Stefan Metzmacher [Wed, 15 Sep 2021 15:25:53 +0000 (17:25 +0200)]
smb2_server: decouple IOCTL check from signing/encryption states
There's no reason to handle FSCTL_SMBTORTURE_FORCE_UNACKED_TIMEOUT
differently if signing/encryption is used.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14788
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Wed, 15 Sep 2021 15:22:39 +0000 (17:22 +0200)]
smb2_server: make sure in_ctl_code = IVAL(body, 0x04); reads valid bytes
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14788
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Wed, 15 Sep 2021 16:31:06 +0000 (18:31 +0200)]
s4:torture/smb2: add smb2.ioctl.bug14788.VALIDATE_NEGOTIATE
Demonstrate that smbd fails FSCTL_VALIDATE_NEGOTIATE_INFO
only because the user doesn't have permissions on the share root.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14788
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Thu, 16 Sep 2021 08:51:43 +0000 (10:51 +0200)]
libcli/smb: split out smb2cli_raw_tcon* from smb2cli_tcon*
This will be used in tests in order to separate the tcon from
validate_negotiate_info.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14788
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Andrew Bartlett [Thu, 20 Dec 2018 03:24:28 +0000 (16:24 +1300)]
heimdal_build: Remove memset_s from roken, already in libreplace
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Nov 30 19:18:59 UTC 2021 on sn-devel-184
Gary Lockyer [Thu, 28 Sep 2017 21:22:20 +0000 (10:22 +1300)]
heimdal_build: Use HAVE___ATTRIBUTE__ for unused, noreturn and unused_result
[abartlet@samba.org Squashed with TODO commit from Gary that provided
HEIMDAL_UNUSED_ATTRIBUTE etc]
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Tue, 23 Nov 2021 22:49:37 +0000 (11:49 +1300)]
heimdal_build: Do not list hx509 files twice
This makes maintaining the file lists easier.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Wed, 7 Jul 2021 03:23:17 +0000 (15:23 +1200)]
Allow overflow in lib/hx509.c and lib/gssapi/mech/gss_inquire_cred.c
This is in preperation for the Heimdal upgrade (which otherwise
can be compiled with stricter flags).
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Tue, 6 Jul 2021 00:26:17 +0000 (12:26 +1200)]
heimdal_build: Allow errors integer overflow errors in gen.c (only)
This is in preperation for the Heimdal upgrade.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Tue, 30 Nov 2021 16:03:06 +0000 (17:03 +0100)]
heimdal_build: consistently pass extra_cflags=cflags to HEIMDAL_CFLAGS()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 27 Aug 2021 11:06:00 +0000 (13:06 +0200)]
s4:samba: split out a samba_service_init() helper function
The loading function should be in the same SAMBA_LIBRARY()
as the modules.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Nov 30 16:44:57 UTC 2021 on sn-devel-184
Stefan Metzmacher [Fri, 27 Aug 2021 11:10:41 +0000 (13:10 +0200)]
vfs_not_implemented: mark all functions with _PUBLIC_
These functions are used directly by other modules.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Mon, 23 Aug 2021 12:56:15 +0000 (12:56 +0000)]
script/autobuild.py: make sure nss, pam and krb5 plugins don't provide unexpected symbols
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14780
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Mon, 23 Aug 2021 12:56:15 +0000 (12:56 +0000)]
script/autobuild.py: make sure nss and pam plugins don't link any samba libraries
Note that we exclude libtalloc.so.2 in pam_winbind.so as that simulates
a system libtalloc.so.2.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14780
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 1 Jul 2021 10:08:16 +0000 (12:08 +0200)]
nsswitch: reduce dependecies to private libraries and link static/builtin if possible
Over the last month I got more and more reports,
that it's not possible to use a custom Samba version
on systems with sssd being installed, which depends on some
specific samba libraries installed in the system.
One major problem is that the custom libnss_winbind.so.2
depends on the libreplace-samba4.so of the custom build
and also injects an RPATH into the running process.
