Jeremy Allison [Wed, 17 Mar 2021 06:10:58 +0000 (23:10 -0700)]
s3: Remove last vestiges of Tru64 ACL support (missed in earlier patch).
Added WHATSNEW.txt note.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Mar 19 14:15:02 UTC 2021 on sn-devel-184
Volker Lendecke [Thu, 21 Jan 2021 17:33:58 +0000 (18:33 +0100)]
messaging: Fix receiving file descriptors
Don't close unconsumed file descriptors in messaging_recv_cb(). Via
multiple registrations on different tevent contexts we might call
messaging_recv_cb() multiple times: All but the first tevent context
handled in the loop in msg_dgm_ref_recv() will not see file
descriptors anymore, it will just get a -1, even if the first
reference had no receiver interested in the fds.
Change the API such that consumers can set the file descriptor to -1
if it's consumed. If nobody wanted them, do the close where they were
created via recvmsg, in messages_dgm.c.
If you want multiple handlers to consume the file descriptors, you
should dup() them in the filter function handed to
messaging_filtered_read_send and save the duplicate in your private
data for later consumption.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Mar 19 08:18:26 UTC 2021 on sn-devel-184
Volker Lendecke [Fri, 12 Feb 2021 20:27:19 +0000 (21:27 +0100)]
lib: Properly return errno from open_socket_in()
Before this patch, open_socket_in() relied on quite a bit of code to
not touch errno after for example socket() returned -1. Change this to
explicitly save errno in "ret", such that a later DEBUG() with all its
formatting code can mess it up.
While there, remove the debuglevel parameter. I don't think this
actually useful.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 16 Mar 2021 07:29:33 +0000 (08:29 +0100)]
rpcclient: Enable ncalrpc: transport
Best reviewed with "git show -b". Right now lsarpc in the nt4_dc
environment is not available over ncalrpc, so instead of getusername
we need to use epmlookup for the rpcclient tests
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 15 Mar 2021 16:45:32 +0000 (17:45 +0100)]
librpc: Simplify dcerpc_binding_dup() with common nomem handling
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 15 Mar 2021 16:27:21 +0000 (17:27 +0100)]
mdfind: Use cli_rpc_pipe_open_noauth() in mdfind util
For the better or worse, we have a wrapper for NCACN_NP
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 8 Feb 2021 15:21:03 +0000 (16:21 +0100)]
rpcclient: Let rpc_pipe_open_ncalrpc() figure out the dst sock itself
Let the epmapper take care of this, with "EPMAPPER" being the default
socket that is connected for registration from ep_register()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 8 Feb 2021 14:47:41 +0000 (15:47 +0100)]
rpc_client: Factor out rpccli_epm_map_interface() from rpc_pipe_get_tcp_port()
Make it usable for ncalrpc as well
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 26 Jan 2021 15:23:10 +0000 (16:23 +0100)]
rpcclient: No need to use an object id in epm_map
The interface id we're looking for is listed as floor 0 in the
map_tower argument.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 26 Jan 2021 15:22:35 +0000 (16:22 +0100)]
rpcclient: Don't put a port into the epm_map request
That's what the server is supposed to fill in for us
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 15 Mar 2021 13:51:30 +0000 (14:51 +0100)]
rpcclient: Remove pipe_default_auth globals
We have all information in the binding, we don't need those globals.
In case you're looking for tests: We have the combinations in our
blackbox.rpcclient test. They don't actually check whether we really
do the transport wrapping that is announced, some manual wireshark
inspection showed that this does what it's supposed to do. And it took
a quite bit of tweaking in binding_get_auth_info() to make this
survive "make test TESTS=blackbox.rpcclient".
