Stefan Metzmacher [Thu, 10 Feb 2022 14:08:47 +0000 (15:08 +0100)]
s4:dsdb/descriptor: pass parent guid to dsdb_module_schedule_sd_propagation()
This is preparation to optimize the security descriptor propagation
in the following commits.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 10 Feb 2022 13:36:28 +0000 (14:36 +0100)]
s4:dsdb/descriptor: skip duplicates in descriptor_extended_sec_desc_propagation()
During replication we may need to fallback to using DRS_GET_TGT,
which means that we'll get a lot of objects more than once,
the most important one it the partition root object.
It means we'll also do the security descriptor propagation more than
once for these objects, which is extrememly costly for the partition
root objects and other objects near the root.
I analyzed a domain where we collected ~ 50000 descriptor_changes
registrations for the initial replication of ~ 22000 objects
in the database.
For that domain we spend ~ 4 hours for the security descriptor
propagation in descriptor_prepare_commit(), while the replication
itself was finished in less than 2 minutes.
With this change we reduce the number of registered/processed
descriptor_changes down to ~ 22000, while is reduces the time
from ~ 4 hours to just ~ 3 minutes 20 seconds!
The statitics changed from:
descriptor_prepare_commit: changes: num_registered=50000
descriptor_prepare_commit: changes: num_processed=50000
descriptor_prepare_commit: objects: num_processed=
12000000
to:
descriptor_prepare_commit: changes: num_registrations=50000
descriptor_prepare_commit: changes: num_registered=22000
descriptor_prepare_commit: changes: num_processed=22000
descriptor_prepare_commit: objects: num_processed=80800
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 10 Feb 2022 15:20:51 +0000 (16:20 +0100)]
s4:dsdb/descriptor: add statistics for security descriptor propagation
In order to analyze the security descriptor propagation we remember
how much work we registered/processed.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 10 Feb 2022 13:33:15 +0000 (14:33 +0100)]
s4:dsdb/descriptor: split out struct descriptor_transaction
This will make it easier to add more details to the per transaction
state.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 10 Feb 2022 15:57:01 +0000 (16:57 +0100)]
python/join: improve logging of join_replicate()
It's useful to have timestamps to see the
time used for replication and committing.
We also warn the user that the committing stage
may take some time.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Mon, 28 Mar 2022 11:00:03 +0000 (13:00 +0200)]
wafsamba: require PYTHONHASHSEED=1 to be exported
This avoids a lot of trouble with random build failures,
if people try to use waf directly.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Mar 29 23:31:38 UTC 2022 on sn-devel-184
Stefan Metzmacher [Mon, 28 Mar 2022 10:38:36 +0000 (12:38 +0200)]
ctdb/packaging/RPM: don't use waf directly
./configure && make && make install is will always work.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Mon, 28 Mar 2022 10:59:12 +0000 (12:59 +0200)]
configure/Makefile: export PYTHONHASHSEED=1 in all 'configure/Makefile' scripts
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Mon, 28 Mar 2022 10:50:55 +0000 (12:50 +0200)]
wafsamba: let test_duplicate_symbol.sh export PYTHONHASHSEED=1
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Mon, 28 Mar 2022 10:49:50 +0000 (12:49 +0200)]
s4:selftest/provisions: make use of 'make testenv' and avoid direct waf
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Mon, 28 Mar 2022 10:49:24 +0000 (12:49 +0200)]
lib/fuzzing/README.md: don't use waf directly
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Mon, 28 Mar 2022 10:38:02 +0000 (12:38 +0200)]
buildtools: remove unused testwaf.sh
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Volker Lendecke [Fri, 11 Feb 2022 15:59:30 +0000 (16:59 +0100)]
smbd: Don't NULL out "::$DATA"
Slight simplification now possible after introducing and using
fsp_is_alternate_stream() almost everywhere.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Mar 29 22:24:38 UTC 2022 on sn-devel-184
Volker Lendecke [Fri, 11 Feb 2022 10:12:31 +0000 (11:12 +0100)]
smbd: Don't NULL out the "::$DATA" in openat_pathref_fsp()
Slight simplification now possible after introducing and using
fsp_is_alternate_stream() almost everywhere.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 28 Mar 2022 14:49:25 +0000 (16:49 +0200)]
smbd: Simplify reply_rmdir()
We don't need to check this here, create_file_default and callees take
care of this.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 28 Mar 2022 14:49:04 +0000 (16:49 +0200)]
smbd: Add a DEBUG to create_file_unixpath()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 28 Mar 2022 13:11:48 +0000 (15:11 +0200)]
