Stefan Metzmacher [Thu, 19 Dec 2019 14:34:36 +0000 (15:34 +0100)]
auth/kerberos: add auth4_context_{for,get}_PAC_DATA_CTR() helpers
This adds a generic way to get to the raw (verified) PAC
and will be used in multiple places in future.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Martin Schwenke [Tue, 7 Jan 2020 05:30:23 +0000 (16:30 +1100)]
ctdb-tests: Add some tool unit tests to ensure that timeouts work
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Mon Feb 10 05:34:08 UTC 2020 on sn-devel-184
Martin Schwenke [Tue, 7 Jan 2020 05:26:42 +0000 (16:26 +1100)]
ctdb-tools: Allow shorter runtime limit to be specified
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Fri, 7 Feb 2020 05:11:23 +0000 (16:11 +1100)]
ctdb-tools: When in test mode set process group in top-level ctdb tool
If ctdbd hangs when shutting down in post-test clean-up then killing
the process group can kill the test. When in test mode, create a
process group but only in the top-level ctdb tool - the natgw and lvs
helpers also run the ctdb tool.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Wed, 5 Feb 2020 01:09:51 +0000 (12:09 +1100)]
ctdb-tests: Use $PWD/bin/ if it exists when running in-tree
When running tests from a top-level build, a stale build in ctdb/bin/
will be preferred and may cause confusing results.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Wed, 5 Feb 2020 01:07:55 +0000 (12:07 +1100)]
ctdb-tests: Make $ctdb_dir absolute
This is used to set several variables so it might as well be cd-proof.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Wed, 29 Jan 2020 05:28:46 +0000 (16:28 +1100)]
ctdb-daemon: Fork when not interactive and test mode is enabled
There is no sane way of keeping stdin open when using the shell to
background ctdbd in local_daemons.sh. Instead, have ctdbd fork when
not interactive and when test mode is enabled. become_daemon() can't
be used for this: if it forks then it also closes stdin.
For the interactive case, become_daemon() wasn't doing anything
special, so do nothing instead.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Wed, 29 Jan 2020 05:26:03 +0000 (16:26 +1100)]
ctdb-daemon: Make some conditions more explicit
These don't need to depend on do_fork. Child logging should be set up
whenever the daemon is not interactive. The stdin handler should be
setup whenever test mode is enabled.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Wed, 29 Jan 2020 05:08:56 +0000 (16:08 +1100)]
ctdb-daemon: Pass more information to ctdb_start_daemon()
No functional changes.
This is staging for a change that makes ctdbd fork when test mode is
enabled but interactive is not set.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Thu, 30 Jan 2020 02:38:52 +0000 (13:38 +1100)]
ctdb-tests: Don't actually close stdin in fake ssh
A subsequent file descriptor allocation may return 0 and unexpected
things may then happen.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Thu, 30 Jan 2020 02:37:00 +0000 (13:37 +1100)]
ctdb-tests: Redirect stdin from /dev/null when running a test
Otherwise, if the test is run via ssh it will "unexpectedly" find
itself at the other end of a pipe.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Wed, 29 Jan 2020 03:30:25 +0000 (14:30 +1100)]
Revert "ctdb-tests: Enable job control when keeping stdin open"
This doesn't work when stdin is not a tty.
