[Pkg-samba-maint] [Git][samba-team/samba][master] 1972 commits: VERSION: Bump version up to 4.21.0pre1...
Michael Tokarev (@mjt)
gitlab at salsa.debian.org
Mon Sep 2 15:54:31 BST 2024
Michael Tokarev pushed to branch master at Debian Samba Team / samba
Commits:
6eeaa0bc by Jule Anger at 2024-01-29T14:39:32+00:00
VERSION: Bump version up to 4.21.0pre1...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Jule Anger <janger at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
- - - - -
c0dc0fd3 by Jule Anger at 2024-01-29T14:39:32+00:00
WHATSNEW: Start release notes for Samba 4.21.0pre1.
Signed-off-by: Jule Anger <janger at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
- - - - -
52a68c37 by Jule Anger at 2024-01-29T15:43:45+00:00
ldb: change the version to 2.10.0 for Samba 4.21
Signed-off-by: Jule Anger <janger at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Jule Anger <janger at samba.org>
Autobuild-Date(master): Mon Jan 29 15:43:45 UTC 2024 on atb-devel-224
- - - - -
14519407 by Andreas Schneider at 2024-01-30T07:18:05+00:00
python:gp: Fix logging with gp
This allows enable INFO level logging with: `samba-gpupdate -d3`
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15558
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Tue Jan 30 07:18:05 UTC 2024 on atb-devel-224
- - - - -
a48f8ae3 by Anoop C S at 2024-01-30T14:38:58+00:00
docs-xml: Build and install man page for wspsearch
Commit 49b6137f7c2244aeb3cf9b65fc9d46fcf0b8dc55 switched the default
to install `wspsearch` client from False to True but missed to build
and install the corresponding man page. Therefore adding wspsearch.1
to the list of man pages to be built and installed by default.
Signed-off-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Anoop C S <anoopcs at samba.org>
Autobuild-Date(master): Tue Jan 30 14:38:58 UTC 2024 on atb-devel-224
- - - - -
d097c389 by Noel Power at 2024-01-30T16:21:35+00:00
librpc/wsp: Unknown property used in 'current directory' searches
This property seems to be used instead of 'Scope' when the windows
search UI has selected current dir
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3d063f21 by Noel Power at 2024-01-30T16:21:35+00:00
librpc/idl: fix typo in wsp_csort member
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
718c4112 by Noel Power at 2024-01-30T16:21:35+00:00
librpc/idl: remove duplicate definitition
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a61eb703 by Noel Power at 2024-01-30T16:21:35+00:00
s3/rpc_client: change type of offset to uint64_t
Offset can be a 32 or 64 bit address depending on the indexing addressing
mode negotiated by the client
With a 32 bit param we can only specify a 32 bit base address. This change
alone doesn't affect anything as it is the client itself that choses and
passes the base address offset and wspsearch is the only current user of
this code.
In this case even with 64bit addressing negotiated the address passed
represents only the lower 32-bits part of the address.
However, for coverage purposes it would be better for the client to use an
address that covers the full 64bit range of the address (when 64 bit
addressing is negotiated).
This change will alow the wspsearch client in a future commit to pass a
base address value with both the hi and low 32 bits values set to make up
the full 64 bit address.
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
efa60ff3 by Noel Power at 2024-01-30T16:21:35+00:00
s3/rpc_client: Remove stray unnecessary comment
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6ecb614b by Noel Power at 2024-01-30T16:21:35+00:00
s3/utils: use full 64 bit address for getrows (with 64bit offsets)
if 64bit offsets are used the hi 32-bits of address are stored in
the ulreserved2 member of the message header field and the low 32-bits
are stored in the ulclientbase member of the cpmgetrows message
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9b2f2302 by Noel Power at 2024-01-30T17:22:37+00:00
s3/rpc_client: cleanup unmarshalling of variant types from row columns
Prior to this change fn 'extract_variant_addresses' actually returns offsets
to the variant stored not the addresses, additionally the param in the
signature of the method is named offset where the param in reality is a
base address.
This change makes fn 'extract_variant_addresses' actually return addresses
instead of offsets and also changes the name of the incoming param. The
resulting changes are propaged to callers which hopefully makes what the
code is actually doing a little clearer
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Noel Power <npower at samba.org>
Autobuild-Date(master): Tue Jan 30 17:22:37 UTC 2024 on atb-devel-224
- - - - -
ecc84aa4 by Rob van der Linde at 2024-02-08T02:48:44+00:00
python: do not make use of typing.Final for python 3.6
Python 3.6 does not have typing.Final yet
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15575
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d6fe66dd by Jo Sutton at 2024-02-08T02:48:44+00:00
python: Remove ‘typing.Final’
This is only present in Python 3.8 and above.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15575
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
05f90fe1 by Rob van der Linde at 2024-02-08T02:48:44+00:00
netcmd: models: fix docstring was missing param
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d046f718 by Rob van der Linde at 2024-02-08T02:48:44+00:00
netcmd: models: enums and constants also brought forward
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c2b63fe8 by Rob van der Linde at 2024-02-08T02:48:44+00:00
netcmd: models: change import style to use brackets
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3c8d449a by Rob van der Linde at 2024-02-08T02:48:44+00:00
netcmd: models: check for None in build_expression instead
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4595a1da by Rob van der Linde at 2024-02-08T02:48:44+00:00
netcmd: models: EnumField now also supports IntFlag
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
884b24dc by Rob van der Linde at 2024-02-08T02:48:44+00:00
netcmd: models: add AccountType IntFlag field
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d8251cc0 by Rob van der Linde at 2024-02-08T02:48:44+00:00
netcmd: models: add AccountType enum to User model
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e11aa29e by Rob van der Linde at 2024-02-08T02:48:44+00:00
netcmd: models: move expression code to Field class
This is necessary to deal with edge cases for specific fields.
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9bd7a563 by Rob van der Linde at 2024-02-08T02:48:44+00:00
netcmd: models: fix BooleanField filtering didn't work on FALSE value
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
cbcc8039 by Rob van der Linde at 2024-02-08T02:48:44+00:00
netcmd: models: fix build_expression did not work with EnumField
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
21667b9b by Rob van der Linde at 2024-02-08T02:48:44+00:00
netcmd: models: fix build_expression on SIDField handles security.dom_sid
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
10ef49b0 by Rob van der Linde at 2024-02-08T02:48:44+00:00
netcmd: models: move enum import to correct place
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4c08b420 by Rob van der Linde at 2024-02-08T02:48:44+00:00
netcmd: models: model field DateTimeField returns datetime in UTC
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
37855511 by Rob van der Linde at 2024-02-08T02:48:44+00:00
netcmd: models: add new NtTimeField model field
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
dcb3dd59 by Rob van der Linde at 2024-02-08T02:48:44+00:00
netcmd: models: tests: add tests for NtTimeField
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a3641b32 by Rob van der Linde at 2024-02-08T02:48:44+00:00
netcmd: models: mark some hidden fields on the base Model as readonly
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d5371f6b by Douglas Bagnall at 2024-02-08T02:48:44+00:00
perftest:ndr_pack: rename SD tests with object ACEs
We are looking at an optimisation for non-object ACEs, which
are more common, but these tests are overwhelmed by object
(OA) ACEs.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
- - - - -
e8026117 by Douglas Bagnall at 2024-02-08T02:48:44+00:00
perftest: ndr_pack_performance gets more SD types
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
- - - - -
d25fe244 by Douglas Bagnall at 2024-02-08T02:48:44+00:00
perftest:ndr_pack: slightly reduce python overhead
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
- - - - -
ceb53892 by Douglas Bagnall at 2024-02-08T02:48:44+00:00
perftest:ndr_pack_performance: remove irrelevant imports, options
This includes removing the ANCIENT_SAMBA switch for pre-4.3, as
nobody cares anymore and many tests would not run correctly anyway.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
- - - - -
2f685450 by Douglas Bagnall at 2024-02-08T02:48:44+00:00
perftest:ndr_pack: use a valid dummy SID
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
- - - - -
93e6ea4c by Douglas Bagnall at 2024-02-08T02:48:44+00:00
perftest:ndr_pack: spin in do_nothing for a while
The idea was to get a less jittery idea of the underlying noise, but
ut is still almost instant. This I suppose is useful in indicating
that this much of the test has very little overhead.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
- - - - -
5fa66376 by Douglas Bagnall at 2024-02-08T02:48:44+00:00
perftest: ndr_pack runs in none environment
This is worth changing, because having a server running in the
background can only add noise to the results.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
- - - - -
98117627 by Douglas Bagnall at 2024-02-08T02:48:44+00:00
pidl: calculate subcontext_size only once per pull
For security_ace_coda in security.idl, the sub-context size is
involves a slightly non-trivial function call which returns a constant
value.
In all other cases, a constant expression is used, and this makes
no difference.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
- - - - -
1e6a876c by Douglas Bagnall at 2024-02-08T02:48:44+00:00
ndr: shift ndr_pull_security_ace to manual code
This was manual until commit c73034cf7c4392f5d3505319948bc84634c20fa5
(a few months ago).
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
- - - - -
ac0c8ee0 by Douglas Bagnall at 2024-02-08T02:48:44+00:00
ndr: short-circuit ace coda if no bytes left
The overwhelmingly common case is that there are no bytes left, and
regardless of the ACE type we want to store an empty blob.
We know the blob will be empty if there are no bytes, so we don't need
to allocate a sub-ndr and tokens list and so forth.
This can save almost half the time of a security descriptor pull.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
- - - - -
dc08e792 by Douglas Bagnall at 2024-02-08T02:48:44+00:00
ndr: make security_ace push manual
This will allow some optimisations; in this commit we just copy the
code.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
- - - - -
ee1b8ae0 by Douglas Bagnall at 2024-02-08T02:48:44+00:00
ndr: ACE push avoids no-op coda pushes
We don't expect an ordinary ACE to have a non-empty coda, and we don't
really want to push it if it does, but for this patch we still will.
This will not change the data on the wire.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
- - - - -
c2673b02 by Douglas Bagnall at 2024-02-08T02:48:44+00:00
ndr: skip talloc when pulling empty DATA_BLOB
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
- - - - -
4face258 by Douglas Bagnall at 2024-02-08T02:48:44+00:00
ndr: mark invalid pull ndr_flags as unlikely
This might have little effect, but sometimes we see primatives like
ndr_pull_uint32() taking a few percent of the CPU time, and this is in
all those functions.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
- - - - -
2a60ec98 by Douglas Bagnall at 2024-02-08T02:48:44+00:00
ndr: do not push ACE->coda.ignored blob
>From 1e80221b2340de5ef5e2a17f10511bbc2c041163 (2008) until
c73034cf7c4392f5d3505319948bc84634c20fa5 (conditional ACEs, etc, 2023)
we had a manual ndr_pull_security_ace() that would discard trailing
bytes, which are those bytes that we now call the coda. The ACE types
that we handled then are those that end up with a coda.ignored data
blob.
With this we effectively restore the long-standing behaviour in the
event that we push and pull an ACE -- though now we discard the
ignored bytes on push rather than pull.
This change is not because the trailing bytes caused any problems (as
far as is known), but because it is much faster to not do the push.
It may be that such ACEs no longer occur.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
- - - - -
fce4d51e by Douglas Bagnall at 2024-02-08T02:48:44+00:00
ndr: avoid object ACE pull overhead for non-object ACE
When an ACE is not an object ACE, which is common, setting the switch
value and attempting the object ACE GUID pull is just going to do
nothing, and we know that ahead of time. By noticing that we can save
a bit of time on a common operation.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
- - - - -
ecb5da3e by Douglas Bagnall at 2024-02-08T02:48:44+00:00
ndr: avoid object ACE push overhead for non-object ACE
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
- - - - -
a72c1989 by Douglas Bagnall at 2024-02-08T02:48:44+00:00
ndr: ndr_push_security_ace: calculate coda size once
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
- - - - -
0c1f421c by Douglas Bagnall at 2024-02-08T02:48:44+00:00
ndr: ignore trailing bytes in ndr_pull_security_ace()
This returns the behaviour with ordinary ACEs to where it was with 4.19.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
- - - - -
160727ac by Jo Sutton at 2024-02-08T02:48:44+00:00
ldb: Fix code spelling
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0b287f2e by Jo Sutton at 2024-02-08T02:48:44+00:00
lib:util: Remove trailing whitespace
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
437e3dd1 by Jo Sutton at 2024-02-08T02:48:44+00:00
libcli/security: Make ‘replace_sid’ parameter const
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
19870248 by Jo Sutton at 2024-02-08T02:48:44+00:00
librpc:idl: Remove trailing whitespace
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
14da75c4 by Jo Sutton at 2024-02-08T02:48:44+00:00
librpc:idl: Fix code spelling
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
def0cd0f by Jo Sutton at 2024-02-08T02:48:44+00:00
s3:smbd: Fix code spelling
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e8497f13 by Jo Sutton at 2024-02-08T02:48:44+00:00
s4:dsdb: Remove duplicate userAccountControl array entry
This entry is identical to the third array entry.
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
76b9c9a8 by Jo Sutton at 2024-02-08T02:48:44+00:00
s4:libcli: Remove unnecessary uses of discard_const_p()
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
75d9f533 by Jo Sutton at 2024-02-08T02:48:44+00:00
s4:auth: Fix code spelling
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3b54546d by Jo Sutton at 2024-02-08T02:48:44+00:00
s4:dsdb: Remove trailing whitespace
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2113f1c3 by Jo Sutton at 2024-02-08T02:48:44+00:00
s4:dsdb: Fix code spelling
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8c9344ea by Jo Sutton at 2024-02-08T02:48:44+00:00
s4:dsdb: Correct NDR push error message
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
71459939 by Jo Sutton at 2024-02-08T02:48:45+00:00
s4:dsdb: Remove trailing whitespace
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3a7f4da6 by Jo Sutton at 2024-02-08T02:48:45+00:00
s4:dsdb: Correct reference to source file
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3c01d9a6 by Jo Sutton at 2024-02-08T02:48:45+00:00
s4:dsdb: Mark hash returned by samdb_result_hash() as secret
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
cf978d3e by Jo Sutton at 2024-02-08T02:48:45+00:00
s4:dsdb: Avoid buffer overflow in samdb_result_hashes()
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b415d736 by Jo Sutton at 2024-02-08T02:48:45+00:00
s4:dsdb: Fix code formatting
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0e17b9cb by Jo Sutton at 2024-02-08T03:51:51+00:00
selftest: Fix code spelling
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu Feb 8 03:51:51 UTC 2024 on atb-devel-224
- - - - -
ff8f778e by Stefan Metzmacher at 2024-02-13T20:02:31+00:00
ctdb/events: use 'service "$CTDB_SERVICE_NMB" status' in 48.netbios.script
We can easily monitor if the service is running at all,
that better than no monitoring at all...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15577
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
f1f68108 by Stefan Metzmacher at 2024-02-13T20:02:31+00:00
ctdb/events: add 47.samba-dcerpcd.script
If someone wants to enable the witness service
samba-dcerpcd needs to be started as standalone service
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15577
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
7a23429e by Stefan Metzmacher at 2024-02-13T20:02:31+00:00
s3:utils: fix help string for 'net witness force-response'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15577
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
1d0938d6 by Stefan Metzmacher at 2024-02-13T20:02:31+00:00
docs-xml: add details for 'net witness'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15577
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
d8bfdaaa by Stefan Metzmacher at 2024-02-13T20:02:31+00:00
smb2_tcon: only announce SMB2_SHARE_CAP_CLUSTER if rpcd_witness can run
rpcd_witness needs ncacn_ip_tcp support and that's only
available if samba-dcerpcd is not started on demand.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15577
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
32b84c5b by Stefan Metzmacher at 2024-02-13T20:02:31+00:00
smb2_tcon: only announce SMB3 related share capabilities if SMB3 is used
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15577
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
7a674ee9 by Stefan Metzmacher at 2024-02-13T21:06:24+00:00
docs-xml: document "smb3 share cap:{CONTINUOUS AVAILABILITY,SCALE OUT,CLUSTER,ASYMMETRIC}"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15577
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
Autobuild-User(master): Günther Deschner <gd at samba.org>
Autobuild-Date(master): Tue Feb 13 21:06:24 UTC 2024 on atb-devel-224
- - - - -
2a95f83c by Rob van der Linde at 2024-02-16T02:41:36+00:00
libds: remove unreachable break statements after return
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
de8b61cb by Rob van der Linde at 2024-02-16T02:41:36+00:00
netcmd: support hyphens in top-level commands and convert to underscore
Hyphens in python modules are invalid and makes them only importable by importlib, which makes them harder to import in tests.
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
ea63b058 by Rob van der Linde at 2024-02-16T02:41:36+00:00
netcmd: json encoder supports security descriptor objects
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
68092f85 by Rob van der Linde at 2024-02-16T02:41:36+00:00
netcmd: bugfix: json encoder failed to call super method
This lead to a strange recursion error when a field came up that the JSONEncoder couldn't encode.
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
1608dde9 by Rob van der Linde at 2024-02-16T02:41:36+00:00
netcmd: delegation: pep8 fix blank lines
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
ec6fb98b by Rob van der Linde at 2024-02-16T02:41:36+00:00
netcmd: delegation: move line down where it gets used
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
6d7ad278 by Rob van der Linde at 2024-02-16T02:41:36+00:00
netcmd: delegation: initial value not required because of raise below
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
9ca05ec2 by Rob van der Linde at 2024-02-16T02:41:36+00:00
netcmd: delegation: don't use assert but raise CommandError
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
63064d4c by Rob van der Linde at 2024-02-16T02:41:36+00:00
netcmd: models: SDDLField parses to object instead of string
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
73c44e96 by Rob van der Linde at 2024-02-16T02:41:36+00:00
netcmd: models: SDDLField move line down where it gets used
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
0a3da8dc by Rob van der Linde at 2024-02-16T02:41:36+00:00
netcmd: models: rename DoesNotExist exception to NotFound
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
128a5cf0 by Rob van der Linde at 2024-02-16T02:41:36+00:00
netcmd: models: stop using LookupError exception and change it to NotFound
LookupError is a base class for IndexError and KeyError and isn't really the appropriate exception.
NotFound inherits from ModelError just like the other model exceptions.
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
5165d54d by Rob van der Linde at 2024-02-16T02:41:36+00:00
netcmd: models: add Computer model subclass of User
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
16e1ea9b by Rob van der Linde at 2024-02-16T02:41:36+00:00
netcmd: models: make Group.system_flags a flags based EnumField
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
b31cdb03 by Rob van der Linde at 2024-02-16T02:41:36+00:00
netcmd: models: add missing enum fields to Group model
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
5e52e211 by Rob van der Linde at 2024-02-16T02:41:36+00:00
netcmd: models: add missing fields to User model
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
b401502c by Rob van der Linde at 2024-02-16T02:41:36+00:00
netcmd: models: add GroupManagedServiceAccount model
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
b2215aae by Jo Sutton at 2024-02-16T02:41:36+00:00
python:tests: Produce more helpful error message for future GKIDs
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ac3d67ad by Jo Sutton at 2024-02-16T02:41:36+00:00
lib:crypto: Fix code formatting
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
88351a78 by Jo Sutton at 2024-02-16T02:41:36+00:00
lib:crypto: Export gkid_key_type() and gkid_is_valid()
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
cac31aac by Jo Sutton at 2024-02-16T02:41:36+00:00
lib:crypto: Comment on GKDI definitions
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
332522d7 by Jo Sutton at 2024-02-16T02:41:36+00:00
lib:crypto: Explicitly check for zero
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
510d01b0 by Jo Sutton at 2024-02-16T02:41:36+00:00
s4:dsdb: Add helper functions to get GKDI root key DNs
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
678ed54e by Jo Sutton at 2024-02-16T02:41:36+00:00
python:tests: Fix code spelling
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
75ca027f by Jo Sutton at 2024-02-16T02:41:36+00:00
python:tests: Pass correct arguments to set_named_ccache()
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
22c6629e by Jo Sutton at 2024-02-16T02:41:36+00:00
samba-tool: Display friendlier error message if no password is available
‘samba-tool user get-kerberos-ticket’ is supposed to display an error
message if no password is available. However, the conditions for which
the message is displayed are impossible to be met. If ‘utf16_pw’ is not
None, the message is not displayed; if ‘utf16_pw’ *is* None, ‘nt_pass’
is assigned with a samr.Password object, which is not None — and so the
message is still not displayed.
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
059cb760 by Jo Sutton at 2024-02-16T02:41:36+00:00
testprogs:blackbox: Fix code spelling
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
635f6baf by Jo Sutton at 2024-02-16T02:41:36+00:00
s3:libads: Remove ‘unicodePwd’ attribute from ads_find_machine_acct() search
This attribute was added to the search in commit
4f389c1f78cdc2424795e3b2a1ce43818c400c2d. But it’s not clear to me that
anything actually retrieves the unicodePwd from the result (excluding
inconsequential things like ads_dump()).
Furthermore, this being a search over LDAP, it will never return a
unicodePwd.
Removing this attribute from the search means that we no longer have to
worry about the account possibly being a Group Managed Service Account
and the unicodePwd being out‐of‐date.
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ac85c120 by Jo Sutton at 2024-02-16T02:41:36+00:00
lib:util: Remove inaccurate comment
A C compiler would not be allowed to apply the tail call optimization in
this situation, because it would change the observed behaviour of the
program.
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1b4eb4d6 by Jo Sutton at 2024-02-16T02:41:36+00:00
ldb: Remove trailing whitespace
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3ba0dcdc by Jo Sutton at 2024-02-16T02:41:36+00:00
ldb: Simplify ldb_errstring()
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
debc4bc3 by Jo Sutton at 2024-02-16T02:41:36+00:00
ldb: Fix code spelling
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2748466e by Jo Sutton at 2024-02-16T02:41:36+00:00
python: Reformat nt_time.py
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
72ac0ec8 by Jo Sutton at 2024-02-16T02:41:36+00:00
lib:compression: Update my name
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2489ffbe by Jo Sutton at 2024-02-16T02:41:36+00:00
s4:kdc: Remove ‘attrs’ parameter from samba_kdc_lookup_server()
It is always equal to ‘server_attrs’.
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8fe57658 by Jo Sutton at 2024-02-16T02:41:36+00:00
python:tests: Remove unused imports
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c3ac22a4 by Jo Sutton at 2024-02-16T02:41:36+00:00
s4:dsdb: Check return value of talloc_new()
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e1e28d42 by Jo Sutton at 2024-02-16T02:41:36+00:00
s4:dsdb: Undefine helper macro
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
72142253 by Jo Sutton at 2024-02-16T02:41:36+00:00
s4:dsdb: Allocate NT hash on to more appropriate memory context
The NT hash should live at least as long as the message to which it is
added.
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
43cc1a99 by Jo Sutton at 2024-02-16T02:41:36+00:00
s4:dsdb: Split out function to create a ‘password set’ ldb request
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
470a9838 by Jo Sutton at 2024-02-16T02:41:36+00:00
s4:dsdb: Remove reference to now‐gone lmNewHash parameter
This parameter was removed in commit
75c54d54ad9fdff7098c1b4f11252528f35ea658.
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ed37c6f2 by Jo Sutton at 2024-02-16T02:41:36+00:00
s4:dsdb: Remove unused ‘domain_dn’ parameter
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
25c610f8 by Jo Sutton at 2024-02-16T02:41:36+00:00
mailmap: Associate my identity with my old email address
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c0f9c177 by Jo Sutton at 2024-02-16T02:41:36+00:00
s4:dsdb: Remove duplicate word
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f439bd39 by Jo Sutton at 2024-02-16T02:41:36+00:00
s4:dsdb: Remove trailing whitespace
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
24552b02 by Jo Sutton at 2024-02-16T02:41:36+00:00
s4:dsdb: Make array static
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4e01e2bf by Jo Sutton at 2024-02-16T02:41:36+00:00
s4:dsdb: Add ‘ares’ parameter to operational attribute constructor functions
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
03e4de44 by Jo Sutton at 2024-02-16T02:41:36+00:00
s4:dsdb: Fix code formatting
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
78565c5e by Jo Sutton at 2024-02-16T02:41:36+00:00
s4:setup: Remove empty line
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
42488245 by Jo Sutton at 2024-02-16T02:41:36+00:00
s4:dsdb: Add dsdb control indicating that gMSA passwords are to be updated
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
eeadffc9 by Jo Sutton at 2024-02-16T02:41:36+00:00
s4:dsdb: Include missing headers
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
447467f7 by Jo Sutton at 2024-02-16T02:41:36+00:00
s4:dsdb: Add search flag indicating that gMSA passwords are to be updated
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
002e0196 by Jo Sutton at 2024-02-16T02:41:36+00:00
s4:dsdb: Add dsdb_werror() macro
This works like dsdb_module_werror(), but does not require an ldb module
to work.
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f810ea94 by Jo Sutton at 2024-02-16T02:41:36+00:00
ldb: Remove trailing whitespace
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
93762362 by Jo Sutton at 2024-02-16T02:41:36+00:00
ldb: Correct copy‐and‐pasted comments
These comments refer to controls being added, but in these functions the
controls are actually being *searched* for.
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d453feb8 by Jo Sutton at 2024-02-16T02:41:36+00:00
ldb: Split out ldb_controls_get_control() to search a list of controls
Update the ldb ABI accordingly.
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
80a59d11 by Jo Sutton at 2024-02-16T02:41:36+00:00
ldb: Fix documentation typos
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e062db32 by Jo Sutton at 2024-02-16T02:41:36+00:00
lib:crypto: Add more GKDI functions
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
fe2dc161 by Jo Sutton at 2024-02-16T02:41:36+00:00
lib:crypto: Add functions for deriving gMSA passwords
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2d371290 by Jo Sutton at 2024-02-16T02:41:36+00:00
lib:crypto: Add test for GMSA password derivation
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f2a3c186 by Jo Sutton at 2024-02-16T02:41:36+00:00
pidl: Do not call mapTypeName() on expression
$var_name is not a type name, but an expression, such as ‘r->in.server’.
mapTypeName() will turn this into ‘struct r->in.server’, which makes no
sense.
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1b44febc by Jo Sutton at 2024-02-16T02:41:36+00:00
s3:passdb: Remove trailing whitespace
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2135e91b by Jo Sutton at 2024-02-16T02:41:36+00:00
s3:passdb: Make array of strings static
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
67660134 by Jo Sutton at 2024-02-16T02:41:36+00:00
s3:passdb: Reformat array of strings
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0d3d2c43 by Jo Sutton at 2024-02-16T02:41:36+00:00
s3:passdb: Reformat long line
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e1d27ba5 by Jo Sutton at 2024-02-16T02:41:36+00:00
s4:dsdb: Add to ‘user_attrs’ attributes required for Group Managed Service Accounts
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d55c281c by Jo Sutton at 2024-02-16T02:41:36+00:00
s4:dsdb: Remove unused includes
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
324d0fbc by Jo Sutton at 2024-02-16T02:41:36+00:00
s4:dsdb: Add function to create a GMSA password update request
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
91fdd431 by Jo Sutton at 2024-02-16T02:41:36+00:00
s4:dsdb: Remove redundant include
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e0e2126f by Jo Sutton at 2024-02-16T02:41:36+00:00
s4:dsdb: Add include guard to dsdb/samdb/ldb_modules/util.h
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1ad9b93d by Jo Sutton at 2024-02-16T02:41:36+00:00
s4:dsdb: Add function to determine whether we have system access
This takes into account the dsdb session info, as well as the presence
or absence of an AS_SYSTEM control.
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
eece2e8a by Jo Sutton at 2024-02-16T02:41:36+00:00
s4:dsdb: Make use of dsdb_have_system_access()
There should not be any change in behaviour.
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b0b9e03c by Jo Sutton at 2024-02-16T02:41:36+00:00
s4:dsdb: Let requests with the AS_SYSTEM control reset an account’s password
dsdb_have_system_access() takes into account the AS_SYSTEM control as
well as the result of dsdb_module_am_system().
This change means that we can reset the password of an account without
being SYSTEM by means of the AS_SYSTEM control. This is essential for
ldapsrv_SearchRequest() to be able to process the automatic password
changes of Group Managed Service Accounts.
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1e13e37e by Jo Sutton at 2024-02-16T02:41:36+00:00
libcli/security: Include missing headers
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8c970eaa by Jo Sutton at 2024-02-16T02:41:36+00:00
s4:ldap_server: Remove trailing whitespace
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a8387195 by Jo Sutton at 2024-02-16T02:41:36+00:00
libcli/security: Make ‘session_info’ parameter const
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4698cf0f by Jo Sutton at 2024-02-16T03:47:12+00:00
s4:dsdb: Fix grammar
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Fri Feb 16 03:47:12 UTC 2024 on atb-devel-224
- - - - -
01e901ef by Noel Power at 2024-02-17T16:51:37+00:00
idl: Add constant for max rows buffer size
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15579
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
f4872117 by Noel Power at 2024-02-17T16:51:37+00:00
s3/rpc_client: Ensure max possible row buffer size is not exceeded
The max buf size of rows buffer should not exceed 0x00004000.
Ensuring this value is within limits means we can safely use
uint32_t offsets.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15579
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
885850b6 by Noel Power at 2024-02-17T17:58:43+00:00
s3/rpc_client: Fix array offset check
Previous to this commit we were modifying the offset before
the array offset check. This was causing a spurious debug
message indicating the offset was out of bounds. An second
problem is that upon detecting the error we don't exit the loop.
A third problem was that when reading the offset the check
didn't cater for the size of the integer address about to be read.
This commit moves the offset check to before the first read,
additionally when an error is detected now we actually exit the loop
and the offset have been corrected to include the size of the
integer to be read
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15579
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Sat Feb 17 17:58:43 UTC 2024 on atb-devel-224
- - - - -
dd9b11ac by Martin Schwenke at 2024-02-19T10:21:48+00:00
ctdb-protocol: Add missing push support for new controls
CTDB_CONTROL_TCP_CLIENT_DISCONNECTED and
CTDB_CONTROL_TCP_CLIENT_PASSED were added in commits
c6602b686b4e50d93272667ef86d3904181fb1ab and
037e8e449deb136ad5ed5e4de05439411b545b6d. They were missing test
support for the packet push/pull. While adding the testing (for
completeness, before adding another new control) I noticed that the
push functionality was absent. This adds that, along with the test
support.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15580
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Mon Feb 19 10:21:48 UTC 2024 on atb-devel-224
- - - - -
cde71074 by Shaleen Bathla at 2024-02-22T09:47:44+00:00
s3: winbindd: remove double initialization
remove re-initialization of entry variable in for loop
Signed-off-by: Shaleen Bathla <shaleen.bathla at oracle.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
205866a1 by Shaleen Bathla at 2024-02-22T09:47:44+00:00
s3: winbindd: reduce scope of a variable
reduce scope of variable as a best practice
Signed-off-by: Shaleen Bathla <shaleen.bathla at oracle.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
bdd739c1 by Shaleen Bathla at 2024-02-22T10:57:38+00:00
s3: winbindd: assign rangenum member after NULL check
if we are doing NULL check for range, then we should assign its member
after the NULL check.
Signed-off-by: Shaleen Bathla <shaleen.bathla at oracle.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
Autobuild-User(master): Noel Power <npower at samba.org>
Autobuild-Date(master): Thu Feb 22 10:57:38 UTC 2024 on atb-devel-224
- - - - -
e7584258 by Andreas Schneider at 2024-02-26T06:57:31+00:00
librpc:idl: Make netlogon_samlogon_response public
This is required that we can use it with ndrdump or in python to decode
a NETLOGON_SAM_LOGON_RESPONSE_EX ldap response.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15588
Signed-off-by: Andreas Schneider <asn at samba.org>
Pair-Programmed-With: Guenther Deschner <gd at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e4c3c613 by Andreas Schneider at 2024-02-26T08:06:08+00:00
python:gp: Implement client site lookup in site_dn_for_machine()
This is [MS-GPOL] 3.2.5.1.4 Site Search.
The netr_DsRGetSiteName() needs to run over local rpc, however we do not
have the call implemented in our rpc_server. What netr_DsRGetSiteName()
actually does is an ldap query to get the sitename, we can just do the
same.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15588
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Mon Feb 26 08:06:08 UTC 2024 on atb-devel-224
- - - - -
5a0fce58 by Anoop C S at 2024-02-26T18:35:43+00:00
source4/torture: Add SEC_STD_DELETE to enable proper cleanup
basic.maximum_allowed and smb2.maximum_allowed attempt to unlink the
files created by those tests. But the restrictive SD with which they
were created prohibits the deletion inside shares where vfs_acl_xattr
is configured including "ignore system acls". The very same file will
otherwise cause problems while progressing with remaining sub tests.
SEC_STD_DELETE could be the minimum required additional access mask
to successfully delete the file under the said configuration using
vfs_acl_xattr and "ignore system acls" option without loosing the
integrity of the overall test.
Signed-off-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Mon Feb 26 18:35:43 UTC 2024 on atb-devel-224
- - - - -
9a5cc120 by Andrew Bartlett at 2024-02-27T01:11:37+00:00
python/samba/samdb: Only do caching of well known DNs in dbcheck
The fact that get_wellknown_dn() returned a cached DN that could
not be modified safely was unexpected, particularly given that
other similar routines did not do that.
The use case given at the time this was written by
Matthieu Patou in 6122acad0f1a7bc23b6f58862c16968e13da979d
was dbcheck, so move the cache there, and name it clearly.
dbcheck is the only case that uses this rotuine in an inner
loop.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
ecaaff57 by Andrew Bartlett at 2024-02-27T01:11:37+00:00
librpc/idl: Add a parser for a FILE: format keytab
This will let us examine keytab entries exported for gMSA accounts and
ensure they are the values we expect. This will in particular help
test our KDC via the "samba-tool domain exportkeytab" as this is a thin
wrapper around the relevant code.
Additionally, we can use this to test the new client-side keytab generation
in "samba-tool domain exportkeytab" for gMSA accounts.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
e6ef2fc2 by Andrew Bartlett at 2024-02-27T01:11:37+00:00
librpc/idl: Check protocol version number in Kerberos ccache parser
The ccache file format version is checked by the switch in OPTIONAL_HEADER.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
2e230f72 by Andrew Bartlett at 2024-02-27T01:11:37+00:00
python/tests: Add test for new krb5 keytab parser
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
a1d7af24 by Andrew Bartlett at 2024-02-27T01:11:37+00:00
python/tests: Convert dckeytab test to use new NDR keytab parser
This is much nicer than reading strings out of the binary file.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
69c3044a by Andrew Bartlett at 2024-02-27T01:11:37+00:00
python/tests: Use TestCaseInTempDir rather than "private dir" for exported keytab
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
df475fbc by Jo Sutton at 2024-02-27T01:11:37+00:00
tests/krb5: type hinting
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3e342e2d by Jo Sutton at 2024-02-27T01:11:37+00:00
tests/krb5: Move assertLocalSamDB() into RawKerberosTest
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4b0f3f3d by Jo Sutton at 2024-02-27T01:11:37+00:00
python: Fail the test if we don’t receive an NTSTATUSError
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
18208dbe by Jo Sutton at 2024-02-27T01:11:37+00:00
s4:rpc_server: Remove trailing whitespace
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7e855f8d by Jo Sutton at 2024-02-27T01:11:37+00:00
lib:util: Correctly determine whether a character needs to be escaped
The condition ‘c > 0x1F’ is clearly meant to test whether a character is
a control code or not. While it works for ASCII characters, when ‘char’
is signed it fails for codepoints above 0x7f, which get represented as
negative values. Make this calculation work as it was (presumably)
intended by casting to ‘unsigned char’.
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3b85345c by Jo Sutton at 2024-02-27T01:11:37+00:00
lib:util: Fix printing hex‐escaped characters
A signed char, passed to snprintf(), will be promoted to an ‘int’, and
then interpreted (according to the format string) as an ‘unsigned int’.
Any negative values passed in will thus be interpreted as large unsigned
values, too large to be represented in the two characters allocated for
them. In practice, they will always be represented as ‘\xFF’.
Cast these characters to ‘unsigned char’, and use the appropriate length
modifier for that type.
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
beaeeaff by Jo Sutton at 2024-02-27T01:11:37+00:00
s4:rpc_server: Make some arrays static
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f1a83798 by Jo Sutton at 2024-02-27T02:19:31+00:00
third_party/heimdal: Import lorikeet-heimdal-202402132018 (commit 66d4c120376f60ce0d02f4c23956df8e4d6007f2)
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Tue Feb 27 02:19:31 UTC 2024 on atb-devel-224
- - - - -
ea41dccb by Andrew Bartlett at 2024-02-28T03:44:37+00:00
third_party/heimdal: import lorikeet-heimdal-202402270140 (commit e78a9d974c680d775650fb51f617ca7bf9d6727d)
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
724f403d by Andrew Bartlett at 2024-02-28T03:44:37+00:00
libcli/security: Add SID_FRESH_PUBLIC_KEY_IDENTITY
This allows an ACL level check (rather than only an all-or-nothing KDC configuration)
that PKINIT freshness was used during the AS-REQ.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
009a4706 by Andrew Bartlett at 2024-02-28T03:44:37+00:00
python/samba/tests/krb5: Expect SID_FRESH_PUBLIC_KEY_IDENTITY (only) when PKINIT freshness used
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
2b515b7d by Andrew Bartlett at 2024-02-28T04:45:48+00:00
s4-kdc: Add "Fresh Public Key Identity" SID if PKINIT freshness used
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed Feb 28 04:45:48 UTC 2024 on atb-devel-224
- - - - -
801e3fd6 by Pavel Filipenský at 2024-02-29T01:31:31+00:00
s3:libads: Trace ldap search base/filter/scope
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
380c80b4 by Andrew Bartlett at 2024-02-29T01:31:31+00:00
samba-tool user getpassword: Do not show preview of gMSA password
The AD server will send a preview of the next gMSA password, 5mins before
it is expected to be active.
This is useful in a keytab, which needs to be in place before a ticket
could possibly be issued, but is not helpful for authentication, as
the server also accepts passwords for 5mins after the change.
This avoids needing teach all users of this tool how to fall back to
the previous password for a 5min period every 30 days, by default.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
dfe71c42 by Andrew Bartlett at 2024-02-29T01:31:31+00:00
python/samba/tests: Include more detail on invoication in test of "samba-tool user show"
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
71f7c4a3 by Andrew Bartlett at 2024-02-29T01:31:31+00:00
samba-tool: Allow ;format=UnixTime etc to operate on virtual attributes
To convert a virtual attribute we must understand that it has
been put into "obj" under the name including the ;format= part
and so we must look it back up with that name when looking to
covert it from (say) NTTIME to a unix time.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
2908a6d6 by Andrew Bartlett at 2024-02-29T01:31:31+00:00
samba-tool user getpassword: Also return the time a GMSA password is valid until
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
8650ba0a by Douglas Bagnall at 2024-02-29T01:31:31+00:00
samba-tool domain claim: use secrets module for token
`binascii.hexlify(os.urandom(8)).decode()` was fine, but `os.urandom`
is OS specific and can theoretically block (says the documentation).
We will let Python's secrets module worry about such details.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
29abab6a by Douglas Bagnall at 2024-02-29T01:31:31+00:00
samba-tool domain level: avoid using assert
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
742fc4d8 by Douglas Bagnall at 2024-02-29T01:31:31+00:00
samba-tool: avoid mutable Command class values
These values are shared across all instances of the class,
which makes no difference in samba-tool itself, because there
is one instance per process. But in tests we can have many
Command classes at once (due to runcmd()), and if any of them
happened to append to takes_args or takes_options rather than
replacing it, well, the effect would be subtle.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
542ba5cb by Douglas Bagnall at 2024-02-29T01:31:31+00:00
samba-tool: add self.print_json_status() helper
This is a helper to return JSON for simple messages.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1f128fee by Douglas Bagnall at 2024-02-29T01:31:31+00:00
samba-tool: instances remember whether --json was requested
All our subcommands are going to learn --json eventually, and they
shouldn't all have to do this individually.
The next commit uses this to automatically format CommandErrors as JSON.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7b089e12 by Douglas Bagnall at 2024-02-29T01:31:31+00:00
samba-tool: with --json, error messages are in JSON
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0fe263a5 by Douglas Bagnall at 2024-02-29T02:38:06+00:00
pylibs: add string_is_guid() helper.
In various places we use regular expressions to check for GUID-ness,
though typically we don't match GUIDs with uppercase hex digits when
we really should.
If we centralise the check, we have more chance of getting it right.
Pair-programmed-by: Andrew Bartlett <abartlet at samba.org>
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu Feb 29 02:38:07 UTC 2024 on atb-devel-224
- - - - -
6d087d1d by Douglas Bagnall at 2024-02-29T04:01:40+00:00
pytest:auth_log_base: use string_is_guid()
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8cf9d4ca by Douglas Bagnall at 2024-02-29T04:01:40+00:00
pytest:audit_log_base: use string_is_guid()
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
cccc994f by Douglas Bagnall at 2024-02-29T04:01:40+00:00
pyldb: add a macro to free when raising exceptions
We often forget.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a4c4e3c9 by Douglas Bagnall at 2024-02-29T04:01:40+00:00
pyldb: free things more often on error
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c68b390e by Douglas Bagnall at 2024-02-29T04:01:40+00:00
pyldb: free some finished requests
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ed344bb2 by Douglas Bagnall at 2024-02-29T04:01:40+00:00
pyldb: catch some talloc failures
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9beb5789 by Douglas Bagnall at 2024-02-29T04:01:40+00:00
s4:pydsdb: add not-implemented raising functions to when appropriate
It will be less confusing, I hope.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8892b0cc by Douglas Bagnall at 2024-02-29T04:01:40+00:00
ldb: ldb_string_to_time reports more errors
The underlying function should return -1 and set errno when given invalid
strings, but we were not looking and have decided on 0 for error.
It would be a pain to change this function to return -1. Apart from the
API fuss, it is sometimes used unchecked to set an unsigned number and
an unchecked 0 is better than UINT*_MAX in those contexts.
It is probably not easy to get an -1 from a timegm() -- most
implementations will happily convert overflows for you, so e.g. the
15th month would be March of the next year. But EOVERFLOW is mentioned
in the manpages.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
bfba074d by Douglas Bagnall at 2024-02-29T04:01:40+00:00
pyldb: try to turn ldb_string_to_time() errors into exceptions
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
60022ed5 by Douglas Bagnall at 2024-02-29T04:01:40+00:00
py:nt_time: add nt_time_from_string()
This is for samba-tool, which could do with a common understanding of
time strings across various sub-tools.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
33a8ae17 by Douglas Bagnall at 2024-02-29T04:01:40+00:00
python:nt_time: add string_from_nt_time
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d3d87aee by Douglas Bagnall at 2024-02-29T04:01:40+00:00
python:nt_time: add a nt_now() function
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
00daa520 by Douglas Bagnall at 2024-02-29T04:01:40+00:00
python/nt_time: have a go at using 1_000_000 number separators.
I noticed these are available in Python 3.6+, which is what we support,
and they're arguably nicer than using exponentiation.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0c1ac197 by Andrew Bartlett at 2024-02-29T05:07:45+00:00
samba-tool user getpassword: Clarify success wording
It may be the case that there was no password, or read access to the
password was not permitted. The structure of the code and the pattern
in LDIF that missing information is simply returned as missing
attributes makes it hard to detect and communicate a clear
error here, particularly as an error may not be wanted if
(say) pwdLastSet is queried on a gMSA that we can not read.
So we just make the string to indicate, as I think it was meant,
that the tool ran to compleation.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu Feb 29 05:07:45 UTC 2024 on atb-devel-224
- - - - -
667265b6 by Martin Schwenke at 2024-02-29T13:20:40+00:00
ctdb-tests: Limit red-black tree test to 5s of random inserts
rb_test_001.sh runs for 60s even though rb_tree.c is almost never
modified. This generally extends test time by an unreasonable amount
of time.
Add an optional timeout (in seconds) argument to rb_test, defaulting
to 60, and pass 5 from rb_test_001.sh. If anyone ever significantly
updates rb_tree.c then they can run rb_test directly with its default
60s timeout... or for as long as they like.
Reported-by: Volker Lendecke <vl at samba.org>
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Thu Feb 29 13:20:40 UTC 2024 on atb-devel-224
- - - - -
02f18a88 by Andrew Bartlett at 2024-03-01T00:19:45+00:00
selftest: Ignore msKds-DomainID in ldapcmp_restoredc.sh and samba.tests.domain_backup_offline
Like serverReferenceBL etc, this will point to a DC that created the object, and
as part of the backup and restore, this DC will be deleted. It is just for
tracking the object creation, so this is fine.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
924eb6ba by Jo Sutton at 2024-03-01T00:19:45+00:00
lib:crypto: Add error checking to GKDI key start time calculation
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2be2dca4 by Jo Sutton at 2024-03-01T00:19:45+00:00
lib:crypto: Correct GKDI interval start time calculation
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e7a96915 by Jo Sutton at 2024-03-01T00:19:45+00:00
lib:crypto: Check for overflow in GKDI rollover interval calculation
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d46daab2 by Jo Sutton at 2024-03-01T00:19:45+00:00
s4:dsdb: Add functions for GKDI root key creation
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
fbd97402 by Douglas Bagnall at 2024-03-01T00:19:45+00:00
samba-tool domain: add kds sub-branch
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
327f5dc4 by Douglas Bagnall at 2024-03-01T00:19:45+00:00
samba-tool domain kds: add root key sub-command
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
214ac139 by Douglas Bagnall at 2024-03-01T00:19:45+00:00
samba-tool domain kds root_key
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a7c955dc by Douglas Bagnall at 2024-03-01T00:19:45+00:00
s4:pydsdb: python bindings for gkdi_new_root_key()
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
17dbaf4d by Douglas Bagnall at 2024-03-01T00:19:45+00:00
python:samdb: wrapper for _dsdb_create_gkdi_root_key()
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
bbd9249a by Douglas Bagnall at 2024-03-01T00:19:45+00:00
ldb:pyldb exposes Result type
You perhaps never want to manually create results (as in `x = Result()`)
-- except maybe in tests -- and that would be why we never added it in
the first place (or rather, we never noticed that it ws missing).
But we do want to sometimes go `isinstance(x, ldb.Result)`, and that
is how we noticed it was missing now.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e5efa217 by Douglas Bagnall at 2024-03-01T00:19:45+00:00
samba-tool domain: add LDB Result to json encoders
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ae0f38c3 by Douglas Bagnall at 2024-03-01T00:19:45+00:00
samba-tool user delete: use account type constant
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e1ab10b1 by Douglas Bagnall at 2024-03-01T00:19:45+00:00
pytest:samba-tool: add a flag to print more in runcmd
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c6208a3b by Douglas Bagnall at 2024-03-01T00:19:45+00:00
pytest:gkdi: shift create_root_key into a function
This is so the samba-tool domain kds root_key tests can use it as a
function.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
53bf56c6 by Douglas Bagnall at 2024-03-01T00:19:45+00:00
pytest:dsdb: check that there is a gkdi root key
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
79342a84 by Douglas Bagnall at 2024-03-01T00:19:45+00:00
provision: add a default root key
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
884d40ca by Douglas Bagnall at 2024-03-01T00:19:45+00:00
samba-tool: don't error if there are no sub-commands
This is useful when you commit samba-tool tests before you commit the
samba-tool code, and you want the tests to fail rather than error.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a92699cd by Douglas Bagnall at 2024-03-01T00:19:45+00:00
samba-tool: add `samba-tool domain kds root_key list`
This lists root keys, in descending chronological order according to the
use_start_toime attribute. That's becuase you usually only care about
the newest one.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ee1e9f1f by Douglas Bagnall at 2024-03-01T00:19:45+00:00
samba-tool: add `samba-tool domain kds root_key view`
This is for looking at one root key. There isn't much to know.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
710093dc by Douglas Bagnall at 2024-03-01T00:19:45+00:00
samba-tool: add `samba-tool domain kds root_key create`
For making new root keys.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d0234391 by Douglas Bagnall at 2024-03-01T00:19:45+00:00
samba-tool: add `samba-tool domain kds root_key delete`
For deleting root keys.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d6bfd260 by Douglas Bagnall at 2024-03-01T01:27:30+00:00
pytests: samba-tool domain kds root_key
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Fri Mar 1 01:27:30 UTC 2024 on atb-devel-224
- - - - -
8af78675 by Andrew Bartlett at 2024-03-01T02:41:36+00:00
ldb: Move tests to selftest/tests.py and out of standlone build
Tests that are declared in the tests.py files in the main Samba build
are able to use the common knownfail, flapping and skip systems.
This will also allow the independent ldb build to be removed without
loss of the tests.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
b76516d5 by Andrew Bartlett at 2024-03-01T02:41:36+00:00
sefltest: Remove duplicate run of ldb.python.crash and ldb.python.repack
These tests are not impacted by the dot-less i issue.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
4c16618e by Andrew Bartlett at 2024-03-01T02:41:36+00:00
ldb: Prepare ldb tests for subunit output
These tests now print subunit rather than the default output
as this is what the Samba selftest system needs.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
b98e05ae by Andrew Bartlett at 2024-03-01T02:41:36+00:00
selftest: Move LDB cmocka based unit tests to Samba testsuite
This allows skip and knownfail entries to be honoured, as well
as enabling the removal of the standalone LDB build system.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
05ce3810 by Andrew Bartlett at 2024-03-01T02:41:36+00:00
selftest: Always and only run ldb test-tdb test in Samba selftest
This is the last test left in the independent ldb testsuite,
removing this from there allows the test target to be removed.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
a4afb2ee by Andrew Bartlett at 2024-03-01T02:41:36+00:00
selftest: Bring ldb test defintions into one place in selftest/tests.py
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
2471a003 by Andrew Bartlett at 2024-03-01T02:41:36+00:00
ldb: Make pyldb-util always a private library
Only Samba has ever used these utility functions, other applications can
still use our ldb python bindings, they just can not provide ldb
C bindings.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
7d1bc4fa by Andrew Bartlett at 2024-03-01T02:41:36+00:00
build: Ensure that a forced-private library has no public headers
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
1f41997b by Andrew Bartlett at 2024-03-01T02:41:36+00:00
build: Allow --private-libraries to include a default
This will in the future allow ldb to be declared public in the
build system, and so have all the attributes set for that, but
be actually built as a private Samba library by default.
No change in behavour currently.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
9b5d226a by Andrew Bartlett at 2024-03-01T02:41:36+00:00
ldb: Honour --private-library=!ldb as meaning build as a public library
Likewise, let the SAMBA_LIBRARY code handle being a private library
rather than in the library declaration.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
3b80c7f4 by Andrew Bartlett at 2024-03-01T02:41:36+00:00
autobuild: Move autobuild to expecting ldb to build as part of Samba
We retain a test to confirm we can build ldb as a public lib in the samba-libs
target.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
9fe559ec by Andrew Bartlett at 2024-03-01T02:41:36+00:00
build: Call conf.CHECK_XSLTPROC_MANPAGES() directly in wscript
This avoids relying on the indirect call via wscript in lib/{talloc,tdb,ldb}
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
e1093257 by Andrew Bartlett at 2024-03-01T02:41:36+00:00
build: Remove duplicated check for -Wl,-no-undefined on OpenBSD
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
1f50febc by Andrew Bartlett at 2024-03-01T02:41:36+00:00
ldb: Remove the ability for Samba to compile against a system LDB
Samba will either provide the LDB to the system, or use a
private ldb, we will not use any other LDB from the system.
This is essentially equilvilant to the patch Debian has used
for Samba 4.17 and later, named "Force-LDB-as-standalone.patch"
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
b8361414 by Andrew Bartlett at 2024-03-01T02:41:36+00:00
build: Move --with-ldap/--without-ldap from source3 build to top level
This code impacts on LDB, which is now built from the main build
so we need to combined this with the check that was in lib/ldb
or else we get conflicts.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
de1ab855 by Andrew Bartlett at 2024-03-01T02:41:36+00:00
lib/ldb: Always build standalone
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
1edd8c06 by Andrew Bartlett at 2024-03-01T02:41:37+00:00
lib/ldb: Adapt pkg-config files to being build from the main build.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
c1125a31 by Andrew Bartlett at 2024-03-01T02:41:37+00:00
lib/ldb: bld.CONFIG_SET(USING_SYSTEM_LDB) is now never set
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
7c860d79 by Andrew Bartlett at 2024-03-01T02:41:37+00:00
lib/ldb: Remove references to conf.env.standalone_ldb
This is not a simple replacement as we are merging the standalone build features with
the main Samba build features.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
ef7e9566 by Andrew Bartlett at 2024-03-01T02:41:37+00:00
ldb: Remove remaining components of independent ldb build system
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
d163518e by Andrew Bartlett at 2024-03-01T02:41:37+00:00
lib/ldb: Remove duplicate aspects of build system
We no longer need aspects of our build that made sense for the standalone
operation of LDB now that ldb is only provided as part of Samba.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
07cc744e by Andrew Bartlett at 2024-03-01T02:41:37+00:00
ldb: Rename VERSION to LDB_VERSION to avoid confusion
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
625fb483 by Andrew Bartlett at 2024-03-01T02:41:37+00:00
ldb: Remove "private_library" variable with just one user
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
5af23f1b by Andrew Bartlett at 2024-03-01T02:41:37+00:00
ldb: Unconditionally set LDB_PACKAGE_VERSION
This is only parsed once now and there is no confusion with the main build, so we can set it without checking.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
81994b85 by Andrew Bartlett at 2024-03-01T02:41:37+00:00
build: Allow --with-ldbmodulesdir to override location of LDB modules
This will allow some packagers to set this to a directory that does
not mention Samba, or to put a version string in to avoid loading
old modules.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
9f167b9b by Andrew Bartlett at 2024-03-01T03:45:21+00:00
WHATSNEW: Add information on LDB no longer available standalone
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Fri Mar 1 03:45:21 UTC 2024 on atb-devel-224
- - - - -
4e31942d by Rob van der Linde at 2024-03-01T04:45:36+00:00
netcmd: models: add default SDDL to group_msa_membership
LA can be used for the administrator and Windows will expand that on save, making the group_sddl method redundant.
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
cf110742 by Rob van der Linde at 2024-03-01T04:45:36+00:00
netcmd: models: Remove unused groups_sddl method from User model
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
cd395558 by Rob van der Linde at 2024-03-01T04:45:36+00:00
netcmd: models: avoid fetching each user in trustees method
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
f5c6a42d by Rob van der Linde at 2024-03-01T04:45:36+00:00
netcmd: models: make GroupManagedServiceAccount.trustees a property
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
c8857abb by Rob van der Linde at 2024-03-01T04:45:36+00:00
netcmd: models: gmsa trustees property only looks at allowed aces
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
84c721ec by Rob van der Linde at 2024-03-01T04:45:36+00:00
netcmd: models: gmsa trustees update docstring and incorrect return type
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
1cd7cf66 by Rob van der Linde at 2024-03-01T04:45:36+00:00
netcmd: models: gmsa move GroupManagedServiceAccount model to gmsa.py
It needs to inherit from the Computer model, the Computer model also inherits from User.
First, moving it to its own file from user.py to gmsa.py
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
e1d61746 by Rob van der Linde at 2024-03-01T04:45:36+00:00
netcmd: models: gmsa GroupManagedServiceAccount inherits from Computer
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
6834a1bd by Rob van der Linde at 2024-03-01T04:45:36+00:00
netcmd: models: gmsa move find method to Computer model
The find method is the same as the find method from the User model, with the exception of adding "$".
This means it is actually logic that belongs in the parent class of GroupManagedServiceAccount, which is Computer.
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
a5470623 by Rob van der Linde at 2024-03-01T04:45:36+00:00
netcmd: models: update docstring of Computer.find method
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
1d008467 by Rob van der Linde at 2024-03-01T04:45:36+00:00
netcmd: models: move MODELS constant to constants.py to avoid import loop
query.py and models.py otherwise cause an import loop, query.py needs to import MODELS
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
14285db4 by Rob van der Linde at 2024-03-01T04:45:36+00:00
netcmd: models: make MODELS constant keyed by object class instead
This helps with polymorphic querying, mapping object class name to model class.
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
dccafff1 by Rob van der Linde at 2024-03-01T04:45:36+00:00
netcmd: shell: show Models subheading
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
611403d4 by Rob van der Linde at 2024-03-01T04:45:36+00:00
netcmd: models: move group msa membership default to constants
This means the constant can be imported and used by the tests
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
e41114ad by Rob van der Linde at 2024-03-01T04:45:36+00:00
netcmd: models: set the default for managed password interval on the model
This is to avoid having to provide a default in multiple places
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
b3cc3ade by Rob van der Linde at 2024-03-01T04:45:36+00:00
netcmd: models: Query.first and Query.last should use count from instance
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
f90e09a2 by Rob van der Linde at 2024-03-01T04:45:36+00:00
netcmd: models: Model.get_object_class returns top instead of None
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
f8b5f7f5 by Rob van der Linde at 2024-03-01T04:45:36+00:00
netcmd: models: ModelMeta no longer needs to inherit from ABCMeta
There are no more abstract methods since the previous commit, so ABCMeta is no longer needed.
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
f54cfbea by Rob van der Linde at 2024-03-01T04:45:36+00:00
netcmd: models: bring Model class forward into module
This is important for polymorphic query support
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
58700354 by Rob van der Linde at 2024-03-01T04:45:36+00:00
netcmd: models: move object_sid field from User to base Model
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
ccce7e7c by Rob van der Linde at 2024-03-01T04:45:36+00:00
netcmd: models: ModelMeta needs to also set fields and meta if class is Model
This is needed for polymorphic query, if querying from the Base model, which was not previously a feature.
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
ca973caa by Rob van der Linde at 2024-03-01T04:45:36+00:00
netcmd: models: Model.query adds optional polymorphic flag for returning specific class types
This defaults to False, query the User class returns only User instances.
User.query(samdb)
When set to True, query the User class can return User, Computer, ManagedServiceAccount instances.
User.query(samdb, polymorphic=True)
If polymorphic is False the same records are still returned but records will always be interpreted as the model that is being queried only, rather than a more specific model that matches that object class.
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
181764a5 by Rob van der Linde at 2024-03-01T04:45:36+00:00
netcmd: models: setting kwarg to None should use field default
This comes up when trying to create a GroupManagedServiceAccount and setting the value of managed_password_interval to None.
We still want it to pick up the field default of 30 in this case.
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
982ebebf by Rob van der Linde at 2024-03-01T04:45:36+00:00
netcmd: models: model __json__ method should call as_dict instead
The comment about RelatedField is not really relevant so removed that part, RelatedField isn't used at this point.
The idea with RelatedField is that it fetches the object (vs DnField which just returns a Dn).
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
120bf34c by Rob van der Linde at 2024-03-01T04:45:36+00:00
netcmd: add newline before epilog so there is a space between
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
63d9b279 by Rob van der Linde at 2024-03-01T04:45:36+00:00
netcmd: properly show command name in show help
This comes up if a user ends up typing something wrong, and it incorrectly showed only part of the command under Usage:
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
1afb6465 by Rob van der Linde at 2024-03-01T04:45:36+00:00
python: sd_utils: pep8 fix spacing around
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
0127ddd7 by Rob van der Linde at 2024-03-01T04:45:36+00:00
python: sd_utils: remove redundant brackets around simple assert statements
Ideally these should be exceptions not asserts
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
62e11cfa by Rob van der Linde at 2024-03-01T04:45:36+00:00
python: sd_utils: pep8 import sorting
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
1093f4b6 by Rob van der Linde at 2024-03-01T04:45:36+00:00
selftest: aces: use constant from samba.security
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
87c8e578 by Rob van der Linde at 2024-03-01T04:45:36+00:00
selftest: aces: fix mutable default args in assemble_ace
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
14a4f642 by Rob van der Linde at 2024-03-01T04:45:36+00:00
python: models: Computer constructor automatically adds "$" to account name
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
7b1b7d13 by Rob van der Linde at 2024-03-01T04:45:36+00:00
netcmd: gmsa: base cli commands for group managed service accounts
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
a7a35ae5 by Rob van der Linde at 2024-03-01T04:45:36+00:00
netcmd: gmsa: cli commands for managing group msa membership
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
85ca9e7c by Rob van der Linde at 2024-03-01T04:45:36+00:00
netcmd: tests: add tests for service-account commands
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
2456fa71 by Rob van der Linde at 2024-03-01T04:45:36+00:00
netcmd: models: move add trustee code to the GMSA model
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
983f04e1 by Rob van der Linde at 2024-03-01T04:45:36+00:00
netcmd: models: move remove trustee code to the GMSA model
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
9238afc1 by Rob van der Linde at 2024-03-01T04:45:36+00:00
netcmd: silos: silo and auth policy commands use print
This adds more consistency with newer code added after these commands.
But also print seems more flexible and requires no newline characters added constantly which ends up being a bit cleaner.
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
993b6da2 by Rob van der Linde at 2024-03-01T04:45:36+00:00
netcmd: silos: silo and auth policy commands use Query class better
Since the introduction of the Query class these can be written to be a lot clearer using models.
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
a1345442 by Rob van der Linde at 2024-03-01T04:45:36+00:00
netcmd: models: Model.from_message should be internal
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
3d367079 by Rob van der Linde at 2024-03-01T04:45:36+00:00
netcmd: models: Rename method to Query._from_message for consistency
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
7a4dc035 by Rob van der Linde at 2024-03-01T04:45:36+00:00
netcmd: models: Add a repr method to Query for help in the shell
This means in the shell you can just do User.query(samdb) without having to wrap it in list() all the time.
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
d961aacd by Rob van der Linde at 2024-03-01T04:45:36+00:00
netcmd: models: Add Person and OrganizationalPerson
Move only those fields over that we already had on User that actually belong on Person and OrganizationalPerson
There are more fields to add later.
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
e70b8751 by Rob van der Linde at 2024-03-01T04:45:36+00:00
netcmd: models: Add optional base_dn argument to Model.query method
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
076bc6ee by Rob van der Linde at 2024-03-01T04:45:36+00:00
netcmd: models: Rename username to account_name for consistency
When creating the User model initially, "username" was the only field that was inconsistently named, it maps to "sAMAccountName".
It should really have been account "account_name".
There is also a field "account_type" and should be similarly named to "account_name".
Basically the naming of fields should always be consistent, breaking the rule for one field only was a mistake.
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
05098443 by Rob van der Linde at 2024-03-01T04:45:36+00:00
netcmd: models: rename lookup methods to find for consistency
There are a mixture of methods called either 'lookup' or 'find'.
This dates back to when they raised LookupError, but these now raise NotFound.
They should be all called 'find' for consistency.
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
2d7cbba2 by Rob van der Linde at 2024-03-01T04:45:36+00:00
netcmd: claims: tidy up, avoid setting enabled twice
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
09aa2597 by Rob van der Linde at 2024-03-01T04:45:36+00:00
netcmd: models: ClaimType: move all dunder methods to the top for consistency
It's nice to consistently list the __str__ method first and all the dunder methods, then the static methods, then the rest.
At least for the models.
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
cabe817f by Rob van der Linde at 2024-03-01T05:52:53+00:00
netcmd: models: Create ClaimType in the model layer instead
Having it inside a command isn't very re-usable.
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Fri Mar 1 05:52:53 UTC 2024 on atb-devel-224
- - - - -
53cdfff7 by Andrew Bartlett at 2024-03-03T22:33:34+00:00
ldb/pyldb: Check errors from PyLdbMessage_FromMessage
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
dbdecac5 by Andrew Bartlett at 2024-03-03T22:33:34+00:00
ldb/pyldb: Call Py_DECREF(list) on failure in PyLdbResult_FromResult()
We need to drop the reference to the list we created if we
are going to fail.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
da63ee78 by Andrew Bartlett at 2024-03-03T22:33:35+00:00
dsdb: Use pyldb_Ldb_AsLdbContext() in PyErr_LDB_OR_RAISE()
This macro already checks the type, so we do not need to call
py_check_dcerpc_type() and prepares to move this macro into pyldb.h
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
2ba8e656 by Andrew Bartlett at 2024-03-03T22:33:35+00:00
dsdb: Use pyldb_check_type() in PyErr_LDB_DN_OR_RAISE()
This prepares to move this macro into pyldb.h
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
0839999c by Andrew Bartlett at 2024-03-03T22:33:35+00:00
dns: Use pyldb_Ldb_AsLdbContext() in PyErr_LDB_OR_RAISE()
This prepares to move this macro into pyldb.h
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
6c3ca9e4 by Andrew Bartlett at 2024-03-03T22:33:35+00:00
dns: Use pyldb_check_type() in PyErr_LDB_DN_OR_RAISE()
This prepares to move this macro into pyldb.h
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
8b0d00a8 by Andrew Bartlett at 2024-03-03T22:33:35+00:00
pyldb: Move PyErr_LDB_OR_RAISE() and PyErr_LDB_DN_OR_RAISE() into pyldb.h
While these style of macros are against our coding style, it is still better
to have them in a single place, and while pyldb.h is technically public
Samba is the only user of the C bindings.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
61e5958a by Andrew Bartlett at 2024-03-03T22:33:35+00:00
pyldb: Use "O!" to specify the type of py_ldb
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
f8fcd218 by Andrew Bartlett at 2024-03-03T22:33:35+00:00
pyldb: Remove last caller to and definition of PyLdb_Check()
This is now checked by PyArg_ParseTupleAndKeywords().
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
7a38a988 by Andrew Bartlett at 2024-03-03T22:33:35+00:00
pyldb: Improve docstric for whoami(), which takes no arguments.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
757036ce by Andrew Bartlett at 2024-03-03T22:33:35+00:00
pyldb: Remove unused and broken Python access to LDB module API
These exposed the private LDB modules API to python, and was
untested and broken since LDB was made async internally as
it never called ldb_wait() on the result.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
35e7ce88 by Jo Sutton at 2024-03-03T22:33:35+00:00
ldb: Add tests for Python set_opaque() and get_opaque()
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ab6cb4bc by Jo Sutton at 2024-03-03T22:33:35+00:00
ldb: Pass a supported opaque type to ldb.set_opaque()
We are about to modify ldb.set_opaque() to accept only certain types,
and ldb.Ldb is not one of those types.
Pass in a value that is supported and whose lifetime is guaranteed to
outlive the Ldb object.
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
81fd4216 by Jo Sutton at 2024-03-03T22:33:35+00:00
ldb: Remove trailing whitespace
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
25632053 by Jo Sutton at 2024-03-03T22:33:35+00:00
ldb: Update ldb.set_opaque() to accept only supported types
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ee94d708 by Jo Sutton at 2024-03-03T23:33:44+00:00
ldb: Update ldb.get_opaque() to return talloc‐managed opaque values
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Sun Mar 3 23:33:44 UTC 2024 on atb-devel-224
- - - - -
ccfa16e2 by Douglas Bagnall at 2024-03-04T02:16:33+00:00
samba-tool: tidy up uncaught insufficient rights LdbError
It is likely that many sub-commands will produce a traceback when people
go `-H ldap://server -Ubob` when they needed to go `-UAdministrator`.
We can catch these and show only the core message.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9b0330ea by Douglas Bagnall at 2024-03-04T03:20:46+00:00
pytest:samba-tool domain kds root-key: test with normal user
It would be bad if samba-tool let ordinary users read root-key secrets.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Mon Mar 4 03:20:46 UTC 2024 on atb-devel-224
- - - - -
fb219d54 by Andrew Bartlett at 2024-03-05T02:54:36+00:00
selftest: Assert that the provision KDS root key is already valid for use
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
b4204389 by Andrew Bartlett at 2024-03-05T02:54:36+00:00
python/samba/provision: Ensure KDS root key is usable as soon as provision is complete
We do this by setting the start time to being 10 hours 5min earlier
than now.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
195c0e0d by Andrew Bartlett at 2024-03-05T02:54:36+00:00
lib/ldb: Allocate opaque on ldb_ctx
Just in case this LDB is given away into the C code, that opaque must live
as long as the LDB itself, not the python wrapper object.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
416b6c5a by Andrew Bartlett at 2024-03-05T02:54:36+00:00
lib/ldb-samba: Align py_ldb_set_opaque_integer() with pyldb_set_opaque() and use "unsigned long long"
We need to change the internal types assumed in Samba for the opaque
integers to "unsigned long long" as this is what ldb.set_opaque() will
create, and we want to move to this interface rather than have a
duplicate.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
d73c92a3 by Andrew Bartlett at 2024-03-05T02:54:36+00:00
dsdb: Remove calls to ldb.set_opaque_integer()
This routine will shortly be removed, it is now replaced by an
improved ldb.set_opaque()
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
da7f056f by Andrew Bartlett at 2024-03-05T03:55:33+00:00
lib/ldb-samba: Remove unused ldb.set_opaque_integer()
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Tue Mar 5 03:55:33 UTC 2024 on atb-devel-224
- - - - -
9f68656b by Martin Schwenke at 2024-03-06T06:05:38+00:00
ctdb-daemon: Use ctdb_event_to_string()
ctdb_eventscript_call_names() will be dropped so the mapping between
events and strings is only maintained in one place.
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
318d526a by Martin Schwenke at 2024-03-06T06:05:38+00:00
ctdb-common: Remove unused variable ctdb_eventscript_call_names.
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
ed67e650 by Martin Schwenke at 2024-03-06T06:05:38+00:00
ctdb-common: Remove old runstate/string translation functions
The canonical versions are in protocol utils.
These were unused apart from some stray forward declarations in
tools/ctdb.c and a single call in ctdb_set_runstate(), where
ctdb_runstate_to_string() can be used instead.
