Joseph Sutton [Mon, 30 Oct 2023 01:33:00 +0000 (14:33 +1300)]
s4:dsdb: Make sids_contains_sid() usable by other Samba modules
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 30 Oct 2023 01:32:09 +0000 (14:32 +1300)]
libcli/security: Correct function documentation
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 30 Oct 2023 01:21:42 +0000 (14:21 +1300)]
libcli/security: Remove unnecessary return statement
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 30 Oct 2023 01:17:31 +0000 (14:17 +1300)]
s4:dsdb: Align integer type
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 30 Oct 2023 00:40:37 +0000 (13:40 +1300)]
s4:kdc: Add Claims Valid SID to info regenerated from RODC‐issued PACs
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 25 Oct 2023 03:38:57 +0000 (16:38 +1300)]
tests/krb5: Add tests to see how SIDs are conveyed from PACs
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 30 Oct 2023 03:12:36 +0000 (16:12 +1300)]
tests/krb5: Test that the Claims Valid SID is added to RODC‐issued PACs
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 30 Oct 2023 02:20:59 +0000 (15:20 +1300)]
tests/krb5: Test that the Service Asserted Identity SID is not regarded from an RODC‐issued PAC
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Volker Lendecke [Wed, 25 Oct 2023 07:50:23 +0000 (09:50 +0200)]
smbd: Open file as REPARSE_POINT in unlink_internals()
In the future we'll block opening symlinks as such in
SMB_VFS_CREATE_FILE() unless we open as reparse points.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Nov 1 19:56:33 UTC 2023 on atb-devel-224
Volker Lendecke [Wed, 25 Oct 2023 07:49:32 +0000 (09:49 +0200)]
smbd: Open file as REPARSE_POINT in reply_rmdir()
In the future we'll block opening symlinks as such in
SMB_VFS_CREATE_FILE() unless we open as reparse points.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 25 Oct 2023 07:36:58 +0000 (09:36 +0200)]
smbd: Open file as REPARSE_POINT in rename_internals()
In the future we'll block opening symlinks as such in
SMB_VFS_CREATE_FILE() unless we open as reparse points.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 25 Oct 2023 07:29:13 +0000 (09:29 +0200)]
smbd: Open file as REPARSE_POINT in smb_posix_unlink()
In the future we'll block opening symlinks as such in
SMB_VFS_CREATE_FILE() unless we open as reparse points.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 16 Oct 2023 15:17:46 +0000 (17:17 +0200)]
smbd: Remove unused FAKE_FILE_TYPE_NAMED_PIPE enum
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 10 Oct 2023 13:36:56 +0000 (15:36 +0200)]
smbd: Move filename_convert_smb1_search_path() to smb1-only code
Just general cleanup.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 24 Oct 2023 11:18:32 +0000 (13:18 +0200)]
smbd: Fix previous_slash()
Untested code is broken code... previous_slash() did not return a
pointer to the slash but after it. This went undetected because so far
we never call symlink_target_path() with "unparsed==0". Once we
started doing that, we would find that the "unparsed==0" case actually
puts parent on the "previous slash", not the character behind it.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 27 Oct 2023 07:55:54 +0000 (09:55 +0200)]
manpages: Add a missing space
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 24 Oct 2023 16:46:55 +0000 (18:46 +0200)]
libcli: SMBntcreateX can return STOPPED_ON_SYMLINK
This does not count as NT_STATUS_IS_ERR, as it starts with 0x8 instead
of 0xC. So we return NT_STATUS_INVALID_NETWORK_RESPONSE, which is
wrong.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sun, 22 Oct 2023 14:25:53 +0000 (16:25 +0200)]
smbd: "have_proc_fds" can only work for a real fd
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 16 Oct 2023 15:42:37 +0000 (17:42 +0200)]
smbd: Remove code #ifdef'ed out >23years ago
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 16 Oct 2023 15:38:02 +0000 (17:38 +0200)]
smbd: Fix some whitespace
