[Pkg-samba-maint] [Git][samba-team/samba][upstream_4.20] 198 commits: VERSION: Bump version up to Samba 4.20.5...
Michael Tokarev (@mjt)
gitlab at salsa.debian.org
Wed Nov 20 20:44:20 GMT 2024
Michael Tokarev pushed to branch upstream_4.20 at Debian Samba Team / samba
Commits:
32545902 by Stefan Metzmacher at 2024-08-06T09:21:35+00:00
VERSION: Bump version up to Samba 4.20.5...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(v4-20-test): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(v4-20-test): Tue Aug 6 09:21:35 UTC 2024 on atb-devel-224
- - - - -
ebca31b6 by Jones Syue at 2024-08-14T16:10:42+00:00
s3:ntlm_auth: make logs more consistent with length check
Run ntlm_auth with options --lm-response/--nt-response/--challenge, and pass
wrong length to these options, got error prompted logs about 'only got xxx
bytes', which are not consistent with length check. This patch revise logs
for length check to make it more consistent.
For example --lm-response requires exact 24 hex, let us input three kinds
of length 23 24 25, prompted logs said 'only got 25 bytes' seems confusing.
script:
for length in 23 24 25; \
do \
ntlm_auth --username=${un} --password=${pw} \
--lm-response="`openssl rand -hex ${length}`"; \
done;
output:
hex decode of 04db772593f5e6023d0ab4bc67a942c9179963477eb49d failed! (only got 23 bytes)
NT_STATUS_OK: The operation completed successfully. (0x0)
hex decode of 1e57749feb46bedcf969af6cbbe10e21d0232e35c27eb07294 failed! (only got 25 bytes)
After patch it shows 'got 25 bytes, expected 24' seems more consistent:
hex decode of e13e70c9cf2ac1e20015657c4bec53435b1b948febb63f failed! (got 23 bytes, expected 24)
NT_STATUS_OK: The operation completed successfully. (0x0)
hex decode of 64647005243092b036856f572faad262e0b69386d095d60f54 failed! (got 25 bytes, expected 24)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15677
Signed-off-by: Jones Syue <jonessyue at qnap.com>
Reviewed-by: David Mulder <dmulder at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Sat Jul 6 00:52:02 UTC 2024 on atb-devel-224
(cherry picked from commit 90c9d0d98d3c80c77764dbcaf9c24d7c4ea31b4a)
Autobuild-User(v4-20-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-20-test): Wed Aug 14 16:10:42 UTC 2024 on atb-devel-224
- - - - -
565fe2e2 by Shachar Sharon at 2024-08-20T11:36:13+00:00
vfs_ceph_new: next iteration of samba-to-cephfs bridge
Defined new module 'vfs_ceph_new.c' which serves as a place holder for
the next development phase of the bridge between samba's VFS layer and
libcephfs. Begin with a module which is almost identical to existing
'vfs_ceph.c', except for hooks-names prefix which is 'vfs_ceph_' in
order to make clear distinction from existing code base. Following
commits will also switch to low-level APIs.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit 3720452720b4760509875f0d2a8ed0d104bb1844)
- - - - -
94aa4655 by Shachar Sharon at 2024-08-20T11:36:13+00:00
vfs_ceph_new: use low-level APIs for disk_free
Start using libcephfs low-level APIs: get reference to root inode and
use it to query statfs. Requires an explicit put-inode to avoid resource
leakage by libcephfs.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit 192b0cf8717d79197b985539c9db8ca07a89c570)
- - - - -
30d2e62c by Shachar Sharon at 2024-08-20T11:36:13+00:00
vfs_ceph_new: use low-level APIs for stat
Start migrating to libcephfs' low-level APIs, using explicit Inode*
reference. Implement the VFS 'stat' hook using a ceph_ll_getattr
function, encapsulated with a pair of iget/iput to hold a
pinned-to-cache Inode* instance.
Upon calling to libcephfs this new code crates and destroys on-the-fly
a Ceph UserPerm instance based on the uig, gid and groups from
'handle->conn->session_info->unix_token'. This logic ensures that the
correct caller-credentials are passed-on to cephfs (instead of those
set upon connection-creation in legacy 'vfs_ceph.c').
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit 1b78d79663c48aa4b6810a875427de85ae49a2e8)
- - - - -
8aa24746 by Shachar Sharon at 2024-08-20T11:36:13+00:00
vfs_ceph_new: use low-level APIs for lstat
Use libcephfs' low-level APIs and apply the same logic as stat, but
using AT_SYMLINK_NOFOLLOW flags.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit 93d786b14358db5664e13b1aa43f3f03e7cf0be3)
- - - - -
1a9d6754 by Shachar Sharon at 2024-08-20T11:36:13+00:00
vfs_ceph_new: use low-level APIs for statfs
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit 47224fbdeb55100cf8a7ee75e13b954ab71fc158)
- - - - -
8d2255e5 by Shachar Sharon at 2024-08-20T11:36:13+00:00
vfs_ceph_new: use low-level APIs for lchown
Use libcephfs' low-level API ceph_ll_setattr to implement VFS lchown_fn
hook. Use to standard pattern of iget/iput to allow operation by Inode
reference.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit beb21324c9a554f50d8d99af2a1b7fe8a17c8ebb)
- - - - -
d81835ab by Shachar Sharon at 2024-08-20T11:36:13+00:00
vfs_ceph_new: ref cephmount_cached entry in handle->data
Allow direct access to ceph-mount cached-entry via 'handle->data'
private pointer. Required in order to allow more complex cached-state
with each cephfs mount. Users should now use the local-helper function
'cmount_of' to access the underlying ceph_mount_info.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit 31085c7efc3572bd6200d3d8e49c1e554cdbfbcc)
- - - - -
76dd5202 by Shachar Sharon at 2024-08-20T11:36:13+00:00
vfs_ceph_new: use low-level APIs for open/close
Implement openat, close and closedir and hooks using libcephfs'
low-level APIs. Cache the open Fh* from libcephfs and its related
meta-data using VFS fsp-extension mechanism.
Upon open-create of new vfs_ceph_fh store the caller credentials
(ceph's UserPerm*) within the same context object for subsequent calls.
In addition, provide a "pseudo" fd numbering which is reported back to
VFS layer and used as debugging hints.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit 491676846458980944b76d1693726627a9a32503)
- - - - -
73ef8906 by Shachar Sharon at 2024-08-20T11:36:13+00:00
vfs_ceph_new: use low-level APIs for fstat
Use libcephfs' low-level APIs and apply the same logic as stat, but
via explicit inode-reference.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit f16183f90abba3c2d3d26262926f1454275a9d3f)
- - - - -
dff808b3 by Shachar Sharon at 2024-08-20T11:36:13+00:00
vfs_ceph_new: use low-level APIs for fstatat
Use libcephfs' low-level APIs to do lookup-by-name via parent's open
reference followed by getattr on the inode itself.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit 13671cefffb268d84c973583669681318a2ce3bb)
- - - - -
cf7fd417 by Shachar Sharon at 2024-08-20T11:36:13+00:00
vfs_ceph_new: use low-level APIs for fdopendir
Implement fdopendir using libcephfs low-level API and cached (via fsp)
open file-handle. Embed the result within cached vfs_ceph_fh so it may
be used properly by closedir.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit a8a7339c6b7a6866399fd6c409228267a585740f)
- - - - -
7c1f160f by Shachar Sharon at 2024-08-20T11:36:13+00:00
vfs_ceph_new: use low-level APIs for mkdirat
Implement 'mkdirat' hook using libcephfs' low-level APIs, via the open
file-handle reference to parent directory.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit bd955af86e71fa6c87648e578890ea6f4d490d4b)
- - - - -
6403fb8d by Shachar Sharon at 2024-08-20T11:36:13+00:00
vfs_ceph_new: use low-level APIs for readdir ops
Implement readdir and rewinddir operations using libcephfs' low-level
APIs. Casts the opaque DIR pointer into struct vfs_ceph_dirp (the first
member of struct vfs_ceph_fh) to resolve the ceph_dir_result pointer
which libcephfs expects for readdir operations.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit 99c7179e5da6d201f03b1a04dbe2a6722090783d)
- - - - -
62758ba3 by Shachar Sharon at 2024-08-20T11:36:13+00:00
vfs_ceph_new: proper error handling to readdir
Error handling in the case of 'ceph_readdir' is done by setting 'errno'
deep within libcephfs code. In case of error, emit proper debug message
and re-update errno to avoid possible over-write by logging mechanism.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit 24a3423949e127177c019a0d126c6f7523e61984)
- - - - -
946921a5 by Shachar Sharon at 2024-08-20T11:36:13+00:00
vfs_ceph_new: use low-level APIs for fchown/fchmod
Use libcephfs' low-level APIs to implement 'fchown' and 'fchmod' using
open file-handle. If fsp does not have an open cephfs Fh reference,
set errno to EBADF and return -1 to VFS.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit cb14d3630d8c110405c2a43bef15aa31ec4a0fba)
- - - - -
b9b5dab0 by Shachar Sharon at 2024-08-20T11:36:13+00:00
vfs_ceph_new: use low-level APIs for fntimes
Implement fntimes hook using libcephfs' low-level APIs. Convert
smb_file_time to ceph_statx plus proper field mask on-the-fly upon
issuing low-level call to libcephfs.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit 20b7d2bfe06beefb5e7f091eb317ad18cb53f8a9)
- - - - -
6b79716d by Shachar Sharon at 2024-08-20T11:36:13+00:00
vfs_ceph_new: use low-level APIs for unlinkat
Implement unlinkat using libcephfs low-level APIs. Operate using parent
directory's open file-handle. When flags has AT_REMOVEDIR bit set call
low-level rmdir; otherwise, do normal unlink.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit 362a7cf8664270145bff815347e447797cc1a643)
- - - - -
4b53a5e3 by Shachar Sharon at 2024-08-20T11:36:13+00:00
vfs_ceph_new: use low-level APIs for symlink/readlink
Implement unlinkat using libcephfs low-level APIs. For readlink
operation need to resolve child inode by-lookup and then used the inode
reference for the actual low-level readlink.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit 53c9269b219a54236500d22d8a4c7f2ed582faaf)
- - - - -
9d51b996 by Shachar Sharon at 2024-08-20T11:36:13+00:00
vfs_ceph_new: use low-level APIs for read/write
Implement read/write IO operations using libcephfs' low-level APIs.