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
786adcca by Vinit Agnihotri at 2024-03-06T06:05:38+00:00
ctdb-protocol: Add new event startipreallocate
A new event is needed for NFS lock reclaim to ensure all nodes are in
grace before any locks are released. This event must take place before
releaseip.
Signed-off-by: Vinit Agnihotri <vagnihotri at ddn.com>
Reviewed-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
d97e642b by Vinit Agnihotri at 2024-03-06T06:05:38+00:00
ctdb-daemon: Implement startipreallocate event
Signed-off-by: Vinit Agnihotri <vagnihotri at ddn.com>
Reviewed-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
9a20dfe9 by Vinit Agnihotri at 2024-03-06T06:05:38+00:00
ctdb-protocol: Add new control CTDB_CONTROL_START_IPREALLOCATE
Signed-off-by: Vinit Agnihotri <vagnihotri at ddn.com>
Reviewed-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
b7cc56d2 by Vinit Agnihotri at 2024-03-06T06:05:38+00:00
ctdb-server: Implement CTDB_CONTROL_START_IPREALLOCATE
Trigger a "startipreallocate" event, but only if in RUNNING runstate.
"startipreallocate" is intended to allow an NFS server to be put into
grace on all nodes before any locks are released as part of releaseip
during failover. If node A is leader and initiates a takeover run
then node B may be connected/active but may not have completed
startup. In this case, the attempt to put NFS-Ganesha into grace on
node B will fail, startipreallocate will fail, and the node will be
banned.
Signed-off-by: Vinit Agnihotri <vagnihotri at ddn.com>
Reviewed-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
2483a2ae by Vinit Agnihotri at 2024-03-06T06:05:38+00:00
ctdb-takeover: Use CTDB_CONTROL_START_IPREALLOCATE
Signed-off-by: Vinit Agnihotri <vagnihotri at ddn.com>
Reviewed-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
7dacbcd0 by Vinit Agnihotri at 2024-03-06T06:05:38+00:00
ctdb: send a CTDB_SRVID_START_IPREALLOCATE message after CTDB_EVENT_START_IPREALLOCATE
Event scripts run the "start_ipreallocate" hook in order to notice
that some ip addresses in the cluster potentially changed.
CTDB_SRVID_START_IPREALLOCATE gives C code a chance to get notified as well
once the event scripts are finished.
Signed-off-by: Vinit Agnihotri <vagnihotri at ddn.com>
Reviewed-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
a4e492f7 by Vinit Agnihotri at 2024-03-06T06:05:38+00:00
ctdb-scripts: Add handling for startipreallocate
Signed-off-by: Vinit Agnihotri <vagnihotri at ddn.com>
Reviewed-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
9631e356 by Vinit Agnihotri at 2024-03-06T06:05:38+00:00
ctdb-client: Remove unused function
Signed-off-by: Vinit Agnihotri <vagnihotri at ddn.com>
Reviewed-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
34c76ffe by Vinit Agnihotri at 2024-03-06T06:05:38+00:00
ctdb-doc: Factor out grace period function
Signed-off-by: Vinit Agnihotri <vagnihotri at ddn.com>
Reviewed-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
e3294e55 by Vinit Agnihotri at 2024-03-06T06:05:38+00:00
ctdb-doc: Put NFS in grace on startipreallocate
Signed-off-by: Vinit Agnihotri <vagnihotri at ddn.com>
Reviewed-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
2de2d5dd by Vinit Agnihotri at 2024-03-06T06:05:38+00:00
ctdb-scripts: Remove unnecessary 06.nfs.script
Signed-off-by: Vinit Agnihotri <vagnihotri at ddn.com>
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
6005de8c by Vinit Agnihotri at 2024-03-06T07:09:06+00:00
ctdb-scripts: Remove usage of releaseip-pre, takeip-pre pseudo-events
These were generated by 06.nfs.script.
Signed-off-by: Vinit Agnihotri <vagnihotri at ddn.com>
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Wed Mar 6 07:09:06 UTC 2024 on atb-devel-224
- - - - -
6fb86a0f by Andreas Schneider at 2024-03-06T14:38:37+00:00
libgpo: Fix trailing spaces in pygpo.c
Reviewed-by: David Mulder <dmulder at samba.org>
- - - - -
b13d4359 by Andreas Schneider at 2024-03-06T15:44:19+00:00
libgpo: Do not segfault if we don't have a valid security descriptor
Program received signal SIGSEGV, Segmentation fault.
ndr_push_security_descriptor (ndr=ndr at entry=0x555555bf41b0, ndr_flags=ndr_flags at entry=768, r=r at entry=0x0) at librpc/gen_ndr/ndr_security.c:713
713 NDR_CHECK(ndr_push_security_descriptor_revision(ndr, NDR_SCALARS, r->revision));
Thread 1 (Thread 0x7ffff7ece740 (LWP 21460) "python3"):
#0 ndr_push_security_descriptor (ndr=ndr at entry=0x555555bf41b0, ndr_flags=ndr_flags at entry=768, r=r at entry=0x0) at librpc/gen_ndr/ndr_security.c:713
_flags_save_STRUCT = 0
_status = <optimized out>
_status = <optimized out>
_status = <optimized out>
_status = <optimized out>
_status = <optimized out>
_status = <optimized out>
_status = <optimized out>
_status = <optimized out>
_status = <optimized out>
_status = <optimized out>
_status = <optimized out>
_status = <optimized out>
_status = <optimized out>
_status = <optimized out>
_status = <optimized out>
_status = <optimized out>
_status = <optimized out>
_status = <optimized out>
_status = <optimized out>
_status = <optimized out>
__FUNCTION__ = "ndr_push_security_descriptor"
#1 0x00007ffff617237f in ndr_push_struct_blob (blob=blob at entry=0x7fffffffdb20, mem_ctx=0x555555aa3bd0, p=0x0, fn=0x7ffff6074ad0 <ndr_push_security_descriptor>, fn at entry=0x7ffff60706c8 <ndr_push_security_descriptor at plt>) at ../../librpc/ndr/ndr.c:1438
_status = <optimized out>
ndr = 0x555555bf41b0
#2 0x00007ffff607cccf in marshall_sec_desc (mem_ctx=<optimized out>, secdesc=<optimized out>, data=data at entry=0x7fffffffdb80, len=len at entry=0x7fffffffdb78) at ../../libcli/security/secdesc.c:241
blob = {data = 0x7fffffffdb40 "`\333\377\377\377\177", length = 140737352374299}
ndr_err = <optimized out>
__FUNCTION__ = "marshall_sec_desc"
#3 0x00007ffff29edd94 in GPO_marshall_get_sec_desc_buf (self=<optimized out>, args=<optimized out>, kwds=<optimized out>) at ../../libgpo/pygpo.c:119
gpo_ptr = <optimized out>
status = <optimized out>
data = 0x0
len = 0
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15599
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: David Mulder <dmulder at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Wed Mar 6 15:44:19 UTC 2024 on atb-devel-224
- - - - -
055b4cd5 by Jule Anger at 2024-03-12T09:49:31+00:00
samba-tool: add "samba-tool user list --locked-only"
Signed-off-by: Jule Anger <janger at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0e40506d by Jule Anger at 2024-03-12T10:54:49+00:00
selftest: add tests for "samba-tool user list --locked-only"
Signed-off-by: Jule Anger <janger at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Jule Anger <janger at samba.org>
Autobuild-Date(master): Tue Mar 12 10:54:49 UTC 2024 on atb-devel-224
- - - - -
be15ab4c by Volker Lendecke at 2024-03-12T13:31:31+00:00
smbd: Remove unused declarations in smbXsrv.idl
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5246267d by Volker Lendecke at 2024-03-12T13:31:31+00:00
smbd: Simplify fsp_fullbasepath()
snprintf deals well with NULL/0 buffers. Basically this undoes
6555fa9d8fbc and 193df617. 6555fa9d8fbc gave cppcheck as a reason for
this patch, but if I look into susv4's snprintf definition I find:
If n is zero, nothing shall be written and s may be a null pointer.
This removes the checks and makes sure we fulfill the requirement of
susv4 that states that buf can only be NULL if buflen is 0.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
51bb236a by Volker Lendecke at 2024-03-12T13:31:31+00:00
smbd: Modernize a DEBUG statement
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
72492de5 by Volker Lendecke at 2024-03-12T13:31:31+00:00
smbd: Add conn_protocol()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
67f6fcfe by Volker Lendecke at 2024-03-12T13:31:31+00:00
smbd: Remove the last use of get_Protocol()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ea09be77 by Volker Lendecke at 2024-03-12T13:31:31+00:00
smbd: Remove get_Protocol()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7c68d88c by Volker Lendecke at 2024-03-12T13:31:31+00:00
lib: Make GUID_to_ndr_buf() return void
The whole point of struct GUID_ndr_buf is that this never fails.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9f565512 by Volker Lendecke at 2024-03-12T13:31:31+00:00
libsmb: Simplify an if-condition
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
32ecf1fe by Volker Lendecke at 2024-03-12T13:31:31+00:00
lib: Simplify copy_unix_token()
Avoid an else with implicit NULL initialization
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
56233406 by Volker Lendecke at 2024-03-12T13:31:31+00:00
torture: Fix an error message
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
01cbfab9 by Volker Lendecke at 2024-03-12T13:31:31+00:00
smbd: Add parentheses for easier readability
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
97896fa7 by Volker Lendecke at 2024-03-12T13:31:31+00:00
lib: Simplify _hexcharval
Saves a few bytes and conditional jumps
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
90bd197d by Volker Lendecke at 2024-03-12T13:31:31+00:00
smbXsrv_version: Modernize DEBUG statements
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f1af8843 by Volker Lendecke at 2024-03-12T13:31:31+00:00
smbXsrv_version: Use a struct assignment instead of ZERO_STRUCT
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5885a69a by Volker Lendecke at 2024-03-12T13:31:31+00:00
smbXsrv_version: Remove unused smbXsrv_version_global0->db_rec
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ac8d38cf by Volker Lendecke at 2024-03-12T13:31:31+00:00
smbXsrv_version: Use a struct assignment
Make sure everything is initialized
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7f5d5ddd by Volker Lendecke at 2024-03-12T13:31:31+00:00
smbd: Fix a comment
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d393fd46 by Volker Lendecke at 2024-03-12T13:31:31+00:00
auth: Simplify smb_krb5_send_to_kdc_state_destructor()
Replace a call to dbwrap_fetch_locked() with the higherlevel
dbwrap_delete().
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c37eb90d by Volker Lendecke at 2024-03-12T13:31:31+00:00
vfs: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
965fec35 by Volker Lendecke at 2024-03-12T13:31:31+00:00
smbd: Give smbXsrv_session.c its own header file
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
17caec0e by Volker Lendecke at 2024-03-12T13:31:31+00:00
smbd: Fix and modernize a few DBG statements
There were still a few function names in DBGs
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f948b626 by Volker Lendecke at 2024-03-12T13:31:31+00:00
smbd: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
02d9631c by Volker Lendecke at 2024-03-12T13:31:31+00:00
tools: Fix whitespace
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
072cb98e by Volker Lendecke at 2024-03-12T14:33:14+00:00
smbd: Avoid a ZERO_STRUCT() with direct struct initialization
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Tue Mar 12 14:33:14 UTC 2024 on atb-devel-224
- - - - -
8eaba9db by Volker Lendecke at 2024-03-13T07:42:31+00:00
smbd: Fix a DBG message
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
78208d4f by Volker Lendecke at 2024-03-13T08:43:16+00:00
ctdb: Remove an unnecessary cast
nl->srvid is uint64_t, as is the srvid parameter of ctdb_daemon_send_message()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Wed Mar 13 08:43:16 UTC 2024 on atb-devel-224
- - - - -
6e6324cf by Ralph Boehme at 2024-03-13T09:25:33+00:00
smbd: simplify handling of failing fstat() after unlinking file
close_remove_share_mode() already called vfs_stat_fsp(), so we can skip the
fstat() triggered in fd_close() by fsp->fsp_flags.fstat_before_close being true.
This avoids getting an EACCESS error when doing an fstat() on the removed file
which seems to happen with some FUSE filesystems.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15527
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
6ee3f809 by Noel Power at 2024-03-13T10:34:45+00:00
s3/smbd: If we fail to close file_handle ensure we should reset the fd
if fsp_flags.fstat_before_close == true then close_file_smb will call
vfs_stat which can fail. If it does fail then the fd associated
with the file handle will still be set (and we will hit an assert
is the file handle destructor) when calling file_free.
We need to set fd to -1 to avoid that. To achieve that we capture and
return the vfs_stat_fsp failure status while still processing the rest
of the fd_close logic.
[2024/02/20 09:23:48.454671, 0, pid=9744] ../../source3/smbd/smb2_close.c:226(smbd_smb2_close)
smbd_smb2_close: close_file[]: NT_STATUS_ACCESS_DENIED
[2024/02/20 09:23:48.454757, 0, pid=9744] ../../source3/smbd/fd_handle.c:40(fd_handle_destructor)
PANIC: assert failed at ../../source3/smbd/fd_handle.c(40): (fh->fd == -1) || (fh->fd == AT_FDCWD)
[2024/02/20 09:23:48.454781, 0, pid=9744] ../../lib/util/fault.c:178(smb_panic_log)
===============================================================
[2024/02/20 09:23:48.454804, 0, pid=9744] ../../lib/util/fault.c:185(smb_panic_log)
INTERNAL ERROR: assert failed: (fh->fd == -1) || (fh->fd == AT_FDCWD) in smbd (smbd[192.168.10) (client [192.168.100.15]) pid 9744 (4.21.0pre1-DEVELOPERBUILD)
[2024/02/20 09:23:48.454844, 0, pid=9744] ../../lib/util/fault.c:190(smb_panic_log)
If you are running a recent Samba version, and if you think this problem is not yet fixed in the latest versions, please consider reporting this bug, see https://wiki.samba.org/index.php/Bug_Reporting
[2024/02/20 09:23:48.454869, 0, pid=9744] ../../lib/util/fault.c:191(smb_panic_log)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15527
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Noel Power <npower at samba.org>
Autobuild-Date(master): Wed Mar 13 10:34:45 UTC 2024 on atb-devel-224
- - - - -
c9707172 by Andreas Schneider at 2024-03-14T12:19:56+00:00
packaging: Provide a systemd service file for samba-bgqd
There might be scenarios where the background queue daemon should be
running all the time instead of being started on demand. This makes
especially sense for bigger printing servers with a lot of printers. It
takes ~1 sec to get a printer from cups, so a print server with 100
printers needs 100 seconds to update the printer_list.tdb. The service
will be killed because of idle in the meantime.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15600
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
Autobuild-User(master): Günther Deschner <gd at samba.org>
Autobuild-Date(master): Thu Mar 14 12:19:56 UTC 2024 on atb-devel-224
- - - - -
7a8c0916 by Andrew Bartlett at 2024-03-14T22:06:39+00:00
python: Explain strange enable_net_export_keytab() behaviour is no longer due Heimdal
This code is now common between Heimdal and MIT Kerberos, but can still be missing
for builds of "samba-tool" that do not include the whole AD DC.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
b6cffcb3 by Andrew Bartlett at 2024-03-14T22:06:39+00:00
libnet: Prepare to allow "samba-tool domain exportkeytab to support -H
We need to allow a samdb to be passed from the python to support
using a specific DB or remote server for gMSA passwords.
The gMSA passwords will not use this code, but we need to be
consistant.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
9246ee48 by Andrew Bartlett at 2024-03-14T22:06:39+00:00
samba-tool domain exportkeytab: Add support for -H to point to a different sam.ldb
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
a2ed51df by Andrew Bartlett at 2024-03-14T22:06:39+00:00
s4-auth/kerberos: Remove unused paremters to create_keytab()
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
2c33862b by Andrew Bartlett at 2024-03-14T22:06:39+00:00
s4-auth/kerberos: Add define ENC_STRONG_SALTED_TYPES
This allows us to mask out RC4 and insist on the modern AES types
where that makes sense.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
6b3ce044 by Andrew Bartlett at 2024-03-14T22:06:39+00:00
s4-auth/kerberos: Rename create_keytab() to smb_krb5_fill_keytab()
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
d4155f8a by Andrew Bartlett at 2024-03-14T22:06:39+00:00
Make "samba-tool domain exportkeytab" prune old keys
This slowly prepares this to be an update tool, not just a one-off export tool
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
f34b910b by Andrew Bartlett at 2024-03-14T22:06:39+00:00
s4-libnet: Provide hint for "samba-tool domain exportkeytab" if used over LDAP without gMSA
Only gMSA accounts, and only for authoriszed users, can export be exported without
local sam.ldb access.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
74f9d2e5 by Andrew Bartlett at 2024-03-14T22:06:39+00:00
auth/credentials: Add bindings for getting and setting the salt principal
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
9fc11e32 by Andrew Bartlett at 2024-03-14T22:06:39+00:00
auth/credentials: Use salt on credentials object for Creds.get_aes256_key()
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
dd993c21 by Andrew Bartlett at 2024-03-14T22:06:39+00:00
auth/credentials: Dynamically calculate the salt principal (unless speccified)
This helps pull the salt principal calculation into a single spot.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
44063674 by Andrew Bartlett at 2024-03-14T22:06:39+00:00
s4-libnet: Pass the full struct smb_krb5_context to sdb_kt_copy()
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
13d346ce by Andrew Bartlett at 2024-03-14T22:06:39+00:00
auth/credentials: Add hook to set credentials from msDS-ManagedPassword blob
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
b8308f3f by Andrew Bartlett at 2024-03-14T22:06:39+00:00
auth/credentials: Make cli_credentials_get_aes256_key into generic key access
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
48affb13 by Andrew Bartlett at 2024-03-14T22:06:39+00:00
auth/credentials: Allow generation of old Kerberos keys also
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
66a9c1da by Andrew Bartlett at 2024-03-14T22:06:39+00:00
s4-kdc: Prepare for gMSA support by recording it on the entry
This will allow the "samba-tool domain exportkeytab" code to do special gMSA
processing and in the future will allow the KDC to know it needs to check
if the keys in the DB need refreshing.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
bd2edecf by Andrew Bartlett at 2024-03-14T22:06:39+00:00
s4-libnet: Add export of gMSA keys to "samba-tool domain exportkeytab"
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
0490aed7 by Andrew Bartlett at 2024-03-14T22:06:39+00:00
auth/credentials: Cope with GMSA 5min password preview in cli_credentials_set_gmsa_passwords()
This is unused in Samba currently, but is a subtle race that will be difficult
to debug if this is ever used, so this makes things easier for some future
developer.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
91c05536 by Andrew Bartlett at 2024-03-14T22:06:39+00:00
s4-auth/kerberos: Note the good possability that the msDS-KeyVersionNumber is wrong
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
43ce741d by Andrew Bartlett at 2024-03-14T22:06:39+00:00
python/tests: Add test that gMSA keytab export works and matches direct keytab export
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
9fc4070f by Andrew Bartlett at 2024-03-14T22:06:39+00:00
lib/krb5_wrap: Rename confusing add_salt parameter to smb_krb5_kt_add_entry()
This just adds the key directly, it is not related to if salting is used or not.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
2f97f6fe by Andrew Bartlett at 2024-03-14T22:06:39+00:00
lib/krb5_wrap: Pull already_hashed case out of smb_krb5_kt_add_entry()
The two callers of this function want two very different things, the
common point was wanting to call smb_krb5_kt_seek_and_delete_old_entries()
however this is now done earlier in sdb_kt_copy() with
smb_krb5_remove_obsolete_keytab_entries() or an unlink() in
libnet_export_keytab().
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
0cb1e4db by Andrew Bartlett at 2024-03-14T22:06:39+00:00
samba-tool: Add option --keep-stale-entries to "samba-tool domain exportkeytab"
This will keep stale keys in the keytab, which may be useful for wireshark
but is not correct if the keytab is used for accepting Kerberos tickets,
as tickets encrypted with old passwords would still be accepted.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
014f1b56 by Andrew Bartlett at 2024-03-14T22:06:39+00:00
s4-libnet: Raise NTSTATUSError not RuntimeError in keytab export
We should never raise RuntimeError if we have a better option.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
b2dff173 by Andrew Bartlett at 2024-03-14T22:06:39+00:00
samba-tool domain exportkeytab: Raise a proper CommandError
This avoids giving just a backtrace for things like exporting a keytab
to an existing file.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
f81d7047 by Andrew Bartlett at 2024-03-14T22:06:39+00:00
selftest: Add tests for "samba-tool domain exportkeytab" with existing files"
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
3bb215d1 by Andrew Bartlett at 2024-03-14T22:06:39+00:00
selftest: Add tests of samba-tool domain export-keytab --keep-stale-entries behaviour
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
7b662a92 by Andrew Bartlett at 2024-03-14T22:06:39+00:00
s4-auth/kerberos: Do not add true duplicates to exported keytab
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
a0867595 by Andrew Bartlett at 2024-03-14T22:06:39+00:00
s4-libnet: Prepare for a "rolling update" keytab export
This mode will allow keytabs to be exported with all current keys added
to historical keys, which will be useful in a domain with many gMSA
servers that require wireshark decryption.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
9d7a97dc by Andrew Bartlett at 2024-03-14T22:06:40+00:00
samba-tool domain exportkeytab: Refuse to overwrite an existing file in full-db export
Since 87f67d336919172845f53067c67d1eab8e7ef18a samba-tool domain exportkeytab has
silently unlinked the given target file. Instead, the administrator now needs
to specify a file that does not exist.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
97a23e57 by Andrew Bartlett at 2024-03-14T23:16:16+00:00
s4-auth/kerberos: Report errors observed during smb_krb5_remove_obsolete_keytab_entries()
Previously any errors noticed during the main loop would be ignored.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu Mar 14 23:16:16 UTC 2024 on atb-devel-224
- - - - -
78f72806 by Douglas Bagnall at 2024-03-18T01:46:31+00:00
libcli/security: claims_conversions: check for NULL in claims array
If by mistake we end up with a NULL in our array of claims pointers,
it is better to return an error than crash.
There can be NULLs in the array if a resource attribute ACE has a
claim that uses 0 as a relative data pointer. Samba assumes this means
a NULL pointer, rather than a zero offset.
Credit to OSS-Fuzz.
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=66777
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15606
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b815abe7 by Douglas Bagnall at 2024-03-18T02:51:08+00:00
libcli/security: check again for NULL values
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Mon Mar 18 02:51:08 UTC 2024 on atb-devel-224
- - - - -
c221f708 by Rob van der Linde at 2024-03-20T03:49:34+00:00
python: samdb: Move get_connecting_user_sid to samdb
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4f97df70 by Rob van der Linde at 2024-03-20T03:49:34+00:00
python: samdb: Make connecting_user_sid a property
This is following the same design as other similar properties like samdb.domain_sid, only it doesn't need a setter.
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
12f3db01 by Rob van der Linde at 2024-03-20T03:49:34+00:00
netcmd: models: User.find also tries object_sid
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3e22f8f3 by Rob van der Linde at 2024-03-20T03:49:34+00:00
netcmd: models: add User.get_sid_for_principal helper
Unlike User.find, this will not fetch the User if an SID is provided.
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
bd79c074 by Rob van der Linde at 2024-03-20T03:49:34+00:00
netcmd: models: allow scope to be overridden in query
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
200948c1 by Rob van der Linde at 2024-03-20T03:49:34+00:00
netcmd: models: improve Computer constructor adding "$" handling
In some cases the previous code would end up creating computers where the account name ended on double "$"
Rewrote constructor to handle more cases, for example only an account name is provided, only a name is provided, or both.
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a6e79982 by Rob van der Linde at 2024-03-20T03:49:35+00:00
netcmd: gmsa: create should allow custom SDDL
gMSA update already supported it but not create
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
48c0ed76 by Rob van der Linde at 2024-03-20T03:49:35+00:00
netcmd: gmsa: fix typo if trustee is not found
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
87d00915 by Rob van der Linde at 2024-03-20T03:49:35+00:00
netcmd: gmsa: add_trustee and remove_trustee change argument to sid
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
12adbfc6 by Rob van der Linde at 2024-03-20T03:49:35+00:00
netcmd: gmsa: add and remove don't fetch trustee if it is a SID
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e25c4872 by Rob van der Linde at 2024-03-20T03:49:35+00:00
netcmd: gmsa: show viewers also works if SID is not found
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1f511acc by Rob van der Linde at 2024-03-20T03:49:35+00:00
python: create domain module to move models into
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f739ef81 by Rob van der Linde at 2024-03-20T03:49:35+00:00
python: move models out of the netcmd package
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7fafb268 by Rob van der Linde at 2024-03-20T03:49:35+00:00
python: pep8: fix import sorting after move
Only touch files where samba.domain.models import was moved
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
bda23294 by Rob van der Linde at 2024-03-20T03:49:35+00:00
python: models: add kwargs to __json__ and as_dict methods
Allows passing arguments through
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
52165b8e by Rob van der Linde at 2024-03-20T03:49:35+00:00
python: models: add Container model
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3c022f44 by Rob van der Linde at 2024-03-20T03:49:35+00:00
python: fix json encoder should handle Exception
This happens if --json is used and a CommandError is raised, so will affect other commands too where --json is used.
This happens in the print_json_status method.
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
40e0cb2c by Rob van der Linde at 2024-03-20T03:49:35+00:00
tests: samdb: Make use of the domain_sid property
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
878abe02 by Rob van der Linde at 2024-03-20T03:49:35+00:00
tests: user: gmsa dNSHostName is a required field
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ea3838b6 by Rob van der Linde at 2024-03-20T03:49:35+00:00
tests: user: fix PEP8 spacing around operator
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
87cf1a29 by Rob van der Linde at 2024-03-20T03:49:35+00:00
tests: user: create gmsa with models
It was fetching the GMSA with the models straight after creating it anyway.
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c004fdd0 by Rob van der Linde at 2024-03-20T03:49:35+00:00
tests: models: fix username should be account_name
The reason this didn't fail, is because it doesn't save the Computers.
This gets fixed in the next commit.
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7dcc06fa by Rob van der Linde at 2024-03-20T03:49:35+00:00
tests: models: test additional Computer constructor cases
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
da500249 by Rob van der Linde at 2024-03-20T04:53:57+00:00
tests: gmsa blackbox tests
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed Mar 20 04:53:57 UTC 2024 on atb-devel-224
- - - - -
904479cd by Douglas Bagnall at 2024-03-20T23:42:34+00:00
selftest/gdb_backtrace: print python traceback if available
If a program happens to have 'PyList_New' defined but is not a python
script, gdb will print
> Undefined command: "py-bt". Try "help".
and probably stop. This happens after the C backtraces have been
printed, so nothing is lost.
The traceback is printed twice -- once in conventional Python style
for clarity, and once with extra "full" information.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
12ce2899 by Douglas Bagnall at 2024-03-20T23:42:34+00:00
selftest/gdb_backtrace: avoid printing backtrace twice with 1 thread
We call 'thread apply all bt full' in case there are interesting
things going on in other threads, but often there are no other threads
and it only serves to repeat the original trace (and very slowly, for
some reason).
The $_inferior_thread_count convenience variable is new in gdb 13.1
(2022-ish) so we init-if-undefined it to default to the old behaviour.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ecd65265 by Douglas Bagnall at 2024-03-20T23:42:34+00:00
selftest/gdb_backtrace: print `info threads` and some signpost headers
Search for '###'.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c04ac95c by Douglas Bagnall at 2024-03-20T23:42:34+00:00
py:samdb: make SamDB.__str__ show the URL and ID
Getting the right samdb is going to matter more, so it is useful for
debugging to see which is which.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
682a87fd by Andrew Bartlett at 2024-03-20T23:42:34+00:00
selftest: Run samba.tests.segfault with TALLOC_FREE_FILL
This helps make use-after-free testing reliable.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
5ceecd3f by Douglas Bagnall at 2024-03-20T23:42:34+00:00
pytest:segfault: prevent @no_gdb_backtrace smearing on exception
It is OK for one of these tests to raise an exception -- that is often
the only reasonable thing to do when you'd otherwise crash -- but the
@no_gdb_backtrace decorator would not clean up in that case, leading to
no gdb backtraces for all subsequent tests.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c17ff0a3 by Douglas Bagnall at 2024-03-20T23:42:34+00:00
pytest:segfault: do not assume PLEASE_NO_GDB_BACKTRACE var is unset
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
14a6109e by Douglas Bagnall at 2024-03-20T23:42:34+00:00
pyldb: catch errors in ldb_db_get_casefold
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4ce132ce by Douglas Bagnall at 2024-03-20T23:42:34+00:00
pyldb: py_ldb_init() uses py_ldb_connect() for connecting
To avoid all the same logic, subtly different.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c7c42762 by Douglas Bagnall at 2024-03-20T23:42:34+00:00
ldb-samba:ldb_wrap: don't crash if "ldb_url" opaque is unset
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d58c2c29 by Douglas Bagnall at 2024-03-20T23:42:34+00:00
ldb:pytests: test duplicate connections fail
(they don't yet).
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2ed90bbf by Douglas Bagnall at 2024-03-20T23:42:34+00:00
lib/ldb: don't allow repeated connections
In the best case, this would have leaked.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e4babdfa by Douglas Bagnall at 2024-03-20T23:42:34+00:00
ldb:pyldb.h: include some headers that are used
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
461192fd by Douglas Bagnall at 2024-03-20T23:42:34+00:00
pyldb_utils: pyldb_Object_AsDn() sets TypeError more often
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
118b9ec5 by Douglas Bagnall at 2024-03-20T23:42:34+00:00
pyldb: add a FIXME for a non-transitive compare
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8cf77b57 by Douglas Bagnall at 2024-03-20T23:42:34+00:00
ldb:ldb_dn: use safe transitive comparison in ldb_dn_compare()
The comparison we make is unconventional, and makes no difference in
normal usage, where we just want to know whether two DNs are the same
or not. But with over 100 callers, it is possible that something
somewhere is attempting a sort.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
bf654a04 by Douglas Bagnall at 2024-03-20T23:42:34+00:00
pyldb: ldb_msg_richcmp: avoid one intransitive compare
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d1322636 by Douglas Bagnall at 2024-03-20T23:42:34+00:00
ldb_dn: make LDB_FREE, TALLOC_FREE
This LDB_FREE() seems to predate TALLOC_FREE(), and was identical
until TALLOC_FREE was optimised to avoid calling talloc_free(NULL) in
b9fcfc6399eab750880ee0b9806311dd351a8ff6.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
efffb248 by Günther Deschner at 2024-03-20T23:42:34+00:00
s3-librpc: merge two PIDL lists
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
56719a5d by Günther Deschner at 2024-03-20T23:42:34+00:00
pidl: fix trailing double-quote on last line of s3 server stubs
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8f1a8014 by Günther Deschner at 2024-03-21T00:45:29+00:00
pidl: add "return ENOTSUP" for int return type in s3 template
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu Mar 21 00:45:29 UTC 2024 on atb-devel-224
- - - - -
55bc523d by Jo Sutton at 2024-03-21T03:12:33+00:00
s4:auth: Fix grammar in error message
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
86db3056 by Jo Sutton at 2024-03-21T03:12:33+00:00
python:tests: Use Managed Service Accounts well‐known GUID
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
398a555f by Jo Sutton at 2024-03-21T03:12:33+00:00
python:tests: Simplify expression
‘not keytab_bytes’ is shorter and equivalent.
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2f25c23b by Jo Sutton at 2024-03-21T03:12:33+00:00
s4:auth: Allocate strings on shorter‐lived memory context
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ed5f8af3 by Jo Sutton at 2024-03-21T03:12:33+00:00
python:tests: Fix code spelling
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
cd7b0720 by Jo Sutton at 2024-03-21T03:12:33+00:00
python: Correctly qualify strptime()
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d8fa0dd6 by Jo Sutton at 2024-03-21T03:12:33+00:00
python: Type ‘format’ parameter as optional
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
cd44f806 by Jo Sutton at 2024-03-21T03:12:33+00:00
s4:libnet: Fix code spelling
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
96ac8144 by Jo Sutton at 2024-03-21T03:12:33+00:00
python: Correct time conversion function name
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0bc8d146 by Jo Sutton at 2024-03-21T03:12:33+00:00
python:tests: Do not have current_time() and current_nt_time() implicitly include clock skew
This is just too error‐prone.
current_gkid() will still continue to return the next GKID if it’s
within clock skew.
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
67457394 by Jo Sutton at 2024-03-21T03:12:33+00:00
tests/krb5: Allow specifying SamDB to use when creating an account
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8b86174b by Jo Sutton at 2024-03-21T03:12:33+00:00
auth:credentials: Remove trailing line
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
67af86d2 by Jo Sutton at 2024-03-21T03:12:33+00:00
auth:credentials: Remove unused include
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
eac23954 by Jo Sutton at 2024-03-21T03:12:33+00:00
s4:auth: Update error messages
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4f0ed9b0 by Jo Sutton at 2024-03-21T04:19:18+00:00
tests/krb5: Add tests for AllowedToAuthenticateTo with an AS-REQ
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15607
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu Mar 21 04:19:18 UTC 2024 on atb-devel-224
- - - - -
168e5df6 by Douglas Bagnall at 2024-03-22T05:03:35+00:00
fuzzing: fuzz_ndr_X ndr_print does printing
By printing into a buffer, we might notice some errors.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e1071cd1 by Douglas Bagnall at 2024-03-22T05:03:35+00:00
fuzz:fuzz_conditional_ace_blob lets long generated SDDL fail
This can legitimately fail, due to e.g. integers being interpreted as
local attributes due to their position (the original data is complete
nonsense, bravely decompiled by sddl_from_conditional_ace).
In the example found the original begins like
00000000 61 72 74 78 02 00 00 00 00 00 00 00 00 03 01 02 |artx............|
00000010 f7 ff ff ff ff ff ff ff 03 01 a1 02 00 3b 00 00 |.............;..|
00000020 00 00 00 00 03 01 a1 02 00 3b 00 00 00 00 00 00 |.........;......|
00000030 03 01 02 a5 ff ff ff ff ff ff ff 03 01 a1 02 78 |...............x|
00000040 00 00 00 00 00 00 00 03 01 85 02 00 3b 00 00 00 |............;...|
00000050 00 00 00 03 01 a1 02 00 3b 00 00 00 00 00 00 03 |........;.......|
00000060 01 02 a5 00 00 00 00 00 00 00 03 01 81 02 00 00 |................|
00000070 00 00 00 00 00 00 03 01 81 02 00 3b 00 00 00 00 |...........;....|
while the SDDL cycled version looks like
00000000 61 72 74 78 f8 04 00 00 00 30 00 30 00 f8 2e 00 |artx.....0.0....|
00000010 00 00 30 00 31 00 37 00 37 00 37 00 37 00 37 00 |..0.1.7.7.7.7.7.|
00000020 37 00 37 00 37 00 37 00 37 00 37 00 37 00 37 00 |7.7.7.7.7.7.7.7.|
00000030 37 00 37 00 37 00 37 00 37 00 37 00 36 00 37 00 |7.7.7.7.7.7.6.7.|
00000040 a1 f8 0c 00 00 00 30 00 33 00 35 00 34 00 30 00 |......0.3.5.4.0.|
00000050 30 00 a1 f8 0c 00 00 00 30 00 33 00 35 00 34 00 |0.......0.3.5.4.|
00000060 30 00 30 00 f8 2e 00 00 00 30 00 31 00 37 00 37 |0.0......0.1.7.7|
00000070 00 37 00 37 00 37 00 37 00 37 00 37 00 37 00 37 |.7.7.7.7.7.7.7.7|
and this new interpretation ends up being more than 10000 bytes long,
so the conversion fails.
The SDDL ends up looking like this:
(((((((((((00) || (01777777777777777777767)) || (035400)) || \
(((((((((((((((((((((((((((((((((((035400) || (01777777777777777777645)) \
>= 0170) || (035400)) || (((((((((((((((((((((((((((((((035400 != 0245)
[...]
where all the octal digits on the left hand side of operators are
UTF-16 strings.
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65322
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
90964caa by Douglas Bagnall at 2024-03-22T05:03:35+00:00
fuzz:_conditional_ace_blob discards a const
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
cebe12bc by Douglas Bagnall at 2024-03-22T05:03:35+00:00
ldb-samba: matching rules: notify of search failure in transitive filter
It can be very hard to known where transitive checks fail, and this
will help.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15515
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
842e7378 by Douglas Bagnall at 2024-03-22T05:03:35+00:00
fuzz:fuzz_ndr_X: don't skip printing on push error
push should not have changed the struct, so it is valid to
try to print it also.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a3e186b6 by Volker Lendecke at 2024-03-22T05:03:35+00:00
lib: Remove timeval_until()
We have the same function in tevent, no need to duplicate code.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7edf5467 by Volker Lendecke at 2024-03-22T06:07:42+00:00
lib: Remove timeval_set()
We have the same function in tevent, no need to duplicate code. More lines just
due to clang-format.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Fri Mar 22 06:07:42 UTC 2024 on atb-devel-224
- - - - -
6fb98f70 by Douglas Bagnall at 2024-03-25T06:00:21+00:00
ndr: always attempt ACE coda pull if ACE type suggests a coda
We were skipping the pull in cases where the coda size was calculated
to be zero. This has the right result for empty conditional ACEs, but
not for Resource Attribute ACEs where the
CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1 coda was not intialised.
The situation is made a bit worse, because the function that
calculates the coda size (ndr_subcontext_size_of_ace_coda()) can
return zero in conditions that are not exactly errors, but in which
the would-be calculated value makes so little sense that zero is
thought to be a safer default.
Credit to OSS-Fuzz.
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=66577
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15613
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Mon Mar 25 06:00:21 UTC 2024 on atb-devel-224
- - - - -
cd6c0754 by Noel Power at 2024-03-27T01:14:31+00:00
Add simple http_client for use in black box tests (in following commits)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15611
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
74cdebea by Noel Power at 2024-03-27T01:14:31+00:00
selftest: Add basic content-lenght http tests
very simple test of basic http request/response plus some checks to
ensure http response doesn't exceed the response max length set by
the client call.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15611
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5f03d84e by Noel Power at 2024-03-27T01:14:31+00:00
libcli/http: Optimise reading for content-length
Instead of reading byte-by-byte we know the content length we
want to read so lets use it.
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15611
- - - - -
30acd609 by Noel Power at 2024-03-27T01:14:31+00:00
tests: add test for chunked encoding with http cli library
Adds http test client to excercise the http client library
and a blackbox test to run the client. This client is built
only with selftest
also adds a knownfail for the test
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15611
- - - - -
03240c91 by Noel Power at 2024-03-27T01:14:31+00:00
libcli/http: Handle http chunked transfer encoding
Also removes the knownfail for the chunked transfer test
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15611
- - - - -
9550d37f by David Mulder at 2024-03-27T02:15:31+00:00
winbind: Log NOT_IMPLEMENTED as debug
This message happens frequently when running a
PDC/NT4 mode w/out winbind.
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed Mar 27 02:15:31 UTC 2024 on atb-devel-224
- - - - -
58ea952f by Björn Jacke at 2024-03-27T09:40:34+00:00
Revert "dosmode: prefer capabilities over become_root"
This reverts commit 5e925f9755fad180863861157aa7548d83dd3fde.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15583
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
87479544 by Björn Jacke at 2024-03-27T09:40:34+00:00
Revert "posix_acls.c: prefer capabilities over become_root"
This reverts commit 1edf9ecaf56f3312e199e633bff0804243042e33.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15583
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
88eb58af by Björn Jacke at 2024-03-27T09:40:34+00:00
Revert "open.c: prefer capabilities over become_root"
This reverts commit b250f25fe407f9a6269b804382de4854501f2d86.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15583
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
7f19afbd by Björn Jacke at 2024-03-27T09:40:34+00:00
Revert "vfs_recycle.c: prefer capabilities over become_root"
This reverts commit 4227b011f6ada97a4cd72a440ed887ffdb3f219e.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15583
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
10c7a3e4 by Björn Jacke at 2024-03-27T09:40:34+00:00
Revert "vfs_posix_eadb.c: prefer capabilities over become_root"
This reverts commit 92278418dc885ed411f545e73c800ce93f858090.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15583
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
52ad635b by Björn Jacke at 2024-03-27T09:40:34+00:00
Revert "vfs_default.c: prefer capabilities over become_root"
This reverts commit 62464bd2db2a95b1253364f4493bbb6770b73193.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15583
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
af7b930e by Björn Jacke at 2024-03-27T09:40:34+00:00
Revert "vfs_acl_common.c: prefer capabilities over become_root"
This reverts commit 12734848dc9901b932644139aaa7e3f78e55c8dc.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15583
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
33e88911 by Björn Jacke at 2024-03-27T09:40:34+00:00
Revert "nfs4_acls.c: prefer capabilities over become_root"
This reverts commit 06e5c1e32ea7907523cc19f021225e7541e2075f.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15583
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
32aa11e9 by Björn Jacke at 2024-03-27T09:40:34+00:00
Revert "dosmode.c: prefer use of capabilities at two places over become_root"
This reverts commit c1e2fbb1b9a7551becf5caa0f08d434edf9ad862.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15583
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
0dec2ef1 by Björn Jacke at 2024-03-27T10:47:23+00:00
Revert "token_util.c: prefer capabilities over become_root"
This reverts commit 944cb51506a94084d7ab52ee044fe6f66e1aaeb9.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15583
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Wed Mar 27 10:47:23 UTC 2024 on atb-devel-224
- - - - -
f0a8d832 by Anoop C S at 2024-03-27T13:00:29+00:00
s4/torture: Fix misplaced positional arguments for u64 comparison
torture_assert_u64_equal_goto() can only print meaningful error message
for incorrect values if only if the function is invoked with test run
value and expected value respectively as second and thrid arguments.
Otherwise it displays the reversed message causing confusion in overall
test results.
Signed-off-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
Autobuild-User(master): Günther Deschner <gd at samba.org>
Autobuild-Date(master): Wed Mar 27 13:00:29 UTC 2024 on atb-devel-224
- - - - -
37327afd by Andrew Bartlett at 2024-03-28T01:50:40+00:00
pyldb: Fix documentation comment on Message.from_dict() method
This method does not take keyword arguments.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
287cf826 by Andrew Bartlett at 2024-03-28T01:50:41+00:00
plydb: Keep talloc_reference() to the DN in PyDict_AsMessage
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
f379ea8b by Andrew Bartlett at 2024-03-28T01:50:41+00:00
pyldb: Consolidate PyErr_SetLdbError() using the pyldb version
Now that pyldb-util is a private library to Samba, we have no excuses not to
consolidate helper functions like this.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
06912de3 by Andrew Bartlett at 2024-03-28T01:50:41+00:00
dsdb: Add API tests for new_gkdi_root_key()
These show that the new root key should be based on the server
configuration object, not just hardcoded defaults.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
565314f4 by Andrew Bartlett at 2024-03-28T01:50:41+00:00
pyldb: Improve search for error string in PyErr_SetLdbError
We allow a fallback to ldb_strerror() even if there was an LDB context,
allowing failing functions to reset a previous error string but not
set a new one.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
3687bf22 by Andrew Bartlett at 2024-03-28T01:50:41+00:00
s4-dsdb: Populate new GKDI root keys from the server configuration object
This honours MS-GKDI 3.1.4.1.1 Creating a New Root Key
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
d316e5f0 by Andrew Bartlett at 2024-03-28T01:50:41+00:00
s4-dsdb: Indent DH parameters table in gkdi_create_root_key()
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
fc982e55 by Andrew Bartlett at 2024-03-28T01:50:41+00:00
s4-dsdb: Create KdfParameters at runtime
While this is by definition less efficient, I prefer not to have the magic
buffer of pre-caclulated bytes, we don't create Root Keys very often.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
ed07dee8 by Rob van der Linde at 2024-03-28T01:50:41+00:00
python: domain: models: as_dict() should also exclude empty list fields
Empty list fields happen if many=True is used on the field. This means that the field is automatically initialised as an empty list, so this can only ever be sa list or None.
The side-effect of this was that it appears in as_dict() when it shouldn't, because the field isn't populated. This fixes it.
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
917e2a73 by Rob van der Linde at 2024-03-28T01:50:41+00:00
python: tests: computer model tests should clean up
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
cca0cfe4 by Rob van der Linde at 2024-03-28T01:50:41+00:00
python: tests: write a test for the Model.as_dict method
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0c5d09ae by Rob van der Linde at 2024-03-28T01:50:41+00:00
python: domain: models: add children method to return a models direct children
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
bfd1f8cd by Rob van der Linde at 2024-03-28T01:50:41+00:00
python: domain: models: MODELS lookup does need to include base Model for shell command
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3c0833ea by Rob van der Linde at 2024-03-28T01:50:41+00:00
python: domain: models: move MODELS to registry.py because it's not really a constant
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5ac4b696 by Rob van der Linde at 2024-03-28T01:50:41+00:00
python: domain: models: move OrganizationalPerson to org.py
There are other models like OrganizationalUnit which can go in org.py better if this is done first
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
828420b4 by Rob van der Linde at 2024-03-28T01:50:41+00:00
python: domain: models: add OrganizationalUnit container model
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
cf60e3ca by Rob van der Linde at 2024-03-28T01:50:41+00:00
netcmd: gmsa: improve descriptions of --dns-host-name and match docs
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
03a6740a by Rob van der Linde at 2024-03-28T01:50:41+00:00
netcmd: docs: add documentation for service-account base command
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a7edd5b5 by Rob van der Linde at 2024-03-28T01:50:41+00:00
netcmd: docs: add documentation for service-account group-msa-membership commands
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
26feb09f by Rob van der Linde at 2024-03-28T01:50:41+00:00
netcmd: docs: --user-allowed-to-authenticate-from-device-silo missing "device"
Make it consistent with --service-allowed-to-authenticate-from-device-silo by adding =SILO
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4e1d1283 by Rob van der Linde at 2024-03-28T01:50:41+00:00
netcmd: docs: --user-allowed-to-authenticate-from-device-group was missing
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7fbe5156 by Rob van der Linde at 2024-03-28T01:50:41+00:00
netcmd: docs: consistently put <constant> around GROUP and SILO
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2af65446 by Rob van der Linde at 2024-03-28T01:50:41+00:00
netcmd: docs: add section headings for auth policies and silos
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4d2c8ea9 by Rob van der Linde at 2024-03-28T01:50:41+00:00
netcmd: auth silo: turn silo.py into module
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a2e9529e by Rob van der Linde at 2024-03-28T01:50:41+00:00
netcmd: auth silo: move silo_member.py into silo module
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
13d53ee3 by Rob van der Linde at 2024-03-28T01:50:41+00:00
netcmd: auth silo: extract silo base commands into silo.py
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c0e748f0 by Rob van der Linde at 2024-03-28T01:50:41+00:00
netcmd: auth policy: turn policy.py into module
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
96f00738 by Rob van der Linde at 2024-03-28T01:50:41+00:00
netcmd: auth policy: extract policy base commands into policy.py
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
86d3706b by Rob van der Linde at 2024-03-28T01:50:41+00:00
netcmd: auth policy: add computer-allowed-to-authenticate-to subcommands
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
49c3bca8 by Rob van der Linde at 2024-03-28T01:50:41+00:00
netcmd: auth policy: remove old computer-allowed-to-authenticate-to-silo and group
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4ba087f8 by Rob van der Linde at 2024-03-28T01:50:41+00:00
netcmd: auth policy: add user-allowed-to-authenticate-to subcommands
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5db2a158 by Rob van der Linde at 2024-03-28T01:50:41+00:00
netcmd: auth policy: remove old user-allowed-to-authenticate-to-silo and group
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
316a84a5 by Rob van der Linde at 2024-03-28T01:50:41+00:00
netcmd: auth policy: add service-allowed-to-authenticate-to subcommands
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2cbacad8 by Rob van der Linde at 2024-03-28T01:50:41+00:00
netcmd: auth policy: remove old service-allowed-to-authenticate-to-silo and group
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e88be1ae by Rob van der Linde at 2024-03-28T01:50:41+00:00
netcmd: auth policy: add user-allowed-to-authenticate-from subcommands
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
97c2ff19 by Rob van der Linde at 2024-03-28T01:50:41+00:00
netcmd: auth policy: remove old user-allowed-to-authenticate-from-silo and group
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
dcb6a14f by Rob van der Linde at 2024-03-28T01:50:41+00:00
netcmd: auth policy: add service-allowed-to-authenticate-from subcommands
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6e02c971 by Rob van der Linde at 2024-03-28T01:50:41+00:00
netcmd: auth policy: remove old service-allowed-to-authenticate-from-silo and group
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
93f4be16 by Rob van der Linde at 2024-03-28T01:50:41+00:00
netcmd: docs: update documentation for new auth policy command structure
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3d1ec5dc by Andrew Bartlett at 2024-03-28T01:50:41+00:00
auth/credentials: Remove use of pytalloc_get_type() of NDR types in pycredentials
This function is based on a flawed premise that the
pointer is a talloc context, but the second element
in an array and any element in a structure is not a
talloc context.
The type has already been checked above.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
46263c5c by Andrew Bartlett at 2024-03-28T01:50:41+00:00
python/samba/krb5: Allow client address (caddr) to be missing or empty
Currently (as of 2024-02) windows 21H2 returns this as [].
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
7cc8f455 by Jo Sutton at 2024-03-28T01:50:41+00:00
tests/krb5: Fix PK-INIT test framework to allow expired password keys
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b2fe1ea1 by Andrew Bartlett at 2024-03-28T01:50:41+00:00
python/tests/krb5: Prepare for PKINIT tests with UF_SMARTCARD_REQUIRED
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
2fd5166a by Andrew Bartlett at 2024-03-28T01:50:41+00:00
python/tests/krb5: Allow getting a TGT in pkinit tests
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
f29693d1 by Andrew Bartlett at 2024-03-28T01:50:41+00:00
python/tests/krb5: Prepare to allow tests that use the PAC returned NT hash
We want to use the PAC returned NT hash in the UF_SMARTCARD_REQUIRED case
as it will usually be random bytes so we can not just assert on the
value any more.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
06c589aa by Andrew Bartlett at 2024-03-28T02:53:53+00:00
python/samba/tests/krb5: Extend PKINIT tests to cover UF_SMARTCARD_REQUIRED
This in particular tests the returned NTLM password buffers as well as
the password rotation on expired accounts described at
https://learn.microsoft.com/en-us/windows-server/security/credentials-protection-and-management/whats-new-in-credential-protection
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu Mar 28 02:53:53 UTC 2024 on atb-devel-224
- - - - -
57e54884 by Volker Lendecke at 2024-03-28T08:05:34+00:00
smbd: Simplify users of fsp_fullbasepath()
All three users had to strip a trailing "/.". Centralize this.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
a2a77842 by Volker Lendecke at 2024-03-28T08:05:35+00:00
smbd: Make read_symlink_reparse() return a reparse_data_buffer
Will make generalized handling of reparse point error returns easier
once we will also allow creating symlink reparse point files over smb.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
331a49ca by Volker Lendecke at 2024-03-28T08:05:35+00:00
smbd: Fix returning symlink stat info in the NO_OPATH case
Our callers don't look at symlink_err's struct stat anymore, they look
at the fname's one since we return them properly even for symlinks. So
don't bother filling in symlink_err->st, nobody reads it anyways.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
8ca64902 by Volker Lendecke at 2024-03-28T08:05:35+00:00
smbd: Remove "st" from struct open_symlink_err
Since c96010a2a9f nobody reads it anymore
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
adca0ffd by Volker Lendecke at 2024-03-28T08:05:35+00:00
smbd: Remove "unparsed" from struct open_symlink_err
We have the reserved field unparsed_path_length as part of struct
symlink_reparse_struct.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
18d9b1b1 by Volker Lendecke at 2024-03-28T08:05:35+00:00
smbd: Remove struct open_symlink_err
This was just a wrapper for a single pointer, remove it
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
00141ca4 by Volker Lendecke at 2024-03-28T08:05:35+00:00
smbd: Remove an outdated comment
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
b8e409e7 by Volker Lendecke at 2024-03-28T08:05:35+00:00
lib: Fix whitespace
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
b1b5d32c by Volker Lendecke at 2024-03-28T08:05:35+00:00
lib: Give tallocmsg.c its own header
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
ff747f69 by Volker Lendecke at 2024-03-28T08:05:35+00:00
lib: Fix dbwrap_tdb.h prerequisites
It uses enum dbwrap_lock_order, so include dbwrap.h
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
2d4aa599 by Volker Lendecke at 2024-03-28T08:05:35+00:00
lib: Fix whitespace
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
a3126ebf by Volker Lendecke at 2024-03-28T09:13:43+00:00
lib: Use struct initialization in imessaging_client_init()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Thu Mar 28 09:13:43 UTC 2024 on atb-devel-224
- - - - -
f3c185a6 by Anoop C S at 2024-04-01T14:19:39+00:00
source3/smbd: Update timestamps after a successful SMB_VFS_FNTIMES
When an open file handle is used to change timestamps we fail to return
updated values to clients until next open is issued. Unless we fill in
the timestamps subsequent calls like GETINFO cannot see the latest value
causing incorrect results. Therefore copy those timestamp values as soon
as it is set on the backend.
Signed-off-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
dd2289eb by Anoop C S at 2024-04-01T15:24:39+00:00
vfs_ceph: Implement SMB_VFS_FGET_DOS_ATTRIBUTES to preserve create_time
In order to avoid the dependency on dos attribute for create_time we now
preserve the btime before parsing dos attribute which may update btime
from its value with an old one unless we explicitly reset dos attribute
with new create_time in SMB_VFS_FNTIMES implementation. Therefore have
an implementation for SMB_VFS_FGET_DOS_ATTRIBUTES to save and restore
updated create_time.
Signed-off-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Anoop C S <anoopcs at samba.org>
Autobuild-Date(master): Mon Apr 1 15:24:39 UTC 2024 on atb-devel-224
- - - - -
a485d9de by Pavel Filipenský at 2024-04-02T12:25:31+00:00
docs-xml: Add parameter all_groupmem to idmap_ad
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15605
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
5d475d26 by Pavel Filipenský at 2024-04-02T12:25:31+00:00
s3:winbindd: Improve performance of lookup_groupmem() in idmap_ad
The LDAP query of lookup_groupmem() returns all group members from AD
even those with missing uidNumber. Such group members are useless in
UNIX environment for idmap_ad backend since there is no uid mapping.
'test_user' is member of group "Domanin Users" with 200K members,
only 20K members have set uidNumber.
Without this fix:
$ time id test_user
real 1m5.946s
user 0m0.019s
sys 0m0.012s
With this fix:
$ time id test_user
real 0m3.544s
user 0m0.004s
sys 0m0.007s
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15605
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
2dab3a33 by Pavel Filipenský at 2024-04-02T12:25:31+00:00
selftest: Add "winbind expand groups = 1" to setup_ad_member_idmap_ad
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15605
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
f8b72aa1 by Pavel Filipenský at 2024-04-02T13:25:39+00:00
tests: Add a test for "all_groups=no" to test_idmap_ad.sh
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15605
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Pavel Filipensky <pfilipensky at samba.org>
Autobuild-Date(master): Tue Apr 2 13:25:39 UTC 2024 on atb-devel-224
- - - - -
7f96c210 by Stefan Metzmacher at 2024-04-05T12:24:41+00:00
s3:include: let nameserv.h be useable on its own
A lot of stuff is private to nmbd and can
be moved from nameserv.h.
This allows move required types from smb.h to
nameserv.h, so that this can be standalone.
Including it from smb.h is not a huge problem
as nmbd internals are gone from nameserv.h.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15620
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
105247c9 by Stefan Metzmacher at 2024-04-05T12:24:41+00:00
s3:include: split out fstring.h
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15620
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
011f68ae by Stefan Metzmacher at 2024-04-05T12:24:41+00:00
s3:wscript: LIBNMB requires lp_ functions
We need to make this explicit in order to let LIBNMB be used
in source4 code.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15620
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f90cf082 by Stefan Metzmacher at 2024-04-05T12:24:41+00:00
s3:libsmb/unexpected: don't use talloc_tos() in async code
It's not needed and it requires the caller to setup a
stackframe...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15620
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
696505a1 by Stefan Metzmacher at 2024-04-05T12:24:41+00:00
s3:libsmb/unexpected: pass nmbd_socket_dir from the callers of nb_packet_{server_create,reader_send}()
This will allow source4/nbt_server to make use of
nb_packet_server_create().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15620
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2b66663c by Stefan Metzmacher at 2024-04-05T12:24:41+00:00
s3:libsmb/dsgetdcname: use NETLOGON_NT_VERSION_AVOID_NT4EMUL
In 2024 we always want an active directory response...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15620
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
cca373b8 by Stefan Metzmacher at 2024-04-05T12:24:41+00:00
libcli/nbt: add nbt_name_send_raw()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15620
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
11861bcf by Stefan Metzmacher at 2024-04-05T12:24:41+00:00
s4:libcli/dgram: let the generic incoming handler also get unexpected mailslot messages
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15620
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
77f4f1c7 by Stefan Metzmacher at 2024-04-05T12:24:41+00:00
s4:libcli/dgram: make use of socket_address_copy()
This avoids talloc_reference...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15620
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
bfb10774 by Stefan Metzmacher at 2024-04-05T12:24:42+00:00
s4:libcli/dgram: add nbt_dgram_send_raw() to send raw blobs
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15620
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
796f33c0 by Stefan Metzmacher at 2024-04-05T12:24:42+00:00
s4:nbt_server: simulate nmbd and provide unexpected handling
This is needed in order to let nbt_getdc() work against
another AD DC and get back a modern response with
DNS based names. Instead of falling back to
the ugly name_status_find() that simulates just
an NETLOGON_SAM_LOGON_RESPONSE_NT40 response.
This way dsgetdcname() can work with just the netbios
domain name given and still return an active directory
response.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15620
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ca859e55 by Stefan Metzmacher at 2024-04-05T12:24:42+00:00
s3:libads: avoid changing ADS->server.workgroup
ads_find_dc() uses c_domain = ads->server.workgroup and
don't expect it to get out of scope deep in resolve_and_ping_dns().
The result are corrupted domain values in the debug output.
Valgrind shows this:
Invalid read of size 1
at 0x483EF46: strlen (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
by 0x608BE94: __vfprintf_internal (vfprintf-internal.c:1688)
by 0x609ED49: __vasprintf_internal (vasprintf.c:57)
by 0x5D2EC0F: __dbgtext_va (debug.c:1860)
by 0x5D2ED3F: dbgtext (debug.c:1881)
by 0x4BFFB50: ads_find_dc (ldap.c:570)
by 0x4C001F4: ads_connect (ldap.c:704)
by 0x4C1DC12: ads_dc_name (namequery_dc.c:84)
Address 0xb69f6f0 is 0 bytes inside a block of size 11 free'd
at 0x483CA3F: free (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
by 0x4BFF0AF: ads_try_connect (ldap.c:299)
by 0x4BFF40E: cldap_ping_list (ldap.c:367)
by 0x4BFF75F: resolve_and_ping_dns (ldap.c:468)
by 0x4BFFA91: ads_find_dc (ldap.c:556)
by 0x4C001F4: ads_connect (ldap.c:704)
by 0x4C1DC12: ads_dc_name (namequery_dc.c:84)
Block was alloc'd at
at 0x483B7F3: malloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
by 0x60B250E: strdup (strdup.c:42)
by 0x4FF1492: smb_xstrdup (util.c:743)
by 0x4C10E62: ads_init (ads_struct.c:148)
by 0x4C1DB68: ads_dc_name (namequery_dc.c:73)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14981
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
72a4d3ad by Stefan Metzmacher at 2024-04-05T12:24:42+00:00
s3:passdb: use DBG_ERR() for 'talloc_strdup failed' messages
Otherwise it's completely unclear where the messages come from
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
814ae222 by Stefan Metzmacher at 2024-04-05T13:28:42+00:00
s3:winbindd: use better debug messages than 'talloc_strdup failed'
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Fri Apr 5 13:28:42 UTC 2024 on atb-devel-224
- - - - -
2ecb69d9 by Andreas Schneider at 2024-04-08T03:00:39+00:00
python:tests: Improve keytab comparison of dckeytab
This will give better output on failure as it compares strings instead
of bytes.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8e931fce by Alexander Bokovoy at 2024-04-08T03:00:39+00:00
Do not fail checksums for RFC8009 types
While Active Directory does not support yet RFC 8009 encryption and
checksum types, it is possible to verify these checksums when running
with both MIT Kerberos and Heimdal Kerberos. This matters for FreeIPA
domain controller which uses them by default.
[2023/06/16 21:51:04.923873, 10, pid=51149, effective(0, 0), real(0, 0)]
../../lib/krb5_wrap/krb5_samba.c:1496(smb_krb5_kt_open_relative)
smb_krb5_open_keytab: resolving: FILE:/etc/samba/samba.keytab
[2023/06/16 21:51:04.924196, 2, pid=51149, effective(0, 0), real(0, 0),
class=auth] ../../auth/kerberos/kerberos_pac.c:66(check_pac_checksum)
check_pac_checksum: Checksum Type 20 is not supported
[2023/06/16 21:51:04.924228, 5, pid=51149, effective(0, 0), real(0, 0),
class=auth] ../../auth/kerberos/kerberos_pac.c:353(kerberos_decode_pac)
PAC Decode: Failed to verify the service signature: Invalid argument
Signed-off-by: Alexander Bokovoy <ab at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
efdbf051 by Noel Power at 2024-04-08T03:00:39+00:00
selftest: fix potential reference before assigned error
This would only happen if the test failed (but the message would be
incorrect as 'e' the exception to be stringified doesn't exist.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15611
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
93709d31 by Noel Power at 2024-04-08T03:00:39+00:00
selftest: Add new test for testing non-chunk transfer encoding
And add a known fail because there is a bug :-(
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15611
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a18c53a9 by Noel Power at 2024-04-08T03:00:39+00:00
libcli/http: Detect unsupported Transfer-encoding type
Also removes knownfail for test that now passes
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15611
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e388bf4b by Rob van der Linde at 2024-04-08T03:00:39+00:00
python: tests: fix closing quote in docstring example
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8f7ff1c7 by Rob van der Linde at 2024-04-08T03:00:39+00:00
python: tests: type check should always use "is" or "is not"
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3dd49b9f by Rob van der Linde at 2024-04-08T03:00:39+00:00
python: lint: remove unused imports in claims and gmsa commands
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
bcae4c2d by Rob van der Linde at 2024-04-08T03:00:39+00:00
python: lint: fix pylint R1720 unnecessary "raise" after "else"
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
be2ade2d by Rob van der Linde at 2024-04-08T04:07:22+00:00
netcmd: fix broken shell command missing Model
This is already in MODELS which is populated in ModelMeta
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Mon Apr 8 04:07:22 UTC 2024 on atb-devel-224
- - - - -
01940ae7 by Andreas Schneider at 2024-04-09T22:52:37+00:00
buildtools: Fix PYTHONPATH and print it
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
85d0ab38 by Andreas Schneider at 2024-04-09T22:52:37+00:00
python:samba: Rename trust_utils.py to lsa_utils.py
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
00ed209e by Andreas Schneider at 2024-04-09T22:52:37+00:00
python: Implement OpenPolicyFallback()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e32be2ad by Andreas Schneider at 2024-04-09T22:52:37+00:00
python:tests: Rename createtrustrelax.py to lsa_utils.py
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9e5fc815 by Andreas Schneider at 2024-04-09T22:52:37+00:00
python:tests: Clean lsa_utils.py code according to Python standards
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
decacb0e by Andreas Schneider at 2024-04-09T22:52:37+00:00
python: Set parameter types for CreateTrustedDomainRelax()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
23e61d2c by Andreas Schneider at 2024-04-09T22:52:37+00:00
python: Use secrets.token_bytes instead of random
random should not be used to create secure random numbers for tokens.
The secrets module is exactly for this.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
812d4e0d by Andreas Schneider at 2024-04-09T22:52:37+00:00
python: Add aead_aes_256_cbc_hmac_sha512()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
859e7f8c by Andreas Schneider at 2024-04-09T22:52:37+00:00
python: Implement CreateTrustedDomainFallback()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2d60d1b9 by Andreas Schneider at 2024-04-09T22:52:38+00:00
python: Use OpenPolicyFallback() in trust.py
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
84d51503 by Andreas Schneider at 2024-04-09T22:52:38+00:00
librpc:rpc: Add dcerpc_lsa.h
This adds AES constants by MS.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
dbe9e9a8 by Andreas Schneider at 2024-04-09T22:52:38+00:00
s4:torture: Use init_lsa_String() from init_lsa.h
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
05e9cb36 by Andreas Schneider at 2024-04-09T22:52:38+00:00
s3:rpc_client: Implement rpc_lsa_encrypt_trustdom_info()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8e35e5f5 by Andreas Schneider at 2024-04-09T22:52:38+00:00
s4:torture: Use rpc_lsa_encrypt_trustdom_info()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
354f61d8 by Andreas Schneider at 2024-04-09T22:52:38+00:00
s4:torture: Use dcerpc_lsa_OpenPolicy3_r()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8b1c0bd7 by Andreas Schneider at 2024-04-09T22:52:38+00:00
s4:rpc_server: Fix trailing white spaces in dcesrv_lsa.c
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
18af510b by Andreas Schneider at 2024-04-09T22:52:38+00:00
s4:rpc_server: Use talloc_zero in dcesrv_lsa_CreateTrustedDomain()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
dad8c78e by Andreas Schneider at 2024-04-09T22:52:38+00:00
s4:rpc_server: Implement dcesrv_lsa_CreateTrustedDomain_precheck()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6d90397f by Andreas Schneider at 2024-04-09T22:52:38+00:00
s4:rpc_server: Implement dcesrv_lsa_CreateTrustedDomain_common()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1790828b by Andreas Schneider at 2024-04-09T22:52:38+00:00
s4:rpc_server: Use dcesrv_lsa_CreateTrustedDomain_common() for lsa_CreateTrustedDomainEx2
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b957cb34 by Andreas Schneider at 2024-04-09T22:52:38+00:00
s4:rpc_server: Use dcesrv_lsa_CreateTrustedDomain_common() for lsa_CreateTrustedDomainEx
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0177cd89 by Andreas Schneider at 2024-04-09T22:52:38+00:00
s4:rpc_server: Use dcesrv_lsa_CreateTrustedDomain_common() in lsa_CreateTrustedDomain
This also removes dcesrv_lsa_CreateTrustedDomain_base() as it is unused with
this commit. We need to do it here or the compiler will complain about an unused
function.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
87595140 by Andreas Schneider at 2024-04-09T22:52:38+00:00
s4:rpc_server: Implement get_trustdom_auth_blob_aes() for LSA
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
933ba496 by Andreas Schneider at 2024-04-09T22:52:38+00:00
s4:rpc_server: Implement dcesrv_lsa_CreateTrustedDomainEx3()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f390981c by Andreas Schneider at 2024-04-09T22:52:38+00:00
s4:rpc_server: Enable AES in dcesrv_lsa_OpenPolicy3()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
97499a47 by Andreas Schneider at 2024-04-09T22:52:38+00:00
s4:torture: Add test for lsa_CreateTrustedDomainEx3
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d078ee6a by Andreas Schneider at 2024-04-09T22:52:38+00:00
s3:rpc_client: Implement rpc_lsa_encrypt_trustdom_info_aes()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
bb4d8de9 by Andreas Schneider at 2024-04-09T22:52:38+00:00
s3:rpc_client: Implement createtrustdomex2 command
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
56e1051a by Andreas Schneider at 2024-04-09T22:52:38+00:00
s3:rpc_client: Implement createtrustdomex3 command
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8f52b649 by Andreas Schneider at 2024-04-09T22:52:38+00:00
s3:rpc_server: Log error in _lsa_CreateTrustedDomainEx2()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3385c2fe by Andreas Schneider at 2024-04-09T22:52:38+00:00
s3:rpc_server: Implement and use lsa_CreateTrustedDomain_precheck()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8df1728e by Andreas Schneider at 2024-04-09T22:52:38+00:00
s3:rpc_server: Implement lsa_CreateTrustedDomain_common()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
50f424e8 by Andreas Schneider at 2024-04-09T22:52:38+00:00
s3:rpc_server: Implement _lsa_CreateTrustedDomainEx3()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
005ce15a by Andrew Bartlett at 2024-04-09T22:52:38+00:00
python/samba/tests: Fix gMSA blackbox test to expect failure to get password after membership change
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
c5f98c0d by Volker Lendecke at 2024-04-09T22:52:38+00:00
smbXsrv_session: Use struct initialization
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
292c2645 by Volker Lendecke at 2024-04-09T22:52:38+00:00
smbXsrv_session: Remove two implicit NULL initializations
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
89981987 by Volker Lendecke at 2024-04-09T22:52:38+00:00
smbXsrv_session: Use talloc_tos() for pushing smbXsrv_session_globalB
Use the toplevel talloc pool, align with 0c709cb6b70.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
798826d4 by Volker Lendecke at 2024-04-09T22:52:38+00:00
smbXsrv_session: Remove a "can't happen" NULL check
This should really not happen, crashing would be the right
response. Align with fdca0558efa.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f573a513 by Volker Lendecke at 2024-04-09T22:52:38+00:00
smbd: Remove an obsolete comment
This looks like a cut&paste from other smbXsrv files.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
51c950c1 by Volker Lendecke at 2024-04-09T22:52:38+00:00
smbd: Save 3 lines
Just cosmetic
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
811c184b by Volker Lendecke at 2024-04-09T22:52:38+00:00
smbd: Simplify an if-condition
current_sid == NULL is true if and only if we could not assign current_sid
because num_sids was too small. Make that more explicit.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
dbba6c22 by Andrew Bartlett at 2024-04-09T23:59:54+00:00
auth/credentials: Read managed_password.passwords.query_interval only after parsing
The code previously read the uninitialised stack not the parsed
structure, and so could segfault if the stack was not zero.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Tue Apr 9 23:59:54 UTC 2024 on atb-devel-224
- - - - -
3ffc6c13 by Douglas Bagnall at 2024-04-10T05:13:32+00:00
pytest:krb5/lockout: associate user DN with the ldb it is used with
LDB is soon going to object strongly to Python DNs that don't come from
the ldb that they are being used with, for memory safety reasons.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ffbe6239 by Andrew Bartlett at 2024-04-10T05:13:32+00:00
selftest: Add tests that demonstrate the issues with ldb use after free
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
784ee216 by Andrew Bartlett at 2024-04-10T05:13:32+00:00
pyldb: Include a reference to the Ldb in objects that use
This will help avoid use-after-free of the internally cached ldb within
struct ldb_dn by ensuring that it lives as long.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
fdc32122 by Andrew Bartlett at 2024-04-10T05:13:32+00:00
pyldb: Add ldb.disconnect() method to ensure DB handles are closed
This is vital in our backup code, which needs to actually close the
LMDB at the correct point.