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 16 Oct 2023 10:00:39 +0000 (12:00 +0200)]
smbd: Save errno around unbecome_root()
Probably not required, but better safe than sorry.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 13 Oct 2023 14:19:41 +0000 (16:19 +0200)]
smbd: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 10 Oct 2023 14:00:14 +0000 (16:00 +0200)]
smbd: Fix whitespace
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 10 Oct 2023 13:10:06 +0000 (15:10 +0200)]
smbd: Fix whitespace
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sun, 15 Oct 2023 12:48:40 +0000 (14:48 +0200)]
smbd: Simplify reopen_from_fsp()
Add the checks in reopen_from_procfd() into an if-condition, remove
the MORE_PROCESSING_REQUIRED logic that confused me.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sun, 15 Oct 2023 12:31:03 +0000 (14:31 +0200)]
smbd: Simplify reopen_from_fsp()
Pass down a dummy "file_created" variable in open_directory(), remove
a unneeded if-condition.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sun, 15 Oct 2023 09:39:32 +0000 (11:39 +0200)]
smbd: Simplify sys_proc_fd_path()
We know the buffer size up-front, create a struct for that. Also, I
think if we ever hit another /proc pattern this is very likely on a
different OS that could be handled by an #ifdef.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Samuel Cabrero [Mon, 30 Oct 2023 12:24:29 +0000 (13:24 +0100)]
WHATSNEW: Mention logged on users list removal
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Nov 1 12:52:13 UTC 2023 on atb-devel-224
Ralph Boehme [Fri, 27 Oct 2023 16:50:48 +0000 (18:50 +0200)]
CI: smb3unix.py: check basic CreateContexts response
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Oct 31 05:41:17 UTC 2023 on atb-devel-224
Ralph Boehme [Sun, 29 Oct 2023 14:31:33 +0000 (15:31 +0100)]
libsmb: add all fields from SMB2_FIND_POSIX_INFORMATION in list_posix_helper()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>
Ralph Boehme [Sun, 29 Oct 2023 14:27:08 +0000 (15:27 +0100)]
libsmb: remove mode from struct file_info
There's already the "attr" member and this is even used in list_posix_helper()
in pylibsmb.c. While at it, remove the cast in list_posix_helper() by using "I"
instead of "i" format.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>
Ralph Boehme [Sun, 29 Oct 2023 13:59:22 +0000 (14:59 +0100)]
libsmb: use K format for parsing unsigned long long
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>
Ralph Boehme [Sun, 29 Oct 2023 13:49:20 +0000 (14:49 +0100)]
libsmb: info-level SMB2_FIND_POSIX_INFORMATION doesn't return short name
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>
Ralph Boehme [Sun, 29 Oct 2023 10:21:47 +0000 (11:21 +0100)]
libsmb: infer posix context from info_level
No need for an explcit additional argument, we can just infer this from the
info_level.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>
Ralph Boehme [Sun, 29 Oct 2023 10:09:04 +0000 (11:09 +0100)]
CI: smb3unix.py: use libsmb.SMB2_FIND_POSIX_INFORMATION
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>
Ralph Boehme [Fri, 27 Oct 2023 16:50:30 +0000 (18:50 +0200)]
pylibsmb: add IO_REPARSE_TAG_RESERVED_ZERO
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>
Ralph Boehme [Fri, 27 Oct 2023 16:50:06 +0000 (18:50 +0200)]
libcli/smb: add IO_REPARSE_TAG_RESERVED_ZERO
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>
Martin Schwenke [Tue, 19 Sep 2023 07:34:55 +0000 (17:34 +1000)]
ctdb-scripts: Update detect_init_style to use /etc/os-release
/etc/os-release is quite universal. It can be found on most Linux
distros and on FreeBSD.
Attempt to use /etc/os-release to detect Red Hat, SUSE and Debian
based distros. If /etc/os-release exists but distro is unknown then
$ID is printed as the detected distro, which will probably result in
sub-optimal behaviour, but when tracing it will at least indicate that
a new distro needs to be handled.
The only way to handle missing /etc/os-release is to set
CTDB_INIT_STYLE - see ctdb.sysconfig(5) for details.
