Ralph Boehme [Mon, 21 Sep 2020 05:48:43 +0000 (07:48 +0200)]
s3: fix fcntl waf configure check
RN: Fix fcntl waf configure check
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14503
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Sep 21 07:26:54 UTC 2020 on sn-devel-184
Gary Lockyer [Fri, 18 Sep 2020 03:57:34 +0000 (15:57 +1200)]
CVE-2020-1472(ZeroLogon): s4 torture rpc: repeated bytes in client challenge
Ensure that client challenges with the first 5 bytes identical are
rejected.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Sep 18 14:13:17 UTC 2020 on sn-devel-184
Gary Lockyer [Fri, 18 Sep 2020 00:39:54 +0000 (12:39 +1200)]
CVE-2020-1472(ZeroLogon): s4 torture rpc: Test empty machine acct pwd
Ensure that an empty machine account password can't be set by
netr_ServerPasswordSet2
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Thu, 17 Sep 2020 15:27:54 +0000 (17:27 +0200)]
CVE-2020-1472(ZeroLogon): docs-xml: document 'server require schannel:COMPUTERACCOUNT'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Günther Deschner [Thu, 17 Sep 2020 12:42:52 +0000 (14:42 +0200)]
CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: log warnings about unsecure configurations
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Günther Deschner <gd@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Günther Deschner [Thu, 17 Sep 2020 12:23:16 +0000 (14:23 +0200)]
CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: support "server require schannel:WORKSTATION$ = no"
This allows to add expections for individual workstations, when using "server schannel = yes".
"server schannel = auto" is very insecure and will be removed soon.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Günther Deschner <gd@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Günther Deschner [Thu, 17 Sep 2020 12:57:22 +0000 (14:57 +0200)]
CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: refactor dcesrv_netr_creds_server_step_check()
We should debug more details about the failing request.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Günther Deschner <gd@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Stefan Metzmacher [Thu, 17 Sep 2020 11:37:26 +0000 (13:37 +0200)]
CVE-2020-1472(ZeroLogon): s4:rpc_server/netlogon: log warnings about unsecure configurations
This should give admins wawrnings until they have a secure
configuration.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Stefan Metzmacher [Wed, 16 Sep 2020 08:56:53 +0000 (10:56 +0200)]
CVE-2020-1472(ZeroLogon): s4:rpc_server/netlogon: support "server require schannel:WORKSTATION$ = no"
This allows to add expections for individual workstations, when using "server schannel = yes".
"server schannel = auto" is very insecure and will be removed soon.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Stefan Metzmacher [Wed, 16 Sep 2020 08:18:45 +0000 (10:18 +0200)]
CVE-2020-1472(ZeroLogon): s4:rpc_server/netlogon: refactor dcesrv_netr_creds_server_step_check()
We should debug more details about the failing request.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Jeremy Allison [Wed, 16 Sep 2020 19:53:50 +0000 (12:53 -0700)]
CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: protect netr_ServerPasswordSet2 against unencrypted passwords
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Jeremy Allison [Wed, 16 Sep 2020 19:48:21 +0000 (12:48 -0700)]
CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: Fix mem leak onto p->mem_ctx in error path of _netr_ServerPasswordSet2().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Stefan Metzmacher [Wed, 16 Sep 2020 17:20:25 +0000 (19:20 +0200)]
CVE-2020-1472(ZeroLogon): s4:rpc_server/netlogon: protect netr_ServerPasswordSet2 against unencrypted passwords
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Stefan Metzmacher [Wed, 16 Sep 2020 14:17:29 +0000 (16:17 +0200)]
CVE-2020-1472(ZeroLogon): libcli/auth: reject weak client challenges in netlogon_creds_server_init()
This implements the note from MS-NRPC 3.1.4.1 Session-Key Negotiation:
7. If none of the first 5 bytes of the client challenge is unique, the
server MUST fail session-key negotiation without further processing of
the following steps.
It lets ./zerologon_tester.py from
https://github.com/SecuraBV/CVE-2020-1472.git
report: "Attack failed. Target is probably patched."
