Andreas Schneider [Fri, 15 Dec 2023 07:23:25 +0000 (08:23 +0100)]
s3:utils: Fix the auth function to print correct values to the user
In order to show correct values in the password prompt displayed by
cli_credentials_get_password*(). We need to set the domain and username
in the credentials system.
The credentials supplied via the SMB URL have a higher priority than the
command line options.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15538
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Jan 4 11:26:52 UTC 2024 on atb-devel-224
Andreas Schneider [Fri, 15 Dec 2023 08:41:06 +0000 (09:41 +0100)]
s3:utils: Handle the domain before username and password
The cli_credentials_get_password*() function will interactively ask the
user for a password if none has been supplied via another ways. To show
the correct domain and username in the prompt, we need handle domain
and user first.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15538
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Volker Lendecke [Thu, 28 Dec 2023 13:38:37 +0000 (14:38 +0100)]
smbd: Fix traversing snapshot dirs that vanished in current fileset
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15544
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jan 2 20:37:01 UTC 2024 on atb-devel-224
Volker Lendecke [Thu, 28 Dec 2023 13:20:11 +0000 (14:20 +0100)]
shadow_copy: Add test for missing directory in "current" fileset
Right now we can't traverse a subdirectory in a snapshot which was
deleted in the current set of files.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15544
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Mon, 1 Jan 2024 00:03:20 +0000 (00:03 +0000)]
Happy New Year 2024!
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Björn Jacke [Mon, 25 Dec 2023 20:48:35 +0000 (21:48 +0100)]
s4/ldap_backend: do_call: use modern DBG macros
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Dec 29 13:50:05 UTC 2023 on atb-devel-224
Björn Jacke [Mon, 25 Dec 2023 20:46:47 +0000 (21:46 +0100)]
s4/ldap_backend: abandonrequest: use modern DBG macros
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Björn Jacke [Mon, 25 Dec 2023 20:45:55 +0000 (21:45 +0100)]
s4/ldap_backend: CompareRequest: use modern DBG macros
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Björn Jacke [Mon, 25 Dec 2023 20:37:29 +0000 (21:37 +0100)]
s4/ldap_backend: modifydnrequest: use modern DBG macros
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Björn Jacke [Mon, 25 Dec 2023 20:34:28 +0000 (21:34 +0100)]
s4/ldap_backend: delrequest: use modern DBG macros
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Björn Jacke [Mon, 25 Dec 2023 20:32:49 +0000 (21:32 +0100)]
s4/ldap_backend: addrequest: use modern DBG macros
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Björn Jacke [Mon, 25 Dec 2023 20:31:27 +0000 (21:31 +0100)]
s4/ldap_backend: modifyrequest: use modern DBG_ macro
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Björn Jacke [Mon, 25 Dec 2023 20:26:58 +0000 (21:26 +0100)]
s4/ldap_backend: SearchRequest: use modern DBG_ macro
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Björn Jacke [Mon, 25 Dec 2023 20:24:13 +0000 (21:24 +0100)]
s4/ldap_backend: unwilling: use modern DBG_ macro
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Björn Jacke [Mon, 25 Dec 2023 20:22:48 +0000 (21:22 +0100)]
s4/ldap_backend: encode: use modern DBG_ macro
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Björn Jacke [Mon, 25 Dec 2023 19:37:38 +0000 (20:37 +0100)]
s4/ldap_backend: change a printf %d to %u for results
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Björn Jacke [Mon, 25 Dec 2023 19:30:43 +0000 (20:30 +0100)]
s4/ldap_backend: fix a NULL dereference
Signed-off-by: Bjoern Jacke <bjacke@samba.org>>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Björn Jacke [Mon, 25 Dec 2023 18:53:30 +0000 (19:53 +0100)]
winbind_nss_netbsd: fix missing semicolon
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15541
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Björn Jacke [Mon, 25 Dec 2023 18:50:55 +0000 (19:50 +0100)]
docs-xml: use XML_CATALOG_FILES env var if defined
Thanks to Thierry LARONDE for the fix.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15540
Signed-off-by: Björn Jacke <bjacke@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Björn Jacke [Mon, 25 Dec 2023 18:49:38 +0000 (19:49 +0100)]
doc-xml: fix name of vfs_linux_xfs man page
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15542
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Joseph Sutton [Thu, 21 Dec 2023 22:04:51 +0000 (11:04 +1300)]
lib:crypto: Add tests for GKDI key derivation
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Dec 22 06:31:29 UTC 2023 on atb-devel-224
Joseph Sutton [Mon, 13 Nov 2023 04:08:58 +0000 (17:08 +1300)]
