461c4 by Jeremy Allison at 2022-01-25T21:43:59+00:00
s3: smbd: Rename "unix extensions" -> "smb1 unix extensions".
Make 'unix extensions' a synonym for "smb1 unix extensions".
This will allow us to have a separate "smb2 unix extensions"
parameter that we can examine separately.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: David Mulder <dmulder at suse.com>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Jan 25 21:43:59 UTC 2022 on sn-devel-184
- - - - -
dbbad4b5 by Pavel Filipenský at 2022-01-26T11:44:32+00:00
s4:libnet: Fix trailing whitespace in libnet_vampire.c
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
851fc9d6 by Pavel Filipenský at 2022-01-26T11:44:32+00:00
s4:libnet: Fix uninitialized value "seq_num"
Found by covscan.
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
891201f1 by Douglas Bagnall at 2022-01-26T11:44:32+00:00
s3/torture/pdbtest: fix always false condition
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9320
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
f3768274 by Douglas Bagnall at 2022-01-26T11:44:32+00:00
pytest:auth_log: expect TLS connections when using ldaps
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
309f1982 by Douglas Bagnall at 2022-01-26T12:39:52+00:00
s4/auth/simple_bind: correctly report TLS state
It went wrong in 366f8cf0903e3583fda42696df62a5337f22131f
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Wed Jan 26 12:39:52 UTC 2022 on sn-devel-184
- - - - -
36c861e2 by FeRD (Frank Dana) at 2022-01-27T10:53:50+00:00
printing/bgqd: Disable systemd notifications
samba-bgqd daemon is started by existing Samba daemons. When running
under systemd, those daemons control systemd notifications and
samba-bgqd messages need to be silenced.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14947
Signed-off-by: FeRD (Frank Dana) <ferdnyc at gmail.com>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Alexander Bokovoy <ab at samba.org>
Autobuild-Date(master): Thu Jan 27 10:53:50 UTC 2022 on sn-devel-184
- - - - -
0eecfddd by Ralph Boehme at 2022-01-28T10:22:31+00:00
s3/rpc_server: install elasticsearch_mappings.json
This was removed accidentally remvoed by
a7c65958a15149918415b7456d6f20ee8c9669d2 because the original code
only installed the json file if the mdssvc was built as module:
if bld.SAMBA3_IS_ENABLED_MODULE('rpc_mdssvc_module'):
bld.INSTALL_FILES(bld.env.SAMBA_DATADIR,
'mdssvc/elasticsearch_mappings.json')
Installing the json file should just depend on Elasticsearch support
being enabled, regardless of the removed module support.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14961
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
Autobuild-User(master): Noel Power <npower at samba.org>
Autobuild-Date(master): Fri Jan 28 10:22:31 UTC 2022 on sn-devel-184
- - - - -
63e00f81 by Andreas Schneider at 2022-01-28T12:36:34+00:00
s4:kdc: Add a HDB to SDB mask
For most flags the mapping is 1 to 1, but it's not always
the case anymore.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14960
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
2a0d6c11 by Andreas Schneider at 2022-01-28T12:36:34+00:00
s4:kdc: Remove trailing spaces in hdb-samba4.c
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14960
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
6063e801 by Andreas Schneider at 2022-01-28T13:33:22+00:00
s4:kdc: Translate HDB flags to SDB flags
We used to have a 1 to 1 mapping, but now we have
a conflict with these:
#define SDB_F_FORCE_CANON 16384
#define HDB_F_PRECHECK 16384
We currently don't really care about HDB_F_PRECHECK,
so we can just filter it out.
In the long run we may change the SDB flags space to uint64...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14960
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Fri Jan 28 13:33:22 UTC 2022 on sn-devel-184
- - - - -
c58ede44 by Joseph Sutton at 2022-01-31T15:27:37+00:00
CVE-2022-0336: pytest: Add a test for an SPN conflict with a re-added SPN
This test currently fails, as re-adding an SPN means that later checks
do not run.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14950
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
1a5dc817 by Joseph Sutton at 2022-01-31T15:27:37+00:00
CVE-2022-0336: s4/dsdb/samldb: Don't return early when an SPN is re-added to an object
If an added SPN already exists on an object, we still want to check the
rest of the element values for conflicts.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14950
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
a9211cfe by Ralph Boehme at 2022-01-31T15:27:37+00:00
CVE-2021-44142: libadouble: add defines for icon lengths
>From https://www.ietf.org/rfc/rfc1740.txt
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14914
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
96083abc by Ralph Boehme at 2022-01-31T15:27:37+00:00
CVE-2021-44142: smbd: add Netatalk xattr used by vfs_fruit to the list of private Samba xattrs
This is an internal xattr that should not be user visible.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14914
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c61a0650 by Ralph Boehme at 2022-01-31T15:27:37+00:00
CVE-2021-44142: libadouble: harden ad_unpack_xattrs()
This ensures ad_unpack_xattrs() is only called for an ad_type of ADOUBLE_RSRC,
which is used for parsing ._ AppleDouble sidecar files, and the buffer
ad->ad_data is AD_XATTR_MAX_HDR_SIZE bytes large which is a prerequisite for all
buffer out-of-bounds access checks in ad_unpack_xattrs().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14914
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
eb087934 by Ralph Boehme at 2022-01-31T15:27:37+00:00
CVE-2021-44142: libadouble: add basic cmocka tests
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14914
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
751d7696 by Ralph Boehme at 2022-01-31T15:27:37+00:00
CVE-2021-44142: libadouble: harden parsing code
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14914
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1f7e870d by Jeremy Allison at 2022-01-31T15:27:37+00:00
CVE-2021-44141: s3: torture: Add samba3.blackbox.test_symlink_traversal.SMB2.
Add to knownfail.d/symlink_traversal
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14911
Signed-off-by: Jeremy Allison <jra at samba.org>
- - - - -
3bc85d61 by Jeremy Allison at 2022-01-31T15:27:37+00:00
CVE-2021-44141: s3: torture: Add samba3.blackbox.test_symlink_traversal.SMB1.
Add to knownfail.d/symlink_traversal.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14911
Signed-off-by: Jeremy Allison <jra at samba.org>
- - - - -
4e75e24b by Jeremy Allison at 2022-01-31T15:27:37+00:00
CVE-2021-44141: s3: torture: Add samba3.blackbox.test_symlink_traversal.SMB1.posix
Add to knownfail.d/symlink_traversal.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14911
Signed-off-by: Jeremy Allison <jra at samba.org>
- - - - -
3e9f6d70 by Jeremy Allison at 2022-01-31T15:27:37+00:00
CVE-2021-44141: s3: torture: In test_smbclient_s3, change the error codes expected for test_widelinks() and test_nosymlinks() from ACCESS_DENIED to NT_STATUS_OBJECT_NAME_NOT_FOUND.
For SMB1/2/3 (minus posix) we need to treat bad symlinks
as though they don't exist.
Add to knwownfail.d/symlink_traversal
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14911
Signed-off-by: Jeremy Allison <jra at samba.org>
- - - - -
f5b28d8a by Jeremy Allison at 2022-01-31T15:27:37+00:00
CVE-2021-44141: s3: torture: Change expected error return for samba3.smbtorture_s3.plain.POSIX.smbtorture.
Trying to open a symlink as a terminal component should return
NT_STATUS_OBJECT_NAME_NOT_FOUND, not NT_STATUS_OBJECT_PATH_NOT_FOUND.
Mark as knownfail.d/simple_posix_open until we fix the server.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14911
Signed-off-by: Jeremy Allison <jra at samba.org>
- - - - -
458c7555 by Jeremy Allison at 2022-01-31T15:27:37+00:00
CVE-2021-44141: s3: smbd: For SMB1+POSIX clients trying to open a symlink, always return NT_STATUS_OBJECT_NAME_NOT_FOUND.
Matches the error return from openat_pathref_fsp().
NT_STATUS_OBJECT_PATH_NOT_FOUND is for a bad component in a path, not
a bad terminal symlink.
Remove knownfail.d/simple_posix_open, we now pass.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14911
Signed-off-by: Jeremy Allison <jra at samba.org>
- - - - -
43455edd by Jeremy Allison at 2022-01-31T15:27:37+00:00
CVE-2021-44141: s3: smbd: Inside check_reduced_name() ensure we return the correct error codes when failing symlinks.
NT_STATUS_OBJECT_PATH_NOT_FOUND for a path component failure.
NT_STATUS_OBJECT_NAME_NOT_FOUND for a terminal component failure.
Remove:
samba3.blackbox.test_symlink_traversal.SMB1.posix
samba3.blackbox.smbclient_s3.*.Ensure\ widelinks\ are\ restricted\(.*\)
samba3.blackbox.smbclient_s3.*.follow\ symlinks\ \=\ no\(.*\)
in knownfail.d/symlink_traversal as we now pass these. Only one more fix
remaining to get rid of knownfail.d/symlink_traversal completely.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14911
Signed-off-by: Jeremy Allison <jra at samba.org>
- - - - -
be138920 by Jeremy Allison at 2022-01-31T15:27:37+00:00
CVE-2021-44141: s3: smbd: Fix a subtle bug in the error returns from filename_convert().
If filename_convert() fails to convert the path, we never call
check_name(). This means we can return an incorrect error code
(NT_STATUS_ACCESS_DENIED) if we ran into a symlink that points
outside the share to a non-readable directory. We need to make
sure in this case we always call check_name().
Remove knownfail.d/symlink_traversal.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14911
Signed-off-by: Jeremy Allison <jra at samba.org>
- - - - -
a44435c6 by Jeremy Allison at 2022-01-31T15:27:37+00:00
CVE-2021-44141: s3: torture: Add a test samba3.blackbox.test_symlink_rename.SMB1.posix that shows we still leak target info across a SMB1+POSIX rename.
Add a knownfail.d/posix_sylink_rename
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14911
Signed-off-by: Jeremy Allison <jra at samba.org>
- - - - -
e4e5539e by Jeremy Allison at 2022-01-31T16:26:26+00:00
CVE-2021-44141: s3: smbd: Inside rename_internals_fsp(), we must use vfs_stat() for existence, not SMB_VFS_STAT().
We need to take SMB1+POSIX into account here and do an LSTAT if it's
a POSIX name.
Remove knownfail.d/posix_sylink_rename
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14911
Signed-off-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Mon Jan 31 16:26:26 UTC 2022 on sn-devel-184
- - - - -
e9ad1896 by Jeremy Allison at 2022-02-01T16:30:37+00:00
s3: smbd: Add an SMB2 server flag posix_extensions_negotiated.
This allows the server to only enable smb2 unix open handles if
the smb.conf parameter is set and the client client correctly
negotiated smb2 unix on the connection.
Currently there is no "smb2 unix extensions" parameter so
this can never be set to true.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
722d0d3c by Jeremy Allison at 2022-02-01T16:30:37+00:00
libcli: Add SMB2 posix negotiate context flag.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
0711040d by Jeremy Allison at 2022-02-01T16:30:37+00:00
s3: smbd: Add the definition for SMB2_FILE_POSIX_INFORMATION info level.
Will be used by smb2_getinfo. Not yet used or available.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
2e72b9cd by Jeremy Allison at 2022-02-01T16:30:37+00:00
s3: smbd: Add the definition for SMB2_FIND_POSIX_INFORMATION info level.
Will be used by smb2_query_directory. Not yet used or available.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
955f0886 by Jeremy Allison at 2022-02-01T16:30:37+00:00
s3: smbd: Add lp_smb2_unix_extensions() function. Always returns false for now.
For now *always* returns false. This allows me to
add code into smbd contingent on lp_smb2_unix_extensions()
which I know will not be executed until all the parts
are in place. Then the real parameter can be added
(default to off) and testing added.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
7a5fea26 by Jeremy Allison at 2022-02-01T16:30:37+00:00
s3: smbd: lp_widelinks(). Turn off widelinks if either SMB1 or SMB2 unix extensions are turned on.
NB. Currently it's impossible to turn on SMB2 unix extensions.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
fadb2d60 by Jeremy Allison at 2022-02-01T16:30:37+00:00
s3: smbd: Update widelinks_warning() to cope with SMB1 and SMB2 unix extensions.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
f68fffa8 by Jeremy Allison at 2022-02-01T16:30:37+00:00
s3: smbd: Plumb in POSIX lock requests through SMB2 lock calls if done on a POSIX handle. Currently not allowed.
Note there is currently no way to create a POSIX file
handle in SMB2 so this code can't be accessed.
This will remain so until client and server code are ready to
turn on SMB2 POSIX extensions and the tests are in place.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
85c67111 by Jeremy Allison at 2022-02-01T16:30:37+00:00
s3: smbd: smbd_smb2_request_process_negprot() - Allow SMB2 unix extensions to be negotiated. Currently not allowed.
As lp_smb2_unix_extensions() currently always returns false,
this code path cannot be executed. This will change once the
whole client and server fixes are in place and tests are passing.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
2b2b41c8 by Jeremy Allison at 2022-02-01T17:25:45+00:00
s3: smbd: Add two new functions in a new file, smb2_posix.c: smb2_posix_cc_info(), store_smb2_posix_info()
Not yet used.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Tue Feb 1 17:25:45 UTC 2022 on sn-devel-184
- - - - -
69f2352c by Volker Lendecke at 2022-02-01T19:09:34+00:00
mdssvc: Align an integer type
In libjansson 2.13.1 json_array_size() returns a size_t
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
888275ee by Volker Lendecke at 2022-02-01T19:09:34+00:00
torture: Align an integer type
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
191c15f5 by Volker Lendecke at 2022-02-01T19:09:34+00:00
smbd: Modernize a debug statement
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ea8a6537 by Volker Lendecke at 2022-02-01T19:09:34+00:00
smbd: Make directory_has_default_posix_acl() just take "dirfsp"
conn is not referenced anymore, and we only need the files_struct
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a1d5ae30 by Volker Lendecke at 2022-02-01T19:09:34+00:00
smbd: chmod_acl_internals() does not need connection_struct anymore
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1d6762d8 by Volker Lendecke at 2022-02-01T19:09:34+00:00
smbd: copy_access_posix_acl() just needs fsps these days
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e93f4635 by Volker Lendecke at 2022-02-01T19:09:34+00:00
smbd: Simplify reopen_from_fsp() with an early return
Review with git show -b
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
95c7d234 by Volker Lendecke at 2022-02-01T20:04:44+00:00
vfs: Simplify fake_acls_stat() with an early return
Review with "git di -b"
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Feb 1 20:04:44 UTC 2022 on sn-devel-184
- - - - -
ac3c8c53 by Pavel Filipenský at 2022-02-01T20:13:29+00:00
lib:replace: Fix trailing whitespace in os2_delete.c
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1905c77a by Pavel Filipenský at 2022-02-01T21:09:21+00:00
lib:replace: Fix NULL issue reported by covscan
Found by covscan. Coding style kept as in the rest of the file.
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Feb 1 21:09:21 UTC 2022 on sn-devel-184
- - - - -
68e62962 by Stefan Metzmacher at 2022-02-02T17:36:35+00:00
selftest/quick: add smb2.session
We run the quicktest on each linux distro as part of samba-o3 builds.
We should make sure smb2 signing/enctyption works on all of them
and all different system libraries.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14968
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
99182af4 by Stefan Metzmacher at 2022-02-02T17:36:35+00:00
libcli/smb: fix error checking in smb2_signing_decrypt_pdu() invalid ptext_len
When the ptext_size != m_total check fails, we call this:
status = gnutls_error_to_ntstatus(rc, NT_STATUS_INTERNAL_ERROR);
goto out;
As rc is 0 at that point we'll exit smb2_signing_decrypt_pdu()
with NT_STATUS_OK, but without copying the decrypted data
back into the callers buffer. Which leads to strange errors
in the caller.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14968
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
735f3d7d by Stefan Metzmacher at 2022-02-02T18:29:08+00:00
libcli/smb: let smb2_signing_decrypt_pdu() cope with gnutls_aead_cipher_decrypt() ptext_len bug
The initial implementation of gnutls_aead_cipher_decrypt() had a bug and
used:
*ptext_len = ctext_len;
instead of:
*ptext_len = ctext_len - tag_size;
This got fixed with gnutls 3.5.2.
As we only require gnutls 3.4.7 we need to cope with this...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14968
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Wed Feb 2 18:29:08 UTC 2022 on sn-devel-184
- - - - -
0ecc5885 by Jeremy Allison at 2022-02-02T20:54:29+00:00
s4: test: Add samba4.libsmbclient.rename test. Currently fails for SMB3.
Add knownfail.d/libsmbclient_rename
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14938
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
ca60f635 by Jeremy Allison at 2022-02-02T21:50:31+00:00
lib: libsmbclient: Ensure cli_rename() always sets cli->raw_status.
Identical change as used in cli_unlink(), cli_mkdir(), cli_rmdir()
cli_chkpath() to ensure SMB2 calls correctly set raw_status for
libsmbclient uses.
Remove knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14938
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Feb 2 21:50:31 UTC 2022 on sn-devel-184
- - - - -
6509715c by David Seifert at 2022-02-03T13:18:29+00:00
tevent: add missing `#include <sys/types.h>`
The following functions use `pid_t` in their interface:
* `tevent_req_profile_get_status`
* `tevent_req_profile_set_status`
BUG: https://bugs.gentoo.org/828720
Signed-off-by: David Seifert <soap at gentoo.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Thu Feb 3 13:18:29 UTC 2022 on sn-devel-184
- - - - -
0c6554aa by Andreas Schneider at 2022-02-03T14:31:01+00:00
bootstrap: Fix CentOS8 runner
CentOS8 is EOL since December 31, 2021. The packages move to vault.centos.org.
We should migrate to CentOS8 Stream soon.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Thu Feb 3 14:31:01 UTC 2022 on sn-devel-184
- - - - -
d7deb876 by Jeremy Allison at 2022-02-04T11:10:33+00:00
s3: tests: Add a new test test_msdfs_hardlink() that does simple hardlinks on MSDFS root shares.
We pass this already as the cmd_hardlink in smbclient doesn't
do the DFS path conversion on the hardlink target. But it's
good to have the test.
Note we need to add the new test to "selftest/knownfail.d/smb1-tests"
as test_smbclient_s3.sh is run against the (ad_member|nt4_member)
environments first using NT1 (SMB1) protocol and then using SMB3,
but the (ad_member|nt4_member) environments don't support SMB1.
Seems a bit strange to me, but all the other SMB1 tests inside
test_smbclient_s3.sh have already been added to "selftest/knownfail.d/smb1-tests"
so just go with the test environment.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14169
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
44cc9fb0 by Jeremy Allison at 2022-02-04T11:10:33+00:00
s3: tests: Add a new test test_msdfs_rename() that does simple renames on MSDFS root shares.
We fail this on SMB2 for a subtle reason.
Our client code called from smbclient only sets the SMB2_HDR_FLAG_DFS flag
in the outgoing packet on the SMB2_CREATE call, and SMB2 rename does the
following operations:
SMB2_CREATE(src_path) // We set SMB2_HDR_FLAG_DFS here for a MSDFS share.
SMB2_SETINFO: SMB2_FILE_RENAME_INFO(dst_path). // We don't set SMB2_HDR_FLAG_DFS
However, from smbclient, dst_path is a MSDFS path but we don't set the flag,
so even though the rename code inside smbd will cope with a MSDFS path
(as used in the SMB1 SMBmv call) it fails as the correct flag isn't set.
Add knownfail selftest/knownfail.d/msdfs-rename.
Note we need to add the new test to "selftest/knownfail.d/smb1-tests"
as test_smbclient_s3.sh is run against the (ad_member|nt4_member)
environments first using NT1 (SMB1) protocol and then using SMB3,
but the (ad_member|nt4_member) environments don't support SMB1.
Seems a bit strange to me, but all the other SMB1 tests inside
test_smbclient_s3.sh have already been added to "selftest/knownfail.d/smb1-tests"
so just go with the test environment.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14169
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
2abba0ea by Jeremy Allison at 2022-02-04T11:10:33+00:00
s3: libsmb: Add cli_dfs_target_check() function.
Strips any DFS prefix from a target name that will be passed
to an SMB1/2/3 rename or hardlink call. Returns a pointer
into the original target name after the prefix. Not yet used.
If the incoming filename is *NOT* a DFS prefix, the
original filename is returned unchanged.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14169
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
4bdbe3c2 by Jeremy Allison at 2022-02-04T11:10:33+00:00
s3: libsmb: Call cli_dfs_target_check() from cli_smb2_hardlink_send().
Currently we don't pass MSDFS names as targets here, but a caller
may erroneously do this later, and for non-DFS names this is a no-op.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14169
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
cf3e5724 by Jeremy Allison at 2022-02-04T11:10:33+00:00
s3: libsmb: Call cli_dfs_target_check() from cli_ntrename_internal_send()..
Currently we don't pass MSDFS names as targets here, but a caller
may erroneously do this later, and for non-DFS names this is a no-op.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14169
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
dd0317f6 by Jeremy Allison at 2022-02-04T11:10:33+00:00
s3: libsmb: Call cli_dfs_target_check() from cli_smb1_rename_send().
Strips off any DFS prefix from the target if passed in.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14169
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
4473aea9 by Jeremy Allison at 2022-02-04T11:10:33+00:00
s3: libsmb: Call cli_dfs_target_check() from cli_cifs_rename_send().
Strips off any DFS prefix from the target if passed in.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14169
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
b9b82f36 by Jeremy Allison at 2022-02-04T12:02:36+00:00
s3: libsmb: Call cli_dfs_target_check() from cli_smb2_rename_send().
Strips off any DFS prefix from the target if passed in.
Remove knownfail selftest/knownfail.d/msdfs-rename.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14169
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
Autobuild-User(master): Noel Power <npower at samba.org>
Autobuild-Date(master): Fri Feb 4 12:02:36 UTC 2022 on sn-devel-184
- - - - -
b2c301ad by Volker Lendecke at 2022-02-04T19:36:53+00:00
sharesec: Add SEC_DIR_DELETE_CHILD to CHANGE permissions
Otherwise you can't rename or delete files using CHANGE permissions using
the sharesec or shareacls utility
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Feb 4 19:36:53 UTC 2022 on sn-devel-184
- - - - -
136ec5bc by Andreas Schneider at 2022-02-04T21:11:40+00:00
bootstrap: Migrate to CentOS8 Stream
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Fri Feb 4 21:11:40 UTC 2022 on sn-devel-184
- - - - -
dcd65e1c by Stefan Metzmacher at 2022-02-06T13:39:09+00:00
script/autobuild.py: let nm_grep_symbols ignore __gcov_ symbols
Currently the gcov build currently fails with the following error:
samba-libs: [allshared-no-public-nss_winbind] Running nm ./bin/plugins/libnss_winbind.so.2 | egrep -v ' (__bss_start|_edata|_init|_fini|_end)' | egrep -v ' T _nss_winbind_' |egrep ' [BDGTRVWS] ' && exit 1; exit 0; in '/tmp/samba-testbase/samba-libs/.'
0000000000232458 B __gcov_error_file
0000000000226340 D __gcov_master
000000000001c080 T __gcov_sort_n_vals
00000000002324a0 B __gcov_var
samba-libs: [allshared-no-public-nss_winbind] failed 'nm ./bin/plugins/libnss_winbind.so.2 | egrep -v ' (__bss_start|_edata|_init|_fini|_end)' | egrep -v ' T _nss_winbind_' |egrep ' [BDGTRVWS] ' && exit 1; exit 0;' with status 1
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Sun Feb 6 13:39:09 UTC 2022 on sn-devel-184
- - - - -
d717a581 by Volker Lendecke at 2022-02-07T19:00:34+00:00
lib: Fix CID 1465285 Double close
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ede2328c by Volker Lendecke at 2022-02-07T19:00:34+00:00
smbd: Fix CID 1497981: Null pointer dereferences (REVERSE_INULL)
brown paper bag quality, sorry...
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ec58a8ea by Volker Lendecke at 2022-02-07T19:00:34+00:00
libsmb: Avoid a call to SMBC_errno()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
098fc00f by Volker Lendecke at 2022-02-07T19:00:34+00:00
libsmb: Avoid a call to SMBC_errno()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c78f0a96 by Volker Lendecke at 2022-02-07T19:00:34+00:00
libsmb: Avoid two calls to SMBC_errno()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
3844fe87 by Volker Lendecke at 2022-02-07T19:00:34+00:00
libsmb: Avoid a call to SMBC_errno()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c9030fb5 by Volker Lendecke at 2022-02-07T19:00:34+00:00
libsmb: Avoid a call to SMBC_errno()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
0b351cda by Volker Lendecke at 2022-02-07T19:00:34+00:00
libsmb: Avoid a call to SMBC_errno()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d4f8fdd6 by Volker Lendecke at 2022-02-07T19:00:34+00:00
libsmb: Convert SMBC_getatr() to NTSTATUS
This avoids a few calls to SMBC_errno()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
0b55d739 by Volker Lendecke at 2022-02-07T19:00:34+00:00
smbd: Fix open_pathref_base_fsp()'s implicit conn_cwd assumption
Opening a stream base file only worked if "dirfsp == conn->cwd_fsp":
We have replaced fsp->fsp_name with the full dirfsp->relative pathname
at the point where open_pathref_base_fsp() is called. In case dirfsp
is already a subdirectory in a share, this breaks because the
open_pathref_base_fsp() uses fsp->fsp_name, not the original
dirfsp-relative one.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
18501707 by Volker Lendecke at 2022-02-07T19:00:34+00:00
smbd: Avoid an "else" in file_set_dosmode()
Review with git show -b
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c2ac6a9c by Volker Lendecke at 2022-02-07T19:00:34+00:00
smbd: Pass "dirfsp" and "smb_fname" to fd_open_atomic()
Dereference fsp once instead of four times
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
abd1525d by Volker Lendecke at 2022-02-07T19:00:34+00:00
vfs: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
fe275259 by Volker Lendecke at 2022-02-07T19:58:57+00:00
lib: Simplify pm_process()
No need to duplicate the fopen/fclose
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon Feb 7 19:58:57 UTC 2022 on sn-devel-184
- - - - -
c266ed40 by Ralph Boehme at 2022-02-08T19:27:29+00:00
s3/libads: simplify storing existing ads->ldap.ss
We just need temporal storage for ads->ldap.ss, no need to store it as a struct
samba_sockaddr.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14674
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2354
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
3ee69045 by Ralph Boehme at 2022-02-08T20:24:12+00:00
s3/libads: ensure a sockaddr variable is correctly zero initialized
is_zero_addr() doesn't work with addresses that have been zero-initialized.
This fixes the logic added in c863cc2ba34025731a18ac735f714b5b888504da.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14674
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2354
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Feb 8 20:24:12 UTC 2022 on sn-devel-184
- - - - -
cd06574b by Samuel Cabrero at 2022-02-09T20:20:36+00:00
s3:winbind: Reduce the level and improve a couple of debug messages
The commit 1d5c546 changed the debug message printed when setting
winbind to offline state and offline logons are disabled from
level 10 to level 0. This message isn't really an error and might
scare some users, e.g. https://bugzilla.suse.com/show_bug.cgi?id=1195573
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Feb 9 20:20:36 UTC 2022 on sn-devel-184
- - - - -
1c173497 by Volker Lendecke at 2022-02-10T18:16:36+00:00
smbd: Slightly simplify create_file_unixpath()
Avoid the "needs_fsp_unlink" variable, describe the talloc hierarchy a
bit differently in the comments.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
9966b5e2 by Volker Lendecke at 2022-02-10T18:16:36+00:00
smbd: Move the call to file_free() out of close_directory()
Call file_free() just once
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
2293ca5b by Volker Lendecke at 2022-02-10T18:16:36+00:00
smbd: Move the call to file_free() out of close_normal_file()
Call file_free() just once
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
244c5a7d by Volker Lendecke at 2022-02-10T18:16:36+00:00
smbd: Move the call to file_free() out of close_fake_file()
Centralize calling file_free(), but leave close_fake_file() in for API
symmetry reasons.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
363ac753 by Volker Lendecke at 2022-02-10T18:16:36+00:00
smbd: Call file_free() just once in close_file()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f5bc73a2 by Volker Lendecke at 2022-02-10T18:16:36+00:00
smbd: NULL out "fsp" in close_file()
Quite a few places already had this in the caller, but not all. Rename
close_file() to close_file_free() appropriately. We'll factor out
close_file_smb() doing only parts of close_file_free() later.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d1341d66 by Volker Lendecke at 2022-02-10T18:16:36+00:00
smbd: No base fsps to close_file_free() from file_close_conn()
close_file_free() needs to handle base fsps specially. This can be
simplified a lot if we pass the the open files a second time in case
we encountered base_fsps that we could not immediately delete.
file_close_conn() is not our hot code path, and also we don't expect
many thousand open files that we need to walk a second time.
A subsequent patch will simplify close_file_free(), the complicated
logic is now in files.c, where it IMHO belongs because
file_set_base_fsp() are here as well.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
61f57ba2 by Volker Lendecke at 2022-02-10T18:16:36+00:00
smbd: Factor out close_file_in_loop() from file_close_conn_fn()
To be reused in file_close_user(). Deliberately a separate commit to
make the previous commit easier to understand.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1fbd9877 by Volker Lendecke at 2022-02-10T18:16:36+00:00
smbd: No base fsps to close_file_free() from file_close_user()
Same logic as the change for file_close_conn()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
93fe9c83 by Volker Lendecke at 2022-02-10T18:16:36+00:00
smbd: Simplify the flow in close_file_free()
We are no longer called on base_fsp's in SHUTDOWN_CLOSE. That
simplifies the logic in the common case, we now have a linear flow for
the very often-called close_file()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
5f1ceead by Volker Lendecke at 2022-02-10T18:16:36+00:00
torture: Add a test to show that full_audit uses a ptr after free
Run vfstest with this vfstest.cmd under valgrind and you'll see what
happens. Exact explanation a few patches further down...
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e751c623 by Volker Lendecke at 2022-02-10T18:16:36+00:00
smbd: Factor out fsp_unbind_smb() from file_free()
For example, remove our entry from smbXsrv_open_global.tdb
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e91b59c4 by Volker Lendecke at 2022-02-10T18:16:36+00:00
smbd: Introduce close_file_smb()
This does almost everything that close_file_free() does, but it leaves
the fsp around.
A normal close_file() now calls fsp_unbind_smb() twice. Functionally
this is not a problem, fsp_unbind_smb() is idempotent. The only
potential performance penalty might come from the loops in
remove_smb2_chained_fsp(), but those only are potentially large with
deeply queued smb2 requests. If that turns out to be a problem, we'll
cope with it later. The alternative would be to split up file_free()
into even more routines and make it more difficult to figure out which
of the "rundown/unbind/free" routines to call in any particular
situation.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
434e6d4b by Volker Lendecke at 2022-02-10T19:11:33+00:00
smbd: Only file_free() a self-created fsp in create_file_unixpath()
This fixes a use-after-free in smb_full_audit_create_file() when
calling SMB_VFS_CREATE_FILE with fsp->fsp_name as smb_fname.
create_file_unixpath() has this comment:
* This is really subtle. If someone passes in an smb_fname
* where smb_fname actually is taken from fsp->fsp_name, then
* the lifetime of these objects is meant to be the same.
so it seems legitimate to call CREATE_FILE this way.
When CREATE_FILE runs into an error, create_file_unixpath() does a
file_free, which also takes fsp->fsp_name with
it. smb_full_audit_create_file() wants to log the failure including
the smb_fname after NEXT_CREATE_FILE has exited, but this will then
use the already free'ed data.
Fix by only doing the file_free() on an fsp that
create_file_unixpath() created itself.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Feb 10 19:11:33 UTC 2022 on sn-devel-184
- - - - -
9693f7ea by Andreas Schneider at 2022-02-10T21:14:32+00:00
selftest: Do not force -d0 for smbd/nmbd/winbindd
We have the env variable SERVER_LOG_LEVEL which allows you to change
the log level on the command line. If we force -d0 this will not work.
make test TESTS="samba" SERVER_LOG_LEVEL=10
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
9f34babe by Pavel Filipenský at 2022-02-10T21:14:32+00:00
s3:modules: Implement dummy virus scanner that uses filename matching
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14971
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
2fd518e5 by Pavel Filipenský at 2022-02-10T21:14:32+00:00
docs-xml:manpages: Document 'dummy' virusfilter and 'virusfilter:infected files'
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14971
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
547b4c59 by Pavel Filipenský at 2022-02-10T21:14:33+00:00
selftest: Fix trailing whitespace in Samba3.pm
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14971
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
a25c714c by Pavel Filipenský at 2022-02-10T21:14:33+00:00
s3:selftest: Add test for virus scanner
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14971
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Pair-Programmed-With: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
3f1c958f by Pavel Filipenský at 2022-02-10T22:09:06+00:00
s3:modules: Fix virusfilter_vfs_openat
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14971
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Pair-Programmed-With: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Feb 10 22:09:06 UTC 2022 on sn-devel-184
- - - - -
29f11005 by Sergey V. Lobanov at 2022-02-11T07:58:57+00:00
wafsamba: replace 'echo -n' with printf
This patch makes samba_cross.py compatible with old bash (e.g. 3.2)
Signed-off-by: Sergey V. Lobanov <sergey at lobanov.in>
Reviewed-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Fri Feb 11 07:58:57 UTC 2022 on sn-devel-184
- - - - -
21b380ca by Volker Lendecke at 2022-02-11T20:54:37+00:00
smbd: Introduce fsp_is_alternate_stream()
To me this is more descriptive than "fsp->base_fsp != NULL". If this
turns out to be a performance problem, I would go and make this a
static inline in smbd/proto.h.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ac58b0b9 by Volker Lendecke at 2022-02-11T20:54:37+00:00
smbd: Introduce metadata_fsp()
Centralize the pattern
if (fsp->base_fsp != NULL) {
fsp = fsp->base_fsp;
}
with a descriptive name.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
aacb3618 by Volker Lendecke at 2022-02-11T20:54:37+00:00
smbd: Use fsp_is_alternate_stream() where an fsp is available
Make it clear that being an alternate data stream handle is much more
a fsp property than a file name property.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
30bbff38 by Volker Lendecke at 2022-02-11T20:54:37+00:00
vfs: Simplify streams_xattr_unlinkat()
It would be a logic error to call rmdir on a stream. This simplifies
the logic a bit.
Signed-off-by: Volker Lendecke <vl at samba.org>
- - - - -
862fdc7c by Volker Lendecke at 2022-02-11T20:54:37+00:00
vfstest: Align two integer types
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
929ccd3d by Volker Lendecke at 2022-02-11T20:54:37+00:00
smbd: Safeguards for getpwuid
Attempt to fix
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14900
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
60a72933 by Volker Lendecke at 2022-02-11T20:54:37+00:00
libsmb: Use fstrcpy where possible
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
b066dba4 by Volker Lendecke at 2022-02-11T20:54:37+00:00
ndrdump: Small simplification
Remove the talloc_steal(), we can allocate on mem_ctx directly
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c8eb75cc by Volker Lendecke at 2022-02-11T20:54:37+00:00
torture: Align integer types
finfo.stream_info.out.num_streams is declared as "unsigned int"
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
18437fd6 by Volker Lendecke at 2022-02-11T21:53:22+00:00
smbd: Simplify smbd_dirptr_lanman2_mode_fn()
Avoid an else, we return in the "true" branch
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Feb 11 21:53:22 UTC 2022 on sn-devel-184
- - - - -
188a9021 by Martin Schwenke at 2022-02-14T01:47:31+00:00
ctdb-recoverd: Always cancel election in progress
Election-in-progress is set by unknown leader broadcast, so needs to
be cleared in all cases when election completes.
This was seen in a case where the leader node stalled, so didn't send
leader broadcasts for some time. The node continued to hold the
cluster lock, so another node could not become leader. However, after
the node returned to normal it still did not send leader broadcasts
because election-in-progress was never cleared.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14958
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
9b3fab05 by Martin Schwenke at 2022-02-14T01:47:31+00:00
ctdb-recoverd: Consistently have caller set election-in-progress
The problem here is that election-in-progress must be set to
potentially avoid restarting the election broadcast timeout in
main_loop(), so this is already done by leader_handler().
Have force_election() set election-in-progress for all election types
and do not bother setting it in cluster_lock_election().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14958
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
bf55a011 by Martin Schwenke at 2022-02-14T01:47:31+00:00
ctdb-recoverd: Always send unknown leader broadcast when starting election
This is currently missed when the cluster lock is lost.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14958
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
0e74e03c by Martin Schwenke at 2022-02-14T01:47:31+00:00
ctdb-recoverd: Consistently log start of election
Elections should now be quite rare, so always log when one begins.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14958
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
265e44ab by Martin Schwenke at 2022-02-14T01:47:31+00:00
ctdb-tests: Factor out functions to detect when generation changes
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14958
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
331c435c by Martin Schwenke at 2022-02-14T02:46:01+00:00
ctdb-tests: Add a test for stalled node triggering election
A stalled node probably continues to hold the cluster lock, so confirm
elections work in this case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14958
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay at samba.org>
Autobuild-Date(master): Mon Feb 14 02:46:01 UTC 2022 on sn-devel-184
- - - - -
23293050 by Martin Schwenke at 2022-02-14T03:36:38+00:00
ctdb-tests: Add iteration support for protocol tests
The current method of repeatedly running a binary has huge overhead,
especially with valgrind.
protocol_test_iterate_tag() allows output that is usually used for
hinting where a test failure occurred to be replaced with a tag
stored in a buffer, which is printed on test failure.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
17d792e9 by Martin Schwenke at 2022-02-14T04:32:29+00:00
ctdb-tests: Iterate protocol tests internally
Instead of repeatedly running a test binary.
Run time for these tests reduces from ~90s to ~75s.
When run under valgrind, the run time for protocol_test_001.sh reduces
from ~390s to <1s.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay at samba.org>
Autobuild-Date(master): Mon Feb 14 04:32:29 UTC 2022 on sn-devel-184
- - - - -
2b9917d7 by Andreas Schneider at 2022-02-15T11:35:31+00:00
builtools: Make abi_gen.sh less prone to errors
The mold linker has more hidden symbols and we would need to filter them out
with nm, where objdump tells us which symbols are actually hidden. So we just
need to filter out whatever is hidden.
The use of awk makes it also easier to get what we want.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
d409c238 by Andreas Schneider at 2022-02-15T11:35:31+00:00
bootstrap: If the mold linker is available prefer it over gold
The gold linker will be deprecated soon. However we got a new linker called
mold:
https://github.com/rui314/mold/
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
3bc00dfd by Andreas Schneider at 2022-02-15T12:31:43+00:00
bootstrap: Install mold linker on Fedora 35
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Tue Feb 15 12:31:43 UTC 2022 on sn-devel-184
- - - - -
fe84ae55 by Andreas Schneider at 2022-02-16T16:08:32+00:00
s3:winbindd: Add a sanity check for the range
What we want to avoid:
$ ./bin/testparm -s | grep "idmap config"
idmap config * : rangesize = 10000
idmap config * : range = 10000-19999
idmap config * : backend = autorid
$ ./bin/wbinfo --name-to-sid BUILTIN/Administrators
S-1-5-32-544 SID_ALIAS (4)
$ ./bin/wbinfo --sid-to-gid S-1-5-32-544
10000
$ ./bin/wbinfo --name-to-sid ADDOMAIN/alice
S-1-5-21-4058748110-895691256-3682847423-1107 SID_USER (1)
$ ./bin/wbinfo --sid-to-gid S-1-5-21-984165912-589366285-3903095728-1107
failed to call wbcSidToGid: WBC_ERR_DOMAIN_NOT_FOUND
Could not convert sid S-1-5-21-984165912-589366285-3903095728-1107 to gid
If only one range is configured we are either not able to map users/groups
from our primary *and* the BUILTIN domain. We need at least two ranges to also
cover the BUILTIN domain!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14967
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
db6d4da3 by Andreas Schneider at 2022-02-16T16:08:32+00:00
s3:utils: Add a testparm check for idmap autorid
What we want to avoid:
$ ./bin/testparm -s | grep "idmap config"
idmap config * : rangesize = 10000
idmap config * : range = 10000-19999
idmap config * : backend = autorid
$ ./bin/wbinfo --name-to-sid BUILTIN/Administrators
S-1-5-32-544 SID_ALIAS (4)
$ ./bin/wbinfo --sid-to-gid S-1-5-32-544
10000
$ ./bin/wbinfo --name-to-sid ADDOMAIN/alice
S-1-5-21-4058748110-895691256-3682847423-1107 SID_USER (1)
$ ./bin/wbinfo --sid-to-gid S-1-5-21-984165912-589366285-3903095728-1107
failed to call wbcSidToGid: WBC_ERR_DOMAIN_NOT_FOUND
Could not convert sid S-1-5-21-984165912-589366285-3903095728-1107 to gid
If only one range is configured we are either not able to map users/groups
from our primary *and* the BUILTIN domain. We need at least two ranges to also
cover the BUILTIN domain!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14967
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
7e5afd8f by Andreas Schneider at 2022-02-16T17:04:53+00:00
docs-xml: Fix idmap_autorid documentation
What we want to avoid:
$ ./bin/testparm -s | grep "idmap config"
idmap config * : rangesize = 10000
idmap config * : range = 10000-19999
idmap config * : backend = autorid
$ ./bin/wbinfo --name-to-sid BUILTIN/Administrators
S-1-5-32-544 SID_ALIAS (4)
$ ./bin/wbinfo --sid-to-gid S-1-5-32-544
10000
$ ./bin/wbinfo --name-to-sid ADDOMAIN/alice
S-1-5-21-4058748110-895691256-3682847423-1107 SID_USER (1)
$ ./bin/wbinfo --sid-to-gid S-1-5-21-984165912-589366285-3903095728-1107
failed to call wbcSidToGid: WBC_ERR_DOMAIN_NOT_FOUND
Could not convert sid S-1-5-21-984165912-589366285-3903095728-1107 to gid
If only one range is configured we are either not able to map users/groups
from our primary *and* the BUILTIN domain. We need at least two ranges to also
cover the BUILTIN domain!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14967
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Wed Feb 16 17:04:53 UTC 2022 on sn-devel-184
- - - - -
984a426f by Björn Jacke at 2022-02-16T19:49:31+00:00
dnsp.idl: add missing DNS_RPC_RECORD defines
taken from MSDN 2.2.2.2.5:
https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-dnsp/ac793981-1c60-43b8-be59-cdbb5c4ecb8a
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
30bf1cd9 by Björn Jacke at 2022-02-16T20:43:55+00:00
dns.idl/dnsp.idl: add missing DNS ressource record types
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Feb 16 20:43:55 UTC 2022 on sn-devel-184
- - - - -
4e464fc9 by Bjoern Jacke at 2022-02-16T21:38:12+00:00
vfs_gpfs: use linux oplock specific funcions only when available
Signed-off-by: Bjoern Jacke <bj at sernet.de>
Reviewed-by: Christof Schmitt <cs at samba.org>
Autobuild-User(master): Christof Schmitt <cs at samba.org>
Autobuild-Date(master): Wed Feb 16 21:38:12 UTC 2022 on sn-devel-184
- - - - -
e1674e10 by Volker Lendecke at 2022-02-17T17:13:34+00:00
libsmb: Avoid a call to SMBC_errno()
This involves converting cli_print_queue() to NTSTATUS. No caller
looked at the number of jobs returned.
Review with "git show -b", most of the patch is indentation
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ea8198ac by Volker Lendecke at 2022-02-17T17:13:34+00:00
libsmb: Avoid a call to SMBC_errno()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
6f9c20cc by Volker Lendecke at 2022-02-17T17:13:34+00:00
vfs: Use fsp_get_pathref_fd() in aio_pthread
We only use the fd as "dirfd" in openat, so we don't need an I/O fd
here.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1ef6800e by Volker Lendecke at 2022-02-17T17:13:34+00:00
smbd: Slightly simplify openat_pathref_fsp()
We don't need to look at the full share-relative path to figure out if
we have a stream name, the original smb_fname is sufficient for this.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
6e77185f by Volker Lendecke at 2022-02-17T17:13:35+00:00
smbd: Use fsp_is_alternate_stream(), we checked for fsp!=NULL above
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
7ba970b0 by Volker Lendecke at 2022-02-17T17:13:35+00:00
vfs: Use is_named_stream() for checking if we have an ADS
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
219dc590 by Volker Lendecke at 2022-02-17T17:13:35+00:00
smbd: Only open base_fsp for non-"::$DATA" streams
"is_named_stream()" is more what we really mean here. Make this line robust
against callers passing in "::$DATA".
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
259a716c by Volker Lendecke at 2022-02-17T17:13:35+00:00
smbd: Simplify open_file_ntcreate()
For streams our caller create_file_unixpath() has already taken care
of properly initializing fsp->base_fsp, so we can rely on
fsp_is_alternate_stream() here instead of looking at the file name.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
61dd0096 by Volker Lendecke at 2022-02-17T17:13:35+00:00
smbd: Filter out "::$DATA" for query name information
Make this piece of code robust against having "::$DATA" passed in.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
6d7f0790 by Volker Lendecke at 2022-02-17T17:13:35+00:00
smbd: Use ISDOT/ISDOTDOT
This is simpler to read for me
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
826ae22c by Volker Lendecke at 2022-02-17T17:13:35+00:00
vfs: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a31ab494 by Volker Lendecke at 2022-02-17T17:13:35+00:00
vfs: Don't go through strnorm(..., CASE_LOWER)
With a fixed CASE_LOWER we should go directly to the lowerlevel call, this
makes it more obvious to me.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
2649d654 by Volker Lendecke at 2022-02-17T18:11:18+00:00
smbd: Make strnorm() static to filename.c
The caller in vfs_prealloc was a bit unneeded, and strnorm is only
called here.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Feb 17 18:11:18 UTC 2022 on sn-devel-184
- - - - -
fb55d84e by Martin Schwenke at 2022-02-17T18:12:51+00:00
util: Drop unused variable num_chars
clang complains:
../../lib/util/genrand_util.c:99:9: error: variable 'num_chars' set but not used [-Werror,-Wunused-but-set-variable]
size_t num_chars = 0;
^
That is, the variable is initialised and incremented but the value is
never used.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
32d2584c by Martin Schwenke at 2022-02-17T18:12:51+00:00
util: Drop unused variable num_received
clang complains:
../../source4/libcli/clilist.c:111:6: error: variable 'num_received' set but not used [-Werror,-Wunused-but-set-variable]
int num_received = 0;
^
../../source4/libcli/clilist.c:268:6: error: variable 'num_received' set but not used [-Werror,-Wunused-but-set-variable]
int num_received = 0;
^
That is, the variable is initialised and updated but the value is
never used.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
98594d33 by Martin Schwenke at 2022-02-17T18:12:51+00:00
util: Drop unused variable mask_perms
clang complains:
../../source3/smbd/posix_acls.c:2783:9: error: variable 'mask_perms' set but not used [-Werror,-Wunused-but-set-variable]
mode_t mask_perms = 0;
^
That is, the variable is initialised and updated but the value is
never used.
This potentially points to a bug in commit
f735551b9edef66b152261cf6eb2f29b7b69d65b from 2002.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
ad9a4141 by Martin Schwenke at 2022-02-17T18:12:52+00:00
vfs_not_implemented: do not mark structs with _PUBLIC_
Commit 5d295e41af4e9316aee1b4cf1c3087663b7c06a4 accidentally marked
some structs with _PUBLIC_, which causes clang to complain:
../../source3/modules/vfs_not_implemented.c:594:1: error: attribute 'visibility' is ignored, place it after "struct" to apply attribute to type declaration [-Werror,-Wignored-attributes]
_PUBLIC_
^
../../lib/replace/replace.h:917:33: note: expanded from macro '_PUBLIC_'
^
../../source3/modules/vfs_not_implemented.c:642:1: error: attribute 'visibility' is ignored, place it after "struct" to apply attribute to type declaration [-Werror,-Wignored-attributes]
_PUBLIC_
^
../../lib/replace/replace.h:917:33: note: expanded from macro '_PUBLIC_'
^
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
7471afaa by Martin Schwenke at 2022-02-17T18:12:52+00:00
source4/torture: Avoid unused variable
clang complains:
../../source4/torture/basic/delete.c:2342:7: error: variable 'correct' set but not used [-Werror,-Wunused-but-set-variable]
bool correct = true;
^
That is, the variable is initialised and updated but the value is
never used. Similar functions return this variable, so try that.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
1ccb1874 by Martin Schwenke at 2022-02-17T18:12:52+00:00
source4/torture: Drop unused variable tdif
clang complains:
../../source4/torture/basic/denytest.c:1805:11: error: variable 'tdif' set but not used [-Werror,-Wunused-but-set-variable]
int64_t tdif;
^
That is, the variable is initialised and updated but the value is
never used.
Perhaps it is meant to be used in the nearby torture_comment() call,
but it has been this was since commit
cb1cff90f165d82cbbf1dd87e475a1b13984d45e from 2004. Just drop it.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
2b649604 by Martin Schwenke at 2022-02-17T18:12:52+00:00
source4/torture: Drop unused variable mask
clang complains:
../../source4/torture/smb2/notify.c:871:11: error: variable 'mask' set but not used [-Werror,-Wunused-but-set-variable]
uint32_t mask;
^
That is, the variable is initialised and updated but the value is
never used.
Looks to have been this way since commit
15d93a5d8e21893e1cca5c989dbf97010aae1622 from 2009. Just drop it.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
a7c32135 by Martin Schwenke at 2022-02-17T19:06:24+00:00
source4/torture: Drop unused variable attribute
clang complains:
../../source4/client/client.c:1569:11: error: variable 'attribute' set but not used [-Werror,-Wunused-but-set-variable]
uint16_t attribute = FILE_ATTRIBUTE_SYSTEM | FILE_ATTRIBUTE_HIDDEN;
^
That is, the variable is initialised and updated but the value is
never used.
Commit 2f377d5101783ed4d8c96a46aaec61895cc7b6ad from 2004 dropped the
use of this variable.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Thu Feb 17 19:06:25 UTC 2022 on sn-devel-184
- - - - -
bf22548d by Jeremy Allison at 2022-02-18T19:12:30+00:00
s4: torture: Add new SMB2 lease test test_lease_duplicate_create().
Checks we return INVALID_PARAMETER when trying to create a
new file with a duplicate lease key on the same share.
Checked against Windows10. Samba already passes this
but we didn't have a test before.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14737
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: David Mulder <dmulder at suse.com>
- - - - -
ca3896b6 by Jeremy Allison at 2022-02-18T19:12:30+00:00
s4: torture: Add new SMB2 lease test test_lease_duplicate_open().
Checks we return INVALID_PARAMETER when trying to open a
different file with a duplicate lease key on the same share.
Checked against Windows10. Currently fails against smbd
so add knownfail.d/smb2-lease-duplicateopen
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14737
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: David Mulder <dmulder at suse.com>
- - - - -
408be543 by Jeremy Allison at 2022-02-18T20:12:12+00:00
s3: smbd: Fix our leases code to return the correct error in the non-dynamic share case.
We now return INVALID_PARAMETER when trying to open a
different file with a duplicate lease key on the same
(non-dynamic) share. This will enable us to pass another
Windows test suite leases test.
We now behave the same as Windows10.
Remove knownfail.d/smb2-lease-duplicateopen
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14737
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: David Mulder <dmulder at suse.com>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Feb 18 20:12:12 UTC 2022 on sn-devel-184
- - - - -
183ab5ce by Björn Jacke at 2022-02-18T22:17:33+00:00
acl: fix function arguments for AIX' and Solaris' sys_acl_get_fd()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14974
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
396c1716 by Bjoern Jacke at 2022-02-18T22:17:33+00:00
vfs_aixacl: add proper header file
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7239
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
89e90398 by Björn Jacke at 2022-02-18T22:17:33+00:00
wscript: s/default/required/ _static_modules for the acl modules
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14974
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e225ab70 by Björn Jacke at 2022-02-18T22:17:33+00:00
readlink test: inverse return code
We need to return 0 in case readlink is *broken* here - this is because our waf
CHECK_CODE function does only allow generating defines in case the test succeeds
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13631
Signed-off-by: Bjoern Jacke <bj at sernet.de>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
45cb14ac by Björn Jacke at 2022-02-18T23:12:51+00:00
waf: re-add missing readlink test
this was another portability regression that came with the moving to waf
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13631
Signed-off-by: Bjoern Jacke <bj at sernet.de>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Feb 18 23:12:51 UTC 2022 on sn-devel-184
- - - - -
33186bdf by Andreas Schneider at 2022-02-21T09:14:31+00:00
editorconfig: Final newlines are pycodestyle
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
6b8d30e0 by Andreas Schneider at 2022-02-21T09:14:31+00:00
third_party:waf: Print the version of waf at the end of the update script
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
fb175576 by Andreas Schneider at 2022-02-21T10:06:27+00:00
third_party: Update waf to verison 2.0.23
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Mon Feb 21 10:06:27 UTC 2022 on sn-devel-184
- - - - -
7009fb1a by Andreas Schneider at 2022-02-21T15:03:24+00:00
s3:utils: Fix missing space in testparm output
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Mon Feb 21 15:03:24 UTC 2022 on sn-devel-184
- - - - -
521e1195 by Andreas Schneider at 2022-02-21T19:36:45+00:00
autobuild: Rewrite the symbol checking
This should be less error prone.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Mon Feb 21 19:36:45 UTC 2022 on sn-devel-184
- - - - -
a2590298 by Martin Schwenke at 2022-02-22T00:17:11+00:00
util: CID 1499409: Memory - corruptions (OVERLAPPING_COPY)
This is quite bizarre:
*** CID 1499409: Memory - corruptions (OVERLAPPING_COPY)
/lib/util/debug.c: 1742 in dbghdrclass()
1736 sizeof(tvbuf.buf),
1737 "%ld seconds since the Epoch", (long)t);
1738 }
1739 }
1740
1741 ensure_hostname();
>>> CID 1499409: Memory - corruptions (OVERLAPPING_COPY)
>>> In the call to function "snprintf", the object pointed to by argument "state.hostname" may overlap with the object pointed to by argument "state.header_str".
1742 state.hs_len = snprintf(state.header_str,
1743 sizeof(state.header_str),
1744 "%s %s %s[%u]: ",
1745 tvbuf.buf,
1746 state.hostname,
1747 state.prog_name,
Coverity doesn't explicitly say so but the only way this can happen is
if state.hostname is not NUL-terminated within its declared length.
ensure_hostname() and debug_set_hostname() ensure NUL-termination, but
the caching effect of ensure_hostname() probably stops Coverity from
being certain about anything.
Try making Coverity happy by using a precision to limit the number of
characters from hostname that can be used.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Martin Schwenke <martins at samba.org>
Autobuild-Date(master): Tue Feb 22 00:17:12 UTC 2022 on sn-devel-184
- - - - -
2cef24a5 by Volker Lendecke at 2022-02-22T09:21:29+00:00
smbd: Initialize a pointer
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
afd037df by Volker Lendecke at 2022-02-22T09:21:29+00:00
smbd: Make OpenDir_fsp() return NTSTATUS
Preparation for making OpenDir return NTSTATUS
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
be201475 by Volker Lendecke at 2022-02-22T09:21:29+00:00
smbd: Factor out OpenDir_ntstatus()
We might have callers interested in the exact NTSTATUS error code.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
9027cc35 by Volker Lendecke at 2022-02-22T09:21:29+00:00
smbd: can_delete_directory_fsp() returns NTSTATUS
Don't go via errno
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
7e3c51ee by Volker Lendecke at 2022-02-22T09:21:29+00:00
vfs: walk_streams() returns NTSTATUS
Don't go via errno
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
f143eeae by Volker Lendecke at 2022-02-22T09:21:29+00:00
smbd: Initialize a pointer
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
5204da2a by Volker Lendecke at 2022-02-22T09:21:29+00:00
smbd: Convert get_real_filename_full_scan() to OpenDir_ntstatus()
Get us a better error message without going through the lossy errno.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
118b63bb by Volker Lendecke at 2022-02-22T09:21:29+00:00
smbd: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
1912a0d6 by Volker Lendecke at 2022-02-22T09:21:29+00:00
smbd: We have the fsp available, use fsp_is_alternate_stream()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
5030bba1 by Volker Lendecke at 2022-02-22T10:16:44+00:00
samba-dcerpcd: Silence a DEBUG message
This is not worth a debuglevel 1 message
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Tue Feb 22 10:16:44 UTC 2022 on sn-devel-184
- - - - -
38a1e4c5 by Andreas Schneider at 2022-02-22T15:23:35+00:00
editorconfig: Change shell to tabs with tab width 8
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a9eebca9 by Andreas Schneider at 2022-02-22T15:23:35+00:00
configure: Reformat wrapper script
shfmt -w -p -i 0 -fn configure
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2d5d88ff by Andreas Schneider at 2022-02-22T15:23:35+00:00
buildtools: Reformat shell scripts
shfmt -f buildtools | xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1b8b6ac8 by Andreas Schneider at 2022-02-22T15:23:35+00:00
docs-xml: Reformat shell scripts
shfmt -f docs-xml | xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3990c33e by Andreas Schneider at 2022-02-22T16:20:58+00:00
examples: Reformat shell scripts
shfmt -f examples/ | xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Tue Feb 22 16:20:58 UTC 2022 on sn-devel-184
- - - - -
ef9017a1 by Martin Schwenke at 2022-02-23T01:08:37+00:00
ctdb-tests: Dump a stack trace on abort
Debugging a test failure here without GDB is not possible. Dumping a
stack trace gives a good hint.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
0f373443 by Martin Schwenke at 2022-02-23T01:08:37+00:00
ctdb-tests: Fix missing #include for sigaction(2)
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
0d8084ed by Martin Schwenke at 2022-02-23T02:02:06+00:00
ctdb-protocol: CID 1499395: Uninitialized variables (UNINIT)
Issue is reported here:
853 case CTDB_CONTROL_DB_VACUUM: {
854 struct ctdb_db_vacuum db_vacuum;
855
>>> CID 1499395: Uninitialized variables (UNINIT)
>>> Using uninitialized value "db_vacuum.full_vacuum_run" when calling "ctdb_db_vacuum_len".
