samba.git
28 min agoCVE-2020-14303: s4 nbt: fix busy loop on empty UDP packet master
Gary Lockyer [Wed, 24 Jun 2020 02:27:08 +0000 (14:27 +1200)]
CVE-2020-14303: s4 nbt: fix busy loop on empty UDP packet

An empty UDP packet put the nbt server into a busy loop that consumes
100% of a cpu.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14417

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(master): Thu Jul  2 10:26:24 UTC 2020 on sn-devel-184

112 min agoCVE-2020-14303 Ensure an empty packet will not DoS the NBT server
Andrew Bartlett [Wed, 24 Jun 2020 23:59:54 +0000 (11:59 +1200)]
CVE-2020-14303 Ensure an empty packet will not DoS the NBT server

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
112 min agoCVE-2020-10760 dsdb: Add tests for paged_results and VLV over the Global Catalog...
Andrew Bartlett [Mon, 8 Jun 2020 04:32:14 +0000 (16:32 +1200)]
CVE-2020-10760 dsdb: Add tests for paged_results and VLV over the Global Catalog port

This should avoid a regression.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
112 min agoCVE-2020-10760 dsdb: Ensure a proper talloc tree for saved controls
Andrew Bartlett [Fri, 5 Jun 2020 10:14:48 +0000 (22:14 +1200)]
CVE-2020-10760 dsdb: Ensure a proper talloc tree for saved controls

Otherwise a paged search on the GC port will fail as the ->data was
not kept around for the second page of searches.

An example command to produce this is
 bin/ldbsearch --paged -H ldap://$SERVER:3268 -U$USERNAME%$PASSWORD

This shows up later in the partition module as:

ERROR: AddressSanitizer: heap-use-after-free on address 0x60b00151ef20 at pc 0x7fec3f801aac bp 0x7ffe8472c270 sp 0x7ffe8472c260
READ of size 4 at 0x60b00151ef20 thread T0 (ldap(0))
    #0 0x7fec3f801aab in talloc_chunk_from_ptr ../../lib/talloc/talloc.c:526
    #1 0x7fec3f801aab in __talloc_get_name ../../lib/talloc/talloc.c:1559
    #2 0x7fec3f801aab in talloc_check_name ../../lib/talloc/talloc.c:1582
    #3 0x7fec1b86b2e1 in partition_search ../../source4/dsdb/samdb/ldb_modules/partition.c:780

or

smb_panic_default: PANIC (pid 13287): Bad talloc magic value - unknown value
(from source4/dsdb/samdb/ldb_modules/partition.c:780)

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14402

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
112 min agoCVE-2020-10745: ndr/dns-utils: prepare for NBT compatibility
Douglas Bagnall [Thu, 14 May 2020 22:52:45 +0000 (10:52 +1200)]
CVE-2020-10745: ndr/dns-utils: prepare for NBT compatibility

NBT has a funny thing where it sometimes needs to send a trailing dot as
part of the last component, because the string representation is a user
name. In DNS, "example.com", and "example.com." are the same, both
having three components ("example", "com", ""); in NBT, we want to treat
them differently, with the second form having the three components
("example", "com.", "").

This retains the logic of e6e2ec0001fe3c010445e26cc0efddbc1f73416b.

Also DNS compression cannot be turned off for NBT.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14378

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
112 min agoCVE-2020-10745: dns_util/push: forbid names longer than 255 bytes
Douglas Bagnall [Thu, 14 May 2020 12:06:08 +0000 (00:06 +1200)]
CVE-2020-10745: dns_util/push: forbid names longer than 255 bytes

As per RFC 1035.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14378

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
112 min agoCVE-2020-10745: ndr_dns: do not allow consecutive dots
Douglas Bagnall [Fri, 24 Apr 2020 23:10:18 +0000 (11:10 +1200)]
CVE-2020-10745: ndr_dns: do not allow consecutive dots

The empty subdomain component is reserved for the root domain, which we
should only (and always) see at the end of the list. That is, we expect
"example.com.", but never "example..com".

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14378

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
112 min agoCVE-2020-10745: ndr/dns_utils: correct a comment
Douglas Bagnall [Fri, 24 Apr 2020 23:03:30 +0000 (11:03 +1200)]
CVE-2020-10745: ndr/dns_utils: correct a comment

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14378

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
112 min agoCVE-2020-10745: ndr_dns: move ndr_push_dns_string core into sharable function
Douglas Bagnall [Fri, 24 Apr 2020 23:02:08 +0000 (11:02 +1200)]
CVE-2020-10745: ndr_dns: move ndr_push_dns_string core into sharable function

This is because ndr_nbt.c does almost exactly the same thing with
almost exactly the same code, and they both do it wrong. Soon they
will both be using the better version that this will become. Though in
this patch we just move the code, not fix it.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14378

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
112 min agoCVE-2020-10745: librpc/tests: cmocka tests of dns and ndr strings
Douglas Bagnall [Fri, 12 Jun 2020 02:26:38 +0000 (14:26 +1200)]
CVE-2020-10745: librpc/tests: cmocka tests of dns and ndr strings

These time the push and pull function in isolation.