lib:crypto: Add implementation of GKDI key derivation
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 20 Dec 2023 03:39:14 +0000 (16:39 +1300)]
tests/krb5: Raise an error if root key data is the wrong length
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 20 Dec 2023 03:38:33 +0000 (16:38 +1300)]
tests/krb5: Test that root key data is the correct length in bytes
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 18 Dec 2023 20:38:27 +0000 (09:38 +1300)]
tests/krb5: Create root key just for implicit root key tests
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 18 Dec 2023 20:37:40 +0000 (09:37 +1300)]
tests/krb5: Check properties of current GKDI key
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 20 Dec 2023 01:26:00 +0000 (14:26 +1300)]
fuzz: allow max size conditional ACE round-trip failure
The encoder, being cautious not to overstep the arbitrary 10000 byte
boundary, might not encode an exactly 10000 byte condition. This
is an off-by-one, but in the safe direction.
Credit to OSS-Fuzz.
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65118
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Dec 22 00:51:13 UTC 2023 on atb-devel-224
Douglas Bagnall [Wed, 20 Dec 2023 00:40:15 +0000 (13:40 +1300)]
libcli/security: sddl conditional ACE: write -0 when asked
Credit to OSS-Fuzz.
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65122
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 20 Dec 2023 00:38:53 +0000 (13:38 +1300)]
libcli/security: rearrange conditional ACE sddl_write_int
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65122
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 20 Dec 2023 00:37:29 +0000 (13:37 +1300)]
libcli/security: tests for signed zeros in sddl condtional ACEs
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65122
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 21 Dec 2023 20:58:53 +0000 (09:58 +1300)]
librpc: Do not allow u16string to be encoded in a big‐endian context
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 20 Dec 2023 22:51:19 +0000 (11:51 +1300)]
librpc: Change type of ‘u16string’ from ‘const uint16_t *’ to ‘const unsigned char *’
A u16string is supposed to contain UTF‐16 code units, but
ndr_pull_u16string() and ndr_push_u16string() fail to correctly ensure
this on big‐endian systems. Code that relies on the u16string array
containing correct values will then fail.
Fix ndr_pull_u16string() and ndr_push_u16string() to work on big‐endian
systems, ensuring that other code can use these strings without having
to worry about first encoding them to little‐endian.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 21 Dec 2023 20:54:55 +0000 (09:54 +1300)]
librpc: Add missing spaces to error messages
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Ralph Boehme [Wed, 13 Dec 2023 06:57:46 +0000 (07:57 +0100)]
s3/lib: add log_panic_action()
Can be used to log a nice stack backtrace with full debug symbols by setting
"panic action" to something like
panic action = cd /home/slow/git/samba/master && /home/slow/git/samba/master/selftest/gdb_backtrace %d
This is similar to log_stack_trace(), but that doesn't come with debug symbols.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Ralph Boehme [Fri, 15 Dec 2023 06:15:22 +0000 (07:15 +0100)]
s3/lib: factor out call_panic_action() from smb_panic_s3()
No change in behaviour. Best viewed with git show -w.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Fri, 8 Dec 2023 03:38:21 +0000 (16:38 +1300)]
tests/krb5: Add Python implementation and tests for Group Key Distribution Service
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Dec 21 21:19:30 UTC 2023 on atb-devel-224
Joseph Sutton [Mon, 18 Dec 2023 06:11:37 +0000 (19:11 +1300)]
python: Add NT Time utility functions
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 12 Dec 2023 05:31:34 +0000 (18:31 +1300)]
pyglue: Export some GKDI constants
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 12 Dec 2023 05:31:19 +0000 (18:31 +1300)]
pyglue: Export some more HRESULT constants
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 12 Dec 2023 06:27:17 +0000 (19:27 +1300)]
pyglue: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 13 Nov 2023 04:08:58 +0000 (17:08 +1300)]
lib:crypto: Add GKDI module with some constants
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 12 Dec 2023 05:27:46 +0000 (18:27 +1300)]
gkdi.idl: Verify magic numbers of pulled GKDI structures
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Fri, 8 Dec 2023 02:58:32 +0000 (15:58 +1300)]
s4:libcli: Fix conversion from HRESULT and WERROR to Python objects
The inner values of HRESULT and WERROR are 32‐bit unsigned integers,
which might not be representable in type ‘int’. We must then use the ‘k’
format specifier, which corresponds to ‘unsigned long’, a type
guaranteed to be at least 32 bits in size.
