Stefan Metzmacher [Fri, 4 Sep 2020 15:00:45 +0000 (17:00 +0200)]
auth:gensec: If Kerberos is required, keep schannel for machine account auth
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Fri, 4 Sep 2020 12:41:43 +0000 (14:41 +0200)]
auth:gensec: Pass use_kerberos and keep_schannel to gensec_use_kerberos_mechs()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Fri, 4 Sep 2020 12:39:15 +0000 (14:39 +0200)]
auth:gensec: Make gensec_use_kerberos_mechs() a static function
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Fri, 4 Sep 2020 08:48:27 +0000 (10:48 +0200)]
s4:ldap_server: Use samba_server_gensec_start() in ldapsrv_backend_Init()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Fri, 4 Sep 2020 08:47:54 +0000 (10:47 +0200)]
auth:gensec: Add gensec_security_sasl_names()
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
David Mulder [Mon, 24 Aug 2020 19:12:46 +0000 (13:12 -0600)]
waf: upgrade to 2.0.20
This contain an important change:
"Fix gccdeps.scan() returning nodes that no longer exist on disk."
https://gitlab.com/ita1024/waf/-/merge_requests/2293
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Fri, 3 Apr 2020 10:16:08 +0000 (12:16 +0200)]
bootstrap: install perl-JSON on on rpm distributions
This will be needed for the next heimdal import.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 6 Aug 2020 13:27:24 +0000 (15:27 +0200)]
bootstrap: document git push -o ci.variable='SAMBA_CI_REBUILD_IMAGES=yes'
This is much easier than going through the web interface.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Mon, 7 Sep 2020 08:31:36 +0000 (10:31 +0200)]
python/tests/gpo: this should fix a Popen deadlock
It is inspired by commit
5dc773a5b00834c7a53130a73a48f49048bd55e8
Author: Joe Guo <joeg@catalyst.net.nz>
Date: Fri Sep 15 16:13:26 2017 +1200
python: use communicate to fix Popen deadlock
`Popen.wait()` will deadlock when using stdout=PIPE and/or stderr=PIPE and the
child process generates large output to a pipe such that it blocks waiting for
the OS pipe buffer to accept more data. Use communicate() to avoid that.
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Oct 19 09:27:16 CEST 2017 on sn-devel-144
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
Andreas Schneider [Thu, 3 Sep 2020 11:49:33 +0000 (13:49 +0200)]
s3:libads: Also add a realm entry for the domain name
This is required if we try to authenticate as Administrator@DOMAIN so it
can find the KDC. This fixes 'net ads join' for ad_member_fips if we
require Kerberos auth.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14479
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Isaac Boukris <iboukris@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Sep 7 09:25:33 UTC 2020 on sn-devel-184
Andreas Schneider [Thu, 3 Sep 2020 09:45:33 +0000 (11:45 +0200)]
s3:libads: Only add RC4 if weak crypto is allowed
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Isaac Boukris <iboukris@samba.org>
Andreas Schneider [Thu, 3 Sep 2020 09:11:14 +0000 (11:11 +0200)]
s3:libads: Remove DES legacy types for Kerberos
We already removed DES support for Kerberos in Samba 4.12.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Isaac Boukris <iboukris@samba.org>
Hezekiah [Tue, 1 Sep 2020 09:54:39 +0000 (12:54 +0300)]
Fixed arrow keys typo to the computer move command utility
Signed-off-by: Hezekiah <hezekiahmaina3@gmail.com>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): Alexander Bokovoy <ab@samba.org>
Autobuild-Date(master): Fri Sep 4 16:57:30 UTC 2020 on sn-devel-184
David Disseldorp [Wed, 2 Sep 2020 13:19:52 +0000 (15:19 +0200)]
build: avoid some unnecessary list.extend() calls
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Thu Sep 3 13:33:54 UTC 2020 on sn-devel-184
David Disseldorp [Wed, 2 Sep 2020 12:35:21 +0000 (14:35 +0200)]
build: avoid unnecessary TO_LIST() calls for static strings
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
David Disseldorp [Wed, 2 Sep 2020 08:50:04 +0000 (10:50 +0200)]
build: toggle vfs_snapper using --with-shared-modules
7ae03a19b3c ("build: add configure option to control vfs_snapper build")
added new --enable-snapper and --disable-snapper configure parameters to
control whether the vfs_snapper module was built.