Timing should be under 0.0001 seconds on even quite old hardware; we
assert it must be under 0.2 seconds.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14378

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
112 min agoCVE-2020-10745: pytests: hand-rolled invalid dns/nbt packet tests
Douglas Bagnall [Thu, 11 Jun 2020 05:38:51 +0000 (17:38 +1200)]
CVE-2020-10745: pytests: hand-rolled invalid dns/nbt packet tests

The client libraries don't allow us to make packets that are broken in
certain ways, so we need to construct them as byte strings.

These tests all fail at present, proving the server is rendered
unresponsive, which is the crux of CVE-2020-10745.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14378

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
112 min agoCVE-2020-10730: lib ldb: Check if ldb_lock_backend_callback called twice
Gary Lockyer [Tue, 12 May 2020 22:56:56 +0000 (10:56 +1200)]
CVE-2020-10730: lib ldb: Check if ldb_lock_backend_callback called twice

Prevent use after free issues if ldb_lock_backend_callback is called
twice, usually due to ldb_module_done being called twice. This can happen if a
module ignores the return value from function a function that calls
ldb_module_done as part of it's error handling.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14364

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
113 min agoCVE-2020-10730: s4 dsdb vlv_pagination: Prevent repeat call of ldb_module_done
Gary Lockyer [Mon, 18 May 2020 00:37:39 +0000 (12:37 +1200)]
CVE-2020-10730: s4 dsdb vlv_pagination: Prevent repeat call of ldb_module_done

Check the return code from vlv_results, if it is not LDB_SUCCESS
ldb_module_done has already been called, and SHOULD NOT be called again.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14364

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
113 min agoCVE-2020-10730: s4 dsdb paged_results: Prevent repeat call of ldb_module_done
Gary Lockyer [Mon, 18 May 2020 00:36:57 +0000 (12:36 +1200)]
CVE-2020-10730: s4 dsdb paged_results: Prevent repeat call of ldb_module_done

Check the return code from paged_results, if it is not LDB_SUCCESS
ldb_module_done has already been called, and SHOULD NOT be called again.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14364

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
113 min agoCVE-2020-10730: dsdb: Ban the combination of paged_results and VLV
Andrew Bartlett [Wed, 6 May 2020 04:18:19 +0000 (16:18 +1200)]
CVE-2020-10730: dsdb: Ban the combination of paged_results and VLV

This (two different paging controls) makes no sense and fails against
Windows Server 1709.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14364

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
113 min agoCVE-2020-10730: dsdb: Fix crash when vlv and paged_results are combined
Andrew Bartlett [Wed, 6 May 2020 05:05:30 +0000 (17:05 +1200)]
CVE-2020-10730: dsdb: Fix crash when vlv and paged_results are combined

The GUID is not returned in the DN for some reason in this (to be banned)
combination.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14364

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
113 min agoCVE-2020-10730: selftest: Add test to show that VLV and paged_results are incompatible
Andrew Bartlett [Wed, 6 May 2020 04:19:01 +0000 (16:19 +1200)]
CVE-2020-10730: selftest: Add test to show that VLV and paged_results are incompatible

As tested against Windows Server 1709

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14364

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
113 min agoCVE-2020-10730: vlv: Another workaround for mixing ASQ and VLV
Andrew Bartlett [Tue, 5 May 2020 04:34:11 +0000 (16:34 +1200)]
CVE-2020-10730: vlv: Another workaround for mixing ASQ and VLV

This is essentially an alternative patch, but without the correct
behaviour.  Instead this just avoids a segfault.

Included in case we have something simialr again in
another module.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14364

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
113 min agoCVE-2020-10730: selftest: Add test to confirm VLV interaction with ASQ
Andrew Bartlett [Tue, 5 May 2020 01:16:48 +0000 (13:16 +1200)]
CVE-2020-10730: selftest: Add test to confirm VLV interaction with ASQ

Tested against Windows 1709.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14364

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
113 min agoCVE-2020-10730: vlv: Do not re-ASQ search the results of an ASQ search with VLV
Andrew Bartlett [Tue, 5 May 2020 00:55:57 +0000 (12:55 +1200)]
CVE-2020-10730: vlv: Do not re-ASQ search the results of an ASQ search with VLV

This is a silly combination, but at least try and keep the results sensible
and avoid a double-dereference.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14364

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
113 min agoCVE-2020-10730: vlv: Use strcmp(), not strncmp() checking the NULL terminated control...
Andrew Bartlett [Tue, 5 May 2020 00:54:59 +0000 (12:54 +1200)]
CVE-2020-10730: vlv: Use strcmp(), not strncmp() checking the NULL terminated control OIDs

The end result is the same, as sizeof() includes the trailing NUL, but this
avoids having to think about that.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14364

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
15 hours agos3: libsmb: Fix SMB2 client rename bug to a Windows server.
Jeremy Allison [Tue, 30 Jun 2020 21:00:41 +0000 (14:00 -0700)]
s3: libsmb: Fix SMB2 client rename bug to a Windows server.

Fix bug where renaming to a target name of one
UCS2 character (name length 2 bytes) fails to
a Windows 10 SMB2 server.

The Windows 10 SMB2 server has a minimum length
for a SMB2_FILE_RENAME_INFORMATION buffer of
24 bytes. It returns NT_STATUS_INFO_LENGTH_MISMATCH
if the length is less. This isn't an alignment
issue as Windows client happily 2-byte align
for larget target name sizes. Also the Windows 10
SMB1 server doesn't have this restriction.