When sssd uses any nss library call it will get this,
when it then tries to load some of its plugins via dlopen(),
e.g.
ldd /usr/lib64/sssd/libsss_ad.so| grep samba
libsamba-util.so.0 => /lib64/libsamba-util.so.0
libreplace-samba4.so => /usr/lib64/samba/libreplace-samba4.so
libsamba-security-samba4.so => /usr/lib64/samba/libsamba-security-samba4.so
libsamba-errors.so.1 => /lib64/libsamba-errors.so.1
libsamba-debug-samba4.so => /usr/lib64/samba/libsamba-debug-samba4.so
libgenrand-samba4.so => /usr/lib64/samba/libgenrand-samba4.so
libsocket-blocking-samba4.so => /usr/lib64/samba/libsocket-blocking-samba4.so
libtime-basic-samba4.so => /usr/lib64/samba/libtime-basic-samba4.so
libsys-rw-samba4.so => /usr/lib64/samba/libsys-rw-samba4.so
libiov-buf-samba4.so => /usr/lib64/samba/libiov-buf-samba4.so
When that loads dlopen() will fail as a soname libreplace-samba4.so is
already loaded, but the symbol version within the other one don't match, as the
contain the exact version, e.g. replace_dummy@@SAMBA_4.13.3.
This is just an example and similar things can happen in all situations
where we provide libraries, which are potentially injected into every
process of the running system. These should only depend on libc.so and
related basic system libraries in order to avoid the problem.
We have the following libraries, which are in the that category:
- libnss_winbind.so.2
- libnss_wins.so.2
- pam_winbind.so
- winbind_krb5_locator.so
- async_dns_krb5_locator.so
The rules of library loading are really complex and symbol versioning
is not enough to solve it, only the combination of unique soname and
unique symbol version suffix seem to solve the problem, but injecting
an RPATH is still a problem.
In order to solve the problem I experimented with adding SAMBA_SUBSYSTEM()
definitions with 'hide_symbols=True' in order to do some static linking
of selected components, e.g.
bld.SAMBA_SUBSYSTEM('replace-hidden',
source=REPLACE_SOURCE,
group='base_libraries',
hide_symbols=True,
deps='dl attr' + extra_libs)
It's relatively simple to get to the point where the following are
completely static:
- libnss_winbind.so.2
- libnss_wins.so.2
- pam_winbind.so
- winbind_krb5_locator.so
But 'async_dns_krb5_locator.so' links in almost everything!
It seems we install the krb5 plugins into our own $MODULESDIR/krb5/,
so it may not be so critical, as long it's the admin who created
the desired symlinks into the location the kerberos libraries search
for plugins. Note the at least the locator plugins are always loaded
without any configuration, every .so in a special path are loaded with dlopen().
This is done by every application using kerberos, so we load a lot of samba libraries
into them.
Packagers should not put async_dns_krb5_locator.so (nor a symlink) into
the path that's reachable by libkrb5.so.
As a longterm solution we may want to change async_dns_krb5_locator.so
to use a helper process with posix_spawn() instead of doing everything
within the process.
Note I added hiden_symbols=True to the nss modules for Linux and
FreeBSD only, because these are the only platforms I'm able to test
on. We most likely should do the same on other platforms, but some
with access to the platform should provide a tested patch.
In order to avoid manual definitions of SAMBA_SUBSYSTEMS() with
'-hidden', I added the 'provide_builtin_linking=True' option,
as the logic is very similar to what we already have with the
'--builtin-libraries=BUILTIN_LIBRARIES' configure option.
SAMBA_PLUGIN() is used in order to use SAMBA_LIBRARY() in order
to make it more strict that these plugins can't be used as
normal depedency by other subsystems and libraries.
While being there it was easy enough to make libwbclient.so
also standalone without dependecies to other samba libraries.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14780
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 5 Aug 2021 16:03:14 +0000 (18:03 +0200)]
lib/replace: use dlsym(RTLD_DEFAULT,) for {nss,nss_host,uid,socket}_wrapper_enabled()
We should not provide the symbols ourself instead we should just check
if they are already available when we want to check the result.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14780
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Tue, 12 Oct 2021 12:30:09 +0000 (14:30 +0200)]
nsswitch/libwbclient: explicitly mark all wbc* symbols as _PUBLIC_
Some private functions from wbclient_internal.h already
leaked into the ABI. With hide_symbols=True we make sure
this doesn't happen again.
Having wbcRequestResponse[Priv]() as part of the ABI helps us
in order to hide winbindd_[priv_]request_response() soon.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14780
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 1 Jul 2021 10:08:16 +0000 (12:08 +0200)]
nsswitch: explicitly mark nss_module_register() _PUBLIC_ on FreeBSD
This is the only symbol which is used via dlopen()/dlsym() and
needs to be exported, in future we'll do hide all other symbols.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14780
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 1 Jul 2021 10:08:16 +0000 (12:08 +0200)]
nsswitch: explicitly mark NSS_STATUS _nss_winbind_* symbols as _PUBLIC_ on Linux
The symbols which are used via dlopen()/dlsym() need to be exported,
in future we'll do hide all other symbols.
