Joseph Sutton [Thu, 5 May 2022 09:19:34 +0000 (21:19 +1200)]
wintest: Remove unreachable return statement
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Joseph Sutton [Thu, 5 May 2022 09:18:49 +0000 (21:18 +1200)]
selftest: Remove unreachable return statement
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Joseph Sutton [Thu, 5 May 2022 09:16:17 +0000 (21:16 +1200)]
samba-tool: Don't try to delete local_tdo_handle twice.
This code is unreachable, as local_tdo_handle has already been deleted
and set to None earlier.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Joseph Sutton [Thu, 5 May 2022 09:12:05 +0000 (21:12 +1200)]
wafsamba: Fix previously unreachable exception path
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Joseph Sutton [Thu, 5 May 2022 09:11:07 +0000 (21:11 +1200)]
python: Remove unnecessary 'pass' statements
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Joseph Sutton [Thu, 5 May 2022 09:08:06 +0000 (21:08 +1200)]
samba-tool gpo: Fix unintended string concatenations
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Joseph Sutton [Thu, 5 May 2022 23:59:28 +0000 (11:59 +1200)]
samba-tool gpo tests: Fix unintended string concatenations
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Joseph Sutton [Thu, 5 May 2022 09:07:36 +0000 (21:07 +1200)]
examples: Make samr.py work with Python 3
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Joseph Sutton [Thu, 5 May 2022 09:06:46 +0000 (21:06 +1200)]
examples: Make netbios.py work with Python 3
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Joseph Sutton [Thu, 5 May 2022 09:04:48 +0000 (21:04 +1200)]
examples: Remove unused imports
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Joseph Sutton [Thu, 5 May 2022 08:42:18 +0000 (20:42 +1200)]
python/xattr: Properly process system.posix_acl_access
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Joseph Sutton [Thu, 5 May 2022 08:41:26 +0000 (20:41 +1200)]
samba-tool processes: Remove unused loop
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
John Mulligan [Mon, 25 Apr 2022 16:04:20 +0000 (12:04 -0400)]
lib/smbconf: add python wrapper functions for transaction management
The smbconf API supports transactions. This changes adds wrapper
functions transaction_start, transaction_commit, and transaction_cancel.
It also adds tests for the functions, one of which demonstrates a
semi-pythonic way to use said functions.
Signed-off-by: John Mulligan <jmulligan@redhat.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri May 6 18:14:30 UTC 2022 on sn-devel-184
John Mulligan [Mon, 25 Apr 2022 14:16:56 +0000 (10:16 -0400)]
lib/smbconf: add delete_global_parameter method to SMBConf
Add a delete_global_parameter method wrapping smbconf_delete_global_parameter.
Signed-off-by: John Mulligan <jmulligan@redhat.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
John Mulligan [Mon, 25 Apr 2022 13:59:36 +0000 (09:59 -0400)]
lib/smbconf: add delete_parameter method to SMBConf
Add a delete_parameter method wrapping smbconf_delete_parameter.
Signed-off-by: John Mulligan <jmulligan@redhat.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
John Mulligan [Sun, 24 Apr 2022 15:48:41 +0000 (11:48 -0400)]
lib/smbconf: add create_set_share method to SMBConf
Add the create_set_share method wrapping smbconf_create_set_share.
This method is one of the most complex as it must "unpack" the list
of key-value pairs from python and convert that to a `struct
smbconf_service` for the smbconfig C API.
Signed-off-by: John Mulligan <jmulligan@redhat.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
John Mulligan [Sun, 24 Apr 2022 14:25:50 +0000 (10:25 -0400)]
lib/smbconf: add delete_share method to SMBConf
Add a delete_share method wrapping smbconf_delete_share.
Signed-off-by: John Mulligan <jmulligan@redhat.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
John Mulligan [Sun, 24 Apr 2022 14:19:37 +0000 (10:19 -0400)]
lib/smbconf: add set_global_parameter method to SMBConf
Add a set_global_parameter method wrapping smbconf_set_global_parameter.
Signed-off-by: John Mulligan <jmulligan@redhat.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
John Mulligan [Sun, 24 Apr 2022 14:18:42 +0000 (10:18 -0400)]
lib/smbconf: add set_parameter method to SMBConf
Add a set_parameter method wrapping smbconf_set_parameter.