If the name length is too short, pad out with
zeros to 24 bytes.

Hard to add a test for this as we don't want to
add this silly restriction to the Samba server
as it would break all non-Windows clients.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14403

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jul  1 18:59:53 UTC 2020 on sn-devel-184

19 hours agotls: Use NORMAL:-VERS-SSL3.0 as the default configuration
Andreas Schneider [Tue, 30 Jun 2020 15:12:17 +0000 (17:12 +0200)]
tls: Use NORMAL:-VERS-SSL3.0 as the default configuration

This seems to be really broken in GnuTLS and the documentation is also
not correct.

This partially reverts 53e3a959b958a3b099df6ecc5f6e294e96bd948e

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14408

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Jul  1 14:56:33 UTC 2020 on sn-devel-184

21 hours agoselftest: Run test of how userPassword / crypt() style passwords are stored in quicktest
Andrew Bartlett [Wed, 1 Jul 2020 02:31:54 +0000 (14:31 +1200)]
selftest: Run test of how userPassword / crypt() style passwords are stored in quicktest

This ensures that the crypt_r()/crypt_rn()/crypt() behaviour is tested in all
the samba-o3 builds and so is checked on RHEL7 in GitLab CI.

https://bugzilla.samba.org/show_bug.cgi?id=14424

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
21 hours agoselftest: Split samba.tests.samba_tool.user_virtualCryptSHA into GPG and not GPG...
Andrew Bartlett [Wed, 1 Jul 2020 02:30:24 +0000 (14:30 +1200)]
selftest: Split samba.tests.samba_tool.user_virtualCryptSHA into GPG and not GPG parts

This allows the userPassword (not GPG) part of the test to run on hosts without
python3-gpg (eg RHEL7) while still testing the userPassword handling.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14424

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
21 hours agodsdb: Allow "password hash userPassword schemes = CryptSHA256" to work on RHEL7
Andrew Bartlett [Wed, 1 Jul 2020 02:35:39 +0000 (14:35 +1200)]
dsdb: Allow "password hash userPassword schemes = CryptSHA256" to work on RHEL7

On RHEL7 crypt_r() will set errno.  This is a problem because the implementation of crypt_r()
in RHEL8 and elsewhere in libcrypt will return non-NULL but set errno on failure.

The workaround is to use crypt_rn(), provided only by libcrypt, which will return NULL
on failure, and so avoid checking errno in the non-failure case.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14424

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2 days agoshare_mode_lock.c: initialize out param
Isaac Boukris [Mon, 29 Jun 2020 08:42:09 +0000 (10:42 +0200)]
share_mode_lock.c: initialize out param

detected by covscan:
source3/locking/share_mode_lock.c:1563:6: warning: Branch condition evaluates to a garbage value

Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: David Mulder <dmulder@suse.com>
Autobuild-User(master): Isaac Boukris <iboukris@samba.org>
Autobuild-Date(master): Tue Jun 30 09:42:33 UTC 2020 on sn-devel-184

2 days agolibgpo: only install group policy admx files when building as DC
Günther Deschner [Fri, 26 Jun 2020 08:35:13 +0000 (10:35 +0200)]
libgpo: only install group policy admx files when building as DC

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Tue Jun 30 07:51:48 UTC 2020 on sn-devel-184

2 days agoutil: fix build on AIX by fixing the order of replace.h include
Bjoern Jacke [Mon, 29 Jun 2020 12:00:46 +0000 (12:00 +0000)]
util: fix build on AIX by fixing the order of replace.h include

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14422

Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Björn Jacke <bjacke@samba.org>
Autobuild-Date(master): Mon Jun 29 18:19:04 UTC 2020 on sn-devel-184

5 days agos3:smbd: fix the handling of the durable_v2_timeout
Stefan Metzmacher [Wed, 24 Jun 2020 16:01:46 +0000 (18:01 +0200)]
s3:smbd: fix the handling of the durable_v2_timeout

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Jun 27 05:42:05 UTC 2020 on sn-devel-184

5 days agos4:torture/smb2: adjust durable v2 tests to pass against Windows Server 2019
Stefan Metzmacher [Wed, 24 Jun 2020 15:48:24 +0000 (17:48 +0200)]
s4:torture/smb2: adjust durable v2 tests to pass against Windows Server 2019

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
5 days agos4:torture/smb2: remove MULTI_CHANNEL checking from smb2.replay.channel-sequence
Stefan Metzmacher [Wed, 24 Jun 2020 15:41:15 +0000 (17:41 +0200)]
s4:torture/smb2: remove MULTI_CHANNEL checking from smb2.replay.channel-sequence

This test doesn't need multi-channel. But we need to
force using the channel_sequence, as our client libraries
only use them for multi-channel connections or persistent handles.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
5 days agoselftest/Samba3: support durable handles on the 'aio' share
Stefan Metzmacher [Wed, 24 Oct 2012 13:55:20 +0000 (15:55 +0200)]
selftest/Samba3: support durable handles on the 'aio' share

This means we can test the lock sequence checking via the
'samba3.smb2.lock aio(nt4_dc)' test.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
5 days agos3:smb2_lock: implement lock_sequence replay detection
Stefan Metzmacher [Wed, 24 Oct 2012 13:55:20 +0000 (15:55 +0200)]
s3:smb2_lock: implement lock_sequence replay detection

While windows enables it only for resilient and persistent handles a SMB server
SHOULD (according to MS-SMB2 section 3.3.5.14 ) activate processing of lock
sequence numbers:

... if Open.IsResilient or Open.IsDurable or Open.IsPersistent is TRUE or if
Connection.Dialect belongs to the SMB 3.x dialect family and
Connection.ServerCapabilities includes SMB2_GLOBAL_CAP_MULTI_CHANNEL ...