The Python ldb object itself is left in more or less the same state as
one that has not connected to a server or database (it is a very
simple wrapper in itself), and can be reconnected using the .connect()
method.
Pair-programmed-with: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
8612b3e3 by Douglas Bagnall at 2024-04-10T05:13:32+00:00
ldb:pytests: test ldb.connect() works after .disconnect()
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0bf80c10 by Andrew Bartlett at 2024-04-10T05:13:32+00:00
samba-tool domain backup: Use new ldb.disconnect() method to force-close files during backup
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
8bb6287c by Douglas Bagnall at 2024-04-10T05:13:32+00:00
pytest:segfault: some more ldb crashes
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f98035a2 by Douglas Bagnall at 2024-04-10T05:13:32+00:00
ldb:pyldb: PyErr_LDB_DN_OR_RAISE makes more rigourous checks
This changes what happens all over the place
(lib/ldb/pyldb.c, source4/dns_server/pydns.c, source4/dsdb/pydsdb.c),
but causes no problems because it just checks what we always assumed.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
087d43ac by Douglas Bagnall at 2024-04-10T05:13:32+00:00
pyldb: adapt some simple dn methods to use LDB_DN_OR_RAISE()
We treat self as PyObject, and only trust its DN once it has been
laundered by PyErr_LDB_DN_OR_RAISE().
There are more of these to come in the next few commits, but these are
the simplest ones (on a textual level -- the others are simple too, but
look different).
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
85ba5d2c by Douglas Bagnall at 2024-04-10T05:13:32+00:00
pyldb: py_ldb_dn_get_extended_component uses PyErr_LDB_DN_OR_RAISE()
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0ce3f355 by Douglas Bagnall at 2024-04-10T05:13:32+00:00
pyldb: py_ldb_dn_get_casefold() uses PyErr_LDB_DN_OR_RAISE()
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
# Conflicts:
# selftest/knownfail.d/ldb-use-after-free-segfault
- - - - -
5154c8c9 by Douglas Bagnall at 2024-04-10T05:13:32+00:00
pyldb: py_ldb_dn_extended_str() uses PyErr_LDB_DN_OR_RAISE()
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
982a87ce by Douglas Bagnall at 2024-04-10T05:13:32+00:00
pyldb: py_ldb_dn_get_extended_component() uses PyErr_LDB_DN_OR_RAISE
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8830149e by Douglas Bagnall at 2024-04-10T05:13:32+00:00
pyldb: py_ldb_dn_richcmp() uses PyErr_LDB_DN_OR_RAISE
The `if (!pyldb_Dn_Check(pydn2))` might seem redundant, but we
need it to return Py_NotImplemented before the _OR_RAISE macro
raises TypeError.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1eeb0e36 by Douglas Bagnall at 2024-04-10T05:13:32+00:00
pyldb: py_ldb_dn_get_parent() uses PyErr_LDB_DN_OR_RAISE
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
310624ea by Douglas Bagnall at 2024-04-10T05:13:32+00:00
pyldb: py_ldb_dn_add_child() uses PyErr_LDB_DN_OR_RAISE
for self->dn only. The other dn is a different story, next commit.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
67a9e573 by Douglas Bagnall at 2024-04-10T05:13:32+00:00
pyldb: make py_ldb_dn_add_child() a bit less leaky
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b83ea997 by Douglas Bagnall at 2024-04-10T05:13:32+00:00
pyldb: py_ldb_dn_add_base() uses PyErr_LDB_DN_OR_RAISE
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f8b92e52 by Douglas Bagnall at 2024-04-10T05:13:32+00:00
pyldb: make py_ldb_dn_add_base() a bit less leaky
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1bbca1e3 by Douglas Bagnall at 2024-04-10T05:13:32+00:00
pyldb: py_ldb_dn_len checks dn and ldb validity
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
13545ed1 by Douglas Bagnall at 2024-04-10T05:13:32+00:00
pyldb: py_ldb_dn_concat() uses PyErr_LDB_DN_OR_RAISE
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b81b2578 by Douglas Bagnall at 2024-04-10T05:13:32+00:00
pyldb: catch up with README.Coding for some `PyArg_ParseTuple`s
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f0e665f4 by Douglas Bagnall at 2024-04-10T05:13:32+00:00
pyldb: add PyErr_LDB_MESSAGE_OR_RAISE() macro
The Python level message has a reference to an LDB, which should be NULL,
or the same as the dn's LDB, lest one of them is freed early.
The message LDB will be NULL until a DN is set, and if the DN is replaced,
the LDB is also be replaced (see py_ldb_msg_set_dn), so it is *unlikely*
for these to get out of sync. In addition, fetching msg.dn via python
compares the LDBs at that point (py_ldb_msg_get_dn).
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
bc45a258 by Douglas Bagnall at 2024-04-10T05:13:32+00:00
pyldb: use PyErr_LDB_MESSAGE_OR_RAISE() in various functions
In these simple cases, we are:
1. replacing the first argument `PyObject *` with `PyLdbMessageObject *`.
2. adding a `struct ldb_message *msg = NULL;` variable.
3. `PyErr_LDB_MESSAGE_OR_RAISE(self, msg);`.
4. changing the `self->msg` to `msg`.
5. adding { } to the `if (!PyArg_ParseTuple() return NULL;`.
6. replacing `self->pyldb` with `pyldb_Message_get_pyldb(self)`
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d05ae687 by Douglas Bagnall at 2024-04-10T05:13:32+00:00
pyldb: py_ldb_msg_richcmp() uses PyErr_LDB_MESSAGE_OR_RAISE()
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
acba42b1 by Douglas Bagnall at 2024-04-10T05:13:32+00:00
pyldb: py_ldb_msg_keys() uses PyErr_LDB_MESSAGE_OR_RAISE
We change the [unused, because it always cast] signature of
py_ldb_msg_iter() in the same commit, because that is just a wrapper
around _keys() and this maintains bisectability with the least fuss.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b5fcc55b by Douglas Bagnall at 2024-04-10T05:13:32+00:00
pyldb: py_ldb_msg_contains() checks ldb equality
We can't use PyErr_LDB_MESSAGE_OR_RAISE() here, because the return type
is int, not PyObject*.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6a2e6139 by Douglas Bagnall at 2024-04-10T05:13:32+00:00
pldb: py_ldb_msg_items uses PyErr_LDB_MESSAGE_OR_RAISE
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9cadc61c by Douglas Bagnall at 2024-04-10T05:13:32+00:00
pyldb: py_ldb_msg_items checks for more errors
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
61ba0cc1 by Douglas Bagnall at 2024-04-10T05:13:32+00:00
pyldb: py_ldb_msg_elements uses PyErr_LDB_MESSAGE_OR_RAISE
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c39021a4 by Douglas Bagnall at 2024-04-10T05:13:32+00:00
pyldb: py_ldb_msg_set_dn checks dn ldb equality
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
72ad126a by Douglas Bagnall at 2024-04-10T05:13:32+00:00
ldb:pyldb: reorder structs for possible type-punning
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d712c8d2 by Douglas Bagnall at 2024-04-10T05:13:32+00:00
pyldb: normalise name of pyldb_Message_Check
c.f. pyldb_MessageElement_Check, pyldb_Dn_Check.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a95e6aa5 by Douglas Bagnall at 2024-04-10T05:13:32+00:00
pyldb: add PyErr_internal_LDB_DN_OR_RAISE
This might be faster than the circuitous route.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8b6df2d0 by Douglas Bagnall at 2024-04-10T05:13:32+00:00
pyldb: add Dn.ldb accessor
This, and the next commit, might help in debugging when you see a
traceback that ends like this:
File "/data/samba/samba/bin/samba_upgradeprovision", line 664, in add_missing_object
delta.dn = dn
RuntimeError: DN is from the wrong LDB
in this case you could force a solution with something like:
delta.dn = ldb.dn(delta.ldb, str(dn))
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ed6d151c by Douglas Bagnall at 2024-04-10T05:13:32+00:00
pyldb: add Message.ldb accessor
See the last commit for comments about how this is useful for
debugging.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
fa9a3213 by Douglas Bagnall at 2024-04-10T05:13:32+00:00
s4:samba_upgradeprovision: align DN ownership
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
345eb854 by Douglas Bagnall at 2024-04-10T05:13:32+00:00
pyldb: add dn.copy() python method.
Sometimes you want to use a Dn object from one LDB with another LDB,
but this no longer works.
One way to do it is:
new_dn = ldb.Dn(samdb, str(old_dn))
but with this, you can just:
new_dn = old_dn.copy(samdb)
or, if you are putting it on a message which has a DN:
msg.dn = old_dn.copy(msg.ldb)
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d38a9e93 by Douglas Bagnall at 2024-04-10T05:13:32+00:00
python:upgrade/upgradeprovision: use dn.copy to align ldbs
We need to do this when the dn is on a message from another ldb.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8ac18495 by Douglas Bagnall at 2024-04-10T05:13:32+00:00
pyldb: don't allow py_ldb_dn_copy() with the wrong pyldb
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
bda4e123 by Andrew Bartlett at 2024-04-10T05:13:32+00:00
ldb: Add more segfault tests DN handling
- from_dict DN use-after-free
- check for the same directly creating the ldb.Message
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
60df2a09 by Douglas Bagnall at 2024-04-10T06:15:46+00:00
selftest: move some more expected failures to expectedfail.d
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed Apr 10 06:15:46 UTC 2024 on atb-devel-224
- - - - -
73e4f602 by Douglas Bagnall at 2024-04-10T22:56:33+00:00
ldb: avoid out of bounds read and write in ldb_qsort()
If a compare function is non-transitive (for example, if it evaluates
A > B and B > C, but A < C), this implementation of qsort could access
out-of-bounds memory. This was found in glibc's qsort by Qualys, and
their write-up for OSS-Security explains it very well:
https://www.openwall.com/lists/oss-security/2024/01/30/7
An example of a non-transitive compare is one in which does this
int cmp(const void *_a, const void *_b)
{
int a = *(int *)_a;
int b = *(int *)_b;
return a - b;
}
which does the right thing when the magnitude of the numbers is small,
but which will go wrong if a is INT_MIN and b is INT_MAX. Likewise, if
a and b are e.g. uint32_t, the value can wrap when cast to int.
We have functions that are non-transitive regardless of subtraction.
For example, here (which is not used with ldb_qsort):
int codepoint_cmpi(codepoint_t c1, codepoint_t c2)
if (c1 == c2 ||
toupper_m(c1) == toupper_m(c2)) {
return 0;
}
return c1 - c2;
}
The toupper_m() is only called on equality case. Consider {'a', 'A', 'B'}.
'a' == 'A'
'a' > 'B' (lowercase letters come after upper)
'A' < 'B'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15569
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8b6a5841 by Douglas Bagnall at 2024-04-10T22:56:33+00:00
lib/fuzzing/decode_ndr_X_crash: guess the pipe from filename
Usually we are dealing with a filename that tells you what the pipe is,
and there is no reason for this debug helper not to be convenient
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5ab93f48 by Douglas Bagnall at 2024-04-10T22:56:33+00:00
util:tsort.h: add a macro for safely comparing numbers
In many places we use `return a - b;` in a comparison function. This can
be problematic if the comparison is used in a sort, as `a - b` is not
guaranteed to do what we expect. For example:
* if a and b are 2s-complement ints, a is INT_MIN and b is INT_MAX, then
a - b = 1, which is wrong.
* if a and b are 64 bit pointers, a - b could wrap around many times in
a cmp function returning 32 bit ints. (We do this often).
The issue is not just that a sort could go haywire.
Due to a bug in glibc, this could result in out-of-bounds access:
https://www.openwall.com/lists/oss-security/2024/01/30/7
(We have replicated this bug in ldb_qsort).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
de1b94f7 by Douglas Bagnall at 2024-04-10T22:56:33+00:00
ldb: add NUMERIC_CMP macro to ldb.h
In other places we tend to include tsort.h, which also has TYPESAFE_QSORT.
ldb.h already has TYPESAFE_QSORT, so it might as well have NUMERIC_CMP.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5150b318 by Douglas Bagnall at 2024-04-10T22:56:33+00:00
ldb:ldb_dn: use safe NUMERIC_CMP in ldb_dn_compare_base()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
75e51bd9 by Douglas Bagnall at 2024-04-10T22:56:33+00:00
ldb:ldb_dn: use safe NUMERIC_CMP in ldb_dn_compare()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a6d76d6e by Douglas Bagnall at 2024-04-10T22:56:33+00:00
s4:ntvfs: use NUMERIC_CMP in stream_name_cmp
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
623adcf4 by Douglas Bagnall at 2024-04-10T22:56:33+00:00
s4:dsdb:mod:operational: use NUMERIC_CMP in pso_compare
prec_{1,2} are uint32_t, and if one is not set we are defaulting to
0xffffffff (a.k.a UINT32_MAX), so an overflow when cast to int seems
extremely likely.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ee4ebccc by Douglas Bagnall at 2024-04-10T22:56:33+00:00
s4: use numeric_cmp in dns_common_sort_zones()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
09c98ff1 by Douglas Bagnall at 2024-04-10T22:56:33+00:00
util:binsearch: user NUMERIC_CMP()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ac0a8cd9 by Douglas Bagnall at 2024-04-10T22:56:33+00:00
torture:charset: use < and > assertions for strcasecmp_m
strcasecmp_m is supposed to return a negative, zero, or positive
number, depending on whether the first argument is less than, equal to,
or greater than the second argument (respectively).
We have been asserting that it returns exactly the difference between
the codepoints in the first character that differs.
This fixes a knownfail on 32 bit.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
dda0bb6f by Douglas Bagnall at 2024-04-10T22:56:33+00:00
torture:charset: use < and > assertions for strncasecmp_m
strncasecmp_m is supposed to return a negative, zero, or positive
number, not necessarily the difference between the codepoints in
the first character that differs, which we have been asserting up to
now.
This fixes a knownfail on 32 bit.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a512759d by Douglas Bagnall at 2024-04-10T22:56:33+00:00
torture:charset: test more of strcasecmp_m
We now test cases:
1. where the first string compares less
2. one of the strings ends before the other
3. the strings differ on a character other than the first.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f788a399 by Douglas Bagnall at 2024-04-10T22:56:33+00:00
util:charset:util_str: use NUMERIC_CMP in strcasecmp_m_handle
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d4ce8231 by Douglas Bagnall at 2024-04-10T22:56:33+00:00
util:test: test_ms_fn_match_protocol_no_wildcard: allow -1
We have changed strcasecmp_m() to return -1 in a place where it used
to return -3. This upset a test, but it shouldn't have: the exact
value of the negative int is not guaranteed by the function.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
675fdeee by Douglas Bagnall at 2024-04-10T22:56:33+00:00
util:charset:codepoints: condepoint_cmpi uses NUMERIC_CMP()
If these are truly unicode codepoints (< ~2m) there is no overflow,
but the type is defined as uint32_t.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f07ae699 by Douglas Bagnall at 2024-04-10T22:56:33+00:00
util:charset:codepoints: codepoint_cmpi warning about non-transitivity
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4a9d274d by Douglas Bagnall at 2024-04-10T22:56:33+00:00
s3:libsmb:namequery: note intransitivity in addr_compare()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3414a894 by Douglas Bagnall at 2024-04-10T22:56:33+00:00
s3:libsmb:namequery: use NUMERIC_CMP in addr_compare
This one was OK, as the numbers are tightly bound, but there is no
real reason not to do it safely.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6159b098 by Douglas Bagnall at 2024-04-10T22:56:33+00:00
lib/torture: add assert_int_{less,greater} macros
In some situations, like comparison functions for qsort, we don't care
about the actual value, just whethger it was greater or less than
zero.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
997b72d7 by Douglas Bagnall at 2024-04-10T22:56:33+00:00
util: charset:util_str: use NUMERIC_CMP in strncasecmp_m_handle
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f78b964c by Douglas Bagnall at 2024-04-10T22:56:33+00:00
ldb:attrib_handlers: ldb_comparison_Boolean uses NUMERIC_CMP()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
838c6847 by Douglas Bagnall at 2024-04-10T22:56:33+00:00
ldb:attrib_handlers: ldb_comparison_binary uses NUMERIC_CMP()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e1519c36 by Douglas Bagnall at 2024-04-10T22:56:33+00:00
util:datablob: avoid non-transitive comparison in data_blob_cmp()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5c36bc82 by Douglas Bagnall at 2024-04-10T22:56:33+00:00
ldb: avoid non-transitive comparison in ldb_val_cmp()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
21a071e4 by Douglas Bagnall at 2024-04-10T22:56:33+00:00
ldb: reduce non-transitive comparisons in ldb_msg_element_compare()
We can still have inconsistent comparisons, because two elements with
the same number of values will always return -1 if they are unequal,
which means they will sort differently depending on the order in which
they are compared.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
cb94202c by Douglas Bagnall at 2024-04-10T22:56:33+00:00
libcli/security: use NUMERIC_CMP in dom_sid_compare()
sid->num_auths is always small (int8 < 16), so this is cosmetic only.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4641a971 by Douglas Bagnall at 2024-04-10T22:56:33+00:00
libcli/security: use NUMERIC_CMP in dom_sid_compare_auth()
These numbers are all 8 bit, so overflow is unlikely.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
dd4a0c27 by Douglas Bagnall at 2024-04-10T22:56:33+00:00
s3:lib:util_tdb: use NUMERIC_CMP() in tdb_data_cmp()
Although these are size_t, in practice TDB data is limited to 32 bit.
Even so, overflow of a signed int is possible.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ed3ab87b by Douglas Bagnall at 2024-04-10T22:56:33+00:00
s4:rpc_server: compare_SamEntry() uses NUMERIC_CMP()
SamEntry.idx is uint32_t.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
42ead213 by Douglas Bagnall at 2024-04-10T22:56:33+00:00
s4:dns_server: use NUMERIC_CMP in rec_cmp()
dnsp_DnssrvRpcRecord.dwTimeStamp is uint32_t, making overflow possible.
dnsp_DnssrvRpcRecord.wType is an enum, which has the size of an int,
though it may be hard to set it to overflowing values.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
66d47537 by Douglas Bagnall at 2024-04-10T22:56:33+00:00
s4:wins: use NUMERIC_CMP in winsdb_addr_sort_list()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d8b97649 by Douglas Bagnall at 2024-04-10T22:56:33+00:00
s4:wins: winsdb_addr_sort_list() uses NUMERIC_CMP()
expire_time is time_t, which is at least int-sized, so overflow is
possible (if this code ever runs).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a197be20 by Douglas Bagnall at 2024-04-10T22:56:33+00:00
s4:wins: use NUMERIC_CMP in nbtd_wins_randomize1Clist_sort()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5e99262a by Douglas Bagnall at 2024-04-10T22:56:33+00:00
s3:util:net_registry: registry_value_cmp() uses NUMERIC_CMP()
v->type is an int-sized enum, so overflow might be possible if it could
be arbitrarily set.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
31101a9f by Douglas Bagnall at 2024-04-10T22:56:33+00:00
s3:smbcacls: use NUMERIC_CMP in ace_compare
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e35d54fd by Douglas Bagnall at 2024-04-10T22:56:33+00:00
s3:util:sharesec ace_compare() uses NUMERIC_CMP()
ace->access_mask is uint32_t, so can overflow a signed int.
This would be easy to trigger, as it is a flags field rather than an
allocation count.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
81598b42 by Douglas Bagnall at 2024-04-10T23:58:12+00:00
s3:libsmb_xattr: ace_compare() uses NUMERIC_CMP()
the access_mask is the easiest to overflow with subtraction -- other
fields are 8 or 16 bit.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed Apr 10 23:58:12 UTC 2024 on atb-devel-224
- - - - -
dde973d1 by Douglas Bagnall at 2024-04-12T15:18:05+00:00
s4:dns_server: less noisy, more informative debug messages
This shouldn't have been DBG_ERR, and it might as well say something
about the tombstone.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15630
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Fri Apr 12 15:18:05 UTC 2024 on atb-devel-224
- - - - -
eb59d7c9 by Pavel Filipenský at 2024-04-15T14:55:21+00:00
s3:libsmb: Fix panic in cliconnect.c
This command line panics:
$ bin/rpcclient ncacn_np: -c epmlookup
0 __pthread_kill_implementation (threadid=<optimized out>, signo=signo at entry=6, no_tid=no_tid at entry=0) at pthread_kill.c:44
1 0x00007ffff64ae8a3 in __pthread_kill_internal (signo=6, threadid=<optimized out>) at pthread_kill.c:78
2 0x00007ffff645c8ee in __GI_raise (sig=sig at entry=6) at ../sysdeps/posix/raise.c:26
3 0x00007ffff64448ff in __GI_abort () at abort.c:79
4 0x00007ffff7b01524 in tevent_req_is_nterror (req=0x555555728610, status=0x7fffffff9bb4) at ../../lib/util/tevent_ntstatus.c:66
5 0x00007ffff7b9fd91 in cli_connect_nb_recv (req=0x555555728610, pcli=0x5555556fcb18) at ../../source3/libsmb/cliconnect.c:2731
6 0x00007ffff7ba02a8 in cli_start_connection_connected (subreq=0x555555728610) at ../../source3/libsmb/cliconnect.c:2882
7 0x00007ffff7aecb1a in _tevent_req_notify_callback (req=0x555555728610, location=0x7ffff7bde0e0 "../../source3/libsmb/cliconnect.c:2686") at ../../lib/tevent/tevent_req.c:177
8 0x00007ffff7aeccab in tevent_req_finish (req=0x555555728610, state=TEVENT_REQ_USER_ERROR, location=0x7ffff7bde0e0 "../../source3/libsmb/cliconnect.c:2686") at ../../lib/tevent/tevent_req.c:234
9 0x00007ffff7aecdda in tevent_req_trigger (ev=0x5555557182e0, im=0x555555728720, private_data=0x555555728610) at ../../lib/tevent/tevent_req.c:291
10 0x00007ffff7aeb513 in tevent_common_invoke_immediate_handler (im=0x555555728720, removed=0x0) at ../../lib/tevent/tevent_immediate.c:190
11 0x00007ffff7aeb685 in tevent_common_loop_immediate (ev=0x5555557182e0) at ../../lib/tevent/tevent_immediate.c:236
12 0x00007ffff7af7502 in epoll_event_loop_once (ev=0x5555557182e0, location=0x7ffff7af8ac0 "../../lib/tevent/tevent_req.c:342") at ../../lib/tevent/tevent_epoll.c:905
13 0x00007ffff7af2d22 in std_event_loop_once (ev=0x5555557182e0, location=0x7ffff7af8ac0 "../../lib/tevent/tevent_req.c:342") at ../../lib/tevent/tevent_standard.c:110
14 0x00007ffff7ae93ab in _tevent_loop_once (ev=0x5555557182e0, location=0x7ffff7af8ac0 "../../lib/tevent/tevent_req.c:342") at ../../lib/tevent/tevent.c:820
15 0x00007ffff7aecf9e in tevent_req_poll (req=0x555555728290, ev=0x5555557182e0) at ../../lib/tevent/tevent_req.c:342
16 0x00007ffff7b01647 in tevent_req_poll_ntstatus (req=0x555555728290, ev=0x5555557182e0, status=0x7fffffff9f4c) at ../../lib/util/tevent_ntstatus.c:109
17 0x00007ffff7ba246a in cli_full_connection_creds (output_cli=0x7fffffffa220, my_name=0x555555701990 "CLUSTEREDMEMBER", dest_host=0x0, dest_ss=0x0, port=0, service=0x5555556981d1 "IPC$", service_type=0x5555556981d6 "IPC", creds=0x5555556fa410, flags=4096) at ../../source3/libsmb/cliconnect.c:3807
18 0x0000555555619ae9 in main (argc=4, argv=0x7fffffffa3e8) at ../../source3/rpcclient/rpcclient.c:1308
tevent_req_is_nterror() expects error set by tevent_req_nterror()
- to have TEVENT_NTERROR_MAGIC, otherwise it calls abort().
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Pavel Filipensky <pfilipensky at samba.org>
Autobuild-Date(master): Mon Apr 15 14:55:21 UTC 2024 on atb-devel-224
- - - - -
75a4fbbf by Pavel Filipenský at 2024-04-15T18:47:41+00:00
smbdotconf: Enable "winbind debug traceid" by default
The traceid debug header field is a useful feature, let's make it
default.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15631
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Pavel Filipensky <pfilipensky at samba.org>
Autobuild-Date(master): Mon Apr 15 18:47:41 UTC 2024 on atb-devel-224
- - - - -
cdb31d7e by Andreas Schneider at 2024-04-16T03:58:30+00:00
s3:auth: Remove trailing spaces
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
20c546f9 by Andreas Schneider at 2024-04-16T03:58:30+00:00
s3:auth: Re-format auth3_generate_session_info_pac()
This is in preparation to split up the function into several functions.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b58395e5 by Andreas Schneider at 2024-04-16T03:58:31+00:00
s3:auth: Split auth3_generate_session_info_pac() into functions
This gets rid of the multiple goto and just have a single destructor
goto.
Best view this commit with `git show -b <sha> --color-moved=zebra`
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
aa6795b3 by Andreas Schneider at 2024-04-16T03:58:31+00:00
s3:auth: Add support standalone server with MIT Keberos 1.21
This adds support for MIT Kerberos minimal PAC. Tickets from pure
Kerberos realms with MIT Kerberos 1.21 or newer will always include a
minimal PAC. The PAC include the checksum buffers and a logon_name PAC
buffer.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
bd60c605 by Andrew Bartlett at 2024-04-16T03:58:31+00:00
selftest: Remove duplicate setup of "spn/upn namespaces" in the customdc testenv
The call to $self->setup_namespaces() was allways in error, as the design
is to have the in the state that it was backed up in, but before commit
08be28241b808845c4b51a4c47765a9416ca3aa7 the error return was not
checked and so this was harmless.
The customdc environment is not tested in selftest currently, as
it is intended to be used for manual testing of domains from backup
files not as an automatically constructed environment.
This makes:
BACKUP_FILE=samba-backup-2024-04-11T14-10-20.437096.tar.bz2 SELFTEST_TESTENV=customdc make testenv
work again.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
c9370d3c by Andrew Bartlett at 2024-04-16T03:58:31+00:00
selftest: Move some KDS root key tests around to prepare for gMSA server side
Once we have a gMSA server side the impact of deleting root keys becomes real
and so we must do this in a quiet place where it can not impact on other things.
Likewise, we want the samba.tests.dsdb_quiet_provision_tests tests to run
somewhere that is not doing other things, so we can see what a bare provision
will do. We must not allow test ordering inside the file to cause tests that
create root keys to run before checking if provision created a usable root key.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
1a6dbcfb by Jo Sutton at 2024-04-16T03:58:31+00:00
s4:ldap_server: Remove trailing whitespace
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15634
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7df4bdd0 by Jo Sutton at 2024-04-16T03:58:31+00:00
s4:ldap_server: Fix code spelling
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15634
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ec657982 by Jo Sutton at 2024-04-16T03:58:31+00:00
s4:ldap_server: Rename privileged ops to indicate they are used for ldapi
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15634
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c2378d0c by Jo Sutton at 2024-04-16T03:58:31+00:00
s4:ldap_server: Add copy of non‐privileged ops specifically for ldapi connections
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15634
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c63cabf1 by Jo Sutton at 2024-04-16T03:58:31+00:00
s4:ldap_server: Store whether an LDAP connection is over ldapi
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15634
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ff8e98da by Jo Sutton at 2024-04-16T03:58:31+00:00
s4:ldap_server: Consider ldapi connections to be encrypted
Modifications to unicodePwd require an encrypted connection. This change
allows unicodePwd to be modified over an ldapi connection.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15634
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ea83bb84 by Jo Sutton at 2024-04-16T03:58:31+00:00
python:tests: Replace deprecated method assertRaisesRegexp()
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ae39a15b by Jo Sutton at 2024-04-16T03:58:31+00:00
python:tests: Fix set declaration
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5379956b by Jo Sutton at 2024-04-16T03:58:31+00:00
python:tests: Reformat code
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4b6f65a4 by Jo Sutton at 2024-04-16T03:58:31+00:00
python:tests: Fix typo
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5656fd2f by Jo Sutton at 2024-04-16T03:58:31+00:00
tests/krb5: Remove unused import
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
586c4ec7 by Jo Sutton at 2024-04-16T03:58:31+00:00
tests/krb5: Fix code spelling
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1f4e1c02 by Jo Sutton at 2024-04-16T03:58:31+00:00
tests/krb5: Remove unused variable
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6d20d436 by Jo Sutton at 2024-04-16T03:58:31+00:00
tests/krb5: Make use of ‘expect_edata’ parameter
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
13dcf7f7 by Jo Sutton at 2024-04-16T03:58:31+00:00
tests/gkdi: Allow current time to be overridden
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b64a02d5 by Jo Sutton at 2024-04-16T03:58:31+00:00
tests/gkdi: Remove implicit clock skew offset
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
13815813 by Jo Sutton at 2024-04-16T03:58:31+00:00
tests/gkdi: Change ‘current_gkid’ parameter to ‘current_time’
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0c0a25d0 by Jo Sutton at 2024-04-16T03:58:31+00:00
python:gkdi: Add notes on GKDI time periods
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5aaebb53 by Jo Sutton at 2024-04-16T03:58:31+00:00
python:gkdi: Add Gkdi.from_key_envelope() method
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c6ed19ad by Jo Sutton at 2024-04-16T03:58:31+00:00
python:gkdi: Reformat code with ‘ruff’
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
42710f04 by Jo Sutton at 2024-04-16T03:58:31+00:00
python:nt_time: Add NT_TIME_MAX constant
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
bb5ca9f4 by Jo Sutton at 2024-04-16T03:58:31+00:00
tests/krb5: Add tests for gMSAs
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7b7fdfbc by Jo Sutton at 2024-04-16T03:58:31+00:00
lib:crypto: Reformat source code
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
85d34934 by Jo Sutton at 2024-04-16T03:58:31+00:00
s4:dsdb: Factor out a function to remove all password related attributes
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
85fbdcd0 by Jo Sutton at 2024-04-16T03:58:31+00:00
s4:dsdb: Add functions for Group Managed Service Accounts implementation
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6f9281b0 by Jo Sutton at 2024-04-16T03:58:31+00:00
s4:dsdb: Set up passwords and password IDs of new gMSAs
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a52239af by Jo Sutton at 2024-04-16T03:58:31+00:00
selftest: Expand out knownfails for gMSA getpassword tests
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
be0029cf by Jo Sutton at 2024-04-16T03:58:31+00:00
python:tests: Catch failures to authenticate with gMSA managed passwords
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ddcf20b5 by Jo Sutton at 2024-04-16T03:58:31+00:00
s4:dsdb: Add extra attrs to search request even if replacement attribute is NULL
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
532789b4 by Jo Sutton at 2024-04-16T05:02:30+00:00
s4:dsdb: Implement msDS-ManagedPassword attribute
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Tue Apr 16 05:02:30 UTC 2024 on atb-devel-224
- - - - -
48493735 by Shaleen Bathla at 2024-04-16T10:22:51+00:00
s3: winbindd: winbindd_pam: fix leak in extract_pac_vrfy_sigs
Add missing free for entry variable and its members : key and principal
Found definite memory leaks via valgrind as shown below.
Leak 1 :
==1686== 76,800 bytes in 2,400 blocks are definitely lost in loss record 432 of 433
==1686== at 0x4C38185: malloc (vg_replace_malloc.c:431)
==1686== by 0x79CBFED: krb5int_c_copy_keyblock_contents (keyblocks.c:101)
==1686== by 0x621CFA3: krb5_mkt_get_next (kt_memory.c:500)
==1686== by 0x141186: extract_pac_vrfy_sigs (winbindd_pam.c:3384)
==1686== by 0x141186: winbindd_pam_auth_pac_verify (winbindd_pam.c:3434)
==1686== by 0x17ED21: winbindd_pam_auth_crap_send (winbindd_pam_auth_crap.c:68)
==1686== by 0x127F45: process_request_send (winbindd.c:502)
==1686== by 0x127F45: winbind_client_request_read (winbindd.c:749)
==1686== by 0x124AAF: wb_req_read_done (wb_reqtrans.c:126)
==1686== by 0x66D4706: tevent_common_invoke_fd_handler (tevent_fd.c:142)
==1686== by 0x66DAF4E: epoll_event_loop (tevent_epoll.c:737)
==1686== by 0x66DAF4E: epoll_event_loop_once (tevent_epoll.c:938)
==1686== by 0x66D8F5A: std_event_loop_once (tevent_standard.c:110)
==1686== by 0x66D39B4: _tevent_loop_once (tevent.c:823)
==1686== by 0x1232F3: main (winbindd.c:1718)
Leak 2 :
==1686== at 0x4C38185: malloc (vg_replace_malloc.c:431)
==1686== by 0x62255E4: krb5_copy_principal (copy_princ.c:38)
==1686== by 0x621D003: krb5_mkt_get_next (kt_memory.c:503)
==1686== by 0x141186: extract_pac_vrfy_sigs (winbindd_pam.c:3384)
==1686== by 0x141186: winbindd_pam_auth_pac_verify (winbindd_pam.c:3434)
==1686== by 0x17ED21: winbindd_pam_auth_crap_send (winbindd_pam_auth_crap.c:68)
==1686== by 0x127F45: process_request_send (winbindd.c:502)
==1686== by 0x127F45: winbind_client_request_read (winbindd.c:749)
==1686== by 0x124AAF: wb_req_read_done (wb_reqtrans.c:126)
==1686== by 0x66D4706: tevent_common_invoke_fd_handler (tevent_fd.c:142)
==1686== by 0x66DAF4E: epoll_event_loop (tevent_epoll.c:737)
==1686== by 0x66DAF4E: epoll_event_loop_once (tevent_epoll.c:938)
==1686== by 0x66D8F5A: std_event_loop_once (tevent_standard.c:110)
==1686== by 0x66D39B4: _tevent_loop_once (tevent.c:823)
==1686== by 0x1232F3: main (winbindd.c:1718)
Signed-off-by: Shaleen Bathla <shaleen.bathla at oracle.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Tue Apr 16 10:22:51 UTC 2024 on atb-devel-224
- - - - -
3d290e31 by Christof Schmitt at 2024-04-16T17:32:34+00:00
tdb: Return failure as exit status from test_tdbbackup.sh
When this test is called from wscript, only the exit code is checked.
Track failures and return as non-zero exit code.
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f6a47de2 by Christof Schmitt at 2024-04-16T17:32:34+00:00
tdb: Add test for tdbdump command
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5f5290c2 by Christof Schmitt at 2024-04-16T17:32:34+00:00
tdb: Add tdbdump option to output all data as hex values
This can be useful for debugging tdb databases, the hex output of the
key can be used for "net tdb" or ctdb commands.
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1a55ee11 by Christof Schmitt at 2024-04-16T17:32:34+00:00
tdb: Add test for tdbdump -x
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7532c798 by Christof Schmitt at 2024-04-16T18:37:17+00:00
docs: Document new tdbdump -x option
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Christof Schmitt <cs at samba.org>
Autobuild-Date(master): Tue Apr 16 18:37:17 UTC 2024 on atb-devel-224
- - - - -
02a99126 by Vinit Agnihotri at 2024-04-16T23:51:45+00:00
smbd-server: Set event callback for interface change notification
Signed-off-by: Vinit Agnihotri <vagnihotri at ddn.com>
Reviewed-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6f18422a by Vinit Agnihotri at 2024-04-16T23:51:45+00:00
lib-addrchange: Change API to fill up if_index value from netlink msg
Signed-off-by: Vinit Agnihotri <vagnihotri at ddn.com>
Reviewed-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
96110426 by Vinit Agnihotri at 2024-04-16T23:51:45+00:00
lib-interface: Add new API to validate interface info for given interface index
Signed-off-by: Vinit Agnihotri <vagnihotri at ddn.com>
Reviewed-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
bca01b50 by Vinit Agnihotri at 2024-04-16T23:51:45+00:00
smbd-server: Open socket for additional ip address
Signed-off-by: Vinit Agnihotri <vagnihotri at ddn.com>
Reviewed-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4ef1eb92 by Vinit Agnihotri at 2024-04-16T23:51:45+00:00
smbd-server: Handle ip drop event and close listening socket
Signed-off-by: Vinit Agnihotri <vagnihotri at ddn.com>
Reviewed-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
644b50b0 by Vinit Agnihotri at 2024-04-16T23:51:45+00:00
messaging: Add new SMBD message
Signed-off-by: Vinit Agnihotri <vagnihotri at ddn.com>
Reviewed-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
916fabe7 by Vinit Agnihotri at 2024-04-16T23:51:45+00:00
smbd-server: Use MSG_SMB_IP_DROPPED
Signed-off-by: Vinit Agnihotri <vagnihotri at ddn.com>
Reviewed-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9fcb62cf by Vinit Agnihotri at 2024-04-16T23:51:45+00:00
param: Add additional key 'options' for interfaces
The key 'options' specifies if server should spawn/kill listning sockets
in event of add/dropped ip addresses on specified interface.
Signed-off-by: Vinit Agnihotri <vagnihotri at ddn.com>
Reviewed-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
cfa846fa by Vinit Agnihotri at 2024-04-16T23:51:45+00:00
lib-interface: Add extra parameter 'options' to interface definition
Signed-off-by: Vinit Agnihotri<vagnihotri at ddn.com>
Reviewed-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3edeb2bd by Vinit Agnihotri at 2024-04-16T23:51:45+00:00
lib-interface: Add parsing for interface 'options'
Signed-off-by: Vinit Agnihotri <vagnihotri at ddn.com>
Reviewed-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c60fe03e by Vinit Agnihotri at 2024-04-16T23:51:45+00:00
lib-interface: Change API for interface 'options'
Signed-off-by: Vinit Agnihotri <vagnihotri at ddn.com>
Reviewed-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ff3b92ff by Vinit Agnihotri at 2024-04-16T23:51:45+00:00
smbd-server: Process ip add/drop events for options:dynamic only
Signed-off-by: Vinit Agnihotri <vagnihotri at ddn.com>
Reviewed-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
56eeb058 by Vinit Agnihotri at 2024-04-16T23:51:45+00:00
ctdb-scripts: Rename and relocate function get_all_interfaces()
get_all_interfaces() functions gets all names for all public interfaces.
However name is misleading. Thus renamed it to get_public_ifaces() and
moved it under functions.
Signed-off-by: Vinit Agnihotri <vagnihotri at ddn.com>
Reviewed-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f42c5802 by Vinit Agnihotri at 2024-04-16T23:51:45+00:00
ctdb-scripts: Add options to generate smb.conf interfaces include file
Signed-off-by: Vinit Agnihotri <vagnihotri at ddn.com>
Reviewed-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0baae61e by Volker Lendecke at 2024-04-16T23:51:45+00:00
lib: Give lib/util/util_file.c its own header file
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Martin Schwenke <mschwenke at ddn.com>
- - - - -
28335cdb by Volker Lendecke at 2024-04-16T23:51:45+00:00
lib: Add fdopen_keepfd()
Capture the dup/fdopen pattern
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Martin Schwenke <mschwenke at ddn.com>
- - - - -
b6f4acb9 by Volker Lendecke at 2024-04-16T23:51:45+00:00
rpc_server3: Use fdopen_keepfd()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Martin Schwenke <mschwenke at ddn.com>
- - - - -
4de14e27 by Volker Lendecke at 2024-04-16T23:51:45+00:00
lib: Use fdopen_keepfd()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Martin Schwenke <mschwenke at ddn.com>
- - - - -
ba8f8ef3 by Volker Lendecke at 2024-04-16T23:51:45+00:00
ctdb: Use stdio's getline() in ctdb_connection_list_read()
This is the only user of common/line.[ch], which can go next.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Martin Schwenke <mschwenke at ddn.com>
- - - - -
73e806c5 by Volker Lendecke at 2024-04-16T23:51:45+00:00
ctdb: Remove common/line.[ch]
This was an implementation of getline(3), use that instead.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Martin Schwenke <mschwenke at ddn.com>
- - - - -
7e621b1b by Volker Lendecke at 2024-04-17T00:54:55+00:00
ctdb: Modernize a few DEBUGs
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Martin Schwenke <mschwenke at ddn.com>
Autobuild-User(master): Martin Schwenke <martins at samba.org>
Autobuild-Date(master): Wed Apr 17 00:54:55 UTC 2024 on atb-devel-224
- - - - -
f1bb46ad by Volker Lendecke at 2024-04-17T07:57:36+00:00
smbd: Change protocol selection to not use "sconn->using_smb2"
To me this is pretty confusing, it seems to overload this struct
element.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Martin Schwenke <mschwenke at ddn.com>
- - - - -
59d7850f by Volker Lendecke at 2024-04-17T07:57:36+00:00
smbd: Add conn_using_smb2()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Martin Schwenke <mschwenke at ddn.com>
- - - - -
80cd127b by Volker Lendecke at 2024-04-17T07:57:36+00:00
smbd: Remove sconn->using_smb2
We have the same information available via conn_using_smb2()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Martin Schwenke <mschwenke at ddn.com>
- - - - -
cc7c12e5 by Volker Lendecke at 2024-04-17T09:01:34+00:00
lib: Remove an obsolete comment
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Martin Schwenke <mschwenke at ddn.com>
Autobuild-User(master): Martin Schwenke <martins at samba.org>
Autobuild-Date(master): Wed Apr 17 09:01:34 UTC 2024 on atb-devel-224
- - - - -
7a5e7b82 by Andreas Schneider at 2024-04-17T19:32:11+00:00
python: Fix NtVer check for site_dn_for_machine()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15633
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: David Mulder <dmulder at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Wed Apr 17 19:32:11 UTC 2024 on atb-devel-224
- - - - -
0159c48e by Martin Schwenke at 2024-04-18T09:08:34+00:00
ctdb-scripts: Do not de-duplicate the interfaces list
Using xargs with sort -u to de-duplicate this list was my idea and
causes a couple of things to go wrong. The use of xargs causes
double-quotes to be lost. The resulting $public_ifaces value also
contains newlines. The newlines could be removed with an additional
xargs at the end of the pipeline... but that would add an extra level
of quote stripping.
I have unsuccessfully tried to find an alternative, but still elegant,
command pipeline that de-duplicates the list, while maintaining
quoting.
So, just drop the de-duplication.
This might make interface_ifindex_exists_with_options() slightly less
efficient. However, that function walks the whole list, only
terminating early when a match is found on both interface and options,
so at least it will be correct.
Include an extra testcase.
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Martin Schwenke <martins at samba.org>
Autobuild-Date(master): Thu Apr 18 09:08:34 UTC 2024 on atb-devel-224
- - - - -
5eea17a7 by Jo Sutton at 2024-04-21T22:10:35+00:00
ldb: Check result of py_ldb_msg_keys()
Passing NULL into PyObject_GetIter() can cause a segmentation fault.
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
502070cd by Jo Sutton at 2024-04-21T22:10:35+00:00
tests/krb5: Skip loop iteration if attribute has no values
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
21d46f3e by Jo Sutton at 2024-04-21T22:10:36+00:00
tests/krb5: Extract method to unpack supplementalCredentials blob
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
47c519af by Jo Sutton at 2024-04-21T22:10:36+00:00
tests/krb5: Import MAX_CLOCK_SKEW more directly
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1b765edb by Jo Sutton at 2024-04-21T22:10:36+00:00
tests/krb5: Add tests that gMSA keys are updated in the database when appropriate
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
cdc63fa6 by Jo Sutton at 2024-04-21T22:10:36+00:00
s4:dsdb: Explicitly return success error code
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a3970298 by Jo Sutton at 2024-04-21T22:10:36+00:00
s4:dsdb: No longer pass DSDB_SEARCH_ONE_ONLY flag to dsdb_search_dn()
As dsdb_search_dn() ignores this flag, passing it in doesn’t achieve
anything.
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
dcc5724e by Jo Sutton at 2024-04-21T22:10:36+00:00
s4:dsdb: Add a note that administrators should not set the clock too far in the future
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6613aeca by Jo Sutton at 2024-04-21T22:10:36+00:00
s4:dsdb: Only reuse the current password ID as the previous password ID when appropriate
This should already be the case given the current logic, but let’s make
it explicit.
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8bcefaaa by Jo Sutton at 2024-04-21T22:10:36+00:00
s4:dsdb: Store account DN as part of gMSA update structure
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
99071bbc by Jo Sutton at 2024-04-21T22:10:36+00:00
s4:dsdb: Store found managed password ID as part of gMSA update structure
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2f2d3b7c by Jo Sutton at 2024-04-21T22:10:36+00:00
s4:dsdb: Indicate to the LDAP server physical passwords that need to be refreshed
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
245dc1f0 by Jo Sutton at 2024-04-21T22:10:36+00:00
s4:dsdb: Move the responsibility for determining whether an account is a gMSA out of gmsa_recalculate_managed_pwd()
and into its callers.
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
977f5753 by Jo Sutton at 2024-04-21T22:10:36+00:00
s4:dsdb: Add dsdb_update_gmsa_keys()
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e25c6a21 by Andrew Bartlett at 2024-04-21T22:10:36+00:00
s4-gmsa: Do not attempt password set on remote LDAP connections
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
56dd910b by Jo Sutton at 2024-04-21T22:10:36+00:00
python: Reformat code
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b6b8f953 by Jo Sutton at 2024-04-21T22:10:36+00:00
auth:credentials: Fix code spelling
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
faba7571 by Jo Sutton at 2024-04-21T22:10:36+00:00
auth:credentials: Remove unnecessary declaration
This declaration is a hold‐over from the Python 2 module initialization
pattern.
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
460b1935 by Jo Sutton at 2024-04-21T22:10:36+00:00
s4:kdc: Fix grammar
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8dca32eb by Jo Sutton at 2024-04-21T22:10:36+00:00
pyglue: Remove unnecessary declaration
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a916928a by Jo Sutton at 2024-04-21T22:10:36+00:00
s4:kdc: Remove unnecessary cast
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ed371ff0 by Jo Sutton at 2024-04-21T22:10:36+00:00
tests/krb5: Fix malapropism
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c6fec515 by Jo Sutton at 2024-04-21T22:10:36+00:00
tests/krb5: Note that lockout tests use password checks
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9149d1d3 by Jo Sutton at 2024-04-21T22:10:36+00:00
s4:kdc: Correctly extract older NT hash
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
118f3ba7 by Jo Sutton at 2024-04-21T22:10:36+00:00
s4:dsdb: Implement DSDB_SEARCH_UPDATE_MANAGED_PASSWORDS search flag
View with ‘git show -b’.
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b2d777a1 by Jo Sutton at 2024-04-21T22:10:36+00:00
s4:dsdb: Make use of DSDB_SEARCH_UPDATE_MANAGED_PASSWORDS search flag
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
02d7ab13 by Jo Sutton at 2024-04-21T22:10:36+00:00
lib:crypto: Add more unit tests for GKDI functions
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
24f109c5 by Jo Sutton at 2024-04-21T22:10:36+00:00
s4:dsdb:tests: Make use of ‘ldb’ parameter
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7ba61811 by Jo Sutton at 2024-04-21T22:10:36+00:00
s4:ldap_server: Update gMSA keys when DSDB_CONTROL_GMSA_UPDATE_OID control is specified
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
20ce68f1 by Jo Sutton at 2024-04-21T23:17:53+00:00
tests/krb5: Test retrieving a denied gMSA password over an unsealed connection
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Jo Sutton <jsutton at samba.org>
Autobuild-Date(master): Sun Apr 21 23:17:53 UTC 2024 on atb-devel-224
- - - - -
d785c199 by Douglas Bagnall at 2024-04-23T01:33:29+00:00
ldb:mod:sort: rearrange NULL checks
There are further changes coming here.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d4e69734 by Douglas Bagnall at 2024-04-23T01:33:29+00:00
ldb:sort: check that elements have values
We assume no values is unlikely, since we have been dereferencing
->values[0] forever, with no known reports of trouble.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
531f31df by Douglas Bagnall at 2024-04-23T01:33:29+00:00
ldb:sort: generalise both-NULL check to equality check
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5fe488d5 by Douglas Bagnall at 2024-04-23T01:33:29+00:00
ldb:dn: make ldb_dn_compare() self-consistent
We were returning -1 in all these cases:
ldb_dn_compare(dn, NULL);
ldb_dn_compare(NULL, dn);
ldb_dn_compare(NULL, NULL);
which would give strange results in sort, where this is often used.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9b73235d by Douglas Bagnall at 2024-04-23T01:33:29+00:00
s3:brlock: use NUMERIC_CMP in #ifdef-zeroed lock_compare
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8b2605a5 by Douglas Bagnall at 2024-04-23T01:33:29+00:00
s3:mod:posixacl_xattr: use NUMERIC_CMP in posixacl_xattr_entry_compare
The first subtraction was between uint16_t, so is safe with 32 bit
int, but the second compared uint32_t, so was not safe.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
386216d4 by Douglas Bagnall at 2024-04-23T01:33:29+00:00
s3:mod:vfs_vxfs: use NUMERIC_CMP in vxfs_ace_cmp
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8317a617 by Douglas Bagnall at 2024-04-23T01:33:29+00:00
dsdb:schema: use NUMERIC_CMP in place of uint32_cmp
uint32_cmp (introduced in 0c362597c0f933b3612bb17328c0a13b73d72e43
"fixed the sorting of schema attributes") was doing what NUMERIC_CMP
does, but it was adding an extra function call. This results in less
code.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
75682e39 by Douglas Bagnall at 2024-04-23T01:33:29+00:00
s3:rpc:wkssvc_nt: dom_user_cmp uses NUMERIC_CMP
usr->login_time is time_t, which is often bigger than int.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
acaa1323 by Douglas Bagnall at 2024-04-23T01:33:29+00:00
gensec: sort_gensec uses NUMERIC_CMP
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7ba6fcb9 by Douglas Bagnall at 2024-04-23T01:33:29+00:00
lib/socket: rearrange iface_comp() to use NUMERIC_CMP
We rearrange rather than just replacing the subtraction, because that
would call ntohl() more than necessary, and I think the flow is a bit
clearer this way.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
31c32287 by Douglas Bagnall at 2024-04-23T01:33:29+00:00
s3:libsmb:nmblib: use NUMERIC_CMP in status_compare
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7be53531 by Douglas Bagnall at 2024-04-23T01:33:29+00:00
s4:rpcsrv:dnsserver: make dns_name_compare transitive with NULLs
Returning 0 on `(name1 == NULL || name2 == NULL)` made NULL equal to
everything, which confuses a sort (consider {A, B, NULL} where A > B,
but A == NULL == B).
The only caller is dnsserver_enumerate_records() which fails if it
finds a NULL in the sorted list. We make the happen more quickly by
sorting NULLs to the front.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6229feab by Douglas Bagnall at 2024-04-23T01:33:29+00:00
s4:rpcsrv:samr: improve a comment in compare_msgRid
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a9eaf8a3 by Douglas Bagnall at 2024-04-23T01:33:29+00:00
ldb: comment for ldb_dn_compare_base
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4af67038 by Douglas Bagnall at 2024-04-23T01:33:29+00:00
s4:dsdb: fix spelling in comment
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6722e80d by Douglas Bagnall at 2024-04-23T01:33:29+00:00
ldb-samba: ldif-handlers: make ldif_comparison_objectSid() accurate
This function compares blobs that might be SID strings or might be SID
structures. Until now, if they were both (seemingly) strings, they were
compared as strings, otherwise if either was a string it was converted to
a structure blob, then the blobs were compared. This had two big problems:
1. There is variety in the way a SID can be stringified. For example,
"s-1-02-3" means the same SID as "S-1-2-3", but those wouldn't compare
equal.
2. SID comparison was crazily non-transitive. Consider the three values
a = "S-1-2-3-4-5",
b = "S-1-9-1",
c = SID("S-1-11-1"), where c is a struct and the others are string.
then we had,
a < b, because the 5th character '2' < '9'.
a > c, because when converted to a structure, the number of sub-auths
is the first varying byte. a has 3, c has 0.
b < c, because after the sub-auth count comes the id_auth value
(big-endian, which doesn't matter in this case).
That made the function unreliable for sorting, AND for simple equality
tests. Also it leaked.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
42f2d96f by Douglas Bagnall at 2024-04-23T01:33:29+00:00
ldb-samba:ldif_handlers: ldif_read_objectSid(): free a thing on failure
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2d3b917d by Douglas Bagnall at 2024-04-23T01:33:29+00:00
ldb-samba:ldif_handlers: extended_dn_read_Sid(): free on failure
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
db963b16 by Douglas Bagnall at 2024-04-23T01:33:29+00:00
ldb-samba:ldif_handlers: dn_link_comparison semi-sorts deleted objects
We were always returning -1 for a deleted object, which works for an
equality test, but not a relative comparison.
This sorts deleted DNs toward the end of the list -- except when both
DNs are deleted. What should happen there is yet to be determined.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
11d5a809 by Douglas Bagnall at 2024-04-23T01:33:29+00:00
ldb-samba:ldif_handlers: dn_link_comparison semi-sorts invalid DNs
these tend to go to the end of the sorted array.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
70356592 by Douglas Bagnall at 2024-04-23T01:33:29+00:00
ldb-samba:ldif_handlers: dn_link_comparison correctly sorts deleted objects
This changes the behaviour of the DN syntax .comparison_fn when being
used in a search, if the search key is a deleted DN.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
341b8fb6 by Douglas Bagnall at 2024-04-23T01:33:29+00:00
ldb-samba:ldif_handlers: dn_link_comparison leaks less
dn1 and dn2 can be invalid but still occupying memory.
(ldb_dn_validate(dn2) does contain a NULL check, but a lot more besides).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7280c8e5 by Douglas Bagnall at 2024-04-23T01:33:29+00:00
ldb-samba:ldif_handlers: dn_link_comparison: sort invalid DNs
If both DNs are invalid, we can say they are equal.
This means invalid or NULL DNs will sort to the end of the array,
before deleted DNs:
[ valid DNs, sorted | invalid/NULL DNs | deleted DNs, sorted ]
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a75c98ad by Douglas Bagnall at 2024-04-23T01:33:29+00:00
ldb:attrib_handlers: make ldb_comparison_Boolean more consistent
This isn't supposed to be used for sorting, but it is hard to say it
won't be, so we might as well make it sort properly.
Following long-standing behaviour, we try to sort "FALSE" > "TRUE", by
length, then switch to using strncasecmp().
strncasecmp would sort the other way, so we swap the operands. This is
to make e.g. "TRUE\0" sort the same as "TRUE".
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
078ecf48 by Douglas Bagnall at 2024-04-23T01:33:29+00:00
ldb:pytests: test for Turkic i-dots in ldb_comparison_fold
In tr_TR and some other locales where the letter 'i' uppercases to
'İ', which is not ideal for LDB as we need certain strings like 'guid'
to casefold in the ASCII way.
In fixing https://bugzilla.samba.org/show_bug.cgi?id=15248) we solved
this problem in many cases, but for unindexed searches where the 'i'
is not the last character in the string. This test shows that.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15637
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
dca6b2d2 by Douglas Bagnall at 2024-04-23T01:33:29+00:00
ldb:attrib_handlers: use ldb_ascii_toupper() in first loop
In a dotless-I locale, we might meet an 'i' before we meet a byte with
the high bit set, in which case we still want the ldb casefold
comparison.
Many ldb operations will do some case-folding before getting here, so
hitting this might be quite rare even in those locales.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15637
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c49c48af by Douglas Bagnall at 2024-04-23T02:37:25+00:00
ldb:utf8: ldb_ascii_toupper() avoids real toupper()
If a non-lowercase ASCII character has an uppercase counterpart in
some locale, toupper() will convert it to an int codepoint. Probably
that codepoint is too big to fit in our char return type, so we would
truncate it to 8 bit. So it becomes an arbitrary mapping.
It would also behave strangely with a byte with the top bit set, say
0xE2. If char is unsigned on this system, that is 'â', which
uppercases to 'Â', with the codepoint 0xC2. That seems fine in
isolation, but remember this is ldb_utf8.c, and that byte was not a
codepoint but a piece of a long utf-8 encoding. In the more likely
case where char is signed, toupper() is being passed a negative
number, the result of which is undefined.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Tue Apr 23 02:37:25 UTC 2024 on atb-devel-224
- - - - -
e6f92edb by Stefan Metzmacher at 2024-04-23T14:17:32+00:00
s3:notify: don't log user_can_stat_name_under_fsp with level 0 for OBJECT_NAME_NOT_FOUND
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
e58f83d3 by Stefan Metzmacher at 2024-04-23T14:17:32+00:00
s3:libads: don't dump securityIdentifier and msDS-TrustForestTrustInfo as strings
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
126357e2 by Stefan Metzmacher at 2024-04-23T14:17:32+00:00
lib/krb5_wrap: let smb_krb5_cc_get_lifetime() behave more like the heimdal krb5_cc_get_lifetime
If the ccache doesn't have a intial TGT the shortest lifetime of
service tickets should be returned.
This is needed in order to work with special ccaches used for
things like S2U4Self/S4U2Proxy tickets or other things
where the caller only wants to pass a single service ticket.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
d221f930 by Stefan Metzmacher at 2024-04-23T14:17:32+00:00
auth/credentials: a temporary MEMORY ccache needs krb5_cc_destroy()
A simple krb5_cc_close() doesn't remove it from the global memory list.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
5af5bf26 by Stefan Metzmacher at 2024-04-23T14:17:32+00:00
auth/credentials: don't call talloc_free(ccache_name) on callers memory
The internally allocated ccache_name has ccc as parent,
so we don't need to cleanup explicitly.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
e2170431 by Stefan Metzmacher at 2024-04-23T14:17:32+00:00
s3:auth_generic: fix talloc_unlink() in auth_generic_set_creds()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
994e12e8 by Stefan Metzmacher at 2024-04-23T14:17:32+00:00
lib/cmdline: move cli_credentials_set_cmdline_callbacks to the end of POPT_CALLBACK_REASON_POST
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15018
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
0ba9e5da by Stefan Metzmacher at 2024-04-23T14:17:32+00:00
lib/cmdline: only call cli_credentials_get_password_and_obtained if needed
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15018
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
aff2932c by Stefan Metzmacher at 2024-04-23T14:17:32+00:00
python/samba/getopt: don't prompt for a password for --use-krb5-ccache=...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15018
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
2674df4c by Stefan Metzmacher at 2024-04-23T15:21:38+00:00
s3:libsmb: let cli_tree_connect_creds() only call cli_credentials_get_password() if needed
Only legacy protocols need a password for share level authentication,
so avoid triggering the password prompt for the common case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15018
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Tue Apr 23 15:21:38 UTC 2024 on atb-devel-224
- - - - -
0cc0970d by Stefan Metzmacher at 2024-04-23T16:23:38+00:00
dcesrv_reply: we don't need to call dcerpc_set_frag_length() in dcesrv_fault_with_flags()
dcerpc_ncacn_push_auth() already calls dcerpc_set_frag_length().
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6548ccb3 by Stefan Metzmacher at 2024-04-23T16:23:38+00:00
s3:rpc_client: pass struct rpc_pipe_client to check_bind_response()
This prepares adding bind time feature negotiation in the next commits.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
713a8022 by Stefan Metzmacher at 2024-04-23T16:23:38+00:00
s3:rpc_client: require DCERPC_BIND_ACK_RESULT_ACCEPTANCE for the negotiated presentation context
We should fail if we didn't get DCERPC_BIND_ACK_RESULT_ACCEPTANCE.
It's also not needed to require a single array element.
We already checked above that we have at least one.
The next patch will all bind time feature negotiation
and that means we'll have 2 array elements...
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
daf6d371 by Stefan Metzmacher at 2024-04-23T17:29:55+00:00
s3:rpc_client: implement bind time feature negotiation
This is not strictly needed as we don't use any of the
optional features yet.
But it will make it easier to add bind time features we'll
actually use later.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Tue Apr 23 17:29:55 UTC 2024 on atb-devel-224
- - - - -
e35b3af2 by Volker Lendecke at 2024-04-23T17:53:36+00:00
smbd: Simplify call_trans2qpathinfo()
These days filename_convert_dirfsp() always returns a full fsp.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
88921ac1 by Volker Lendecke at 2024-04-23T17:53:36+00:00
smbd: Simplify smb_q_posix_symlink()
Use the dirfsp from call_trans2qpathinfo(), avoid a call to parent_pathref()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
190ae079 by Volker Lendecke at 2024-04-23T17:53:36+00:00
smbd: Simplify smb_set_file_unix_link()
Avoid a call to parent_pathref, use the dirfsp that already exists
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
316579b5 by Volker Lendecke at 2024-04-23T17:53:36+00:00
smbd: Slightly simplify notifyd_send_delete()
Call messaging_send_iov() instead of messaging_send_iov_from().
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1cba9de1 by Volker Lendecke at 2024-04-23T19:02:10+00:00
Fix a few "might be uninitialized" errors
I've seen them with clang
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Apr 23 19:02:10 UTC 2024 on atb-devel-224
- - - - -
96e4a92f by Stefan Metzmacher at 2024-04-23T23:50:33+00:00
tests/segfault.py: make sure samdb.connect(url) has a valid lp_ctx
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8007569e by Stefan Metzmacher at 2024-04-23T23:50:33+00:00
s4:libcli/ldap: ldap4_new_connection() requires a valid lp_ctx
Otherwise we'll crash in a lot of places later.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2435ab1a by Stefan Metzmacher at 2024-04-23T23:50:33+00:00
ldb_ildap: require ldb_get_opaque(ldb, "loadparm") to be valid
Without a valid loadparm_context we can't connect.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8deba427 by Stefan Metzmacher at 2024-04-23T23:50:33+00:00
s4:libcli/ldap: fix no memory error code in ldap_bind_sasl()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15621
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
68f6a461 by Stefan Metzmacher at 2024-04-23T23:50:33+00:00
s4:libcli/ldap: force GSS-SPNEGO in ldap_bind_sasl()
There's no point in asking the server for supportedSASLMechanisms,
every server (we care about) supports GSS-SPNEGO.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15621
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5844ef27 by Stefan Metzmacher at 2024-04-23T23:50:33+00:00
s4:lib/tls: remove tstream_tls_push_trigger_write step
At the time of https://bugzilla.samba.org/show_bug.cgi?id=7218,
we tested this versions:
2.4.1 -> broken
2.4.2 -> broken
2.6.0 -> broken
2.8.0 -> broken
2.8.1 -> broken
2.8.2 -> OK
2.8.3 -> OK
2.8.4 -> OK
2.8.5 -> OK
2.8.6 -> OK
2.10.0 -> broken
2.10.1 -> broken
2.10.2 -> OK
These seemed to be the fixes in gnutls upstream.
Change 2.8.1 -> 2.8.2:
http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=28fb34099edaf62e5472cc6e5e2749fed369ea01
Change 2.10.1 -> 2.10.2:
http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=0d07d8432d57805a8354ebd6c1e7829f3ab159cb
This shouldn't be a problem with recent (>= 3.6) versions of gnutls.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15621
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6688945f by Stefan Metzmacher at 2024-04-23T23:50:33+00:00
s3:lib/tls: we need to call tstream_tls_retry_handshake/disconnect() until all buffers are flushed
Before the handshare or disconnect is over we need to wait until
we delivered the lowlevel messages to the transport/kernel socket.
Otherwise we'll have a problem if another tevent_context is used
after the handshake.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15621
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ac4bca77 by Stefan Metzmacher at 2024-04-23T23:50:33+00:00
s4:lib/tls: assert that event contexts are not mixed
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15621
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
60b11645 by Stefan Metzmacher at 2024-04-23T23:50:33+00:00
s4:lib/tls: split out tstream_tls_prepare_gnutls()
Review with: git show --patience
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15621
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ecdd7691 by Stefan Metzmacher at 2024-04-23T23:50:33+00:00
s4:lib/tls: we no longer need ifdef GNUTLS_NO_TICKETS
We require gnutls 3.6.13
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
15fb8fcc by Stefan Metzmacher at 2024-04-23T23:50:33+00:00
s4:lib/tls: include a TLS server name indication in the client handshake
This is not strictly needed, but it might be useful
for load balancers.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15621
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3186cdce by Stefan Metzmacher at 2024-04-23T23:50:33+00:00
s4:lib/tls: split out tstream_tls_verify_peer() helper
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15621
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
604413b9 by Stefan Metzmacher at 2024-04-23T23:50:33+00:00
s4:lib/tls: add tstream_tls_params_client_lpcfg()
This will be able simplify the callers a lot...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15621
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b8b874ef by Stefan Metzmacher at 2024-04-23T23:50:33+00:00
s3:rpc_server/mdssvc: make use of tstream_tls_params_client_lpcfg()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15621
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
493d35a6 by Stefan Metzmacher at 2024-04-23T23:50:33+00:00
s4:librpc/rpc: make use of tstream_tls_params_client_lpcfg()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15621
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c200cf1b by Stefan Metzmacher at 2024-04-23T23:50:33+00:00
s4:libcli/ldap: make use of tstream_tls_params_client_lpcfg()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15621
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2f2af3aa by Stefan Metzmacher at 2024-04-23T23:50:33+00:00
lib/crypto: add legacy_gnutls_server_end_point_cb() if needed
gnutls_session_channel_binding(GNUTLS_CB_TLS_SERVER_END_POINT)
is only available with gnutls 3.7.2, but we still want to
support older gnutls versions and that's easily doable...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15621
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
cbd7ce44 by Stefan Metzmacher at 2024-04-23T23:50:33+00:00
s4:lib/tls: add tstream_tls_channel_bindings()
This is based on GNUTLS_CB_TLS_SERVER_END_POINT
and is the value that is required for channel bindings
in LDAP of active directory domain controllers.
For gnutls versions before 3.7.2 we basically
copied the code from the GNUTLS_CB_TLS_SERVER_END_POINT
implementation as it only uses public gnutls functions
and it was easy to re-implement.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15621
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9b92cbac by Stefan Metzmacher at 2024-04-23T23:50:33+00:00
third_party/heimdal: import lorikeet-heimdal-202404171655 (commit 28a56d818074e049f0361ef74d7017f2a9391847)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15603
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15621
See also:
https://github.com/heimdal/heimdal/pull/1234
https://github.com/heimdal/heimdal/pull/1238
https://github.com/heimdal/heimdal/pull/1240
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
546e39a6 by Stefan Metzmacher at 2024-04-23T23:50:34+00:00
wscript_configure_embedded_heimdal: define HAVE_CLIENT_GSS_C_CHANNEL_BOUND_FLAG
See https://github.com/heimdal/heimdal/pull/1234 and
https://github.com/krb5/krb5/pull/1329.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15621
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e912ba57 by Stefan Metzmacher at 2024-04-23T23:50:34+00:00
auth/gensec: add gensec_set_channel_bindings() function
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15621
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f1d34a43 by Stefan Metzmacher at 2024-04-23T23:50:34+00:00
auth/ntlmssp: implement channel binding support
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15621
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1831006b by Stefan Metzmacher at 2024-04-23T23:50:34+00:00
s4:gensec_gssapi: implement channel binding support
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15621
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
811d04fe by Stefan Metzmacher at 2024-04-23T23:50:34+00:00
s3:crypto/gse: implement channel binding support
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15621
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6c17e3d2 by Stefan Metzmacher at 2024-04-23T23:50:34+00:00
s4:ldap_server: add support for tls channel bindings
ldap server require strong auth = allow_sasl_over_tls
is now an alias for 'allow_sasl_without_tls_channel_bindings'
and should be avoided and changed to 'yes' or
'allow_sasl_without_tls_channel_bindings'.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15621
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7acb15a5 by Stefan Metzmacher at 2024-04-23T23:50:34+00:00
s4:libcli/ldap: add tls channel binding support for ldap_bind_sasl()
We still allow 'ldap_testing:tls_channel_bindings = no' and
'ldap_testing:channel_bound = no' for testing
the old behavior in order to have expected failures in our tests.
