Andreas Schneider [Tue, 24 Oct 2023 10:03:40 +0000 (12:03 +0200)]
s3:utils: Call gfree_all() before exit in smbget
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Tue, 24 Oct 2023 10:03:12 +0000 (12:03 +0200)]
s3:utils: Call gfree_all() before exit in smbfilter
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Tue, 24 Oct 2023 10:02:50 +0000 (12:02 +0200)]
s3:utils: Remove trailing white spaces in smbfilter.c
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Tue, 24 Oct 2023 10:01:58 +0000 (12:01 +0200)]
s3:utils: Call gfree_all() before exit in smbcquotas
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Tue, 24 Oct 2023 10:01:24 +0000 (12:01 +0200)]
s3:utils: Call gfree_all() before exit in smbcontrol
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Tue, 24 Oct 2023 10:00:46 +0000 (12:00 +0200)]
s3:utils: Call gfree_all() before exit in smbcacls
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Tue, 24 Oct 2023 10:00:16 +0000 (12:00 +0200)]
s3:utils: Call gfree_all() before exit in sharesec
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Tue, 24 Oct 2023 09:59:35 +0000 (11:59 +0200)]
s3:utils: Call gfree_all() before exit in regedit
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Tue, 24 Oct 2023 09:58:49 +0000 (11:58 +0200)]
s3:utils: Call gfree_all() before exit in pdbedit
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Tue, 24 Oct 2023 09:58:10 +0000 (11:58 +0200)]
s3:utils: Call gfree_all() before exit in ntlm_auth
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Tue, 24 Oct 2023 09:57:14 +0000 (11:57 +0200)]
s3:utils: Call gfree_all() before exit in net
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 4 Oct 2023 03:57:50 +0000 (16:57 +1300)]
s3:rpc_server: Correctly reset DEVMODE bit
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Oct 25 21:40:33 UTC 2023 on atb-devel-224
Rob van der Linde [Fri, 20 Oct 2023 01:46:40 +0000 (14:46 +1300)]
python: getopt: HostOptions and other option groups inherit from samba OptionGroup class
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Oct 25 00:31:37 UTC 2023 on atb-devel-224
Rob van der Linde [Tue, 10 Oct 2023 10:31:33 +0000 (23:31 +1300)]
netcmd: auth policy: add OptionGroup classes for user, service and computer options
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Fri, 6 Oct 2023 02:49:27 +0000 (15:49 +1300)]
python: netcmd: make use of HostOptions for claims and sites commands
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Fri, 6 Oct 2023 02:47:43 +0000 (15:47 +1300)]
python: getopt: Add HostOptions to avoid need to manually add -H
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Fri, 6 Oct 2023 01:50:32 +0000 (14:50 +1300)]
python: netcmd: make use of required flag on Option for claims commands
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Thu, 5 Oct 2023 23:58:46 +0000 (12:58 +1300)]
python: getopt: implement required flag on options and OptionParser
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Thu, 19 Oct 2023 02:05:56 +0000 (15:05 +1300)]
python: getopt: subclass OptionParser to populate option_class
The option_class needs to be set correctly for OptionGroups that use self.add_option
Override OptionParser `__init__` to change the default Option class to the samba one.
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Thu, 19 Oct 2023 01:26:46 +0000 (14:26 +1300)]
netcmd: tests: stop checking for ERROR prefix from CommandError
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Thu, 5 Oct 2023 23:45:35 +0000 (12:45 +1300)]
python: netcmd: remove OptionError alias to OptionValueError
The other methods in this file already raise optparse.OptionValueError
directly, except for two older ones.
They are using an alias which changes the name to OptionError, the
confusing part about this is that optparse.OptionError actually does
exist, so the incorrect alias needs to be removed.
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Thu, 5 Oct 2023 23:39:30 +0000 (12:39 +1300)]
python: netcmd: catch parent exception class OptParseError instead
This covers both OptionError and OptionValueError
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Thu, 5 Oct 2023 03:26:40 +0000 (16:26 +1300)]
python: getopt: rename SambaOption to Option
* Nothing uses SambaOption directly, everything imports it through samba.netcmd.Option
* Avoid an unnecessary rename on import
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Thu, 5 Oct 2023 03:00:36 +0000 (16:00 +1300)]
python: netcmd: parser class in getSamDB should set option_class
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Thu, 5 Oct 2023 02:52:54 +0000 (15:52 +1300)]
python: netcmd: fix import grouping and sorting in base first
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Thu, 5 Oct 2023 02:22:58 +0000 (15:22 +1300)]
python: netcmd: remove redundant Option subclass
Instead, just import SambaOption as Option, so all the existing commands don't need changing.