We only support durable handles or multichannel, so we only implement
these according to the specification.

But we have 'smb2 disable lock sequence checking = yes' to force
to match the Windows Server bahavior, which only supports this
for resilient and persistent handles.

Pair-Programmed-With: Michael Adam <obnox@samba.org>
Pair-Programmed-With: Guenther Deschner <gd@samba.org>

Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
5 days agodocs-xml/smbdotconf: add "smb2 disable lock sequence checking"
Stefan Metzmacher [Tue, 23 Jun 2020 16:30:15 +0000 (18:30 +0200)]
docs-xml/smbdotconf: add "smb2 disable lock sequence checking"

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
5 days agos3:smb2_lock: pass in_lock_sequence to smbd_smb2_lock_send()
Stefan Metzmacher [Wed, 24 Oct 2012 12:53:05 +0000 (14:53 +0200)]
s3:smb2_lock: pass in_lock_sequence to smbd_smb2_lock_send()

Take the value from the client if the dialect is SMB2_10 or higher,
otherwise default to 0.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
5 days agos3:smbXsrv_open: initialize smbXsrv_open_global->lock_sequence_array with 0xFF
Stefan Metzmacher [Wed, 24 Oct 2012 13:17:56 +0000 (15:17 +0200)]
s3:smbXsrv_open: initialize smbXsrv_open_global->lock_sequence_array with 0xFF

This is way to mark an entry as invalid (.valid = false).

Pair-Programmed-With: Michael Adam <obnox@samba.org>

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
5 days agos3:smbXsrv.idl: add lock_sequence_array to smbXsrv_open_global0
Stefan Metzmacher [Wed, 24 Oct 2012 13:06:54 +0000 (15:06 +0200)]
s3:smbXsrv.idl: add lock_sequence_array to smbXsrv_open_global0

This is needed for lock replay detection.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
5 days agos4:torture/smb2: add smb2.lock.replay_smb3_specification test
Stefan Metzmacher [Wed, 2 Oct 2019 13:30:53 +0000 (15:30 +0200)]
s4:torture/smb2: add smb2.lock.replay_smb3_specification test

This implements a test that checks for the specified behaviour.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
5 days agos4:torture/smb2: make smb2.lock.replay_broken_windows more obvious
Stefan Metzmacher [Wed, 2 Oct 2019 12:51:26 +0000 (14:51 +0200)]
s4:torture/smb2: make smb2.lock.replay_broken_windows more obvious

This test checks the SMB 2.1.0 behaviour of lock sequence checking,
which is only turned on for resilient handles.

Even Windows Server 2019 only implements lock sequence checking only
for resilient and persistent handles as a server.
While its client side uses lock sequence checking if it negotiated
multichannel with the server.

Hopefully this will be fixed in future Windows versions.

Make it clear that this test is supposed to pass against the legacy
Windows servers which violate the specification:

  [MS-SMB2] 3.3.5.14 Receiving an SMB2 LOCK Request

  ...

  ... if Open.IsResilient or Open.IsDurable or Open.IsPersistent is
  TRUE or if Connection.Dialect belongs to the SMB 3.x dialect family
  and Connection.ServerCapabilities includes
  SMB2_GLOBAL_CAP_MULTI_CHANNEL bit, the server SHOULD<314>
  perform lock sequence verification ...

  ...

  <314> Section 3.3.5.14: Windows 7 and Windows Server 2008 R2 perform
  lock sequence verification only when Open.IsResilient is TRUE.
  Windows 8 through Windows 10 v1909 and Windows Server 2012 through
  Windows Server v1909 perform lock sequence verification only when
  Open.IsResilient or Open.IsPersistent is TRUE.

Note <314> also applies to all versions (at least) up to Windows Server v2004.

Hopefully this will be fixed in future Windows versions and they
will avoid Note <314>.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
5 days agos4:torture/smb2: fix and improve the smb2.lock.replay test
Michael Adam [Thu, 20 Sep 2018 10:45:17 +0000 (12:45 +0200)]
s4:torture/smb2: fix and improve the smb2.lock.replay test

The test was wrong in that it used an invalid
lock sequence bucket (65) where it actually wanted
to use a valid on (64), and hence the test results
(which were adapted to the real responses) were not
quite logical.

This patch fixes this and also improves some of
the comments so that the flow of the patch becomes
a little more obvious.

Pair-Programmed-With: Günther Deschner <gd@samba.org>

Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
7 days agotorture4: openattr always succeeds
David Mulder [Fri, 13 Dec 2019 20:08:28 +0000 (13:08 -0700)]
torture4: openattr always succeeds

Because this test returned true, it would always
succeed, despite failures in the test. Make it
return false if there are failures. Also, removed
a stray CHECK_MAX_FAILURES introduced by commit
8773e743 that caused the test to *always* fail
(but always be ignored).