And we have 'ldap_testing:forced_channel_binding = somestring'
in order to force invalid bindings.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15621
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6794cc47 by Stefan Metzmacher at 2024-04-23T23:50:34+00:00
selftest: split out selftest/expectedfail.d/samba4.ldb.simple.ldap-tls
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15621
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
065da873 by Stefan Metzmacher at 2024-04-23T23:50:34+00:00
s4:selftest: also test samba4.ldb.simple.ldap*SASL-BIND with ldap_testing:{channel_bound,tls_channel_bindings,forced_channel_binding}
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15621
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e1c4caed by Stefan Metzmacher at 2024-04-23T23:50:34+00:00
WHATSNEW: document ldap_server ldaps/tls channel binding support
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15621
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c7c5d3fb by Stefan Metzmacher at 2024-04-23T23:50:34+00:00
s3:libsmb: libcli/auth/spnego.h is not needed in cliconnect.c
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2e975ae9 by Stefan Metzmacher at 2024-04-23T23:50:34+00:00
s3:libads: remove unused include of gensec_internal.h
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ded41b09 by Stefan Metzmacher at 2024-04-23T23:50:34+00:00
s3:libads: remove unused ADS_AUTH_SIMPLE_BIND code
We have other code to test simple binds.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8062d317 by Stefan Metzmacher at 2024-04-23T23:50:34+00:00
s4:ldap_server: remove unused include of gensec_internal.h
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0b84c97c by Stefan Metzmacher at 2024-04-23T23:50:34+00:00
docs-xml: add 'tls trust system cas' and 'tls ca directories' options
This will make it easier to support trusting more than one CA.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ca936312 by Stefan Metzmacher at 2024-04-23T23:50:34+00:00
s4:lib/tls: add support for gnutls_certificate_set_x509_{system_trust,trust_dir}()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
30440e0e by Stefan Metzmacher at 2024-04-23T23:50:34+00:00
s3:tldap: simplify read_ldap_more() by using asn1_peek_full_tag()
An LDAP pdu is at least 7 bytes long, so we read at least 7 bytes,
then it's easy to use asn1_peek_full_tag() in order to find out the
whole length of the pdu on one go.
As a side effect it's now possible that wireshark can reassemble
the fragments in a socket_wrapper generated pcap file.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8c5b5226 by Stefan Metzmacher at 2024-04-23T23:50:34+00:00
s3:tldap: simplify tldap_gensec_bind.h
We don't need any includes...
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4b22fa01 by Stefan Metzmacher at 2024-04-23T23:50:34+00:00
s3:tldap: don't use 'supportedSASLMechanisms' and force 'GSS-SPNEGO' instead
All active directory dcs support 'GSS-SPNEGO'.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3bf3d4d8 by Stefan Metzmacher at 2024-04-23T23:50:34+00:00
s3:tldap: let tldap_gensec_bind_send/recv use gensec_update_send/recv
We should not use the sync gensec_update() in async code!
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
557de8f3 by Stefan Metzmacher at 2024-04-23T23:50:34+00:00
s3:tldap: store plain and gensec tstream
Also allow resetting to plain.
We now have ld->active as the currently active
tstream, which will allow us to add tls support
soon.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
eb29f28a by Stefan Metzmacher at 2024-04-23T23:50:34+00:00
s3:tldap: add tldap_extended*
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3798dc7a by Stefan Metzmacher at 2024-04-23T23:50:34+00:00
s3:tldap: make tldap_gensec_bind_send/recv public
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
29b77a34 by Stefan Metzmacher at 2024-04-23T23:50:34+00:00
s3:tldap: add support for [START]TLS
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
09b69a12 by Stefan Metzmacher at 2024-04-23T23:50:34+00:00
s3:libads: use GSS-SPNEGO directly without asking for supportedSASLMechanisms
Every AD DC supports 'GSS-SPNEGO' and that's the only one we use anyway,
so remove an unused roundtrip.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
aeed081f by Stefan Metzmacher at 2024-04-23T23:50:34+00:00
s3:libads: directly use kerberos without asking the server
Every AD DC supports kerberos so we can just use it without
asking the server (in an untrusted way) if kerberos is supported.
So remove another useless roundtrip.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
47758695 by Stefan Metzmacher at 2024-04-23T23:50:34+00:00
s3:libads: remove dead code in ads_sasl_spnego_{gensec}_bind()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e6593c29 by Stefan Metzmacher at 2024-04-23T23:50:34+00:00
s3:libads: no longer pass "GSS-SPNEGO" to ads_sasl_spnego_gensec_bind()
That's the only thing we use...
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
86e03bd5 by Stefan Metzmacher at 2024-04-23T23:50:34+00:00
s3:libads: use the correct struct sockbuf_io_desc type for 'sbiod' pointer
Using 'Sockbuf_IO_Desc' in idl implicitly means pidl will use
'struct Sockbuf_IO_Desc', which doesn't exist!
Using 'struct sockbuf_io_desc' which is used in OpenLDAP to
typedef Sockbuf_IO_Desc, we won't need to cast the assign the
'sbiod' pointer.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f1a83feb by Stefan Metzmacher at 2024-04-23T23:50:34+00:00
s3:libads: always require ber_sockbuf_add_io() and LDAP_OPT_SOCKBUF
There's no point in trying to support --with-ads, but only use
plaintext ldap without sign/seal.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
84b4551c by Stefan Metzmacher at 2024-04-23T23:50:34+00:00
s4:lib/tls: add tstream_tls_sync_setup()
This operates in a non-async fashion and may block
in the push and pull function.
It will be used to plug into openldap transport
layer, this is needed in order to have access
to the channel bindings. And also use the same
configuration for all our gnutls based tls code.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6a84552d by Stefan Metzmacher at 2024-04-23T23:50:34+00:00
s3:libads: add tls_wrapping into openldap
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
da87dbce by Stefan Metzmacher at 2024-04-23T23:50:34+00:00
s3:libads: call ldap_set_option(LDAP_OPT_PROTOCOL_VERSION) as soon as possible
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
576ac69c by Stefan Metzmacher at 2024-04-23T23:50:34+00:00
s3:libads: call gensec_set_channel_bindings() for tls connections
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
844e1bdc by Stefan Metzmacher at 2024-04-23T23:50:34+00:00
smbdotconf: add client ldap sasl wrapping = {starttls,ldaps}
In order to use SASL authentitation within a TLS connection
we now provide "client ldap sasl wrapping = starttls" or
"client ldap sasl wrapping = ldaps".
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
864ed28c by Stefan Metzmacher at 2024-04-23T23:50:34+00:00
s3:libads: add support for ADS_AUTH_SASL_{STARTTLS,LDAPS}
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0f8a7c9e by Stefan Metzmacher at 2024-04-23T23:50:34+00:00
s3:idmap_ad: add support for ADS_AUTH_SASL_{STARTTLS,LDAPS}
Review with: git show --patience
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0122c0a6 by Stefan Metzmacher at 2024-04-23T23:50:34+00:00
s4:libcli/ldap: add support for ADS_AUTH_SASL_{STARTTLS,LDAPS}
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9827055b by Stefan Metzmacher at 2024-04-23T23:50:34+00:00
s4:selftest: also test samba4.ldb.simple.ldap with starttls and SASL-BIND
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e6be6fa9 by Stefan Metzmacher at 2024-04-23T23:50:34+00:00
blackbox/test_net_ads_search_server: also test ldaps/starttls
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
09647d1d by Stefan Metzmacher at 2024-04-23T23:50:34+00:00
s3:torture: add '-T 'option=value' this is similar to '--option='=value'
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d189952f by Stefan Metzmacher at 2024-04-23T23:50:34+00:00
s3:torture: add ldaps/starttls support to run_tldap()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a34532cd by Stefan Metzmacher at 2024-04-23T23:50:34+00:00
s3:selftest/tests.py: run TLDAP tests with sasl-sign,sasl-seal,ldaps,starttls
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5d350c1e by Stefan Metzmacher at 2024-04-23T23:50:34+00:00
auth/gensec: remove useless client_use_spnego_principal usage
It's off by default and all sane servers use
not_defined_in_RFC4178 at please_ignore anyway.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4ff1b321 by Stefan Metzmacher at 2024-04-23T23:50:34+00:00
s4:selftest: remove useless 'client use spnego principal' tests
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
acaa24c6 by Stefan Metzmacher at 2024-04-23T23:50:34+00:00
smbdotconf: finally remove unused "client use spnego principal" option
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1a02c6e5 by Stefan Metzmacher at 2024-04-24T00:59:53+00:00
WHATSNEW: document ldaps/tls related option changes
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed Apr 24 00:59:53 UTC 2024 on atb-devel-224
- - - - -
f9309c22 by Jo Sutton at 2024-04-24T05:16:29+00:00
ctdb: Ensure ‘ret’ is always initialized
This avoids a compilation error:
../../ctdb/protocol/protocol_util.c: In function ‘ctdb_connection_list_read’:
../../ctdb/protocol/protocol_util.c:787:9: error: ‘ret’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
787 | return ret;
| ^~~
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
82224fca by Jo Sutton at 2024-04-24T05:16:29+00:00
ctdb: Report errors from getline()
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
46955bc7 by Jo Sutton at 2024-04-24T05:16:29+00:00
lib:crypto: Fix Coverity build
The Coverity build is failing with the following errors:
[1936/5164] Compiling lib/crypto/gkdi.c
In file included from /usr/lib64/gcc/x86_64-suse-linux/7/include/stdint.h:9:0,
from /usr/include/inttypes.h:27,
from ../../lib/crypto/../replace/replace.h:64,
from ../../source4/include/includes.h:23,
from ../../lib/crypto/gkdi.c:21:
../../lib/crypto/gkdi.c: In function ‘gkdi_get_key_start_time’:
../../lib/crypto/gkdi.c:197:4: error: initializer element is not constant
UINT64_MAX /
^
../../lib/crypto/gkdi.c:197:4: note: (near initialization for ‘max_gkid.l0_idx’)
../../lib/crypto/gkdi.c:200:4: error: initializer element is not constant
UINT64_MAX /
^
../../lib/crypto/gkdi.c:200:4: note: (near initialization for ‘max_gkid.l1_idx’)
../../lib/crypto/gkdi.c:204:4: error: initializer element is not constant
UINT64_MAX / gkdi_key_cycle_duration %
^
../../lib/crypto/gkdi.c:204:4: note: (near initialization for ‘max_gkid.l2_idx’)
Fix the build by removing the ‘static’ specifier on this constant.
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1171589e by Jo Sutton at 2024-04-24T05:16:29+00:00
ldb: Remove unnecessary declaration
This declaration is a hold‐over from the Python 2 module initialization
pattern.
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
103ca027 by Jo Sutton at 2024-04-24T05:16:29+00:00
tests/krb5: Check that updated NT hashes of gMSAs have the values we expect
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
786eab65 by Jo Sutton at 2024-04-24T05:16:29+00:00
s4:auth: Export AES128 gMSA keys along with AES256 keys by default
This is what an existing test expects.
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1889e0ae by Jo Sutton at 2024-04-24T05:16:29+00:00
python: Move get_admin_sid() to SamDB
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5a048ef0 by Jo Sutton at 2024-04-24T05:16:29+00:00
s4:kdc: Pass ldb context into samba_kdc_message2entry_keys()
This ldb context can be used to query the current gMSA time.
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
282e5784 by Jo Sutton at 2024-04-24T05:16:29+00:00
s4:kdc: Add helper variable indicating whether we think we are performing a keytab export
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
94e055b5 by Jo Sutton at 2024-04-24T05:16:29+00:00
python:gkdi: Add helper methods returning previous and next GKIDs
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
cb97e3f1 by Jo Sutton at 2024-04-24T05:16:29+00:00
python:tests: Store keys as bytes rather than as tuples
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6f12cf95 by Jo Sutton at 2024-04-24T05:16:29+00:00
python:tests: Rewrite condition of while loop
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
73e3ffb8 by Jo Sutton at 2024-04-24T06:20:58+00:00
python:tests: Store keys as bytes rather than as lists of ints
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed Apr 24 06:20:58 UTC 2024 on atb-devel-224
- - - - -
2154bd37 by Andreas Schneider at 2024-04-29T08:43:32+00:00
s3:libsmb: Pass a memory context to cli_connect_nb_recv()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
c8eabee1 by Andreas Schneider at 2024-04-29T08:43:32+00:00
s3:nmbd: Remove trailing spaces in nmbd_synclists.c
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
4f62937d by Andreas Schneider at 2024-04-29T08:43:32+00:00
s3:torture: Remove trailing spaces in torture.c
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
bbb21797 by Andreas Schneider at 2024-04-29T08:43:32+00:00
s3:libsmb: Pass memory context to cli_connect_nb()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
f3fda1e4 by Andreas Schneider at 2024-04-29T08:43:32+00:00
s3:libsmb: Pass a memory context to cli_start_connection_recv()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
8888f959 by Andreas Schneider at 2024-04-29T08:43:32+00:00
s3:libsmb: Pass a memory context to cli_start_connection()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
5c63d5bd by Andreas Schneider at 2024-04-29T08:43:32+00:00
s3:libsmb: Pass memory context to cli_full_connection_creds_recv()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
d2297b41 by Andreas Schneider at 2024-04-29T08:43:32+00:00
s3:libsmb: Pass memory context to cli_full_connection_creds()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
bf688e0d by Andreas Schneider at 2024-04-29T08:43:32+00:00
s3:libnet: Fix memory leak in libnet_join_connect_dc_ipc()
Direct leak of 885 byte(s) in 1 object(s) allocated from:
#0 0x7f261b8dc03f in malloc (/lib64/libasan.so.8+0xdc03f) (BuildId: 3e1694ad218c99a8b1b69231666a27df63cf19d0)
#1 0x7f261b2c2bc2 in __talloc_with_prefix ../../lib/talloc/talloc.c:783
#2 0x7f261b2c543c in _talloc_pool ../../lib/talloc/talloc.c:838
#3 0x7f261b2c543c in _talloc_pooled_object ../../lib/talloc/talloc.c:906
#4 0x7f261a69cac9 in __tevent_req_create ../../lib/tevent/tevent_req.c:98
#5 0x7f261a75bf55 in cli_full_connection_creds_send ../../source3/libsmb/cliconnect.c:3455
#6 0x7f261a75c4b7 in cli_full_connection_creds ../../source3/libsmb/cliconnect.c:3818
#7 0x7f261b70d39f in libnet_join_connect_dc_ipc ../../source3/libnet/libnet_join.c:1146
#8 0x7f261b715794 in libnet_join_lookup_dc_rpc ../../source3/libnet/libnet_join.c:1188
#9 0x7f261b715794 in libnet_DomainJoin ../../source3/libnet/libnet_join.c:2812
#10 0x7f261b715794 in libnet_Join ../../source3/libnet/libnet_join.c:3040
#11 0x555bd93671ea in net_ads_join ../../source3/utils/net_ads.c:1855
#12 0x555bd9415ca9 in net_join ../../source3/utils/net_join.c:45
#13 0x555bd940b972 in net_run_function ../../source3/utils/net_util.c:464
#14 0x555bd9363129 in main ../../source3/utils/net.c:1372
#15 0x7f2616a281af in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
56426eda by Andreas Schneider at 2024-04-29T08:43:32+00:00
s3:libsmb: Make get_ipc_connect() static
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
96b5cfe4 by Andreas Schneider at 2024-04-29T09:48:47+00:00
s3:libsmb: Pass a memory context to get_ipc_connect()
Indirect leak of 792 byte(s) in 1 object(s) allocated from: #0 0x7f261b8dc03f in malloc (/lib64/libasan.so.8+0xdc03f) (BuildId: 3e1694ad218c99a8b1b69231666a27df63cf19d0)
#1 0x7f261b2c2bc2 in __talloc_with_prefix ../../lib/talloc/talloc.c:783 #2 0x7f261b2c473d in __talloc ../../lib/talloc/talloc.c:825
#3 0x7f261b2c473d in _talloc_named_const ../../lib/talloc/talloc.c:982
#4 0x7f261b2c473d in _talloc_zero ../../lib/talloc/talloc.c:2421 #5 0x7f2618cb42bc in smbXcli_conn_create ../../libcli/smb/smbXcli_base.c:350
#6 0x7f261a74acd3 in cli_state_create ../../source3/libsmb/clientgen.c:196 #7 0x7f261a751f0d in cli_connect_nb_done ../../source3/libsmb/cliconnect.c:2715
#8 0x7f261a69bacf in _tevent_req_notify_callback ../../lib/tevent/tevent_req.c:177 #9 0x7f261a69bd06 in tevent_req_finish ../../lib/tevent/tevent_req.c:234
#10 0x7f261a69bd6e in _tevent_req_done ../../lib/tevent/tevent_req.c:240 #11 0x7f261a752dde in cli_connect_sock_done ../../source3/libsmb/cliconnect.c:2624
#12 0x7f261a69bacf in _tevent_req_notify_callback ../../lib/tevent/tevent_req.c:177
#13 0x7f261a69bd06 in tevent_req_finish ../../lib/tevent/tevent_req.c:234
#14 0x7f261a69bd6e in _tevent_req_done ../../lib/tevent/tevent_req.c:240
#15 0x7f261a7ba2c4 in smbsock_any_connect_connected ../../source3/libsmb/smbsock_connect.c:788
#16 0x7f261a69bacf in _tevent_req_notify_callback ../../lib/tevent/tevent_req.c:177
#17 0x7f261a69bd06 in tevent_req_finish ../../lib/tevent/tevent_req.c:234
#18 0x7f261a69bd6e in _tevent_req_done ../../lib/tevent/tevent_req.c:240
#19 0x7f261a7b75ad in smbsock_connect_connected ../../source3/libsmb/smbsock_connect.c:524
#20 0x7f261a69bacf in _tevent_req_notify_callback ../../lib/tevent/tevent_req.c:177
#21 0x7f261a69bd06 in tevent_req_finish ../../lib/tevent/tevent_req.c:234
#22 0x7f261a69bd6e in _tevent_req_done ../../lib/tevent/tevent_req.c:240
#23 0x7f261b4b400a in open_socket_out_connected ../../source3/lib/util_sock.c:484
#24 0x7f261a69bacf in _tevent_req_notify_callback ../../lib/tevent/tevent_req.c:177
#25 0x7f261a69bd06 in tevent_req_finish ../../lib/tevent/tevent_req.c:234
#26 0x7f261a69be3e in tevent_req_trigger ../../lib/tevent/tevent_req.c:291
#27 0x7f261a699df4 in tevent_common_invoke_immediate_handler ../../lib/tevent/tevent_immediate.c:190
#28 0x7f261a699e31 in tevent_common_loop_immediate ../../lib/tevent/tevent_immediate.c:236
#29 0x7f261a6ad3ec in epoll_event_loop_once ../../lib/tevent/tevent_epoll.c:905
#30 0x7f261a6a679e in std_event_loop_once ../../lib/tevent/tevent_standard.c:110
#31 0x7f261a696538 in _tevent_loop_once ../../lib/tevent/tevent.c:820
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Mon Apr 29 09:48:47 UTC 2024 on atb-devel-224
- - - - -
eba2bfde by yuzu367 at 2024-04-29T09:49:36+00:00
python/samba/tests/blackbox: Add tests for Inherit-only flag propagation
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15636
Signed-off-by: Anna Popova <popova.anna235 at gmail.com>
Reviewed-by: Noel Power <noel.power at suse.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
80159018 by Anna Popova at 2024-04-29T10:56:48+00:00
s3:utils: Fix Inherit-Only flag being automatically propagated to children
Inherit-only flag applies only to the container it was set to and it
shouldn't be automatically propagated to children.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15636
Signed-off-by: Anna Popova <popova.anna235 at gmail.com>
Reviewed-by: Noel Power <noel.power at suse.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Mon Apr 29 10:56:48 UTC 2024 on atb-devel-224
- - - - -
e9c4538e by Andreas Schneider at 2024-04-30T14:30:34+00:00
lib:tdb: Remove trailing spaces from pytdb.c
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
82b07bd0 by Andreas Schneider at 2024-04-30T14:30:34+00:00
lib:tdb: Add missing overflow check for num_values in pytdb.c
Error: INTEGER_OVERFLOW (CWE-190):
tdb-1.4.10/pytdb.c:401: cast_overflow: Truncation due to cast operation on "num_values" from 64 to 32 bits.
tdb-1.4.10/pytdb.c:401: overflow_sink: "num_values", which might have overflowed, is passed to "tdb_storev(self->ctx, key, values, num_values, flag)".
399| }
400|
401|-> ret = tdb_storev(self->ctx, key, values, num_values, flag);
402| free(values);
403| PyErr_TDB_ERROR_IS_ERR_RAISE(ret, self->ctx);
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
17dd13bb by Andreas Schneider at 2024-04-30T14:30:34+00:00
lib:ldb: Add missing overflow check in ldb_msg_normalize()
Error: INTEGER_OVERFLOW (CWE-190):
ldb-2.9.0/common/ldb_msg.c:1235: tainted_data_argument: The check "i < msg2->num_elements" contains the tainted expression "i" which causes "msg2->num_elements" to be considered tainted.
ldb-2.9.0/common/ldb_msg.c:1253: overflow: The expression "msg2->num_elements - (i + 1U)" is deemed underflowed because at least one of its arguments has underflowed.
ldb-2.9.0/common/ldb_msg.c:1253: overflow: The expression "32UL * (msg2->num_elements - (i + 1U))" is deemed underflowed because at least one of its arguments has underflowed.
ldb-2.9.0/common/ldb_msg.c:1253: overflow_sink: "32UL * (msg2->num_elements - (i + 1U))", which might have underflowed, is passed to "memmove(el2, el2 + 1, 32UL * (msg2->num_elements - (i + 1U)))". [Note: The source code implementation of the function has been overridden by a builtin model.]
1251| talloc_free(discard_const_p(char, el2->name));
1252| if ((i+1) < msg2->num_elements) {
1253|-> memmove(el2, el2+1, sizeof(struct ldb_message_element) *
1254| (msg2->num_elements - (i+1)));
1255| }
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
d650f884 by Andreas Schneider at 2024-04-30T15:33:32+00:00
lib:ldb: Use correct integer types for sizes
Error: INTEGER_OVERFLOW (CWE-190):
ldb-2.9.0/common/ldb_ldif.c:84: tainted_data_return: Called function "read(f, buf, size)", and a possible return value may be less than zero.
ldb-2.9.0/common/ldb_ldif.c:84: cast_overflow: An assign that casts to a different type, which might trigger an overflow.
ldb-2.9.0/common/ldb_ldif.c:92: overflow: The expression "size" is considered to have possibly overflowed.
ldb-2.9.0/common/ldb_ldif.c:84: overflow_sink: "size", which might be negative, is passed to "read(f, buf, size)". [Note: The source code implementation of the function has been overridden by a builtin model.]
82| buf = (char *)value->data;
83| while (count < statbuf.st_size) {
84|-> bytes = read(f, buf, size);
85| if (bytes == -1) {
86| talloc_free(value->data);
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Tue Apr 30 15:33:32 UTC 2024 on atb-devel-224
- - - - -
fba4e66d by Volker Lendecke at 2024-04-30T22:44:32+00:00
smbd: Save a few bytes of .text
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
debb5894 by Volker Lendecke at 2024-04-30T22:44:32+00:00
libsmb: Remove unused setup_stat_from_stat_ex()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1656cb19 by Volker Lendecke at 2024-04-30T22:44:32+00:00
lib: Fix whitespace
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
56814d3e by Volker Lendecke at 2024-04-30T22:44:32+00:00
smbd: Some README.Coding in smbXsrv_session
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
647d2c64 by Volker Lendecke at 2024-04-30T22:44:32+00:00
smbd: Simplify an if-condition
(state->current_sid == NULL) is true if and only if we could not
assign state->current_sid because num_sids was too small. Make that
more explicit.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e5596cf4 by Volker Lendecke at 2024-04-30T22:44:32+00:00
smbd: Simplify smbXsrv_open_purge_replay_cache()
GUID_buf_string is supposed to never fail except if the guid passed in
is NULL. Our only current caller already checks
that. dbwrap_purge_bystring() could actually fail, so put the result
into a variable for the debugger.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
45200770 by Volker Lendecke at 2024-04-30T22:44:32+00:00
smbd: Simplify smbXsrv_open_clear_replay_cache()
GUID_buf_string() is designed to never fail
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
7b4ab077 by Volker Lendecke at 2024-04-30T22:44:32+00:00
smbd: Do an early TALLOC_FREE in smbXsrv_client_global_init()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
60b724a7 by Volker Lendecke at 2024-04-30T22:44:32+00:00
smbd: Save a few lines in smbXsrv_client_global_init()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c2b80caf by Volker Lendecke at 2024-04-30T22:44:32+00:00
smbd: Use direct struct initialization in smbXsrv_client
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
5d51be58 by Volker Lendecke at 2024-04-30T22:44:32+00:00
smbd: Fix a copy&paste error in smbXsrv_client_remove()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ceea95af by Volker Lendecke at 2024-04-30T22:44:32+00:00
libsmb: Slightly simplify py_cli_list()
We don't need an & to take a function pointer
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
8ef24d67 by Volker Lendecke at 2024-04-30T22:44:32+00:00
pylibsmb: Return reparse_tag from directory listing
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
3f17f194 by Volker Lendecke at 2024-04-30T22:44:32+00:00
pylibsmb: clang-format for the calls to Py_BuildValue()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
30b7cf9b by Volker Lendecke at 2024-04-30T22:44:32+00:00
pylibsmb: Avoid talloc()
dom_sid_string() does an implicit talloc_strdup() which is not
necessary here.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
6f2aa43a by Volker Lendecke at 2024-04-30T22:44:32+00:00
passdb: Use getline(3) to read our old machine sid
Don't read the whole file.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e889d76f by Volker Lendecke at 2024-04-30T22:44:32+00:00
vfs: Convert return_data from char * to uint8_t
Prepares for a small simplification in the next patch
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
4fe0808e by Volker Lendecke at 2024-04-30T22:44:32+00:00
lib: Convert push_file_id_16 to take uint8_t instead of char
All callers had a cast from uint8_t to char, avoid those.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
8f1cc217 by Volker Lendecke at 2024-04-30T22:44:32+00:00
smbd: Simplify sending oplock_break_message
This is fixed length of 33 bytes, no need to talloc
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e2201a8d by Volker Lendecke at 2024-04-30T22:44:32+00:00
smbd: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
037b9dac by Volker Lendecke at 2024-04-30T22:44:32+00:00
smbd: Use struct oplock_break_message for MSG_CLOSE_FILE
We only need to transmit the file_id and share_file_id. Next patch
will show why :-)
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
7d860a73 by Volker Lendecke at 2024-04-30T22:44:32+00:00
smbd: Remove message_to_share_mode_entry and vice versa
Used only for closing files from rpc srvsvc these days
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
5ef6a8a0 by Volker Lendecke at 2024-04-30T22:44:32+00:00
smbd: Use struct oplock_break_message for MSG_SMB_KERNEL_BREAK
Signed-off-by: Volker Lendecke <vl at samba.org>
- - - - -
6bf51860 by Volker Lendecke at 2024-04-30T23:48:21+00:00
smbd: Remove unused [push_pull]_file_id_24
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Apr 30 23:48:21 UTC 2024 on atb-devel-224
- - - - -
c5a1c8d4 by Andreas Schneider at 2024-05-03T12:20:55+00:00
s4:dsdb: Fix stack use after scope in gkdi_create_root_key()
==20978==ERROR: AddressSanitizer: stack-use-after-scope on address 0x7f4f91ff51a0 at pc 0x7f4f94cf93d6 bp 0x7ffdb90fc510 sp 0x7ffdb90fbcd0
READ of size 64 at 0x7f4f91ff51a0 thread T0
#0 0x7f4f94cf93d5 in memcpy ../../../../libsanitizer/sanitizer_common/sanitizer_common_interceptors_memintrinsics.inc:115
#1 0x7f4f933bdb67 in ldb_val_dup ../../lib/ldb/common/ldb_msg.c:325
#2 0x7f4f933c11d1 in ldb_msg_copy ../../lib/ldb/common/ldb_msg.c:1182
#3 0x7f4f933c13d2 in ldb_msg_normalize ../../lib/ldb/common/ldb_msg.c:1235
#4 0x7f4f933ab556 in ldb_request ../../lib/ldb/common/ldb.c:1196
#5 0x7f4f8e82b1d4 in dsdb_autotransaction_request ../../source4/dsdb/common/util.c:1220
#6 0x7f4f8e831c8a in dsdb_add ../../source4/dsdb/common/util.c:5354
#7 0x7f4f8e853a01 in gkdi_create_root_key ../../source4/dsdb/gmsa/gkdi.c:493
#8 0x7f4f8e853a01 in gkdi_new_root_key ../../source4/dsdb/gmsa/gkdi.c:551
#9 0x7f4f8cd4ca52 in py_dsdb_create_gkdi_root_key ../../source4/dsdb/pydsdb.c:1388
#10 0x7f4f947ce01c (/lib64/libpython3.11.so.1.0+0x1ce01c) (BuildId: 170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
#11 0x7f4f947de4c0 in _PyObject_Call (/lib64/libpython3.11.so.1.0+0x1de4c0) (BuildId: 170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
#12 0x7f4f947be6ca in _PyEval_EvalFrameDefault (/lib64/libpython3.11.so.1.0+0x1be6ca) (BuildId: 170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
#13 0x7f4f947b6e79 (/lib64/libpython3.11.so.1.0+0x1b6e79) (BuildId: 170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
#14 0x7f4f947de5d8 (/lib64/libpython3.11.so.1.0+0x1de5d8) (BuildId: 170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
#15 0x7f4f947be6ca in _PyEval_EvalFrameDefault (/lib64/libpython3.11.so.1.0+0x1be6ca) (BuildId: 170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
#16 0x7f4f947b6e79 (/lib64/libpython3.11.so.1.0+0x1b6e79) (BuildId: 170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
#17 0x7f4f947edabb (/lib64/libpython3.11.so.1.0+0x1edabb) (BuildId: 170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
#18 0x7f4f947de5d8 (/lib64/libpython3.11.so.1.0+0x1de5d8) (BuildId: 170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
#19 0x7f4f947be6ca in _PyEval_EvalFrameDefault (/lib64/libpython3.11.so.1.0+0x1be6ca) (BuildId: 170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
#20 0x7f4f947b6e79 (/lib64/libpython3.11.so.1.0+0x1b6e79) (BuildId: 170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
#21 0x7f4f947ed9fb (/lib64/libpython3.11.so.1.0+0x1ed9fb) (BuildId: 170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
#22 0x7f4f947be6ca in _PyEval_EvalFrameDefault (/lib64/libpython3.11.so.1.0+0x1be6ca) (BuildId: 170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
#23 0x7f4f947b6e79 (/lib64/libpython3.11.so.1.0+0x1b6e79) (BuildId: 170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
#24 0x7f4f947be6ca in _PyEval_EvalFrameDefault (/lib64/libpython3.11.so.1.0+0x1be6ca) (BuildId: 170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
#25 0x7f4f947b6e79 (/lib64/libpython3.11.so.1.0+0x1b6e79) (BuildId: 170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
#26 0x7f4f94839997 in PyEval_EvalCode (/lib64/libpython3.11.so.1.0+0x239997) (BuildId: 170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
#27 0x7f4f94856862 (/lib64/libpython3.11.so.1.0+0x256862) (BuildId: 170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
#28 0x7f4f94852e59 (/lib64/libpython3.11.so.1.0+0x252e59) (BuildId: 170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
#29 0x7f4f94868fb1 (/lib64/libpython3.11.so.1.0+0x268fb1) (BuildId: 170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
#30 0x7f4f948687a3 in _PyRun_SimpleFileObject (/lib64/libpython3.11.so.1.0+0x2687a3) (BuildId: 170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
#31 0x7f4f94868453 in _PyRun_AnyFileObject (/lib64/libpython3.11.so.1.0+0x268453) (BuildId: 170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
#32 0x7f4f94861c53 in Py_RunMain (/lib64/libpython3.11.so.1.0+0x261c53) (BuildId: 170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
#33 0x7f4f94829996 in Py_BytesMain (/lib64/libpython3.11.so.1.0+0x229996) (BuildId: 170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
#34 0x7f4f9422a1ef in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
#35 0x7f4f9422a2b8 in __libc_start_main_impl ../csu/libc-start.c:360
#36 0x5604497e3084 in _start (/usr/bin/python3.11+0x1084) (BuildId: f5d6e3bdbf9098a6ddde0b7f2e07ffc9ad1b1dc3)
Address 0x7f4f91ff51a0 is located in stack of thread T0 at offset 416 in frame
#0 0x7f4f8e852b37 in gkdi_new_root_key ../../source4/dsdb/gmsa/gkdi.c:537
This frame has 12 object(s):
[32, 40) 'root_key_dn' (line 539)
[64, 72) 'res' (line 540)
[96, 104) 'server_config_res' (line 118)
[128, 136) 'kdf_algorithm' (line 128)
[160, 168) 'domain_dn' (line 388)
[192, 208) 'kdf_parameters_blob' (line 129)
[224, 240) 'root_key_data_blob' (line 353)
[256, 272) 'guid_blob' (line 467)
[288, 312) 'kdf_parameters' (line 226)
[352, 368) 'root_key_id' (line 116)
[384, 400) 'guid_buf' (line 466)
[416, 480) 'root_key_data' (line 352) <== Memory access at offset 416 is inside this variable
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Joseph Sutton <jsutton at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Fri May 3 12:20:55 UTC 2024 on atb-devel-224
- - - - -
2defbc99 by Volker Lendecke at 2024-05-06T20:55:37+00:00
smbd: Return FILE_ATTRIBUTE_REPARSE_POINT from "user.DOSATTRIB"
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
fafe29a2 by Volker Lendecke at 2024-05-06T20:55:37+00:00
reparse: Tighten reparse point length check
test_create_reparse shows that the length checks need to be precise,
not just checking for overflow.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
db5c23e4 by Volker Lendecke at 2024-05-06T20:55:37+00:00
smbd: Change the output of fsctl_get_reparse_point to uint8
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
4b98f993 by Volker Lendecke at 2024-05-06T20:55:37+00:00
smbd: Prepare to return the reparse tag from fsctl_get_reparse_point
We'll need this in many places, for example when listing directories
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1fa7668e by Volker Lendecke at 2024-05-06T20:55:37+00:00
smbd: Use reparse_buffer_check() in fsctl_set_reparse_point()
check_reparse_data_buffer() was duplicated code
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
deed7fab by Volker Lendecke at 2024-05-06T20:55:37+00:00
selftest: Default to "tmp" share in reparsepoints.py
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
6526f20e by Jeremy Allison at 2024-05-06T20:55:37+00:00
s3: smbd: smb2-posix: Add SAMBA_XATTR_REPARSE_ATTRIB "user.SmbReparse" name.
Ensure it's prohibited for normal user access.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
fb74b3b5 by Volker Lendecke at 2024-05-06T20:55:37+00:00
tests: Clarify a reparse point test
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
4536cfb1 by Volker Lendecke at 2024-05-06T20:55:37+00:00
tests: Codify IO_REPARSE_TAG_MISMATCH behaviour
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
7dc07710 by Volker Lendecke at 2024-05-06T20:55:37+00:00
tests: Clean up behind ourselves in test_create_reparse
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
6eba4b79 by Volker Lendecke at 2024-05-06T20:55:37+00:00
smbd: Implement fsctl_get_reparse_point
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
8ace45e0 by Volker Lendecke at 2024-05-06T20:55:37+00:00
smbd: Implement fsctl_set_reparse_point
Store the data in the "user.SmbReparse" xattr. Only allow this on
regular files. Windows does it for directories too, but we can not
allow this: Setting a symlink reparse point in a xattr on a directory
would go unnoticed by our openat2-optimization. If someone really
needs this, we could have a VFS module disallowing openat2 and doing
the appropriate checks on every openat-call.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
4fa6cffc by Volker Lendecke at 2024-05-06T20:55:37+00:00
tests: Expected failures in reparse point tests should not be errors
We need to put them into knownfail.d individually
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d80a884f by Volker Lendecke at 2024-05-06T20:55:37+00:00
tests: Run reparse tests
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
97c79d47 by Volker Lendecke at 2024-05-06T20:55:37+00:00
tests: Test FSCTL_DELETE_REPARSE_POINT
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
5edd1e7c by Volker Lendecke at 2024-05-06T21:55:03+00:00
smbd: Implement FSCTL_DELETE_REPARSE_POINT
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon May 6 21:55:03 UTC 2024 on atb-devel-224
- - - - -
1e554674 by Stefan Metzmacher at 2024-05-07T11:30:33+00:00
auth/credentials: add cli_credentials_get_principal_obtained()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15018
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
4723d695 by Andreas Schneider at 2024-05-07T11:30:33+00:00
auth:creds: Add test for cli_credentials_get_principal_obtained()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15018
Signed-off-by: Andreas Schneider <asn at samba.org>
- - - - -
c7d39466 by Stefan Metzmacher at 2024-05-07T11:30:33+00:00
auth/credentials: add cli_credentials_get_ccache_name_obtained()
It's often good to know if a credential structure already has
a valid kerberos credential cache attached, without the side
effect of doing a kinit and prompt for a password.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15018
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
a85f1b6f by Stefan Metzmacher at 2024-05-07T11:30:33+00:00
lib/cmdline: skip the password prompt if we have a valid krb5 ccache
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15018
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
c14366cc by Stefan Metzmacher at 2024-05-07T11:30:33+00:00
auth/credentials: add cli_credentials_get_password_obtained()
It's often useful to know if a password was already explicitly
specified without triggering the password callback function.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
7f0aff46 by Andreas Schneider at 2024-05-07T11:30:33+00:00
auth:creds: Add test for cli_credentials_get_password_obtained()
Signed-off-by: Andreas Schneider <asn at samba.org>
- - - - -
f9afd24c by Stefan Metzmacher at 2024-05-07T11:30:33+00:00
auth/credentials: add cli_credentials_get_username_obtained()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
b9cf6c8d by Andreas Schneider at 2024-05-07T11:30:33+00:00
auth:creds: Add test for cli_credentials_get_username_obtained()
Signed-off-by: Andreas Schneider <asn at samba.org>
- - - - -
1275e779 by Stefan Metzmacher at 2024-05-07T11:30:33+00:00
s3:client: avoid cli_credentials_get_password() to check for a specified password
Using cli_credentials_get_password_obtained() is more lightweight as
it avoids a possible password prompt.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
996fd139 by Stefan Metzmacher at 2024-05-07T11:30:33+00:00
auth/gensec: add gensec_kerberos_possible() helper
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
a3c87bf4 by Stefan Metzmacher at 2024-05-07T11:30:33+00:00
auth/gensec: add gensec_get_unparsed_target_principal() helper
This will be useful for debugging.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
4dd2468d by Stefan Metzmacher at 2024-05-07T11:30:33+00:00
s4:gensec_gssapi: make use of gensec_kerberos_possible()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
ce05fe3b by Stefan Metzmacher at 2024-05-07T11:30:33+00:00
s3:gse: make use of gensec_kerberos_possible()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
6ced3c6a by Stefan Metzmacher at 2024-05-07T11:30:33+00:00
s3:gse: avoid prompting for a password that we don't use in the end
Currently we rely on a valid default credential cache being available
and don't make use of the password.
In future we'll do a kinit on demand, but that's for another day.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
e3f97f35 by Stefan Metzmacher at 2024-05-07T11:30:33+00:00
s3:gse: don't call krb5_cc_resolve() as server
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
48bcc218 by Stefan Metzmacher at 2024-05-07T11:30:33+00:00
lib/krb5_wrap: add smb_krb5_cc_new_unique_memory()
This generates a memory credential cache that is
not visible to a (the default) credential cache collection.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
21b96f01 by Stefan Metzmacher at 2024-05-07T11:30:33+00:00
lib/krb5_wrap: make use of smb_krb5_cc_new_unique_memory() in smb_krb5_kinit_s4u2_ccache()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
92bebeb5 by Stefan Metzmacher at 2024-05-07T11:30:33+00:00
auth/credentials: use smb_krb5_cc_new_unique_memory() in krb5_cc_remove_cred_wrap()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
5d385ab6 by Stefan Metzmacher at 2024-05-07T11:30:33+00:00
auth/credentials: use smb_krb5_cc_new_unique_memory() in smb_gss_krb5_copy_ccache()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
176c55ef by Stefan Metzmacher at 2024-05-07T11:30:33+00:00
auth/credentials: use smb_krb5_cc_new_unique_memory() in cli_credentials_shallow_ccache()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
16a5279e by Stefan Metzmacher at 2024-05-07T11:30:33+00:00
auth/credentials: use smb_krb5_cc_new_unique_memory() in cli_credentials_new_ccache()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
14756523 by Stefan Metzmacher at 2024-05-07T11:30:33+00:00
s3:libads: use smb_krb5_cc_new_unique_memory() in kerberos_return_pac()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
e6c693b7 by Stefan Metzmacher at 2024-05-07T11:30:33+00:00
s3:winbindd: pass a NULL ccache to kerberos_return_pac() for a MEMORY ccache
It means kerberos_return_pac() will use smb_krb5_cc_new_unique_memory().
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
87e31f88 by Stefan Metzmacher at 2024-05-07T12:33:29+00:00
s3:libsmb: let cli_session_creds_init() keep the value from 'client use kerberos'
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Tue May 7 12:33:29 UTC 2024 on atb-devel-224
- - - - -
d58a72c5 by Andrew Bartlett at 2024-05-07T13:40:55+00:00
.gitlab-ci: Remove tags no longer provided by gitlab.com
GitLab.com removed a number of tags from their hosted
runners and this meant our CI was being redirected to
our private runners at a larger cost to the Samba Team.
The new infrastructure is much larger than when we last
selected runners so we can just use the default, even for
the code coverage build.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15638
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Tue May 7 13:40:55 UTC 2024 on atb-devel-224
- - - - -
af765433 by Douglas Bagnall at 2024-05-07T23:25:35+00:00
ldb: avoid NULL deref in ldb_db_compare
This also sorts NULLs after invalid DNs, which matches the comment
above.
CID 1596622.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8f080c02 by Douglas Bagnall at 2024-05-07T23:25:35+00:00
ldb:tests: add a test for dotted i uppercase
This didn't fail in the tr_TR locale before recent changes for
https://bugzilla.samba.org/show_bug.cgi?id=15637, because this is a
different casefold codepath. But it could fail if that other path goes
wrong, so we might as well have the test.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
91b80294 by Douglas Bagnall at 2024-05-07T23:25:35+00:00
s4:dsdb:util_trusts: describe dns_cmp return values
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b37186cf by Douglas Bagnall at 2024-05-07T23:25:35+00:00
s4:dsdb:util_trusts: simplify the NULL case in dns_cmp
In this comparison function a NULL string is treated as the ancestor
of all names, but you need to look hard to see that.
By pulling the logic for NULLs to the front, hopefully we have to look
less hard.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7f995ab8 by Douglas Bagnall at 2024-05-07T23:25:35+00:00
ldb:tools: ldbsearch doesn't need ldb_qsort()
When the opaque context blob is not used, we might as well
use a real qsort().
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5335f122 by Douglas Bagnall at 2024-05-07T23:25:35+00:00
s4:dsdb:mod: repl_md: make message_sort transitive
Before we had (with a TODO of regret):
if (!a1 || !a2) {
return strcasecmp(e1->name, e2->name);
}
so, given {name:"A", id 2}, {name:"B", NO id}, {name:"C", id 1},
A < B by name
B < C by name
A > C by id
Now the sort order is always A > C > B.
This sort could have caused mysterious crashes in repl_meta_data if
the schema is out of sync.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
65df8ce0 by Douglas Bagnall at 2024-05-07T23:25:35+00:00
s4:rpc_srv:getncchanges: 4.5 anc emulation uses qsort(), not ldb_qsort()
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c5c29f59 by Douglas Bagnall at 2024-05-07T23:25:35+00:00
s4:rpc_srv:getncchanges: USN sort uses qsort() instead of ldb_qsort()
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
827b0c39 by Douglas Bagnall at 2024-05-07T23:25:35+00:00
s4:dsdb:mod: repl_md: message sort uses NUMERIC_CMP()
No change at all in the result, just saving lines and branches.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
310d59c7 by Douglas Bagnall at 2024-05-07T23:25:35+00:00
lib:util:tests: more tests for codepoint_cmpi
is codepoint_cmpi as case-insensitive as it claims when it comes to
inequalities? (no, it is not!).
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
13af2cb0 by Douglas Bagnall at 2024-05-07T23:25:35+00:00
lib:util: codepoint_cmpi: be transitive and case-insensitive
the less/greater conparisons were not case-sensitive, which made the whole
function non-transitive.
I think codepoint_cmpi() is currently only used for equality tests, so
nothing will change.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ae4f0955 by Douglas Bagnall at 2024-05-07T23:25:35+00:00
ldb-samba: ldif_write_schemaInfo() uses correct size
repsFromToBlob is much bigger, so this only meant we briefly allocated
more than we needed.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10763
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
fb724c61 by Douglas Bagnall at 2024-05-07T23:25:35+00:00
pytest: sid_strings: use more reliable well known SID
It seems as if the well-known SID S-1-5-32-579
(DOMAIN_ALIAS_RID_ACCESS_CONTROL_ASSISTANCE_OPS) is
not always present -- specifically, it was not there on the
Windows machine used to develop these tests, but it is there on
the one I am now using.
S-1-5-32-545 (DOMAIN_ALIAS_RID_USERS) is surely going to exist,
so we use that instead.
That changes some of the assertions, making some NO_SUCH_OBJECTs
into successes.
For these tests we are only interested in the parsing of the SIDs, not
their meaning, so it's OK to change it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10763
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
473502d1 by Douglas Bagnall at 2024-05-07T23:25:35+00:00
pytest: sid_strings: Windows does allow lowercase s-1-... SIDs
And so should we.
Right now, these tests won't pass against Windows because they rely on
ldb pre-parsing of the SIDs, so they fail before Windows gets to see
them. Running them against Windows looks something like this, BTW:
SAMBA_SID_STRINGS_SKIP_LOCAL=1 \
SMB_CONF_PATH=st/ad_dc/etc/smb.conf \
PYTHONPATH=bin/default/python \
DC_SERVER=192.168.122.126 \
DC_USERNAME=Administrator DC_PASSWORD='xxx' \
python3 python/samba/tests/sid_strings.py
When things are right, the only failing tests should be from the
SidStringBehavioursThatSambaPrefers suite.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10763
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
edf9b282 by Douglas Bagnall at 2024-05-07T23:25:35+00:00
pytest: sid_strings: adjust to match Windows 2016
9 hex-digit subauths like '0xABCDef123' will not fit in 32 bits, so
should be rejected on parsing.
In other situations, such as defaultSecurityDescriptor, overflowing
SID subauths on Windows will saturate to 0xffffffff, resulting in a
valid but probably meaningless SID. It is possible that in previous
testing we saw that here, but it is more likely I got confused. In any
case, now I see them being rejected, and that is good.
The saturating defaultSecurityDescriptor case is tested in
SidStringBehavioursThatWindowsAllows.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10763
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d801ed8b by Douglas Bagnall at 2024-05-07T23:25:35+00:00
pytest: sid_strings: Samba DN object refuses sub-auth overflow
We were mistakenly asserting something that did not happen with
Windows, because Samba already won't parse the DN string.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10763
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
be5fd9a3 by Douglas Bagnall at 2024-05-07T23:25:35+00:00
ldb-samba: simplify ldif_comparison_objectSid()
The ldif_comparision_objectSid_isString() call is both wrong
(disallowing "s-") and redundant, because ldif_read_objectSid() calls
dom_sid_parse(), which does the check properly.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10763
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c6c7cb8d by Douglas Bagnall at 2024-05-07T23:25:35+00:00
ldb-samba: simplify ldif_canonicalise_objectSid()
ldif_comparision_objectSid_isString() is doing not useful or accurate,
and ldif_read_objectSid() checks properly.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10763
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8c702735 by Douglas Bagnall at 2024-05-07T23:25:35+00:00
ldb-samba: simplify extended_dn_read_SID()
This will allow the reading of SIDs that start with "s-", which
Windows allows, and we allow elsewhere.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10763
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3e899ef5 by Douglas Bagnall at 2024-05-07T23:25:35+00:00
ldb-samba: remove unused ldif_comparision_objectSid_isString()
This is unused because it does things badly, by just guessing and
not allowing valid sids that start with "s-". All the places that used
to use it were calling ldif_read_objectSid() or similar which correctly
check for string SIDs by actually trying to parse them. That begins
with looking for the "S-"/"s-", so this shortcut is not saving any real
work.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10763
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f81b7c7e by Douglas Bagnall at 2024-05-07T23:25:35+00:00
ldb:attrib_handlers: use NUMERIC_CMP in ldb_comparison_fold
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e2051eeb by Douglas Bagnall at 2024-05-07T23:25:35+00:00
ldb:attrib_handlers: reduce non-transitive behaviour in ldb_comparison_fold
If two strings are invalid UTF-8, the string is first compared with
memcmp(), which compares as unsigned char.
If the strings are of different lengths and one is a substring of the
other, the memcmp() returns 0 and a second comparison is made which
assumes the next character in the shorter string is '\0' -- but this
comparison was done using SIGNED chars (on most systems). That leads
to non-transitive comparisons.
Consider the strings {"a\xff", "a", "ab\xff"} under that system.
"a\xff" < "a", because (char)0xff == -1.
"ab\xff" > "a", because 'b' == 98.
"ab\xff" < "a\xff", because memcmp("ab\xff", "a\xff", 2) avoiding the
signed char tiebreaker.
(Before c49c48afe09a1a78989628bbffd49dd3efc154dd, the final character
might br arbitrarily cast into another character -- in latin-1, for
example, the 0xff here would have been seen as 'ÿ', which would be
uppercased to 'Ÿ', which is U+0178, which would be truncated to
'\x78', a positive char.
On the other hand e.g. 0xfe, 'þ', would have mapped to 0xde, 'Þ',
remaining negative).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
59cbaa91 by Douglas Bagnall at 2024-05-07T23:25:35+00:00
ldb: note a transitivity problem in ldb_comparison_fold
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6c0bdf37 by Douglas Bagnall at 2024-05-07T23:25:35+00:00
lib/fuzzing: add fuzz_stable_sort_r_unstable
This should find out how well stable_sort copes with an unstable
non-transitive comparison function.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
bf4af1a2 by Douglas Bagnall at 2024-05-07T23:25:35+00:00
ldb-samba: ldif_read_objectSid() short-circuits without 'S'
This avoids a memcpy, and level 3 debug verbosity from
dom_sid_parse_endp().
In other places we have something like `|| in->data[1] != '-'`, but
that is not useful here -- the value is either a string SID, or a
binary SID that starts with '\1', or some awful value that we *do*
want to get messages about.
This replaces the work of ldif_comparision_objectSid_isString().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10763
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9844ac28 by Douglas Bagnall at 2024-05-08T00:26:42+00:00
ldb-samba: ldif_read_objectSid avoids VLA
I don't think this variable length array is any trouble, but people
complain about them (e.g. https://nullprogram.com/blog/2019/10/27/)
because they make things more complex at run-time, and this is a
somewhat performance sensitive path.
DOM_SID_STR_BUFLEN + 1 is 191 -- if that stack allocation is going to
cause trouble, then so was the VLA <= that.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed May 8 00:26:42 UTC 2024 on atb-devel-224
- - - - -
380d9c5a by Stefan Metzmacher at 2024-05-10T00:26:35+00:00
.gitlab-ci-main.yml: debug kernel details of the current runner
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
237d9d02 by Stefan Metzmacher at 2024-05-10T00:26:35+00:00
tests/ntacls: unblock failing gitlab pipelines because test_setntacl_forcenative
This expects PermissionError: [Errno 1] Operation not permitted,
but it seems that setxattr() for security.NTACL works on gitlab
runners without being root.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1f47c0f6 by Rob van der Linde at 2024-05-10T00:26:35+00:00
python: models: rename argument ldb to samdb
This argument is actually an instance of SamDB (which inherits from Ldb).
This should have been called samdb.
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
8fe7f0a6 by Rob van der Linde at 2024-05-10T00:26:35+00:00
python: models: add get_primary_group method to User model
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
5aafd2fb by Rob van der Linde at 2024-05-10T00:26:35+00:00
selftest: add test for User.get_primary_group method
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
363c3318 by Earl Chew at 2024-05-10T00:26:35+00:00
Augment library_flags() to return libraries
Extend library_flags() to return the libraries provided by
pkg-config --libs.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15623
Signed-off-by: Earl Chew <earl_chew at yahoo.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
0c983bd0 by Earl Chew at 2024-05-10T00:26:35+00:00
Improve CHECK_LIB interaction with CHECK_PKG
When checking for shared libraries, only name the target library
if it was not previously discoverd by pkg-config --libs and now
available from uselib_store. This avoids using both sources of
information which results in the library being named twice on
the command line.
Once the library is confirmed by CHECK_LIB, append the library if
not already present, to avoid dropping libraries that were
previously discovered by CHECK_PKG.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15623
Signed-off-by: Earl Chew <earl_chew at yahoo.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
05807488 by Earl Chew at 2024-05-10T00:26:35+00:00
Combine ICU libraries icu-i18n and icu-uc into a single dependency
Rather than probing for icu-i18n, icu-uc, and icudata libraries
separately, only probe for icu-i18n, and icu-uc, as direct dependencies
This avoids overlinking with icudata, and allows the package
to build even when ICU is not installed as a system library.
RN: Only use icu-i18n and icu-uc to express ICU dependency
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15623
Signed-off-by: Earl Chew <earl_chew at yahoo.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
712ffbff by Stefan Metzmacher at 2024-05-10T01:35:18+00:00
s3:libsmb: allow store_cldap_reply() to work with a ipv6 response
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15642
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Fri May 10 01:35:18 UTC 2024 on atb-devel-224
- - - - -
4959f932 by Stefan Metzmacher at 2024-05-14T10:18:31+00:00
s3:winbindd: don't use ads_kdestroy(NULL) in winbindd_raw_kerberos_login()
This fixes a problem introduced in the commit:
commit e6c693b705686a590d2fa8f434ff015d8926a349
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Feb 28 17:28:43 2024 +0100
s3:winbindd: pass a NULL ccache to kerberos_return_pac() for a MEMORY ccache
It means kerberos_return_pac() will use smb_krb5_cc_new_unique_memory().
...
Before that commit cc was never NULL as generate_krb5_ccache()
returned "MEMORY:winbindd_pam_ccache" as fallback.
So we called ads_kdestroy("MEMORY:winbindd_pam_ccache").
Now we have cc == NULL if user_ccache_file == NULL.
and kerberos_return_pac() uses smb_krb5_cc_new_unique_memory()
and krb5_cc_destroy() internally.
It means unless user_ccache_file != NULL we should not
call ads_kdestroy(cc) as cc is NULL and means we would destroy
any global default krb5 ccache.
Review with: git show -U25
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
e47f9415 by Stefan Metzmacher at 2024-05-14T10:18:31+00:00
s3:libads: don't allow ads_kdestroy(NULL) anymore
This should not happen, if we ever need that behaviour
we should add an ads_kdestroy_default() helper.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
3ea605d8 by Stefan Metzmacher at 2024-05-14T10:18:31+00:00
blackbox/test_kinit.sh: verify that --use-krb5-ccache= works without KRB5CCNAME
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
a6b94a69 by Stefan Metzmacher at 2024-05-14T10:18:31+00:00
tests/ntlm_auth_krb5: don't test that a krb5ccache work with an explicit username
This test is useless and won't work anymore in future.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
52715b46 by Stefan Metzmacher at 2024-05-14T10:18:31+00:00
tests/ntlm_auth: Do not set a client_password
This fixes test_ntlmssp_gss_spnego_cached_creds
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
2dc76cc8 by Stefan Metzmacher at 2024-05-14T10:18:31+00:00
s3:ntlm_auth: explicitly include default krb5 ccache if no explicit username/password are given
Before this silently happened because the gse_krb5 module just used the
default ccache, but that will change soon.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
fb7e1982 by Stefan Metzmacher at 2024-05-14T10:18:31+00:00
s3:libsmb: explicitly use the default krb5 ccache in cli_session_creds_init() without a password
This happened implicitly as the gse_krb5 module always used the default
krb5 ccache, but that will change soon.
If kerberos is requested without a fallback to ntlm AND
the caller doesn't provide a password we'll use the
default ccache. This will keep our the following tests
happy once the gse_krb5 module changes the behavior:
samba3.blackbox.krbsmbspool
samba3.blackbox.smbget
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
2fd2d28b by Stefan Metzmacher at 2024-05-14T10:18:31+00:00
s3:libsmb: fix lpcfg_gensec_settings() no memory check in auth_generic_client_prepare()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
ca90f213 by Andreas Schneider at 2024-05-14T10:18:31+00:00
lib:krb5_wrap: Implement smb_gss_mech_import_cred()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
2ec3e59f by Andreas Schneider at 2024-05-14T10:18:31+00:00
s3:gse: Use smb_gss_mech_import_cred() in gse_init_server()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
bc2a2399 by Andreas Schneider at 2024-05-14T10:18:31+00:00
s3:gse: Implement gensec_gse_security_by_oid()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
98ee5ca7 by Andreas Schneider at 2024-05-14T10:18:31+00:00
s3:gse: Pass down the mech to gse_context_init()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
ef205f6b by Stefan Metzmacher at 2024-05-14T10:18:31+00:00
s3:gse: get an explicit ccache_name from creds and kinit if required
This means we may call kinit multiple times for now,
but we'll remove the kinit from the callers soon.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
d26e4c6e by Stefan Metzmacher at 2024-05-14T10:18:31+00:00
s3:libsmb: remove unused cli_session_creds_prepare_krb5()
Kinit will be done within gensec if required.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
a70c62a7 by Stefan Metzmacher at 2024-05-14T10:18:31+00:00
s3:libads: make use of talloc_stackframe() in ads_setup_tls_wrapping()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
6f33e46c by Stefan Metzmacher at 2024-05-14T10:18:31+00:00
s3:libads: remove unused LIBADS_CCACHE_NAME define
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
b98f9a34 by Stefan Metzmacher at 2024-05-14T10:18:31+00:00
s3:libads: split out ads_legacy_creds()
This is just a temporary change until the highlevel caller
will pass in a cli_credentials structure and we'll get rid of
ads->auth.{user_name,realm,password}.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
f7ab92ea by Stefan Metzmacher at 2024-05-14T10:18:31+00:00
s3:libads: let ads_sasl_spnego_bind() use cli_credentials_get_kerberos_state()
We should only operate on the creds structure and avoid ads->auth.flags
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
4d42574c by Stefan Metzmacher at 2024-05-14T10:18:31+00:00
s3:libads: let ads_sasl_spnego_bind() reset krb5_state at the end
In future we'll pass in creds from the caller, so we better
restore the original krb5_state at the end of ads_sasl_spnego_bind().
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
be771670 by Stefan Metzmacher at 2024-05-14T10:18:31+00:00
s3:libads: let ads_sasl_spnego_bind() use cli_credentials_get_unparsed_name()
We should only operate on the creds structure and
avoid using ads->auth.{user_name,realm}.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
b3110ec0 by Stefan Metzmacher at 2024-05-14T10:18:31+00:00
s3:libads: split out ads_connect_internal() and call it with ads_legacy_creds()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
9ea1ea16 by Stefan Metzmacher at 2024-05-14T10:18:31+00:00
s3:libads: add ADS_AUTH_GENERATE_KRB5_CONFIG to generate a custom krb5.conf
That's better then using !ADS_AUTH_NO_BIND. And it allows callers
to be more flexible in future.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
36748002 by Stefan Metzmacher at 2024-05-14T10:18:31+00:00
s3:libads: also avoid ADS_AUTH_GENERATE_KRB5_CONFIG for ADS_AUTH_ANON_BIND
For anonymous binds we don't need a krb5.conf.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
f34e64ba by Stefan Metzmacher at 2024-05-14T10:18:31+00:00
s3:libads: add ads_connect_cldap_only() helper
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
fdd34b57 by Stefan Metzmacher at 2024-05-14T10:18:31+00:00
s3:libsmb: make use of ads_connect_cldap_only()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
e8250f16 by Stefan Metzmacher at 2024-05-14T10:18:31+00:00
s3:net_ads: make use of ads_connect_cldap_only() in net_ads_check_int()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
f024063a by Stefan Metzmacher at 2024-05-14T10:18:31+00:00
s3:winbindd: make use of ads_connect_cldap_only() in dcip_check_name_ads()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
cff7656e by Stefan Metzmacher at 2024-05-14T10:18:31+00:00
s3:net_ads: make use of ads_connect_cldap_only() and ADS_AUTH_GENERATE_KRB5_CONFIG in net_ads_password()
We don't need a real ldap connection here.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
1474f9c5 by Stefan Metzmacher at 2024-05-14T10:18:31+00:00
testprogs/blackbox: add better testnames in test_weak_disable_ntlmssp_ldap.sh
This makes it easier to adjust the expected output when it changes in
the next commits.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
bb8b7be7 by Stefan Metzmacher at 2024-05-14T10:18:31+00:00
s3:libads: let ads_sasl_spnego_bind() really use spnego to negotiate krb5/ntlmssp
For now we still do the ads_kinit_password() in ads_legacy_creds()
for callers that rely on the global krb5ccache to be filled.
E.g. the dns update code and the kpasswd code.
But at least ads_connect_internal() and ads_sasl_spnego_bind()
will allow to do the kinit in the gensec layer only if needed...
We'll remove ads_legacy_creds() during the following commits.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
fcd47a49 by Stefan Metzmacher at 2024-05-14T10:18:31+00:00
s3:winbindd: remove useless 'renewable' argument to ads_cached_connection_connect()
There's really no need to get a reneable ticket for an ldap connection,
we currently always do a kinit for each connection anyway.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
ce1ad21c by Stefan Metzmacher at 2024-05-14T10:18:31+00:00
s3:libads: remove unused ads->auth.renewable
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
ea97abd5 by Stefan Metzmacher at 2024-05-14T10:18:31+00:00
s3:libads: we only need to gensec_expire_time()...
The lifetime of a service ticket is never longer than
the lifetime of the TGT...
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
bac24344 by Stefan Metzmacher at 2024-05-14T10:18:31+00:00
s3:libads: move ads->auth.time_offset to ads->config.time_offset
There's no reason to pass the LDAP servers time to the kerberos
libraries, as we may talk to a KDC different than the LDAP server!
Also Heimdal handles AS-REQ with KRB5KRB_AP_ERR_SKEW fine and
retries with the time from the krb-error.
MIT records the time from the KDC_ERR_PREAUTH_REQUIRED response
in order to use the KDCs time.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
76e0d348 by Stefan Metzmacher at 2024-05-14T10:18:31+00:00
s3:libads: fix compiler warning in ads_mod_ber()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
31e4614e by Stefan Metzmacher at 2024-05-14T10:18:31+00:00
s3:libads: add ads_connect_creds() helper
In future ads_connect_creds() will be used by callers directly instead
of using ads_connect().
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
81a6c54f by Stefan Metzmacher at 2024-05-14T10:18:31+00:00
s3:libads: add ads_set_reconnect_fn() and only reconnect if we can get creds
This reconnect is only useful for long running connections (e.g. in winbindd)
and there we'll make use of it...
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
8166642e by Stefan Metzmacher at 2024-05-14T10:18:31+00:00
s3:winbindd: make winbindd_get_trust_credentials() public
We'll use it outside of winbindd_cm.c soon.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
f903d807 by Stefan Metzmacher at 2024-05-14T10:18:31+00:00
s3:winbindd: use winbindd_get_trust_credentials()/ads_connect_creds() in winbindd_ads.c
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
16bbb407 by Stefan Metzmacher at 2024-05-14T10:18:31+00:00
s3:winbindd: make use of samba_sockaddr to avoid compiler warnings
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
ed75331f by Stefan Metzmacher at 2024-05-14T10:18:31+00:00
s3:winbindd: make use of winbindd_get_trust_credentials() in _winbind_LogonControl_TC_VERIFY()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
28af0829 by Stefan Metzmacher at 2024-05-14T10:18:31+00:00
s3:winbindd: make use of winbindd_get_trust_credentials() in idmap_ad.c
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
5807689f by Stefan Metzmacher at 2024-05-14T10:18:31+00:00
s3:utils: let net_update_dns_internal() set status before goto done in all cases
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
c95a2785 by Stefan Metzmacher at 2024-05-14T10:18:31+00:00
lib/addns: rewrite signed dns update code to use gensec instead of plain gssapi
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
7bfbea4c by Stefan Metzmacher at 2024-05-14T10:18:31+00:00
s3:libads: add ads_connect_simple_anon() helper
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
c36b0442 by Stefan Metzmacher at 2024-05-14T10:18:31+00:00
s3:libads: make use of ads_connect_simple_anon() in ldap.c where possible
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
353abcb4 by Stefan Metzmacher at 2024-05-14T10:18:31+00:00
s3:libads: add ads_simple_creds() helper
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
f9496bfd by Stefan Metzmacher at 2024-05-14T10:18:31+00:00
s3:libads: add ads_connect_machine() helper
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
87e7a948 by Stefan Metzmacher at 2024-05-14T10:18:31+00:00
s3:printing: make use of ads_connect_machine()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
bd53e207 by Stefan Metzmacher at 2024-05-14T10:18:31+00:00
libgpo/pygpo: make use of ads_connect_{creds,machine}()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
0470cc38 by Stefan Metzmacher at 2024-05-14T10:18:31+00:00
s3:lib/netapi: add libnetapi_get_creds()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
c0edd340 by Stefan Metzmacher at 2024-05-14T10:18:31+00:00
s3:lib/netapi: make use of ads_simple_creds/libnetapi_get_creds in NetGetJoinableOUs_l
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
f4f31236 by Stefan Metzmacher at 2024-05-14T10:18:31+00:00
s3:libnet_join: pass down cli_credentials *admin_credentials to libnet_{Join,Unjoin}Ctx()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
57919576 by Stefan Metzmacher at 2024-05-14T10:18:31+00:00
s3:net_offlinejoin: we don't need to call libnetapi_set_use_kerberos() as we already passed cli_credentials
c->opt_kerberos is derived from c->creds...
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
a9beae36 by Stefan Metzmacher at 2024-05-14T10:18:31+00:00
s3:net: correctly implement --use-ccache as legacy for --use-winbind-ccache for 'net'
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
be1051f3 by Stefan Metzmacher at 2024-05-14T10:18:31+00:00
s3:net: add net_context->explicit_credentials to check if credentials were passed
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
e690666f by Stefan Metzmacher at 2024-05-14T10:18:31+00:00
s3:net: make use of c->explicit_credentials in order to check for valid credentials
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
d9082129 by Stefan Metzmacher at 2024-05-14T10:18:31+00:00
s3:net_rpc: make use of !c->explicit_credentials for NET_FLAGS_ANONYMOUS
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
55c9a6c0 by Stefan Metzmacher at 2024-05-14T10:18:31+00:00
s3:net: remove useless net_prompt_pass() wrapper
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
612af29c by Stefan Metzmacher at 2024-05-14T10:18:31+00:00
s3:net_ads: use cli_credentials_get_principal() in order to call kerberos functions
This is better than the value from cli_credentials_get_username()...