856 CHECK_CONTROL_DATA_SIZE(ctdb_db_vacuum_len(&db_vacuum));
857 return ctdb_control_db_vacuum(ctdb, c, indata, async_reply);
858 }
The problem is that ctdb_bool_len() unnecessarily dereferences its
argument, which in this case is &db_vacuum.full_vacuum_run. Not a
security issue because the value copied by dereferencing is not used.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay at samba.org>
Autobuild-Date(master): Wed Feb 23 02:02:06 UTC 2022 on sn-devel-184
- - - - -
576bdb08 by Stefan Metzmacher at 2022-02-23T07:50:38+00:00
s3:py_net: allow machinepass=None to py_net_join_member()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14984
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
59ac7824 by Stefan Metzmacher at 2022-02-23T07:50:38+00:00
samba-tool/join_member: let py_net_join_member() choose the password
It means we'll let trust_pw_new_value() generate the password.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14984
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
3b91be36 by Stefan Metzmacher at 2022-02-23T07:50:38+00:00
provision: use 120 characters for the dns account password
We should use the same as for the computer account.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14984
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
6bb7c0f2 by Stefan Metzmacher at 2022-02-23T07:50:38+00:00
upgradehelpers.py: let update_machine_account_password() use 120 character passwords
We already changed provision to use 120 character passwords with commit
609ca657652862fd9c81fd11f818efb74f72ff55.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14984
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
725c94d5 by Stefan Metzmacher at 2022-02-23T07:50:38+00:00
provision: add a comment that the value of krbtgtpass is ignored in the backend
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14984
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
ad0b5561 by Stefan Metzmacher at 2022-02-23T07:50:38+00:00
upgradehelpers.py: add a comment to update_krbtgt_account_password()
The backend generates its own random krbtgt password values.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14984
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
5e238633 by Stefan Metzmacher at 2022-02-23T08:49:54+00:00
s3:trusts_utils: use a password length of 120 for machine accounts
This is important when we change the machine password against
an RODC that proxies the request to an RWDC.
An RODC using NetrServerPasswordSet2() to proxy PasswordUpdateForward via
NetrLogonSendToSam() ignores a return of NT_STATUS_INVALID_PARAMETER
and reports NT_STATUS_OK as result of NetrServerPasswordSet2().
This hopefully found the last hole in our very robust machine account
password handling logic inside of trust_pw_change().
The lesson is: try to be as identical to how windows works as possible,
everything else may use is untested code paths on Windows.
A similar problem was fixed by this commit:
commit 609ca657652862fd9c81fd11f818efb74f72ff55
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Wed Feb 24 02:03:25 2021 +1300
provision: Decrease the length of random machine passwords
The current length of 128-255 UTF-16 characters currently causes
generation of crypt() passwords to typically fail. This commit
decreases the length to 120 UTF-16 characters, which is the same as
that used by Windows.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14621
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14984
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Wed Feb 23 08:49:54 UTC 2022 on sn-devel-184
- - - - -
cc30757d by Andreas Schneider at 2022-02-23T10:57:28+00:00
selftest: Add ad member with idmap_autorid backend
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
14a98f3f by Andreas Schneider at 2022-02-23T10:57:28+00:00
s3:tests: Run test_idmap_rid.sh against admem_idmap_autorid
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
a5bcbc23 by Andreas Schneider at 2022-02-23T11:54:01+00:00
autobuild: Run admem_idmap_autorid tests
They will be part of the samba-admem runners.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Wed Feb 23 11:54:01 UTC 2022 on sn-devel-184
- - - - -
3dbcd20d by Samuel Cabrero at 2022-02-23T15:20:32+00:00
s3:libads: Fix memory leak in kerberos_return_pac() error path
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
ed14513b by Samuel Cabrero at 2022-02-23T15:20:32+00:00
lib:krb5_wrap: Improve debug message and use newer debug macro
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
1b5b4107 by Samuel Cabrero at 2022-02-23T15:20:32+00:00
lib:krb5_wrap: Fix wrong debug message and use newer debug macro
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
00b1f44a by Samuel Cabrero at 2022-02-23T15:20:32+00:00
s3:libads: Return canonical principal and realm from kerberos_return_pac()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14979
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
0f4f3307 by Samuel Cabrero at 2022-02-23T15:20:32+00:00
s3:winbind: Store canonical principal and realm in ccache entry
They will be used later to refresh the tickets.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14979
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
8246ccc2 by Samuel Cabrero at 2022-02-23T16:17:29+00:00
s3:winbind: Use the canonical principal name to renew the credentials
The principal name stored in the winbindd ccache entry might be an
enterprise principal name if enterprise principals are enabled. Use
the canonical name to renew the credentials.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14979
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Wed Feb 23 16:17:29 UTC 2022 on sn-devel-184
- - - - -
1e880641 by Andreas Schneider at 2022-02-24T09:15:34+00:00
lib:fuzzing: Reformat shell scripts
shfmt -f lib/fuzzing/ | xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9b0273fa by Andreas Schneider at 2022-02-24T09:15:34+00:00
lib:ldb: Reformat shell scripts
shfmt -f lib/ldb/ | xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
59b9639e by Andreas Schneider at 2022-02-24T09:15:34+00:00
lib:replace: Reformat shell scripts
shfmt -f lib/replace/ | xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7fab6d53 by Andreas Schneider at 2022-02-24T09:15:34+00:00
lib:tdb: Reformat shell scripts
shfmt -f lib/tdb/ | xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5b70f21d by Andreas Schneider at 2022-02-24T09:15:34+00:00
lib:tevent: Reformat shell scripts
shfmt -f lib/tevent/ | xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d42f08d1 by Andreas Schneider at 2022-02-24T09:15:34+00:00
nsswitch: Reformat shell scripts
shfmt -f nsswitch/ | xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
38498024 by Andreas Schneider at 2022-02-24T10:13:36+00:00
packaging: Reformat shell scripts
shfmt -f packaging/ | xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Thu Feb 24 10:13:36 UTC 2022 on sn-devel-184
- - - - -
76bbda35 by Andreas Schneider at 2022-02-28T10:22:34+00:00
editorconfig: We always inserted a new line so keep doing that
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Mon Feb 28 10:22:34 UTC 2022 on sn-devel-184
- - - - -
1e3e22cc by Ralph Boehme at 2022-02-28T20:01:36+00:00
CI: remove shares referencing removed functionality
The whole "smbd:force sync [user|root] [path|chdir] safe threadpool" stuff was
removed long ago by 29dd6f3e59055a17fa3d6a63619773f940e63374.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14957
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ecf56c1d by Ralph Boehme at 2022-02-28T20:01:36+00:00
smbd: check "store dos attributes" settings in the async dosmode code
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14957
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ffdb1c3e by Ralph Boehme at 2022-02-28T20:01:36+00:00
CI: add test "smb2.async_dosmode"
Verifies async-dosmode sync fallback works with shadow_copy2 which returns
ENOSYS for SMB_VFS_GET_DOS_ATTRIBUTES_SEND().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14957
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
97caec07 by Ralph Boehme at 2022-02-28T20:01:36+00:00
smbd: also check for NT_STATUS_NOT_SUPPORTED
If a VFS module fails SMB_VFS_GETXATTRAT_SEND/RECV with ENOSYS like currently
vfs_shadow_copy2 or any other module that uses
vfs_not_implemented_getxattrat_send() the ENOSYS error that
vfs_not_implemented_getxattrat_send() sets gets mapped to
NT_STATUS_NOT_SUPPORTED by map_nt_error_from_unix().
Unfortunately when checking whether the async SMB_VFS_GETXATTRAT_SEND() failed
and to determine if the sync fallback should be triggered, we currently only
check for NT_STATUS_NOT_IMPLEMENTED which is the error we get when "store dos
attributes" is disabled.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14957
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
48f81b4e by Ralph Boehme at 2022-02-28T20:01:36+00:00
CI: enable "smbd async dosmode" on shadow_write share
Existing tests don't care, upcoming new test needs it.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1097b1d0 by Ralph Boehme at 2022-02-28T20:01:36+00:00
CI: add a test for async dosmode on a file in a shadow_copy2 snapshot
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
afc2103d by Ralph Boehme at 2022-02-28T20:53:35+00:00
vfs_shadow_copy2: remove async getxattrat
vfswrap_getxattrat_send() is handle based using smb_fname->fsp. As
the open of smb_fname->fsp was processed by this module, the handle
is already correctly opened on the file in the snapshot. In the end
this means we can just call directly call the next function here.
Note that the same reasoning might apply to other modules that use
vfs_not_implemented_getxattrat_send(), but checking and adjusting those is a job
for another day. Currently they will continue to go via the sync fallback of the
caller.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon Feb 28 20:53:35 UTC 2022 on sn-devel-184
- - - - -
f6fe8692 by Stefan Metzmacher at 2022-03-01T17:11:35+00:00
s4:sam: Don't use talloc_steal for msg attributes in authsam_make_user_info_dc()
This is most likely not a problem for the current callers,
but that it is unexpected and will likely cause problems with future
changes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14993
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14995
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ef95fb43 by Joseph Sutton at 2022-03-01T17:11:35+00:00
auth: Cope with NULL upn_name in PAC
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14995
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
6d8fec70 by Joseph Sutton at 2022-03-01T17:11:35+00:00
third_party/heimdal_build: Add KDC_LIB macro definitions
This is an adaptation to Heimdal:
commit 7bb00a40eabbed2bc1c268f5244bfb9736d9bebe
Author: Luke Howard <lukeh at padl.com>
Date: Tue Jan 4 13:08:35 2022 +1100
kdc: fix Windows build
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14995
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
9936038f by Joseph Sutton at 2022-03-01T17:11:35+00:00
s4:kdc: Don't pass empty PAC buffers to krb5_pac_add_buffer()
Heimdal will no longer allow us to pass a dummy zero-length buffer to
krb5_pac_add_buffer(), so we have to pass a buffer of length 1 instead.
This is an adaption to Heimdal:
commit 190263bb7a56fc775b50a6cd0dc91820d2b2e5eb
Author: Jeffrey Altman <jaltman at secure-endpoints.com>
Date: Wed Jan 19 22:55:33 2022 -0500
assert non-NULL ptrs before calling mem funcs
The definitions of memcpy(), memmove(), and memset() state that
the behaviour is undefined if any of the pointer arguments are
NULL, and some compilers are known to make use of this to
optimise away existing NULL checks in the source.
Change-Id: I489bc256e3eac7ff41d91becb0b43aba73dbb3f9
Link: https://www.imperialviolet.org/2016/06/26/nonnull.html
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14995
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
9eb27f29 by Joseph Sutton at 2022-03-01T18:07:50+00:00
third_party/heimdal_build: Determine whether time_t is signed
Without this, Heimdal will assume time_t is unsigned, and a wrong
assumption will cause 'infinite' ticket lifetimes to be reckoned as from
the past, and thus requests will fail with KDC_ERR_NEVER_VALID.
This is an adaptation to Heimdal:
commit 9ae9902249732237aa1711591604a6adf24963fe
Author: Nicolas Williams <nico at twosigma.com>
Date: Tue Feb 15 17:01:00 2022 -0600
cf: Check if time_t is signed
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14995
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Tue Mar 1 18:07:50 UTC 2022 on sn-devel-184
- - - - -
d255044e by Volker Lendecke at 2022-03-01T20:09:28+00:00
lib: Use cp_smb_filename_nostream() in adouble_path()
No need to TALLOC_FREE(smb_fname->stream_name) later
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
cb020197 by Volker Lendecke at 2022-03-01T20:09:28+00:00
lib: Simplify parent_dirname() by using talloc_strndup()
Don't duplicate the talloc_strndup() functionality.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
bdf68d64 by Volker Lendecke at 2022-03-01T20:09:29+00:00
vfs: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
2b6e557e by Volker Lendecke at 2022-03-01T20:09:29+00:00
vfs: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
40b7c862 by Volker Lendecke at 2022-03-01T20:09:29+00:00
vfs: Set errno in an error return
Don't leak an unrelated errno
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
579c475f by Volker Lendecke at 2022-03-01T20:09:29+00:00
smbd: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
8c977435 by Volker Lendecke at 2022-03-01T20:59:55+00:00
smbd: Fix a use-after-free
stat_cache_lookup() allocates its result on top of talloc_tos().
filename_convert_smb1_search_path() creates a talloc_stackframe(),
which makes the names which were supposed to be allocated on the "ctx"
parameter of filename_convert_smb1_search_path() go away too
early. Reparent the results from stat_cache_lookup() properly.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14989
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Mar 1 20:59:55 UTC 2022 on sn-devel-184
- - - - -
fccf9859 by Joseph Sutton at 2022-03-01T22:34:34+00:00
third_party/heimdal_build: Define fallthrough macro for switch statements
This is an adaptation to Heimdal:
commit ddc61136100b32346c4c4efa2bb6ddb5baedfb3e
Author: Nicolas Williams <nico at twosigma.com>
Date: Fri Jan 14 16:32:04 2022 -0600
Use fallthrough statement attribute
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14995
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
51569b31 by Joseph Sutton at 2022-03-01T22:34:34+00:00
third_party/heimdal: import lorikeet-heimdal-202203010107 (commit 0e7a12404c388e831fe6933fcc3c86e7eb334825)
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14995
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f2ca9c5d by Joseph Sutton at 2022-03-01T22:34:34+00:00
third_party/heimdal_build: Add source files to build
This is an adaptation to Heimdal:
commit be708ca3cf98900c61919f8ff7ced4428b5d1f32
Author: Nicolas Williams <nico at twosigma.com>
Date: Wed Dec 22 17:01:12 2021 -0600
gsskrb5: Add simple name attributes support
This adds Kerberos mechanism support for:
- composite principal name export/import
- getting rudimentary name attributes from GSS names using
gss_get_name_attribute():
- all (raw) authorization data from the Ticket
- all (raw) authorization data from the Authenticator
- transit path
- realm
- component count
- each component
- gss_inquire_name()
- gss_display_name_ext() (just for the hostbased service name type
though)
The test exercises almost all of the functionality, except for:
- getting the PAC
- getting authz-data from the Authenticator
- getting the transit path
TBD (much) later:
- amend test_context to do minimal name attribute checks as well
- gss_set_name_attribute() (to request authz-data)
- gss_delete_name_attribute()
- getting specific authorization data elements via URN fragments (as
opposed to all of them)
- parsing the PAC, extracting SIDs (each one as a separate value)
- some configurable local policy (?)
- plugin interface for additional local policy
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14995
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a2f7987d by Joseph Sutton at 2022-03-01T22:34:34+00:00
s4:kdc: Refactor HDB API
This is an adaptation to Heimdal:
commit b1dcc1a47485165ada778ef3c3463cfc0779d183
Author: Luke Howard <lukeh at padl.com>
Date: Fri Dec 31 17:24:58 2021 +1100
kdc: refactor Samba-specific auditing API in terms of existing API
Make Samba-specific HDB auth status API a wrapper on the existing auditing API,
with a view towards unifying the two APIs in a future commit.
The term "auth status" is replaced with "auth event", and the HDB auth_status
method is replaced with a more general purpose audit method which has access to
the entire request structure.
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14995
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7989ef0a by Joseph Sutton at 2022-03-01T22:34:34+00:00
s4:kdc: Adapt to removal of auth event details
This is an adaptation to Heimdal:
commit e15e711b13e2fb33f4480a054cba60b6c4c0183b
Author: Luke Howard <lukeh at padl.com>
Date: Sat Jan 1 18:05:51 2022 +1100
kdc: remove auth_event_details audit key
The auth event details audit key (formerly, parameter to auth_status)
contained, variously, an encryption type name; a PKINIT client certificate
name; or, a GSS initiator name. Audit these instead using individual keys that
reflect the values' contents.
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14995
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0d37a192 by Joseph Sutton at 2022-03-01T22:34:34+00:00
s4:kdc: Add 'not authorised' auth events
This is an adaptation to Heimdal:
commit d683780b1d728bf8c5b794a1f66842e5a25bd360
Author: Luke Howard <lukeh at padl.com>
Date: Sat Jan 1 23:44:05 2022 +1100
kdc: separate PKINIT/GSS authorization failure
Create a new audit event for PKINIT/GSS authorization (impersonation) failure
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14995
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a5799cea by Joseph Sutton at 2022-03-01T22:34:34+00:00
s4:kdc: Add referral policy callback
This is now used instead of a configuration option.
This is an adaption to Heimdal:
commit 3fa47f5a1a422e178d968a8ec0d59889eaa71548
Author: Luke Howard <lukeh at padl.com>
Date: Sun Jan 2 21:51:43 2022 +1100
kdc: add referral_policy callback to windc plugin
Add a referral policy hook to the TGS as a more elegant way of resolving
referral detection for Samba). The hook can either rewrite the server_princ in
the request, or it can return an error to disable built-in referral processing.
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14995
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
83586e8f by Joseph Sutton at 2022-03-01T22:34:34+00:00
s4:kdc: Rename windc to kdc plugin
This is an adaptation to Heimdal:
commit fcff5933ade652343d7c169659da92fac0e6e0d4
Author: Luke Howard <lukeh at padl.com>
Date: Mon Jan 3 11:10:18 2022 +1100
kdc: rename windc to kdc plugin
Rename the "windc" plugin API to the more general "kdc" plugin API, for two
reasons: the Heimdal KDC uses the Windows PAC even when not emulating a domain
controller, and the plugin API has accreted methods that are not specific to
emulating a domain controller (such as referral_policy and finalize_reply).
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14995
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f234361a by Joseph Sutton at 2022-03-01T22:34:34+00:00
s4:kdc: Adapt to removal of auth audit event types
This is an adaptation to Heimdal:
commit 06f8985c55fcd23e3efe0017ed2480c5b3c4524f
Author: Luke Howard <lukeh at padl.com>
Date: Wed Jan 5 09:42:03 2022 +1100
hdb: consolidate preauth audit event types
Instead of having distinct preauth success/failure events for different
mechanisms, have a single event; the mechanism can be disambiguated by querying
the HDB_REQUEST_KV_PA_NAME key.
Note: there is still an explicit event for long-term key-based success/failure
in order to help the backend implement lockout.
Audit failure (HDB_AUTH_EVENT_PREAUTH_FAILED) in the main preauth loop, rather
than in each mechanism. Success is still audited in the mechanism to allow
client pre-authentication success to be noted even if something subsequent
(e.g. encoding a reply, memory allocation) fails. The generic catch-all for
success remains.
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14995
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b9f4ea8b by Joseph Sutton at 2022-03-01T22:34:35+00:00
third_party/heimdal_build: Add SFU source file
This is an adaptation to Heimdal:
commit 0287558838de79313e38026d2f0905ffc987d0b8
Author: Luke Howard <lukeh at padl.com>
Date: Fri Dec 24 13:49:55 2021 +1100
kdc: move Services for User implementation out of krb5tgs.c
Move the Services for User (SFU/S4U) implementation -- protocol transition and
constrained delegation -- into its own compilation unit, with an interface that
only takes an astgs_request_t, so it can be easily factored out into a plugin
module in the future.
This refactoring is also careful to update all client names in the request
structure after the SFU/S4U validation has successfully completed.
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14995
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
675f913e by Joseph Sutton at 2022-03-01T22:34:35+00:00
s4:kdc: Explicitly set plugin minor version
This is an adaptation to Heimdal:
commit 7cc4b7a9e624f5eecfbb38607d4cc0870a895671
Author: Luke Howard <lukeh at padl.com>
Date: Wed Jan 5 13:08:11 2022 +1100
kdc: KDC plugin API contract notes
Add some notes about the KDC plugin API contract, and require plugins to
explicitly indicate which version of the API they support (remove the macro
alias for the current version).
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14995
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7cb68fdb by Joseph Sutton at 2022-03-01T22:34:35+00:00
third_party/heimdal_build: Don't generate .x source files
This is an adaptation to Heimdal:
commit 9427796f1a65906f12768b28abdb5a928222f3c6
Author: Jeffrey Altman <jaltman at secure-endpoints.com>
Date: Wed Jan 5 15:45:23 2022 -0500
Generate .x source files as .c source files
The generated .x source and .hx header files are plain C source files..
Generate them as .c source files and avoid unnecessary file copying
and special makefile rules.
Change-Id: Ifc4bbe3c46dd357fdd642040ad964c7cfe1d395c
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14995
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
068f2bf1 by Joseph Sutton at 2022-03-01T22:34:35+00:00
s4:kdc: Increment plugin minor version
This is an adaptation to Heimdal:
commit 40e4a4df09c2d6c3ba7bf14df1dee74a0bc18110
Author: Luke Howard <lukeh at padl.com>
Date: Mon Jan 10 12:50:37 2022 +1100
kdc: use astgs_request_t for client/server name (TGS)
Store the client and server principal name from the TGT and request
(respectively) in the astgs_request_t rather than using local variables.
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14995
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
94d387ab by Joseph Sutton at 2022-03-01T22:34:35+00:00
s4:kdc: Adapt to hdb_entry_ex removal
Rather than having a 'free_entry' member that can be called to free an
hdb_entry, we now implement the free function in HDB. We perform the
free only if the context pointer is non-NULL.
We also remove the ZERO_STRUCTP() in sdb_entry_to_hdb_entry(), as the
context pointer is now part of the 'hdb_entry' structure itself, and
this would undesirably zero it out.
This is an adaptation to Heimdal commits:
commit c5551775e204d00c7ee8055ab6ddbba7e0590584
Author: Luke Howard <lukeh at padl.com>
Date: Fri Jan 7 12:15:55 2022 +1100
hdb: decorate HDB_entry with context member
Decorate HDB_entry with context and move free_entry callback into HDB structure
itself. Requires updating hdb_free_entry() signature to include HDB parameter.
A follow-up commit will consolidate hdb_entry_ex (which has a single hdb_entry
member) into hdb_entry.
commit 0e8c4ccc6ee0123ea39e53e8917fc3f6bb74e8c8
Author: Luke Howard <lukeh at padl.com>
Date: Fri Jan 7 12:54:40 2022 +1100
hdb: eliminate hdb_entry_ex
Remove hdb_entry_ex and revert to the original design of hdb_entry (except with
an additional context member in hdb_entry which is managed by the free_entry
method in HDB).
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14995
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9399a15f by Joseph Sutton at 2022-03-01T22:34:35+00:00
s4:kdc: Adapt to removal of publicly accessible request structure members
We now have to use the accessor functions instead.
This is an adaptation to Heimdal:
commit ec24edf7005c340018450a202d27ca75fcf322d4
Author: Luke Howard <lukeh at padl.com>
Date: Thu Jan 20 09:15:24 2022 +1100
kdc: add accessor functions for KDC request structure
Add accessor functions for use by Samba and other plugin developers.
Documentation is in kdc/kdc-accessors.h.
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14995
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c9b0b4bf by Andrew Bartlett at 2022-03-01T22:34:35+00:00
s4-kdc: Adapt to move from HDB auditing to KDC auditing constants
This is to adapt to:
commit 6530021f09a5cab631be19a1b5898a0ba6b32f16
Author: Luke Howard <lukeh at padl.com>
Date: Thu Jan 13 14:37:29 2022 +1100
kdc: move auth event definitions into KDC header
Move KDC auth event macro definitions out of hdb.h and into a new KDC header,
kdc-audit.h.
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14995
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
791be84c by Stefan Metzmacher at 2022-03-01T23:28:22+00:00
s4:kdc: hdb_samba4_audit() is only called once per request
So we need to restructure the logic a bit.
NOTE: This commit finally works again!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14995
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Joseph Sutton <jsutton at samba.org>
Autobuild-Date(master): Tue Mar 1 23:28:22 UTC 2022 on sn-devel-184
- - - - -
751237a2 by Jeremy Allison at 2022-03-02T21:04:34+00:00
s3: VFS: ceph_snapshots: Move two more uses of OpenDir() -> OpenDir_nstatus().
Eventually we can replace OpenDir() with OpenDir_ntatatus().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
a1f4d74a by Jeremy Allison at 2022-03-02T21:04:34+00:00
s3: VFS: fruit: Move two more uses of OpenDir() -> OpenDir_nstatus().
Eventually we can replace OpenDir() with OpenDir_ntatatus().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
a138d0f2 by Jeremy Allison at 2022-03-02T21:04:34+00:00
s3: VFS: shadow_copy: Move one more use of OpenDir() -> OpenDir_nstatus().
Eventually we can replace OpenDir() with OpenDir_ntatatus().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
bc9439a4 by Jeremy Allison at 2022-03-02T21:04:34+00:00
s3: VFS: syncops: Move one more use of OpenDir() -> OpenDir_nstatus().
Eventually we can replace OpenDir() with OpenDir_ntatatus().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
51b7475d by Jeremy Allison at 2022-03-02T21:04:34+00:00
s3: smbd: In recursive_rmdir(), Move one more use of OpenDir() -> OpenDir_nstatus()
Eventually we can replace OpenDir() with OpenDir_ntatatus().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
535b29af by Jeremy Allison at 2022-03-02T21:04:34+00:00
s3: smbd: In rmdir_internals(), Move one more use of OpenDir() -> OpenDir_nstatus()
Eventually we can replace OpenDir() with OpenDir_ntatatus().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
2aff668e by Jeremy Allison at 2022-03-02T21:04:34+00:00
s3: smbd: In count_dfs_links(), Move one more use of OpenDir() -> OpenDir_nstatus()
Eventually we can replace OpenDir() with OpenDir_ntatatus().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
e66be49a by Jeremy Allison at 2022-03-02T21:04:34+00:00
s3: smbd: In form_junctions(), Move one more use of OpenDir() -> OpenDir_nstatus()
Eventually we can replace OpenDir() with OpenDir_ntatatus().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
b331082b by Jeremy Allison at 2022-03-02T21:04:34+00:00
s3: torture: In cmd_vfs, Move two more uses of OpenDir() -> OpenDir_nstatus().
Now we can replace OpenDir() with OpenDir_ntatatus().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
c0bbf6f4 by Jeremy Allison at 2022-03-02T21:04:34+00:00
s3: smbd: Remove now unused OpenDir().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
0c113e65 by Jeremy Allison at 2022-03-02T21:58:32+00:00
s3: smbd: Rename OpenDir_ntstatus() -> OpenDir().
We now have a single OpenDir() function that returns an NTSTATUS.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Wed Mar 2 21:58:32 UTC 2022 on sn-devel-184
- - - - -
f025cc1a by Andreas Schneider at 2022-03-03T00:59:34+00:00
python: Reformat shell scripts
shfmt -f python/ | xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
55cd39b9 by Andreas Schneider at 2022-03-03T00:59:34+00:00
release-scripts: Reformat shell scripts
shfmt -f release-scripts/ | xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
22eb76c6 by Andreas Schneider at 2022-03-03T00:59:34+00:00
script: Reformat shell scripts
shfmt -f script/ | xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1399b243 by Andreas Schneider at 2022-03-03T00:59:34+00:00
selftest: Reformat shell scripts
shfmt -f selftest/ | xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
98aed064 by Andreas Schneider at 2022-03-03T00:59:34+00:00
s3:locale: Reformat shell scripts
shfmt -f source3/locale/ | xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
cb10b870 by Andreas Schneider at 2022-03-03T01:53:16+00:00
s3:script: Reformat shell scripts
shfmt -f source3/script/ | xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu Mar 3 01:53:16 UTC 2022 on sn-devel-184
- - - - -
cd0efd38 by Andreas Schneider at 2022-03-04T14:05:31+00:00
s4:kdc: Align sflags type
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
f1ec950a by Andreas Schneider at 2022-03-04T14:05:31+00:00
s4:kdc: Also cannoicalize krbtgt principals when enforcing canonicalization
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
c9653e51 by Andreas Schneider at 2022-03-04T14:05:31+00:00
selftest: More tests are passing with MIT KRB5 >= 1.20
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
ea7b1caa by Andreas Schneider at 2022-03-04T14:05:31+00:00
s4:mitkdc: Set KRB5_KDB_NO_AUTH_DATA_REQUIRED based on sdb no_auth_data_reqd
This needs to be set so that the MIT KDC >= 1.20 will not call the handle_pac()
function which executes the issue_pac KDB callback.
Pair-Programmed-With: Alexander Bokovoy <ab at samba.org>
Signed-off-by: Alexander Bokovoy <ab at samba.org>
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
f1ca16f3 by Andreas Schneider at 2022-03-04T14:05:31+00:00
s4:mitkdc: Add support for MIT Kerberos 1.20
This also addresses CVE-2020-17049.
MIT Kerberos 1.20 is in pre-release state at the time writing this commit. It
will be released in autumn 2022. We need to support MIT Kerberos 1.19 till
enough distributions have been released with MIT Kerberos 1.20.
Pair-Programmed-With: Robbie Harwood <rharwood at redhat.com>
Signed-off-by: Andreas Schneider <asn at samba.org>
Signed-off-by: Robbie Harwood <rharwood at redhat.com>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
b20606b2 by Andreas Schneider at 2022-03-04T14:05:31+00:00
s4:mitkdc: Add support for S4U2Self & S4U2Proxy
Pair-Programmed-With: Alexander Bokovoy <ab at samba.org>
Signed-off-by: Alexander Bokovoy <ab at samba.org>
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
1201147d by Andreas Schneider at 2022-03-04T14:05:31+00:00
s4:kdc: Implement new Microsoft forwardable flag behavior
Allow delegation to any target if we have delegations set up, but the target is
not specified.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
ea15ecfe by Isaac Boukris at 2022-03-04T14:05:31+00:00
krb5-mit: Enable S4U client support for MIT build
Pair-Programmed-With: Andreas Schneider <asn at samba.org>
Signed-off-by: Andreas Schneider <asn at samba.org>
Signed-off-by: Isaac Boukris <iboukris at gmail.com>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
1a4d43d3 by Andreas Schneider at 2022-03-04T14:05:31+00:00
s4:auth: Remove trailing spaces in sam.c
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
41ffba13 by Andreas Schneider at 2022-03-04T14:05:31+00:00
s4:auth: Also look up msDS-AllowedToActOnBehalfOfOtherIdentity for RBCD
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
5c4afce7 by Andreas Schneider at 2022-03-04T14:05:31+00:00
s4:kdc: Implement samba_kdc_check_s4u2proxy_rbcd()
This will be used by the MIT KDB plugin in the next commits.
A security descriptor created by Windows looks like this:
security_descriptor: struct security_descriptor
revision : SECURITY_DESCRIPTOR_REVISION_1 (1)
type : 0x8004 (32772)
0: SEC_DESC_OWNER_DEFAULTED
0: SEC_DESC_GROUP_DEFAULTED
1: SEC_DESC_DACL_PRESENT
0: SEC_DESC_DACL_DEFAULTED
0: SEC_DESC_SACL_PRESENT
0: SEC_DESC_SACL_DEFAULTED
0: SEC_DESC_DACL_TRUSTED
0: SEC_DESC_SERVER_SECURITY
0: SEC_DESC_DACL_AUTO_INHERIT_REQ
0: SEC_DESC_SACL_AUTO_INHERIT_REQ
0: SEC_DESC_DACL_AUTO_INHERITED
0: SEC_DESC_SACL_AUTO_INHERITED
0: SEC_DESC_DACL_PROTECTED
0: SEC_DESC_SACL_PROTECTED
0: SEC_DESC_RM_CONTROL_VALID
1: SEC_DESC_SELF_RELATIVE
owner_sid : *
owner_sid : S-1-5-32-544
group_sid : NULL
sacl : NULL
dacl : *
dacl: struct security_acl
revision : SECURITY_ACL_REVISION_ADS (4)
size : 0x002c (44)
num_aces : 0x00000001 (1)
aces: ARRAY(1)
aces: struct security_ace
type : SEC_ACE_TYPE_ACCESS_ALLOWED (0)
flags : 0x00 (0)
0: SEC_ACE_FLAG_OBJECT_INHERIT
0: SEC_ACE_FLAG_CONTAINER_INHERIT
0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT
0: SEC_ACE_FLAG_INHERIT_ONLY
0: SEC_ACE_FLAG_INHERITED_ACE
0x00: SEC_ACE_FLAG_VALID_INHERIT (0)
0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS
0: SEC_ACE_FLAG_FAILED_ACCESS
size : 0x0024 (36)
access_mask : 0x000f01ff (983551)
object : union security_ace_object_ctr(case 0)
trustee : S-1-5-21-3001743926-1909451141-602466370-1108
Created with the following powershell code:
$host1 = Get-ADComputer -Identity ServerA
$host2 = Get-ADComputer -Identity ServerB
Set-ADComputer $host2 -PrincipalsAllowedToDelegateToAccount $host1
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
c7be3d1f by Andreas Schneider at 2022-03-04T14:05:31+00:00
s4:mitkdc: Implement mit_samba_check_allowed_to_delegate_from() for RBCD
This just implements a call in the MIT KDB shim layer. It will be used in the
next commits in the KDB plugin.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
d0e4b612 by Andreas Schneider at 2022-03-04T14:05:31+00:00
s4:mitkdc: Implement support for Resource Based Constrained Delegation (RBCD)
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
e908bbb1 by Andreas Schneider at 2022-03-04T14:05:31+00:00
gitlab-ci: Print the krb5 version
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
d1d47a55 by Andreas Schneider at 2022-03-04T14:05:31+00:00
gitlab-ci: Run krb5 tests also with MIT Kerberos 1.20 (prerelease)
This adds test against MIT Kerberos 1.20 (prerelease) in order to test
Bronze Bit, S4U and RBCD functionality supported only in current MIT Kerberos
git master. We created a Fedora COPR package for MIT KRB5 1.20 (prerelease).
MIT Kerberos 1.20 will be released in autumn 2022. As soon as MIT Kerberos 1.20
will be in a Fedora release, these runners will be removed again.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
e25d6c89 by Andreas Schneider at 2022-03-04T14:58:20+00:00
WHATSNEW: Bronze bit, S4U and RBDC support with MIT Kerberos 1.20
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Fri Mar 4 14:58:20 UTC 2022 on sn-devel-184
- - - - -
d1a08623 by Volker Lendecke at 2022-03-04T17:43:42+00:00
smbd: Remove a deref forgotten in c2ac6a9cd7b
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
fd1dca2d by Volker Lendecke at 2022-03-04T17:43:42+00:00
smbd: Inherit acl from an fsp instead of a fname
Moving slowly towards passing directory handles instead of names,
representing the idea that we hold a O_PATH file descriptor on
directories.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
fbb4bd36 by Volker Lendecke at 2022-03-04T17:43:42+00:00
smbd: Pass dirfsp instead of an fname to open_file()
Moving slowly towards passing directory handles instead of names,
representing the idea that we hold a O_PATH file descriptor on
directories.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
be6cc4cc by Volker Lendecke at 2022-03-04T17:43:42+00:00
smbd: Log close_file_free() failure in copy_internals()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
f60ca2e2 by Volker Lendecke at 2022-03-04T17:43:42+00:00
smbd: Pass dirfsp instead of a parent filename to unix_mode
This converts a STAT (with potential symlink race problems) into an
FSTAT on the O_PATH fd we have for the directory
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
29761770 by Volker Lendecke at 2022-03-04T17:43:42+00:00
smbd: Remove unused "lret" variable from file_set_dosmode()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
5567d5bc by Volker Lendecke at 2022-03-04T17:43:42+00:00
smbd: Save a few lines in file_set_dosmode() with "goto done;"
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
ab692aa6 by Volker Lendecke at 2022-03-04T17:43:42+00:00
smbd: Fix indentation in rename_internals_fsp()
This one space character makes it more obvious where in the copmlex
if-expression lp_store_dos_attributes() lives.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
b3514a57 by Volker Lendecke at 2022-03-04T17:43:42+00:00
smbd: Make complex if-expression in file_set_dosmode() easier to read
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
28522bb3 by Jeremy Allison at 2022-03-04T17:43:42+00:00
s3: smbd: Cleanup - make recursive_rmdir() return a more expressive NTSTATUS not bool.
Next cleanup the internals of rmdir_internals() to do an early map
of errno -> NTSTATUS to avoid mapping back and forth.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
df7efdf0 by Jeremy Allison at 2022-03-04T18:39:48+00:00
s3: smbd: Cleanup - Make rmdir_internals() use NTSTATUS internally without depending on errno.
As we already need to return NTSTATUS, map errno to NTSTATUS directly at point of failure
and don't depend on keeping it around. No change in client-visible behavior but makes
rmdir_internals() easier to understand (for me at least).
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Fri Mar 4 18:39:48 UTC 2022 on sn-devel-184
- - - - -
3f977cd6 by Pavel Filipenský at 2022-03-05T08:04:28+00:00
s3:lib: Fix possible 32-bit arithmetic overflow
Reported by covscan.
Potentially overflowing expression "glue->gtimeout * 1000" with type "int"
(32 bits, signed) is evaluated using 32-bit arithmetic, and then used in
a context that expects an expression of type "uint64_t" (64 bits, unsigned).
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Sat Mar 5 08:04:28 UTC 2022 on sn-devel-184
- - - - -
64160686 by Samuel Cabrero at 2022-03-06T23:05:40+00:00
s3:winbind: Move the function to list trusted domains to winbindd_dual_srv.c
This function will be converted to a local RPC call handler so move it
to the file including ndr_winbindd_scompat.c.
Updated debug message and use newer debug macros.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d05b5366 by Samuel Cabrero at 2022-03-06T23:05:40+00:00
s3:winbind: Remove list_all_domains condition always false
The 'list_all_domains' flag in a winbind request is only set by the
torture_winbind_struct_list_trustdom() test, in fact to check the flag
is ignored.
The WINBINDD_LIST_TRUSTDOM command received by winbind parent is handled
by winbindd_list_trusted_domains() which fills the response from the
cached domain list and does not handle the flag.
The WINBINDD_LIST_TRUSTDOM command sent from the parent to the domain
childs when the rescan timer expires do not set this flag, so this
commit removes the code handling it in the child.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e07f8901 by Samuel Cabrero at 2022-03-06T23:05:40+00:00
s3:winbind: Convert ListTrustedDomains parent/child call to NDR
By using NDR we avoid manual marshalling (netr_DomainTrust array
to text string) and unmarshalling (parse the received text string
back to a netr_DomainTrust array).
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
95b19633 by Samuel Cabrero at 2022-03-06T23:05:40+00:00
examples: Update winbindd.stp and its generator script
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f33f73f8 by Stefan Metzmacher at 2022-03-06T23:05:40+00:00
third_party/heimdal: import lorikeet-heimdal-202203031927 (commit 7abc451ddd74d0c2e57dbb32f3198bde8def73ab)
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14865
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
27ee5ad7 by Stefan Metzmacher at 2022-03-06T23:05:40+00:00
s4:kdc: let pac functions in wdc-samba4.c take astgs_request_t
NOTE: This commit finally works again!
This aligns us with the following Heimdal change:
commit 11d8a053f50c88256b4d49c7e482c2eb8f6bde33
Author: Stefan Metzmacher <metze at samba.org>
AuthorDate: Thu Feb 24 18:27:09 2022 +0100
Commit: Luke Howard <lukeh at padl.com>
CommitDate: Thu Mar 3 09:58:48 2022 +1100
kdc-plugin: also pass astgs_request_t to the pac related functions
This is more consistent and allows the pac hooks to be more flexible.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14865
Signed-off-by: Stefan Metzmacher <metze at samba.org>
- - - - -
0f5d7ff1 by Stefan Metzmacher at 2022-03-06T23:05:40+00:00
s4:kdc: redirect pre-authentication failures to an RWDC
The most important case is that we still have a previous
password cached at the RODC and the inbound replication
hasn't wiped the cache yet and we also haven't triggered
a new replication yet.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14865
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
39d85c34 by Pavel Filipenský at 2022-03-06T23:05:40+00:00
s3:script: Blackbox tests for the rpcclient DFS commands
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
1ed9ece3 by Pavel Filipenský at 2022-03-06T23:05:40+00:00
s3:rpcclient: Fix trailing whitespace in cmd_dfs.c
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
e9e2aead by Pavel Filipenský at 2022-03-07T00:00:32+00:00
s3:rpcclient: Fix crash in rpcclient
rpcclient SERVER -c 'dfsenum 5' dumps core
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Mon Mar 7 00:00:32 UTC 2022 on sn-devel-184
- - - - -
b108e039 by Jule Anger at 2022-03-07T14:35:36+00:00
s3:tests: Add a test to check the output of smbstatus.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14999
Signed-off-by: Jule Anger <janger at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
9e9e6955 by Jule Anger at 2022-03-07T15:27:48+00:00
s3:utils: assign ids to struct to list shares correctly
The commit "99d1f1fa10d smbd: Remove unused "struct connections_key"" removes
also the assignment of information to connections_data, which are needed to list
shares.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14999
Signed-off-by: Jule Anger <janger at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Jule Anger <janger at samba.org>
Autobuild-Date(master): Mon Mar 7 15:27:48 UTC 2022 on sn-devel-184
- - - - -
e16cd031 by Archana at 2022-03-08T11:32:36+00:00
ctdb-packaging: Remove deprecated networking command netstat and replace with "ss" command
Signed-off-by: Archana Chidirala <archana.chidirala.chidirala at ibm.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
7debfe7a by Archana at 2022-03-08T12:30:53+00:00
ctdb-tools: Remove deprecated networking commands and replace with new commands
The changes are made to replace the deprecated network commands
(ifconfig,netstat) with the new commands
(ip addr,ss) respectively
Signed-off-by: Archana Chidirala <archana.chidirala.chidirala at ibm.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Tue Mar 8 12:30:53 UTC 2022 on sn-devel-184
- - - - -
d972f64b by Jeremy Allison at 2022-03-08T22:12:37+00:00
s3: smbd: notify_mid_maps is used by both SMB1 and SMB2.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: David Mulder <dmulder at samba.org>
- - - - -
41393579 by Jeremy Allison at 2022-03-08T22:12:37+00:00
s3: Simple rename 'struct smb_signing_state' -> 'struct smb1_signing_state'
This is only used by the SMB1 signing code, except for one
bool for SMB2 which we will replace next.
Signed-off-by: Jeremy Allison <jra at samba.org>
Signed-off-by: David Mulder <dmulder at samba.org>
- - - - -
b51b055f by Jeremy Allison at 2022-03-08T22:12:37+00:00
s3: smbd: Add 'bool signing_mandatory' to struct smbXsrv_connection.smb2 component.
Not yet used.
Signed-off-by: Jeremy Allison <jra at samba.org>
Signed-off-by: David Mulder <dmulder at samba.org>
- - - - -
3f9d528f by Jeremy Allison at 2022-03-08T22:12:37+00:00
s3: smbd: Add smb2_srv_init_signing(). Initializes conn->smb2.signing_mandatory.
Not yet used.
Signed-off-by: Jeremy Allison <jra at samba.org>
Signed-off-by: David Mulder <dmulder at samba.org>
- - - - -
1f3f6e20 by Jeremy Allison at 2022-03-08T22:12:37+00:00
s3: smbd: Split srv_init_signing() into 2 static functions smb1_srv_init_signing() and smb2_srv_init_signing().
Correctly initialize and look at xconn->smb2.signing_mandatory
for the SMB2 signing state (this gets set correctly for the AD-DC
case etc. inside smb2_srv_init_signing()).
Signed-off-by: Jeremy Allison <jra at samba.org>
Signed-off-by: David Mulder <dmulder at samba.org>
- - - - -
b879d475 by Jeremy Allison at 2022-03-08T22:12:37+00:00
s3: smbd: Look at the correct signing state for the debug messages in make_connection_snum().
The rest of the changes should now be just renaming
the SMB1 signing functions to make it clear they are
SMB1 specific.
Signed-off-by: Jeremy Allison <jra at samba.org>
Signed-off-by: David Mulder <dmulder at samba.org>
- - - - -
aee7bfa0 by Jeremy Allison at 2022-03-08T22:12:37+00:00
s3: libcli: Rename static smb_signing_reset_info() -> smb1_signing_reset_info()
Signed-off-by: Jeremy Allison <jra at samba.org>
Signed-off-by: David Mulder <dmulder at samba.org>
- - - - -
cba8ba32 by Jeremy Allison at 2022-03-08T22:12:37+00:00
s3: libcli: Rename smb_signing_init_ex() -> smb1_signing_init_ex()
Signed-off-by: Jeremy Allison <jra at samba.org>
Signed-off-by: David Mulder <dmulder at samba.org>
- - - - -
6ae33a62 by Jeremy Allison at 2022-03-08T22:12:37+00:00
s3: libcli: Rename smb_signing_init() -> smb1_signing_init()
Signed-off-by: Jeremy Allison <jra at samba.org>
Signed-off-by: David Mulder <dmulder at samba.org>
- - - - -
7e82ac3a by Jeremy Allison at 2022-03-08T22:12:37+00:00
s3: libcli: Rename smb_signing_good() -> smb1_signing_good()
Fix the debugs that also used this name.
Signed-off-by: Jeremy Allison <jra at samba.org>
Signed-off-by: David Mulder <dmulder at samba.org>
- - - - -
00d8b05d by Jeremy Allison at 2022-03-08T22:12:37+00:00
s3: libcli: Rename smb_signing_md5() -> smb1_signing_md5()
Fix the debug that also used this name.
Signed-off-by: Jeremy Allison <jra at samba.org>
Signed-off-by: David Mulder <dmulder at samba.org>
- - - - -
e563725a by Jeremy Allison at 2022-03-08T22:12:37+00:00
s3: libcli: Rename smb_signing_next_seqnum() -> smb1_signing_next_seqnum()
Signed-off-by: Jeremy Allison <jra at samba.org>
Signed-off-by: David Mulder <dmulder at samba.org>
- - - - -
fd932558 by Jeremy Allison at 2022-03-08T22:12:37+00:00
s3: libcli: Rename smb_signing_cancel_reply() -> smb1_signing_cancel_reply()
Signed-off-by: Jeremy Allison <jra at samba.org>
Signed-off-by: David Mulder <dmulder at samba.org>
- - - - -
6a68caff by Jeremy Allison at 2022-03-08T22:12:37+00:00
s3: libcli: Rename smb_signing_sign_pdu() -> smb1_signing_sign_pdu()
Fix the debugs that also used this name.
Signed-off-by: Jeremy Allison <jra at samba.org>
Signed-off-by: David Mulder <dmulder at samba.org>
- - - - -
84a498fe by Jeremy Allison at 2022-03-08T22:12:37+00:00
s3: libcli: Rename smb_signing_check_pdu() -> smb1_signing_check_pdu()
Fix the debugs that also used this name.
Signed-off-by: Jeremy Allison <jra at samba.org>
Signed-off-by: David Mulder <dmulder at samba.org>
- - - - -
8dd252ad by Jeremy Allison at 2022-03-08T22:12:37+00:00
s3: libcli: Rename smb_signing_activate() -> smb1_signing_activate()
Fix the debugs that also used this name.
Signed-off-by: Jeremy Allison <jra at samba.org>
Signed-off-by: David Mulder <dmulder at samba.org>
- - - - -
0c8bc1bf by Jeremy Allison at 2022-03-08T22:12:37+00:00
s3: libcli: Rename smb_signing_is_active() -> smb1_signing_is_active()
Signed-off-by: Jeremy Allison <jra at samba.org>
Signed-off-by: David Mulder <dmulder at samba.org>
- - - - -
2fd29169 by Jeremy Allison at 2022-03-08T22:12:37+00:00
s3: libcli: Remove unused smb_signing_is_allowed()
Signed-off-by: Jeremy Allison <jra at samba.org>
Signed-off-by: David Mulder <dmulder at samba.org>
- - - - -
e42fc9bc by Jeremy Allison at 2022-03-08T22:12:37+00:00
s3: libcli: Rename smb_signing_is_desired() -> smb1_signing_is_desired()
Signed-off-by: Jeremy Allison <jra at samba.org>
Signed-off-by: David Mulder <dmulder at samba.org>
- - - - -
79633b42 by Jeremy Allison at 2022-03-08T22:12:37+00:00
s3: libcli: Rename smb_signing_is_mandatory() -> smb1_signing_is_mandatory()
Signed-off-by: Jeremy Allison <jra at samba.org>
Signed-off-by: David Mulder <dmulder at samba.org>
- - - - -
7a385775 by Jeremy Allison at 2022-03-08T22:12:37+00:00
s3: libcli: Rename smb_signing_set_negotiated() -> smb1_signing_set_negotiated()
Signed-off-by: Jeremy Allison <jra at samba.org>
Signed-off-by: David Mulder <dmulder at samba.org>
- - - - -
0b391fc1 by Jeremy Allison at 2022-03-08T22:12:37+00:00
s3: libcli: Rename smb_signing_is_negotiated() -> smb1_signing_is_negotiated()
Signed-off-by: Jeremy Allison <jra at samba.org>
Signed-off-by: David Mulder <dmulder at samba.org>
- - - - -
3e021c37 by Jeremy Allison at 2022-03-08T22:12:37+00:00
s3: libcli: Rename smb_key_derivation() -> smb1_key_derivation()
Signed-off-by: Jeremy Allison <jra at samba.org>
Signed-off-by: David Mulder <dmulder at samba.org>
- - - - -
777fbb37 by Jeremy Allison at 2022-03-08T22:12:37+00:00
s3: smbd: Rename srv_check_sign_mac() -> smb1_srv_check_sign_mac().
Signed-off-by: Jeremy Allison <jra at samba.org>
Signed-off-by: David Mulder <dmulder at samba.org>
- - - - -
fa9c48ae by Jeremy Allison at 2022-03-08T22:12:37+00:00
s3: smbd: Rename srv_calculate_sign_mac() -> smb1_srv_calculate_sign_mac().
Signed-off-by: Jeremy Allison <jra at samba.org>
Signed-off-by: David Mulder <dmulder at samba.org>
- - - - -
ed648848 by Jeremy Allison at 2022-03-08T22:12:37+00:00
s3: smbd: Rename srv_cancel_sign_response() -> smb1_srv_cancel_sign_response().
Signed-off-by: Jeremy Allison <jra at samba.org>
Signed-off-by: David Mulder <dmulder at samba.org>
- - - - -
93eaaccf by Jeremy Allison at 2022-03-08T22:12:37+00:00
s3: smbd: Rename srv_set_signing_negotiated() -> smb1_srv_set_signing_negotiated().
Signed-off-by: Jeremy Allison <jra at samba.org>
Signed-off-by: David Mulder <dmulder at samba.org>
- - - - -
e0ad956c by Jeremy Allison at 2022-03-08T22:12:37+00:00
s3: smbd: Rename srv_is_signing_active() -> smb1_srv_is_signing_active().
Signed-off-by: Jeremy Allison <jra at samba.org>
Signed-off-by: David Mulder <dmulder at samba.org>
- - - - -
b8ce6949 by Jeremy Allison at 2022-03-08T22:12:37+00:00
s3: smbd: Rename srv_is_signing_negotiated() -> smb1_srv_is_signing_negotiated().
Signed-off-by: Jeremy Allison <jra at samba.org>
Signed-off-by: David Mulder <dmulder at samba.org>
- - - - -
239178ae by Jeremy Allison at 2022-03-08T23:05:19+00:00
s3: smbd: Rename srv_set_signing() -> smb1_srv_set_signing()
Signed-off-by: Jeremy Allison <jra at samba.org>
Signed-off-by: David Mulder <dmulder at samba.org>
Autobuild-User(master): David Mulder <dmulder at samba.org>
Autobuild-Date(master): Tue Mar 8 23:05:19 UTC 2022 on sn-devel-184
- - - - -
a30a7626 by Stefan Metzmacher at 2022-03-10T03:16:35+00:00
python:tests: let insta_creds() also copy the bind_dn from the template
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
90754591 by Stefan Metzmacher at 2022-03-10T03:16:35+00:00
dsdb/tests: passwords.py don't need to import BasePasswordTestCase
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5a3214c9 by Stefan Metzmacher at 2022-03-10T03:16:35+00:00
dsdb/tests: let all BasePasswordTestCase tests provide self.host_url[_ldaps]
This will make further changes easier.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
03ba5af3 by Stefan Metzmacher at 2022-03-10T03:16:35+00:00
dsdb/tests: make use of assertLoginFailure helper
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
751ce671 by Stefan Metzmacher at 2022-03-10T03:16:35+00:00
dsdb/tests: introduce assertLoginSuccess
This makes it possible to catch failures with knownfail entries.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0b1fbc9d by Stefan Metzmacher at 2022-03-10T03:16:35+00:00
dsdb/tests: prepare BasePasswordTestCase for simple bind tests
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3625d138 by Stefan Metzmacher at 2022-03-10T03:16:35+00:00
dsdb/tests: add test_login_basics_simple()
This demonstrates that 'old password allowed period' also
applies to LDAP simple binds and not only to GSS-SPNEGO/NTLMSSP binds.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15001
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
012bd9f5 by Stefan Metzmacher at 2022-03-10T03:16:35+00:00
s3:auth: let make_user_info_netlogon_interactive() set USER_INFO_INTERACTIVE_LOGON
This is not really relevant for now, as USER_INFO_INTERACTIVE_LOGON is
not evaluated in the source3/auth stack. But better add it to
be consistent.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15001
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2ad44686 by Stefan Metzmacher at 2022-03-10T03:16:35+00:00
s4:auth_sam: use USER_INFO_INTERACTIVE_LOGON as inducation for an interactive logon
Using != AUTH_PASSWORD_RESPONSE is not the correct indication
due to the local mappings from AUTH_PASSWORD_PLAIN via
AUTH_PASSWORD_HASH to AUTH_PASSWORD_RESPONSE.
It means an LDAP simble bind will now honour
'old password allowed period'.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15001
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
62fb6c1d by Garming Sam at 2022-03-10T03:16:35+00:00
rodc: Add tests for simple BIND alongside NTLMSSP binds
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5c04c013 by Stefan Metzmacher at 2022-03-10T03:16:35+00:00
s3:rpc_client: let rpccli_netlogon_network_logon() fallback to workstation = lp_netbios_name()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14641
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
31db7048 by Stefan Metzmacher at 2022-03-10T03:16:35+00:00
s4:auth: a simple bind uses the DCs name as workstation
I've seen that in LogonSamLogonEx request triggered
by a simple bind with a user of a trusted domain
within the same forest. Note simple binds don't
work with users for another forest/external domain,
as the DsCrackNames call on the bind_dn fails.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14641
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a6fb598d by Stefan Metzmacher at 2022-03-10T03:16:35+00:00
s4:auth: encrypt_user_info() should set password_state instead of mapped_state
user_info->mapped_state has nothing to do with enum auth_password_state,
user_info->password_state is the one that holds the auth_password_state value.
Luckily user_info->password_state was never referenced in the
encrypt_user_info() callers.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9a4ac8ab by Stefan Metzmacher at 2022-03-10T03:16:35+00:00
auth/ntlmssp: don't set mapped_state explicitly in auth_usersupplied_info
We already use talloc_zero() and mapped_state will be removed in the
next commits.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
859c7817 by Stefan Metzmacher at 2022-03-10T03:16:35+00:00
s4:smb_server: don't set mapped_state explicitly in auth_usersupplied_info
We already use talloc_zero() and mapped_state will be removed in the
next commits.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
99efe5f4 by Stefan Metzmacher at 2022-03-10T03:16:35+00:00
s4:dsdb: don't set mapped_state in auth_usersupplied_info for audit logging
mapped_state is completely irrelevant for audit logging and
will also be removed in the next commits.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ca694864 by Stefan Metzmacher at 2022-03-10T03:16:35+00:00
s4:kdc: don't set mapped_state in auth_usersupplied_info for audit logging
mapped_state is completely irrelevant for audit logging and
will also be removed in the next commits.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
52787b9c by Stefan Metzmacher at 2022-03-10T03:16:35+00:00
s4:rpc_server/samr: don't set mapped_state in auth_usersupplied_info for audit logging
mapped_state is completely irrelevant for audit logging and
will also be removed in the next commits.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c7b8c71b by Stefan Metzmacher at 2022-03-10T03:16:35+00:00
s4:auth: check for user_info->mapped.account_name if it needs to be filled
mapped_state is a special hack for authenticate_ldap_simple_bind_send()
in order to avoid some additional work in authsam_check_password_internals().