The event script unit tests are updated to use /etc/os-release so
the new logic is exercised.
Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Mon Oct 30 09:19:11 UTC 2023 on atb-devel-224
Volker Lendecke [Thu, 26 Oct 2023 14:12:29 +0000 (16:12 +0200)]
smbd: Fix read_symlink_reparse()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15505
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Oct 27 21:19:35 UTC 2023 on atb-devel-224
Volker Lendecke [Thu, 26 Oct 2023 14:16:29 +0000 (16:16 +0200)]
tests: Get a file through an absolute symlink within a subdirectory
This shows that read_symlink_reparse() is broken when trying to
replace an absolute with a relative filename within a
share.
read_symlink_reparse() is used only in openat_pathref_fsp_nosymlink()
so far to chase symlinks for non-lcomp path components. Chasing lcomp
symlinks is done through non_widelink_open(), which gets it right.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15505
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Gabriel Nagy [Fri, 27 Oct 2023 08:21:50 +0000 (11:21 +0300)]
gp_pol: Test multiple values multi_sz roundtrip
Signed-off-by: Gabriel Nagy <gabriel.nagy@canonical.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>
Autobuild-User(master): David Mulder <dmulder@samba.org>
Autobuild-Date(master): Fri Oct 27 14:45:28 UTC 2023 on atb-devel-224
Gabriel Nagy [Tue, 24 Oct 2023 09:47:02 +0000 (12:47 +0300)]
gp_pol: Allow null data for REG_MULTI_SZ
The parser is able to convert data from binary to XML (it generates an
empty <Value> tag) but not the other way around. This is a common
occurrence for empty multitext fields.
Signed-off-by: Gabriel Nagy <gabriel.nagy@canonical.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>
Gabriel Nagy [Tue, 24 Oct 2023 09:26:42 +0000 (12:26 +0300)]
gp_pol: Test empty multi_sz roundtrip
Signed-off-by: Gabriel Nagy <gabriel.nagy@canonical.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>
Andreas Schneider [Thu, 26 Oct 2023 12:37:29 +0000 (14:37 +0200)]
s3:utils: Initialize the memcache for smbpasswd
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Oct 27 06:51:48 UTC 2023 on atb-devel-224
Andreas Schneider [Thu, 26 Oct 2023 12:36:02 +0000 (14:36 +0200)]
s3:util: Add gfree_memcache() to gfree_all()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Thu, 26 Oct 2023 12:35:44 +0000 (14:35 +0200)]
lib:util: Add a gfree_memcache()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Thu, 26 Oct 2023 12:28:19 +0000 (14:28 +0200)]
s3:passdb: Do not leak memory if memcache add fails
Indirect leak of 496 byte(s) in 1 object(s) allocated from:
#0 0x7ffb062dc03f in malloc (/lib64/libasan.so.8+0xdc03f) (BuildId:
3e1694ad218c99a8b1b69231666a27df63cf19d0)
#1 0x7ffb06025b3e in __talloc_with_prefix ../../lib/talloc/talloc.c:783
#2 0x7ffb06027512 in __talloc ../../lib/talloc/talloc.c:825
#3 0x7ffb06027512 in _talloc_named_const ../../lib/talloc/talloc.c:982
#4 0x7ffb06027512 in _talloc_zero ../../lib/talloc/talloc.c:2421
#5 0x7ffb05a0332c in samu_new ../../source3/passdb/passdb.c:63
#6 0x7ffb05a2031f in pdb_getsampwnam ../../source3/passdb/pdb_interface.c:351
#7 0x7ffb05a0540b in local_password_change ../../source3/passdb/passdb.c:752
#8 0x56291ddd4b8b in password_change ../../source3/utils/smbpasswd.c:273
#9 0x56291ddd5b59 in process_root ../../source3/utils/smbpasswd.c:478
#10 0x56291ddd5b59 in main ../../source3/utils/smbpasswd.c:661
#11 0x7ffb024281af in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Thu, 26 Oct 2023 12:26:57 +0000 (14:26 +0200)]