The new parameters conflicted with existing
--with-shared-modules=[!]vfs_snapper behaviour.
This change reinstates working --with-shared-modules=[!]vfs_snapper
functionality. vfs_snapper stays enabled by default, but only on Linux.
Linux systems lacking the dbus library and header files should
explicitly disable the module via --with-shared-modules=!vfs_snapper as
documented.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14437
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Björn Jacke <bjacke@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Wed Sep 2 16:24:50 UTC 2020 on sn-devel-184
Volker Lendecke [Sun, 30 Aug 2020 09:45:56 +0000 (11:45 +0200)]
tests: Make sure that idmap_ad retrieves unix nss attributes
Make sure that unix_primary_group and unix_nss_info idmap_ad options
work. We have two domains here and test wbinfo -i for both domains, so
we also run the test without those options for the trusted domain.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Sep 2 10:35:53 UTC 2020 on sn-devel-184
David Mulder [Fri, 28 Aug 2020 21:32:13 +0000 (15:32 -0600)]
GPO: Update the samba-gpupdate man page
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Mulder [Thu, 27 Aug 2020 19:25:44 +0000 (13:25 -0600)]
gpo: Pass necessary parameters to rsop
These parameters were missed by mistake when exts
were modified to be initialized within the rsop
command. Fixes an exception thrown when executing
samba-gpupdate --rsop:
Traceback (most recent call last):
File "/usr/sbin/samba-gpupdate", line 99, in <module>
rsop(lp, creds, gp_extensions, opts.target)
File "/usr/lib64/python3.8/site-packages/samba/gpclass.py", line 512, in rsop
ext = ext(logger, lp, creds, store)
NameError: name 'logger' is not defined
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
David Mulder [Fri, 28 Aug 2020 14:38:41 +0000 (08:38 -0600)]
gpo: Test rsop function for success
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
David Mulder [Thu, 27 Aug 2020 20:22:34 +0000 (14:22 -0600)]
samba-tool: Create unix user with modified template homedir
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Mulder [Thu, 27 Aug 2020 19:13:06 +0000 (13:13 -0600)]
samba-tool: Test creating unix user with modified template homedir
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Douglas Bagnall [Thu, 6 Aug 2020 05:17:01 +0000 (17:17 +1200)]
lzxpress: avoid technically undefined shift
UBSAN:
runtime error: left shift of 1 by 31 places cannot be represented in type 'int'
Credit to OSS-fuzz.
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22283
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Aug 31 22:31:13 UTC 2020 on sn-devel-184
Douglas Bagnall [Thu, 6 Aug 2020 05:10:30 +0000 (17:10 +1200)]
lib/util/asn1: avoid technically undefined shift
UBSAN says
runtime error: left shift of 255 by 24 places cannot be represented in type 'int'
Credit to OSS-Fuzz.
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22889
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Gary Lockyer [Thu, 27 Aug 2020 01:50:16 +0000 (13:50 +1200)]
Fix clang 9 format-nonliteral warning
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Noel Power [Mon, 27 Jul 2020 15:58:31 +0000 (16:58 +0100)]
python/samba/tests/blackbox: Tests with nested DFS container
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Aug 31 19:09:24 UTC 2020 on sn-devel-184
Noel Power [Fri, 24 Jul 2020 14:32:11 +0000 (15:32 +0100)]
s3/utils: restore client share connection after call to sec_desc_parse
This normally isn't a problem *except* for when the share is a dfs root
(which results in cli_resolve_patch creating an incorrect path)
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Noel Power [Fri, 24 Jul 2020 13:50:57 +0000 (14:50 +0100)]
s3/utils: If dfs path is an ordinary path then really just return it
In cli_resolve_path if the share was a root dfs share then any self
hosted dfs paths end up not being returned as is but being decorated
with fileserver and share. This file path is not suitable for
passing to cli_list so we adjust it here.