But that code will be changed in the next commits, so we can simplify
the logic and only check for user_info->mapped.account_name being NULL..
As it's the important factor that user_info->mapped.account_name is
non-NULL down in the auth stack.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a12683bd by Stefan Metzmacher at 2022-03-10T03:16:35+00:00
s4:auth: fix confusing DEBUG message in authsam_want_check()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c56cb12f by Stefan Metzmacher at 2022-03-10T03:16:35+00:00
s3:auth: make_user_info_map() should not set mapped_state
mapped_state is only evaluated in authsam_check_password_internals()
of auth_sam.c in source4, so setting it in the auth3 code
doesn't make any difference. I've proved that with
an SMB_ASSERT() and a full pipeline not triggering it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e1d2c59d by Stefan Metzmacher at 2022-03-10T03:16:35+00:00
nsswitch: let test_wbinfo.sh also test wbinfo -a $USERNAME@$DOMAIN
When winbindd forwards wbinfo -a via netrLogonSamLogon* to a remote
DC work fine for upn names, e.g. administrator at DOMAIN.
But it currently fails locally on a DC against the local sam.
For the RODC only work because it forwards the request to
an RWDC.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15003
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8dfdbe09 by Stefan Metzmacher at 2022-03-10T03:16:35+00:00
winbindd: don't set mapped_state in winbindd_dual_auth_passdb()
mapped_state is a special hack for authenticate_ldap_simple_bind_send()
in order to avoid some additional work in authsam_check_password_internals()
This doesn't apply here. We should also handle wbinfo -a
authentication UPN names, e.g. administrator at DOMAIN,
even if the account belongs to the local sam.
With this change the behavior is consistent also locally on DCs and
also an RODC can handle these requests locally for cached accounts.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15003
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
427125d1 by Stefan Metzmacher at 2022-03-10T03:16:35+00:00
s4:auth: rename user_info->mapped_state to user_info->cracknames_called
This makes it much clearer what it is used for and
it is a special hack for authenticate_ldap_simple_bind_send()
in order to avoid some additional work in
authsam_check_password_internals().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
24b580ca by Stefan Metzmacher at 2022-03-10T03:16:35+00:00
auth: let auth logging prefer user_info->orig_client.{account,domain}_name if available
The optional user_info->orig_client.{account,domain}_name are
the once really used by the client and should be used in
audit logging. But we still fallback to
user_info->client.{account,domain}_name.
This will be important for the next commit.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
40f2070d by Stefan Metzmacher at 2022-03-10T04:10:54+00:00
s4:auth: let authenticate_ldap_simple_bind() pass down the mapped nt4names
authenticate_ldap_simple_bind*() needs to pass the
result of the cracknames operation into the auth stack
as user_info->client.{account,domain}_name, because
user_info->client.{account,domain}_name is also used
when forwarding the request via netrLogonSamLogon*
to a remote server, for exactly that the values are
also used in order to map a AUTH_PASSWORD_PLAIN into
AUTH_PASSWORD_RESPONSE, where the NTLMv2 response
contains the account and domain names passed in the
netr_IdentityInfo value.
Otherwise it would not be possible to forward the
LDAP simple bind authentication request to a remote
DC.
Currently this only applies to an RODC that forwards
the request to an RWDC.
But note that LDAP simple binds (as on Windows) only
work for users in the DCs forest, as the DsCrackNames
need to work and it can't work for users of remote
forests. I tested that in a DC of a forest root domain,
if rejected the LDAP simple bind against a different forest,
but allowed it for a users of a child domain in the
same forest. The NTLMSSP bind worked in both cases.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu Mar 10 04:10:54 UTC 2022 on sn-devel-184
- - - - -
4f4c40bc by Jeremy Allison at 2022-03-10T16:54:32+00:00
s3: smbd: Rename smbd_server_connection_read_handler() smbd_smb1_server_connection_read_handler()
Matches the name for the SMB2 connection read handler we're about to use.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: David Mulder <dmulder at samba.org>
- - - - -
5c180649 by Jeremy Allison at 2022-03-10T16:54:32+00:00
s3: smbd: Add SMB2-only smbd_smb2_server_connection_read_handler().
Restricts negotiation to SMB2-only. This will make it easier
to remove the SMB1-only parts of the server later.
The only allowed pre-SMB2 requests are a NBSSrequest
(to set the client NetBIOS name) and a 'normal' NBSSmessage
containing an SMB1 negprot. This allows smbd_smb2_server_connection_read_handler()
to work with older clients that use an initial SMB1negprot to
bootstrap into SMB2.
Eventually all other parts of the SMB1 server will
be removed.
Not yet used.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: David Mulder <dmulder at samba.org>
- - - - -
db94eefd by Jeremy Allison at 2022-03-10T17:53:26+00:00
s3: smbd: Plumb in and use smbd_smb2_server_connection_read_handler() when server min protocol > NT1 (i.e. SMB2-only).
This will allow us to remove the SMB1 server specific code
when we disable SMB1, and still retain the ability to negotiate
up from SMB1 -> SMB2 for old clients.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: David Mulder <dmulder at samba.org>
Autobuild-User(master): David Mulder <dmulder at samba.org>
Autobuild-Date(master): Thu Mar 10 17:53:26 UTC 2022 on sn-devel-184
- - - - -
c51f9ab2 by Volker Lendecke at 2022-03-10T18:23:35+00:00
vfs: Don't mask shadow_copy2_convert()'s errno
If it's really ENOMEM, shadow_copy2_convert() did set this itself. It
might also return ENOENT for example. Found this while working on
other patches.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
812cb602 by Volker Lendecke at 2022-03-10T18:23:35+00:00
vfs: Add SMB_VFS_FSTATAT
Useful if you want to stat/fstat/lstat relative to a directory without
doing chdir first.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
854e8091 by Volker Lendecke at 2022-03-10T18:23:36+00:00
vfs: Convert get_real_filename() to NTSTATUS
This makes it possible to more easily handle STOPPED_ON_SYMLINK vs
OBJECT_PATH_NOT_FOUND vs OBJECT_NAME_NOT_FOUND and so on. The next
patch needs this to properly handle symlinks.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
688604a4 by Volker Lendecke at 2022-03-10T19:19:06+00:00
smbd: Simplify non_widelink_open()
Don't depend on fsp->fsp_flags.is_directory: We can always take the
parent directory fname, chdir into it and openat(O_PATH|O_NOFOLLOW)
the relative file name. To properly handle the symlink case without
having O_PATH, upon failure we need the call to
fstatat(AT_SYMLINK_NOFOLLOW) as a replacement for the fstat-call that
we can do when we successfully opened the relative file name with
O_NOFOLLOW.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Mar 10 19:19:06 UTC 2022 on sn-devel-184
- - - - -
b7bc1f6d by Andrew Bartlett at 2022-03-11T11:05:55+00:00
s4-kdc: Fix memory leak in FAST cookie handling
The call to sdb_free_entry() was forgotten.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15000
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Fri Mar 11 11:05:55 UTC 2022 on sn-devel-184
- - - - -
67bdc922 by Stefan Metzmacher at 2022-03-11T17:10:29+00:00
third_party/heimdal: import lorikeet-heimdal-202203101709 (commit 47863866da25cc21d292ce335a976b8b33fa1864)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15002
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15005
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
12b62308 by Stefan Metzmacher at 2022-03-11T17:10:29+00:00
docs-xml: add 'kdc enable fast' option
This will be useful to test against a KDC without FAST support
and find/prevent regressions.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15002
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15005
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
2db7589d by Stefan Metzmacher at 2022-03-11T17:10:29+00:00
s4:kdc: make use of the 'kdc enable fast' option
This will useful to test against a KDC without FAST support
and find/prevent regressions.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15002
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15005
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
f1a71e24 by Stefan Metzmacher at 2022-03-11T17:10:29+00:00
selftest: use 'kdc enable fast = no' for fl2000 fl2003
This makes sure we still run tests against KDCs without FAST support
and it already found a few regressions.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15002
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15005
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
9b48e7f7 by Stefan Metzmacher at 2022-03-11T18:06:47+00:00
third_party/heimdal: import lorikeet-heimdal-202203101710 (commit df8d801544144949931cd742169be1207b239c3d)
This fixes the regressions against KDCs without FAST support.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15002
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15005
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Fri Mar 11 18:06:47 UTC 2022 on sn-devel-184
- - - - -
0c05ea15 by Volker Lendecke at 2022-03-11T18:22:28+00:00
smbd: Avoid some casts
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
ed9ee7ed by Volker Lendecke at 2022-03-11T18:22:28+00:00
printing: Fix a DBG message
openat_pathref_fsp() returns NTSTATUS, errno might be wrong here
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
1b304efe by Volker Lendecke at 2022-03-11T18:22:28+00:00
vfs: Format a comment
I know, whitespace change, but this was just too ugly :-)
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
7153c2c4 by Volker Lendecke at 2022-03-11T18:22:28+00:00
smbd: Avoid two else statements
We return in the if-clause
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
0dda3040 by Volker Lendecke at 2022-03-11T18:22:28+00:00
smbd: Avoid an else
We continue; in the if clause
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
8cee31c6 by Volker Lendecke at 2022-03-11T18:22:28+00:00
smbd: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
0e4cc565 by Volker Lendecke at 2022-03-11T18:22:28+00:00
smbd: get_acl_group_bits() needs a fsp, not a name
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
469a7ebf by Volker Lendecke at 2022-03-11T18:22:28+00:00
smbd: Simplify dos_mode_check_compressed()
btrfs_fget_compression() is the only real implementation of
VFS_GET_COMPRESSION. It does not use the mem_ctx argument, so it seems
unnecessary to do a full malloc()/free() cycle here. Moreover, if this
was actually required, talloc_stackframe() would be more appropriate
these days as deep within the smbd even loop it does not go through
the libc malloc, but just increments a pointer.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
749c62ed by Volker Lendecke at 2022-03-11T18:22:28+00:00
smbd: Simplify dos_mode_from_name() with ISDOT()/ISDOTDOT()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
0fedcf59 by Volker Lendecke at 2022-03-11T18:22:28+00:00
smbd: Pass dirfsp instead of fname to inherit_new_acl
Move to referencing directories via fsp's instead of names where we
have them around
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
e316f82b by Volker Lendecke at 2022-03-11T18:22:28+00:00
smbd: Pass "dirfsp" and "smb_fname" to reopen_from_fsp()
Lift the conn->cwd_fsp reference one level, we might want to pass in a
real dirfsp in the future.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
93d2defa by Volker Lendecke at 2022-03-11T18:22:28+00:00
smbd: Always use O_NONBLOCK in openat_pathref_fsp()
There's no reason why we would ever want to block on open(O_PATH). The
only cases that to me right now seem relevant is oplock breaks and
FIFOs, which can block forever. Oplock breaks don't happen for
O_PATH (hopefully...) but for the non-O_PATH case we don't want to
block either but we do handle this higher up.
We're handling EWOULDBLOCK for the oplock case correctly in
open_file_ntcreate() by setting up polling. So far we haven't done
this for the implicit openat_pathref_fsp() from filename_convert()
yet. But as our kernel oplock implementation lacks in functionality
big time anyway I would rather fail an open with NETWORK_BUSY than to
sit waiting for an oplock break for 30 seconds.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
4e70b754 by Volker Lendecke at 2022-03-11T18:22:28+00:00
smbd: Mark fsp as directory after calling fstat()
Everything else is racy, and this is cheap to check.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
2bbdaca8 by Volker Lendecke at 2022-03-11T18:22:28+00:00
smbd: No need to set O_DIRECTORY in openat_pathref_fsp()
If I read Linux' man 2 open right (and susv4 agrees), O_DIRECTORY is
around to make sure opendir() is not raced against non-directory
files. opendir() needs to make sure the underlying object is actually
a directory. O_DIRECTORY is not required for opening directories in
RDONLY mode, regardless of having O_PATH or not.
At this point in openat_pathref_fsp() we don't care about the type of
the underlying object, we do fstat() and distinguish between files and
directories later according to the mode returned from fstat().
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
e7b93310 by Volker Lendecke at 2022-03-11T18:22:28+00:00
smbd: Don't require a valid stat for openat_pathref_fsp()
With the simplifications in non_widelink_open() (don't depend on the
is_directory fsp flag) the main reason for requiring a valid stat
struct in openat_pathref_fsp() is gone. With this change
openat_pathref_fsp() is now capable of being the very first (and
authoritative) name-referencing operation with openat(O_PATH) for a
name.
Without having the stat information around before calling
openat_pathref_fsp(), the call to check_same_dev_ino() becomes
obsolete here.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
de439cd0 by Volker Lendecke at 2022-03-11T18:22:28+00:00
smbd: Return ISLNK from non_widelink_open() in smb_fname
Soon we want to not require stat() calls before entering
openat_pathref_fsp() anymore but rely on the fstat on the O_PATH file
handle (alternatively the call to fstatat(AT_SYMLINK_NOFOLLOW)) done
properly from within fd_openat(). The callers of non_widelink_open()
expect the stat information to be correct in "smb_fname". Copy it in
case of not opening a symlink in the posix case.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
d8e966da by Volker Lendecke at 2022-03-11T19:19:21+00:00
smbd: Remove a few vfs_stat() calls
openat_pathref_fsp() does not need them anymore
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Fri Mar 11 19:19:21 UTC 2022 on sn-devel-184
- - - - -
d2ac90cd by Andreas Schneider at 2022-03-16T13:28:30+00:00
testprogs: Add test that local krb5.conf has been created
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
567b1996 by Andreas Schneider at 2022-03-16T13:28:30+00:00
s3:libads: Remove trailing spaces in kerberos.c
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
313f03c7 by Andreas Schneider at 2022-03-16T13:28:30+00:00
s3:libads: Leave early on error in get_kdc_ip_string()
This avoids useless allocations.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
7f721dc2 by Andreas Schneider at 2022-03-16T13:28:30+00:00
s3:libads: Improve debug messages for get_kdc_ip_string()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
81203283 by Andreas Schneider at 2022-03-16T13:28:30+00:00
s3:libads: Use talloc_asprintf_append() in get_kdc_ip_string()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
652c8ce1 by Andreas Schneider at 2022-03-16T13:28:30+00:00
s3:libads: Allocate all memory on the talloc stackframe
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
cca189d0 by Andreas Schneider at 2022-03-16T13:28:30+00:00
s3:libads: Remove obsolete free's of kdc_str
This is allocated on the stackframe now!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
12c843ad by Andreas Schneider at 2022-03-16T13:28:30+00:00
s3:libads: Check print_canonical_sockaddr_with_port() for NULL in get_kdc_ip_string()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
68d181ee by Andreas Schneider at 2022-03-16T14:26:36+00:00
s3:libads: Fix creating local krb5.conf
We create an KDC ip string entry directly at the beginning, use it if we
don't have any additional DCs.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
Autobuild-User(master): Günther Deschner <gd at samba.org>
Autobuild-Date(master): Wed Mar 16 14:26:36 UTC 2022 on sn-devel-184
- - - - -
fb13c7c9 by Archana at 2022-03-16T18:51:37+00:00
vfs: Getting exact attribute value during gpfs_stat_x calls
To properly update the filesize on all cluster nodes simultaneously
Signed-off-by: Archana Chidirala <archana.chidirala.chidirala at ibm.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
70b9977a by Elia Geretto at 2022-03-16T19:44:18+00:00
s3:libsmb: Fix errno for failed authentication in SMBC_server_internal()
In SMBC_server_internal(), when authentication fails, the errno value is
currently hard-coded to EPERM, while it should be EACCES instead. Use the
NT_STATUS map to set the appropriate value.
This bug was found because it breaks listing printers protected by
authentication in GNOME Control Panel.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14983
Signed-off-by: Elia Geretto <elia.f.geretto at gmail.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Mar 16 19:44:18 UTC 2022 on sn-devel-184
- - - - -
b01388da by Joseph Sutton at 2022-03-17T00:41:33+00:00
s4-kdc: Handle previously unhandled auth event types
Cases to handle KDC_AUTH_EVENT_VALIDATED_LONG_TERM_KEY and
KDC_AUTH_EVENT_PREAUTH_SUCCEEDED were removed in:
commit 791be84c3eecb95e03611458e2305bae272ba267
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Mar 2 10:10:08 2022 +1300
s4:kdc: hdb_samba4_audit() is only called once per request
Normally these auth event types are overwritten with the
KDC_AUTH_EVENT_CLIENT_AUTHORIZED event type, but if a client passes the
pre-authentication check, and happens to fail the client access check
(e.g. because the account is disabled), we get error messages of the
form:
hdb_samba4_audit: Unhandled hdb_auth_status=9 => INTERNAL_ERROR
To avoid such errors, use the error code provided in the request
structure to obtain a relevant status code in cases not handled
explicitly.
For unexpected values we return KRB5KRB_ERR_GENERIC
in order to hopefully prevent success. And within make test
we panic in order let a ci run fail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15015
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5294dc80 by Stefan Metzmacher at 2022-03-17T00:41:33+00:00
s4:kdc: tunnel the check_client_access status to hdb_samba4_audit()
Otherwise useful information gets lost while converting
from NTSTATUS to krb5_error and back to NTSTATUS again.
E.g. NT_STATUS_ACCOUNT_DISABLED would be audited as
NT_STATUS_ACCOUNT_LOCKED_OUT.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15015
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
18dbdf6a by Andreas Schneider at 2022-03-17T00:41:33+00:00
python:tests: Fix type error in raw_testcase.py
This fixes a lot of tests with Python 3.8. Stacktrace example:
File "python/samba/tests/krb5/as_req_tests.py", line 249, in test_as_req_enc_timestamp_rc4_dummy
self._run_as_req_enc_timestamp(
File "python/samba/tests/krb5/as_req_tests.py", line 129, in _run_as_req_enc_timestamp
as_rep, kdc_exchange_dict = self._test_as_exchange(
File "python/samba/tests/krb5/raw_testcase.py", line 3982, in _test_as_exchange
rep = self._generic_kdc_exchange(kdc_exchange_dict,
File "python/samba/tests/krb5/raw_testcase.py", line 2029, in _generic_kdc_exchange
return check_rep_fn(kdc_exchange_dict, callback_dict, rep)
File "python/samba/tests/krb5/raw_testcase.py", line 2328, in generic_check_kdc_rep
self.check_reply_padata(kdc_exchange_dict,
File "python/samba/tests/krb5/raw_testcase.py", line 2998, in check_reply_padata
got_patypes = tuple(pa['padata-type'] for pa in rep_padata)
TypeError: 'NoneType' object is not iterable
This adds additional checks for rep_padata.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
94e9b338 by Andreas Schneider at 2022-03-17T00:41:33+00:00
s4:kdc: Fix return code in mit_samba_update_pac()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
70b4660c by Andreas Schneider at 2022-03-17T00:41:33+00:00
s4:kdc: Make sure ret is set if we goto bad_option
The ret variable is just used to set the error message for logging.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
27dd3d9f by Andreas Schneider at 2022-03-17T00:41:33+00:00
s4:kdc: Fix comparison in samba_kdc_check_s4u2proxy()
CID 1502873: Control flow issues (NO_EFFECT)
>>> This greater-than-or-equal-to-zero comparison of an unsigned value is always
true. "el->num_values >= 0U".
This is probably just a paranoia check as num_values should be set to at least
1 if the we have an LDAP entry.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
1f24724b by Andreas Schneider at 2022-03-17T00:41:33+00:00
auth: Add required headers to auth_sam_reply.h
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
a84cabf4 by Andreas Schneider at 2022-03-17T00:41:33+00:00
lib:krb5_wrap: Implement smb_krb5_principal_is_tgs()
This will be used later and allows to remove static implementations.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
95cdbe17 by Andreas Schneider at 2022-03-17T00:41:34+00:00
s4:kdc: Cleanup include files in pac-glue.c
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
27554581 by Andreas Schneider at 2022-03-17T00:41:34+00:00
s4:kdc: Make pac parameter of samba_client_requested_pac() const
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
0828cbd4 by Andreas Schneider at 2022-03-17T00:41:34+00:00
s4:kdc: Implement common samba_kdc_update_pac()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
b59c55e0 by Andreas Schneider at 2022-03-17T00:41:34+00:00
s4:kdc: Use samba_kdc_update_pac() in mit_samba_reget_pac()
This is for MIT Kerberos <= 1.19
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
c78f5b72 by Andreas Schneider at 2022-03-17T00:41:34+00:00
s4:kdc: Use samba_kdc_update_pac() in mit_samba_update_pac()
This is for MIT Kerberos >= 1.20.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
2380c7ea by Andreas Schneider at 2022-03-17T00:41:34+00:00
s4:kdc: Remove ks_is_tgs_principal()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
1a28d97f by Andreas Schneider at 2022-03-17T00:41:34+00:00
s4:kdc: Remove trailing whitespace in wdc-samba4.c
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
c4ecb667 by Andreas Schneider at 2022-03-17T00:41:34+00:00
s4:kdc: Use samba_kdc_update_pac() in Heimdal DB plugin
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
2a8ae72b by Joseph Sutton at 2022-03-17T00:41:34+00:00
samba-tool: Fix typo
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
591db0cc by Joseph Sutton at 2022-03-17T00:41:34+00:00
dsdb audit tests: Fix flapping test
Use gettimeofday() to obtain the current time for comparison, to be
consistent with audit_logging.c. On Linux, time() may occasionally
return a smaller value than gettimeofday(), despite being called later.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
95abdbcb by Joseph Sutton at 2022-03-17T00:41:34+00:00
dsdb audit tests: Use assert_in_range() for comparing timestamps
This can make the code clearer. assert_in_range() takes only integer
parameters, but POSIX allows us to assume that time_t is an integer.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
52afaa0c by Joseph Sutton at 2022-03-17T00:41:34+00:00
s4:policy: Fix ACE type comparison
SEC_ACE_TYPE_ values are not flags, so this comparison does not behave
as intended. Modify the check to more closely match the comment.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
27dd0afb by Joseph Sutton at 2022-03-17T00:41:34+00:00
python/ntacls.py: Fix ACE type comparison
SEC_ACE_TYPE_ values are not flags, so this comparison does not behave
as intended. Modify the check to more closely match the one in
gp_create_gpt_security_descriptor().
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
005866b1 by Joseph Sutton at 2022-03-17T00:41:34+00:00
s4-smbtorture: Fix typo in assertion message
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
def505e6 by Joseph Sutton at 2022-03-17T01:36:59+00:00
wafsamba: Fix call to sorted()
In Python 3, sorted() does not take a 'cmp' parameter, so we need to use
the 'key' parameter instead.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu Mar 17 01:36:59 UTC 2022 on sn-devel-184
- - - - -
5b41c871 by Andrew Bartlett at 2022-03-17T01:57:38+00:00
selftest: Use more torture_assert_goto() et al in rpc.samlogon test
This testsuite can otherwise fail with an error, which cannot be covered with
a knownfail.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
28fc8df7 by Andrew Bartlett at 2022-03-17T01:57:38+00:00
selftest: Allow samba.tests.ntlm_auth to fail rather than error checking --diagnostics
This allows a knownfail entry to be written for this test.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
5e9cb0ad by Andrew Bartlett at 2022-03-17T01:57:38+00:00
selftest: Remove duplicate run of rpc.samr tests against ad_dc as "samba3"
Running these tests twice is a waste (sorry, thas was my choice when
merging s3 and s4 to just run all the tests against the AD DC) and
more importantly means that tests are run in "samba3" mode against
the AD DC, making it difficult to change the tests to expect a different
behaivour against the AD DC compared to the NT4 DC.
To assure that we have not lost tests, I ran:
grep command st/subunit | grep ad_dc| cut -f 2 -d\" | cut -f 2- -d. | sort | uniq -c
The output is:
--- /tmp/2 2022-02-11 21:00:54.033610748 +1300
+++ /tmp/now 2022-02-11 21:01:13.849823721 +1300
@@ -1,32 +1,21 @@
- 2 rpc.samr.
- 2 rpc.samr.handletype.
2 rpc.samr.handletype with .
2 rpc.samr.handletype with bigendian.
2 rpc.samr.handletype with validate.
- 2 rpc.samr.large-dc.
2 rpc.samr.large-dc on ncacn_np with .
- 2 rpc.samr.machine.auth.
2 rpc.samr.machine.auth with .
2 rpc.samr.machine.auth with bigendian.
2 rpc.samr.machine.auth with validate.
2 rpc.samr on ncacn_np with .
- 2 rpc.samr.passwords.
- 2 rpc.samr.passwords.badpwdcount.
2 rpc.samr.passwords.badpwdcount on ncacn_np with .
2 rpc.samr.passwords.lockout on ncacn_np with .
2 rpc.samr.passwords on ncacn_np with .
- 2 rpc.samr.passwords.pwdlastset.
2 rpc.samr.passwords.pwdlastset on ncacn_np with .
2 rpc.samr.passwords.validate on ncacn_ip_tcp with bigendian.
2 rpc.samr.passwords.validate on ncacn_ip_tcp with seal,padcheck.
2 rpc.samr.passwords.validate on ncacn_ip_tcp with validate.
- 2 rpc.samr.passwords.validate over ncacn_ip_tcp .
- 2 rpc.samr.priv.
2 rpc.samr.priv with .
2 rpc.samr.priv with bigendian.
2 rpc.samr.priv with validate.
- 2 rpc.samr.users.
2 rpc.samr.users on ncacn_np with .
- 2 rpc.samr.users.privileges.
2 rpc.samr.users.privileges on ncacn_np with .
4 tests.dcerpc.samr_change_password.
It is clear that the tests are all still being run at least once against the AD DC.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
4e21be7e by Andrew Bartlett at 2022-03-17T01:57:38+00:00
selftest: Remove duplicate run of rpc.lsa tests against ad_dc as "samba3"
Running these tests twice is a waste (sorry, thas was my choice when
merging s3 and s4 to just run all the tests against the AD DC) and
more importantly means that tests are run in "samba3" mode against
the AD DC, making it difficult to change the tests to expect a different
behaivour against the AD DC compared to the NT4 DC.
To assure that we have not lost tests, I ran:
grep command st/subunit | grep ad_dc| cut -f 2 -d\" | cut -f 2- -d. | sort | uniq -c
The two blocks (for rpc.lsa and rpc.lsa.*) are because the rpc.lsa.*
subtests were not previously run under ncacn_ip_tcp: and this is the
minimal change.
The output is:
--- /tmp/3 2022-02-12 14:01:50.435761067 +1300
+++ /tmp/now 2022-02-12 14:01:37.427595351 +1300
@@ -13,9 +13,8 @@
2 rpc.lsa-getuser on ncalrpc with validate.
2 rpc.lsa-getuser with bigendian.
2 rpc.lsa-getuser with seal,padcheck.
2 rpc.lsa-getuser with validate.
- 2 rpc.lsa.lookupnames.
2 rpc.lsa.lookupnames with .
2 rpc.lsa.lookupnames with bigendian.
2 rpc.lsa.lookupnames with validate.
2 rpc.lsalookup on ncacn_ip_tcp with bigendian.
@@ -26,9 +25,8 @@
2 rpc.lsalookup on ncacn_np with validate.
2 rpc.lsalookup on ncalrpc with bigendian.
2 rpc.lsalookup on ncalrpc with seal,padcheck.
2 rpc.lsalookup on ncalrpc with validate.
- 2 rpc.lsa.lookupsids.
2 rpc.lsa.lookupsids with .
2 rpc.lsa.lookupsids with bigendian.
2 rpc.lsa.lookupsids with validate.
2 rpc.lsalookup with bigendian.
@@ -42,15 +40,11 @@
2 rpc.lsa on ncacn_np with validate.
2 rpc.lsa on ncalrpc with bigendian.
2 rpc.lsa on ncalrpc with seal,padcheck.
2 rpc.lsa on ncalrpc with validate.
- 2 rpc.lsa over ncacn_ip_tcp .
- 2 rpc.lsa over ncacn_np .
- 2 rpc.lsa.privileges.
2 rpc.lsa.privileges with .
2 rpc.lsa.privileges with bigendian.
2 rpc.lsa.privileges with validate.
- 2 rpc.lsa.secrets.
2 rpc.lsa.secrets on ncacn_np with with -k no --option=clientusespnego=no.
2 rpc.lsa.secrets on ncacn_np with with -k no --option=clientusespnego=no --option=clientntlmv2auth=yes.
2 rpc.lsa.secrets on ncacn_np with with -k no --option=clientusespnego=yes.
2 rpc.lsa.secrets on ncacn_np with with -k no --option=clientusespnego=yes --option=clientntlmv2auth=yes.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
9cec421d by Andrew Bartlett at 2022-03-17T01:57:38+00:00
selftest: run s4member tests less
The s4member test environment is a historical artifact, provisioned like an
AD DC using sam.ldb and joined using the historical S4 join code.
Once running however it is nothing particualr special in winbindd, so
there is no need to run the tests against ad_member and s4member.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
1144adde by Andrew Bartlett at 2022-03-17T01:57:38+00:00
dsdb: No longer supply exact password hashes in a control to indicate password changes
This returns the API for password changes via (eg) kpasswd to the
previous design as at 7eebcebbab8f62935bd1d5460e58b0a8f2cc30e8
where a control but no partiuclar values were specified.
This avoids the issues that were attempted to be addressed between
7eebcebbab8f62935bd1d5460e58b0a8f2cc30e8 and 786c41b0954b541518d1096019e1ce7ca11e5e98
by still keeping the ACL check from 23bd3a74176be4a1f8d6d70b148ababee397cf8c.
The purpose of this change is to move away from the NT hash (unicodePwd) being
the primary password in Samba, to allow installations to operate without this
unsalted hash.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
0a907c2f by Andrew Bartlett at 2022-03-17T01:57:38+00:00
dsdb: Return dsdb_password_change control name to DSDB_CONTROL_PASSWORD_CHANGE_OLD_PW_CHECKED_OID
This makes it clearer that the purpose of this control is to indicate that the password
was already checked (by an out-of-band mechanism, eg kpasswd) and so can safely be changed
subject to ACLs etc.
This essentially reverts bbb9dc806e4399c65dee9b5dc2cde0bfaa9609bd
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
557b1ab5 by Andrew Bartlett at 2022-03-17T01:57:38+00:00
kdc: Remove pre-check for existing NT and LM hash from kpasswd
We no longer use the old NT and LM hash as proof of performing a
password change, and this removes the privileged status of these
attributes.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
338492d3 by Andrew Bartlett at 2022-03-17T01:57:38+00:00
s4-rpc_server: Remove pre-check for existing NT and LM hash from netlogon
We no longer use the old NT and LM hash as proof of performing a
password change, and this removes the privileged status of these
attributes.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
09eaf740 by Andrew Bartlett at 2022-03-17T01:57:38+00:00
s4/dsdb: Remove LM password generation and storage from password_hash
We no longer generate nor store the LM hash in the Samba AD DC.
This adds much to the knownfail, some future commits will trim this
back down by making the tests understand that the server will not
support or store the LM hash.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
2dbc8b98 by Andrew Bartlett at 2022-03-17T01:57:38+00:00
s4-auth: Disable LM authenticaton in the AD DC despite "lanman auth = yes"
LM authentication is very weak and a very bad idea, so has been deprecated since
Samba 4.11.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
6aaa1245 by Andrew Bartlett at 2022-03-17T01:57:38+00:00
s4-auth: Do not supply the LM hash to the AD DC authentication code
This still passes in the value in the LM field for checking
in case it is an NT response or LMv2.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
0f53bfe7 by Andrew Bartlett at 2022-03-17T01:57:38+00:00
s4-rpc_server: Do not use LM hash in password changes
We now only change passwords based on the NT hash.
This means we no longer support samr_OemChangePasswordUser2()
and we do not check the LM verifier din samr_ChangePasswordUser3()
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
f161e3f1 by Andrew Bartlett at 2022-03-17T01:57:38+00:00
dsdb: Remove parsing of LM password hash from "dBCSPwd" attribute
This means Samba will essentially ignore this attribute, not even attempting
to read it from the AD DC sam.ldb
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
45af51fd by Andrew Bartlett at 2022-03-17T01:57:38+00:00
selftest: Cope with LM hash not being stored in the tombstone_reanimation test
The removal of LM hash storage changes the expected metadata.
We do not need to track these values exactly to prove the
behaviour here.
This is not due to the changes in password_hash directly, which in
update_final_msg() sets DSDB_FLAG_INTERNAL_FORCE_META_DATA to force
a push out of the removed attribute to the replication state.
However at the stage of a subsequent LDAP Delete there is no longer
a lmPwdHistory nor dBCSPwd attribute, in the directory, so there is
no subsequent version bump to remove them when building a tombstone.
Samba's behaviour is different to that seen by Metze on windows 2022,
where he sees dBCSPwd removed (for the no LM store case) but
lmPwdHistory kept. We in Samba choose to differ, not storing an
ambiguous LM hsitory (of "" values likely), so allowing any version
for these two attributes is the sensible choice.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
a2fa7f42 by Andrew Bartlett at 2022-03-17T01:57:38+00:00
selftest: Allow RPC-SAMR to cope with OemChangePasswordUser2 being un-implemented
This is important to allow, after other changes, for the Samba AD DC to again
pass rpc.samr after the removal of LM hash support from the DC.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
75c54d54 by Andrew Bartlett at 2022-03-17T01:57:38+00:00
dsdb: Remove LM hash parameter from samdb_set_password() and callers
This fixes the rpc.samr test because we no longer specify an LM hash
to the DSDB layer only to have it rejected by password_hash.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
4234e9b0 by Andrew Bartlett at 2022-03-17T01:57:38+00:00
s3-ntlm_auth: Convert table of tests in --diagnostics to designated initialisers
This makes it easeir to set some as "LM auth".
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
d0b922bd by Andrew Bartlett at 2022-03-17T01:57:38+00:00
ntlm_auth: Adapt --diagnostics mode to expect that the DC does not support LANMAN by default
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
faea2f8a by Andrew Bartlett at 2022-03-17T01:57:38+00:00
selftest: Remove auth_log test for RAP password change
RAP is SMB1, the password change routine requires LM hashes and so everything
here is going away or has now gone, so remove the test.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
ac79ce22 by Andrew Bartlett at 2022-03-17T01:57:38+00:00
torture: Update rpc.samlogon to match Win19 and newer Samba behaviour for LM key
Not all cases are covered, but this much covers the areas that Samba and Win19
will agree on.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
cb691c51 by Andrew Bartlett at 2022-03-17T01:57:38+00:00
torture: Do not expect LM passwords to be accepted except by samba3
This allows Samba as an AD DC (compared with the fileserver/NT4-like DC mode) to match
windows and refuse all LM passwords, no matter what.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
ef1dbcdc by Andrew Bartlett at 2022-03-17T02:47:13+00:00
torture: Allow Samba as an AD DC to use zeros for LM key
This is simple, explainable and secure.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu Mar 17 02:47:13 UTC 2022 on sn-devel-184
- - - - -
c26ee3ba by Joseph Sutton at 2022-03-17T23:11:37+00:00
python:tests: Add tests for SDDL SID strings
We get the server to decode the SDDL by putting the SID strings in the
defaultSecurityDescriptor of a new class and making an object of that
class. We then check that the resulting SID is what we expect.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
d55b717f by Joseph Sutton at 2022-03-17T23:11:37+00:00
python: Use explicit SIDs instead of SDDL abbreviations
This is to prepare for changing the SDDL string values.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
9b913fcb by Joseph Sutton at 2022-03-17T23:11:37+00:00
s4:rpc_server/lsa: Use explicit SID instead of SDDL abbreviation
This is to prepare for the SDDL string being removed.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
e61fa573 by Joseph Sutton at 2022-03-17T23:11:37+00:00
sddl: Fix incorrect SDDL SID strings
Change the values to match those used by Windows.
Verified with PowerShell commands of the form:
New-Object Security.Principal.SecurityIdentifier ER
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
732d17a1 by Joseph Sutton at 2022-03-17T23:11:37+00:00
sddl: Add new SDDL SID strings
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
1137ebc6 by Joseph Sutton at 2022-03-17T23:11:37+00:00
sddl: Remove SDDL SID strings unsupported by Windows
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
80b22a78 by Joseph Sutton at 2022-03-17T23:11:37+00:00
python: Restore SDDL abbreviations for SIDs
This time we use the correct values.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
e7296066 by Joseph Sutton at 2022-03-17T23:11:37+00:00
selftest: Simplify krb5 test environments
It's not necessary to repeat the required environment variables for
every test.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
a9025b68 by Joseph Sutton at 2022-03-17T23:11:37+00:00
tests/krb5: Improve mock RODC creation
Use a unique name for the mock RODC. Don't assign to _rodc_ctx until the
RODC has been created, so we don't try to use a mock RODC that failed to
create.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
c91af5f1 by Joseph Sutton at 2022-03-18T00:11:25+00:00
tests/krb5: Simplify logic
This code can be made part of the previous 'else' branch.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Joseph Sutton <jsutton at samba.org>
Autobuild-Date(master): Fri Mar 18 00:11:25 UTC 2022 on sn-devel-184
- - - - -
26334df7 by Joseph Sutton at 2022-03-18T11:55:30+00:00
s4:kdc: Fix copy-paste typo
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
90e58027 by Joseph Sutton at 2022-03-18T11:55:30+00:00
tests/krb5: Remove accounts in reverse order of addition
This prevents problems if accounts are added as children of other
accounts.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
539cdaa7 by Joseph Sutton at 2022-03-18T11:55:30+00:00
tests/krb5: Add more encryption type constants
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
042137f8 by Joseph Sutton at 2022-03-18T11:55:30+00:00
tests/krb5: Add account to cleanup list before adding it to database
This ensures accounts are still cleaned up if a test fails before adding
it to the cleanup list.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
c80cd8c9 by Joseph Sutton at 2022-03-18T11:55:30+00:00
tests/krb5: Remove unused import
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
ded5115f by Joseph Sutton at 2022-03-18T11:55:30+00:00
tests/krb5: Add helper function to modify ticket flags
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
b308240c by Joseph Sutton at 2022-03-18T11:55:30+00:00
selftest/dbcheck: Fix up msDS-RevealedUsers links with deleted target DN
Replicating test accounts to the RODC and then deleting them caused
stale msDS-RevealedUsers links to remain in the database.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
eba1a9d9 by Joseph Sutton at 2022-03-18T11:55:30+00:00
auth/credentials: Add encrypt_samr_password()
This method encrypts a samr_Password structure with the current session
key, which allows for interactive SamLogon from Python.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
3e0c94a3 by Joseph Sutton at 2022-03-18T11:55:30+00:00
tests/krb5: Add tests for the Protected Users group
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
fd765aaa by Joseph Sutton at 2022-03-18T11:55:30+00:00
tests/password_lockout: Test NTLM and SAMR password changes with Protected Users
Test that NTLM and SAMR password changes cannot be used for Protected
Users, and that lockouts are not triggered for attempting to use them.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
410b8b7e by Joseph Sutton at 2022-03-18T11:55:30+00:00
tests/passwords: Test that LDAP password changes work for Protected Users
We want to disable SAMR password changes for Protected Users, but need
to ensure that other methods of changing the password still work.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
fb0f65b0 by Joseph Sutton at 2022-03-18T11:55:30+00:00
s4:provision_users.ldif: Add Protected Users group
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
3a8670c4 by Joseph Sutton at 2022-03-18T11:55:30+00:00
dsdb/common: Add helper function for determining if account is in Protected Users group
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
831c245a by Stefan Metzmacher at 2022-03-18T11:55:30+00:00
s4:kdc: simplify samba_kdc_message2entry by using data_blob_string_const("computer")
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
233ce6b2 by Joseph Sutton at 2022-03-18T11:55:30+00:00
s4:kdc: Add function to get user_info_dc from database
The resulting user_info_dc is kept in the 'samba_kdc_entry' structure,
so it can be reused between calls.
This allows us to simplify samba_kdc_get_pac_blobs(), as it no longer
need to return a user_info_dc structure.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
402d5f59 by Joseph Sutton at 2022-03-18T11:55:30+00:00
s4:kdc: Add KDC support for Protected Users group
Accounts in the Protected Users group acting as clients lack support for
the RC4 encryption type. TGTs issued to such accounts have a lifetime
restricted to four hours, and are unable to be proxied or forwarded.
To determine at lookup time whether a client account is a member of
Protected Users, we now also create an auth_user_info_dc structure when
creating the database entry for an AS-REQ, rather than only when
creating a PAC for a TGT, or when recreating the PAC from an RODC-issued
TGT.
This means that the user's groups are now expanded even for AS-REQs that
result in an error (such as a PREAUTH_REQUIRED error), but this is
required to be able to correctly determine the account's available
encryption types, which are needed soon after fetching the user account.
Currently, the TGT lifetime may exceed four hours (for Heimdal
specifically). This may happen if PKINIT is used, and either the
pkinit_max_life_from_cert_extension option is TRUE and
pkinit_max_life_bound is greater than four hours, or
pkinit_max_life_from_cert is greater than four hours.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
16a7ce0c by Joseph Sutton at 2022-03-18T11:55:30+00:00
s4:auth: Disable NTLM authentication for Protected Users
We also move the authentication to after checking whether the user is
protected, so that if a user in the Protected Users group tries to
authenticate with a wrong password, the bag password count is not
incremented and the account is not locked out. This does not match
MS-APDS, but matches the behaviour of Windows.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
62cf7a4a by Joseph Sutton at 2022-03-18T11:55:30+00:00
s4:rpc_server/samr: Simplify lp_ctx expression
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
bf509bf7 by Joseph Sutton at 2022-03-18T11:55:30+00:00
tests/sam: Ensure that Protected Users group cannot be deleted
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
4f1b7684 by Joseph Sutton at 2022-03-18T11:55:30+00:00
functionalprep.sh: Add test for samba-tool add group --special
Test that we can add the special Protected Users group, and that we get
an appropriate error message when attempting to add it a second time.
We add these tests here so that we can make use of an old provision that
does not already have the Protected Users group added.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
7b710a05 by Joseph Sutton at 2022-03-18T11:55:30+00:00
samba-tool group: Add --special parameter to add predefined special group
This allows default security groups that have been added since Windows
Server 2008 R2, such as Protected Users, to be created in pre-existing
domains. An error message is generated if a group already exists with
the same name, DN, or SID.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
cf8048cd by Joseph Sutton at 2022-03-18T12:45:17+00:00
s4:rpc_server/samr: Use extended DN when searching for user
Switch to dsdb_search() for looking up the user for changing the
password, and specify that we want extended DNs. Using the SID or GUID
avoids a race condition if the DN of the user changes.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Fri Mar 18 12:45:17 UTC 2022 on sn-devel-184
- - - - -
c88938b3 by Thomas Debesse at 2022-03-21T12:57:33+00:00
WHATSNEW: IRC is irc.libera.chat according to https://www.samba.org/samba/irc.html
Signed-off-by: Thomas Debesse <dev at illwieckz.net>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
59e67dc8 by Andrew Bartlett at 2022-03-21T13:52:06+00:00
WHATSNEW: Mention our matrix room as well
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Jule Anger <janger at samba.org>
Autobuild-Date(master): Mon Mar 21 13:52:06 UTC 2022 on sn-devel-184
- - - - -
5fe341d2 by Jeremy Allison at 2022-03-22T16:49:34+00:00
s3: torture: Add 2 new tests SMB2-DEL-ON-CLOSE-NONWRITE-DELETE-NO, SMB2-DEL-ON-CLOSE-NONWRITE-DELETE-YES.
We currently allow setting the delete on close bit for
a directory containing only explicitly hidden/vetoed files
in the case where "delete veto files = yes" *and*
"delete veto files = no". For the "delete veto files = no"
case we should be denying setting the delete on close bit
when the client tries to set it (that's the only time Windows
looks at the bit and returns an error to the user). We
already do the in the dangling symlink case, we just
missed it in the !is_visible_fsp() case.
Mark SMB2-DEL-ON-CLOSE-NONWRITE-DELETE-NO as knownfail
for now.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15023
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
80503b46 by Jeremy Allison at 2022-03-22T17:48:25+00:00
s3: smbd: Don't allow setting the delete on close bit on a directory if it contains non-visible files and "delete veto files = no"..
Remove knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15023
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Mar 22 17:48:25 UTC 2022 on sn-devel-184
- - - - -
c886d58b by Andreas Schneider at 2022-03-23T11:33:33+00:00
gitlab-ci: Remove unused variable for ubuntu1604
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
0e81b796 by Andreas Schneider at 2022-03-23T11:33:33+00:00
gitlab-ci: Use Ubuntu 20.04 for Coverity
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
4993faea by Andreas Schneider at 2022-03-23T11:33:33+00:00
gitlab-ci: Drop Fedora 34
It should be enough to run on the latest Fedora version. This should save us
some CI minutes. We have CentOS runners and I would prefer to add CentOS9
Stream.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
0b10962d by Andreas Schneider at 2022-03-23T11:33:33+00:00
gitlab-ci: Update to openSUSE 15.3
This drops openSUSE 15.1 and 15.2 to save some CI resources.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
1bde388b by Andreas Schneider at 2022-03-23T11:33:33+00:00
gitlab-ci: Drop Debian 10
It should be enough to build on the latest Debian version. We have older
Ubuntu versions already.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
c0f5af21 by Andrew Bartlett at 2022-03-23T12:31:47+00:00
lib/replace: Do not typedef int bool
We need a genuine boolean type, as otherwise expressions like
bool foo = (4 & 4);
if (foo == true) {
exit(1);
} else {
exit(2);
}
could evaluate differently on non-modern platforms, and
that would be a real pain to debug.
_Bool and bool are in C99
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15028
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Wed Mar 23 12:31:47 UTC 2022 on sn-devel-184
- - - - -
dbde99a0 by Stefan Metzmacher at 2022-03-23T13:27:45+00:00
replace: add explicit function pointer casting from dlsym() to avoid warnings
This avoids a lot of warnings on AIX.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Wed Mar 23 13:27:45 UTC 2022 on sn-devel-184
- - - - -
280e9191 by Volker Lendecke at 2022-03-23T16:57:28+00:00
smbd: Make non_widelink_open() robust for non-cwd dirfsp
If you pass in dirfsp!=conn->cwd_fsp and a stream fsp, we don't chdir
to the parent pathname, and thus we also don't overwrite
fsp->base_fsp.
fsp->base_fsp!=NULL is thus the wrong condition to restore the
original base fsp name: If we open a stream with a non-cwd_fsp dirfsp,
we would overwrite fsp->base_fsp->fsp_name with NULL.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
313d207d by Volker Lendecke at 2022-03-23T16:57:28+00:00
lib: Slightly simplify add_interface()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
3353174d by Volker Lendecke at 2022-03-23T16:57:28+00:00
lib: Add a pair of {}
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
393176e9 by Volker Lendecke at 2022-03-23T16:57:28+00:00
lib: Use talloc_zero, save a ZERO_STRUCT
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
bd692c1f by Volker Lendecke at 2022-03-23T16:57:28+00:00
smbd: Avoid an "else"
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
3505285c by Volker Lendecke at 2022-03-23T16:57:28+00:00
smbd: Fix a misleading comment
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a0c897ba by Volker Lendecke at 2022-03-23T16:57:28+00:00
smbd: Use ISDOT/ISDOTDOT in ReadDirName()
With those macros, we check n[0] twice now, but I think the compiler
should either optimize that out or if it can't this will be in the CPU
cache, so the second check should be practially free. I can't imagine
this makes any difference but the better readability.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
202a8a53 by Volker Lendecke at 2022-03-23T16:57:28+00:00
smbclient: strequal() -> ISDOT/ISDOTDOT
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
80d72b53 by Volker Lendecke at 2022-03-23T17:53:08+00:00
smbd: Make an if-statement in ReadDirName() a bit more readable
Align to make the () structure more obvious
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Mar 23 17:53:09 UTC 2022 on sn-devel-184
- - - - -
ab0946a7 by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: strictly have 2 16-bit parts in krbtgt kvnos
Even if the msDS-KeyVersionNumber of the main krbtgt
account if larger than 65535, we need to have
the 16 upper bits all zero in order to avoid
mixing the keys with an RODC.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14951
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7312bca8 by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: remove unused mkvno from sdb_key
This is not related to the kvno of the key,
the mkvno tells the HDB layer that the keys need to
be decrypted with a master key (with the given [m]kvno).
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ba6fccf4 by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: let sdb_entry_to_hdb_entry() initialize *h at the beginning
This is clearer and make further changes easier.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6152db35 by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: let sdb_entry_ex_to_krb5_db_entry() initialize 'k' at the beginning
This is clearer and make further changes easier.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
829bb366 by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: let sdb_free_entry clear sdb_entry_ex at the end
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
244e1880 by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:libnet: sdb_free_entry() already clears everything
There's no need to know about '.free_entry'.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4f6a34df by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:libnet: ask for SDB_F_ADMIN_DATA in order to create a keytab entry
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ff03d88d by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: remove unused sdb_entry_ex->free_entry()
It seems we need to take a closer look at the
memory hierachy of the sdb_entry related code.
I'll check that during the next commits,
but for now just remove use the unused hook.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
97dbdb48 by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: call krb5_free_keyblock_contents() in free_sdb_key()
This is much clearer than doing it in sdb_free_entry() already.
It also simplifies the next cleanups.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ccd11c2c by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: don't leak salt in free_sdb_key()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a77933f9 by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: let samba_kdc_entry_destructor() call sdb_free_entry()
It's basically the same as free_sdb_entry(), but the next
step will make free_sdb_entry() private.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9bc5aedd by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: make free_sdb_entry() static
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d2f471f9 by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: rename free_sdb_key() as public sdb_key_free() function
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9c7de9a5 by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: split out a sdb_keys_free() helper function
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
732d9cee by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: remove unused samba_kdc_entry->entry_ex
It will only ever point to an sdb_entry_ex
and becomes a stale pointer fast, as
sdb_free_entry() called before any talloc_free()
can happen (with a destructor still set).
Note the talloc parent of samba_kdc_entry
is the samba_kdc_db_context longterm context.
The next commits will fill samba_kdc_entry_destructor
with logic again, but for now remove the unused code.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2323f9d2 by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: let sdb_entry have a typed samba_kdc_entry pointer
Both layers are owned by us so there's no need for an void
pointer.
This simplifies the code a lot and allows further cleanups.
Eventually we can remove sdb_entry_ex and only use sdb_entry,
as Heimdal also removed hdb_entry_ex.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
788ccb8c by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: make the logic between ZERO_STRUCTP(entry_ex) and sdb_free_entry(entry_ex) clearer
samba_kdc_[trust_]message2entry() always starts with
ZERO_STRUCTP(entry_ex) and cleans up on error with
sdb_free_entry(entry_ex), leaving a cleared structure again.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14054
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c2eb5086 by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: let samba_kdc_entry take references to sdb_entry and kdc_entry
kdc_entry can be hdb_entry or krb5_db_entry.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
cd295a89 by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: expose a sdb_entry_to_krb5_db_entry() function
We'll remove sdb_entry_ex soon.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f8d9cdb5 by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: expose sdb_entry_to_hdb_entry() function
We'll remove sdb_entry_ex soon.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c95a0bca by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: expose a sdb_entry_free() function
We'll remove sdb_entry_ex soon.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
28924f35 by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: add a samba_kdc_sort_keys() function using TYPESAFE_QSORT()
This is better than calloc/free each time.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
35508449 by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: only pass sdb_keys to samba_kdc_set_fixed_keys()
This prepares the removal of sdb_entry_ex.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b8c0f406 by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: only pass keys to samba_kdc_set_random_keys()
This prepares the removal of sdb_entry_ex.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c3171a73 by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: remove Primary:Kerberos usage from samba_kdc_message2entry_keys()
Most likely the kerberos libraries don't support DES anymore, so
there's no point in exposing them at all.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
79565856 by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: split out a samba_kdc_fill_user_keys() helper function
This will simplify further changes, e.g. asking for a specific kvno
or returning the password history in order to prevent
badPwdCount updates with passwords in the history.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d5951bbf by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: remove unused principal argument to samba_kdc_trust_message2entry()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4878ea14 by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: only pass sdb_entry to samba_kdc_message2entry_keys()
sdb_entry_ex will be removed as it just contains sdb_entry.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
477ea29e by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: s/entry_ex->entry\./entry->/g in samba_kdc_message2entry()
We should avoid using entry_ex->entry as sdb_entry_ex will be removed.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
049c9060 by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: only ZERO and free sdb_entry in samba_kdc_message2entry()
sdb_entry_ex only contains sdb_entry, so this is still doing
the same, but we want to remove sdb_entry_ex soon.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f81e3b49 by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: s/entry_ex->entry\./entry->/g in samba_kdc_trust_message2entry()
We should avoid using entry_ex->entry as sdb_entry_ex will be removed.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
57829933 by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: only ZERO and free sdb_entry in samba_kdc_trust_message2entry()
sdb_entry_ex only contains sdb_entry, so this is still doing
the same, but we want to remove sdb_entry_ex soon.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d3770c7d by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: only pass sdb_entry to samba_kdc_trust_message2entry()
It no longer needs sdb_entry_ex.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e5eb8c8c by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: only pass sdb_entry to samba_kdc_message2entry()
It no longer needs sdb_entry_ex.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e528c93c by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: samba_kdc_lookup_realm() only needs sdb_entry
sdb_entry_ex will be removed shortly.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b8c738a9 by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: samba_kdc_fetch_client() only needs sdb_entry
sdb_entry_ex will be removed shortly.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e74a8992 by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: samba_kdc_fetch_krbtgt() only needs sdb_entry
sdb_entry_ex will be removed shortly.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ac1cdffe by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: samba_kdc_fetch_server() only needs sdb_entry
sdb_entry_ex will be removed shortly.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
158132c9 by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: samba_kdc_seq() only needs sdb_entry
sdb_entry_ex will be removed shortly.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a71b74b2 by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: hdb_samba4_fetch_fast_cookie() don't need sdb_entry_ex
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
dceae1bb by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: use sdb_entry_to_hdb_entry() directly
We should avoid sdb_entry_ex, as it will be removed soon.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
225c610f by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: remove unused sdb_entry_ex_to_hdb_entry_ex()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f223f215 by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: use sdb_entry_to_krb5_db_entry() directly
We should avoid sdb_entry_ex, as it will be removed soon.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
83b3695b by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: remove unused sdb_entry_ex_to_kdb_entry_ex()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3cba1641 by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: samba_kdc_fetch() only needs sdb_entry
sdb_entry_ex will be removed shortly.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
14487c40 by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: samba_kdc_{first,next}key() only need sdb_entry
sdb_entry_ex will be removed shortly.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
68dfb463 by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:libnet: avoid using sdb_entry_ex and use sdb_entry directly
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
59262192 by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: avoid using sdb_entry_ex in samba_wdc_reget_pac()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
61548c7c by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: avoid using sdb_entry_ex in mit_samba_get_principal()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e7b101e1 by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: avoid using sdb_entry_ex in mit_samba_get_{first,next}key()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
bf9ec0a6 by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: avoid using sdb_entry_ex in netr_samlogon_generic_logon()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f917a20f by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: avoid using sdb_entry_ex in hdb_samba4_fetch_kvno()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
57bf9752 by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: avoid using sdb_entry_ex in hdb_samba4_{first,next}key()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d05f2323 by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: finally remove unused 'struct sdb_entry_ex'
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d062225e by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: pass flags and kvno down to samba_kdc_message2entry_keys()
We need a ways to ask for a specific kvno if SDB_F_KVNO_SPECIFIED
is requested. And also include the old and older keys from
the password history in the next commits.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14054
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5f28a948 by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: add old and older keys to sdb_entry
This is the first step to return the password history
in order to avoid badPwdCount updates for failing
pre-authentication with passwords from the recent history.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14054
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
01e7425f by Stefan Metzmacher at 2022-03-24T09:19:33+00:00
s4:kdc: teach samba_kdc_message2entry_keys() to handle old and older keys too
We return the requested kvno if given, otherwise we include the
old and older keys for CLIENT|FOR_AS_REQ or SDB_F_ADMIN_DATA lookups.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14054
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2d9fd385 by Andrew Bartlett at 2022-03-24T09:19:33+00:00
s4:kdc: Pass supported enctypes to samba_kdc_set_fixed_keys()
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
- - - - -
548169a3 by Andrew Bartlett at 2022-03-24T09:19:33+00:00
s4:kdc: Pass supported enctypes to samba_kdc_set_random_keys()
We should not supprise the callers by returning more keys than we asked to
filter by and avoids duplicating the protected_users logic within
samba_kdc_set_fixed_keys().
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
- - - - -
2684856a by Andrew Bartlett at 2022-03-24T09:19:33+00:00
s4:kdc: Add const to "msg" parameter in samba_kdc_message2entry_keys()
This will help with a future caller.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
2340a9a4 by Andrew Bartlett at 2022-03-24T09:19:33+00:00
s4:kdc: Pull auth_sam_trigger_repl_secret() up one layer to samba_kdc_message2entry()
This avoids making a call out in samba_kdc_message2entry_keys() and allows
for potential reuse of the key parsing code.