Signed-off-by: John Mulligan <jmulligan@redhat.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
John Mulligan [Sun, 24 Apr 2022 12:17:53 +0000 (08:17 -0400)]
lib/smbconf: add drop method to SMBConf
Add a drop method wrapping smbconf_drop.
Signed-off-by: John Mulligan <jmulligan@redhat.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
John Mulligan [Sun, 24 Apr 2022 12:10:36 +0000 (08:10 -0400)]
lib/smbconf: add create_share method to SMBConf
Add a create_share method wrapping smbconf_create_share.
Signed-off-by: John Mulligan <jmulligan@redhat.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
John Mulligan [Sat, 23 Apr 2022 18:42:44 +0000 (14:42 -0400)]
python/samba/tests: add test cases for s3/registry init funcs
A previous change added smbconf initialization functions that allow
access to the registry back-end. Add some simple tests cases that
exercise these new functions.
Signed-off-by: John Mulligan <jmulligan@redhat.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
John Mulligan [Sat, 23 Apr 2022 18:38:42 +0000 (14:38 -0400)]
source3/lib/smbconf: add python bindings for init functions
Add functions that allow python to access the registry back-end
initialization function as well as the "general" init function
that parses the back-end out of given string "path".
With the registry back-end it will be possible to implement and
test read-write functions of smbconf API in the future.
Signed-off-by: John Mulligan <jmulligan@redhat.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
John Mulligan [Sat, 23 Apr 2022 18:19:59 +0000 (14:19 -0400)]
lib/smbconf: add a python function for raising smbconf exceptions
The previous implementation in C was private to the module. Add
a small python wrapper function so that a different python module
may reuse the implementation.
The python level function is prefixed with "_" to mark it as
"private". Only future cooperating modules in the samba sources
should make use of it.
The function is shared at the python level as per the recommendation:
https://stackoverflow.com/a/
2136670
Signed-off-by: John Mulligan <jmulligan@redhat.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
John Mulligan [Sat, 23 Apr 2022 18:17:48 +0000 (14:17 -0400)]
lib/smbconf: move python smbconf type definition to header
Moving the definition of the type to a header file will allow
future reuse of the C-type fields in a different C-API python
module.
Signed-off-by: John Mulligan <jmulligan@redhat.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
John Mulligan [Thu, 5 May 2022 14:05:49 +0000 (10:05 -0400)]
s3/lib/smbconf: add talloc_stackframe to smbconf_init_reg
Previously, if this function was called without an existing stackframe
then uses of talloc_tos in source3/registry trigger a panic. Since we
intend to add patches that allow access to this call with Python
bindings, that will not typically have a talloc_stackframe already, we
add a talloc_stackframe call around the call to
smbconf_init_reg_internal. This hides the use of talloc_tos in the
registry code from higher level code that needs to call smbconf.
Signed-off-by: John Mulligan <jmulligan@redhat.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
John Mulligan [Wed, 4 May 2022 14:57:49 +0000 (10:57 -0400)]
s3/lib/smbconf: replace uses of talloc_tos with talloc_stackframe
There are two calls to talloc_tos in the smbconf registry code.
In order not to make callers of this library have to "know" what
calls need an existing talloc stackframe, convert these uses
to match other functions in the same file that already use
talloc_stackframe.