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Mulder [Wed, 3 Mar 2021 21:19:01 +0000 (14:19 -0700)]
samba-tool: Add a gpo command for removing VGP Host Access Group Policy
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Mar 18 20:02:50 UTC 2021 on sn-devel-184
David Mulder [Wed, 3 Mar 2021 19:28:07 +0000 (12:28 -0700)]
samba-tool: Test gpo manage access remove command
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Mulder [Tue, 2 Mar 2021 22:05:46 +0000 (15:05 -0700)]
samba-tool: Add a gpo command for adding VGP Host Access Group Policy
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Mulder [Mon, 1 Mar 2021 17:31:54 +0000 (10:31 -0700)]
samba-tool: Test gpo manage access add command
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Mulder [Wed, 24 Feb 2021 13:36:45 +0000 (06:36 -0700)]
samba-tool: Add a gpo command for listing VGP Host Access Group Policy
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Mulder [Tue, 23 Feb 2021 20:12:09 +0000 (13:12 -0700)]
samba-tool: Test gpo manage access list command
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Mulder [Tue, 23 Feb 2021 18:12:05 +0000 (11:12 -0700)]
gpo: Apply Group Policy Host Access configuration from VGP
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Mulder [Mon, 22 Feb 2021 22:01:04 +0000 (15:01 -0700)]
gpo: Test Group Policy Host Access Configuration for VGP
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Tue, 16 Mar 2021 17:18:46 +0000 (18:18 +0100)]
smbd: free open_rec state in remove_deferred_open_message_smb2_internal()
The lifetime of open_rec (struct deferred_open_record) ojects is the time
processing the SMB open request every time the request is scheduled, ie once we
reschedule we must wipe the slate clean. In case the request gets deferred
again, a new open_rec will be created by the schedule functions.
This ensures any timer-event tied to the open_rec gets cancelled and doesn't
fire unexpectedly.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14672
CI: https://gitlab.com/samba-team/samba/-/merge_requests/1843
RN: smbd panic when two clients open same file
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Mar 18 18:04:09 UTC 2021 on sn-devel-184
Ralph Boehme [Wed, 17 Mar 2021 15:24:28 +0000 (16:24 +0100)]
smbd: cancel pending poll open timer in poll_open_done()
The retry of the open is scheduled below, avoid rescheduling it a second time in
the open retry timeout function.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14672
CI: https://gitlab.com/samba-team/samba/-/merge_requests/1843
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Wed, 17 Mar 2021 15:22:37 +0000 (16:22 +0100)]
smbd: reset dangling watch_req pointer in poll_open_done
We just freed subreq and a pointer to subreq is stored in open_rec->watch_req,
so we must invalidate the pointer.
Otherwise if the poll open timer fires it will do a
TALLOC_FREE(open_rec->watch_req);
on the dangling pointer which may crash or do something worse like freeing some
other random talloc memory.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14672
CI: https://gitlab.com/samba-team/samba/-/merge_requests/1843
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Jeremy Allison [Wed, 17 Mar 2021 22:44:37 +0000 (15:44 -0700)]
s3: tests: Change logfile for printing expansion tests.
logfile=/tmp/$USER_printing_var_exp.log -> logfile="${SELFTEST_TMPDIR}/${USER}_printing_var_exp.log"
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Mar 18 02:57:08 UTC 2021 on sn-devel-184
Stefan Metzmacher [Wed, 17 Feb 2021 11:57:01 +0000 (12:57 +0100)]
third_party: Update socket_wrapper to version 1.3.3
This fixes a deadlock abort() when SOCKET_WRAPPER_KEEP_PCAP=1
is used.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14640
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Mar 17 23:53:04 UTC 2021 on sn-devel-184
Douglas Bagnall [Tue, 16 Feb 2021 23:47:42 +0000 (12:47 +1300)]
py.join: remove unused untested get_naming_master
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Mar 17 18:23:04 UTC 2021 on sn-devel-184
Douglas Bagnall [Thu, 7 Jan 2021 03:14:45 +0000 (16:14 +1300)]
samba-tool: domain tombstones expunge reminds on semi-noop
Sometimes people assume `samba-tool domain tombstones expunge` will
expunge tombstones, but in the general case it won't because it only
affects those that have reached the tombstone lifetime, but these are
likely to have already been deleted by the regularly scheduled task.
You need to set the tombstone lifetime to have much effect.