This reverts commit
ea754bfdec9d537c500036d4d521bd41d34c0835.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Volker Lendecke [Wed, 5 Feb 2020 13:43:43 +0000 (15:43 +0200)]
smbd: Remove overriding file_attributes with unix_mode in the VFS
Internally to open.c this is still used, but that can go away next.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Feb 7 22:27:48 UTC 2020 on sn-devel-184
Volker Lendecke [Tue, 4 Feb 2020 14:46:09 +0000 (16:46 +0200)]
smbd: Allow a Posix create context to override the unix mode
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 4 Feb 2020 12:58:02 +0000 (14:58 +0200)]
smbd: Add posix create ctx to CREATE_FILE for posix operations
This will replace overloading file attributes
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 5 Feb 2020 13:25:12 +0000 (15:25 +0200)]
smbd: Add a "done:" exit for get_posix_fsp()
We'll have another exit with the next commit
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 4 Feb 2020 13:28:16 +0000 (15:28 +0200)]
smbd: Make unix_perms_from_wire() public
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 23 Jan 2020 20:14:44 +0000 (21:14 +0100)]
smbd: Add make_smb2_posix_create_ctx()
Will be used internally to pass an artificial posix create context
into VFS_CREATE_FILE from the SMB1 unix extension calls
Pair programmed with: Jeremy Allison <jra@samba.org>
Signed-off-by: Volker Lendecke <vl@samba.org>
Volker Lendecke [Tue, 4 Feb 2020 15:19:05 +0000 (17:19 +0200)]
smbd: Ignore incoming POSIX create context
We will use this internally and can only expose this once SMB3.11 unix
extensions are activated for the client.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 4 Feb 2020 15:18:41 +0000 (17:18 +0200)]
libsmb: Add smb2_create_blob_remove()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 4 Feb 2020 13:03:48 +0000 (15:03 +0200)]
libsmb: Allow passing in NULL to smb2_create_blob_find()
Will simplify callers a bit, and it does not change semantics
significantly. Zero create blobs won't find anything anyway.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 5 Feb 2020 04:56:05 +0000 (05:56 +0100)]
libsmb: Add posix create context definition
Pair programmed with: Jeremy Allison <jra@samba.org>
Signed-off-by: Volker Lendecke <vl@samba.org>
Volker Lendecke [Wed, 5 Feb 2020 15:01:52 +0000 (17:01 +0200)]
libsmb: Add required #includes to smb_util.h
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 5 Feb 2020 05:08:15 +0000 (06:08 +0100)]
libsmb: Add required includes to smb2_create_blob.h
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 5 Feb 2020 15:00:48 +0000 (17:00 +0200)]
libsmb: Remove "const" from smb_create_blob->tag
I want to TALLOC_FREE that soon, and we do a talloc_strdup into this anyway.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Jeremy Allison [Thu, 6 Feb 2020 21:36:41 +0000 (13:36 -0800)]
s3: lib: Now remote_machine is static, we can depend on it being non-NULL.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Feb 7 18:26:15 UTC 2020 on sn-devel-184
Andreas Schneider [Thu, 6 Feb 2020 12:31:52 +0000 (13:31 +0100)]
s3:lib: Remove unneded call to set_local_machine_name()
We return the netbios name by default if not set.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Thu, 6 Feb 2020 12:22:33 +0000 (13:22 +0100)]
s3:lib: Use a static buffer for (local|remote)_machine
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Thu, 6 Feb 2020 14:36:35 +0000 (15:36 +0100)]
libcli:smb: Don't use forward declartions for GnuTLS typedefs
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14271
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Feb 7 13:48:27 UTC 2020 on sn-devel-184
Douglas Bagnall [Thu, 6 Feb 2020 22:27:32 +0000 (11:27 +1300)]
samba-tool gpo: tighter matching for ini names
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Fri Feb 7 12:03:34 UTC 2020 on sn-devel-184
Douglas Bagnall [Thu, 6 Feb 2020 22:25:27 +0000 (11:25 +1300)]
python: use raw string for regex with escape
Python regards 'GPT\.INI$' as a string containing an invalid escape
sequence '\.', which is ignored (i.e. treated as the literal sequence
of those 2 characters), but only after Python has grumbled to itself,
and to you if you enabled DeprecationWarnings.
The proper thing to do here is use r-strings, like r'GPT\.INI$', which
tell Python that all backslashes are literal. Alternatively (as we do
once in this patch), the backslash can itself be escaped ('\\').
There are more problems of this nature in the build scripts.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
Douglas Bagnall [Thu, 6 Feb 2020 22:02:38 +0000 (11:02 +1300)]
pytests: heed assertEquals deprecation warning en-masse
TestCase.assertEquals() is an alias for TestCase.assertEqual() and
has been deprecated since Python 2.7.
When we run our tests with in python developer mode (`PYTHONDEVMODE=1
make test`) we get 580 DeprecationWarnings about this.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
Douglas Bagnall [Sun, 19 Jan 2020 02:08:58 +0000 (15:08 +1300)]
nmblib: avoid undefined behaviour in handle_name_ptrs()
If *offset is length - 1, we would read ubuf[(*offset)+1] as the lower
bits of the new *offset. This value is undefined, but because it is
checked against the valid range, there is no way to read further
beyond that one byte.
Credit to oss-fuzz.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14242
OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20193
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Feb 7 10:19:39 UTC 2020 on sn-devel-184
Gary Lockyer [Wed, 22 Jan 2020 01:18:00 +0000 (14:18 +1300)]
librpc ndr: Change loop index to size_t
Change the loop index in ndr_check_padding to size_t.