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
- - - - -
29eb7e24 by Andrew Bartlett at 2022-03-24T09:19:33+00:00
s4:kdc: Move supported enc-type handling out of samba_kdc_message2entry_keys()
By putting this in the caller we potentially allow samba_kdc_message2entry_keys()
to be reused by a non-KDC caller.
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
- - - - -
d1d65d27 by Andrew Bartlett at 2022-03-24T10:17:32+00:00
s4:kdc: Expose samba_kdc_message2entry_keys()
This allows the KDC to share the supplementalCredentials parsing code
with other parts of Samba that could use it.
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Thu Mar 24 10:17:32 UTC 2022 on sn-devel-184
- - - - -
0036617a by Jeremy Allison at 2022-03-24T16:28:37+00:00
s4: torture: Add regression test for re-opening a durable handle after calling SMB2 setinfo (end of file).
This is an implementation of a test written by Apple for their
client. Currently fails to reconnect due to btime being overwritten
incorrectly in the SMB2 setinfo path.
Add knownfail.d/durable-v2-setinfo
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15022
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
9f62a149 by Jeremy Allison at 2022-03-24T16:28:37+00:00
s3: smbd: In set_ea_dos_attribute() cause root fallback code to exit via the same place.
We're going to add another action on success next.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15022
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
2fc0820a by Jeremy Allison at 2022-03-24T16:28:37+00:00
s3: smbd: In set_ea_dos_attribute(), if we've stored btime and set XATTR_DOSINFO_CREATE_TIME successfully, we need to clear ST_EX_IFLAG_CALCULATED_BTIME.
This is no longer a calculated field, every call to fdos_mode() will
set it as non-calculated.
https://bugzilla.samba.org/show_bug.cgi?id=15022
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
d460118b by Jeremy Allison at 2022-03-24T16:28:37+00:00
s3: VFS: vxfs: All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
If doing an SMB_VFS_FSTAT() returning onto the stat struct stored in the fsp,
we must call vfs_stat_fsp() as this preserves the iflags.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15022
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
2b246dbf by Jeremy Allison at 2022-03-24T16:28:37+00:00
s3: smbd: mdssvc: All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
If doing an SMB_VFS_FSTAT() returning onto the stat struct stored in the fsp,
we must call vfs_stat_fsp() as this preserves the iflags.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15022
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
ec2fb9d2 by Jeremy Allison at 2022-03-24T16:28:37+00:00
s3: smbd: open_internal_dirfsp() add missing file_free() in error path.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15022
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
a604dd02 by Jeremy Allison at 2022-03-24T16:28:37+00:00
s3: smbd: open_internal_dirfsp(). All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
If doing an SMB_VFS_FSTAT() returning onto the stat struct stored in the fsp,
we must call vfs_stat_fsp() as this preserves the iflags.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15022
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
18694c81 by Jeremy Allison at 2022-03-24T16:28:37+00:00
s3: smbd: non_widelink_open(). All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
If doing an SMB_VFS_FSTAT() returning onto the stat struct stored in the fsp,
we must call vfs_stat_fsp() as this preserves the iflags.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15022
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
cfadecca by Jeremy Allison at 2022-03-24T16:28:37+00:00
s3: smbd: open_file(). All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
If doing an SMB_VFS_FSTAT() returning onto the stat struct stored in the fsp,
we must call vfs_stat_fsp() as this preserves the iflags.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15022
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
064c5770 by Jeremy Allison at 2022-03-24T16:28:37+00:00
s3: smbd: mkdir_internal(). 1 of 2. All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
If doing an SMB_VFS_FSTAT() returning onto the stat struct stored in the fsp,
we must call vfs_stat_fsp() as this preserves the iflags.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15022
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
7f5c4848 by Jeremy Allison at 2022-03-24T16:28:37+00:00
s3: smbd: mkdir_internal(). 2 of 2. All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
If doing an SMB_VFS_FSTAT() returning onto the stat struct stored in the fsp,
we must call vfs_stat_fsp() as this preserves the iflags.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15022
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
b53a69f4 by Jeremy Allison at 2022-03-24T16:28:37+00:00
s3: smbd: rename_internals_fsp(). All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
If doing an SMB_VFS_FSTAT() returning onto the stat struct stored in the fsp,
we must call vfs_stat_fsp() as this preserves the iflags.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15022
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
8d3812da by Jeremy Allison at 2022-03-24T16:28:37+00:00
s3: smbd: call_trans2qfilepathinfo(). All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
If doing an SMB_VFS_FSTAT() returning onto the stat struct stored in the fsp,
we must call vfs_stat_fsp() as this preserves the iflags.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15022
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
6a25b699 by Jeremy Allison at 2022-03-24T16:28:37+00:00
s3: smbd: call_trans2setfilepathinfo(). All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags..
If doing an SMB_VFS_FSTAT() returning onto the stat struct stored in the fsp,
we must call vfs_stat_fsp() as this preserves the iflags.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15022
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
c4193f11 by Jeremy Allison at 2022-03-24T16:28:37+00:00
s3: pysmbd.c: init_files_struct(). All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
If doing an SMB_VFS_FSTAT() returning onto the stat struct stored in the fsp,
we must call vfs_stat_fsp() as this preserves the iflags.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15022
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
fbc6cdfb by Jeremy Allison at 2022-03-24T16:28:37+00:00
s3: cmd_vfs: cmd_open(). All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
If doing an SMB_VFS_FSTAT() returning onto the stat struct stored in the fsp,
we must call vfs_stat_fsp() as this preserves the iflags.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15022
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
23d5c909 by Jeremy Allison at 2022-03-24T16:28:37+00:00
s3: cmd_vfs: cmd_set_nt_acl(). All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
If doing an SMB_VFS_FSTAT() returning onto the stat struct stored in the fsp,
we must call vfs_stat_fsp() as this preserves the iflags.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15022
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
7fb2038f by Jeremy Allison at 2022-03-24T16:28:37+00:00
s3: smbd: smbd_smb2_getinfo_send(). All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
If doing an SMB_VFS_FSTAT() returning onto the stat struct stored in the fsp,
we must call vfs_stat_fsp() as this preserves the iflags.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15022
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
c4f9c372 by Jeremy Allison at 2022-03-24T17:21:29+00:00
s3: smbd: smbd_smb2_setinfo_send(). All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
If doing an SMB_VFS_FSTAT() returning onto the stat struct stored in the fsp,
we must call vfs_stat_fsp() as this preserves the iflags.
This is the last SMB_VFS_FSTAT that uses fsp->fsp_name->st, so
remove knownfail.d/durable-v2-setinfo
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15022
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Mar 24 17:21:29 UTC 2022 on sn-devel-184
- - - - -
c788ed7b by David Mulder at 2022-03-24T23:40:47+00:00
samba-gpupdate: Implement enhanced logging
This ports the enhanced logging capabilities from
AltLinux gpupdate. It generates log messages such
as:
2022-03-02 11:28:54.872|[E40104]| Failed to set interfaces for zone | {'val': 'work'}
2022-03-02 11:28:55.017|[E40104]| Failed to set interfaces for zone | {'val': 'home'}
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Mar 24 23:40:47 UTC 2022 on sn-devel-184
- - - - -
00ea6549 by Samuel Cabrero at 2022-03-25T17:03:29+00:00
s3:winbind: Convert wcache_opnum_cacheable() to a whitelist
It avoids having to explicitly blacklist new DCE/RPC calls.
This is the current list of non cacheable calls:
NDR_WBINT_PING
NDR_WBINT_QUERYSEQUENCENUMBER
NDR_WBINT_ALLOCATEUID
NDR_WBINT_ALLOCATEGID
NDR_WBINT_CHECKMACHINEACCOUNT
NDR_WBINT_CHANGEMACHINEACCOUNT
NDR_WBINT_PINGDC
NDR_WBINT_LISTTRUSTEDDOMAINS
It includes the ListTrustedDomains call recently converted to a local
RPC call.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
0d668dfb by Samuel Cabrero at 2022-03-25T17:03:29+00:00
s3:winbind: Return NTSTATUS from wbint_Ping() RPC function
There are no users of this function but the next commit will convert the
struct-based WINBINDD_PING call to a local RPC wbint_Ping() call.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
3e747891 by Samuel Cabrero at 2022-03-25T17:03:29+00:00
s3:winbind: Convert Ping parent/child call to NDR
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
41c72ae9 by Samuel Cabrero at 2022-03-25T17:57:18+00:00
examples: Update winbindd.stp and its generator script
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Fri Mar 25 17:57:18 UTC 2022 on sn-devel-184
- - - - -
f7447267 by Ralph Boehme at 2022-03-25T19:05:06+00:00
smbd: expand DEBUG statement in smbd_dirptr_get_entry() to include the dir and direntry name
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Mar 25 19:05:06 UTC 2022 on sn-devel-184
- - - - -
206909d5 by Thomas Debesse at 2022-03-25T20:25:28+00:00
s4: dns: Add customizable dns port option
Signed-off-by: Thomas Debesse <dev at illwieckz.net>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Mar 25 20:25:28 UTC 2022 on sn-devel-184
- - - - -
bd590c03 by Andreas Schneider at 2022-03-25T20:58:33+00:00
s4:kdc: Improve debug message of samba_kdc_fetch_server()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7b226a66 by Andreas Schneider at 2022-03-25T20:58:33+00:00
s4:kdc: Remove trailing white spaces in kdc-service-mit.c
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5636c59a by Andreas Schneider at 2022-03-25T20:58:33+00:00
s4:kdc: If we set the kerberos debug level to 10 write a trace file
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e2b9df1c by Andreas Schneider at 2022-03-25T20:58:33+00:00
s4:tests: Run Heimdal PKINIT tests only against ad_dc env
There is not difference kerberos-wise between those two envs.
This reverts 661e1a229e85f566c5fc5d43ea03fbb29847439a.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
28f57a75 by Andreas Schneider at 2022-03-25T20:58:33+00:00
s4:kdc: Add Smart Card and file based PKINIT support
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b39176f7 by Andreas Schneider at 2022-03-25T20:58:33+00:00
selftest: Setup PKINIT for MIT Kerberos
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4d0ea9e3 by Andreas Schneider at 2022-03-25T20:58:33+00:00
testprogs: Fix kerberos_kinit with additional options
The additional options need to come before we specify the principal
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9baac4a8 by Andreas Schneider at 2022-03-25T20:58:33+00:00
testprogs: Rename test_pkinit_heimdal.sh
We want one common test which works against Heimdal and MIT Kerberos.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ff0b3a9e by Andreas Schneider at 2022-03-25T20:58:33+00:00
testprogs: Format test_pkinit_simple.sh with shfmt
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a0deaed6 by Andreas Schneider at 2022-03-25T20:58:33+00:00
testprogs: Fix calculating failed in test_pkinit_simple.sh
We only want to increase it if a test is failing. If something is expected to
fail, we should not count that as failed.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e1728858 by Andreas Schneider at 2022-03-25T20:58:33+00:00
testprogs: Manually reformat testit commands in test_pkinit_simple.sh
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3aa7df56 by Andrew Bartlett at 2022-03-25T20:58:33+00:00
testprogs: Change from $foo to "${foo}" variable style
This is selected from and to improve the understanding of:
testprogs: A PKINIT test which runs against Heimdal and MIT Kerberos
There is no need to specify the enctype and it isn't supported with MIT
Kerberos.
Signed-off-by: Andreas Schneider <asn at samba.org>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
c27f17df by Andreas Schneider at 2022-03-25T20:58:33+00:00
testprogs: Remove the usage of enctype in test_pkinit_simple.sh
This is not needed anymore and the default is AES in the meantime.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6a125b0a by Andreas Schneider at 2022-03-25T20:58:33+00:00
testprogs: A PKINIT test which runs against Heimdal and MIT Kerberos
There is no need to specify the enctype and it isn't supported with MIT
Kerberos.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f0f47eed by Andreas Schneider at 2022-03-25T20:58:33+00:00
testprogs: Rename test_pkinit_pac_heimdal.sh
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
970f1100 by Andreas Schneider at 2022-03-25T20:58:33+00:00
testprogs: Reformat test_pkinit_pac.sh with shfmt
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
06da77a3 by Andreas Schneider at 2022-03-25T20:58:33+00:00
testprogs: Manually reformat test_pkinit_pac.sh
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
67294a23 by Andreas Schneider at 2022-03-25T21:54:11+00:00
testprogs: A PKINIT PAC test which runs against Heimdal and MIT Kerberos
There is no need to specify the enctype and it isn't supported by MIT Kerberos
anyway.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Fri Mar 25 21:54:11 UTC 2022 on sn-devel-184
- - - - -
bd1fd3de by Andreas Schneider at 2022-03-28T02:17:37+00:00
s4:selftest: Remove ad_dc_ntvfs env from several tests
It doesn't make sense to run tests against ad_dc and ad_dc_ntvfs in
those cases.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e4ea06ec by Joseph Sutton at 2022-03-28T02:17:37+00:00
samba-tool delegation: Add function to display security descriptor for RBCD
We also check some features of the security descriptor, and display
warnings if they are not as expected.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14954
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
572f90bd by Joseph Sutton at 2022-03-28T02:17:37+00:00
samba-tool delegation show: Display information for RBCD
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14954
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9a480f27 by Joseph Sutton at 2022-03-28T02:17:37+00:00
samba-tool delegation: Add commands to add/remove principals for RBCD
These commands allow updating the
msDS-AllowedToActOnBehalfOfOtherIdentity attribute with principals
allowed to delegate to an account.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14954
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
52f96294 by Joseph Sutton at 2022-03-28T02:17:37+00:00
samba-tool delegation: Clarify msDS-AllowedToDelegateTo delegation command documentation
This makes the difference between msDS-AllowedToDelegateTo and
msDS-AllowedToActOnBehalfOfOtherIdentity more clear.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14954
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3dccf63e by Joseph Sutton at 2022-03-28T02:17:37+00:00
samba-tool: Return correct result for _get_user_realm_domain()
We were returning the realm and the domain in the wrong order.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0bd4bc40 by Joseph Sutton at 2022-03-28T03:11:51+00:00
samba-tool: Check specified domain and realm against our own
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Mon Mar 28 03:11:51 UTC 2022 on sn-devel-184
- - - - -
127f728d by Christof Schmitt at 2022-03-28T09:10:58+00:00
vfs_gpfs: Initialize litemask to 0
The change from commit fb13c7c94f to query exact values for atime,
mtime, ctime and size is not necessary, as none of these are used in
this codepath. Initiale litemask to 0 instead.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15027
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Mon Mar 28 09:10:58 UTC 2022 on sn-devel-184
- - - - -
14e71127 by Andrew Bartlett at 2022-03-28T10:06:01+00:00
waf: Document the confusing --nonshared-binary, --builtin-libraries, --private-libraries and --bundled-libraries
These options are confusing to all who encounter them.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=8731
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Mon Mar 28 10:06:01 UTC 2022 on sn-devel-184
- - - - -
1884bc11 by Andrew Bartlett at 2022-03-29T02:33:34+00:00
s4-auth: Remove unused acct_flags parameter
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
360bb864 by Andrew Bartlett at 2022-03-29T02:33:34+00:00
s4-auth: Do not trigger RODC replication unless missing all passwords
With the NT hash becoming optional we cannot make blind assumptions that
a missing value means we are on an RODC needing the password replicated.
Instead, check for supplementalCredentials as well.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
86f7e4e6 by Andrew Bartlett at 2022-03-29T02:33:34+00:00
s4-auth: Only build auth_developer module in developer mode
This is a silly module for provoking NTSTATUS replies for testing and
was useful many moons ago for determining the NTSTATUS -> DOS table that
windows uses.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
d7a91a85 by Andrew Bartlett at 2022-03-29T03:32:57+00:00
s4-auth: Remove last traces of LanMan authentiation support in the AD DC.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Tue Mar 29 03:32:57 UTC 2022 on sn-devel-184
- - - - -
1f78a8e3 by Volker Lendecke at 2022-03-29T21:32:34+00:00
smbd: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
91ac9ce0 by Volker Lendecke at 2022-03-29T21:32:34+00:00
lib: GENCACHE_RAM isn't used anymore
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
af1719a9 by Volker Lendecke at 2022-03-29T21:32:34+00:00
smbd: Fix create_file_unixpath()'s stream handling
Make create_file_unixpath() robust against callers explicitly passing
in ":$DATA" as a stream name indicating the default stream. Right now
we NULL this out in callers, but this might change in the future.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
103dc3f9 by Volker Lendecke at 2022-03-29T21:32:34+00:00
smbd: Add a DEBUG to create_file_unixpath()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
50bac246 by Volker Lendecke at 2022-03-29T21:32:34+00:00
smbd: Simplify reply_rmdir()
We don't need to check this here, create_file_default and callees take
care of this.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e41f8001 by Volker Lendecke at 2022-03-29T21:32:34+00:00
smbd: Don't NULL out the "::$DATA" in openat_pathref_fsp()
Slight simplification now possible after introducing and using
fsp_is_alternate_stream() almost everywhere.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
825dcc6a by Volker Lendecke at 2022-03-29T22:24:38+00:00
smbd: Don't NULL out "::$DATA"
Slight simplification now possible after introducing and using
fsp_is_alternate_stream() almost everywhere.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Mar 29 22:24:38 UTC 2022 on sn-devel-184
- - - - -
42eeed05 by Stefan Metzmacher at 2022-03-29T22:32:32+00:00
buildtools: remove unused testwaf.sh
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
10d69da1 by Stefan Metzmacher at 2022-03-29T22:32:32+00:00
lib/fuzzing/README.md: don't use waf directly
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0be4f567 by Stefan Metzmacher at 2022-03-29T22:32:32+00:00
s4:selftest/provisions: make use of 'make testenv' and avoid direct waf
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a6b1e4b5 by Stefan Metzmacher at 2022-03-29T22:32:32+00:00
wafsamba: let test_duplicate_symbol.sh export PYTHONHASHSEED=1
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
22c46d9f by Stefan Metzmacher at 2022-03-29T22:32:32+00:00
configure/Makefile: export PYTHONHASHSEED=1 in all 'configure/Makefile' scripts
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
aa02cf3c by Stefan Metzmacher at 2022-03-29T22:32:32+00:00
ctdb/packaging/RPM: don't use waf directly
./configure && make && make install is will always work.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
420bbb1d by Stefan Metzmacher at 2022-03-29T23:31:38+00:00
wafsamba: require PYTHONHASHSEED=1 to be exported
This avoids a lot of trouble with random build failures,
if people try to use waf directly.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Tue Mar 29 23:31:38 UTC 2022 on sn-devel-184
- - - - -
36ccb98a by Stefan Metzmacher at 2022-03-30T11:13:35+00:00
python/join: improve logging of join_replicate()
It's useful to have timestamps to see the
time used for replication and committing.
We also warn the user that the committing stage
may take some time.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8597cc9d by Stefan Metzmacher at 2022-03-30T11:13:35+00:00
s4:dsdb/descriptor: split out struct descriptor_transaction
This will make it easier to add more details to the per transaction
state.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4c32f46a by Stefan Metzmacher at 2022-03-30T11:13:35+00:00
s4:dsdb/descriptor: add statistics for security descriptor propagation
In order to analyze the security descriptor propagation we remember
how much work we registered/processed.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b812ade4 by Stefan Metzmacher at 2022-03-30T11:13:35+00:00
s4:dsdb/descriptor: skip duplicates in descriptor_extended_sec_desc_propagation()
During replication we may need to fallback to using DRS_GET_TGT,
which means that we'll get a lot of objects more than once,
the most important one it the partition root object.
It means we'll also do the security descriptor propagation more than
once for these objects, which is extrememly costly for the partition
root objects and other objects near the root.
I analyzed a domain where we collected ~ 50000 descriptor_changes
registrations for the initial replication of ~ 22000 objects
in the database.
For that domain we spend ~ 4 hours for the security descriptor
propagation in descriptor_prepare_commit(), while the replication
itself was finished in less than 2 minutes.
With this change we reduce the number of registered/processed
descriptor_changes down to ~ 22000, while is reduces the time
from ~ 4 hours to just ~ 3 minutes 20 seconds!
The statitics changed from:
descriptor_prepare_commit: changes: num_registered=50000
descriptor_prepare_commit: changes: num_processed=50000
descriptor_prepare_commit: objects: num_processed=12000000
to:
descriptor_prepare_commit: changes: num_registrations=50000
descriptor_prepare_commit: changes: num_registered=22000
descriptor_prepare_commit: changes: num_processed=22000
descriptor_prepare_commit: objects: num_processed=80800
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ce38b30c by Stefan Metzmacher at 2022-03-30T11:13:35+00:00
s4:dsdb/descriptor: pass parent guid to dsdb_module_schedule_sd_propagation()
This is preparation to optimize the security descriptor propagation
in the following commits.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
bd1e667a by Stefan Metzmacher at 2022-03-30T11:13:35+00:00
s4:dsdb/descriptor: sort descriptor_changes tree based
For the hot code path, e.g. the commit after the initial replication,
we typically have one descriptor_changes for each object in the
database.
It means that we most likely have 5 naming contexts/partitions.
Except of their head/root object have a valid parent_guid,
so can move all of them into the tree structure.
Now we start the processing at the partition root objects,
which means that we also process all child objects in
the same run. While processing these objects we are most
likely able to mark their related descriptor_changes structure
as done removing it from the hierarchy.
With the 22000 object domain it reduces the time spend in
the commit stage from 3m 20s down to 2m 50s.
The statistics are changed from:
descriptor_prepare_commit: changes: num_registrations=50000
descriptor_prepare_commit: changes: num_registered=22000
descriptor_prepare_commit: changes: num_processed=22000
descriptor_prepare_commit: objects: num_processed=80800
to:
descriptor_prepare_commit: changes: num_registrations=50000
descriptor_prepare_commit: changes: num_registered=22000
descriptor_prepare_commit: changes: num_toplevel=5
descriptor_prepare_commit: changes: num_processed=5200
descriptor_prepare_commit: objects: num_processed=68800
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f7f65ceb by Stefan Metzmacher at 2022-03-30T12:06:21+00:00
s4:dsdb/descriptor: skip duplicates in descriptor_sd_propagation_object()
We're now sure that the security descriptor propagation happened
first for parent objects.
It means we can safely skip processing the same object twice in
descriptor_sd_propagation_object().
For the database with ~ 22000 objects it reduced the commit time
from 2m 50s down to 2m 24s.
The statistics are changed from:
descriptor_prepare_commit: changes: num_registrations=50000
descriptor_prepare_commit: changes: num_registered=22000
descriptor_prepare_commit: changes: num_toplevel=5
descriptor_prepare_commit: changes: num_processed=5200
descriptor_prepare_commit: objects: num_processed=68800
to:
descriptor_prepare_commit: changes: num_registrations=50000
descriptor_prepare_commit: changes: num_registered=22000
descriptor_prepare_commit: changes: num_toplevel=5
descriptor_prepare_commit: changes: num_processed=5200
descriptor_prepare_commit: objects: num_processed=22000
descriptor_prepare_commit: objects: num_skipped=41600
It means that we have "changes: num_registered" and
"objects: num_processed" exactly match the number
of replicated objects.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Wed Mar 30 12:06:21 UTC 2022 on sn-devel-184
- - - - -
e01c5992 by Jeremy Allison at 2022-03-30T14:16:29+00:00
s3: tests.py: Only run smb2.rename against fileserver.
No need to run this against nt4_dc or ad_dc.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15038
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
e862a2d9 by Jeremy Allison at 2022-03-30T14:16:29+00:00
s4: torture: Add CHECK_VAL macro to smb2/rename.c. Not yet used.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15038
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
4725ef5c by Jeremy Allison at 2022-03-30T14:16:29+00:00
s4: torture: Add CHECK_CREATED macro to smb2/rename.c. Not yet used.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15038
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
1301e646 by Jeremy Allison at 2022-03-30T14:16:29+00:00
s4: torture: Add test_smb2_close_full_information() test to smb2.rename.
Creates a file, opens it again on two different connections
and then renames it. When we close and ask for SMB2_CLOSE_FLAGS_FULL_INFORMATION
we expect this to succeed and return valid data on the handles that did not do
the rename request.
This currently succeeds by accident on master, so we are not
adding a knownfail.d/ file here. When we back-port this test
to 4.16.next, 4.15.next we will add a knownfail.d file.
The rename request zeros out the fsp->fsp_name->st field on the handles
that are open but are not being renamed, marking them as INVALID_STAT.
This should not happen on any open handle. Fix to follow will
preserve the field on rename in both the local connection and
different connection case.
Master gets away with this as in this branch, openat_pathref_fsp(),
which we use in the setup_close_full_information() call to fetch
the SMB2_CLOSE_FLAGS_FULL_INFORMATION data doesn't require an
existing VALID_STAT struct in order to open the file. This
hides the fact the rename zeroed out fsp->fsp_name->st.
4.16.x and 4.15.x don't have this fix, so expose the bug.
Regardless, even in master we should not zero out any
fsp->fsp_name->st values on rename.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15038
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
5e1aa469 by Jeremy Allison at 2022-03-30T14:16:29+00:00
s3: smbd: Preserve the fsp->fsp_name->st bufs across rename_open_files()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15038
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
06bfac21 by Jeremy Allison at 2022-03-30T15:07:09+00:00
s3: smbd: Preserve the fsp->fsp_name->st buf across a MSG_SMB_FILE_RENAME message.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15038
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Wed Mar 30 15:07:09 UTC 2022 on sn-devel-184
- - - - -
f734e960 by Ralph Boehme at 2022-03-31T17:53:29+00:00
CI: avoid smb2.twrp being run by plansmbtorture4testsuite() directly
This should only be run by a blackbox test.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15035
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ba9c5ba8 by Ralph Boehme at 2022-03-31T17:53:29+00:00
CI: add a test listing a snapshotted directory
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15035
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
9fa67ba8 by Ralph Boehme at 2022-03-31T18:47:42+00:00
vfs_shadow_copy2: implement readdir()
RN: shadow_copy2 fails listing snapshotted dirs with shadow:fixinodes
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15035
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Mar 31 18:47:42 UTC 2022 on sn-devel-184
- - - - -
24f4bea5 by Ralph Boehme at 2022-03-31T23:01:37+00:00
vfs_fruit: change default for "fruit:zero_file_id" option to yes
After discussion with folks at Apple it should be safe these days to rely on the
Mac to generate its own File-Ids and let Samba return 0 File-Ids.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
8532d7b3 by Ralph Boehme at 2022-03-31T23:01:37+00:00
CI: consolidate SMB2-FILEID and SMB2-FILEID-UNIQUE torture test suites
We don't need seperate test suites here, all tests are related to
File-Ids.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
8ad0febd by Ralph Boehme at 2022-03-31T23:01:37+00:00
vfs: bump VFS version to 47
The VFS version bump to 47 was missed when adding SMB_VFS_FSTATAT(). While at
it, fix the version history.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
643da37f by Ralph Boehme at 2022-03-31T23:01:37+00:00
smbd: remove itime and file_id logic and code
This bases File-Ids on the inode numbers again. The whole stuff was
added because at that time Apple clients
1. would be upset by inode number reusage and
2. had a client side bug in their fallback implemetentation that
assigns File-Ids on the client side in case the server provides
File-Ids of 0.
After discussion with folks at Apple it should be safe these days to
rely on the Mac to generate its own File-Ids and let Samba return 0
File-Ids.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
4b029699 by Ralph Boehme at 2022-03-31T23:58:54+00:00
smbd: consolidate nested if expressions
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Mar 31 23:58:54 UTC 2022 on sn-devel-184
- - - - -
59d1044e by Andreas Schneider at 2022-04-01T10:29:31+00:00
Add missing final newline to end of c file
find $(pwd) -type f -name "*.c" | xargs sed -i -e '$a\'
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
012d81d0 by Andreas Schneider at 2022-04-01T10:29:31+00:00
Add missing final newline to end of sh file
find $(pwd) -type f -name "*.sh" | xargs sed -i -e '$a\'
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ac7d0b45 by Andreas Schneider at 2022-04-01T11:20:35+00:00
Move LSP stuff to buildtools/devel_env.sh
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Fri Apr 1 11:20:35 UTC 2022 on sn-devel-184
- - - - -
b3ab69a4 by Volker Lendecke at 2022-04-01T20:19:29+00:00
torture: Introduce error labels for vfstest's cmd_open()
Next patch will have another error exit
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
fbce308d by Volker Lendecke at 2022-04-01T20:19:29+00:00
torture: Create a base_fsp for a named stream in vfstest
This will enable a simplification in the stream-handling openat vfs
routines.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
702af7f8 by Volker Lendecke at 2022-04-01T20:19:29+00:00
vfs: Ensure we have a base fsp openat() for named streams
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
b15c2497 by Volker Lendecke at 2022-04-01T20:19:29+00:00
vfs: streams_xattr uses fsetxattr by now, remove an assert
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
57bcbbca by Volker Lendecke at 2022-04-01T20:19:29+00:00
smbd: Don't loose base_fsp statinfo in non_widelink_open
smb_fname_rel came from SMB_VFS_PARENT_PATHNAME() without a reference
to the underlying base_fsp. We want to pass the existing stat-info to
the VFS objects, so when creating the relative base fsp_name we should
copy the stat-info from the base fsp we were handed, not the fake one
that we just made up in SMB_VFS_PARENT_PATHNAME()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
edc4c910 by Volker Lendecke at 2022-04-01T21:18:37+00:00
vfs: Simplify streams_depot_openat()
We don't need an explicit stat(), VALID_STAT on the existing base_fsp
is sufficient.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Apr 1 21:18:37 UTC 2022 on sn-devel-184
- - - - -
79132b33 by Andreas Schneider at 2022-04-04T07:59:51+00:00
script: Fix check_symbols() with gcov build
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Mon Apr 4 07:59:51 UTC 2022 on sn-devel-184
- - - - -
41717363 by Volker Lendecke at 2022-04-04T11:45:24+00:00
lib: Stay ASCII-compatible for toupper_m/tolower_m
This is an alternative patch for MR2339: It seems that Windows AD in
turkish locale is ASCII-compatible with 'i'. Björn tells me that the
turkish locale is the only one where upper/lower casing letters in the
ASCII range is not compatible to ASCII.
Simplify our code by not calling the locale-specific standard
toupper/tolower for the ASCII range but rely on our tables.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Mon Apr 4 11:45:24 UTC 2022 on sn-devel-184
- - - - -
7b98e6fc by Andreas Schneider at 2022-04-04T18:38:36+00:00
waf: Import Logs in wscript_configure_system_gnutls
We do not use Options, but we do use Logs.warn()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
efc2de0d by Andreas Schneider at 2022-04-04T18:38:36+00:00
waf: Check for GnuTLS earlier
As GnuTLS is an essential part we need to check for it early so we can react on
GnuTLS features in other wscripts.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a543d38c by Andreas Schneider at 2022-04-04T19:31:28+00:00
third_party:waf: Do not recurse in aesni-intel if GnuTLS provides the cipher
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon Apr 4 19:31:28 UTC 2022 on sn-devel-184
- - - - -
157d2dd7 by David Mulder at 2022-04-05T00:54:37+00:00
gpo: Certificate Auto Enrollment default Kerberos auth
Certificate Auto Enrollment uses Kerberos to
authenticate to AD. If someone configures their
cepces.conf to use a different default
authentication, then samba-gpupdate fails. Force
Kerberos auth from samba-gpupdate.
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
63bbdbae by David Mulder at 2022-04-05T01:44:33+00:00
gpo: Improve Certificate Auto Enroll Debug messages
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Apr 5 01:44:33 UTC 2022 on sn-devel-184
- - - - -
2f6b3178 by Martin Schwenke at 2022-04-06T06:34:37+00:00
ctdb-packaging: Move RPM spec file to examples directory
We used to use this for building test packages for standalone CTDB.
However, our testing has now changed to use binary tarballs. We
believe we were the only users of this spec file and expect CTDB to
only be installed as part of a top-level Samba build, especially in
RPM form.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
93824b8c by Vinit Agnihotri at 2022-04-06T06:34:37+00:00
packaging: move CTDB service file to top-level
Signed-off-by: Vinit Agnihotri <vagnihotri at ddn.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
bcd66e17 by Martin Schwenke at 2022-04-06T06:34:37+00:00
ctdb-common: Add function ctdb_tunable_load_file()
Allows direct loading of tunables from a file.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
5fa0c86b by Martin Schwenke at 2022-04-06T06:34:37+00:00
ctdb-tests: Reformat script
Samba is reformatting shell scripts using
shfmt -w -p -i 0 -fn
so update this one before editing.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
c413838f by Martin Schwenke at 2022-04-06T06:34:37+00:00
ctdb-tests: Strip trailing newlines from expected result output
This allows the provided output to be specified a little more
carelessly. As per the comment, trailing newlines can't be matched
anyway, so this is notionally a bug fix.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
38113493 by Martin Schwenke at 2022-04-06T06:34:37+00:00
ctdb-tests: Add function test_case(), tweak unit test header format
Instead of documenting test cases with a comment, this allows them to
be documented via an argument to a function that is printed when the
test case is run. This makes it easier locate test case failures when
commands used by test cases look similar,
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
b14f2a20 by Martin Schwenke at 2022-04-06T06:34:37+00:00
ctdb-tests: Add unit tests for tunables code
This aims to test ctdb_tunable_load_file() but also exercises
ctdb_tunable_names() and ctdb_tunable_get_value().
ctdb_tunable_set_value() is indirectly exercised via
ctdb_tunable_load_file().
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
a509ee05 by Martin Schwenke at 2022-04-06T06:34:37+00:00
ctdb-daemon: New function ctdb_tunables_load()
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
f49446cb by Martin Schwenke at 2022-04-06T06:34:37+00:00
ctdb-daemon: Load tunables from ctdb.tunables
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
0902553d by Martin Schwenke at 2022-04-06T06:34:37+00:00
ctdb-scripts: No longer load tunables via 00.ctdb.script setup event
Drop related tests.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
208034ec by Martin Schwenke at 2022-04-06T06:34:37+00:00
ctdb-doc: Update documentation for tunables configuration
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
3caddaaf by Martin Schwenke at 2022-04-06T06:34:37+00:00
ctdb-config: Drop CTDB_STARTUP_TIMEOUT
This was added to be able to notice startup failures when unknown
tunables were present in the configuration. Tunables are now set by
the daemon, so this is no longer necessary.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
cb438ecf by Martin Schwenke at 2022-04-06T06:34:37+00:00
ctdb-scripts: Drop all public IPs in the "shutdown" event
This is functionally the same as ctdb_release_all_ips().
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
6fb08a65 by Martin Schwenke at 2022-04-06T06:34:37+00:00
ctdb-daemon: Don't release all public IPs during shutdown sequence
This further untangles public IP handling from the main daemon.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
aca59722 by Martin Schwenke at 2022-04-06T06:34:37+00:00
ctdb-scripts: Remove failsafe that drops all IPs on failed shutdown
IPs are dropped in the shutdown event.
If a watchdog is necessary to ensure public IPs aren't on interfaces
when CTDB isn't running, then see ctdb-crash-cleanup.sh.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
a1e78cc3 by Martin Schwenke at 2022-04-06T06:34:37+00:00
ctdb-scripts: Drop uses of ctdbd_wrapper
The only value this now provides is use of a notification script to
log when start/stop are called. This was used for debugging strange
start/stop failures, which have not been recently seen. Also, systemd
does a good job of logging start/stop.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
8deec3bc by Martin Schwenke at 2022-04-06T06:34:37+00:00
ctdb-scripts: Drop unused ctdbd_wrapper
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
39f70481 by Martin Schwenke at 2022-04-06T07:32:04+00:00
WHATSNEW: Document some CTDB changes
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay at samba.org>
Autobuild-Date(master): Wed Apr 6 07:32:04 UTC 2022 on sn-devel-184
- - - - -
f1765f91 by Jeremy Allison at 2022-04-06T16:15:36+00:00
s3: smbget: Fix auth_fn, order of //server/share parameters is mixed in prompt.
Found by <voetelink at nrg.eu>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14831
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
7ad4047b by Volker Lendecke at 2022-04-06T16:15:36+00:00
streams_depot: Pass base_sbuf to stream_smb_fname()
In streams_depot_openat() we're sure to have a valid base_fsp with a
valid stat around. We don't need the additional SMB_VFS_NEXT_STAT() in
stream_dir() in this case.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d79194b2 by Volker Lendecke at 2022-04-06T16:15:36+00:00
streams_depot: Only create the subdirectories with O_CREAT
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a27bbfc8 by Volker Lendecke at 2022-04-06T17:09:59+00:00
streams_depot: Simplify stream_dir()
The only place where we could have entered the mark_valid() code path
is via openat(). In openat(":stream") with O_CREAT fsp->base_fsp() is
fully opened from within create_file_unixpath(). Change
streams_depot_openat() to call the FSETXATTR from mark_file_valid()
directly. This means we don't need the expensive synthetic_pathref()
call from stream_dir() anymore.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Apr 6 17:09:59 UTC 2022 on sn-devel-184
- - - - -
1b014618 by Pavel Filipenský at 2022-04-07T08:55:37+00:00
selftest: Create users "jackthemapper" and "jacknomapper"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15041
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Noel Power <npower at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
26e4268d by Pavel Filipenský at 2022-04-07T08:55:37+00:00
selftest: Create groups "jackthemappergroup" and "jacknomappergroup"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15041
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
0feeb6d5 by Pavel Filipenský at 2022-04-07T08:55:37+00:00
selftest: Add to "username.map" mapping for jackthemappergroup
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15041
Only for environment ad_member_idmap_nss.
* !jacknompapper = \@jackthemappergroup
jackthemaper from group jackthemappergroup is mapped to jacknompapper
* !root = jacknomappergroup
since there is no '@' or '+' prefix, it is not an UNIX group mapping
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
af8747a2 by Pavel Filipenský at 2022-04-07T08:55:37+00:00
s3:tests Test "username map" for UNIX groups
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15041
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
6dc463d3 by Pavel Filipenský at 2022-04-07T09:49:44+00:00
s3:auth: Fix user_in_list() for UNIX groups
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15041
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
Autobuild-User(master): Noel Power <npower at samba.org>
Autobuild-Date(master): Thu Apr 7 09:49:44 UTC 2022 on sn-devel-184
- - - - -
ef341e0f by Volker Lendecke at 2022-04-07T16:33:28+00:00
modules: Use conn->cwd_fsp in fruit_open_rsrc_adouble()
None of the adouble infrastructure is really prepared for a dirfsp
that is not conn->cwd_fsp, there are quite a few direct references to
it in adouble.c. This needs conversion, but at this point we need to
make fruit_openat() robust against a non-cwd_fsp dirfsp argument.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
0d05bc2e by Volker Lendecke at 2022-04-07T16:33:28+00:00
smbd: Align open_file() argument order with reopen_from_fsp()
dirfsp first, then dirfsp-relative atname, then fsp. smb_fname_atname
will be used soon.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
6e6ced4b by Volker Lendecke at 2022-04-07T17:30:29+00:00
smbd: Use dirfsp and atname passed to open_file()
Give non_widelink_open() to use the cheaper path without the full
chdir() logic when called via open_file_ntcreate()/open_file().
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Apr 7 17:30:29 UTC 2022 on sn-devel-184
- - - - -
77343f8f by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Add WITH_SMB1SERVER enabled for now
This adds the definition WITH_SMB1SERVER, enabled
by default for now meant for removing smb1 server
code. This will be removed and replaced with a
configure option later.
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
2266fd4c by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Move message.c -> smb1_message.c
message.c only contains smb1 code.
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
92b6efe3 by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Move sesssetup.c -> smb1_sesssetup.c
sesssetup.c only contains smb1 code.
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e00b09ce by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Move lanman.c -> smb1_lanman.c
lanman.c only contains smb1 code.
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
630d946d by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Disable build for SMB1 only files
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
35b184b5 by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Allow disabling SMB1 in struct smbXsrv_connection
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c510bd33 by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Move schedule_aio_read_and_X to smb1_aio.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
6a17ce32 by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Move schedule_aio_write_and_X to smb1_aio.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
3b1c02e4 by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Move aio.c -> smb2_aio.c
aio.c now contians only smb2 code
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
49f7763d by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Move nt_status_np_pipe to smb2_ipc.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d42a78f6 by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Move ipc.c -> smb1_ipc.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
23615a27 by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Move negprot_spnego to smb2_negprot.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
dd633d56 by David Mulder at 2022-04-07T17:37:29+00:00
smbd: negprot_spnego allow disabling smb1 spnego set
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1139ad7b by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Move negprot.c -> smb1_negprot.c
negprot.c only contains smb1 code.
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
24488743 by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Move set_sd to smb2_nttrans.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
7e88a86a by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Move set_sd_blob to smb2_nttrans.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
17e04761 by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Move copy_internals to smb2_nttrans.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
0ed7f06e by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Move smbd_do_query_security_desc to smb2_nttrans.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a5292f0b by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Move smbd_do_query_getinfo_quota to smb2_nttrans.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
feb6c593 by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Move nttrans.c -> smb1_nttrans.c
nttrans.c now contians only smb1 code
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
bb346639 by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Move new_break_message_smb1 to smb1_oplock.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
bed19efa by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Move send_break_message_smb1 to smb1_oplock.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1e0b0402 by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Disable smb1 oplock calls when smb1 is disabled
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
4f0a8e5b by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Move oplock.c -> smb2_oplock.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c3503721 by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Move reply_open_pipe_and_X to smb1_pipes.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
3d371386 by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Move reply_pipe_write_and_X to smb1_pipes.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
0a68f9d4 by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Move reply_pipe_read_and_X to smb1_pipes.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
2069d235 by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Move pipes.c -> smb2_pipes.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
08fa5527 by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Move check_path_syntax* to smb2_reply.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
0e3a46fc by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Move srvstr_get_path* to smb2_reply.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a8e1f65c by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Move srvstr_pull_req_talloc to smb2_reply.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
0d21c676 by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Move check_fsp_open to smb2_reply.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
347c7af9 by David Mulder at 2022-04-07T17:37:29+00:00
smbd: move check_fsp to smb2_reply.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f0396b9a by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Move check_fsp_ntquota_handle to smb2_reply.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
95d96068 by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Move reply_special to smb2_reply.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
56ac1efc by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Move unlink_internals to smb2_reply.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
01ee69a9 by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Move fake_sendfile to smb2_reply.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a8985a8a by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Move sendfile_short_send to smb2_reply.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
4140d179 by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Move rename_internals_fsp to smb2_reply.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
160849a8 by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Move rename_internals to smb2_reply.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
fdf5727c by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Move copy_file to smb2_reply.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a85436ac by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Move get_lock_offset to smb2_reply.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
0be7643b by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Move smbd_do_unlocking to smb2_reply.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
3daa70d7 by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Move reply.c -> smb1_reply.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
b431ec8d by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Disable call to smb1_srv_is_signing_active without smb1
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
0ad4a38a by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Move make_connection to smb1_service.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
cafa8260 by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Move service.c -> smb2_service.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
047df615 by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Move smb2_srv_init_signing to smb2_signing.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
7893b3cb by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Move srv_init_signing to smb2_signing.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
3e38df7d by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Disable call to smb1_srv_init_signing without smb1
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
7439d7eb by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Move signing.c -> smb1_signing.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e8c36c25 by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Split process_smb() into process_smb1() and process_smb2()
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
8914b9ca by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Split srv_send_smb into smb1_srv_send/smb2_srv_send
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
08aa1619 by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Move srv_send_smb/smb2_srv_send to smb2_process.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e287f7c2 by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Move srv_set_message to smb2_process.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
cd111f72 by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Move read_packet_remainder to smb2_process.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
b2313722 by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Split receive_smb_talloc into smb1_receive_talloc/smb2_receive_talloc
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
7e55512a by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Move receive_smb_talloc/smb2_receive_talloc to smb2_process.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
4a4be535 by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Move remove_deferred_open_message_smb to smb2_process.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
86452205 by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Move schedule_deferred_open_message_smb to smb2_process.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f1cc153e by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Move open_was_deferred to smb2_process.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
8e3f8099 by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Move get_deferred_open_message_state to smb2_process.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
9e451746 by David Mulder at 2022-04-07T17:37:29+00:00
smbd: Separate smb1 code from push_deferred_open_message_smb
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
5582077b by David Mulder at 2022-04-07T17:37:30+00:00
smbd: Move push_deferred_open_message_smb to smb2_process.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
92d18a35 by David Mulder at 2022-04-07T17:37:30+00:00
smbd: Move reply_outbuf and construct_reply_common_req to smb2_process.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f2fc4227 by David Mulder at 2022-04-07T17:37:30+00:00
smbd: Move process_smb to smb2_process.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
137d2989 by David Mulder at 2022-04-07T17:37:30+00:00
smbd: Disable smb1 in smbXsrv_connection_init_tables
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
635bf851 by David Mulder at 2022-04-07T17:37:30+00:00
smbd: Move smbXsrv_connection_init_tables to smb2_process.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
7a8f77ac by David Mulder at 2022-04-07T17:37:30+00:00
smbd: Move smbXsrv_connection_dbg to smb2_process.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e153f427 by David Mulder at 2022-04-07T17:37:30+00:00
smbd: Disable smb1 in smbd_add_connection
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
3d37047f by David Mulder at 2022-04-07T17:37:30+00:00
smbd: Disable smb1 in smbd_server_connection_handler
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c43c9ef3 by David Mulder at 2022-04-07T17:37:30+00:00
smbd: Disable smb1 in smbd_smb2_server_connection_read_handler
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
6f792afe by David Mulder at 2022-04-07T17:37:30+00:00
smbd: Move smbd_add_connection to smb2_process.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
2e0e49f4 by David Mulder at 2022-04-07T17:37:30+00:00
smbd: Disable smb1 in smbd_process
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
43672e15 by David Mulder at 2022-04-07T17:37:30+00:00
smbd: Move smbd_process to smb2_process.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
7e1ff0ff by David Mulder at 2022-04-07T17:37:30+00:00
smbd: Move process.c -> smb1_process.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
34feb418 by David Mulder at 2022-04-07T17:37:30+00:00
smbd: Move smb1_utils.h include to smbd.h
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
88b07d3b by David Mulder at 2022-04-07T17:37:30+00:00
smbd: Move send_trans2_replies to smb1_trans2.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
547f5c78 by David Mulder at 2022-04-07T17:37:30+00:00
smbd: Move smb_set_posix_lock to smb1_trans2.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
aab698e5 by David Mulder at 2022-04-07T17:37:30+00:00
smbd: Move reply_trans2 to smb1_trans2.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
97136a7a by David Mulder at 2022-04-07T17:37:30+00:00
smbd: Move reply_transs2 to smb1_trans2.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
481b7bfd by Jeremy Allison at 2022-04-07T17:37:30+00:00
s3: smbd: Move reply_findclose() from trans2.c to smb1_reply.c
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: David Mulder <dmulder at suse.com>
- - - - -
b2e52ab9 by Jeremy Allison at 2022-04-07T17:37:30+00:00
s3: smbd: Move reply_findnclose() from trans2.c to smb1_reply.c
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: David Mulder <dmulder at suse.com>
- - - - -
85753e46 by David Mulder at 2022-04-07T17:37:30+00:00
smbd: Move trans2.c -> smb2_trans2.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e081b25e by David Mulder at 2022-04-07T17:37:30+00:00
torture: Disable vfs chain test dependant on SMB1
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
b70c88fb by David Mulder at 2022-04-07T17:37:30+00:00
smbd: Disable use of smb_fn_name without SMB1 in error.c
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
941ed7ef by David Mulder at 2022-04-07T17:37:30+00:00
smbd: Disable SMB_QUERY_CIFS_UNIX_INFO when SMB1 is disable
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
858a49d1 by David Mulder at 2022-04-07T17:37:30+00:00
smbd: Disable SMB_SET_POSIX_LOCK when SMB1 is disabled
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f810a113 by David Mulder at 2022-04-07T17:37:30+00:00
smbd: Remove duplicate read_nttrans_ea_list function prototype
Because this stray prototype was mixed in with
the smb1 code, it caused the smb2-only build to
fail. Instead of duplicating the function
prototype, lets just include the correct header.
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
8084c432 by David Mulder at 2022-04-07T17:37:30+00:00
smbd: Disable use of smb_fn_name when SMB1 is disabled
perfcount_test.c was using the smb_fn_name
function, which doesn't exist when SMB1 is
disabled.
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ed23ce77 by David Mulder at 2022-04-07T17:37:30+00:00
smbd: Move valid_smb_header to smb2_process.c
valid_smb_header is needed for a multi-protocol
negotiation.
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f0ae7fba by David Mulder at 2022-04-07T17:37:30+00:00
smbd: Move init_smb_request to smb2_process.c
init_smb_request is needed for a multi-protocol
negotiation.
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
aa61db2d by David Mulder at 2022-04-07T17:37:30+00:00
smbd: Enable multi-protocol negotiate w/out SMB1
This enables the multi-protocol negotiate when
the SMB1 build is disabled. It requires enabling
parts of the SMB1 negotiation.
Signed-off-by: David Mulder <dmulder at suse.com>
Signed-off-by: Jeremy Allison <jra at samba.org>
- - - - -
085b16e0 by David Mulder at 2022-04-07T17:37:30+00:00
smbd: Process error reply if SMB1 negprot parsing fails
Signed-off-by: David Mulder <dmulder at suse.com>
Signed-off-by: Jeremy Allison <jra at samba.org>
- - - - -
536330d2 by David Mulder at 2022-04-07T17:37:30+00:00
smbd: Move reply_pipe_write to smb1_pipes.c
Signed-off-by: David Mulder <dmulder at suse.com>
Signed-off-by: Jeremy Allison <jra at samba.org>
- - - - -
a48bf243 by David Mulder at 2022-04-07T17:37:30+00:00
smbd: Remove uses of srv_send_smb
Replace them with direct calls to smb1_srv_send
and smb2_srv_send.
Signed-off-by: David Mulder <dmulder at suse.com>
Signed-off-by: Jeremy Allison <jra at samba.org>
- - - - -
e17ad24c by David Mulder at 2022-04-07T17:37:30+00:00
smbd: Remove srv_send_smb
Signed-off-by: David Mulder <dmulder at suse.com>
Signed-off-by: Jeremy Allison <jra at samba.org>
- - - - -
d949073e by Jeremy Allison at 2022-04-07T17:37:30+00:00
s3: smbd: Rename valid_smb_header() -> valid_smb1_header()
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: David Mulder <dmulder at suse.com>
- - - - -
9caa467c by Jeremy Allison at 2022-04-07T17:37:30+00:00
s3: smbd: Rename srv_set_message() -> srv_smb1_set_message().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: David Mulder <dmulder at suse.com>
- - - - -
2d5e97f2 by Jeremy Allison at 2022-04-07T17:37:30+00:00
s3: smbd: Rename construct_reply_common() -> construct_smb1_reply_common().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: David Mulder <dmulder at suse.com>
- - - - -
c453cfbf by Jeremy Allison at 2022-04-07T17:37:30+00:00
s3: smbd: Rename construct_reply_common_req() -> construct_smb1_reply_common_req()
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: David Mulder <dmulder at suse.com>
- - - - -
97fd5e56 by Jeremy Allison at 2022-04-07T17:37:30+00:00
s3: smbd: Rename create_outbuf() -> create_smb1_outbuf()
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: David Mulder <dmulder at suse.com>
- - - - -
1574443b by Jeremy Allison at 2022-04-07T17:37:30+00:00
s3: smbd: Rename reply_outbuf() -> reply_smb1_outbuf().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: David Mulder <dmulder at suse.com>
- - - - -
0de91444 by Jeremy Allison at 2022-04-07T17:37:30+00:00
s3: smbd: Rename init_smb_request() -> init_smb1_request().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: David Mulder <dmulder at suse.com>
- - - - -
a9b57276 by David Mulder at 2022-04-07T17:37:30+00:00
configure: Add option for disabling the smb1 server
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
b6d41620 by David Mulder at 2022-04-07T17:37:30+00:00
configure: Fail smbd w/o smb1 if selftest when configured with ad_dc
When we build with samba selftest and ad_dc, we must
include smb1 in smbd.
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
8d62b7ac by David Mulder at 2022-04-07T17:37:30+00:00
ci: Create samba-fileserver-without-smb1 environment
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
efcaeff2 by Jeremy Allison at 2022-04-07T18:33:31+00:00
WHATSNEW.txt: Add explaination of --without-smb1-server and --with-smb1-server configure options.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: David Mulder <dmulder at suse.com>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Apr 7 18:33:31 UTC 2022 on sn-devel-184
- - - - -
321c51e1 by Samuel Cabrero at 2022-04-08T20:13:37+00:00
s3:winbind: Move functions to enable or disable cache to winbindd-lib subsystem
The source3/winbindd/winbindd.c file does not belong to 'winbindd-lib'
subsystem. Funtions called from winbindd-lib must be part of it.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
3250de22 by Samuel Cabrero at 2022-04-08T20:13:37+00:00
s3:winbind: Move imessaging context init function to winbindd-lib subsystem
The source3/winbindd/winbindd.c file does not belong to 'winbindd-lib'
subsystem. Funtions called from winbindd-lib must be part of it.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
334a4aa1 by Samuel Cabrero at 2022-04-08T20:13:37+00:00
s3:winbind: Move the function to get the privileged pipe dir to winbindd-lib subsystem
The source3/winbindd/winbindd.c file does not belong to 'winbindd-lib'
subsystem. Funtions called from winbindd-lib must be part of it.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d4169816 by Samuel Cabrero at 2022-04-08T20:13:37+00:00
s3:winbind: Move function to flush cache to winbindd-lib subsystem
The source3/winbindd/winbindd.c file does not belong to 'winbindd-lib'
subsystem. Funtions called from winbindd-lib must be part of it.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
11d0266c by Samuel Cabrero at 2022-04-08T20:13:37+00:00
s3:winbind: Move servide reload related functions to winbindd-lib subsystem
The source3/winbindd/winbindd.c file does not belong to 'winbindd-lib'
subsystem. Funtions called from winbindd-lib must be part of it.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1903cf39 by Samuel Cabrero at 2022-04-08T20:13:37+00:00
s3:winbind: Rename terminate() function to winbindd_terminate()
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
dfba83e1 by Samuel Cabrero at 2022-04-08T20:13:37+00:00
s3:winbind: Move sigterm handling functions to winbindd-lib subsystem
The source3/winbindd/winbindd.c file does not belong to 'winbindd-lib'
subsystem. Funtions called from winbindd-lib must be part of it.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
12ef1543 by Samuel Cabrero at 2022-04-08T20:13:37+00:00
s3:winbind: Move sighup handling related functions to winbindd-lib subsystem
The source3/winbindd/winbindd.c file does not belong to 'winbindd-lib'
subsystem. Funtions called from winbindd-lib must be part of it.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a1a696a8 by Samuel Cabrero at 2022-04-08T20:13:37+00:00
s3:winbind: Refactor check_info3_in_group() to take a wbint_SidArray struct
Refactor the check_info3_in_group() function to take a wbint_SidArray
struct. The sid strings stored in extra_data are parsed into a
wbint_SidArray in a separated function.
Later, winbindd_dual_pam_auth() will be converted to a local RPC
call handler and the wbint_SidArray containing the required membership
will be part of the 'r' struct.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e0fadfd0 by Samuel Cabrero at 2022-04-08T20:13:37+00:00
s4:rpc_server: Fix duplicated function name between s3 and s4
It can lead to link errors:
/usr/lib64/gcc/x86_64-suse-linux/11/../../../../x86_64-suse-linux/bin/ld: source3/rpc_server/rpc_server.c.24.o: in function `dcesrv_assoc_group_find':
/home/scabrero/workspace/samba/samba/bin/default/../../source3/rpc_server/rpc_server.c:229: multiple definition of `dcesrv_assoc_group_find'; source4/rpc_server/dcerpc_server.c.5.o:/home/scabrero/workspace/samba/samba/bin/default/../../source4/rpc_server/dcerpc_server.c:121: first defined here
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
68096b56 by Samuel Cabrero at 2022-04-08T20:13:37+00:00
s4:rpc_server: Fix duplicated function name between s3 and s4
It can lead to link errors:
/usr/lib64/gcc/x86_64-suse-linux/11/../../../../x86_64-suse-linux/bin/ld: source3/rpc_server/rpc_server.c.24.o: in function `dcesrv_transport_terminate_connection':
/home/scabrero/workspace/samba/samba/bin/default/../../source3/rpc_server/rpc_server.c:242: multiple definition of `dcesrv_transport_terminate_connection'; source4/rpc_server/dcerpc_server.c.5.o:/home/scabrero/workspace/samba/samba/bin/default/../../source4/rpc_server/dcerpc_server.c:710: first defined here
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
3944b586 by Samuel Cabrero at 2022-04-08T20:13:37+00:00
selftest: Extend test_wbc_logon_user to test WBFLAG_PAM_UNIX_NAME flag
Use the same function append_unix_username() uses to build the expected
value as it depends on the server role. This requires linking
winbindd-lib.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
5439ecf7 by Samuel Cabrero at 2022-04-08T20:13:37+00:00
selftest: Add a test for PamLogOff
This test also verifies the KRB5CCNAME environment variable is set after
a successful PAM authentication with Kerberos.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ed2afdd3 by Samuel Cabrero at 2022-04-08T20:13:37+00:00
s3:winbind: Refactor append_unix_username(), do not take winbindd_response struct as parameter
Refactor the append_unix_username() function to do not take a
winbindd_response struct as parameter but its members. The
unix username is returned as an out parameter and the caller is
responsible for setting it in the winbindd_response struct.