smbd: Fix create_file_unixpath()'s stream handling
Make create_file_unixpath() robust against callers explicitly passing
in ":$DATA" as a stream name indicating the default stream. Right now
we NULL this out in callers, but this might change in the future.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 25 Mar 2022 14:18:44 +0000 (15:18 +0100)]
lib: GENCACHE_RAM isn't used anymore
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 24 Mar 2022 14:43:53 +0000 (15:43 +0100)]
smbd: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andrew Bartlett [Thu, 24 Mar 2022 23:18:01 +0000 (12:18 +1300)]
s4-auth: Remove last traces of LanMan authentiation support in the AD DC.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Mar 29 03:32:57 UTC 2022 on sn-devel-184
Andrew Bartlett [Wed, 23 Mar 2022 02:10:23 +0000 (15:10 +1300)]
s4-auth: Only build auth_developer module in developer mode
This is a silly module for provoking NTSTATUS replies for testing and
was useful many moons ago for determining the NTSTATUS -> DOS table that
windows uses.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Wed, 16 Mar 2022 03:27:54 +0000 (16:27 +1300)]
s4-auth: Do not trigger RODC replication unless missing all passwords
With the NT hash becoming optional we cannot make blind assumptions that
a missing value means we are on an RODC needing the password replicated.
Instead, check for supplementalCredentials as well.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Wed, 16 Mar 2022 02:19:54 +0000 (15:19 +1300)]
s4-auth: Remove unused acct_flags parameter
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Sun, 27 Mar 2022 22:16:51 +0000 (11:16 +1300)]
waf: Document the confusing --nonshared-binary, --builtin-libraries, --private-libraries and --bundled-libraries
These options are confusing to all who encounter them.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=8731
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Mar 28 10:06:01 UTC 2022 on sn-devel-184
Christof Schmitt [Mon, 21 Mar 2022 16:26:41 +0000 (09:26 -0700)]
vfs_gpfs: Initialize litemask to 0
The change from commit
fb13c7c94f to query exact values for atime,
mtime, ctime and size is not necessary, as none of these are used in
this codepath. Initiale litemask to 0 instead.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15027
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Mon Mar 28 09:10:58 UTC 2022 on sn-devel-184
Joseph Sutton [Wed, 23 Feb 2022 22:05:57 +0000 (11:05 +1300)]
samba-tool: Check specified domain and realm against our own
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Mar 28 03:11:51 UTC 2022 on sn-devel-184
Joseph Sutton [Wed, 23 Feb 2022 21:07:35 +0000 (10:07 +1300)]
samba-tool: Return correct result for _get_user_realm_domain()
We were returning the realm and the domain in the wrong order.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 21 Feb 2022 01:58:47 +0000 (14:58 +1300)]
samba-tool delegation: Clarify msDS-AllowedToDelegateTo delegation command documentation
This makes the difference between msDS-AllowedToDelegateTo and
msDS-AllowedToActOnBehalfOfOtherIdentity more clear.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14954
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 21 Feb 2022 01:58:30 +0000 (14:58 +1300)]
samba-tool delegation: Add commands to add/remove principals for RBCD
These commands allow updating the
msDS-AllowedToActOnBehalfOfOtherIdentity attribute with principals
allowed to delegate to an account.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14954
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 21 Feb 2022 02:07:50 +0000 (15:07 +1300)]
samba-tool delegation show: Display information for RBCD
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14954
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 21 Feb 2022 01:56:45 +0000 (14:56 +1300)]
samba-tool delegation: Add function to display security descriptor for RBCD
We also check some features of the security descriptor, and display
warnings if they are not as expected.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14954
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Sat, 26 Mar 2022 07:42:21 +0000 (08:42 +0100)]
s4:selftest: Remove ad_dc_ntvfs env from several tests
It doesn't make sense to run tests against ad_dc and ad_dc_ntvfs in
those cases.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Tue, 25 Jan 2022 18:35:06 +0000 (19:35 +0100)]
testprogs: A PKINIT PAC test which runs against Heimdal and MIT Kerberos
There is no need to specify the enctype and it isn't supported by MIT Kerberos
anyway.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Mar 25 21:54:11 UTC 2022 on sn-devel-184