Credit to OSS-Fuzz
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20083
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14236
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Thu, 6 Feb 2020 21:50:07 +0000 (10:50 +1300)]
libprc ndr tests: Fix ndrdump test ntlmssp_CHALLENGE_MESSAGE
Fix the expected data in fuzzed_ntlmssp-CHALLENGE_MESSAGE.txt, as it
contained source code line numbers.
Andrew this test needs to be altered to us a regular expression and
remove the dependency on source line numbers.
Credit to OSS-Fuzz
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20083
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14236
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Tue, 14 Jan 2020 23:37:06 +0000 (12:37 +1300)]
librpc ndr: ndr_pull_advance check for unsigned overflow.
Handle uint32 overflow in ndr_pull_advance
Credit to OSS-Fuzz
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20083
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14236
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Sun, 26 Jan 2020 21:06:55 +0000 (10:06 +1300)]
librpc ndr tests: Unsigned overflow in ndr_pull_advance
Check that uint32 overflow is handled correctly by ndr_pull_advance.
Credit to OSS-Fuzz
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20083
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14236
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Wed, 22 Jan 2020 01:16:02 +0000 (14:16 +1300)]
librpc ndr: NDR_PULL_ALIGN check for unsigned overflow
Handle uint32 overflow in NDR_PULL_ALIGN
Credit to OSS-Fuzz
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20083
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14236
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Fri, 24 Jan 2020 02:21:47 +0000 (15:21 +1300)]
librpc ndr tests: uint32 overflow in NDR_PULL_ALIGN
Check that uint32 overflow is handled correctly by NDR_NEED_BYTES.
Credit to OSS-Fuzz
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20083
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14236
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Thu, 23 Jan 2020 21:41:35 +0000 (10:41 +1300)]
librpc ndr: Heap-buffer-overflow in lzxpress_decompress
Reproducer for oss-fuzz Issue 20083
Project: samba
Fuzzing Engine: libFuzzer
Fuzz Target: fuzz_ndr_drsuapi_TYPE_OUT
Job Type: libfuzzer_asan_samba
Platform Id: linux
Crash Type: Heap-buffer-overflow READ 1
Crash Address: 0x6040000002fd
Crash State:
lzxpress_decompress
ndr_pull_compression_xpress_chunk
ndr_pull_compression_start
Sanitizer: address (ASAN)
Recommended Security Severity: Medium
Credit to OSS-Fuzz
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20083
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14236
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Thu, 30 Jan 2020 03:44:05 +0000 (16:44 +1300)]
selftest: Test behaviour of DNS scavenge with an existing dNSTombstoned value
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14258
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Feb 6 16:24:25 UTC 2020 on sn-devel-184
Andrew Bartlett [Thu, 30 Jan 2020 03:41:39 +0000 (16:41 +1300)]
dsdb: Correctly handle memory in objectclass_attrs
el->values is caller-provided memory that should be thought of as constant,
it should not be assumed to be a talloc context.
Otherwise, if the caller gives constant memory or a stack
pointer we will get an abort() in talloc when it expects
a talloc magic in the memory preceeding the el->values.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14258
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Mon, 3 Feb 2020 03:45:45 +0000 (16:45 +1300)]
source4/scripting/bin: Swap machine account password scripts
I regularly get requests for my simple script to print the
password from the secrets.tdb (or secrets.ldb on the AD DC).
This removes the old script that only reads the secrets.ldb.
Neither new nor old script has tests, however it seems
better to have it in the tree where it can be found rather
that me digging it out of my outbound e-mail.
