Volker Lendecke [Sun, 13 Mar 2022 11:15:59 +0000 (12:15 +0100)]
vfs: Add SMB_VFS_GET_REAL_FILENAME_AT
In a patchset that I'm working on right now there's the need to call
getrealfilename while the code does have a pathref fsp already
around. Doing the name-based call including non_widelink_open is not
necessary in this case. Start by adding the _at based call to the VFS.
For now, fall back to the name-based call. glusterfs-fuse will in a
future patch be converted to fgetxattr.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Mon, 14 Mar 2022 21:52:11 +0000 (22:52 +0100)]
smbd: Pass up stat-info from openat_pathref_fsp() on error
If openat_pathref_fsp() fails, callers might want to inspect the stat
info. If we really failed on STOPPED_ON_SYMLINK, the caller might need
to know this, although openat_pathref_fsp() masked this error.
As there is no smb_fname->fsp returned from openat_pathref_fsp() on
error, we need to pass this up in smb_fname itself.
This essentially reverts
de439cd03047, which does basically the same
thing but is too specific. We need to cover the general !O_PATH case
more broadly.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Christof Schmitt [Wed, 27 Apr 2022 22:37:18 +0000 (15:37 -0700)]
vfs_gpfs: Ignore pathref fds for gpfs:recalls check
Setting gpfs:recalls=no should prevent data access to offline files.
Since Samba 4.14, the VFS openat function is also called with O_PATH to
get a reference to the path. These accesses should not be blocked,
otherwise this would prevent offline files from being included in
directory listings.
Fix this by skipping the check for pathref fds.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15055
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Apr 28 07:59:47 UTC 2022 on sn-devel-184
Volker Lendecke [Thu, 21 Apr 2022 13:48:09 +0000 (15:48 +0200)]
smbd: Slightly simplify call_trans2qpipeinfo()
Pass down "fsp" and "info_level", no need to parse this inside
call_trans2qpipeinfo() when the caller also has to do it.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Apr 26 22:38:59 UTC 2022 on sn-devel-184
Volker Lendecke [Sat, 23 Apr 2022 12:01:33 +0000 (14:01 +0200)]
smbd: Remove unused arguments from dup_file_fsp()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 21 Apr 2022 10:20:20 +0000 (12:20 +0200)]
smbd: fd_handle.h does not need includes.h
Move includes.h for struct files_struct to fd_handle.c. Both
printing.c and smb1_utils.c depended on fd_handle.h to include the
prototypes. Do that explicitly in those files.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 20 Apr 2022 05:53:38 +0000 (07:53 +0200)]
ldb: Avoid an "else"
We return in the if-branch, easier to read this way.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 19 Apr 2022 19:24:36 +0000 (21:24 +0200)]
lib: Remove smb_threads from includes.h
Only used in libsmb_context.c
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 19 Apr 2022 19:30:08 +0000 (21:30 +0200)]
lib: Remove an unneeded includes.h
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 19 Apr 2022 19:21:57 +0000 (21:21 +0200)]
lib: Remove an unneeded includes.h
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 19 Apr 2022 19:17:17 +0000 (21:17 +0200)]
lib: Remove an unneeded includes.h
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 19 Apr 2022 19:07:30 +0000 (21:07 +0200)]
lib: Remove an unneeded includes.h
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 19 Apr 2022 18:55:03 +0000 (20:55 +0200)]
lib: Remove an unused includes.h
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sat, 9 Apr 2022 06:59:43 +0000 (08:59 +0200)]
passdb: Introduce helper variables in make_pdb_method_name()
Easier debugging
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sat, 9 Apr 2022 07:18:52 +0000 (09:18 +0200)]
passdb: Split lines in make_pdb_method_name()
Looks nicer
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sat, 9 Apr 2022 06:15:54 +0000 (08:15 +0200)]
ldb: Introduce "colon" variable in ldb_module_connect_backend()
Easier debugging, avoid a second call to strchr()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sat, 9 Apr 2022 07:32:58 +0000 (09:32 +0200)]
ldb: Save a few lines with TALLOC_FREE()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sun, 10 Apr 2022 16:22:55 +0000 (18:22 +0200)]
ldb: Avoid "==true/false" in a boolean expression