On other platforms, which are implemented as wrappers above the
Linux implementation, we mark the symbols as _PRIVATE_
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14780
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 1 Jul 2021 10:08:16 +0000 (12:08 +0200)]
nsswitch: explicitly mark PAM_EXTERN pam_sm_* symbols as _PUBLIC_
The symbols which are used via dlopen()/dlsym() need to be exported,
in future we'll do hide all other symbols.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14780
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 1 Jul 2021 10:08:16 +0000 (12:08 +0200)]
nsswitch: explicitly mark magic krb5 plugin symbols as _PUBLIC_
The symbols which are used via dlopen()/dlsym() need to be exported,
in future we'll do hide all other symbols.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14780
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Mon, 22 Nov 2021 16:59:48 +0000 (17:59 +0100)]
nsswitch/wbinfo: use wbcRequestResponse() instead of winbindd_request_response()
We should try to route everything through libwbclient.so, because we'll
soon don't have a single library providing winbindd_request_response().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14780
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Mon, 22 Nov 2021 17:11:27 +0000 (18:11 +0100)]
nsswitch: move winbindd_free_response() as inline function to winbind_struct_protocol.h
nsswitch/wb_common.c will be made completely internal soon.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14780
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Mon, 22 Nov 2021 16:59:48 +0000 (17:59 +0100)]
s4:torture/winbind: use wbcRequestResponse() instead of winbindd_request_response()
We should try to route everything through libwbclient.so, because we'll
soon don't have a single library providing winbindd_request_response().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14780
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Mon, 22 Nov 2021 16:59:48 +0000 (17:59 +0100)]
s3:ntlm_auth: use wbcRequestResponse[Priv]() instead of winbindd_request_response()
We should try to route everything through libwbclient.so, because we'll
soon don't have a single library providing winbindd_request_response().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14780
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Fri, 26 Nov 2021 00:39:40 +0000 (01:39 +0100)]
s3:utils: remove notify_msg.c from smbstatus sources
This is not needed for smbstatus and the symbols are also available
via 'smbd_base', which already contains notify_msg.c.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14780
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Wed, 4 Aug 2021 16:03:13 +0000 (18:03 +0200)]
libwbclient: fix strict-overflow warning in wbcSidToString()
../../nsswitch/libwbclient/wbc_sid.c:83:5: error: assuming signed overflow does not occur when simplifying conditional [-Werror=strict-overflow]
if (len+1 > sizeof(buf)) {
^
Even this would fail:
../../nsswitch/libwbclient/wbc_sid.c:83:5: error: assuming signed overflow does not occur when simplifying conditional [-Werror=strict-overflow]
if (len >= sizeof(buf)) {
^
Note that this only seems to happen with gcc 7 and when -O3 and
-fvisibility=hidden are used together. E.g. in the opensuse151-samba-o3
builds.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14780
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Wed, 18 Aug 2021 15:55:25 +0000 (17:55 +0200)]
heimdal_build: let HEIMDAL_LIBRARY() use SAMBA_LIBRARY()
This simplifies a lot and makes sure we always use the
same rules for private libraries.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14780
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Wed, 18 Aug 2021 13:47:33 +0000 (15:47 +0200)]
heimdal_build: avoid using hardcoded vnum values passed to HEIMDAL_LIBRARY()
For private libraries we don't want versioned sonames,
it's also pointless to use the upstream heimdal vnum values
for our private libraries as the soname is different anyway.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14780
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Wed, 18 Aug 2021 13:47:33 +0000 (15:47 +0200)]
heimdal_build: remove unused cflags argument of HEIMDAL_LIBRARY()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14780
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Wed, 18 Aug 2021 15:34:09 +0000 (17:34 +0200)]
wafsamba: allow SAMBA_LIBRARY() to get and use original 'version-script.map' for private libraries
We'll soon use this for the internal Heimdal build and take the raw
version-script.map files in order to create our own .vscript file
with our private version suffix.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14780
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Fri, 20 Aug 2021 21:05:57 +0000 (23:05 +0200)]
wafsamba: introduce SAMBA[3]_PLUGIN()
This will be used to define plugins we provide to be used
via dbopen/dlsym to external consumers.