Commit
c81aff362fe99a65385c6f8337ffcb47c9456829 fixed
PyErr_FromNTSTATUS(), but it did not attempt to fix the other cases.
PyErr_FromHRESULT() might return a tuple like this:
(-
2147024809, 'One or more arguments are invalid.')
which, after this commit, will become this:
(
2147942487, 'One or more arguments are invalid.')
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Fri, 8 Dec 2023 02:54:14 +0000 (15:54 +1300)]
s4:libcli: Remove trailing whitespace
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Fri, 8 Dec 2023 01:44:48 +0000 (14:44 +1300)]
python:tests: Catch strings passed to utf16_encoded_len() with embedded nulls
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Fri, 8 Dec 2023 01:10:42 +0000 (14:10 +1300)]
selftest: Rename ‘samba.unittests.test_gnutls_sp800_108’ to something more consistent with existing tests
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 18 Dec 2023 20:53:50 +0000 (09:53 +1300)]
gkdi.idl: Add ‘additional_info’ field to KeyEnvelope structure
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 18 Dec 2023 20:51:30 +0000 (09:51 +1300)]
gkdi.idl: Comment on domain and forest name fields
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Sun, 17 Dec 2023 20:31:11 +0000 (09:31 +1300)]
s3:utils: Do not pass invalid file descriptor to close() (CID
1550131)
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 14 Dec 2023 21:26:31 +0000 (10:26 +1300)]
tests/krb5: Remove redundant definitions
These items are already defined elsewhere.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 14 Dec 2023 02:26:39 +0000 (15:26 +1300)]
ldb: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 13 Dec 2023 19:25:38 +0000 (08:25 +1300)]
buildtools: Use correct variable in error message
When this error message was copied from CHECK_FUNCS_IN(), the variable
name was not changed. This results in messages like this:
“Mandatory library 'lib' not found for functions '<class 'list'>'”
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 13 Dec 2023 03:40:06 +0000 (16:40 +1300)]
lib:cmdline: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 12 Dec 2023 04:37:53 +0000 (17:37 +1300)]
pyglue: Remove unnecessary uses of discard_const_p()
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 12 Dec 2023 06:34:11 +0000 (19:34 +1300)]
python:tests: Don’t needlessly create single‐element tuple
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Sun, 10 Dec 2023 23:55:05 +0000 (12:55 +1300)]
lib:util: Use portable integer constants
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Sun, 10 Dec 2023 21:23:23 +0000 (10:23 +1300)]
s3:param: Remove unnecessary use of discard_const_p()
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 7 Dec 2023 21:48:40 +0000 (10:48 +1300)]
python:tests: Rename parameter to be consistent with overridden method
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 7 Dec 2023 21:30:14 +0000 (10:30 +1300)]
python:tests: Raise exception of more specific type NotImplementedError
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 7 Dec 2023 19:34:38 +0000 (08:34 +1300)]
python:tests: Use ‘False’ in boolean expression rather than ‘None’
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 30 Nov 2023 02:31:32 +0000 (15:31 +1300)]
librpc:ndr: Don’t unnecessarily parenthesize macro arguments
If we’re just passing a parameter to another macro which we know
correctly parenthesizes its arguments, then we don’t need to
parenthesize the parameter ourselves.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 30 Nov 2023 02:00:08 +0000 (15:00 +1300)]
lib:util: Remove redundant casts in PUSH_*() macros
The PUSH_*() macros already cast their arguments to the expected type,
so we don’t need to cast the arguments *again* prior to invoking the
macros.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 30 Nov 2023 02:11:10 +0000 (15:11 +1300)]
lib:util: Don’t unnecessarily parenthesize macro arguments
If we’re just passing a parameter to another macro which we know
correctly parenthesizes its arguments, then we don’t need to