That's what we have boolean variables and expressions for
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sun, 10 Apr 2022 17:20:53 +0000 (19:20 +0200)]
ldap_server: Fix typos
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sun, 10 Apr 2022 18:08:49 +0000 (20:08 +0200)]
passdb: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sun, 10 Apr 2022 18:14:38 +0000 (20:14 +0200)]
dsdb: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sun, 17 Apr 2022 11:08:39 +0000 (13:08 +0200)]
vfs: Remove unused last_lock_failure from files_struct
Save 72 bytes per open file handle
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Tue, 26 Apr 2022 05:39:12 +0000 (07:39 +0200)]
s3:passdb: Also allow to handle UPNs in lookup_name_smbconf()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15054
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Apr 26 20:16:33 UTC 2022 on sn-devel-184
Andreas Schneider [Tue, 26 Apr 2022 05:24:10 +0000 (07:24 +0200)]
s3:passdb: Refactor lookup_name_smbconf()
This will be changed to support UPNs too in the next patch.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15054
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Tue, 26 Apr 2022 10:26:25 +0000 (12:26 +0200)]
s3:passdb: Use already defined pointer in lookup_name_smbconf()
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Tue, 26 Apr 2022 05:12:02 +0000 (07:12 +0200)]
s3:passdb: Add support to handle UPNs in lookup_name()
This address an issue if sssd is running and handling nsswitch. If we look up
a user with getpwnam("DOMAIN\user") it will return user@REALM in the passwd
structure. We need to be able to deal with that.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15054
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Tue, 26 Apr 2022 05:10:56 +0000 (07:10 +0200)]
s3:passdb: Remove trailing spaces in lookup_sid.c
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15054
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Anoop C S [Mon, 25 Apr 2022 06:54:28 +0000 (12:24 +0530)]
libsmbconf: Avoid initial declaration inside 'for' loop
Building Samba on CentOS 7 with GCC version 4.8.5 results in the
following error:
[2725/3398] Compiling libcli/echo/tests/echo.c
../../lib/smbconf/pysmbconf.c: In function 'py_from_smbconf_service':
../../lib/smbconf/pysmbconf.c:72:2: error: 'for' loop initial
declarations are only allowed in C99 mode
for (uint32_t i = 0; i < svc->num_params; i++) {
^
../../lib/smbconf/pysmbconf.c:72:2: note: use option -std=c99 or
-std=gnu99 to compile your code
../../lib/smbconf/pysmbconf.c: In function 'obj_share_names':
../../lib/smbconf/pysmbconf.c:181:2: error: 'for' loop initial
declarations are only allowed in C99 mode
for (uint32_t i = 0; i < num_shares; i++) {
^
../../lib/smbconf/pysmbconf.c: In function 'obj_get_config':
../../lib/smbconf/pysmbconf.c:267:2: error: 'for' loop initial
declarations are only allowed in C99 mode
for (uint32_t i = 0; i < num_shares; i++) {
^
Therefore declare variables right at the start aligning to default C90
standard available with GCC version on CentOS 7.
Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Apr 25 13:23:18 UTC 2022 on sn-devel-184
John Mulligan [Fri, 1 Apr 2022 17:51:40 +0000 (13:51 -0400)]
python/samba/tests: add SMBConfTests suite
Add an initial suite of tests for the smbconf python bindings.
Currently only simple read-only methods are available.
Signed-off-by: John Mulligan <jmulligan@redhat.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz
Reviewed-by: David Mulder <dmulder@suse.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Thu Apr 21 15:33:38 UTC 2022 on sn-devel-184
John Mulligan [Thu, 31 Mar 2022 20:54:49 +0000 (16:54 -0400)]
lib/smbconf: add an initial set of python bindings
The smbconf library provides a generic interface for Samba configuration
backends. In order to access these backends, including the read-write
registry backend, we add a new python binding for smbconf - the general
interface library.
This initial set of bindings covers some basic read-only calls. This
includes function calls for listing shares (config sections) and getting
the parameters of the shares. The `init_txt` construction function must
be used to get a new SMBConf object. This is done so that other
backends, specifically the registry backend from source3 can be used in
the future. Those will provide their own construction funcs.
