Andreas Schneider [Thu, 13 Feb 2020 16:41:11 +0000 (17:41 +0100)]
FIXME
Andreas Schneider [Thu, 13 Feb 2020 12:48:17 +0000 (13:48 +0100)]
s3:tests: Add test for a dropbox with dir mode 0733
Note: This is currently broken in Samba and a fix will require a rewrite
of smbd with openat() and fchdir().
Signed-off-by: Andreas Schneider <asn@samba.org>
Andreas Schneider [Wed, 12 Feb 2020 15:30:01 +0000 (16:30 +0100)]
s3:tests: Add smbclient test for 'force create mode = 0664'
Signed-off-by: Andreas Schneider <asn@samba.org>
Martin Schwenke [Tue, 10 Dec 2019 01:03:10 +0000 (12:03 +1100)]
ctdb-tests: Fix getdbmap test so that it actually works sanely
* Typo in variable name db_map_pattern
* Variable num_db_init used before set
* dbmap_pattern does not cover database flags
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Wed Feb 12 04:38:47 UTC 2020 on sn-devel-184
Martin Schwenke [Wed, 11 Dec 2019 22:43:58 +0000 (09:43 +1100)]
ctdb-tests: Fix handling of --no-event-scripts option
Shellcheck noticed that pnn was never referenced. Not sure this ever
worked or whether it got broken somewhere along the way.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Wed, 11 Dec 2019 07:54:42 +0000 (18:54 +1100)]
ctdb-tests: Use a here document to improve readability
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Wed, 11 Dec 2019 07:47:29 +0000 (18:47 +1100)]
ctdb-tests: Use select_test_node()
select_test_node_and_ips() is not required in these cases.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Mon, 10 Feb 2020 22:26:58 +0000 (09:26 +1100)]
ctdb-tests: Increase to dumping up to 500 lines of logs on error
100 lines are not enough to debug a current issue.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Mon, 10 Feb 2020 06:19:36 +0000 (17:19 +1100)]
ctdb-tests: Fix return value of DB test tool delete command
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Tue, 28 Jan 2020 05:49:14 +0000 (16:49 +1100)]
ctdb-tcp: Make error handling for outbound connection consistent
If we can't bind the local end of an outgoing connection then
something has gone wrong. Retrying is better than failing into a
zombie state. The interface might come back up and/or the address my
be reconfigured.
While here, do the same thing for the other (potentially transient)
failures.
The unknown address family failure is special but just handle it via a
retry. Technically it can't happen because the node address parsing
can only return values with address family AF_INET or AF_INET6.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14274
Reported-by: 耿纪超 <gengjichao@jd.com>
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Gary Lockyer [Mon, 10 Feb 2020 21:05:08 +0000 (10:05 +1300)]
samba-tool domain join: remove sub domain join code
Remove the unused sub domain join code, the option was removed by commit
5583208aed0e4647269e48aa1d3c5c48a73001ac. This commit completely removes
the now unused code.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Feb 11 17:41:32 UTC 2020 on sn-devel-184
Volker Lendecke [Fri, 7 Feb 2020 12:47:25 +0000 (14:47 +0200)]
smbclient4: Remove unused code
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Feb 10 19:26:37 UTC 2020 on sn-devel-184
Volker Lendecke [Fri, 7 Feb 2020 12:11:13 +0000 (14:11 +0200)]
smbclient: Don't cli_posix_stat() twice
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 27 Jan 2020 13:15:42 +0000 (14:15 +0100)]
dbwrap: Improve an error message
Include the path where db_open() tried to find the ctdb socket
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Fri, 29 Nov 2019 08:46:21 +0000 (08:46 +0000)]
krb5_wrap: map KRB5_REALM_UNKNOWN to NT_STATUS_NO_SUCH_DOMAIN
This is much better than mapping it to NT_STATUS_UNSUCCESSFUL.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Feb 10 17:59:34 UTC 2020 on sn-devel-184
Stefan Metzmacher [Thu, 14 Nov 2019 14:38:42 +0000 (15:38 +0100)]
krb5_wrap: map KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN to NT_STATUS_INVALID_COMPUTER_NAME
KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN is already mapped to
NT_STATUS_INVALID_ACCOUNT_NAME and we need a way to
distinguish between client and server principal
at the NTSTATUS layer too.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Wed, 6 Nov 2019 14:38:23 +0000 (15:38 +0100)]
krb5_wrap: move source3/libads/krb5_errs.c to lib/krb5_wrap/krb5_errs.c
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Wed, 11 Dec 2019 13:53:20 +0000 (14:53 +0100)]
auth/gensec: map NT_STATUS_{INVALID_ACCOUNT_NAME,NO_SUCH_DOMAIN} to NT_STATUS_NO_SUCH_USER