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
1eeeb76e by Stefan Metzmacher at 2024-05-14T10:18:31+00:00
s3:net_ads: use ADS_SASL_SEAL by default, so that we always get encryption
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
5f32f14e by Stefan Metzmacher at 2024-05-14T10:18:31+00:00
s3:net_ads: require kerberos if we use ads_krb5_set_password() in ads_user_add()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
c85c084d by Stefan Metzmacher at 2024-05-14T10:18:31+00:00
s3:libads: remove unused kdc_host argument of ads_krb5_set_password()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
3141423f by Stefan Metzmacher at 2024-05-14T10:18:31+00:00
s3:libads: remove krb5_set_real_time() from ads_krb5_set_password()
Callers typically only pass in 0 anyway.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
b641b35b by Stefan Metzmacher at 2024-05-14T10:18:31+00:00
s3:libads: remove unused kdc_host and time_offset arguments to ads_krb5_chg_password()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
125db2ed by Stefan Metzmacher at 2024-05-14T10:18:31+00:00
s3:libads: remove unused kdc_host and time_offset arguments to kerberos_set_password()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
432273dd by Stefan Metzmacher at 2024-05-14T10:18:31+00:00
s3:libads: kerberos_set_password() don't need to kinit before ads_krb5_chg_password()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
d59d957c by Stefan Metzmacher at 2024-05-14T10:18:31+00:00
s3:libads: let ads_krb5_set_password() require an explicit krb5 ccache to operate on
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
e76fe56f by Stefan Metzmacher at 2024-05-14T10:18:31+00:00
s3:net_ads: make use of ads_connect_{cldap_only,creds}() in ads_startup_int()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
eb9ad5cc by Stefan Metzmacher at 2024-05-14T10:18:31+00:00
s3:net_ads: remove unused use_in_memory_ccache()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
2de585a9 by Stefan Metzmacher at 2024-05-14T10:18:31+00:00
s3:include: remove unused krb5_env.h
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
9620d2ec by Stefan Metzmacher at 2024-05-14T10:18:31+00:00
s3:net: remove unused net_context->opt_kerberos
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
a1ab1c86 by Stefan Metzmacher at 2024-05-14T10:18:31+00:00
s3:net: remove unused net_context->smb_encrypt
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
25806314 by Stefan Metzmacher at 2024-05-14T10:18:31+00:00
s3:net: finally remove net_context->opt_{user_specified,user_name,password}
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
fc92025e by Stefan Metzmacher at 2024-05-14T10:18:31+00:00
s3:libads: finally remove unused ads_connect[_user_creds]() and related code
That was a long way, but now we're cli_credentials/gensec only :-)
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
70f9e3a0 by Stefan Metzmacher at 2024-05-14T10:18:31+00:00
krb5_wrap: let ads_krb5_cli_get_ticket() require an explicit krb5 ccache
Reviewed-by: Andreas Schneider <asn at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
- - - - -
d49de777 by Stefan Metzmacher at 2024-05-14T10:18:31+00:00
s3:libads: let kerberos_kinit_password_ext() require an explicit krb5 ccache
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
f850bcfc by Stefan Metzmacher at 2024-05-14T10:18:31+00:00
krb5_wrap: add smb_force_krb5_cc_default[_name]() wrappers
If we touch the global krb5_ccache we want to make that explicit,
so calling krb5_cc_default[_name] will result in an error during
the next patches.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
eb6dc35a by Stefan Metzmacher at 2024-05-14T10:18:31+00:00
krb5_wrap: let smb_krb5_renew_ticket() use smb_force_krb5_cc_default_name()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
a8da9de9 by Stefan Metzmacher at 2024-05-14T10:18:32+00:00
smbspool_krb5_wrapper: remove unused includes
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
4514fb5f by Stefan Metzmacher at 2024-05-14T10:18:32+00:00
smbspool_krb5_wrapper: let kerberos_get_default_ccache() use smb_force_krb5_cc_default_name()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
845a2aae by Stefan Metzmacher at 2024-05-14T10:18:32+00:00
smbspool: let kerberos_ccache_is_valid() use smb_force_krb5_cc_default_name()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
a5d46f69 by Stefan Metzmacher at 2024-05-14T10:18:32+00:00
auth/credentials_krb5: use system/{gssapi,kerberos}.h
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
afcd53b8 by Stefan Metzmacher at 2024-05-14T10:18:32+00:00
auth/credentials_krb5: let cli_credentials_set_ccache() use smb_force_krb5_cc_default()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
1ca6fb56 by Stefan Metzmacher at 2024-05-14T11:22:28+00:00
lib/replace: make sure krb5_cc_default[_name]() is no longer used directly
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Tue May 14 11:22:28 UTC 2024 on atb-devel-224
- - - - -
833c3f26 by Pavel Filipenský at 2024-05-14T13:37:53+00:00
python/tests: Fix nlink test in smb3unix on btrfs filesystem
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Pavel Filipensky <pfilipensky at samba.org>
Autobuild-Date(master): Tue May 14 13:37:53 UTC 2024 on atb-devel-224
- - - - -
68a1200f by Earl Chew at 2024-05-14T14:44:06+00:00
Restore empty string default for conf.env['icu-libs']
The reworked ICU libraries configuration code used [] as
default for conf.env['icu-libs']. This breaks dependency analysis
in samba_deps.py because SAMBA_SUBSYSTEM() expects deps to be
a string.
Signed-off-by: Earl Chew <earl_chew at yahoo.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Tue May 14 14:44:06 UTC 2024 on atb-devel-224
- - - - -
26d87d1f by Pavel Filipenský at 2024-05-14T20:02:36+00:00
s3:winbindd: Use TDB_REPLACE in tdb_store
tdb_store() should use as a flag TDB_REPLACE instead of undocumented 0
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1092d4b0 by Pavel Filipenský at 2024-05-14T21:04:57+00:00
s3:winbindd: Update non cache entries keys (non_centry_keys)
This change does NOT affect WHAT and HOW is cached. It only avoids
undefined behavior for "NDR" and "TRUSTDOMCACHE" when processed in
wcache_flush_cache() and wbcache_upgrade_v1_to_v2().
winbindd_cache.tdb contains two types of entries:
1) cache entries (typed as 'struct cache_entry')
- internal format is: [ntstatus; sequence_number; timeout]
2) non cache entries (keys listed in non_centry_keys)
- for "NDR" internal format is: [sequence_number; timeout]
Without this commit, "NDR" would be processed as the first type (instead
as the second type). E.g. in the stack below:
wcache_fetch_raw()
traverse_fn_cleanup()
wcache_flush_cache()
the triplet [ntstatus; sequence_number; timeout] would be initialized
from data containing only [sequence_number; timeout], leading to
mismatched values ('ntstatus' would be filled from 'sequence_number').
Anyway, current code is never calling wcache_flush_cache(), since
wcache_flush_cache() can be called only from get_cache() and get_cache()
will call it only if global/static wcache was not set yet. But wcache is
set very early in the main winbind (and all winbind children get it
after fork), sooner than any call of get_cache() can happen:
#1 init_wcache + 0x19
#2 initialize_winbindd_cache + 0x35
#3 winbindd_cache_validate_and_initialize + 0x25
#4 main + 0x806
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue May 14 21:04:57 UTC 2024 on atb-devel-224
- - - - -
7c59f110 by Volker Lendecke at 2024-05-14T22:29:36+00:00
test: Align integer types
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
072e4d03 by Volker Lendecke at 2024-05-14T22:29:36+00:00
smbd: Modernize a DEBUG
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
4eac4014 by Volker Lendecke at 2024-05-14T22:29:36+00:00
libsmb: Use SMB2_0_INFO_SECURITY instead of the raw "3"
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
af4bb5f7 by Volker Lendecke at 2024-05-14T22:29:36+00:00
libsmb: Use SMB2_0_INFO_FILE instead of the raw "1"
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
bec5920e by Volker Lendecke at 2024-05-14T22:29:36+00:00
libsmb: Convert cli_qfileinfo to use FSCC levels
This will enable this routine to be used for SMB2 as well. The
translation table is from [MS-CIFS] 2.2.8.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
6e9c18ed by Volker Lendecke at 2024-05-14T22:29:36+00:00
libsmb: Add a tevent_req_received() where appropriate
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
893e4f6e by Volker Lendecke at 2024-05-14T22:29:36+00:00
libsmb: Add smb2 branch to cli_qfileinfo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
291a353b by Volker Lendecke at 2024-05-14T22:29:36+00:00
libsmb: Remove smb2 branch from cli_qfileinfo_basic_send
cli_qfileinfo_send now does it
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c13ac1f1 by Volker Lendecke at 2024-05-14T22:29:36+00:00
pylibsmb: Add FSCC QUERY_INFO levels
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ba40d970 by Volker Lendecke at 2024-05-14T22:29:36+00:00
pylibsmb: Add py_cli_qfileinfo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
44b3eada by Volker Lendecke at 2024-05-14T22:29:36+00:00
tests: get TAG_INFORMATION
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d884c2fb by Volker Lendecke at 2024-05-14T22:29:36+00:00
smbd: Fix a DBG
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ee653577 by Volker Lendecke at 2024-05-14T22:29:36+00:00
smbd: Return reparse tag as of MS-FSCC 2.4.6
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
5e0fe4d9 by Volker Lendecke at 2024-05-14T22:29:36+00:00
smbd: Add DEBUG message got get_reparse_point
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1776918c by Volker Lendecke at 2024-05-14T22:29:36+00:00
libsmb: Use the direct FSCC_FILE_ALL_INFORMATION define
(SMB_FILE_ALL_INFORMATION - 1000) looks a bit silly if you look at the
definition of SMB_FILE_ALL_INFORMATION...
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a85b1e57 by Volker Lendecke at 2024-05-14T22:29:36+00:00
libsmb: Cap max_rdata at UINT16_MAX
The caller does not necessarily query max values for smb1 and smb2+.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
2743127a by Volker Lendecke at 2024-05-14T22:29:36+00:00
smbd: Modernize a few DEBUGs
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
3a387673 by Volker Lendecke at 2024-05-14T22:29:36+00:00
smbd: Add fsctl_get_reparse_tag() helper function
There's a few places where we only care about the tag
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
7b6dc319 by Volker Lendecke at 2024-05-14T22:29:36+00:00
smbd: Use fsctl_get_reparse_tag in fsctl_set_reparse_point
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d0cdb416 by Volker Lendecke at 2024-05-14T22:29:36+00:00
smbd: Use fsctl_get_reparse_tag in fsctl_del_reparse_point
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ecb17c12 by Volker Lendecke at 2024-05-14T22:29:36+00:00
smbd: Test reparse tag in smb3_posix_cc_info
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
b71f7296 by Volker Lendecke at 2024-05-14T23:29:46+00:00
smbd: Add reparse tag to smb3_posix_cc_info
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue May 14 23:29:46 UTC 2024 on atb-devel-224
- - - - -
c422002c by Volker Lendecke at 2024-05-15T16:51:39+00:00
smbd: Remove an obsolete comment
notify_fname only sends a message to the notify daemon. There is no
potential deadlock anymore.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
aca70be7 by Volker Lendecke at 2024-05-15T16:51:39+00:00
smbd: Simplify check_parent_access_fsp()
We don't need to explicitly call fetch_share_mode_unlocked,
get_file_infos does it for us behind the scenes
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
df75ae65 by Volker Lendecke at 2024-05-15T16:51:39+00:00
g_lock: Fix buffer length check in g_lock_parse()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a99f2f3a by Volker Lendecke at 2024-05-15T16:51:39+00:00
smbd: Modernize a few DEBUGs
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
2b495c44 by Volker Lendecke at 2024-05-15T17:56:24+00:00
smbd: Fix a typo in a few places
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed May 15 17:56:24 UTC 2024 on atb-devel-224
- - - - -
7b02221c by Jo Sutton at 2024-05-16T02:11:36+00:00
auth:credentials: Check for NT hash being NULL
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
be076b30 by Jo Sutton at 2024-05-16T02:11:36+00:00
lib:fuzzing: Remove unused variable
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
359b3b63 by Jo Sutton at 2024-05-16T02:11:36+00:00
lib:fuzzing: Fix undefined shift
../../lib/fuzzing/fuzz_stable_sort_r_unstable.c:47:22: runtime error: left shift of negative value -34
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
cbebffd5 by Jo Sutton at 2024-05-16T02:11:36+00:00
s4:dsdb: Remove trailing whitespace
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f5cbe497 by Jo Sutton at 2024-05-16T02:11:36+00:00
s4:dsdb: Fix code spelling
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e4045cd5 by Jo Sutton at 2024-05-16T02:11:36+00:00
s4:setup: Update name of dsdb password change control
Commit 0a907c2f45c34efcac784738c9d75303b9d04d2f renamed this control to
DSDB_CONTROL_PASSWORD_CHANGE_OLD_PW_CHECKED_OID.
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
526652d1 by Jo Sutton at 2024-05-16T02:11:36+00:00
s4:libcli: Fix code spelling
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
170dd47e by Jo Sutton at 2024-05-16T02:11:36+00:00
s4:libcli: Add more controls to our list of known controls
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e875193c by Jo Sutton at 2024-05-16T02:11:36+00:00
python:tests: Remove unused netlogon connection parameter
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
cb357a01 by Jo Sutton at 2024-05-16T02:11:36+00:00
python:tests: Remove unnecessary ‘pass’ statement
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
fdaa2943 by Jo Sutton at 2024-05-16T02:11:36+00:00
python:tests: Pass ServerPasswordSet2() parameters in correct order
‘account_name’ and ‘server_name’ are passed in the wrong order. While
Samba ignores the account name parameter and doesn’t have a problem with
it missing its trailing dollar, Windows checks it and requires the
trailing dollar to be present.
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
65fe0900 by Jo Sutton at 2024-05-16T02:11:36+00:00
tests/krb5: Read current time from correct SamDB
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
577aa790 by Jo Sutton at 2024-05-16T02:11:36+00:00
tests/krb5: Add quantized_time() method
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
41e71406 by Jo Sutton at 2024-05-16T02:11:36+00:00
tests/krb5: Make use of gmsa_series_for_account() method
This allows us to replace a call to
expected_current_gmsa_password_blob() with one to
expected_gmsa_password_blob(), a method which allows us to specify the
exact key we expect.
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
aa4347ff by Jo Sutton at 2024-05-16T02:11:36+00:00
tests/krb5: Add ‘expect_success’ parameter to gensec_ntlmssp_logon()
View with ‘git show -b’.
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9fac9b77 by Jo Sutton at 2024-05-16T02:11:36+00:00
tests/krb5: Test that gMSA passwords cannot be viewed over an unsealed connection
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
92d010af by Jo Sutton at 2024-05-16T02:11:36+00:00
s4:dsdb: Let dsdb gMSA time influence pwdLastSet
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e5357c75 by Jo Sutton at 2024-05-16T02:11:36+00:00
s4:auth: Let dsdb gMSA time influence NTLM previous password allowed period
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ad074075 by Jo Sutton at 2024-05-16T02:11:36+00:00
tests/krb5: Test performing NTLMSSP logons at different times
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
336a5847 by Jo Sutton at 2024-05-16T02:11:36+00:00
tests/krb5: Don’t pass gMSA as ‘domain_joined_mach_creds’ parameter
We just want to test whether a gMSA can use netlogon.
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f9cbda9c by Jo Sutton at 2024-05-16T02:11:36+00:00
tests/krb5: Test that computers (and, by extension, gMSAs) cannot perform interactive logons
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6f094180 by Jo Sutton at 2024-05-16T02:11:36+00:00
tests/krb5: Test viewing gMSA passwords after performing simple binds
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5c4f2623 by Jo Sutton at 2024-05-16T02:11:36+00:00
tests/krb5: Add more tests for gMSAs
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
33ed55ce by Jo Sutton at 2024-05-16T02:11:36+00:00
s4:libnet: Remove trailing whitespace
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c167ac53 by Jo Sutton at 2024-05-16T02:11:36+00:00
s4:libnet: Remove unnecessary declarations
This declaration is a hold‐over from the Python 2 module initialization
pattern.
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
fbdeb4b0 by Jo Sutton at 2024-05-16T02:11:36+00:00
lib:crypto: Add constant denoting maximum GKDI clock skew in minutes
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
32199b9b by Jo Sutton at 2024-05-16T02:11:36+00:00
s4:auth: Accept previous gMSA password for NTLM authentication five minutes after a password change
gMSA password changes are usually triggered when the DC needs to fetch
the account’s keys and notices they are out of date.
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0e93456a by Jo Sutton at 2024-05-16T02:11:36+00:00
s4:dsdb: Remove redundant user flags macro
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1b8b8550 by Jo Sutton at 2024-05-16T02:11:36+00:00
s4:dsdb: Add userAccountControl helper function
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4c759c26 by Jo Sutton at 2024-05-16T02:11:36+00:00
s4:dsdb: Make use of userAccountControl helper function
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
927c672f by Jo Sutton at 2024-05-16T02:11:37+00:00
s4:dsdb: Do not set lockoutTime for trust accounts
This matches the behaviour of Windows.
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e1460c9e by Jo Sutton at 2024-05-16T02:11:37+00:00
s4:dsdb: Make map containing default attribute values static
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7e7bb259 by Jo Sutton at 2024-05-16T02:11:37+00:00
s4:kdc: Initialize pointer variable just in case (CID 1596762)
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3b90753b by Jo Sutton at 2024-05-16T02:11:37+00:00
s4:kdc: Free target principal string to avoid memory leak (CID 1596760)
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f3ff4915 by Jo Sutton at 2024-05-16T02:11:37+00:00
s4:kdc: Initialize local variable just in case (CID 1596759)
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d36bfbf6 by Jo Sutton at 2024-05-16T02:11:37+00:00
tests/krb5: Adjust tests to pass against newer Windows versions that include ticket checksums in response to AS‐REQs
A lot of these tests are going to start failing, so skip them until
we’ve implemented the corresponding behaviour for the KDC.
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
09bcd48f by Jo Sutton at 2024-05-16T02:11:37+00:00
third_party/heimdal: Import lorikeet-heimdal-202405090452 (commit 49c8e97b7221db53355258059ef385c856e1385f)
NOTE: THIS COMMIT WON’T COMPILE/WORK ON ITS OWN!
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0582cf60 by Jo Sutton at 2024-05-16T02:11:37+00:00
s4:kdc: Remove trailing whitespace
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
01849ab1 by Jo Sutton at 2024-05-16T03:14:47+00:00
s4:kdc: Implement KDC plugin hardware authentication policy
NOTE: This commit finally works again!
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu May 16 03:14:47 UTC 2024 on atb-devel-224
- - - - -
52df4063 by Stefan Metzmacher at 2024-05-22T03:04:34+00:00
s3:libnet: let parse_user() in libnet_dssync_keytab.c work without nt hash
It happens in setups with 'nt hash store = never'.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
feff15fc by Stefan Metzmacher at 2024-05-22T03:04:34+00:00
s3:libnet: split out parse_user() in libnet_dssync_keytab.c
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2b2cc544 by Stefan Metzmacher at 2024-05-22T03:04:34+00:00
s3:libnet: split out store_or_fetch_attribute() from parse_user() in libnet_dssync_keytab.c
This way we can easily re-use the logic in the next commits...
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
888a785f by Stefan Metzmacher at 2024-05-22T03:04:34+00:00
s3:libnet: add support for trusted domains in libnet_dssync_keytab.c
It means that keytabs generated via 'net rpc vampire keytab' are
able to decrypt cross-realm tickets in wireshark.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
83f03513 by Stefan Metzmacher at 2024-05-22T03:04:34+00:00
s3:libnet: add a debug message to libnet_keytab_add_to_keytab_entries()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8cfebc36 by Stefan Metzmacher at 2024-05-22T03:04:34+00:00
s4:kdc: split out samba_kdc_fill_trust_keys() helper
Let samba_kdc_trust_message2entry() also fill in the salt used
by the key. This is not strictly needed, but it's better to
be consistent.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d1efc396 by Stefan Metzmacher at 2024-05-22T03:04:34+00:00
s4:kdc: let samba_kdc_trust_message2entry() ignore KRB5_PROG_ETYPE_NOSUPP
We already handle it in samba_kdc_fill_user_keys() mostly for DES keys,
but other encryption types might be from kerberos libraries in future.
And things like FIPS mode may also alter the runtime behaviour.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f4869964 by Stefan Metzmacher at 2024-05-22T03:04:34+00:00
s4:kdc: add a returned_kvno helper variable in samba_kdc_trust_message2entry()
This will simplifiy further changes.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f5c8c212 by Stefan Metzmacher at 2024-05-22T03:04:34+00:00
s4:kdc: add available_enctypes to supported_session_etypes in samba_kdc_trust_message2entry()
This aligns the logic of samba_kdc_trust_message2entry() with
samba_kdc_message2entry_keys().
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6ecc607e by Stefan Metzmacher at 2024-05-22T03:04:34+00:00
s4:kdc: split out samba_kdc_fill_trust_keys() helper
This simplifies the logic in samba_kdc_trust_message2entry(),
is very similar to our samba_kdc_fill_user_keys() helper
and will make it trivial to provide the previous keys
in entry->old_keys in the next commit.
Review with: git show -p --patience
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
37292f8a by Stefan Metzmacher at 2024-05-22T03:04:34+00:00
s4:kdc: let samba_kdc_trust_message2entry() return all keys with SDB_F_ADMIN_DATA
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7f1e8948 by Stefan Metzmacher at 2024-05-22T03:04:34+00:00
s4:kdc: also provide cross-realm keys via samba_kdc_seq()
This means that 'samba-tool domain exportkeytab' is able to
export them.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e2a5fbf5 by Stefan Metzmacher at 2024-05-22T03:04:34+00:00
s4:libnet_export_keytab: add only_current_keys option
By default we also export on the old and older passwords...
In order to do a kinit with a keytab it might we useful to
include only the current keys.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2793ef3e by Stefan Metzmacher at 2024-05-22T03:04:34+00:00
samba.tests.dckeytab: add test_export_keytab_change3_update_only_current_keep()
This tests that only_current_keys=True works.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b4be5718 by Stefan Metzmacher at 2024-05-22T03:04:34+00:00
samba-tool: let 'samba-tool domain exportkeytab' take an --only-current-keys option
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
bdfbf252 by Stefan Metzmacher at 2024-05-22T04:07:02+00:00
test_kinit_export_keytab: reset pw of the test account and test --only-current-keys
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed May 22 04:07:02 UTC 2024 on atb-devel-224
- - - - -
477dec37 by Volker Lendecke at 2024-05-22T04:23:29+00:00
smbd: Modernize a few DEBUGs
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a8b9a835 by Volker Lendecke at 2024-05-22T04:23:29+00:00
smbd: Move a DBG_DEBUG up
Make it line up with the other branches
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3542f938 by Volker Lendecke at 2024-05-22T04:23:29+00:00
smbd: Fix whitespace
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
979f3e23 by Volker Lendecke at 2024-05-22T04:23:29+00:00
smbd: Remove the ZERO_ZERO define
This code went in with e8e98c9ea06 in 2001 without any mention in the
commit message.
I don't remember all details, but there was some discussion around the
offset=0,length=0 lock being somehow special. These days [MS-FSA]
defines the required behaviour (don't conflict) and we implement that
behaviour.
If someone still remembers why this code is in and thinks it's
worthwhile, that's what version control is for.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
91158366 by Volker Lendecke at 2024-05-22T04:23:29+00:00
smbd: Use direct struct initialization
Make sure all fields in the target struct are initialized
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6f0628c8 by Volker Lendecke at 2024-05-22T04:23:29+00:00
smbd: Return correct error for fallback sendfile
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
661532c4 by Volker Lendecke at 2024-05-22T04:23:29+00:00
smbd: Remove an unnecessary else branch
We return in the if branch, review with "git show -w"
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ff43158c by Volker Lendecke at 2024-05-22T04:23:29+00:00
smbd: Remove a no-op call to init_strict_lock_struct
"lock" is a variable on the stack, and initializing it is all that
init_strict_lock_struct does. We've done the corresponding checks
already in smbd_smb2_read_send
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f69fe791 by Volker Lendecke at 2024-05-22T04:23:29+00:00
smbd: Remove an unnecessary else
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
dd1dd650 by Volker Lendecke at 2024-05-22T04:23:29+00:00
smbd: Remove an unused function parameter
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
06a322a1 by Volker Lendecke at 2024-05-22T04:23:29+00:00
libsmb: Use the direct FSCC_ infolevels
Could have done this as part of 1776918c5bf already.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0013105e by Volker Lendecke at 2024-05-22T04:23:29+00:00
libsmb: Avoid pointless intermediate variables
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
27ac0bea by Volker Lendecke at 2024-05-22T04:23:29+00:00
lib: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7ecf3b0e by Volker Lendecke at 2024-05-22T04:23:29+00:00
libsmb: Execute a "TODO", remove IVAL2_TO_SMB_BIG_UINT
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e79698c4 by Volker Lendecke at 2024-05-22T04:23:29+00:00
libsmb: Use SMB2_0_INFO_ constants instead of magic numbers
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5384244f by Volker Lendecke at 2024-05-22T04:23:29+00:00
libsmb: Remove unused cli_list_trans()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
335877ec by Volker Lendecke at 2024-05-22T04:23:29+00:00
libsmb: Remove an unneeded NULL check
We have dereferenced p_last_name_raw before in the call to
data_blob_free, our only caller does give us a pointer
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c443d377 by Volker Lendecke at 2024-05-22T04:23:29+00:00
libsmb: Remove a talloc_strdup()
We're directly overwriting state->mask without actually using it for
anything real.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0fe1a6e9 by Volker Lendecke at 2024-05-22T04:23:29+00:00
lib: Use struct initialization
Make sure everything is initialized
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f2b692fb by Volker Lendecke at 2024-05-22T04:23:29+00:00
smbd: Simplify request_timed_out
timeval_expired does what we need here
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
94b8deff by Volker Lendecke at 2024-05-22T04:23:29+00:00
libsmb: Remove file_info->[ug]id
These fields were never assigned
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
64003d86 by Douglas Bagnall at 2024-05-22T04:23:29+00:00
spelling: fix spelling of privilege.ldb in comments
'privileges' is a word, but the ldb referred to is privilege.ldb
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
99d26221 by Douglas Bagnall at 2024-05-22T04:23:29+00:00
spelling: comments: synthax -> syntax
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c7299556 by Douglas Bagnall at 2024-05-22T04:23:29+00:00
lib/fuzzing: fuzz_stable_sort_r_unstable tries to catch overrun
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5abeb724 by Douglas Bagnall at 2024-05-22T04:23:29+00:00
s3:smbcacls: fix ace_compare
We got this wrong in commit 31101a9fa1503be9d8137e42466f57d85136a156.
In fact, we should probably not reorder the inherited ACLs, but that
is for another patch series.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
83030780 by Stefan Metzmacher at 2024-05-22T04:23:29+00:00
s4:dsdb/repl: let drepl_out_helpers.c always go via dreplsrv_out_drsuapi_send()
I have customer backtraces showing that 'drsuapi' is NULL in
dreplsrv_op_pull_source_get_changes_trigger() called from the
WERR_DS_DRA_SCHEMA_MISMATCH retry case of
dreplsrv_op_pull_source_apply_changes_trigger(), while 'drsuapi' was
a valid pointer there.
>From reading the code I don't understand how this can happen,
but it does very often on RODCs. And this fix prevents the problem.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15573
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e0d9e285 by Stefan Metzmacher at 2024-05-22T05:26:48+00:00
selftest/Samba4: make use of get_cmd_env_vars() to setup all relevant env variables
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed May 22 05:26:48 UTC 2024 on atb-devel-224
- - - - -
758bb9aa by Andreas Schneider at 2024-05-22T20:33:36+00:00
docs-xml: Add smb.conf option 'dns hostname'
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b93fef8e by Andreas Schneider at 2024-05-22T20:33:36+00:00
s3:utils: Use lp_dns_hostname() for 'net' dns updates
name_to_fqdn() requires /etc/hosts to be set up in a special way to find
out the fqdn for dns updates. They are not set up by default and the
DNS update fails. Normally the fqdn is just <lp_netbios_name>.<realm>
and we should just use that. However if it is different, you can set
it to the special value in the smb.conf now.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f6efc746 by Andreas Schneider at 2024-05-22T20:33:36+00:00
s3:librpc: Use lp_dns_hostname() for creating the fqdn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
84989f2b by Andreas Schneider at 2024-05-22T20:33:36+00:00
s3:lib: Remove obsolete name_to_fqdn()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0e96092c by Andreas Schneider at 2024-05-22T20:33:36+00:00
s3:libnet: Use lp_dns_hostname() in libnet_join.c
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
382c300a by Andreas Schneider at 2024-05-22T20:33:36+00:00
s3:libnet: Convert myalias to lower case
This will be more consistent as it is a dnsname.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c2d4fe11 by Andreas Schneider at 2024-05-22T20:33:36+00:00
s3:utils: Use lp_dnsdomain() in net_ads.c
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c00571a8 by Andreas Schneider at 2024-05-22T20:33:36+00:00
python:tests: Ignore case for group_name comparison
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f3f8aa49 by Andreas Schneider at 2024-05-22T20:33:36+00:00
s3:rpc_server: Use lpcfg_dns_hostname() in srv_witness_nt.c
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f353ce5f by Andreas Schneider at 2024-05-22T20:33:36+00:00
s4:dfs_server: Use lpcfg_dns_hostname() in dfs_server_ad.c
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8ae565a1 by Andreas Schneider at 2024-05-22T20:33:36+00:00
s4:dns_server: Use lpcfg_dns_hostname() in dlz_bind9.c
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
cb9ff7b4 by Andreas Schneider at 2024-05-22T20:33:36+00:00
s4:rpc_server: Use lpcfg_dns_hostname() in dns_server.c
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6bd56a2c by Andreas Schneider at 2024-05-22T20:33:36+00:00
s4:rpc_server: Use lpcfg_dns_hostname() in dnsutils.c
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ad9198bb by Andreas Schneider at 2024-05-22T20:33:36+00:00
s4:rpc_server: Use lpcfg_dns_hostname() in dnsdb.c
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
26fd7804 by Andreas Schneider at 2024-05-22T20:33:36+00:00
s4:rpc_server: Use lpcfg_dnsdomain() in dnsdb.c
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
78c2427d by Andreas Schneider at 2024-05-22T20:33:36+00:00
auth:ntlmssp: Remove trailing spaces
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f64e7284 by Andreas Schneider at 2024-05-22T20:33:36+00:00
auth:ntlmssp: Use lpcfg_dns_hostname()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4de25061 by Andreas Schneider at 2024-05-22T20:33:36+00:00
WHATSNEW: Add 'dns hostname'
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4597d314 by Jo Sutton at 2024-05-22T20:33:36+00:00
third_party/heimdal: Import lorikeet-heimdal-202405220400 (commit 8276d6311146b8ab5d57d092bc5d5fa28282a900)
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
95e80bf1 by Jo Sutton at 2024-05-22T20:33:36+00:00
python:tests: Rename ‘keytab_as_set’ variable to be distinct from keytab_as_set() method
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5682df15 by Jo Sutton at 2024-05-22T20:33:36+00:00
python:tests: Manually raise AssertionError
This removes the last dependency on ‘self’ in this method.
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
aa8aeeb6 by Jo Sutton at 2024-05-22T20:33:36+00:00
python:tests: Extract keytab_as_set() function to be usable by other tests
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
048de3da by Jo Sutton at 2024-05-22T20:33:36+00:00
s4:libnet: Pass SDB_F_ADMIN_DATA flag through to samba_kdc_message2entry()
This will allow us to specify whether to specify this flag for a keytab
export.
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
71899ceb by Jo Sutton at 2024-05-22T20:33:36+00:00
s4:libnet: Update export_keytab() docstring
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5ea07824 by Jo Sutton at 2024-05-22T20:33:36+00:00
s4:libnet: Allow simulating AS‐REQ flags combination for keytab export
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a0d639bf by Jo Sutton at 2024-05-22T20:33:36+00:00
tests/krb5: Test that previous keys are counted as current keys following a gMSA key rollover
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d8302e95 by Jo Sutton at 2024-05-22T20:33:36+00:00
s4:kdc: Merge current and previous gMSA keys during period when both are valid
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
589a9ea6 by Jo Sutton at 2024-05-22T21:33:14+00:00
s4:kdc: Add comment about possible interaction between the krbtgt account and Group Managed Service Accounts
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed May 22 21:33:14 UTC 2024 on atb-devel-224
- - - - -
023a7ce7 by Douglas Bagnall at 2024-05-22T23:12:32+00:00
ldb: add test_ldb_comparison_fold
Currently this fails like this:
test_ldb_comparison_fold_default_common: 118 errors out of 256
test_ldb_comparison_fold_default_ascii: 32 errors out of 100
test_ldb_comparison_fold_utf8_common: 40 errors out of 256
test_ldb_comparison_fold_utf8: 28 errors out of 100
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f9fbc7a5 by Douglas Bagnall at 2024-05-22T23:12:32+00:00
lib/util/charset: be explicit about INVALID_CODEPOINT value
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
278a3c7f by Douglas Bagnall at 2024-05-22T23:12:32+00:00
ldb: add a utf-8 comparison fold callback
This isn't used yet, but it will allow library users to select a
case-insensitive comparison function that matches their chosen casefold.
This will allow the comparisons to be consistent when the strings are bad,
whereas currently we kind of guess.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1624ac7a by Douglas Bagnall at 2024-05-22T23:12:32+00:00
ldb: move ldb_comparison_fold guts into a separate function
We're going to make this use a configurable pointer.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ae7ca368 by Douglas Bagnall at 2024-05-22T23:12:32+00:00
ldb: add ldb_set_utf8_functions() for setting casefold functions
This replaces ldb_set_utf8_fns(), which will be deprecated really soon.
The reason for this, as shown in surrounding commits, is that without
an explicit case-insensitive comparison we need to rely on the casefold,
and if the casefold can fail (because, e.g. bad utf-8) the comparison
ends up being a bit chaotic. The strings being compared are generally
user controlled, and a malicious user might find ways of hiding values
or perhaps fooling a binary search.
A case-insensitive comparisons that works gradually through the string
without an all-at-once casefold is better placed to deal with problems
where they happen, and we are able to separately specialise for the
ASCII case (used by SSSD) and the UTF-8 case (Samba).
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
947f977a by Douglas Bagnall at 2024-05-22T23:12:32+00:00
ldb: ldb_comparison_fold uses the utf-8 casecmp function
But only if it is set, which it never is (so far).
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
92275e27 by Douglas Bagnall at 2024-05-22T23:12:32+00:00
ldb: add ldb_comparison_fold_ascii() for default comparisons
This function is made from the ASCII-only bits of the old
ldb_comparison_fold() -- that is, what you get if you never follow a
`goto utf8str` jump. It comparse the bytes, but collapses spaces and
maps [a-z] to [A-Z].
This does exactly what ldb_comparison_fold_utf8_broken() would do in
situations where ldb_casfold() calls ldb_casefold_default(). That
means SSSD.
The comparison is probably using signed char, so high bytes are
actually low bytes.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6c27284f by Douglas Bagnall at 2024-05-22T23:12:32+00:00
ldb: ldb_comparison_fold_ascii sorts unsigned
Typically in 8-bit character sets, those with the 0x80 bit set are
seen as 288-255, not negative numbers. This will sort them after 'Z',
not before 'A'.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7cc3c562 by Douglas Bagnall at 2024-05-22T23:12:32+00:00
ldb: ldb_set_utf8_default() sets comparison function
The default is ASCII only, which is used by SSSD and OpenChange.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
eb91e343 by Douglas Bagnall at 2024-05-22T23:12:32+00:00
util:charset: add strncasecmp_ldb()
This is a function for comparing strings in a way that suits a
case-insenstive syntaxes in LDB.
We have it here, rahter than in LDB itself, because it needs the
upcase table. By default uses ASCII-only comparisons. SSSD and
OpenChange use it in that configuration, but Samba replaces the
comparison and casefold functions with Unicode aware versions.
Until now Samba has done that in a bad way; this will allow it to do
better.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
55397514 by Douglas Bagnall at 2024-05-22T23:12:32+00:00
util:charset: strncasecmp_ldb degrades to ASCII strncasecmp
If strncasecmp_ldb() encounters invalid utf-8 bytes, it compares those
as greater than any valid bytes (that is, it sorts them to the end of
the list).
If an invalid sequence is encountered in both strings at once, the
rest of the strings are now compared using the default ldb_comparison_fold
rules, as implemented in ldb_comparison_fold_ascii(). That is, each
byte is compared individually, [a-z] are translated to [A-Z], and runs of
spaces are collapsed into single spaces.
There is no perfect answer in this case, but this solution is stable,
fine-grained, and probably close to what is expected. This
byte-by-byte comparison is equivalent to a utf-8 comparison without
case-folding of multibyte codes.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f9797950 by Douglas Bagnall at 2024-05-22T23:12:32+00:00
util:charset: strncasecmp_ldb avoids iconv for ASCII
This is a common case, and we can save a bit of work.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0becc8a9 by Douglas Bagnall at 2024-05-22T23:12:32+00:00
ldb-samba: add ldb_comparison_fold_utf8, wrapping strncasecmp_ldb
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
edabb9f4 by Douglas Bagnall at 2024-05-22T23:12:32+00:00
ldb-samba: use ldb_comparison_fold_utf8()
This means ldb-samba/dsdb comparisons will be case-insensitive for
non-ASCII UTF-8 characters (within the bounds of the 16-bit casefold
table). And they will remain transitive.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
960724a0 by Douglas Bagnall at 2024-05-22T23:12:32+00:00
ldb: ldb_comparison_fold always uses the casecmp function
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
42ae85d7 by Douglas Bagnall at 2024-05-22T23:12:32+00:00
ldb: remove old ldb_comparison_fold_utf8_broken()
There are no callers.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4a6a1d1f by Douglas Bagnall at 2024-05-22T23:12:32+00:00
ldb: deprecate ldb_set_utf8_fns
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e33a0dd7 by Douglas Bagnall at 2024-05-22T23:12:32+00:00
ldb: ldb_set_utf8_functions follows README.Coding
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b22e1d32 by Douglas Bagnall at 2024-05-22T23:12:32+00:00
ldb: don't cast to unsigned for ldb_ascii_toupper()
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b6974030 by Douglas Bagnall at 2024-05-22T23:12:32+00:00
lib/fuzzing: add fuzz_strncasecmp_ldb
As well as checking for the usual overflows, this asserts that
strncasecmp_ldb is always transitive, by splitting the input into 3
pieces and comparing all pairs.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a00c0ebd by Douglas Bagnall at 2024-05-22T23:12:32+00:00
s4:dsdb:strcasecmp_with_ldb_val() avoids overflow
In the unlikely event that strlen(str) > INT_MAX, the result could
have overflowed.
This is not a sort transitivity issue, as this is not a symmetric sort
comparison, but it would affect binary search reliability.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6dd68d89 by Douglas Bagnall at 2024-05-22T23:12:32+00:00
ldb: move struct ldb_utf8_fns to ldb_private.h
It is only accessed via ldb functions that find it on the already-private
struct ldb_context.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d6581d21 by Douglas Bagnall at 2024-05-23T00:19:30+00:00
ldb: move struct ldb_debug_ops to ldb_private.h
Only accessed through struct ldb_context -> debug_ops, which is already private.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu May 23 00:19:30 UTC 2024 on atb-devel-224
- - - - -
14d6e267 by Stefan Metzmacher at 2024-05-23T12:35:37+00:00
smbXcli_base: add hacks to test anonymous signing and encryption
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15412
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
- - - - -
6a89615d by Stefan Metzmacher at 2024-05-23T12:35:37+00:00
s4:libcli/smb2: add hack to test anonymous signing and encryption
This will be used in torture tests.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15412
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
- - - - -
6c5781b5 by Stefan Metzmacher at 2024-05-23T12:35:37+00:00
s4:torture/smb2: add smb2.session.anon-{encryption{1,2,},signing{1,2}}
These demonstrate how anonymous encryption and signing work.
They pass against Windows 2022 as ad dc.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15412
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
- - - - -
a9f84593 by Stefan Metzmacher at 2024-05-23T12:35:37+00:00
s3:utils: remove unused signing_flags in connections_forall()
We never use the signing flags from the session, as the tcon
has its own signing flags.
https://bugzilla.samba.org/show_bug.cgi?id=15412
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
- - - - -
596a10d1 by Stefan Metzmacher at 2024-05-23T12:35:37+00:00
s3:lib: let sessionid_traverse_read() report if the session was authenticated
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15412
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
- - - - -
5089d855 by Stefan Metzmacher at 2024-05-23T12:35:37+00:00
s3:utils: let connections_forall_read() report if the session was authenticated
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15412
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
- - - - -
8119fd6d by Stefan Metzmacher at 2024-05-23T12:35:37+00:00
s3:utils: let smbstatus also report AES-256 encryption types for tcons
We already do that for sessions.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15412
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
- - - - -
551756ab by Stefan Metzmacher at 2024-05-23T12:35:37+00:00
s3:utils: let smbstatus also report partial tcon signing/encryption
We already do that for sessions and also for the json output,
but it was missing in the non-json output for tcons.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15412
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
- - - - -
f3ddfb82 by Stefan Metzmacher at 2024-05-23T12:35:37+00:00
s3:smbd: allow anonymous encryption after one authenticated session setup
I have captures where a client tries smb3 encryption on an anonymous session,
we used to allow that before commit da7dcc443f45d07d9963df9daae458fbdd991a47
was released with samba-4.15.0rc1.
Testing against Windows Server 2022 revealed that anonymous signing is always
allowed (with the session key derived from 16 zero bytes) and
anonymous encryption is allowed after one authenticated session setup on
the tcp connection.
https://bugzilla.samba.org/show_bug.cgi?id=15412
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
- - - - -
5a54c9b2 by Stefan Metzmacher at 2024-05-23T13:37:09+00:00
s3:utils: let smbstatus report anonymous signing/encryption explicitly
We should mark sessions/tcons with anonymous encryption or signing
in a special way, as the value of it is void, all based on a
session key with 16 zero bytes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15412
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Thu May 23 13:37:09 UTC 2024 on atb-devel-224
- - - - -
54015223 by Martin Schwenke at 2024-05-30T11:42:30+00:00
ctdb-scripts: Reformat with "shfmt -w -p -i 0 -fn"
Best reviewed with "git show -w".
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
5176b43d by Martin Schwenke at 2024-05-30T11:42:30+00:00
ctdb-scripts: Avoid ShellCheck warning SC2162
SC2162 read without -r will mangle backslashes.
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
7b24cc03 by Martin Schwenke at 2024-05-30T11:42:30+00:00
ctdb-scripts: Improve documentation
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
c912e406 by Martin Schwenke at 2024-05-30T11:42:30+00:00
ctdb-scripts: Reformat with shfmt -w -p -i 0 -fn
Tweak some lines to avoid overflowing 80 columns.
Best viewed with "git show -w".
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
b90d72c7 by Martin Schwenke at 2024-05-30T11:42:30+00:00
ctdb-scripts: Move ctdb.tdb attach to statd-callout
All of the other uses of ctdb.tdb are in statd-callout.
New variable statd_callout_db makes it easy to change the database
name in future, perhaps even allowing it to be configurable.
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
d02fb20d by Martin Schwenke at 2024-05-30T11:42:30+00:00
ctdb-scripts: Avoid globally changing to queue directory
Add new variables statd_callout_state_dir and statd_callout_queue_dir
- the latter is for files queued by add-client/del-client.
Use $statd_callout_queue_dir to avoid a global cd to the queue
directory near the top of the script.
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
558cf280 by Martin Schwenke at 2024-05-30T11:42:30+00:00
ctdb-scripts: Move state directory creation to "startup" action
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
ed3f041c by Martin Schwenke at 2024-05-30T11:42:30+00:00
ctdb-scripts: Add caching function for public IPs
This is way more complicated than I would like but, as per the
comment, this is due to complexities in the way public IPs work. The
main consumer will be statd-callout, which will then be able to run as
a non-root user.
Also generate the cache file in test code, whenever the PNN is set.
However, this can cause "ctdb ip" to generate a fake IP layout before
public IPs are setup. So, have the "ctdb ip" stub generate the IP
layout every time it is run to avoid it being stale.
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
5a4209b7 by Martin Schwenke at 2024-05-30T11:42:30+00:00
ctdb-tests: Default PNN is 0
This is called in a couple of places without an argument, so give it a
default.
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
608557c6 by Martin Schwenke at 2024-05-30T11:42:30+00:00
ctdb-scripts: Avoid connecting to ctdbd in add-client/del-client
rpc.statd runs statd-callout as a non-root user, which is currently
hacked around using some sudo logic that fails to work in some
contexts (e.g. in a container).
Use $CTDB_MY_PUBLIC_IPS_CACHE to access the node's currently assigned
public IPs, for add-client/del-client. This avoids connecting to
ctdbd when called from rpc.statd.
Also, use $CTDB_MY_PUBLIC_IPS_CACHE in other places where it makes
sense.
Connections to ctdbd are still made in the "notify" action, but this
is always run as root.
In the test code, set the PNN after public addresses setup so that the
cache of assigned IPs correctly initialised.
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
50b3cebe by Martin Schwenke at 2024-05-30T11:42:30+00:00
ctdb-scripts: Set ownership of statd-callout state directory
For add-client and del-client, statd-callout is called by rpc.statd,
which runs as rpcuser, statd or some other non-root system user. This
means that add-client and del-client can't write in the statd-callout
state directory if it is only writable by root. rpc.statd must be
able to write to its own local system statd state directory, so find
this directory and use it as a reference to set the ownership of
CTDB's statd-callout state directory.
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
ecb9545b by Martin Schwenke at 2024-05-30T11:42:30+00:00
ctdb-scripts: Use find_statd_sm_dir() in one more place
Take advantage of new function find_statd_sm_dir() when clearing the
local system statd state directory, so it uses the correct directory
when running on a non-RH distro.
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
991d21d0 by Martin Schwenke at 2024-05-30T11:42:30+00:00
ctdb-scripts: No longer run statd-callout under sudo
This simplifies and removes a bad hack. Also, in my test environment,
it also drops the average time take to run an add-client/del-client
pair from ~0.055s to ~0.030s.
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
6ffb73bb by Martin Schwenke at 2024-05-30T11:42:30+00:00
ctdb-scripts: Reformat with "shfmt -w -p -i 0 -fn"
Best reviewed with "git show -w".
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
a534f713 by Martin Schwenke at 2024-05-30T11:42:30+00:00
ctdb-scripts: Quote variable expansions
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
2a3d7c09 by Martin Schwenke at 2024-05-30T11:42:30+00:00
ctdb-scripts: Change NFS-Ganesha PID file location
This is the current default.
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
1be5b1df by Martin Schwenke at 2024-05-30T11:42:30+00:00
ctdb-scripts: Fix usage message
An IP address is passed to these actions.
Reported-by: Arnab Tah <atah at ddn.com>
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
944d9d30 by Martin Schwenke at 2024-05-30T11:42:30+00:00
ctdb-scripts: Add script option CTDB_NFS_EXPORTS_FILE
Exports may be contained in an include file rather than the top-level
ganesha.conf.
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
bc10704a by Martin Schwenke at 2024-05-30T11:42:30+00:00
ctdb-scripts: Improve NFS-Ganesha export path extraction
Path values do not need to have quotes. The current code fails if
there aren't any.
Instead, implement a 2 stage parser using 2 sed commands. See
comments in the code for details.
Regexps are POSIX basic regular expressions, apart from \<WORD\> (used
to ensure WORD is on word boundaries, and the 'i' flag for case
insensitivity. The latter is supported in FreeBSD sed.
This code successfully parses Path values out of the following
monstrosity:
path = "/foo/bar1;a";
Path = /foo/bar2;
Something = false;
Pseudo = "/foo/bar3x" ; Path = "/foo/bar3; y" ; Access_type = RO;
Pseudo = "/foo/bar4x" ; path=/foo/bar4; Access_type = RO;
Pseudo = "/foo/barNONONO" ; not_Path=/foo/barNONONO; Access_type = RO;
Path = /foo/bar5
Pseudo = "/foo/bar6x Path=foo" ; Path=/foo/bar6; Access_type = RO
This is probably the best that can be done within a shell script.
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
27c53880 by Martin Schwenke at 2024-05-30T11:42:30+00:00
ctdb-scripts: Improve service PID check
No need to grovel around in /proc. ps will happily tell us the
command.
Factor out the actual check into a separate function that can be used
elsewhere.
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
911117c7 by Martin Schwenke at 2024-05-30T11:42:30+00:00
ctdb-scripts: Check NFS-Ganesha is running before attempting grace
If monitoring has failed because it isn't running, then don't fail
"startipreallocate" or "relaseip" by trying to go into grace.
Don't check this for "takeip". In that case NFS-Ganesha had better be
running.
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
e9eb5810 by Martin Schwenke at 2024-05-30T12:50:01+00:00
ctdb-scripts: Protect against races when starting grace period
While the PID check is worth it in relevant cases, NFS-Ganesha still
might go away after the check. Unfortunately, neither grace command
fails an indicative exit code, so invent one by checking error
messages. This can then be converted to success by the caller.
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Thu May 30 12:50:01 UTC 2024 on atb-devel-224
- - - - -
87356b32 by Douglas Bagnall at 2024-05-31T00:25:32+00:00
selftest:dnshub: remove py2 compatibility code
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a0a025d9 by Douglas Bagnall at 2024-05-31T00:25:33+00:00
tdb:pytdb:_tdb_text: remove Py2 compatibility code
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0fcba469 by Douglas Bagnall at 2024-05-31T00:25:33+00:00
talloc:pytest: remove tests that only test Python 2
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
037e7ae9 by Douglas Bagnall at 2024-05-31T00:25:33+00:00
ldb-samba:pytest: remove unused variable
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
564b0a21 by Douglas Bagnall at 2024-05-31T00:25:33+00:00
tdb:pytests: remove unused Py2 test branches
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5a317f7d by Douglas Bagnall at 2024-05-31T00:25:33+00:00
buildtools: remove Python2 compatibility
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b4b8f186 by Douglas Bagnall at 2024-05-31T00:25:33+00:00
python/common: remove verbiage about old python versions
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8331475a by Douglas Bagnall at 2024-05-31T00:25:33+00:00
python:smb tests: remove py2 compatibility code
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
651fb94c by Andrew Bartlett at 2024-05-31T00:25:33+00:00
build: Add --vendor-name --vendor-patch-revision options to ./configure
These options are for packagers and vendors to set so that when
Samba developers are debugging an issue, we know exactly which
package is in use, and so have an idea if any patches have been
applied.
This is included in the string that a Samba backtrace gives,
as part of the PANIC message.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15654
REF: https://lists.samba.org/archive/samba-technical/2024-May/138992.html
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
72112d48 by Andrew Bartlett at 2024-05-31T00:25:33+00:00
script/autobuild.py: Add test for --vendor-name and --vendor-patch-revision
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15654
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
f3433f60 by Douglas Bagnall at 2024-05-31T00:25:33+00:00
pidl:Typelist: resolveType(): don't mistake a reference for a name
This function is only used by Python.pm, and was assuming any argument
unrecognised by hasType is a name. It sometimes isn't, resulting in
structures like this:
{
'DATA' => {
'TYPE' => 'STRUCT'
},
'NAME' => {
'TYPE' => 'STRUCT',
'ALIGN' => undef,
'SURROUNDING_ELEMENT' => undef,
'ORIGINAL' => {
'TYPE' => 'STRUCT',
'FILE' => 'source3/librpc/idl/smbXsrv.idl',
'LINE' => 101,
'NAME' => 'tevent_context'
},
'ELEMENTS' => undef,
'NAME' => 'tevent_context',
'PROPERTIES' => undef
},
'TYPE' => 'TYPEDEF'
};
The problem with that is we end up with the HASH reference as a name
in Python bindings, like this
PyErr_SetString(PyExc_TypeError, "Can not convert C Type struct HASH(0x5e2dfe5ee278) from Python");
which makes the build nondeterministic (as well as making the message
a little mysterious).
I think all the structures for which this happens are marked
'[ignore]' in IDL, meaning they are not transmitted on the wire. They
should perhaps also not have useless Python getsetters, but let's call
that a different problem.
Thanks to Freexian and the Debian LTS project for sponsoring this work.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13213
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f893c100 by Douglas Bagnall at 2024-05-31T00:25:33+00:00
pidl:python: properly raise exception in ConvertObjectFromPythonData
Without the `$self->pidl("$fail");`, the exception is not raised.
We also try to improve the Python message.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ea78a5ce by Douglas Bagnall at 2024-05-31T00:25:33+00:00
pidl:python: Exception if unconvertable in ConvertObjectToPythonLevel
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
068b3667 by Douglas Bagnall at 2024-05-31T00:25:33+00:00
buildtools:pidl: avoid hash randomisation in pidl
Like many languages, Perl uses has randomisation to prevent nasty
users using crafted values that hash to the same number to effect a
denial of service. This means the traversal order of perl HASH tables
is different every time.
The IDL handed to pidl is trusted, so we don't really need
randomisation, but we do want to be sure the build is the same every
time.
I am not aware of hash randomisation causing problems, but it seems
prudent to avoid it.
We do a similar thing with PYTHONHASHSEED for the entire build.
Thanks to Freexian and the Debian LTS project for sponsoring this work.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13213
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3c72f733 by Douglas Bagnall at 2024-05-31T00:25:33+00:00
examples:winexe: more efficient C array generation, no py2
We don't need to recreate the src array every time, and we don't need
to worry about Python 2 strings.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e604f757 by Douglas Bagnall at 2024-05-31T00:25:33+00:00
examples:winexe: reproducible builds with zero timestamp
Windows Portable Executable files have a timestamp field and a
checksum field. By default the timestamp field is updated to the
current time, which consequently changes the checksum. This makes the
build nondeterministic. It looks like this:
--- a/tmp/winexe-1/winexesvc64_exe_binary.c
+++ b/tmp/winexe-2/winexesvc64_exe_binary.c
@@ -23,7 +23,7 @@ const DATA_BLOB *winexesvc64_exe_binary(void)
0x6D, 0x6F, 0x64, 0x65, 0x2E, 0x0D, 0x0D, 0x0A,
0x24, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x50, 0x45, 0x00, 0x00, 0x64, 0x86, 0x0A, 0x00,
- 0xB2, 0x16, 0x55, 0x66, 0x00, 0x00, 0x00, 0x00,
+ 0xD3, 0x3B, 0x55, 0x66, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0xF0, 0x00, 0x2E, 0x02,
0x0B, 0x02, 0x02, 0x26, 0x00, 0x86, 0x00, 0x00,
0x00, 0xBA, 0x00, 0x00, 0x00, 0x0C, 0x00, 0x00,
@@ -33,7 +33,7 @@ const DATA_BLOB *winexesvc64_exe_binary(void)
0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x05, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x40, 0x01, 0x00, 0x00, 0x04, 0x00, 0x00,
- 0x73, 0xD7, 0x00, 0x00, 0x03, 0x00, 0x60, 0x01,
+ 0x94, 0xFC, 0x00, 0x00, 0x03, 0x00, 0x60, 0x01,
0x00, 0x00, 0x20, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00,
https://learn.microsoft.com/en-us/windows/win32/debug/pe-format says
that a timestamp of zero can be used to represent a time that is not
"real or meaningful", so we do that.
As far as I can tell, the timestamp and checksum are only used in
DLLs, not directly executed .exe files.
Thanks to Freexian and the Debian LTS project for sponsoring this work.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13213
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3a7dbf8b by Douglas Bagnall at 2024-05-31T01:28:06+00:00
examples:winexe: embed Samba version as exe timestamp
It turns out the timestamp doesn't need to be real, and it isn't used,
but it might as well tell you something. So let's make it tell you what
version of Samba it came from, which could be useful for people who have
lots of old winexes lying around, the poor souls.
00000040 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 |........!..L.!Th|
00000050 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f |is program canno|
00000060 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 |t be run in DOS |
00000070 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 |mode....$.......|
00000080 50 45 00 00 64 86 0a 00 00 15 04 00 00 00 00 00 |PE..d...........|
| | |
| | major 4.
| minor 21.
release 0
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13213
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Douglas Bagnall <dbagnall at samba.org>
Autobuild-Date(master): Fri May 31 01:28:06 UTC 2024 on atb-devel-224
- - - - -
267f3076 by Douglas Bagnall at 2024-05-31T04:22:36+00:00
s3/torture: local_rbtree: avoid birthday collisions
We insert 999 keys, but if two of them happen to be the same, we
don't find 1000 nodes, and that is upsetting for CI:
[130(1421)/303 at 4m46s] samba3.smbtorture_s3.LOCAL-RBTREE
UNEXPECTED(failure): samba3.smbtorture_s3.LOCAL-RBTREE.smbtorture(none)
REASON: Exception: Exception: using seed 1716333987
host=foo share=bar user= myname=runner-jlguopmm-project-6378020-concurrent-0
Running LOCAL-RBTREE
run_local_rbtree: read1: 999 999, NT_STATUS_OK
run_local_rbtree: delete: 999 999, NT_STATUS_OK
run_local_rbtree: read2: 0 0, NT_STATUS_OK
TEST LOCAL-RBTREE FAILED!
LOCAL-RBTREE took 0.002706 secs
This has been flapping very occasionally for a long time:
https://lists.samba.org/archive/samba-technical/2016-March/112861.html
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
98b443d9 by Douglas Bagnall at 2024-05-31T05:29:08+00:00
fuzzing: fix fuzz_stable_sort_r_unstable comparison
Credit to OSS-Fuzz.
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69176
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Fri May 31 05:29:08 UTC 2024 on atb-devel-224
- - - - -
c36e79ef by Anoop C S at 2024-06-03T10:02:39+00:00
vfs_ceph: Simplify SMB_VFS_FGET_DOS_ATTRIBUTES
Signed-off-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: David Disseldorp <ddiss at samba.org>
- - - - -
4cade04d by Anoop C S at 2024-06-03T11:10:11+00:00
vfs_ceph: Implement SMB_VFS_FSET_DOS_ATTRIBUTES for precise btime
Previously we added an implementation for SMB_VFS_FGET_DOS_ATTRIBUTES
so that the btime is always preserved unless explicitly changed using
SMB_VFS_FNTIMES. But there are situations with open file handle where
btime stored on dos attributes as create_time has to be precise for
comparison because a one-to-one conversion between timepsec and nttime
is not always guaranteed.
Accordingly preserve btime via SMB_VFS_FSET_DOS_ATTRIBUTES so that we
always compare the exact btime from fsp stat information while the file
handle is still open.
Signed-off-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: David Disseldorp <ddiss at samba.org>
Autobuild-User(master): Anoop C S <anoopcs at samba.org>
Autobuild-Date(master): Mon Jun 3 11:10:11 UTC 2024 on atb-devel-224
- - - - -
dc31a498 by Volker Lendecke at 2024-06-04T07:11:35+00:00
libsmb: Slightly simplify cli_session_creds_init
In this case a nested if seems easier to understand to me than another
if-expression duplicating half of a previous one.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b436f5fe by Volker Lendecke at 2024-06-04T07:11:35+00:00
creds: Add cli_credentials_add_gensec_features
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
df30ec83 by Volker Lendecke at 2024-06-04T07:11:35+00:00
lib: Use cli_credentials_add_gensec_features in a few places
Capture a common pattern
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9445d8e0 by Volker Lendecke at 2024-06-04T07:11:35+00:00
torture: Remove some pointless local variables
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b28de27f by Volker Lendecke at 2024-06-04T07:11:35+00:00
gensec: Simplify gensec_security_by_*
Centralize looping over all backends
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
426c0847 by Volker Lendecke at 2024-06-04T07:11:35+00:00
gensec: Refactor gensec_security_mechs()
The decision whether to offer a mechanism was split between
gensec_security_mechs() and gensec_use_kerberos_mechs() with two
booleans passed down. Consolidate that decision into one
gensec_offer_mech() function that queries all information on its own.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
82c477b9 by Volker Lendecke at 2024-06-04T07:11:35+00:00
gensec: Filter out disabled mechs in gensec_security_mechs()
Every single caller of gensec_security_mechs() had to manually filter
out disabled mechanisms. Don't offer them from the start.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5c736ffe by Volker Lendecke at 2024-06-04T07:11:35+00:00
gensec: Simplify gensec_security_by_fn()
We don't need that intermediate talloc ctx, we only allocate backends
and don't pass it anywhere else.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b29e408e by Volker Lendecke at 2024-06-04T07:11:35+00:00
libsmb: Use SMB2_0_INFO_SECURITY instead of raw "3"
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
bc2b2350 by Volker Lendecke at 2024-06-04T07:11:35+00:00
smbd: Fix whitespace
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
021dfe8f by Volker Lendecke at 2024-06-04T07:11:35+00:00
winbind: Modernize a few DEBUGs
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b3174085 by Volker Lendecke at 2024-06-04T07:11:35+00:00
wbclient: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8f90ec12 by Volker Lendecke at 2024-06-04T07:11:35+00:00
lib: gensec.h references NTTIME, add time.h
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4313add2 by Volker Lendecke at 2024-06-04T07:11:35+00:00
lib: Use unsigned long in ber_write_OID_String
This is what smb_strtoul returns, so use it.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0321f31a by Volker Lendecke at 2024-06-04T07:11:35+00:00
lib: Use talloc_asprintf_addbufin _ber_read_OID_String_impl
Just one NULL check required
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5ae1605f by Volker Lendecke at 2024-06-04T07:11:35+00:00
lib: Fix an error path memleak
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6b313507 by Volker Lendecke at 2024-06-04T08:16:58+00:00
lib: Align an integer type
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Tue Jun 4 08:16:58 UTC 2024 on atb-devel-224
- - - - -
1297c7ca by Noel Power at 2024-06-04T08:33:32+00:00
s4/torture: Prepare to handle Level 4 check with unknown func code
A future (next) commit will change the NETLOGON_CONTROL_SET_DBFLAG test
to use levels 1 - 4 (current test just tests 1 - 3). A side affect of
this test is that the following test will now test passing an unknown
function code against against Level 4 (previously level 3).
Unfortunately s4 and s3 netlogon server results differ when handling
a level 4 request with an unknown function code.
s3 server returns WERR_NOT_SUPPORTED and
s4 server returns WERR_INVALID_PARAMETER.
For level 3 both return WERR_NOT_SUPPORTED.
MS-NRPC doesn't seem to specifically indicate the required response in
this case.
this commit modifies the test to cater for either response (for either
level) A future commit could explore the test response combinations more
thorougly.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15465
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
a27525e5 by Noel Power at 2024-06-04T08:33:32+00:00
s4/torture: Test with level 4 with NETLOGON_CONTROL_SET_DBFLAG function
Change levels tested from 1 - 3 to 1 - 4 for NETLOGON_CONTROL_SET_DBFLAG
This change triggers a core dump in the server and so we add a knownfail
here. Following commit will fix (and remove known fail)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15465
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
0418b9fa by Noel Power at 2024-06-04T08:33:32+00:00
s3/rpc_server: Fix dereference of client pointer
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15465
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
8adbdbe5 by Jo Sutton at 2024-06-04T08:33:32+00:00
s3:rpc_server: Check function code according to MS-NRPC
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15465
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Noel Power <noel.power at suse.com>
- - - - -
747a7fec by Jo Sutton at 2024-06-04T09:39:42+00:00
s3:rpc_server: Check query level according to MS-NRPC
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15465
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Noel Power <noel.power at suse.com>
Autobuild-User(master): Noel Power <npower at samba.org>
Autobuild-Date(master): Tue Jun 4 09:39:42 UTC 2024 on atb-devel-224
- - - - -
1dba6d3c by Volker Lendecke at 2024-06-04T16:35:34+00:00
tests: Check that query_directory lists the reparse tag
With the source3/ based clilist.c, we can't test all infolevels where
this matters (see callers of get_dirent_ea_size()). But porting the
source4 based all-infolevel search code into source3/libsmb or doing
this one the reparse point test in the source4 infrastructure to me
seems like a lot of effort for moderate gain.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c005de07 by Volker Lendecke at 2024-06-04T17:39:21+00:00
smbd: list reparse tag in QUERY_DIRECTORY
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Jun 4 17:39:21 UTC 2024 on atb-devel-224
- - - - -
28aa0b81 by Andreas Schneider at 2024-06-04T19:49:36+00:00
s3:libads: Allow get_kdc_ip_string() to lookup the KDCs IP
Remove the requirement to provide an IP address. We should look up the
IP of the KDC and use it for the specified realm/workgroup.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15653
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9dcc52d2 by Andreas Schneider at 2024-06-04T19:49:36+00:00
s3:libads: Do not fail if we don't get an IP passed down
The IP should be optional and we should look it up if not provided.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15653
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8989aa47 by Andreas Schneider at 2024-06-04T19:49:36+00:00
s3:winbind: Fix idmap_ad creating an invalid local krb5.conf
In case of a trusted domain, we are providing the realm of the primary
trust but specify the KDC IP of the trusted domain. This leads to
Kerberos ticket requests to the trusted domain KDC which doesn't know
about the machine account. However we need a ticket from our primary
trust KDC.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15653
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
38cfdb66 by Jo Sutton at 2024-06-04T19:49:36+00:00
ldb: Fix typo
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3256c6bf by Jo Sutton at 2024-06-04T19:49:36+00:00
tests/krb5: Make use of update_password() method
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5eac9565 by Jo Sutton at 2024-06-04T19:49:36+00:00
s4:dsdb: Use talloc_get_type_abort()
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9c700f79 by Jo Sutton at 2024-06-04T19:49:36+00:00
tests/krb5: Reset local database time in a cleaner (and nearly equivalent) fashion
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a54dca4e by Jo Sutton at 2024-06-04T20:52:09+00:00
tests/krb5: Calculate correct gMSA password to fix flapping test
If this test happens to be run in the five minute window prior to the
next ten‐hour GKDI interval — about once every one hundred and twenty
runs — the ‘current’ password requested from LDAP will actually be the
future password, which won’t match what’s in the database.
Instead of taking the password from LDAP, calculate it ourselves with
expected_gmsa_password_blob().
[330(7038)/334 at 43m51s] samba.tests.krb5.gmsa_tests(ad_dc:local)
UNEXPECTED(failure): samba.tests.krb5.gmsa_tests.samba.tests.krb5.gmsa_tests.GmsaTests.test_retrieving_managed_password_triggers_keys_update(ad_dc:local)
REASON: Exception: Exception: Traceback (most recent call last):
File "/builds/samba-testbase/samba-def-build/bin/python/samba/tests/krb5/gmsa_tests.py", line 1091, in test_retrieving_managed_password_triggers_keys_update
self.assertEqual(creds.get_nt_hash(), nt_hash)
AssertionError: b'\xcf[\xe8:\xc7-\xd4V\xce\t\xfc\xcd\x06.T\x8a' != b'c\xc5\x97k\x17"G\x1e\x81>\xacV\x9d.*\x14'
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Tue Jun 4 20:52:09 UTC 2024 on atb-devel-224
- - - - -
829b52f9 by Andrew Bartlett at 2024-06-05T20:42:34+00:00
s4-libnet: Split up samba-net into samba-net and samba-net-join
samba-net-join links to python and so needs the variable name
with the python ABI tag, while samba-net is a normal C library
and can be included in a package without python dependencies.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
d11b281a by Andrew Bartlett at 2024-06-05T20:42:34+00:00
build: Remove incorrect pyembed=True from samba-policy
This is a normal C library, used by python but does not use
any python itself (nor by dependencies any longer).
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
096d3807 by Andrew Bartlett at 2024-06-05T21:47:24+00:00
build: Make "samba4" public libraries provided (mostly) for OpenChange private
These libraries, mostly with ABI versions of 0.0.1 were made public in
the early development of Samba4 and have not been seriously considered
since. Most are to allow OpenChange to build.
While the OpenChange server is no longer actively used, the MAPI
client is used and we need to allow packages to be built that will
allow the Evolution MAPI client to still work.
Some appear to be mistakes (dcerpc-samr), historical abberations
(tevent-util) or ideas that did not go very far (the samba-policy
library for example).
To allow any remaining users to access them, they are not made private
in the build system but are instead listed so that they can be made
public again via ./configure with the same --private-libraries='!LIB'
syntax introduced to make ldb private by default.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed Jun 5 21:47:24 UTC 2024 on atb-devel-224
- - - - -
319836ce by Stefan Metzmacher at 2024-06-06T02:13:32+00:00
lib/addns: remove unused kerberos/gssapi includes in dns.h
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ae23d512 by Stefan Metzmacher at 2024-06-06T02:13:32+00:00
python:tests/dns_base: generate a real signature in bad_sign_packet()
We just destroy the signature bytes but keep the header unchanged.
This makes it easier to look at it in wireshark.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13019
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c594cbad by Stefan Metzmacher at 2024-06-06T02:13:33+00:00
python:tests/dns_base: use ndr_deepcopy() and ndr_pack() in verify_packet()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13019
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c741d0f3 by Stefan Metzmacher at 2024-06-06T02:13:33+00:00
python:tests/dns_base: let dns_transaction_tcp() handle short receives
With socket_wrapper we only get 1500 byte chunks...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13019
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ce591464 by Stefan Metzmacher at 2024-06-06T02:13:33+00:00
python:tests/dns_base: add self.assert_echoed_dns_error()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13019
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6e997f93 by Stefan Metzmacher at 2024-06-06T02:13:33+00:00
python:tests/dns_tkey: make use of self.assert_echoed_dns_error()
Failed DNS updates just echo the request flaged as response,
all other elements are unchanged.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13019
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f8dfa9b3 by Stefan Metzmacher at 2024-06-06T02:13:33+00:00
python:tests/dns_base: let tkey_trans() and sign_packet() take algorithm_name as argument
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13019
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
cd747307 by Stefan Metzmacher at 2024-06-06T02:13:33+00:00
python:tests/dns_base: let tkey_trans() take tkey_req_in_answers
It's possible to put the additional into the answers section,
so we should be able to test that.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13019
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
27d92fa8 by Stefan Metzmacher at 2024-06-06T02:13:33+00:00
python:tests/dns_base: pass tkey_trans(expected_rcode)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13019
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1b1e7e06 by Stefan Metzmacher at 2024-06-06T02:13:33+00:00
python:tests/dns_base: let dns_transaction_udp() take allow_{remaining,truncated}=True
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13019
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b0af60e7 by Stefan Metzmacher at 2024-06-06T02:13:33+00:00
python:tests/dns_base: maintain a dict with tkey related state
This will allow tests to backup the whole state
and mix them.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13019
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
740bda87 by Stefan Metzmacher at 2024-06-06T02:13:33+00:00
python:tests/dns_tkey: test TKEY with gss-tsig, gss.microsoft.com and invalid algorithms
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13019
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3c7cb85e by Stefan Metzmacher at 2024-06-06T02:13:33+00:00
python:tests/dns_tkey: let us have test_update_gss_tsig_tkey_req_{additional,answers}()
Also test using the additional record in the answers section.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13019
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b9b03ca5 by Stefan Metzmacher at 2024-06-06T02:13:33+00:00
python:tests/dns_tkey: add gss.microsoft.com tsig updates
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13019
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
de4ed363 by Stefan Metzmacher at 2024-06-06T02:13:33+00:00
python:tests/dns_tkey: test bad and changing tsig algorithms
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13019
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8324d073 by Stefan Metzmacher at 2024-06-06T02:13:33+00:00
python:tests/dns_base: let verify_packet() work against Windows
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13019
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
84831833 by Stefan Metzmacher at 2024-06-06T02:13:33+00:00
python:tests/dns_tkey: let test_update_tsig_windows() actually pass against windows 2022
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13019
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
88457da0 by Stefan Metzmacher at 2024-06-06T02:13:33+00:00
python:tests/dns_base: add get_unpriv_creds() helper
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13019
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
753428a3 by Stefan Metzmacher at 2024-06-06T02:13:33+00:00
s4:selftest/tests: pass USERNAME_UNPRIV=$DOMAIN_USER to samba.tests.dns_tkey
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13019
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
708a6fae by Stefan Metzmacher at 2024-06-06T02:13:33+00:00
python:tests/dns_tkey: add test_update_tsig_record_access_denied()
This demonstrates that access_denied is only generated if the client
really generates a change in the database.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13019
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a56627b0 by Stefan Metzmacher at 2024-06-06T02:13:33+00:00
s4:dns_server: failed dns updates should result in REFUSED for ACCESS_DENIED
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13019
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
fa0f23e6 by Stefan Metzmacher at 2024-06-06T02:13:33+00:00
s4:dns_server: only allow gss-tsig and gss.microsoft.com for TKEY
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13019
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3467d149 by Stefan Metzmacher at 2024-06-06T02:13:33+00:00
s4:dns_server: only allow gss-tsig and gss.microsoft.com for TSIG
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13019
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
bd0235cd by Stefan Metzmacher at 2024-06-06T02:13:33+00:00
s4:dns_server: use the client provided algorithm for the fake TSIG structure
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13019
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ae7538af by Stefan Metzmacher at 2024-06-06T02:13:33+00:00
s4:dns_server: use tkey->algorithm if available in dns_sign_tsig()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13019
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5906ed94 by Stefan Metzmacher at 2024-06-06T02:13:33+00:00
s4:dns_server: also search DNS_QTYPE_TKEY in the answers section if it's the last section
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13019
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
db350bc5 by Stefan Metzmacher at 2024-06-06T02:13:33+00:00
s4:dns_server: dns_verify_tsig should return REFUSED on error
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13019
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
76fec266 by Stefan Metzmacher at 2024-06-06T02:13:33+00:00
s4:dns_server: correctly sign dns update responses with gss-tsig like Windows
This means we no longer generate strange errors/warnings
in the Windows event log nor in the nsupdate -g output.