SAMBA_PLUGIN() is used instead of SAMBA_LIBRARY() in order
to make it more strict that these plugins can't be used as
normal depedency by other subsystems and libraries.
With require_builtin_deps=True we make sure that only
symbols explicitly marked with _PUBLIC_ are exported
and we only link to system libraries and include all
internal depedencies as builtin subsystems.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14780
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 19 Aug 2021 15:31:24 +0000 (17:31 +0200)]
wafsamba: introduce require_builtin_deps/provide_builtin_linking/builtin_cflags to SAMBA_{SUBSYSTEM,LIBRARY}
The 'provide_builtin_linking=True' option that allows wscript files
to specify that a SAMBA_{SUBSYSTEM,LIBRARY} will also create a
builtin version of them in addition.
The logic behind this is very similar to what we already have with the
'--builtin-libraries=BUILTIN_LIBRARIES' configure option.
This avoids the need for manual definitions of SAMBA_SUBSYSTEMS() with
like this:
bld.SAMBA_SUBSYSTEM('replace-hidden',
source=REPLACE_SOURCE,
group='base_libraries',
hide_symbols=True,
deps='dl attr' + extra_libs)
The builtin version will also make sure that it will include all
dependecies (of internal code) also in the builtin variant.
Note that this is also possible if the dependency also
provided 'provide_builtin_linking=True' in order to limit
the scope.
We now imply '-D_PUBLIC_=_PRIVATE_' and 'hide_symbols=True' for
builtin libraries and subsystems in order to avoid exporting
the symbols of them.
With 'require_builtin_deps=True' a library can specify that it
is only able to use libraries/subsystems marked with
provide_builtin_linking=True. As a result it won't
link against any other SAMBA_LIBRARY() dependency,
but link in everything internal. Only system libraries
still get linked dynamically.
Use 'git show -w' to see a reduced diff.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14780
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Fri, 20 Aug 2021 14:25:02 +0000 (16:25 +0200)]
wafsamba: let reduce_objects() not remove duplicates of BUILTINS even if there are more than one
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14780
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Fri, 20 Aug 2021 12:27:17 +0000 (12:27 +0000)]
wafsamba: add SAMBA_SUBSYSTEM(force_empty=False)
We will need to define empty subsystems without any dependency.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14780
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Wed, 18 Aug 2021 15:20:12 +0000 (17:20 +0200)]
wafsamba: assert for *.sigs source files in abi_build_vscript()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14780
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 1 Jul 2021 13:29:46 +0000 (15:29 +0200)]
wafsamba: the symbol version string of private libraries should be based on the toplevel project
If we build a private library all symbols should be made private based
on a unique suffix.
When we use a unique soname and a unique symbol version suffix it's very unlikely
to hit conflicts due to inherited libraries.
For the abi checking we still use the original vnum as abi_vnum.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14780
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Fri, 13 Aug 2021 13:16:59 +0000 (15:16 +0200)]
wafsamba: use private extentions also for bundled public libraries
Playing tricks with redefining libraries, which may also be installed in
the system with the same version, isn't really a good thing.
It may work in some cases, but there are so many things which may go
wrong. So if we build a library as private/bundled library we should
change the soname of the library.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14780
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Fri, 13 Aug 2021 13:14:01 +0000 (15:14 +0200)]
wafsamba: remove unused private_library argument of PRIVATE_NAME()
The only caller asserts that private_library is True.
Use: git show -U5
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14780
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Wed, 18 Aug 2021 15:54:31 +0000 (17:54 +0200)]
wafsamba: SAMBA_GENERATOR() should not alter the callers dep_vars
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14780
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 1 Jul 2021 10:08:11 +0000 (12:08 +0200)]
wafsamba: fix '--private-libraries' option when using 'ALL,!something'
We already had the desired logic in LIB_MUST_BE_BUNDLED(), so we can
just reuse it in LIB_MUST_BE_PRIVATE().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14780
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Fri, 27 Aug 2021 10:39:01 +0000 (12:39 +0200)]
wafsamba: mark SAMBA_MODULE() with private_library=True
Symbols from modules should have a symbol versioning tag of the
current version.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14780
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Fri, 20 Aug 2021 09:21:13 +0000 (09:21 +0000)]
script/autobuild.py: fix "nondevel" builds of 'samba-libs'
Commit
3e6af7109eb9d49328b426095580e4bfb2338ceb removed environment
variables like PKG_CONFIG_PATH from the configure run, so we no longer
tested a build against the shared libraries we build before.