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Stefan Metzmacher [Wed, 16 Sep 2020 14:15:26 +0000 (16:15 +0200)]
CVE-2020-1472(ZeroLogon): libcli/auth: add netlogon_creds_is_random_challenge() to avoid weak values
This is the check Windows is using, so we won't generate challenges,
which are rejected by Windows DCs (and future Samba DCs).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Stefan Metzmacher [Wed, 16 Sep 2020 14:10:53 +0000 (16:10 +0200)]
CVE-2020-1472(ZeroLogon): s4:rpc_server:netlogon: make use of netlogon_creds_random_challenge()
This is not strictly needed, but makes things more clear.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Stefan Metzmacher [Wed, 16 Sep 2020 14:10:53 +0000 (16:10 +0200)]
CVE-2020-1472(ZeroLogon): s3:rpc_server:netlogon: make use of netlogon_creds_random_challenge()
This is not strictly needed, but makes things more clear.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Stefan Metzmacher [Wed, 16 Sep 2020 14:08:38 +0000 (16:08 +0200)]
CVE-2020-1472(ZeroLogon): libcli/auth: make use of netlogon_creds_random_challenge() in netlogon_creds_cli.c
This will avoid getting rejected by the server if we generate
a weak challenge.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Stefan Metzmacher [Wed, 16 Sep 2020 14:07:30 +0000 (16:07 +0200)]
CVE-2020-1472(ZeroLogon): s4:torture/rpc: make use of netlogon_creds_random_challenge()
This will avoid getting flakey tests once our server starts to
reject weak challenges.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Stefan Metzmacher [Wed, 16 Sep 2020 14:04:57 +0000 (16:04 +0200)]
CVE-2020-1472(ZeroLogon): libcli/auth: add netlogon_creds_random_challenge()
It's good to have just a single isolated function that will generate
random challenges, in future we can add some logic in order to
avoid weak values, which are likely to be rejected by a server.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Björn Jacke [Mon, 7 Sep 2020 21:53:21 +0000 (23:53 +0200)]
nt_printing_ads: add missing printShareName attribute when publishing printers
Without printShareName attribute in LDAP, Windows doesn't list the pinters at all.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9771
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Sep 18 01:58:22 UTC 2020 on sn-devel-184
Björn Jacke [Mon, 7 Sep 2020 18:09:56 +0000 (20:09 +0200)]
cli_winreg_spoolss: handle also printer sharename
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9771
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Björn Jacke [Mon, 7 Sep 2020 21:45:06 +0000 (23:45 +0200)]
srv_spoolss_nt.c: fix wrong value in debug message
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Samuel Cabrero [Tue, 15 Sep 2020 10:32:44 +0000 (12:32 +0200)]
tests: Disable kerberos for weak crypto test
Otherwise the test fails because the client is authenticated using
spnego and gse_krb5, not triggering the weak crypto restrictions.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Thu Sep 17 00:05:51 UTC 2020 on sn-devel-184
Samuel Cabrero [Tue, 15 Sep 2020 11:32:00 +0000 (13:32 +0200)]
selftest: set pid directory in client's smb.conf
Set a pid file directory to avoid the following testparm error:
ERROR: pid directory /usr/local/samba/var/run does not exist
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Samuel Cabrero [Wed, 16 Sep 2020 11:00:33 +0000 (13:00 +0200)]
selftest: Create client directories in a loop
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Jeremy Allison [Wed, 9 Sep 2020 17:58:20 +0000 (10:58 -0700)]
s3: libsmb: Cleanup - in internal_resolve_name() only write the out parameters on success.
All callers already correctly initialize them.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Tue Sep 15 11:33:35 UTC 2020 on sn-devel-184
Jeremy Allison [Wed, 9 Sep 2020 17:48:19 +0000 (10:48 -0700)]
s3: Remove struct ip_service.
---------------
/ \
/ REST \
/ IN \
/ PEACE \
/ \
| |
| struct ip_service |
| |
| |
| 9 August |
| In the year of the |
| pandemic |
| 2020 |
*| * * * | *
_________)/\\_//(\/(/\)/\//\/\////|_)_______
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
Jeremy Allison [Wed, 9 Sep 2020 17:46:49 +0000 (10:46 -0700)]
s3: libsmb: namequery. Rename remove_duplicate_addrs2_sa() to remove_duplicate_addrs2()
It's now the only function.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
Jeremy Allison [Wed, 9 Sep 2020 17:45:21 +0000 (10:45 -0700)]
s3: libsmb: namequery.c: Remove unused remove_duplicate_addrs2().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
Jeremy Allison [Wed, 9 Sep 2020 17:43:45 +0000 (10:43 -0700)]
s3: libsmb: namequery.c: Remove now unused internal_resolve_name() wrapper.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
Jeremy Allison [Wed, 9 Sep 2020 17:42:46 +0000 (10:42 -0700)]
s3: libsmb: namequery.c: Remove now unused convert_ss2service().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
Jeremy Allison [Wed, 9 Sep 2020 17:42:09 +0000 (10:42 -0700)]
s3: libsmb: namequery.c: Remove now unused ip_service_to_samba_sockaddr().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
Jeremy Allison [Wed, 9 Sep 2020 17:41:02 +0000 (10:41 -0700)]
3: libsmb: namequery: Convert _internal_resolve_name() -> internal_resolve_name() returning talloced samba_sockaddr arrays.