This means nt_status_squash() will map NT_STATUS_NO_SUCH_USER to
LOGON_FAILURE later.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Tue, 19 Nov 2019 11:10:11 +0000 (12:10 +0100)]
gensec/spnego: fallback on INVALID_{ACCOUNT,COMPUTER}_NAME and NO_SUCH_DOMAIN
I think it's better to handle them in spnego.c, instead of squashing
them already in the gssapi/gse modules. This is related to
KRB5KDC_ERR_{C,S}_PRINCIPAL_UNKNOWN and KRB5_REALM_UNKNOWN.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Tue, 19 Nov 2019 11:10:11 +0000 (12:10 +0100)]
winbindd_cm: fallback to anonymous for INVALID_COMPUTER_NAME and NO_SUCH_DOMAIN too
These error codes are soon propagated in addition to
INVALID_ACOUNT_NAME through the gensec/spnego layers.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Fri, 7 Feb 2020 12:08:43 +0000 (13:08 +0100)]
smbspool: add more error codes to the auth_errors array
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Fri, 7 Feb 2020 12:06:46 +0000 (13:06 +0100)]
smbspool: use one element per line for the auth_errors array
This makes it more obvious if the later change the array.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Tue, 12 Nov 2019 21:01:43 +0000 (22:01 +0100)]
s4:gensec_krb5: remove unused argument of gensec_krb5_common_client_creds()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Wed, 13 Nov 2019 10:07:31 +0000 (11:07 +0100)]
s4:gensec_krb5: make use of talloc_zero() in gensec_krb5_start()
This is simpler and safter in case the structure gets new elements.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Tue, 12 Nov 2019 21:16:55 +0000 (22:16 +0100)]
s4:gensec_krb5: make use of struct samba_sockaddr
This avoids some strict-aliasing warnings.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Fri, 29 Nov 2019 12:48:24 +0000 (13:48 +0100)]
s3:libads: prefer ENCTYPE_AES256_CTS_HMAC_SHA1_96 in ads_keytab_add_entry()
This is currently not critical as we only use keytabs
only as acceptor, but in future we'll also use them
for kinit() and there we should prefer the newest type.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Fri, 29 Nov 2019 12:47:16 +0000 (13:47 +0100)]
lib/krb5_wrap: prefer new enctyptes in ms_suptypes_to_ietf_enctypes()
This is currently not critical as we only use keytabs
only as acceptor, but in future we'll also use them
for kinit() and there we should prefer the newest type.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 19 Dec 2019 14:50:24 +0000 (15:50 +0100)]
s3:libads: make use auth4_context_{for,get}_PAC_DATA_CTR() in kerberos_return_pac()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 19 Dec 2019 14:34:36 +0000 (15:34 +0100)]
auth/kerberos: add auth4_context_{for,get}_PAC_DATA_CTR() helpers
This adds a generic way to get to the raw (verified) PAC
and will be used in multiple places in future.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Martin Schwenke [Tue, 7 Jan 2020 05:30:23 +0000 (16:30 +1100)]
ctdb-tests: Add some tool unit tests to ensure that timeouts work
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Mon Feb 10 05:34:08 UTC 2020 on sn-devel-184
Martin Schwenke [Tue, 7 Jan 2020 05:26:42 +0000 (16:26 +1100)]
ctdb-tools: Allow shorter runtime limit to be specified
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Fri, 7 Feb 2020 05:11:23 +0000 (16:11 +1100)]
ctdb-tools: When in test mode set process group in top-level ctdb tool
If ctdbd hangs when shutting down in post-test clean-up then killing
the process group can kill the test. When in test mode, create a
process group but only in the top-level ctdb tool - the natgw and lvs
helpers also run the ctdb tool.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Wed, 5 Feb 2020 01:09:51 +0000 (12:09 +1100)]
ctdb-tests: Use $PWD/bin/ if it exists when running in-tree
When running tests from a top-level build, a stale build in ctdb/bin/
will be preferred and may cause confusing results.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Wed, 5 Feb 2020 01:07:55 +0000 (12:07 +1100)]
ctdb-tests: Make $ctdb_dir absolute
This is used to set several variables so it might as well be cd-proof.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Wed, 29 Jan 2020 05:28:46 +0000 (16:28 +1100)]
ctdb-daemon: Fork when not interactive and test mode is enabled
There is no sane way of keeping stdin open when using the shell to
background ctdbd in local_daemons.sh. Instead, have ctdbd fork when
not interactive and when test mode is enabled. become_daemon() can't
be used for this: if it forks then it also closes stdin.