Originally posted here:
https://lists.samba.org/archive/samba/2017-November/212362.html
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Mon, 27 Aug 2018 11:02:50 +0000 (13:02 +0200)]
smb2_server: use sendmsg/recvmsg instead of writev/readv
This avoids a few function calls inside the kernel
in order to reach sock_sendmsg() quicker:
entry_SYSCALL_64_after_hwframe
do_syscall_64
__x64_sys_writev
do_writev
vfs_writev
do_iter_write
do_iter_readv_writev
sock_write_iter
sock_sendmsg
entry_SYSCALL_64_after_hwframe
do_syscall_64
__x64_sys_sendmsg
__sys_sendmsg
___sys_sendmsg
sock_sendmsg
As a side effect it will be useful for SMB-Direct invalidation
messages via msg->msg_control and CMSG_*.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 14 Nov 2019 16:36:36 +0000 (17:36 +0100)]
selftest: create a pcap file for the environment setup
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Wed, 30 Oct 2019 20:53:39 +0000 (21:53 +0100)]
selftest: create pcap files for invidual env services
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Tue, 4 Feb 2020 16:03:17 +0000 (17:03 +0100)]
selftest: move {setup,cleanup}_pcap() to selftest/target/Samba.pm
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Mon, 18 Nov 2019 21:02:13 +0000 (22:02 +0100)]
selftest: force LC_ALL=en_US.utf8 LANG=en_US.utf8
That makes sure we have the same as on gitlab runners
(see bootstrap/config.py).
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Wed, 22 Jan 2020 15:14:21 +0000 (15:14 +0000)]
s3:rpclient: simplify rpc_tstream_next_vector()
We always now how many bytes our caller requires,
so there's no need to use tstream_pending_bytes().
This makes it possible to read socket_wrapper generated
captures again, as wireshark requires the fixed (16 bytes) DCERPC
header to be in one TCP packet.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Mon, 27 Jan 2020 15:45:44 +0000 (16:45 +0100)]
s4:torture: make rpc.handles.random-assoc test even more robust
This improves commit
bebee47e6386476e9948089484f89d213fcc2660 a bit
further.
I just got this:
connect samr pipe1
use assoc_group_id[0x00000001] for new connections
connect lsa pipe2
got assoc_group_id[0x00000001] for p2
samr_Connect to open a policy handle on samr p1
use policy handle on lsa p2 - should fail
closing policy handle on samr p1
connect samr pipe3 - should fail
Failed to bind to uuid
12345778-1234-abcd-ef00-
0123456789ac for ncacn_np:localdc[\pipe\samr,validate,assoc_group_id=0x00000001,abstract_syntax=
12345778-1234-abcd-ef00-
0123456789ac/0x00000001] NT_STATUS_UNSUCCESSFUL
connect lsa pipe4 - should fail
Failed to bind to uuid
12345778-1234-abcd-ef00-
0123456789ab for ncacn_np:localdc[\pipe\lsarpc,validate,assoc_group_id=0x00000001,abstract_syntax=
12345778-1234-abcd-ef00-
0123456789ab/0x00000000] NT_STATUS_UNSUCCESSFUL
connect samr pipe5 with assoc_group_id[0xFFFFFFFF]- should fail
Failed to bind to uuid
12345778-1234-abcd-ef00-
0123456789ac for ncacn_np:localdc[\pipe\samr,validate,assoc_group_id=0xffffffff,abstract_syntax=
12345778-1234-abcd-ef00-
0123456789ac/0x00000001] NT_STATUS_UNSUCCESSFUL
connect lsa pipe6 with assoc_group_id[0x00000000]- should fail
UNEXPECTED(failure): samba4.rpc.handles on ncacn_np with validate.mixed-shared(ad_dc_ntvfs)
REASON: Exception: Exception: ../../source4/torture/rpc/handles.c:500: status was NT_STATUS_OK, expected NT_STATUS_UNSUCCESSFUL: opening lsa pipe6
FAILED (1 failures, 0 errors and 0 unexpected successes in 0 testsuites)
A summary with detailed information can be found in:
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Ralph Boehme [Wed, 22 Jan 2020 09:52:39 +0000 (10:52 +0100)]
smbd: avoid double chdir() in chdir_current_service()
Since
8e81090789e4cc3ba9e5aa792d4e52971909c894 we're doing chdir() twice, first
into conn->connectpath, then into conn->origpath.
Before commit
8e81090789e4cc3ba9e5aa792d4e52971909c894 if
chdir(conn->connectpath) succeeded, we wouldn't do the second chdir().