Andreas Schneider [Fri, 18 Mar 2022 10:05:23 +0000 (11:05 +0100)]
testprogs: Manually reformat test_pkinit_pac.sh
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Fri, 18 Mar 2022 10:04:19 +0000 (11:04 +0100)]
testprogs: Reformat test_pkinit_pac.sh with shfmt
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Thu, 17 Mar 2022 13:33:52 +0000 (14:33 +0100)]
testprogs: Rename test_pkinit_pac_heimdal.sh
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Thu, 24 Mar 2022 00:04:54 +0000 (13:04 +1300)]
testprogs: A PKINIT test which runs against Heimdal and MIT Kerberos
There is no need to specify the enctype and it isn't supported with MIT
Kerberos.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Thu, 24 Mar 2022 12:50:49 +0000 (13:50 +0100)]
testprogs: Remove the usage of enctype in test_pkinit_simple.sh
This is not needed anymore and the default is AES in the meantime.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Wed, 23 Mar 2022 23:53:28 +0000 (12:53 +1300)]
testprogs: Change from $foo to "${foo}" variable style
This is selected from and to improve the understanding of:
testprogs: A PKINIT test which runs against Heimdal and MIT Kerberos
There is no need to specify the enctype and it isn't supported with MIT
Kerberos.
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Andreas Schneider [Fri, 18 Mar 2022 09:26:46 +0000 (10:26 +0100)]
testprogs: Manually reformat testit commands in test_pkinit_simple.sh
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Fri, 18 Mar 2022 09:21:20 +0000 (10:21 +0100)]
testprogs: Fix calculating failed in test_pkinit_simple.sh
We only want to increase it if a test is failing. If something is expected to
fail, we should not count that as failed.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Fri, 18 Mar 2022 09:20:27 +0000 (10:20 +0100)]
testprogs: Format test_pkinit_simple.sh with shfmt
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Thu, 17 Mar 2022 13:28:26 +0000 (14:28 +0100)]
testprogs: Rename test_pkinit_heimdal.sh
We want one common test which works against Heimdal and MIT Kerberos.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Thu, 17 Mar 2022 12:57:21 +0000 (13:57 +0100)]
testprogs: Fix kerberos_kinit with additional options
The additional options need to come before we specify the principal
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Mon, 24 Jan 2022 18:47:16 +0000 (19:47 +0100)]
selftest: Setup PKINIT for MIT Kerberos
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Wed, 19 Jan 2022 11:49:45 +0000 (12:49 +0100)]
s4:kdc: Add Smart Card and file based PKINIT support
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Tue, 25 Jan 2022 18:39:56 +0000 (19:39 +0100)]
s4:tests: Run Heimdal PKINIT tests only against ad_dc env
There is not difference kerberos-wise between those two envs.
This reverts
661e1a229e85f566c5fc5d43ea03fbb29847439a.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Thu, 20 Jan 2022 07:46:55 +0000 (08:46 +0100)]
s4:kdc: If we set the kerberos debug level to 10 write a trace file
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Thu, 24 Feb 2022 11:18:18 +0000 (12:18 +0100)]
s4:kdc: Remove trailing white spaces in kdc-service-mit.c
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Tue, 18 Jan 2022 08:24:44 +0000 (09:24 +0100)]
s4:kdc: Improve debug message of samba_kdc_fetch_server()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Thomas Debesse [Wed, 22 Sep 2021 17:09:02 +0000 (19:09 +0200)]
s4: dns: Add customizable dns port option
Signed-off-by: Thomas Debesse <dev@illwieckz.net>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Mar 25 20:25:28 UTC 2022 on sn-devel-184
Ralph Boehme [Thu, 24 Mar 2022 17:31:59 +0000 (18:31 +0100)]
smbd: expand DEBUG statement in smbd_dirptr_get_entry() to include the dir and direntry name
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Mar 25 19:05:06 UTC 2022 on sn-devel-184
Samuel Cabrero [Wed, 9 Mar 2022 11:11:00 +0000 (12:11 +0100)]
examples: Update winbindd.stp and its generator script
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Mar 25 17:57:18 UTC 2022 on sn-devel-184
Samuel Cabrero [Wed, 16 Feb 2022 12:41:05 +0000 (13:41 +0100)]
s3:winbind: Convert Ping parent/child call to NDR
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Samuel Cabrero [Wed, 9 Mar 2022 10:56:33 +0000 (11:56 +0100)]
s3:winbind: Return NTSTATUS from wbint_Ping() RPC function
There are no users of this function but the next commit will convert the
struct-based WINBINDD_PING call to a local RPC wbint_Ping() call.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Samuel Cabrero [Wed, 9 Mar 2022 16:44:17 +0000 (17:44 +0100)]
s3:winbind: Convert wcache_opnum_cacheable() to a whitelist
It avoids having to explicitly blacklist new DCE/RPC calls.