This patch doesn't change the behaviour, but it does warn the user
that they are probably doing nothing of significance.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
Douglas Bagnall [Wed, 2 Dec 2020 22:57:48 +0000 (22:57 +0000)]
pytests: dns_base: remove a py2 compat thing
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
Douglas Bagnall [Wed, 2 Dec 2020 00:47:14 +0000 (13:47 +1300)]
kcc: use py3 compatible sort in rarely visited branch
This won't have worked for some time, but nobody has complained,
because nobody uses DS_NTDSSETTINGS_OPT_IS_RAND_BH_SELECTION_DISABLED
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
Douglas Bagnall [Tue, 1 Dec 2020 23:51:44 +0000 (12:51 +1300)]
py3compat: remove obsolete comments
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
Douglas Bagnall [Tue, 1 Dec 2020 23:27:35 +0000 (12:27 +1300)]
py bindings: write 'bytes', not 'PY_DESC_PY3_BYTES'
Because it is shorter, clearer, and reduces py3compat.h
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
Douglas Bagnall [Tue, 1 Dec 2020 23:11:04 +0000 (12:11 +1300)]
py/provision: provision_become_dc(): remove unused arguments
The only caller is source4/param/provision.c, which doesn't supply these arguments,
and they aren't used inside the function.
This makes it just slightly less overwhelming
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
Douglas Bagnall [Tue, 1 Dec 2020 23:09:05 +0000 (12:09 +1300)]
py/provision: remove unused variable, thence import
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
Douglas Bagnall [Wed, 3 Mar 2021 01:11:57 +0000 (14:11 +1300)]
selftest/flapping: remove python[23] lines
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Mar 17 07:03:27 UTC 2021 on sn-devel-184
Douglas Bagnall [Tue, 2 Mar 2021 23:37:45 +0000 (12:37 +1300)]
knownfail: remove python[23] lines
We no longer run any *python2* or *python3* specific tests, so
these knownfail lines are just clutter.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
Douglas Bagnall [Fri, 29 Jan 2021 00:49:02 +0000 (13:49 +1300)]
ldb: improve comments for ldb_module_connect_backend()
There is no flags argument.
There are more URI forms.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
Douglas Bagnall [Thu, 28 Jan 2021 21:15:18 +0000 (10:15 +1300)]
ldb/test/ldb_tdb: correct introductory comments
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
Douglas Bagnall [Sun, 20 Dec 2020 07:34:16 +0000 (20:34 +1300)]
pdb_samba_dsdb: remove #if 0 block
Doing nothng since 2011
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
Douglas Bagnall [Fri, 18 Dec 2020 22:43:56 +0000 (11:43 +1300)]
ldb.h: remove undefined async_ctx function signatures
These functions do not exist.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Tue, 9 Mar 2021 22:54:04 +0000 (23:54 +0100)]
smb2_sesssetup: validate that sign_algo and encryption_cipher match on a session bind
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Mar 17 01:56:37 UTC 2021 on sn-devel-184
Stefan Metzmacher [Wed, 10 Mar 2021 09:58:10 +0000 (10:58 +0100)]
smb2_sesssetup: a session bind with a different user results in ACCESS_DENIED
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Tue, 9 Mar 2021 16:03:27 +0000 (17:03 +0100)]
smb2_sesssetup: a bind dialect mismatch should always result in INVALID_PARAMETER
The ACCESS_DENIED errors happened as we didn't expected to signing
algo is attached to the session key. So our client calculated the
wrong signature.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Tue, 9 Mar 2021 16:11:04 +0000 (17:11 +0100)]
smb2_sesssetup: only set NT_STATUS_MORE_PROCESSING_REQUIRED if a reauth can start
When the session is not valid on the current connection it should not be
possible to start a reauth.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Tue, 9 Mar 2021 15:15:49 +0000 (16:15 +0100)]
smb2_sesssetup: don't shutdown a session on failure when it's not valid yet on the connection
If someone tries to operate on a session that is not yet valid on the
current connection and the current session setup fails, then we should
not shutdown the session.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Thu, 25 Feb 2021 16:58:48 +0000 (17:58 +0100)]
smb2_server: fallback global session lookup if the session belongs to a different client
The key is that we need to have the signing key in order to pass the
signing checks and give the correct session bind error status.