We also assert that we no longer build private libraries
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14780
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Joseph Sutton [Wed, 24 Nov 2021 07:41:54 +0000 (20:41 +1300)]
kdc: Require that PAC_REQUESTER_SID buffer is present for TGTs
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Nov 30 03:33:26 UTC 2021 on sn-devel-184
Joseph Sutton [Tue, 23 Nov 2021 06:38:35 +0000 (19:38 +1300)]
heimdal:kdc: Do not generate extra PAC buffers for S4U2Self service ticket
Normally samba_wdc_get_pac() is used to generate the PAC for a TGT, but
when generating a service ticket for S4U2Self, we want to avoid adding
the additional PAC_ATTRIBUTES_INFO and PAC_REQUESTER_SID buffers.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 24 Nov 2021 20:29:42 +0000 (09:29 +1300)]
selftest: Properly check extra PAC buffers with Heimdal
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 23 Nov 2021 04:30:50 +0000 (17:30 +1300)]
heimdal:kdc: Always generate a PAC for S4U2Self
If we decided not to put a PAC into the ticket, mspac would be NULL
here, and the resulting ticket would not contain a PAC. This could
happen if there was a request to omit the PAC or the service did not
require authorization data. Ensure that we always generate a PAC.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 24 Nov 2021 23:46:40 +0000 (12:46 +1300)]
tests/krb5: Add a test for S4U2Self with no authorization data required
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 24 Nov 2021 21:53:49 +0000 (10:53 +1300)]
kdc: Remove PAC_TYPE_ATTRIBUTES_INFO from RODC-issued tickets
Windows ignores PAC_TYPE_ATTRIBUTES_INFO and always issues a PAC when
presented with an RODC-issued TGT. By removing this PAC buffer from
RODC-issued tickets, we ensure that an RODC-issued ticket will still
result in a PAC if it is first renewed or validated by the main DC.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 24 Nov 2021 07:42:22 +0000 (20:42 +1300)]
kdc: Don't include extra PAC buffers in service tickets
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 25 Nov 2021 00:24:57 +0000 (13:24 +1300)]
Revert "CVE-2020-25719 s4/torture: Expect additional PAC buffers"
This reverts commit
fa4c9bcefdeed0a7106aab84df20b02435febc1f.
We should not be generating these additional PAC buffers for service
tickets, only for TGTs.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 24 Nov 2021 21:32:44 +0000 (10:32 +1300)]
tests/krb5: Add tests for renewal and validation of RODC TGTs with PAC requests
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 23 Nov 2021 07:15:41 +0000 (20:15 +1300)]
kdc: Always add the PAC if the header TGT is from an RODC
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 23 Nov 2021 07:00:07 +0000 (20:00 +1300)]
kdc: Match Windows error code for mismatching sname
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 24 Nov 2021 21:05:17 +0000 (10:05 +1300)]
tests/krb5: Add test for S4U2Self with wrong sname
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 24 Nov 2021 07:41:45 +0000 (20:41 +1300)]
kdc: Adjust SID mismatch error code to match Windows
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 24 Nov 2021 07:41:34 +0000 (20:41 +1300)]
heimdal:kdc: Adjust no-PAC error code to match Windows
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 18 Nov 2021 03:22:34 +0000 (16:22 +1300)]
s4:torture: Fix typo
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 18 Nov 2021 00:14:51 +0000 (13:14 +1300)]
heimdal:kdc: Fix error message for user-to-user
We were checking the wrong variable to see whether a PAC was found or not.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 24 Nov 2021 02:32:32 +0000 (15:32 +1300)]
tests/krb5: Add comments for tests that fail against Windows
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 24 Nov 2021 00:10:52 +0000 (13:10 +1300)]
tests/krb5: Add tests for validation with requester SID PAC buffer
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 23 Nov 2021 23:37:08 +0000 (12:37 +1300)]
tests/krb5: Align PAC buffer checking to more closely match Windows with PacRequestorEnforcement=2
We set EXPECT_EXTRA_PAC_BUFFERS to 0 for the moment. This signifies that
these checks are currently not enforced, which avoids a lot of test
failures.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 23 Nov 2021 23:09:18 +0000 (12:09 +1300)]
tests/krb5: Add TGS-REQ tests with FAST
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 23 Nov 2021 23:10:45 +0000 (12:10 +1300)]