Note: this is a only difference between gss-tsig and
the legacy gss.microsoft.com algorithms.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13019
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ed61c57e by Stefan Metzmacher at 2024-06-06T03:18:16+00:00
s4:dns_server: no-op dns updates with ACCESS_DENIED should be ignored
If the client does not have permissions to update the record,
but the record already has the data the update tries to apply,
it's a no-op that should result in success instead of failing.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13019
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu Jun 6 03:18:16 UTC 2024 on atb-devel-224
- - - - -
1185410a by Stefan Metzmacher at 2024-06-06T20:25:36+00:00
s3:libsmb: we no longer need libads/kerberos_proto.h in namequery.c
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9fb57dab by Stefan Metzmacher at 2024-06-06T20:25:36+00:00
s3:utils: DNS_UTIL depends on libads headers so we need to depend on 'ads'
Otherwise we don't get the correct header include paths and krb5.h in
a non default location won't be found.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e584350a by Andreas Schneider at 2024-06-06T20:25:36+00:00
python:netcmd: Only put regular files into the tarball
We also have ldapi, other sockets or pipes around, we don't want to
add. This will be relevant for adding checksums later.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f5de1f85 by Andreas Schneider at 2024-06-06T20:25:36+00:00
python:netcmd: Create a SHA256SUM file with checksums
This allows to verify the backup tarball contents with:
sha256sum -c SHA256SUM
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
78f03c38 by Andreas Schneider at 2024-06-06T20:25:36+00:00
python: Add test for checking the SHA256SUM
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
77a4ff54 by Andreas Schneider at 2024-06-06T20:25:36+00:00
s3:utils: Remove overwrite of opt_workgroup in rpc_trustdom_establish()
This is not used anywhere in that functions or the functions we are
calling. It was replaced by command line cli credentials stored in
c->creds. This fixes a memory leak.
Direct leak of 12 byte(s) in 1 object(s) allocated from:
#0 0x7f17fdaf5830 in strdup ../../../../libsanitizer/asan/asan_interceptors.cpp:578
#1 0x7f17fc7e7339 in smb_xstrdup ../../lib/util/util.c:752
#2 0x55f079bf0723 in rpc_trustdom_establish ../../source3/utils/net_rpc.c:6591
#3 0x55f079c529af in net_run_function ../../source3/utils/net_util.c:464
#4 0x55f079bdbecf in rpc_trustdom ../../source3/utils/net_rpc.c:7483
#5 0x55f079c529af in net_run_function ../../source3/utils/net_util.c:464
#6 0x55f079bfe7de in net_rpc ../../source3/utils/net_rpc.c:8413
#7 0x55f079c529af in net_run_function ../../source3/utils/net_util.c:464
#8 0x55f079baa0a8 in main ../../source3/utils/net.c:1436
#9 0x7f17f8a2a1ef in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e844f483 by Andreas Schneider at 2024-06-06T20:25:36+00:00
s3:utils: Use a destructor in rpc_trustdom_establish()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b9d93ecc by Andreas Schneider at 2024-06-06T20:25:36+00:00
s3:util: Use a talloc stackframe in rpc_trustdom_establish()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5d73bb4a by Andreas Schneider at 2024-06-06T21:32:53+00:00
s3:utils: Use talloc instead of malloc functions
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu Jun 6 21:32:53 UTC 2024 on atb-devel-224
- - - - -
a9b3522f by MikeLiu at 2024-06-07T18:30:34+00:00
smbd: Ensure we grant owner sid in check_parent_access_fsp()
Grant owner sid to check for owner rights.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15648
Signed-off-by: MikeLiu <mikeliu at qnap.com>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Jun 7 18:30:34 UTC 2024 on atb-devel-224
- - - - -
e04eb9bb by Andrew Bartlett at 2024-06-10T04:27:30+00:00
dsdb: Make argument order of dsdb_update_gmsa_{entry_,}keys() consistant with other uses
Other functions in this file are TALLOC_CTX, struct ldb_context *, not
the other way around.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
737f2414 by Andrew Bartlett at 2024-06-10T04:27:30+00:00
s4-auth: Update comment to mention 60mins in the NTLM grace period
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
b6643922 by Andrew Bartlett at 2024-06-10T04:27:30+00:00
s4-auth: Use msDS-User-Account-Control-Computed for PW expiry check
This centralises the check rather than checking the time in
multiple spots.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
4ec24a20 by Andrew Bartlett at 2024-06-10T04:27:30+00:00
python/samba/tests/krb5: Move get_kpasswd_sname() into raw_testcase() to allow broader use
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
dc6c4b21 by Andrew Bartlett at 2024-06-10T04:27:30+00:00
python/samba/tests/krb5: Extend PKINIT tests to show kpasswd still works
We have had confirmed from MS that this behaviour is both deliberate
and required. Possession of the credential is (by the returned PAC
containing the NT hash) possession of the password, and it must be
possible to change the password to a known value otherwise DPAPI
(local keychain) secured by this value can fail on the client.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15045
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
504a47ec by Andrew Bartlett at 2024-06-10T04:27:30+00:00
python/tests/krb5: Expect AES keys for UF_SMARTCARD_REQUIRED
Windows 2022 at April 2024 has change and now includes the
AES keys for accounts with UF_SMARTCARD_REQUIRED, so revert
part of the change in b2fe1ea1c6aba116b31a1c803b4e0d36ac1a32ee.
(This is an improvement to Windows security).
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
a85f4c66 by Andrew Bartlett at 2024-06-10T04:27:30+00:00
python/tests/krb5: Remove unused utf16pw variable
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
48bff4b9 by Andrew Bartlett at 2024-06-10T04:27:30+00:00
python/samba/krb5: Add test for password rotation on UF_SMARCARD_REQUIRED accounts
This demonstrates behaviour against a server presumed to be in FL 2016
what the impact of the msDS-ExpirePasswordsOnSmartCardOnlyAccounts
attribute is.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
68fa9075 by Andrew Bartlett at 2024-06-10T04:27:30+00:00
python/tests/krb5: Move check_ticket_times() to kdc_base_test.py
This will allow other parts of the testsuite to use this helpful function.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
044cc538 by Andrew Bartlett at 2024-06-10T04:27:30+00:00
python/test/krb5: Use assertAlmostEqual in check_ticket_times()
This allows Windows behaviour with clock skew to be allowed for.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
7c79abba by Andrew Bartlett at 2024-06-10T04:27:30+00:00
python/samba/tests/krb5: PKINIT tests of passwords that are naturally expired
The tests of passwords that will expire in the TGT lifetime fail against
windows, we do not see the rotation in that case.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
302619f6 by Andrew Bartlett at 2024-06-10T04:27:30+00:00
dsdb: Change the magic smartcard_reset to set AES keys like the krbtgt mode
This is because the smartcard reset now generates all the keys
on Windows, so we want to match Windows 2022 as at April 2024
behaviour.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
3669479f by Andrew Bartlett at 2024-06-10T04:27:30+00:00
dsdb: Reduce minimum maxPwdAge from 1 day to nil
This allows us to have tests, which pass on Windows, that
use a very short maxPwdAge.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
cc3ea4ed by Andrew Bartlett at 2024-06-10T04:27:30+00:00
dsdb: UF_SMARTCARD_REQUIRED can have a password expiry, if configured!
While the passwords are random and rolled on the server, we can tell
about the expiry by setting pwdLastSet to 0.
Samba now honours the password expiry.
This is only enabled for domain functional level 2016 and when
msDS-ExpirePasswordsOnSmartCardOnlyAccounts is set to TRUE.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
1bcc9f00 by Andrew Bartlett at 2024-06-10T04:27:30+00:00
dsdb: Use dsdb_gmsa_current_time() in construct_msds_user_account_control_computed
This both allows the time to be overriden in some future unit tests
(which is incredibly helpful in testing) and gets a full NTTIME
rather than just a time_t based time, so we do not need to wait
an extra second for the NTTIME to change.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
09ae48b4 by Andrew Bartlett at 2024-06-10T04:27:30+00:00
dsdb: Prepare to handle smartcard password rollover
We do this by allowing the password change control to indicate
that the password is to be randomised, bypassing the quality
checks (as true random passwords often fail these) and
re-randomising with the same code as is used for the KDC.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
9ba5ebf4 by Andrew Bartlett at 2024-06-10T04:27:30+00:00
kdc: Remove confusing duplicate open of sam.ldb to find RODC status
Instead, make this query after we open the DB in common with the MIT code.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
e178f6b0 by Andrew Bartlett at 2024-06-10T04:27:30+00:00
ldb_wrap: Provide a way to avoid Samba using ldb_wrap()
ldb_wrap is a caching mechansim, and it should probably be removed
but for now provide a way to avoid it in specific cases where we
know it is harmful.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
fe610090 by Andrew Bartlett at 2024-06-10T04:27:30+00:00
kdc: Mark KDC sam.ldb as not to use ldb_wrap cache
This will ensure that the time which will be is passed in an opaque is
not used by other parts of Samba
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
1dcd8be8 by Andrew Bartlett at 2024-06-10T04:27:30+00:00
kdc: Use a consistent, stable time throughout the Heimdal KDC
The MIT KDC has a fallback to a consistent time per fetch call, and
both implementations then follow the time in each 'struct
samba_kdc_entry'.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
d03b3fae by Andrew Bartlett at 2024-06-10T04:27:30+00:00
s4-auth: Use consistant externally-supplied time in auth stack
This makes the time during authentication stay consistent in the KDC
and follows the fake time when we are testing gMSA accounts. By having
the account expiry follow exactly the same clock as the password expiry
we can hope for less supprises.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
1e1c8065 by Andrew Bartlett at 2024-06-10T04:27:30+00:00
kdc: Detect (about to) expire UF_SMARTCARD_REQUIRED accounts and rotate passwords
This ensures that before the KDC starts to process the entry
we check if it is expired and rotate it. As an account with
UF_SMARTCARD_REQUIRED simply can not expire unless
msDS-ExpirePasswordsOnSmartCardOnlyAccounts is set and
the Domain Functional Level is >= 2016 we do not need
to do configuration checks here.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Pair-programmed-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
8afe2705 by Andrew Bartlett at 2024-06-10T04:27:31+00:00
kdc: Track the pwdLastSet of expired UF_SMARTCARD_REQUIRED accounts
This is to gracefully deal with races and to avoid additional password
rollover in situations where the TGT lifetime is longer than the
maximum password lifetime. This is not a sensible combination, so
we just avoid the extra DB write, and update it only once per AS-REQ
in this case.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
491b79d4 by Andrew Bartlett at 2024-06-10T04:27:31+00:00
kdc: Rotate smart-card only underlying password in 2nd half of lifetime
This is a measure to avoid multiple servers rotating the password
but means that the maximum password age really must be set to
twice the TGT lifetime, eg a default of 20 hours. The internet
suggestions of 1 day for this feature should work fine.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
dee3c7be by Andrew Bartlett at 2024-06-10T04:27:31+00:00
selftest: Add test that msDS-ExpirePasswordsOnSmartCardOnlyAccounts=TRUE is set
This assures us that the new provision sets the value by default.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
2854ef29 by Andrew Bartlett at 2024-06-10T04:27:31+00:00
provision: Match Windows 2022 and set msDS-ExpirePasswordsOnSmartCardOnlyAccounts by default
We do this by telling the Domain Functional Level upgrade code that
this is a new install.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
f3528808 by Andrew Bartlett at 2024-06-10T04:27:31+00:00
WHATSNEW: Mention msDS-ExpirePasswordsOnSmartCardOnlyAccounts behaviour
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
15686fec by Andrew Bartlett at 2024-06-10T04:27:31+00:00
python/samba/tests/krb5: Expand test without UF_SMARTCARD_REQUIRED to show rotation is not done
This makes sense as otherwise the user would suddenly not know their password
for use when they do not use their smartcard.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
469b22b8 by Andrew Bartlett at 2024-06-10T05:32:54+00:00
python/samba/tests/krb5: Allow PkInitTests.test_pkinit_ntlm_from_pac_must_change_now to pass on Samba/Heimdal
This flexiblity in the tests avoids requiring Samba/Heimdal to omit an NTSTATUS error
return and just be consistent between the different authentication paths.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Mon Jun 10 05:32:54 UTC 2024 on atb-devel-224
- - - - -
3b230769 by Anoop C S at 2024-06-10T12:16:32+00:00
s4/torture: Create test_dir with SEC_RIGHTS_DIR_ALL
In shares where acl_xattr vfs module is loaded with 'ignore system acls'
set, smb2.delete-on-close-perms.FIND_and_set_DOC fails to open test_dir
due to NT_STATUS_ACCESS_DENIED as it lacks few permissions for owner
when created using create_dir(). Test case aims to set delete-on-close
for which delete permission is necessary in first place. Therefore we
now perform the creation and subsequent opening of directory using
torture_smb2_testdir() so that the open handle comes with SEC_STD_DELETE
permission.
Signed-off-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
225e6aea by Anoop C S at 2024-06-10T13:17:58+00:00
s4/torture: Remove already existing test_dir
In configurations where vfs_acl_xattr is used with 'ignore system acls'
option we encounter NT_STATUS_ACCESS_DENIED while trying to open an
already existing test_dir in smb2.delete-on-close-perms.READONLY. Due
to missing SEC_STD_DELETE permission from the list of allowed ACEs it
couldn't be removed via previous call to smb2_deltree(). Thus as seen
with other tests we now call set_dir_delete_perms() so that subsequent
attempt to remove it can succeed.
Signed-off-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Mon Jun 10 13:17:58 UTC 2024 on atb-devel-224
- - - - -
4e8ca614 by Jo Sutton at 2024-06-11T04:32:30+00:00
ldb: Attach appropriate ldb context to returned result
This is done by adding a new API that avoids the problems of
ldb_dn_copy() and makes it clear that a struct ldb_context *
pointer will be stored in the new copy.
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7ae10eb2 by Jo Sutton at 2024-06-11T04:32:30+00:00
s4:auth: Add common out path to authsam_reread_user_logon_data()
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5ffa7683 by Jo Sutton at 2024-06-11T04:32:30+00:00
s4:auth: Add temporary memory context to authsam_reread_user_logon_data()
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
facb418c by Jo Sutton at 2024-06-11T04:32:30+00:00
s4:dsdb: Remove trailing whitespace
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b42c4891 by Jo Sutton at 2024-06-11T04:32:30+00:00
s4:auth: Handle expired accounts in authsam_account_ok() (CID 1603594)
We check the ACB_PW_EXPIRED bit to determine whether the account is
expired. Since ACB_PW_EXPIRED can’t be represented in a 16‐bit integer,
we must increase the width of acct_flags so as not to lose that bit.
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
db342d86 by Douglas Bagnall at 2024-06-11T05:32:28+00:00
samba-tool user readpasswords: avoid `assert` for validation
`assert` can be optimised away if python is run with `-O`.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Tue Jun 11 05:32:28 UTC 2024 on atb-devel-224
- - - - -
e37e4f47 by Jeremy Allison at 2024-06-11T15:53:38+00:00
s3/torture: Add test for widelink case insensitivity on a MSDFS share.
Add knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15662
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
- - - - -
e535bcc6 by Jeremy Allison at 2024-06-11T17:00:38+00:00
s3: vfs_widelinks: Allow case insensitivity to work on DFS widelinks shares.
Remove knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15662
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Jun 11 17:00:38 UTC 2024 on atb-devel-224
- - - - -
7f1de90f by Noel Power at 2024-06-11T18:28:34+00:00
selftest: Add a python blackbox test for some misc (widelink) DFS tests
On master attempting to chdir into a nested dfs link
e.g. cd dfslink (works)
cd dfslink/another_dfslink (fails)
[1] Add a test for this scenario (nested chdir)
[2] Add test for enumerating a dfs link in root of dfs share
[3] Add a test to check case insensitive chdir into dfs link on widelink
enabled share
Add knownfails for tests 1 and 3
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15435
- - - - -
788ef8f0 by Noel Power at 2024-06-11T19:31:40+00:00
s3/smbd: fix nested chdir into msdfs links on (widelinks = yes) share
This patch also removes known fail for existing test
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15435
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Jun 11 19:31:40 UTC 2024 on atb-devel-224
- - - - -
de19f4d6 by Douglas Bagnall at 2024-06-12T08:14:34+00:00
s4/pytest: remove py2 str/bytes workaround in getnc_exop
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5d2ea690 by Douglas Bagnall at 2024-06-12T08:14:34+00:00
pytest: remove py2 str/bytes workaround in py_credentials
It is likely not necessary to cast to list() in most cases.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b253b4e0 by Douglas Bagnall at 2024-06-12T08:14:34+00:00
pytest: remove py2 str/bytes workaround in dns_base
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2dc111b4 by Douglas Bagnall at 2024-06-12T08:14:34+00:00
pytest: remove py2 str/bytes workaround in lsa_utils
It is likely not necessary to cast to list() in most cases.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
bd379200 by Douglas Bagnall at 2024-06-12T08:14:34+00:00
pytest: remove py2 str/bytes workaround in samr_change_password
It is likely not necessary to cast to list().
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f0cf1879 by Douglas Bagnall at 2024-06-12T08:14:34+00:00
pytest: remove py2 str/bytes workaround in auth_log_samlogon
It is likely not necessary to cast to list() in most cases.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
25e6d7c6 by Douglas Bagnall at 2024-06-12T08:14:34+00:00
py:emulate: remove py2 str/bytes workaround in traffic
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
46933bc2 by Douglas Bagnall at 2024-06-12T08:14:34+00:00
py:emulate: remove py2 str/bytes workaround in traffic_packets
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3b349c29 by Douglas Bagnall at 2024-06-12T08:14:34+00:00
python:join: avoid useless use of py2-compat string_to_byte_array
This was a workaround for the migration to Python 3, but is now just
extra work for the computer and cognitive load for us.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f8fb9f19 by Douglas Bagnall at 2024-06-12T08:14:34+00:00
python:lsa_utils: avoid useless use of py2-compat string_to_byte_array
`pw.encode('utf-16-le')` is always bytes.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
300bb809 by Douglas Bagnall at 2024-06-12T08:14:34+00:00
samba-tool domain trust: avoid useless use of string_to_byte_array
`pw.encode('utf-16-le')` is always bytes.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6347b0c3 by Douglas Bagnall at 2024-06-12T08:14:34+00:00
pytest: simplify and fix HEXDUMP_FILTER used in hexdumps
The old test
x if ((len(repr(chr(x))) == 3) and (x < 127)) else ord('.')
went through some contortions to see if the character was printable, and
it got it slightly wrong. The idea was that `repr(chr(97)` is "'a'",
while `repr(chr(167)` is "'\xa7'", which we can distinguish using the
length. But that miscategorised the backslash character, which is
represented as "'\\'", a string of length 4, so it was show as '.'
instead.
Instead we notice that the characters we want to print in a hexdump
are exactly those between 32 and 126, inclusive.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
982dab89 by Douglas Bagnall at 2024-06-12T08:14:34+00:00
samba-tool ldapcmp: remove a dodgy unused method
We have bindings for stringifying GUIDs, so I intended to replace this
rather complicated code with that, but it turns out that this method
has been unused since 5d42260eecfd4f26cc82637ce1bc989083c9eb9d in 2013.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
43802f1b by Douglas Bagnall at 2024-06-12T09:16:39+00:00
python: remove string_to_byte_array()
This was a useful function during the Python 2 -> 3 migration, but it
is not used any more. In all the cases it was used, we knew we already
had a bytes object, and this was just an inefficient way of confirming
that.
In cases where we actually want to cast a string into a mutable list
of byte-sized ints, the builtin bytearray() function will do a better
job than this, because it will encode high unicode characters as utf-8
bytes, rather than adding them as out-of-range values in the list.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed Jun 12 09:16:39 UTC 2024 on atb-devel-224
- - - - -
ef87f0be by Andrew Bartlett at 2024-06-12T23:43:29+00:00
python/samba/tests/krb5: Add check to confirm UF_SMARCARD_REQUIRED password is expired on NTLM
8944a10b145e99eb6372cace8225e4c5e9d6160e broke password expiry
checking on NTLM, but that is fixed after CID 1603594 triggered
815d696d4471f1b3a4267eb774eb80b07576031b. In the past we could
not have password expiry times small enough to test expiry
(unlike "must change now"), but having no test was not good.
As we are already doing the sleep() here, add a test to the
password rotation test.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: David Mulder <dmulder at samba.org>
- - - - -
aecbfe52 by Andrew Bartlett at 2024-06-13T00:45:36+00:00
python/samba/tests/krb5: Add tests for password expiry with krb5 ENC-TS
This augments the PKINIT based tests to show this is correctly handled
for the fare more usual case.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: David Mulder <dmulder at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu Jun 13 00:45:36 UTC 2024 on atb-devel-224
- - - - -
84fb5cc8 by Andreas Schneider at 2024-06-13T07:38:28+00:00
bootstrap: Fix runner tags
See https://docs.gitlab.com/ee/ci/runners/hosted_runners/linux.html
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15660
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
d00e9482 by Andreas Schneider at 2024-06-13T07:38:28+00:00
bootstrap: Set git safe.directory
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15660
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
f3af6e86 by Andreas Schneider at 2024-06-13T07:38:28+00:00
bootstrap: Fix building CentOS 8 Stream container images
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15660
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
54fed589 by Andreas Schneider at 2024-06-13T07:38:28+00:00
gitlab-ci: Set git safe.directory for devel repo
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15660
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
f88e6064 by Andreas Schneider at 2024-06-13T07:38:28+00:00
third_party: Update uid_wrapper to version 1.3.1
This fixes issues with bind compiled with jemalloc.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15660
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
8ae180e1 by Andreas Schneider at 2024-06-13T08:41:39+00:00
third_party: Update socket_wrapper to version 1.4.3
This fixes issues with bind compiled with jemalloc.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15660
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Thu Jun 13 08:41:39 UTC 2024 on atb-devel-224
- - - - -
6aaab845 by Andreas Schneider at 2024-06-13T12:25:37+00:00
lib:util: Remove tailing spaces in util.c
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
8d5b4029 by Andreas Schneider at 2024-06-13T12:25:37+00:00
lib:util: Fix size of tmp array
lib/util/util.c: In function ‘dump_data_block16’:
lib/util/util.c:503:40: error: ‘%04zX’ directive output may be truncated
writing between 4 and 16 bytes into a region of size 15
[-Werror=format-truncation=]
503 | snprintf(tmp, sizeof(tmp), "%s[%04zX]", prefix, idx);
| ^~~~~
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
4a48148a by Andreas Schneider at 2024-06-13T12:25:37+00:00
s4:torture: Add missing NULL checks in spoolss.c
source4/torture/rpc/spoolss.c: In function
‘check_printer_driver_file.isra’:
source4/torture/rpc/spoolss.c:10850:58: error: ‘%s’ directive argument
is null [-Werror=format-overflow=]
10850 | const char *remote_name = talloc_asprintf(tctx, "%s\\%d\\%s",
| ^~
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
0b19bb12 by Andreas Schneider at 2024-06-13T12:25:37+00:00
selftest: Create the cmd outside of the loop
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
efa2d0bf by Andreas Schneider at 2024-06-13T12:25:37+00:00
selftest: Set NSS_WRAPPER_HOSTS for smbclient
This is calling getaddrinfo()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
11d1c470 by Andreas Schneider at 2024-06-13T12:25:37+00:00
gitlab-ci: Remove CentOS7 which is EOL
See
https://blog.centos.org/2023/04/end-dates-are-coming-for-centos-stream-8-and-centos-linux-7/
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
276db59e by Andreas Schneider at 2024-06-13T12:25:37+00:00
gitlab-ci: Add CentOS 9 Stream
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
9242f1e0 by Andreas Schneider at 2024-06-13T13:29:48+00:00
gitlab-ci: Update image to Fedora 40
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Thu Jun 13 13:29:48 UTC 2024 on atb-devel-224
- - - - -
d8c52995 by Günther Deschner at 2024-06-14T06:40:37+00:00
ctdb/ceph: Add optional namespace support for mutex helper
RADOS objects within a pool can be associated to a namespace for
logical separation. librados already provides an API to configure
such a namespace with respect to a context. Make use of it as an
optional argument to the helper binary.
Pair-Programmed-With: Anoop C S <anoopcs at samba.org>
Signed-off-by: Günther Deschner <gd at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: David Disseldorp <ddiss at samba.org>
- - - - -
35f6c3f3 by Günther Deschner at 2024-06-14T07:42:25+00:00
ctdb/docs: Include ceph rados namespace support in man page
Document the new optional argument to specify the namespace to be
associated with RADOS objects in a pool.
Pair-Programmed-With: Anoop C S <anoopcs at samba.org>
Signed-off-by: Günther Deschner <gd at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: David Disseldorp <ddiss at samba.org>
Autobuild-User(master): Anoop C S <anoopcs at samba.org>
Autobuild-Date(master): Fri Jun 14 07:42:25 UTC 2024 on atb-devel-224
- - - - -
372476ae by Stefan Metzmacher at 2024-06-17T16:54:29+00:00
s4:torture/smb2: add smb2.ioctl.copy_chunk_bug15644
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15664
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
- - - - -
462b74da by Stefan Metzmacher at 2024-06-17T18:02:27+00:00
vfs_default: also call vfs_offload_token_ctx_init in vfswrap_offload_write_send
If a client for whatever reason calls FSCTL_SRV_COPYCHUNK[_WRITE] without
FSCTL_SRV_REQUEST_RESUME_KEY, we call vfswrap_offload_write_send
before vfswrap_offload_read_send.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15664
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Mon Jun 17 18:02:27 UTC 2024 on atb-devel-224
- - - - -
2916b609 by Stefan Metzmacher at 2024-06-19T09:07:36+00:00
test_recycle.sh: make sure we don't see panics on the log files
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15659
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Noel Power <noel.power at suse.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
6467c47c by Stefan Metzmacher at 2024-06-19T09:07:36+00:00
TMP-REPRODUCE: vfs_recycle: demonstrate memory corruption in recycle_unlink_internal()
Forcing a reload of the smb.conf option values means the pointer learned
in vfs_recycle_connect() become stale.
This will be reverted at the end of the patset again.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15659
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Noel Power <noel.power at suse.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
691564f6 by Stefan Metzmacher at 2024-06-19T09:07:36+00:00
vfs_recycle: don't unlink on allocation failure
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15659
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Noel Power <noel.power at suse.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
220b0e97 by Stefan Metzmacher at 2024-06-19T09:07:36+00:00
vfs_recycle: directly allocate smb_fname_final->base_name
We can use talloc_asprintf() instead of asprintf() followed
by talloc_strdup().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15659
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Noel Power <noel.power at suse.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
cf7a6b52 by Stefan Metzmacher at 2024-06-19T09:07:36+00:00
vfs_recycle: use a talloc_stackframe() in recycle_unlink_internal()
That makes the cleanup more clear...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15659
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Noel Power <noel.power at suse.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
b38241da by Stefan Metzmacher at 2024-06-19T09:07:36+00:00
vfs_recycle: use the correct return in SMB_VFS_HANDLE_GET_DATA()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15659
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Noel Power <noel.power at suse.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
2175856f by Stefan Metzmacher at 2024-06-19T09:07:36+00:00
vfs_recycle: fix memory hierarchy
If the configuration is reloaded strings and string lists
in recycle_config_data could become stale pointers
leading to segmentation faults...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15659
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Noel Power <noel.power at suse.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
c229a84b by Stefan Metzmacher at 2024-06-19T09:07:36+00:00
Revert "TMP-REPRODUCE: vfs_recycle: demonstrate memory corruption in recycle_unlink_internal()"
This was only added to demonstrate the problem more reliable.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15659
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Noel Power <noel.power at suse.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
53b72ea4 by Stefan Metzmacher at 2024-06-19T09:07:36+00:00
vfs_recycle: remember resolved config->repository in vfs_recycle_connect()
This should not change during the lifetime of the tcon.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15659
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Noel Power <noel.power at suse.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
cda8beea by Stefan Metzmacher at 2024-06-19T09:07:36+00:00
testprogs/blackbox: let test_trust_token.sh check for S-1-18-1 with kerberos
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15666
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
db2c576f by Stefan Metzmacher at 2024-06-19T09:07:36+00:00
testprogs/blackbox: add test_ldap_token.sh to test "client use kerberos" and --use-kerberos
This shows that they are ignored for machine accounts as domain member.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15666
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
c715ac5e by Stefan Metzmacher at 2024-06-19T09:07:36+00:00
auth/credentials: add cli_credentials_get_kerberos_state_obtained() helper
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15666
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
eeb60574 by Stefan Metzmacher at 2024-06-19T09:07:36+00:00
auth/credentials: add tests for cli_credentials_get_kerberos_state[_obtained]()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15666
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
5b40cdf6 by Stefan Metzmacher at 2024-06-19T10:17:28+00:00
auth/credentials: don't ignore "client use kerberos" and --use-kerberos for machine accounts
We only turn desired into off in the NT4 domain member case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15666
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Wed Jun 19 10:17:28 UTC 2024 on atb-devel-224
- - - - -
36fb8a3d by Andreas Schneider at 2024-06-24T06:14:35+00:00
nsswitch:krb5_plugin: Avoid a possible double free
Found by Covscan.
"Error: USE_AFTER_FREE (CWE-416):
samba-4.20.0rc2/nsswitch/krb5_plugin/winbind_krb5_localauth.c:122: freed_arg: ""wbcFreeMemory"" frees ""pwd"".
samba-4.20.0rc2/nsswitch/krb5_plugin/winbind_krb5_localauth.c:144: pass_freed_arg: Passing freed pointer ""pwd"" as an argument to ""wbcFreeMemory"".
142| break;
143| }
144|-> wbcFreeMemory(pwd);
145| if (code != 0) {
146| goto out;"
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
- - - - -
d6a7a97b by Andreas Schneider at 2024-06-24T06:14:35+00:00
s3:lib: Remove trailing spaces in sharesec.c
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
- - - - -
c709cb8a by Andreas Schneider at 2024-06-24T06:14:35+00:00
s3:lib: Make sure struct security_ace is fully initialized
Found by Covscan.
"Error: UNINIT (CWE-457):
samba-4.20.0rc2/source3/lib/sharesec.c:275: var_decl: Declaring variable ""ace"" without initializer.
samba-4.20.0rc2/source3/lib/sharesec.c:285: uninit_use_in_call: Using uninitialized value ""ace"". Field ""ace.object"" is uninitialized when calling ""make_sec_acl"".
283| init_sec_ace(&ace, &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, sa, 0);
284|
285|-> if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, 1, &ace)) != NULL) {
286| psd = make_sec_desc(ctx, SECURITY_DESCRIPTOR_REVISION_1,
287| SEC_DESC_SELF_RELATIVE, NULL, NULL, NULL,"
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
- - - - -
a0b6d18a by Andreas Schneider at 2024-06-24T06:14:35+00:00
s3:rpc_server: Make sure struct security_ace is initialized
Found by Covscan.
"Error: UNINIT (CWE-457):
samba-4.20.0rc2/source3/rpc_server/samr/srv_samr_nt.c:235: var_decl: Declaring variable ""ace"" without initializer.
samba-4.20.0rc2/source3/rpc_server/samr/srv_samr_nt.c:269: uninit_use_in_call: Using uninitialized value ""*ace"". Field ""ace->object"" is uninitialized when calling ""make_sec_acl"".
267| /* create the security descriptor */
268|
269|-> if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, i, ace)) == NULL)
270| return NT_STATUS_NO_MEMORY;
271|"
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
- - - - -
067a30c5 by Andreas Schneider at 2024-06-24T06:14:36+00:00
s3:utils: Fix get_window_height() return value
Found by Covscan.
"Error: INTEGER_OVERFLOW (CWE-190):
samba-4.20.0rc2/source3/utils/regedit_list.c:522: tainted_data_return: Called function ""get_window_height(list)"", and a possible return value may be less than zero.
samba-4.20.0rc2/source3/utils/regedit_list.c:522: cast_underflow: An assign of a possibly negative number to an unsigned type, which might trigger an underflow.
samba-4.20.0rc2/source3/utils/regedit_list.c:526: overflow: The expression ""list->cursor_row -= page"" is deemed underflowed because at least one of its arguments has underflowed.
samba-4.20.0rc2/source3/utils/regedit_list.c:529: overflow_sink: ""list->cursor_row"", which might have underflowed, is passed to ""data_get_row_n(list, list->cursor_row)"".
527| list->start_row -= page;
528| }
529|-> tmp = data_get_row_n(list, list->cursor_row);
530| break;
531| case ML_CURSOR_PGDN:"
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
- - - - -
5d568f6e by Andreas Schneider at 2024-06-24T06:14:36+00:00
s4:torture: Remove trailing spaces in winsreplication.c
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
- - - - -
94c06dd1 by Andreas Schneider at 2024-06-24T06:14:36+00:00
s4:torture: Initialize struct wrepl_wins_name
Found by Covscan.
"Error: UNINIT (CWE-457):
samba-4.20.0rc2/source4/torture/nbt/winsreplication.c:5040: var_decl: Declaring variable ""wins_name_"" without initializer.
samba-4.20.0rc2/source4/torture/nbt/winsreplication.c:5041: assign: Assigning: ""wins_name"" = ""&wins_name_"", which points to uninitialized data.
samba-4.20.0rc2/source4/torture/nbt/winsreplication.c:6680: uninit_use_in_call: Using uninitialized value ""*wins_name"". Field ""wins_name->is_group"" is uninitialized when calling ""test_wrepl_update_one"".
6678| wins_name->unknown = ""255.255.255.255"";
6679|
6680|-> ret &= test_wrepl_update_one(tctx, ctx, &ctx->b, wins_name);
6681| ret &= test_wrepl_is_applied(tctx, ctx, &ctx->b, wins_name, true);
6682| } else {"
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
- - - - -
44db391a by Andreas Schneider at 2024-06-24T06:14:36+00:00
s4:dsdb: Remove trailing spaces in schema_query.c
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
- - - - -
3cb4073c by Andreas Schneider at 2024-06-24T06:14:36+00:00
s4:dsdb: Avoid possible underflows with new_len
Found by Covscan.
"Error: INTEGER_OVERFLOW (CWE-190):
samba-4.20.0rc2/source4/dsdb/schema/schema_query.c:403: tainted_data_argument: The check ""i < new_len"" contains the tainted expression ""i"" which causes ""new_len"" to be considered tainted.
samba-4.20.0rc2/source4/dsdb/schema/schema_query.c:407: overflow: The expression ""new_len - i"" is deemed underflowed because at least one of its arguments has underflowed.
samba-4.20.0rc2/source4/dsdb/schema/schema_query.c:407: overflow: The expression ""(new_len - i) * 8UL"" is deemed underflowed because at least one of its arguments has underflowed.
samba-4.20.0rc2/source4/dsdb/schema/schema_query.c:407: overflow_sink: ""(new_len - i) * 8UL"", which might have underflowed, is passed to ""memmove(val1, val2, (new_len - i) * 8UL)"". [Note: The source code implementation of the function has been overridden by a builtin model.]
405| const char **val2 = &attr_list[i];
406| if (ldb_attr_cmp(*val1, *val2) == 0) {
407|-> memmove(val1, val2, (new_len - i) * sizeof( *attr_list));
408| attr_list[new_len-1] = NULL;
409| new_len--;"
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
- - - - -
10b95ff4 by Andreas Schneider at 2024-06-24T06:14:36+00:00
s3:registry: Remove trailing spaces in reg_perfcount.c
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
- - - - -
8c4f8073 by Andreas Schneider at 2024-06-24T06:14:36+00:00
s3:registry: Avoid possible double frees
Found by Covscan.
"Error: USE_AFTER_FREE (CWE-416):
samba-4.20.0rc2/source3/registry/reg_perfcount.c:309: freed_arg: ""_reg_perfcount_multi_sz_from_tdb"" frees ""*retbuf"".
samba-4.20.0rc2/source3/registry/reg_perfcount.c:313: double_free: Calling ""_reg_perfcount_multi_sz_from_tdb"" frees pointer ""*retbuf"" which has already been freed.
311| for(i = 1; i <= base_index; i++)
312| {
313|-> buffer_size = _reg_perfcount_multi_sz_from_tdb(names, i*2, retbuf, buffer_size);
314| }
315| tdb_close(names);"
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
- - - - -
b57bddac by Andreas Schneider at 2024-06-24T06:14:36+00:00
s3:registry: Add missing return value checks
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
- - - - -
cfb81b0c by Andreas Schneider at 2024-06-24T07:14:54+00:00
packaging: Add missing quotes in smbprint
Found by Covscan.
"Error: SHELLCHECK_WARNING (CWE-569):
/usr/bin/smbprint:49:21: warning[SC1083]: This } is literal. Check expression (missing ;/\n?) or quote it.
47| # Concat this with /.config to get the config file.
48| #
49|-> eval acct_file=\${$#}
50| spool_dir=$(dirname $acct_file)
51| config_file=$spool_dir/.config"
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Mon Jun 24 07:14:54 UTC 2024 on atb-devel-224
- - - - -
8a7aad7f by Volker Lendecke at 2024-06-24T16:21:32+00:00
torture4: Fix some whitespace
Review with "git show -w"
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f3934fb9 by Volker Lendecke at 2024-06-24T16:21:32+00:00
heimdal_build: Fix whitespace
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
4f64e455 by Volker Lendecke at 2024-06-24T16:21:32+00:00
tdb: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
7f935e27 by Volker Lendecke at 2024-06-24T16:21:32+00:00
lib: Remove pointless \ line endings
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
7fba8228 by Volker Lendecke at 2024-06-24T16:21:32+00:00
libsmb: "clang-format" for an if-condition
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
221ef3ca by Volker Lendecke at 2024-06-24T16:21:32+00:00
gse: Avoid explicit ZERO_STRUCT in gse_errstr()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
9be7dbd9 by Volker Lendecke at 2024-06-24T16:21:32+00:00
gse: Simplify gse_errstr() with talloc_asprintf_addbuf()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
2b06123a by Volker Lendecke at 2024-06-24T16:21:32+00:00
gensec: Fix whitespace
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
3c84a84f by Volker Lendecke at 2024-06-24T16:21:32+00:00
spnego: Fix typos
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1cea29c3 by Volker Lendecke at 2024-06-24T16:21:32+00:00
credentials: Protect the cred's nt hash with talloc_keep_secret
This avoids the need for an explict ZERO_STRUCT before TALLOC_FREE
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
06aff345 by Volker Lendecke at 2024-06-24T16:21:32+00:00
smbd: Fix DEBUG messages
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
3f2e45aa by Volker Lendecke at 2024-06-24T16:21:32+00:00
tdb: Update times in tdb_transaction_commit per fd, not per name
We might have a relative filename in tdb->name, so we might do the
wrong thing here. And as we have the fd, why not use it...
We call futimens in vfs_default without #ifdef and it's Posix 2018 or
before. So I don't think we need to check for it.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1b47fae6 by Volker Lendecke at 2024-06-24T16:21:32+00:00
lib: Move 286 bytes from R/W data to R/O text segment
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
4af84350 by Volker Lendecke at 2024-06-24T16:21:32+00:00
lib: Avoid an includes.h
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
fc0c605a by Volker Lendecke at 2024-06-24T16:21:32+00:00
smbd: Simplify smbd_do_qfilepathinfo()
Use fsctl_get_reparse_tag()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
6d0444a7 by Volker Lendecke at 2024-06-24T16:21:32+00:00
lib: Align an integer type
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
6e7a1cc6 by Volker Lendecke at 2024-06-24T16:21:32+00:00
smbd: Modernize a DEBUG
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a37ea9d7 by Volker Lendecke at 2024-06-24T16:21:32+00:00
smbd: Simplify notify_filter_string
Just a single NULL check through talloc_asprintf_addbuf
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d86f9ff7 by Volker Lendecke at 2024-06-24T17:27:04+00:00
smbd: Simplify callers of notify_filter_string
This is exactly the application talloc_tos() was made for
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon Jun 24 17:27:04 UTC 2024 on atb-devel-224
- - - - -
5b7d17d4 by Martin Schwenke at 2024-06-25T03:16:37+00:00
ctdb-scripts: Add service_stats_command variable to NFS checks
When monitoring an RPC service, the rpcinfo command might time out
even though the service is making progress. In this case, it is just
slow, so counting the timeout as a failure and potentially restarting
the service will not help. The problem is determining if a service is
making progress.
Add a new NFS checks service_stats_command. This command is intended
to run a statistics command. The output is naively compared using
cmp(1). If the output changes then rpcinfo failures are converted to
successes.
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
d96078e2 by Martin Schwenke at 2024-06-25T03:16:37+00:00
ctdb-scripts: Implement NFS statistics retrieval for NFS-Ganesha
Simplicity is preferred here over absolute correctness. If the
ganesha_stats command exits with an error or times out then no output
is produced so, implicitly, the statistics do not change. Also, the
statistics always change at startup. However, it is likely that the
statistics change when NFS makes progress and do not change when NFS
does not make progress.
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
4766d456 by Martin Schwenke at 2024-06-25T03:16:37+00:00
ctdb-doc: Add example for NFS-Ganesha RPC checking
This one does an rpcinfo check, along with statistics mitigation. It
can be used in combination with the existing 20.nfs_ganesha.check.
The equivalent kernel NFS file only restarts every 10 failures. This
one can be a little more proactive given that false positives are less
likely with the statistics mitigation.
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
707e0ef5 by Martin Schwenke at 2024-06-25T03:16:37+00:00
ctdb-scripts: Fail monitoring after 1 x NFS-Ganesha not running
If ganesha.nfsd is gone then a node can't provide an NFS service, so
should be marked unhealthy. A later restart may bring it back to
health.
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
089aec28 by Martin Schwenke at 2024-06-25T03:16:37+00:00
ctdb-doc: Drop unnecessary, broken attempt at rpc.statd stack trace
There is a typo here, since there will be no process called "status".
Instead of fixing it, drop this because rpc.statd isn't the focus of
this monitoring check and when systemd is init rpc.statd isn't
restarted with nfs-ganesha. It stays running, so a confusing stack
trace for rpc.statd is always logged.
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
415f9f07 by Martin Schwenke at 2024-06-25T04:24:57+00:00
ctdb-failover: Split statd_callout add-client/del-client
rpc.statd is single-threaded and runs its HA callout synchronously. If
it is too slow then latency accumulates and rpc.statd's backlog grows.
Running a pair of add-client/del-client events with the current code
averages ~0.030s in my test environment. This mean that 1000 clients
reclaiming locks after failover can easily cause 10s of latency. This
could cause rpc.statd to become unresponsive, resulting in a time out
for an rpcinfo-based health check of the status service.
Split the add-client/del-client events out to a standalone
statd_callout executable, written in C, to be used as the HA callout
for rpc.statd. All other functions move to statd_callout_helper.
Now, running a pair of add-client/del-client events in my test
environment averages only ~0.002s. This seems less likely to cause
latency problems.
The standalone statd_callout executable needs to read a configuration
file, which is generated by statd_callout_helper from the "startup"
event. It also needs access to a list of currently assigned public
IPs.
For backward compatibility, during installation a symlink is created
from $CTDB_BASE/statd-callout to the new statd_callout, which is
installed in the helper directory.
Testing this as part of the eventscript unit tests starts to become
even more of a hack than it used to be. However, the dependency on
stubs and the corresponding setup of fake state makes it hard to move
this elsewhere.
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
Autobuild-User(master): Martin Schwenke <martins at samba.org>
Autobuild-Date(master): Tue Jun 25 04:24:57 UTC 2024 on atb-devel-224
- - - - -
6dc61687 by Jo Sutton at 2024-06-27T04:29:41+00:00
tests/krb5: Allow creation of disabled accounts for testing
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15655
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
c5ee0b60 by Jo Sutton at 2024-06-27T04:29:41+00:00
tests/krb5: Add tests for errors produced when logging in with unusable accounts
Heimdal matches Windows in the no‐FAST case, but produces NTSTATUS codes
when it shouldn’t in the FAST case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15655
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
fe905768 by Jo Sutton at 2024-06-27T04:29:41+00:00
third_party/heimdal: Import lorikeet-heimdal-202406240121 (commit 4315286377278234be2f3b6d52225a17b6116d54)
This lets us match the Windows FAST reply when the password is expired.
Windows clients were upset by the NTSTATUS field in the edata,
apparently interpreting it to mean “insufficient resource”.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15655
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
f9215b37 by Jo Sutton at 2024-06-27T04:29:41+00:00
third_party/heimdal: Import lorikeet-heimdal-202406270253 (commit cbd2c0b8ec604686dc7b363d1dcec69bf5f7a7ec)
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
3c1691af by Oliver Mihatsch at 2024-06-27T05:33:17+00:00
Extended the documentation for the "tls certfile" parameter in the smb.conf.
Signed-off-by: Oliver Mihatsch <om-git at q4k.de>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Douglas Bagnall <dbagnall at samba.org>
Autobuild-Date(master): Thu Jun 27 05:33:17 UTC 2024 on atb-devel-224
- - - - -
4e21a8b2 by Shachar Sharon at 2024-06-27T05:34:33+00:00
vfs_ceph: improve readability of cephwrap_realpath
Minor code cleanup: use local variable to reference current-work dir.
This commit is in preparation to following code-cleanup which aligns
line-length with Samba's coding conventions.
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
- - - - -
b7e3f93e by Shachar Sharon at 2024-06-27T05:34:33+00:00
vfs_ceph: align lines-length with coding standard
Coding standard requires following Linux kernel style guide, with an
explicit statement that "Maximum Line Width is 80 Characters". Align
vfs_ceph.c with this convention: split long lines into multiple lines
and use 'git clang-format' to do auto-formatting based on Samba project
'.clang-format' settings.
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
- - - - -
ee72f127 by Shachar Sharon at 2024-06-27T05:34:33+00:00
vfs_ceph: re-map unimplemented hooks
Code cleanup: prefer standard convenience helpers for unimplemented
VFS hooks.
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
- - - - -
0bc917b0 by Shachar Sharon at 2024-06-27T05:34:33+00:00
vfs_ceph: use talloc in realpath hook
Prefer talloc_asprintf over asprintf when resolving realpath.
Re-format code using 'git clang-format'.
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
- - - - -
691a397b by Shachar Sharon at 2024-06-27T05:34:33+00:00
vfs_ceph: replace WRAP_RETURN macro with convenience helpers
The WRAP_RETURN is a non-hygienic macro, and as such has the potential
of creating bogus code (e.g. 'return WRAP_RETURN(ret);' which existed
in the code in the past but did not yield any compiler warning). Prefer
simple convenience helper functions instead, which are also type safe.
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
- - - - -
0f92c605 by Shachar Sharon at 2024-06-27T05:34:33+00:00
vfs_ceph: adjust code-style of cephwrap_disk_free
The common convention in 'vfs_ceph.c' module is to bailout (by return or
goto) whenever the return value from libcephfs call is not OK. Apply
this code-style to cephwrap_disk_free hook.
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
- - - - -
a7d34ec5 by Shachar Sharon at 2024-06-27T05:34:33+00:00
vfs_ceph: explicit cast to uint64_t upon failure of ceph_statfs
When a call to 'ceph_statfs' from with 'cephwrap_disk_free' returns
non-zero status do an explicit cast to uint64_t for the negative (-1)
value returned by 'status_code'.
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
- - - - -
2d743185 by Shachar Sharon at 2024-06-27T06:35:19+00:00
vfs_ceph: use consistent code style when setting errno
When setting explicit value to 'errno' use same coding-style as used in
this entire module (spaces before and after assignment operator).
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
Autobuild-User(master): Anoop C S <anoopcs at samba.org>
Autobuild-Date(master): Thu Jun 27 06:35:19 UTC 2024 on atb-devel-224
- - - - -
ac7a16f9 by Volker Lendecke at 2024-06-27T11:59:05+00:00
smbd: Fix crossing automounter mount points
We get ENOENT on /proc/self/fd/<fdnum> when we try to turn the
mountpoint's O_PATH handle into a real one. This does not trigger a
mount attempt, you have to use name-based calls.
This is not the real fix, because if the autofs mount triggers, the
inode number will change. For directories this is not a huge problem
as we don't touch the share mode database before we open the "real"
fd. We would only violate potential share modes with other pure
READ_ATTRIBUTES (i.e. stat-) opens that came before the mount
trigger.
As I don't think share modes on directories are really relevant, I
think we can live with this "fix". Once we do directory leases this
will potentially change.
As a quick remedy we could use our defer_open() mechanism that starts
path processing from scratch. But as long as this seems not really
required, we should not add users of this really bad way of going back
to square 1.
The "real" fix would be to go back to the point where we open the last
component with openat(). In the retry round we need to do this without
O_PATH to trigger the mount and only then do the initial fstat.
Right now I don't see an easy way to properly test this
behaviour. Intercepting with vfs_error_inject is certainly possible,
but nailing the exact call would clutter the main code path. So I have
just tested this manually.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Thu Jun 27 11:59:05 UTC 2024 on atb-devel-224
- - - - -
f824e985 by Noel Power at 2024-06-28T10:17:14+00:00
doc: Update codeing guidelines for struct initialisation
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Noel Power <npower at samba.org>
Autobuild-Date(master): Fri Jun 28 10:17:14 UTC 2024 on atb-devel-224
- - - - -
deced5ea by Andreas Schneider at 2024-06-28T11:39:33+00:00
s3:torture: Remove trailing spaces in query.c
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
47774649 by Andreas Schneider at 2024-06-28T11:39:33+00:00
s4:torture: Initialize struct nbt_name_query
"Error: UNINIT (CWE-457):
samba-4.20.0rc2/source4/torture/nbt/query.c:53: var_decl: Declaring variable ""io"" without initializer.
samba-4.20.0rc2/source4/torture/nbt/query.c:76: uninit_use_in_call: Using uninitialized value ""io.in.retries"" when calling ""nbt_name_query_send"".
74| while (num_sent - (result->num_pass+result->num_fail) < 10) {
75| struct nbt_name_request *req;
76|-> req = nbt_name_query_send(nbtsock, &io);
77| torture_assert(tctx, req != NULL, ""Failed to setup request!"");
78| req->async.fn = increment_handler;"
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
09d73147 by Andreas Schneider at 2024-06-28T11:39:33+00:00
s4:torture: Initialize struct smb2_handle
"Error: UNINIT (CWE-457):
samba-4.20.0rc2/source4/torture/smb2/lease.c:336: var_decl: Declaring variable ""hnew"" without initializer.
samba-4.20.0rc2/source4/torture/smb2/lease.c:377: uninit_use_in_call: Using uninitialized value ""hnew"" when calling ""smb2_util_close"".
375| done:
376| smb2_util_close(tree, h);
377|-> smb2_util_close(tree, hnew);
378|
379| smb2_util_unlink(tree, fname);"
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
990a68fe by Andreas Schneider at 2024-06-28T11:39:33+00:00
s3:auth: Remove trailing spaces in pampass.c
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
ec7dfedc by Andreas Schneider at 2024-06-28T11:39:33+00:00
s3:auth: Avoid passing freed pamh pointer to funcitons using it
"Error: USE_AFTER_FREE (CWE-416):
samba-4.20.0rc2/source3/auth/pampass.c:466: freed_arg: ""pam_end"" frees ""pamh"".
samba-4.20.0rc2/source3/auth/pampass.c:467: pass_freed_arg: Passing freed pointer ""pamh"" as an argument to ""smb_pam_error_handler"".
465| if( pamh != NULL ) {
466| pam_error = pam_end(pamh, 0);
467|-> if(smb_pam_error_handler(pamh, pam_error, ""End Cleanup Failed"", 2) == True) {
468| DEBUG(4, (""smb_pam_end: PAM: PAM_END OK.\n""));
469| return True;"
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
7990a2ba by Andreas Schneider at 2024-06-28T11:39:33+00:00
s4:torture: Initialize struct wrepl_wins_name
"Error: UNINIT (CWE-457):
samba-4.20.0rc2/source4/torture/nbt/winsreplication.c:6759: var_decl: Declaring variable ""wins_name_"" without initializer.
samba-4.20.0rc2/source4/torture/nbt/winsreplication.c:6760: assign: Assigning: ""wins_name"" = ""&wins_name_"", which points to uninitialized data.
samba-4.20.0rc2/source4/torture/nbt/winsreplication.c:9455: uninit_use_in_call: Using uninitialized value ""*wins_name"". Field ""wins_name->is_group"" is uninitialized when calling ""test_wrepl_update_one"".
9453| wins_name->unknown = ""255.255.255.255"";
9454|
9455|-> ret &= test_wrepl_update_one(tctx, ctx, &ctx->b, wins_name);
9456|
9457| /*"
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
dd896862 by Andreas Schneider at 2024-06-28T11:39:33+00:00
s3:rpc_client: Check for array size instead of UINT16_MAX
mdscli_ctx->mdscmd_open.share_path is an array of size 1025. The
boundary is 1025 and not UINT16_MAX.
"Error: OVERRUN (CWE-119):
samba-4.20.0rc2/source3/rpc_client/cli_mdssvc.c:127: cond_at_least: Checking ""share_path_len < 1UL"" implies that ""share_path_len"" is at least 1 on the false branch.
samba-4.20.0rc2/source3/rpc_client/cli_mdssvc.c:127: cond_between: Checking ""share_path_len > 65535UL"" implies that ""share_path_len"" is between 1 and 65535 (inclusive) on the false branch.
samba-4.20.0rc2/source3/rpc_client/cli_mdssvc.c:133: overrun-local: Overrunning array ""mdscli_ctx->mdscmd_open.share_path"" of 1025 bytes at byte offset 65534 using index ""share_path_len - 1UL"" (which evaluates to 65534).
131| mdscli_ctx->mdscmd_open.share_path_len = share_path_len;
132|
133|-> if (mdscli_ctx->mdscmd_open.share_path[share_path_len-1] == '/') {
134| mdscli_ctx->mdscmd_open.share_path[share_path_len-1] = '\0';
135| mdscli_ctx->mdscmd_open.share_path_len--;"
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
54ce370f by Andreas Schneider at 2024-06-28T11:39:33+00:00
s4:torture: Fully initialize struct samr_OpenUser
"Error: UNINIT (CWE-457):
samba-4.20.0rc2/source4/torture/rpc/samr.c:7381: var_decl: Declaring variable ""r"" without initializer.
samba-4.20.0rc2/source4/torture/rpc/samr.c:7428: uninit_use: Using uninitialized value ""r.out.result.v"".
7426| torture_assert_ntstatus_ok(tctx, dcerpc_samr_QueryUserInfo_r(b, tctx, &q),
7427| ""QueryUserInfo failed"");
7428|-> if (!NT_STATUS_IS_OK(r.out.result)) {
7429| torture_result(tctx, TORTURE_FAIL, ""QueryUserInfo(%u) failed - %s\n"", r.in.rid, nt_errstr(r.out.result));
7430| return false;"
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
c814681c by Andreas Schneider at 2024-06-28T11:39:33+00:00
examples: Use cp with force option
"Error: SHELLCHECK_WARNING:
/usr/share/doc/samba/printing/VampireDriversFunctions:951:15: warning[SC2216]: Piping to 'cp', a command that doesn't read stdin. Wrong command or missing xargs?
949| CWD2=""$( pwd )"" ;
950| cd ""${i}"";
951|-> echo ""yes"" | cp ../alldriverfiles.txt . 2> /dev/null ;
952|
953| cat alldriverfiles.txt \"
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
909506c9 by Andreas Schneider at 2024-06-28T11:39:33+00:00
examples: Initialize char arrays
"Error: UNINIT (CWE-457):
samba-4.20.0rc2/examples/libsmbclient/testacl3.c:15: var_decl: Declaring variable ""value"" without initializer.
samba-4.20.0rc2/examples/libsmbclient/testacl3.c:55: uninit_use_in_call: Using uninitialized value ""*value"" as argument to ""%s"" when calling ""printf"". [Note: The source code implementation of the function has been overridden by a builtin model.]
53| }
54|
55|-> printf(""Attributes for [%s] are:\n%s\n"", path, value);
56| }
57|"
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
- - - - -
a77cffaa by Andreas Schneider at 2024-06-28T12:44:31+00:00
s4:torture: Initialize struct wrepl_wins_name
"Error: UNINIT (CWE-457):
samba-4.20.0rc2/source4/torture/nbt/winsreplication.c:1244: var_decl: Declaring variable ""wins_name1"" without initializer.
samba-4.20.0rc2/source4/torture/nbt/winsreplication.c:4835: assign: Assigning: ""wins_name_r1"" = ""&wins_name1"", which points to uninitialized data.
samba-4.20.0rc2/source4/torture/nbt/winsreplication.c:4905: uninit_use_in_call: Using uninitialized value ""*wins_name_r1"". Field ""wins_name_r1->is_group"" is uninitialized when calling ""test_wrepl_update_one"".
4903|
4904| /* now apply R1 */
4905|-> ret &= test_wrepl_update_one(tctx, ctx, records[i].r1.owner, wins_name_r1);
4906| ret &= test_wrepl_is_applied(tctx, ctx, records[i].r1.owner,
4907| wins_name_r1, records[i].r1.apply_expected);"
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Fri Jun 28 12:44:31 UTC 2024 on atb-devel-224
- - - - -
52e5e926 by Martin Schwenke at 2024-06-28T18:43:52+05:30
ctdb-conf: Move all conf files to new conf/ subdirectory
Leave common/conf.[ch] where they are to make this commit
comprehensible.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
- - - - -
cf252434 by Martin Schwenke at 2024-06-28T18:43:52+05:30
ctdb-conf: Move conf.[ch] to conf/ subdirectory
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
- - - - -
11c4b253 by Martin Schwenke at 2024-06-28T18:43:52+05:30
ctdb-conf: Rename config loading to not be daemon-specific
We might end up using it elsewhere.
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
- - - - -
0db47112 by Volker Lendecke at 2024-06-28T13:26:24+00:00
smbd: Modernize a DEBUG
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
e6f85685 by Volker Lendecke at 2024-06-28T13:26:24+00:00
smbd: Align an integer type
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
6f68812d by Volker Lendecke at 2024-06-28T13:26:24+00:00
smbd: Don't leave a pointer variable uninitialized
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
2edb49c5 by Volker Lendecke at 2024-06-28T13:26:24+00:00
vfs: Fix typos
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
1d2fbbdd by Volker Lendecke at 2024-06-28T13:26:24+00:00
smbd: Modernize a DEBUG
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
e5a30419 by Volker Lendecke at 2024-06-28T13:26:24+00:00
smbd: Simplify copy_stat_ex_timestamps
copy_stat_ex_timestamps doesn't need the fsp, it only needs the
destination stat struct
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
e94de8a4 by Volker Lendecke at 2024-06-28T13:26:24+00:00
smbd: Simplify init_smb_file_time
Call make_omit_timespec just once, saves a few .text bytes
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
5e206ffb by Volker Lendecke at 2024-06-28T13:26:24+00:00
smbd: Remove an obsolete comment
We have a good understanding of SAMBA_UTIME_OMIT these days
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
6a077e2f by Volker Lendecke at 2024-06-28T13:26:24+00:00
smbd: Simplify filename_convert_dirfsp_nosymlink
Initialize the timestamps in the existing struct assignment
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
e2ba6144 by Volker Lendecke at 2024-06-28T13:26:24+00:00
smbd: Simplify fdos_mode
We don't need the outer !NT_STATUS_IS_OK and the comment
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
7b03fc3d by Volker Lendecke at 2024-06-28T13:26:24+00:00
smbd: Simplify dos_mode_from_sbuf
We don't need that else branch, this could be a switch as well
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
9cb187d1 by Volker Lendecke at 2024-06-28T13:26:24+00:00
smbd: Print reparse_point in dos_mode_debug_print
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
1fb07bc7 by Volker Lendecke at 2024-06-28T13:26:24+00:00
smbd: Avoid a cast
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
c3799dfb by Volker Lendecke at 2024-06-28T13:26:24+00:00
smbd: Remove some unused code
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
d2932c22 by Volker Lendecke at 2024-06-28T13:26:24+00:00
smbd: Simplify reopen_from_fsp
In a variable declaration the (struct ...) is not needed
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
b565901a by Volker Lendecke at 2024-06-28T13:26:24+00:00
smbd: Simplify smbd_do_qfsinfo with direct struct initialization
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
a32f52e5 by Volker Lendecke at 2024-06-28T13:26:24+00:00
librpc: Make NDR_PRINT_DEBUG call just one DEBUG
Give debug.c the chance to use just one write call (right now it
doesn't yet)
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
0ebabaed by Volker Lendecke at 2024-06-28T14:32:27+00:00
smbd: Fix cached dos attributes
The callers of fset_dos_mode must set the cached attributes
themselves, which I did not see. I tried, but I did not find a clean
way to fix this behind SMB_VFS_FSET_DOS_ATTRIBUTES, with a smb_fname
and smb_fname->fsp->fsp_name we might have two copies of the cached
dos attributes around and if we only update fsp->fsp_name, we might
miss the outer one.
Not doing a test, this is really fresh code, and in the future we must
reorganize setting and caching dos attributes anyway.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Fri Jun 28 14:32:27 UTC 2024 on atb-devel-224
- - - - -
384d948b by Andreas Schneider at 2024-06-30T23:20:33+00:00
winexe: Make sure specificError is initialized
"Error: UNINIT (CWE-457):
samba-4.20.0rc2/examples/winexe/winexesvc.c:684: var_decl: Declaring variable ""specificError"" without initializer.
samba-4.20.0rc2/examples/winexe/winexesvc.c:711: uninit_use: Using uninitialized value ""specificError"".
709| winexesvcStatus.dwWaitHint = 0;
710| winexesvcStatus.dwWin32ExitCode = status;
711|-> winexesvcStatus.dwServiceSpecificExitCode = specificError;
712|
713| SetServiceStatus(winexesvcStatusHandle, &winexesvcStatus);"
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Martin Schwenke <mschwenke at ddn.com>
- - - - -
5eb58b16 by Andreas Schneider at 2024-06-30T23:20:33+00:00
examples: Make sure the array is probably initialized
"Error: UNINIT (CWE-457):
samba-4.20.0rc2/examples/libsmbclient/testacl2.c:27: var_decl: Declaring variable ""value"" without initializer.
samba-4.20.0rc2/examples/libsmbclient/testacl2.c:48: uninit_use_in_call: Using uninitialized value ""*value"" as argument to ""%s"" when calling ""printf"". [Note: The source code implementation of the function has been overridden by a builtin model.]
46| }
47|
48|-> printf(""Attributes for [%s] are:\n%s\n"", argv[1], value);
49|
50| flags = 0;"
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Martin Schwenke <mschwenke at ddn.com>
- - - - -
df8d19e5 by Andreas Schneider at 2024-06-30T23:20:33+00:00
s3:smbd: Remove trailing spaces in posix_acls.c
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Martin Schwenke <mschwenke at ddn.com>
- - - - -
14786193 by Andreas Schneider at 2024-06-30T23:20:33+00:00
s3:smbd: Make sure struct security_ace is initialized
"Error: UNINIT (CWE-457):
samba-4.20.0rc2/source3/smbd/posix_acls.c:4778: var_decl: Declaring variable ""aces"" without initializer.
samba-4.20.0rc2/source3/smbd/posix_acls.c:4799: uninit_use_in_call: Using uninitialized value ""*aces"". Field ""aces->object"" is uninitialized when calling ""make_sec_acl"".
4797| idx++;
4798|
4799|-> new_dacl = make_sec_acl(ctx,
4800| NT4_ACL_REVISION,
4801| idx,"
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Martin Schwenke <mschwenke at ddn.com>
- - - - -
9ec0f8bd by Andreas Schneider at 2024-06-30T23:20:33+00:00
s4:torture: Make sure struct smb2_handle is initialized
"Error: UNINIT (CWE-457):
samba-4.20.0rc2/source4/torture/smb2/lease.c:1223: var_decl: Declaring variable ""h2"" without initializer.
samba-4.20.0rc2/source4/torture/smb2/lease.c:1328: uninit_use_in_call: Using uninitialized value ""h2"" when calling ""smb2_util_close"".
1326| done:
1327| smb2_util_close(tree, h);
1328|-> smb2_util_close(tree, h2);
1329|
1330| smb2_util_unlink(tree, fname);"
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Martin Schwenke <mschwenke at ddn.com>
- - - - -
d755bc43 by Andreas Schneider at 2024-06-30T23:20:33+00:00
s3:rpc_client: Initialize struct security_ace
"Error: UNINIT (CWE-457):
samba-4.20.0rc2/source3/rpc_client/init_spoolss.c:348: var_decl: Declaring variable ""ace"" without initializer.
samba-4.20.0rc2/source3/rpc_client/init_spoolss.c:415: uninit_use_in_call: Using uninitialized value ""*ace"". Field ""ace->object"" is uninitialized when calling ""make_sec_acl"".
413| NT5 machine. */
414|
415|-> if ((psa = make_sec_acl(mem_ctx, NT4_ACL_REVISION, i, ace)) != NULL) {
416| psd = make_sec_desc(mem_ctx,
417| SD_REVISION,"
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Martin Schwenke <mschwenke at ddn.com>
- - - - -
b6d66e55 by Andreas Schneider at 2024-06-30T23:20:33+00:00
s4:torture: Initialize struct netr_LogonSamLogonEx
"Error: UNINIT (CWE-457):
samba-4.20.0rc2/source4/torture/rpc/schannel.c:250: var_decl: Declaring variable ""r"" without initializer.
samba-4.20.0rc2/source4/torture/rpc/schannel.c:357: uninit_use_in_call: Using uninitialized value ""r.in.validation_level"" when calling ""torture_comment"".
355| ""LogonSamLogonEx failed"");
356| } else {
357|-> torture_comment(tctx,
358| ""Skip auth_level[%u] Testing LogonSamLogonEx with name %s using %s and validation_level: %d\n"",
359| auth_level, ninfo.identity_info.account_name.string, crypto_alg,"
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Martin Schwenke <mschwenke at ddn.com>
- - - - -
1d38f6ee by Andreas Schneider at 2024-06-30T23:20:33+00:00
s4:torture: Initialize struct smb2_handle
"Error: UNINIT (CWE-457):
samba-4.20.0rc2/source4/torture/smb2/lease.c:452: var_decl: Declaring variable ""h"" without initializer.
samba-4.20.0rc2/source4/torture/smb2/lease.c:516: uninit_use_in_call: Using uninitialized value ""h"" when calling ""smb2_util_close"".
514|
515| done:
516|-> smb2_util_close(tree, h);
517| smb2_util_close(tree, hnew);
518| smb2_util_close(tree, h2);"
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Martin Schwenke <mschwenke at ddn.com>
- - - - -
57001527 by Andreas Schneider at 2024-06-30T23:20:33+00:00
s4:torture: Initialize pointers
"Error: UNINIT (CWE-457):
samba-4.20.0rc2/source4/torture/smb2/durable_open.c:1518: var_decl: Declaring variable ""tree2"" without initializer.
samba-4.20.0rc2/source4/torture/smb2/durable_open.c:1584: uninit_use_in_call: Using uninitialized value ""tree2"" when calling ""smb2_util_close"".