This should fix the MultipleChannel_Negative_SMB2002 testcase
of the Windows Protocol Test Suite (FileServer).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reported-by: Jones Syue <jonessyue@qnap.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Tue, 9 Mar 2021 15:00:55 +0000 (16:00 +0100)]
smbXsrv_session: split out smbXsrv_session_remove_channel()
It will be needed in other places and makes the logic in
smbXsrv_session_disconnect_xconn_callback() much simpler.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14532
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Wed, 10 Mar 2021 12:06:00 +0000 (13:06 +0100)]
s3:selftest: pass alice credentials to the smb2.session tests for ad_dc
This allows us to test session binds with different users.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Tue, 9 Mar 2021 13:26:46 +0000 (14:26 +0100)]
s4:torture/smb2: add smb2.session.bind_{invalid_auth,different_user}
These demonstrate that a failing bind does not destroy
the existing session and binding with a different user results
in ACCESS_DENIED.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Wed, 10 Mar 2021 11:55:14 +0000 (12:55 +0100)]
s4:torture: add a torture_user2_credentials() helper to pass additional credentials
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Wed, 24 Feb 2021 16:43:40 +0000 (17:43 +0100)]
s4:torture/smb2: add smb2.session.bind_negative_{smb202,smb210,smb2to3,smb3to2,smb3to3}
'smb2.session.bind_negative_smb202' is similar to the MultipleChannel_Negative_SMB2002 test
from the Windows Protocol Test Suite.
It demonstrates that the server needs to do lookup
in the global session table in order to get the signing
and error code of invalid session setups correct.
In order to work out the details I've added more similar tests.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Tue, 9 Mar 2021 12:53:36 +0000 (13:53 +0100)]
s4:torture/smb2: improve smb2.notify.invalid-reauth
This demonstrates that the session is gone after a failed reauth.
This is different compared to a failing session bind.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Tue, 9 Mar 2021 22:38:51 +0000 (23:38 +0100)]
libcli/smb: make use of smb3_capabilities.encryption
This avoids a hardcoded list of possible ciphers.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Thu, 11 Mar 2021 13:39:32 +0000 (14:39 +0100)]
s4:param: let lpcfg_smbcli_options() fill smb3_capabilities.ciphers
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Thu, 11 Mar 2021 13:38:33 +0000 (14:38 +0100)]
s3:libsmb: fill in smb3_capabilities.ciphers
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Tue, 9 Mar 2021 22:38:51 +0000 (23:38 +0100)]
libcli/smb: introduce struct smb3_encryption_capabilities
This will allow us to control the offered ciphers from the callers
later.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Tue, 9 Mar 2021 22:49:19 +0000 (23:49 +0100)]
libcli/smb: pass smb3_capabilities to smbXcli_conn_create()
Passing NULL means use none.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Tue, 9 Mar 2021 22:40:40 +0000 (23:40 +0100)]
s4:libcli/raw: add smb3_capabilities to struct smbcli_options
Currently this will be zeroed in lpcfg_smbcli_options(),
but will later allow advanced callers to pass values to
smbXcli_conn_create().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Tue, 9 Mar 2021 22:38:51 +0000 (23:38 +0100)]
libcli/smb: introduce struct struct smb311_capabilities
This will be filled later with supported ciphers and other
things that can be negotiated in SMB >= 3.1.1.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Wed, 10 Mar 2021 15:12:12 +0000 (16:12 +0100)]
libcli/smb: don't copy the key to a stack variable in smb2_signing_{encrypt,decrypt}_pdu()
The key size should always match now.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Wed, 10 Mar 2021 13:03:50 +0000 (14:03 +0100)]
libcli/smb: no longer pass protocol to smb2_signing_{encrypt,decrypt}_pdu()
The cipher algorithm is already passed via
smb2_signing_key->chipher_algo_id.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Wed, 11 Nov 2020 12:18:24 +0000 (13:18 +0100)]
libcli/smb: no longer pass protocol to smb2_signing_{sign,check}_pdu()
The signing algorithm is already passed via
smb2_signing_key->sign_algo_id.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Fri, 5 Mar 2021 17:01:01 +0000 (18:01 +0100)]
libcli/smb: make smb2_signing_key_destructor static
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Fri, 5 Mar 2021 22:14:21 +0000 (23:14 +0100)]
smb2_server: use struct smb2_signing_key for first_enc_key and last_sign_key
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Fri, 5 Mar 2021 21:40:43 +0000 (22:40 +0100)]
smbd: make use of smb2_signing_key_{copy,sign_create,cipher_create}() helpers
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Fri, 5 Mar 2021 15:43:29 +0000 (16:43 +0100)]
libcli/smb: make use of smb2_signing_key_{copy,sign_create,cipher_create}() in smbXcli_base.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Fri, 5 Mar 2021 15:19:08 +0000 (16:19 +0100)]
libcli/smb: add smb2_signing_key_{copy,sign_create,cipher_create}() helpers
These will simplify the callers a lot.