Later winbindd_dual_pam_auth() will be converted to a local RPC
call handler and the netr_Validation will be returned in the 'r' struct
from the child to the parent. The parent will then fill the
winbindd_response struct.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
aebe79b7 by Samuel Cabrero at 2022-04-08T20:13:37+00:00
s3:winbind: Refactor append_afs_token(), do not take winbindd_response struct as parameter
Refactor the append_afs_token() function to do not take a
winbindd_response as a parameter but its members directly. The AFS token
is returned as an out parameter in a DATA_BLOB, and the caller is
responsible for setting it the extra_data winbindd_response field and
extending the winbindd_response length.
Later winbindd_dual_pam_auth() will be converted to a local RPC
call handler and the netr_Validation will be returned in the 'r' struct
from the child to the parent. The parent will then fill the
winbindd_response struct.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
38b94791 by Samuel Cabrero at 2022-04-08T20:13:37+00:00
s3:winbind: Refactor winbindd_dual_pam_auth_kerberos(), do not take winbindd_cli_state struct parameter
Refactor winbindd_dual_pam_auth_kerberos() to do not take a
winbindd_cli_state struct as parameter but its members. The kerberos
ccache name is returned as an out parameter and the caller is
responsible for copying it in the winbindd_response struct.
Later winbindd_dual_pam_auth() will be converted to a local RPC call
handler and it will not receive a winbindd_cli_state as argument so
reduce passing this struct around.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
cca932d3 by Samuel Cabrero at 2022-04-08T20:13:37+00:00
s3:winbind: Refactor winbindd_dual_pam_auth_kerberos(), return netr_Validation
Map netr_SamInfo6 to netr_Validation in winbindd_dual_pam_auth_kerberos()
instead of doing it in the caller.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
7a388811 by Samuel Cabrero at 2022-04-08T20:13:37+00:00
s3:winbind: Refactor winbindd_dual_pam_auth_cached(), use temporary memory context
This function allocates a lot of intermedite variables, use a temporary
memory context.
The out variable info3 is assigned using talloc_steal() because the
local my_info3 is used below.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
6e017e21 by Samuel Cabrero at 2022-04-08T20:13:37+00:00
s3:winbind: Refactor winbindd_dual_pam_auth_cached(), delay out variable assignment
Delay the assignment of the out varible and assign it only if
returning NT_STATUS_OK, the caller does not use the returned
netr_SamInfo3 if the function does not return NT_STATUS_OK.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d9747504 by Samuel Cabrero at 2022-04-08T20:13:37+00:00
s3:winbind: Refactor winbindd_dual_pam_auth_cached(), return krb5ccname as out parameter
Later winbindd_dual_pam_auth() will be converted to a local RPC
handler and it will not receive a winbindd_cli_state struct as parameter.
Avoid passing around this struct.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e0f798f2 by Samuel Cabrero at 2022-04-08T20:13:37+00:00
s3:winbind: Refactor winbindd_dual_pam_auth_cached(), avoid winbindd_cli_state parameter
Later winbindd_dual_pam_auth() will be converted to a local RPC
handler and it will not receive a winbindd_cli_state struct as parameter.
Avoid passing around this struct.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1f8d70f1 by Samuel Cabrero at 2022-04-08T20:13:37+00:00
s3:winbind: Refactor winbindd_dual_pam_auth_cached(), return netr_Validation
Map netr_SamInfo3 to netr_Validation in this function instead of doing
it in the caller.
Later winbindd_dual_pam_auth() will be converted to a local RPC
handler and it will return the netr_Validation in the 'r' struct.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1e892e79 by Samuel Cabrero at 2022-04-08T20:13:37+00:00
s3:winbind: Refactor fake_password_policy(), take netr_Validation as argument
Later winbindd_dual_pam_auth() will be converted to a local RPC call
handler and it will return a netr_Validation from the child. This
function will be moved to the parent to fill the winbindd_response
struct.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d7739859 by Samuel Cabrero at 2022-04-08T20:13:37+00:00
s3:winbind: Refactor log_authentication(), do not take winbindd_cli_state struct parameter
Later winbindd_dual_pam_auth() will be converted to a local RPC call
handler and it will not receive a winbindd_cli_state parameter. Avoid
passing this struct around.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
0dbdc276 by Samuel Cabrero at 2022-04-08T20:13:37+00:00
s3:winbind: Make extra_data_to_sid_array() public
Later winbindd_dual_pam_auth() will be converted to a local RPC call
handler and the parent will call this function to fill the 'r' struct.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c957d2dd by Samuel Cabrero at 2022-04-08T20:13:37+00:00
s3:winbind: Set local and remote addresses in the crafted dcesrv_conn
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ddc551f4 by Samuel Cabrero at 2022-04-08T20:13:37+00:00
s3:winbind: Convert PamAuth from struct based to NDR based
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
be23ffbc by Samuel Cabrero at 2022-04-08T21:06:01+00:00
examples: Update winbindd.stp and generate script
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Apr 8 21:06:01 UTC 2022 on sn-devel-184
- - - - -
3198b94a by Pavel Filipenský at 2022-04-11T16:56:35+00:00
tevent: Fix trailing whitespaces
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
ddc8f4f4 by Pavel Filipenský at 2022-04-11T16:56:35+00:00
tevent: Move the code below the trigger check
This makes the next commit smaller.
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
dfbb3818 by Pavel Filipenský at 2022-04-11T16:56:35+00:00
tevent: Use internally an empty trigger function for blocker requests
This avoids special magic, but keeps the same external behavior.
It makes the following changes easier to understand.
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
f681ef2f by Pavel Filipenský at 2022-04-11T16:56:35+00:00
tevent: Add tevent queue tracing support
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
a20d41ac by Pavel Filipenský at 2022-04-11T17:51:08+00:00
tevent:tests: Test queue entry tags
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Mon Apr 11 17:51:08 UTC 2022 on sn-devel-184
- - - - -
78805376 by Samuel Cabrero at 2022-04-12T18:54:50+00:00
s3:winbind: Fix uninitialized validation_level variable
Found by oss-fuzz:
../../source3/winbindd/winbindd_pam.c:2879:7: error: variable 'validation_level' is used uninitialized whenever 'if' condition is true [-Werror,-Wsometimes-uninitialized]
if (!(state->request->flags & WBFLAG_BIG_NTLMV2_BLOB) ||
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../source3/winbindd/winbindd_pam.c:3003:6: note: uninitialized use occurs here
validation_level,
^~~~~~~~~~~~~~~~
../../source3/winbindd/winbindd_pam.c:2879:3: note: remove the 'if' if its condition is always false
if (!(state->request->flags & WBFLAG_BIG_NTLMV2_BLOB) ||
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../source3/winbindd/winbindd_pam.c:2879:7: error: variable 'validation_level' is used uninitialized whenever '||' condition is true [-Werror,-Wsometimes-uninitialized]
if (!(state->request->flags & WBFLAG_BIG_NTLMV2_BLOB) ||
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../source3/winbindd/winbindd_pam.c:3003:6: note: uninitialized use occurs here
validation_level,
^~~~~~~~~~~~~~~~
../../source3/winbindd/winbindd_pam.c:2879:7: note: remove the '||' if its condition is always false
if (!(state->request->flags & WBFLAG_BIG_NTLMV2_BLOB) ||
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../source3/winbindd/winbindd_pam.c:2853:27: note: initialize the variable 'validation_level' to silence this warning
uint16_t validation_level;
^
= 0
1 warning and 2 errors generated.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15044
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Apr 12 18:54:50 UTC 2022 on sn-devel-184
- - - - -
e1f29b09 by Samuel Cabrero at 2022-04-13T12:59:30+00:00
s3:winbind: Do not use domain's private data to store the SAMR pipes
The domain's private_data pointer is also used to store a ADS_STRUCT,
which is not allocated using talloc and there are many places casting
this pointer directly.
The recently added samba.tests.pam_winbind_setcred was randomly failing
and after debugging it the problem was that kerberos authentication was
failing because the time_offset passed to kerberos_return_pac() was
wrong. This time_offset was retrieved from ads->auth.time_offset, where
the ads pointer was directly casted from domain->private_data but
private_data was pointing to a winbind_internal_pipes struct.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15046
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
91395e66 by Samuel Cabrero at 2022-04-13T12:59:30+00:00
s3:winbind: Simplify open_cached_internal_pipe_conn()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15046
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
3cb25643 by Samuel Cabrero at 2022-04-13T12:59:30+00:00
s3:winbind: Do not use domain's private data to store the ADS_STRUCT
The ADS_STRUCT is not allocated using talloc and there are many places
casting this pointer directly so use a typed pointer.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15046
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
a6d6ae3c by Samuel Cabrero at 2022-04-13T12:59:30+00:00
s3:winbind: Remove no longer used domain's private_data pointer
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15046
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
db7e296f by Samuel Cabrero at 2022-04-13T12:59:30+00:00
selftest: Use selftest's TMPDIR to store the krb5 ccache in pam_winbind tests
Using /tmp directly can lead to errors if multiple autobuilds are
running at the same time. Using tempfile.gettempdir() will look for
$TMPDIR environment variable.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
685006c8 by Samuel Cabrero at 2022-04-13T12:59:30+00:00
selftest: Use selftest's TMPDIR to store the krb5 ccache in pam_winbind_setcred test
Using /tmp directly can lead to errors if multiple autobuilds are
running at the same time. Using tempfile.gettempdir() will look for
$TMPDIR environment variable.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
21d1a950 by Stefan Metzmacher at 2022-04-13T12:59:30+00:00
librpc:idl: Add comments to assert identity string in security.idl
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
dbbb5ca1 by Andreas Schneider at 2022-04-13T12:59:30+00:00
s4:kdc: Set debug class for pac-glue
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
f8c3b68f by Stefan Metzmacher at 2022-04-13T12:59:30+00:00
python:tests: Fix standalone run of kdc_tgs_tests
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
a5c8077a by Andreas Schneider at 2022-04-13T12:59:30+00:00
python:tests: Check code error code in test_s4u2self_rodc_revealed
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
c29d5fcb by Andreas Schneider at 2022-04-13T12:59:30+00:00
s4:mit-samba: Pass flags to ks_get_pac()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
2a79a5ee by Andreas Schneider at 2022-04-13T12:59:30+00:00
s4:mit-samba: Pass flags to mit_samba_get_pac()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
461dc44e by Andreas Schneider at 2022-04-13T12:59:30+00:00
s4:kdc: pass down SAMBA_KDC_FLAG_PROTOCOL_TRANSITION to samba_kdc_update_pac()
This gives samba_kdc_update_pac() a chance to detect S4U2Self.
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Andreas Schneider <asn at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
- - - - -
887f0cf2 by Andreas Schneider at 2022-04-13T12:59:30+00:00
s4:kdc: Fix S4U2Proxy in RODC case to return an error
Tested also against Windows Server 2022.
Details:
https://lists.samba.org/archive/cifs-protocol/2022-April/003673.html
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Andreas Schneider <asn at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
- - - - -
4b684c32 by Stefan Metzmacher at 2022-04-13T12:59:30+00:00
python:tests: Add support to print krb5 keys as string
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
fc8a2943 by Stefan Metzmacher at 2022-04-13T12:59:30+00:00
python:tests: Allow to print krb5 encryption keys as string
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
61b22319 by Andreas Schneider at 2022-04-13T12:59:30+00:00
python:tests: Add support for expected groups in krb5 tests
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
e03665fb by Andreas Schneider at 2022-04-13T12:59:30+00:00
python:tests: Add support for unexpected groups in krb5 tests
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
d6b6702e by Stefan Metzmacher at 2022-04-13T12:59:30+00:00
python:tests: Reorder variables
Those will be needed earlier in the next commit.
Pair-Programmed-With: Andreas Schneider <asn at samba.org>
Signed-off-by: Andreas Schneider <asn at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
- - - - -
5902e87e by Andreas Schneider at 2022-04-13T12:59:30+00:00
python:tests: Add krb5 tests for asserted identity
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Andreas Schneider <asn at samba.org>
- - - - -
e6a2c3c3 by Andreas Schneider at 2022-04-13T12:59:30+00:00
s4:torture: let remote_pac test for asserted identity sids
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Andreas Schneider <asn at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
- - - - -
a14acd0c by Andreas Schneider at 2022-04-13T12:59:30+00:00
s4:selftest: Do not print the env twice
This makes it easier to write knownfail rules
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
9b03e31f by Andreas Schneider at 2022-04-13T12:59:30+00:00
s4:dsdb:tests: Also pass tests if asserted identity is present
We should make sure that we use NTLMSSP or Kerberos consistently
for the tests and don't mix them.
We're also much stricter and symmetric_difference() to
check if the sets are actually the same.
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Andreas Schneider <asn at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
- - - - -
9ad03f51 by Andreas Schneider at 2022-04-13T13:54:27+00:00
s4:kdc: Add asserted identity SID to identify whether S4U2Self has occurred
Because the KDC does not limit protocol transition (S4U2Self), two new
well-known SIDs are available to give this control to the resource
administrator. These SIDs identify whether protocol transition (S4U2Self) has
occurred, and can be used with standard access control lists to grant or limit
access as needed.
See
https://docs.microsoft.com/en-us/windows-server/security/kerberos/kerberos-constrained-delegation-overview
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Andreas Schneider <asn at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Wed Apr 13 13:54:27 UTC 2022 on sn-devel-184
- - - - -
9332606a by Christian Ambach at 2022-04-21T06:03:38+00:00
s3:utils:smbcacls fix a typo
Signed-off-by: Christian Ambach <ambi at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
- - - - -
c285bcfb by Christian Ambach at 2022-04-21T06:59:12+00:00
lib/cmdline: fix a typo
Signed-off-by: Christian Ambach <ambi at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Thu Apr 21 06:59:12 UTC 2022 on sn-devel-184
- - - - -
d948cb1c by John Mulligan at 2022-04-21T14:41:32+00:00
lib/smbconf: add an initial set of python bindings
The smbconf library provides a generic interface for Samba configuration
backends. In order to access these backends, including the read-write
registry backend, we add a new python binding for smbconf - the general
interface library.
This initial set of bindings covers some basic read-only calls. This
includes function calls for listing shares (config sections) and getting
the parameters of the shares. The `init_txt` construction function must
be used to get a new SMBConf object. This is done so that other
backends, specifically the registry backend from source3 can be used in
the future. Those will provide their own construction funcs.
Signed-off-by: John Mulligan <jmulligan at redhat.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz
Reviewed-by: David Mulder <dmulder at suse.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
84480a1e by John Mulligan at 2022-04-21T15:33:38+00:00
python/samba/tests: add SMBConfTests suite
Add an initial suite of tests for the smbconf python bindings.
Currently only simple read-only methods are available.
Signed-off-by: John Mulligan <jmulligan at redhat.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz
Reviewed-by: David Mulder <dmulder at suse.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Autobuild-User(master): Günther Deschner <gd at samba.org>
Autobuild-Date(master): Thu Apr 21 15:33:38 UTC 2022 on sn-devel-184
- - - - -
e2392729 by Anoop C S at 2022-04-25T13:23:18+00:00
libsmbconf: Avoid initial declaration inside 'for' loop
Building Samba on CentOS 7 with GCC version 4.8.5 results in the
following error:
[2725/3398] Compiling libcli/echo/tests/echo.c
../../lib/smbconf/pysmbconf.c: In function 'py_from_smbconf_service':
../../lib/smbconf/pysmbconf.c:72:2: error: 'for' loop initial
declarations are only allowed in C99 mode
for (uint32_t i = 0; i < svc->num_params; i++) {
^
../../lib/smbconf/pysmbconf.c:72:2: note: use option -std=c99 or
-std=gnu99 to compile your code
../../lib/smbconf/pysmbconf.c: In function 'obj_share_names':
../../lib/smbconf/pysmbconf.c:181:2: error: 'for' loop initial
declarations are only allowed in C99 mode
for (uint32_t i = 0; i < num_shares; i++) {
^
../../lib/smbconf/pysmbconf.c: In function 'obj_get_config':
../../lib/smbconf/pysmbconf.c:267:2: error: 'for' loop initial
declarations are only allowed in C99 mode
for (uint32_t i = 0; i < num_shares; i++) {
^
Therefore declare variables right at the start aligning to default C90
standard available with GCC version on CentOS 7.
Signed-off-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Mon Apr 25 13:23:18 UTC 2022 on sn-devel-184
- - - - -
756cd0ee by Andreas Schneider at 2022-04-26T19:22:29+00:00
s3:passdb: Remove trailing spaces in lookup_sid.c
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15054
Signed-off-by: Andreas Schneider <asn at cryptomilk.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
2a03fb91 by Andreas Schneider at 2022-04-26T19:22:29+00:00
s3:passdb: Add support to handle UPNs in lookup_name()
This address an issue if sssd is running and handling nsswitch. If we look up
a user with getpwnam("DOMAIN\user") it will return user at REALM in the passwd
structure. We need to be able to deal with that.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15054
Signed-off-by: Andreas Schneider <asn at cryptomilk.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ed8e4668 by Andreas Schneider at 2022-04-26T19:22:29+00:00
s3:passdb: Use already defined pointer in lookup_name_smbconf()
Signed-off-by: Andreas Schneider <asn at cryptomilk.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
26903107 by Andreas Schneider at 2022-04-26T19:22:30+00:00
s3:passdb: Refactor lookup_name_smbconf()
This will be changed to support UPNs too in the next patch.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15054
Signed-off-by: Andreas Schneider <asn at cryptomilk.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
28fc44f2 by Andreas Schneider at 2022-04-26T20:16:33+00:00
s3:passdb: Also allow to handle UPNs in lookup_name_smbconf()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15054
Signed-off-by: Andreas Schneider <asn at cryptomilk.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Apr 26 20:16:33 UTC 2022 on sn-devel-184
- - - - -
830b561c by Volker Lendecke at 2022-04-26T21:41:29+00:00
vfs: Remove unused last_lock_failure from files_struct
Save 72 bytes per open file handle
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
cdef9770 by Volker Lendecke at 2022-04-26T21:41:29+00:00
dsdb: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
22032eef by Volker Lendecke at 2022-04-26T21:41:29+00:00
passdb: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
4ef1b096 by Volker Lendecke at 2022-04-26T21:41:29+00:00
ldap_server: Fix typos
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ef846e66 by Volker Lendecke at 2022-04-26T21:41:29+00:00
ldb: Avoid "==true/false" in a boolean expression
That's what we have boolean variables and expressions for
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
41a9d958 by Volker Lendecke at 2022-04-26T21:41:29+00:00
ldb: Save a few lines with TALLOC_FREE()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
894a1c19 by Volker Lendecke at 2022-04-26T21:41:29+00:00
ldb: Introduce "colon" variable in ldb_module_connect_backend()
Easier debugging, avoid a second call to strchr()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
9ab0f91b by Volker Lendecke at 2022-04-26T21:41:29+00:00
passdb: Split lines in make_pdb_method_name()
Looks nicer
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ce0f483a by Volker Lendecke at 2022-04-26T21:41:29+00:00
passdb: Introduce helper variables in make_pdb_method_name()
Easier debugging
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d2f3ac2f by Volker Lendecke at 2022-04-26T21:41:29+00:00
lib: Remove an unused includes.h
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
aa27b662 by Volker Lendecke at 2022-04-26T21:41:29+00:00
lib: Remove an unneeded includes.h
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
8a3e3a0d by Volker Lendecke at 2022-04-26T21:41:29+00:00
lib: Remove an unneeded includes.h
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
5f2ef356 by Volker Lendecke at 2022-04-26T21:41:29+00:00
lib: Remove an unneeded includes.h
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
fb36f23a by Volker Lendecke at 2022-04-26T21:41:29+00:00
lib: Remove an unneeded includes.h
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
6bf8243c by Volker Lendecke at 2022-04-26T21:41:29+00:00
lib: Remove smb_threads from includes.h
Only used in libsmb_context.c
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
54050236 by Volker Lendecke at 2022-04-26T21:41:29+00:00
ldb: Avoid an "else"
We return in the if-branch, easier to read this way.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
734e4377 by Volker Lendecke at 2022-04-26T21:41:29+00:00
smbd: fd_handle.h does not need includes.h
Move includes.h for struct files_struct to fd_handle.c. Both
printing.c and smb1_utils.c depended on fd_handle.h to include the
prototypes. Do that explicitly in those files.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f2eee5c5 by Volker Lendecke at 2022-04-26T21:41:29+00:00
smbd: Remove unused arguments from dup_file_fsp()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
eed6869d by Volker Lendecke at 2022-04-26T22:38:59+00:00
smbd: Slightly simplify call_trans2qpipeinfo()
Pass down "fsp" and "info_level", no need to parse this inside
call_trans2qpipeinfo() when the caller also has to do it.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Apr 26 22:38:59 UTC 2022 on sn-devel-184
- - - - -
03d0dd26 by Christof Schmitt at 2022-04-28T07:59:47+00:00
vfs_gpfs: Ignore pathref fds for gpfs:recalls check
Setting gpfs:recalls=no should prevent data access to offline files.
Since Samba 4.14, the VFS openat function is also called with O_PATH to
get a reference to the path. These accesses should not be blocked,
otherwise this would prevent offline files from being included in
directory listings.
Fix this by skipping the check for pathref fds.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15055
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Thu Apr 28 07:59:47 UTC 2022 on sn-devel-184
- - - - -
804a19ca by Volker Lendecke at 2022-04-28T13:12:33+00:00
smbd: Pass up stat-info from openat_pathref_fsp() on error
If openat_pathref_fsp() fails, callers might want to inspect the stat
info. If we really failed on STOPPED_ON_SYMLINK, the caller might need
to know this, although openat_pathref_fsp() masked this error.
As there is no smb_fname->fsp returned from openat_pathref_fsp() on
error, we need to pass this up in smb_fname itself.
This essentially reverts de439cd03047, which does basically the same
thing but is too specific. We need to cover the general !O_PATH case
more broadly.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
02f6130c by Volker Lendecke at 2022-04-28T13:12:33+00:00
vfs: Add SMB_VFS_GET_REAL_FILENAME_AT
In a patchset that I'm working on right now there's the need to call
getrealfilename while the code does have a pathref fsp already
around. Doing the name-based call including non_widelink_open is not
necessary in this case. Start by adding the _at based call to the VFS.
For now, fall back to the name-based call. glusterfs-fuse will in a
future patch be converted to fgetxattr.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
df29512b by Volker Lendecke at 2022-04-28T13:12:33+00:00
smbd: Add openat_internal_dir_from_pathref()
If we have a directory pathref fsp, do an openat(dirfd, ".", O_RDONLY)
to cheaply get a real directory handle.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
973212e8 by Volker Lendecke at 2022-04-28T13:12:33+00:00
smbd: Add OpenDir_from_pathref
Like OpenDir() starting from a directory pathref fsp
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
dcdc2585 by Volker Lendecke at 2022-04-28T13:12:33+00:00
smbd: Introduce get_real_filename_full_scan_at()
Make get_real_filename_full_scan() a wrapper.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
c4d4fa68 by Volker Lendecke at 2022-04-28T13:12:33+00:00
smbd: Add get_real_filename_at()
Make get_real_filename() a wrapper.
Right now shadow_copy2 does a fallback to do get_real_filename() on
the twrp=0 tree in case of snapdirseverywhere because snapdirs can be
somewhere deep in the tree, and doing that correctly would be a
full-tree walk. I'd say that snapdirseverywhere is impossible to
implement if you want symlink safety, i.e. careful top-down tree
traversal together with snapdirseverywhere. If you have
snapdirseverywhere you need to pass down the full path very deep down,
which contradicts our fd-based approach we want to take.
Also, I believe that our test does not 100% correctly reflect what
actually is there: My understanding is that if you activate
snapdirseverywhere for example in GPFS, you see all snapshots at every
level (this would need to be verified). Our test does something more
nasty: It creates and tests a specific snapshot only at one place deep
in the directory hierarchy, which makes it impossible to find without
the full path.
This is all a big mess, but for now we need to deal with it. This adds
the twrp=0 fallback to core smbd, but I don't see any other way to do
that properly. And I do want a fd-based getrealfilename....
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
cf60c51d by Volker Lendecke at 2022-04-28T13:12:33+00:00
vfs: Implement ceph_snap_gmt_get_real_filename_at()
Copy the logic from ceph_snap_gmt_get_real_filename(). This is
untested in autobuild, but as ceph is broken anyway due to
812cb602e3be, we need to talk to the ceph developers before 4.17.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
ba6f7cfe by Volker Lendecke at 2022-04-28T13:12:33+00:00
vfs: Implement vfs_gluster_fuse_get_real_filename_at()
Needs testing in a real gluster environment
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
5aca0056 by Volker Lendecke at 2022-04-28T13:12:33+00:00
vfs: Implement vfs_gluster_get_real_filename_at()
gluster seems not to implement O_PATH, so it should be possible to do
a glfs_fgetxattr() on the pathref dirfsp.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
b21cd4c8 by Volker Lendecke at 2022-04-28T13:12:33+00:00
vfs: Implement vfs_gpfs_get_real_filename_at()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
2e1d2083 by Volker Lendecke at 2022-04-28T13:12:33+00:00
vfs: Implement shadow_copy2_get_real_filename_at()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
2c05ebe9 by Volker Lendecke at 2022-04-28T13:12:33+00:00
vfs: Implement snapper_gmt_get_real_filename_at()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
89bffa14 by Volker Lendecke at 2022-04-28T13:12:33+00:00
smbd: Use SMB_VFS_GET_REAL_FILENAME_AT() in dptr_ReadDirName()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
de9986fb by Volker Lendecke at 2022-04-28T13:12:33+00:00
vfs: Remove name-based SMB_VFS_GET_REAL_FILENAME()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
6086a73f by Volker Lendecke at 2022-04-28T13:12:33+00:00
Revert "vfs: remove dirfsp arg from SMB_VFS_CREATE_FILE()"
This reverts commit 322574834f1e71bc01f21be9059ca4d386517c84.
Not strictly a revert anymore, but for future work we do need "dirfsp"
in create_file_default() passed through the VFS.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
eb3c47ac by Ralph Boehme at 2022-04-28T13:12:33+00:00
CI: use native Python functions to detect system and release
This ensures we detect the runtime system and release, not the ones
when Samba was build. It's necessary to detect the correct kernel
version we're running on because for kernels before 5.3.1 O_PATH opens
unnecessarily broke kernel oplocks, which breaks our tests. And in
gitlab it can happen that we build on kernels after 5.3.1 and later
run on older kernels. In this situation we can't run kernel oplock
tests.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
c1a3104a by Volker Lendecke at 2022-04-28T13:12:33+00:00
smbd: Pass dirfsp to create_file_unixpath()
Will be used soon.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
29fa2f51 by Volker Lendecke at 2022-04-28T13:12:33+00:00
smbd: Only create an artificial dirfsp when necessary
parent_pathref() is expensive, and we should avoid it if possible.
Not effective at this point, we always pass in NULL, but will be used
soon.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
fde4363f by Volker Lendecke at 2022-04-28T13:12:33+00:00
smbd: Add filename_convert_dirfsp()
As part of the filename_convert() process, keep a pathref dirfsp of
the containing directory for later use. This avoids having to do
another non_widelink_open() on every SMB2_CREATE and ntcreate&x in
later patches.
Future work will be to go through other filename_convert() calls and
make them use filename_convert_dirfsp(). If we manage to convert all
of them except the one in filename_convert_dirfsp() itself, we can
simplify filename_convert() and unix_convert() significantly.
Too large a patch, but I don't know how to split this up into smaller
logic pieces.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
5efa2ddd by Volker Lendecke at 2022-04-28T13:12:33+00:00
smbd: Use filename_convert_dirfsp() in reply_ntcreate_and_X()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
922261d7 by Volker Lendecke at 2022-04-28T14:02:53+00:00
smbd: Use filename_convert_dirfsp() in smbd_smb2_create_send()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Thu Apr 28 14:02:53 UTC 2022 on sn-devel-184
- - - - -
07081d03 by Stefan Metzmacher at 2022-04-28T15:23:24+00:00
script/autobuild.py: allow to run from within git rebase -i
The 'git clone' used by autobuild.py fails if
GIT_DIR and GIT_WORK_TREE are already defined in the
environment.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Thu Apr 28 15:23:24 UTC 2022 on sn-devel-184
- - - - -
bb329d4d by Jeremy Allison at 2022-04-29T14:57:29+00:00
s4: torture: Add a new test - samba3.smb2.durable-open.stat-open.
Passes against Windows. Shows that Windows allows a durable handle
on a leased open for READ_ATTRUBUTES only (a stat open).
Mark as knownfail for now.
NB. Not sure why we are testing smb2.durable-open against ad_dc
as that provisioning has "smb2 leases = no" which precludes
granting durable handles. Not changing for this bug but this
should be looked at in future.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15042
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
fe7daae8 by Jeremy Allison at 2022-04-29T15:50:21+00:00
s3: smbd: Allow a durable handle on a leased stat-open.
Remove knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15042
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Fri Apr 29 15:50:21 UTC 2022 on sn-devel-184
- - - - -
d900e939 by Samuel Cabrero at 2022-04-30T00:10:34+00:00
s3:winbind: Pass the challenge to winbind_dual_SamLogon() as a data blob
Next commits will covert the winbindd_dual_pam_auth_crap() function to a
local RPC call handler receiving the challenge as a DATA_BLOB in the 'r'
struct.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
8f7adb9e by Samuel Cabrero at 2022-04-30T00:10:34+00:00
s3:winbind: Remove unnecesary condition to reduce indentation level
Best viewed with git show --ignore-space-change.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
fc4cb625 by Samuel Cabrero at 2022-04-30T00:10:34+00:00
s3:winbind: Remove unnecessary jump to label
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
efc97296 by Samuel Cabrero at 2022-04-30T00:10:34+00:00
s3:winbind: Use uint8_t for authoritative flag
It is the type used in the winbindd_response struct.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
74a511a8 by Samuel Cabrero at 2022-04-30T00:10:34+00:00
s3:winbind: Move big NTLMv2 blob checks to parent process
The winbindd_dual_pam_auth_crap() function will be converted to a local
RPC call handler and it won't receive a winbindd_cli_state struct. Move
the checks accessing this struct to the parent.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d4564d98 by Samuel Cabrero at 2022-04-30T00:10:34+00:00
s3:rpc_client: Fix memory allocation hierarchy
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f8fa3331 by Samuel Cabrero at 2022-04-30T00:10:34+00:00
s3:winbind: Use temp memory context in winbindd_pam_auth_pac_verify()
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
0b4d581d by Samuel Cabrero at 2022-04-30T00:10:34+00:00
s3:winbind: Refactor winbindd_pam_auth_crap_{send,recv}
Move the code filling the winbindd_response to a common place,
winbindd_pam_auth_crap_recv().
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
dd69be80 by Samuel Cabrero at 2022-04-30T00:10:34+00:00
s3:winbind: Refactor winbindd_pam_auth_crap_{send,recv}
The winbindd_dual_pam_auth_crap() will be converted to a local RPC call
handler and the winbindd_response won't be filled by the child process
but in the parent's winbindd_pam_auth_crap_recv() function.
Move all code filling the winbindd_response struct to a common place,
winbindd_pam_auth_crap_recv().
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c68f21f2 by Samuel Cabrero at 2022-04-30T00:10:34+00:00
s3:winbind: Convert PAM_AUTH_CRAP from struct based to NDR based
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
7b573599 by Samuel Cabrero at 2022-04-30T00:10:34+00:00
examples: Update winbind.stp and generate script
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1dfa1932 by Samuel Cabrero at 2022-04-30T01:07:12+00:00
s3:winbind: Remove unused functions
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Sat Apr 30 01:07:12 UTC 2022 on sn-devel-184
- - - - -
f661ef67 by Ralph Boehme at 2022-05-02T19:13:31+00:00
smbd: add fstat_before_close fsp flag and logic
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
4c7921e5 by Ralph Boehme at 2022-05-02T19:13:31+00:00
smbd: pass fsp as pointer-pointer to smbd_smb2_close()
Prepares for NULLing state->in_fsp in the next commit.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1808e5c1 by Ralph Boehme at 2022-05-02T19:13:31+00:00
smbd: optimize and streamline smbd_smb2_close()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
03894de3 by Joseph Sutton at 2022-05-02T19:13:31+00:00
rpc_server/lsa: Match Windows security descriptor
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
7e2cc5ed by Joseph Sutton at 2022-05-02T19:13:31+00:00
s4/dsdb/repl_meta_data: Receive function arguments in correct order
The incorrect ordering was introduced in commit
b9c5417b523c4c53cb275c12ec84bbc849705bec.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15007
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
bc22d5eb by Stefan Metzmacher at 2022-05-02T19:13:31+00:00
lib/util: add tests for data_blob_append() with the resulting blob length=0
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15050
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
8ca99c25 by Stefan Metzmacher at 2022-05-02T19:13:31+00:00
lib/util: data_blob_append() should not fail if both parts have length=0
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15050
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
54c6cf86 by Stefan Metzmacher at 2022-05-02T20:13:10+00:00
libcli/smb: allow SMB2 Negotiate responses with security_offset = 0 and security_length = 0
This fixes connections against the Azure SMB3 server.
It's not possible to demonstrate the bug with a test and a knownfail
entry, because it fails to even startup the test environments,
but the following change to our server demonstrates the problem
and shows the fix works:
diff --git a/source3/smbd/smb2_negprot.c b/source3/smbd/smb2_negprot.c
index da567951c0bf..25fdaea2df7b 100644
--- a/source3/smbd/smb2_negprot.c
+++ b/source3/smbd/smb2_negprot.c
@@ -711,6 +711,8 @@ NTSTATUS smbd_smb2_request_process_negprot(struct smbd_smb2_request *req)
}
}
+ security_buffer = data_blob_null;
+
if (out_negotiate_context_blob.length != 0) {
static const uint8_t zeros[8];
size_t pad = 0;
@@ -759,6 +761,8 @@ NTSTATUS smbd_smb2_request_process_negprot(struct smbd_smb2_request *req)
return smbd_smb2_request_error(req, NT_STATUS_NO_MEMORY);
}
+ security_offset = 0;
+
SSVAL(outbody.data, 0x00, 0x40 + 1); /* struct size */
SSVAL(outbody.data, 0x02,
security_mode); /* security mode */
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15050
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon May 2 20:13:10 UTC 2022 on sn-devel-184
- - - - -
e93d73b6 by Andrew Bartlett at 2022-05-02T23:15:37+00:00
docs: Explain the impact of "ntlm auth = disabled" on simple bind forwarding
An RODC will forward an LDAP Simple bind, just like any other authentication,
when the password is not present locally.
If the full DC does not support NTLMv2 authentication this forwarded password
will be rejected. A future Samba version should prefer Kerberos or send the
plaintext, but we can not change the MS Windows behaviour, so we document this.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
bfbae4f9 by Andreas Schneider at 2022-05-02T23:15:37+00:00
s3:tests: Reformat dlopen.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b4ee11d0 by Andreas Schneider at 2022-05-02T23:15:37+00:00
s3:tests: Reformat printing_var_exp_lpr_cmd.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
facc2c00 by Andreas Schneider at 2022-05-02T23:15:37+00:00
s3:tests: Reformat test_acl_xattr.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6aaf527f by Andreas Schneider at 2022-05-02T23:15:37+00:00
s3:tests: Reformat test_aio_outstanding.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a3d0655e by Andreas Schneider at 2022-05-02T23:15:37+00:00
s3:tests: Reformat test_async_req.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9d32559f by Andreas Schneider at 2022-05-02T23:15:37+00:00
s3:tests: Reformat test_chdir_cache.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0d29cbf0 by Andreas Schneider at 2022-05-02T23:15:37+00:00
s3:tests: Reformat test_close_denied_share.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
45b64848 by Andreas Schneider at 2022-05-03T00:10:53+00:00
s3:tests: Reformat test_deadtime.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Tue May 3 00:10:53 UTC 2022 on sn-devel-184
- - - - -
490e5f4d by Martin Schwenke at 2022-05-03T09:19:31+00:00
ctdb-mutex: Don't pass NULL to tevent_req_is_unix_error()
If there is an error then this pointer is unconditionally
dereferenced.
However, the only possible error appears to be ENOMEM, where a crash
caused by dereferencing a NULL pointer isn't a terrible outcome. In
the absence of a security issue this is probably not worth
backporting.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
d52b497d by Martin Schwenke at 2022-05-03T09:19:31+00:00
ctdb-locking: Don't pass NULL to tevent_req_is_unix_error()
If there is an error then this pointer is unconditionally
dereferenced.
However, the only possible error appears to be ENOMEM, where a crash
caused by dereferencing a NULL pointer isn't a terrible outcome. In
the absence of a security issue this is probably not worth
backporting.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
6d3c9e64 by Martin Schwenke at 2022-05-03T09:19:31+00:00
ctdb-tests: Use test_case() to help document test cases
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
d57d624a by Martin Schwenke at 2022-05-03T09:19:31+00:00
ctdb-build: Drop unnecessary uses of include/ sub-directory
None of these include any files from the include/ sub-directory.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
73b27def by Martin Schwenke at 2022-05-03T09:19:31+00:00
build: Add missing ctdb-client dependencies
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
d39377d6 by Martin Schwenke at 2022-05-03T09:19:31+00:00
ctdb-tests: Provide a method to dump the stack on abort
Some tests make generous use of assert() and it can be difficult to
guess the cause of failures without resorting to GDB. This provides
some help.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
64275fc1 by Martin Schwenke at 2022-05-03T10:13:23+00:00
ctdb-tests: Add backtrace on abort to some tests
These are easier to debug with a backtrace.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay at samba.org>
Autobuild-Date(master): Tue May 3 10:13:23 UTC 2022 on sn-devel-184
- - - - -
a49a5702 by David Mulder at 2022-05-03T20:55:32+00:00
gpo: Correct CA Initilization to obey [MS-CAESO]
fetch_certification_authorities() did not
correctly obey the [MS-CAESO] spec.
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
45d76eca by David Mulder at 2022-05-03T20:55:32+00:00
gpo: Certificate Auto Enroll correctly check templates
[MS-CAESO] 4.4.5.3.2.4 and 4.4.5.3.2.4.2 explain
to fetch templates via cep, then to gather attrs
for the templates after. This code was reversed.
This will matter when implementing advanced
endpoint configuration.
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
6171dfc5 by David Mulder at 2022-05-03T20:55:32+00:00
gpo: Fix crash in Cert Auth Enroll RSOP
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ab2ef316 by David Mulder at 2022-05-03T20:55:32+00:00
gpo: Generalize Cert Auto Enroll CA data
This will simplify fetching CAs from the
Registry.pol in a follow up commit.
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a54d7074 by David Mulder at 2022-05-03T20:55:32+00:00
gpo: Test Cert Auto Enroll Advanced Config
Adds advanced configuration to the testing of
certificate auto enrollment. Currently fails.
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ddeedcb6 by David Mulder at 2022-05-03T21:48:57+00:00
gpo: Add Cert Auto Enroll Advanced Config
Advanced configuration for Certifcate Auto
Enrollment is stored on the sysvol, and needs
to be parsed/used when provided.
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue May 3 21:48:57 UTC 2022 on sn-devel-184
- - - - -
5348bd80 by Andrew Bartlett at 2022-05-05T00:27:33+00:00
dsdb: Clarify that most errors in make_error_and_update_badPwdCount() are not returned
This is mainly just to be clear, and was done while failing to work around compiler
warnings.
For the curious it was gcc version 4.8.5 20150623 (Red Hat 4.8.5-44) (CentOS 7)
build with -O3, which gave with other, later patches:
../../source4/dsdb/samdb/ldb_modules/password_hash.c: In function ‘check_password_restrictions_and_log’:
../../source4/dsdb/samdb/ldb_modules/password_hash.c:3231:5: error: assuming signed overflow does not occur when simplifying conditional to constant [-Werror=strict-overflow]
if (ret == LDB_SUCCESS) {
^
Regardless, we make it clear that all values assigned to "ret" are
local small constants.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
332b874a by Joseph Sutton at 2022-05-05T00:27:33+00:00
samba-tool tests: Remove unused variable
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c3b2dae0 by Joseph Sutton at 2022-05-05T00:27:33+00:00
samba-tool user: Remove unused imports
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f85f6f89 by Joseph Sutton at 2022-05-05T00:27:33+00:00
samba-tool user: Consistently return a tuple
We would get an error when get_userPassword_hash() returned None, as
get_virtual_crypt_value() would try to unpack the result as a 2-element
tuple.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a9caf760 by Andrew Bartlett at 2022-05-05T00:27:33+00:00
selftest: Rework password_lockout_base.py to allow logon_basics test to be run in ad_dc_no_ntlm
We need to ensure that even if NTLM is disabled, that the test
can still bootstrap and fail normally.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
127fe361 by Andrew Bartlett at 2022-05-05T00:27:33+00:00
selftest: Run some tests in the ad_dc_no_ntlm environment to show expected behaviour
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
08904752 by Joseph Sutton at 2022-05-05T00:27:33+00:00
tests/passwords: Remove unused imports
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c294f729 by Joseph Sutton at 2022-05-05T00:27:33+00:00
tests/passwords: Add tests for password history with simple binds
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2f17cbf3 by Joseph Sutton at 2022-05-05T00:27:33+00:00
tests/krb5: Allow passing expected etypes to get_keys()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7a36b018 by Andrew Bartlett at 2022-05-05T01:19:54+00:00
dsdb: Do not reuse "ret" variable as return code and for memcmp() comparison
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu May 5 01:19:54 UTC 2022 on sn-devel-184
- - - - -
cdecce9c by Andreas Schneider at 2022-05-05T02:47:38+00:00
s3:tests: Reformat test_delete_veto_files_only_rmdir.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
fcbcfc86 by Andreas Schneider at 2022-05-05T02:47:38+00:00
s3:tests: Reformat test_dfree_command.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4d79f8e1 by Andreas Schneider at 2022-05-05T02:47:38+00:00
s3:tests: Reformat test_dfree_quota.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7366bd11 by Andreas Schneider at 2022-05-05T02:47:38+00:00
s3:tests: Reformat test_dropbox.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
cc606c7c by Andreas Schneider at 2022-05-05T03:42:13+00:00
s3:tests: Reformat test_durable_handle_reconnect.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu May 5 03:42:13 UTC 2022 on sn-devel-184
- - - - -
ce1a0119 by Andreas Schneider at 2022-05-05T11:00:35+00:00
s3:tests: Reformat test_failure.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ce301a78 by Andreas Schneider at 2022-05-05T11:00:35+00:00
s3:tests: Reformat test_fifo.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2af74a2b by Andreas Schneider at 2022-05-05T11:00:35+00:00
s3:tests: Reformat test_force_close_share.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c72b4805 by Andreas Schneider at 2022-05-05T11:00:35+00:00
s3:tests: Reformat test_force_create_mode.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3c313a21 by Andreas Schneider at 2022-05-05T11:00:35+00:00
s3:tests: Reformat test_force_group_change.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f1e40238 by Andreas Schneider at 2022-05-05T11:00:35+00:00
s3:tests: Reformat test_force_user_unlink.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
cda4db7d by Andreas Schneider at 2022-05-05T11:53:51+00:00
s3:tests: Reformat test_forceuser_validusers.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Thu May 5 11:53:51 UTC 2022 on sn-devel-184
- - - - -
83019310 by Douglas Bagnall at 2022-05-05T13:42:32+00:00
py/gp_cert_auto_enroll_ext: avoid shadowing loop variable
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: David Mulder <dmulder at suse.com>
- - - - -
6d20b7fe by Douglas Bagnall at 2022-05-05T13:42:32+00:00
py/gp_cert_auto_enroll_ext: avoid redundant iteration
self.__read_cep_data() does a 'for end_point_group in end_point_information:',
and we don't need to do it outside
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: David Mulder <dmulder at suse.com>
- - - - -
e008c8f8 by Douglas Bagnall at 2022-05-05T14:39:50+00:00
python/gp_cert_auto_enroll: removed unused imports
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: David Mulder <dmulder at suse.com>
Autobuild-User(master): David Mulder <dmulder at samba.org>
Autobuild-Date(master): Thu May 5 14:39:50 UTC 2022 on sn-devel-184
- - - - -
3453ab99 by John Mulligan at 2022-05-06T17:16:30+00:00
s3/lib/smbconf: replace uses of talloc_tos with talloc_stackframe
There are two calls to talloc_tos in the smbconf registry code.
In order not to make callers of this library have to "know" what
calls need an existing talloc stackframe, convert these uses
to match other functions in the same file that already use
talloc_stackframe.
Signed-off-by: John Mulligan <jmulligan at redhat.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
f0e15774 by John Mulligan at 2022-05-06T17:16:30+00:00
s3/lib/smbconf: add talloc_stackframe to smbconf_init_reg
Previously, if this function was called without an existing stackframe
then uses of talloc_tos in source3/registry trigger a panic. Since we
intend to add patches that allow access to this call with Python
bindings, that will not typically have a talloc_stackframe already, we
add a talloc_stackframe call around the call to
smbconf_init_reg_internal. This hides the use of talloc_tos in the
registry code from higher level code that needs to call smbconf.
Signed-off-by: John Mulligan <jmulligan at redhat.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
f74d163e by John Mulligan at 2022-05-06T17:16:30+00:00
lib/smbconf: move python smbconf type definition to header
Moving the definition of the type to a header file will allow
future reuse of the C-type fields in a different C-API python
module.
Signed-off-by: John Mulligan <jmulligan at redhat.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
fcd50ea4 by John Mulligan at 2022-05-06T17:16:30+00:00
lib/smbconf: add a python function for raising smbconf exceptions
The previous implementation in C was private to the module. Add
a small python wrapper function so that a different python module
may reuse the implementation.
The python level function is prefixed with "_" to mark it as
"private". Only future cooperating modules in the samba sources
should make use of it.
The function is shared at the python level as per the recommendation:
https://stackoverflow.com/a/2136670
Signed-off-by: John Mulligan <jmulligan at redhat.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
733ac02b by John Mulligan at 2022-05-06T17:16:30+00:00
source3/lib/smbconf: add python bindings for init functions
Add functions that allow python to access the registry back-end
initialization function as well as the "general" init function
that parses the back-end out of given string "path".
With the registry back-end it will be possible to implement and
test read-write functions of smbconf API in the future.
Signed-off-by: John Mulligan <jmulligan at redhat.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
67807a64 by John Mulligan at 2022-05-06T17:16:30+00:00
python/samba/tests: add test cases for s3/registry init funcs
A previous change added smbconf initialization functions that allow
access to the registry back-end. Add some simple tests cases that
exercise these new functions.
Signed-off-by: John Mulligan <jmulligan at redhat.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
eb84f67e by John Mulligan at 2022-05-06T17:16:30+00:00
lib/smbconf: add create_share method to SMBConf
Add a create_share method wrapping smbconf_create_share.
Signed-off-by: John Mulligan <jmulligan at redhat.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
ff603de5 by John Mulligan at 2022-05-06T17:16:30+00:00
lib/smbconf: add drop method to SMBConf
Add a drop method wrapping smbconf_drop.
Signed-off-by: John Mulligan <jmulligan at redhat.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
565d8ae8 by John Mulligan at 2022-05-06T17:16:30+00:00
lib/smbconf: add set_parameter method to SMBConf
Add a set_parameter method wrapping smbconf_set_parameter.
Signed-off-by: John Mulligan <jmulligan at redhat.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
35df07d5 by John Mulligan at 2022-05-06T17:16:30+00:00
lib/smbconf: add set_global_parameter method to SMBConf
Add a set_global_parameter method wrapping smbconf_set_global_parameter.
Signed-off-by: John Mulligan <jmulligan at redhat.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
7e4bc419 by John Mulligan at 2022-05-06T17:16:30+00:00
lib/smbconf: add delete_share method to SMBConf
Add a delete_share method wrapping smbconf_delete_share.
Signed-off-by: John Mulligan <jmulligan at redhat.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
2b6bd70c by John Mulligan at 2022-05-06T17:16:30+00:00
lib/smbconf: add create_set_share method to SMBConf
Add the create_set_share method wrapping smbconf_create_set_share.
This method is one of the most complex as it must "unpack" the list
of key-value pairs from python and convert that to a `struct
smbconf_service` for the smbconfig C API.
Signed-off-by: John Mulligan <jmulligan at redhat.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
64a36f5b by John Mulligan at 2022-05-06T17:16:30+00:00
lib/smbconf: add delete_parameter method to SMBConf
Add a delete_parameter method wrapping smbconf_delete_parameter.
Signed-off-by: John Mulligan <jmulligan at redhat.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
cc26fe82 by John Mulligan at 2022-05-06T17:16:30+00:00
lib/smbconf: add delete_global_parameter method to SMBConf
Add a delete_global_parameter method wrapping smbconf_delete_global_parameter.
Signed-off-by: John Mulligan <jmulligan at redhat.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
f9df5704 by John Mulligan at 2022-05-06T18:14:30+00:00
lib/smbconf: add python wrapper functions for transaction management
The smbconf API supports transactions. This changes adds wrapper
functions transaction_start, transaction_commit, and transaction_cancel.
It also adds tests for the functions, one of which demonstrates a
semi-pythonic way to use said functions.
Signed-off-by: John Mulligan <jmulligan at redhat.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri May 6 18:14:30 UTC 2022 on sn-devel-184
- - - - -
2fb3658e by Joseph Sutton at 2022-05-10T05:19:34+00:00
samba-tool processes: Remove unused loop
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
d303a0be by Joseph Sutton at 2022-05-10T05:19:34+00:00
python/xattr: Properly process system.posix_acl_access
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
b9d12c70 by Joseph Sutton at 2022-05-10T05:19:34+00:00
examples: Remove unused imports
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
74c86aa5 by Joseph Sutton at 2022-05-10T05:19:34+00:00
examples: Make netbios.py work with Python 3
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
b2c94d3e by Joseph Sutton at 2022-05-10T05:19:34+00:00
examples: Make samr.py work with Python 3
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
5104a791 by Joseph Sutton at 2022-05-10T05:19:34+00:00
samba-tool gpo tests: Fix unintended string concatenations
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
0eb3041b by Joseph Sutton at 2022-05-10T05:19:34+00:00
samba-tool gpo: Fix unintended string concatenations
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
ba54c9cc by Joseph Sutton at 2022-05-10T05:19:34+00:00
python: Remove unnecessary 'pass' statements
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
ed9d415c by Joseph Sutton at 2022-05-10T05:19:34+00:00
wafsamba: Fix previously unreachable exception path
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
b481ceaa by Joseph Sutton at 2022-05-10T05:19:34+00:00
samba-tool: Don't try to delete local_tdo_handle twice.
This code is unreachable, as local_tdo_handle has already been deleted
and set to None earlier.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
6c1142da by Joseph Sutton at 2022-05-10T05:19:34+00:00
selftest: Remove unreachable return statement
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
6893e2c1 by Joseph Sutton at 2022-05-10T05:19:34+00:00
wintest: Remove unreachable return statement
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
79f591ed by Joseph Sutton at 2022-05-10T05:19:34+00:00
python/wscript: Remove unused format() argument
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
139f00c3 by Joseph Sutton at 2022-05-10T05:19:34+00:00
source4/scripting/bin: Remove unnecessary global declarations
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
455c083e by Joseph Sutton at 2022-05-10T05:19:34+00:00
python: Remove redundant assignments
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
6586ac03 by Joseph Sutton at 2022-05-10T05:19:34+00:00
kcc: Don't reuse outer loop variable for inner loop
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
29365195 by Joseph Sutton at 2022-05-10T06:12:10+00:00
python: Use 'is' for identity when comparing against None
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Tue May 10 06:12:10 UTC 2022 on sn-devel-184
- - - - -
fa0430b2 by Pavel Filipenský at 2022-05-10T17:31:31+00:00
s3:lib: fix trailing whitespaces
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
463f694d by Pavel Filipenský at 2022-05-10T17:31:31+00:00
s3:lib: reset all tevent trace callbacks in reinit_after_fork()
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
With "tevent: add event trace api" we have now more callbacks to reset.
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
7dbb5277 by Pavel Filipenský at 2022-05-10T17:31:31+00:00
debug: fix trailing whitespace
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e48fc192 by Pavel Filipenský at 2022-05-10T17:31:31+00:00
debug: add debug_traceid_set/get() interface
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f2fa3706 by Pavel Březina at 2022-05-10T17:31:31+00:00
s3:winbindd add "'winbind debug traceid" support via tevent tracing
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
7c2d7930 by Pavel Filipenský at 2022-05-10T17:31:31+00:00
docs-xml: document "winbind debug traceid" in smb.conf
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
8da5ec60 by Pavel Filipenský at 2022-05-10T17:31:31+00:00
winbind: enable "debug traceid" in main winbindd
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
4580fd10 by Pavel Filipenský at 2022-05-10T18:25:01+00:00
winbind: send "debug traceid" from winbindd parent to child
Bumping WINBIND_INTERFACE_VERSION to 32
Pair-Programmed-With: Andreas Schneider <asn at samba.org>
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue May 10 18:25:01 UTC 2022 on sn-devel-184
- - - - -
c28e4396 by David Mulder at 2022-05-10T19:13:29+00:00
gpo: Test Centrify Compatible Sudoers Extension
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d68270eb by David Mulder at 2022-05-10T19:13:29+00:00
gpo: Add Centrify Compatible Sudoers Extension
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
fe0aa82b by David Mulder at 2022-05-10T19:13:29+00:00
gpo: Test Centrify Compatible Crontab Extensions
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
17ba8120 by David Mulder at 2022-05-10T20:05:48+00:00
gpo: Add Centrify Compatible Crontab Extensions
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue May 10 20:05:48 UTC 2022 on sn-devel-184
- - - - -
dd568490 by Andrew Bartlett at 2022-05-10T23:05:31+00:00
.gitlab-ci: Work around new git restrictions arising from CVE-2022-24765
It was realised that git would run commands found in a git repo
(eg from configuration).
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
c771d197 by Andrew Bartlett at 2022-05-10T23:05:31+00:00
bootstrap: chown the whole cloned repo, not just the subfolders
Modern git versions have started to notice the possible security issue.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
7244a644 by Andrew Bartlett at 2022-05-10T23:05:31+00:00
bootstrap: matplotlib is not a real Samba dep
This came in via the original list of packages used
at Catalyst when building Samba for testing, in particular
related to an example LDB module to trace LDB requests.
There is no testing need for this even in make test.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
a71c6240 by Joseph Sutton at 2022-05-10T23:05:31+00:00
tests/samba-tool user_wdigest: Remove unused imports
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
05a7092f by Joseph Sutton at 2022-05-10T23:05:31+00:00
tests/samba-tool user_wdigest: Fix flapping test
The randomly-generated password for the user account may be too weak,
causing account creation to fail. This leads to further problems, as the
result of the command is not checked, and connecting over LDAP means
transactions cannot be used, leading to a half-created account and
failing tests.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c87ec2d3 by Joseph Sutton at 2022-05-10T23:05:31+00:00
tests/samba-tool user_wdigest: Add accounts to local database
Adding accounts over LDAP means transactions cannot be used, potentially
leading to problems.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9b0f25ec by Joseph Sutton at 2022-05-10T23:05:31+00:00
tests/samba-tool user_wdigest: Check command results
Ensure that the commands to create and delete the user execute
successfully.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e6b61869 by Joseph Sutton at 2022-05-10T23:05:31+00:00
tests/samba-tool user: Add test for adding a user over LDAP
Ensure that we do not end up with half-created accounts.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e6712751 by Joseph Sutton at 2022-05-10T23:05:31+00:00
samdb: Avoid half-created accounts
If newuser() or newcomputer() create an account over LDAP, and an
attempt to modify it (e.g. to change the password) fails, ensure that we
properly clean up the account. If we are connected over LDAP, we won't
have transactions to clean things up for us.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
187635ff by Joseph Sutton at 2022-05-10T23:05:31+00:00
tests/user_check_password_script: Remove unused imports
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ede2fcb5 by Joseph Sutton at 2022-05-10T23:05:31+00:00
tests/user_check_password_script: Don't try to delete user after failed add
The user account should not exist if account creation failed.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0b214d66 by Andreas Schneider at 2022-05-11T00:04:55+00:00
gitignore: Add .ropeproject for pylsp-rope plugin
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed May 11 00:04:55 UTC 2022 on sn-devel-184
- - - - -
be2e2044 by Jeremy Allison at 2022-05-11T18:06:42+00:00
s3: libsmbclient: Cope with SMB2 servers that return STATUS_USER_SESSION_DELETED on a SMB2_ECHO (SMB2_OP_KEEPALIVE) call with a NULL session.