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Noel Power [Fri, 3 Jul 2020 10:55:44 +0000 (10:55 +0000)]
python/samba/tests/blackbox: python smbcacls '--propagate-inherit' test
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Noel Power [Fri, 15 Nov 2013 11:53:35 +0000 (11:53 +0000)]
doc: describe smbcacls --propagate-inheritance expanding INHERITANCE section
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Disseldorp [Thu, 14 Nov 2013 18:38:19 +0000 (19:38 +0100)]
doc: describe smbcacls --propagate-inheritance
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Noel Power [Thu, 14 Nov 2013 17:45:07 +0000 (17:45 +0000)]
add new '--propagate-inheritance' option for smbcacls
smbcacls now can take a '--propagate-inheritance' flag to indicate that the
add, delete, modify and set operations now support automatic propagation of
inheritable ACE(s)
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Noel Power [Mon, 27 Jul 2020 15:51:12 +0000 (16:51 +0100)]
python/samba/tests/blackbox: Preparatory change to support custom share
tearDown method doesn't handle local file deletion fallback if a share
other than 'tmp' is used
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Noel Power [Mon, 27 Jul 2020 16:02:28 +0000 (17:02 +0100)]
python/samba/tests:blackbox: Fix local file delete test tree fallback
Wrong indentation ensures the fallback where we use file system removal
of test files if the test's tearDown method fails.
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Noel Power [Tue, 28 Jul 2020 15:21:17 +0000 (16:21 +0100)]
python/samba/tests/blackbox: Fix undetected deltree fail
With msdfs root share smbclient deltree command can fail without
setting the errorcode (e.g. when do_list encounters an error it will
log a warning message and continue rather than error out fatally)
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Fri, 28 Aug 2020 14:28:41 +0000 (16:28 +0200)]
s3:share_mode_lock: remove unused reproducer for bug #14428
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14428
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Aug 31 13:34:17 UTC 2020 on sn-devel-184
Stefan Metzmacher [Fri, 28 Aug 2020 14:28:41 +0000 (16:28 +0200)]
s3:share_mode_lock: make sure share_mode_cleanup_disconnected() removes the record
This fixes one possible trigger for "PANIC: assert failed in get_lease_type()"
https://bugzilla.samba.org/show_bug.cgi?id=14428
This is no longer enough to remove the record:
d->have_share_modes = false;
d->modified = true;
Note that we can remove it completely from
share_mode_cleanup_disconnected() as
share_mode_forall_entries() already sets it
when there are no entries left.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14428
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Stefan Metzmacher [Fri, 28 Aug 2020 13:56:35 +0000 (15:56 +0200)]
s3:share_mode_lock: add missing 'goto done' in share_mode_cleanup_disconnected()
When cleanup_disconnected_lease() fails we should stop,
at least we do that if brl_cleanup_disconnected() fails.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14428
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Stefan Metzmacher [Fri, 28 Aug 2020 13:56:35 +0000 (15:56 +0200)]
s3:share_mode_lock: consistently debug share_mode_entry records
share_mode_entry_do(), share_mode_forall_entries() and
share_entry_forall() print the record before the callback is called
and when it was modified or deleted.
This makes it much easier to debug problems.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14428
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Stefan Metzmacher [Fri, 28 Aug 2020 13:56:35 +0000 (15:56 +0200)]
s3:share_mode_lock: let share_mode_forall_entries/share_entry_forall evaluate e.stale first
It's not really clear why e.stale would be ignored if *modified is set
to true.