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Thu, 5 Oct 2023 02:18:32 +0000 (15:18 +1300)]
python: netcmd: SUPPRESS_HELP constant has no effect here
Where it is used, on a few options, the constant should be used
directly instead.
This means that in the following commit, the Option subclass of
SambaOption can be removed, as it will become redundant.
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Thu, 5 Oct 2023 02:13:45 +0000 (15:13 +1300)]
python: netcmd: dbcheck: fix import grouping and order
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Thu, 5 Oct 2023 02:10:06 +0000 (15:10 +1300)]
python: netcmd: ntacl: fix import grouping and order
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Thu, 5 Oct 2023 01:47:46 +0000 (14:47 +1300)]
python: tests: fix some hidden tab characters in tests.py
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Thu, 5 Oct 2023 01:33:32 +0000 (14:33 +1300)]
python: add docstrings to Validator and ValidationError
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Thu, 5 Oct 2023 01:30:20 +0000 (14:30 +1300)]
python: move Validator base class and ValidationError to getopt
It makes more sense for these to exist in the top package, because they are used by SambaOption.
validators.py can still exist in netcmd, just not the base class and exception.
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Thu, 5 Oct 2023 01:17:01 +0000 (14:17 +1300)]
python: getopt: move validators logic to parent class
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Thu, 5 Oct 2023 01:03:14 +0000 (14:03 +1300)]
netcmd: don't turn exception into CommandError in run_validators
It's the wrong place to do it.
Instead, let it raise the original exception, capture it in _run, and
call existing show_command_error method.
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Thu, 5 Oct 2023 00:47:11 +0000 (13:47 +1300)]
netcmd: PEP8: minor whitespace fix, file did not pass PEP8
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Thu, 5 Oct 2023 00:42:14 +0000 (13:42 +1300)]
netcmd: move comment above class to docstring
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Wed, 4 Oct 2023 23:05:17 +0000 (12:05 +1300)]
netcmd: correctly pass Samba option class to OptionParser
On OptionGroups it will set option_class and then this gets used by self.add_option
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Wed, 4 Oct 2023 22:32:30 +0000 (11:32 +1300)]
python: getopt: move SambaOption to the top of the file
This is needed for the next commit
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Wed, 4 Oct 2023 22:50:22 +0000 (11:50 +1300)]
python: getopt: correctly group and sort imports
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Wed, 4 Oct 2023 22:48:14 +0000 (11:48 +1300)]
python: getopt: update super calls to python3 style
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Wed, 4 Oct 2023 22:29:59 +0000 (11:29 +1300)]
python: move comment for check_bytes to docstring
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Wed, 4 Oct 2023 22:27:40 +0000 (11:27 +1300)]
python: PEP8 fixup whitespace in getopt.py first
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Mon, 2 Oct 2023 05:32:29 +0000 (18:32 +1300)]
netcmd: tests: make check_run and related methods classmethod for consistency
Before that only run_command was turned into a @classmethod, but not
the other related methods which were left unchanged, this made it
inconsistent.
Some of these methods need to be called from setUpTestData so they
really need to be @classmethod anyway.
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Mon, 2 Oct 2023 05:27:39 +0000 (18:27 +1300)]
tests: minor indentation and whitespace fixes
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Ralph Boehme [Fri, 20 Oct 2023 13:45:31 +0000 (15:45 +0200)]
smbtorture: add test for fruit:validate_afpinfo option
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Oct 24 22:30:06 UTC 2023 on atb-devel-224
Ralph Boehme [Tue, 4 Jul 2023 15:46:40 +0000 (17:46 +0200)]
vfs_fruit: add option fruit:validate_afpinfo = yes|no (default: yes)
Allows disabling validation of AfpInfo stream data. It seems in data migration
scenarios from other SMB servers to Samba with fruit, somehow such invalid
streams are present on the source SMB server and can't be copied to Samba.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Joseph Sutton [Thu, 19 Oct 2023 00:25:03 +0000 (13:25 +1300)]
s4:torture: Produce more output to help debug smb2.multichannel.bugs.bug_15346
Print the time (as reckoned by tevent) at which each ‘negprot done’ and
‘echo done’ message is produced, and print another message if one of the
requests times out.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15498
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Oct 24 15:51:40 UTC 2023 on atb-devel-224
Joseph Sutton [Wed, 18 Oct 2023 23:34:53 +0000 (12:34 +1300)]
lib/torture: Add torture_assert_size_*() macros
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15498
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Joseph Sutton [Wed, 18 Oct 2023 23:34:30 +0000 (12:34 +1300)]
lib/torture: Use portable format specifiers
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15498
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Ralph Boehme [Fri, 30 Jun 2023 15:05:46 +0000 (17:05 +0200)]
clang-format: sort alphabetically
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Oct 24 14:47:57 UTC 2023 on atb-devel-224
Ralph Boehme [Fri, 30 Jun 2023 11:00:23 +0000 (13:00 +0200)]
clang-format: tweak config to bring us closer to README.Coding.