For the interactive case, become_daemon() wasn't doing anything
special, so do nothing instead.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Wed, 29 Jan 2020 05:26:03 +0000 (16:26 +1100)]
ctdb-daemon: Make some conditions more explicit
These don't need to depend on do_fork. Child logging should be set up
whenever the daemon is not interactive. The stdin handler should be
setup whenever test mode is enabled.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Wed, 29 Jan 2020 05:08:56 +0000 (16:08 +1100)]
ctdb-daemon: Pass more information to ctdb_start_daemon()
No functional changes.
This is staging for a change that makes ctdbd fork when test mode is
enabled but interactive is not set.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Thu, 30 Jan 2020 02:38:52 +0000 (13:38 +1100)]
ctdb-tests: Don't actually close stdin in fake ssh
A subsequent file descriptor allocation may return 0 and unexpected
things may then happen.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Thu, 30 Jan 2020 02:37:00 +0000 (13:37 +1100)]
ctdb-tests: Redirect stdin from /dev/null when running a test
Otherwise, if the test is run via ssh it will "unexpectedly" find
itself at the other end of a pipe.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Wed, 29 Jan 2020 03:30:25 +0000 (14:30 +1100)]
Revert "ctdb-tests: Enable job control when keeping stdin open"
This doesn't work when stdin is not a tty.
This reverts commit
ea754bfdec9d537c500036d4d521bd41d34c0835.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Volker Lendecke [Wed, 5 Feb 2020 13:43:43 +0000 (15:43 +0200)]
smbd: Remove overriding file_attributes with unix_mode in the VFS
Internally to open.c this is still used, but that can go away next.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Feb 7 22:27:48 UTC 2020 on sn-devel-184
Volker Lendecke [Tue, 4 Feb 2020 14:46:09 +0000 (16:46 +0200)]
smbd: Allow a Posix create context to override the unix mode
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 4 Feb 2020 12:58:02 +0000 (14:58 +0200)]
smbd: Add posix create ctx to CREATE_FILE for posix operations
This will replace overloading file attributes
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 5 Feb 2020 13:25:12 +0000 (15:25 +0200)]
smbd: Add a "done:" exit for get_posix_fsp()
We'll have another exit with the next commit
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 4 Feb 2020 13:28:16 +0000 (15:28 +0200)]
smbd: Make unix_perms_from_wire() public
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 23 Jan 2020 20:14:44 +0000 (21:14 +0100)]
smbd: Add make_smb2_posix_create_ctx()
Will be used internally to pass an artificial posix create context
into VFS_CREATE_FILE from the SMB1 unix extension calls
Pair programmed with: Jeremy Allison <jra@samba.org>
Signed-off-by: Volker Lendecke <vl@samba.org>
Volker Lendecke [Tue, 4 Feb 2020 15:19:05 +0000 (17:19 +0200)]
smbd: Ignore incoming POSIX create context
We will use this internally and can only expose this once SMB3.11 unix
extensions are activated for the client.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 4 Feb 2020 15:18:41 +0000 (17:18 +0200)]
libsmb: Add smb2_create_blob_remove()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 4 Feb 2020 13:03:48 +0000 (15:03 +0200)]
libsmb: Allow passing in NULL to smb2_create_blob_find()
Will simplify callers a bit, and it does not change semantics
significantly. Zero create blobs won't find anything anyway.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 5 Feb 2020 04:56:05 +0000 (05:56 +0100)]
libsmb: Add posix create context definition
Pair programmed with: Jeremy Allison <jra@samba.org>
Signed-off-by: Volker Lendecke <vl@samba.org>
Volker Lendecke [Wed, 5 Feb 2020 15:01:52 +0000 (17:01 +0200)]
libsmb: Add required #includes to smb_util.h
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 5 Feb 2020 05:08:15 +0000 (06:08 +0100)]
libsmb: Add required includes to smb2_create_blob.h
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 5 Feb 2020 15:00:48 +0000 (17:00 +0200)]
libsmb: Remove "const" from smb_create_blob->tag