lib:util: Add boolean return type for memcache_add_talloc()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Thu, 26 Oct 2023 12:26:26 +0000 (14:26 +0200)]
lib:util: Add boolean return type for memcache_add()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Thu, 26 Oct 2023 12:09:33 +0000 (14:09 +0200)]
s3:utils: Initialize row variable in wspsearch
../../source3/utils/wspsearch.c:331:25: error: ‘row’ may be used
uninitialized [-Werror=maybe-uninitialized]
331 | *rows_processed = row;
| ~~~~~~~~~~~~~~~~^~~~~
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Thu, 12 Oct 2023 04:08:34 +0000 (17:08 +1300)]
python: silos: add support for allowed to authenticate from silo shortcut
this avoids the need to write SDDL, the user just needs to give the silo name
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Oct 27 00:30:05 UTC 2023 on atb-devel-224
Rob van der Linde [Thu, 26 Oct 2023 23:11:34 +0000 (12:11 +1300)]
python: add docstring for escaped_claim_id function
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Thu, 26 Oct 2023 00:13:44 +0000 (13:13 +1300)]
python: move method escaped_claim_id from test to samba.sd_utils
This is so that it can be used in other places too without the need to import or extend the test base class
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Thu, 12 Oct 2023 03:59:43 +0000 (16:59 +1300)]
python: silos: add some missing tests for auth policy command
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Thu, 12 Oct 2023 03:55:34 +0000 (16:55 +1300)]
python: tests: claims and silo tests make use of unique_name
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Wed, 25 Oct 2023 22:18:04 +0000 (11:18 +1300)]
python: tests: improve comments for auth silo and policy tests
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Wed, 25 Oct 2023 04:25:51 +0000 (17:25 +1300)]
python: tests: qa and developers were not in the correct case
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Wed, 25 Oct 2023 03:02:31 +0000 (16:02 +1300)]
python: tests: addCleanup is always before create operation
This way if it raises during a create, it will still end up running the cleanup.
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Thu, 12 Oct 2023 02:21:08 +0000 (15:21 +1300)]
python: tests: function to generate a unique name from caller
Uses the caller function to generate a unique name from the test function name.
Unique name is converted to camel case
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Tue, 17 Oct 2023 05:54:52 +0000 (18:54 +1300)]
netcmd: tests: make use of addCleanup
Makes self.members redundant and tearDown method can go completely.
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Thu, 12 Oct 2023 01:53:18 +0000 (14:53 +1300)]
netcmd: claims: rename claims and silo tests
Rename test function names that were starting to get very long.
They were all prefixed with the test name, stop doing that and use double underscore for better separation.
e.g. AuthPolicyCmdTestCase.test_authentication_policy_list_json
becomes AuthPolicyCmdTestCase.test_list__json
The claim types and value types test cases have been split into two testcases.
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Thu, 26 Oct 2023 02:12:39 +0000 (15:12 +1300)]
netcmd: silo command uses more consistent naming for tgt args
The args --user-tgt-lifetime-mins, --service-tgt-lifetime-mins and
--computer-tgt-lifetime-mins suffixed with -mins to be consistent
with Windows tooling.
For these, the internal names don't need to change and neither do
the model fields, only the external cli interface has this.