Signed-off-by: John Mulligan <jmulligan@redhat.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz
Reviewed-by: David Mulder <dmulder@suse.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Christian Ambach [Wed, 20 Apr 2022 20:46:52 +0000 (22:46 +0200)]
lib/cmdline: fix a typo
Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Apr 21 06:59:12 UTC 2022 on sn-devel-184
Christian Ambach [Wed, 23 Oct 2019 07:56:51 +0000 (09:56 +0200)]
s3:utils:smbcacls fix a typo
Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
Andreas Schneider [Mon, 11 Oct 2021 12:47:25 +0000 (14:47 +0200)]
s4:kdc: Add asserted identity SID to identify whether S4U2Self has occurred
Because the KDC does not limit protocol transition (S4U2Self), two new
well-known SIDs are available to give this control to the resource
administrator. These SIDs identify whether protocol transition (S4U2Self) has
occurred, and can be used with standard access control lists to grant or limit
access as needed.
See
https://docs.microsoft.com/en-us/windows-server/security/kerberos/kerberos-constrained-delegation-overview
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Apr 13 13:54:27 UTC 2022 on sn-devel-184
Andreas Schneider [Mon, 24 Jan 2022 12:04:23 +0000 (13:04 +0100)]
s4:dsdb:tests: Also pass tests if asserted identity is present
We should make sure that we use NTLMSSP or Kerberos consistently
for the tests and don't mix them.
We're also much stricter and symmetric_difference() to
check if the sets are actually the same.
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andreas Schneider [Tue, 22 Feb 2022 10:39:21 +0000 (11:39 +0100)]
s4:selftest: Do not print the env twice
This makes it easier to write knownfail rules
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andreas Schneider [Mon, 24 Jan 2022 12:03:36 +0000 (13:03 +0100)]
s4:torture: let remote_pac test for asserted identity sids
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andreas Schneider [Mon, 29 Nov 2021 15:17:23 +0000 (16:17 +0100)]
python:tests: Add krb5 tests for asserted identity
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Mon, 14 Feb 2022 14:15:24 +0000 (15:15 +0100)]
python:tests: Reorder variables
Those will be needed earlier in the next commit.
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andreas Schneider [Fri, 21 Jan 2022 09:19:20 +0000 (10:19 +0100)]
python:tests: Add support for unexpected groups in krb5 tests
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andreas Schneider [Fri, 21 Jan 2022 10:20:22 +0000 (11:20 +0100)]
python:tests: Add support for expected groups in krb5 tests
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Fri, 11 Feb 2022 14:47:22 +0000 (15:47 +0100)]
python:tests: Allow to print krb5 encryption keys as string
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Fri, 11 Feb 2022 14:46:53 +0000 (15:46 +0100)]
python:tests: Add support to print krb5 keys as string
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Andreas Schneider [Wed, 23 Mar 2022 15:34:25 +0000 (16:34 +0100)]
s4:kdc: Fix S4U2Proxy in RODC case to return an error
Tested also against Windows Server 2022.
Details:
https://lists.samba.org/archive/cifs-protocol/2022-April/003673.html
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andreas Schneider [Mon, 11 Oct 2021 12:47:25 +0000 (14:47 +0200)]
s4:kdc: pass down SAMBA_KDC_FLAG_PROTOCOL_TRANSITION to samba_kdc_update_pac()
This gives samba_kdc_update_pac() a chance to detect S4U2Self.
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andreas Schneider [Mon, 11 Oct 2021 11:33:33 +0000 (13:33 +0200)]
s4:mit-samba: Pass flags to mit_samba_get_pac()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andreas Schneider [Mon, 11 Oct 2021 11:31:49 +0000 (13:31 +0200)]
s4:mit-samba: Pass flags to ks_get_pac()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andreas Schneider [Wed, 23 Mar 2022 16:01:24 +0000 (17:01 +0100)]
python:tests: Check code error code in test_s4u2self_rodc_revealed
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Thu, 17 Mar 2022 15:36:14 +0000 (16:36 +0100)]
python:tests: Fix standalone run of kdc_tgs_tests
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Andreas Schneider [Wed, 23 Mar 2022 16:25:09 +0000 (17:25 +0100)]
s4:kdc: Set debug class for pac-glue
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Fri, 11 Feb 2022 12:19:50 +0000 (13:19 +0100)]
librpc:idl: Add comments to assert identity string in security.idl
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Samuel Cabrero [Tue, 12 Apr 2022 14:56:25 +0000 (16:56 +0200)]
selftest: Use selftest's TMPDIR to store the krb5 ccache in pam_winbind_setcred test
Using /tmp directly can lead to errors if multiple autobuilds are
running at the same time. Using tempfile.gettempdir() will look for
$TMPDIR environment variable.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Samuel Cabrero [Wed, 13 Apr 2022 11:20:27 +0000 (13:20 +0200)]
selftest: Use selftest's TMPDIR to store the krb5 ccache in pam_winbind tests
Using /tmp directly can lead to errors if multiple autobuilds are
running at the same time. Using tempfile.gettempdir() will look for
$TMPDIR environment variable.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Samuel Cabrero [Wed, 13 Apr 2022 09:34:18 +0000 (11:34 +0200)]
s3:winbind: Remove no longer used domain's private_data pointer
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15046
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Samuel Cabrero [Wed, 13 Apr 2022 09:31:45 +0000 (11:31 +0200)]
s3:winbind: Do not use domain's private data to store the ADS_STRUCT
The ADS_STRUCT is not allocated using talloc and there are many places
casting this pointer directly so use a typed pointer.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15046
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Samuel Cabrero [Wed, 13 Apr 2022 09:15:35 +0000 (11:15 +0200)]
s3:winbind: Simplify open_cached_internal_pipe_conn()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15046
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Samuel Cabrero [Wed, 13 Apr 2022 09:01:00 +0000 (11:01 +0200)]
s3:winbind: Do not use domain's private data to store the SAMR pipes
The domain's private_data pointer is also used to store a ADS_STRUCT,
which is not allocated using talloc and there are many places casting
this pointer directly.