I'm enabling "AllowAllArgumentsOnNextLine" because that's longstanding practice
with many many function calls like tevent_req_callback_data() and
tevent_req_data() and imho results in the most readable code at the place where
this is often seen (variable declartions with tevent_req_* stuff).
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Noel Power [Mon, 23 Oct 2023 14:12:39 +0000 (15:12 +0100)]
s3:/winbindd: remove parse_domain_user_fstr
Last caller of parse_domain_user_fstr has been removed so
we can safely remove the function
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Tue Oct 24 13:47:16 UTC 2023 on atb-devel-224
Noel Power [Mon, 23 Oct 2023 14:09:25 +0000 (15:09 +0100)]
s3/winbindd: use parse_domain_user instead of parse_domain_user_fstr
In canonicalize_username replace use of parse_domain_user_fstr
with parse_domain_user
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Noel Power [Fri, 20 Oct 2023 11:36:35 +0000 (12:36 +0100)]
s3/winbindd: replace use of parse_domain_user_fstr with parse_domain_user
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Noel Power [Fri, 20 Oct 2023 11:22:10 +0000 (12:22 +0100)]
s3/winbindd: replace parse_domain_user_fn with parse_domain_user
In winbindd_getgrnam_send use parse_domain_user instead of
parse_domain_user_fstr
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Noel Power [Fri, 20 Oct 2023 11:10:37 +0000 (12:10 +0100)]
s3/winbindd: use parse_domain_user instead of parse_domain_user_fstr
In winbindd_ccache_ntlm_auth replace use of parse_domain_user_fstr
with parse_domain_user
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Noel Power [Fri, 20 Oct 2023 11:09:17 +0000 (12:09 +0100)]
s3/winbindd: use parse_domain_user instead of parse_domain_user_fstr
in winbindd_getpwnam_send replace parse_domain_user_fstr with
parse_domain_user
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Noel Power [Fri, 20 Oct 2023 10:53:10 +0000 (11:53 +0100)]
s3/winbindd: use parse_domain_user_fstr instead of parse_domain_user
in winbindd_getgroups_send replace parse_domain_user_fstr
with parse_domain_user
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Noel Power [Fri, 20 Oct 2023 10:46:56 +0000 (11:46 +0100)]
s3/winbindd: Add new parse_domain_user function
Adds a new parse_domain_user function which doesn't use fstrings
but instead uses talloc allocated out strings (created from passed in
ctx)
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Noel Power [Sat, 21 Oct 2023 20:35:06 +0000 (21:35 +0100)]
s3/winbindd: rename parse_domain_user to parse_domain_user_fstr
prepare to port parse_domain_user function to not use fstrings.
rename function parse_domain_user (and all callers) to use
parse_domain_user_fstr
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Noel Power [Sat, 21 Oct 2023 11:41:39 +0000 (12:41 +0100)]
s3/winbindd: remove canonicalize_username_fstr
not longer any callers to canonicalize_username_fstr so it
can be removed
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Noel Power [Sat, 21 Oct 2023 20:29:34 +0000 (21:29 +0100)]
s3/winbindd: in winbindd_pam_chauthtok_send use canonicalize_username
replace use of canonicalize_username_fstr with canonicalize_username
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Noel Power [Sat, 21 Oct 2023 11:24:01 +0000 (12:24 +0100)]
s3/winbindd: in winbindd_pam_auth_send use canonicalize_username
replace use of canonicalize_username_fstr with canonicalize_username
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Noel Power [Sat, 21 Oct 2023 11:13:19 +0000 (12:13 +0100)]
s3/winbindd: in winbindd_pam_logoff_send use canonicalize_username
replace use of canonicalize_username_fstr with canonicalize_username
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Noel Power [Sat, 21 Oct 2023 11:06:10 +0000 (12:06 +0100)]
s3/winbindd: in winbindd_ccache_save use canonicalize_username
replace use of canonicalize_username_fstr with canonicalize_username
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Noel Power [Sat, 21 Oct 2023 10:47:30 +0000 (11:47 +0100)]
s3/winbindd: Add new canonicalize_username function
Add a mew canonicalize_username replacement function for
canonicalize_username_fstr which doesn't use fstrings but instead
uses talloc allocated strings
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Noel Power [Sat, 21 Oct 2023 10:17:46 +0000 (11:17 +0100)]
s3/winbindd: rename canonicalize_username to canonicalize_username_fstr
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Noel Power [Sun, 22 Oct 2023 10:30:19 +0000 (11:30 +0100)]
s3/winbind: Ensure parse_domain_user() can't write beyond the end of domain[]
fail if we try to write beyond the fstring boundry
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15467
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 12 Jan 2023 10:35:30 +0000 (11:35 +0100)]
smb2_server: monitor connections with TEVENT_FD_ERROR
By asking for TEVENT_FD_ERROR we're able to fail early
when a connection to a client is broken.
