Andreas Schneider [Thu, 18 Nov 2021 12:46:26 +0000 (13:46 +0100)]
libcli:auth: Allow to connect to netlogon server offering only AES
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14912
Signed-off-by: Andreas Schneider <asn@samba.org>
Günther Deschner [Thu, 18 Nov 2021 10:52:18 +0000 (11:52 +0100)]
s3:rpc_client: Pass remote name and socket to cli_rpc_pipe_open_schannel_with_creds()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14767
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Andreas Schneider [Thu, 18 Nov 2021 10:47:26 +0000 (11:47 +0100)]
s3:rpc_client: Add remote name and socket to cli_rpc_pipe_open_bind_schannel()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14767
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Günther Deschner [Thu, 18 Nov 2021 10:43:08 +0000 (11:43 +0100)]
s3:rpc_client: Pass remote name and socket to cli_rpc_pipe_open_with_creds()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14767
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Andreas Schneider [Wed, 24 Nov 2021 12:21:28 +0000 (13:21 +0100)]
s3:libsmb: Remove trailing white spaces from passchange.c
Signed-off-by: Andreas Schneider <asn@samba.org>
Günther Deschner [Thu, 18 Nov 2021 10:31:00 +0000 (11:31 +0100)]
s3:rpc_client: Pass remote name and socket to cli_rpc_pipe_open_noauth_transport()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14767
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Andreas Schneider [Thu, 18 Nov 2021 10:38:42 +0000 (11:38 +0100)]
s3:libnet: Remove tailing whitespaces in libnet_join.c
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14767
Signed-off-by: Andreas Schneider <asn@samba.org>
Andreas Schneider [Thu, 18 Nov 2021 10:32:42 +0000 (11:32 +0100)]
s3:rpcclient: Remove trailing white spaces in rpcclient.c
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14767
Signed-off-by: Andreas Schneider <asn@samba.org>
Günther Deschner [Thu, 18 Nov 2021 10:18:59 +0000 (11:18 +0100)]
s3:rpc_client: Pass remote name and socket to cli_rpc_pipe_open()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14767
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Andreas Schneider [Thu, 18 Nov 2021 10:14:16 +0000 (11:14 +0100)]
s3:rpc_client: Remove trailing white spaces from cli_pipe.c
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14767
Signed-off-by: Andreas Schneider <asn@samba.org>
Andreas Schneider [Wed, 17 Nov 2021 10:46:04 +0000 (11:46 +0100)]
testprogs: Add rpcclient schannel tests
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14767
Signed-off-by: Andreas Schneider <asn@samba.org>
Douglas Bagnall [Fri, 19 Nov 2021 03:16:30 +0000 (16:16 +1300)]
pytest/docs: better spelling of set_smbconf_arbitrary
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Mon Nov 22 11:18:09 UTC 2021 on sn-devel-184
Douglas Bagnall [Fri, 19 Nov 2021 03:15:50 +0000 (16:15 +1300)]
pytest/docs: set_smbconf_arbitrary_opposite() needs param_type
also, we fixed the name ("arbitrary", not "arbitary").
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
Douglas Bagnall [Fri, 19 Nov 2021 03:13:39 +0000 (16:13 +1300)]
pytest/dns_aging: remove duplicate tests
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
Douglas Bagnall [Fri, 19 Nov 2021 03:12:43 +0000 (16:12 +1300)]
pytest/dns_aging: use correct variable names
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Douglas Bagnall [Fri, 19 Nov 2021 03:21:08 +0000 (16:21 +1300)]
py/dnsserver: add a missing exception variable
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
Douglas Bagnall [Fri, 19 Nov 2021 03:11:14 +0000 (16:11 +1300)]
py/dnsserver: add missing imports
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.com>
Douglas Bagnall [Fri, 19 Nov 2021 02:33:09 +0000 (15:33 +1300)]
third_party/update: forget pep8
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Fri Nov 19 13:25:16 UTC 2021 on sn-devel-184
Douglas Bagnall [Fri, 19 Nov 2021 02:28:48 +0000 (15:28 +1300)]
pytest/source_chars: forget thirdparty/pep8 test file
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
Douglas Bagnall [Fri, 19 Nov 2021 02:18:23 +0000 (15:18 +1300)]
third_party: remove pep8
This was a *partial* copy of the python linting tool that has been
known as 'pycodestyle' since 2017. I say partial copy, because it does
not seem to contain the pep8 binary itself, just some documentation
and tests. It has not been changed since it was added in 2015.