This matches the behavior of share_mode_entry_do()
This also makes sure we see the removed entry in level 10 logs again.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14428
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Stefan Metzmacher [Fri, 28 Aug 2020 12:37:59 +0000 (14:37 +0200)]
s3:share_mode_lock: reproduce problem with stale disconnected share mode entries
This reproduces the origin of "PANIC: assert failed in get_lease_type()"
(https://bugzilla.samba.org/show_bug.cgi?id=14428).
share_mode_cleanup_disconnected() removes disconnected entries from
leases.tdb and brlock.tdb but not from locking.tdb.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14428
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Stefan Metzmacher [Fri, 28 Aug 2020 13:33:43 +0000 (15:33 +0200)]
s3:selftest: also run durable_v2_reconnect_delay_msec in samba3.blackbox.durable_v2_delay
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14428
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Matthew DeVore [Fri, 7 Aug 2020 20:27:39 +0000 (13:27 -0700)]
lib/util: remove extra safe_string.h file
lib/util/safe_string.h is similar to source3/include/safe_string.h, but
the former has fewer checks. It is missing bcopy, strcasecmp, and
strncasecmp.
Add the missing elements to lib/util/safe_string.h remove the other
safe_string.h which is in the source3-specific path. To accomodate
existing uses of str(n?)casecmp, add #undef lines to source files where
they are used.
Signed-off-by: Matthew DeVore <matvore@google.com>
Reviewed-by: David Mulder <dmulder@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Aug 28 02:18:40 UTC 2020 on sn-devel-184
Matthew DeVore [Fri, 7 Aug 2020 18:17:34 +0000 (11:17 -0700)]
s3: safe_string: do not include string_wrappers.h
Rather than have safe_string.h #include string_wrappers.h, make users of
string_wrappers.h include it explicitly.
includes.h now no longer includes string_wrappers.h transitively. Still
allow includes.h to #include safe_string.h for now so that as many
modules as possible get the safety checks in it.
Signed-off-by: Matthew DeVore <matvore@google.com>
Reviewed-by: David Mulder <dmulder@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Matthew DeVore [Fri, 7 Aug 2020 18:14:57 +0000 (11:14 -0700)]
string_wrappers: include replace.h
To ensure we always get the right value for the config.h macro
`HAVE_COMPILER_WILL_OPTIMIZE_OUT_FNS`, #include "lib/util/replace.h"
rather than rely on it being included by the API user.
Signed-off-by: Matthew DeVore <matvore@google.com>
Reviewed-by: David Mulder <dmulder@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Matthew DeVore [Fri, 7 Aug 2020 18:27:53 +0000 (11:27 -0700)]
lib/util: do not make string_wrappers.h public
string_wrappers.h is a collection of macros. All but one of the macros
rely on symbols not defined in public headers, so it is not useful as a
public header.
For instance, fstring is defined in includes.h. PTR_DIFF is defined in
lib/util/memory.h, which is not public.
checked_strlcpy is actually self-contained and is usable outside of a
Samba build, but without a Samba config.h, it is just aliased to
strlcpy.
Signed-off-by: Matthew DeVore <matvore@google.com>
Reviewed-by: David Mulder <dmulder@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Matthew DeVore [Thu, 6 Aug 2020 22:42:46 +0000 (15:42 -0700)]
s3: safe_string: remove unnecessary include
safe_string.h is only included by source3/include/includes.h, which
already includes ntstatus.h, so it is not necessary to include it
from within safe_string.h.