The recently added samba.tests.pam_winbind_setcred was randomly failing
and after debugging it the problem was that kerberos authentication was
failing because the time_offset passed to kerberos_return_pac() was
wrong. This time_offset was retrieved from ads->auth.time_offset, where
the ads pointer was directly casted from domain->private_data but
private_data was pointing to a winbind_internal_pipes struct.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15046
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Samuel Cabrero [Tue, 12 Apr 2022 09:48:28 +0000 (11:48 +0200)]
s3:winbind: Fix uninitialized validation_level variable
Found by oss-fuzz:
../../source3/winbindd/winbindd_pam.c:2879:7: error: variable 'validation_level' is used uninitialized whenever 'if' condition is true [-Werror,-Wsometimes-uninitialized]
if (!(state->request->flags & WBFLAG_BIG_NTLMV2_BLOB) ||
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../source3/winbindd/winbindd_pam.c:3003:6: note: uninitialized use occurs here
validation_level,
^~~~~~~~~~~~~~~~
../../source3/winbindd/winbindd_pam.c:2879:3: note: remove the 'if' if its condition is always false
if (!(state->request->flags & WBFLAG_BIG_NTLMV2_BLOB) ||
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../source3/winbindd/winbindd_pam.c:2879:7: error: variable 'validation_level' is used uninitialized whenever '||' condition is true [-Werror,-Wsometimes-uninitialized]
if (!(state->request->flags & WBFLAG_BIG_NTLMV2_BLOB) ||
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../source3/winbindd/winbindd_pam.c:3003:6: note: uninitialized use occurs here
validation_level,
^~~~~~~~~~~~~~~~
../../source3/winbindd/winbindd_pam.c:2879:7: note: remove the '||' if its condition is always false
if (!(state->request->flags & WBFLAG_BIG_NTLMV2_BLOB) ||
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../source3/winbindd/winbindd_pam.c:2853:27: note: initialize the variable 'validation_level' to silence this warning
uint16_t validation_level;
^
= 0
1 warning and 2 errors generated.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15044
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Apr 12 18:54:50 UTC 2022 on sn-devel-184
Pavel Filipenský [Wed, 16 Mar 2022 08:11:25 +0000 (09:11 +0100)]
tevent:tests: Test queue entry tags
Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Apr 11 17:51:08 UTC 2022 on sn-devel-184
Pavel Filipenský [Mon, 14 Mar 2022 10:22:15 +0000 (11:22 +0100)]
tevent: Add tevent queue tracing support
Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Pavel Filipenský [Wed, 23 Mar 2022 13:50:57 +0000 (14:50 +0100)]
tevent: Use internally an empty trigger function for blocker requests
This avoids special magic, but keeps the same external behavior.
It makes the following changes easier to understand.
Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Pavel Filipenský [Wed, 30 Mar 2022 13:59:51 +0000 (15:59 +0200)]
tevent: Move the code below the trigger check
This makes the next commit smaller.
Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Pavel Filipenský [Mon, 14 Mar 2022 10:16:58 +0000 (11:16 +0100)]
tevent: Fix trailing whitespaces
Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Samuel Cabrero [Thu, 31 Mar 2022 10:34:29 +0000 (12:34 +0200)]
examples: Update winbindd.stp and generate script
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Apr 8 21:06:01 UTC 2022 on sn-devel-184
Samuel Cabrero [Mon, 14 Jun 2021 17:13:48 +0000 (19:13 +0200)]
s3:winbind: Convert PamAuth from struct based to NDR based
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Samuel Cabrero [Thu, 17 Feb 2022 11:29:12 +0000 (12:29 +0100)]
s3:winbind: Set local and remote addresses in the crafted dcesrv_conn
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Samuel Cabrero [Mon, 14 Jun 2021 16:05:34 +0000 (18:05 +0200)]
s3:winbind: Make extra_data_to_sid_array() public
Later winbindd_dual_pam_auth() will be converted to a local RPC call
handler and the parent will call this function to fill the 'r' struct.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Samuel Cabrero [Wed, 30 Mar 2022 18:55:12 +0000 (20:55 +0200)]
s3:winbind: Refactor log_authentication(), do not take winbindd_cli_state struct parameter
Later winbindd_dual_pam_auth() will be converted to a local RPC call
handler and it will not receive a winbindd_cli_state parameter. Avoid
passing this struct around.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Samuel Cabrero [Mon, 14 Jun 2021 16:08:21 +0000 (18:08 +0200)]
s3:winbind: Refactor fake_password_policy(), take netr_Validation as argument
Later winbindd_dual_pam_auth() will be converted to a local RPC call
handler and it will return a netr_Validation from the child. This
function will be moved to the parent to fill the winbindd_response
struct.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Samuel Cabrero [Thu, 10 Jun 2021 14:50:06 +0000 (16:50 +0200)]
s3:winbind: Refactor winbindd_dual_pam_auth_cached(), return netr_Validation
Map netr_SamInfo3 to netr_Validation in this function instead of doing
it in the caller.
Later winbindd_dual_pam_auth() will be converted to a local RPC
handler and it will return the netr_Validation in the 'r' struct.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Samuel Cabrero [Thu, 10 Jun 2021 14:45:10 +0000 (16:45 +0200)]
s3:winbind: Refactor winbindd_dual_pam_auth_cached(), avoid winbindd_cli_state parameter
Later winbindd_dual_pam_auth() will be converted to a local RPC
handler and it will not receive a winbindd_cli_state struct as parameter.
Avoid passing around this struct.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Samuel Cabrero [Thu, 10 Jun 2021 14:15:13 +0000 (16:15 +0200)]
s3:winbind: Refactor winbindd_dual_pam_auth_cached(), return krb5ccname as out parameter
Later winbindd_dual_pam_auth() will be converted to a local RPC
handler and it will not receive a winbindd_cli_state struct as parameter.
Avoid passing around this struct.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Samuel Cabrero [Wed, 30 Mar 2022 16:12:46 +0000 (18:12 +0200)]
s3:winbind: Refactor winbindd_dual_pam_auth_cached(), delay out variable assignment
Delay the assignment of the out varible and assign it only if
returning NT_STATUS_OK, the caller does not use the returned
netr_SamInfo3 if the function does not return NT_STATUS_OK.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Samuel Cabrero [Thu, 10 Jun 2021 14:34:56 +0000 (16:34 +0200)]
s3:winbind: Refactor winbindd_dual_pam_auth_cached(), use temporary memory context
This function allocates a lot of intermedite variables, use a temporary
memory context.
The out variable info3 is assigned using talloc_steal() because the
local my_info3 is used below.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Samuel Cabrero [Mon, 14 Jun 2021 16:39:02 +0000 (18:39 +0200)]
s3:winbind: Refactor winbindd_dual_pam_auth_kerberos(), return netr_Validation
Map netr_SamInfo6 to netr_Validation in winbindd_dual_pam_auth_kerberos()
instead of doing it in the caller.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Samuel Cabrero [Thu, 10 Jun 2021 12:03:43 +0000 (14:03 +0200)]
s3:winbind: Refactor winbindd_dual_pam_auth_kerberos(), do not take winbindd_cli_state struct parameter
Refactor winbindd_dual_pam_auth_kerberos() to do not take a
winbindd_cli_state struct as parameter but its members. The kerberos
ccache name is returned as an out parameter and the caller is
responsible for copying it in the winbindd_response struct.