Requires open ceph Fh* associated with fsp (extension) to complete both
pread/pwrite as well as async I/O operations.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit 29bbe0f52d4ffae9dbb070ffc525acf99203444b)
- - - - -
61d7c591 by Shachar Sharon at 2024-08-20T11:36:13+00:00
vfs_ceph_new: use low-level APIs for lseek
Implement lseek operation using libcephfs' low-level APIs. Requires
open ceph Fh* associated with fsp (extension).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit 30c1a613fee3f625c0559e49e037af9fad04c3b8)
- - - - -
dda8b674 by Shachar Sharon at 2024-08-20T11:36:13+00:00
vfs_ceph_new: use low-level APIs for fsync
Implement fsync operation using libcephfs' low-level APIs. Requires
open ceph Fh* associated with fsp (extension).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit e15586fc6097565208011c556282d83eeec2230b)
- - - - -
2583b0e8 by Shachar Sharon at 2024-08-20T11:36:13+00:00
vfs_ceph_new: use low-level APIs for ftruncate/fallocate
Implement ftruncate/fallocate operations using libcephfs' low-level
APIs. Requires open ceph Fh* associated with fsp (extension).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit b536bf1fa87fb794e2992ab5368f41fdba80e3ad)
- - - - -
405a93f0 by Shachar Sharon at 2024-08-20T11:36:13+00:00
vfs_ceph_new: use low-level APIs for linkat
Implement link operations using libcephfs' low-level APIs. Requires two
phase operation: resolve (by-lookup) reference to inode and then do the
actual (hard) link operation using parent dir-inode reference to the
locally-cached inode.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit 9a70bd606728110ad91cab547a4e31350010bb68)
- - - - -
0ab6fa78 by Shachar Sharon at 2024-08-20T11:36:13+00:00
vfs_ceph_new: use low-level APIs for renameat
Implement renameat operations using libcephfs' low-level APIs. Requires
both directories to have valid inode-ref associated with their fsp
extension.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit 83011357fb834e92505f17d6f65d5f32e3d37ec0)
- - - - -
34f9de8b by Shachar Sharon at 2024-08-20T11:36:13+00:00
vfs_ceph_new: use low-level APIs for mknodat
Implement mknodat operations using libcephfs' low-level APIs. Requires
parent directory to have valid inode-ref associated with its fsp
extension.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit e714e5ddc50a771e743f5e63f686c106abe33b75)
- - - - -
07579685 by Shachar Sharon at 2024-08-20T11:36:13+00:00
vfs_ceph_new: use low-level APIs for xattr ops
Implement extended-attributes operations using libcephfs' low-level
APIs. Whenever possible, use the open file-handle from fsp-extension to
resolve inode-reference and user-permissions. Otherwise, resolve both
on-the-fly.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit 0a8445e891c64d703d44258b2eef85296265c55f)
- - - - -
c569dfcb by Shachar Sharon at 2024-08-20T11:36:13+00:00
vfs_ceph_new: debug-log upon libcephfs low-level calls
Add developer's debug-logging upon each call to libcephfs' low-level
APIs.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit d00f20f30f4e77463e82d202099682b7ef68260f)
- - - - -
f399191f by Shachar Sharon at 2024-08-20T11:36:13+00:00
vfs_ceph_new: common prefix to debug-log messages
Keep logging consistent: add "[CEPH] " prefix to DBG_DEBUG log messages
where missing.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
Autobuild-User(master): Günther Deschner <gd at samba.org>
Autobuild-Date(master): Mon Jul 29 15:58:15 UTC 2024 on atb-devel-224
(cherry picked from commit 3bb6d441bf047bef6d95675057cecd3865a25540)
- - - - -
a78c9b0a by Shachar Sharon at 2024-08-20T11:36:13+00:00
docs-xml/manpages: add entry for vfs_ceph_new
Create man entry for the newly added vfs_ceph_new module: almost
identical to existing vfs_ceph, except to the configuration entry:
[sharename]
vfs objects = ceph_new
...
Adds a bit of info for the motivation behind this new module.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit d8c84a2993b84ebb69011c33c1b5d44801c15363)
- - - - -
0042d902 by Anoop C S at 2024-08-20T11:36:13+00:00
vfs_ceph_new: Unconditionally use ceph_select_filesystem
Currently we don't have an explicit check for the presence of
ceph_select_filesystem() libcephfs API as it is always found to
be present with the minimum ceph version that is supported with
Samba right now. Therefore under this assumption directly call
ceph_select_filesystem() without any #ifdefs. Please note that
this change is already part of vfs_ceph via ef0068cd.
ref: https://gitlab.com/samba-team/samba/-/merge_requests/3715
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
Autobuild-User(master): Anoop C S <anoopcs at samba.org>
Autobuild-Date(master): Mon Aug 5 16:06:47 UTC 2024 on atb-devel-224
(cherry picked from commit de2f76fa47e6e672ce353ea9d3dc4019965c6491)
- - - - -
07f156d8 by Shachar Sharon at 2024-08-20T11:36:13+00:00
vfs_ceph{_new}: do not set errno upon successful call to libcephfs
There is code in Samba that expects errno from a previous system call
to be preserved through a subsequent system call. Thus, avoid setting
"errno = 0" in status_code() and lstatus_code() upon successful return
from libcephfs API call.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit a7f4e2bd47c7f4728f3ac8d90af693156a69c557)
- - - - -
ce958aee by Shachar Sharon at 2024-08-20T11:36:13+00:00
vfs_ceph_new: handle errno properly for 'readdir'
Take special care for readdir errno setting: in case of error, update
errno by libcephfs (and protect from possible over-write by debug
logging); in the case of successful result or end-of-stream restore
errno to its previous value before calling the readdir_fn VFS hook.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
Autobuild-User(master): Günther Deschner <gd at samba.org>
Autobuild-Date(master): Wed Aug 7 14:20:02 UTC 2024 on atb-devel-224
(cherry picked from commit aa043a5808b73fc272de585c1446372fa3f21d08)
- - - - -
a8c3db7e by Shachar Sharon at 2024-08-20T11:36:13+00:00
vfs_ceph_new: use 'ceph_new' for config-param prefix
Use explicit 'ceph_new' prefix to each of the ceph specific config
parameters to avoid confusion with legacy 'vfs_ceph' module. Hence,
users will have in their smb.conf a format similar to:
...
[smbshare]
vfs objects = ceph_new
ceph_new: config_file = /etc/ceph/ceph.conf
ceph_new: user_id = user1
ceph_new: filesystem = fs1
...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
(cherry picked from commit aca4cf8327dcaef782dedd98a63a020469c45cdb)
- - - - -
bb8d642a by Shachar Sharon at 2024-08-20T11:36:13+00:00
docs-xml/manpages: 'ceph_new' prefix for config-param of vfs_ceph_new
With 'ceph_new' prefix used by vfs_ceph_new for config parameters,
update the relevant man-page accordingly.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
Autobuild-User(master): Günther Deschner <gd at samba.org>
Autobuild-Date(master): Thu Aug 8 13:54:34 UTC 2024 on atb-devel-224
(cherry picked from commit 68f0835c8e1c5029cd831c267b75c02185b206c7)
- - - - -
6a416edf by Stefan Metzmacher at 2024-08-20T11:36:13+00:00
s4:torture/smb2: let smb2.session.expire2* also check compound requests
This shows that all compound related requests should get
NT_STATUS_NETWORK_SESSION_EXPIRED.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15696
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit f6009aa73b9234df1e6ab689de322487ad1394ed)
- - - - -
0bd26677 by Stefan Metzmacher at 2024-08-20T12:47:54+00:00
s3:smb2_server: return NT_STATUS_NETWORK_SESSION_EXPIRED for compound requests
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15696
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Aug 13 22:29:28 UTC 2024 on atb-devel-224
(cherry picked from commit 4df1bfd07012dd3d2d2921281e6d6e309303b88d)
Autobuild-User(v4-20-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-20-test): Tue Aug 20 12:47:54 UTC 2024 on atb-devel-224
- - - - -
cccf0beb by Pavel Filipenský at 2024-08-22T09:01:30+00:00
lib/param: Don't treat a missing include file as an error in handle_include().
Same fix as in commit 09d7690
'samba-tool domain provision -d10' fails if the included file does not
exist:
lpcfg_load: refreshing parameters from /etc/samba/smb.conf
Processing section "[global]"
Can't find include file /etc/samba/usershares.conf
pm_process() returned No
ERROR: Unable to load default file
File "/usr/lib64/python3.12/site-packages/samba/netcmd/domain/provision.py", line 183, in run
lp = sambaopts.get_loadparm()
^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib64/python3.12/site-packages/samba/getopt.py", line 282, in get_loadparm
self._lp.load_default()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15698
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>
Autobuild-User(master): Martin Schwenke <martins at samba.org>
Autobuild-Date(master): Wed Aug 21 00:04:19 UTC 2024 on atb-devel-224
(cherry picked from commit ffc75c569c69ce22a39b5d1df8cb4906095c8654)
Autobuild-User(v4-20-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-20-test): Thu Aug 22 09:01:31 UTC 2024 on atb-devel-224
- - - - -
33452ce9 by Shachar Sharon at 2024-08-22T09:17:13+00:00
vfs_ceph: align lines-length with coding standard
Coding standard requires following Linux kernel style guide, with an
explicit statement that "Maximum Line Width is 80 Characters". Align
vfs_ceph.c with this convention: split long lines into multiple lines
and use 'git clang-format' to do auto-formatting based on Samba project
'.clang-format' settings.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit b7e3f93ef0f17a5c85385f2e5a333fcf965766b5)
- - - - -
a9d32a3b by Shachar Sharon at 2024-08-22T09:17:13+00:00
vfs_ceph: re-map unimplemented hooks
Code cleanup: prefer standard convenience helpers for unimplemented
VFS hooks.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit ee72f127c34f27ca496243631b2e7141de2bd59d)
- - - - -
67c90dec by Shachar Sharon at 2024-08-22T09:17:13+00:00
vfs_ceph: replace WRAP_RETURN macro with convenience helpers
The WRAP_RETURN is a non-hygienic macro, and as such has the potential
of creating bogus code (e.g. 'return WRAP_RETURN(ret);' which existed
in the code in the past but did not yield any compiler warning). Prefer
simple convenience helper functions instead, which are also type safe.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit 691a397b2707f2924e3f6910c9c574e01d811a97)
- - - - -
92712fc7 by Shachar Sharon at 2024-08-22T09:17:13+00:00
vfs_ceph: explicit cast to uint64_t upon failure of ceph_statfs
When a call to 'ceph_statfs' from with 'cephwrap_disk_free' returns
non-zero status do an explicit cast to uint64_t for the negative (-1)
value returned by 'status_code'.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit a7d34ec597fe810090d28bfda636b7450ecb06e5)
- - - - -
b9d9bec5 by Shachar Sharon at 2024-08-22T10:34:46+00:00
vfs_ceph{_new}: do not set errno upon successful call to libcephfs
There is code in Samba that expects errno from a previous system call
to be preserved through a subsequent system call. Thus, avoid setting
"errno = 0" in status_code() and lstatus_code() upon successful return
from libcephfs API call.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit a7f4e2bd47c7f4728f3ac8d90af693156a69c557)
Autobuild-User(v4-20-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-20-test): Thu Aug 22 10:34:46 UTC 2024 on atb-devel-224
- - - - -
f7dc86c1 by Shachar Sharon at 2024-08-26T15:45:20+00:00
s3:smbd: fix NULL dereference in case of readlink failure
When VFS readlinkat hook returns with error the following sequence
yields NULL-pointer dereference (SIGSEGV):
symlink_target_below_conn (source3/smbd/open.c)
char *target = NULL;
...
readlink_talloc (source3/smbd/files.c)
SMB_VFS_READLINKAT
smb_vfs_call_readlinkat (source3/smbd/vfs.c)
handle->fns->readlinkat_fn --> returns error
status = safe_symlink_target_path(.., target /* NULL */ ..)
safe_symlink_target_path (source3/smbd/filename.c)
if (target[0] == '/') { /* NULL pointer dereference */
A failure in VFS module's readlinkat hook may happen due to run-time
error (e.g., network failure which cases libcephfs to disconnect from
MDS).