Signed-off-by: Matthew DeVore <matvore@google.com>
Reviewed-by: David Mulder <dmulder@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Thu, 2 Apr 2020 12:16:10 +0000 (14:16 +0200)]
s3:smbd: Fix strict aliasing in get_socket_port()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Aug 27 21:59:17 UTC 2020 on sn-devel-184
David Mulder [Wed, 19 Aug 2020 17:27:26 +0000 (11:27 -0600)]
GPO: Add rsop output for Messages policy
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): David Mulder <dmulder@samba.org>
Autobuild-Date(master): Thu Aug 27 17:19:48 UTC 2020 on sn-devel-184
David Mulder [Wed, 19 Aug 2020 17:25:57 +0000 (11:25 -0600)]
GPO: Test rsop output for Messages policy
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
David Mulder [Wed, 8 Jul 2020 21:30:25 +0000 (15:30 -0600)]
gpo: Apply Group Policy Login Prompt Message
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
David Mulder [Thu, 9 Jul 2020 15:53:34 +0000 (09:53 -0600)]
gpo: Test Group Policy Login Prompt Message
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
David Mulder [Wed, 8 Jul 2020 21:29:42 +0000 (15:29 -0600)]
gpo: Apply Group Policy Message of the day
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
David Mulder [Thu, 9 Jul 2020 14:39:41 +0000 (08:39 -0600)]
gpo: Test Group Policy Message of the day
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
David Mulder [Wed, 19 Aug 2020 20:23:37 +0000 (14:23 -0600)]
GPO: Add rsop output for smb.conf policy
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
David Mulder [Wed, 19 Aug 2020 19:02:48 +0000 (13:02 -0600)]
GPO: Test rsop output for smb.conf policy
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
David Mulder [Wed, 18 Jul 2018 17:34:09 +0000 (11:34 -0600)]
gpo: Add CSE for applying smb.conf
Add an extension that applies smb.conf params
applied via the smb.conf admx files.
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
David Mulder [Wed, 25 Jul 2018 21:24:35 +0000 (15:24 -0600)]
gpo: Test Group Policy smb.conf Extension
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
David Mulder [Tue, 17 Jul 2018 19:15:38 +0000 (13:15 -0600)]
gpo: Add admx files for smb.conf parameters
Administrative Template (admx) files are
installed to the sysvol central store, and
apply Group Policy settings to the sysvol, via
the Group Policy Management Console (gpmc).
These admx files add smb.conf settings to the
gpmc.
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
David Mulder [Fri, 7 Aug 2020 20:15:30 +0000 (14:15 -0600)]
gpo: gp_krb_ext always uses set_kdc_tdb to update
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
David Mulder [Fri, 7 Aug 2020 20:09:27 +0000 (14:09 -0600)]
gpo: Move gp_sec_ext conversion functions to top
These functions don't actually use self, so can
be moved to top level functions.
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
David Mulder [Fri, 7 Aug 2020 17:09:17 +0000 (11:09 -0600)]
gpo: Display Security Extension RSOP on ADDC only
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
David Mulder [Thu, 6 Aug 2020 23:25:47 +0000 (17:25 -0600)]
gpo: Fix unapply failure when multiple extensions run
When multiple Group Policy Extensions are present,
only the last executed extension saves it's
changes to the Group Policy Database, due to the
database being loaded seperately for each
extension.
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
David Mulder [Thu, 6 Aug 2020 21:41:13 +0000 (15:41 -0600)]
gpo: Test multiple extention unapply
Verify that an unapply of multiple extentions
deletes the script files and policy settings.
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
David Mulder [Fri, 7 Aug 2020 19:44:55 +0000 (13:44 -0600)]
gpo: Sudoers ext should not crash if policy missing
If a user has manually removed a policy, the
extension should not crash in an unapply removing
it.
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
David Mulder [Fri, 7 Aug 2020 19:39:18 +0000 (13:39 -0600)]
gpo: Script ext should not crash if script missing
If a user has manually removed a script, the
extension should not crash in an unapply removing
it.