1582| if (tree != NULL) {
1583| if (h != NULL) {
1584|-> smb2_util_close(tree2, *h);
1585| }
1586|"
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Martin Schwenke <mschwenke at ddn.com>
- - - - -
321ee914 by Andreas Schneider at 2024-06-30T23:20:34+00:00
s3:libsmb: Check if we have a valid file descriptor
"Error: REVERSE_NEGATIVE (CWE-191):
samba-4.20.0rc2/source3/libsmb/pylibsmb.c:215: negative_sink_in_call: Passing ""t->shutdown_pipe[1]"" to a parameter that cannot be negative.
samba-4.20.0rc2/source3/libsmb/pylibsmb.c:230: check_after_sink: You might be using variable ""t->shutdown_pipe[1]"" before verifying that it is >= 0.
228| t->shutdown_pipe[0] = -1;
229| }
230|-> if (t->shutdown_pipe[1] != -1) {
231| close(t->shutdown_pipe[1]);
232| t->shutdown_pipe[1] = -1;"
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Martin Schwenke <mschwenke at ddn.com>
- - - - -
aae8cab3 by Andreas Schneider at 2024-06-30T23:20:34+00:00
s3:smbd: Make sure struct security_ace is initialized
"Error: UNINIT (CWE-457):
samba-4.20.0rc2/source3/smbd/posix_acls.c:4706: var_decl: Declaring variable ""aces"" without initializer.
samba-4.20.0rc2/source3/smbd/posix_acls.c:4748: uninit_use_in_call: Using uninitialized value ""*aces"". Field ""aces->object"" is uninitialized when calling ""make_sec_acl"".
4746| idx++;
4747|
4748|-> new_dacl = make_sec_acl(ctx,
4749| NT4_ACL_REVISION,
4750| idx,"
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Martin Schwenke <mschwenke at ddn.com>
- - - - -
b11cf72c by Andreas Schneider at 2024-06-30T23:20:34+00:00
s3:winbind: Fix integer type of len
"Error: INTEGER_OVERFLOW (CWE-190):
samba-4.20.0rc2/source3/winbindd/winbindd_cache.c:849: cast_overflow: Truncation due to cast operation on ""len"" from 32 to 8 bits.
samba-4.20.0rc2/source3/winbindd/winbindd_cache.c:851: overflow_sink: ""len"", which might have overflowed, is passed to ""memcpy(centry->data + centry->ofs, s, len)"". [Note: The source code implementation of the function has been overridden by a builtin model.]
849| centry_put_uint8(centry, len);
850| centry_expand(centry, len);
851|-> memcpy(centry->data + centry->ofs, s, len);
852| centry->ofs += len;
853| }"
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Martin Schwenke <mschwenke at ddn.com>
- - - - -
f52e7fd3 by Andreas Schneider at 2024-06-30T23:20:34+00:00
s4:torture: Remove trailing spaces from gentest.c
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Martin Schwenke <mschwenke at ddn.com>
- - - - -
6d3cfb4b by Andreas Schneider at 2024-07-01T00:23:08+00:00
s4:torture: Initialize param arrays
"Error: UNINIT (CWE-457):
samba-4.20.0rc2/source4/torture/gentest.c:2690: var_decl: Declaring variable ""parm"" without initializer.
samba-4.20.0rc2/source4/torture/gentest.c:2711: uninit_use: Using uninitialized value ""parm[0]"". Field ""parm[0].out"" is uninitialized.
2709| }
2710|
2711|-> GEN_COPY_PARM;
2712| GEN_SET_FNUM_SMB2(in.file.handle);
2713| GEN_CALL_SMB2(smb2_lock(tree, &parm[i]));"
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Martin Schwenke <mschwenke at ddn.com>
Autobuild-User(master): Martin Schwenke <martins at samba.org>
Autobuild-Date(master): Mon Jul 1 00:23:08 UTC 2024 on atb-devel-224
- - - - -
60550fbe by Xavi Hernandez at 2024-07-01T09:17:43+00:00
Fix starvation of pending writes in CTDB queues
CTDB uses a queue to receive requests and send answers. It works
asynchronously using the tevent framework. However there was an issue
that gave priority to the receiving side so, when a request was
processed and the answer posted to the queue, if another incoming
request arrived, it was served before sending the previous answer.
This scenario could repeat for long periods of time if the frequency of
incoming requests was high enough.
Eventually, a small time gap between incoming request gave a chance to
process the pending output queue, sending many answers in a burst.
This patch makes sure that both queues (input and output) are processed
if the event contains the appropriate flag.
Signed-off-by: Xavi Hernandez <xhernandez at redhat.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Mon Jul 1 09:17:43 UTC 2024 on atb-devel-224
- - - - -
7ae89d8d by Jo Sutton at 2024-07-02T03:39:35+00:00
tests/krb5: Fix type errors by giving ‘pwd_last_set’ an appropriate type
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
9853bd69 by Jo Sutton at 2024-07-02T03:39:35+00:00
tests/krb5: Simplify code using dict.get()
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
8a456f37 by Jo Sutton at 2024-07-02T03:39:35+00:00
s3:param: Check return value of strlower_m() (CID 1598446)
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
3dffd0fa by Jo Sutton at 2024-07-02T03:39:35+00:00
s4:auth: Use appropriate type for userAccountControl flags
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
c4728578 by Jo Sutton at 2024-07-02T03:39:35+00:00
s4:dsdb: Use appropriate type for userAccountControl flags
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
a9ad964c by Jo Sutton at 2024-07-02T03:39:35+00:00
pyglue: Remove global variables used in only one place
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
32cd94b1 by Jo Sutton at 2024-07-02T03:39:35+00:00
s3:rpc_server: Update deprecated directives
‘api.prefix’ and ‘parse.error’ have both been supported since Bison 3.0.
/data/samba/source3/rpc_server/mdssvc/es_parser.y:98.1-21: warning: deprecated directive: ‘%name-prefix "mdsyyl"’, use ‘%define api.prefix {mdsyyl}’ [-Wdeprecated]
98 | %name-prefix "mdsyyl"
| ^~~~~~~~~~~~~~~~~~~~~
| %define api.prefix {mdsyyl}
/data/samba/source3/rpc_server/mdssvc/es_parser.y:100.1-14: warning: deprecated directive: ‘%error-verbose’, use ‘%define parse.error verbose’ [-Wdeprecated]
100 | %error-verbose
| ^~~~~~~~~~~~~~
| %define parse.error verbose
/data/samba/source3/rpc_server/mdssvc/es_parser.y: warning: fix-its can be applied. Rerun with option '--update'. [-Wother]
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
4844b1c3 by Jo Sutton at 2024-07-02T03:39:35+00:00
perftest:ndr_pack_performance: Remove unused import
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
93948132 by Jo Sutton at 2024-07-02T03:39:35+00:00
perftest:ndr_pack_performance: Remove obselete comment
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
239a8f27 by Jo Sutton at 2024-07-02T03:39:35+00:00
lib:crypto: Remove unused macro definitions
As we now require GnuTLS 3.6.13, we can rely on GnuTLS providing these
macros.
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
ec73e997 by Jo Sutton at 2024-07-02T03:39:35+00:00
s3:rpc_server: Fix code spelling
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
66928d85 by Jo Sutton at 2024-07-02T03:39:35+00:00
s4:auth: Correct order of parameters in documentation
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
50c37d61 by Jo Sutton at 2024-07-02T03:39:35+00:00
lib:krb5_wrap: Fix code spelling
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
e50a6933 by Jo Sutton at 2024-07-02T03:39:35+00:00
s4:dsdb: Remove unnecessary MIN()
Since we have ensured that val->length >= sizeof(hash->hash),
MIN(val->length, sizeof(hash->hash)) will here always be equal to
sizeof(hash->hash).
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
03e9575e by Jo Sutton at 2024-07-02T04:44:56+00:00
s3:smbd: Avoid compiler warning for unused label
If either of HAVE_FSTATFS and HAVE_LINUX_MAGIC_H are not defined, gcc
produces the following error:
../../source3/smbd/open.c: In function ‘reopen_from_fsp’:
../../source3/smbd/open.c:1222:1: error: label ‘namebased_open’ defined but not used [-Werror=unused-label]
1222 | namebased_open:
| ^~~~~~~~~~~~~~
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Martin Schwenke <martin at meltin.net>
Autobuild-User(master): Martin Schwenke <martins at samba.org>
Autobuild-Date(master): Tue Jul 2 04:44:56 UTC 2024 on atb-devel-224
- - - - -
121687e7 by Anoop C S at 2024-07-02T08:09:32+00:00
source3/wscript: Remove long pending unsupported option
It has been a while since --with-libcephfs option was dropped. Therefore
stop advertising it through waf scripts.
Signed-off-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
6ba69da8 by Anoop C S at 2024-07-02T09:13:20+00:00
ctdb/wscript: Remove long pending unsupported option
It has been a while since --with-libcephfs option was dropped. Therefore
stop advertising it through waf scripts.
Signed-off-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Tue Jul 2 09:13:20 UTC 2024 on atb-devel-224
- - - - -
056dd415 by Björn Baumbach at 2024-07-02T23:52:37+00:00
ctdb-failover: omit "restrict" optimization keyword
Fails with some compilers with
error: expected ';', ',' or ')' before 'lineptr'
Signed-off-by: Björn Baumbach <bb at sernet.de>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Martin Schwenke <martin at meltin.net>
Autobuild-User(master): Martin Schwenke <martins at samba.org>
Autobuild-Date(master): Tue Jul 2 23:52:37 UTC 2024 on atb-devel-224
- - - - -
0bc5b6f2 by Douglas Bagnall at 2024-07-03T01:35:31+00:00
buildtools: sanitise strange characters in vendor strings
There is no reason to think '-' and '+' are the only characters that
might sneak into a vendor string; Debian habitually use '~'.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15673
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
673c8e6c by Douglas Bagnall at 2024-07-03T01:35:31+00:00
build: --vendor-suffix instead of --vendor-patch-revision --vendor-name
In practice there isn't a use for two options, and neither quite
matched what people thought they were doing.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15673
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
7fb38aee by Douglas Bagnall at 2024-07-03T01:35:31+00:00
docs-xml:manpages: allow for longer version strings
The default value (30) truncates "Samba 4.21.0pre1-DEVELOPERBUILD" to
"Samba 4.21.0pre1-DEVELOPE" in the bottom left corner of the man page.
("Samba 4.21.0pre1-DEVELOPE" is only 25 bytes long, not 30, but let's
not worry about that).
On narrow terminals (< ~75 columns) this makes it more likely that
the version string will run into the date string.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15672
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
f3b240da by Douglas Bagnall at 2024-07-03T01:35:31+00:00
cmdline:burn: '-U' does not imply secrets without '%'
We return true from this function when a secret has been erased,
and were accidentally treating as if it had secrets.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15671
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
f17a2b1b by Douglas Bagnall at 2024-07-03T01:35:31+00:00
selftest: run the cmdline tests that we already have
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
05128a1f by Douglas Bagnall at 2024-07-03T01:35:31+00:00
cmdline:tests: extend cmdline_burn tests
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
2f6020cf by Douglas Bagnall at 2024-07-03T01:35:31+00:00
cmdline:burn: do not retain false memories
If argv contains a secret option without an '=' (or in the case of
"-U", the username is separated by space), we will get to the
`if (strlen(p) == ulen) { continue; }` without resetting the found
and is_user variables. This *sometimes* has the right effect, because
the next string in argv ought to contain the secret.
But in a case like {"--password", "1234567890"}, where the secret
string is the same length as the option, we *again* take that branch
and the password is not redacted, though the argument after it will be
unless it is also of the same length.
If we always set the flags at the start we avoid this. This makes
things worse in the short term for secrets that are not the same
length as their options, but we'll get to that in another commit soon.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
53a11845 by Douglas Bagnall at 2024-07-03T01:35:31+00:00
cmdline:burn: handle arguments separated from their --options
We weren't treating "--password secret" the same as "--password=secret",
which sometimes led to secrets not being redacted.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
d3d8dffc by Douglas Bagnall at 2024-07-03T01:35:31+00:00
cmdline:burn: always return true if burnt
Before we have been trying to cram three cases into a boolean return
value:
* cmdline had secrets, we burnt them -> true
* cmdline had no secrets, all good -> false
* cmdline has NULL string, WTF! emergency! -> false
This return value is only used by Python which wants to know whether to
go to the trouble of replacing the command line. If samba_cmdline_burn()
returns false, no action is taken.
If samba_cmdline_burn() burns a password and then hits a NULL, it would
be better not to do nothing. It would be better to crash. And that is
what Python will end up doing, by some talloc returning NULL triggering
a MemoryError.
What about the case like {"--foo", NULL, "-Ua%b"} where the secret comes
after the NULL? That will still be ignored by Python, as it is by all C
tools, but we are hoping that can't happen anyway.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
f5233ddf by Douglas Bagnall at 2024-07-03T01:35:31+00:00
cmdline:burn: localise some variables
As this function increases in complexity, it helps to keep things close.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
6effed31 by Douglas Bagnall at 2024-07-03T01:35:31+00:00
cmdline:burn: do not burn options starting --user-*, --password-*
We have options that start with --user or --password that we don't
want to burn. Some grepping says:
2 --user1
1 --user2
10 --user-allowed-to-authenticate-from
6 --user-allowed-to-authenticate-to
2 --user-allow-ntlm-auth
25 --user-authentication-policy
1 --user-config
4 --user-domgroups
5 --user-ext-name
2 --user-groups
6 --user-info
27 --username
1 --username2
2 --userou
1 --users
2 --user-sidinfo
6 --user-sids
14 --user-tgt-lifetime-mins
2 --password2
118 --password-file
2 --password-from-stdin
# from here, grepping for strings around POPT_ constants
5 "user"
2 "user1"
2 "user2"
1 "userd"
1 "user-domgroups"
1 "user-groups"
1 "user-info"
2 "username"
1 "user-sidinfo"
1 "user-sids"
1 passwordd
4 "password"
Not all of these use lib/cmdline, but I think most do, via Python
which defers to cmdline_burn().
Note that there are options we should burn that aren't on this list,
like --adminpass. That's another matter.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
c4df89e9 by Douglas Bagnall at 2024-07-03T01:35:31+00:00
cmdline: test_cmdline tests more burning
We have more secret arguments, like --client-password, --adminpass,
so we are going to use an allowlist for options containing 'pass', but
we don't want to burn the likes of --group=passionfruit.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
f1fbba6d by Douglas Bagnall at 2024-07-03T01:35:31+00:00
cmdline:burn: use allowlist to ensure more passwords burn
We treat any option containing 'pass' with suspicion, unless we know it
is OK.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
63a83fb7 by Douglas Bagnall at 2024-07-03T01:35:31+00:00
cmdline:burn: explicitly burn --username
This is the long form of -U in samba-tool.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
97be45f9 by Douglas Bagnall at 2024-07-03T01:35:31+00:00
cmdline:burn: add a note about short option combinations
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
3c97ad41 by John Thacker at 2024-07-03T01:35:31+00:00
pidl:Wireshark Use proto_tree_add_bitmask_with_flags
Picked from the Wireshark fork:
commit 9a5e6a6884b2369527638fecd49c4c58d8c10378
Author: Michael Mann <mmann78 at netscape.net>
Date: Wed Jun 15 15:35:51 2016 -0400
DCE/RPC proto_tree_add_boolean -> proto_tree_add_bitmask_with_flags
Change-Id: I8891ec90244ffd9609d8443df631a7c8e6453b7e
Reviewed-on: https://code.wireshark.org/review/15942
Petri-Dish: Michael Mann <mmann78 at netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply at wireshark.org>
Reviewed-by: Michael Mann <mmann78 at netscape.net>
Signed-off-by: John Thacker <johnthacker at gmail.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
b8d902df by John Thacker at 2024-07-03T01:35:31+00:00
pidl:Wireshark Fix array of pointers NULL termination
Picked from Wireshark's PIDL fork:
commit c07fd447c362099b04eedb445e8fa469643403f7
Author: Binh Trinh <beango at gmail.com>
Date: Fri Jun 17 21:46:11 2016 -0400
DCE/RPC: fix array of pointers with NULL
Change-Id: Ie89f8fd4ec744d427d41866206d5a6784c5b224f
Reviewed-on: https://code.wireshark.org/review/16004
Petri-Dish: Jaap Keuter <jaap.keuter at xs4all.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply at wireshark.org>
Reviewed-by: Michael Mann <mmann78 at netscape.net>
Signed-off-by: John Thacker <johnthacker at gmail.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
39f05512 by John Thacker at 2024-07-03T01:35:31+00:00
pidl:Wireshark Get rid of Boolean "flags" with no bit set
Picked from Wireshark's fork:
commit 5ae9af9e50c89d8700e5a166a9c345fc46b3a4ca
Author: Guy Harris <guy at alum.mit.edu>
Date: Sun Nov 6 11:02:51 2016 -0800
Get rid of Boolean "flags" that don't have any bit set.
And tweak the Pidl generator for Wireshark not to generate "flags" like
that.
(The generator also does field name and true/false strings' case
differently, so I didn't use it to regenerate the dissectors; that needs
to be looked at.)
Change-Id: Ie1657a782ebdb107e58792cedd29bbaa79b17bd4
Reviewed-on: https://code.wireshark.org/review/18695
Reviewed-by: Guy Harris <guy at alum.mit.edu>
Signed-off-by: John Thacker <johnthacker at gmail.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
4a050601 by John Thacker at 2024-07-03T01:35:31+00:00
pidl:Wireshark Rename tvb_new_subset()
Picked from Wireshark's fork:
commit 7cd6906056922e4b8f68f1216d94eaa0809896fe
Author: Guy Harris <guy at alum.mit.edu>
Date: Mon Jan 9 22:18:49 2017 -0800
Rename tvb_new_subset() to tvb_new_subset_length_caplen().
This emphasizes that there is no such thing as *the* routine to
construct a subset tvbuff; you need to choose one of
tvb_new_subset_remaining() (if you want a new tvbuff that contains
everything past a certain point in an existing tvbuff),
tvb_new_subset_length() (if you want a subset that contains everything
past a certain point, for some number of bytes, in an existing tvbuff),
and tvb_new_subset_length_caplen() (for all other cases).
Many of the calls to tvb_new_subset_length_caplen() should really be
calling one of the other routines; that's the next step. (This also
makes it easier to find the calls that need fixing.)
Change-Id: Ieb3d676d8cda535451c119487d7cd3b559221f2b
Reviewed-on: https://code.wireshark.org/review/19597
Reviewed-by: Guy Harris <guy at alum.mit.edu>
Signed-off-by: John Thacker <johnthacker at gmail.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
95420715 by John Thacker at 2024-07-03T02:35:43+00:00
pidl:Wireshark Fix the type of array of pointerse to hf_ values
Picked from Wireshark's fork:
commit e1d9a226a2b8f2824a0eb162a8dc972e6e6c2dd4
Author: Guy Harris <gharris at sonic.net>
Date: Thu Jun 18 18:14:46 2020 -0700
Fix the type of arrays of pointers to hf_ values for bitfield routines.
The static arrays are supposed to be arrays of const pointers to int,
not arrays of non-const pointers to const int.
Fixing that means some bugs (scribbling on what's *supposed* to be a
const array) will be caught (see packet-ieee80211-radiotap.c for
examples, the first of which inspired this change and the second of
which was discovered while testing compiles with this change), and
removes the need for some annoying casts.
Also make some of those arrays static while we're at it.
Update documentation and dissector-generator tools.
Change-Id: I789da5fc60aadc15797cefecfd9a9fbe9a130ccc
Reviewed-on: https://code.wireshark.org/review/37517
Petri-Dish: Guy Harris <gharris at sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58 at gmail.com>
Signed-off-by: John Thacker <johnthacker at gmail.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Douglas Bagnall <dbagnall at samba.org>
Autobuild-Date(master): Wed Jul 3 02:35:43 UTC 2024 on atb-devel-224
- - - - -
2aca5cfb by Stefan Metzmacher at 2024-07-03T11:41:12+00:00
smbd: correctly restore ENOENT if fstatfs() modifies it
Review with: git show -U5
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Wed Jul 3 11:41:12 UTC 2024 on atb-devel-224
- - - - -
2e0c693f by John Thacker at 2024-07-03T14:19:04+00:00
Revert "pidl: Use non-existent function dissect_ndr_int64()"
This reverts commit a836b433ed7f0acca546558d2aec359155999f30.
Wireshark's NDR dissector dissects both signed and unsigned types
of the same size and alignment with the same functions, e.g. see
the handling of "udlong" and "dlong." It is passing the FT_UINT64
vs FT_INT64 field type enum value that determines at the last
moment whether a value is cast to signed. dissect_ndr_uint64()
already has the proper behavior for 8-byte aligned signed 64 bit
integers, and a dissect_ndr_int64() function will not need to be
introduced.
Signed-off-by: John Thacker <johnthacker at gmail.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Wed Jul 3 14:19:04 UTC 2024 on atb-devel-224
- - - - -
93a3dd48 by Andreas Schneider at 2024-07-04T08:08:49+00:00
gitlab-ci: Also add the git directory for pipeline in the main mirror
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Thu Jul 4 08:08:49 UTC 2024 on atb-devel-224
- - - - -
659cb9f7 by Volker Lendecke at 2024-07-04T15:26:36+00:00
smbd: Rename symlink_target_path to _symlink_target_path
Only temporary, next step is a new more general symlink_target_path
routine, we'll need that in libcli/smb as well.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
b91e257f by Volker Lendecke at 2024-07-04T15:26:36+00:00
libcli: New routine symlink_target_path for [MS-SMB2] 2.2.2.2.1.1
Right now the only user is the user-space symlink following in
smbd. We will use it in libsmb as well to correctly handle
STOPPED_ON_SYMLINK. When trying to upstream that code I found the
previous_slash function incredibly hard to understand.
This new routine makes copy of "const char *_name_in", so that we can
replace previous_slash with a simple strrchr_m. If that's too
slow (which I doubt, this is "only" chasing symlinks) we can always do
something smarter again.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
94f37866 by Volker Lendecke at 2024-07-04T15:26:36+00:00
smbd: Use new symlink_target_path routine
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
f1fae540 by Volker Lendecke at 2024-07-04T15:26:36+00:00
docs: "share:fake_fscaps" is per share, not global
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
f31478e7 by Volker Lendecke at 2024-07-04T15:26:36+00:00
lib: Remove unused strnrchr_m
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
a8405ed1 by Volker Lendecke at 2024-07-04T15:26:36+00:00
lib: Remove unused strnrchr_w
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
e989d738 by Volker Lendecke at 2024-07-04T15:26:36+00:00
lib: Remove a few duplicate prototypes
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
8292481b by Volker Lendecke at 2024-07-04T16:31:39+00:00
smbd: Don't talloc_zero where we assign the struct a line below
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Thu Jul 4 16:31:39 UTC 2024 on atb-devel-224
- - - - -
af3868d7 by Pavel Filipenský at 2024-07-05T07:45:31+00:00
s3:utils: Initialize DATA_BLOB blob
Error: UNINIT (CWE-457):
samba-4.20.0rc2/source3/utils/regedit_dialog.c:1965: var_decl: Declaring variable "blob" without initializer.
samba-4.20.0rc2/source3/utils/regedit_dialog.c:2044: uninit_use_in_call: Using uninitialized value "blob" when calling "reg_val_set".
2042|
2043| if (W_ERROR_IS_OK(rv)) {
2044|-> rv = reg_val_set(edit->key, name, edit->type, blob);
2045| }
2046|
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
275ffbf5 by Pavel Filipenský at 2024-07-05T07:45:32+00:00
s3:rpcclient: Initialize spoolss_DriverDirectoryInfo info
Error: UNINIT (CWE-457):
samba-4.20.0rc2/source3/rpcclient/cmd_spoolss.c:1530: var_decl: Declaring variable "info" without initializer.
samba-4.20.0rc2/source3/rpcclient/cmd_spoolss.c:1578: uninit_use_in_call: Using uninitialized value "info" when calling "display_printdriverdir_1".
1576|
1577| if (W_ERROR_IS_OK(result)) {
1578|-> display_printdriverdir_1(&info.info1);
1579| }
1580|
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
fd4afa30 by Pavel Filipenský at 2024-07-05T07:45:32+00:00
s3:registry: Initialize struct security_ace ace[]
Error: UNINIT (CWE-457):
samba-4.20.0rc2/source3/registry/reg_dispatcher.c:43: var_decl: Declaring variable "ace" without initializer.
samba-4.20.0rc2/source3/registry/reg_dispatcher.c:66: uninit_use_in_call: Using uninitialized value "*ace". Field "ace->object" is uninitialized when calling "make_sec_acl".
64| /* create the security descriptor */
65|
66|-> theacl = make_sec_acl(ctx, NT4_ACL_REVISION, i, ace);
67| if (theacl == NULL) {
68| return WERR_NOT_ENOUGH_MEMORY;
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
f434524b by Pavel Filipenský at 2024-07-05T07:45:32+00:00
s4:torture: Initialize struct smb2_handle consistently in lease.c
Error: UNINIT (CWE-457):
samba-4.20.0rc2/source4/torture/smb2/lease.c:567: var_decl: Declaring variable "h" without initializer.
samba-4.20.0rc2/source4/torture/smb2/lease.c:642: uninit_use_in_call: Using uninitialized value "h" when calling "smb2_util_close".
640|
641| done:
642|-> smb2_util_close(tree, h);
643| smb2_util_close(tree, h2);
644|
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
c9c74d81 by Pavel Filipenský at 2024-07-05T08:53:07+00:00
s3:rpc_server: Initialize array struct security_ace ace[]
Error: UNINIT (CWE-457):
samba-4.20.0rc2/source4/torture/smb2/lease.c:567: var_decl: Declaring variable "h" without initializer.
samba-4.20.0rc2/source4/torture/smb2/lease.c:642: uninit_use_in_call: Using uninitialized value "h" when calling "smb2_util_close".
640|
641| done:
642|-> smb2_util_close(tree, h);
643| smb2_util_close(tree, h2);
644|
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Fri Jul 5 08:53:08 UTC 2024 on atb-devel-224
- - - - -
e4d6a19e by Ralph Boehme at 2024-07-05T10:02:26+00:00
third_party/heimdal: Import lorikeet-heimdal-202407041740 (commit 42ba2a6e5dd1bc14a8b5ada8c9b8ace85956f6a0)
Fix clock skew error message and memory cache clock skew recovery
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15676
Signed-off-by: Ralph Boehme <slow at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Fri Jul 5 10:02:26 UTC 2024 on atb-devel-224
- - - - -
6cfa3788 by Volker Lendecke at 2024-07-05T23:42:46+00:00
lib: Add general py_reparse_get parsing routine
Will superseed py_reparse_symlink_get
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
3a60fc5d by Volker Lendecke at 2024-07-05T23:42:46+00:00
tests: Remove a pointless ;
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
93bde61f by Volker Lendecke at 2024-07-05T23:42:46+00:00
tests: Use the general py_reparse_get
This was the only user of py_reparse_symlink_get
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
09b91728 by Volker Lendecke at 2024-07-05T23:42:46+00:00
lib: Remove unused py_reparse_symlink_get
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
90c9d0d9 by Jones Syue at 2024-07-06T00:52:02+00:00
s3:ntlm_auth: make logs more consistent with length check
Run ntlm_auth with options --lm-response/--nt-response/--challenge, and pass
wrong length to these options, got error prompted logs about 'only got xxx
bytes', which are not consistent with length check. This patch revise logs
for length check to make it more consistent.
For example --lm-response requires exact 24 hex, let us input three kinds
of length 23 24 25, prompted logs said 'only got 25 bytes' seems confusing.
script:
for length in 23 24 25; \
do \
ntlm_auth --username=${un} --password=${pw} \
--lm-response="`openssl rand -hex ${length}`"; \
done;
output:
hex decode of 04db772593f5e6023d0ab4bc67a942c9179963477eb49d failed! (only got 23 bytes)
NT_STATUS_OK: The operation completed successfully. (0x0)
hex decode of 1e57749feb46bedcf969af6cbbe10e21d0232e35c27eb07294 failed! (only got 25 bytes)
After patch it shows 'got 25 bytes, expected 24' seems more consistent:
hex decode of e13e70c9cf2ac1e20015657c4bec53435b1b948febb63f failed! (got 23 bytes, expected 24)
NT_STATUS_OK: The operation completed successfully. (0x0)
hex decode of 64647005243092b036856f572faad262e0b69386d095d60f54 failed! (got 25 bytes, expected 24)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15677
Signed-off-by: Jones Syue <jonessyue at qnap.com>
Reviewed-by: David Mulder <dmulder at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Sat Jul 6 00:52:02 UTC 2024 on atb-devel-224
- - - - -
2a6805cc by Andreas Schneider at 2024-07-08T06:28:47+00:00
third_party: Update nss_wrapper to version 1.1.16
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Mon Jul 8 06:28:47 UTC 2024 on atb-devel-224
- - - - -
6cadb1d6 by Andreas Schneider at 2024-07-08T07:36:32+00:00
s3:registry: Check for integer overflow
"Error: INTEGER_OVERFLOW (CWE-190):
samba-4.20.0rc2/source3/registry/regfio.c:175: tainted_data_argument: The check ""bytes_read < block_size"" contains the tainted expression ""bytes_read"" which causes ""block_size"" to be considered tainted.
samba-4.20.0rc2/source3/registry/regfio.c:176: overflow: The expression ""block_size - bytes_read"" is deemed overflowed because at least one of its arguments has overflowed.
samba-4.20.0rc2/source3/registry/regfio.c:176: overflow_sink: ""block_size - bytes_read"", which might have underflowed, is passed to ""read(file->fd, buffer + bytes_read, block_size - bytes_read)"". [Note: The source code implementation of the function has been overridden by a builtin model.]
174|
175| while ( bytes_read < block_size ) {
176|-> if ( (returned = read( file->fd, buffer+bytes_read, block_size-bytes_read )) == -1 ) {
177| DEBUG(0,(""read_block: read() failed (%s)\n"", strerror(errno) ));
178| return False;"
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
8abda0a1 by Andreas Schneider at 2024-07-08T07:36:32+00:00
s3:registry: Use correct integer sizes
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
982c6b2b by Andreas Schneider at 2024-07-08T07:36:32+00:00
s3:smbd: Remove trailing spaces in smb1_process.c
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
94b8fa41 by Andreas Schneider at 2024-07-08T07:36:32+00:00
s3:smbd: Remove trailing spaces in seal.c
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
0131e473 by Andreas Schneider at 2024-07-08T07:36:32+00:00
s3:smbd: Fix invalid memory free
"Error: BAD_FREE (CWE-590):
samba-4.20.0rc2/source3/smbd/smb1_process.c:1485: array_free: ""smb1_srv_send"" frees array ""errbuf"".
1483| char errbuf[smb_size];
1484| error_packet(errbuf, 0, 0, status, __LINE__, __FILE__);
1485|-> if (!smb1_srv_send(req->xconn,
1486| errbuf,
1487| true,"
Pair-Programmed-With: Ralph Boehme <slow at samba.org>
Signed-off-by: Ralph Boehme <slow at samba.org>
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
b7c45f9c by Andreas Schneider at 2024-07-08T07:36:33+00:00
examples: Initialize char arrays
"Error: UNINIT (CWE-457):
samba-4.20.0rc2/examples/libsmbclient/testacl.c:35: var_decl: Declaring variable ""value"" without initializer.
samba-4.20.0rc2/examples/libsmbclient/testacl.c:254: uninit_use_in_call: Using uninitialized value ""*value"" as argument to ""%s"" when calling ""printf"". [Note: The source code implementation of the function has been overridden by a builtin model.]
252| }
253|
254|-> printf(""Attributes for [%s] are:\n%s\n"", path, value);
255|
256| if (stat_and_retry)"
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
742e5b48 by Andreas Schneider at 2024-07-08T07:36:33+00:00
s4:torture: Initialize pointer with NULL
"Error: UNINIT (CWE-457):
samba-4.20.0rc2/source4/torture/rpc/samsync.c:342: var_decl: Declaring variable ""dom_sid"" without initializer.
samba-4.20.0rc2/source4/torture/rpc/samsync.c:385: uninit_use_in_call: Using uninitialized value ""dom_sid"" when calling ""dom_sid_dup"".
383| }
384| if (samsync_state->domain_handle[database_id]) {
385|-> samsync_state->sid[database_id] = dom_sid_dup(samsync_state, dom_sid);
386| }
387|"
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
26c56ae5 by Andreas Schneider at 2024-07-08T08:37:46+00:00
s3:rpc_server: Initialize array
"Error: UNINIT (CWE-457):
samba-4.20.0rc2/source3/rpc_server/svcctl/srv_svcctl_nt.c:163: var_decl: Declaring variable ""ace"" without initializer.
samba-4.20.0rc2/source3/rpc_server/svcctl/srv_svcctl_nt.c:182: uninit_use_in_call: Using uninitialized value ""*ace"". Field ""ace->object"" is uninitialized when calling ""make_sec_acl"".
180| /* create the security descriptor */
181|
182|-> if ( !(theacl = make_sec_acl(ctx, NT4_ACL_REVISION, i, ace)) )
183| return NULL;
184|"
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Mon Jul 8 08:37:46 UTC 2024 on atb-devel-224
- - - - -
2c1a4a51 by Andréas Leroux at 2024-07-09T08:37:22+00:00
ldap_server: Add a ldapsrv debug class to log LDAP queries
Patch updated for recent samba versions in merge request #3295 by kvvloten
Initial patch created by Jeremy Allison (https://www.spinics.net/lists/samba/msg161128.html) to log LDAP server queries/functions in a separate file
Signed-off-by: Andréas Leroux <aleroux at tranquil.it>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Tue Jul 9 08:37:22 UTC 2024 on atb-devel-224
- - - - -
ef0068cd by Anoop C S at 2024-07-09T13:05:47+00:00
vfs_ceph: Disable the module on unsupported Ceph versions
For the last major release(v4.20) we had a warning issued(fe16ae1fe834)
to inform about the plan to disable building vfs_ceph in the absence of
certain required APIs. This is now due to make the changes and further
disable building the module if minimum required libcephfs APIs are not
present. As we speak this requirement includes ceph_select_filesystem()
and *at() variants of libcephfs APIs. These were around since v17(even
earlier for ceph_select_filesystem) which is the lowest non-EOL version
of Ceph available[1] at the moment.
[1] https://docs.ceph.com/en/latest/releases/#ceph-releases-index
Signed-off-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: David Disseldorp <ddiss at samba.org>
Autobuild-User(master): Anoop C S <anoopcs at samba.org>
Autobuild-Date(master): Tue Jul 9 13:05:47 UTC 2024 on atb-devel-224
- - - - -
d2b119e3 by Douglas Bagnall at 2024-07-10T05:22:40+00:00
cmdline: samba-tool test for bad option warning
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
- - - - -
86843685 by Douglas Bagnall at 2024-07-10T06:28:08+00:00
cmdline:burn: list commands to always burn; warn on unknown
We burn arguments to all unknown options containing "pass" (e.g.
"--passionate=false") in case they are a password option, but is bad
in the case where the unknown option takes no argument but the next
option *is* a password (like "--overpass --password2 barney". In that
case "--password2" would be burnt and not "barney".
The burning behaviour doesn't change with this commit, but users will now
see an error message explaining that the option was unknown. This is not
so much aimed at end users -- for who an invalid option will hopefully
lead to --help like output -- but to developers who add a new "pass"
option.
This also slightly speeds up the processing of known password options,
which is a little bit important because we are in a race to replace the
command line in /proc before an attacker sees it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall at samba.org>
Autobuild-Date(master): Wed Jul 10 06:28:08 UTC 2024 on atb-devel-224
- - - - -
3a21b7d9 by Pavel Filipenský at 2024-07-10T10:35:00+00:00
.gitlab-ci-main.yml: Add safe.directory '*'
This is to fix the error when pushing to personal gitlab repo:
2024-07-04 08:16:05,460 Running: 'git clone --recursive --shared /builds/pfilipen/samba /builds/samba-testbase/master' in '/builds/pfilipen/samba'
Cloning into '/builds/samba-testbase/master'...
fatal: detected dubious ownership in repository at '/builds/pfilipen/samba/.git'
To add an exception for this directory, call:
git config --global --add safe.directory /builds/pfilipen/samba/.git
fatal: Could not read from remote repository.
Instead of adding more and more explicit repositories
we should just allow any, we're in an isolated environment...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15660
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Wed Jul 10 10:35:00 UTC 2024 on atb-devel-224
- - - - -
c3ca2a65 by John Thacker at 2024-07-12T09:59:32+00:00
pidl: Update Wireshark generated DRSUAPI code
Picked from Wireshark:
commit b1249b0be4badc44cbbb30ff414d32d1b884a668
Author: hidd3ncod3s Sec <hidd3ncod3s at gmail.com>
Date: Tue Aug 15 04:29:08 2023 +0000
DCERPC: Update DRSUAPI support
Signed-off-by: John Thacker <johnthacker at gmail.com>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
f2ed371e by John Thacker at 2024-07-12T09:59:32+00:00
pidl: Wireshark: Remove init of proto variables
Pick up change from Wireshark as it applies to PIDL:
commit 2a9bc63325c99653c5da873c273430add3b5e9dd
Author: Stig Bjørlykke <stig at bjorlykke.org>
Date: Mon Nov 20 08:16:40 2023 +0100
Remove init of proto variables
Remove init of proto, header field, expert info and subtree variables.
This will reduces the binary size by approximate 1266320 bytes due to
using .bss to zero-initialize the fields.
The conversion is done using the tools/convert-proto-init.py script
Signed-off-by: John Thacker <johnthacker at gmail.com>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
5a5e68c2 by John Thacker at 2024-07-12T09:59:32+00:00
pidl: Wireshark: Don't initialise static hf and ett variables.
Pick up change from Wireshark:
commit 9ca6eff53db29cad7dfc7e57fba4d68e9c838ab5
Author: Anders Broman <a.broman58 at gmail.com>
Date: Thu May 2 14:14:29 2024 +0200
PIDL: Don't initialise static hf and ett variables.
Signed-off-by: John Thacker <johnthacker at gmail.com>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
2f5a388d by John Thacker at 2024-07-12T09:59:32+00:00
pidl: Wireshark: Const-ify dcerpc_sub_dissector structures.
Pick up change from Wireshark:
commit 8a2a42241fd148ce735e776a6a1e6b49b64d215e
Author: Darius Davis <darius-wireshark at free-range.com.au>
Date: Sun May 19 17:39:38 2024 +1000
Const-ify dcerpc_sub_dissector structures.
This moves about 56 kBytes of data from a read-write data section to read-only.
The various dissectors were _not_ regenerated for this commit. Instead, this
commit was produced using the following command:
find * -type f -exec sed -i -e 's/\(["'\'']\|^\)static dcerpc_sub_dissector/\1static const dcerpc_sub_dissector/' \{\} \;
This updates the generator script and its test, as well as making an identical
change to all of the dissectors, regardless of whether or not those dissectors
were produced by the generator script.
Signed-off-by: John Thacker <johnthacker at gmail.com>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
e60c5b88 by John Thacker at 2024-07-12T09:59:32+00:00
pidl: Wireshark: Update test for removal of ett initialization
Pick up change from Wireshark:
commit 6e4c81b324e9b1752ce6bc253a09355512b5b387
Author: John Thacker <johnthacker at gmail.com>
Date: Sat Jun 22 11:10:48 2024 -0400
pidl: Update test for removal of ett initialization
Also remove trailing whitespace
Signed-off-by: John Thacker <johnthacker at gmail.com>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
00f57728 by John Thacker at 2024-07-12T09:59:32+00:00
pidl: Wireshark: Convert the pidl dissector generation code to C99 types
Pick up change from Wireshark:
commit 4df8d2884ddfe72a03d0b322c10ae515a8366ea4
Author: John Thacker <johnthacker at gmail.com>
Date: Sat Jun 22 11:21:47 2024 -0400
pidl: Convert the pidl dissector generation code to C99 types
Switch the Wireshark.pm pidl dissector generation code to using C99
types, and regenerated the dcerpc pidl dissectors.
Ping #19116
Signed-off-by: John Thacker <johnthacker at gmail.com>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
5b12d3d2 by John Thacker at 2024-07-12T09:59:32+00:00
pidl: Wireshark: Remove init of proto variables
Pick up change from Wireshark:
commit 10b046cbdd110dbae8f4cab048e5954bf6955402
Author: John Thacker <johnthacker at gmail.com>
Date: Sat Jun 22 20:31:40 2024 -0400
pidl: Remove init of proto variables
Remove initialization of proto variables from pidl generated dissectors
and regenerate.
Follow up to 2a9bc63325c99653c5da873c273430add3b5e9dd
Signed-off-by: John Thacker <johnthacker at gmail.com>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
9870457e by John Thacker at 2024-07-12T09:59:32+00:00
pidl: Wireshark: Don't assign hash undef, assign it an empty array
Pick up change from Wireshark:
commit ade6577f109e2bf741909226254b758e79a816f1
Author: John Thacker <johnthacker at gmail.com>
Date: Fri Jun 21 20:27:51 2024 -0400
pidl: Don't assign hash undef, assign it an empty array
Perl works, but complains if warnings are on, if a hash is
initialized to undef instead of to empty. Upstream Samba turned on
warnings in the next commit to catch things like this.
Signed-off-by: John Thacker <johnthacker at gmail.com>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
e450ff68 by John Thacker at 2024-07-12T11:08:03+00:00
pidl: Wireshark: Another C99 type conversion
Pick up change from Wireshark:
commit bdb719f846f9d8f7800b9f50dadfde5e7f7a89e1
Author: John Thacker <johnthacker at gmail.com>
Date: Sun Jun 23 08:15:45 2024 -0400
pidl: Another C99 type conversion
Change an automated sizeof() call in the pidl dissector generation from
prefixing a "g" to getting the actual C type.
Ping #19116
Signed-off-by: John Thacker <johnthacker at gmail.com>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Fri Jul 12 11:08:03 UTC 2024 on atb-devel-224
- - - - -
e76b7578 by Volker Lendecke at 2024-07-12T20:35:34+00:00
vfs: xattr calls give EBADF for sockets
This is required for make test with disabled O_PATH
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
4a294d5a by Volker Lendecke at 2024-07-12T20:35:34+00:00
tests: Run reparsepoint tests in fileserver_smb1
We'll need posix extensions soon
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
597f7856 by Volker Lendecke at 2024-07-12T20:35:34+00:00
tests: FIFOs should be shown as NFS reparse points
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e4e5242b by Volker Lendecke at 2024-07-12T20:35:34+00:00
smbd: Add DBG to return tag for SMB_FILE_ATTRIBUTE_TAG_INFORMATION
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f1440ceb by Volker Lendecke at 2024-07-12T20:35:34+00:00
smbd: Turn file type handling in fdos_mode into a switch
There will be more cases soon
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a03f339e by Volker Lendecke at 2024-07-12T20:35:34+00:00
smbd: Show fifos as reparse points in fdos_mode
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
b311f4ec by Volker Lendecke at 2024-07-12T20:35:34+00:00
smbd: Turn an if-statement getting reparse points into a switch
There will be more cases soon
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
57b6a853 by Volker Lendecke at 2024-07-12T20:35:34+00:00
smbd: Report FIFOs as NFS style reparse points
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
fb7a7cd7 by Volker Lendecke at 2024-07-12T20:35:34+00:00
tests: Factor out do_test_nfs_reparse
Will be used for sockets next
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1b9f1690 by Volker Lendecke at 2024-07-12T20:35:34+00:00
tests: Sockets should be shown as NFS reparse points
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
51ded0ae by Volker Lendecke at 2024-07-12T20:35:34+00:00
smbd: Show sockets as reparse points in fdos_mode
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
3326ffa8 by Volker Lendecke at 2024-07-12T20:35:34+00:00
smbd: Factor out fsctl_get_reparse_point_int
We'll use it for the other special files as well
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
cd7889de by Volker Lendecke at 2024-07-12T20:35:34+00:00
smbd: Report sockets as NFS style reparse points
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
bbe2c82f by Volker Lendecke at 2024-07-12T21:36:16+00:00
smbd: Show blk and chr devices as nfs reparse points
Can't test these in selftest, we can't create devices and I don't want
us to depend on /dev to exist. Tested manually on a system where
/dev/null exists:
Try "help" to get a list of possible commands.
smb: \> allinfo null
altname: null
create_time: Fri Jun 21 02:45:59 PM 2024 CEST
access_time: Fri Jun 21 02:45:59 PM 2024 CEST
write_time: Fri Jun 21 02:45:59 PM 2024 CEST
change_time: Fri Jun 21 02:45:59 PM 2024 CEST
attributes: (480)
stream: [::$DATA], 0 bytes
0x80000014 (IO_REPARSE_TAG_NFS)
0x524843 (NFS_SPECFILE_CHR)
1/3
smb: \>
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Jul 12 21:36:16 UTC 2024 on atb-devel-224
- - - - -
6f3545ce by Andreas Schneider at 2024-07-15T13:51:03+00:00
python:tests: Use assertMultiLineEqual() to get better failure output
When not equal a diff of the two strings highlighting the differences
will be included this way.
This is a flapping test.
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Andreas Schneider <asn at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Mon Jul 15 13:51:03 UTC 2024 on atb-devel-224
- - - - -
a3856ee4 by Stefan Metzmacher at 2024-07-16T07:40:41+00:00
python:tests: pass bytes.decode() instead of str(bytes) to assertMultiLineEqual() to get better failure output
When not equal a diff of the two strings highlighting the differences
will be included this way.
This is a flapping test.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Tue Jul 16 07:40:41 UTC 2024 on atb-devel-224
- - - - -
3aa6aa02 by Andreas Schneider at 2024-07-16T11:41:33+00:00
s4:torture: Initialize struct netr_IdentityInfo
"Error: UNINIT (CWE-457):
samba-4.20.0rc2/source4/torture/rpc/samr.c:3601: var_decl: Declaring variable ""identity"" without initializer.
samba-4.20.0rc2/source4/torture/rpc/samr.c:3650: uninit_use: Using uninitialized value ""identity"". Field ""identity.domain_name.length"" is uninitialized.
3648| }
3649|
3650|-> pinfo.identity_info = identity;
3651| logon.password = &pinfo;
3652|"
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
ae47ec17 by Andreas Schneider at 2024-07-16T11:41:33+00:00
s4:torture: Initialize union smb_open
"Error: UNINIT (CWE-457):
samba-4.20.0rc2/source4/torture/raw/open.c:1136: var_decl: Declaring variable ""io1"" without initializer.
samba-4.20.0rc2/source4/torture/raw/open.c:1198: uninit_use_in_call: Using uninitialized value ""io1.ntcreatex.out.file.fnum"" when calling ""smbcli_close"".
1196| done:
1197| smbcli_close(cli->tree, io.ntcreatex.out.file.fnum);
1198|-> smbcli_close(cli->tree, io1.ntcreatex.out.file.fnum);
1199| smbcli_deltree(cli->tree, BASEDIR);
1200| return ret;"
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
ddadbddb by Andreas Schneider at 2024-07-16T11:41:33+00:00
libcli:nbt: Initialize struct nbt_name_register
"Error: UNINIT (CWE-457):
samba-4.20.0rc2/libcli/nbt/pynbt.c:277: var_decl: Declaring variable ""io"" without initializer.
samba-4.20.0rc2/libcli/nbt/pynbt.c:305: uninit_use_in_call: Using uninitialized value ""io.in.nb_flags"" when calling ""nbt_name_register"".
303| return NULL;
304|
305|-> status = nbt_name_register(node->socket, NULL, &io);
306|
307| if (NT_STATUS_IS_ERR(status)) {"
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
d21b8e05 by Andreas Schneider at 2024-07-16T11:41:33+00:00
lib:util: Move open() of /dev/null into the if-clause
"Error: RESOURCE_LEAK (CWE-772):
samba-4.20.0rc2/lib/util/close_low_fd.c:40: open_fn: Returning handle opened by ""open"". [Note: The source code implementation of the function has been overridden by a user model.]
samba-4.20.0rc2/lib/util/close_low_fd.c:40: var_assign: Assigning: ""dev_null"" = handle returned from ""open(""/dev/null"", 2, 0)"".
samba-4.20.0rc2/lib/util/close_low_fd.c:52: overwrite_var: Overwriting handle ""dev_null"" in ""dev_null = open(""/dev/null"", 2, 0)"" leaks the handle.
50| }
51|
52|-> dev_null = open(""/dev/null"", O_RDWR, 0);
53| if (dev_null == -1) {
54| dev_null = open(""/dev/null"", O_WRONLY, 0);"
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
d003a171 by Andreas Schneider at 2024-07-16T11:41:33+00:00
s4:torture: Initialize struct smb2_create
"Error: UNINIT (CWE-457):
samba-4.20.0rc2/source4/torture/smb2/sharemode.c:639: var_decl: Declaring variable ""cr3"" without initializer.
samba-4.20.0rc2/source4/torture/smb2/sharemode.c:736: uninit_use_in_call: Using uninitialized value ""cr3.out.file.handle"" when calling ""smb2_util_close"".
734| smb2_util_close(tree, cr1.out.file.handle);
735| smb2_util_close(tree, cr2.out.file.handle);
736|-> smb2_util_close(tree, cr3.out.file.handle);
737| smb2_util_unlink(tree, fname);
738| return ret;"
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
7723353d by Andreas Schneider at 2024-07-16T11:41:33+00:00
s4:torture: Remove tailing spaces in scanner.c
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
03283dfa by Andreas Schneider at 2024-07-16T11:41:33+00:00
s4:torture: Initialize struct smb_nttrans
"Error: UNINIT (CWE-457):
samba-4.20.0rc2/source4/torture/basic/scanner.c:368: var_decl: Declaring variable ""parms"" without initializer.
samba-4.20.0rc2/source4/torture/basic/scanner.c:388: uninit_use_in_call: Using uninitialized value ""parms.in.setup"" when calling ""smb_raw_nttrans"".
386| parms.in.data = ntdata_blob;
387|
388|-> status = smb_raw_nttrans(cli->tree, mem_ctx, &parms);
389|
390| if (NT_STATUS_IS_ERR(status)) {"
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
79d2dbc0 by Andreas Schneider at 2024-07-16T11:41:33+00:00
libgpo: Initialize struct security_ace array
"Error: UNINIT (CWE-457):
samba-4.20.0rc2/libgpo/gpo_reg.c:708: var_decl: Declaring variable ""ace"" without initializer.
samba-4.20.0rc2/libgpo/gpo_reg.c:755: uninit_use_in_call: Using uninitialized value ""*ace"". Field ""ace->object"" is uninitialized when calling ""make_sec_acl"".
753| mask, inherit_flags);
754|
755|-> theacl = make_sec_acl(mem_ctx, NT4_ACL_REVISION, 6, ace);
756| W_ERROR_HAVE_NO_MEMORY(theacl);
757|"
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
862ba429 by Andreas Schneider at 2024-07-16T11:41:33+00:00
s3:modules: Rename thistime to chunk
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
a541a7d7 by Andreas Schneider at 2024-07-16T11:41:33+00:00
s3:modules: Move chunk out of the loop
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
f3da1693 by Andreas Schneider at 2024-07-16T11:41:33+00:00
s3:modules: Make nread a size_t and check for possible overflow
"Error: INTEGER_OVERFLOW (CWE-190):
samba-4.20.0rc2/source3/modules/vfs_preopen.c:215: tainted_data_return: Called function ""read(sock_fd, namebuf + nread, talloc_get_size(namebuf) - nread)"", and a possible return value may be less than zero.
samba-4.20.0rc2/source3/modules/vfs_preopen.c:215: assign: Assigning: ""thistime"" = ""read(sock_fd, namebuf + nread, talloc_get_size(namebuf) - nread)"".
samba-4.20.0rc2/source3/modules/vfs_preopen.c:221: overflow: The expression ""nread"" is considered to have possibly overflowed.
samba-4.20.0rc2/source3/modules/vfs_preopen.c:215: overflow: The expression ""talloc_get_size(namebuf) - nread"" is deemed overflowed because at least one of its arguments has overflowed.
samba-4.20.0rc2/source3/modules/vfs_preopen.c:215: overflow_sink: ""talloc_get_size(namebuf) - nread"", which might have underflowed, is passed to ""read(sock_fd, namebuf + nread, talloc_get_size(namebuf) - nread)"". [Note: The source code implementation of the function has been overridden by a builtin model.]
213| ssize_t thistime;
214|
215|-> thistime = read(sock_fd, namebuf + nread,
216| talloc_get_size(namebuf) - nread);
217| if (thistime <= 0) {"
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
bd5e095e by Andreas Schneider at 2024-07-16T11:41:33+00:00
s4:torture: Remove tailing spaces in forest_trust.c
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
c3abd320 by Andreas Schneider at 2024-07-16T11:41:33+00:00
s3:services: Initialize struct security_ace array
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
8268b3ef by Andreas Schneider at 2024-07-16T11:41:33+00:00
lib:param: Add missing return code check
"Error: NEGATIVE_RETURNS (CWE-394):
samba-4.20.0rc2/lib/param/loadparm.c:1275: negative_return_fn: Function ""lpcfg_map_parameter(""printing"")"" returns a negative number.
samba-4.20.0rc2/lib/param/loadparm.c:1275: assign: Assigning: ""parm_num"" = ""lpcfg_map_parameter(""printing"")"".
samba-4.20.0rc2/lib/param/loadparm.c:1278: negative_returns: Using variable ""parm_num"" as an index to array ""parm_table"".
1276| }
1277|
1278|-> if (!lp_set_enum_parm(&parm_table[parm_num], pszParmValue, (int*)ptr)) {
1279| return false;
1280| }"
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
85d80240 by Andreas Schneider at 2024-07-16T12:42:39+00:00
s4:torture: Do not set sr.in.info to info be we queried the info
`sr.in.info = info` is correctly set later after we called
dcerpc_lsa_QueryTrustedDomainInfoByName_r() which filling the info
pointer with data.
"Error: UNINIT (CWE-457):
samba-4.20.0rc2/source4/torture/rpc/forest_trust.c:211: var_decl: Declaring variable ""info"" without initializer.
samba-4.20.0rc2/source4/torture/rpc/forest_trust.c:248: uninit_use: Using uninitialized value ""info"".
246| sr.in.trusted_domain = talloc_zero(tctx, struct lsa_String);
247| sr.in.trusted_domain->string = name;
248|-> sr.in.info = info;
249|
250| for (c = 0; il[c].info_level != -1; c++) {"
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
Autobuild-User(master): Günther Deschner <gd at samba.org>
Autobuild-Date(master): Tue Jul 16 12:42:39 UTC 2024 on atb-devel-224
- - - - -
34056363 by Martin Schwenke at 2024-07-16T23:05:35+00:00
ctdb-tests: Add more reloadnodes unit tests
There are no existing tests to exercise node IP address change
detection.
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
8ba8fef8 by Martin Schwenke at 2024-07-17T00:06:53+00:00
ctdb-tests: Correctly handle adding a deleted node at the end
The current fake_ctdbd code for reloading the nodes file overruns the
allocation when adding a deleted node at the end. This is a very
unlikely case, but it might as well work.
Check the size of the internal node map when marking a node deleted.
Also, update the code that adds a node to correctly set the deleted
flag when appropriate.
The included test case tests this.
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Autobuild-User(master): Günther Deschner <gd at samba.org>
Autobuild-Date(master): Wed Jul 17 00:06:53 UTC 2024 on atb-devel-224
- - - - -
20e8e706 by Pavel Filipenský at 2024-07-17T07:48:31+00:00
docs-xml: Mention winbind consistently in samba-dcerpcd.8
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
3e98649a by Pavel Filipenský at 2024-07-17T07:48:31+00:00
python:tests: Fix spelling in to test_samba_dnsupdate_no_change
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
47f552c6 by Pavel Filipenský at 2024-07-17T07:48:31+00:00
s3:librpc: Fix a typo in DEBUG text
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
471163e5 by Pavel Filipenský at 2024-07-17T07:48:31+00:00
libnet: Fix debug text
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
eaed0cd9 by Pavel Filipenský at 2024-07-17T08:49:46+00:00
s3:lib: Fix a typo in MACRO
DEBUG_PASSWORDS --> DEBUG_PASSWORD
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Reviewed-by: Martin Schwenke <martin at meltin.net>
Autobuild-User(master): Pavel Filipensky <pfilipensky at samba.org>
Autobuild-Date(master): Wed Jul 17 08:49:46 UTC 2024 on atb-devel-224
- - - - -
8937dce1 by Stefan Metzmacher at 2024-07-17T10:12:36+00:00
libcli/auth: fix debug level 100 valgrind warnings in SMBOWFencrypt_ntv2()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
1e21b99b by Stefan Metzmacher at 2024-07-17T10:12:36+00:00
selftest:Samba3: add simpleserver globals before include = global_inject.conf
This allows overriding any existing parameter.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9705
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
f7574a59 by Stefan Metzmacher at 2024-07-17T10:12:36+00:00
selftest:Samba3: allow lanman auth in setup_nt4_member
Note that the LM HASH is only generated for passwords
up to 14 characters...
We use extra_options_before_inject in order to
allow overriding any existing parameter.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9705
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
8e35933c by Stefan Metzmacher at 2024-07-17T10:12:36+00:00
s3:selftest: add samba3.blackbox.smb1_lanman_plaintext tests
This demonstrates that we currently have problems with
plaintext and lanman authentication. In both domain member
and standalone setups.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9705
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
9afe7b7a by Stefan Metzmacher at 2024-07-17T10:12:36+00:00
s3:passdb: don't clear the LM HASH without a password change
Updating things like the bad pwd count should not clear the
stored LM HASH with 'lanman auth = no'.
This allows testing with 'lanman auth = no' and 'lanman auth = yes'.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9705
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
97f0408f by Stefan Metzmacher at 2024-07-17T10:12:36+00:00
third_party/pam_wrapper: add pam_matrix module
This allows testing pam with simple passwords.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9705
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
108724ac by Stefan Metzmacher at 2024-07-17T10:12:36+00:00
s3:auth: let smb_pam_conv() handle resp=NULL
pam_matrix calls smb_pam_conv() with resp=NULL in some situation,
we should not segfault...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9705
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
66e9d3fe by Stefan Metzmacher at 2024-07-17T10:12:36+00:00
selftest: setup pam_matrix in the simpleserver env
This allows testing a plaintext password authentication
on a standalone server using the PAM stack to verify it.
There are still production systems out in the wild using this...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9705
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
68713914 by Stefan Metzmacher at 2024-07-17T11:17:54+00:00
s3:auth: allow real plaintext authentication
In standalone setups we use the PAM stack to verify
the plaintext authentication, so we need to pass it
down...
There are still production systems out there
(legacy audio/video recording systems...)
using this.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9705
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Wed Jul 17 11:17:54 UTC 2024 on atb-devel-224
- - - - -
818bd2dc by Stefan Metzmacher at 2024-07-17T14:21:30+00:00
python:tests: make test_export_keytab_nochange_update() more reliable
net.export_keytab() includes the current timestamp into the resulting
keytab. So we need to make sure the two compared exports actually
run within the same second.
And klist may also print the keytab filename...
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Wed Jul 17 14:21:30 UTC 2024 on atb-devel-224
- - - - -
88f49f18 by Andreas Schneider at 2024-07-18T11:27:38+00:00
selftest: Remove samba4.rpc.lsa.forest.trust from knownfail
The test needs --option="torture:Forest_Trust_Dom2_Binding=..." in order
to be useful, so the skip is correct, but the knownfail entry should
have been removed with e5163dfd57694351bf556565e92f74b71221db29.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
14a5d9e6 by Andreas Schneider at 2024-07-18T11:27:38+00:00
s4:torture: Split out a new LSA test_set_forest_trust_info() function
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
f7229d61 by Andreas Schneider at 2024-07-18T12:36:25+00:00
s4:torture: Add new LSA test_query_forest_trust_info()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Thu Jul 18 12:36:25 UTC 2024 on atb-devel-224
- - - - -
f124c2df by Andreas Schneider at 2024-07-18T12:47:29+00:00
s3:smbd: Initialize struct security_ace array
"Error: UNINIT (CWE-457):
samba-4.20.0rc2/source3/smbd/posix_acls.c:4599: var_decl: Declaring variable ""aces"" without initializer.
samba-4.20.0rc2/source3/smbd/posix_acls.c:4676: uninit_use_in_call: Using uninitialized value ""*aces"". Field ""aces->object"" is uninitialized when calling ""make_sec_acl"".
4674| idx++;
4675|
4676|-> new_dacl = make_sec_acl(ctx,
4677| NT4_ACL_REVISION,
4678| idx,"
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
2e1ac4bb by Andreas Schneider at 2024-07-18T12:47:29+00:00
s4:torture: Initialize pointer with NULL
"Error: UNINIT (CWE-457):
samba-4.20.0rc2/source4/torture/smb2/durable_open.c:1447: var_decl: Declaring variable ""tree2"" without initializer.
samba-4.20.0rc2/source4/torture/smb2/durable_open.c:1492: uninit_use_in_call: Using uninitialized value ""tree2"" when calling ""smb2_util_unlink"".
1490| }
1491|
1492|-> smb2_util_unlink(tree2, fname);
1493|
1494| talloc_free(tree);"
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
a39cb60c by Andreas Schneider at 2024-07-18T12:47:30+00:00
examples:winexe: Fully initialize EXPLICIT_ACCESS
"Error: UNINIT (CWE-457):
samba-4.20.0rc2/examples/winexe/winexesvc.c:60: var_decl: Declaring variable ""ea"" without initializer.
samba-4.20.0rc2/examples/winexe/winexesvc.c:86: uninit_use_in_call: Using uninitialized value ""ea"". Field ""ea.Trustee.pMultipleTrustee"" is uninitialized when calling ""SetEntriesInAclA"".
84|
85| /* Create a new ACL that contains the new ACEs */
86|-> dwRes = SetEntriesInAcl(1, &ea, NULL, &pACL);
87| if (ERROR_SUCCESS != dwRes) {
88| dbg(""SetEntriesInAcl Error %lu\n"", GetLastError());"
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
d64242f6 by Andreas Schneider at 2024-07-18T12:47:30+00:00
s4:torture: Initialize union spoolss_KeyNames
"Error: UNINIT (CWE-457):
samba-4.20.0rc2/source4/torture/rpc/spoolss.c:7835: var_decl: Declaring variable ""key_buffer"" without initializer.
samba-4.20.0rc2/source4/torture/rpc/spoolss.c:7906: uninit_use: Using uninitialized value ""key_buffer.string_array"".
7904|
7905| if (array) {
7906|-> *array = key_buffer.string_array;
7907| }
7908|"
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
8d637d66 by Andreas Schneider at 2024-07-18T12:47:30+00:00
auth:gensec: Fully initialize struct spnego_data
"Error: UNINIT (CWE-457):
samba-4.20.0rc2/auth/gensec/spnego.c:1129: var_decl: Declaring variable ""spnego_out"" without initializer.
samba-4.20.0rc2/auth/gensec/spnego.c:1154: uninit_use_in_call: Using uninitialized value ""spnego_out.negTokenTarg.negResult"" when calling ""spnego_write_data"".
1152| }
1153|
1154|-> if (spnego_write_data(out_mem_ctx, out, &spnego_out) == -1) {
1155| DEBUG(1, (""Failed to write SPNEGO reply to NEG_TOKEN_TARG\n""));
1156| return NT_STATUS_INVALID_PARAMETER;"
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
3c91ad94 by Andreas Schneider at 2024-07-18T12:47:30+00:00
examples:winexe: Initialize integer
"Error: UNINIT (CWE-457):
samba-4.20.0rc2/examples/winexe/winexesvc.c:147: var_decl: Declaring variable ""res"" without initializer.
samba-4.20.0rc2/examples/winexe/winexesvc.c:156: uninit_use: Using uninitialized value ""res"".
154| GetOverlappedResult(pipe->h, &pipe->o, (LPDWORD)&res, TRUE);
155| FlushFileBuffers(pipe->h);
156|-> return res;
157| }
158|"
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
5fe20309 by Andreas Schneider at 2024-07-18T12:47:30+00:00
nsswitch: Fix integer size types in winbind_write_sock()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
125c5a93 by Andreas Schneider at 2024-07-18T12:47:30+00:00
s4:torture: Initialize struct netr_LogonSamLogonEx
"Error: UNINIT (CWE-457):
samba-4.20.0rc2/source4/torture/rpc/schannel.c:49: var_decl: Declaring variable ""r"" without initializer.
samba-4.20.0rc2/source4/torture/rpc/schannel.c:152: uninit_use_in_call: Using uninitialized value ""r.in.validation_level"" when calling ""torture_comment"".
150| ""LogonSamLogonEx failed"");
151| } else {
152|-> torture_comment(tctx,
153| ""Skip auth_level[%u] Testing LogonSamLogonEx with name %s using %s and validation_level: %d\n"",
154| auth_level, ninfo.identity_info.account_name.string, crypto_alg,"
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
bd298f26 by Andreas Schneider at 2024-07-18T12:47:30+00:00
s4:torture: Remove trailing spaces from cldapbench.c
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
7bb59168 by Andreas Schneider at 2024-07-18T13:48:03+00:00
s4:torture: Initialize struct cldap_netlogon
"Error: UNINIT (CWE-457):
samba-4.20.0rc2/source4/torture/ldap/cldapbench.c:40: var_decl: Declaring variable ""io"" without initializer.
samba-4.20.0rc2/source4/torture/ldap/cldapbench.c:45: uninit_use_in_call: Using uninitialized value ""io.in.map_response"" when calling ""cldap_netlogon_recv"".
43| TALLOC_CTX *tmp_ctx = talloc_new(NULL);
44| io.in.version = 6;
45|-> status = cldap_netlogon_recv(req, tmp_ctx, &io);
46| talloc_free(req);
47| if (NT_STATUS_IS_OK(status)) {"
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Thu Jul 18 13:48:03 UTC 2024 on atb-devel-224
- - - - -
0a532378 by Andreas Schneider at 2024-07-19T11:13:28+00:00
s3:printing: Allow to run samba-bgqd as a standalone systemd service
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15683
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Fri Jul 19 11:13:28 UTC 2024 on atb-devel-224
- - - - -
67e49d3e by Martin Schwenke at 2024-07-23T11:37:34+00:00
ctdb-build: Remove unused dependencies on ctdb-util
Since commit ba8f8ef33cd99ea60fc2682727a5497995b5f569.
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Anoop C S <anoopcs at samba.org>
- - - - -
79c5f451 by Martin Schwenke at 2024-07-23T11:37:34+00:00
ctdb-protocol: Move definition of CTDB_PORT to protocol
Users of CTDB_PORT will all pick up the new definition.
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Anoop C S <anoopcs at samba.org>
- - - - -
45da2281 by Martin Schwenke at 2024-07-23T11:37:34+00:00
ctdb-conf: Add a common node address handling module
These functions are intended to be used in ctdbd, the ctdb tool and
fake_ctdbd, replacing the different copies in each place.
ctdb_read_nodes() will replace ctdb_read_nodes_file(). The name
change is intentional - in future the location may be something other
than a simple filename.
The static copies of ctdb_read_nodes_file() and node_map_add() are
slightly sanitised versions of those in tools/ctdb.c, with a call to
ctdb_parse_node_address(). A bit more care is taken in node_map_add()
to avoid undefined behaviour if talloc_realloc() fails.
ctdb_parse_node_address() will replace ctdb_parse_address(). There is
an obvious argument change, since the ctdb context argument was
unused. It can only fail on an invalid node address, so return a
bool. This function might be changed later to allow the input address
string to include an optional port.
Where to put this module isn't entirely clear. It could go in common,
so be part of ctdb-util. However, if it later needs
ctdb-conf (e.g. to allow the node list location to be configurable)
then there would be a direct cyclic dependency. This is configuration
handling, so conf/ seems sane. However, I didn't want to put it into
the ctdb-conf target, since some code might need to parse a nodes list
but not need to parse ctdb.conf.
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Anoop C S <anoopcs at samba.org>
- - - - -
3d52258d by Martin Schwenke at 2024-07-23T11:37:34+00:00
ctdb-tools: Use ctdb_read_nodes() in the ctdb tool
Remove unused copy of ctdb_read_nodes_file().
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Anoop C S <anoopcs at samba.org>
- - - - -
fe97d04f by Martin Schwenke at 2024-07-23T11:37:34+00:00
ctdb-tests: Use ctdb_read_nodes() in the fake ctdbd
Remove unused copy of ctdb_read_nodes_file().
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Anoop C S <anoopcs at samba.org>
- - - - -
5d2a864c by Martin Schwenke at 2024-07-23T11:37:34+00:00
ctdb-protocol: Move ctdb_node_map_* to protocol_api.h
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Anoop C S <anoopcs at samba.org>
- - - - -
181cc097 by Martin Schwenke at 2024-07-23T11:37:34+00:00
ctdb-daemon: Use ctdb_read_nodes() in ctdbd
ctdb_control_getnodesfile() calls ctdb_read_nodes(), which returns a
struct ctdb_node_map rather than the old version, so update associated
marshalling. While here modernise a debug message and wrap the
function arguments.
For ctdb_load_nodes_file() to use ctdb_read_nodes(), tweak
convert_node_map_to_list() to also use the modern node map structure.
Remove unused copy of ctdb_read_nodes_file().
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Anoop C S <anoopcs at samba.org>
- - - - -
ead5a311 by Martin Schwenke at 2024-07-23T12:39:18+00:00
ctdb-daemon: Use ctdb_parse_node_address() in ctdbd
While here, fix a trivial memory leak (ctdbd will exit anyway if this
function fails).