It is GOOD that people run python linters, but this doesn't help them
in the slightest.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
Volker Lendecke [Wed, 17 Nov 2021 11:27:27 +0000 (12:27 +0100)]
cmdline: Make -P work in clustered mode
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14908
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Nov 17 18:29:09 UTC 2021 on sn-devel-184
Volker Lendecke [Wed, 17 Nov 2021 11:25:58 +0000 (12:25 +0100)]
cmdline: Add a callback to set the machine account details
source3 clients need to work in clustered mode, the default
cli_credentials_set_machine_account() only looks at the local
secrets.tdb file
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14908
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Wed, 17 Nov 2021 11:25:05 +0000 (12:25 +0100)]
lib: Add required includes to source3/include/secrets.h
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14908
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Wed, 17 Nov 2021 15:34:07 +0000 (16:34 +0100)]
selftest: Add reproducer for bug 14908
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14908
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Douglas Bagnall [Tue, 16 Nov 2021 20:47:18 +0000 (09:47 +1300)]
lib/replace/timegm: use utf-8
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Nov 17 05:27:39 UTC 2021 on sn-devel-184
Douglas Bagnall [Tue, 16 Nov 2021 20:48:37 +0000 (09:48 +1300)]
s4/auth/gensec/gensec_krb5_heimdal: use utf-8
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Ralph Boehme <slow@samba.org>
Douglas Bagnall [Tue, 16 Nov 2021 20:49:05 +0000 (09:49 +1300)]
test/blackbox/test_samba-tool_ntacl: use utf-8
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Ralph Boehme <slow@samba.org>
Douglas Bagnall [Tue, 16 Nov 2021 20:47:52 +0000 (09:47 +1300)]
s3/modules/vfs_acl_common.h: use utf-8
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Ralph Boehme <slow@samba.org>
Douglas Bagnall [Tue, 16 Nov 2021 21:23:02 +0000 (10:23 +1300)]
test/bad_chars: ensure our tests could fail
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Ralph Boehme <slow@samba.org>
Douglas Bagnall [Tue, 16 Nov 2021 20:23:04 +0000 (20:23 +0000)]
pytests: check that we don't have bad format characters
Unicode has format control characters that affect the appearance —
including the apparent order — of other characters. Some of these,
like the bidi controls (for mixing left-to-right scripts with
right-to-left scripts) can be used make text that means one thing look
very much like it means another thing.
The potential for duplicity using these characters has recently been
publicised under the name “Trojan Source”, and CVE-2021-42694. A
specific example, as it affects the Rust language is CVE-2021-42574.
We don't have many format control characters in our code — in fact,
just the non-breaking space (\u200b) and the redundant BOM thing
(\ufeff), and this test aims to ensure we keep it that way.
The test uses a series of allow-lists and deny-lists to check most
text files for unknown format control characters. The filtering is
fairly conservative but not exhaustive. For example, XML and text
files are checked, but UTF-16 files are not.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Tue, 9 Nov 2021 22:57:18 +0000 (14:57 -0800)]
s3: smbd: In SMB1 call_trans2findnext() add and use a helper variable to ensure we don't call mangle_is_mangled() with a posix name.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Nov 16 21:06:38 UTC 2021 on sn-devel-184
Jeremy Allison [Tue, 9 Nov 2021 22:55:05 +0000 (14:55 -0800)]
s3: smbd: In unlink_internals() ensure we never call mangle_is_mangled for a posix path.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Tue, 9 Nov 2021 22:28:34 +0000 (14:28 -0800)]
s3: smbd: SMB1 reply_copy(). Posix pathnames always means case_sensitive = true.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Tue, 9 Nov 2021 22:23:22 +0000 (14:23 -0800)]
s3: smbd: SMB1 reply_copy(). Posix pathnames should never call into mangle_is_mangled().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Tue, 9 Nov 2021 22:21:41 +0000 (14:21 -0800)]
s3: smbd: In SMB1 reply_copy(), make req->posix_pathnames a helper variable.
I need to use it elsewhere in here.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Tue, 9 Nov 2021 00:37:26 +0000 (16:37 -0800)]
s3: smbd: Add and use helper variables for case_sensitive, case_preserve, short_case_preserve to rename_internals().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Tue, 9 Nov 2021 00:31:40 +0000 (16:31 -0800)]
s3: smbd: Ensure we never call mangle_is_mangled() for a posix path.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Tue, 9 Nov 2021 00:30:27 +0000 (16:30 -0800)]
s3: smbd: Add and use helper variable posix_pathname in rename_internals().