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
David Mulder [Fri, 7 Aug 2020 19:59:32 +0000 (13:59 -0600)]
gpo: Cleanup sudoers policy test
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
David Mulder [Fri, 7 Aug 2020 19:58:34 +0000 (13:58 -0600)]
gpo: Cleanup script policy test
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
David Mulder [Thu, 6 Aug 2020 21:18:16 +0000 (15:18 -0600)]
gpo: Avoid using distutils since it will be deprecated
We shouldn't use distutils.spawn.find-executable
here, since its use is discouraged:
https://docs.python.org/3/library/distutils.html
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
David Mulder [Thu, 6 Aug 2020 19:30:36 +0000 (13:30 -0600)]
gpo: Clarify the contents of deleted_gpo_list in process_group_policy
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
David Mulder [Thu, 6 Aug 2020 18:44:41 +0000 (12:44 -0600)]
gpo: Add rsop output for Sudoers policy
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
David Mulder [Thu, 6 Aug 2020 20:53:02 +0000 (14:53 -0600)]
gpo: Test rsop output for Sudoers policy
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
David Mulder [Thu, 6 Aug 2020 18:38:14 +0000 (12:38 -0600)]
Add WHATSNEW section on Client Group Policy
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Jeremy Allison [Wed, 26 Aug 2020 19:41:27 +0000 (12:41 -0700)]
s3: libsmb: Remove one more ugly sockaddr cast in resolve_name_list() by converting to samba_sockaddr.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Aug 27 08:16:37 UTC 2020 on sn-devel-184
Jeremy Allison [Wed, 26 Aug 2020 19:35:42 +0000 (12:35 -0700)]
s3: libsmb: Inside get_dc_list() move one more sockaddr_storage -> samba_sockaddr.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Andreas Schneider [Tue, 25 Aug 2020 15:39:18 +0000 (17:39 +0200)]
third_party: Update resolv_wrapper to version 1.1.7
This fixes some Samba tests which redirect stderr to stdout and then get
more messages than expected.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Aug 26 09:59:28 UTC 2020 on sn-devel-184
Andreas Schneider [Tue, 25 Aug 2020 06:28:00 +0000 (08:28 +0200)]
selftest: Catch exception from dns_hub.py
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
Rowland Penny [Tue, 25 Aug 2020 12:19:28 +0000 (13:19 +0100)]
docs-xml: pam_winbind manpage: grammar and typos
Signed-off-by: Rowland Penny <rpenny@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Aug 26 04:44:51 UTC 2020 on sn-devel-184
Andrew Bartlett [Wed, 26 Aug 2020 00:50:00 +0000 (12:50 +1200)]
oss-fuzz: Ensure a UTF8 locale is set for the samba build
This ensures that LANG=en_US.UTF8 is set, which
Samba's build system needs to operate in UTF8 mode.
The change to use flex to generate code meant that this
difference between GitLab CI and oss-fuzz was exposed.
REF: https://github.com/google/oss-fuzz/pull/4366
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Aug 26 03:20:46 UTC 2020 on sn-devel-184
Andrew Bartlett [Wed, 26 Aug 2020 00:47:04 +0000 (12:47 +1200)]
oss-fuzz: Try harder to ensure we always fail fast
During a previous attempt to fix the LANG= issue I changed
the script invocation to be via a shell, so the set -x et al
ensures these are always in place and we fail fast
rather than failures only being detected by lack of output.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Jeremy Allison [Mon, 24 Aug 2020 22:35:32 +0000 (15:35 -0700)]
s3: libsmb: Cleanup - remove an ugly sockaddr_in cast inside resolve_wins_send().
Use samba_sockaddr for its intended purpose.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Aug 25 17:43:17 UTC 2020 on sn-devel-184
Jeremy Allison [Mon, 24 Aug 2020 19:11:33 +0000 (12:11 -0700)]
s3: libads: Cleanup - Remove two more ugly const struct sockaddr * casts in get_kdc_ip_string().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>
Jeremy Allison [Mon, 24 Aug 2020 19:04:16 +0000 (12:04 -0700)]
s3: libsmb: Cleanup - Pass samba_sockaddr directly to nb_trans_send().