I want to TALLOC_FREE that soon, and we do a talloc_strdup into this anyway.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Jeremy Allison [Thu, 6 Feb 2020 21:36:41 +0000 (13:36 -0800)]
s3: lib: Now remote_machine is static, we can depend on it being non-NULL.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Feb 7 18:26:15 UTC 2020 on sn-devel-184
Andreas Schneider [Thu, 6 Feb 2020 12:31:52 +0000 (13:31 +0100)]
s3:lib: Remove unneded call to set_local_machine_name()
We return the netbios name by default if not set.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Thu, 6 Feb 2020 12:22:33 +0000 (13:22 +0100)]
s3:lib: Use a static buffer for (local|remote)_machine
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Thu, 6 Feb 2020 14:36:35 +0000 (15:36 +0100)]
libcli:smb: Don't use forward declartions for GnuTLS typedefs
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14271
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Feb 7 13:48:27 UTC 2020 on sn-devel-184
Douglas Bagnall [Thu, 6 Feb 2020 22:27:32 +0000 (11:27 +1300)]
samba-tool gpo: tighter matching for ini names
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Fri Feb 7 12:03:34 UTC 2020 on sn-devel-184
Douglas Bagnall [Thu, 6 Feb 2020 22:25:27 +0000 (11:25 +1300)]
python: use raw string for regex with escape
Python regards 'GPT\.INI$' as a string containing an invalid escape
sequence '\.', which is ignored (i.e. treated as the literal sequence
of those 2 characters), but only after Python has grumbled to itself,
and to you if you enabled DeprecationWarnings.
The proper thing to do here is use r-strings, like r'GPT\.INI$', which
tell Python that all backslashes are literal. Alternatively (as we do
once in this patch), the backslash can itself be escaped ('\\').
There are more problems of this nature in the build scripts.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
Douglas Bagnall [Thu, 6 Feb 2020 22:02:38 +0000 (11:02 +1300)]
pytests: heed assertEquals deprecation warning en-masse
TestCase.assertEquals() is an alias for TestCase.assertEqual() and
has been deprecated since Python 2.7.
When we run our tests with in python developer mode (`PYTHONDEVMODE=1
make test`) we get 580 DeprecationWarnings about this.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
Douglas Bagnall [Sun, 19 Jan 2020 02:08:58 +0000 (15:08 +1300)]
nmblib: avoid undefined behaviour in handle_name_ptrs()
If *offset is length - 1, we would read ubuf[(*offset)+1] as the lower
bits of the new *offset. This value is undefined, but because it is
checked against the valid range, there is no way to read further
beyond that one byte.
Credit to oss-fuzz.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14242
OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20193
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Feb 7 10:19:39 UTC 2020 on sn-devel-184
Gary Lockyer [Wed, 22 Jan 2020 01:18:00 +0000 (14:18 +1300)]
librpc ndr: Change loop index to size_t
Change the loop index in ndr_check_padding to size_t.
Credit to OSS-Fuzz
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20083
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14236
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Thu, 6 Feb 2020 21:50:07 +0000 (10:50 +1300)]
libprc ndr tests: Fix ndrdump test ntlmssp_CHALLENGE_MESSAGE
Fix the expected data in fuzzed_ntlmssp-CHALLENGE_MESSAGE.txt, as it
contained source code line numbers.
Andrew this test needs to be altered to us a regular expression and
remove the dependency on source line numbers.
Credit to OSS-Fuzz
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20083
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14236
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Tue, 14 Jan 2020 23:37:06 +0000 (12:37 +1300)]
librpc ndr: ndr_pull_advance check for unsigned overflow.
Handle uint32 overflow in ndr_pull_advance
Credit to OSS-Fuzz
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20083
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14236
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Sun, 26 Jan 2020 21:06:55 +0000 (10:06 +1300)]
librpc ndr tests: Unsigned overflow in ndr_pull_advance
Check that uint32 overflow is handled correctly by ndr_pull_advance.