This is already tested by smb2.session.expire which
shows that Windows and Samba servers don't need this,
but some third party server are returning STATUS_USER_SESSION_DELETED
with a NULL sessionid.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13218
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Bjoern Jacke <bjacke at samba.org>
Autobuild-User(master): Björn Jacke <bjacke at samba.org>
Autobuild-Date(master): Wed May 11 18:06:42 UTC 2022 on sn-devel-184
- - - - -
eddefe3c by Douglas Bagnall at 2022-05-12T02:22:35+00:00
util/base64: decode_data_blob_talloc catches talloc error
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4bcdc3bf by Matt Suiche at 2022-05-12T02:22:35+00:00
compression tests: add LZXpress tests based on [MS-XCA]
MS-XCA contains examples, and we should at least get those right.
Signed-off-by: Matt Suiche <msuiche at comae.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f67ff611 by Matt Suiche at 2022-05-12T02:22:35+00:00
compression tests: add test for legacy compressed data
Signed-off-by: Matt Suiche <msuiche at comae.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a8fb4524 by Matt Suiche at 2022-05-12T02:22:35+00:00
compression: fix lzxpress_decompress
Signed-off-by: Matt Suiche <msuiche at comae.com>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
8f7fbc5c by Matt Suiche at 2022-05-12T02:22:35+00:00
compression: lzxpress_compress: fix no-op shift of 0
Signed-off-by: Matt Suiche <msuiche at comae.com>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
3c2f1f03 by Matt Suiche at 2022-05-12T02:22:35+00:00
compression: fix lzxpress-compress
Signed-off-by: Matt Suiche <msuiche at comae.com>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
eb7f139d by Joseph Sutton at 2022-05-12T02:22:35+00:00
compression tests: Add additional compression tests
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9516b268 by Joseph Sutton at 2022-05-12T02:22:35+00:00
compression: Use explicit data sizes
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d368fa61 by Joseph Sutton at 2022-05-12T02:22:35+00:00
compression: Consistently use PUSH_LE_Uxx macros
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f8feac11 by Joseph Sutton at 2022-05-12T02:22:35+00:00
compression: Simplify redundant branches
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
7fab9f90 by Joseph Sutton at 2022-05-12T02:22:35+00:00
compression: Use correct value for nibble_index
Previously, we were setting this to the wrong value and overwriting
existing output data.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
69244b52 by Joseph Sutton at 2022-05-12T02:22:35+00:00
compression: Use correct value for indic_pos
Previously, we were setting this to the wrong value and overwriting
existing output data.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
ea42717c by Joseph Sutton at 2022-05-12T02:22:35+00:00
compression: Simplify code by removing metadata_size variable
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
b1534457 by Joseph Sutton at 2022-05-12T02:22:35+00:00
compression: Make use of CHECK_{IN,OUT}PUT_BYTES macros
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
f2ea8d4c by Joseph Sutton at 2022-05-12T02:22:35+00:00
compression: Simplify code by making indic_pos an index
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
52982c01 by Joseph Sutton at 2022-05-12T02:22:35+00:00
compression: Make use of PUSH_LE_Uxx macros
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b62fbc4a by Joseph Sutton at 2022-05-12T02:22:35+00:00
compression: Remove redundant nibble_index check
If nibble_index is non-zero, we have already written to it, and so don't
need to check again that it is in bounds.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
6f3f1ba5 by Joseph Sutton at 2022-05-12T02:22:35+00:00
compression: Add range check for indic_pos
This now matches the other use of indic_pos.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
417e0c91 by Joseph Sutton at 2022-05-12T02:22:35+00:00
compression: Remove redundant bounds check
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
bb9115e0 by Joseph Sutton at 2022-05-12T02:22:35+00:00
compression: Remove byte_left variable
We can simplify this code using the identity:
byte_left + uncompressed_pos = uncompressed_size
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
430bcd7a by Joseph Sutton at 2022-05-12T02:22:35+00:00
compression: Fix writing output flags
If indic_bit == 0, the shift amount of 32 - indic_bit == 32 will equal
the width of a 32-bit integer type, and these shifts will invoke
undefined behaviour, which is likely to cause incorrect output. Fix this
by not shifting a 32-bit integer type by 32 bits or more.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
0c813ee5 by Joseph Sutton at 2022-05-12T02:22:35+00:00
compression: Remove helper variables str1 and str2
This simplifies the code and makes it clearer.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
41b88d35 by Joseph Sutton at 2022-05-12T02:22:35+00:00
compression: Add bounds check for first output buffer write
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
1a964210 by Joseph Sutton at 2022-05-12T02:22:35+00:00
compression: Use PUSH_LE_U32 for first output buffer write
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5b1f8ea8 by Joseph Sutton at 2022-05-12T02:22:35+00:00
compression: Reduce scope of variables
This makes the code clearer.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
131eb752 by Joseph Sutton at 2022-05-12T02:22:35+00:00
compression: Remove unneeded loop variable
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
fe5fa7e1 by Joseph Sutton at 2022-05-12T02:22:35+00:00
compression: Replace divisions with shifts
This is more consistent with the compression code.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
877f007f by Joseph Sutton at 2022-05-12T02:22:35+00:00
compression: Use correct values for max len and offset
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
075df819 by Joseph Sutton at 2022-05-12T02:22:35+00:00
compression: Move maximum length calculation out of inner loop
This makes the code clearer.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
d8a90d2a by Douglas Bagnall at 2022-05-12T02:22:35+00:00
compression:tests: test lzxpress in some edge cases
Empty strings and trailing flag blocks.
(found with Honggfuzz and a round-trip fuzzer that aborts if the
strings differ).
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1ca44492 by Douglas Bagnall at 2022-05-12T02:22:35+00:00
compression: fix lzxpress decompress with trailing flags
Every so often, lzxpress adds a 32-bit block of indicator flags to
help decode the next clump of 32 code words. A naive compressor (such
as we have) might do this at the very end for flags that aren't
actually used because there are no more bytes to decompress. If that
happens we need to stop processing, or we'll come to worse outcome at
the next CHECK_INPUT_BYTES.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e36cb10b by Douglas Bagnall at 2022-05-12T02:22:35+00:00
compression: lzxpress decompress empty string as empty string
This mirrors the behaviour of lzxpress_compress, which "encodes" an
empty string as an empty string.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
383a7cfe by Douglas Bagnall at 2022-05-12T02:22:35+00:00
compression: remove always false constant comparison
We set `uncompressed_pos = 0;` unconditionally, just ~10 lines up.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
05c76016 by Douglas Bagnall at 2022-05-12T02:22:35+00:00
compression: add a few comments, including MS-XCA pointers.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
505d2879 by Douglas Bagnall at 2022-05-12T02:22:35+00:00
compression:tests: align test names with functions
You'll thank me if you're ever debugging these and wondering why
'lzxpress4' calls 'lzxpress2' (or is it the other way round?).
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6c9fd8fb by Douglas Bagnall at 2022-05-12T02:22:35+00:00
fuzz: add fuzz_lzxpress_compress
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8a91ffa6 by Douglas Bagnall at 2022-05-12T02:22:35+00:00
fuzz: add lzxpress compress/decompress round-trip
We say it is an error to end up at a different result.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c4e57605 by Andrew Bartlett at 2022-05-12T03:18:42+00:00
s4-samr: Fix missing check for GnuTLS errors from E_old_pw_hash()
Not likely to be an issue in the real world as the earlier calls
will have failed if weak crypto was disabled, but this was missed
in dce944e8a1119034f184336f6b71a28080152a0a.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu May 12 03:18:42 UTC 2022 on sn-devel-184
- - - - -
144878ce by David Mulder at 2022-05-12T17:54:32+00:00
gpo: Supress error caused by ldap Cert Auto Enroll config
When the CA url specified on the SYSVOL is 'LDAP:'
this means that configuration should be fetched
from LDAP. This corrects an error message that
was being reported when the URL appeared improper
but really is not. This does not change the
code behavior (it was still working), but
removes the invalid error.
Signed-off-by: David Mulder <dmulder at suse.com>
Revewed-by: Andreas Schneider <asn at samba.org>
- - - - -
dcdc9859 by David Mulder at 2022-05-12T18:45:41+00:00
gpo: Halt Cert Auto Enroll process if data corrupted
If the CA URL cannot be processed, then halt
processing. Otherwise we'll end up in a broken
state later when trying to read from the end
points with missing data.
Signed-off-by: David Mulder <dmulder at suse.com>
Revewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu May 12 18:45:41 UTC 2022 on sn-devel-184
- - - - -
53a55428 by David Mulder at 2022-05-13T14:46:29+00:00
bootstrap: Add python3-requests dependency
Certificate Auto Enrollment will depend on
python3-requests in order to fetch the
root chain.
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
d3e0eec0 by David Mulder at 2022-05-13T14:46:29+00:00
gpo: Remove sscep depends from Cert Auto Enroll
Certificate Auto Enrollment currently depends on
sscep to retrieve the root certificate chain.
This isn't necessary, since this can be
accomplished with a simple GET.
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
73b12a80 by David Mulder at 2022-05-13T14:46:29+00:00
gpo: Fix Cert Auto Enroll docstrings
These were flagged by pydocstyle.
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
8231eaf8 by David Mulder at 2022-05-13T15:38:53+00:00
gpo: Cert Auto Enroll use ldap trust cert if NDES disabled
If the CA does not have the Network Device
Enrollment Service enabled, we can still use the
certificate from the ldap request (unless this is
a complex request and ldap config isn't present).
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Fri May 13 15:38:53 UTC 2022 on sn-devel-184
- - - - -
6781ab11 by Pavel Filipenský at 2022-05-14T03:49:32+00:00
libcli: Fix trailing whitespace in netlogon.c
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
d4e5712c by Pavel Filipenský at 2022-05-14T03:49:32+00:00
libcli: Covscan: unchecked return value for file_save()
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
679942ea by Pavel Filipenský at 2022-05-14T03:49:32+00:00
s4:libcli: Fix trailing whitespace in netlogon.c
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
9cfed3f3 by Pavel Filipenský at 2022-05-14T03:49:32+00:00
s4:libcli: Covscan: unchecked return value for file_save()
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
238d3603 by Pavel Filipenský at 2022-05-14T03:49:32+00:00
s4:libcli: Fix trailing whitespace in browse.c
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
61275099 by Pavel Filipenský at 2022-05-14T03:49:32+00:00
s4:libcli: Covscan: unchecked return value for file_save()
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
91d1d0e4 by Pavel Filipenský at 2022-05-14T03:49:32+00:00
ctdb: Fix trailing whitespace in rb_tree.c
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
8cb65650 by Pavel Filipenský at 2022-05-14T03:49:32+00:00
ctdb: Covscan: unchecked return value for trbt_traversearray32()
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
ccda9c16 by Pavel Filipenský at 2022-05-14T03:49:32+00:00
auth: Fix trailing whitespace in pycredentials.c
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
3960af99 by Pavel Filipenský at 2022-05-14T03:49:32+00:00
auth: Covscan: unchecked return value for cli_credentials_set_smb_encryption()
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
9da9b516 by Pavel Filipenský at 2022-05-14T03:49:32+00:00
s3:libsmb: Covscan: unchecked return value for cli_credentials_set_smb_encryption()
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
26288594 by Pavel Filipenský at 2022-05-14T03:49:32+00:00
s3:smbd Fix trailing whitespace in files.c
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
d3c67823 by Pavel Filipenský at 2022-05-14T04:41:57+00:00
s3:smbd: Covscan: remove dead code
Covscan:
source3/smbd/files.c:575: check_after_deref: Null-checking "fsp" suggests that it
may be null, but it has already been dereferenced on all paths leading to the check.
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Sat May 14 04:41:57 UTC 2022 on sn-devel-184
- - - - -
767ede00 by Anoop C S at 2022-05-17T19:28:30+00:00
vfs_glusterfs: Fix get_real_filename_at implementation
glfd(gluster fd) used in glfs_fgetxattr() for get_real_filename_at()
implementation doesn't correctly point to required directory fd. Since
GlusterFS still don't support *at() variant syscalls we will have to
rely on full path/name constructed out of dirfsp.
Signed-off-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
0633d883 by Anoop C S at 2022-05-17T20:20:05+00:00
vfs_glusterfs: Fix fdopendir implementation
Directory stream returned for fdopendir() within vfs_glusterfs doesn't
correctly point to required directory fd. Since GlusterFS still don't
support *at() variant syscalls we will have to rely on full path/name
constructed out of fsp.
Signed-off-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue May 17 20:20:05 UTC 2022 on sn-devel-184
- - - - -
04309bc6 by Douglas Bagnall at 2022-05-17T22:13:35+00:00
lzxpress/test: time performance of long boring sequences
We get *very* slow when long runs of the bytes are the same. On this
laptop the test takes 18s; with the next commit it will be 0.006s.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
637e7cbd by Douglas Bagnall at 2022-05-17T23:11:21+00:00
lzxpress: compress shortcut if we've reached maximum length
A simple degenerate case for our compressor has been a large number of
repeated bytes that will match the maximum length (~64k) at all 8192
search positions, 8191 of which searches are in vain because the
matches are not of greater length than the first one.
Here we recognise the inevitable and reduce runtime proportionately.
Credit to OSS-Fuzz.
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47428
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Douglas Bagnall <dbagnall at samba.org>
Autobuild-Date(master): Tue May 17 23:11:21 UTC 2022 on sn-devel-184
- - - - -
268ae191 by Andreas Schneider at 2022-05-18T06:58:35+00:00
s3:tests: Reformat test_give_owner.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
db882106 by Andreas Schneider at 2022-05-18T06:58:35+00:00
s3:tests: Reformat test_groupmap.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
e9079b35 by Andreas Schneider at 2022-05-18T06:58:35+00:00
s3:tests: Reformat test_guest_auth.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
4cc48c8d by Andreas Schneider at 2022-05-18T06:58:35+00:00
s3:tests: Reformat test_homes.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
39cdbec0 by Andreas Schneider at 2022-05-18T06:58:35+00:00
s3:tests: Reformat test_inherit_owner.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
15a0ae9e by Andreas Schneider at 2022-05-18T06:58:35+00:00
s3:tests: Reformat test_large_acl.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
32ca178e by Andreas Schneider at 2022-05-18T06:58:35+00:00
s3:tests: Reformat test_libwbclient_threads.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
e8938c56 by Andreas Schneider at 2022-05-18T06:58:35+00:00
s3:tests: Reformat test_local_s3.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
f2eb4116 by Andreas Schneider at 2022-05-18T06:58:35+00:00
gitlab-ci: Use openSUSE 15.3 for coverity
It provides gcc 10.3 and MIT krb5 1.19. The current coverity version
only supports gcc up to 11.1.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
00e31d9d by Andreas Schneider at 2022-05-18T06:58:35+00:00
lib:util: Do not error for array-bounds warning
This just prints a warning for:
ms_fnmatch.c:95:51: error: array subscript 0 is outside array bounds of
‘struct max_n[0]’ [-Werror=array-bounds]
95 | if (max_n != NULL && max_n->predot &&
|
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
91d8bc7a by Andreas Schneider at 2022-05-18T07:56:52+00:00
gitlab-ci: Update Fedora to version 36
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Wed May 18 07:56:52 UTC 2022 on sn-devel-184
- - - - -
31451318 by Volker Lendecke at 2022-05-18T16:50:34+00:00
selftest: Test for bug 15062 -- list "username" in netshareenum
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15062
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
20cbade5 by Volker Lendecke at 2022-05-18T16:50:34+00:00
srvsvc: Add a central return point to init_srv_share_info_ctr()
Soon there will be cleanup work to do.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15062
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
04e0e02c by Volker Lendecke at 2022-05-18T17:42:20+00:00
srvsvc: Announce [username] in NetShareEnum
This patch has two flaws: First, it does not cover api_RNetShareEnum()
for SMB1, and the second one is: To make this elegant, we would have
to restructure our share handling. It is really only listing shares
for which we have to pull in everything from smb.conf, registry,
usershares and potentially printers. What we should do is modify our
loadparm handling to only load share definitions on demand and for
listing shares handle all the potential sources specially. Add code
that walks the registry shares without adding them to our services
list and so on.
This patch is the quick&dirty way to fix the bug, the alternative
would be weeks or more. And hopefully nobody notices the SMB1
problem...
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15062
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed May 18 17:42:20 UTC 2022 on sn-devel-184
- - - - -
35ca7a17 by Samuel Cabrero at 2022-05-19T17:51:33+00:00
examples: Update winbind.stp, delete removed functions
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c27135ad by Samuel Cabrero at 2022-05-19T17:51:33+00:00
librpc:idl: Add NDR_SECRET flag for ntlm and challenge blobs
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ce0be638 by Samuel Cabrero at 2022-05-19T17:51:33+00:00
s3:winbind: Convert PamLogOff from struct based to ndr based
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
5f213285 by Samuel Cabrero at 2022-05-19T17:51:33+00:00
examples: Update winbind.stp
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
0f3b1d5c by Samuel Cabrero at 2022-05-19T17:51:33+00:00
s3:winbind: Convert winbindd_dual_pam_chng_pswd_auth_crap() from struct based to NDR based
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
57d77200 by Samuel Cabrero at 2022-05-19T17:51:33+00:00
examples: Update winbind.stp
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ba40aad0 by Samuel Cabrero at 2022-05-19T17:51:33+00:00
s3:winbind: Split getting and filling the password policy info
Next commits will convert from struct based to NDR based. The
samr_DomInfo1 struct will be returned by the child to the parent inside
the 'r' struct and the parent will just fill the winbindd_respone..
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
cc0ef447 by Samuel Cabrero at 2022-05-19T17:51:33+00:00
s3:winbind: Convert winbindd_dual_pam_chauthtok() from struct based to NDR based
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
7575e4ef by Samuel Cabrero at 2022-05-19T17:51:33+00:00
examples: Update winbind.stp
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
574c3ed9 by Samuel Cabrero at 2022-05-19T17:51:33+00:00
s3:winbind: Move winbindd_dual_init_connection() function
It will be converted later to a local RPC call handler so it must be in
the file including ndr_winbind_scompat.c
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
5827a4f9 by Samuel Cabrero at 2022-05-19T17:51:33+00:00
s3:winbind: Fix code format and use newer debug macros
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
39005d44 by Samuel Cabrero at 2022-05-19T17:51:33+00:00
s3:winbind: Create a binding handle for each child
Next commits will convert InitConnection from struct based to NDR based
and this call will be directly issued to a domain child so create a 'wbint'
binding handle for domain childs too.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e9286b06 by Samuel Cabrero at 2022-05-19T17:51:33+00:00
s3:winbind: Convert InitConnection from struct based to NDR based
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
95698da9 by Samuel Cabrero at 2022-05-19T17:51:33+00:00
examples: Update winbind.stp
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
9bacf752 by Samuel Cabrero at 2022-05-19T18:50:24+00:00
s3:winbind: Remove struct winbindd_child_dispatch_table
All parent-child communication is based in NDR and dispatched as a local
RPC call.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu May 19 18:50:24 UTC 2022 on sn-devel-184
- - - - -
e7a60eb7 by Volker Lendecke at 2022-05-20T19:02:37+00:00
smbd: Simplify copy_file()
The only two callers did not use "count" and "target_is_directory".
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a771f1d3 by Volker Lendecke at 2022-05-20T19:02:37+00:00
smbd: Simplify copy_file()
Pass in new_create_disposition directly. We can also remove the
if-case (ofun & OPENX_FILE_EXISTS_OPEN) in copy_file, the two callers
don't use it.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
78ebd8af by Volker Lendecke at 2022-05-20T19:02:37+00:00
registry3: Align some integer types
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
8ea8526d by Volker Lendecke at 2022-05-20T19:02:37+00:00
srvsvcd: Use UINT32_MAX where appropriate
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c90aff07 by Volker Lendecke at 2022-05-20T19:02:37+00:00
srvsvcd: Fix shareinfo2 max_connections calculation
lp_max_connections() being an int could be >UINT32_MAX
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
48168614 by Volker Lendecke at 2022-05-20T19:02:37+00:00
srvsvcd: Align integer types
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d4a6e72d by Volker Lendecke at 2022-05-20T19:02:37+00:00
srvsvcd: Directly initialize variables in count_for_all_fn()
Easier to read for me
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
5f82f01a by Volker Lendecke at 2022-05-20T19:02:37+00:00
srvsvcd: Avoid an "else" due to the early return
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
be944dce by Volker Lendecke at 2022-05-20T19:59:07+00:00
srvsvcd: Silence a integer type warning
Okay because lp_csc_policy() is an enum with 4 choices
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri May 20 19:59:07 UTC 2022 on sn-devel-184
- - - - -
03036442 by Douglas Bagnall at 2022-05-23T00:53:09+00:00
s4/dlz: add support for bind 9.18
It seems nothing has changed since 9.16 for our purposes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14986
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Signed-off-by: Andreas Hasenack <andreas at canonical.com>
Pair-programmed-with: Andreas Hasenack <andreas at canonical.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Douglas Bagnall <dbagnall at samba.org>
Autobuild-Date(master): Mon May 23 00:53:09 UTC 2022 on sn-devel-184
- - - - -
d19dfe1e by Andreas Schneider at 2022-05-23T09:34:51+00:00
third_party: Update waf to version 2.0.24
This fixes building of python libraries with Python 3.11!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15071
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Mon May 23 09:34:51 UTC 2022 on sn-devel-184
- - - - -
3bb6b057 by Pavel Filipenský at 2022-05-23T18:25:28+00:00
s3:lib: Fix use_after_free: Using freed pointer "p"
Found by covscan.
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
02a9a160 by Pavel Filipenský at 2022-05-23T18:25:28+00:00
python/gp_cert_auto_enroll: Fix bitwise test in expression
Found by covscan.
result_independent_of_operands: "(e.data & 4) == 1" is always false regardless of the values of its operands. This occurs as the operand of assignment.
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
11e0eb6f by Samuel Cabrero at 2022-05-23T18:25:28+00:00
s3:libads: Print 'gc' and 'no_fallback' fields in ndr_print_ads_struct()
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
4dde5e74 by Samuel Cabrero at 2022-05-23T18:25:28+00:00
s3:libnet: Fix talloc frame not freed in order
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a26f535d by Samuel Cabrero at 2022-05-23T19:18:38+00:00
s3:libads: Clear previous CLDAP ping flags when reusing the ADS_STRUCT
Before commit 1d066f37b9217a475b6b84a935ad51fbec88fe04, when the LDAP
connection wasn't established yet (ads->ldap.ld == NULL), the
ads_current_time() function always allocated and initialized a new
ADS_STRUCT even when ads->ldap.ss had a good address after having called
ads_find_dc().
After that commit, when the ADS_STRUCT is reused and passed to the
ads_connect() call, ads_try_connect() may fail depending on the
contacted DC because ads->config.flags field can contain the flags
returned by the previous CLDAP call. For example, when having 5 DCs:
* 192.168.101.31 has PDC FSMO role
* 192.168.101.32
* 192.168.101.33
* 192.168.101.34
* 192.168.101.35
$> net ads info -S 192.168.101.35
net_ads_info()
ads_startup_nobind()
ads_startup_int()
ads_init()
ads_connect()
ads_try_connect(192.168.101.35)
check_cldap_reply_required_flags(returned=0xF1FC, required=0x0)
ads_current_time()
ads_connect()
ads_try_connect(192.168.101.35)
check_cldap_reply_required_flags(returned=0xF1FC, required=0xF1FC)
The check_cldap_reply_required_flags() call fails because
ads->config.flags contain the flags returned by the previous CLDAP call,
even when the returned and required values match because they have
different semantics:
if (req_flags & DS_PDC_REQUIRED)
RETURN_ON_FALSE(ret_flags & NBT_SERVER_PDC);
translates to:
if (0xF1FC & 0x80)
RETURN_ON_FALSE(0xF1FC & 0x01);
which returns false because 192.168.101.35 has no PDC FSMO role.
The easiest fix for now is to reset ads->config.flags in
ads_current_time() when reusing an ADS_STRUCT before calling
ads_connect(), but we should consider storing the required and returned
flags in different fields or at least use the same bitmap for them
because check_cldap_reply_required_flags() is checking a
netr_DsRGetDCName_flags value using the nbt_server_type bitmap.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14674
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon May 23 19:18:38 UTC 2022 on sn-devel-184
- - - - -
5b649304 by Noel Power at 2022-05-24T09:33:31+00:00
s3/script/tests: Test smbclient -E redirects output to stderr
Add new test to ensure smbclient is writing to stderr (with '-E')
Add knownfail for this test (will be removed when issue is fixed in
later commit)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15075
Signed-off-by: Noel Power <noel.power at suse.com>
- - - - -
56e17981 by Noel Power at 2022-05-24T10:29:27+00:00
s3/client: Restore '-E' handling
Sometimes we really do need to redirect output to stderr
e.g. when using the tar command to output the archive to stdout
we don't want debug or cmdline status messages straying into stdout.
was removed with commit: e4474ac0a540c56548b4d15e38f2e234455e19b6
remove known fail for the test
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15075
Signed-off-by: Noel Power <noel.power at suse.com>
Autobuild-User(master): Noel Power <npower at samba.org>
Autobuild-Date(master): Tue May 24 10:29:27 UTC 2022 on sn-devel-184
- - - - -
976326fa by Michael Tokarev at 2022-05-25T06:19:32+00:00
s3/util/py_net.c: fix samba-tool domain join&leave segfault
We process python args using PyArg_ParseTupleAndKeywords(), and use "p"
type modifier there. According to documentation, this type modifier,
while works for a boolean type, expects an argument of type int. But in
py_net_join_member() and py_net_leave() we use argument of type uint8_t
(no_dns_update, keep_account, r->in.debug). So when PyArg_ParseTupleAndKeywords()
tries to assign a value to &no_dns_update, it updates subsequent, unrelated bytes
too, - which ones depends on the stack and structure layout used by the compiler.
Fix this by using int type for all relevant variables, and by introducing proxy
variable "debug" (of the same type) for r->in.debug.
While at it, also ensure all variables have sensible default values.
Signed-off-by: Michael Tokarev <mjt at tls.msk.ru>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Wed May 25 06:19:32 UTC 2022 on sn-devel-184
- - - - -
4ee29f84 by Uri Simchoni at 2022-05-25T19:54:35+00:00
[ci-images] use podman instead of docker
Use podman as image building tool instead of docker. The image-creation
pipeline still runs on docker only (until gitlab-runner supports
podman), but the pipeline image may emply podman instead of docker to
build images.
Signed-off-by: Uri Simchoni <uri at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
96da1142 by Uri Simchoni at 2022-05-25T19:54:35+00:00
[ci-images] run podman directly instead of docker link
Instead of having a symbolic link from docker to podman,
use podman directly. This is made for better clarity, and
because docker and podman are not 100% intechangeable in this
script.
Signed-off-by: Uri Simchoni <uri at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
37c6a327 by Uri Simchoni at 2022-05-25T20:50:25+00:00
[ci-images] remove use of sudo in image building smoke test
Signed-off-by: Uri Simchoni <uri at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Uri Simchoni <uri at samba.org>
Autobuild-Date(master): Wed May 25 20:50:25 UTC 2022 on sn-devel-184
- - - - -
5e00c230 by Pavel Filipenský at 2022-05-26T19:36:52+00:00
py:gpo: Fix testing of 0x8000 bit
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: David Mulder <dmulder at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): David Mulder <dmulder at samba.org>
Autobuild-Date(master): Thu May 26 19:36:52 UTC 2022 on sn-devel-184
- - - - -
9537ac72 by Douglas Bagnall at 2022-05-30T10:11:28+00:00
cmdline_s4: re-initialise logging once loadparm is ready
The first time round we maybe didn't know which files we wanted to log to.
Suppose, for example, we had an smb.conf with
log level = 1 dsdb_group_json_audit:5@/var/log/group_json.log
we wouldn't see anything in "/var/log/group_json.log", while the level
5 dsdb_group_json_audit messages would go into the main log.
Note that the named file would still be opened by winbindd and others
that use the s3 code, but would remain empty as they don't have anything
to say about dsdb_group_json_audit.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15076
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
3567f413 by Douglas Bagnall at 2022-05-30T11:03:47+00:00
debug: update comments about setup_logging()
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Mon May 30 11:03:47 UTC 2022 on sn-devel-184
- - - - -
80de84d3 by Martin Schwenke at 2022-05-31T05:06:29+00:00
ctdb-daemon: Log per-database summary of resent calls
After a recovery that takes a significant amount of time the logs are
flooded with messages about every resent call.
Log a summary instead and demote per-call messages to INFO level.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
da9decfc by Martin Schwenke at 2022-05-31T05:06:29+00:00
ctdb-daemon: Remove unused #includes of rb_tree.h
ctdb_takeover.c and eventscript.c no longer use this.
ipalloc_common.c has never used it.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
a400f4e7 by Martin Schwenke at 2022-05-31T05:06:29+00:00
ctdb-doc: Fix typos in the policy routing documentation
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
90a96f06 by Martin Schwenke at 2022-05-31T05:06:29+00:00
ctdb-recoverd: Do not ban on unknown error when taking cluster lock
If the cluster filesystem is unavailable then I/O errors may occur.
This is no worse than contention, so don't ban. This avoids having
services unavailable for longer than necessary.
Update the associated test to simply confirm that this results in a
leaderless cluster, and leadership is restored when the lock can once
again be taken.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
b20ee180 by Martin Schwenke at 2022-05-31T05:56:43+00:00
ctdb-tests: Fix a cut and paste error in a comment
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay at samba.org>
Autobuild-Date(master): Tue May 31 05:56:43 UTC 2022 on sn-devel-184
- - - - -
5aa6b85c by Volker Lendecke at 2022-05-31T19:17:34+00:00
winbind: Create local krb5.conf for idmap backend ad
Without this, it can happen that tldap will look at a possibly wrong
/etc/krb5.conf. I have not reliably reproduced this, because a
set_domain_online_request() in the idmap child might interfere with
this, so I could not write a comprehensive test for this. Manual
testing however fixes the issue that wbinfo --sid-to-uid can take ages
asking a potentially nonexisting KDC.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
56f5ea68 by David Mulder at 2022-05-31T20:15:45+00:00
gpo: Move Group Policy code below gp directory
Moves the Group Policy extensions and supporting
code within the existing python/samba/gp directory.
Meant to clean up the clutter that's accumulating
in python/samba.
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue May 31 20:15:45 UTC 2022 on sn-devel-184
- - - - -
3b5b80e9 by Andreas Schneider at 2022-05-31T20:53:35+00:00
s3:printing: Initialize the printcap cache as soon as the bgqd starts
As soon as the background daemon starts, we need to initialize the
printcap cache so that rpcd-spoolssd can serve printers.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15081
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ac16351f by Andreas Schneider at 2022-05-31T21:51:07+00:00
s3:printing: Start samba-bgqd as soon as possible
We need some time to fill the printcap cache.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15081
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue May 31 21:51:07 UTC 2022 on sn-devel-184
- - - - -
a0f7ced6 by Ralph Boehme at 2022-06-03T20:56:35+00:00
vfs_gpfs: indentation and README.Coding fixes
Best viewed with git show -w.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15069
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
- - - - -
ad06d806 by Ralph Boehme at 2022-06-03T20:56:35+00:00
vfs_gpfs: pass fsp to gpfsacl_emu_chmod()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15069
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
- - - - -
5f4625a2 by Ralph Boehme at 2022-06-03T20:56:35+00:00
vfs_gpfs: pass fsp to gpfs_get_nfs4_acl()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15069
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
- - - - -
c26efe0c by Ralph Boehme at 2022-06-03T20:56:35+00:00
vfs_gpfs: pass fsp to gpfsacl_get_posix_acl()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15069
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
- - - - -
3764be70 by Ralph Boehme at 2022-06-03T20:56:35+00:00
vfs_gpfs: use fsp in gpfsacl_get_posix_acl()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15069
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
- - - - -
ac458648 by Ralph Boehme at 2022-06-03T20:56:35+00:00
vfs_gpfs: pass fsp to vfs_gpfs_getacl()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15069
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
- - - - -
1b2c70f4 by Ralph Boehme at 2022-06-03T20:56:35+00:00
vfs_gpfs: pass fsp to gpfs_getacl_with_capability()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15069
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
- - - - -
d373ff3c by Ralph Boehme at 2022-06-03T20:56:35+00:00
lib/util/gpfswrap: add gpfswrap_fgetacl()
Adds handle based version of gpfswrap_getacl().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15069
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
- - - - -
a0dc4c90 by Ralph Boehme at 2022-06-03T20:56:35+00:00
vfs_gpfs: finally: use gpfswrap_fgetacl() instead of gpfswrap_getacl()
Replaces path based gpfswrap_getacl() with handle based version
gpfswrap_fgetacl(). When dealing with files in snapshots fsp->fsp_name points to
the active dataset, which will cause ENOENT failures if files are deleted there
any only present in the snapshot:
[2022/05/06 11:32:55.233435, 4, pid=12962, effective(1460548, 273710), real(1460548, 0)]
calling open_file with flags=0x0 flags2=0x800 mode=0644, access_mask = 0x80, open_access_mask = 0x80
[2022/05/06 11:32:55.233460, 10, pid=12962, effective(1460548, 273710), real(1460548, 0), class=vfs]
gpfs_get_nfs4_acl invoked for dir/subdir/file.txt
[2022/05/06 11:32:55.233495, 5, pid=12962, effective(1460548, 273710), real(1460548, 0), class=vfs]
smbd_gpfs_getacl failed with No such file or directory
[2022/05/06 11:32:55.233521, 9, pid=12962, effective(1460548, 273710), real(1460548, 0), class=vfs]
gpfs_getacl failed for dir/subdir/file.txt with No such file or directory
[2022/05/06 11:32:55.233546, 10, pid=12962, effective(1460548, 273710), real(1460548, 0)]
smbd_check_access_rights_fsp: Could not get acl on dir/subdir/file.txt {@GMT-2022.05.04-11.58.53}: NT_STATUS_OBJECT_NAME_NOT_FOUND
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15069
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
- - - - -
9172c5ff by Ralph Boehme at 2022-06-03T20:56:35+00:00
lib/util/gpfswrap: remove unused gpfswrap_getacl()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15069
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
- - - - -
8ae672f9 by Ralph Boehme at 2022-06-03T20:56:35+00:00
vfs_gpfs: use handle based gpfswrap_get_winattrs()
Fixes detecting offline flag for files in snapshot – no idea if this is
actually expected.
Replaces path based gpfswrap_get_winattrs_path() with handle based version
gpfswrap_get_winattrs(). When dealing with files in snapshots fsp->fsp_name
points to the active dataset, which will cause ENOENT failures if files are
deleted there any only present in the snapshot.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15069
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
- - - - -
3bd75398 by Ralph Boehme at 2022-06-03T21:53:31+00:00
lib/util/gpfswrap: remove unused gpfswrap_get_winattrs_path()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15069
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Jun 3 21:53:31 UTC 2022 on sn-devel-184
- - - - -
b7810f03 by Samuel Cabrero at 2022-06-04T00:27:29+00:00
selftests: Convert "net ads dns async" test to python
The current test uses the dig tool from bind9 but this tool has been
rewritten in 9.17.7 to use bind's netmgr functions instead of isc_socket
(commit 94b7988efb0f9b96415dd2966e6070450d960263).
The problem is that these 'netmgr' functions use libuv internally, and, on
systems supporting it, they end up using the sendmmsg() syscall which is not
catched by socket wrapper so the test fails.
This commit converts the test to python and uses the dnspython module
instead of the dig tool. Backtraces follow as reference.
Backtrace from dig v9.16.28 (working):
#0 0x00007ffff778edee in sendmsg () from /lib64/libc.so.6
#1 0x00000000005e5dee in cmsgsend (s=s at entry=12, level=level at entry=0, type=type at entry=1, res=<optimized out>) at net.c:515
#2 0x00000000005e616c in try_dscp_v4 () at net.c:623
#3 try_dscp () at net.c:696
#4 0x00007ffff7708ad7 in __pthread_once_slow () from /lib64/libc.so.6
#5 0x00000000005e66d7 in initialize_dscp () at net.c:702
#6 isc_net_probedscp () at net.c:707
#7 0x00000000005e8460 in socket_create (manager=0x6b49c0, pf=2, type=<optimized out>, socketp=0x7ffff0012b00, dup_socket=0x0) at socket.c:2454
#8 0x000000000043cfcd in send_udp (query=0x7ffff00129a8) at dighost.c:2897
#9 0x000000000043f9c7 in onrun_callback (task=<optimized out>, event=<optimized out>) at dighost.c:4271
#10 0x00000000005dfefe in task_run (task=0x6b5c70) at task.c:851
#11 isc_task_run (task=0x6b5c70) at task.c:944
#12 0x00000000005ca0ce in isc__nm_async_task (worker=0x6b8970, ev0=0x716250) at netmgr.c:873
#13 process_netievent (worker=worker at entry=0x6b8970, ievent=0x716250) at netmgr.c:952
#14 0x00000000005ca2ba in process_queue (worker=worker at entry=0x6b8970, type=type at entry=NETIEVENT_TASK) at netmgr.c:1021
#15 0x00000000005caa43 in process_all_queues (worker=0x6b8970) at netmgr.c:792
#16 async_cb (handle=0x6b8cd0) at netmgr.c:821
#17 0x00007ffff7898a4d in ?? () from /lib64/libuv.so.1
#18 0x00007ffff78b4217 in ?? () from /lib64/libuv.so.1
#19 0x00007ffff789e40a in uv_run () from /lib64/libuv.so.1
#20 0x00000000005ca31e in nm_thread (worker0=0x6b8970) at netmgr.c:727
#21 0x00000000005e2315 in isc__trampoline_run (arg=0x6b7c40) at trampoline.c:198
#22 0x00007ffff7703767 in start_thread () from /lib64/libc.so.6
#23 0x00007ffff778dc10 in clone3 () from /lib64/libc.so.6
Backtrace from dig v9.17.7 (not working):
#0 0x00007ffff7684480 in syscall () from /lib64/libc.so.6
#1 0x00007ffff754aed0 in uv__sendmmsg (vlen=0, mmsg=0x0, fd=10) at src/unix/linux-syscalls.c:163
#2 uv__udp_mmsg_init () at src/unix/udp.c:74
#3 0x00007ffff7606ad7 in __pthread_once_slow () from /lib64/libc.so.6
#4 0x00007ffff7541bd9 in uv_once (guard=<optimized out>, callback=<optimized out>) at src/unix/thread.c:440
#5 0x00007ffff7539e9b in uv__udp_sendmsg (handle=0x7ffff50535b8) at src/unix/udp.c:415
#6 uv__udp_send (send_cb=0x7ffff7a41db0 <udp_send_cb>, addrlen=<optimized out>, addr=<optimized out>, nbufs=1, bufs=0x7ffff506c720, handle=0x7ffff50535b8, req=0x7ffff506c878) at src/unix/udp.c:773
#7 uv_udp_send (req=req at entry=0x7ffff506c878, handle=handle at entry=0x7ffff50535b8, bufs=bufs at entry=0x7ffff506c720, nbufs=nbufs at entry=1, addr=<optimized out>, send_cb=send_cb at entry=0x7ffff7a41db0 <udp_send_cb>) at src/uv-common.c:464
#8 0x00007ffff7a42308 in udp_send_direct (peer=0x7ffff5dfa988, req=0x7ffff506c700, sock=0x7ffff5053000) at netmgr/udp.c:839
#9 isc__nm_async_udpsend (worker=<optimized out>, ev0=0x7ffff5dfa950) at netmgr/udp.c:780
#10 0x00007ffff7a47de7 in isc__nm_udp_send (handle=<optimized out>, region=0x7ffff5dfaa90, cb=0x555555566250 <send_done>, cbarg=<optimized out>) at netmgr/udp.c:749
#11 0x0000555555562ac2 in send_udp (query=0x7ffff502a000) at /usr/src/debug/bind-9.18.2-1.1.x86_64/bin/dig/dighost.c:2899
#12 udp_ready (handle=0x7ffff5026180, eresult=ISC_R_SUCCESS, arg=<optimized out>) at /usr/src/debug/bind-9.18.2-1.1.x86_64/bin/dig/dighost.c:2974
#13 0x00007ffff7a37d34 in isc__nm_async_connectcb (worker=worker at entry=0x7ffff622f000, ev0=ev0 at entry=0x7ffff5026480) at netmgr/netmgr.c:2704
#14 0x00007ffff7a3ca20 in process_netievent (worker=worker at entry=0x7ffff622f000, ievent=0x7ffff5026480) at netmgr/netmgr.c:940
#15 0x00007ffff7a3d027 in process_queue (worker=worker at entry=0x7ffff622f000, type=type at entry=NETIEVENT_NORMAL) at netmgr/netmgr.c:977
#16 0x00007ffff7a3d203 in process_all_queues (worker=0x7ffff622f000) at netmgr/netmgr.c:733
#17 async_cb (handle=0x7ffff622f360) at netmgr/netmgr.c:762
#18 0x00007ffff7531a4d in uv__async_io (loop=0x7ffff622f010, w=<optimized out>, events=<optimized out>) at src/unix/async.c:163
#19 0x00007ffff754d217 in uv__io_poll (loop=0x7ffff622f010, timeout=<optimized out>) at src/unix/epoll.c:374
#20 0x00007ffff753740a in uv__io_poll (timeout=<optimized out>, loop=0x7ffff622f010) at src/unix/udp.c:122
#21 uv_run (loop=loop at entry=0x7ffff622f010, mode=mode at entry=UV_RUN_DEFAULT) at src/unix/core.c:391
#22 0x00007ffff7a3d624 in nm_thread (worker0=0x7ffff622f000) at netmgr/netmgr.c:664
#23 0x00007ffff7a6c915 in isc__trampoline_run (arg=0x555555599210) at /usr/src/debug/bind-9.18.2-1.1.x86_64/lib/isc/trampoline.c:187
#24 0x00007ffff7601767 in start_thread () from /lib64/libc.so.6
#25 0x00007ffff768bc10 in clone3 () from /lib64/libc.so.6
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Sat Jun 4 00:27:29 UTC 2022 on sn-devel-184
- - - - -
5f0b6565 by Christian Ambach at 2022-06-06T16:46:35+00:00
s3:include fix typo
Signed-off-by: Christian Ambach <ambi at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
5e796523 by Christian Ambach at 2022-06-06T16:46:35+00:00
s3:smbd add missing VolumeCreationTime to FileFsVolumeInformation
Signed-off-by: Christian Ambach <ambi at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
470d4a3b by Christian Ambach at 2022-06-06T16:46:35+00:00
s3:smbd factor out volume serial number generation
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14765
RN: add new smb.conf parameter "volume serial number" to allow overriding the
generated default value
Signed-off-by: Christian Ambach <ambi at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
5f1f3b0f by Christian Ambach at 2022-06-06T16:46:35+00:00
docs-xml: add new parameter volume serial number
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14765
RN: add new smb.conf parameter "volume serial number" to allow overriding
the generated default value
Signed-off-by: Christian Ambach <ambi at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
7ba732ba by Christian Ambach at 2022-06-06T17:42:37+00:00
s3:smbd implement volume serial number parameter
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14765
RN: add new smb.conf parameter "volume serial number" to allow overriding
the generated default value
Signed-off-by: Christian Ambach <ambi at samba.org>
Reviewed=by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon Jun 6 17:42:37 UTC 2022 on sn-devel-184
- - - - -
9ec99ab5 by Volker Lendecke at 2022-06-06T19:22:28+00:00
smbd: Remove unused smb_bufrem() macro
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
777597d0 by Volker Lendecke at 2022-06-06T19:22:28+00:00
smbd: Move message_push_string() to smb1_utils.c
Only used in SMB1 code
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
49b3bbde by Volker Lendecke at 2022-06-06T19:22:28+00:00
lsa_server4: Simplify get_tdo() with dom_sid_str_buf()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
540d4ae6 by Volker Lendecke at 2022-06-06T19:22:28+00:00
lsa_server4: Simplify get_tdo() with talloc_asprintf_addbuf()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f236c42f by Volker Lendecke at 2022-06-06T19:22:28+00:00
smbd: Remove NTCREATEX_FLAG_DELETE_ON_CLOSE
This is only used for print files. Storing it in the fd_handle seems
overkill to me, this can easily be stored directly in the fsp itself,
we have a flag for this.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a395f752 by Volker Lendecke at 2022-06-06T19:22:28+00:00
smbd: Fix CID 1504457 Resource leak
Highly likely that's a false positive because Coverity does not
understand that srv_encrypt_buffer() only allocates when
NT_STATUS_OK(status), but it does not hurt to make it happy this way.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
38e5b39e by Volker Lendecke at 2022-06-06T19:22:28+00:00
smbd: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
b3c2d5d4 by Volker Lendecke at 2022-06-06T19:22:28+00:00
vfs: Remove a typedef
We want to get rid of struct typedefs, and this was quick
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
6dfc5862 by Volker Lendecke at 2022-06-06T19:22:28+00:00
lib: Slightly simplify is_ntfs_stream_smb_fname()
YMMV, but for me the direct return is easier to read
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a01cb7b4 by Volker Lendecke at 2022-06-06T20:17:06+00:00
winbindd: Remove a "wrong" error message
Before 9bacf7529dd child_process_request() returned right after the
callback function without going through the DEBUG message. Restore
that behaviour.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon Jun 6 20:17:06 UTC 2022 on sn-devel-184
- - - - -
41661b77 by Andreas Schneider at 2022-06-07T08:22:28+00:00
s3:tests: Reformat test_net_cache_samlogon.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
b9188763 by Andreas Schneider at 2022-06-07T09:19:43+00:00
s3:tests: Reformat test_net_conf.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Tue Jun 7 09:19:43 UTC 2022 on sn-devel-184
- - - - -
bdc6adaa by Andreas Schneider at 2022-06-08T06:38:30+00:00
s3:tests: Reformat test_net_cred_change.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
cf873c09 by Andreas Schneider at 2022-06-08T06:38:30+00:00
s3:tests: Reformat test_net_dom_join_fail_dc.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
534ae934 by Andreas Schneider at 2022-06-08T06:38:30+00:00
s3:tests: Reformat test_net_lookup.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a0802f55 by Andreas Schneider at 2022-06-08T06:38:30+00:00
s3:tests: Reformat test_net_machine_account.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
de011361 by Andreas Schneider at 2022-06-08T06:38:30+00:00
s3:tests: Reformat test_net_misc.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
08b02d4b by Andreas Schneider at 2022-06-08T06:38:30+00:00
s3:tests: Reformat test_net_registry.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d87d67a2 by Andreas Schneider at 2022-06-08T06:38:30+00:00
s3:tests: Reformat test_net_registry_check.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d1521095 by Andreas Schneider at 2022-06-08T06:38:30+00:00
s3:tests: Reformat test_net_registry_import.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d9217a3e by Andreas Schneider at 2022-06-08T06:38:30+00:00
s3:tests: Reformat test_net_registry_roundtrip.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6b934192 by Andreas Schneider at 2022-06-08T06:38:30+00:00
s3:tests: Reformat test_net_rpc_join.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e1142d35 by Andreas Schneider at 2022-06-08T06:38:30+00:00
s3:tests: Reformat test_net_rpc_join_creds.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7a916f88 by Andreas Schneider at 2022-06-08T06:38:30+00:00
s3:tests: Reformat test_net_rpc_oldjoin.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6170f97b by Andreas Schneider at 2022-06-08T06:38:30+00:00
s3:tests: Reformat test_net_rpc_share_allowedusers.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4c00642e by Andreas Schneider at 2022-06-08T06:38:30+00:00
s3:tests: Reformat test_net_tdb.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
fdc98ff5 by Andreas Schneider at 2022-06-08T07:28:08+00:00
s3:tests: Reformat test_net_usershare.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Wed Jun 8 07:28:08 UTC 2022 on sn-devel-184
- - - - -
1b6d675f by John Mulligan at 2022-06-08T13:13:10+00:00
lib/smbconf: expose smbconf error codes to python wrapper
The smbconf library defines an enum of error codes that can be returned
from the C calls. The error codes were getting stored in the python
SMBConfError type but it was not easy to access or obvious what the
integer code represented.
This change makes it easier to get the returned error code: via a
`error_code` attribute on the exception value. It also exposes the
integer constants to the module. Simple tests for a few of the more
obvious error codes check that this new error handling correctly
exposes the error code values.
Signed-off-by: John Mulligan <jmulligan at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
Autobuild-User(master): Günther Deschner <gd at samba.org>
Autobuild-Date(master): Wed Jun 8 13:13:10 UTC 2022 on sn-devel-184
- - - - -
ae8f5dec by Andreas Schneider at 2022-06-08T13:14:47+00:00
s3:tests: Reformat test_netfileenum.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
478ed598 by Andreas Schneider at 2022-06-08T13:14:47+00:00
s3:tests: Reformat test_offline.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
e01f7d72 by Andreas Schneider at 2022-06-08T13:14:47+00:00
s3:tests: Reformat test_open_eintr.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
162a803d by Andreas Schneider at 2022-06-08T13:14:47+00:00
s3:tests: Reformat test_preserve_case.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
07875d85 by Andreas Schneider at 2022-06-08T13:14:47+00:00
s3:tests: Reformat test_printing_var_exp.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
3b6558d4 by Andreas Schneider at 2022-06-08T13:14:47+00:00
s3:tests: Reformat test_pthreadpool.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
e6225d77 by Andreas Schneider at 2022-06-08T13:14:47+00:00
s3:tests: Reformat test_registry_upgrade.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
e4eecb31 by Andreas Schneider at 2022-06-08T13:14:47+00:00
s3:tests: Reformat test_resolvconf.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
7f3b7a38 by Andreas Schneider at 2022-06-08T13:14:47+00:00
s3:tests: Reformat test_rpcclient.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
66577ad1 by Andreas Schneider at 2022-06-08T13:14:47+00:00
s3:tests: Reformat test_rpcclient_dfs.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
24638a2e by Andreas Schneider at 2022-06-08T13:14:47+00:00
s3:tests: Reformat test_rpcclient_lookup.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
b923da58 by Andreas Schneider at 2022-06-08T13:14:47+00:00
s3:tests: Reformat test_rpcclient_netsessenum.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
48e1458b by Andreas Schneider at 2022-06-08T13:14:47+00:00
s3:tests: Reformat test_rpcclient_pw_nt_hash.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
c4b343e5 by Andreas Schneider at 2022-06-08T13:14:47+00:00
s3:tests: Reformat test_rpcclient_samlogon.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
8e701978 by Andreas Schneider at 2022-06-08T14:13:35+00:00
s3:tests: Reformat test_rpcclientsrvsvc.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Wed Jun 8 14:13:35 UTC 2022 on sn-devel-184
- - - - -
0189ccf9 by Stefan Metzmacher at 2022-06-08T17:02:29+00:00
talloc: version 2.3.4
* Fix build problems
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15071
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
53692735 by Stefan Metzmacher at 2022-06-08T17:02:29+00:00
tevent: version 0.12.1
* Fix build problems
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15071
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
27ceb1c3 by Stefan Metzmacher at 2022-06-08T17:57:53+00:00
tdb: version 1.4.7
* Fix build problems
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15071
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Wed Jun 8 17:57:53 UTC 2022 on sn-devel-184
- - - - -
174a76cc by Robert Sprowson at 2022-06-08T19:50:08+00:00
s3:smbd: Out-by-4 error in smbd read reply max_send clamp
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14443
Signed-off-by: Robert Sprowson <webpages at sprow.co.uk>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Jun 8 19:50:08 UTC 2022 on sn-devel-184
- - - - -
dbf3d217 by Samuel Cabrero at 2022-06-09T21:45:28+00:00
Revert "s3:auth: Fix user_in_list() for UNIX groups"
This partly reverts commit 6dc463d3e2eb229df1c4f620cfcaf22ac71738d4.
Reverted to allow next revert commits to apply cleanly. Do not recreate
selftest/knownfail.d/usernamemap file.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15087
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f74e284a by Samuel Cabrero at 2022-06-09T21:45:28+00:00
Revert "docs-xml: Update documentation for removal of NIS support"
This partly reverts commit a72bc3e15d3ed62e9ad2c0a97ce5d6d653abb048.
Revert only the chunks related to netgroups and skip NIS related ones.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15087
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
21796ef8 by Samuel Cabrero at 2022-06-09T21:45:28+00:00
Revert "s3:smbd: Remove NIS support"
This partly reverts commit edda7a329e5bed442418de9782cec9f567092aae.
Revert the chunks related to netgroups and skip NIS support related ones.
Use getdomainname() from glibc instead of yp_get_default_domain() from
libnsl to get the NIS domain name.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15087
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
b3034f12 by Samuel Cabrero at 2022-06-09T21:45:28+00:00
Revert "lib:util: Remove NIS support from string_match()"
This partly reverts commit 620de975f147ac9427b51ea0e1e3eabda443d4b6.
Drop chunk including system/nis.h, drop wscript_build modifications,
use getdomainname() from glibc instead of yp_get_default_domain() from
libnsl.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15087
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ef1d0476 by Samuel Cabrero at 2022-06-09T22:40:43+00:00
s3:smbd: Free allocated strings before leaving user_in_netgroup() function
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Jun 9 22:40:43 UTC 2022 on sn-devel-184
- - - - -
df11826a by Andrew Bartlett at 2022-06-09T22:49:29+00:00
build: Make build with --disable-fault-hanlding work under --enable-developer
Previously this would leave static functions unused, which the compiler will
not allow for a developer build.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
bd09537e by Andrew Bartlett at 2022-06-09T22:49:29+00:00
build: Possibly link against libexecinfo for backtrace_symbols()
We look for backtrace_symbols() in this library, so we should link against
it if we find it.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
14feb93d by Andrew Bartlett at 2022-06-09T22:49:29+00:00
lib/util: Prefer backtrace_symbols() for internal backtraces
Backtraces when Samba is in PANIC state are better with
backtrace_symbols() than with libunwind on Ubuntu 20.04 x86_64
so move libunwind to a off-by-default option, prompted for
if backtrace_symbols() is not available.
Based on a request by Fco Javier Felix <ffelix at inode64.com>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
ee29c601 by Joseph Sutton at 2022-06-09T22:49:29+00:00
tests/krb5/test_ldap.py: Increase maximum threshold for LDAP timeout
This test often fails because the server takes too long to time out.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
87f68500 by Joseph Sutton at 2022-06-09T22:49:29+00:00
lib/util: Move memcmp_const_time() to util.c
This allows it to be used in more places without needing to introduce
more dependencies.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ae6634c7 by Joseph Sutton at 2022-06-09T22:49:29+00:00
auth: Use constant-time memcmp when comparing sensitive buffers
This helps to avoid timing attacks.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15010
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a554e2ce by Joseph Sutton at 2022-06-09T22:49:29+00:00
lib/util: Change function to data_blob_equal_const_time()
Since data_blob_cmp_const_time() doesn't act as an exact replacement for
data_blob_cmp(), and its return value is only ever compared with zero,
simplify it and emphasize the intention of checking equality by
returning a bool instead.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
feb36dbe by Joseph Sutton at 2022-06-09T22:49:29+00:00
lib/util: Change function to mem_equal_const_time()
Since memcmp_const_time() doesn't act as an exact replacement for
memcmp(), and its return value is only ever compared with zero, simplify
it and emphasize the intention of checking equality by returning a bool
instead.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8d7a091a by Joseph Sutton at 2022-06-09T22:49:29+00:00
lib/util: Reduce sum variable to uint8_t
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a80d783a by Joseph Sutton at 2022-06-09T22:49:29+00:00
lib/util: Add test of data_blob_equal_const_time()
Ensure that it gives the correct results for comparing two data blobs.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
222e1afc by Joseph Sutton at 2022-06-09T22:49:29+00:00
lib/util: Add test of mem_equal_const_time()
Ensure that it gives the correct results for comparing two memory
regions.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
aec2076f by Joseph Sutton at 2022-06-09T22:49:29+00:00
lib/util: Delegate constant time memcmp to gnutls_memcmp()
gnutls_memcmp() is mostly identical to our own implementation, except
that ours will not break if supplied with 4 GiB or more of data.
However, using an external function permits us to disclaim
responsibility if some CPU/compiler combination happens to invalidate
our constant-time guarantee.
For reference, gnutls_memcmp() implementation:
https://gitlab.com/gnutls/gnutls/-/blob/78d9820de0d2eb2f8088e359779ee7342f5f089e/lib/safe-memfuncs.c#L41-67
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e67845a7 by Uri Simchoni at 2022-06-09T23:48:42+00:00
ci-images: install diffutils prior to building images
Ensure the podman image used for generating Samba CI images includes
'diff' utility
Signed-off-by: Uri Simchoni <uri at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu Jun 9 23:48:42 UTC 2022 on sn-devel-184
- - - - -
4f7c6ba5 by Andrew Bartlett at 2022-06-10T06:56:38+00:00
gitlab-ci: Allow --xz compression on our samba-testbase.tar
This may make this faster to upload to our private gitlab server
which is not as close to our runners.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14863
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
6b58061d by Joseph Sutton at 2022-06-10T06:56:38+00:00
bootstrap: Remove duplicate dict key
Commit 86d4836919e29c0bdf927658df641811247534c6 added python36-gpg, but
the duplicate key lower down in the same dict meant it never had any
effect. Now it does.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
73f0621a by Joseph Sutton at 2022-06-10T06:56:38+00:00
bootstrap: Fix [gm]old linker existence check
We used 'test -x $LD_GOLD' to test whether the alternate linker was
available and executable. However, if $LD_GOLD expanded to an empty
string, the 'test' command would be run in single argument mode, see
that '-x' was a non-empty string, and duly return a successful status
code. The result would be a meaningless symlink created, and a
misleading message.