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Isaac Boukris <iboukris@samba.org>
Autobuild-User(master): David Mulder <dmulder@samba.org>
Autobuild-Date(master): Wed Jun 24 22:13:11 UTC 2020 on sn-devel-184

7 days agoConvert samba4.base.deny* tests to smb2
David Mulder [Tue, 17 Dec 2019 21:03:19 +0000 (14:03 -0700)]
Convert samba4.base.deny* tests to smb2

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Noel Power <noel.power@suse.com>
7 days agos4:torture: Convert samba4.base.vuid test to smb2
David Mulder [Thu, 16 Jan 2020 17:26:25 +0000 (10:26 -0700)]
s4:torture: Convert samba4.base.vuid test to smb2

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Noel Power <noel.power@suse.com>
7 days agos4:torture: Convert samba4.base.secleak test to smb2
David Mulder [Fri, 17 Jan 2020 16:07:00 +0000 (09:07 -0700)]
s4:torture: Convert samba4.base.secleak test to smb2

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Noel Power <noel.power@suse.com>
7 days agos3: smbd: Allow a SHUTDOWN_CLOSE on a file with outstanding aio if there are no clien...
Jeremy Allison [Tue, 16 Jun 2020 22:01:49 +0000 (15:01 -0700)]
s3: smbd: Allow a SHUTDOWN_CLOSE on a file with outstanding aio if there are no client connections alive.

The process is exiting now so pthreads will never complete to cause
problems.

Remove the knownfail.d/aio_outstanding entry.

Followup-bugfix for:

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14301

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jun 24 20:14:15 UTC 2020 on sn-devel-184

7 days agos3: smbd: Make smbXsrv_client_valid_connections() external.
Jeremy Allison [Tue, 16 Jun 2020 21:58:54 +0000 (14:58 -0700)]
s3: smbd: Make smbXsrv_client_valid_connections() external.

We will need to this ensure our client connections are
terminated in close_file before exiting with outstanding
aio.

Followup-bugfix for:

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14301

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
7 days agos3: selftest: Add samba3.blackbox.aio-outstanding test.
Jeremy Allison [Mon, 22 Jun 2020 20:44:12 +0000 (13:44 -0700)]
s3: selftest: Add samba3.blackbox.aio-outstanding test.

Shows smbd panics if connection is terminated (torn down)
by killing the client with outstanding aio requests in the
queue. As we're closing smbd we should cope with this.

Followup-bugfix for:

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14301

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
8 days agogpo: Test samba-tool gpo admxload
David Mulder [Thu, 18 Jun 2020 18:06:28 +0000 (12:06 -0600)]
gpo: Test samba-tool gpo admxload

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): David Mulder <dmulder@samba.org>
Autobuild-Date(master): Tue Jun 23 17:53:22 UTC 2020 on sn-devel-184

8 days agosamba-tool: add command for installing gpo samba admx
David Mulder [Tue, 16 Oct 2018 09:36:09 +0000 (03:36 -0600)]
samba-tool: add command for installing gpo samba admx

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
8 days agoAdd python binding for DATADIR build path
David Mulder [Tue, 16 Oct 2018 09:23:34 +0000 (03:23 -0600)]
Add python binding for DATADIR build path

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
8 days agogpo: Test gpo scripts apply
David Mulder [Tue, 16 Jun 2020 21:29:40 +0000 (15:29 -0600)]
gpo: Test gpo scripts apply

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
8 days agogpo: Run Group Policy Scripts
David Mulder [Mon, 27 Apr 2020 22:02:55 +0000 (16:02 -0600)]
gpo: Run Group Policy Scripts

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
8 days agoCreate Registry.pol group policy extension parser
David Mulder [Thu, 9 Aug 2018 15:47:38 +0000 (09:47 -0600)]
Create Registry.pol group policy extension parser

Create a parent class for parsing Registry.pol
files by group policy extensions.

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
9 days agonsswitch: silence openpam error messages about unexpected responses
Andrew [Fri, 19 Jun 2020 17:11:48 +0000 (13:11 -0400)]
nsswitch: silence openpam error messages about unexpected responses

Openpam will log an error message when it receives an unexpected
response. On servers using openpam, convert an unexpected response
into PAM_SERVICE_ERR and log what we're doing so that logging behavior
is more user-configurable.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14416

Signed-off-by: Andrew <awalker@ixsystems.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Jun 23 08:08:29 UTC 2020 on sn-devel-184

9 days agothird_party/socket_wrapper: Update socket_wrapper to version 1.2.5
Stefan Metzmacher [Mon, 8 Jun 2020 12:18:00 +0000 (14:18 +0200)]
third_party/socket_wrapper: Update socket_wrapper to version 1.2.5

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11897

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Jun 23 06:46:39 UTC 2020 on sn-devel-184

9 days agopython: Correctly re-raise the LdbError if the embedded error is not ldb.ERR_UNWILLIN...
Andrew Bartlett [Wed, 17 Jun 2020 20:39:09 +0000 (08:39 +1200)]
python: Correctly re-raise the LdbError if the embedded error is not ldb.ERR_UNWILLING_TO_PERFORM

