Andrew Bartlett [Fri, 15 Dec 2023 04:10:42 +0000 (17:10 +1300)]
selftest: Add tests for "samba-tool user get-kerberos-ticket"
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Thu, 14 Dec 2023 01:50:05 +0000 (14:50 +1300)]
python/netcmd: Improve documentation for "samba-tool user getpassword"
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Thu, 14 Dec 2023 01:43:44 +0000 (14:43 +1300)]
python/netcmd: Add "samba-tool user get-kerberos-ticket" to get a ticket for a gMSA
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Mon, 18 Dec 2023 04:14:27 +0000 (17:14 +1300)]
WHATSNEW: Add entry for "samba-tool user getpassword" changes
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Rob van der Linde [Thu, 7 Dec 2023 02:53:01 +0000 (15:53 +1300)]
python: tests: blackbox test for GMSA
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Rob van der Linde [Fri, 15 Dec 2023 02:12:42 +0000 (15:12 +1300)]
samba-tool: document that -H can be used with gMSA accounts
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Rob van der Linde [Fri, 15 Dec 2023 02:10:39 +0000 (15:10 +1300)]
samba-tool: fix some grammar in getpassword docstrings
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Mon, 11 Dec 2023 07:56:16 +0000 (20:56 +1300)]
samba-tool: Make samba-tool user getpassword support a ';previous=1' option
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Mon, 11 Dec 2023 07:55:10 +0000 (20:55 +1300)]
samba-tool user getpassword: Prepare to support a ;previous=1 option, change behaviour for ;rounds=
This will return the previous password, but the pattern is to include
the option in the returned attribute name, so we need to use
vatter["raw_attr"], not 'a'.
This changes the behaviour for the ;rounds= option used when we hold
the plaintext password (possibly under GPG encryption).
This is now consistant with other parameters in the LDAP attribute,
and is now included in the returned attribute name.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Mon, 11 Dec 2023 08:40:44 +0000 (21:40 +1300)]
selftest: Modify expected output of 'samba-tool user getpassword' to be more consistant
This is consistant with ;format= support for time attributes and
other users of this parameter style elsewhere in LDAP.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Rob van der Linde [Thu, 14 Dec 2023 23:36:14 +0000 (12:36 +1300)]
selftest: fix failing user setpassword test
A side effect of being able to generate at read time unicodePwd for a gMSA is that we can also generate the unicodePwd from a virtualSambaGPG password.
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Mon, 11 Dec 2023 07:49:44 +0000 (20:49 +1300)]
samba-tool: Add support for getting the generated unicodePwd for a gMSA account
This pre-hashed value may be more practical to use than the random "UTF-16"
password. In particular it is easy to compare with the DB values.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Rob van der Linde [Fri, 1 Dec 2023 03:14:16 +0000 (16:14 +1300)]
netcmd: user: samba-tool support to allow non-windows use of GMSA accounts (show password)
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Tue, 12 Dec 2023 03:38:13 +0000 (16:38 +1300)]
samba-tool user getpassword: Use UTF16_MUNGED charcnv to map "UTF16" to UTF8
This copes with random invalid UTF-16 as seen with gMSA accounts.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Mon, 11 Dec 2023 03:54:57 +0000 (16:54 +1300)]
samba-tool: Prepare to allow samba-tool user getpasswords to operate against a remote server
While passwords are not normally available for read, Group Managed Service Account
passwords are, as this is how they are distributed.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Rob van der Linde [Thu, 7 Dec 2023 02:29:27 +0000 (15:29 +1300)]
netcmd: models: add object sid field to User model
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Rob van der Linde [Thu, 7 Dec 2023 02:28:04 +0000 (15:28 +1300)]
netcmd: getpassword: print OK message on stderr
This makes it easier to machine parse the output in tests
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Mon, 11 Dec 2023 04:41:21 +0000 (17:41 +1300)]
selftest: Avoid assertTrue() and assertFalse() where a better test exists
This allows the unittest framework to show the strings that the value was
not found in.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Rob van der Linde [Wed, 13 Dec 2023 01:03:14 +0000 (14:03 +1300)]
selftest: require named parameters for callers of connect_samdb() and connect_samdb_ex()
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Rob van der Linde [Wed, 13 Dec 2023 01:00:45 +0000 (14:00 +1300)]
selftest: add get_env_credentials()
This is like get_credentials but works for tests that are based
on environment variable for usernames and passwords.