While at it, simplify the logging logic: if chdir() fails in this core function,
just always log is as error including the unix token.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14256
RN: smbd does a chdir() twice per request
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Feb 6 11:44:07 UTC 2020 on sn-devel-184
Ralph Boehme [Sat, 18 Jan 2020 07:11:52 +0000 (08:11 +0100)]
s3/lib: RIP smb_user_name
This has been replaced in previous commits by consistently using
current_user_info.smb_name.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Ralph Boehme [Sat, 18 Jan 2020 07:09:22 +0000 (08:09 +0100)]
s3/auth: use set_current_user_info() in auth3_check_password_send()
This delays reloading config slightly, but I don't see how could affect
observable behaviour other then log messages coming from the functions in
between the different locations for lp_load_with_shares() like
make_user_info_map() are sent to a different logfile if "log file" uses %U.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Ralph Boehme [Sat, 18 Jan 2020 07:06:45 +0000 (08:06 +0100)]
s3/auth: use set_current_user_info() in auth3_generate_session_info_pac()
This delays reloading config slightly, but I don't see how could affect
observable behaviour other then log messages coming from the functions in
between the different locations for lp_load_with_shares() like
make_session_info_krb5() are sent to a different logfile if "log file" uses %U.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Ralph Boehme [Fri, 17 Jan 2020 20:56:27 +0000 (21:56 +0100)]
s3/rpc_server/netlogon: use set_current_user_info() in _netr_LogonSamLogon_base()
Note that we're now sanitizing the username we got from the client, as we do
everywhere else.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Ralph Boehme [Fri, 17 Jan 2020 20:55:35 +0000 (21:55 +0100)]
smbd: remove sub_set_smb_name()/reload_services()
This means switching auth backend based on %U include, ie
passdb backend = tdbsam
include = smb.conf.%U
and smb.conf.SOMEUSER contains
passdb backend = smbpasswd
won't work anymore.
We're still calling set_current_user_info() and reload_services() later on
in this function, so everything else still works as before.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Ralph Boehme [Fri, 17 Jan 2020 18:31:06 +0000 (19:31 +0100)]
s4/auth: use talloc_alpha_strcpy() in auth_session_info_fill_unix()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Ralph Boehme [Fri, 17 Jan 2020 18:30:36 +0000 (19:30 +0100)]
s3/rpc_server: use talloc_alpha_strcpy() in _winreg_InitiateSystemShutdownEx()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Ralph Boehme [Fri, 17 Jan 2020 18:30:18 +0000 (19:30 +0100)]
s3/lib: use talloc_alpha_strcpy() in sub_set_smb_name()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Ralph Boehme [Fri, 17 Jan 2020 18:30:01 +0000 (19:30 +0100)]
s3/lib: use talloc_alpha_strcpy() in set_remote_machine_name()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Ralph Boehme [Fri, 17 Jan 2020 18:28:54 +0000 (19:28 +0100)]
s3/lib: use talloc_alpha_strcpy() in set_local_machine_name()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Ralph Boehme [Fri, 17 Jan 2020 18:28:34 +0000 (19:28 +0100)]
s3:auth: use talloc_alpha_strcpy() in auth3_session_info_create()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Ralph Boehme [Fri, 17 Jan 2020 18:28:13 +0000 (19:28 +0100)]
s3/auth: use talloc_alpha_strcpy() in create_local_token()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Ralph Boehme [Fri, 17 Jan 2020 18:15:22 +0000 (19:15 +0100)]
lib/util: add talloc_alpha_strcpy()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Ralph Boehme [Fri, 17 Jan 2020 13:42:22 +0000 (14:42 +0100)]
smbd: setting current_user stuff here is redundant
This is already handled by set_sec_ctx() below, we just have to pass in the
values instead of setting it here in this function before calling set_sec_ctx().
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Andreas Schneider [Wed, 5 Feb 2020 15:58:26 +0000 (16:58 +0100)]
wafsamba: Do not use 'rU' as the 'U' is deprecated in Python 3.9
See https://docs.python.org/3.9/whatsnew/3.9.html#changes-in-the-python-api
"open(), io.open(), codecs.open() and fileinput.FileInput no longer accept 'U'
(“universal newline”) in the file mode. This flag was deprecated since Python
3.3. In Python 3, the “universal newline” is used by default when a file is
open in text mode. The newline parameter of open() controls how universal
newlines works."
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14266
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Feb 6 07:30:13 UTC 2020 on sn-devel-184
Stefan Metzmacher [Wed, 22 Jan 2020 17:00:07 +0000 (17:00 +0000)]
winbindd: handling missing idmap in getgrgid()
A similar hunk was added via commit
89f753c1fc824fef29aebb7d783ab7e09cd1f04e ("winbind: Use xids2sids in getpwuid"),
but it was missing in commit
e2dda192e7f8b65a5f02120be56cf0f07d03679f ("winbind: Use xids2sids in getgrgid")
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14265
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Feb 5 17:56:58 UTC 2020 on sn-devel-184
Stefan Metzmacher [Thu, 23 Jan 2020 15:21:43 +0000 (16:21 +0100)]
s3:auth_sam: map an empty domain or '.' to the local SAM name
When a domain member gets an empty domain name or '.', it should
not forward the authentication to domain controllers of
the primary domain.