In that case it does not make any sense to process
pending requests in the recv queue as it's not
possible to deliver the response to the client anyway.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Oct 24 10:32:56 UTC 2023 on atb-devel-224
Stefan Metzmacher [Thu, 12 Jan 2023 09:49:13 +0000 (10:49 +0100)]
s3:rpc_server: make use of tstream_bsd_fail_readv_first_error(true)
This avoids doing useless work in case the client connection
is already broken.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 12 Jan 2023 09:48:22 +0000 (10:48 +0100)]
s4:rpc_server: make use of tstream_bsd_fail_readv_first_error(true)
This avoids doing useless work in case the client connection
is already broken.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 12 Jan 2023 09:46:56 +0000 (10:46 +0100)]
s4:service_named_pipe: make use of tstream_bsd_fail_readv_first_error(true)
This avoids doing useless work in case the client connection
is already broken.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 12 Jan 2023 09:44:25 +0000 (10:44 +0100)]
libcli/named_pipe_auth: let tstream_npa_existing_socket use tstream_bsd_fail_readv_first_error(true)
This avoids doing useless work in case the client connection
is already broken.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 12 Jan 2023 09:46:20 +0000 (10:46 +0100)]
s4:wrepl_server: make use of tstream_bsd_fail_readv_first_error(true)
This avoids doing useless work in case the client connection
is already broken.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 12 Jan 2023 09:43:21 +0000 (10:43 +0100)]
s4:libcli/wrepl: make use of tstream_bsd_fail_readv_first_error(false)
As a client we want recv pending responses even if the server
already closed the connection.
While tstream_bsd_fail_readv_first_error(false) is the default for
tstream_bsd, the wins replication protocol is special as it has
a way to switch server and client roles on an existing tcp connection.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 12 Jan 2023 09:42:14 +0000 (10:42 +0100)]
s4:ntp_signd: make use of tstream_bsd_fail_readv_first_error(true)
This avoids doing useless work in case the client connection
is already broken.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 12 Jan 2023 09:41:04 +0000 (10:41 +0100)]
s3:libsmb: the unexpected handler use tstream_bsd_fail_readv_first_error(true)
This avoids doing useless work in case the client connection
is already broken.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 12 Jan 2023 09:40:13 +0000 (10:40 +0100)]
s4:dns_server: make use of tstream_bsd_fail_readv_first_error(true)
This avoids doing useless work in case the client connection
is already broken.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 12 Jan 2023 09:39:48 +0000 (10:39 +0100)]
s4:ldap_server: make use of tstream_bsd_fail_readv_first_error(true)
This avoids doing useless work in case the client connection
is already broken.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 12 Jan 2023 09:38:53 +0000 (10:38 +0100)]
s4:kdc: make use of tstream_bsd_fail_readv_first_error(true)
This avoids doing useless work in case the client connection
is already broken.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 12 Jan 2023 09:08:56 +0000 (10:08 +0100)]
lib/tsocket: add tstream_bsd_fail_readv_first_error()
This gives the caller the option to fail immediately if
TEVENT_FD_ERROR appear even with pending bytes in the
recv queue.
Servers typically want to activate this in order to avoid
pointless work, while clients typically want to read
pending responses from the recv queue.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 11 Jan 2023 19:17:06 +0000 (20:17 +0100)]
lib/tsocket: make use of TEVENT_FD_ERROR in tstream_bsd_fde_handler()
This makes the logic introduced to fix bug #15202 simpler.
While developing this I noticed that a lot of callers
rely on the fact that they can read the pending bytes out
of the recv queue before EOF is reported.
So I changed the code handle TEVENT_FD_ERROR together with
TEVENT_FD_READ in a way that keep the existing callers happy.