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15700
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: John Mulligan <jmulligan at redhat.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Fri Aug 23 09:27:06 UTC 2024 on atb-devel-224
(cherry picked from commit 168966a053045476a84044aa73f66722eb702fe0)
Autobuild-User(v4-20-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-20-test): Mon Aug 26 15:45:20 UTC 2024 on atb-devel-224
- - - - -
f22c56b0 by David Disseldorp at 2024-08-30T07:58:15+00:00
s4:torture/smb2: test FSCTL_QUERY_ALLOCATED_RANGES truncation
FSCTL_QUERY_ALLOCATED_RANGES responses with more than one range should
be truncated to account for a ioctl.smb2.in.max_output_response limit.
Add a test for this.
Flag the new test knownfail; fix in subsequent commit.
Signed-off-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
(cherry picked from commit 5cf57f1f539021f1490285516d8cfb2a2ab483e0)
- - - - -
72aa92c6 by David Disseldorp at 2024-08-30T09:01:54+00:00
smb2_ioctl: fix truncated FSCTL_QUERY_ALLOCATED_RANGES responses
As per MS-FSA 2.1.5.10.22 FSCTL_QUERY_ALLOCATED_RANGES, if response
range entries exceed in_max_output, then we should respond with
STATUS_BUFFER_OVERFLOW and a truncated output buffer.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15699
Reported-by: David Howells <dhowells at redhat.com>
Signed-off-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
Autobuild-User(master): David Disseldorp <ddiss at samba.org>
Autobuild-Date(master): Wed Aug 28 08:54:11 UTC 2024 on atb-devel-224
(cherry picked from commit 5e278a52646a48e3671270e5b57ec5b852f9fb4b)
Autobuild-User(v4-20-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-20-test): Fri Aug 30 09:01:54 UTC 2024 on atb-devel-224
- - - - -
78ca7d39 by Jule Anger at 2024-09-02T12:37:12+00:00
Revert "smb2_ioctl: fix truncated FSCTL_QUERY_ALLOCATED_RANGES responses"
This reverts commit 4bb2b46bac8dad426e1b2f0942ded6908c47f7d5.
Wrong patchset applied. This is the one for 4.21. The correct patchset
will be the subsequent commits.
See: https://bugzilla.samba.org/show_bug.cgi?id=15699
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
7d68c0ad by Jule Anger at 2024-09-02T12:37:12+00:00
Revert "s4:torture/smb2: test FSCTL_QUERY_ALLOCATED_RANGES truncation"
This reverts commit 13470db5f70a194a098339148c247a79776a774c.
Wrong patchset applied. This is the one for 4.21. The correct patchset
will be the subsequent commits.
See: https://bugzilla.samba.org/show_bug.cgi?id=15699
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
7cf02a52 by David Disseldorp at 2024-09-02T12:37:12+00:00
s4:torture/smb2: test FSCTL_QUERY_ALLOCATED_RANGES truncation
FSCTL_QUERY_ALLOCATED_RANGES responses with more than one range should
be truncated to account for a ioctl.smb2.in.max_output_response limit.
Add a test for this.
Flag the new test knownfail; fix in subsequent commit.
Signed-off-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
(cherry picked from commit 5cf57f1f539021f1490285516d8cfb2a2ab483e0)
- - - - -
9e2c58c7 by David Disseldorp at 2024-09-02T12:37:12+00:00
smb2_ioctl: fix truncated FSCTL_QUERY_ALLOCATED_RANGES responses
As per MS-FSA 2.1.5.10.22 FSCTL_QUERY_ALLOCATED_RANGES, if response
range entries exceed in_max_output, then we should respond with
STATUS_BUFFER_OVERFLOW and a truncated output buffer.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15699
Reported-by: David Howells <dhowells at redhat.com>
Signed-off-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
Autobuild-User(master): David Disseldorp <ddiss at samba.org>
Autobuild-Date(master): Wed Aug 28 08:54:11 UTC 2024 on atb-devel-224
(cherry picked from commit 5e278a52646a48e3671270e5b57ec5b852f9fb4b)
- - - - -
acb3de1c by Shachar Sharon at 2024-09-02T12:37:12+00:00
vfs_ceph_new: add missing newline in debug-logging
Commit d00f20f3 ("vfs_ceph_new: debug-log upon libcephfs low-level
calls") introduced debug-logging before each call to libcephfs low-level
APIs. Unfortunately, one of the logging messages missed the terminating
newline ('\n') character.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: John Mulligan <jmulligan at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
Autobuild-User(master): Anoop C S <anoopcs at samba.org>
Autobuild-Date(master): Wed Aug 21 14:18:07 UTC 2024 on atb-devel-224
(cherry picked from commit cbba4008a7fb9e6e91d0568f25ac481b60fda96f)
- - - - -
60052ea7 by Shachar Sharon at 2024-09-02T13:41:57+00:00
vfs_ceph_new: handle case of readlinkat with empty name string
Commit 53c9269b (vfs_ceph_new: use low-level APIs for symlink/readlink)
introduced readlinkat using libcephfs low-level APIs. However, it does
not handle properly the case where readlinkat operates on empty name
string (see man readlinkat(2)), such as:
fd = openat(dirfd, symname, O_PATH | O_NOFOLLOW, 0);
readlinkat(fd, "", buf, bufsiz);
Handle this special case of readlinkat with empty name string by using
a reference to the symlink inode itself.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
Autobuild-User(master): Anoop C S <anoopcs at samba.org>
Autobuild-Date(master): Fri Aug 30 10:42:27 UTC 2024 on atb-devel-224
(cherry picked from commit 22182f90e8e7876a9895f77e736d2b96b18b174f)
Autobuild-User(v4-20-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-20-test): Mon Sep 2 13:41:57 UTC 2024 on atb-devel-224
- - - - -
a6041983 by Ralph Boehme at 2024-09-06T14:04:09+00:00
smbtorture: test creating stream doesn't crash when using "inherit permissions = yes"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15695
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 09835608307ff2580f1aada84d44feddae17c80f)
- - - - -
9559c00d by Ralph Boehme at 2024-09-06T15:26:57+00:00
smbd: use metadata_fsp(fsp) in copy_access_posix_acl() for SMB_VFS_SYS_ACL_SET_FD
When inherting permissions on the created stream, we call into the VFS to fetch
the streams security descriptor via inherit_access_posix_acl() ->
copy_access_posix_acl() -> SMB_VFS_SYS_ACL_SET_FD() passing the stream fsp which
triggers the assert SMB_ASSERT(!fsp_is_alternate_stream(fsp)) in
vfswrap_sys_acl_set_fd() in vfs_default.
Just passing the base fsp to the VFS fixes this.
vfs_streams_depot which *does use* distinct backend filesystem files for the
streams, currently does not apply permissions to the stream files at all, so the
incomplete behaviour of vfs_streams_depot is not affected by this change.
If in the future someone want to fix this defficiency in vfs_streams_depot, the
module code can use fsp->stream_fsp to base decisions in VFS ops whether the
module should carry out some action.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15695
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Mon Sep 2 08:55:28 UTC 2024 on atb-devel-224
(cherry picked from commit ecb8a99a2c7ba36f9adc50ef13cd8465a0c49b19)
Autobuild-User(v4-20-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-20-test): Fri Sep 6 15:26:57 UTC 2024 on atb-devel-224
- - - - -
9d6ed32d by Jule Anger at 2024-09-17T13:34:37+02:00
WHATSNEW: Add release notes for Samba 4.20.5.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
6ddb7d9a by Jule Anger at 2024-09-17T13:35:08+02:00
VERSION: Disable GIT_SNAPSHOT for the 4.20.5 release.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
bf81b8e4 by Jule Anger at 2024-09-17T13:35:31+02:00
VERSION: Bump version up to Samba 4.20.6...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
90f572d1 by Michael Tokarev at 2024-09-18T11:42:07+03:00
New upstream version 4.20.5+dfsg
- - - - -
a9cb9d32 by Ralph Boehme at 2024-10-02T14:35:09+00:00
s3/lib: add next helper variable in server_id_watch_*
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15624
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Ralph Boehme <slow at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
(cherry picked from commit d76edcd48437715c7541b5b1e6a56245c25f460b)
- - - - -
78b677b4 by Ralph Boehme at 2024-10-02T14:35:09+00:00
s3/lib: add option "serverid watch:debug = yes" to print kernel stack of hanging process
We only do if sys_have_proc_fds() returns true, so it's most likely
linux...