Signed-off-by: John Mulligan <jmulligan@redhat.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Douglas Bagnall [Thu, 5 May 2022 04:21:45 +0000 (16:21 +1200)]
python/gp_cert_auto_enroll: removed unused imports
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: David Mulder <dmulder@suse.com>
Autobuild-User(master): David Mulder <dmulder@samba.org>
Autobuild-Date(master): Thu May 5 14:39:50 UTC 2022 on sn-devel-184
Douglas Bagnall [Thu, 5 May 2022 04:35:18 +0000 (16:35 +1200)]
py/gp_cert_auto_enroll_ext: avoid redundant iteration
self.__read_cep_data() does a 'for end_point_group in end_point_information:',
and we don't need to do it outside
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: David Mulder <dmulder@suse.com>
Douglas Bagnall [Thu, 5 May 2022 04:33:34 +0000 (16:33 +1200)]
py/gp_cert_auto_enroll_ext: avoid shadowing loop variable
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: David Mulder <dmulder@suse.com>
Andreas Schneider [Fri, 22 Apr 2022 13:34:09 +0000 (15:34 +0200)]
s3:tests: Reformat test_forceuser_validusers.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu May 5 11:53:51 UTC 2022 on sn-devel-184
Andreas Schneider [Fri, 22 Apr 2022 13:34:09 +0000 (15:34 +0200)]
s3:tests: Reformat test_force_user_unlink.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Fri, 22 Apr 2022 13:34:09 +0000 (15:34 +0200)]
s3:tests: Reformat test_force_group_change.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Fri, 22 Apr 2022 13:34:09 +0000 (15:34 +0200)]
s3:tests: Reformat test_force_create_mode.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Fri, 22 Apr 2022 13:34:08 +0000 (15:34 +0200)]
s3:tests: Reformat test_force_close_share.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Fri, 22 Apr 2022 13:34:08 +0000 (15:34 +0200)]
s3:tests: Reformat test_fifo.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Fri, 22 Apr 2022 13:34:08 +0000 (15:34 +0200)]
s3:tests: Reformat test_failure.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Fri, 22 Apr 2022 13:34:08 +0000 (15:34 +0200)]
s3:tests: Reformat test_durable_handle_reconnect.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu May 5 03:42:13 UTC 2022 on sn-devel-184
Andreas Schneider [Fri, 22 Apr 2022 13:34:08 +0000 (15:34 +0200)]
s3:tests: Reformat test_dropbox.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Fri, 22 Apr 2022 13:34:08 +0000 (15:34 +0200)]
s3:tests: Reformat test_dfree_quota.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Fri, 22 Apr 2022 13:34:08 +0000 (15:34 +0200)]
s3:tests: Reformat test_dfree_command.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Fri, 22 Apr 2022 13:34:08 +0000 (15:34 +0200)]
s3:tests: Reformat test_delete_veto_files_only_rmdir.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Thu, 31 Mar 2022 08:22:08 +0000 (21:22 +1300)]
dsdb: Do not reuse "ret" variable as return code and for memcmp() comparison
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu May 5 01:19:54 UTC 2022 on sn-devel-184
Joseph Sutton [Mon, 11 Apr 2022 03:43:00 +0000 (15:43 +1200)]
tests/krb5: Allow passing expected etypes to get_keys()
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 11 Apr 2022 04:43:42 +0000 (16:43 +1200)]
tests/passwords: Add tests for password history with simple binds
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 11 Apr 2022 04:37:10 +0000 (16:37 +1200)]
tests/passwords: Remove unused imports
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Thu, 31 Mar 2022 08:16:03 +0000 (21:16 +1300)]
selftest: Run some tests in the ad_dc_no_ntlm environment to show expected behaviour
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Andrew Bartlett [Thu, 31 Mar 2022 09:45:40 +0000 (22:45 +1300)]
selftest: Rework password_lockout_base.py to allow logon_basics test to be run in ad_dc_no_ntlm
We need to ensure that even if NTLM is disabled, that the test
can still bootstrap and fail normally.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Joseph Sutton [Sun, 10 Apr 2022 23:50:53 +0000 (11:50 +1200)]
samba-tool user: Consistently return a tuple
We would get an error when get_userPassword_hash() returned None, as
get_virtual_crypt_value() would try to unpack the result as a 2-element
tuple.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Sun, 10 Apr 2022 23:50:25 +0000 (11:50 +1200)]
samba-tool user: Remove unused imports
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 11 Apr 2022 01:15:23 +0000 (13:15 +1200)]
samba-tool tests: Remove unused variable
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Thu, 31 Mar 2022 23:06:45 +0000 (12:06 +1300)]
dsdb: Clarify that most errors in make_error_and_update_badPwdCount() are not returned
This is mainly just to be clear, and was done while failing to work around compiler
warnings.
For the curious it was gcc version 4.8.5
20150623 (Red Hat 4.8.5-44) (CentOS 7)
build with -O3, which gave with other, later patches:
../../source4/dsdb/samdb/ldb_modules/password_hash.c: In function ‘check_password_restrictions_and_log’:
../../source4/dsdb/samdb/ldb_modules/password_hash.c:3231:5: error: assuming signed overflow does not occur when simplifying conditional to constant [-Werror=strict-overflow]
if (ret == LDB_SUCCESS) {
^
Regardless, we make it clear that all values assigned to "ret" are
local small constants.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
David Mulder [Tue, 12 Apr 2022 18:50:25 +0000 (12:50 -0600)]
gpo: Add Cert Auto Enroll Advanced Config
Advanced configuration for Certifcate Auto
Enrollment is stored on the sysvol, and needs
to be parsed/used when provided.