In the next step we'll add a way to let callers opt-in in order
to fail immediately if TEVENT_FD_ERROR appears (even if there
are pending bytes remaining in the recv queue).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15202
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 11 Jan 2023 19:15:33 +0000 (20:15 +0100)]
lib/tsocket: let tstream_bsd_connect_send() use TEVENT_FD_ERROR instead of TEVENT_FD_READ
This mostly cosmetic, but now that we have TEVENT_FD_ERROR we should use it.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 12 Jan 2023 11:54:33 +0000 (12:54 +0100)]
lib/async_req: let writev_send/recv use TEVENT_FD_ERROR
Unless err_on_readability is true, we use TEVENT_FD_READ only
to detect errors. Now that we have TEVENT_FD_ERROR we should use it.
As a side effect it makes the code much simpler and clearer, as
we can directly map TEVENT_FD_ERROR to EPIPE.
In addition the err_on_readability=true case is now also
clearer, where we just map TEVENT_FD_READ to EPIPE.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 11 Jan 2023 19:04:26 +0000 (20:04 +0100)]
lib/async_req: let async_connect_send use TEVENT_FD_ERROR instead of TEVENT_FD_READ
This mostly cosmetic, but now that we have TEVENT_FD_ERROR we should use it.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 12 Jan 2023 10:35:11 +0000 (11:35 +0100)]
lib/tsocket: make use of samba_socket_sock_error()
This is nicer than calling getsockopt(state->fd, SOL_SOCKET, SO_ERROR)
directly.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 12 Jan 2023 10:35:11 +0000 (11:35 +0100)]
lib/tsocket: make use of samba_socket_poll_or_sock_error()
This is just a copy of the existing code...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 12 Jan 2023 10:14:06 +0000 (11:14 +0100)]
lib/util: add samba_socket_{poll,sock,poll_or_sock}_error()
These are copies of the static functions in lib/tsocket/tsocket_bsd.c,
which we will replace in the next commit.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Fri, 20 Oct 2023 02:01:30 +0000 (15:01 +1300)]
s4:kdc: Add device to Authenticated Users for authentication policy evaluation
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Oct 24 01:59:32 UTC 2023 on atb-devel-224
Joseph Sutton [Fri, 20 Oct 2023 02:00:12 +0000 (15:00 +1300)]
s4:kdc: Add a flag indicating that the device should be added to Authenticated Users
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 19 Oct 2023 07:02:43 +0000 (20:02 +1300)]
s4:kdc: Add device to default groups for authentication policy evaluation
This means that expressions like ‘Device_Member_of(WD)’ will now work,
as they should.
It *also* means that expressions like ‘Device_Member_of(NU)’ will work,
even though they shouldn’t. This is because we consider SID_NT_NETWORK
to be a default group.
Our new behaviour may be wrong, but at least it’s now consistent with
the behaviour of user‐relative expressions like ‘Member_of(WD)’ and
‘Member_of(NU)’.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 19 Oct 2023 07:02:32 +0000 (20:02 +1300)]
s4:kdc: Add a flag indicating that the device should be added to the default groups
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 19 Oct 2023 07:02:13 +0000 (20:02 +1300)]
s4:kdc: Make a copy of the device SIDs to be placed in the security token
We shall need to add extra SIDs on the end.
View with ‘git show -b’.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 19 Oct 2023 04:11:41 +0000 (17:11 +1300)]
tests/krb5: Test whether the device belongs to some default groups
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 19 Oct 2023 03:23:32 +0000 (16:23 +1300)]
tests/krb5: Work around Samba’s incorrect krbtgt principal handling
These tests fail only because they are using the ‘krbtgt@REALM’ form of
the krbtgt principal that Samba doesn’t handle correctly.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 19 Oct 2023 03:22:28 +0000 (16:22 +1300)]
tests/krb5: Remove unnecessary target_creds variables
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 17 Oct 2023 07:24:04 +0000 (20:24 +1300)]
s4:kdc: Permit RODC‐issued evidence tickets for constrained delegation
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Oct 19 22:39:19 UTC 2023 on atb-devel-224
Joseph Sutton [Tue, 17 Oct 2023 07:18:28 +0000 (20:18 +1300)]
s4:kdc: Add flag to indicate the upper sixteen bits of the kvno are specified
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 17 Oct 2023 07:18:12 +0000 (20:18 +1300)]
s4:kdc: Use HDB flag constants instead of SDB ones
These flags are passed to us by Heimdal, and so they are HDB flags, not
SDB flags.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 17 Oct 2023 01:24:46 +0000 (14:24 +1300)]
s4:kdc: Always regard device info when the client performs RBCD
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>