Because 'which' already tests that its argument is executable, the
solution is simply to remove the 'test' command.
We also invert the return code of the 'which' command so that if the
alternate linker is not found, the overall code returned to Docker is
still successful.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
b22ddf5e by Ralph Boehme at 2022-06-10T07:51:02+00:00
gitlab-ci: Add jq
Pair-Programmed-With: Jule Anger <janger at samba.org>
Signed-off-by: Ralph Boehme <slow at samba.org>
Signed-off-by: Jule Anger <janger at samba.org>
[abartlet at samba.org Regenerated sha1sum after rebase
This commit in aid of future tests for smbstatus JSON output]
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Fri Jun 10 07:51:02 UTC 2022 on sn-devel-184
- - - - -
b1cddccf by Andreas Schneider at 2022-06-10T13:53:37+00:00
s3:tests: Reformat test_sacl_set_get.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
6395813c by Andreas Schneider at 2022-06-10T13:53:37+00:00
s3:tests: Reformat test_shadow_copy_torture.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
a4ff172f by Andreas Schneider at 2022-06-10T13:53:37+00:00
s3:tests: Reformat test_shareenum.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
f1a8afe6 by Andreas Schneider at 2022-06-10T13:53:37+00:00
s3:tests: Reformat test_sharesec.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
d637255f by Andreas Schneider at 2022-06-10T13:53:37+00:00
s3:tests: Reformat test_smb1_shadow_copy_torture.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
13795515 by Andreas Schneider at 2022-06-10T13:53:37+00:00
s3:tests: Reformat test_smb1_system_security.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
a63c7e7e by Andreas Schneider at 2022-06-10T13:53:37+00:00
s3:tests: Reformat test_smb2_not_casesensitive.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
ec029126 by Andreas Schneider at 2022-06-10T13:53:37+00:00
s3:tests: Reformat test_smbXsrv_client_dead_rec.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
c0e1566e by Andreas Schneider at 2022-06-10T13:53:37+00:00
s3:tests: Reformat test_smbclient_auth.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
c112b073 by Andreas Schneider at 2022-06-10T13:53:37+00:00
s3:tests: Reformat test_smbclient_basic.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
144f1792 by Andreas Schneider at 2022-06-10T13:53:37+00:00
s3:tests: Reformat test_smbclient_encryption.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
bb626437 by Andreas Schneider at 2022-06-10T13:53:37+00:00
s3:tests: Reformat test_smbclient_encryption_off.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
6990e655 by Andreas Schneider at 2022-06-10T13:53:37+00:00
s3:tests: Reformat test_smbclient_iconv.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
6513aa1d by Andreas Schneider at 2022-06-10T13:53:37+00:00
s3:tests: Reformat test_smbclient_kerberos.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
20e0fef9 by Andreas Schneider at 2022-06-10T13:53:37+00:00
s3:tests: Reformat test_smbclient_krb5.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
b828964f by Andreas Schneider at 2022-06-10T13:53:37+00:00
s3:tests: Reformat test_smbclient_large_file.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
3b672457 by Andreas Schneider at 2022-06-10T13:53:37+00:00
s3:tests: Reformat test_smbclient_list_servers.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
58e815f2 by Andreas Schneider at 2022-06-10T13:53:37+00:00
s3:tests: Reformat test_smbclient_log_basename.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
07d07b70 by Andreas Schneider at 2022-06-10T13:53:37+00:00
s3:tests: Reformat test_smbclient_machine_auth.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
c4d0c741 by Andreas Schneider at 2022-06-10T13:53:37+00:00
s3:tests: Reformat test_smbclient_mget.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
f5ecc958 by Andreas Schneider at 2022-06-10T13:53:37+00:00
s3:tests: Reformat test_smbclient_netbios_aliases.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
6f3e03a6 by Andreas Schneider at 2022-06-10T14:51:39+00:00
s3:tests: Reformat test_smbclient_ntlm.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
Autobuild-User(master): Günther Deschner <gd at samba.org>
Autobuild-Date(master): Fri Jun 10 14:51:39 UTC 2022 on sn-devel-184
- - - - -
17c733d9 by Michael Tokarev at 2022-06-10T18:12:33+00:00
spelling: connnect encrytion exisit expection explicit invalide missmatch paramater paramter partion privilige relase reponse seperate unkown verson authencication progagated
Tree-wide spellcheck for some common misspellings.
source3/utils/status.c has misspelled local variable (unkown_dialect).
"missmatch" is a known historical misspelling, only the incorrect
misspellings are fixed.
source3/locale/net/de.po has the spelling error (unkown) in two msgids -
it probably should be updated with current source.
Signed-off-by: Michael Tokarev <mjt at tls.msk.ru>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
89b7afa3 by Michael Tokarev at 2022-06-10T19:04:57+00:00
libgpo/admx/en-US/samba.adml spelling: authencication paramter
Signed-off-by: Michael Tokarev <mjt at tls.msk.ru>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Jun 10 19:04:57 UTC 2022 on sn-devel-184
- - - - -
2c9a4ef8 by Joseph Sutton at 2022-06-14T07:21:29+00:00
libcli:util: Update werror table
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
45f2e363 by Joseph Sutton at 2022-06-14T07:21:29+00:00
libcli/security: Fix typos
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
5045382c by Joseph Sutton at 2022-06-14T07:21:29+00:00
python: Don't use deprecated escape sequences
Certain escape sequences are not valid in Python string literals, and
will eventually result in a SyntaxError.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
9bd4c8bd by Joseph Sutton at 2022-06-14T07:21:29+00:00
s4:kdc: Add space in error message
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
0dad0e3f by Joseph Sutton at 2022-06-14T07:21:29+00:00
lib:krb5_wrap: Add const to parameters for smb_krb5_create_key_from_string()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
48bff3c4 by Joseph Sutton at 2022-06-14T07:21:29+00:00
dsdb/common: Make some parameters const
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
3dcdd13a by Joseph Sutton at 2022-06-14T08:18:06+00:00
tests/krb5: Use object() rather than auto() to initialise enums
This ensures that when an enum value is expected, a magic constant won't
be supplied instead.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Tue Jun 14 08:18:06 UTC 2022 on sn-devel-184
- - - - -
89e0c732 by Samuel Cabrero at 2022-06-14T09:25:31+00:00
replace: Check for -Wuse-after-free
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15095
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
971441ca by Samuel Cabrero at 2022-06-14T10:16:18+00:00
third_party/heimdal: Fix build with gcc version 12.1
Split lib/krb5/crypto to its own subsystem to built with its own CFLAGS
and avoid the following error:
[1510/4771] Compiling third_party/heimdal/lib/krb5/crypto.c
../../third_party/heimdal/lib/krb5/crypto.c: In function ‘_krb5_internal_hmac’:
../../third_party/heimdal/lib/krb5/crypto.c:302:24: warning: cast discards ‘const’ qualifier from pointer target type [-Wcast-qual]
302 | iov[0].data.data = (void *) data;
| ^
../../third_party/heimdal/lib/krb5/crypto.c: In function ‘derive_key_sp800_hmac’:
../../third_party/heimdal/lib/krb5/crypto.c:2427:18: warning: cast discards ‘const’ qualifier from pointer target type [-Wcast-qual]
2427 | label.data = (void *)constant;
| ^
../../third_party/heimdal/lib/krb5/crypto.c: In function ‘decrypt_internal_derived’:
../../third_party/heimdal/lib/krb5/crypto.c:1280:9: error: pointer ‘p’ may be used after ‘realloc’ [-Werror=use-after-free]
1280 | free(p);
| ^~~~~~~
../../third_party/heimdal/lib/krb5/crypto.c:1278:20: note: call to ‘realloc’ here
1278 | result->data = realloc(p, l);
| ^~~~~~~~~~~~~
../../third_party/heimdal/lib/krb5/crypto.c: In function ‘decrypt_internal_enc_then_cksum’:
../../third_party/heimdal/lib/krb5/crypto.c:1365:9: error: pointer ‘p’ may be used after ‘realloc’ [-Werror=use-after-free]
1365 | free(p);
| ^~~~~~~
../../third_party/heimdal/lib/krb5/crypto.c:1363:20: note: call to ‘realloc’ here
1363 | result->data = realloc(p, l);
| ^~~~~~~~~~~~~
../../third_party/heimdal/lib/krb5/crypto.c: In function ‘decrypt_internal’:
../../third_party/heimdal/lib/krb5/crypto.c:1431:9: error: pointer ‘p’ may be used after ‘realloc’ [-Werror=use-after-free]
1431 | free(p);
| ^~~~~~~
../../third_party/heimdal/lib/krb5/crypto.c:1429:20: note: call to ‘realloc’ here
1429 | result->data = realloc(p, l);
| ^~~~~~~~~~~~~
../../third_party/heimdal/lib/krb5/crypto.c: In function ‘decrypt_internal_special’:
../../third_party/heimdal/lib/krb5/crypto.c:1478:9: error: pointer ‘p’ may be used after ‘realloc’ [-Werror=use-after-free]
1478 | free(p);
| ^~~~~~~
../../third_party/heimdal/lib/krb5/crypto.c:1476:20: note: call to ‘realloc’ here
1476 | result->data = realloc(p, sz);
| ^~~~~~~~~~~~~~
cc1: all warnings being treated as errors
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15095
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Samuel Cabrero <scabrero at samba.org>
Autobuild-Date(master): Tue Jun 14 10:16:18 UTC 2022 on sn-devel-184
- - - - -
81aa4efa by Joseph Sutton at 2022-06-14T15:38:23+00:00
s4:kdc: Make RBCD access check less strict
Windows only requires SEC_ADS_CONTROL_ACCESS for the check to pass.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Tue Jun 14 15:38:23 UTC 2022 on sn-devel-184
- - - - -
a6c9c86b by Ralph Boehme at 2022-06-14T18:27:43+00:00
vfs_btrfs: reduce loglevel message to DEBUG in btrfs_fget_compression()
This restores behaviour of previous versions. The proper fix would be for the
ioctl() to work on O_PATH handles.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15004
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Jun 14 18:27:43 UTC 2022 on sn-devel-184
- - - - -
d9e561a8 by Andreas Schneider at 2022-06-15T06:54:49+00:00
s3:tests: Reformat test_smbclient_s3.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Wed Jun 15 06:54:49 UTC 2022 on sn-devel-184
- - - - -
a8091bd0 by Martin Schwenke at 2022-06-16T12:42:35+00:00
util: Add new debug setting debug_no_stderr_redirect
CTDB doesn't want this redirection of stderr to the log file. It
expects to be able to capture stderr of subprocesses and log them with
a header. This redirection stops that from happening.
Unfortunately this has to be a negative option (i.e. "no" in the name)
so that the default of 0/false maintains existing behaviour.
Note that the default behaviour is sub-optimal because it causes raw
data (i.e. debug data without a header) to appear in the log.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15090
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
1596a3e8 by Martin Schwenke at 2022-06-16T12:42:35+00:00
ctdb-common: Tell file logging not to redirect stderr
This allows ctdb_set_child_logging() to work.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15090
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
88f35cf8 by Martin Schwenke at 2022-06-16T12:42:35+00:00
ctdb-daemon: Drop unused prefix, logfn, logfn_private
These aren't set anywhere in the code.
Drop the log argument because it is also no longer used.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15090
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
e752f841 by Martin Schwenke at 2022-06-16T13:33:10+00:00
ctdb-daemon: Use DEBUG() macro for child logging
Directly using dbgtext() with file logging results in a log entry with
no header, which is wrong. This is a regression, introduced in commit
10d15c9e5dfe4e8595d0b322c96f474fc7078f46. Prior to this, CTDB's
callback for file logging would always add a header.
Use DEBUG() instead dbgtext(). Note that DEBUG() effectively compares
the passed script_log_level with DEBUGLEVEL, so an explicit check is
no longer necessary.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15090
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Thu Jun 16 13:33:10 UTC 2022 on sn-devel-184
- - - - -
fe78d3c0 by Jeremy Allison at 2022-06-17T01:28:29+00:00
s3: test: Add tests to show we still connect to a full_audit share with a bad success or fail VFS names.
Add knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15098
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ec91a583 by Jeremy Allison at 2022-06-17T01:28:29+00:00
s3: VFS: full_audit: Use correct DBG_ print messages in init_bitmap().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15098
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
69bb8853 by Jeremy Allison at 2022-06-17T01:28:29+00:00
s3: VFS: full_audit. Ensure the module doesn't load if an operation name is miss-spelled or otherwise unknown.
Document this new behavior. Remove knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15098
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6368b82f by Andreas Schneider at 2022-06-17T01:28:29+00:00
s3:tests: Reformat test_smbclient_tarmode.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
42e96b64 by Andreas Schneider at 2022-06-17T01:28:29+00:00
s3:tests: Reformat test_smbcquota.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0754d46c by Andreas Schneider at 2022-06-17T01:28:29+00:00
s3:tests: Reformat test_smbd_error.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a1520e4e by Andreas Schneider at 2022-06-17T01:28:29+00:00
s3:tests: Reformat test_smbd_no_krb5.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8b039153 by Andreas Schneider at 2022-06-17T01:28:29+00:00
s3:tests: Reformat test_smbget.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
627934bc by Andreas Schneider at 2022-06-17T01:28:29+00:00
s3:tests: Reformat test_smbpasswd.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2eea4409 by Andreas Schneider at 2022-06-17T01:28:29+00:00
s3:tests: Reformat test_smbspool.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7731fd6e by Andreas Schneider at 2022-06-17T01:28:29+00:00
s3:tests: Reformat test_smbstatus.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ce6a31d2 by Andreas Schneider at 2022-06-17T01:28:29+00:00
s3:tests: Reformat test_smbtorture_s3.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1f94e871 by Andreas Schneider at 2022-06-17T01:28:29+00:00
s3:tests: Reformat test_substitutions.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b8693606 by Andreas Schneider at 2022-06-17T01:28:29+00:00
s3:tests: Reformat test_success.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8722450d by Andreas Schneider at 2022-06-17T01:28:29+00:00
s3:tests: Reformat test_symlink_rename_smb1_posix.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0714a6b4 by Andreas Schneider at 2022-06-17T01:28:30+00:00
s3:tests: Reformat test_symlink_traversal_smb1.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
fcedbfbb by Andreas Schneider at 2022-06-17T01:28:30+00:00
s3:tests: Reformat test_symlink_traversal_smb1_posix.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
25ad724c by Andreas Schneider at 2022-06-17T01:28:30+00:00
s3:tests: Reformat test_symlink_traversal_smb2.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
66cabb8f by Douglas Bagnall at 2022-06-17T01:28:30+00:00
s3/smbd: stdin fstat failure is a failure
It seems we forgot we were in main.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c668b5ca by Douglas Bagnall at 2022-06-17T01:28:30+00:00
tests: test source4 cmdline/smb.conf log level
The 'log level' line in smb.conf allows messages from different log
classes to be sent to different places, but we have not tested that
this works. Now we do, somewhat.
The test involves running a special binary based on a stripped down
source4/samba/server.c that just starts up, parses the command line
and a given smb.conf, then logs messages from multiple classes and
exits.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ab949131 by Douglas Bagnall at 2022-06-17T01:28:30+00:00
tests: adapt logging test for s3.
There is one knownfail, where it seems an smb.conf like
log file = foo
log level = 2 tdb:2 at baa ldb:3
will send the ldb logs to 'baa' instead of 'foo' (i.e., the last
opened log file, rather than the default log file).
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
dfc9cf38 by Douglas Bagnall at 2022-06-17T01:28:30+00:00
tests: rename logging test source
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b94c8057 by Douglas Bagnall at 2022-06-17T01:28:30+00:00
debug: drop an '#if _SAMBA_BUILD_ == 3'
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1a6890a9 by Douglas Bagnall at 2022-06-17T01:28:30+00:00
debug: add DBG_DEV()
This can be a useful macro when you are trying to track the behaviour
of one process out of the dozens that samba starts up, and when your
interest is in following it over time, not necessarily in a single
stack.
In DEVELOPER mode, if you call 'debug_developer_enable()' in the
process you're following, then any instances of DBG_DEV() will work
like DBG_ERR(), also adding ":DEV:12345:" where "12345" is the pid of
th current process.
Within debug.c itself, the macro always writes to stderr, because the
debug.c functions are not all reentrant.
When not in DEVELOPER MODE, the macro evaluates to nothing.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c7254de6 by Douglas Bagnall at 2022-06-17T01:28:30+00:00
util/debug: share classname table with tests
The executables generated from lib/util/tests/test_logging.c are used
by the samba.tests.logfiles tests to test logging with various
smb.confs that assign classes to various files at different levels
etc.
Previously test_logging.c had its own version of the table; now it
shares one with debug.c
We put the table in a sub-directory (lib/util/debug-classes/), because
adding local_include=True to the wscript_build stanza causes the
compiler confusion between <time.h> and lib/util/time.h.
Note: there are still two other lists of the class names, in
python/samba/tests/logfiles.py and
docs-xml/smbdotconf/logging/loglevel.xml.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
247a39bb by Douglas Bagnall at 2022-06-17T01:28:30+00:00
torture/dlz: putrr callback recognises more than A records
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15040
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9b47d818 by Douglas Bagnall at 2022-06-17T01:28:30+00:00
torture/dlz: reserve test_ prefix for actual tests
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15040
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5d89c90a by Douglas Bagnall at 2022-06-17T01:28:30+00:00
torture/dlz: minor reformatting for README.Coding
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15040
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
937c2cd3 by Douglas Bagnall at 2022-06-17T01:28:30+00:00
torture/bind_dlz: return the right kind of failure
torture_fail() is a macro that returns false, which evaluates to ISC_R_SUCCESS
in int context.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15040
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d0d18934 by Douglas Bagnall at 2022-06-17T01:28:30+00:00
torture: add torture_assertf()
Often we go 'torture_assert(tctx, expr, talloc_asprintf(tctx, "foo
%s", foo));' which is just a pain.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15040
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
aae68994 by Douglas Bagnall at 2022-06-17T01:28:30+00:00
tortures/dlz: more DNS update tests
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15040
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
590d2e16 by Michael Saxl at 2022-06-17T01:28:30+00:00
dlz_bind9: call dns_name_is_static before adding space for record
dns_name_is_static is called after adding a uninitialized element to
recs. There is a chance that the uninizialized memory reads a element
with dwTimeStamp=0 and wType!=0. In that case dns_name_is_static will
return true
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15040
Signed-off-by: Michael Saxl <mike at mwsys.mine.bz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f1017c6f by Douglas Bagnall at 2022-06-17T01:28:30+00:00
dns/dlz: remember old timestamp for dynamic records
If we don't tell dns_common_replace() the old timestamp, it will
think the node is static because the timestamp is 0.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15040
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8261545a by Douglas Bagnall at 2022-06-17T01:28:30+00:00
bind_dlz: some commentary for b9_format
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
eaf829ad by Douglas Bagnall at 2022-06-17T02:18:32+00:00
s4/torture/unix_info2: return NULL on failure
false is also NULL, but NULL is NULLer.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Fri Jun 17 02:18:32 UTC 2022 on sn-devel-184
- - - - -
39672a96 by Noel Power at 2022-06-17T16:20:35+00:00
Add new dfs node msdfs-share pointing to new msdfs-share2
Also add another node within msdfs-share2 pointing to normal share
This patch is in preperation for creating a test for 'del' &
'deltree' on DFS shares. The extra redirection is necessary to
reproduce the bug
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15100
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
db1b4df0 by Noel Power at 2022-06-17T16:20:35+00:00
Add test smbclient 'del' of file (on DFS share)
del of a file on a DFS share results in NT_STATUS_OBJECT_PATH_NOT_FOUND
Addionally add a knownfail (will be removed in following patch to
fix the bug)
We also need to add a knownfail (which will not be removed) for the
new test which will fail in smb1 envs
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15100
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
7c4cb498 by Noel Power at 2022-06-17T16:20:35+00:00
s3/client: fix dfs delete, resolve dfs path
since 4cc4938a2866738aaff4dc91550bb7a5ad05d7fb do_list seems
to deal with non dfs root path, hence we need to resolve the
path before calling cli_unlink.
Also remove the knownfail
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15100
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
23a5a05d by Noel Power at 2022-06-17T16:20:35+00:00
Add test smbclient 'delree' of dir (on DFS share)
deltree of a file on a DFS share results in NT_STATUS_OBJECT_PATH_NOT_FOUND
Addionally add a knownfail for this (to be removed in subsequent patch
to fix bug)
We also need to add a knownfail (which will not be removed) for the
new test which will fail in smb1 envs
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15100
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
81fdcf95 by Noel Power at 2022-06-17T17:12:07+00:00
s3/client: fix dfs deltree, resolve dfs path
since 4cc4938a2866738aaff4dc91550bb7a5ad05d7fb do_list seems
to deal with non dfs root path, hence we need to resolve the
path before calling cli_unlink.
Also remove the knownfail
We additionally have to also remove the fallback to remove 'file3'
int the smbcacls_dfs_propagate_inherit.teardown as the deltree
that happens in the baseclass now succeeds.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15100
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Jun 17 17:12:07 UTC 2022 on sn-devel-184
- - - - -
238b2cbb by Jeremy Allison at 2022-06-20T13:25:31+00:00
s3: tests: Add test that shows smbd crashes using vfs_fruit with fruit:resource = stream on deleting a file.
Add knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15099
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
808a7b8b by Jeremy Allison at 2022-06-20T14:24:20+00:00
s3: VFS: streams_xattr: Add the same accommodation to streams_xattr_unlinkat() as used in streams_xattr_renameat().
vfs_fruit passes a synthetic filename here where smb_fname->fsp==NULL
when configured to use "fruit:resource = stream" so we need to use
synthetic_pathref() to get an fsp on the smb_fname->base_name
in order to call SMB_VFS_FREMOVEXATTR().
This is the same change we already use in streams_xattr_renameat()
and streams_xattr_stat(), the other pathname operations we implement
here.
Remove knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15099
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
Autobuild-User(master): Noel Power <npower at samba.org>
Autobuild-Date(master): Mon Jun 20 14:24:20 UTC 2022 on sn-devel-184
- - - - -
7897bc8c by Björn Jacke at 2022-06-20T18:18:15+00:00
security.idl: add missing BUILTIN SIDs
see:
https://docs.microsoft.com/en-us/windows/win32/secauthz/well-known-sids
https://docs.microsoft.com/en-us/windows/security/identity-protection/access-control/active-directory-security-groups
https://docs.microsoft.com/en-us/troubleshoot/windows-server/identity/security-identifiers-in-windows
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon Jun 20 18:18:15 UTC 2022 on sn-devel-184
- - - - -
a7fe9b56 by Andreas Schneider at 2022-06-22T09:12:31+00:00
s3:tests: Reformat test_testparm_s3.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
7dce28b7 by Andreas Schneider at 2022-06-22T09:12:31+00:00
s3:tests: Reformat test_tevent_glib_glue.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
85603a5e by Andreas Schneider at 2022-06-22T09:12:31+00:00
s3:tests: Reformat test_timestamps.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
a10f4dff by Andreas Schneider at 2022-06-22T09:12:31+00:00
s3:tests: Reformat test_usernamemap.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
a8303298 by Andreas Schneider at 2022-06-22T09:12:31+00:00
s3:tests: Reformat test_valid_users.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
79ef1f64 by Andreas Schneider at 2022-06-22T09:12:31+00:00
s3:tests: Reformat test_veto_rmdir.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
a73b4bf8 by Andreas Schneider at 2022-06-22T09:12:31+00:00
s3:tests: Reformat test_virus_scanner.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
c9f328b7 by Andreas Schneider at 2022-06-22T09:12:31+00:00
s3:tests: Reformat test_wbinfo_lookuprids_cache.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
e652a764 by Andreas Schneider at 2022-06-22T09:12:31+00:00
s3:tests: Reformat test_wbinfo_sids2xids.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
ee972c11 by Andreas Schneider at 2022-06-22T09:12:31+00:00
s3:tests: Reformat test_winbind_ignore_domains.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
7677b89a by Andreas Schneider at 2022-06-22T09:12:31+00:00
s3:tests: Reformat test_zero_data.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
4bb7f293 by Andreas Schneider at 2022-06-22T09:12:31+00:00
s3:tests: Reformat wb_pad.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
a8c6b30e by Andreas Schneider at 2022-06-22T09:12:31+00:00
s3:tests: Reformat full_audit_segfault/run.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
e862d7e7 by Andreas Schneider at 2022-06-22T09:12:31+00:00
s3:tests: Reformat stream-depot/run.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
5467252f by Andreas Schneider at 2022-06-22T09:12:31+00:00
s3:tests: Reformat vfstest-acl/run.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
5cfd0b9f by Andreas Schneider at 2022-06-22T09:12:31+00:00
s3:tests: Reformat vfstest-catia/run.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
3d57bb74 by Andreas Schneider at 2022-06-22T10:10:48+00:00
s3:tests: Reformat xattr-tdb-1/run.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
Autobuild-User(master): Günther Deschner <gd at samba.org>
Autobuild-Date(master): Wed Jun 22 10:10:48 UTC 2022 on sn-devel-184
- - - - -
e9e5b3ae by Andreas Schneider at 2022-06-22T10:53:36+00:00
testprogs: Fix auth with smbclient and krb5 ccache
--use-kerberos=required will ask the user to provide a username and
password to do a kinit. The test will open a password prompt in this
case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15104
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
2dbd3210 by Andreas Schneider at 2022-06-22T10:53:36+00:00
lib:cmdline: Fix error handling of --use-kerberos=desired|required|off
Best reviewed with `git show -b`
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15104
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
7cc340f9 by Andreas Schneider at 2022-06-22T10:53:36+00:00
lib:cmdline: Fix error handling of --use-krb5-ccache=CCACHE
Best reviewed with `git show -b`
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15104
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
f68374aa by Andreas Schneider at 2022-06-22T11:49:23+00:00
lib:cmdline: Fix error handling of --client-protection=sign|encrypt|off
Best reviewed with `git show -b`
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15104
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Wed Jun 22 11:49:23 UTC 2022 on sn-devel-184
- - - - -
f3de9f6c by Andrew Bartlett at 2022-06-22T15:50:33+00:00
build: Allow &pathconfig XML entities to be used in all manpages, not just smb.conf
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15101
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
45094bd8 by Andrew Bartlett at 2022-06-22T15:50:33+00:00
docs-xml: Use &pathconfig.WINBINDD_SOCKET_DIR; to avoid reference to old /tmp/.winbindd
We can now write docs that follow how the software on this system was
built, which is much less confusing for users. Also /tmp/.winbindd
has not been used for a long time.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15101
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
6f96bb40 by Andrew Bartlett at 2022-06-22T15:50:33+00:00
docs: Show current system path for smb.conf in &smb.conf entity
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
9788e92b by Andrew Bartlett at 2022-06-22T16:43:30+00:00
build: Ensure that SAMBA_GENERATOR() tasks fail on error
Previously the error from inside the shell was eaten.
This showed up particularly as a failure to notice errors when running xsltproc
to build the manpages.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Wed Jun 22 16:43:30 UTC 2022 on sn-devel-184
- - - - -
994c262b by Ralph Boehme at 2022-06-22T18:05:32+00:00
vfs_gpfs: use sys_fstatat() in stat_with_capability()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12421
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Bjoern Jacke <bjacke at samba.org>
- - - - -
7011573e by Björn Jacke at 2022-06-22T18:05:32+00:00
docs-xml: add nfs4.xml.include documenting the generic NFS4 ACL parameters
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
- - - - -
f0d92e8d by Björn Jacke at 2022-06-22T18:05:32+00:00
docs_xml: use the nfs4 parameter include file in gpfs man page
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
- - - - -
1c2b9625 by Björn Jacke at 2022-06-22T18:05:32+00:00
docs_xml: use the nfs4 parameter include file in zfsacl man page
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
- - - - -
10040589 by Björn Jacke at 2022-06-22T18:57:52+00:00
docs-xml: add missing generic nfs4 parameters in nfs4_xattr man page
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
Autobuild-User(master): Christof Schmitt <cs at samba.org>
Autobuild-Date(master): Wed Jun 22 18:57:53 UTC 2022 on sn-devel-184
- - - - -
8458449d by Andreas Schneider at 2022-06-24T09:48:38+00:00
s3:waf: Fix version number of public libsmbconf
Error: ldconfig: /lib64/libsmbconf.so.0 is not a symbolic link
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15108
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Fri Jun 24 09:48:38 UTC 2022 on sn-devel-184
- - - - -
a43a1ebe by Martin Schwenke at 2022-06-24T09:49:32+00:00
ctdb-tests: Reformat script
Samba is reformatting shell scripts using
shfmt -w -p -i 0 -fn
so update this one before editing.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
09fd1e55 by Martin Schwenke at 2022-06-24T09:49:32+00:00
ctdb-scripts: Move nfslock out of basic_stop() and basic_start()
These are only called in one place and should be done inline, since
that is less confusing.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
cd018d0f by Martin Schwenke at 2022-06-24T09:49:32+00:00
ctdb-scripts: Simplify and rename basic_stop() and basic_start()
Drop the argument. These now just stop/start the overall NFS service,
so rename them appropriately.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
8b8660d8 by Martin Schwenke at 2022-06-24T09:49:32+00:00
ctdb-scripts: Refactor the manual RPC service start/stop
This logic needs improving, so factor the decision making into new
functions service_or_manual_stop() and service_or_manual_start().
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
337ef7c1 by Martin Schwenke at 2022-06-24T09:49:32+00:00
ctdb-scripts: Set NFS services to "AUTO" if started by another service
For example, in Sys-V init "rquotad" is started by the main "nfs"
service. At the moment the call-out can't distinguish between this
case and "should never be run". Services set to "AUTO" are
hand-stopped/started via service_stop()/service_start() on failure via
restart_after.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
7f3a0c7e by Martin Schwenke at 2022-06-24T09:49:32+00:00
ctdb-scripts: Parameterise /etc directory to aid testing
At the moment test results can be influenced by real system
configuration files.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
0b728a4e by Martin Schwenke at 2022-06-24T09:49:33+00:00
ctdb-tests: Improve Debian-style event script unit testing
Tests can be run by hand using different distro styles, such as:
CTDB_NFS_DISTRO_STYLE=systemd-debian \
./tests/run_tests.sh ./tests/UNIT/eventscripts/{06,60}.nfs.*
This fixes known problems for Debian styles, so the tests now pass for
the following values of CTDB_NFS_DISTRO_STYLE:
systemd-redhat
sysvinit-redhat
systemd-debian
sysvinit-debian
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
7f799a8d by Martin Schwenke at 2022-06-24T09:49:33+00:00
ctdb-tests: Fix faking of program stack traces
The current code works in all current cases but is lazy and wrong.
Fix it to avoid breaking on code changes involving different thread
setups.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
0247fd8a by Martin Schwenke at 2022-06-24T09:49:33+00:00
ctdb-scripts: Avoid ShellCheck warning SC2162
SC2162 read without -r will mangle backslashes
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
4cbb0b13 by Martin Schwenke at 2022-06-24T09:49:33+00:00
ctdb-tests: Do not require eval tricks for faking NFS callout
The current code requires the use of eval in the NFS callout handling
to facilitate testing. Improve the code to remove this need.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
80ba6601 by Martin Schwenke at 2022-06-24T10:40:50+00:00
ctdb-scripts: Drop use of eval in CTDB callout handling
eval is not required and causes the follow ShellCheck warning:
SC2294 (warning): eval negates the benefit of arrays. Drop eval to
preserve whitespace/symbols (or eval as string).
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay at samba.org>
Autobuild-Date(master): Fri Jun 24 10:40:50 UTC 2022 on sn-devel-184
- - - - -
cd09d4f4 by Andreas Schneider at 2022-06-24T22:29:33+00:00
third_party: Update nss_wraper to version 1.1.12
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Jun 24 22:29:33 UTC 2022 on sn-devel-184
- - - - -
68c57d9f by Joseph Sutton at 2022-06-26T22:10:29+00:00
tests/krb5: Add test for presence of NT hash
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
18f2a6b2 by Joseph Sutton at 2022-06-26T22:10:29+00:00
s4:kdc: Add helper function to extract AES256 key and salt
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6029e225 by Andrew Bartlett at 2022-06-26T22:10:29+00:00
s4-auth: For LDAP simple bind, fall back to checking the ENCTYPE_AES256_CTS_HMAC_SHA1_96 if stored
Since we don't store a salt per-key, but only a single salt, when we do
not have the NT hash in the unicodePwd (eg ntlm auth = disabled), the check
will fail for a previous password if the account was renamed prior to a
newer password being set.
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
d2a473a7 by Andrew Bartlett at 2022-06-26T22:10:29+00:00
dsdb: Allow password history and password changes without an NT hash
We now allow this to be via the ENCTYPE_AES256_CTS_HMAC_SHA1_96 hash instead
which allows us to decouple Samba from the unsalted NT hash for
organisations that are willing to take this step (for user accounts).
(History checking is limited to the last three passwords only, as
ntPwdHistory is limited to NT hash values, and the PrimaryKerberosCtr4
package only stores three sets of keys.)
Since we don't store a salt per-key, but only a single salt, the check
will fail for a previous password if the account was renamed prior to a
newer password being set.
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
0d9835e1 by Joseph Sutton at 2022-06-26T22:10:29+00:00
auth/credentials: Add cli_credentials_get_aes256_key()
This allows us to generate AES256 keys from a given password and salt.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f33aa94c by Joseph Sutton at 2022-06-26T22:10:29+00:00
auth/credentials: Add get_aes256_key()
This makes it possible to generate AES256 keys in Python from a given
password and salt.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
aa9136ab by Joseph Sutton at 2022-06-26T22:10:29+00:00
samba-tool user: When possible, obtain AES256 key and salt
We will make use of these in the next commit to check that the
supplemental packages are up-to-date with the current password.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e6957c1d by Joseph Sutton at 2022-06-26T22:10:29+00:00
samba-tool user: Accomodate missing unicodePwd in getpassword command
To allow for the NT hash not being stored when NTLM authentication is
disabled, we use the AES256 key instead for verification against the
other packages if the unicodePwd attribute is not present.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e8517ee7 by Andrew Bartlett at 2022-06-26T22:10:29+00:00
WHATSNEW: Announce support for dropping the NT hash
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
f06b40a9 by Andreas Schneider at 2022-06-26T23:08:03+00:00
bootstrap: Use quay.io to download fedora images
The docker registry is rate limited now. This often leads to errors, so
use the Red Hat registry.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Sun Jun 26 23:08:03 UTC 2022 on sn-devel-184
- - - - -
f2b6258b by Ralph Boehme at 2022-06-27T15:50:29+00:00
vfs_acl_xattr: add acl_xattr:security_acl_name option
Pair-Programmed-With: Jeremy Allison <jra at samba.org>
Signed-off-by: Ralph Boehme <slow at samba.org>
- - - - -
5b69b62d by Samuel Cabrero at 2022-06-27T15:50:29+00:00
s3:printing: Fix temporary talloc context leak
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ed89ef46 by Samuel Cabrero at 2022-06-27T15:50:29+00:00
s3:libads: Clear previous CLDAP ping flags when reusing the ADS_STRUCT
Fixes the problem described in commit a26f535dedc651afa2a25dd37113ac71787197ff
but for ads_domain_func_level() function.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
6223dea3 by Samuel Cabrero at 2022-06-27T15:50:29+00:00
s3:libads: Pass the correct ADS_STRUCT pointer to ads_msgfree
The search is performed using the ads_s pointer.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
337d7df4 by Samuel Cabrero at 2022-06-27T15:50:29+00:00
s3:winbind: Remove dupplicated talloc_get_type() call
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
600f081c by Samuel Cabrero at 2022-06-27T15:50:29+00:00
s3:winbind: Fix a memory leak in ads_idmap_cached_connection()
The trust password was leaked.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
6e3135ff by Samuel Cabrero at 2022-06-27T15:50:29+00:00
s3:winbind: Fix a memory leak in ads_cached_connection()
The trust password was leaked.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1b4d33d8 by Samuel Cabrero at 2022-06-27T15:50:29+00:00
s3:libnet: Allocate the machine name string under its container's talloc context
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
392cd137 by Samuel Cabrero at 2022-06-27T15:50:29+00:00
s3:libnet: Allocate the machine name string under its container's talloc context
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
577fdd0f by Samuel Cabrero at 2022-06-27T15:50:29+00:00
pygpo: Make ads_ADSType object inherit from pytalloc_BaseObject
Prepare to allocate ADS_STRUCT under a talloc context.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ee8ff51c by Samuel Cabrero at 2022-06-27T15:50:29+00:00
s3:netapi: Allocate a temporary talloc context for NetGetJoinableOUs_l()
Prepare to allocate ADS_STRUCT under a talloc context.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
9cbe5503 by Samuel Cabrero at 2022-06-27T15:50:29+00:00
s3:libnet: Allocate a temporary talloc context in libnet_connect_ads()
Prepare to allocate ADS_STRUCT under a talloc context. Pass a talloc
context where the ads struct will be moved on success.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
db052963 by Samuel Cabrero at 2022-06-27T15:50:29+00:00
s3:libsmb: Allocate a temporary talloc context for ads_dc_name()
Prepare to allocate ADS_STRUCT under a talloc context.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
6130d113 by Samuel Cabrero at 2022-06-27T15:50:29+00:00
s3:printing: Allocate a temporary talloc context for nt_printer_publish()
Prepare to allocate ADS_STRUCT under a talloc context.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f4d0db0d by Samuel Cabrero at 2022-06-27T15:50:29+00:00
s3:winbind: Pass a memory context to ads_idmap_cached_connection()
Prepare to allocate ADS_STRUCT under a talloc context.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e8d3acd3 by Samuel Cabrero at 2022-06-27T15:50:29+00:00
s3:winbind: Return ADS_STATUS from ads_cached_connection()
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
fd5e1f16 by Samuel Cabrero at 2022-06-27T15:50:29+00:00
s3:winbind: Init pointers to NULL and use new debug macros
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
4350d9cd by Samuel Cabrero at 2022-06-27T15:50:29+00:00
s3:winbind: Allocate a temporary talloc context for ads_idmap_cached_connection()
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
cec0b404 by Samuel Cabrero at 2022-06-27T15:50:29+00:00
s3:winbind: Allocate a temporary memory context for ads_cached_connection()
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
2c753ad6 by Samuel Cabrero at 2022-06-27T15:50:29+00:00
s3:winbind: Pass a memory context to ads_cached_connection_connect()
The ads struct will be allocated under this context.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
5fe49299 by Samuel Cabrero at 2022-06-27T15:50:29+00:00
s3:winbind: Create a temporary talloc context for ads_cached_connection_connect()
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d42849c5 by Samuel Cabrero at 2022-06-27T15:50:29+00:00
s3:winbind: Factor out dcip_check_name_ads()
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
23bc40f6 by Samuel Cabrero at 2022-06-27T15:50:29+00:00
s3:winbind: Early return on error in dcip_check_name_ads()
Also use new debug macros and improve debug message.
Best viewed with "git diff -b".
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
cfa6da86 by Samuel Cabrero at 2022-06-27T15:50:29+00:00
s3:winbind: Allocate a temporary memory context for dcip_check_name_ads()
Prepare to allocate ADS_STRUCT under a talloc context.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
20936391 by Samuel Cabrero at 2022-06-27T15:50:29+00:00
s3:libads: Rename talloc context
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
91630335 by Samuel Cabrero at 2022-06-27T15:50:29+00:00
s3:libads: Allocate temporary memory context for ads_domain_func_level()
Prepare to allocate ADS_STRUCT under talloc context.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
fa6dc883 by Samuel Cabrero at 2022-06-27T15:50:29+00:00
s3:net: Refactor net_ads_lookup(), allocate a talloc context
ADS_STRUCT will be allocated in the talloc context.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
aeaf1e48 by Samuel Cabrero at 2022-06-27T15:50:29+00:00
s3:net: Refactor net_ads_info(), allocate a talloc context
ADS_STRUCT will be allocated in the talloc context.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
88718870 by Samuel Cabrero at 2022-06-27T15:50:29+00:00
s3:net: Refactor net_ads_workgroup(), allocate a talloc context
ADS_STRUCT will be allocated in the talloc context.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
0693b9aa by Samuel Cabrero at 2022-06-27T15:50:29+00:00
s3:net: Pass a memory context to ads_startup_nobind()
The ads struct will be allocated under this context.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
5f587ab0 by Samuel Cabrero at 2022-06-27T15:50:29+00:00
s3:net: Refactor ads_user_add(), allocate a talloc context
ADS_STRUCT will be allocated in the talloc context.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
eaa7411c by Samuel Cabrero at 2022-06-27T15:50:29+00:00
s3:net: Refactor ads_user_info(), allocate a talloc context
ADS_STRUCT will be allocated in the talloc context.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
3c2b813a by Samuel Cabrero at 2022-06-27T15:50:29+00:00
s3:net: Refactor ads_user_delete(), allocate a talloc context
ADS_STRUCT will be allocated in the talloc context.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
937021d5 by Samuel Cabrero at 2022-06-27T15:50:29+00:00
s3:net: Refactor net_ads_user(), allocate a talloc context
ADS_STRUCT will be allocated in the talloc context.
Best viewed using "git diff -b".
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
66a72fbe by Samuel Cabrero at 2022-06-27T15:50:29+00:00
s3:net: Refactor ads_group_add(), allocate a talloc context
ADS_STRUCT will be allocated in the talloc context.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
356aa3e3 by Samuel Cabrero at 2022-06-27T15:50:29+00:00
s3:net: Refactor ads_group_delete(), allocate a talloc context
ADS_STRUCT will be allocated in the talloc context.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
786e0394 by Samuel Cabrero at 2022-06-27T15:50:29+00:00
s3:net: Refactor net_ads_group(), allocate a talloc context
ADS_STRUCT will be allocated in the talloc context.
Best viewed with "git diff -b".
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ce9da6e6 by Samuel Cabrero at 2022-06-27T15:50:29+00:00
s3:net: Refactor net_ads_status(), allocate a talloc context
ADS_STRUCT will be allocated in the talloc context.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
818ed102 by Samuel Cabrero at 2022-06-27T15:50:29+00:00
s3:net: Refactor net_ads_leave(), allocate a talloc context
ADS_STRUCT will be allocated in the talloc context.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f810a41f by Samuel Cabrero at 2022-06-27T15:50:29+00:00
s3:net: Refactor net_ads_join_ok(), allocate a talloc context
ADS_STRUCT will be allocated in the talloc context.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ec00cbc6 by Samuel Cabrero at 2022-06-27T15:50:29+00:00
s3:net: Refactor net_ads_join(), allocate a talloc context
ADS_STRUCT will be allocated in the talloc context.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d92055e0 by Samuel Cabrero at 2022-06-27T15:50:29+00:00
s3:net: Refactor net_ads_dns_register(), allocate a talloc context
ADS_STRUCT will be allocated in the talloc context.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1867b09c by Samuel Cabrero at 2022-06-27T15:50:29+00:00
s3:net: Refactor net_ads_dns_unregister(), allocate a talloc context
ADS_STRUCT will be allocated in the talloc context.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
507c90e2 by Samuel Cabrero at 2022-06-27T15:50:29+00:00
s3:net: Refactor net_ads_printer_search(), allocate a talloc context
ADS_STRUCT will be allocated in the talloc context.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
7f2267cc by Samuel Cabrero at 2022-06-27T15:50:29+00:00
s3:net: Refactor net_ads_printer_info(), allocate a talloc context
ADS_STRUCT will be allocated in the talloc context.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
75a3f380 by Samuel Cabrero at 2022-06-27T15:50:29+00:00
s3:net: Refactor net_ads_printer_publish(), allocate a talloc context
ADS_STRUCT will be allocated in the talloc context.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
bb1a3448 by Samuel Cabrero at 2022-06-27T15:50:30+00:00
s3:net: Refactor net_ads_printer_remove(), allocate a talloc context
ADS_STRUCT will be allocated in the talloc context.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
4e2f7cf5 by Samuel Cabrero at 2022-06-27T15:50:30+00:00
s3:net: Refactor net_ads_password(), allocate a talloc context
ADS_STRUCT will be allocated in the talloc context.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
407e156d by Samuel Cabrero at 2022-06-27T15:50:30+00:00
s3:net: Refactor net_ads_changetrustpw(), allocate a talloc context
ADS_STRUCT will be allocated in the talloc context.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f665c661 by Samuel Cabrero at 2022-06-27T15:50:30+00:00
s3:net: Refactor net_ads_search(), allocate a talloc context
ADS_STRUCT will be allocated in the talloc context.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c0ed4d85 by Samuel Cabrero at 2022-06-27T15:50:30+00:00
s3:net: Refactor net_ads_dn(), allocate a talloc context
ADS_STRUCT will be allocated in the talloc context.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c443b0b1 by Samuel Cabrero at 2022-06-27T15:50:30+00:00
s3:net: Refactor net_ads_sid(), allocate a talloc context
ADS_STRUCT will be allocated in the talloc context.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
484345bd by Samuel Cabrero at 2022-06-27T15:50:30+00:00
s3:net: Refactor net_ads_keytab_flush(), allocate a talloc context
ADS_STRUCT will be allocated in the talloc context.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d4937439 by Samuel Cabrero at 2022-06-27T15:50:30+00:00
s3:net: Refactor net_ads_keytab_add(), allocate a talloc context
ADS_STRUCT will be allocated in the talloc context.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
04fa6e98 by Samuel Cabrero at 2022-06-27T15:50:30+00:00
s3:net: Refactor net_ads_keytab_create(), allocate a talloc context
ADS_STRUCT will be allocated in the talloc context.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d8c84717 by Samuel Cabrero at 2022-06-27T15:50:30+00:00
s3:net: Refactor net_ads_setspn_list(), allocate a talloc context
ADS_STRUCT will be allocated in the talloc context.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d4059d52 by Samuel Cabrero at 2022-06-27T15:50:30+00:00
s3:net: Refactor net_ads_setspn_add(), allocate a talloc context
ADS_STRUCT will be allocated in the talloc context.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
998e9b9a by Samuel Cabrero at 2022-06-27T15:50:30+00:00
s3:net: Refactor net_ads_setspn_delete(), allocate a talloc context
ADS_STRUCT will be allocated in the talloc context.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1b04ae0d by Samuel Cabrero at 2022-06-27T15:50:30+00:00
s3:net: Refactor net_ads_enctypes_list(), allocate a talloc context
ADS_STRUCT will be allocated in the talloc context.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
5a4ccc5e by Samuel Cabrero at 2022-06-27T15:50:30+00:00
s3:net: Refactor net_ads_enctypes_set(), allocate a talloc context
ADS_STRUCT will be allocated in the talloc context.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
923db0f2 by Samuel Cabrero at 2022-06-27T15:50:30+00:00
s3:net: Refactor net_ads_enctypes_delete(), allocate a talloc context
ADS_STRUCT will be allocated in the talloc context.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
2979196d by Samuel Cabrero at 2022-06-27T15:50:30+00:00
s3:net: Exit returning -1 when usage is displayed
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
07487833 by Samuel Cabrero at 2022-06-27T15:50:30+00:00
s3:net: Pass a talloc context to ads_startup()
The ads struct will be allocated under this context.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ba7a3667 by Samuel Cabrero at 2022-06-27T15:50:30+00:00
s3:net: Pass a talloc context to ads_startup_int()
The ads struct will be allocated under this context.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e6cd1be1 by Samuel Cabrero at 2022-06-27T15:50:30+00:00
s3:libads: Remove unused define
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d0054180 by Samuel Cabrero at 2022-06-27T15:50:30+00:00
s3:libads: Move the ads_destroy() function up in the file
Will be static soon
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
50934b85 by Samuel Cabrero at 2022-06-27T15:50:30+00:00
s3:net: Refactor net_ads_check_int(), allocate a talloc context
ADS_STRUCT will be allocated in the talloc context.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d0dc0171 by Samuel Cabrero at 2022-06-27T15:50:30+00:00
s3:libads: Allocate ADS_STRUCT under a talloc context
The ads_destroy() function is now static and only called from the
ADS_STRUCT destructor.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e60d2bc8 by Samuel Cabrero at 2022-06-27T15:50:30+00:00
s3:libads: Remove no longer used is_mine flag from ADS_STRUCT
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
cdef6011 by Samuel Cabrero at 2022-06-27T15:50:30+00:00
s3:libads: Alloc ads->server.realm under ADS_STRUCT talloc context
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
5ec9b8ef by Samuel Cabrero at 2022-06-27T15:50:30+00:00
s3:libads: Allocate ads->server.workgroup under ADS_STRUCT talloc context
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
cc8465f1 by Samuel Cabrero at 2022-06-27T15:50:30+00:00
s3:libads: Allocate ads->server.ldap_server under ADS_STRUCT talloc context
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c1ab3916 by Samuel Cabrero at 2022-06-27T15:50:30+00:00
s3:libads: Allocate ads->auth.realm under ADS_STRUCT talloc context
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d64335ea by Samuel Cabrero at 2022-06-27T15:50:30+00:00
s3:libads: Allocate ads->auth.password under ADS_STRUCT talloc context
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
633ccc55 by Samuel Cabrero at 2022-06-27T15:50:30+00:00
s3:libads: Allocate ads->auth.user_name under ADS_STRUCT talloc context
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ca7ac79f by Samuel Cabrero at 2022-06-27T15:50:30+00:00
s3:libads: Allocate ads->auth.kdc_server under ADS_STRUCT talloc context
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
89c3f224 by Samuel Cabrero at 2022-06-27T15:50:30+00:00
s3:libads: Print ads->auth.ccache_name in ndr_print_ads_struct()
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ed784ed0 by Samuel Cabrero at 2022-06-27T15:50:30+00:00
s3:libads: Allocate ads->auth.ccache_name under ADS_STRUCT talloc context
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
b8a0446a by Samuel Cabrero at 2022-06-27T15:50:30+00:00
s3:libads: Allocate ads->config.realm under ADS_STRUCT talloc context
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
9530ca85 by Samuel Cabrero at 2022-06-27T15:50:30+00:00
s3:libads: Return ADS_STATUS from ads_build_path()
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
b2381e10 by Samuel Cabrero at 2022-06-27T15:50:30+00:00
s3:libads: Return ADS_STATUS from ads_build_dn()
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
dd9e0f11 by Samuel Cabrero at 2022-06-27T15:50:30+00:00
s3:libads: Allocate ads->config.bind_path under ADS_STRUCT talloc context
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
dcf6578d by Samuel Cabrero at 2022-06-27T15:50:30+00:00
s3:libads: Allocate ads->config.ldap_server_name under ADS_STRUCT talloc context
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
40cd9204 by Samuel Cabrero at 2022-06-27T15:50:30+00:00
s3:libads: Allocate ads->config.server_site_name under ADS_STRUCT talloc context
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
9fe2cf1b by Samuel Cabrero at 2022-06-27T15:50:30+00:00
s3:libads: Allocate ads->config.client_site_name under ADS_STRUCT talloc context
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
6ca5eacc by Samuel Cabrero at 2022-06-27T15:50:30+00:00
s3:libads: Allocate ads->config.schema_path under ADS_STRUCT talloc context
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
8ea0dd1a by Samuel Cabrero at 2022-06-27T15:50:30+00:00
s3:libads: Allocate ads->config.config_path under ADS_STRUCT talloc context
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
3d6ec74f by Samuel Cabrero at 2022-06-27T15:50:30+00:00
s3:libads: RIP ads_destroy()
All ADS_STRUCT members are allocated under its talloc context.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
da589447 by Jeremy Allison at 2022-06-27T16:48:31+00:00
s3: net_ads: Cleanup, remove unused talloc_ctx in net_ads_kerberos_kinit().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Samuel Cabrero <scabrero at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon Jun 27 16:48:32 UTC 2022 on sn-devel-184
- - - - -
d96a6caf by Andreas Schneider at 2022-06-27T19:47:28+00:00
s4:libads: Fix trailing whitespaces in ldap.c
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
fbf134c8 by Andreas Schneider at 2022-06-27T20:39:31+00:00
s3:libads: Check if we have a valid sockaddr
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon Jun 27 20:39:31 UTC 2022 on sn-devel-184
- - - - -
05601ceb by Martin Schwenke at 2022-06-28T09:24:31+00:00
ctdb-tests: Return error on empty fake ctdbd configuration blocks
These would be unintended errors. The block should be omitted to keep
the default value.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
428bc71f by Vinit Agnihotri at 2022-06-28T09:24:31+00:00
ctdb-tests: Add runstate handling to fake ctdbd
Signed-off-by: Vinit Agnihotri <vagnihotri at ddn.com>
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
794f1258 by Vinit Agnihotri at 2022-06-28T09:24:31+00:00
ctdb-tool: Add UNKNOWN pseudo state
When a node is starting, CTDB reports remote nodes as unhealthy by
default. This can be misleading.
To hide this, report an "UNKNOWN" pseudo state when a remote node is
not disconnected and the runstate is less than or equal to
"FIRST_RECOVERY".
Signed-off-by: Vinit Agnihotri <vagnihotri at ddn.com>
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
be293a12 by Martin Schwenke at 2022-06-28T10:16:59+00:00
ctdb-tests: Add new tool unit tests to cover UNKNOWN state
Signed-off-by: Vinit Agnihotri <vagnihotri at ddn.com>
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay at samba.org>
Autobuild-Date(master): Tue Jun 28 10:16:59 UTC 2022 on sn-devel-184
- - - - -
19b27299 by Jeremy Allison at 2022-06-30T15:35:32+00:00
s3: winbind: Add missing NULL check for returned talloc'ed ADS struct..
Coverity CID: 1506720.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
5903657b by Jeremy Allison at 2022-06-30T16:28:30+00:00
s3: libads: Fix return from malloc check.
We shouldn't be checking *realm != '\0' here, just
the return from malloc.
Coverity CID: 1506719.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Jun 30 16:28:30 UTC 2022 on sn-devel-184
- - - - -
9080cd30 by Andreas Schneider at 2022-06-30T22:08:39+00:00
s3:printing: Do not clear the printer-list.tdb
With the new dcerpc architecture we need to keep printer-list.tdb
around. A spoolss dcerpc call will start rpc-spoolssd which will then
start the background queue process. However in order to enum the
printers we need have a printer-list.tdb. Depending on the number of
printers this task can take several seconds. It is unlinkly that
the printer-list will change all the time, so we might provide outdated
data till it gets refreshed, but this is better than providing no
printer list at all.
If there are a lot of printers, the idle_seconds for the rpc-spoolssd
should be increased so that the background task can finish.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15082
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Jun 30 22:08:39 UTC 2022 on sn-devel-184
- - - - -
013b74e3 by Pavel Filipenský at 2022-07-01T08:12:49+00:00
s4:torture: check return of ndr_pull_init_blob() via torture_assert()
Reported by covscan.
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Fri Jul 1 08:12:49 UTC 2022 on sn-devel-184
- - - - -
b609734c by Michael Tokarev at 2022-07-01T14:35:09+00:00
testparm: clarify "Weak crypto is allowed" message
The message testparm prints about weak crypto is really
misleading: "Weak crypto is allowed" is often interpreted
in a way that smb.conf settings are bad by allowing weak
crypto. While the actual meaning is about the ability to
fall back to weaker crypto for (backwards) compatibility,
and this has nothing to do with samba settings, it is the
gnutls settings. Clarify both of these, and eliminate an
if() and a local variable.
Signed-off-by: Michael Tokarev <mjt at tls.msk.ru>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Fri Jul 1 14:35:09 UTC 2022 on sn-devel-184
- - - - -
c5ef9186 by Stefan Metzmacher at 2022-07-01T17:35:27+00:00
s3:ctdbd_conn: make sure ctdbd_init_async_connection() never returns 0 with conn = NULL
This should not happen anywhere, but it clears the expectation of the
caller and simplifies the error handling there.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
96b77d87 by Stefan Metzmacher at 2022-07-01T18:34:17+00:00
s3:dbwrap_ctdb: improve the error handling in ctdb_async_ctx_init_internal()
We should not map any error from ctdbd_init_async_connection() to EIO.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Jul 1 18:34:17 UTC 2022 on sn-devel-184
- - - - -
17f8ec6f by Samuel Cabrero at 2022-07-04T12:22:16+00:00
s4:mitkdc: Always set SDB_F_FOR_{TGS,AS}_REQ flag for DAL >= 9
The KRB5_KDB_FLAG_REFERRAL_OK is to indicate wether a realm referral is
allowed. In AD this is always allowed. Also there is no way to pass that
indication to the SamDB layer.