In important part is to also remember the sign and cipher algo ids.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Wed, 11 Nov 2020 12:18:24 +0000 (13:18 +0100)]
smb2_negotiate: maintain xconn->smb2.server.sign_algo
This prepares the negotiation of signing algorithms in future.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Wed, 11 Nov 2020 12:18:24 +0000 (13:18 +0100)]
libcli/smb: maintain smbXcli_conn.smb2.server.sign_algo
This prepares the negotiation of signing algorithms in future.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Fri, 5 Mar 2021 16:50:47 +0000 (17:50 +0100)]
smbXsrv_session: let smbXsrv_session_global_verify_record() use talloc_keep_secret() for keys
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Fri, 5 Mar 2021 17:24:27 +0000 (18:24 +0100)]
smb2_sesssetup: use smb2_signing_derivations_fill_const_stack()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Fri, 5 Mar 2021 15:14:35 +0000 (16:14 +0100)]
libcli/smb: make use of smb2_signing_derivations_fill_const_stack() smb2cli_session_set_session_key()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Fri, 5 Mar 2021 15:10:07 +0000 (16:10 +0100)]
libcli/smb: add smb2_signing_derivations_fill_const_stack()
This will allow us to have the logic in one place only
in future.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Wed, 11 Nov 2020 12:05:27 +0000 (13:05 +0100)]
libcli/smb: make use of smb2_signing_calc_signature() in smb2_signing_sign_pdu()
We only need to logic to calculate the signature once...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Tue, 9 Mar 2021 08:35:53 +0000 (09:35 +0100)]
libcli/smb: assert that smb2_signing_{sign,check}_pdu() gets 2-4 iovec elements
We expect the following:
* SMB2 HDR
* SMB2 BODY FIXED
* (optional) SMB2 BODY DYN
* (optional) PADDING
Everything else is a bug.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Wed, 11 Nov 2020 12:00:34 +0000 (13:00 +0100)]
libcli/smb: split out smb2_signing_calc_signature() from smb2_signing_check_pdu()
We only need one function to calculate the signature of an SMB2 packet.
And that only need the logic based on a gnutls_mac_algorithm_t once.
The next step will convert smb2_signing_sign_pdu() to also use
smb2_signing_calc_signature(). Doing that in a separate commit
should make sure we don't introduce a symetric bug.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Mon, 9 Nov 2020 13:22:24 +0000 (14:22 +0100)]
libcli/smb: pass the length of the resulting key to smb2_key_derivation()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Mon, 9 Nov 2020 13:10:27 +0000 (14:10 +0100)]
libcli/smb: prepare smb2_key_derivation() for keys larger than 16-bytes
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Tue, 16 Mar 2021 13:12:23 +0000 (14:12 +0100)]
selftest: fix cleanup of test_printing_var_exp.sh
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14668
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Mar 16 22:08:10 UTC 2021 on sn-devel-184
David Disseldorp [Wed, 5 Jun 2013 13:48:24 +0000 (15:48 +0200)]
Bug 9931: change pytalloc source to LGPL
pytalloc is currently GPL, while the rest of talloc is LGPL.
This situation arose because pytalloc was originally developed under
source4/scripting/python/, and moved into talloc proper with commit
0f043c197c473c801fc32c727194b5a2d6ae232f ("Move pytalloc to talloc
directory.", October 2008).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9931
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Björn Jacke <bjacke@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Mar 16 18:17:43 UTC 2021 on sn-devel-184
Douglas Bagnall [Thu, 28 Jan 2021 04:31:28 +0000 (17:31 +1300)]
fuzz:afl main: run the initialisation function
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
Douglas Bagnall [Fri, 29 Jan 2021 01:11:46 +0000 (14:11 +1300)]
fuzz: add a LLVMFuzzerInitialize() to all fuzzers
To compile the AFL binaries, we need every fuzzer to have a consistent
set of functions. Some fuzzers require the initialize function, so all
the rest must have an empty one.