The current code attempts a SAMR based password set for all errors,
we want to continue on LDAP or local LDB (in the restore case) unless
we really got the specific error given by Windows 2000.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14414

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: David Mulder <dmulder@suse.com>
Autobuild-User(master): Gary Lockyer <gary@samba.org>
Autobuild-Date(master): Tue Jun 23 05:07:00 UTC 2020 on sn-devel-184

9 days agolibcli ldap tests: remove use of zero length array
Gary Lockyer [Mon, 22 Jun 2020 01:42:56 +0000 (13:42 +1200)]
libcli ldap tests: remove use of zero length array

libcli/ldap/tests/ldap_message_test.c defines a zero length array
(uint8_t buf[0]), which is a GCC extension and breaks the build with
some strict compilers like xlc.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14387

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Jun 23 02:15:35 UTC 2020 on sn-devel-184

9 days agoldap.c: clarify the need for ldap_get_values_len() in a code comment
Isaac Boukris [Mon, 22 Jun 2020 21:08:57 +0000 (23:08 +0200)]
ldap.c: clarify the need for ldap_get_values_len() in a code comment

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14406

Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
9 days agotests: Only run mdsparser test if we build with spotlight support
Andreas Schneider [Mon, 22 Jun 2020 14:06:36 +0000 (16:06 +0200)]
tests: Only run mdsparser test if we build with spotlight support

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Jun 22 15:53:30 UTC 2020 on sn-devel-184

9 days agogitlab-ci: Use Fedora 32 to test FIPS mode
Andreas Schneider [Mon, 22 Jun 2020 11:52:05 +0000 (13:52 +0200)]
gitlab-ci: Use Fedora 32 to test FIPS mode

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
9 days agobootstrap: Add back quota-devel on CentOS8
Andreas Schneider [Wed, 17 Jun 2020 12:16:13 +0000 (14:16 +0200)]
bootstrap: Add back quota-devel on CentOS8

https://bugs.centos.org/view.php?id=16549

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
9 days agolibcli: Remove define STATUS_EA_LIST_INCONSISTENT
Christof Schmitt [Fri, 19 Jun 2020 20:07:39 +0000 (13:07 -0700)]
libcli: Remove define STATUS_EA_LIST_INCONSISTENT

The auto-generated define NT_STATUS_EA_LIST_INCONSISTENT is still
available.

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Jun 22 13:30:51 UTC 2020 on sn-devel-184

9 days agolibcli: Remove define STATUS_STOPPED_ON_SYMLINK
Christof Schmitt [Fri, 19 Jun 2020 20:06:08 +0000 (13:06 -0700)]
libcli: Remove define STATUS_STOPPED_ON_SYMLINK

The auto-generated define NT_STATUS_STOPPED_ON_SYMLINK is still
available.

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
9 days agolibcli: Remove define for STATUS_PENDING
Christof Schmitt [Fri, 19 Jun 2020 20:03:18 +0000 (13:03 -0700)]
libcli: Remove define for STATUS_PENDING

The auto-generated define NT_STATUS_PENDING is still available.

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
9 days agosmbd: Use NT_STATUS_PENDING instead of STATUS_PENDING
Christof Schmitt [Fri, 19 Jun 2020 20:00:23 +0000 (13:00 -0700)]
smbd: Use NT_STATUS_PENDING instead of STATUS_PENDING

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
9 days agosource4/smb_server: Use NT_STATUS_PENDING instead of STATUS_PENDING
Christof Schmitt [Fri, 19 Jun 2020 19:59:12 +0000 (12:59 -0700)]
source4/smb_server: Use NT_STATUS_PENDING instead of STATUS_PENDING

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
9 days agosource4/libcli: Use NT_STATUS_PENDING instead of STATUS_PENDING
Christof Schmitt [Fri, 19 Jun 2020 19:58:04 +0000 (12:58 -0700)]
source4/libcli: Use NT_STATUS_PENDING instead of STATUS_PENDING

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
9 days agosmbtorture: Use NT_STATUS_PENDING instead of STATUS_PENDING
Christof Schmitt [Fri, 19 Jun 2020 19:56:56 +0000 (12:56 -0700)]
smbtorture: Use NT_STATUS_PENDING instead of STATUS_PENDING

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
9 days agolibcli: Use NT_STATUS_PENDING instead of STATUS_PENDING
Christof Schmitt [Fri, 19 Jun 2020 19:55:13 +0000 (12:55 -0700)]
libcli: Use NT_STATUS_PENDING instead of STATUS_PENDING

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
9 days agolibcli: Remove define for STATUS_NOTIFY_ENUM_DIR
Christof Schmitt [Fri, 19 Jun 2020 19:54:16 +0000 (12:54 -0700)]
libcli: Remove define for STATUS_NOTIFY_ENUM_DIR

The auto-generated define NT_STATUS_NOTIFY_ENUM_DIR is still available.