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue May 3 21:48:57 UTC 2022 on sn-devel-184
David Mulder [Tue, 12 Apr 2022 18:27:41 +0000 (12:27 -0600)]
gpo: Test Cert Auto Enroll Advanced Config
Adds advanced configuration to the testing of
certificate auto enrollment. Currently fails.
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Mulder [Tue, 12 Apr 2022 16:29:39 +0000 (10:29 -0600)]
gpo: Generalize Cert Auto Enroll CA data
This will simplify fetching CAs from the
Registry.pol in a follow up commit.
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Mulder [Tue, 12 Apr 2022 16:25:51 +0000 (10:25 -0600)]
gpo: Fix crash in Cert Auth Enroll RSOP
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Mulder [Mon, 11 Apr 2022 20:26:50 +0000 (14:26 -0600)]
gpo: Certificate Auto Enroll correctly check templates
[MS-CAESO] 4.4.5.3.2.4 and 4.4.5.3.2.4.2 explain
to fetch templates via cep, then to gather attrs
for the templates after. This code was reversed.
This will matter when implementing advanced
endpoint configuration.
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Mulder [Fri, 8 Apr 2022 19:42:55 +0000 (13:42 -0600)]
gpo: Correct CA Initilization to obey [MS-CAESO]
fetch_certification_authorities() did not
correctly obey the [MS-CAESO] spec.
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Martin Schwenke [Mon, 28 Feb 2022 04:44:59 +0000 (15:44 +1100)]
ctdb-tests: Add backtrace on abort to some tests
These are easier to debug with a backtrace.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Tue May 3 10:13:23 UTC 2022 on sn-devel-184
Martin Schwenke [Wed, 5 Jan 2022 02:45:33 +0000 (13:45 +1100)]
ctdb-tests: Provide a method to dump the stack on abort
Some tests make generous use of assert() and it can be difficult to
guess the cause of failures without resorting to GDB. This provides
some help.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Mon, 2 May 2022 04:25:42 +0000 (14:25 +1000)]
build: Add missing ctdb-client dependencies
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Sun, 6 Feb 2022 22:37:14 +0000 (09:37 +1100)]
ctdb-build: Drop unnecessary uses of include/ sub-directory
None of these include any files from the include/ sub-directory.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Mon, 28 Feb 2022 04:44:04 +0000 (15:44 +1100)]
ctdb-tests: Use test_case() to help document test cases
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Fri, 21 Jan 2022 01:14:05 +0000 (12:14 +1100)]
ctdb-locking: Don't pass NULL to tevent_req_is_unix_error()
If there is an error then this pointer is unconditionally
dereferenced.
However, the only possible error appears to be ENOMEM, where a crash
caused by dereferencing a NULL pointer isn't a terrible outcome. In
the absence of a security issue this is probably not worth
backporting.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Fri, 21 Jan 2022 01:09:45 +0000 (12:09 +1100)]
ctdb-mutex: Don't pass NULL to tevent_req_is_unix_error()
If there is an error then this pointer is unconditionally
dereferenced.
However, the only possible error appears to be ENOMEM, where a crash
caused by dereferencing a NULL pointer isn't a terrible outcome. In
the absence of a security issue this is probably not worth
backporting.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Andreas Schneider [Fri, 22 Apr 2022 13:34:08 +0000 (15:34 +0200)]
s3:tests: Reformat test_deadtime.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue May 3 00:10:53 UTC 2022 on sn-devel-184
Andreas Schneider [Fri, 22 Apr 2022 13:34:08 +0000 (15:34 +0200)]
s3:tests: Reformat test_close_denied_share.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Fri, 22 Apr 2022 13:34:08 +0000 (15:34 +0200)]
s3:tests: Reformat test_chdir_cache.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Fri, 22 Apr 2022 13:34:08 +0000 (15:34 +0200)]
s3:tests: Reformat test_async_req.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Fri, 22 Apr 2022 13:34:08 +0000 (15:34 +0200)]
s3:tests: Reformat test_aio_outstanding.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Fri, 22 Apr 2022 13:34:08 +0000 (15:34 +0200)]
s3:tests: Reformat test_acl_xattr.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Fri, 22 Apr 2022 13:34:08 +0000 (15:34 +0200)]
s3:tests: Reformat printing_var_exp_lpr_cmd.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Fri, 22 Apr 2022 13:34:08 +0000 (15:34 +0200)]
s3:tests: Reformat dlopen.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Tue, 12 Apr 2022 00:23:54 +0000 (12:23 +1200)]
docs: Explain the impact of "ntlm auth = disabled" on simple bind forwarding
An RODC will forward an LDAP Simple bind, just like any other authentication,
when the password is not present locally.