Enabled by default with log level 10...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15624
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Ralph Boehme <slow at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
(cherry picked from commit 5c57e840527432c4b1a7ec94894939022a9e9622)
- - - - -
b7fd8bdf by Ralph Boehme at 2024-10-02T14:35:09+00:00
s3/lib: add option "serverid watch:debug script"
This takes just PID and NODE:PID on a cluster.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15624
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Ralph Boehme <slow at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
(cherry picked from commit 7add7dbf1aee13b4d9ab70d1a5312c8ff30d9e00)
- - - - -
57b19448 by Ralph Boehme at 2024-10-02T14:35:09+00:00
smbd: log share_mode_watch_recv() errors as errors
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15624
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Ralph Boehme <slow at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
(cherry picked from commit b45e78871aadca6ae33475bee890736838f44219)
- - - - -
34e00dfc by Ralph Boehme at 2024-10-02T14:35:10+00:00
smbd: add option "smbd lease break:debug hung procs"
By enabling this a process sending a lease break message to another process
holding a lease will start watching that process and if that process didn't
process the lease break within 10 seconds (cf server_id_watch_waited()), we log
a kernel stack backtrace of that process.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15624
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Ralph Boehme <slow at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
(cherry picked from commit d8613d7ee23c4e990285a387eb9ac2eeefff9749)
- - - - -
e261202e by Ralph Boehme at 2024-10-02T14:35:10+00:00
smbd: move trace_state variable behind tv variable
Next commit adds timestamp variables to trace_state that want to be initialized
with the current time, so moving behind tv we can then just reuse tv for that.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15624
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
(cherry picked from commit 679e12aee2f0c283a6f9b9c6008c549a6ca9633e)
- - - - -
46ac92e1 by Ralph Boehme at 2024-10-02T14:35:10+00:00
smbd: add option "smbd:debug events" for tevent handling duration threshold warnings
Can be used to enable printing an error message if tevent event handlers ran
longer then three seconds. Also logs a message with a loglevel of 3 if there
were no events at hall.
Enabled by default with 'log level = 10' or
'smbd profiling level = on'...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15624
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Ralph Boehme <slow at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
(cherry picked from commit 90d776cb18395ed804f0ab4fd13ef571fc0ad827)
- - - - -
b4921859 by Stefan Metzmacher at 2024-10-02T14:35:10+00:00
vfs_error_inject: add 'error_inject:durable_reconnect = st_ex_nlink'
This allows to simulate durable reconnect failures because the stat
information of the file changed.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15624
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
(cherry picked from commit 692ed832dfff61ad1c9b646b5c8d6f85f25efb99)
- - - - -
dc0f69fd by Stefan Metzmacher at 2024-10-02T14:35:10+00:00
s4:torture/smb2: add smb2.durable-v2-regressions.durable_v2_reconnect_bug15624
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15624
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
(cherry picked from commit ef4ef04e7f83b1029446ff8b5fc5fdf4ab33edbd)
- - - - -
4e419975 by Stefan Metzmacher at 2024-10-02T14:35:10+00:00
s3:tests: let test_durable_handle_reconnect.sh run smb2.durable-v2-regressions.durable_v2_reconnect_bug15624
This demonstrates the dead lock after a durable reconnect failed
because the stat info changed, the file can't be accessed anymore
as we leak the incomplete share mode entry in a still running
process.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15624
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
(cherry picked from commit 14875448ca06a3a28800343a3a326f1a66bccec0)
- - - - -
e620d1a8 by Ralph Boehme at 2024-10-02T14:35:10+00:00
smbd: consolidate DH reconnect failure code
No change in behaviour, except that we now
also call fd_close() if vfs_default_durable_cookie()
failed.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15624
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Ralph Boehme <slow at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
(cherry picked from commit a91457f97c98fcec1ed062514c364271af1df669)
- - - - -
630c870e by Ralph Boehme at 2024-10-02T14:35:10+00:00
smbd: remove just created sharemode entry in the error codepaths
Without this we leave stale sharemode entries around that can lead to all sorts
of havoc.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15624
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
Autobuild-User(master): Günther Deschner <gd at samba.org>
Autobuild-Date(master): Thu Sep 19 19:36:19 UTC 2024 on atb-devel-224
(cherry picked from commit 2ff3b9bc0d254a63a913ff9084de3d794fee27d0)
- - - - -
fa2041ce by Stefan Metzmacher at 2024-10-02T15:56:24+00:00
s4:lib/messaging: fix interaction between imessaging_reinit and irpc_destructor
This was missing in commit 0d096931196524a2d1bf59470bc629dc9231131e.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15280
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Wed Sep 18 19:45:56 UTC 2024 on atb-devel-224
(cherry picked from commit a14320461e3abb56f5dacc90ca73bc1143270394)
Autobuild-User(v4-20-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-20-test): Wed Oct 2 15:56:24 UTC 2024 on atb-devel-224
- - - - -
165149da by Christof Schmitt at 2024-10-04T11:48:11+00:00
shadow_copy2: Ignore VFS_OPEN_HOW_WITH_BACKUP_INTENT
d1846452e96 vfs: Add VFS_OPEN_HOW_WITH_BACKUP_INTENT introduced
VFS_OPEN_HOW_WITH_BACKUP_INTENT for files opened with
FILE_OPEN_FOR_BACKUP_INTENT. shadow_copy2 refuses the open on a file if
any flage in how.resolve is set. Change the check in shadow_copy2 to
allow opening of files with VFS_OPEN_HOW_WITH_BACKUP_INTENT.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15730
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Wed Oct 2 08:06:38 UTC 2024 on atb-devel-224
(cherry picked from commit 30b0fa892ad66bfad92403186f97fd46496e62de)
- - - - -
676ac179 by Jones Syue at 2024-10-04T12:55:29+00:00
s3: SIGHUP handlers use consistent log level 3
When turn-on 'log level = 3', sending SIGHUP to samba processes, for
example: smbd parent/children, smbd-notifyd, and smbd-cleanupd. Then
monitor log.smbd in order to parse sighup logs, it looks like the log level
is inconsistent among these processes: smbd parent/children use level 1,
and smbd-notifyd/smbd-cleanupd use level 3.
This patch raises sighup handler's log level from level 1 to level 3, which
is more consistent with smbd-notifyd by Commit 6e5bff80a0a0b ("s3:notifyd:
Handle sigup in notifyd to reparse smb.conf"), and smbd-cleanupd by Commit
57c1e115ecef4 ("smbd: reopen logs on SIGHUP for notifyd and cleanupd").
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15706
Signed-off-by: Jones Syue <jonessyue at qnap.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>
Autobuild-User(master): Martin Schwenke <martins at samba.org>
Autobuild-Date(master): Wed Sep 25 01:38:02 UTC 2024 on atb-devel-224
(cherry picked from commit 4f3dfb2029c667b6dcd43223fe154dca59143e95)
Autobuild-User(v4-20-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-20-test): Fri Oct 4 12:55:29 UTC 2024 on atb-devel-224
- - - - -
226b0a20 by Douglas Bagnall at 2024-10-07T08:33:18+00:00
ldb_kv_index: dn_list load sub transaction can re-use keys
We don't want to modify the original list, but we can reuse the keys
if we treat them as immutable and don't free them. That makes it a lot
quicker if there are many keys (i.e. where an index is useful) and may
sub-transactions. In particular, it avoids O(n²) talloc_memdups.
A removed comment that says "We have to free the top level index
memory otherwise we would leak", and this will be addressed in the
next commit.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15590
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 5f0198d69843c864f2b98a7c0c6305ad789a68a0)
- - - - -
76e1024f by Douglas Bagnall at 2024-10-07T08:33:18+00:00
ldb:kv_index: realloc away old dn list
We can't just free it, because has the GUID index list as a child, and
these are shared by the new dn list (from the subtransaction we are
committing). But if the dn list is long and the main transaction is
long-lived, we can save a lot of memory by turning this dn list into
an almost empty node in the talloc tree. This returns us to roughly
the situation we had prior to the last commit.
For example, with the repro.sh script on bug 15590 in indexes mode
with 10000 rules, The last 3 commits use this much memory at the end
of an unusually large transaction:
full talloc report on 'struct ldb_context' (total 4012222 bytes in 90058 blocks)
full talloc report on 'struct ldb_context' (total 2405482219 bytes in 90058 blocks)
full talloc report on 'struct ldb_context' (total 4282195 bytes in 90058 blocks)
That is, the last commit increased usage 500 fold, and this commit
brings it back to normal.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15590
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 1bf9ede94f0a6b41fb18e880e59a8e390f8c21d3)
- - - - -
0a99463b by Douglas Bagnall at 2024-10-07T08:33:18+00:00
ldb:kv_index: help static analysers to not worry (CID 1615192)
The point of this realloc is that we are not using this array, but
keeping it around to remain a node the talloc tree. We'd prefer to
reduce it to nothing.
Coverity rightly spotted that it was reallocing an array of `struct
ldb_val` to an array of `struct ldb_val *`, which has a different size
and all. But it doesn't matter in this case, because we will never use
it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15590
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jennifer Sutton <josutton at catalyst.net.nz>
(cherry picked from commit e2a74963fb89f5409c236a0fbe4cd070e1a75a43)
- - - - -
44378cae by Andréas Leroux at 2024-10-07T09:45:40+00:00
netcmd:domain:policy: Fix missing conversion from tgt_lifetime minutes to 10^(-7) seconds
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15692
Signed-off-by: Andréas Leroux <aleroux at tranquil.it>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jennifer Sutton <jennifersutton at catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall at samba.org>
Autobuild-Date(master): Fri Oct 4 04:01:22 UTC 2024 on atb-devel-224
(backported from commit 3766b6a126f659a43e2e36c66689c136fc22dbc4
requiring manual merge in the test file imports)
Autobuild-User(v4-20-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-20-test): Mon Oct 7 09:45:40 UTC 2024 on atb-devel-224
- - - - -
e1452017 by Stefan Metzmacher at 2024-10-14T09:28:21+00:00
s4:torture/smb2: improve error handling in durable_open.c
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15649
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15651
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit e65e1326a0214a7dfff75ea1e528e82c8fc64517)
- - - - -
989d0c48 by Stefan Metzmacher at 2024-10-14T09:28:21+00:00
s4:torture/smb2: improve error handling in durable_v2_open.c
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15649
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15651
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 9b2417c2f04857709c25e3665cd783a68edf0cf2)
- - - - -
6ea02f37 by Stefan Metzmacher at 2024-10-14T09:28:21+00:00
s4:torture/smb2: add smb2.durable-open.lock-noW-lease
This demonstrates that a W lease is required for a
durable handle to be durable when it has byte range locks.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15649
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15651
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 1cc1586d84a65046ab7804f17297c6964bb76c23)
- - - - -
ad0fb085 by Stefan Metzmacher at 2024-10-14T09:28:21+00:00
s4:torture/smb2: add smb2.durable-v2-open.lock-{oplock,lease,noW-lease}
This demonstrates that a W lease is required for a
durable handle to be durable when it has byte range locks.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15649
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15651
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 8884d617310b47375e38c0386433c5e183703454)
- - - - -
041f15c8 by Stefan Metzmacher at 2024-10-14T09:28:21+00:00
s3:smbd: only store durable handles with byte range locks when having WRITE lease
This simplifies the reconnect assumptions, when we want to allow
more than one durable handle on a file for multiple clients with
READ+HANDLE leases.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15649
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15651
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 0893ae88180137d44f17196234f657d362543ff5)
- - - - -
02a4ccfb by Stefan Metzmacher at 2024-10-14T09:28:21+00:00
s4:torture/smb2: add smb2.durable-v2-open.{[non]stat[RH]-and,two-same,two-different}-lease
These show that it's possible to have durable handles in addition
of stat opens, as well as multiple durable opens with RH leases.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15649
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15651
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 77c7741f39a0a9789bede7c4722bd3f35d4af3fd)
- - - - -
11903eb4 by Stefan Metzmacher at 2024-10-14T09:28:21+00:00
s4:torture/smb2: add smb2.durable-v2-open.{keep,purge}-disconnected-* tests
These demonstrate which durables handles are kept and which are purged
because of various opens, writes or renames.