parenthesize the parameter ourselves.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 30 Nov 2023 02:08:04 +0000 (15:08 +1300)]
lib:util: Cast macro parameter ‘val’ to expected type
These macros are now consistent with PUSH_BE_U8() and with the
PUSH_LE_*() macros.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 30 Nov 2023 02:06:15 +0000 (15:06 +1300)]
lib:util: Parenthesize macro parameters
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 28 Nov 2023 21:42:36 +0000 (10:42 +1300)]
s4:auth: Clarify comment about requiring FAST armor
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 18 Dec 2023 21:23:14 +0000 (10:23 +1300)]
s3:lib: Define TIME_FIXUP_CONSTANT_INT using INT64_C() macro
This is more portable than using preprocessor conditionals.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 27 Nov 2023 03:24:00 +0000 (16:24 +1300)]
lib:util: Define TIME_FIXUP_CONSTANT_INT using INT64_C() macro
This is more portable than using preprocessor conditionals.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Tue, 15 Aug 2023 06:57:57 +0000 (08:57 +0200)]
s3:ctdbd_conn: fix ctdbd_public_ip_foreach() for ipv6 addresses
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15534
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Dec 21 11:09:30 UTC 2023 on atb-devel-224
Andrew Bartlett [Mon, 18 Dec 2023 04:24:26 +0000 (17:24 +1300)]
WHATSNEW: Add entry for "samba-tool user get-kerberos-ticket"
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Thu Dec 21 03:04:12 UTC 2023 on atb-devel-224
Andrew Bartlett [Fri, 15 Dec 2023 04:10:42 +0000 (17:10 +1300)]
selftest: Add tests for "samba-tool user get-kerberos-ticket"
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Thu, 14 Dec 2023 01:50:05 +0000 (14:50 +1300)]
python/netcmd: Improve documentation for "samba-tool user getpassword"
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Thu, 14 Dec 2023 01:43:44 +0000 (14:43 +1300)]
python/netcmd: Add "samba-tool user get-kerberos-ticket" to get a ticket for a gMSA
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Mon, 18 Dec 2023 04:14:27 +0000 (17:14 +1300)]
WHATSNEW: Add entry for "samba-tool user getpassword" changes
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Rob van der Linde [Thu, 7 Dec 2023 02:53:01 +0000 (15:53 +1300)]
python: tests: blackbox test for GMSA
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Rob van der Linde [Fri, 15 Dec 2023 02:12:42 +0000 (15:12 +1300)]
samba-tool: document that -H can be used with gMSA accounts
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Rob van der Linde [Fri, 15 Dec 2023 02:10:39 +0000 (15:10 +1300)]
samba-tool: fix some grammar in getpassword docstrings
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Mon, 11 Dec 2023 07:56:16 +0000 (20:56 +1300)]
samba-tool: Make samba-tool user getpassword support a ';previous=1' option
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Mon, 11 Dec 2023 07:55:10 +0000 (20:55 +1300)]
samba-tool user getpassword: Prepare to support a ;previous=1 option, change behaviour for ;rounds=
This will return the previous password, but the pattern is to include
the option in the returned attribute name, so we need to use
vatter["raw_attr"], not 'a'.
This changes the behaviour for the ;rounds= option used when we hold
the plaintext password (possibly under GPG encryption).
This is now consistant with other parameters in the LDAP attribute,
and is now included in the returned attribute name.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Mon, 11 Dec 2023 08:40:44 +0000 (21:40 +1300)]
selftest: Modify expected output of 'samba-tool user getpassword' to be more consistant
This is consistant with ;format= support for time attributes and
other users of this parameter style elsewhere in LDAP.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Rob van der Linde [Thu, 14 Dec 2023 23:36:14 +0000 (12:36 +1300)]
selftest: fix failing user setpassword test
A side effect of being able to generate at read time unicodePwd for a gMSA is that we can also generate the unicodePwd from a virtualSambaGPG password.