But we need to keep passing UPN account names with
an empty domain to the DCs as a domain member.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14247
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Tue, 4 Feb 2020 10:32:05 +0000 (11:32 +0100)]
s3:selftest: test authentication with an empty userdomain and upn names
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14247
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 23 Jan 2020 15:21:43 +0000 (16:21 +0100)]
s3:auth_sam: introduce effective_domain helper variables
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14247
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 23 Jan 2020 15:17:30 +0000 (16:17 +0100)]
s3:auth_sam: make sure we never handle empty usernames
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14247
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 23 Jan 2020 15:13:59 +0000 (16:13 +0100)]
s3:auth_sam: unify the debug messages of all auth_sam*_auth() functions
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14247
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 23 Jan 2020 14:48:39 +0000 (15:48 +0100)]
s3:auth_sam: replace confusing FALL_THROUGH; with break;
There's no real logic change here, but is makes it easier to
understand.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14247
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Andrew Bartlett [Fri, 13 Dec 2019 17:59:45 +0000 (06:59 +1300)]
bootstrap: Remove un-used dependency python3-crypto
This became unused in
bbeef554f2c15e739f6095fcb57d9ef6646b411c
(except for repl_cleartext_pwd.py, a development script) and we now use
GnuTLS via a Samba wrapper.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14255
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Tue, 4 Feb 2020 15:16:48 +0000 (16:16 +0100)]
s4:param: make sure secrets_db_connect() no longer creates on empty secrets.ldb
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Feb 5 10:13:02 UTC 2020 on sn-devel-184
Stefan Metzmacher [Tue, 4 Feb 2020 15:15:53 +0000 (16:15 +0100)]
s4:param: make use of secrets_db_create() in provision_store_self_join()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Tue, 4 Feb 2020 15:14:55 +0000 (16:14 +0100)]
s4:param: add secrets_db_create() helper function
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 8 Aug 2013 16:11:23 +0000 (18:11 +0200)]
libcli/nbt: avoid talloc_reference() in nbt_name_*_send()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Tue, 4 Feb 2020 15:09:46 +0000 (16:09 +0100)]
s4:rpc_server/lsa: remove some useless talloc_reference() calls
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Andreas Schneider [Fri, 24 Jan 2020 15:34:42 +0000 (16:34 +0100)]
libcli:smb: Improve check for gnutls_aead_cipher_(en|de)cryptv2
This is available since version 3.6.10, but 3.6.10 has a bug which got fixed
in 3.6.11, see:
https://gitlab.com/gnutls/gnutls/-/merge_requests/1085
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14250
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Feb 4 06:44:00 UTC 2020 on sn-devel-184
Douglas Bagnall [Sat, 7 Dec 2019 10:22:45 +0000 (23:22 +1300)]
selftest: simplify logic in setup_env
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Sun, 2 Feb 2020 07:57:17 +0000 (20:57 +1300)]
selftest: avoid comparison against undefined value
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Sat, 7 Dec 2019 10:20:29 +0000 (23:20 +1300)]
selftest/target/samba: do not look for undef environment
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Sat, 7 Dec 2019 10:17:26 +0000 (23:17 +1300)]
selftest/target/samba: add missing methods
These methods are being called but have not been provided.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Sat, 7 Dec 2019 10:08:48 +0000 (23:08 +1300)]
selftest/s3: prefer empty string over undef to add nothing to config
To fix a warning.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Sat, 7 Dec 2019 10:05:03 +0000 (23:05 +1300)]
selftest/s3: actually close parent copy of smbd's STDIN
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Sat, 7 Dec 2019 09:56:00 +0000 (22:56 +1300)]
selftest/s4: remove illegal function signature
The character ':' has no meaning in function signatures. Perhaps ';' was
intended, which would have marked the later arguments as optional --
which is the default with no signature. All callers always provide all
the arguments anyway.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Sat, 7 Dec 2019 09:48:42 +0000 (22:48 +1300)]
selftest/s4: don't put pcap file in / by default
If the SOCKET_WRAPPER_PCAP_DIR is not defined, let's assume it wasn't
wanted rather than choosing /.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Sat, 7 Dec 2019 09:45:47 +0000 (22:45 +1300)]
selftest/s4: properly initialise an empty hash
The '%ret = {}' construction was bad because '{}' is a hash-ref, which
counts as a single scalar value, but a true hash like '%ret' must be
initialised with an even number of scalar values (usually in pairs, like
'($a => $b, $c => $d)').