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Rob van der Linde [Wed, 13 Dec 2023 01:00:00 +0000 (14:00 +1300)]
selftest: make get_loadparm a classmethod
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Rob van der Linde [Wed, 13 Dec 2023 23:57:09 +0000 (12:57 +1300)]
selftest: make _get_attribute use parse_ldif
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Rob van der Linde [Wed, 13 Dec 2023 03:50:18 +0000 (16:50 +1300)]
selftest: make _get_attribute a method on base class
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Rob van der Linde [Wed, 13 Dec 2023 03:41:11 +0000 (16:41 +1300)]
selftest: pep8: fix incorrect number of blank lines
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Rob van der Linde [Wed, 13 Dec 2023 03:40:17 +0000 (16:40 +1300)]
selftest: remove unused imports from virtualCryptSHA tests
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Rob van der Linde [Wed, 13 Dec 2023 03:39:06 +0000 (16:39 +1300)]
selftest: function _get_attribute() was in two places
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Volker Lendecke [Tue, 19 Dec 2023 09:30:58 +0000 (10:30 +0100)]
Revert "rpc_server:srvsvc - retrieve share ACL via root context"
This reverts commit
80c0b416892bfacc0d919fe032461748d7962f05.
With the previous patch it is no longer required. We open
share_info.tdb as root when starting up rpcd_classic and keep it open.
Commit
80c0b416892bfacc0d919fe032461748d7962f05 only fixed the
problem in one place, but we had it in a lot more places...
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15265
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Dec 20 11:20:51 UTC 2023 on atb-devel-224
Volker Lendecke [Wed, 13 Dec 2023 11:07:00 +0000 (12:07 +0100)]
rpcd_classic: Open share_info.tdb as root
srvsvc needs it, but for example NetShareGetInfo() runs as a
user. Opening share_info.tdb at that point is too late.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15265
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Wed, 29 Nov 2023 15:54:45 +0000 (16:54 +0100)]
smbd: Modernize a few DEBUG statements
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Tue Dec 19 17:07:04 UTC 2023 on atb-devel-224
Volker Lendecke [Mon, 27 Nov 2023 13:54:19 +0000 (14:54 +0100)]
smbd: Remove an unused function prototype
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Volker Lendecke [Mon, 27 Nov 2023 09:51:45 +0000 (10:51 +0100)]
smbd: Slightly simplify smbd_smb2_query_directory_send()
Avoid an if-statement when just assigning the result of the
if-condition to a boolean.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Volker Lendecke [Mon, 27 Nov 2023 13:53:07 +0000 (14:53 +0100)]
smbd: Give source3/smbd/dir.c its own header file
The prototypes were spread across 3 different files.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Volker Lendecke [Sun, 26 Nov 2023 15:20:44 +0000 (16:20 +0100)]
smbd: Remove unused srv_put_dos_date2()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Volker Lendecke [Sun, 26 Nov 2023 15:17:07 +0000 (16:17 +0100)]
smbd: Use srv_put_dos_date2_ts() in reply_printqueue()
srv_put_dos_date2_ts() uses convert_timespec_to_time_t() on the passed
timespec, which for ts_nsec==0 returns just tv_sec.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Volker Lendecke [Sun, 26 Nov 2023 14:17:45 +0000 (15:17 +0100)]
smbd: Introduce srv_put_dos_date2_ts()
All but one uses of srv_put_dos_date2() converted from struct
timespec. Put that into a new routine.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Volker Lendecke [Fri, 24 Nov 2023 15:27:42 +0000 (16:27 +0100)]
profile: Fix rusage reporting
getrusage already gives accumulated values, so add them to the tdb
record after smbprofile_stats_accumulate. Maybe we should not zero out
our internal copy after writing the tdb, this would save a call to
smbprofile_stats_accumulate() once a second.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Volker Lendecke [Mon, 20 Nov 2023 14:53:48 +0000 (15:53 +0100)]
profile: Fix a small memleak
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Volker Lendecke [Wed, 29 Nov 2023 12:30:23 +0000 (13:30 +0100)]
smbd: Remove "conn" from struct dptr_struct
We have it available behind "dir_hnd".