tests/krb5: Add tests for TGS requests with a non-TGT
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 29 Nov 2021 20:26:40 +0000 (09:26 +1300)]
tests/krb5: Add tests for invalid TGTs
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 23 Nov 2021 23:04:36 +0000 (12:04 +1300)]
tests/krb5: Remove unnecessary expect_pac arguments
The value of expect_pac is not considered if we are expecting an error.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 23 Nov 2021 22:52:31 +0000 (11:52 +1300)]
tests/krb5: Adjust error codes to better match Windows with PacRequestorEnforcement=2
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 23 Nov 2021 22:40:35 +0000 (11:40 +1300)]
tests/krb5: Split out methods to create renewable or invalid tickets
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 23 Nov 2021 22:37:35 +0000 (11:37 +1300)]
tests/krb5: Allow PasswordKey_create() to use s2kparams
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 24 Nov 2021 03:02:00 +0000 (16:02 +1300)]
tests/krb5: Run test_rpc against member server
We were instead always running against the DC.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 23 Nov 2021 22:34:11 +0000 (11:34 +1300)]
tests/krb5: Deduplicate AS-REQ tests
salt_tests was running the tests defined in the base class as well as
its own tests.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 23 Nov 2021 22:53:18 +0000 (11:53 +1300)]
tests/krb5: Remove unused variable
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 23 Nov 2021 22:30:38 +0000 (11:30 +1300)]
selftest: Check received LDB error code when STRICT_CHECKING=0
We were instead only checking the expected error.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Tue, 23 Nov 2021 14:48:57 +0000 (15:48 +0100)]
s3:winbind: Fix possible NULL pointer dereference
BUG: https://bugzilla.redhat.com/show_bug.cgi?id=
2019888
Signed-off-by: Andreas Schneider <asn@samba.org>
Rewiewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Nov 29 19:40:50 UTC 2021 on sn-devel-184
Isaac Boukris [Sat, 19 Sep 2020 12:16:20 +0000 (14:16 +0200)]
s4:mit-kdb: Force canonicalization for looking up principals
See also
https://github.com/krb5/krb5/commit/
ac8865a22138ab0c657208c41be8fd6bc7968148
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Signed-off-by: Isaac Boukris <iboukris@gmail.com>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Nov 29 09:32:26 UTC 2021 on sn-devel-184
Andreas Schneider [Tue, 19 Oct 2021 07:59:54 +0000 (09:59 +0200)]
s4:kdc: Remove trailing spaces in db-glue.c
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Andreas Schneider [Tue, 23 Nov 2021 06:43:05 +0000 (07:43 +0100)]
s4:mit-kdb: Reduce includes to only what's needed
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Andreas Schneider [Mon, 11 Oct 2021 08:55:52 +0000 (10:55 +0200)]
mit-kdc: Use more strict KDC default settings
As we require MIT KRB5 >= 1.19 for the KDC, use more secure defaults.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Andrew Bartlett [Thu, 18 Nov 2021 03:09:47 +0000 (16:09 +1300)]
CVE-2021-3670 ldap_server: Clearly log LDAP queries and timeouts
This puts all the detail on one line so it can be searched
by IP address and connecting SID.
This relies on the anr handling as otherwise this log
becomes the expanded query, not the original one.
RN: Provide clear logs of the LDAP search and who made it, including
a warning (at log level 3) for queries that are 1/4 of the hard timeout.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14694
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Thu Nov 25 02:30:42 UTC 2021 on sn-devel-184
Andrew Bartlett [Thu, 18 Nov 2021 02:57:34 +0000 (15:57 +1300)]
CVE-2021-3670 dsdb/anr: Do a copy of the potentially anr query before starting to modify it
RN: Do not modify the caller-supplied memory in the anr=* handling to
allow clear logging of the actual caller request after it has been processed.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14694
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Thu, 18 Nov 2021 02:27:08 +0000 (15:27 +1300)]
CVE-2021-3670 ldap_server: Remove duplicate print of LDAP search details
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14694
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Mon, 27 Sep 2021 03:47:46 +0000 (16:47 +1300)]
CVE-2021-3670 ldb: Confirm the request has not yet timed out in ldb filter processing
The LDB filter processing is where the time is spent in the LDB stack
but the timeout event will not get run while this is ongoing, so we
must confirm we have not yet timed out manually.