Credit to OSS-Fuzz
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20083
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14236
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Wed, 22 Jan 2020 01:16:02 +0000 (14:16 +1300)]
librpc ndr: NDR_PULL_ALIGN check for unsigned overflow
Handle uint32 overflow in NDR_PULL_ALIGN
Credit to OSS-Fuzz
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20083
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14236
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Fri, 24 Jan 2020 02:21:47 +0000 (15:21 +1300)]
librpc ndr tests: uint32 overflow in NDR_PULL_ALIGN
Check that uint32 overflow is handled correctly by NDR_NEED_BYTES.
Credit to OSS-Fuzz
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20083
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14236
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Thu, 23 Jan 2020 21:41:35 +0000 (10:41 +1300)]
librpc ndr: Heap-buffer-overflow in lzxpress_decompress
Reproducer for oss-fuzz Issue 20083
Project: samba
Fuzzing Engine: libFuzzer
Fuzz Target: fuzz_ndr_drsuapi_TYPE_OUT
Job Type: libfuzzer_asan_samba
Platform Id: linux
Crash Type: Heap-buffer-overflow READ 1
Crash Address: 0x6040000002fd
Crash State:
lzxpress_decompress
ndr_pull_compression_xpress_chunk
ndr_pull_compression_start
Sanitizer: address (ASAN)
Recommended Security Severity: Medium
Credit to OSS-Fuzz
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20083
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14236
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Thu, 30 Jan 2020 03:44:05 +0000 (16:44 +1300)]
selftest: Test behaviour of DNS scavenge with an existing dNSTombstoned value
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14258
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Feb 6 16:24:25 UTC 2020 on sn-devel-184
Andrew Bartlett [Thu, 30 Jan 2020 03:41:39 +0000 (16:41 +1300)]
dsdb: Correctly handle memory in objectclass_attrs
el->values is caller-provided memory that should be thought of as constant,
it should not be assumed to be a talloc context.
Otherwise, if the caller gives constant memory or a stack
pointer we will get an abort() in talloc when it expects
a talloc magic in the memory preceeding the el->values.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14258
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Mon, 3 Feb 2020 03:45:45 +0000 (16:45 +1300)]
source4/scripting/bin: Swap machine account password scripts
I regularly get requests for my simple script to print the
password from the secrets.tdb (or secrets.ldb on the AD DC).
This removes the old script that only reads the secrets.ldb.
Neither new nor old script has tests, however it seems
better to have it in the tree where it can be found rather
that me digging it out of my outbound e-mail.
Originally posted here:
https://lists.samba.org/archive/samba/2017-November/212362.html
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Mon, 27 Aug 2018 11:02:50 +0000 (13:02 +0200)]
smb2_server: use sendmsg/recvmsg instead of writev/readv
This avoids a few function calls inside the kernel
in order to reach sock_sendmsg() quicker:
entry_SYSCALL_64_after_hwframe
do_syscall_64
__x64_sys_writev
do_writev
vfs_writev
do_iter_write
do_iter_readv_writev
sock_write_iter
sock_sendmsg
entry_SYSCALL_64_after_hwframe
do_syscall_64
__x64_sys_sendmsg
__sys_sendmsg
___sys_sendmsg
sock_sendmsg
As a side effect it will be useful for SMB-Direct invalidation
messages via msg->msg_control and CMSG_*.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 14 Nov 2019 16:36:36 +0000 (17:36 +0100)]
selftest: create a pcap file for the environment setup
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Wed, 30 Oct 2019 20:53:39 +0000 (21:53 +0100)]
selftest: create pcap files for invidual env services
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Tue, 4 Feb 2020 16:03:17 +0000 (17:03 +0100)]
selftest: move {setup,cleanup}_pcap() to selftest/target/Samba.pm
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Mon, 18 Nov 2019 21:02:13 +0000 (22:02 +0100)]
selftest: force LC_ALL=en_US.utf8 LANG=en_US.utf8
That makes sure we have the same as on gitlab runners
(see bootstrap/config.py).
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Wed, 22 Jan 2020 15:14:21 +0000 (15:14 +0000)]
s3:rpclient: simplify rpc_tstream_next_vector()
We always now how many bytes our caller requires,
so there's no need to use tstream_pending_bytes().