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Volker Lendecke [Sun, 26 Nov 2023 11:36:33 +0000 (12:36 +0100)]
lib: Remove duplicate prototypes
They also exist in lib/util/time.h
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Volker Lendecke [Wed, 29 Nov 2023 15:35:20 +0000 (16:35 +0100)]
lib: Fix some whitespace
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Martin Schwenke [Tue, 12 Dec 2023 23:29:05 +0000 (10:29 +1100)]
ctdb-server: Drop unnecessary copy of destination address
Modernise debug while touching the code.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15523
Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Dec 15 12:09:21 UTC 2023 on atb-devel-224
Martin Schwenke [Tue, 12 Dec 2023 23:22:04 +0000 (10:22 +1100)]
ctdb-daemon: Use ctdb_connection_to_buf() to simplify
The one case that is no longer handled specially is when the
destination address is IPv4 loopback. This may previously have been
used to avoid flooding the logs when testing. However, that seems
unnecessary - if testing with 127.0.0.1 then make it a public address.
Modernise debug while touching the code.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15523
Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Volker Lendecke [Thu, 12 Oct 2023 15:19:45 +0000 (17:19 +0200)]
smbd: Remove callback for release_ip when "state" is free'ed
If a client connects to a non-public address first followed by a connect
to public address with the same client_guid and a connection to
the non-public address gets disconnected first, we hit by a use-after-free
talloc_get_type_abort() called from release_ip() as
"xconn" is already gone, taking smbd_release_ip_state with it.
We need to decide between calling ctdbd_unregister_ips() by default, as
it means the tcp connection is really gone and ctdb needs to remove the
'tickle' information. But when a connection was passed to a different
smbd process, we need to use ctdbd_passed_ips() as the tcp connection is
still alive and the 'tickle' information should not be removed within
ctdb.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15523
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Volker Lendecke <vl@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Stefan Metzmacher [Fri, 17 Nov 2023 10:46:27 +0000 (11:46 +0100)]
s3:selftest: add samba3.blackbox.smbXsrv_client_ctdb_registered_ips
This demonstrates the crash that happens if a client connects to a
non-public address first followed by a connect
to public address with the same client_guid and a connection to
the non-public address gets disconnected first, we hit by a
use-after-free talloc_get_type_abort() called from release_ip() as
"xconn" is already gone, taking smbd_release_ip_state with it.
Note that we also need to mark some subtests as flapping
as there's a 2nd problem that happens in the interaction
between smbd processes and ctdb when passing a multichannel
connection to an existing process, it means we sometimes
loose the 'tickle' information within ctdb to that tcp connection.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15523
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Stefan Metzmacher [Fri, 17 Nov 2023 10:45:30 +0000 (11:45 +0100)]
selftest: export/use CTDB related envvars in order to run the ctdb command
This makes it easier to test things...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15523
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Stefan Metzmacher [Mon, 20 Nov 2023 13:57:46 +0000 (14:57 +0100)]
ctdbd_conn: add ctdbd_passed_ips()
This is similar to ctdbd_unregister_ips(), but with the
difference that ctdb keeps the 'tickle' information for
the tcp connection alive, because another smbd process
took care of that tcp connection in a multichannel scenario.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15523
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Stefan Metzmacher [Thu, 16 Nov 2023 12:18:03 +0000 (13:18 +0100)]
ctdbd_conn: add ctdbd_unregister_ips()
This reverts the effect of ctdbd_register_ips().
We'll use this in order to disconnect individual
multichannel connections.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15523
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Volker Lendecke [Thu, 12 Oct 2023 15:11:42 +0000 (17:11 +0200)]
ctdbd_conn: Add deregister_from_ctdbd()
This is to remove a callback during rundown of smbds.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15523
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Volker Lendecke <vl@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Stefan Metzmacher [Thu, 16 Nov 2023 12:04:12 +0000 (13:04 +0100)]
ctdbd_conn: let register_with_ctdbd() call CTDB_CONTROL_REGISTER_SRVID just once
We do the dispatching to multiple handlers in ctdbd_msg_call_back()
and we don't need more than one message from ctdb.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15523
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Stefan Metzmacher [Thu, 16 Nov 2023 12:29:18 +0000 (13:29 +0100)]
ctdbd_conn: don't use uninitialized memory in ctdbd_register_ips()
We dump the structure into the socket, so we need to zero the content
including possible padding.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15523
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Stefan Metzmacher [Fri, 17 Nov 2023 14:59:57 +0000 (15:59 +0100)]
ctdb: add/implement CTDB_CONTROL_TCP_CLIENT_PASSED
With multichannel a tcp connection is registered first with
a temporary smbd process, that calls CTDB_CONTROL_TCP_CLIENT
first and then passes the tcp connection to the longterm smbd
that already handles all connections belonging to the specific
client_guid. That smbd process calls CTDB_CONTROL_TCP_CLIENT
again, but the 'tickle' information is already there.