smb2.durable-v2-open.keep-disconnected-rh-with-stat-open
smb2.durable-v2-open.keep-disconnected-rh-with-rh-open
smb2.durable-v2-open.keep-disconnected-rh-with-rwh-open
smb2.durable-v2-open.keep-disconnected-rwh-with-stat-open
smb2.durable-v2-open.purge-disconnected-rwh-with-rwh-open
smb2.durable-v2-open.purge-disconnected-rwh-with-rh-open
smb2.durable-v2-open.purge-disconnected-rh-with-share-none-open
smb2.durable-v2-open.purge-disconnected-rh-with-write
smb2.durable-v2-open.purge-disconnected-rh-with-rename
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15649
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15651
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15708
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 9e98cd5c7a180521026b0d73a330bdaf2c8af73a)
- - - - -
22682be2 by Stefan Metzmacher at 2024-10-14T09:28:21+00:00
s3:smbd: let durable_reconnect_fn already check for a disconnected handle with the correct file_id
We'll soon allow more than one disconnected durable handle, so
we need to find the correct one instead of assuming only a single
one.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15649
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15651
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 2869bd1a507e7376f0bb0ec68ed4e045b043cfdb)
- - - - -
1e9bd54e by Stefan Metzmacher at 2024-10-14T09:28:21+00:00
s3:smbd: allow reset_share_mode_entry() to handle more than one durable handle
This means that multiple durable handles with RH leases can
co-exist now... Before only the last remaining durable handle
was able to pass the SMB_VFS_DURABLE_DISCONNECT() step.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15649
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15651
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit b1e5f5d8d2852b66ca4c858d14d367ffe228a88d)
- - - - -
24e89430 by Stefan Metzmacher at 2024-10-14T10:52:03+00:00
s3:smbd: avoid false positives for got_oplock and have_other_lease in delay_for_oplock_fn
stat opens should not cause a oplock/lease downgrade if
they don't have a lease attached to itself.
Note that opens broken to NONE still count if they are
non-stat opens...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15649
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15651
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Thu Oct 10 13:59:18 UTC 2024 on atb-devel-224
(cherry picked from commit dd5b9e08c7a98c54b62d3b097c75faa09cd17da7)
Autobuild-User(v4-20-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-20-test): Mon Oct 14 10:52:03 UTC 2024 on atb-devel-224
- - - - -
2d2d5f67 by Stefan Metzmacher at 2024-11-07T08:18:16+00:00
s4:tortore/rpc: let rpc.backupkey without privacy pass against Windows 2022
The server disconnects after the first fault.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 8c6b5b87434e96d4cb695c0a5cf8aa0a0472c6a4)
- - - - -
b647d526 by Stefan Metzmacher at 2024-11-07T08:18:16+00:00
RawDCERPCTest: ignore errors in smb_pipe_socket.close()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit b51ab42284211981a1ee6c8865845c7dfc985cb4)
- - - - -
c063734a by Stefan Metzmacher at 2024-11-07T08:18:16+00:00
tests/dcerpc/raw_protocol: pass against Windows 2022 and require special env vars for legacy servers
Test works against Windows 2022 and works like this:
SMB_CONF_PATH=/dev/null SERVER=172.31.9.118 \
TARGET_HOSTNAME=w2022-118.w2022-l7.base IGNORE_RANDOM_PAD=1 \
DOMAIN=W2022-L7 REALM=W2022-L7.BASE \
USERNAME=administrator PASSWORD=A1b2C3d4 \
python/samba/tests/dcerpc/raw_protocol.py -v -f TestDCERPC_BIND
Against a legacy Windows2012R2 server this still works:
SMB_CONF_PATH=/dev/null SERVER=172.31.9.188 \
TARGET_HOSTNAME=w2012r2-188.w2012r2-l6.base ALLOW_BIND_AUTH_PAD=1 \
LEGACY_BIND_NACK_NO_REASON=1 AUTH_LEVEL_CONNECT_LSA=1 \
IGNORE_RANDOM_PAD=1 DOMAIN=W2012R2-L6 REALM=W2012R2-L6.BASE \
USERNAME=administrator PASSWORD=A1b2C3d4 \
python/samba/tests/dcerpc/raw_protocol.py -v -f TestDCERPC_BIND
Currently Samba behaves like 2012R2, but the next commits
will change that...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 98d908bfd07283878a7a6a630c2bfe5d27b5ffd8)
- - - - -
d095ad71 by Stefan Metzmacher at 2024-11-07T08:18:16+00:00
s4:selftest: only run ad_member with AUTH_LEVEL_CONNECT_LSA=1
We only want to test against
'allow dcerpc auth level connect:lsarpc = yes' once
in order to have the related code tests.
We use the ad_memeber for that special test and
use the default on the tested ADDC.
This reveals some knownfails, which will be fixed in
the next commit...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 93bd5ba609f93ce8298f12f2a7b0ad333e0f48bf)
- - - - -
74b127d0 by Stefan Metzmacher at 2024-11-07T08:18:16+00:00
dcesrv_core: disconnect after a fault with non AUTH_LEVEL_CONNECT bind
Without an auth context using DCERPC_AUTH_LEVEL_PACKET or higher
the fault to reject requests with an invalid auth level
should trigger a disconnect after sending the fault to
the client.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 31c2f35bba003daee39756e83def0f3d45c19c6b)
- - - - -
8ee66862 by Stefan Metzmacher at 2024-11-07T08:18:16+00:00
dcesrv_core: return NAK_REASON_PROTOCOL_VERSION_NOT_SUPPORTED for binds without contexts
This is the error Windows 2022 (and 2025 preview) return.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 8e6696b2ac6990f3d6bac804c9a0f1a2b8f0ada0)
- - - - -
0c7983db by Stefan Metzmacher at 2024-11-07T08:18:16+00:00
tests/dcerpc/raw_protocol: add more test for auth padding during ALTER_CONTEXT/AUTH3
The aim is to keep testing the code paths, which are no longer
testing because allow_bind_auth_pad is false now, which
means the existing tests fail directly at the BIND,
but we also want to test the error handling on
ALTER_CONTEXT (and AUTH3).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 9309283ddbcc60cb8dac8ecd3f4bcecfbf8ac732)
- - - - -
5e2aa6bf by Stefan Metzmacher at 2024-11-07T08:18:16+00:00
dcerpc_util: don't allow auth_padding for BIND, ALTER_CONTEXT and AUTH3 pdus
This is how Windows 2022 (and 2025 preview) behaves...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit be02d4077db1d6c35b2e480937a04b5e70545a6d)
- - - - -
d921255c by Stefan Metzmacher at 2024-11-07T08:18:16+00:00
s4:librpc: provide py_schannel bindings
This will be used in the dcerpc.raw_protocol test.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 0acbbeab4db0c8bc8ff655d652e249fecb3c4ef9)
- - - - -
f2705e5b by Stefan Metzmacher at 2024-11-07T08:18:16+00:00
RawDCERPCTest: split prepare_pdu() and send_pdu_blob() out of send_pdu()
This will make it possible to alter pdus before sending them to the
server.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 444f9c6624f5c997dfdc4ae0bfb8823a56fbef70)
- - - - -
8d902a20 by Stefan Metzmacher at 2024-11-07T08:18:16+00:00
RawDCERPCTest: add some more auth_length related asserts
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit bb8ad1f22924b581bfb66555713e98efa91372b2)
- - - - -
7bd44b9f by Stefan Metzmacher at 2024-11-07T08:18:16+00:00
dcesrv_core: add more verbose debugging for missing association groups
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit ac5818f2dd348e61b4be35505bee00b330ec4450)
- - - - -
71aad11c by Stefan Metzmacher at 2024-11-07T08:18:16+00:00
tests/dcerpc/raw_protocol: run test_neg_xmit_ffff_ffff over tcp and smb
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit a2d894fd37aaa9bce64ad95e01412681a08790ea)
- - - - -
fd6e9855 by Stefan Metzmacher at 2024-11-07T08:18:16+00:00
dcesrv_core: introduce dcesrv_connection->transport_max_recv_frag
The max fragment size depends on the transport.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 09e8dd23ce0c08c5c04bd74121f3664f420af877)
- - - - -
d896ce18 by Stefan Metzmacher at 2024-11-07T08:18:16+00:00
tests/dcerpc/raw_protocol: test_no_auth_ctx_request
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 57fb07f5a3369d679f8918f853303b56e58dfb3d)
- - - - -
7185f309 by Stefan Metzmacher at 2024-11-07T08:18:16+00:00
tests/dcerpc/raw_protocol: fix comment in test_spnego_change_auth_type1
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 7b5c3f9b1f334eb9d7906338e2e64196a6530068)
- - - - -
a6dec953 by Stefan Metzmacher at 2024-11-07T08:18:16+00:00
tests/dcerpc/raw_protocol: add tests for max auth_padding, auth_len or auth_offset
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 0da9e4d7430c7dbb37783e6152f7672bf29498e9)
- - - - -
5efc2a0e by Stefan Metzmacher at 2024-11-07T08:18:16+00:00
tests/dcerpc/raw_protocol: add more tests for auth_pad alignment
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 0bc562eb26cad3a5cb8da2da54db86932791f3de)
- - - - -
432f8a3b by Stefan Metzmacher at 2024-11-07T08:18:16+00:00
tests/dcerpc/raw_protocol: test invalid schannel binds
Note the ad_member will keep these as expected failures,
as it doesn't provide the netlogon service,
while the knownfail for the ADDC is only temporary.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit f7a3827010a859839a3ae7d0cdf297a15610d286)
- - - - -
1dbcb533 by Stefan Metzmacher at 2024-11-07T08:18:16+00:00
dcerpc_util: let dcerpc_pull_auth_trailer() check that auth_offset is 4 bytes aligned
That what Windows also asserts.