RN: Ensure that the LDB request has not timed out during filter processing
as the LDAP server MaxQueryDuration is otherwise not honoured.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14694
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Joseph Sutton [Tue, 28 Sep 2021 04:20:43 +0000 (17:20 +1300)]
CVE-2021-3670 ldap_server: Ensure value of MaxQueryDuration is greater than zero
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14694
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Joseph Sutton [Thu, 26 Aug 2021 01:53:23 +0000 (13:53 +1200)]
CVE-2021-3670 ldap_server: Set timeout on requests based on MaxQueryDuration
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14694
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Joseph Sutton [Thu, 26 Aug 2021 09:18:26 +0000 (21:18 +1200)]
CVE-2021-3670 tests/krb5/test_ldap.py: Add test for LDAP timeouts
We allow a timeout of 2x over to avoid this being a flapping test.
Samba is not very accurate on the timeout, which is not otherwise an
issue but makes this test fail sometimes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14694
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Douglas Bagnall [Fri, 19 Nov 2021 03:16:30 +0000 (16:16 +1300)]
pytest/docs: better spelling of set_smbconf_arbitrary
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Mon Nov 22 11:18:09 UTC 2021 on sn-devel-184
Douglas Bagnall [Fri, 19 Nov 2021 03:15:50 +0000 (16:15 +1300)]
pytest/docs: set_smbconf_arbitrary_opposite() needs param_type
also, we fixed the name ("arbitrary", not "arbitary").
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
Douglas Bagnall [Fri, 19 Nov 2021 03:13:39 +0000 (16:13 +1300)]
pytest/dns_aging: remove duplicate tests
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
Douglas Bagnall [Fri, 19 Nov 2021 03:12:43 +0000 (16:12 +1300)]
pytest/dns_aging: use correct variable names
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Douglas Bagnall [Fri, 19 Nov 2021 03:21:08 +0000 (16:21 +1300)]
py/dnsserver: add a missing exception variable
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
Douglas Bagnall [Fri, 19 Nov 2021 03:11:14 +0000 (16:11 +1300)]
py/dnsserver: add missing imports
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.com>
Douglas Bagnall [Fri, 19 Nov 2021 02:33:09 +0000 (15:33 +1300)]
third_party/update: forget pep8
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Fri Nov 19 13:25:16 UTC 2021 on sn-devel-184
Douglas Bagnall [Fri, 19 Nov 2021 02:28:48 +0000 (15:28 +1300)]
pytest/source_chars: forget thirdparty/pep8 test file
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
Douglas Bagnall [Fri, 19 Nov 2021 02:18:23 +0000 (15:18 +1300)]
third_party: remove pep8
This was a *partial* copy of the python linting tool that has been
known as 'pycodestyle' since 2017. I say partial copy, because it does
not seem to contain the pep8 binary itself, just some documentation
and tests. It has not been changed since it was added in 2015.
It is GOOD that people run python linters, but this doesn't help them
in the slightest.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
Volker Lendecke [Wed, 17 Nov 2021 11:27:27 +0000 (12:27 +0100)]
cmdline: Make -P work in clustered mode
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14908
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Nov 17 18:29:09 UTC 2021 on sn-devel-184
Volker Lendecke [Wed, 17 Nov 2021 11:25:58 +0000 (12:25 +0100)]
cmdline: Add a callback to set the machine account details
source3 clients need to work in clustered mode, the default
cli_credentials_set_machine_account() only looks at the local
secrets.tdb file
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14908
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Wed, 17 Nov 2021 11:25:05 +0000 (12:25 +0100)]
lib: Add required includes to source3/include/secrets.h
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14908
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Wed, 17 Nov 2021 15:34:07 +0000 (16:34 +0100)]
selftest: Add reproducer for bug 14908
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14908
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Douglas Bagnall [Tue, 16 Nov 2021 20:47:18 +0000 (09:47 +1300)]
lib/replace/timegm: use utf-8
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Nov 17 05:27:39 UTC 2021 on sn-devel-184
Douglas Bagnall [Tue, 16 Nov 2021 20:48:37 +0000 (09:48 +1300)]
s4/auth/gensec/gensec_krb5_heimdal: use utf-8
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Ralph Boehme <slow@samba.org>
git.samba.org / gd / samba-autobuild / .git / log