AFL binaires are handy for testing the fuzz results in a less magical
environment than libfuzzer/honggfuzz give you.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
Douglas Bagnall [Thu, 28 Jan 2021 04:33:22 +0000 (17:33 +1300)]
fuzz:afl main: add a diagnostic message
LLVMFuzzerTestOneInput() NEVER returns non-zero, but if it does, we might as well
know what made it do so
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
Douglas Bagnall [Thu, 28 Jan 2021 04:24:47 +0000 (17:24 +1300)]
fuzz/afl main: don't treat fuzzer as fuzzee
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
Douglas Bagnall [Thu, 28 Jan 2021 04:06:28 +0000 (17:06 +1300)]
autobuild: fuzz: correctly spell AFL build option
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 9 Feb 2021 11:26:20 +0000 (12:26 +0100)]
rpc_server: Fix a -Werror=format-truncation error
gcc gets this wrong, it believes %u can write up to
"
2147483647" (2^31-1). Silence this with an easy patch.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 2 Feb 2021 14:12:55 +0000 (15:12 +0100)]
rpcclient: Fix a DBG msg: This is not dcerpc_winreg_int_openkey()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 23 Feb 2021 07:16:04 +0000 (08:16 +0100)]
winbindd: Improve a DEBUG message in sam_name_to_sid()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sun, 7 Feb 2021 13:38:34 +0000 (14:38 +0100)]
rpcclient: Factor out cmd_set_auth()
sign, seal and packet did exactly the same wrt authentication
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sat, 6 Feb 2021 21:21:01 +0000 (22:21 +0100)]
rpcclient: Convert binding-related commands to RPC_RTYPE_BINDING
Purely cosmetic at this point, will become useful soon
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sat, 6 Feb 2021 20:33:41 +0000 (21:33 +0100)]
rpcclient: Add RPC_RTYPE_BINDING
Purely transport-related commands don't need the cli_state.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sat, 6 Feb 2021 21:18:27 +0000 (22:18 +0100)]
rpcclient: Simplify do_cmd
Reduce indentation by an early "continue;", simplify if-expression
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sat, 6 Feb 2021 20:35:56 +0000 (21:35 +0100)]
rpcclient: Avoid a few implicit NULL assignments
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sun, 14 Mar 2021 09:18:12 +0000 (10:18 +0100)]
rpc_server: Initialize variables in get_md4pw()
My gcc complained at one point about uninitialized vars
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sun, 14 Mar 2021 09:05:33 +0000 (10:05 +0100)]
rpc_server: Save roundtrips into samr for machine pwd changes
We already have the machine SID, no need to look it up again.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 5 Feb 2021 14:00:00 +0000 (15:00 +0100)]
auth3: Make it a bit easier to #include "source3/include/auth.h"
Avoid using "uchar" in source3/auth/proto.h, this is #defined in includes.h
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 4 Mar 2021 10:42:25 +0000 (11:42 +0100)]
auth3: Align integer types
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sat, 13 Mar 2021 21:07:53 +0000 (22:07 +0100)]
lib: Remove init_names()
is_myname() looks at lp_* directly, nmbd maintains its own list: We don't
need the baroque loadparm handler anymore.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sat, 13 Mar 2021 20:56:53 +0000 (21:56 +0100)]
nmbd: Move my_netbios_names() to nmbd
nmbd is the heaviest user of this. The only other user was
is_myname(), which is used in quite a few places in source3.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sat, 13 Mar 2021 20:41:57 +0000 (21:41 +0100)]
lib: Unfold calls to my_netbios_names() in util_names.c
This will all go away in a few patches, this is an intermediate step.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 3 Feb 2021 09:15:00 +0000 (10:15 +0100)]
lib: Decouple is_myname() from init_names()
In a new binary I forgot "init_names()" in main and it crashed in
auth3. We should not have to call init_names() everywhere I guess.
The my_netbios_names() array is free of duplicates, but as we don't
expect more than a handful of netbios aliases this does not matter for
just checking existence of a name. And moreover, a properly configured
smb.conf doesn't have tons of dups in "netbios aliases" anyway.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 15 Feb 2021 10:38:18 +0000 (11:38 +0100)]
lib: Make pidfile_path_create() return the existing PID on conflict
Use F_GETLK to get the lock holder PID, this is more accurate than
reading the file contents: A conflicting process might not have
written its PID yet. Also, F_GETLK easily allows to do a retry if the
lock holder just died.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>