It also makes sure that ndr_pull_dcerpc_auth() will
start with ndr->offset = 0 and don't tries to eat
possible padding.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 890fff1ca0c4e1eb8ef26c4f88aa18aeda3afc4f)
- - - - -
8c33f14b by Stefan Metzmacher at 2024-11-07T08:18:16+00:00
dcerpc_util: let dcerpc_pull_auth_trailer() expose the reject reason
If dcerpc_pull_auth_trailer() returns NT_STATUS_RPC_PROTOCOL_ERROR
it will return the BIND reject code in auth->auth_context_id.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 7a6a1aae6fa74ab0f55c1160aedd2d79c9a44a90)
- - - - -
6309b9a7 by Stefan Metzmacher at 2024-11-07T08:18:16+00:00
dcerpc_util: let dcerpc_pull_auth_trailer() ignore data_and_pad for bind, alter, auth3
Sometimes Windows sends 3 presentation contexts (NDR32, NDR64,
BindTimeFeatureNegotiation) in the first BIND of an association.
Binding an additional connection to the association seems to
reuse the BIND buffer and just changes the num_contexts field from
3 to 2 and leaves the BindTimeFeatureNegotiation context as padding
in places.
Note, the auth_pad_length field is send as 0 in that case,
which means we need to ignore it completely, as well as any
padding before the auth header.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 85b2dcd93848a590727dac243e8eb3614be75fad)
- - - - -
b6dd6753 by Stefan Metzmacher at 2024-11-07T08:18:16+00:00
dcesrv_core: a failure from gensec_update results in NAK_REASON_INVALID_CHECKSUM
We already report that for gensec_start_mech_by_authtype() failures,
but we also need to do that for any invalid authentication.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 97545873ebc2daf9c3daee914a90687625a08225)
- - - - -
fd7bfa6a by Stefan Metzmacher at 2024-11-07T08:18:16+00:00
dcesrv_core: alter_context logon failures should result in DCERPC_FAULT_ACCESS_DENIED
We should use DCERPC_FAULT_ACCESS_DENIED as default for
gensec status results of e.g. NT_STATUS_LOGON_FAILURE or
NT_STATUS_INVALID_PARAMTER.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 31a422b7e58d7a670ebedb7c91f240a3134a9624)
- - - - -
a7742b35 by Stefan Metzmacher at 2024-11-07T08:18:16+00:00
gensec:ntlmssp: only allow messages up to 2888 bytes
This matches Windows (at least Server 2012_R2).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 55dd8bdb05b4e814beb50d11a6f12c94e5f6e9d5)
- - - - -
70889a5f by Stefan Metzmacher at 2024-11-07T08:18:16+00:00
gensec:spnego: ignore trailing bytes in SPNEGO_SERVER_START state
This matches Windows (at least Server 2012_R2).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 86808d66f30136850f857b749e768c88de3a079f)
- - - - -
bef660cf by Stefan Metzmacher at 2024-11-07T08:18:16+00:00
dcesrv_core: fix the auth3 for large ntlmssp messages
I know finding any real logic in reading the patch,
doesn't really show what's going on. I tried hard
to simplify it, but this is the only way I found
that fixed the test_auth_pad_ntlm_2889_auth3 test
without breaking other tests...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 8b8e4ff1b19ba06821d774d0e1a8b1cad7f06120)
- - - - -
1a74def3 by Stefan Metzmacher at 2024-11-07T08:18:17+00:00
dcesrv_core: better fault codes dcesrv_auth_prepare_auth3()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Thu Oct 10 15:17:46 UTC 2024 on atb-devel-224
(cherry picked from commit 9263ce5752063235836d5f77220b0151df6c9408)
- - - - -
d6185526 by Ralph Boehme at 2024-11-07T08:18:17+00:00
smbtorture: prepare test_overwrite_read_only_file() for more subtests
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15732
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit f88e52a6f487a216dbb805fabc08e862abb9b643)
- - - - -
dca5bd46 by Ralph Boehme at 2024-11-07T08:18:17+00:00
smbtorture: fix smb2.notify.mask test
The strange function custom_smb2_create() was somehow causing
NT_STATUS_DELETE_PENDING failures:
failure: mask [
(../../source4/torture/smb2/notify.c:490) Incorrect status NT_STATUS_DELETE_PENDING - should be NT_STATUS_OK
]
I couldn't figure out what was causing this exactly, but after doing these
cleanups the error went away.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15732
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 4591f27ca81dff997ef7474565fc9c373abfa4a9)
- - - - -
2c7f99a6 by Ralph Boehme at 2024-11-07T08:18:17+00:00
smbtorture: add subtests for overwrite dispositions vs sharemodes
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15732
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 849afe05ade140898b1eab9b28d46edc8357c844)
- - - - -
3572ffa6 by Ralph Boehme at 2024-11-07T08:18:17+00:00
smbd: fix share access check for overwrite dispostions
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15732
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Mon Oct 14 12:23:04 UTC 2024 on atb-devel-224
(cherry picked from commit 6140c3177a0330f42411618c3fca28930ea02a21)
- - - - -
6bcccb5c by Ralph Boehme at 2024-11-07T08:18:17+00:00
smbd: fix sharing access check for directories
This was missing from commit 6140c3177a0330f42411618c3fca28930ea02a21 and causes
all opens of directories to be handled as stat opens, bypassing the sharemode
check.
Not adding a test at this time, as my (hopefully) soon to be merged Directory
Leases branch has a test which actually detected this problem.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15732
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 20206a335a6af71b99f6441df145feea6563cf5a)
- - - - -
81f92c8a by Stefan Metzmacher at 2024-11-07T09:21:35+00:00
third_party/heimdal: Import lorikeet-heimdal-202410161454 (commit 0d61538a16b5051c820702f0711102112cd01a83)
gsskrb5: let GSS_C_DCE_STYLE imply GSS_C_MUTUAL_FLAG as acceptor
Windows clients forget GSS_C_MUTUAL_FLAG in some situations where they
use GSS_C_DCE_STYLE, in the assumption that GSS_C_MUTUAL_FLAG is
implied.
Both Windows and MIT as server already imply GSS_C_MUTUAL_FLAG
when GSS_C_DCE_STYLE is used.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15740
PR: https://github.com/heimdal/heimdal/pull/1266
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Wed Oct 16 19:05:15 UTC 2024 on atb-devel-224
(cherry picked from commit ce10b28566eb7b3e26a1e404b278d3d761ac183e)
Autobuild-User(v4-20-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-20-test): Thu Nov 7 09:21:35 UTC 2024 on atb-devel-224
- - - - -
cc3a1195 by Stefan Metzmacher at 2024-11-07T13:39:23+00:00
s3:winbindd: call process_set_title() for locator child
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15749
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Thu Oct 31 14:02:39 UTC 2024 on atb-devel-224
(cherry picked from commit e4e3f05cd7d6fdc98a24f592a099f7d24136788d)
Autobuild-User(v4-20-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-20-test): Thu Nov 7 13:39:23 UTC 2024 on atb-devel-224
- - - - -
568ebd48 by Jo Sutton at 2024-11-13T10:39:11+00:00
s4:rpc_server: Make some arrays static
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit beaeeaff501b22fdfb3928d788597398fcbbbe29)
Backported for https://bugzilla.samba.org/show_bug.cgi?id=15425
- - - - -
e463774b by Stefan Metzmacher at 2024-11-13T10:39:11+00:00
s4:torture/rpc: check that DOWNGRADE_DETECTED has no bits negotiated
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 36310650ee7a64603128139f512d3a4e039f8822)
- - - - -
f467f83f by Stefan Metzmacher at 2024-11-13T10:39:11+00:00
s4:torture/rpc: without weak crypto we should require AES
We should check that we can actually negotiated the strong AES
crypto instead of just checking that NETLOGON_NEG_ARCFOUR is not
there...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 3dcbc8eea5bc53a8332b3ad93ea4c3df99af7830)
- - - - -
e39ca0ed by Stefan Metzmacher at 2024-11-13T10:39:11+00:00
s3:rpc_server/netlogon: correctly negotiate flags in ServerAuthenticate2/3
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit b27661f832cc4c56cc582cf7041d90f178736ef7)
- - - - -
41a60326 by Stefan Metzmacher at 2024-11-13T10:39:11+00:00
s3:rpc_server/netlogon: if we require AES there's no need to remove the ARCFOUR flag
With SAMBA_WEAK_CRYPTO_DISALLOWED we will return DOWNGRADE_DETECTED with negotiate_flags = 0,
if AES was not negotiated...
And if AES was negotiated there's no harm in returning the ARCFOUR
flag...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit e5bc5ee3e04138b10c0630640469a08fad847e56)
- - - - -
92fc4f2b by Stefan Metzmacher at 2024-11-13T10:39:11+00:00
s4:rpc_server/netlogon: if we require AES there's no need to remove the ARCFOUR flag
With SAMBA_WEAK_CRYPTO_DISALLOWED dcesrv_netr_ServerAuthenticate3_check_downgrade()
will return DOWNGRADE_DETECTED with negotiate_flags = 0, if AES was not
negotiated...
And if AES was negotiated there's no harm in returning the ARCFOUR
flag...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit a0bc372dee68ad255da005d2e2078da754bbef2a)
- - - - -
e476b15d by Stefan Metzmacher at 2024-11-13T10:39:11+00:00
netlogon.idl: the capabilities in query_level=2 are the ones send by the client
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 86176598eee4c83dc63a9dac163f32c886477129)
- - - - -
1dcb72dc by Stefan Metzmacher at 2024-11-13T10:39:11+00:00
libcli/auth: remove unused netlogon_creds_client_init_session_key()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit cf0e07a3d2a085d31f7d682633af9ec57c155e57)
- - - - -
b3fd6d36 by Stefan Metzmacher at 2024-11-13T10:39:11+00:00
libcli/auth: make use of netlogon_creds_cli_store_internal() in netlogon_creds_cli_auth_srvauth_done()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 69cb9aea67de0613f467f7ce2d460364ff2be241)
- - - - -
84f4313a by Stefan Metzmacher at 2024-11-13T10:39:11+00:00
libcli/auth: don't allow any unexpected upgrades of negotiate_flags
Only remove the unsupported flags from state->current_flags for
the next try...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit a9040c8ce76cb9911c4c0c5d623cc479e49f460d)
- - - - -
28a7372c by Stefan Metzmacher at 2024-11-13T10:39:11+00:00
libcli/auth: if we require aes we don't need to require arcfour nor strong key
But we can send arcfour and strong key on the wire and don't need to
remove them from the proposed flags.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 3da40f1c6818550eb08a6d7d680c213c3f1d0649)
- - - - -
3a33457f by Stefan Metzmacher at 2024-11-13T10:39:11+00:00
libcli/auth: use a LogonControl after a LogonGetCapabilities downgrade
If LogonGetCapabilities was downgraded by an DCERPC Fault, we
rely on the schannel message ordering to detect failures.