We're going to re-use it inside this function.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Tue, 9 Nov 2021 00:27:19 +0000 (16:27 -0800)]
s3: smbd: Add and use helper variables case_sensitive, case_preserve in rename_internals_fsp().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Tue, 9 Nov 2021 00:22:50 +0000 (16:22 -0800)]
s3: smbd: Add and use case_sensitive helper variable to unlink_internals().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Mon, 8 Nov 2021 23:59:51 +0000 (15:59 -0800)]
s3: smbd: Use a helper variable in smbd_smb2_query_directory_send().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Mon, 8 Nov 2021 22:10:59 +0000 (14:10 -0800)]
s3: smbd: In open_file() use the helper variable to select correct case_sensitive setting to is_in_path().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Mon, 8 Nov 2021 22:09:53 +0000 (14:09 -0800)]
s3: smbd: In open_file(), use a helper variable instead of always checking sp->posix_flags & FSP_POSIX_FLAGS_OPEN.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Mon, 8 Nov 2021 19:25:26 +0000 (11:25 -0800)]
s3: smbd: Use dptr_case_sensitive() in directory listing code.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Mon, 8 Nov 2021 19:21:03 +0000 (11:21 -0800)]
s3: smbd: Add dptr_case_sensitive(). Not yet used.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Fri, 5 Nov 2021 23:43:14 +0000 (16:43 -0700)]
s3: smbd: In OpenDir_fsp(), set dir_hnd->case_sensitive to true if FSP_POSIX_FLAGS_OPEN is set.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Fri, 15 Oct 2021 23:52:10 +0000 (16:52 -0700)]
s3: smbd: Use dir_hnd->case_sensitive instead of conn->case_sensitive.
No logic change.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Fri, 15 Oct 2021 23:48:03 +0000 (16:48 -0700)]
s3: smbd: Add case_sensitive to struct smb_Dir.
Not yet used.
This allows it to be independent of conn settings on
a per-handle-basis for SMB2 posix.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Fri, 5 Nov 2021 23:55:06 +0000 (16:55 -0700)]
s3: smbd: Use state->case_sensitive instead of state->conn->case_sensitive.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Fri, 5 Nov 2021 23:53:26 +0000 (16:53 -0700)]
s3: smbd: Add 'bool case_sensitive' to struct smbd_dirptr_lanman2_state.
Initialize from conn->case_sensitive. Not yet used.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Fri, 15 Oct 2021 23:26:24 +0000 (16:26 -0700)]
s3: smbd: In unix_convert() component_was_mangled is always false for posix.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Fri, 15 Oct 2021 23:20:34 +0000 (16:20 -0700)]
s3: smbd: In unix_convert_step_search_fail() ensure posix names don't call into name mangling functions.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Fri, 15 Oct 2021 22:03:16 +0000 (15:03 -0700)]
s3: smbd: Add comment to unix_convert() explaining why posix never calls into mangle_is_mangled() here.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Fri, 15 Oct 2021 20:32:27 +0000 (13:32 -0700)]
s3: smbd: Turn on case sensitivity for a posix filename lookup.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Fri, 15 Oct 2021 19:08:25 +0000 (12:08 -0700)]
s3: smbd: Use state->short_case_preserve instead of state->conn->short_case_preserve.
No logic changes.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Fri, 15 Oct 2021 19:07:05 +0000 (12:07 -0700)]
s3: smbd: Use state->case_preserve instead of state->conn->case_preserve.
No logic change.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Fri, 15 Oct 2021 19:02:33 +0000 (12:02 -0700)]
s3: smbd: Use state->case_sensitive instead of state->conn->case_sensitive.
No logic change.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Fri, 15 Oct 2021 18:59:56 +0000 (11:59 -0700)]
s3: smbd: Add case_sensitive, case_preserve, short_case_preserve to state struct.
Not yet used.
This allows them to be independent of conn settings on
a handle-basis for posix.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Fri, 15 Oct 2021 18:54:38 +0000 (11:54 -0700)]
s3: smbd: Ensure normalize_filename_case() doesn't modify posix names.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Sat, 18 Sep 2021 00:02:06 +0000 (17:02 -0700)]
s3: smbd: Add ucf_flags parameter to normalize_filename_case().