This makes it possible to read socket_wrapper generated
captures again, as wireshark requires the fixed (16 bytes) DCERPC
header to be in one TCP packet.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Mon, 27 Jan 2020 15:45:44 +0000 (16:45 +0100)]
s4:torture: make rpc.handles.random-assoc test even more robust
This improves commit
bebee47e6386476e9948089484f89d213fcc2660 a bit
further.
I just got this:
connect samr pipe1
use assoc_group_id[0x00000001] for new connections
connect lsa pipe2
got assoc_group_id[0x00000001] for p2
samr_Connect to open a policy handle on samr p1
use policy handle on lsa p2 - should fail
closing policy handle on samr p1
connect samr pipe3 - should fail
Failed to bind to uuid
12345778-1234-abcd-ef00-
0123456789ac for ncacn_np:localdc[\pipe\samr,validate,assoc_group_id=0x00000001,abstract_syntax=
12345778-1234-abcd-ef00-
0123456789ac/0x00000001] NT_STATUS_UNSUCCESSFUL
connect lsa pipe4 - should fail
Failed to bind to uuid
12345778-1234-abcd-ef00-
0123456789ab for ncacn_np:localdc[\pipe\lsarpc,validate,assoc_group_id=0x00000001,abstract_syntax=
12345778-1234-abcd-ef00-
0123456789ab/0x00000000] NT_STATUS_UNSUCCESSFUL
connect samr pipe5 with assoc_group_id[0xFFFFFFFF]- should fail
Failed to bind to uuid
12345778-1234-abcd-ef00-
0123456789ac for ncacn_np:localdc[\pipe\samr,validate,assoc_group_id=0xffffffff,abstract_syntax=
12345778-1234-abcd-ef00-
0123456789ac/0x00000001] NT_STATUS_UNSUCCESSFUL
connect lsa pipe6 with assoc_group_id[0x00000000]- should fail
UNEXPECTED(failure): samba4.rpc.handles on ncacn_np with validate.mixed-shared(ad_dc_ntvfs)
REASON: Exception: Exception: ../../source4/torture/rpc/handles.c:500: status was NT_STATUS_OK, expected NT_STATUS_UNSUCCESSFUL: opening lsa pipe6
FAILED (1 failures, 0 errors and 0 unexpected successes in 0 testsuites)
A summary with detailed information can be found in:
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Ralph Boehme [Wed, 22 Jan 2020 09:52:39 +0000 (10:52 +0100)]
smbd: avoid double chdir() in chdir_current_service()
Since
8e81090789e4cc3ba9e5aa792d4e52971909c894 we're doing chdir() twice, first
into conn->connectpath, then into conn->origpath.
Before commit
8e81090789e4cc3ba9e5aa792d4e52971909c894 if
chdir(conn->connectpath) succeeded, we wouldn't do the second chdir().
While at it, simplify the logging logic: if chdir() fails in this core function,
just always log is as error including the unix token.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14256
RN: smbd does a chdir() twice per request
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Feb 6 11:44:07 UTC 2020 on sn-devel-184
Ralph Boehme [Sat, 18 Jan 2020 07:11:52 +0000 (08:11 +0100)]
s3/lib: RIP smb_user_name
This has been replaced in previous commits by consistently using
current_user_info.smb_name.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Ralph Boehme [Sat, 18 Jan 2020 07:09:22 +0000 (08:09 +0100)]
s3/auth: use set_current_user_info() in auth3_check_password_send()
This delays reloading config slightly, but I don't see how could affect
observable behaviour other then log messages coming from the functions in
between the different locations for lp_load_with_shares() like
make_user_info_map() are sent to a different logfile if "log file" uses %U.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Ralph Boehme [Sat, 18 Jan 2020 07:06:45 +0000 (08:06 +0100)]
s3/auth: use set_current_user_info() in auth3_generate_session_info_pac()
This delays reloading config slightly, but I don't see how could affect
observable behaviour other then log messages coming from the functions in
between the different locations for lp_load_with_shares() like
make_session_info_krb5() are sent to a different logfile if "log file" uses %U.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Ralph Boehme [Fri, 17 Jan 2020 20:56:27 +0000 (21:56 +0100)]
s3/rpc_server/netlogon: use set_current_user_info() in _netr_LogonSamLogon_base()
Note that we're now sanitizing the username we got from the client, as we do
everywhere else.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Ralph Boehme [Fri, 17 Jan 2020 20:55:35 +0000 (21:55 +0100)]
smbd: remove sub_set_smb_name()/reload_services()
This means switching auth backend based on %U include, ie
passdb backend = tdbsam
include = smb.conf.%U
and smb.conf.SOMEUSER contains
passdb backend = smbpasswd
won't work anymore.