Later winbindd_dual_pam_auth() will be converted to a local RPC call
handler and it will not receive a winbindd_cli_state as argument so
reduce passing this struct around.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Samuel Cabrero [Thu, 10 Jun 2021 11:23:23 +0000 (13:23 +0200)]
s3:winbind: Refactor append_afs_token(), do not take winbindd_response struct as parameter
Refactor the append_afs_token() function to do not take a
winbindd_response as a parameter but its members directly. The AFS token
is returned as an out parameter in a DATA_BLOB, and the caller is
responsible for setting it the extra_data winbindd_response field and
extending the winbindd_response length.
Later winbindd_dual_pam_auth() will be converted to a local RPC
call handler and the netr_Validation will be returned in the 'r' struct
from the child to the parent. The parent will then fill the
winbindd_response struct.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Samuel Cabrero [Thu, 10 Jun 2021 11:18:54 +0000 (13:18 +0200)]
s3:winbind: Refactor append_unix_username(), do not take winbindd_response struct as parameter
Refactor the append_unix_username() function to do not take a
winbindd_response struct as parameter but its members. The
unix username is returned as an out parameter and the caller is
responsible for setting it in the winbindd_response struct.
Later winbindd_dual_pam_auth() will be converted to a local RPC
call handler and the netr_Validation will be returned in the 'r' struct
from the child to the parent. The parent will then fill the
winbindd_response struct.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Samuel Cabrero [Fri, 18 Jun 2021 07:22:39 +0000 (09:22 +0200)]
selftest: Add a test for PamLogOff
This test also verifies the KRB5CCNAME environment variable is set after
a successful PAM authentication with Kerberos.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Samuel Cabrero [Wed, 30 Mar 2022 09:46:08 +0000 (11:46 +0200)]
selftest: Extend test_wbc_logon_user to test WBFLAG_PAM_UNIX_NAME flag
Use the same function append_unix_username() uses to build the expected
value as it depends on the server role. This requires linking
winbindd-lib.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Samuel Cabrero [Thu, 31 Mar 2022 10:32:08 +0000 (12:32 +0200)]
s4:rpc_server: Fix duplicated function name between s3 and s4
It can lead to link errors:
/usr/lib64/gcc/x86_64-suse-linux/11/../../../../x86_64-suse-linux/bin/ld: source3/rpc_server/rpc_server.c.24.o: in function `dcesrv_transport_terminate_connection':
/home/scabrero/workspace/samba/samba/bin/default/../../source3/rpc_server/rpc_server.c:242: multiple definition of `dcesrv_transport_terminate_connection'; source4/rpc_server/dcerpc_server.c.5.o:/home/scabrero/workspace/samba/samba/bin/default/../../source4/rpc_server/dcerpc_server.c:710: first defined here
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Samuel Cabrero [Thu, 31 Mar 2022 10:29:14 +0000 (12:29 +0200)]
s4:rpc_server: Fix duplicated function name between s3 and s4
It can lead to link errors:
/usr/lib64/gcc/x86_64-suse-linux/11/../../../../x86_64-suse-linux/bin/ld: source3/rpc_server/rpc_server.c.24.o: in function `dcesrv_assoc_group_find':
/home/scabrero/workspace/samba/samba/bin/default/../../source3/rpc_server/rpc_server.c:229: multiple definition of `dcesrv_assoc_group_find'; source4/rpc_server/dcerpc_server.c.5.o:/home/scabrero/workspace/samba/samba/bin/default/../../source4/rpc_server/dcerpc_server.c:121: first defined here
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Samuel Cabrero [Thu, 10 Jun 2021 10:02:08 +0000 (12:02 +0200)]
s3:winbind: Refactor check_info3_in_group() to take a wbint_SidArray struct
Refactor the check_info3_in_group() function to take a wbint_SidArray
struct. The sid strings stored in extra_data are parsed into a
wbint_SidArray in a separated function.