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Mon, 11 Dec 2023 07:49:44 +0000 (20:49 +1300)]
samba-tool: Add support for getting the generated unicodePwd for a gMSA account
This pre-hashed value may be more practical to use than the random "UTF-16"
password. In particular it is easy to compare with the DB values.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Rob van der Linde [Fri, 1 Dec 2023 03:14:16 +0000 (16:14 +1300)]
netcmd: user: samba-tool support to allow non-windows use of GMSA accounts (show password)
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Tue, 12 Dec 2023 03:38:13 +0000 (16:38 +1300)]
samba-tool user getpassword: Use UTF16_MUNGED charcnv to map "UTF16" to UTF8
This copes with random invalid UTF-16 as seen with gMSA accounts.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Mon, 11 Dec 2023 03:54:57 +0000 (16:54 +1300)]
samba-tool: Prepare to allow samba-tool user getpasswords to operate against a remote server
While passwords are not normally available for read, Group Managed Service Account
passwords are, as this is how they are distributed.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Rob van der Linde [Thu, 7 Dec 2023 02:29:27 +0000 (15:29 +1300)]
netcmd: models: add object sid field to User model
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Rob van der Linde [Thu, 7 Dec 2023 02:28:04 +0000 (15:28 +1300)]
netcmd: getpassword: print OK message on stderr
This makes it easier to machine parse the output in tests
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Mon, 11 Dec 2023 04:41:21 +0000 (17:41 +1300)]
selftest: Avoid assertTrue() and assertFalse() where a better test exists
This allows the unittest framework to show the strings that the value was
not found in.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Rob van der Linde [Wed, 13 Dec 2023 01:03:14 +0000 (14:03 +1300)]
selftest: require named parameters for callers of connect_samdb() and connect_samdb_ex()
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Rob van der Linde [Wed, 13 Dec 2023 01:00:45 +0000 (14:00 +1300)]
selftest: add get_env_credentials()
This is like get_credentials but works for tests that are based
on environment variable for usernames and passwords.
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Rob van der Linde [Wed, 13 Dec 2023 01:00:00 +0000 (14:00 +1300)]
selftest: make get_loadparm a classmethod
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Rob van der Linde [Wed, 13 Dec 2023 23:57:09 +0000 (12:57 +1300)]
selftest: make _get_attribute use parse_ldif
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Rob van der Linde [Wed, 13 Dec 2023 03:50:18 +0000 (16:50 +1300)]
selftest: make _get_attribute a method on base class
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Rob van der Linde [Wed, 13 Dec 2023 03:41:11 +0000 (16:41 +1300)]
selftest: pep8: fix incorrect number of blank lines
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Rob van der Linde [Wed, 13 Dec 2023 03:40:17 +0000 (16:40 +1300)]
selftest: remove unused imports from virtualCryptSHA tests
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Rob van der Linde [Wed, 13 Dec 2023 03:39:06 +0000 (16:39 +1300)]
selftest: function _get_attribute() was in two places
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Volker Lendecke [Tue, 19 Dec 2023 09:30:58 +0000 (10:30 +0100)]
Revert "rpc_server:srvsvc - retrieve share ACL via root context"
This reverts commit
80c0b416892bfacc0d919fe032461748d7962f05.
With the previous patch it is no longer required. We open
share_info.tdb as root when starting up rpcd_classic and keep it open.
Commit
80c0b416892bfacc0d919fe032461748d7962f05 only fixed the
problem in one place, but we had it in a lot more places...
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15265
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Dec 20 11:20:51 UTC 2023 on atb-devel-224
Volker Lendecke [Wed, 13 Dec 2023 11:07:00 +0000 (12:07 +0100)]
rpcd_classic: Open share_info.tdb as root
srvsvc needs it, but for example NetShareGetInfo() runs as a
user. Opening share_info.tdb at that point is too late.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15265
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Wed, 29 Nov 2023 15:54:45 +0000 (16:54 +0100)]
smbd: Modernize a few DEBUG statements
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Tue Dec 19 17:07:04 UTC 2023 on atb-devel-224
Volker Lendecke [Mon, 27 Nov 2023 13:54:19 +0000 (14:54 +0100)]
smbd: Remove an unused function prototype
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>