This is the current list of non cacheable calls:
NDR_WBINT_PING
NDR_WBINT_QUERYSEQUENCENUMBER
NDR_WBINT_ALLOCATEUID
NDR_WBINT_ALLOCATEGID
NDR_WBINT_CHECKMACHINEACCOUNT
NDR_WBINT_CHANGEMACHINEACCOUNT
NDR_WBINT_PINGDC
NDR_WBINT_LISTTRUSTEDDOMAINS
It includes the ListTrustedDomains call recently converted to a local
RPC call.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
David Mulder [Wed, 2 Mar 2022 09:23:51 +0000 (02:23 -0700)]
samba-gpupdate: Implement enhanced logging
This ports the enhanced logging capabilities from
AltLinux gpupdate. It generates log messages such
as:
2022-03-02 11:28:54.872|[E40104]| Failed to set interfaces for zone | {'val': 'work'}
2022-03-02 11:28:55.017|[E40104]| Failed to set interfaces for zone | {'val': 'home'}
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Mar 24 23:40:47 UTC 2022 on sn-devel-184
Jeremy Allison [Fri, 18 Mar 2022 19:30:27 +0000 (12:30 -0700)]
s3: smbd: smbd_smb2_setinfo_send(). All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
If doing an SMB_VFS_FSTAT() returning onto the stat struct stored in the fsp,
we must call vfs_stat_fsp() as this preserves the iflags.
This is the last SMB_VFS_FSTAT that uses fsp->fsp_name->st, so
remove knownfail.d/durable-v2-setinfo
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15022
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Mar 24 17:21:29 UTC 2022 on sn-devel-184
Jeremy Allison [Fri, 18 Mar 2022 18:45:50 +0000 (11:45 -0700)]
s3: smbd: smbd_smb2_getinfo_send(). All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
If doing an SMB_VFS_FSTAT() returning onto the stat struct stored in the fsp,
we must call vfs_stat_fsp() as this preserves the iflags.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15022
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Fri, 18 Mar 2022 22:04:34 +0000 (15:04 -0700)]
s3: cmd_vfs: cmd_set_nt_acl(). All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
If doing an SMB_VFS_FSTAT() returning onto the stat struct stored in the fsp,
we must call vfs_stat_fsp() as this preserves the iflags.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15022
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Fri, 18 Mar 2022 22:01:52 +0000 (15:01 -0700)]
s3: cmd_vfs: cmd_open(). All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
If doing an SMB_VFS_FSTAT() returning onto the stat struct stored in the fsp,
we must call vfs_stat_fsp() as this preserves the iflags.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15022
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Fri, 18 Mar 2022 21:57:13 +0000 (14:57 -0700)]
s3: pysmbd.c: init_files_struct(). All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
If doing an SMB_VFS_FSTAT() returning onto the stat struct stored in the fsp,
we must call vfs_stat_fsp() as this preserves the iflags.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15022
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Fri, 18 Mar 2022 19:27:53 +0000 (12:27 -0700)]
s3: smbd: call_trans2setfilepathinfo(). All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
If doing an SMB_VFS_FSTAT() returning onto the stat struct stored in the fsp,
we must call vfs_stat_fsp() as this preserves the iflags.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15022
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Fri, 18 Mar 2022 19:26:27 +0000 (12:26 -0700)]
s3: smbd: call_trans2qfilepathinfo(). All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
If doing an SMB_VFS_FSTAT() returning onto the stat struct stored in the fsp,
we must call vfs_stat_fsp() as this preserves the iflags.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15022
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Fri, 18 Mar 2022 19:24:27 +0000 (12:24 -0700)]
s3: smbd: rename_internals_fsp(). All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
If doing an SMB_VFS_FSTAT() returning onto the stat struct stored in the fsp,
we must call vfs_stat_fsp() as this preserves the iflags.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15022
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Fri, 18 Mar 2022 19:22:26 +0000 (12:22 -0700)]
s3: smbd: mkdir_internal(). 2 of 2. All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
If doing an SMB_VFS_FSTAT() returning onto the stat struct stored in the fsp,
we must call vfs_stat_fsp() as this preserves the iflags.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15022
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Fri, 18 Mar 2022 19:19:44 +0000 (12:19 -0700)]