Saves an ugly internal cast. We know this must be AF_INET.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>
Jeremy Allison [Mon, 24 Aug 2020 19:00:29 +0000 (12:00 -0700)]
s3: libsmb: Cleanup - Remove a union in sock_packet_read_got_socket() that was an early attempt a samba_sockaddr.
Just use samba_sockaddr.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>
Jeremy Allison [Mon, 24 Aug 2020 18:57:59 +0000 (11:57 -0700)]
s3: libsmb: Cleanup - Remove the last two sockaddr casts in namequery.c in name_query_validator().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>
Jeremy Allison [Mon, 24 Aug 2020 18:54:26 +0000 (11:54 -0700)]
s3: libsmb: Cleanup - Remove two more sockaddr casts inside remove_duplicate_addrs2().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>
Jeremy Allison [Mon, 24 Aug 2020 18:49:25 +0000 (11:49 -0700)]
s3: libsmb: Cleanup - Use samba_sockaddr as intended in resolve_name() to make ugly casts go away.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>
Jeremy Allison [Mon, 24 Aug 2020 18:32:52 +0000 (11:32 -0700)]
s3: libsmb: Cleanup - convert addr_compare() to using samba_sockaddr internally.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>
Jeremy Allison [Mon, 24 Aug 2020 18:26:23 +0000 (11:26 -0700)]
s3: libsmb: Cleanup - make name_query_send() use samba_sockaddr internally.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>
Jeremy Allison [Mon, 24 Aug 2020 18:23:53 +0000 (11:23 -0700)]
s3: libsmb: Cleanup - make name_status_lmhosts() use samba_sockaddr internally.
Use existing utility function instead of direct memcmp.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>
Jeremy Allison [Mon, 24 Aug 2020 18:19:29 +0000 (11:19 -0700)]
s3: libsmb: Cleanup - make node_status_query_send() use samba_sockaddr internally.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>
Jeremy Allison [Mon, 24 Aug 2020 18:16:11 +0000 (11:16 -0700)]
s3: libsmb: Cleanup - Longlines cleanup for README.Coding standards.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>
Jeremy Allison [Mon, 24 Aug 2020 18:12:03 +0000 (11:12 -0700)]
s3: libsmb: Cleanup - change parameter and callers of set_socket_addr_v4() to samba_sockaddr.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>
Jeremy Allison [Mon, 24 Aug 2020 18:05:11 +0000 (11:05 -0700)]
s3: libsmb: Cleanup - Remove one call to set_socket_addr_v4().
The stack variable sockaddr_storage ss wasn't being used at all.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>
Mathieu Parent [Thu, 25 Jun 2020 07:48:04 +0000 (09:48 +0200)]
Fix FTBFS / Increase the over-estimation for sparse files
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14418
Signed-off-by: Mathieu Parent <math.parent@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Aug 25 04:23:19 UTC 2020 on sn-devel-184
Christof Schmitt [Tue, 18 Aug 2020 19:48:09 +0000 (12:48 -0700)]
lib/util: Move cleanup for unit test in teardown function
Where to call rmdir does not matter, but that should avoid the TOCTOU
warning from CID
1466194 and might be slightly cleaner.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Aug 24 03:10:09 UTC 2020 on sn-devel-184
Christof Schmitt [Tue, 18 Aug 2020 16:29:28 +0000 (09:29 -0700)]
lib/util: Remove wrong return statement in unit test
Fixes CID
1466195
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Christof Schmitt [Tue, 18 Aug 2020 18:14:47 +0000 (11:14 -0700)]
lib/util: Fix cleanup in unit test
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Christof Schmitt [Tue, 18 Aug 2020 16:28:12 +0000 (09:28 -0700)]
lib/util: Remove unnecessary semicolon from wscript_build
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
David Mulder [Thu, 20 Aug 2020 21:51:47 +0000 (15:51 -0600)]
python compat: remove ConfigParser
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>