When the temporary smbd process exists/disconnects from ctdb
or calls CTDB_CONTROL_TCP_CLIENT_DISCONNECTED, the 'tickle'
information is removed, while the longterm smbd process
still serves the tcp connection.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15523
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Stefan Metzmacher [Wed, 15 Nov 2023 15:31:53 +0000 (16:31 +0100)]
ctdb: add/implement CTDB_CONTROL_TCP_CLIENT_DISCONNECTED
With multichannel a ctdb connection from smbd may hold multiple
tcp connections, which can be disconnected before the smbd
process terminates the whole ctdb connection, so we a
way to remove undo 'CTDB_CONTROL_TCP_CLIENT' again.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15523
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Stefan Metzmacher [Tue, 12 Dec 2023 12:39:21 +0000 (13:39 +0100)]
ctdb: add ctdb_connection_same() helper
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Stefan Metzmacher [Tue, 12 Dec 2023 12:27:17 +0000 (13:27 +0100)]
ctdb: make use of ctdb_canonicalize_ip_inplace() in ctdb_control_tcp_client()
We could also remove the src_addr and dest_addr helper variables
completely, but that would be too much for this commit.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Stefan Metzmacher [Tue, 12 Dec 2023 12:26:46 +0000 (13:26 +0100)]
ctdb: add ctdb_canonicalize_ip_inplace() helper
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Stefan Metzmacher [Thu, 16 Nov 2023 10:56:59 +0000 (11:56 +0100)]
ctdb: remove unused ctdb->client_ip_list and print debug on ctdb_tcp_list instead
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15523
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Stefan Metzmacher [Thu, 14 Dec 2023 10:35:19 +0000 (11:35 +0100)]
VERSION: move COPYRIGHT_STARTUP_MESSAGE as SAMBA_COPYRIGHT_STRING into version.h
We also prodive a samba_copyright_string() helper similar to
samba_version_string().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15377
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Björn Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Dec 15 10:44:42 UTC 2023 on atb-devel-224
Rob van der Linde [Thu, 2 Nov 2023 07:28:34 +0000 (20:28 +1300)]
netcmd: add shell command
A simple samba-tool shell, can be quite useful to play around with the ldb database and models.
All models get imported and the samdb connection variable made available.
Example usage:
bin/samba-tool shell -H <host> --workgroup <workgroup> --realm <realm>
>>> silos = AuthenticationSilo.query(ldb)
>>> for silo in silos:
... print(silo)
...
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Dec 15 03:51:55 UTC 2023 on atb-devel-224
Rob van der Linde [Thu, 14 Dec 2023 02:30:42 +0000 (15:30 +1300)]
python: use python3 style super statements
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Thu, 14 Dec 2023 02:24:29 +0000 (15:24 +1300)]
netcmd: getpassword: get rid of pointless overridden constructors
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Thu, 14 Dec 2023 02:14:27 +0000 (15:14 +1300)]
python: pep257: docstring should use double quotes
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Fri, 1 Dec 2023 02:01:16 +0000 (15:01 +1300)]
python: Remove references to removed parameters
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Dec 14 04:32:31 UTC 2023 on atb-devel-224
Joseph Sutton [Thu, 23 Nov 2023 08:04:07 +0000 (21:04 +1300)]
python: Remove unused parameter ‘backup’
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 23 Nov 2023 08:03:57 +0000 (21:03 +1300)]
python: Remove unused parameter ‘serverrole’
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 23 Nov 2023 08:03:19 +0000 (21:03 +1300)]
python: Remove unused parameter ‘am_rodc’
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 23 Nov 2023 08:02:13 +0000 (21:02 +1300)]
python: Remove unused parameter ‘am_rodc’
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 23 Nov 2023 08:01:19 +0000 (21:01 +1300)]
python: Remove unused parameters ‘backend_store’ and ‘backend_store_size’
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 23 Nov 2023 07:59:59 +0000 (20:59 +1300)]
python: Remove unused parameters ‘backend_store’ and ‘backend_store_size’
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 23 Nov 2023 07:58:02 +0000 (20:58 +1300)]
python: Remove unused parameter ‘fill’
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 23 Nov 2023 07:57:29 +0000 (20:57 +1300)]
python: Remove unused parameter ‘keytab_path’
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 23 Nov 2023 07:57:10 +0000 (20:57 +1300)]
python: Remove unused parameter ‘erase’
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 23 Nov 2023 07:56:49 +0000 (20:56 +1300)]
python: Remove unused parameter ‘backend_store_size’
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 23 Nov 2023 07:55:41 +0000 (20:55 +1300)]