Later, winbindd_dual_pam_auth() will be converted to a local RPC
call handler and the wbint_SidArray containing the required membership
will be part of the 'r' struct.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Samuel Cabrero [Wed, 2 Mar 2022 17:44:07 +0000 (18:44 +0100)]
s3:winbind: Move sighup handling related functions to winbindd-lib subsystem
The source3/winbindd/winbindd.c file does not belong to 'winbindd-lib'
subsystem. Funtions called from winbindd-lib must be part of it.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Samuel Cabrero [Wed, 2 Mar 2022 17:30:19 +0000 (18:30 +0100)]
s3:winbind: Move sigterm handling functions to winbindd-lib subsystem
The source3/winbindd/winbindd.c file does not belong to 'winbindd-lib'
subsystem. Funtions called from winbindd-lib must be part of it.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Samuel Cabrero [Wed, 2 Mar 2022 17:21:09 +0000 (18:21 +0100)]
s3:winbind: Rename terminate() function to winbindd_terminate()
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Samuel Cabrero [Wed, 2 Mar 2022 17:16:51 +0000 (18:16 +0100)]
s3:winbind: Move servide reload related functions to winbindd-lib subsystem
The source3/winbindd/winbindd.c file does not belong to 'winbindd-lib'
subsystem. Funtions called from winbindd-lib must be part of it.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Samuel Cabrero [Wed, 2 Mar 2022 17:13:15 +0000 (18:13 +0100)]
s3:winbind: Move function to flush cache to winbindd-lib subsystem
The source3/winbindd/winbindd.c file does not belong to 'winbindd-lib'
subsystem. Funtions called from winbindd-lib must be part of it.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Samuel Cabrero [Wed, 2 Mar 2022 17:03:34 +0000 (18:03 +0100)]
s3:winbind: Move the function to get the privileged pipe dir to winbindd-lib subsystem
The source3/winbindd/winbindd.c file does not belong to 'winbindd-lib'
subsystem. Funtions called from winbindd-lib must be part of it.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Samuel Cabrero [Wed, 2 Mar 2022 17:00:56 +0000 (18:00 +0100)]
s3:winbind: Move imessaging context init function to winbindd-lib subsystem
The source3/winbindd/winbindd.c file does not belong to 'winbindd-lib'
subsystem. Funtions called from winbindd-lib must be part of it.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Samuel Cabrero [Wed, 2 Mar 2022 16:54:54 +0000 (17:54 +0100)]
s3:winbind: Move functions to enable or disable cache to winbindd-lib subsystem
The source3/winbindd/winbindd.c file does not belong to 'winbindd-lib'
subsystem. Funtions called from winbindd-lib must be part of it.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Jeremy Allison [Tue, 5 Apr 2022 17:32:20 +0000 (10:32 -0700)]
WHATSNEW.txt: Add explaination of --without-smb1-server and --with-smb1-server configure options.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Mulder <dmulder@suse.com>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Apr 7 18:33:31 UTC 2022 on sn-devel-184
David Mulder [Thu, 3 Mar 2022 21:07:50 +0000 (14:07 -0700)]
ci: Create samba-fileserver-without-smb1 environment
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Mulder [Wed, 6 Apr 2022 18:55:01 +0000 (12:55 -0600)]
configure: Fail smbd w/o smb1 if selftest when configured with ad_dc
When we build with samba selftest and ad_dc, we must
include smb1 in smbd.
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Mulder [Mon, 7 Mar 2022 17:10:14 +0000 (10:10 -0700)]
configure: Add option for disabling the smb1 server
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Jeremy Allison [Tue, 5 Apr 2022 02:55:39 +0000 (19:55 -0700)]
s3: smbd: Rename init_smb_request() -> init_smb1_request().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Mulder <dmulder@suse.com>
Jeremy Allison [Tue, 5 Apr 2022 02:53:20 +0000 (19:53 -0700)]
s3: smbd: Rename reply_outbuf() -> reply_smb1_outbuf().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Mulder <dmulder@suse.com>
Jeremy Allison [Tue, 5 Apr 2022 01:45:44 +0000 (18:45 -0700)]
s3: smbd: Rename create_outbuf() -> create_smb1_outbuf()
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Mulder <dmulder@suse.com>
Jeremy Allison [Tue, 5 Apr 2022 01:43:54 +0000 (18:43 -0700)]
s3: smbd: Rename construct_reply_common_req() -> construct_smb1_reply_common_req()
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Mulder <dmulder@suse.com>
Jeremy Allison [Tue, 5 Apr 2022 01:42:02 +0000 (18:42 -0700)]
s3: smbd: Rename construct_reply_common() -> construct_smb1_reply_common().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Mulder <dmulder@suse.com>
Jeremy Allison [Tue, 5 Apr 2022 01:40:11 +0000 (18:40 -0700)]
s3: smbd: Rename srv_set_message() -> srv_smb1_set_message().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Mulder <dmulder@suse.com>