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
9 days agontvfs: Use NT_STATUS_NOTIFY_ENUM_DIR instead of STATUS_NOTIFY_ENUM_DIR
Christof Schmitt [Fri, 19 Jun 2020 19:47:06 +0000 (12:47 -0700)]
ntvfs: Use NT_STATUS_NOTIFY_ENUM_DIR instead of STATUS_NOTIFY_ENUM_DIR

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
9 days agosmbtorture: Use NT_STATUS_NOTIFY_ENUM_DIR instead of STATUS_NOTIFY_ENUM_DIR
Christof Schmitt [Fri, 19 Jun 2020 19:45:36 +0000 (12:45 -0700)]
smbtorture: Use NT_STATUS_NOTIFY_ENUM_DIR instead of STATUS_NOTIFY_ENUM_DIR

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
9 days agosmbclient: Use NT_STATUS_NOTIFY_ENUM_DIR instead of STATUS_NOTIFY_ENUM_DIR
Christof Schmitt [Fri, 19 Jun 2020 19:43:54 +0000 (12:43 -0700)]
smbclient: Use NT_STATUS_NOTIFY_ENUM_DIR instead of STATUS_NOTIFY_ENUM_DIR

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
9 days agosmbd: Use NT_STATUS_NOTIFY_ENUM_DIR instead of STATUS_NOTIFY_ENUM_DIR
Christof Schmitt [Fri, 19 Jun 2020 19:42:50 +0000 (12:42 -0700)]
smbd: Use NT_STATUS_NOTIFY_ENUM_DIR instead of STATUS_NOTIFY_ENUM_DIR

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
9 days agolibcli: Remove define for STATUS_NOTIFY_CLEANUP
Christof Schmitt [Fri, 19 Jun 2020 19:41:33 +0000 (12:41 -0700)]
libcli: Remove define for STATUS_NOTIFY_CLEANUP

The auto-generated NT_STATUS_NOTIFY_CLEANUP is still available.

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
9 days agotorture: Use NT_STATUS_NOTIFY_CLEANUP instead of STATUS_NOTIFY_CLEANUP
Christof Schmitt [Fri, 19 Jun 2020 19:39:22 +0000 (12:39 -0700)]
torture: Use NT_STATUS_NOTIFY_CLEANUP instead of STATUS_NOTIFY_CLEANUP

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
9 days agosmbd: Use NT_STATUS_NOTIFY_CLEANUP instead of STATUS_NOTIFY_CLEANUP
Christof Schmitt [Fri, 19 Jun 2020 19:38:59 +0000 (12:38 -0700)]
smbd: Use NT_STATUS_NOTIFY_CLEANUP instead of STATUS_NOTIFY_CLEANUP

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
9 days agolibcli: Remove define for STATUS_INVALID_EA_FLAG
Christof Schmitt [Fri, 19 Jun 2020 19:33:29 +0000 (12:33 -0700)]
libcli: Remove define for STATUS_INVALID_EA_FLAG

The auto-generated define NT_STATUS_INVALID_EA_FLAG is still available.

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
9 days agolibcli: Remove define STATUS_NO_MORE_EAS
Christof Schmitt [Fri, 19 Jun 2020 19:28:55 +0000 (12:28 -0700)]
libcli: Remove define STATUS_NO_MORE_EAS

The auto-generated define NT_STATUS_NO_MORE_EAS is still available.

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
9 days agolibcli: Remove define for ERROR_INVALID_DATATYPE
Christof Schmitt [Fri, 19 Jun 2020 19:19:03 +0000 (12:19 -0700)]
libcli: Remove define for ERROR_INVALID_DATATYPE

The auto-generated define WERR_INVALID_DATATYPE is still available.

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
10 days agoFix usage of ldap_get_values_len for msDS-AdditionalDnsHostName
Isaac Boukris [Sat, 20 Jun 2020 15:17:33 +0000 (17:17 +0200)]
Fix usage of ldap_get_values_len for msDS-AdditionalDnsHostName

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14406

Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Jun 22 09:59:04 UTC 2020 on sn-devel-184

10 days agovfs_shadow_copy2: Fix a log message
Anoop C S [Sat, 20 Jun 2020 11:44:40 +0000 (17:14 +0530)]
vfs_shadow_copy2: Fix a log message

Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Sun Jun 21 16:20:26 UTC 2020 on sn-devel-184

10 days agovfs_shadow_copy: Fix a log message
Anoop C S [Sat, 20 Jun 2020 11:43:49 +0000 (17:13 +0530)]
vfs_shadow_copy: Fix a log message

Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
12 days agopython: Fix get_max_worker_count() to always have two runners
Andreas Schneider [Fri, 19 Jun 2020 15:35:19 +0000 (17:35 +0200)]
python: Fix get_max_worker_count() to always have two runners

Thanks to Jim Brown.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: David Mulder <dmulder@suse.com>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Jun 19 19:54:04 UTC 2020 on sn-devel-184

12 days agopython: Run cmdline tools for arbitary docs test in parallel
Andreas Schneider [Wed, 17 Jun 2020 09:24:13 +0000 (11:24 +0200)]
python: Run cmdline tools for arbitary docs test in parallel

Running samba.tests.docs on my machine:
before -> (2m6.952s)
after  -> (22.298s)

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Jun 19 10:59:30 UTC 2020 on sn-devel-184

13 days agopython: Run cmdline tools for default docs test in parallel
Andreas Schneider [Wed, 17 Jun 2020 08:04:27 +0000 (10:04 +0200)]
python: Run cmdline tools for default docs test in parallel

Running samba.tests.docs on my machine:
before -> (3m52.582s)
after  -> (2m6.952s)

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
13 days agoldb_ldap: fix off-by-one increment in lldb_add_msg_attr
Alexander Bokovoy [Thu, 18 Jun 2020 07:45:41 +0000 (10:45 +0300)]
ldb_ldap: fix off-by-one increment in lldb_add_msg_attr

Fix regression introduced by commit ce2bf5c72b6423fff680b3d6a9042103a6cdda55

lldb_add_msg_attr() calls ldb_msg_add_empty() which, in turn, calls
calls _ldb_msg_add_el() which already increments msg->num_elements by one.