I think this meant %ret was initialised as something harmless like
'(<HASH(0x55ce39781278)> => undef)'.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Sat, 7 Dec 2019 09:38:30 +0000 (22:38 +1300)]
selftest: avoid redeclaring perl variables
None of these ones are doing any harm, we just want to silence these
warnings.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Sat, 7 Dec 2019 10:15:00 +0000 (23:15 +1300)]
selftest/target/samba: avoid overwriting $pkinitdir
We were declaring the same variable twice with two different paths,
"$cadir/Users/$pkinitprincipalname" here and
"$ctx->{prefix_abs}/pkinit" about 5 lines down.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Sat, 7 Dec 2019 09:37:00 +0000 (22:37 +1300)]
selftest: enable perl warnings
After this we will see more noise with each test run, and these
warnings will be addressed in following commits.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Sun, 2 Feb 2020 20:51:12 +0000 (09:51 +1300)]
build: Do not check if system perl modules should be bundled
We do not ship any perl modules in third_party at this time, so
this check is pointless and breaks the build for --bundled-libraries=ALL.
As reported by aaptel on https://gitlab.com/samba-team/samba/-/merge_requests/1104#note_281050331
This changes our autobuild script to cover this case in the
samba-static job.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Ralph Wuerthner [Tue, 28 Jan 2020 14:42:03 +0000 (15:42 +0100)]
vfs_gpfs: Remove discard_const_p() from gpfswrap_quotactl() calls
Signed-off-by: Ralph Wuerthner <ralph.wuerthner@de.ibm.com>
Reviewed-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Christof Schmitt <cs@samba.org>
Autobuild-Date(master): Mon Feb 3 21:53:05 UTC 2020 on sn-devel-184
Ralph Wuerthner [Tue, 28 Jan 2020 14:40:46 +0000 (15:40 +0100)]
vfs_gpfs: Remove discard_const_p() from gpfs_putacl() calls
Signed-off-by: Ralph Wuerthner <ralph.wuerthner@de.ibm.com>
Reviewed-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Ralph Wuerthner [Tue, 28 Jan 2020 14:33:47 +0000 (15:33 +0100)]
vfs_gpfs: Remove discard_const_p() from gpfswrap_quotactl() calls
Signed-off-by: Ralph Wuerthner <ralph.wuerthner@de.ibm.com>
Reviewed-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Ralph Wuerthner [Tue, 28 Jan 2020 13:50:19 +0000 (14:50 +0100)]
gpfswrap: Make pathname "const char *" in gpfswrap_quotactl()
Update wrapper function to match the definition in gpfs.h.
Signed-off-by: Ralph Wuerthner <ralph.wuerthner@de.ibm.com>
Reviewed-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Ralph Wuerthner [Tue, 28 Jan 2020 13:46:43 +0000 (14:46 +0100)]
gpfswrap: Make pathname "const char *" in gpfswrap_get_winattrs_path()
Update wrapper function to match the definition in gpfs.h.
Signed-off-by: Ralph Wuerthner <ralph.wuerthner@de.ibm.com>
Reviewed-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Ralph Wuerthner [Tue, 28 Jan 2020 13:44:24 +0000 (14:44 +0100)]
gpfswrap: Make pathname "const char *" in gpfswrap_set_winattrs_path()
Update wrapper function to match the definition in gpfs.h.
Signed-off-by: Ralph Wuerthner <ralph.wuerthner@de.ibm.com>
Reviewed-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Ralph Wuerthner [Tue, 28 Jan 2020 13:42:01 +0000 (14:42 +0100)]
gpfswrap: Make pathname "const char *" in gpfswrap_get_realfilename_path()
Update wrapper function to match the definition in gpfs.h.
Signed-off-by: Ralph Wuerthner <ralph.wuerthner@de.ibm.com>
Reviewed-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>