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Tue, 17 Oct 2023 03:31:53 +0000 (16:31 +1300)]
netcmd: silo command uses more consistent naming for policy args
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Tue, 17 Oct 2023 01:30:40 +0000 (14:30 +1300)]
netcmd: silo command remove combined --policy which set all 3
doesn't make much sense to set all 3 to the same policy, user authentication policy, service authentication policy, computer authentication policy
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Wed, 25 Oct 2023 22:17:43 +0000 (11:17 +1300)]
codespell: Ignore .git
Otherwise the first line of commit messages is checked,
because text is found in .git/logs/HEAD, but only on
autobuild and not in CI (which does a shallow clone),
and not the whole commit message either, which is inconsistent.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15503
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Oct 26 23:27:29 UTC 2023 on atb-devel-224
Samuel Cabrero [Tue, 24 Oct 2023 09:31:17 +0000 (11:31 +0200)]
s3:rpc_server/wkssvc: Remove get logged on user list from utmp
utmp is not Y2038 safe.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Ralph Boehme [Thu, 26 Oct 2023 13:24:07 +0000 (15:24 +0200)]
smbd: add inode marshalling in smb3_file_posix_information_init()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Oct 26 16:32:30 UTC 2023 on atb-devel-224
Ralph Boehme [Thu, 26 Oct 2023 13:24:27 +0000 (15:24 +0200)]
smbd: add nlinks marshalling in smb3_file_posix_information_init()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Ralph Boehme [Fri, 13 Oct 2023 08:26:46 +0000 (10:26 +0200)]
s3/libsmb: reuse smbXcli_conn_have_posix()
We already store the negotiated POSIX state in smbXcli_connection
and there we only store it if the server actually supports the
version we requested.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Ralph Boehme [Tue, 24 Oct 2023 17:06:23 +0000 (19:06 +0200)]
smbd: fix group marshalling in smb3_file_posix_information_init
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Joseph Sutton [Wed, 20 Sep 2023 23:37:30 +0000 (11:37 +1200)]
s4:kdc: Simplify principal_comp_strcmp_int() to handle only equality
We only ever use the principal comparison functions to check equality.
Having these functions only handle equality simplifies their
implementation and makes them a bit easier to use.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15482
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Oct 26 02:26:02 UTC 2023 on atb-devel-224
Joseph Sutton [Thu, 21 Sep 2023 00:01:27 +0000 (12:01 +1200)]
s4:kdc: Check for overflow before calling smb_krb5_princ_component()
smb_krb5_princ_component() takes its component index parameter as ‘int’,
not ‘unsigned int’.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15482
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 20 Sep 2023 23:22:51 +0000 (11:22 +1200)]
s4:kdc: Have principal_comp_strcmp_int() properly indicate an error
We should return error codes rather than silently mask failures.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15482
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 20 Sep 2023 23:14:36 +0000 (11:14 +1200)]
s4:kdc: Consider a single‐component krbtgt principal to be the TGS
This matches the behaviour of Windows.
NOTE: This commit finally works again!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15482
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 25 Sep 2023 00:16:43 +0000 (13:16 +1300)]
third_party/heimdal: Import lorikeet-heimdal-
202309250010 (commit
b73ae22b9b1c6fc06d0d79afe55517367a5f9670)
NOTE: THIS COMMIT WON’T COMPILE/WORK ON ITS OWN!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15482
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 20 Sep 2023 23:22:47 +0000 (11:22 +1200)]
s4:kdc: Make use of smb_krb5_principal_is_tgs()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15482
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 20 Sep 2023 23:21:28 +0000 (11:21 +1200)]
s4:kdc: Change signature of is_kadmin_changepw() to accommodate failure cases
principal_comp_strcmp() cannot yet indicate a failure case, but it will
soon be changed to do so.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15482
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 20 Sep 2023 22:41:05 +0000 (10:41 +1200)]
s4:kdc: Have smb_krb5_principal_get_comp_string() properly indicate an error
The existing implementation did not differentiate between the case where
the relevant component was not present, and that where talloc_strndup()
failed. To correct this situation, put the result into an out parameter
on success and return an error on failure.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15482
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 25 Sep 2023 01:40:50 +0000 (14:40 +1300)]
s4:dsdb: Initialize pointers to NULL
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 20 Sep 2023 23:02:38 +0000 (11:02 +1200)]
lib/krb5_wrap: Check return value of krb5_principal_get_comp_string()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15482
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 25 Sep 2023 00:26:07 +0000 (13:26 +1300)]
tests/krb5: Add tests for single‐component krbtgt principals
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15482
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 25 Sep 2023 00:21:08 +0000 (13:21 +1300)]
tests/krb5: Also consider single‐component krbtgt principals to be TGS principals
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15482
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 5 Jul 2023 02:32:05 +0000 (14:32 +1200)]
libutil/iconv: avoid overflow in surrogate pairs
Consider the non-conforment utf-8 sequence "\xf5\x80\x80\x80", which
would encode 0x140000. We would set the high byte of the first
surrogate to 0xd8 | (0x130000 >> 18), or 0xdc, which is an invalid
start for a high surrogate, making the sequence as a whole invalid (as
you would expect -- the Unicode range was set precisely to that
covered by utf-16 surrogates).