Wrapper function internal_resolve_name() is now commented out,
along with the now unused ip_service_to_samba_sockaddr() and
convert_ss2service() functions.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
Jeremy Allison [Wed, 9 Sep 2020 17:24:13 +0000 (10:24 -0700)]
s3: libsmb: namequery: Add utility function sockaddr_array_to_samba_sockaddr_array().
Not yet used. Will help convert _internal_resolve_name() to internal_resolve_name().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
Jeremy Allison [Wed, 9 Sep 2020 17:17:31 +0000 (10:17 -0700)]
s3: libsmb: Rename prioritize_ipv4_list_sa() -> prioritize_ipv4_list() now it's the only use.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
Jeremy Allison [Wed, 9 Sep 2020 17:16:54 +0000 (10:16 -0700)]
s3: libsmb: Remove unused prioritize_ipv4_list().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
Jeremy Allison [Wed, 9 Sep 2020 17:14:30 +0000 (10:14 -0700)]
s3: libsmb: Tidy up the talloc heirarchy allocation in get_dc_list().
Always allocate the return_salist off the frame pointer.
Only talloc_move() to return ctx on successful return.
Cleans up a nasty else in the exit path that caused
problems in the past - we can now always TALLOC_FREE(return_salist)
without remembering if we need to return it.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
Jeremy Allison [Wed, 9 Sep 2020 17:11:34 +0000 (10:11 -0700)]
s3: libsmb: Convert get_dc_list() to call internal_resolve_name() not _internal_resolve_name().
prioritize_ipv4_list() is no longer used.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
Jeremy Allison [Wed, 9 Sep 2020 16:53:50 +0000 (09:53 -0700)]
s3: libsmb: Remove now unused internal functions ip_service_compare() and sort_service_list().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
Jeremy Allison [Wed, 9 Sep 2020 16:53:07 +0000 (09:53 -0700)]
s3: libsmb: Convert get_pdc_ip() to call internal_resolve_name() not _internal_resolve_name().
NB. sort_service_list() and ip_service_compare() are now no
longer used so comment them out for removal.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
Jeremy Allison [Wed, 9 Sep 2020 16:50:32 +0000 (09:50 -0700)]
s3: libsmb: Convert find_master_ip() to call internal_resolve_name() not _internal_resolve_name().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
Jeremy Allison [Wed, 9 Sep 2020 16:48:25 +0000 (09:48 -0700)]
s3: libsmb: Convert resolve_name_list() to call internal_resolve_name() not _internal_resolve_name().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
Jeremy Allison [Wed, 9 Sep 2020 16:45:10 +0000 (09:45 -0700)]
s3: libsmb: Convert resolve_name() to call internal_resolve_name() not _internal_resolve_name().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
Jeremy Allison [Wed, 9 Sep 2020 16:40:17 +0000 (09:40 -0700)]
s3: libsmb: Rename internal_resolve_name_sa() -> internal_resolve_name()
That's now the only external interface to it.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
Jeremy Allison [Wed, 9 Sep 2020 16:38:10 +0000 (09:38 -0700)]
s3: libsmb: Remove the internal_resolve_name() external interface.
Change the internal version from internal_resolve_name() -> _internal_resolve_name().
Only external caller calls internal_resolve_name_sa().
After this we can rename internal_resolve_name_sa() back to internal_resolve_name()
as all internal use in namequery.c is via _internal_resolve_name().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
Jeremy Allison [Wed, 9 Sep 2020 16:35:35 +0000 (09:35 -0700)]
s3: libsmb: Fix discover_dc_netbios() to call internal_resolve_name_sa().