If the full DC does not support NTLMv2 authentication this forwarded password
will be rejected. A future Samba version should prefer Kerberos or send the
plaintext, but we can not change the MS Windows behaviour, so we document this.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Tue, 26 Apr 2022 08:38:15 +0000 (10:38 +0200)]
libcli/smb: allow SMB2 Negotiate responses with security_offset = 0 and security_length = 0
This fixes connections against the Azure SMB3 server.
It's not possible to demonstrate the bug with a test and a knownfail
entry, because it fails to even startup the test environments,
but the following change to our server demonstrates the problem
and shows the fix works:
diff --git a/source3/smbd/smb2_negprot.c b/source3/smbd/smb2_negprot.c
index
da567951c0bf..
25fdaea2df7b 100644
--- a/source3/smbd/smb2_negprot.c
+++ b/source3/smbd/smb2_negprot.c
@@ -711,6 +711,8 @@ NTSTATUS smbd_smb2_request_process_negprot(struct smbd_smb2_request *req)
}
}
+ security_buffer = data_blob_null;
+
if (out_negotiate_context_blob.length != 0) {
static const uint8_t zeros[8];
size_t pad = 0;
@@ -759,6 +761,8 @@ NTSTATUS smbd_smb2_request_process_negprot(struct smbd_smb2_request *req)
return smbd_smb2_request_error(req, NT_STATUS_NO_MEMORY);
}
+ security_offset = 0;
+
SSVAL(outbody.data, 0x00, 0x40 + 1); /* struct size */
SSVAL(outbody.data, 0x02,
security_mode); /* security mode */
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15050
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon May 2 20:13:10 UTC 2022 on sn-devel-184
Stefan Metzmacher [Thu, 28 Apr 2022 14:08:42 +0000 (16:08 +0200)]
lib/util: data_blob_append() should not fail if both parts have length=0
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15050
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Thu, 28 Apr 2022 14:08:28 +0000 (16:08 +0200)]
lib/util: add tests for data_blob_append() with the resulting blob length=0
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15050
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Joseph Sutton [Tue, 15 Feb 2022 23:10:19 +0000 (12:10 +1300)]
s4/dsdb/repl_meta_data: Receive function arguments in correct order
The incorrect ordering was introduced in commit
b9c5417b523c4c53cb275c12ec84bbc849705bec.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15007
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
Joseph Sutton [Mon, 28 Mar 2022 21:03:55 +0000 (10:03 +1300)]
rpc_server/lsa: Match Windows security descriptor
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Mon, 2 May 2022 14:29:49 +0000 (16:29 +0200)]
smbd: optimize and streamline smbd_smb2_close()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Fri, 1 Apr 2022 10:19:34 +0000 (12:19 +0200)]
smbd: pass fsp as pointer-pointer to smbd_smb2_close()
Prepares for NULLing state->in_fsp in the next commit.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Fri, 29 Apr 2022 16:55:31 +0000 (18:55 +0200)]
smbd: add fstat_before_close fsp flag and logic
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Samuel Cabrero [Fri, 25 Feb 2022 13:26:07 +0000 (14:26 +0100)]
s3:winbind: Remove unused functions
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Apr 30 01:07:12 UTC 2022 on sn-devel-184
Samuel Cabrero [Fri, 25 Feb 2022 13:53:16 +0000 (14:53 +0100)]
examples: Update winbind.stp and generate script
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Samuel Cabrero [Fri, 25 Feb 2022 10:32:14 +0000 (11:32 +0100)]
s3:winbind: Convert PAM_AUTH_CRAP from struct based to NDR based
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Samuel Cabrero [Thu, 24 Feb 2022 17:02:42 +0000 (18:02 +0100)]
s3:winbind: Refactor winbindd_pam_auth_crap_{send,recv}
The winbindd_dual_pam_auth_crap() will be converted to a local RPC call
handler and the winbindd_response won't be filled by the child process
but in the parent's winbindd_pam_auth_crap_recv() function.