Not yet used.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Fri, 15 Oct 2021 21:04:07 +0000 (14:04 -0700)]
s3: smbd: get_real_filename() is actually static to filename.c
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Ralph Boehme [Mon, 15 Nov 2021 17:04:30 +0000 (18:04 +0100)]
smbd: get rid of get_file_handle_for_metadata()
This also avoids triggering an assert in get_share_mode_lock(). We already have
a handle, use that one, no need to call get_file_handle_for_metadata().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14907
RN: set_ea_dos_attribute() fallback calling get_file_handle_for_metadata() triggers locking.tdb assert
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Nov 16 18:51:15 UTC 2021 on sn-devel-184
Andrew Bartlett [Fri, 12 Nov 2021 03:10:31 +0000 (16:10 +1300)]
CVE-2020-25717: s3:auth: Fallback to a SID/UID based mapping if the named based lookup fails
Before the CVE-2020-25717 fixes we had a fallback from
getpwnam('DOMAIN\user') to getpwnam('user') which was very dangerous and
unpredictable.
Now we do the fallback based on sid_to_uid() followed by
getpwuid() on the returned uid.
This obsoletes 'username map [script]' based workaround adviced
for CVE-2020-25717, when nss_winbindd is not used or
idmap_nss is actually used.
In future we may decide to prefer or only do the SID/UID based
lookup, but for now we want to keep this unchanged as much as possible.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14901
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
[metze@samba.org moved the new logic into the fallback codepath only
in order to avoid behavior changes as much as possible]
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Mon Nov 15 19:01:56 UTC 2021 on sn-devel-184
Joseph Sutton [Fri, 12 Nov 2021 01:22:47 +0000 (14:22 +1300)]
CVE-2020-25717: tests/krb5: Add a test for idmap_nss mapping users to SIDs
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14901
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
[metze@samba.org removed unused tests for a feature that
was removed before merging]
Reviewed-by: Ralph Boehme <slow@samba.org>
Joseph Sutton [Fri, 12 Nov 2021 01:20:45 +0000 (14:20 +1300)]
CVE-2020-25717: selftest: turn ad_member_no_nss_wb into ad_member_idmap_nss
In reality environments without 'nss_winbind' make use of 'idmap_nss'.
For testing, DOMAIN/bob is mapped to the local 'bob',
while DOMAIN/jane gets the uid based on the local 'jane'
vis idmap_nss.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14901
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
[metze@samba.org avoid to create a new ad_member_idmap_nss environment
and merge it with ad_member_no_nss_wb instead]
Reviewed-by: Ralph Boehme <slow@samba.org>
Joseph Sutton [Fri, 12 Nov 2021 07:53:30 +0000 (20:53 +1300)]
CVE-2020-25717: nsswitch/nsstest.c: Lower 'non existent uid' to make room for new accounts
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14901
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Joseph Sutton [Fri, 12 Nov 2021 01:14:55 +0000 (14:14 +1300)]
CVE-2020-25717: tests/krb5: Add method to automatically obtain server credentials
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14901
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Fri, 12 Nov 2021 14:27:58 +0000 (15:27 +0100)]
CVE-2020-25727: idmap_nss: verify that the name of the sid belongs to the configured domain
We already check the sid belongs to the domain, but checking the name
too feels better and make it easier to understand.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14901
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Alexander Bokovoy [Fri, 12 Nov 2021 17:06:01 +0000 (19:06 +0200)]
IPA DC: add missing checks
When introducing FreeIPA support, two places were forgotten:
- schannel gensec module needs to be aware of IPA DC
- _lsa_QueryInfoPolicy should treat IPA DC as PDC
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14903
Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Alexander Bokovoy <ab@samba.org>
Autobuild-Date(master): Sat Nov 13 07:01:26 UTC 2021 on sn-devel-184
Volker Lendecke [Tue, 2 Nov 2021 09:35:35 +0000 (10:35 +0100)]
smbd: Convert ret==false into !ret
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Nov 11 19:59:03 UTC 2021 on sn-devel-184
Volker Lendecke [Fri, 5 Nov 2021 10:48:25 +0000 (11:48 +0100)]
lib: Use a direct struct initialization
Don't init with 0 just to overwrite again. Probably the compiler will
figure that out anyway, but to me this looks cleaner.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sun, 7 Nov 2021 18:33:31 +0000 (19:33 +0100)]
smbd: Make sure we don't overwrite tmp_buf
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 5 Nov 2021 17:52:56 +0000 (18:52 +0100)]
smbd: Avoid casts
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 5 Nov 2021 17:52:40 +0000 (18:52 +0100)]
smbd: Fix typos