All callers of internal_resolve_name() are now internal to namequery.c
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
Jeremy Allison [Wed, 9 Sep 2020 16:32:23 +0000 (09:32 -0700)]
s3: libsmb: Add internal_resolve_name_sa(). A wrapper for internal_resolve_name().
Not yet used. Now to fix the callers, and convert internal_resolve_name().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <jra@samba.org>
Jeremy Allison [Wed, 9 Sep 2020 16:26:54 +0000 (09:26 -0700)]
s3: libsmb: Add prioritize_ipv4_list_sa().
Re-arranges a samba_sockaddr array in IPv4 preference.
Not yet used so compiles but ifdef'ed out. Needed for conversion
of internal_resolve_name().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
Jeremy Allison [Wed, 9 Sep 2020 16:25:07 +0000 (09:25 -0700)]
3: torture: Use remove_duplicate_addrs2_sa() instead of remove_duplicate_addrs2() in LOCAL-remove_duplicate_addrs2 test.
Spoiler, still passes :-).
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
Jeremy Allison [Wed, 9 Sep 2020 16:18:36 +0000 (09:18 -0700)]
s3: libsmb: Add remove_duplicate_addrs2_sa() - uses samba_sockaddr.
Not yet used, will be used when we migrate internal_resolve_name()
to samba_sockaddr.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
Jeremy Allison [Wed, 9 Sep 2020 16:11:08 +0000 (09:11 -0700)]
s3: libsmb: Convert internal function get_dc_list() to return a samba_sockaddr array.
Callers now don't need to convert. Getting closer to making internal_resolve_name()
return samba_sockaddr array.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
`
Jeremy Allison [Wed, 9 Sep 2020 01:07:28 +0000 (18:07 -0700)]
s3: libsmb: Rename get_sorted_dc_list_sa() -> get_sorted_dc_list().
Everyone now uses samba_sockaddr arrays.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.com>
Jeremy Allison [Wed, 9 Sep 2020 01:03:23 +0000 (18:03 -0700)]
s3: libsmb: Remove get_sorted_dc_list(). No longer used.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
Jeremy Allison [Wed, 9 Sep 2020 01:02:18 +0000 (18:02 -0700)]
s3: libsmb: Remove last caller of get_sorted_dc_list() from rpc_dc_name().
Now only get_sorted_dc_list_sa() left.
Now we can remove get_sorted_dc_list() and rename
get_sorted_dc_list_sa() back to get_sorted_dc_list().
One more external user of struct ip_service gone.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
Jeremy Allison [Wed, 9 Sep 2020 00:58:06 +0000 (17:58 -0700)]
s3: winbind: Fix get_dcs() to use get_sorted_dc_list_sa().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
Jeremy Allison [Tue, 8 Sep 2020 23:38:09 +0000 (16:38 -0700)]
s3: libads: Rename cldap_ping_list_sa() -> cldap_ping_list().
The old cldap_ping_list() is now gone.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
Jeremy Allison [Tue, 8 Sep 2020 23:37:29 +0000 (16:37 -0700)]
s3: libads: Remove cldap_ping_list().
No longer used.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
Jeremy Allison [Tue, 8 Sep 2020 23:36:40 +0000 (16:36 -0700)]
s3: libads: Make resolve_and_ping_dns() use get_sorted_dc_list_sa().
We no longer use cldap_ping_list(), comment it out
for removal.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
Jeremy Allison [Tue, 8 Sep 2020 23:35:01 +0000 (16:35 -0700)]
s3: libads: Make resolve_and_ping_netbios() use get_sorted_dc_list_sa().
Now we use cldap_ping_list_sa() so uncomment it.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
Jeremy Allison [Tue, 8 Sep 2020 23:33:25 +0000 (16:33 -0700)]
s3: libads: Add an alternate version of cldap_ping_list() that takes an array of samba_sockaddrs.
Preparing for get_sorted_dc_list() returning such an array.
ifdef'ed out as not yet used.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
Jeremy Allison [Tue, 8 Sep 2020 23:31:18 +0000 (16:31 -0700)]
s3: utils: Make net_lookup_dc() use get_sorted_dc_list_sa().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
Jeremy Allison [Tue, 8 Sep 2020 23:29:35 +0000 (16:29 -0700)]
s3: libsmb: Add function get_sorted_dc_list_sa(). Returns samba_sockaddr array.