s3: smbd: mkdir_internal(). 1 of 2. All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
If doing an SMB_VFS_FSTAT() returning onto the stat struct stored in the fsp,
we must call vfs_stat_fsp() as this preserves the iflags.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15022
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Fri, 18 Mar 2022 19:11:23 +0000 (12:11 -0700)]
s3: smbd: open_file(). All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
If doing an SMB_VFS_FSTAT() returning onto the stat struct stored in the fsp,
we must call vfs_stat_fsp() as this preserves the iflags.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15022
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Fri, 18 Mar 2022 19:09:43 +0000 (12:09 -0700)]
s3: smbd: non_widelink_open(). All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
If doing an SMB_VFS_FSTAT() returning onto the stat struct stored in the fsp,
we must call vfs_stat_fsp() as this preserves the iflags.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15022
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Fri, 18 Mar 2022 19:02:35 +0000 (12:02 -0700)]
s3: smbd: open_internal_dirfsp(). All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
If doing an SMB_VFS_FSTAT() returning onto the stat struct stored in the fsp,
we must call vfs_stat_fsp() as this preserves the iflags.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15022
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Fri, 18 Mar 2022 19:00:15 +0000 (12:00 -0700)]
s3: smbd: open_internal_dirfsp() add missing file_free() in error path.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15022
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Fri, 18 Mar 2022 18:56:53 +0000 (11:56 -0700)]
s3: smbd: mdssvc: All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
If doing an SMB_VFS_FSTAT() returning onto the stat struct stored in the fsp,
we must call vfs_stat_fsp() as this preserves the iflags.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15022
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Fri, 18 Mar 2022 18:51:00 +0000 (11:51 -0700)]
s3: VFS: vxfs: All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
If doing an SMB_VFS_FSTAT() returning onto the stat struct stored in the fsp,
we must call vfs_stat_fsp() as this preserves the iflags.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15022
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Fri, 18 Mar 2022 18:41:48 +0000 (11:41 -0700)]
s3: smbd: In set_ea_dos_attribute(), if we've stored btime and set XATTR_DOSINFO_CREATE_TIME successfully, we need to clear ST_EX_IFLAG_CALCULATED_BTIME.
This is no longer a calculated field, every call to fdos_mode() will
set it as non-calculated.
https://bugzilla.samba.org/show_bug.cgi?id=15022
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Fri, 18 Mar 2022 18:40:04 +0000 (11:40 -0700)]
s3: smbd: In set_ea_dos_attribute() cause root fallback code to exit via the same place.
We're going to add another action on success next.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15022
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Fri, 18 Mar 2022 21:52:02 +0000 (14:52 -0700)]
s4: torture: Add regression test for re-opening a durable handle after calling SMB2 setinfo (end of file).
This is an implementation of a test written by Apple for their
client. Currently fails to reconnect due to btime being overwritten
incorrectly in the SMB2 setinfo path.
Add knownfail.d/durable-v2-setinfo
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15022
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Andrew Bartlett [Tue, 8 Mar 2022 09:49:31 +0000 (22:49 +1300)]
s4:kdc: Expose samba_kdc_message2entry_keys()
This allows the KDC to share the supplementalCredentials parsing code
with other parts of Samba that could use it.
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Mar 24 10:17:32 UTC 2022 on sn-devel-184
Andrew Bartlett [Wed, 23 Mar 2022 00:07:29 +0000 (13:07 +1300)]
s4:kdc: Move supported enc-type handling out of samba_kdc_message2entry_keys()
By putting this in the caller we potentially allow samba_kdc_message2entry_keys()
to be reused by a non-KDC caller.
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Tue, 22 Mar 2022 21:13:54 +0000 (10:13 +1300)]
s4:kdc: Pull auth_sam_trigger_repl_secret() up one layer to samba_kdc_message2entry()
This avoids making a call out in samba_kdc_message2entry_keys() and allows
for potential reuse of the key parsing code.