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Anoop C S <anoopcs at samba.org>
Autobuild-User(master): Martin Schwenke <martins at samba.org>
Autobuild-Date(master): Tue Jul 23 12:39:18 UTC 2024 on atb-devel-224
- - - - -
6481fab9 by Stefan Metzmacher at 2024-07-23T12:44:32+00:00
selftest:Samba3: don't use PAM_WRAPPER_KEEP_DIR and PAM_WRAPPER_DEBUGLEVEL
They are both only for debugging problems.
In normal runs we don't need them and this avoids leaving to many
/tmp/pam.* directories arround.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9705
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
92ea6b00 by Andreas Schneider at 2024-07-23T12:44:32+00:00
third_party: Update pam_wrapper to version 1.1.7
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9705
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
34c58668 by Stefan Metzmacher at 2024-07-23T13:53:13+00:00
s3:tests: let modprinter.pl use $TMPDIR
We should avoid using /tmp in selftest
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Tue Jul 23 13:53:13 UTC 2024 on atb-devel-224
- - - - -
f7cb87cb by Jo Sutton at 2024-07-23T22:42:39+00:00
selftest: Consolidate MIT Kerberos knownfails into a single file
There is no longer any meaningful distinction between the two files.
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
198b6e3f by Jo Sutton at 2024-07-23T22:42:39+00:00
selftest: Move Heimdal Kerberos knownfails to separate files in their own directory
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
97677b15 by Jo Sutton at 2024-07-23T23:47:43+00:00
selftest: Move MIT Kerberos knownfails to separate files in their own directory
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Jo Sutton <jsutton at samba.org>
Autobuild-Date(master): Tue Jul 23 23:47:43 UTC 2024 on atb-devel-224
- - - - -
8903876f by Douglas Bagnall at 2024-07-25T06:27:26+00:00
libcli:security: allow spaces after BAD:
In AD_DS_Classes_Windows_Server_v1903.ldf from
https://www.microsoft.com/en-us/download/details.aspx?id=23782, we see
defaultSecurityDescriptor: O:BAG:BAD: (A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPLCLORC;;;AU)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15685
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall at samba.org>
Autobuild-Date(master): Thu Jul 25 06:27:27 UTC 2024 on atb-devel-224
- - - - -
25ff9e59 by Ralph Boehme at 2024-07-26T10:06:30+00:00
selftest: remove check for $no_delete_prefix
provision_ctdb() was always called with $no_delete_prefix undefined
from setup_ctdb(), so we can just remove the check.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
2cd9da51 by Ralph Boehme at 2024-07-26T10:06:30+00:00
selftest: setup "simpleserver" testenv specific directories after calling provision()
This ensures provision() can remove st/simpleserver/* from previous runs.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
a1d5df42 by Ralph Boehme at 2024-07-26T10:06:30+00:00
selftest: setup "fileserver" testenv specific directories after calling provision()
This ensures provision() can remove st/fileserver/* from previous runs.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
5160da29 by Ralph Boehme at 2024-07-26T10:06:30+00:00
selftest: ensure the "fileserver" test environment is removed before provisioning
This was likely taken by copy/paste from somewhere else where it might have made
sense.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
a1c1057f by Ralph Boehme at 2024-07-26T10:06:30+00:00
selftest: remove net groupmap delete stuff
Likely not needed anymore since we now cleanup the fileserver env.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
0c6725a7 by Ralph Boehme at 2024-07-26T10:06:30+00:00
s3/lib: remove name_compare_entry typedef
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
f564fcb7 by Ralph Boehme at 2024-07-26T10:06:30+00:00
s3/lib: move path_to_strv() to util_path.c
More callers are coming.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
7fc74c78 by Ralph Boehme at 2024-07-26T10:06:30+00:00
s3/lib: modernize set_namearray()
No change in behaviour.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
630f1228 by Ralph Boehme at 2024-07-26T10:06:30+00:00
smbd: move target code out of loop body
Reduces indentation of the code code that is run in this function and prepares
for adding more of it.
Review with: git show -w
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
cfa9a733 by Ralph Boehme at 2024-07-26T10:06:30+00:00
smbd: prepare free_conn_session_info_if_unused() for more cleanup logic
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
8ab29157 by Ralph Boehme at 2024-07-26T10:06:30+00:00
smbd: maintain veto_list and hide_list in the vuid cache
Prepares for adding per-user support to both options. I don't think it makes
sense also adding per-user support to "veto oplock files" and "aio write behind"
so I'm ignoring those.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
c4ede22d by Ralph Boehme at 2024-07-26T10:06:30+00:00
s3/lib: move set_namearray() to util_namearray.c
Needed to fix circular dependencies between samba-passdb, secrets3 and
samba3util (iirc).
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
2f273a50 by Ralph Boehme at 2024-07-26T10:06:30+00:00
selftest: add groups "group1" and "group2" to Samba3
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
02e7c70a by Ralph Boehme at 2024-07-26T10:06:31+00:00
smbd: move token_contains_name() to util_namearray.c and make it public
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
b8b2f218 by Ralph Boehme at 2024-07-26T10:06:31+00:00
s3/lib: add per-user support to set_namearray()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
7e835339 by Ralph Boehme at 2024-07-26T10:06:31+00:00
CI: fix test file cleanup
Test files are stored beneath "$SHAREPATH/dir1", not "$SHAREPATH/dir_1".
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
89a26b50 by Ralph Boehme at 2024-07-26T10:06:31+00:00
CI: add a test for per-user (and per-group) veto files
Not adding a specific test for per-user hide files as that uses the exact same
mechanism as the per-user veto files.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
dc957637 by Ralph Boehme at 2024-07-26T10:06:31+00:00
winbindd: rename variable old_status to was_online in wb_cache_name_to_sid()
A lot easier to make sense of the complex logic when using this name.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
6baf9547 by Ralph Boehme at 2024-07-26T10:06:31+00:00
winbindd: reformatting
No change in behaviour.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
cbd4aee5 by Ralph Boehme at 2024-07-26T10:06:31+00:00
winbindd: collapse two if expressions
No change in behaviour.
After calling set_domain_offline() domain->offline will be set to false, iow
everytime
if (!domain->internal && was_online)
is true,
if (!domain->internal &&
!domain->online &&
was_online)
will also true, so we can drop the second if expression.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
21b9eb5b by Ralph Boehme at 2024-07-26T10:06:31+00:00
winbindd: properly initialize sid and type in wb_cache_name_to_sid()
No change in behaviour.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
315ee380 by Ralph Boehme at 2024-07-26T10:06:31+00:00
libwbclient: add error WBC_ERR_NOT_MAPPED
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
12c5adb4 by Ralph Boehme at 2024-07-26T10:06:31+00:00
libwbclient: prepare wbcCtxLookupName() for dealing with WBC_SID_NAME_UNKNOWN
This changes the wbcErr from WBC_ERR_DOMAIN_NOT_FOUND to WBC_ERR_NOT_MAPPED.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
148a1028 by Ralph Boehme at 2024-07-26T10:06:31+00:00
winbindd: let LookupNames return NT_STATUS_OK and SID_NAME_UNKNOWN for unmapped names
Previously LookupNames would fail if a name could not be translated, so winbindd
clients like libwbclient couldn't differentiate between not being able to talk
to a DC and just an unkown name.
As a visible change this alters
$ bin/wbinfo -n Idontexist
failed to call wbcLookupName: WBC_ERR_DOMAIN_NOT_FOUND
Could not lookup name Idontexist
to
$ bin/wbinfo -n Idontexist
failed to call wbcLookupName: WBC_ERR_SOME_NOT_MAPPED
Could not lookup name Idontexist
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
02da9704 by Ralph Boehme at 2024-07-26T10:06:31+00:00
s3/rpc_client: fix handling of NT_STATUS_SOME_NOT_MAPPED
In this case names that couldn't be resolved will be have a NULL sid pointer
which would trigger a crash in sid_copy().
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Ralph Boehme <slow at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
- - - - -
1b63d503 by Ralph Boehme at 2024-07-26T10:06:31+00:00
s3-errormap: move map_nt_error_from_wbcErr() back into errormap.c
This basically reverts commit 313db81ad3de6cf7759d6a0fc21ee32419b2e62b.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
5d3c6dbf by Ralph Boehme at 2024-07-26T10:06:31+00:00
s3-errormap: add WBC_ERR_NOT_MAPPED -> NT_STATUS_NONE_MAPPED
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
3a13b90c by Ralph Boehme at 2024-07-26T10:06:31+00:00
s3/passdb: add winbind_lookup_name_ex()
Differs from winbind_lookup_name() by
- returning NTSTATUS instead of bool, so callers can distinguish between
STATUS_NAME_NOT_FOUND lookup results and real errors.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
1d6feea6 by Ralph Boehme at 2024-07-26T10:06:31+00:00
s3/passdb: use winbind_lookup_name_ex() in lookup_name() instead of winbind_lookup_name()
No change in behaviour, prepares for returning NTSTATUS instead of bool from
lookup_name().
Review-with: git show -w
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
01b0b856 by Ralph Boehme at 2024-07-26T10:06:31+00:00
s3/passdb: factor out lookup_name_internal()
lookup_name() becomes a thin wrapper around lookup_name_internal(). Prepares for
adding more callers to lookup_name_internal() that are interested in the
NTSTATUS return value to distinguish between NAME_NOT_FOUND lookup results and
real errors.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
8364db8a by Ralph Boehme at 2024-07-26T10:06:31+00:00
s3/passdb: add lookup_name_smbconf_ex() using lookup_name_internal()
Returns NTSTATUS instead of bool. lookup_name_smbconf() becomes a thin
wrapper around lookup_name_smbconf_ex().
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
0f27c521 by Ralph Boehme at 2024-07-26T10:06:31+00:00
s3/lib: use lookup_name_smbconf_ex() in token_contains_name()
No change in behaviour as we still ignore lookup erros as well as a not-found
result.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
02ae847b by Ralph Boehme at 2024-07-26T10:06:31+00:00
smbd: return errors from token_contains_name()
Invalid names in "valid users", "invalid users", "read list", "write list",
"veto files" and "hide files" are logged and ignored, but a failure to contact
winbind or a DC from winbind, or a memory allocation failure, now all trigger a
failure of the tree connect.
Manually tested with smbclient with the following hack in winbindd:
---8<---
$ git di
source3/winbindd/winbindd_cache.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/source3/winbindd/winbindd_cache.c b/source3/winbindd/winbindd_cache.c
index c889489dbbbc..8ccf0a28e11a 100644
--- a/source3/winbindd/winbindd_cache.c
+++ b/source3/winbindd/winbindd_cache.c
@@ -1821,6 +1821,13 @@ NTSTATUS wb_cache_name_to_sid(struct winbindd_domain *domain,
ZERO_STRUCTP(sid);
*type = SID_NAME_UNKNOWN;
+ if (strequal(name, "unknown")) {
+ return NT_STATUS_OK;
+ }
+ if (strequal(name, "iotimeout")) {
+ return NT_STATUS_IO_TIMEOUT;
+ }
+
status = wcache_name_to_sid(domain, domain_name, name, sid, type);
if (!NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) {
return status;
---8<---
veto files = ../unknown/file1/../slow/file2
$ bin/smbclient -U slow%x //localhost/test -c quit
$
In the log:
[2024/03/04 15:21:33.659356, 1, pid=977167, effective(0, 0), real(0, 0)] ../../source3/lib/util_namearray.c:128(token_contains_name)
token_contains_name: lookup_name 'unknown' failed
veto files = ../iotimeout/file1/../slow/file2
$ bin/smbclient -U slow%x //localhost/test -c quit
tree connect failed: NT_STATUS_LOGON_FAILURE
$
[2024/03/04 15:22:15.655811, 0, pid=977177, effective(0, 0), real(0, 0)] ../../source3/lib/util_namearray.c:131(token_contains_name)
token_contains_name: lookup_name 'iotimeout' failed NT_STATUS_NO_SUCH_DOMAIN
[2024/03/04 15:22:15.655846, 1, pid=977177, effective(0, 0), real(0, 0)] ../../source3/smbd/uid.c:381(change_to_user_impersonate)
change_to_user_impersonate: SMB user slow (unix user slow) not permitted access to share test.
[2024/03/04 15:22:15.655855, 0, pid=977177, effective(0, 0), real(0, 0)] ../../source3/smbd/smb2_service.c:689(make_connection_snum)
make_connection_snum: Can't become connected user!
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
607d2c1e by Ralph Boehme at 2024-07-26T10:06:31+00:00
s3/lib: return error from set_namearray()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
07c0afe9 by Ralph Boehme at 2024-07-26T11:10:42+00:00
WHATSNEW.txt: document "veto files" and "hide files"
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Fri Jul 26 11:10:42 UTC 2024 on atb-devel-224
- - - - -
3de8d294 by Pavel Filipenský at 2024-07-26T17:12:36+00:00
s3:lib: Merge library trusts_util into library ads
Function trust_pw_change() originally from library trustis_util was updated
to call functionality from ads library. This would introduce circular
dependency between the two libraries. To avoid it, trusts_util is merged
into ads.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=6750
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
731a25b5 by Pavel Filipenský at 2024-07-26T17:12:36+00:00
docs:smbdotconf: Add parameter 'sync machine password to keytab'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=6750
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
09c30299 by Pavel Filipenský at 2024-07-26T17:12:36+00:00
docs:smbdotconf: Add parameter 'sync machine password script'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=6750
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
27ca58f9 by Pavel Filipenský at 2024-07-26T17:12:36+00:00
s3:testparm: Add check for "sync machine password to keytab" to testparm
BUG: https://bugzilla.samba.org/show_bug.cgi?id=6750
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
1185b03b by Pavel Filipenský at 2024-07-26T17:12:36+00:00
krb5_wrap: Add TRACE SUPPORT for keys operations
The trace looks like below. Useful is the last filed - hex dump of the
data - allows to search for all manipulations.
KEYTAB_TRACE sync_pw2keytabs_process_keytab:622 add ADMEMKEYTAB$@ADDOM.SAMBA.EXAMPLE.COM 14 17 C66D244CB26005C7D6FF9FC00FCBBE4A
BUG: https://bugzilla.samba.org/show_bug.cgi?id=6750
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
b007fb89 by Pavel Filipenský at 2024-07-26T17:12:36+00:00
s3:libads: Use the TRACE SUPPORT for keys operations
BUG: https://bugzilla.samba.org/show_bug.cgi?id=6750
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
f3ff6871 by Pavel Filipenský at 2024-07-26T17:12:36+00:00
s3:libads: Request "msDS-KeyVersionNumber" from ads_find_machine_acct()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=6750
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
da622ccc by Pavel Filipenský at 2024-07-26T17:12:36+00:00
s3:lib: Sync machine password to keytab: helper functions
BUG: https://bugzilla.samba.org/show_bug.cgi?id=6750
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
49d09906 by Pavel Filipenský at 2024-07-26T17:12:36+00:00
s3:ads: Do not update system keytab from "net ads changetrustpw"
It will be done in secrets_{prepare,finish}_password_change
BUG: https://bugzilla.samba.org/show_bug.cgi?id=6750
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
7c65aa8c by Pavel Filipenský at 2024-07-26T17:12:36+00:00
s3:ads: Remove 'kerberos method' warning for 'net ads keytab' functions
BUG: https://bugzilla.samba.org/show_bug.cgi?id=6750
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
683f6eec by Pavel Filipenský at 2024-07-26T17:12:36+00:00
s3: Sync machine account password in secrets_{prepare,finish}_password_change
BUG: https://bugzilla.samba.org/show_bug.cgi?id=6750
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
eeb79875 by Pavel Filipenský at 2024-07-26T17:12:36+00:00
s3:libnet: Sync keytab during libnet_join_create_keytab()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=6750
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
253625da by Pavel Filipenský at 2024-07-26T17:12:36+00:00
s3:utils: Change net_ads_keytab_create() to call sync_pw2keytabs()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=6750
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
aff92826 by Pavel Filipenský at 2024-07-26T17:12:36+00:00
selftest: Add "sync machine password to keytab" to env. ad_member_idmap_nss
BUG: https://bugzilla.samba.org/show_bug.cgi?id=6750
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
90ec8adf by Pavel Filipenský at 2024-07-26T17:12:36+00:00
selftest: Add tests for keytab update
BUG: https://bugzilla.samba.org/show_bug.cgi?id=6750
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
d18babd1 by Pavel Filipenský at 2024-07-26T17:12:36+00:00
testprogs: Remove "keytab add", "keytab delete" and "keytab add_apdate_ads" related tests from test_net_ads.sh
"net ads" will no longer support "keytab add", "keytab delete" and "keytab add_apdate_ads"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=6750
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
18aedcc8 by Pavel Filipenský at 2024-07-26T17:12:36+00:00
testprogs: Remove upn related test from test_net_ads.sh
"net ads keytab create" will no longer read "userPrincipalName" from AD
BUG: https://bugzilla.samba.org/show_bug.cgi?id=6750
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
2304d96d by Pavel Filipenský at 2024-07-26T17:12:36+00:00
testprogs: Use "HOST' instead of 'host' in test_net_ads.sh
"net ads keytab create" will uses the same value as in AD,
modifications to lower case are no longer done
BUG: https://bugzilla.samba.org/show_bug.cgi?id=6750
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
abbf9260 by Pavel Filipenský at 2024-07-26T17:12:36+00:00
testprogs: Remove dnshostname related test from test_net_ads.sh
"net ads keytab create" no longer reads dNSHostName from AD
BUG: https://bugzilla.samba.org/show_bug.cgi?id=6750
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
ad6a91ba by Pavel Filipenský at 2024-07-26T17:12:36+00:00
testprogs: Remove alias test from test_net_ads.sh
"net ads keytab create" no longer reads msDS-AdditionalDnsHostName from AD
BUG: https://bugzilla.samba.org/show_bug.cgi?id=6750
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
c10c49b3 by Pavel Filipenský at 2024-07-26T17:12:36+00:00
s3:libads: Remove ads_keytab_create_default & friends
BUG: https://bugzilla.samba.org/show_bug.cgi?id=6750
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
f819ad25 by Pavel Filipenský at 2024-07-26T17:12:36+00:00
s3:utils: Remove from "net ads keytab": "add", "delete" and "add_update_ads"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=6750
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
e08b2963 by Pavel Filipenský at 2024-07-26T17:12:36+00:00
s3:libads: Call 'sync machine password script' when machine password is updated
BUG: https://bugzilla.samba.org/show_bug.cgi?id=6750
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
1fcaf066 by Pavel Filipenský at 2024-07-26T17:12:36+00:00
ctdb:events: Add 46.update-keytabs.script for 'recovered' event
BUG: https://bugzilla.samba.org/show_bug.cgi?id=6750
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
bf13d9b3 by Pavel Filipenský at 2024-07-26T17:12:36+00:00
s3:script: clustered samba: Add script updatekeytab.sh
Admin should use this script in smb.conf parameter 'sync machine
password script' in clustered samba
TODO: onnode will update the keytab on all connected nodes, so the
update will happen on the triggering node twice. This can be improved in
the future.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=6750
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
fb0c2774 by Pavel Filipenský at 2024-07-26T17:12:36+00:00
script: clustered samba: Build samba-ctdb with ad-dc support
samba-tool requires addc support
BUG: https://bugzilla.samba.org/show_bug.cgi?id=6750
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
c76727b3 by Pavel Filipenský at 2024-07-26T17:12:36+00:00
selftest: Rename nt4_dc_vars -> dcvars in setup_clusteredmember
BUG: https://bugzilla.samba.org/show_bug.cgi?id=6750
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
be29fe50 by Pavel Filipenský at 2024-07-26T17:12:36+00:00
selftest: setup clusteredmember with kerberos, change dependency to "ad_dc"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=6750
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
6a97f8e1 by Pavel Filipenský at 2024-07-26T17:12:36+00:00
selftest: Add tests for keytab update in clustered samba
BUG: https://bugzilla.samba.org/show_bug.cgi?id=6750
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
e61f53b6 by Pavel Filipenský at 2024-07-26T18:16:15+00:00
WHATSNEW: Automatic keytab update after machine password changes
BUG: https://bugzilla.samba.org/show_bug.cgi?id=6750
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Pavel Filipensky <pfilipensky at samba.org>
Autobuild-Date(master): Fri Jul 26 18:16:15 UTC 2024 on atb-devel-224
- - - - -
e653b087 by Douglas Bagnall at 2024-07-27T22:47:39+00:00
tdb: fix compilation with TDB_TRACE=1
../../lib/tdb/common/tdb.c: In function ‘tdb_trace_record’:
../../lib/tdb/common/tdb.c:1224:22: error: ‘snprintf’ output truncated before the last format character [-Werror=format-truncation=]
1224 | p += snprintf(p, 2, %02x, rec.dptr[i]);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../lib/tdb/common/tdb.c:1224:22: note: ‘snprintf’ output 3 bytes into a destination of size 2
cc1: all warnings being treated as errors
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
351636ef by Douglas Bagnall at 2024-07-27T22:47:39+00:00
tdb: allow tracing of internal tdb
This will trace internal databases to files like this:
tdb_0x5da896b51870.trace.267290
We avoid strlen(name) because name could be NULL in this case (which
works fine with glibc but feels bad).
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
d8c7768f by Douglas Bagnall at 2024-07-27T22:47:39+00:00
ldb_kv_cache: always initialise dn_list.strict
The strict flag is only read in list intersection, so most of the time
it doesn't matter whether it is set because that path is not used.
Nevertheless seeing it set to all kinds of values is distracting.
The undefined behaviour has likely been hidden from static analysis
because the structure is passed through the in-memory tdb before use.
Incorrect true values will have disabled an optimisation but not
caused the wrong result.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
ed7bc50b by Douglas Bagnall at 2024-07-27T22:47:39+00:00
ldb:ldb_kv_dn_list_find_val: check for int overflow
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
5f0198d6 by Douglas Bagnall at 2024-07-27T22:47:39+00:00
ldb_kv_index: dn_list load sub transaction can re-use keys
We don't want to modify the original list, but we can reuse the keys
if we treat them as immutable and don't free them. That makes it a lot
quicker if there are many keys (i.e. where an index is useful) and may
sub-transactions. In particular, it avoids O(n²) talloc_memdups.
A removed comment that says "We have to free the top level index
memory otherwise we would leak", and this will be addressed in the
next commit.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15590
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
1bf9ede9 by Douglas Bagnall at 2024-07-27T22:47:39+00:00
ldb:kv_index: realloc away old dn list
We can't just free it, because has the GUID index list as a child, and
these are shared by the new dn list (from the subtransaction we are
committing). But if the dn list is long and the main transaction is
long-lived, we can save a lot of memory by turning this dn list into
an almost empty node in the talloc tree. This returns us to roughly
the situation we had prior to the last commit.
For example, with the repro.sh script on bug 15590 in indexes mode
with 10000 rules, The last 3 commits use this much memory at the end
of an unusually large transaction:
full talloc report on 'struct ldb_context' (total 4012222 bytes in 90058 blocks)
full talloc report on 'struct ldb_context' (total 2405482219 bytes in 90058 blocks)
full talloc report on 'struct ldb_context' (total 4282195 bytes in 90058 blocks)
That is, the last commit increased usage 500 fold, and this commit
brings it back to normal.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15590
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
9ecf9685 by Douglas Bagnall at 2024-07-27T22:47:39+00:00
ldb:kv_index: don't recalculate a length
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
18131aeb by Douglas Bagnall at 2024-07-27T22:47:39+00:00
ldb:kv_index: subtransaction_cancel: check for nested tdb
Just in case, but also so ldb_kv_index_transaction_cancel() can use
this and retain the same logic.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
e58e4a5a by Douglas Bagnall at 2024-07-27T23:51:44+00:00
ldb:kv_index: use subtransaction_cancel in transaction_cancel
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Douglas Bagnall <dbagnall at samba.org>
Autobuild-Date(master): Sat Jul 27 23:51:44 UTC 2024 on atb-devel-224
- - - - -
93a6656c by Jule Anger at 2024-07-29T09:01:32+00:00
tdb: version 1.4.11
* Add tdbdump -x option to output all data as hex values
* Add missing overflow check for num_values in pytdb.c
* Remove Py2 related tests
* Update times in tdb_transaction_commit per fd, not per name
* Fix compilation with TDB_TRACE=1
* Allow tracing of internal tdb
Signed-off-by: Jule Anger <janger at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
- - - - -
33f3cd3f by Jule Anger at 2024-07-29T09:01:32+00:00
WHATSNEW: Up to Samba 4.21.0rc1.
Signed-off-by: Jule Anger <janger at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
- - - - -
729078d2 by Jule Anger at 2024-07-29T09:01:32+00:00
VERSION: Disable GIT_SNAPSHOT for the Samba 4.21.0rc1 release.
Signed-off-by: Jule Anger <janger at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
- - - - -
13fc70f5 by Jule Anger at 2024-07-29T13:38:39+02:00
VERSION: Bump version up to Samba 4.21.0rc2...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Jule Anger <janger at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
- - - - -
b39d04f6 by Michael Tokarev at 2024-07-30T10:37:41+03:00
New upstream version 4.21.0~rc1+dfsg
- - - - -
5148ff97 by Volker Lendecke at 2024-07-31T15:00:11+00:00
loadparm: Factor out lp_wi_scan_parametrics
We'll scan share parametrics soon as well.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15688
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 0536ac96e927c00121e220f45cd63682726bc8e3)
- - - - -
0b9371aa by Volker Lendecke at 2024-07-31T15:00:11+00:00
loadparm: Add lp_wi_scan_share_parametrics
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15688
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 89da15756d81746d80b43c2fe04c51fc07591849)
- - - - -
af0085ac by Volker Lendecke at 2024-07-31T15:00:11+00:00
lib: Factor out append_namearray from set_namearray
We'll have to add to an existing namearray soon.
This turns one talloc_array() into a set of reallocs. This is slower,
but set_namearray is only used for smb.conf entries where we don't
expect hundreds or more entries to add. I've done this to avoid array
length calculations, but if it turns out to be too slow we can get
smarter again.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15688
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit fcd595a4642a08169b427af534a00116daf220bf)
- - - - -
fd73c865 by Volker Lendecke at 2024-07-31T15:00:11+00:00
smbd: Respect per-user hide and veto files with parametric options
For my taste this is a nicer configuration syntax than
/../username1/file1/../username2/file2/
Is this too expensive? I don't think so. The scanning only happens an
tcon time, and it only walks the parametric options. If this turns out
to be a performance problem, we should think about smarter data
structures for parametric options instead of just a linked list of
string triples for everything.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15688
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 17becb5f526015de56d00cd1c8f603f8ddacd0ba)
- - - - -
244ade4f by Volker Lendecke at 2024-07-31T15:00:11+00:00
tests: Test parametric per-user syntax for hide/veto files
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15688
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit b5a128685e68f05a3688aa1391393b9095bf32b0)
- - - - -
13dbaf55 by Volker Lendecke at 2024-07-31T15:00:11+00:00
lib: Remove per-user support from append_to_namearray
This is done in check_user_ok now
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15688
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit b5169dd717ed5cf66d1e1e90aaf1a4646f7b5ea5)
- - - - -
d5be00ab by Volker Lendecke at 2024-07-31T15:00:11+00:00
lib: Remove "token" parameter from set_namearray
Not needed anymore
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15688
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit a150714cc64294d75028bac47132084bdf6f72c9)
- - - - -
bffa9349 by Volker Lendecke at 2024-07-31T15:00:11+00:00
docs: Document parametric form of hide and veto files
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15688
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Wed Jul 31 09:41:54 UTC 2024 on atb-devel-224
(cherry picked from commit 10e9b858a3f9ca8d7e5dfd1c4e1e7937a03db671)
- - - - -
5ba371e0 by Stefan Metzmacher at 2024-07-31T16:07:37+00:00
WHATSNEW: update the Per-user and group "veto files" and "hide files" section
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15688
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(v4-21-test): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(v4-21-test): Wed Jul 31 16:07:37 UTC 2024 on atb-devel-224
- - - - -
6d69562e by Andreas Schneider at 2024-08-06T11:46:16+00:00
wafsamba: Fix ABI symbol name generation
Commit 0bc5b6f29307ce758774c1b2f48ce62315fdc7f9 changed the script
for generating the ABI symbol version. It broke the ABI by changing all
dots to underscores.
This reverts the commit partially to preserve the dots in the version
part.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15673
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Andreas Schneider <asn at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Günther Deschner <gd at samba.org>
Autobuild-User(master): Douglas Bagnall <dbagnall at samba.org>
Autobuild-Date(master): Tue Aug 6 00:42:56 UTC 2024 on atb-devel-224
(cherry picked from commit 46215ab1b34aa79c4c831ea1c12f73eacf1e8a12)
- - - - -
de85c86c by Jo Sutton at 2024-08-06T11:46:16+00:00
ldb: Fix ldb public library header files being unusable
An accidental negation means that ldb_version.h is not installed when
ldb is built as a public library.
This is a regression introduced by commit
625fb48326ec62a33ce0abdbfb0f6f3d33d7cc64.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15690
Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall at samba.org>
Autobuild-Date(master): Sun Aug 4 01:35:55 UTC 2024 on atb-devel-224
(cherry picked from commit 5851ae555425ea2ba8e431162142ebae47be802e)
- - - - -
ff9d9677 by Pavel Filipenský at 2024-08-06T11:46:16+00:00
docs:smbdotconf: Improve formatting of 'sync machine password to keytab'
Hint: review this commit with ignoring white space changes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15689
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Reviewed-by: Martin Schwenke <martin at meltin.net>
(cherry picked from commit 6c627903ee466cd1559d7f58821221c4dd668d1f)
- - - - -
ba6c2f68 by Pavel Filipenský at 2024-08-06T11:46:16+00:00
docs-xml: Fix trailing whitespace in net.8.xml
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15689
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Reviewed-by: Martin Schwenke <martin at meltin.net>
(cherry picked from commit 374680010d42d3bca52791159dba7b42eb8d0d6c)
- - - - -
6f9a9394 by Pavel Filipenský at 2024-08-06T11:46:16+00:00
docs-xml: Delete descriptions for removed commands "net ads keytab add" and "net ads keytab add_update_ads"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15689
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Reviewed-by: Martin Schwenke <martin at meltin.net>
Autobuild-User(master): Pavel Filipensky <pfilipensky at samba.org>
Autobuild-Date(master): Mon Aug 5 13:29:25 UTC 2024 on atb-devel-224
(cherry picked from commit a5f47f6efe67e02d7a12f30b4e6fb76bcd6aa71c)
- - - - -
72590758 by Pavel Filipenský at 2024-08-06T12:49:02+00:00
WHATSNEW: update the "Automatic keytab update after machine password change" section
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15689
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Autobuild-User(v4-21-test): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(v4-21-test): Tue Aug 6 12:49:02 UTC 2024 on atb-devel-224
- - - - -
0cf9c6ef by Andreas Schneider at 2024-08-07T10:00:12+00:00
autobuild: Add ABI checks for libtalloc, libtevent and libtdb
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15673
Signed-off-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit bcd49e3000736eb3c642280ac2e1f3d56a31b6bb)
- - - - -
0ca6cd90 by Stefan Metzmacher at 2024-08-07T10:00:12+00:00
tdb: version 1.4.12
* Regression fix for ABI problem
TDB_1_4_11 vs. TDB_1.4.11
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15673
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Tue Aug 6 16:16:27 UTC 2024 on atb-devel-224
(cherry picked from commit 6b10cfbaf2c522cceb48c610c18656d2d69cf60b)
- - - - -
ba14164f by Stefan Metzmacher at 2024-08-07T10:00:12+00:00
s3:lib: add winbind_lookup_name_ex() fallback for --without-winbind
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15687
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 5b31b723c06a0b41f9d47e47ce79818e07d3b831)
- - - - -
b375043d by Stefan Metzmacher at 2024-08-07T11:15:19+00:00
script/autobuild.py: do some basic testing using --without-winbind
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15687
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Wed Aug 7 07:38:35 UTC 2024 on atb-devel-224
(cherry picked from commit c0d0767a3ab2c0cd5c4f2fa5cd77f3b678794d63)
Autobuild-User(v4-21-test): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(v4-21-test): Wed Aug 7 11:15:19 UTC 2024 on atb-devel-224
- - - - -
3f3bc5fe by Michael Tokarev at 2024-08-11T10:25:33+03:00
winbind: break old libpam-winbind & libnss-winbind
- - - - -
74524c43 by Shachar Sharon at 2024-08-13T15:37:12+00:00
vfs_ceph_new: next iteration of samba-to-cephfs bridge
Defined new module 'vfs_ceph_new.c' which serves as a place holder for
the next development phase of the bridge between samba's VFS layer and
libcephfs. Begin with a module which is almost identical to existing
'vfs_ceph.c', except for hooks-names prefix which is 'vfs_ceph_' in
order to make clear distinction from existing code base. Following
commits will also switch to low-level APIs.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit 3720452720b4760509875f0d2a8ed0d104bb1844)
- - - - -
5a7f6e46 by Shachar Sharon at 2024-08-13T15:37:12+00:00
vfs_ceph_new: use low-level APIs for disk_free
Start using libcephfs low-level APIs: get reference to root inode and
use it to query statfs. Requires an explicit put-inode to avoid resource
leakage by libcephfs.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit 192b0cf8717d79197b985539c9db8ca07a89c570)
- - - - -
9f68daac by Shachar Sharon at 2024-08-13T15:37:12+00:00
vfs_ceph_new: use low-level APIs for stat
Start migrating to libcephfs' low-level APIs, using explicit Inode*
reference. Implement the VFS 'stat' hook using a ceph_ll_getattr
function, encapsulated with a pair of iget/iput to hold a
pinned-to-cache Inode* instance.
Upon calling to libcephfs this new code crates and destroys on-the-fly
a Ceph UserPerm instance based on the uig, gid and groups from
'handle->conn->session_info->unix_token'. This logic ensures that the
correct caller-credentials are passed-on to cephfs (instead of those
set upon connection-creation in legacy 'vfs_ceph.c').
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit 1b78d79663c48aa4b6810a875427de85ae49a2e8)
- - - - -
8e28065f by Shachar Sharon at 2024-08-13T15:37:12+00:00
vfs_ceph_new: use low-level APIs for lstat
Use libcephfs' low-level APIs and apply the same logic as stat, but
using AT_SYMLINK_NOFOLLOW flags.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit 93d786b14358db5664e13b1aa43f3f03e7cf0be3)
- - - - -
be427077 by Shachar Sharon at 2024-08-13T15:37:12+00:00
vfs_ceph_new: use low-level APIs for statfs
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit 47224fbdeb55100cf8a7ee75e13b954ab71fc158)
- - - - -
7bb3f5f2 by Shachar Sharon at 2024-08-13T15:37:12+00:00
vfs_ceph_new: use low-level APIs for lchown
Use libcephfs' low-level API ceph_ll_setattr to implement VFS lchown_fn
hook. Use to standard pattern of iget/iput to allow operation by Inode
reference.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit beb21324c9a554f50d8d99af2a1b7fe8a17c8ebb)
- - - - -
f3e5d723 by Shachar Sharon at 2024-08-13T15:37:12+00:00
vfs_ceph_new: ref cephmount_cached entry in handle->data
Allow direct access to ceph-mount cached-entry via 'handle->data'
private pointer. Required in order to allow more complex cached-state
with each cephfs mount. Users should now use the local-helper function
'cmount_of' to access the underlying ceph_mount_info.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit 31085c7efc3572bd6200d3d8e49c1e554cdbfbcc)
- - - - -
62a43faa by Shachar Sharon at 2024-08-13T15:37:12+00:00
vfs_ceph_new: use low-level APIs for open/close
Implement openat, close and closedir and hooks using libcephfs'
low-level APIs. Cache the open Fh* from libcephfs and its related
meta-data using VFS fsp-extension mechanism.
Upon open-create of new vfs_ceph_fh store the caller credentials
(ceph's UserPerm*) within the same context object for subsequent calls.
In addition, provide a "pseudo" fd numbering which is reported back to
VFS layer and used as debugging hints.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit 491676846458980944b76d1693726627a9a32503)
- - - - -
6fdf1922 by Shachar Sharon at 2024-08-13T15:37:12+00:00
vfs_ceph_new: use low-level APIs for fstat
Use libcephfs' low-level APIs and apply the same logic as stat, but
via explicit inode-reference.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit f16183f90abba3c2d3d26262926f1454275a9d3f)
- - - - -
655e7a15 by Shachar Sharon at 2024-08-13T15:37:12+00:00
vfs_ceph_new: use low-level APIs for fstatat
Use libcephfs' low-level APIs to do lookup-by-name via parent's open
reference followed by getattr on the inode itself.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit 13671cefffb268d84c973583669681318a2ce3bb)
- - - - -
34c84825 by Shachar Sharon at 2024-08-13T15:37:12+00:00
vfs_ceph_new: use low-level APIs for fdopendir
Implement fdopendir using libcephfs low-level API and cached (via fsp)
open file-handle. Embed the result within cached vfs_ceph_fh so it may
be used properly by closedir.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit a8a7339c6b7a6866399fd6c409228267a585740f)
- - - - -
5eaa8749 by Shachar Sharon at 2024-08-13T15:37:12+00:00
vfs_ceph_new: use low-level APIs for mkdirat
Implement 'mkdirat' hook using libcephfs' low-level APIs, via the open
file-handle reference to parent directory.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit bd955af86e71fa6c87648e578890ea6f4d490d4b)
- - - - -
9fd6c5b4 by Shachar Sharon at 2024-08-13T15:37:12+00:00
vfs_ceph_new: use low-level APIs for readdir ops
Implement readdir and rewinddir operations using libcephfs' low-level
APIs. Casts the opaque DIR pointer into struct vfs_ceph_dirp (the first
member of struct vfs_ceph_fh) to resolve the ceph_dir_result pointer
which libcephfs expects for readdir operations.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit 99c7179e5da6d201f03b1a04dbe2a6722090783d)
- - - - -
26851f16 by Shachar Sharon at 2024-08-13T15:37:12+00:00
vfs_ceph_new: proper error handling to readdir
Error handling in the case of 'ceph_readdir' is done by setting 'errno'
deep within libcephfs code. In case of error, emit proper debug message
and re-update errno to avoid possible over-write by logging mechanism.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit 24a3423949e127177c019a0d126c6f7523e61984)
- - - - -
7780114a by Shachar Sharon at 2024-08-13T15:37:12+00:00
vfs_ceph_new: use low-level APIs for fchown/fchmod
Use libcephfs' low-level APIs to implement 'fchown' and 'fchmod' using
open file-handle. If fsp does not have an open cephfs Fh reference,
set errno to EBADF and return -1 to VFS.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit cb14d3630d8c110405c2a43bef15aa31ec4a0fba)
- - - - -
2b660aaf by Shachar Sharon at 2024-08-13T15:37:12+00:00
vfs_ceph_new: use low-level APIs for fntimes
Implement fntimes hook using libcephfs' low-level APIs. Convert
smb_file_time to ceph_statx plus proper field mask on-the-fly upon
issuing low-level call to libcephfs.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit 20b7d2bfe06beefb5e7f091eb317ad18cb53f8a9)
- - - - -
9278e661 by Shachar Sharon at 2024-08-13T15:37:12+00:00
vfs_ceph_new: use low-level APIs for unlinkat
Implement unlinkat using libcephfs low-level APIs. Operate using parent
directory's open file-handle. When flags has AT_REMOVEDIR bit set call
low-level rmdir; otherwise, do normal unlink.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit 362a7cf8664270145bff815347e447797cc1a643)
- - - - -
69b671dc by Shachar Sharon at 2024-08-13T15:37:12+00:00
vfs_ceph_new: use low-level APIs for symlink/readlink
Implement unlinkat using libcephfs low-level APIs. For readlink
operation need to resolve child inode by-lookup and then used the inode
reference for the actual low-level readlink.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit 53c9269b219a54236500d22d8a4c7f2ed582faaf)
- - - - -
ddb5fcb2 by Shachar Sharon at 2024-08-13T15:37:12+00:00
vfs_ceph_new: use low-level APIs for read/write
Implement read/write IO operations using libcephfs' low-level APIs.
Requires open ceph Fh* associated with fsp (extension) to complete both
pread/pwrite as well as async I/O operations.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit 29bbe0f52d4ffae9dbb070ffc525acf99203444b)
- - - - -
f429baca by Shachar Sharon at 2024-08-13T15:37:12+00:00
vfs_ceph_new: use low-level APIs for lseek
Implement lseek operation using libcephfs' low-level APIs. Requires
open ceph Fh* associated with fsp (extension).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit 30c1a613fee3f625c0559e49e037af9fad04c3b8)
- - - - -
dc207c28 by Shachar Sharon at 2024-08-13T15:37:12+00:00
vfs_ceph_new: use low-level APIs for fsync
Implement fsync operation using libcephfs' low-level APIs. Requires
open ceph Fh* associated with fsp (extension).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit e15586fc6097565208011c556282d83eeec2230b)
- - - - -
2b1c6594 by Shachar Sharon at 2024-08-13T15:37:12+00:00
vfs_ceph_new: use low-level APIs for ftruncate/fallocate
Implement ftruncate/fallocate operations using libcephfs' low-level
APIs. Requires open ceph Fh* associated with fsp (extension).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit b536bf1fa87fb794e2992ab5368f41fdba80e3ad)
- - - - -
6af3cb81 by Shachar Sharon at 2024-08-13T15:37:12+00:00
vfs_ceph_new: use low-level APIs for linkat
Implement link operations using libcephfs' low-level APIs. Requires two
phase operation: resolve (by-lookup) reference to inode and then do the
actual (hard) link operation using parent dir-inode reference to the
locally-cached inode.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit 9a70bd606728110ad91cab547a4e31350010bb68)
- - - - -
9109ed18 by Shachar Sharon at 2024-08-13T15:37:12+00:00
vfs_ceph_new: use low-level APIs for renameat
Implement renameat operations using libcephfs' low-level APIs. Requires
both directories to have valid inode-ref associated with their fsp
extension.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit 83011357fb834e92505f17d6f65d5f32e3d37ec0)
- - - - -
e0d2953a by Shachar Sharon at 2024-08-13T15:37:12+00:00
vfs_ceph_new: use low-level APIs for mknodat
Implement mknodat operations using libcephfs' low-level APIs. Requires
parent directory to have valid inode-ref associated with its fsp
extension.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit e714e5ddc50a771e743f5e63f686c106abe33b75)
- - - - -
ec119531 by Shachar Sharon at 2024-08-13T15:37:12+00:00
vfs_ceph_new: use low-level APIs for xattr ops
Implement extended-attributes operations using libcephfs' low-level
APIs. Whenever possible, use the open file-handle from fsp-extension to
resolve inode-reference and user-permissions. Otherwise, resolve both
on-the-fly.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit 0a8445e891c64d703d44258b2eef85296265c55f)
- - - - -
9de33d34 by Shachar Sharon at 2024-08-13T15:37:12+00:00
vfs_ceph_new: debug-log upon libcephfs low-level calls
Add developer's debug-logging upon each call to libcephfs' low-level
APIs.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit d00f20f30f4e77463e82d202099682b7ef68260f)
- - - - -
fe3471eb by Shachar Sharon at 2024-08-13T15:37:12+00:00
vfs_ceph_new: common prefix to debug-log messages
Keep logging consistent: add "[CEPH] " prefix to DBG_DEBUG log messages
where missing.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
Autobuild-User(master): Günther Deschner <gd at samba.org>
Autobuild-Date(master): Mon Jul 29 15:58:15 UTC 2024 on atb-devel-224
(cherry picked from commit 3bb6d441bf047bef6d95675057cecd3865a25540)
- - - - -
ff2ecedd by Shachar Sharon at 2024-08-13T15:37:12+00:00
docs-xml/manpages: add entry for vfs_ceph_new
Create man entry for the newly added vfs_ceph_new module: almost
identical to existing vfs_ceph, except to the configuration entry:
[sharename]
vfs objects = ceph_new
...
Adds a bit of info for the motivation behind this new module.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit d8c84a2993b84ebb69011c33c1b5d44801c15363)
- - - - -
0d031613 by Anoop C S at 2024-08-13T15:37:12+00:00
vfs_ceph_new: Unconditionally use ceph_select_filesystem
Currently we don't have an explicit check for the presence of
ceph_select_filesystem() libcephfs API as it is always found to
be present with the minimum ceph version that is supported with
Samba right now. Therefore under this assumption directly call
ceph_select_filesystem() without any #ifdefs. Please note that
this change is already part of vfs_ceph via ef0068cd.
ref: https://gitlab.com/samba-team/samba/-/merge_requests/3715
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
Autobuild-User(master): Anoop C S <anoopcs at samba.org>
Autobuild-Date(master): Mon Aug 5 16:06:47 UTC 2024 on atb-devel-224
(cherry picked from commit de2f76fa47e6e672ce353ea9d3dc4019965c6491)
- - - - -
7872fbd9 by Shachar Sharon at 2024-08-13T15:37:12+00:00
vfs_ceph{_new}: do not set errno upon successful call to libcephfs
There is code in Samba that expects errno from a previous system call
to be preserved through a subsequent system call. Thus, avoid setting
"errno = 0" in status_code() and lstatus_code() upon successful return
from libcephfs API call.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit a7f4e2bd47c7f4728f3ac8d90af693156a69c557)
- - - - -
0edfc053 by Shachar Sharon at 2024-08-13T15:37:12+00:00
vfs_ceph_new: handle errno properly for 'readdir'
Take special care for readdir errno setting: in case of error, update
errno by libcephfs (and protect from possible over-write by debug
logging); in the case of successful result or end-of-stream restore
errno to its previous value before calling the readdir_fn VFS hook.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
Autobuild-User(master): Günther Deschner <gd at samba.org>
Autobuild-Date(master): Wed Aug 7 14:20:02 UTC 2024 on atb-devel-224
(cherry picked from commit aa043a5808b73fc272de585c1446372fa3f21d08)
- - - - -
ab1db57e by Shachar Sharon at 2024-08-13T15:37:12+00:00
vfs_ceph_new: use 'ceph_new' for config-param prefix
Use explicit 'ceph_new' prefix to each of the ceph specific config
parameters to avoid confusion with legacy 'vfs_ceph' module. Hence,
users will have in their smb.conf a format similar to:
...
[smbshare]
vfs objects = ceph_new
ceph_new: config_file = /etc/ceph/ceph.conf
ceph_new: user_id = user1
ceph_new: filesystem = fs1
...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
(cherry picked from commit aca4cf8327dcaef782dedd98a63a020469c45cdb)
- - - - -
74776581 by Shachar Sharon at 2024-08-13T15:37:12+00:00
docs-xml/manpages: 'ceph_new' prefix for config-param of vfs_ceph_new
With 'ceph_new' prefix used by vfs_ceph_new for config parameters,
update the relevant man-page accordingly.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
Autobuild-User(master): Günther Deschner <gd at samba.org>
Autobuild-Date(master): Thu Aug 8 13:54:34 UTC 2024 on atb-devel-224
(cherry picked from commit 68f0835c8e1c5029cd831c267b75c02185b206c7)
- - - - -
4b6e24cb by Pavel Filipenský at 2024-08-13T15:37:12+00:00
Revert "docs-xml: Delete descriptions for removed commands "net ads keytab add" and "net ads keytab add_update_ads""
This reverts commit a5f47f6efe67e02d7a12f30b4e6fb76bcd6aa71c.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15689
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 51784e80f2bdf84c296badba2caea800ce3813db)
- - - - -
80db72bd by Pavel Filipenský at 2024-08-13T15:37:12+00:00
docs: Add examples to net.8 that use 'sync machine password to keytab'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15689
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit cb774a74c4e1cc03ad0267cc68b93c06738e2ce6)
- - - - -
5730327b by Pavel Filipenský at 2024-08-13T15:37:12+00:00
s3:script: Rename updatekeytab.sh ==> winbind_ctdb_updatekeytab.sh
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15689
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit adcad1b537ce2e2e213b72131517233a8d2d91fd)
- - - - -
ed391186 by Pavel Filipenský at 2024-08-13T15:37:12+00:00
s3:script: Install winbind_ctdb_updatekeytab.sh
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15689
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 9f0183a9f55e52b09c6ae9f6c8badad6ba85bb64)
- - - - -
4643ddbb by Pavel Filipenský at 2024-08-13T15:37:12+00:00
docs:smbdotconf: Improve documentation for 'sync machine password script'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15689
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit ca7acec952b0e6154927b28b1afa3e9318f22035)
- - - - -
51298583 by Pavel Filipenský at 2024-08-13T15:37:12+00:00
docs:smbdotconf: Improve documentation for 'sync machine password to keytab'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15689
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 2dd81ec2bea46ad6caa6e40194eae4340f4acc7d)
- - - - -
8c0820a9 by Pavel Filipenský at 2024-08-13T15:37:12+00:00
docs:smbdotconf: Update 'kerberos method' with 'sync machine password to keytab'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15689
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Tue Aug 13 15:27:26 UTC 2024 on atb-devel-224
(cherry picked from commit 9e4074d4268e34cf93f79cd1108e7dc661ad3845)
- - - - -
2552df22 by Pavel Filipenský at 2024-08-13T15:37:12+00:00
WHATSNEW: update the "Automatic keytab update after machine password change" section
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15689
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
- - - - -
ac02a513 by Stefan Metzmacher at 2024-08-13T15:37:12+00:00
WHATSNEW: Add release notes for Samba 4.21.0rc2.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
- - - - -
8e440c0a by Stefan Metzmacher at 2024-08-13T15:37:12+00:00
VERSION: Disable GIT_SNAPSHOT for the 4.21.0rc2 release.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
- - - - -
cf4feb17 by Stefan Metzmacher at 2024-08-13T16:55:05+00:00
VERSION: Bump version up to Samba 4.21.0rc3...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(v4-21-test): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(v4-21-test): Tue Aug 13 16:55:05 UTC 2024 on atb-devel-224
- - - - -
1296a89a by Michael Tokarev at 2024-08-14T12:22:50+03:00
New upstream version 4.21.0~rc2+dfsg
- - - - -
12084aa1 by Shachar Sharon at 2024-08-20T07:39:20+00:00
WHATSNEW: update "New cephfs VFS module" section
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
- - - - -
c7e6ec6b by Anoop C S at 2024-08-20T07:39:20+00:00
source3/script: Fix installation of winbind_ctdb_updatekeytab.sh
winbind_ctdb_updatekeytab.sh assumes the presence `onnode` utility to
execute `net ads` command on all nodes in the cluster. But `onnode`
is only built when configured with clustering support. Therefore perform
the script installation only with ctdb configuration. Also fix the
installation path to /usr/share/ctdb/scripts.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15689
Signed-off-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
(cherry picked from commit 3929fdae1a13ab029e173ce53598d3fa6cf40e9c)
- - - - -
fcca9820 by Anoop C S at 2024-08-20T07:39:20+00:00
docs-xml: Fix script location in syncmachinepasswordscript.xml
Update the change in installation path for winbind_ctdb_updatekeytab.sh
from SAMBA_DATADIR to newly defined CTDB_DATADIR.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15689
Signed-off-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
Autobuild-User(master): Anoop C S <anoopcs at samba.org>
Autobuild-Date(master): Fri Aug 16 09:49:30 UTC 2024 on atb-devel-224
(cherry picked from commit 31c9352099f5efeb88d27c603ec2dbfaf98b300d)
- - - - -
294f9e47 by Pavel Filipenský at 2024-08-20T07:39:20+00:00
s3:libads: Do not print error message for a default configuration
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15689
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Pavel Filipensky <pfilipensky at samba.org>
Autobuild-Date(master): Mon Aug 19 13:21:08 UTC 2024 on atb-devel-224
(cherry picked from commit f1cd250a6fd7e0571bd22493c838d6c12c2adf5b)
- - - - -
64416b69 by Stefan Metzmacher at 2024-08-20T07:39:20+00:00
s4:torture/smb2: let smb2.session.expire2* also check compound requests
This shows that all compound related requests should get
NT_STATUS_NETWORK_SESSION_EXPIRED.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15696
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit f6009aa73b9234df1e6ab689de322487ad1394ed)
- - - - -
38055454 by Stefan Metzmacher at 2024-08-20T09:04:48+00:00
s3:smb2_server: return NT_STATUS_NETWORK_SESSION_EXPIRED for compound requests
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15696
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Aug 13 22:29:28 UTC 2024 on atb-devel-224
(cherry picked from commit 4df1bfd07012dd3d2d2921281e6d6e309303b88d)
Autobuild-User(v4-21-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-21-test): Tue Aug 20 09:04:48 UTC 2024 on atb-devel-224
- - - - -
21a75c2b by Jule Anger at 2024-08-20T13:16:11+02:00
WHATSNEW: Add release notes for Samba 4.20.0rc3.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
bb4874ba by Jule Anger at 2024-08-20T13:16:59+02:00
VERSION: Disable GIT_SNAPSHOT for the 4.21.0rc3 release.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
851c488e by Jule Anger at 2024-08-20T13:17:54+02:00
VERSION: Bump version up to Samba 4.21.0rc4...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
0d41094f by Pavel Filipenský at 2024-08-21T11:19:48+00:00
lib/param: Don't treat a missing include file as an error in handle_include().
Same fix as in commit 09d7690
'samba-tool domain provision -d10' fails if the included file does not
exist:
lpcfg_load: refreshing parameters from /etc/samba/smb.conf
Processing section "[global]"
Can't find include file /etc/samba/usershares.conf
pm_process() returned No
ERROR: Unable to load default file
File "/usr/lib64/python3.12/site-packages/samba/netcmd/domain/provision.py", line 183, in run
lp = sambaopts.get_loadparm()
^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib64/python3.12/site-packages/samba/getopt.py", line 282, in get_loadparm
self._lp.load_default()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15698
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>
Autobuild-User(master): Martin Schwenke <martins at samba.org>
Autobuild-Date(master): Wed Aug 21 00:04:19 UTC 2024 on atb-devel-224
(cherry picked from commit ffc75c569c69ce22a39b5d1df8cb4906095c8654)
Autobuild-User(v4-21-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-21-test): Wed Aug 21 11:19:48 UTC 2024 on atb-devel-224
- - - - -
37bbe0ca by Shachar Sharon at 2024-08-26T11:09:31+00:00
s3:smbd: fix NULL dereference in case of readlink failure
When VFS readlinkat hook returns with error the following sequence
yields NULL-pointer dereference (SIGSEGV):
symlink_target_below_conn (source3/smbd/open.c)
char *target = NULL;
...
readlink_talloc (source3/smbd/files.c)
SMB_VFS_READLINKAT
smb_vfs_call_readlinkat (source3/smbd/vfs.c)
handle->fns->readlinkat_fn --> returns error
status = safe_symlink_target_path(.., target /* NULL */ ..)
safe_symlink_target_path (source3/smbd/filename.c)
if (target[0] == '/') { /* NULL pointer dereference */
A failure in VFS module's readlinkat hook may happen due to run-time
error (e.g., network failure which cases libcephfs to disconnect from
MDS).
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15700
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: John Mulligan <jmulligan at redhat.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Fri Aug 23 09:27:06 UTC 2024 on atb-devel-224
(cherry picked from commit 168966a053045476a84044aa73f66722eb702fe0)
Autobuild-User(v4-21-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-21-test): Mon Aug 26 11:09:31 UTC 2024 on atb-devel-224
- - - - -
a8dda787 by Jule Anger at 2024-08-27T15:02:48+02:00
WHATSNEW: Add release notes for Samba 4.21.0rc4.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
5bb01bb6 by Jule Anger at 2024-08-27T15:08:41+02:00
VERSION: Disable GIT_SNAPSHOT for the 4.21.0rc4 release.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
d7f49d90 by Jule Anger at 2024-08-27T15:09:16+02:00
VERSION: Bump version up to Samba 4.21.0rc5...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
eed4dfe3 by Noel Power at 2024-08-29T13:10:29+00:00
libcli/smb: Fix failure of Smb3UnixTests.test_create_context_reparse
On tumbleweed at least the definition in py_reparse_put of 'reserved' as
'unsigned' causes the tag value to be overwritten. Note: ParseTuple is
given a format of 'Kk' where
K = unsigned long long (for tag)
k = unsigned long (for reserved)
The problem is 'reserved' is defined as 'unsigned' which on a
64 bit linux system has size 4. The size however of the 'unsigned long' type
on the same 64 bit system is 8. This causes 'tag' to be overwritten by
the value of 'reserved' because it's destination size is smaller than
expected.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15702
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Wed Aug 28 18:38:01 UTC 2024 on atb-devel-224
Autobuild-User(v4-21-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-21-test): Thu Aug 29 13:10:29 UTC 2024 on atb-devel-224
- - - - -
b6ebcd63 by David Disseldorp at 2024-08-29T13:58:13+00:00
s4:torture/smb2: test FSCTL_QUERY_ALLOCATED_RANGES truncation
FSCTL_QUERY_ALLOCATED_RANGES responses with more than one range should
be truncated to account for a ioctl.smb2.in.max_output_response limit.
Add a test for this.
Flag the new test knownfail; fix in subsequent commit.
Signed-off-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
(cherry picked from commit 5cf57f1f539021f1490285516d8cfb2a2ab483e0)
- - - - -
10dddd55 by David Disseldorp at 2024-08-29T15:30:50+00:00
smb2_ioctl: fix truncated FSCTL_QUERY_ALLOCATED_RANGES responses
As per MS-FSA 2.1.5.10.22 FSCTL_QUERY_ALLOCATED_RANGES, if response
range entries exceed in_max_output, then we should respond with
STATUS_BUFFER_OVERFLOW and a truncated output buffer.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15699
Reported-by: David Howells <dhowells at redhat.com>
Signed-off-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
Autobuild-User(master): David Disseldorp <ddiss at samba.org>
Autobuild-Date(master): Wed Aug 28 08:54:11 UTC 2024 on atb-devel-224
(cherry picked from commit 5e278a52646a48e3671270e5b57ec5b852f9fb4b)
Autobuild-User(v4-21-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-21-test): Thu Aug 29 15:30:50 UTC 2024 on atb-devel-224
- - - - -
c9bc9150 by Jule Anger at 2024-09-02T08:31:25+00:00
Revert "smb2_ioctl: fix truncated FSCTL_QUERY_ALLOCATED_RANGES responses"
This reverts commit 10dddd55152efbe578b01b25c8bb58a9ea7abc3b.
Wrong patchset applied. This is the one for 4.19/4.20. The correct patch
set will be the subsequent commits.
See: https://bugzilla.samba.org/show_bug.cgi?id=15699
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
1bddcb30 by Jule Anger at 2024-09-02T08:31:25+00:00
Revert "s4:torture/smb2: test FSCTL_QUERY_ALLOCATED_RANGES truncation"
This reverts commit b6ebcd635a0cbcabb512230ced1392c68d008bae.
Wrong patchset applied. This is the one for 4.19/4.20. The correct patch
set will be the subsequent commits.
See: https://bugzilla.samba.org/show_bug.cgi?id=15699
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
d231f0c8 by David Disseldorp at 2024-09-02T08:31:25+00:00
s4:torture/smb2: test FSCTL_QUERY_ALLOCATED_RANGES truncation
FSCTL_QUERY_ALLOCATED_RANGES responses with more than one range should
be truncated to account for a ioctl.smb2.in.max_output_response limit.
Add a test for this.
Flag the new test knownfail; fix in subsequent commit.
Signed-off-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
(cherry picked from commit 5cf57f1f539021f1490285516d8cfb2a2ab483e0)
- - - - -
b2ce6308 by David Disseldorp at 2024-09-02T08:31:25+00:00
smb2_ioctl: fix truncated FSCTL_QUERY_ALLOCATED_RANGES responses
As per MS-FSA 2.1.5.10.22 FSCTL_QUERY_ALLOCATED_RANGES, if response
range entries exceed in_max_output, then we should respond with
STATUS_BUFFER_OVERFLOW and a truncated output buffer.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15699
Reported-by: David Howells <dhowells at redhat.com>
Signed-off-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
Autobuild-User(master): David Disseldorp <ddiss at samba.org>
Autobuild-Date(master): Wed Aug 28 08:54:11 UTC 2024 on atb-devel-224
(cherry picked from commit 5e278a52646a48e3671270e5b57ec5b852f9fb4b)
- - - - -
66ae6948 by Douglas Bagnall at 2024-09-02T08:31:25+00:00
WHATSNEW: LDB unicode changes
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Signed-off-by: Jennifer Sutton <jennifersutton at catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8423ea48 by Andrew Bartlett at 2024-09-02T08:31:25+00:00
WHATSNEW: group managed service accounts
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Signed-off-by: Jennifer Sutton <jennifersutton at catalyst.net.nz>
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
acf8afd4 by Douglas Bagnall at 2024-09-02T08:31:25+00:00
WHATSNEW: samba-tool domain kds
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Signed-off-by: Jennifer Sutton <jennifersutton at catalyst.net.nz>
- - - - -
3f9b358f by Andrew Bartlett at 2024-09-02T08:31:25+00:00
WHATSNEW: PKINIT freshness in heimdal
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Signed-off-by: Jennifer Sutton <jennifersutton at catalyst.net.nz>
- - - - -
9c92d2b5 by Andrew Bartlett at 2024-09-02T08:31:25+00:00
WHATSNEW: samba-tool authentication policy command restructure
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Signed-off-by: Jennifer Sutton <jennifersutton at catalyst.net.nz>
- - - - -
9a042a5d by Douglas Bagnall at 2024-09-02T08:31:25+00:00
WHATSNEW: Functional level 2012R2
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
b76a5d99 by Douglas Bagnall at 2024-09-02T08:31:25+00:00
WHATSNEW: build option changes
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Signed-off-by: Jennifer Sutton <jennifersutton at catalyst.net.nz>
- - - - -
b904a17d by Douglas Bagnall at 2024-09-02T08:31:25+00:00
WHATSNEW: more deterministic builds
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Signed-off-by: Jennifer Sutton <jennifersutton at catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
99e23f67 by Douglas Bagnall at 2024-09-02T08:31:25+00:00
WHATSNEW: command line secret redaction
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Signed-off-by: Jennifer Sutton <jennifersutton at catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
83a08984 by Jennifer Sutton at 2024-09-02T08:31:25+00:00
WHATSNEW: updated name
Signed-off-by: Jennifer Sutton <jennifersutton at catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
06cf7b7b by Shachar Sharon at 2024-09-02T08:31:25+00:00
vfs_ceph_new: add missing newline in debug-logging
Commit d00f20f3 ("vfs_ceph_new: debug-log upon libcephfs low-level
calls") introduced debug-logging before each call to libcephfs low-level
APIs. Unfortunately, one of the logging messages missed the terminating
newline ('\n') character.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: John Mulligan <jmulligan at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
Autobuild-User(master): Anoop C S <anoopcs at samba.org>
Autobuild-Date(master): Wed Aug 21 14:18:07 UTC 2024 on atb-devel-224
(cherry picked from commit cbba4008a7fb9e6e91d0568f25ac481b60fda96f)
- - - - -
6071ea83 by Shachar Sharon at 2024-09-02T10:01:41+00:00
vfs_ceph_new: handle case of readlinkat with empty name string
Commit 53c9269b (vfs_ceph_new: use low-level APIs for symlink/readlink)
introduced readlinkat using libcephfs low-level APIs. However, it does
not handle properly the case where readlinkat operates on empty name
string (see man readlinkat(2)), such as:
fd = openat(dirfd, symname, O_PATH | O_NOFOLLOW, 0);
readlinkat(fd, "", buf, bufsiz);
Handle this special case of readlinkat with empty name string by using
a reference to the symlink inode itself.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
Autobuild-User(master): Anoop C S <anoopcs at samba.org>
Autobuild-Date(master): Fri Aug 30 10:42:27 UTC 2024 on atb-devel-224
(cherry picked from commit 22182f90e8e7876a9895f77e736d2b96b18b174f)
Autobuild-User(v4-21-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-21-test): Mon Sep 2 10:01:41 UTC 2024 on atb-devel-224
- - - - -
1bb2ce3b by Jule Anger at 2024-09-02T13:35:31+02:00
WHATSNEW: Add release notes for Samba 4.21.0.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
1c7d4b5b by Jule Anger at 2024-09-02T13:36:47+02:00
VERSION: Disable GIT_SNAPSHOT for the 4.21.0 release.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
9db25147 by Michael Tokarev at 2024-09-02T17:05:28+03:00
switch to 4.21 branch
- - - - -
45b7c315 by Michael Tokarev at 2024-09-02T17:05:56+03:00
New upstream version 4.21.0+dfsg
- - - - -
4d12c178 by Michael Tokarev at 2024-09-02T17:06:12+03:00
Update upstream source from tag 'upstream/4.21.0+dfsg'
Update to upstream version '4.21.0+dfsg'
with Debian dir 5401d10e1e3b0597459b384e4e4c2d7c45b53dd6
- - - - -
d2b4e793 by Michael Tokarev at 2024-09-02T17:07:02+03:00
fix-nfs-service-name-to-nfs-kernel-server.patch: refresh
- - - - -
8ef54886 by Michael Tokarev at 2024-09-02T17:07:02+03:00
heimdal-spelling.patch: disable for now
- - - - -
f9d94955 by Michael Tokarev at 2024-09-02T17:07:02+03:00
d/rules: ldb lib is now private by default, expose it as public
- - - - -
49ed655b by Michael Tokarev at 2024-09-02T17:07:02+03:00
Force-LDB-as-standalone.patch: remove
- - - - -
6db0845c by Michael Tokarev at 2024-09-02T17:07:02+03:00
d/rules: ldb uses LDB_VERSION variable now, not VERSION
- - - - -
02b5cd31 by Michael Tokarev at 2024-09-02T17:07:02+03:00
d/ctdb.install: no more sudoers file
- - - - -
519c26a0 by Michael Tokarev at 2024-09-02T17:07:02+03:00
d/samba-libs.symbols, d/control, d/samba-libs.install: libndr4=>libndr5
d/control: libndr4=>libndr5
samba-libs.install: libndr4=>libndr5
- - - - -
27b27d93 by Michael Tokarev at 2024-09-02T17:07:02+03:00
samba-libs.install, samba-dev.install, python3-samba.install, python3-ldb.install: refresh libs (with lintian-overrides)
- - - - -
c406a917 by Michael Tokarev at 2024-09-02T17:07:02+03:00
samba-libs.install, samba-dev.install: new (semi-public) library: libsamba-policy.so
- - - - -
08cd2c00 by Michael Tokarev at 2024-09-02T17:07:02+03:00
libldb2.symbols: add new symbols & 2.10.0 version (and remove 2.9.1 minor version)
- - - - -
b38cd1d2 by Michael Tokarev at 2024-09-02T17:07:02+03:00
samba-libs.install: new private library: libsamba-net-private-samba.so.0
- - - - -
fe5c1df2 by Michael Tokarev at 2024-09-02T17:07:02+03:00
d/control: bump libtdb version dependency to 1.4.12
- - - - -
4467095f by Michael Tokarev at 2024-09-02T17:39:43+03:00
d/ctdb.install: install usr/share/ctdb/scripts/winbind_ctdb_updatekeytab.sh
- - - - -
1f0492de by Michael Tokarev at 2024-09-02T17:48:52+03:00
update changelog; upload version 4.21.0+dfsg-1 to unstable
- - - - -
30 changed files:
- .gitlab-ci-main.yml
- + .mailmap
- README.Coding.md
- VERSION
- WHATSNEW.txt
- auth/credentials/credentials.c
- auth/credentials/credentials.h
- + auth/credentials/credentials_gmsa.c
- auth/credentials/credentials_krb5.c
- auth/credentials/credentials_krb5.h
- auth/credentials/pycredentials.c
- auth/credentials/tests/bind.py
- auth/credentials/tests/test_creds.c
- auth/credentials/wscript_build
- auth/gensec/gensec.h
- auth/gensec/gensec_internal.h
- auth/gensec/gensec_start.c
- auth/gensec/gensec_util.c
- auth/gensec/spnego.c
- auth/ntlmssp/gensec_ntlmssp_server.c
- auth/ntlmssp/ntlmssp_client.c
- bootstrap/.gitlab-ci.yml
- bootstrap/config.py
- bootstrap/generated-dists/Vagrantfile
- bootstrap/generated-dists/fedora39/Dockerfile → bootstrap/generated-dists/centos9s/Dockerfile
- bootstrap/generated-dists/centos7/bootstrap.sh → bootstrap/generated-dists/centos9s/bootstrap.sh
- bootstrap/generated-dists/centos7/locale.sh → bootstrap/generated-dists/centos9s/locale.sh
- bootstrap/generated-dists/centos7/packages.yml → bootstrap/generated-dists/centos9s/packages.yml
- bootstrap/generated-dists/centos7/Dockerfile → bootstrap/generated-dists/fedora40/Dockerfile
- bootstrap/generated-dists/fedora39/bootstrap.sh → bootstrap/generated-dists/fedora40/bootstrap.sh
The diff was not included because it is too large.
View it on GitLab: https://salsa.debian.org/samba-team/samba/-/compare/213d2e8d9ddfce92e15d6bf136223aabea8fc89b...1f0492de4b0a6282b2ace267755c1606c129b0b8
--
View it on GitLab: https://salsa.debian.org/samba-team/samba/-/compare/213d2e8d9ddfce92e15d6bf136223aabea8fc89b...1f0492de4b0a6282b2ace267755c1606c129b0b8
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-samba-maint/attachments/20240902/afb66477/attachment-0001.htm>
More information about the Pkg-samba-maint
mailing list