Now to fix callers.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
Jeremy Allison [Tue, 8 Sep 2020 23:24:25 +0000 (16:24 -0700)]
s3: libsmb: Rename get_kdc_list_sa() back to get_kdc_list().
The samba_sockaddr interface is now the only one.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
Jeremy Allison [Tue, 8 Sep 2020 23:22:21 +0000 (16:22 -0700)]
s3: libsmb: Remove get_kdc_list(). No more callers.
Next we can rename get_kdc_list_sa() -> get_kdc_list().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
Jeremy Allison [Tue, 8 Sep 2020 23:21:18 +0000 (16:21 -0700)]
s3: libads: Convert get_kdc_ip_string() to use get_kdc_list_sa().
No more callers of get_kdc_list().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
Jeremy Allison [Tue, 8 Sep 2020 23:11:47 +0000 (16:11 -0700)]
s3: utils: Make net_lookup_kdc() use get_kdc_list_sa().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
Jeremy Allison [Tue, 8 Sep 2020 23:09:53 +0000 (16:09 -0700)]
s3: libsmb: Add get_kdc_list_sa() returns samba_sockaddr array.
Not yet used, but uses the previous utility functions.
Now to convert the get_kdc_list() callers and remove
one more external use of ip_service.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
Jeremy Allison [Tue, 8 Sep 2020 23:03:20 +0000 (16:03 -0700)]
s3: libsmb: Add sort_sa_list() compare function. Not yet used.
Ready for when we start returning ordered samba_sockaddr arrays.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
Jeremy Allison [Tue, 8 Sep 2020 23:01:37 +0000 (16:01 -0700)]
s3: libsmb: Make sort_addr_list() and sort_service_list() take size_t counts.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
Jeremy Allison [Tue, 8 Sep 2020 23:00:27 +0000 (16:00 -0700)]
s3: libads: Use size_t counts inside cldap_ping_list().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
Jeremy Allison [Tue, 8 Sep 2020 22:59:46 +0000 (15:59 -0700)]
s3: libads: Reformat args to cldap_ping_list().
Pure reformatting.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
Jeremy Allison [Tue, 8 Sep 2020 22:58:57 +0000 (15:58 -0700)]
s3: libsmb: Make prioritize_ipv4_list() use size_t counts.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
Jeremy Allison [Tue, 8 Sep 2020 22:58:07 +0000 (15:58 -0700)]
s3: libsmb: Fix the count returns in discover_dc_netbios(), discover_dc_dns(), process_dc_dns() to return size_t * counts.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
Noel Power [Thu, 10 Sep 2020 15:37:08 +0000 (16:37 +0100)]
s3/libsmb: cleanup discover_dc_dns() Fix potential leak
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Noel Power [Thu, 10 Sep 2020 15:23:27 +0000 (16:23 +0100)]
s3/libsmb: cleanup discover_dc_dns, only set out params on success
Signed-off-by: Noel Power <npower@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Jeremy Allison [Thu, 10 Sep 2020 15:19:37 +0000 (16:19 +0100)]
lib: addns: Fix ads_dns_lookup_ns(), ads_dns_query_dcs(), ads_dns_query_gcs(), ads_dns_query_kdcs(), ads_dns_query_pdc() to return size_t *.
Easier to do all callers at once.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
Jeremy Allison [Tue, 8 Sep 2020 22:45:32 +0000 (15:45 -0700)]
lib: addns: Fix ads_dns_lookup_srv() and functions to return size_t * num servers.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
Jeremy Allison [Tue, 8 Sep 2020 22:28:14 +0000 (15:28 -0700)]
s3: libsmb: internal_resolve_name() - get rid of the icount variables.
Plus the paranoia check. Everything now uses size_t * returns.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
Jeremy Allison [Tue, 8 Sep 2020 22:24:26 +0000 (15:24 -0700)]
s3: libsmb: Make resolve_ads() return a size_t * address count.
All resolve_XXXX() functions inside internal_resolve_name()
now use size_t and we can clean this up.
Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Noel Power<npower@samba.org>
Jeremy Allison [Tue, 8 Sep 2020 22:18:33 +0000 (15:18 -0700)]
s3: libsmb: Fix resolve_hosts() to return size_t * count of addresses.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
Jeremy Allison [Tue, 8 Sep 2020 21:04:41 +0000 (14:04 -0700)]
s3: libsmb: cleanup resolve_hosts() - don't change return values on fail.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
Jeremy Allison [Tue, 8 Sep 2020 20:58:49 +0000 (13:58 -0700)]
libcli: nbt: Fix resolve_lmhosts_file_as_sockaddr() to return size_t * count of addresses.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
Jeremy Allison [Tue, 8 Sep 2020 20:54:55 +0000 (13:54 -0700)]
libcli: nbt: cleanup resolve_lmhosts_file_as_sockaddr() - don't change return values on fail.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
Jeremy Allison [Tue, 8 Sep 2020 20:37:59 +0000 (13:37 -0700)]
s3: libsmb: Convert the WINS and broadcast name functions to return size_t * num addresses.
Have to do both at once as they are intimately related.
The uglyness inside internal_resolve_name() will go away
once all the resove_XXX() functions return size_t values.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
Noel Power [Thu, 10 Sep 2020 09:27:26 +0000 (10:27 +0100)]
s3/libsmb: Cleanup parse_node_status() only set out params on success
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Jeremy Allison [Tue, 8 Sep 2020 20:07:07 +0000 (13:07 -0700)]
s3: libsmb: Convert node_status_query() and associated functions and callers to expect a size_t * return.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
Laurent Menase [Wed, 20 May 2020 10:31:53 +0000 (12:31 +0200)]
winbind: Fix a memleak
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14388
Signed-off-by: Laurent Menase <laurent.menase@hpe.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Sep 14 13:33:13 UTC 2020 on sn-devel-184
Christof Schmitt [Fri, 11 Sep 2020 17:22:10 +0000 (10:22 -0700)]
smbclient: Remove unused reference to extern override_logfile
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Sat Sep 12 07:53:56 UTC 2020 on sn-devel-184
Christof Schmitt [Fri, 11 Sep 2020 17:19:15 +0000 (10:19 -0700)]
lib: Make get_share_security_default static
Reviewed-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Christof Schmitt [Wed, 19 Aug 2020 22:43:44 +0000 (15:43 -0700)]
s3:VFS: Remove function declaration for vfs_posixacl_init
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Andreas Schneider [Thu, 10 Sep 2020 09:34:50 +0000 (11:34 +0200)]
waf: Only use gnutls_aead_cipher_encryptv2() for GnuTLS > 3.6.14
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14399
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Sep 11 08:27:26 UTC 2020 on sn-devel-184
Andrew Bartlett [Thu, 10 Sep 2020 21:36:29 +0000 (09:36 +1200)]
bootstrap: Fix the spelling of README.md (again) and get a new GnuTLS
We re-run ./bootstrap/template.py --render to get a new GnuTLS on Fedora 32
This was missed with
7dc535995bbdb42b1b053c22acff5978cb5da516
and so caused
e0e51632cf77be439ebcbcba025a42e8558fa824 to
break the sha1sum and so require
7077be01a3cc860ce1fcfafd9e5028829f0c1887
to fix it.
The sha1sum changes because we fixed the bug about the spelling of
README.md, which is helpful because otherwise we would not get a
new image.
This provides a GnuTLS 3.6.15 so that we still test using GnuTLS's
gnutls_aead_cipher_encryptv2() for the SMB encryption codepath.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14399
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Martin Schwenke [Thu, 6 Aug 2020 11:35:14 +0000 (21:35 +1000)]
ctdb-daemon: Drop implementation of old-style database pull/push controls
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Fri Sep 11 06:29:32 UTC 2020 on sn-devel-184
Martin Schwenke [Thu, 6 Aug 2020 11:30:34 +0000 (21:30 +1000)]
ctdb-protocol: Drop marshalling functions for old-style database pull/push
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Thu, 6 Aug 2020 07:30:18 +0000 (17:30 +1000)]
ctdb-protocol: Drop client functions for old-style database pull/push
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Thu, 6 Aug 2020 07:28:30 +0000 (17:28 +1000)]
ctdb-client: Drop unused synchronous functions for database pull/push
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Thu, 6 Aug 2020 07:25:26 +0000 (17:25 +1000)]
ctdb-recovery: Simplify database push function names
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Thu, 6 Aug 2020 07:19:48 +0000 (17:19 +1000)]
ctdb-recovery: Drop unnecessary database push wrapper
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Thu, 6 Aug 2020 11:47:09 +0000 (21:47 +1000)]
ctdb-recovery: Drop passing of capabilities into database pull
This is no longer necessary because the capability new style database
pull is assumed to always be available.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>