We're still calling set_current_user_info() and reload_services() later on
in this function, so everything else still works as before.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Ralph Boehme [Fri, 17 Jan 2020 18:31:06 +0000 (19:31 +0100)]
s4/auth: use talloc_alpha_strcpy() in auth_session_info_fill_unix()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Ralph Boehme [Fri, 17 Jan 2020 18:30:36 +0000 (19:30 +0100)]
s3/rpc_server: use talloc_alpha_strcpy() in _winreg_InitiateSystemShutdownEx()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Ralph Boehme [Fri, 17 Jan 2020 18:30:18 +0000 (19:30 +0100)]
s3/lib: use talloc_alpha_strcpy() in sub_set_smb_name()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Ralph Boehme [Fri, 17 Jan 2020 18:30:01 +0000 (19:30 +0100)]
s3/lib: use talloc_alpha_strcpy() in set_remote_machine_name()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Ralph Boehme [Fri, 17 Jan 2020 18:28:54 +0000 (19:28 +0100)]
s3/lib: use talloc_alpha_strcpy() in set_local_machine_name()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Ralph Boehme [Fri, 17 Jan 2020 18:28:34 +0000 (19:28 +0100)]
s3:auth: use talloc_alpha_strcpy() in auth3_session_info_create()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Ralph Boehme [Fri, 17 Jan 2020 18:28:13 +0000 (19:28 +0100)]
s3/auth: use talloc_alpha_strcpy() in create_local_token()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Ralph Boehme [Fri, 17 Jan 2020 18:15:22 +0000 (19:15 +0100)]
lib/util: add talloc_alpha_strcpy()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Ralph Boehme [Fri, 17 Jan 2020 13:42:22 +0000 (14:42 +0100)]
smbd: setting current_user stuff here is redundant
This is already handled by set_sec_ctx() below, we just have to pass in the
values instead of setting it here in this function before calling set_sec_ctx().
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Andreas Schneider [Wed, 5 Feb 2020 15:58:26 +0000 (16:58 +0100)]
wafsamba: Do not use 'rU' as the 'U' is deprecated in Python 3.9
See https://docs.python.org/3.9/whatsnew/3.9.html#changes-in-the-python-api
"open(), io.open(), codecs.open() and fileinput.FileInput no longer accept 'U'
(“universal newline”) in the file mode. This flag was deprecated since Python
3.3. In Python 3, the “universal newline” is used by default when a file is
open in text mode. The newline parameter of open() controls how universal
newlines works."
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14266
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Feb 6 07:30:13 UTC 2020 on sn-devel-184
Stefan Metzmacher [Wed, 22 Jan 2020 17:00:07 +0000 (17:00 +0000)]
winbindd: handling missing idmap in getgrgid()
A similar hunk was added via commit
89f753c1fc824fef29aebb7d783ab7e09cd1f04e ("winbind: Use xids2sids in getpwuid"),
but it was missing in commit
e2dda192e7f8b65a5f02120be56cf0f07d03679f ("winbind: Use xids2sids in getgrgid")
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14265
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Feb 5 17:56:58 UTC 2020 on sn-devel-184
Stefan Metzmacher [Thu, 23 Jan 2020 15:21:43 +0000 (16:21 +0100)]
s3:auth_sam: map an empty domain or '.' to the local SAM name
When a domain member gets an empty domain name or '.', it should
not forward the authentication to domain controllers of
the primary domain.
But we need to keep passing UPN account names with
an empty domain to the DCs as a domain member.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14247
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Tue, 4 Feb 2020 10:32:05 +0000 (11:32 +0100)]
s3:selftest: test authentication with an empty userdomain and upn names
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14247
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 23 Jan 2020 15:21:43 +0000 (16:21 +0100)]
s3:auth_sam: introduce effective_domain helper variables
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14247
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 23 Jan 2020 15:17:30 +0000 (16:17 +0100)]
s3:auth_sam: make sure we never handle empty usernames
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14247
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 23 Jan 2020 15:13:59 +0000 (16:13 +0100)]
s3:auth_sam: unify the debug messages of all auth_sam*_auth() functions
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14247
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>