Instead of letting any real winbindd request trigger this,
we do it directly in netlogon_creds_cli_check() with
a LogonControl that is also used for 'wbinfo --ping-dc'.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 276137e950696fbf36450dceebd6c0250c6242d0)
- - - - -
560aa3e3 by Stefan Metzmacher at 2024-11-13T10:39:11+00:00
libcli/auth: use netr_LogonGetCapabilities query_level=2 to verify the proposed capabilities
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 25a2105ca7816c47a9c4a7fded88a922e4ccf88b)
- - - - -
20661a24 by Stefan Metzmacher at 2024-11-13T10:39:11+00:00
s4:librpc/rpc: do LogonControl after LogonGetCapabilities downgrade
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 24de5d1cbd25fabae6b01565907b53f5e51ea06d)
- - - - -
a73571c0 by Stefan Metzmacher at 2024-11-13T10:39:11+00:00
s4:librpc/rpc: don't allow any unexpected upgrades of negotiate_flags
Only remove the unsupported flags from local_negotiate_flags for
the next try...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 69b0cbd13d06fa640a900acab6757425b5b77cac)
- - - - -
620065e1 by Stefan Metzmacher at 2024-11-13T10:39:11+00:00
s4:librpc/rpc: define required schannel flags and enforce them
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 25294685b1c2c8652f0ca0220e8f3729e0b347e2)
- - - - -
d0b24693 by Stefan Metzmacher at 2024-11-13T10:39:11+00:00
s4:librpc/rpc: use netr_LogonGetCapabilities query_level=2 to verify the proposed capabilities
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 0b6ac4b082ddec5dae1392537727f3a7123ec279)
- - - - -
adcd2436 by Stefan Metzmacher at 2024-11-13T10:39:11+00:00
s4:torture/rpc/netlogon: adjust test_netlogon_capabilities query_level=2 to request_flags
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit d174b6595a962230bf71cc5c2f512a2c93a4cc1b)
- - - - -
8d4d6fc8 by Stefan Metzmacher at 2024-11-13T10:39:11+00:00
s3:cli_netlogon: let rpccli_connect_netlogon() use force_reauth = true on retry
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 7f478656dcf08619bc3a7ad390c7db3bfdef924e)
- - - - -
a3b8c49a by Stefan Metzmacher at 2024-11-13T10:39:11+00:00
s4:dsdb/common: samdb_confirm_rodc_allowed_to_repl_to() only needs a const sid
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit c9eaf5e22de730f1e7575f6697f32dbb377eae06)
- - - - -
ca97536d by Stefan Metzmacher at 2024-11-13T10:39:11+00:00
s3:rpc_server/netlogon: add client_sid helper variables
This will make the following changes simpler...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit eda3728a4079c5399f693b1d68e64e5660647c72)
- - - - -
dcb07d45 by Stefan Metzmacher at 2024-11-13T10:39:11+00:00
s4:rpc_server/netlogon: add client_sid helper variables
This will make the following changes simpler...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 2e8949495f601d3fd117cceccd1b464a6ae43251)
- - - - -
87848266 by Stefan Metzmacher at 2024-11-13T10:39:11+00:00
libcli/auth: pass client_sid to netlogon_creds_server_init()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit c2ef866fca296c8f3eb1620fdd2bb9bf289d96fc)
- - - - -
02bc3545 by Stefan Metzmacher at 2024-11-13T10:39:11+00:00
libcli/auth: split out netlogon_creds_CredentialState_extra_info
As server we are free to change the netlogon_creds_CredentialState
database record format at will as it uses CLEAR_IF_FIRST.
For now that format doesn't really changes, because we
only move dom_sid into a wrapper structure.
In order to avoid changing all callers in this commit,
we maintain creds->sid as in memory pointer.
In the following patches we'll also use it in order
to store client related information...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 518f57b93bdb84900d3b58cd94bdf1046f82a5a6)
- - - - -
9ff331f9 by Stefan Metzmacher at 2024-11-13T10:39:11+00:00
librpc/rpc: make use of creds->ex->client_sid in dcesrv_netr_check_schannel_get_state()
creds->sid will be removed soon.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 453587fbc1ef74a3b997235e84040553261fa13e)
- - - - -
6d117ea4 by Stefan Metzmacher at 2024-11-13T10:39:11+00:00
s3:rpc_server/netlogon: make use of creds->ex->client_sid
creds->sid will be removed soon...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 88a84d9330d2bb03176f888a0d8e5066e1e21bf6)
- - - - -
0b85452d by Stefan Metzmacher at 2024-11-13T10:39:11+00:00
s4:rpc_server/netlogon: make use of creds->ex->client_sid
creds->sid will be removed soon...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 4533afc9e12c4dbbc7d11c13e775888c113d497c)
- - - - -
71c0e187 by Stefan Metzmacher at 2024-11-13T10:39:12+00:00
libcli/auth: remove unused creds->sid
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit a9308c490cb5ec8908a3e4c13e2ce8a08b9027e9)
- - - - -
5c74014a by Stefan Metzmacher at 2024-11-13T10:39:12+00:00
libcli/auth: remember client_requested_flags and auth_time in netlogon_creds_server_init()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit dfbc5e5a19420311eac3db5ede1c665a9198395d)
- - - - -
1acd1687 by Stefan Metzmacher at 2024-11-13T10:39:12+00:00
s3:rpc_server/netlogon: implement netr_LogonGetCapabilities query_level=2
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 484a046d8e179a3b21ead8b5bc3660095314e816)
- - - - -
fa49a8ad by Stefan Metzmacher at 2024-11-13T10:39:12+00:00
s4:rpc_server/netlogon: implement netr_LogonGetCapabilities query_level=2
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit fd4b027511b18615e215b66183f95b54bcab683e)
- - - - -
4aa40fd5 by Stefan Metzmacher at 2024-11-13T10:39:12+00:00
s4:torture/rpc: let test_netlogon_capabilities() fail on legacy servers
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 498fc88c155b57a0de6150c3b1e3cfcac181d45b)
- - - - -
1debb3d3 by Stefan Metzmacher at 2024-11-13T10:39:12+00:00
libcli/auth: also use netlogon_creds_CredentialState_extra_info for the client
In order to allow backports and cluster updates we simulate a
dom_sid, so that the old code is able to parse the blob.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 8b972fea0978101575f847eac33b09d2fd8d02e7)
- - - - -
bc8dcaa1 by Stefan Metzmacher at 2024-11-13T10:39:12+00:00
libcli/auth: let netlogon_creds_cli_store_internal() use talloc_stackframe()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 17394ed7bbf8fa50570a5732f1ce84ccd5e69393)
- - - - -
4419fc6c by Stefan Metzmacher at 2024-11-13T10:39:12+00:00
libcli/auth: let netlogon_creds_cli_store_internal check netlogon_creds_CredentialState_legacy
Before storing the structure into a ctdb managed volatile database
we check against netlogon_creds_CredentialState_legacy (the structure
used before recent changes). This makes sure unpatched cluster nodes
would not get a parsing error.
We'll remove this again in master when we try to implement
netr_ServerAuthenticateKerberos() and the related changes
to netlogon_creds_CredentialState, which will break the compat...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 3792fe372884aad6ea2893f2e62629dd1cddc129)
- - - - -
c3b5697d by Stefan Metzmacher at 2024-11-13T10:39:12+00:00
libcli/auth: split out netlogon_creds_alloc()
Review with: git show --patience
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit e9767315cf06bcb257b40014441dd4cd9aad0fb0)
- - - - -
6bd5d4d2 by Stefan Metzmacher at 2024-11-13T10:39:12+00:00
s4:dsdb/common: dsdb_trust_get_incoming_passwords only needs a const ldb_message
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit f92def2f943917d8946b03f71fcf676998701815)
- - - - -
6a50b1ae by Stefan Metzmacher at 2024-11-13T10:39:12+00:00
s4:rpc_server/netlogon: split out dcesrv_netr_ServerAuthenticateGeneric()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit e4132c492ded7cadc60371b524e72e41f71f75e9)
- - - - -
447a9c78 by Stefan Metzmacher at 2024-11-13T10:39:12+00:00
dcesrv_core: add DCESRV_NOT_USED_ON_WIRE() helper macro
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 01577b93cbb0a26aba3209cde69475be2e1c5fb8)
- - - - -
86ebe5e4 by Stefan Metzmacher at 2024-11-13T10:39:12+00:00
s3:rpc_server: add DCESRV_COMPAT_NOT_USED_ON_WIRE() helper macro
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 62afadb3ebac49a684fb0e5a1beb6d7db6f5e515)
- - - - -
1637e23c by Stefan Metzmacher at 2024-11-13T10:39:12+00:00
netlogon.idl: add netr_ServerAuthenticateKerberos() and related stuff
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit de8de55a5fee573d0718fa8dd13168a4f0a14614)
- - - - -
91154188 by Stefan Metzmacher at 2024-11-13T10:39:12+00:00
libcli/auth: pass auth_{type,level} to netlogon_creds_{de,en}crypt_samlogon_validation()
This will be needed when we implement netr_ServerAuthenticateKerberos...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit a56356e399339d5bce2e699431cd3e6186229170)
- - - - -
838e5257 by Stefan Metzmacher at 2024-11-13T10:39:12+00:00
libcli/auth: pass auth_{type,level} to netlogon_creds_{de,en}crypt_samlogon_logon()
This will be needed when we implement netr_ServerAuthenticateKerberos...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 3d4ea276bdf44202250246cd6edae2bc17e92c74)
- - - - -
1aa11e2a by Stefan Metzmacher at 2024-11-13T10:39:12+00:00
libcli/auth: add netlogon_creds_{de,en}crypt_samr_Password()
These will simplify adding the logic for netr_ServerAuthenticateKerberos...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 851a9b18eccece64c3ae0cedd7c7b26a44f0eec6)
- - - - -
536080d0 by Stefan Metzmacher at 2024-11-13T10:39:12+00:00
libcli/auth: add netlogon_creds_{de,en}crypt_samr_CryptPassword()
These will simplify adding the logic for netr_ServerAuthenticateKerberos...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 8eb95a155de396981375c7f11221695fd3c7f9d5)
- - - - -
a616dcc8 by Stefan Metzmacher at 2024-11-13T10:39:12+00:00
libcli/auth: add netlogon_creds_{de,en}crypt_SendToSam()
These will simplify adding the logic for netr_ServerAuthenticateKerberos...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit b8681c165731666bb5eed073ab862490c33ea095)