python: Remove unused parameter ‘root_gid’
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 23 Nov 2023 07:54:45 +0000 (20:54 +1300)]
python: Remove unused parameters ‘maxuid’ and ‘maxgid’
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 23 Nov 2023 07:53:41 +0000 (20:53 +1300)]
python: Remove unused parameters ‘maxuid’ and ‘maxgid’
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 23 Nov 2023 07:52:32 +0000 (20:52 +1300)]
python: Remove unused parameter ‘name’
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 23 Nov 2023 07:52:03 +0000 (20:52 +1300)]
python: Remove unused parameter ‘netlogon’
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 23 Nov 2023 07:50:42 +0000 (20:50 +1300)]
python: Remove unused parameter ‘samdb’
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 23 Nov 2023 07:50:18 +0000 (20:50 +1300)]
python: Remove unused parameter ‘lp’
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 23 Nov 2023 07:48:56 +0000 (20:48 +1300)]
python: Remove unused parameter ‘message’
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 23 Nov 2023 07:47:31 +0000 (20:47 +1300)]
python: Remove unused parameter ‘targetdir’
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 23 Nov 2023 07:42:57 +0000 (20:42 +1300)]
python: Remove unused parameter ‘backend_store’
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 23 Nov 2023 07:42:16 +0000 (20:42 +1300)]
python: Remove unused parameter ‘lp’
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 23 Nov 2023 07:41:18 +0000 (20:41 +1300)]
python: Remove unused parameter ‘lp’
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 23 Nov 2023 07:40:16 +0000 (20:40 +1300)]
python: Remove unused parameter ‘targetdir’
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 23 Nov 2023 07:38:15 +0000 (20:38 +1300)]
python: Remove unused parameter ‘targetdir’
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 23 Nov 2023 07:37:04 +0000 (20:37 +1300)]
python: Remove unused parameter ‘backend_store’
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 23 Nov 2023 07:34:31 +0000 (20:34 +1300)]
python: Remove unused parameter ‘lp’
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 23 Nov 2023 07:34:08 +0000 (20:34 +1300)]
python: Remove unused parameter ‘logger’
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 30 Nov 2023 04:05:22 +0000 (17:05 +1300)]
python: Make use of ‘prefix’ parameter
This method is now consistent with the other ‘add_*_record()’ methods.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 23 Nov 2023 07:31:55 +0000 (20:31 +1300)]
python: Remove unused parameter ‘lp’
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 23 Nov 2023 07:30:55 +0000 (20:30 +1300)]
python: Remove unused parameter ‘targetdir’
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 30 Nov 2023 04:01:11 +0000 (17:01 +1300)]
python: Make use of ‘serverdn’ parameter
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 23 Nov 2023 07:22:16 +0000 (20:22 +1300)]
python: Remove unused variable ‘machinesid’
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 13 Nov 2023 00:00:43 +0000 (13:00 +1300)]
python: Remove unfinished join method
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 13 Dec 2023 23:50:31 +0000 (12:50 +1300)]
libcli/security: allow SDDL conditional ACE round-trip for -00 and -0x0
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 13 Dec 2023 04:24:50 +0000 (17:24 +1300)]
libcli/security: allow round-trip for conditional ACE hex integers
As with the previous commit, though not addressing the particular fuzz
case, zero hex numbers need to be explicitly written as "0x0", or the
round-trip will fail.
Credit to OSS-Fuzz.
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62929
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 13 Dec 2023 04:20:38 +0000 (17:20 +1300)]
libcli/security: allow round-trip for conditional ACE octal integers
The string "00" will decode into an integer tagged as octal, but
`snprintf("%#oll")` will write the string "0", which would decode as
decimal, so the in the SDDL1->SD1->SDDL2->SD2 round trip, SD1 would
not be the same as SD2.
The effect is really only relevant to SDDL, which wants to remember
what base the numbers were presented in, though the fuzzers and tests
don't directly compare SDDL, which can have extra spaces and so forth.
Credit to OSS-Fuzz.
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62929
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 13 Dec 2023 22:56:19 +0000 (11:56 +1300)]
libcli/security: tests for conditional ACE integer base persistence
Credit to OSS-Fuzz.
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62929
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 13 Dec 2023 23:27:08 +0000 (12:27 +1300)]
libcli/security: fix tests for SDDL conditional ACE round-trip
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>