As a result, msg->num_elements is bigger than the actual number of
elements and any iteration over elements would step over elements array
boundary.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14413
Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Jun 19 08:35:33 UTC 2020 on sn-devel-184

13 days agolib/ldb: add unit test for ldb_ldap internal code
Alexander Bokovoy [Thu, 18 Jun 2020 08:49:08 +0000 (11:49 +0300)]
lib/ldb: add unit test for ldb_ldap internal code

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14413
Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
13 days agoProperly handle msDS-AdditionalDnsHostName returned from Windows DC
Isaac Boukris [Thu, 11 Jun 2020 13:51:27 +0000 (16:51 +0300)]
Properly handle msDS-AdditionalDnsHostName returned from Windows DC

Windows DC adds short names for each specified msDS-AdditionalDnsHostName
attribute, but these have a suffix of "\0$" and thus fail with
ldap_get_values(), use ldap_get_values_len() instead.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14406

Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Isaac Boukris <iboukris@samba.org>
Autobuild-Date(master): Thu Jun 18 16:43:47 UTC 2020 on sn-devel-184

13 days agoselftest: add tests for binary msDS-AdditionalDnsHostName
Isaac Boukris [Tue, 16 Jun 2020 19:01:49 +0000 (22:01 +0300)]
selftest: add tests for binary msDS-AdditionalDnsHostName

Like the short names added implicitly by Windows DC.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14406

Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
13 days agoFix a typo in recent net man page changes
Isaac Boukris [Thu, 11 Jun 2020 18:05:07 +0000 (21:05 +0300)]
Fix a typo in recent net man page changes

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14406

Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 weeks agos3:lib:tls: Use better priority lists for modern GnuTLS
Andreas Schneider [Mon, 15 Jun 2020 09:50:16 +0000 (11:50 +0200)]
s3:lib:tls: Use better priority lists for modern GnuTLS

We should use the default priority list. That is a good practice,
because TLS protocol hardening and phasing out of legacy algorithms,
is easier to co-ordinate when happens at a single place. See crypto
policies of Fedora.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14408

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Jun 17 17:42:02 UTC 2020 on sn-devel-184

2 weeks agodocs: Add caution against extending this list
Andrew Bartlett [Tue, 16 Jun 2020 21:25:17 +0000 (09:25 +1200)]
docs: Add caution against extending this list

We want correct documentation if at all possible.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Jun 17 15:48:06 UTC 2020 on sn-devel-184

2 weeks agodocs: Remove defaults test exception for "mit kdc command"
Andrew Bartlett [Tue, 16 Jun 2020 20:42:08 +0000 (08:42 +1200)]
docs: Remove defaults test exception for "mit kdc command"

This ensures the documentation matches the code.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 weeks agodocs: Ensure "use mmap" always has the correct default
Andrew Bartlett [Tue, 16 Jun 2020 21:21:56 +0000 (09:21 +1200)]
docs: Ensure "use mmap" always has the correct default

We clarify the smb.conf manpage entry for "use mmap" to match the actual behaviour

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 weeks agovfs_glusterfs: Enable caching of selinux xattr by default
Anoop C S [Sun, 31 May 2020 17:00:53 +0000 (22:30 +0530)]
vfs_glusterfs: Enable caching of selinux xattr by default

Signed-off-by: Anoop C S <anoopcs@redhat.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Wed Jun 17 08:23:33 UTC 2020 on sn-devel-184

2 weeks agos3:lib: Make sure that have_rsrc is initialized
Andreas Schneider [Mon, 15 Jun 2020 08:46:12 +0000 (10:46 +0200)]
s3:lib: Make sure that have_rsrc is initialized

This is never set to false, only to true in the code.

Found by clang.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Isaac Boukris <iboukris@samba.org>
Autobuild-User(master): Isaac Boukris <iboukris@samba.org>
Autobuild-Date(master): Tue Jun 16 10:30:17 UTC 2020 on sn-devel-184

2 weeks agos3:smbd: Fix a possibile null pointer dereference
Andreas Schneider [Mon, 15 Jun 2020 08:32:49 +0000 (10:32 +0200)]
s3:smbd: Fix a possibile null pointer dereference

Found by clang.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Isaac Boukris <iboukris@samba.org>
2 weeks agos4:torture: Make sure that ctx is initialized to NULL
Andreas Schneider [Wed, 10 Jun 2020 16:08:13 +0000 (18:08 +0200)]
s4:torture: Make sure that ctx is initialized to NULL

If we go to done and call smbc_free_context() the pointer should be
initialized.

Found by clang.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Isaac Boukris <iboukris@samba.org>