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 5 Jul 2023 01:26:12 +0000 (13:26 +1200)]
libutil/iconv: don't allow wtf-8 surrogate pairs
At present, if we meet a string like "hello \xed\xa7\x96 world", the
bytes in the middle will be converted into half of a surrogate pair,
and the UTF-16 will be invalid. It is better to error out immediately,
because the UTF-8 string is already invalid.
https://learn.microsoft.com/en-us/windows/win32/api/Stringapiset/nf-stringapiset-widechartomultibyte#remarks
is a citation for the statement about this being a pre-Vista
problem.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 29 Jun 2023 08:45:34 +0000 (20:45 +1200)]
util/charset/torture: test convert_string_talloc with emptyish strings
because it wasn't entirely obvious (a zero length string returns a
length 1 result).
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 12 Jul 2023 06:34:49 +0000 (18:34 +1200)]
s4/torture/gentest: explain seemingly redundant initialisation
It seems silly, but it confused me.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 29 Jun 2023 06:23:55 +0000 (18:23 +1200)]
util/convert string: remove inaccurate misspelt comment
Previous commit to the "embarrassing" line was
ce10a7a673e8adf "Fix
typo in comment", which did not completely fix the typo in the
comment.
But there are no gotos anymore, so no embarrassment, however spelt.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Tue, 10 Jan 2023 23:41:35 +0000 (12:41 +1300)]
s4/torture/gentest: remove redundant op entry
Also on line 2994.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 20 Jul 2023 02:25:51 +0000 (14:25 +1200)]
docs/manpages: fix links to mod_ntlm_winbind and squid
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Sat, 13 May 2023 07:29:48 +0000 (19:29 +1200)]
s4:dns_server: loudly warn when a tombstone record has other records
This shouldn't happen -- that is, there should never be non-tombstone
records in conjunction with a tombstone record -- and if it does, the
situation should resolve itself here. But the flow is confusing and
strange things sometimes happen often enough that it would be helpful
to know if this ever occurs.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 7 Jun 2023 02:35:30 +0000 (14:35 +1200)]
s4/dsdb: try not to leak on access check failure
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Sat, 17 Jun 2023 23:38:48 +0000 (11:38 +1200)]
librpc/ndr_basic: attempt only IPv4 addresses in push_ipv4
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Sat, 17 Jun 2023 02:22:05 +0000 (14:22 +1200)]
idl/spoolss: fix spelling of UTF16 charset
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 28 Jun 2023 04:02:38 +0000 (16:02 +1200)]
util/charset: disambiguate docs for convert_string twins
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 1 Mar 2023 01:59:55 +0000 (14:59 +1300)]
lib/util/charset: @param typos
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Noel Power [Tue, 25 Oct 2022 17:30:31 +0000 (18:30 +0100)]
docs-xml: add manpage for wspsearch cli client
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Oct 25 23:20:33 UTC 2023 on atb-devel-224
Noel Power [Thu, 21 Jul 2016 15:53:17 +0000 (16:53 +0100)]
s3/utils: Add search client
Simple cli client for doing a basic windows search.
example:
wspsearch -U$(USER)%$(PASSWD) //$(SERVER)/$(SHARE) --search='DSC' --kind=Picture
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Noel Power [Mon, 17 Oct 2022 19:15:32 +0000 (20:15 +0100)]
libcli/wsp: Add simple client api for wsp client code.
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Noel Power [Wed, 23 Aug 2023 11:06:02 +0000 (12:06 +0100)]
add accessor for tstream_context
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Noel Power [Wed, 23 Aug 2023 10:28:21 +0000 (11:28 +0100)]
remove problematic include (seems to bring in conflicted definitions)
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>