- - - - -
7f1db18b by Stefan Metzmacher at 2024-11-13T10:39:12+00:00
pycredentials: make use of netlogon_creds_encrypt_samr_CryptPassword in py_creds_encrypt_netr_crypt_password
These will simplify adding the logic for netr_ServerAuthenticateKerberos...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit ea792fa342deebefa75b77832c9057924cdcb6f6)
- - - - -
254440c7 by Stefan Metzmacher at 2024-11-13T10:39:12+00:00
pycredentials: add py_creds_encrypt_netr_PasswordInfo helper
This will replace py_creds_encrypt_samr_password in the next steps
and prepares the introduction of netr_ServerAuthenticateKerberos().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit fac378485f5f15ac0a11c3d82207c4bc780bfb80)
- - - - -
10da7c80 by Stefan Metzmacher at 2024-11-13T10:39:12+00:00
python/tests: use encrypt_netr_PasswordInfo in KDCBaseTest._test_samlogon()
This will make it easier to implement netr_ServerAuthenticateKerberos()
later...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit e7d57fc6e992ca212b834d5dd4d381244bca55c6)
- - - - -
a03fb784 by Stefan Metzmacher at 2024-11-13T10:39:12+00:00
libcli/auth: make netlogon_creds_des_{de,en}crypt_LMKey() static
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 1edcd5df80bdbc4d4da5bdd5e534d7a17ec61f77)
- - - - -
b85a1d52 by Stefan Metzmacher at 2024-11-13T10:39:12+00:00
libcli/auth: make use of netlogon_creds_encrypt_samr_CryptPassword
This will help when implementing netr_ServerAuthenticateKerberos()...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 285ec9ecde712e40e6f0981bcb379ee911bfe9d8)
- - - - -
8f035b80 by Stefan Metzmacher at 2024-11-13T10:39:12+00:00
libcli/auth: make use of netlogon_creds_encrypt_SendToSam
This will help when implementing netr_ServerAuthenticateKerberos()...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 2bd77ff7314932dc4116773731a810fe0f7ce4b7)
- - - - -
856aaaf8 by Stefan Metzmacher at 2024-11-13T10:39:12+00:00
libcli/auth: make use of netlogon_creds_{de,en}crypt_samr_Password
This will make it easier to implement netr_ServerAuthenticateKerberos() later...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit e92d0509d6b4d7f86e8626ba8c5efc5b786823f1)
- - - - -
c9c23c1a by Stefan Metzmacher at 2024-11-13T10:39:12+00:00
s4:torture/rpc: make use of netlogon_creds_encrypt_samlogon_logon()
This will make it easier to catch all places where we need to
implement the logic for netr_ServerAuthenticateKerberos...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 1666d1d74dec3978837ab49f8749d59c0abcf595)
- - - - -
78ff2be8 by Stefan Metzmacher at 2024-11-13T10:39:12+00:00
s4:torture/rpc: make use of netlogon_creds_decrypt_samlogon_validation()
This will make it easier to implement netr_ServerAuthenticateKerberos() later...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit a177d15c875030dfc6c11ead3ec3a3ec851261cb)
- - - - -
3768134c by Stefan Metzmacher at 2024-11-13T10:39:12+00:00
s4:torture/rpc: make use of netlogon_creds_encrypt_samr_CryptPassword()
This will make it easier to implement netr_ServerAuthenticateKerberos() later...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 2d7a47a175337729f4c671d7a6223f6e0ea23ebe)
- - - - -
5792c2ce by Stefan Metzmacher at 2024-11-13T10:39:12+00:00
s4:torture/rpc: make use of netlogon_creds_{de,en}crypt_samr_Password
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 172ce406d48916c57f0742b6a0e064ac170ec8ff)
- - - - -
27ae047b by Stefan Metzmacher at 2024-11-13T10:39:12+00:00
s3:rpc_server/netlogon: make use of netlogon_creds_{de,en}crypt_samr_Password
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 550d20fd3dd04397b3a38f8b9e0cfa574453eea1)
- - - - -
cb5ed3bf by Stefan Metzmacher at 2024-11-13T10:39:12+00:00
s3:rpc_server/netlogon: make use of netlogon_creds_decrypt_samr_CryptPassword()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit a359b4139c8043ee3c3277b7559cb6d4f58f4044)
- - - - -
3aefe6a5 by Stefan Metzmacher at 2024-11-13T10:39:12+00:00
s4:rpc_server/netlogon: make use of netlogon_creds_{de,en}crypt_samr_Password()
This will make it easier to implement netr_ServerAuthenticateKerberos() later...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 7a7cb0d0426a891185f5acf825573d98360e98e1)
- - - - -
dc7ab826 by Stefan Metzmacher at 2024-11-13T10:39:12+00:00
s4:rpc_server/netlogon: make use of netlogon_creds_decrypt_samr_CryptPassword
This will make it easier to implement netr_ServerAuthenticateKerberos() later...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit f1c1b8661a9121e1ff02784955c98d9f33bca8bd)
- - - - -
6b32dcf6 by Stefan Metzmacher at 2024-11-13T10:39:12+00:00
s4:rpc_server/netlogon: make use of netlogon_creds_decrypt_SendToSam
This will make it easier to implement netr_ServerAuthenticateKerberos() later...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 834197dafef0f3779ba69c8e350cbd7bb9333284)
- - - - -
270499b1 by Stefan Metzmacher at 2024-11-13T10:39:12+00:00
libcli/auth: return INVALID_PARAMETER for DES in netlogon_creds_{de,en}crypt_samlogon_logon
For the NetlogonGenericInformation case we want an error instead of no
encryption if only DES was negotiated...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 131f5c0b251e456c466eaca744525504e1d69492)
- - - - -
200fc14f by Stefan Metzmacher at 2024-11-13T10:39:12+00:00
libcli/auth: pass auth_{type,level} to schannel_check_creds_state()
This will make it easier to implement netr_ServerAuthenticateKerberos() later...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 7b02fb50143ba5044605ec67ed41180391835dcb)
- - - - -
0c61920c by Stefan Metzmacher at 2024-11-13T10:39:12+00:00
libcli/auth: pass auth_{type,level} to netlogon_creds_server_step_check()
This will make it easier to implement netr_ServerAuthenticateKerberos() later...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 2956c7eb3c9fc2161fd2748e5aac1fc94478e8c7)
- - - - -
1de6cffa by Stefan Metzmacher at 2024-11-13T10:39:12+00:00
libcli/auth: split out netlogon_creds_client_verify() that takes auth_{type,level}
This will make it easier to implement netr_ServerAuthenticateKerberos()
later...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 45faf6c35a033ec46a546dfb9d5d6aeb2fb2b83c)
- - - - -
77a02d6e by Stefan Metzmacher at 2024-11-13T10:39:12+00:00
libcli/auth: make use of netlogon_creds_client_verify()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 1a5984ac6312b204b51590057b8327cf4698383b)
- - - - -
75e62cc1 by Stefan Metzmacher at 2024-11-13T10:39:12+00:00
s4:librpc/rpc: make use of netlogon_creds_client_verify()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 132629ee3a9b73d0888d1110e4d0a45ded778e5a)
- - - - -
21e93556 by Stefan Metzmacher at 2024-11-13T10:39:12+00:00
libcli/auth: let netlogon_creds_copy() copy all scalar elements
This version is good for now, as we want it to be backportable.
For master we'll add a ndr_deepcopy_struct() helper in order
to avoid future problems.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 8edbdd65ef78e3f26357d0254b58db3120a32880)
- - - - -
aa4add00 by Stefan Metzmacher at 2024-11-13T10:39:12+00:00
libcli/auth: split out netlogon_creds_cli_check_transport()
This will make it easier to implement netr_ServerAuthenticateKerberos()
later...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 7a5ad9f64a905f5744430c6e0796c646baf9432e)
- - - - -
7b4629ef by Stefan Metzmacher at 2024-11-13T11:36:37+00:00
libcli/auth: make use of netlogon_creds_cli_check_transport() in more places
This was somehow missing in commit
7a5ad9f64a905f5744430c6e0796c646baf9432e
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Thu Nov 7 09:14:33 UTC 2024 on atb-devel-224
(cherry picked from commit f340dce6546a22d857cad440f8afaee9815dbdb1)
Autobuild-User(v4-20-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-20-test): Wed Nov 13 11:36:37 UTC 2024 on atb-devel-224
- - - - -
42bfbb01 by Jule Anger at 2024-11-19T15:33:52+01:00
BUG 15590 ldb: Release LDB 2.9.2
* BUG 15590: libldb: performance issue with indexes.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
609ab9a7 by Jule Anger at 2024-11-19T15:37:59+01:00
WHATSNEW: Add release notes for Samba 4.20.6.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
3de52875 by Jule Anger at 2024-11-19T15:39:35+01:00
VERSION: Disable GIT_SNAPSHOT for the 4.20.6 release.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
cf7f97a0 by Michael Tokarev at 2024-11-20T00:30:32+03:00
New upstream version 4.20.6+dfsg
- - - - -
29 changed files:
- VERSION
- WHATSNEW.txt
- auth/credentials/pycredentials.c
- auth/gensec/spnego.c
- auth/ntlmssp/ntlmssp.c
- auth/ntlmssp/ntlmssp_client.c
- auth/ntlmssp/ntlmssp_server.c
- + docs-xml/manpages/vfs_ceph_new.8.xml
- docs-xml/wscript_build
- + lib/ldb/ABI/ldb-2.9.2.sigs
- + lib/ldb/ABI/pyldb-util-2.9.2.sigs
- lib/ldb/ldb_key_value/ldb_kv_index.c
- lib/ldb/wscript
- lib/param/loadparm.c
- libcli/auth/credentials.c
- libcli/auth/libcli_auth.h
- libcli/auth/netlogon_creds_cli.c
- libcli/auth/proto.h
- libcli/auth/schannel_state.h
- libcli/auth/schannel_state_tdb.c
- librpc/idl/netlogon.idl
- librpc/idl/schannel.idl
- librpc/idl/wscript_build
- librpc/rpc/dcerpc_util.c
- librpc/rpc/dcesrv_auth.c
- librpc/rpc/dcesrv_core.c
- librpc/rpc/dcesrv_core.h
- librpc/rpc/server/netlogon/schannel_util.c
- python/samba/netcmd/domain/auth/policy.py
The diff was not included because it is too large.
View it on GitLab: https://salsa.debian.org/samba-team/samba/-/compare/5eb4ab08d30973570e5d21a5ce8fd34657b7fab6...cf7f97a01c4c349d1d442aa61ec42acc360707a4
--
View it on GitLab: https://salsa.debian.org/samba-team/samba/-/compare/5eb4ab08d30973570e5d21a5ce8fd34657b7fab6...cf7f97a01c4c349d1d442aa61ec42acc360707a4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-samba-maint/attachments/20241120/15384978/attachment-0001.htm>
More information about the Pkg-samba-maint
mailing list