Move all code filling the winbindd_response struct to a common place,
winbindd_pam_auth_crap_recv().
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Samuel Cabrero [Fri, 18 Feb 2022 14:29:13 +0000 (15:29 +0100)]
s3:winbind: Refactor winbindd_pam_auth_crap_{send,recv}
Move the code filling the winbindd_response to a common place,
winbindd_pam_auth_crap_recv().
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Samuel Cabrero [Fri, 25 Feb 2022 11:11:36 +0000 (12:11 +0100)]
s3:winbind: Use temp memory context in winbindd_pam_auth_pac_verify()
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Samuel Cabrero [Fri, 25 Feb 2022 12:36:31 +0000 (13:36 +0100)]
s3:rpc_client: Fix memory allocation hierarchy
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Samuel Cabrero [Thu, 24 Feb 2022 16:48:27 +0000 (17:48 +0100)]
s3:winbind: Move big NTLMv2 blob checks to parent process
The winbindd_dual_pam_auth_crap() function will be converted to a local
RPC call handler and it won't receive a winbindd_cli_state struct. Move
the checks accessing this struct to the parent.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Samuel Cabrero [Mon, 18 Apr 2022 14:44:23 +0000 (16:44 +0200)]
s3:winbind: Use uint8_t for authoritative flag
It is the type used in the winbindd_response struct.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Samuel Cabrero [Tue, 15 Jun 2021 12:18:22 +0000 (14:18 +0200)]
s3:winbind: Remove unnecessary jump to label
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Samuel Cabrero [Tue, 15 Jun 2021 12:16:25 +0000 (14:16 +0200)]
s3:winbind: Remove unnecesary condition to reduce indentation level
Best viewed with git show --ignore-space-change.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Samuel Cabrero [Tue, 15 Jun 2021 12:06:27 +0000 (14:06 +0200)]
s3:winbind: Pass the challenge to winbind_dual_SamLogon() as a data blob
Next commits will covert the winbindd_dual_pam_auth_crap() function to a
local RPC call handler receiving the challenge as a DATA_BLOB in the 'r'
struct.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Jeremy Allison [Wed, 27 Apr 2022 21:08:13 +0000 (14:08 -0700)]
s3: smbd: Allow a durable handle on a leased stat-open.
Remove knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15042
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Apr 29 15:50:21 UTC 2022 on sn-devel-184
Jeremy Allison [Wed, 27 Apr 2022 19:50:59 +0000 (12:50 -0700)]
s4: torture: Add a new test - samba3.smb2.durable-open.stat-open.
Passes against Windows. Shows that Windows allows a durable handle
on a leased open for READ_ATTRUBUTES only (a stat open).
Mark as knownfail for now.
NB. Not sure why we are testing smb2.durable-open against ad_dc
as that provisioning has "smb2 leases = no" which precludes
granting durable handles. Not changing for this bug but this
should be looked at in future.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15042
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Tue, 12 Apr 2022 15:04:53 +0000 (15:04 +0000)]
script/autobuild.py: allow to run from within git rebase -i
The 'git clone' used by autobuild.py fails if
GIT_DIR and GIT_WORK_TREE are already defined in the
environment.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Apr 28 15:23:24 UTC 2022 on sn-devel-184
Volker Lendecke [Fri, 8 Apr 2022 11:27:39 +0000 (13:27 +0200)]
smbd: Use filename_convert_dirfsp() in smbd_smb2_create_send()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Apr 28 14:02:53 UTC 2022 on sn-devel-184
Volker Lendecke [Fri, 8 Apr 2022 11:27:20 +0000 (13:27 +0200)]
smbd: Use filename_convert_dirfsp() in reply_ntcreate_and_X()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Wed, 8 Dec 2021 06:08:10 +0000 (07:08 +0100)]
smbd: Add filename_convert_dirfsp()
As part of the filename_convert() process, keep a pathref dirfsp of
the containing directory for later use. This avoids having to do
another non_widelink_open() on every SMB2_CREATE and ntcreate&x in
later patches.
Future work will be to go through other filename_convert() calls and
make them use filename_convert_dirfsp(). If we manage to convert all
of them except the one in filename_convert_dirfsp() itself, we can
simplify filename_convert() and unix_convert() significantly.
Too large a patch, but I don't know how to split this up into smaller
logic pieces.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>