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Tue, 8 Mar 2022 09:48:50 +0000 (22:48 +1300)]
s4:kdc: Add const to "msg" parameter in samba_kdc_message2entry_keys()
This will help with a future caller.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Tue, 22 Mar 2022 20:47:53 +0000 (09:47 +1300)]
s4:kdc: Pass supported enctypes to samba_kdc_set_random_keys()
We should not supprise the callers by returning more keys than we asked to
filter by and avoids duplicating the protected_users logic within
samba_kdc_set_fixed_keys().
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Tue, 22 Mar 2022 20:47:53 +0000 (09:47 +1300)]
s4:kdc: Pass supported enctypes to samba_kdc_set_fixed_keys()
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Fri, 11 Feb 2022 20:42:06 +0000 (21:42 +0100)]
s4:kdc: teach samba_kdc_message2entry_keys() to handle old and older keys too
We return the requested kvno if given, otherwise we include the
old and older keys for CLIENT|FOR_AS_REQ or SDB_F_ADMIN_DATA lookups.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14054
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Tue, 22 Mar 2022 23:41:13 +0000 (00:41 +0100)]
s4:kdc: add old and older keys to sdb_entry
This is the first step to return the password history
in order to avoid badPwdCount updates for failing
pre-authentication with passwords from the recent history.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14054
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 19 Jul 2019 11:22:48 +0000 (13:22 +0200)]
s4:kdc: pass flags and kvno down to samba_kdc_message2entry_keys()
We need a ways to ask for a specific kvno if SDB_F_KVNO_SPECIFIED
is requested. And also include the old and older keys from
the password history in the next commits.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14054
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 23 Mar 2022 03:29:20 +0000 (04:29 +0100)]
s4:kdc: finally remove unused 'struct sdb_entry_ex'
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 23 Mar 2022 03:17:01 +0000 (04:17 +0100)]
s4:kdc: avoid using sdb_entry_ex in hdb_samba4_{first,next}key()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 23 Mar 2022 03:17:01 +0000 (04:17 +0100)]
s4:kdc: avoid using sdb_entry_ex in hdb_samba4_fetch_kvno()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 23 Mar 2022 03:17:01 +0000 (04:17 +0100)]
s4:kdc: avoid using sdb_entry_ex in netr_samlogon_generic_logon()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 23 Mar 2022 03:17:01 +0000 (04:17 +0100)]
s4:kdc: avoid using sdb_entry_ex in mit_samba_get_{first,next}key()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 23 Mar 2022 03:17:01 +0000 (04:17 +0100)]
s4:kdc: avoid using sdb_entry_ex in mit_samba_get_principal()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 23 Mar 2022 03:17:01 +0000 (04:17 +0100)]
s4:kdc: avoid using sdb_entry_ex in samba_wdc_reget_pac()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 23 Mar 2022 03:17:01 +0000 (04:17 +0100)]
s4:libnet: avoid using sdb_entry_ex and use sdb_entry directly
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 23 Mar 2022 02:43:25 +0000 (03:43 +0100)]
s4:kdc: samba_kdc_{first,next}key() only need sdb_entry
sdb_entry_ex will be removed shortly.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 23 Mar 2022 02:43:25 +0000 (03:43 +0100)]
s4:kdc: samba_kdc_fetch() only needs sdb_entry
sdb_entry_ex will be removed shortly.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 23 Mar 2022 03:00:09 +0000 (04:00 +0100)]
s4:kdc: remove unused sdb_entry_ex_to_kdb_entry_ex()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 23 Mar 2022 02:57:38 +0000 (03:57 +0100)]
s4:kdc: use sdb_entry_to_krb5_db_entry() directly
We should avoid sdb_entry_ex, as it will be removed soon.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 23 Mar 2022 03:00:09 +0000 (04:00 +0100)]
s4:kdc: remove unused sdb_entry_ex_to_hdb_entry_ex()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 23 Mar 2022 02:57:38 +0000 (03:57 +0100)]
s4:kdc: use sdb_entry_to_hdb_entry() directly
We should avoid sdb_entry_ex, as it will be removed soon.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 23 Mar 2022 02:52:43 +0000 (03:52 +0100)]
s4:kdc: hdb_samba4_fetch_fast_cookie() don't need sdb_entry_ex
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>