Pair-Programmed-With: Andreas Schneider <asn at samba.org>
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Samuel Cabrero <scabrero at samba.org>
Autobuild-Date(master): Mon Jul 4 12:22:16 UTC 2022 on sn-devel-184
- - - - -
96a649ef by Jeremy Allison at 2022-07-04T16:42:28+00:00
s3: libads: Fix coverity false positive.
dn is always returned as NULL on error in ads_build_path(),
but coverity can't see that. Easy change to quieten it.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
Autobuild-User(master): Noel Power <npower at samba.org>
Autobuild-Date(master): Mon Jul 4 16:42:28 UTC 2022 on sn-devel-184
- - - - -
090c46a5 by Stefan Metzmacher at 2022-07-05T15:09:35+00:00
s4:torture/smb2: rename 'smb2.bench-oplock' to 'smb2.bench.oplock'
We should have a toplevel 'smb2.bench' suite for all benchmark tests.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
2dfb334f by Stefan Metzmacher at 2022-07-05T15:09:35+00:00
s4:torture/smb2: add smb2.bench.path-contention-shared
This test tortures contention on a single path where
all opens are shared stat opens without any oplock/lease
interaction.
It opens 'nproc' connections to the share and runs
for 'timelimit' seconds, while it opens and closes
the 'bench_path' on each connection as fast as possible.
The number of concurrent connections can be specified
with:
--option="torture:nprocs=256"
while the default is 4.
The runtime can be specified by
--option='torture:timelimit=30'
the default being 10.
By default the test operates on the share root directory, but
the path can be changed with:
--option='torture:bench_path=Apps\1\2\3\4\5\6\7\8\9\10'
pointing to an existing file or directory.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
3ec4dddb by Stefan Metzmacher at 2022-07-05T15:09:35+00:00
s3:vfs_fileid: move to a single mapping_fn() returning struct file_id
This makes the code much less magic (at least for me) and
it will allow further changes to be made easier.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
2668700f by Stefan Metzmacher at 2022-07-05T15:09:35+00:00
s3:vfs_fileid: maintain an array of nolock inodes
This way 'fsname_norootdir[_ext]' is not overwritten by
'fileid:nolockinode' and both can work independently.
It will also allow us to add more nolock inodes under
other conditions in the following changes.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
a1882538 by Stefan Metzmacher at 2022-07-05T15:09:35+00:00
s3:vfs_fileid: introduce algorithm 'next_module'
This can be use to get just bypass the fileid module for the
common case. But it allows 'fileid:nolockinode' (and in future
other things) to work in order to avoid lock contention
for all 'nolock' inodes.
If we would have started from scratch all the nolock
logic would have been in its own vfs module, just
altering file_id.extid
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
72419736 by Stefan Metzmacher at 2022-07-05T15:09:35+00:00
s3:vfs_fileid: always add the 'nolock' behavior via file_id.extid
file_id.extid was filled with getpid() by 'fsname_norootdir_ext'.
However instead of forcing the existing 'hostname' algorithm for the 'nolock'
case, we'll now generate file_id.extid also based the hostname, vnn
and for 'fsname_norootdir_ext' also the pid.
This simplifies further changes and gives us the ability to generate stable
results for file_id.{devid,inode} based on the main algorithm. This is important
as we have a push_file_id_16() helper function used in places to generate a
stable identifier of the file that is also client visible and might be stored on
stable storage (acl_tdb, xattr_tdb). While the file_id.extid is only used
internally in volatile databases.
Review with: git show --patience
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
48403b0e by Stefan Metzmacher at 2022-07-05T15:09:35+00:00
s3:vfs_fileid: also handle 'fsname_nodirs' via fileid_is_nolock_inode()
This means we'll be able to provide the 'nolock' feature for all
directories also with other algorithms than 'fsname' in future.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
f99b617c by Stefan Metzmacher at 2022-07-05T15:09:35+00:00
s3:vfs_fileid: also imply the generic nolock logic to the legacy 'hostname' algorithm
That way the file_id.extid is consistenly filled for all cases
where we deliberately break lock coherency.
This will simplify further changes and give administrators more
flexibility.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
c040b811 by Stefan Metzmacher at 2022-07-05T15:09:35+00:00
s3:vfs_fileid: introduce 'fileid:nolock_max_slots'
This controlls the maximum number of concurrent locking slots
on each host. It specifies the maximal number of locking.tdb
records for a single inode.
It can be used to deliberately break lock coherency not
only between cluster nodes, but also between processes on
each node.
This allows administrators to control the behavior that's
currently only available by 'fsname_norootdir_ext' to
other cases as well.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
d0d9732a by Stefan Metzmacher at 2022-07-05T15:09:35+00:00
s3:vfs_fileid: introduce 'fileid:nolock_paths'
This brings much more flexibility compared to:
- 'fsname_norootdir', 'fsname_norootdir_ext',
which only allow the nolock behavior for the share root
- 'fileid:nolockinode', which only gets a single inode number,
and ignores the devide id completely.
You can specify path names, which are relative to the shareroot
or absolute.
These names are only evaluated at SMB_VFS_CONNECT() time,
where they are converted into devide and inode pairs.
It means they are completely ignored if the path doesn't
exist yet, or is replaced by a new inode later.
This allows:
- 'fileid:algorithm = fsname_norootdir'
to be replaced by:
'fileid:algorithm = fsname' (the default)
'fileid:nolock_paths = .'
- 'fileid:algorithm = fsname_norootdir_ext'
to be replaced by:
'fileid:algorithm = fsname' (the default)
'fileid:nolock_paths = .'
'fileid:nolock_max_slots = 18446744073709551615'
And 'fileid:nolockinode = 1234567' and be replaced by
'fileid:nolock_paths = Very/Contended/Path' or
'fileid:nolock_paths = . Very/Contended/Path1 /data/conteded.dir',
if the share root and two additional inodes should be handled
by the 'nolock' behavior.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
dc478f48 by Stefan Metzmacher at 2022-07-05T15:09:35+00:00
s3:vfs_fileid: add 'fileid:nolock_all_dirs = BOOL'
This adds the feature of the 'fsname_nodirs' algorithm,
but provides it for all algorithms, including 'next_module'.
This can be used to deliberately break lock coherency, but
keep the devid/inode pair untouched, e.g.
vfs objects = fileid
fileid:algorithm = next_module
fileid:nolock_all_dirs = yes
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
a63087f5 by Stefan Metzmacher at 2022-07-05T15:09:35+00:00
s3:vfs_fileid: add 'fileid:nolock_all_inodes = BOOL'
This adds the feature of the 'hostname' algorithm,
but provides it for all algorithms, including 'next_module'.
This can be used to deliberately break lock coherency, but
keep the devid/inode pair untouched, as this will only
alter file_id.extid:
vfs objects = fileid
fileid:algorithm = next_module
fileid:nolock_all_inodes = yes
This should be preferred unless someone is already using the
'hostname' algorithm.
Note this is only for testing (or read only shares if at all...)
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
4f5faa80 by Stefan Metzmacher at 2022-07-05T16:01:10+00:00
docs-xml:manpages: update vfs_fileid.8.xml for the recent changes
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Tue Jul 5 16:01:10 UTC 2022 on sn-devel-184
- - - - -
b8f3d8d0 by Ralph Boehme at 2022-07-08T09:04:28+00:00
smbd: if close fails just log it, don't crash
Originally I added the assert here as we can't return the error being in a
talloc destructor. But OEMs prefer error log messages over crashes.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Fri Jul 8 09:04:28 UTC 2022 on sn-devel-184
- - - - -
20f63b79 by Andreas Schneider at 2022-07-08T09:05:56+00:00
s4:client: Reformat shell scripts
shfmt -f source4/client/ | xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
- - - - -
bf9b2d7a by Andreas Schneider at 2022-07-08T09:05:56+00:00
s4:librpc: Reformat shell scripts
shfmt -f source4/librpc/ | xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
- - - - -
d82c0991 by Andreas Schneider at 2022-07-08T09:05:56+00:00
s4:script: Reformat shell scripts
shfmt -f source4/script/ | xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
- - - - -
8e2f5020 by Andreas Schneider at 2022-07-08T09:05:56+00:00
s4:scripting: Reformat shell scripts
shfmt -f source4/scripting/ | xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
- - - - -
beaac6bb by Andreas Schneider at 2022-07-08T09:05:56+00:00
s4:torture: Reformat shell scripts
shfmt -f source4/torture/ | xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
- - - - -
c4c086ec by Andreas Schneider at 2022-07-08T09:59:19+00:00
s4:utils: Reformat shell scripts
shfmt -f source4/utils/ | xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
Autobuild-User(master): Pavel Filipensky <pfilipensky at samba.org>
Autobuild-Date(master): Fri Jul 8 09:59:19 UTC 2022 on sn-devel-184
- - - - -
2ec93ac6 by Ralph Boehme at 2022-07-09T09:04:46+00:00
smbd: follow-up fix for "if close fails just log it, don't crash"
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Björn Baumbach <bb at sernet.de>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Sat Jul 9 09:04:46 UTC 2022 on sn-devel-184
- - - - -
b1056442 by Samuel Cabrero at 2022-07-12T11:47:30+00:00
s3:winbind: Fix trailing whitespaces and spaces before tabs in winbindd_cred_cache.c
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
9409f1ad by Samuel Cabrero at 2022-07-12T11:47:30+00:00
s3:winbind: Fix trailing whitespaces in winbindd_proto.h
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
266d6ebc by Samuel Cabrero at 2022-07-12T11:47:30+00:00
s3:winbind: Improve debug message to print the service in add_ccache_to_list()
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
28db1443 by Samuel Cabrero at 2022-07-12T11:47:30+00:00
s3:winbind: Improve debug message to print service in smb_krb5_renew_ticket()
Signed-off-by: Samuel Cabrero <scabrero at suse.de>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
2235a4aa by Samuel Cabrero at 2022-07-12T11:47:30+00:00
lib:krb5_wrap: Add debug to ads_krb5_cli_get_ticket()
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
8bef8e3d by Samuel Cabrero at 2022-07-12T11:47:30+00:00
s3:winbind: Create service principal inside add_ccache_to_list()
The function can build the service principal itself, there is no
need to do it in the caller. This removes code duplication.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14979
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
116af0df by Samuel Cabrero at 2022-07-12T12:38:55+00:00
s3:winbind: Use the canonical realm name to renew the credentials
Consider the following AD topology where all trusts are parent-child
trusts:
ADOM.AFOREST.AD
|
ACHILD.ADOM.AFOREST.AD
|
AGRANDCHILD.ACHILD.ADOM.AFOREST.AD <-- Samba joined
When logging into the Samba machine using pam_winbind with kerberos enabled
with user ACHILD\user1, the ccache content is:
Default principal: user1 at ACHILD.ADOM.AFOREST.AD
Valid starting Expires Service principal
07/06/2022 16:09:23 07/06/2022 16:14:23 krbtgt/ACHILD.ADOM.AFOREST.AD at ACHILD.ADOM.AFOREST.AD
renew until 07/13/2022 16:09:23
--> 07/06/2022 16:09:23 07/06/2022 16:14:23 krbtgt/AGRANDCHILD.ACHILD.ADOM.AFOREST.AD at ACHILD.ADOM.AFOREST.AD <-- NOTE this TGT ticket
renew until 07/13/2022 16:09:23
07/06/2022 16:09:23 07/06/2022 16:14:23 SAMBA$@AGRANDCHILD.ACHILD.ADOM.AFOREST.AD
renew until 07/13/2022 16:09:23
But when logging in with user ADOM\user1, the ccache content is:
Default principal: user1 at ADOM.AFOREST.AD
Valid starting Expires Service principal
07/06/2022 16:04:37 07/06/2022 16:09:37 krbtgt/ADOM.AFOREST.AD at ADOM.AFOREST.AD
renew until 07/13/2022 16:04:37
07/06/2022 16:04:37 07/06/2022 16:09:37 SAMBA$@AGRANDCHILD.ACHILD.ADOM.AFOREST.AD
renew until 07/13/2022 16:04:37
MIT does not store the intermediate TGTs when there is more than one hop:
ads_krb5_cli_get_ticket: Getting ticket for service [SAMBA$@AGRANDCHILD.ACHILD.ADOM.AFOREST.AD] using creds from [FILE:/tmp/krb5cc_11105] and impersonating [(null)]
Getting credentials user1 at ADOM.AFOREST.AD -> SAMBA$@AGRANDCHILD.ACHILD.ADOM.AFOREST.AD using ccache FILE:/tmp/krb5cc_11105
Starting with TGT for client realm: user1 at ADOM.AFOREST.AD -> krbtgt/ADOM.AFOREST.AD at ADOM.AFOREST.AD
Requesting TGT krbtgt/AGRANDCHILD.ACHILD.ADOM.AFOREST.AD at ADOM.AFOREST.AD using TGT krbtgt/ADOM.AFOREST.AD at ADOM.AFOREST.AD
Sending request to ADOM.AFOREST.AD
Received answer from stream 192.168.101.32:88
TGS reply is for user1 at ADOM.AFOREST.AD -> krbtgt/ACHILD.ADOM.AFOREST.AD at ADOM.AFOREST.AD with session key rc4-hmac/D88B
--> Received TGT for offpath realm ACHILD.ADOM.AFOREST.AD <-- NOTE this TGT ticket is not stored
Requesting TGT krbtgt/AGRANDCHILD.ACHILD.ADOM.AFOREST.AD at ACHILD.ADOM.AFOREST.AD using TGT krbtgt/ACHILD.ADOM.AFOREST.AD at ADOM.AFOREST.AD
Sending request (1748 bytes) to ACHILD.ADOM.AFOREST.AD
Received answer (1628 bytes) from stream 192.168.101.33:88
TGS reply is for user1 at ADOM.AFOREST.AD -> krbtgt/AGRANDCHILD.ACHILD.ADOM.AFOREST.AD at ACHILD.ADOM.AFOREST.AD with session key rc4-hmac/D015
--> Received TGT for service realm: krbtgt/AGRANDCHILD.ACHILD.ADOM.AFOREST.AD at ACHILD.ADOM.AFOREST.AD <-- NOTE this TGT is not stored
Requesting tickets for SAMBA$@AGRANDCHILD.ACHILD.ADOM.AFOREST.AD, referrals on
Sending request (1721 bytes) to AGRANDCHILD.ACHILD.ADOM.AFOREST.AD
Received answer (1647 bytes) from stream 192.168.101.34:88
TGS reply is for user1 at ADOM.AFOREST.AD -> SAMBA$@AGRANDCHILD.ACHILD.ADOM.AFOREST.AD with session key aes256-cts/345A
Received creds for desired service SAMBA$@AGRANDCHILD.ACHILD.ADOM.AFOREST.AD
Storing user1 at ADOM.AFOREST.AD -> SAMBA$@AGRANDCHILD.ACHILD.ADOM.AFOREST.AD in FILE:/tmp/krb5cc_11105
In the case of ACHILD\user1:
ads_krb5_cli_get_ticket: Getting ticket for service [SAMBA$@AGRANDCHILD.ACHILD.ADOM.AFOREST.AD] using creds from [FILE:/tmp/krb5cc_2000] and impersonating [(null)]
Getting credentials user1 at ACHILD.ADOM.AFOREST.AD -> SAMBA$@AGRANDCHILD.ACHILD.ADOM.AFOREST.AD using ccache FILE:/tmp/krb5cc_2000
Starting with TGT for client realm: user1 at ACHILD.ADOM.AFOREST.AD -> krbtgt/ACHILD.ADOM.AFOREST.AD at ACHILD.ADOM.AFOREST.AD
Requesting TGT krbtgt/AGRANDCHILD.ACHILD.ADOM.AFOREST.AD at ACHILD.ADOM.AFOREST.AD using TGT krbtgt/ACHILD.ADOM.AFOREST.AD at ACHILD.ADOM.AFOREST.AD
Sending request to ACHILD.ADOM.AFOREST.AD
Received answer from stream 192.168.101.33:88
TGS reply is for user1 at ACHILD.ADOM.AFOREST.AD -> krbtgt/AGRANDCHILD.ACHILD.ADOM.AFOREST.AD at ACHILD.ADOM.AFOREST.AD with session key rc4-hmac/0F60
--> Storing user1 at ACHILD.ADOM.AFOREST.AD -> krbtgt/AGRANDCHILD.ACHILD.ADOM.AFOREST.AD at ACHILD.ADOM.AFOREST.AD in FILE:/tmp/krb5cc_2000 <-- NOTE this TGT is stored
Received TGT for service realm: krbtgt/AGRANDCHILD.ACHILD.ADOM.AFOREST.AD at ACHILD.ADOM.AFOREST.AD
Requesting tickets for SAMBA$@AGRANDCHILD.ACHILD.ADOM.AFOREST.AD, referrals on
Sending request (1745 bytes) to AGRANDCHILD.ACHILD.ADOM.AFOREST.AD
Received answer (1675 bytes) from stream 192.168.101.34:88
TGS reply is for user1 at ACHILD.ADOM.AFOREST.AD -> SAMBA$@AGRANDCHILD.ACHILD.ADOM.AFOREST.AD with session key aes256-cts/3576
Received creds for desired service SAMBA$@AGRANDCHILD.ACHILD.ADOM.AFOREST.AD
Storing user1 at ACHILD.ADOM.AFOREST.AD -> SAMBA$@AGRANDCHILD.ACHILD.ADOM.AFOREST.AD in FILE:/tmp/krb5cc_2000
The result is that winbindd can't refresh the tickets for ADOM\user1
because the local realm is used to build the TGT service name.
smb_krb5_renew_ticket: Using FILE:/tmp/krb5cc_11105 as ccache for client 'user1 at ADOM.AFOREST.AD' and service 'krbtgt/AGRANDCHILD.ACHILD.ADOM.AFOREST.AD at AGRANDCHILD.ACHILD.ADOM.AFOREST.AD'
Retrieving user1 at ADOM.AFOREST.AD -> krbtgt/AGRANDCHILD.ACHILD.ADOM.AFOREST.AD at ADOM.AFOREST.AD from FILE:/tmp/krb5cc_11105 with result: -1765328243/Matching credential not found (filename: /tmp/krb5cc_11105)
The canonical realm name must be used instead:
smb_krb5_renew_ticket: Using FILE:/tmp/krb5cc_11105 as ccache for client 'user1 at ADOM.AFOREST.AD' and service 'krbtgt/ADOM.AFOREST.AD at ADOM.AFOREST.AD'
Retrieving user1 at ADOM.AFOREST.AD -> krbtgt/ADOM.AFOREST.AD at ADOM.AFOREST.AD from FILE:/tmp/krb5cc_11105 with result: 0/Success
Get cred via TGT krbtgt/ADOM.AFOREST.AD at ADOM.AFOREST.AD after requesting krbtgt/ADOM.AFOREST.AD at ADOM.AFOREST.AD (canonicalize off)
Sending request to ADOM.AFOREST.AD
Received answer from stream 192.168.101.32:88
TGS reply is for user1 at ADOM.AFOREST.AD -> krbtgt/ADOM.AFOREST.AD at ADOM.AFOREST.AD with session key aes256-cts/8C7B
Storing user1 at ADOM.AFOREST.AD -> krbtgt/ADOM.AFOREST.AD at ADOM.AFOREST.AD in FILE:/tmp/krb5cc_11105
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14979
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Tue Jul 12 12:38:55 UTC 2022 on sn-devel-184
- - - - -
11d3d2ae by Volker Lendecke at 2022-07-12T13:33:14+00:00
rpc_server3: Initialize mangle_fns in classic and spoolss
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15118
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
Autobuild-User(master): Pavel Filipensky <pfilipensky at samba.org>
Autobuild-Date(master): Tue Jul 12 13:33:14 UTC 2022 on sn-devel-184
- - - - -
d5414435 by Ralph Boehme at 2022-07-12T14:45:36+00:00
mdssvc: fix indentation
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15086
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
72468166 by Ralph Boehme at 2022-07-12T14:45:36+00:00
mdssvc: convert mds_init_ctx() to return NTSTATUS
No change in behavour. In preperation for returning a special error to signal
the caller that spotlight is disabled for a share.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15086
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
8e997bd6 by Ralph Boehme at 2022-07-12T14:45:36+00:00
CI: fix check for correct mdsvc resonse when connecting to a share with Spotlight disabled
A Mac SMB server returns an all zero handle and an empty path if Spotlight is
disabled on a share. We must return the exact same error return in order to
trigger client-side searching.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15086
pcap: https://www.samba.org/~slow/pcaps/mac-bigsur-smbserver-spotlight-disabled.pcapng.gz
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
23e6e50c by Ralph Boehme at 2022-07-12T15:42:52+00:00
mdssvc: return all-zero policy handle if spotlight is disabled
A Mac SMB server returns an all zero handle and an empty path if Spotlight is
disabled on a share. We must return the exact same error return in order to
trigger client-side searching.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15086
pcap: https://www.samba.org/~slow/pcaps/mac-bigsur-smbserver-spotlight-disabled.pcapng.gz
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
Autobuild-User(master): Noel Power <npower at samba.org>
Autobuild-Date(master): Tue Jul 12 15:42:52 UTC 2022 on sn-devel-184
- - - - -
a6ccceb9 by Christof Schmitt at 2022-07-13T17:30:30+00:00
nfs4_acls: Correctly skip chown when gid did not change
Commit 86f7af84 introduced a problem that a chown is always attempted,
even when the owning gid did not change. Then the ACL is set in the file
system as root. Fix the check by correctly comparing with gid, not uid.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15120
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Christof Schmitt <cs at samba.org>
Autobuild-Date(master): Wed Jul 13 17:30:30 UTC 2022 on sn-devel-184
- - - - -
df29b9ab by Andreas Schneider at 2022-07-15T12:08:36+00:00
s4:selftest: Reformat shell scripts
shfmt -f source4/selftest/ | xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
- - - - -
bcd9794d by Andreas Schneider at 2022-07-15T12:08:36+00:00
s4:setup: Reformat shell scripts
shfmt -f source4/setup/ | xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
- - - - -
30215a8a by Andreas Schneider at 2022-07-15T13:00:30+00:00
testprogs: Reformat bogus.sh
shfmt -w -p -i 0 -fn testprogs/blackbox/bogus.sh
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
Autobuild-User(master): Pavel Filipensky <pfilipensky at samba.org>
Autobuild-Date(master): Fri Jul 15 13:00:30 UTC 2022 on sn-devel-184
- - - - -
d692c5a6 by Andreas Schneider at 2022-07-15T13:28:37+00:00
s3:selftest: Reformat rpc array
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
- - - - -
c7925747 by Andreas Schneider at 2022-07-15T13:28:37+00:00
s4:selftest: Reformat slow_ncacn_np_tests list
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
- - - - -
3f63393e by Andreas Schneider at 2022-07-15T13:28:37+00:00
s4:selftest: Reformat rpc.samr.passwords plansmbtorture4testsuite
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
- - - - -
9923d505 by Andreas Schneider at 2022-07-15T13:28:37+00:00
s4:torture: Rename rpc.samr.passwords tests
This way it is easier to select them with 'make test'.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
- - - - -
bbc5abfa by Andreas Schneider at 2022-07-15T14:24:49+00:00
selftest: Do not skip working tests
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
Autobuild-User(master): Pavel Filipensky <pfilipensky at samba.org>
Autobuild-Date(master): Fri Jul 15 14:24:49 UTC 2022 on sn-devel-184
- - - - -
8e2d0587 by Pavel Filipenský at 2022-07-15T14:25:37+00:00
debug: Fix whitespace and a typo in debug.h
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
f0e0a953 by Pavel Filipenský at 2022-07-15T14:25:37+00:00
debug: Add DEBUGLF macro with explicit location and function parameters.
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
7b9f87b8 by Pavel Filipenský at 2022-07-15T14:25:37+00:00
librpc:ndr: Update ndr_print_debug() and add macro NDR_PRINT_DEBUG_LEVEL
Bumping the ABI to 3.0.0
This is enhancement of NDR_PRINT_DEBUG macro with following new features:
* debug level can be specified (NDR_PRINT_DEBUG always uses level 1)
* the trace header shows the location and function of the caller
instead of function 'ndr_print_debug', which is not really useful.
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
48cb47f5 by Pavel Filipenský at 2022-07-15T14:25:37+00:00
s3:passdb: Fix trailing whitespaces in machine_account_secrets.c
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
b1f8f5c4 by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s4:lib: Fix trailing whitespaces in tools/regshell.c
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
d3805d53 by Pavel Filipenský at 2022-07-15T14:25:38+00:00
librpc:ndr: Update ndr_print_debug() to the new ndr ABI
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
feb04d99 by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Fix trailing whitespaces in winbindd_group.c
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
1852160e by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Improve logging in winbindd.c
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
14f4ba19 by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Improve logging in wb_xids2sids.c
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
07dd2c71 by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Improve logging in winbindd_group.c
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
2b5c8611 by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Move up some code in winbindd_getusersids.c
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
f8e372e1 by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Improve logging in winbindd_getusersids.c
Test scenario:
$ bin/wbinfo --user-sids `bin/wbinfo -n ADDOMAIN/alice | awk '{print $1}'`
S-1-5-21-2018381343-4210792308-1157936888-1107
S-1-5-21-2018381343-4210792308-1157936888-513
S-1-5-32-545
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
25d38cc6 by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Improve logging in winbindd_dsgetdcname.c
Test scenario:
$ bin/wbinfo --dsgetdcname=ADDOMAIN
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
6cb508ab by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Improve logging in winbindd_endgrent.c
Test scenario:
id ADDOMAIN/alice
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
2fed5d20 by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Improve logging in winbindd_endpwent.c
Test scenario:
$ getent passwd
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
a0666eb6 by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Improve logging in winbindd_getdcname.c
Test scenario:
bin/wbinfo --getdcname=ADDOMAIN
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
ac8f35d6 by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Improve logging in winbindd_getgrent.c
Test scenario:
id ADDOMAIN/alice
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
9c41992d by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Improve logging in winbindd_getgrgid.c
Test scenario:
id ADDOMAIN/alice
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
2ec7ccab by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Improve logging in winbindd_getgrnam.c
Test scenario:
bin/wbinfo --group-info 'ADDOMAIN/domain users'
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
09807998 by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Improve logging in winbindd_getgroups.c
Test scenario:
bin/wbinfo --user-groups 'ADDOMAIN/alice'
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
5e7039a8 by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Improve logging in winbindd_getpwent.c
Test scenario:
$ getent passwd
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
1074e74d by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Improve logging in winbindd_getpwnam.c
Test scenario:
id ADDOMAIN/alice
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
980f8092 by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Improve logging in winbindd_getpwsid.c
Test scenario:
$ bin/wbinfo --name-to-sid ADDOMAIN/alice
S-1-5-21-4248687961-4152985382-2800071106-1107 SID_USER (1)
$ bin/wbinfo --user-sidinfo S-1-5-21-4248687961-4152985382-2800071106-1107
ADDOMAIN/alice:*:2001107:2000513::/home/ADDOMAIN/alice:/bin/false
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
15529612 by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Improve logging in winbindd_getpwuid.c
Test scenario:
$ bin/wbinfo --uid-info 2001107
or
$ bin/wbinfo --uid-info 100000
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
a80a8ded by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Improve logging in winbindd_getsidaliases.c
Test scenario:
$ bin/wbinfo --sid-aliases S-1-5-21-4248687961-4152985382-2800071106-1107
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
2fbc57cf by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Improve logging in winbindd_getuserdomgroups.c
Test scenario:
$ bin/wbinfo --user-domgroups `bin/wbinfo -n ADDOMAIN/alice | awk '{print $1}'`
S-1-5-21-2260029349-2102976898-3003119-1107
S-1-5-21-2260029349-2102976898-3003119-513
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
4d081c77 by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Improve logging in winbindd_list_groups.c
Test scenario:
$ bin/wbinfo -g
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
6620a74a by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Improve logging in winbindd_list_users.c
Test scenario:
$ bin/wbinfo -u
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
fff33f71 by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Improve logging in winbindd_lookupname.c
Test scenario:
bin/wbinfo --name-to-sid=ADDOMAIN/alice
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
4f63a3b7 by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Improve logging in winbindd_pam_auth.c
Test scenario:
$ bin/wbinfo --pam-logon=ADDOMAIN/alice%Secret007
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
53d9cf76 by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Improve logging in winbindd_pam_logoff.c
Test scenario:
$ bin/wbinfo --logoff
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
5eaabe04 by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Improve logging in winbindd_setgrent.c
Test scenario:
id ADDOMAIN/alice
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
3c1d91cd by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Improve logging in winbindd_setpwent.c
Test scenario:
$ getent passwd
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
0f031024 by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Improve logging in winbindd_sids_to_xids.c
Test scenario:
bin/wbinfo --sid-to-uid=S-1-5-21-1961314572-195468382-2567644205-1107
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
7a9bec6a by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Improve logging in winbindd_wins_byip.c
Test scenario:
$ bin/wbinfo --WINS-by-ip=10.53.57.30
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
0f4c7404 by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Improve logging in winbindd_wins_byname.c
Test scenario:
$ bin/wbinfo --WINS-by-name=ADDC
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
f52eeb89 by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Improve logging in winbindd_xids_to_sids.c
Test scenario in ad_dc:local test environment:
bin/wbinfo --unix-ids-to-sids=u100000
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
d21d69e8 by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Improve logging in samlogon_cache.c
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
08e80f87 by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Improve logging in wb_dsgetdcname.c
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
bb801a73 by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Improve logging in wb_getgrsid.c
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
35df8fd8 by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Improve logging in wb_getpwsid.c
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
42ada8ed by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Improve logging in wb_gettoken.c
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
bdd2ce03 by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Improve logging in wb_group_members.c
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
5c0d8054 by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Improve logging in wb_lookupname.c
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
6b4cbb3d by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Improve logging in wb_lookupsid.c
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
7b9bf842 by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Improve logging in wb_lookupsids.c
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
b8f3dec0 by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Improve logging in wb_lookupuseraliases.c
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
513d9c34 by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Improve logging in wb_lookupusergroups.c
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
9435a8bf by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Improve logging in wb_next_grent.c
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
68b8b98c by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Improve logging in wb_next_pwent.c
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
bd1447ca by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Improve logging in wb_query_group_list.c
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
7d751d76 by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Improve logging in wb_queryuser.c
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
5804a4c0 by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Improve logging in wb_query_user_list.c
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
f72f0390 by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Improve logging in wb_sids2xids.c
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
d3b49403 by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Fix trailing whitespace in winbindd.h
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
ef5090b3 by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Change num_sids from int to uint32_t in wb_gettoken_recv()
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
51250c61 by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Change num_sids from int to uint32_t in wb_lookupuseraliases_send()
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
72eacda2 by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Change num_sids from int to uint32_t in wb_lookupusergroups_recv()
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
84ab676c by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Change num_received, num_domains from int to uint32_t in winbindd_list_groups_state
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
69a9b7a5 by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Change num_groups from int to uint32_t in wb_query_group_list_recv()
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
2ef11c4d by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Change num_groups, next_group from int to uint32_t in wb_group_members.c
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
cf33679d by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Change max_groups, num_groups from int to uint32_t in getpwent_state
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
0fb98133 by Pavel Filipenský at 2022-07-15T14:25:38+00:00
s3:winbind: Change num_gids from int to uint32_t in winbindd_getgroups_state
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
b17cae66 by Pavel Filipenský at 2022-07-15T15:21:23+00:00
s3:winbind: Change max_users, num_users from int to uint32_t in winbindd_getpwent_state
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Fri Jul 15 15:21:23 UTC 2022 on sn-devel-184
- - - - -
450b8da8 by Andreas Schneider at 2022-07-18T13:46:33+00:00
s3:winbind: Fix pointer access in wb_lookupusergroups_recv()
Fixes CID 1507350
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
e824ee6b by Andreas Schneider at 2022-07-18T13:46:33+00:00
s3:winbind: Add additional debug level check to wb_lookupusergroups_recv()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
934bc0c5 by Andreas Schneider at 2022-07-18T13:46:33+00:00
s3:winbind: Fix pointer access in wb_xids2sids_recv()
CID 1507348
CID 1507349
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
130283cb by Andreas Schneider at 2022-07-18T14:44:07+00:00
s3:winbind: Add additional debug level check to wb_xids2sids_recv()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Mon Jul 18 14:44:07 UTC 2022 on sn-devel-184
- - - - -
2b32d932 by Andreas Schneider at 2022-07-18T21:21:59+00:00
s3:rpcclient: Goto done in cmd_samr_setuserinfo_int()
We need to free the frame or we will run into:
smb_panic (why=0x7fa8c511aa88 "Frame not freed in order.")
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15124
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon Jul 18 21:21:59 UTC 2022 on sn-devel-184
- - - - -
965c6617 by Andreas Schneider at 2022-07-19T00:10:10+00:00
s3:tests: Add test to access msdfs path with smbget
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Jul 19 00:10:10 UTC 2022 on sn-devel-184
- - - - -
f340b884 by Andreas Schneider at 2022-07-19T12:17:35+00:00
waf: Check for -Wno-error=array-bounds flags
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15073
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Tue Jul 19 12:17:35 UTC 2022 on sn-devel-184
- - - - -
88c11736 by Andreas Schneider at 2022-07-20T11:09:36+00:00
testprogs: Reformat common-links.sh
shfmt -w -p -i 0 -fn testprogs/blackbox/common-links.sh
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
- - - - -
4c12840e by Andreas Schneider at 2022-07-20T11:59:26+00:00
testprogs: Reformat common_test_fns.inc
shfmt -w -p -i 0 -fn testprogs/blackbox/common_test_fns.inc
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
Autobuild-User(master): Pavel Filipensky <pfilipensky at samba.org>
Autobuild-Date(master): Wed Jul 20 11:59:26 UTC 2022 on sn-devel-184
- - - - -
3d95220a by Andreas Schneider at 2022-07-20T18:23:49+00:00
Add a .clang-format file
How to use:
Install 'git-format-clang' which is part of the clang suite (Fedora:
git-clang-format, openSUSE: clang-tools).
Now do your changes and stage them with `git add`. Once they are staged
format the code using `git clang-format` before you commit.
Now the formatting changed can be viewed with `git diff` against the
staged changes.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Wed Jul 20 18:23:49 UTC 2022 on sn-devel-184
- - - - -
e01b9f11 by Pavel Filipenský at 2022-07-21T13:47:31+00:00
README.Coding: PRINT format specifiers PRIuxx
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
7736ac45 by Pavel Filipenský at 2022-07-21T13:47:31+00:00
s3:winbind: Change '%u' to '%PRIu32' for uint32_t in wb_gettoken.c
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
892975da by Pavel Filipenský at 2022-07-21T13:47:31+00:00
s3:winbind: Change '%u' to '%PRIu32' for uint32_t in wb_group_members.c
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
6aded171 by Pavel Filipenský at 2022-07-21T13:47:31+00:00
s3:winbind: Change '%u' to '%PRIu32' for uint32_t in wb_lookupuseraliases.c
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
547b5193 by Pavel Filipenský at 2022-07-21T13:47:31+00:00
s3:winbind: Change '%u' to '%PRIu32' for uint32_t in wb_lookupusergroups.c
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
d2eb6404 by Pavel Filipenský at 2022-07-21T13:47:31+00:00
s3:winbind: Change '%u' to '%PRIu32' for uint32_t in wb_next_pwent.c
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
55510a93 by Pavel Filipenský at 2022-07-21T13:47:31+00:00
s3:winbind: Change '%u' to '%PRIu32' for uint32_t in wb_query_group_list.c
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
473ed0a5 by Pavel Filipenský at 2022-07-21T13:47:31+00:00
s3:winbind: Change '%u' to '%PRIu32' for uint32_t in wb_query_user_list.c
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
98c67832 by Pavel Filipenský at 2022-07-21T13:47:31+00:00
s3:winbind: Change '%u' to '%PRIu32' for uint32_t in wb_queryuser.c
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
7e715ed0 by Pavel Filipenský at 2022-07-21T13:47:31+00:00
s3:winbind: Change '%u' to '%PRIu32' for uint32_t in wb_sids2xids.c
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
75c90102 by Pavel Filipenský at 2022-07-21T13:47:31+00:00
s3:winbind: Change '%u' to '%PRIu32' for uint32_t in wb_xids2sids.c
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
37a1c25d by Pavel Filipenský at 2022-07-21T13:47:31+00:00
s3:winbind: Change '%u' to '%PRIu32' for uint32_t in wb_lookupsids.c
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
cd49a22c by Pavel Filipenský at 2022-07-21T13:47:31+00:00
s3:winbind: Change '%u' to '%PRIu32' for uint32_t in winbindd_getgrent.c
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
0086ce11 by Pavel Filipenský at 2022-07-21T13:47:31+00:00
s3:winbind: Change '%u' to '%PRIu32' for uint32_t in winbindd_getgrgid.c
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
23b0842b by Pavel Filipenský at 2022-07-21T13:47:31+00:00
s3:winbind: Change '%u' to '%PRIu32' for uint32_t in winbindd_getgrnam.c
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
ec8b50e0 by Pavel Filipenský at 2022-07-21T13:47:31+00:00
s3:winbind: Change '%u' to '%PRIu32' for uint32_t in winbindd_getgroups.c
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
fb4f1e37 by Pavel Filipenský at 2022-07-21T13:47:31+00:00
s3:winbind: Change '%u' to '%PRIu32' for uint32_t in winbindd_getpwent.c
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
98b1f42a by Pavel Filipenský at 2022-07-21T13:47:31+00:00
s3:winbind: Change '%u' to '%PRIu32' for uint32_t in winbindd_getuserdomgroups.c
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
1ff8bbd2 by Pavel Filipenský at 2022-07-21T13:47:31+00:00
s3:winbind: Change '%u' to '%PRIu32' for uint32_t in winbindd_getusersids.c
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
9873b4fd by Pavel Filipenský at 2022-07-21T13:47:31+00:00
s3:winbind: Change '%u' to '%PRIu32' for uint32_t in winbindd_list_groups.c
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
189f5790 by Pavel Filipenský at 2022-07-21T13:47:31+00:00
s3:winbind: Change '%u' to '%PRIu32' for uint32_t in winbindd_list_users.c
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
1b6b6f7d by Pavel Filipenský at 2022-07-21T13:47:31+00:00
s3:winbind: Change '%u' to '%PRIu32' for uint32_t in winbindd_sids_to_xids.c
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
aa5ddc23 by Pavel Filipenský at 2022-07-21T13:47:31+00:00
s3:winbind: Change '%u' to '%PRIu32' for uint32_t in winbindd_xids_to_sids.c
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
213570a0 by Pavel Filipenský at 2022-07-21T13:47:31+00:00
s3:winbind: Change '%u' to '%PRIu32' for uint32_t in winbindd_getsidaliases.c
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
4a61e6dc by Pavel Filipenský at 2022-07-21T13:47:31+00:00
s3:winbind: Add additional debug level check to wb_gettoken_recv()
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
47c48fd0 by Pavel Filipenský at 2022-07-21T13:47:31+00:00
s3:winbind: Add additional debug level check to winbindd_getgroups_recv()
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
a2f30eed by Pavel Filipenský at 2022-07-21T13:47:31+00:00
s3:winbind: Add additional debug level check to winbindd_getsidaliases_send()
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
1a897f1b by Pavel Filipenský at 2022-07-21T14:41:53+00:00
s3:winbind: Add additional debug level check to wb_lookupsids_send()
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Thu Jul 21 14:41:53 UTC 2022 on sn-devel-184
- - - - -
5dcb49bb by Andreas Schneider at 2022-07-22T04:36:30+00:00
third_party: Update socket_wrapper to version 1.3.4
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
21b9734c by dinesh at 2022-07-22T05:27:53+00:00
smbd: Bypass the vfs_gethandle data for default share IPC$
During gpfs_connect for default share of IPC$ not setting the handle data but during the vfs_gpfs_capabilities
for the default share IPC$ the get handle data was called and observing error log failed to get vfs_handle->data!
so to bypass this error log the condition check if IS_IPC share is added in make_connection_snum while calling SMB_VFS_FS_CAPABILITIES
Signed-off-by:Dinesh <dinesh.kumar.reddy at ibm.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Jul 22 05:27:53 UTC 2022 on sn-devel-184
- - - - -
3df39aa7 by Martin Schwenke at 2022-07-22T06:38:32+00:00
ctdb-scripts: Avoid ShellCheck warning SC2164
SC2164 (warning): Use 'cd ... || exit' or 'cd ... || return' in case cd fails.
A problem can only occur if /etc/ctdb/ or an important subdirectory is
removed, which means the script itself would not be found. Use && to
silence ShellCheck.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
a832c8e2 by Martin Schwenke at 2022-07-22T06:38:32+00:00
ctdb-scripts: Reformat using shfmt -w -p -i 0 -fn
About to modify this file, so reformat first as per recent Samba
convention.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
fc485fea by Martin Schwenke at 2022-07-22T06:38:32+00:00
ctdb-scripts: De-clutter validate_percentage()
It always takes 2 arguments.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
dc7aaca8 by Martin Schwenke at 2022-07-22T06:38:32+00:00
ctdb-scripts: Reduce length of very long lines
Use printf to allow easier line breaks and use some early returns.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
5e7bbcb0 by Martin Schwenke at 2022-07-22T06:38:32+00:00
ctdb-scripts: Avoid ShellCheck info SC2162
SC2162 (info): read without -r will mangle backslashes.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
36bd6fd0 by Martin Schwenke at 2022-07-22T06:38:32+00:00
ctdb-scripts: Always check memory usage
If filesystem usage exceeds the unhealthy threshold then checking
memory usage checking is not done. Always do them both.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
e396eb9f by Martin Schwenke at 2022-07-22T07:32:54+00:00
ctdb-scripts: Only run unhealthy call-out when passing threshold
For memory usage, no need to dump all of this data on every failed
monitor event. The first call will be enough to diagnose the problem.
The node will then go unhealthy, drop clients and memory usage should
then drop.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay at samba.org>
Autobuild-Date(master): Fri Jul 22 07:32:54 UTC 2022 on sn-devel-184
- - - - -
0b5dd076 by Martin Schwenke at 2022-07-22T16:09:31+00:00
ctdb-recoverd: Add function node_flags() and use it in elections
Indexing a node map by PNN is suboptimal.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
19fbc2da by Martin Schwenke at 2022-07-22T16:09:31+00:00
ctdb-recoverd: Add pnn field to banning state structure
This structure is now standalone, so indexing by PNN can be avoided
via a subsequent commit. Index by culprit here to make this commit
simple.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
9898e7c5 by Martin Schwenke at 2022-07-22T16:09:31+00:00
ctdb-recoverd: Clean up banning culprit code
Make this fully self-contained in the recovery daemon and avoid
indexing by PNN.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
440bd86a by Martin Schwenke at 2022-07-22T16:09:31+00:00
ctdb-daemon: Drop unused ban_state element from CTDB node structure
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
ec5f6425 by Martin Schwenke at 2022-07-22T16:09:31+00:00
ctdb-protocol: Add separator argument to ctdb_connection_to_buf()
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
f5a20377 by Martin Schwenke at 2022-07-22T16:09:31+00:00
ctdb-daemon: Modernise debug in ctdb_control_send_arp()
For the tickle ACK logging, render the connection in a buffer. This
produces more complete information.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
d62fcba7 by Martin Schwenke at 2022-07-22T16:09:31+00:00
ctdb-daemon: Avoid spurious error sending ARPs for released IP
A public IP address can be released in between (and probably before)
attempts to send ARPs. One situation when this can occur is when a
cluster is shutting down: node A shuts down first, public IPs from
node A are taken over by node B, node B is shutdown.
Notice this when it occurs and cancel further attempts to send ARPs.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
c77a4fde by Martin Schwenke at 2022-07-22T16:09:31+00:00
ctdb-daemon: Modernise debug in ctdb_add_public_address()
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
b686bbb4 by Martin Schwenke at 2022-07-22T16:09:31+00:00
replace: Add check for if_nameindex()
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
00f1d6d9 by Martin Schwenke at 2022-07-22T16:09:31+00:00
ctdb-common: Use POSIX if_nameindex() to check interface existence
This works as an unprivileged user, so avoids unnecessary errors when
running in test mode (and not as root):
2022-02-18T12:21:12.436491+11:00 node.0 ctdbd[6958]: ctdb_sys_check_iface_exists: Failed to open raw socket
2022-02-18T12:21:12.436534+11:00 node.0 ctdbd[6958]: ctdb_sys_check_iface_exists: Failed to open raw socket
2022-02-18T12:21:12.436557+11:00 node.0 ctdbd[6958]: ctdb_sys_check_iface_exists: Failed to open raw socket
2022-02-18T12:21:12.436577+11:00 node.0 ctdbd[6958]: ctdb_sys_check_iface_exists: Failed to open raw socket
The corresponding porting test would now become pointless because it
would just confirm that "fake" does not exist. Attempt to make it
useful by using a less likely name than "fake" and attempting to
detect the loopback interface.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
db37043b by Martin Schwenke at 2022-07-22T16:09:31+00:00
ctdb-scripts: Avoid ShellCheck warning SC2295
For example:
In /home/martins/samba/samba/ctdb/tools/onnode line 304:
[ "$nodes" != "${nodes%[ ${nl}]*}" ] && verbose=true
^---^ SC2295 (info): Expansions inside ${..} need to be quoted separately, otherwise they match as patterns.
Did you mean:
[ "$nodes" != "${nodes%[ "${nl}"]*}" ] && verbose=true
For more information:
https://www.shellcheck.net/wiki/SC2295 -- Expansions inside ${..} need to b...
Who knew? Thanks ShellCheck!
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
b20ccaa3 by Martin Schwenke at 2022-07-22T16:09:31+00:00
ctdb-scripts: Use "git config" as last resort to parse nfs.conf
Some versions of nfs-utils (e.g. recent CentOS 7) use /etc/nfs.conf
but do not include the nfsconf utility to extract values from the
file. However, git has an excellent conf file parser, so use it as a
last resort.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
e831af7b by Martin Schwenke at 2022-07-22T16:09:31+00:00
ctdb-tests: Work around unreadable file test failure when root
root can read files for which the mode prohibits reading, so this test
case fails when run as root. Work around this when running as root.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
30c40046 by Martin Schwenke at 2022-07-22T17:01:00+00:00
ctdb-build: Add missing dependency on talloc
The include isn't strictly necessary, since it is included via
common/reqid.c anyway. However, it is a useful hint.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay at samba.org>
Autobuild-Date(master): Fri Jul 22 17:01:00 UTC 2022 on sn-devel-184
- - - - -
b4d7540b by David Mulder at 2022-07-22T20:40:51+00:00
gpo: samba-gpupdate use s3 param for registry conf
Cause samba-gpupdate to use an s3 param so that
it can load settings from registry configuration.
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Jul 22 20:40:51 UTC 2022 on sn-devel-184
- - - - -
1ae9f5d3 by Volker Lendecke at 2022-07-23T23:29:38+00:00
winbind: Fix the 32-bit build
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d7fe63c9 by Volker Lendecke at 2022-07-23T23:29:38+00:00
winbind: Fix a "format string is not a string literal" warning
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
0d189001 by Volker Lendecke at 2022-07-23T23:29:38+00:00
lib: Fix the FreeBSD build
"time_t" only comes in via a proper include of <time.h>
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
53db1a08 by Volker Lendecke at 2022-07-23T23:29:38+00:00
torture: Fix the 32-bit build
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
605d6469 by Volker Lendecke at 2022-07-23T23:29:38+00:00
lib: Fix the 32-bit build
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
930426db by Volker Lendecke at 2022-07-24T00:25:48+00:00
lib: On FreeBSD util_paths.c does not find struct stat
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Sun Jul 24 00:25:49 UTC 2022 on sn-devel-184
- - - - -
58d7b76a by Volker Lendecke at 2022-07-25T12:04:33+00:00
smbd: Open up openat_internal_dir_from_pathref() for general dirs
We open "." fixed here, and fd_openat (or rather SMB_VFS_OPENAT) will
tell us if "dirfsp" does not point at a proper directory
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
b4a3c22a by Volker Lendecke at 2022-07-25T12:04:33+00:00
smbd: Avoid a "? True : False"
Just came across this, looked weird...
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
e2d30fd5 by Volker Lendecke at 2022-07-25T12:04:33+00:00
lib: Remove a few #include "includes.h"
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
1d02c462 by Volker Lendecke at 2022-07-25T12:04:33+00:00
lib: Simplify canonicalize_absolute_path()
We don't need the separate "wrote_slash" boolean variable, we can just
look at what we wrote into p[-1]
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
138fdfaa by Volker Lendecke at 2022-07-25T12:04:33+00:00
registry3: Align function types to what is returned
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
3fc5f9f4 by Volker Lendecke at 2022-07-25T12:04:33+00:00
registry3: Align an integer type
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
08f4ee6c by Volker Lendecke at 2022-07-25T12:04:33+00:00
torture3: Fix an error check in torture_delete_fn()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
53f9b32a by Volker Lendecke at 2022-07-25T12:04:33+00:00
smbd: Don't create a fsp->base_fsp for a "::$DATA" stream
"::$DATA" is the main file, we don't need the overhead of base_fsp here.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
b5c17b79 by Volker Lendecke at 2022-07-25T12:04:33+00:00
smbd: Simplify canonicalize_snapshot_path()
All we need to do is to convert the @GMT-Token and move the
rest. Before this patch we did a lot of talloc to move the @GMT token
to the beginning of the path only to cut it off immediately
again. Merge that logic into a simple memmove()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
5c702e03 by Volker Lendecke at 2022-07-25T12:04:33+00:00
smbd: Factor out extract_snapshot_token() from canonicalize_snapshot_path()
We'll use this elsewhere soon.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
d2e5c9c9 by Volker Lendecke at 2022-07-25T12:04:33+00:00
test3: Fix a debug message
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
217e7c16 by Volker Lendecke at 2022-07-25T12:04:33+00:00
libcli: Modernize a few DEBUG statements
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
d67c7c09 by Volker Lendecke at 2022-07-25T12:04:33+00:00
smbd: Update fsp->fsp_flags.is_directory in vfs_stat_fsp()
The type of a fsp should never change, but if this call to
vfs_stat_fsp() is the very first one on this fsp, we must update this
flag.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
dd5e10d6 by Volker Lendecke at 2022-07-25T12:04:33+00:00
smbd: Make fsp_attach_smb_fname() talloc_move() the name to the fsp
For the current callers this does not make a difference, they have
already allocated *_smb_fname as a talloc child of fsp, but the next
patches will add one where it does.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
0c8d55ed by Volker Lendecke at 2022-07-25T12:04:33+00:00
vfs_shadow_copy2: Don't reference dirfsp for streams
A stream open is always relative to fsp->base_fsp. This already holds
the full path name in fsp->base_fsp->fsp_name, so we don't really need
the full_path_from_dirfsp_atname(). full_path_from_dirfsp_atname() is
not really bad, but the next patches will avoid having a dirfsp for
stream opens overall.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
c267c983 by Volker Lendecke at 2022-07-25T12:04:33+00:00
VFS: NULL dirfsp for openat on stream opens
The main optimization is to avoid non_widelink_open() for streams
opens based on the fact that all streams opens are relative to
fsp->base_fsp, which is a pathref fsp already.
Neither streams_xattr nor streams_depot referenced dirfsp for the
streams case. Make this more obvious in the callers by passing NULL
and asserting this: non-streams opens and streams opens are just
different things, streams-opens can and do reference a base fsp and
don't need the non_widelink_open logic.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
7295377a by Volker Lendecke at 2022-07-25T12:04:33+00:00
smbd: Simplify non_widelink_open()
Now that non_widelink_open() does not see streams opens, we don't need
to take care of fsp->base_fsp anymore.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
8420f62c by Volker Lendecke at 2022-07-25T12:04:33+00:00
smbd: Simplify openat_pathref_fsp()
Remove the implicit recursion
openat_pathref_fsp->openat_pathref_base_fsp->openat_pathref_fsp
by introducing openat_pathref_nostream() and use
open_stream_pathref_fsp() where possible. openat_pathref_nostream()
will change its name in further refactoring patches, but for
understanding this patch I think this name is good :-)
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
37fd029e by Volker Lendecke at 2022-07-25T12:04:33+00:00
smbd: A stream open does not need O_NOFOLLOW
Would not have hurt either, but this makes the next patch easier to
verify properly
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
45168bff by Volker Lendecke at 2022-07-25T12:04:33+00:00
smbd: Hand full_fname from openat_pathref_nostream()
Rename it to openat_pathref_fullname(), it will be used for stream
open next
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
afe1b94b by Volker Lendecke at 2022-07-25T12:04:33+00:00
smbd: Open openat_pathref_fullname() for streams
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
52ecf986 by Volker Lendecke at 2022-07-25T12:04:33+00:00
smbd: Simplify openat_pathref_fullname()
Don't set O_RDONLY|O_NONBLOCK in two steps into a variable
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
348f19d3 by Volker Lendecke at 2022-07-25T12:04:33+00:00
smbd: open_stream_pathref_fsp() does not need a dirfsp
It opens relative to fsp->base_fsp
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
f292b1ae by Volker Lendecke at 2022-07-25T12:04:33+00:00
smbd: Simplify open_stream_pathref_fsp()
The main point of this function was to avoid fd_openat() and thus the
expensive non_widelink_open(). Now that fd_openat() has the direct
SMB_VFS_OPENAT() fast-path for streams, we can avoid duplicating the
logic in open_stream_pathref_fsp() again.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
87f03333 by Volker Lendecke at 2022-07-25T12:04:33+00:00
smbd: Some more assert in fd_openat()
Before this patch we asserted that if we have a base_fsp then
smb_fname must have a stream name attached. Now we also assert that if
we don't have a base_fsp smb_fname is not a stream.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
9826da77 by Volker Lendecke at 2022-07-25T12:04:33+00:00
smbd: Make get_real_filename_at public
We'll use this in files.c, which creates a bit of a cyclic
dependency. But files.c has all the lowlevel fsp handling, and we'll
add another routine there next which needs get_real_filename_at()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
d6fcae23 by Volker Lendecke at 2022-07-25T12:04:33+00:00
smbd: Add openat_pathref_dirfsp_nosymlink()
This does a step-by-step path resolution for a directory by splitting
up the path into individual components and does a loop like that
for component in components:
fd = openat(dirfd, component, O_NOFOLLOW);
close(dirfd);
dirfd = fd
and it will report any symlink it finds in a way that will be
indirectly consumable for the smb2 symlink error response.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
7bb8af3f by Volker Lendecke at 2022-07-25T12:04:33+00:00
vfs_error_inject: Ignore openat() from openat_pathref_dirfsp_nosymlink()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
9fc46592 by Volker Lendecke at 2022-07-25T12:04:33+00:00
smbd: Take care of @GMT in SMB1's reply_ntcreate_and_X()
Next we want to avoid filename_convert() to take care of this. The
SMB2 code has a proper TWRP token anyway, so let's push the
@GMT-handling to the SMB1 code that will be converted to
filename_convert_dirfsp().
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
8ff2fe33 by Volker Lendecke at 2022-07-25T12:56:08+00:00
smbd: Userspace symlink eval in filename_convert_dirfsp()
This converts filename_convert_dirfsp to do symlink evaluation in user
space. It uses openat_pathref_dirfsp_nosymlink() to open the dirpath
and looks at the proper NT_STATUS_STOPPED_ON_SYMLINK response. Using
this avoids filename_convert() and thus unix_convert() completely for
the SMB2_CREATE case.
The tests
samba3.blackbox.smbclient_s3.NT1.plain.Recursive ls across MS-DFS links
now correctly stop the symlink lookup recursion with
NT_STATUS_OBJECT_PATH_NOT_FOUND. Previously we did not correcly pass up the
ELOOP coming back from the stat-call.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Mon Jul 25 12:56:08 UTC 2022 on sn-devel-184
- - - - -
087b1b0e by Stefan Metzmacher at 2022-07-25T17:34:33+00:00
tevent: add tevent_cached_getpid() helper
This avoids a getpid() syscall per tevent_loop_once() iteration.
We provide tevent_cached_getpid() also as helper for external consumers
in order to have the logic only once.
Note the change to ABI/tevent-0.12.1.sigs will be reverted
with the bump to 0.13.0.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
673a8551 by Stefan Metzmacher at 2022-07-25T17:34:33+00:00
tevent: tevent_cached_getpid() tests
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
63d4db63 by Stefan Metzmacher at 2022-07-25T17:34:33+00:00
tevent: version 0.13.0
- add tevent_cached_getpid()
Note the changes to ABI/tevent-0.12.1.sigs only
revert the temporary changes made there...
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
bcfb257b by Stefan Metzmacher at 2022-07-25T17:34:33+00:00
lib/messaging: s/getpid/tevent_cached_getpid
Our messaging code is very performance critical and
we should note waste time in getpid() syscalls...
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
94e130fb by Stefan Metzmacher at 2022-07-25T17:34:33+00:0