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 5 Nov 2021 11:58:58 +0000 (12:58 +0100)]
vfs: Use cp_smb_filename_nostream() in vfswrap_parent_pathname()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 5 Nov 2021 11:03:02 +0000 (12:03 +0100)]
smbd: Move "struct fd_handle" into fd_handle.c
A separate header file is not required here, everything goes through
the API published by fd_handle.c. This makes it harder to include the
fd_handle definition and violate the guarantees.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 5 Nov 2021 10:51:33 +0000 (11:51 +0100)]
lib: Slightly tune cp_smb_filename_nostream()
Don't talloc_strdup() the stream_name, just to free it again.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sat, 30 Oct 2021 09:45:20 +0000 (11:45 +0200)]
libcli4: Remove outdated README file
This has not materialized since 2005. We can easily add it once we
create libsmbclient4.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 2 Nov 2021 10:16:57 +0000 (11:16 +0100)]
vfs: Fix a few typos
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 2 Nov 2021 10:06:18 +0000 (11:06 +0100)]
smbd: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 10 Nov 2021 15:19:40 +0000 (16:19 +0100)]
smb.conf.5: Fix a typo for "username map script"
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 29 Oct 2021 12:18:02 +0000 (14:18 +0200)]
libsmb: Move cli_qfilename() to its only user in torture.c
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 22 Oct 2021 11:32:36 +0000 (13:32 +0200)]
dbwrap: Remove unused dbwrap_watched_wakeup()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 22 Oct 2021 15:30:46 +0000 (17:30 +0200)]
lib: Fix a debug typo in g_lock.c
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 14 Oct 2021 13:08:55 +0000 (15:08 +0200)]
libcli: Remove NT_STATUS_INACCESSIBLE_SYSTEM_SHORTCUT error code
This is the same as STATUS_STOPPED_ON_SYMLINK, and this is what also
wireshark displays. Avoid some confusion.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 12 Oct 2021 10:36:16 +0000 (12:36 +0200)]
VFS: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sun, 24 Oct 2021 18:38:19 +0000 (20:38 +0200)]
libsmb: move reparse_symlink to libcli/smb/
This will be useful for smbXcli_create to parse the symlink error
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sun, 24 Oct 2021 13:28:35 +0000 (15:28 +0200)]
libsmb: Avoid a talloc_stackframe.c dependency
This is simple enough for explicit TALLOC_FREE()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sun, 24 Oct 2021 13:24:42 +0000 (15:24 +0200)]
libsmb: Introduce "struct symlink_reparse_struct"
Simplify symlink_reparse_buffer_parse() slightly, failure cleanup
becomes simpler with that, and this struct will be useful elsewhere
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sun, 24 Oct 2021 10:45:23 +0000 (12:45 +0200)]
libsmb: Give reparse_symlink.c its own header
While there, avoid an "includes.h"
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sun, 24 Oct 2021 10:44:56 +0000 (12:44 +0200)]
libcli: "smb_util.h" needs "ntstatus.h"
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sun, 24 Oct 2021 10:38:21 +0000 (12:38 +0200)]
libsmb: Remove "trans_oob()" macro
It was just a 1:1 substitution for smb_buffer_oob()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 26 Oct 2021 08:14:28 +0000 (10:14 +0200)]
smbclient: Use cli_checkpath in "cd" command
No need for special qpathinfo_basic code
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 26 Oct 2021 06:51:16 +0000 (08:51 +0200)]
libsmb: Use cli_ntcreate in cli_chkpath
cli_ntcreate handles smb2, thus remove cli_smb2_chkpath.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 26 Oct 2021 11:56:54 +0000 (13:56 +0200)]
smbd: Remove unused "struct connections_key"
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 26 Oct 2021 11:48:28 +0000 (13:48 +0200)]
smbd: Give smbXsrv_open.c its own header file
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Thu, 11 Nov 2021 13:46:15 +0000 (14:46 +0100)]
docs-xml: Fix smbget manpage
There is no &stdarg.encrypt anymore.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Nov 11 16:27:12 UTC 2021 on sn-devel-184
Volker Lendecke [Tue, 7 Jul 2020 09:32:46 +0000 (11:32 +0200)]
smbd: reopen logs on SIGHUP for notifyd and cleanupd
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Nov 11 15:34:28 UTC 2021 on sn-devel-184
Ralph Boehme [Mon, 8 Nov 2021 11:09:43 +0000 (12:09 +0100)]
lib/cmdline: setup default file logging for servers
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14897
RN: samba process doesn't log to logfile
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Nov 11 14:42:13 UTC 2021 on sn-devel-184
Ralph Boehme [Mon, 8 Nov 2021 11:09:16 +0000 (12:09 +0100)]
lib/cmdline: remember config_type in samba_cmdline_init()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14897
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>