Volker Lendecke [Thu, 10 Mar 2022 14:56:07 +0000 (15:56 +0100)]
smbd: Avoid an else
We continue; in the if clause
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Thu, 10 Mar 2022 14:50:42 +0000 (15:50 +0100)]
smbd: Avoid two else statements
We return in the if-clause
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Wed, 9 Mar 2022 10:05:32 +0000 (11:05 +0100)]
vfs: Format a comment
I know, whitespace change, but this was just too ugly :-)
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Tue, 8 Mar 2022 14:16:04 +0000 (15:16 +0100)]
printing: Fix a DBG message
openat_pathref_fsp() returns NTSTATUS, errno might be wrong here
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Fri, 11 Mar 2022 12:22:58 +0000 (13:22 +0100)]
smbd: Avoid some casts
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Thu, 10 Mar 2022 16:49:52 +0000 (17:49 +0100)]
third_party/heimdal: import lorikeet-heimdal-
202203101710 (commit
df8d801544144949931cd742169be1207b239c3d)
This fixes the regressions against KDCs without FAST support.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15002
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15005
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Mar 11 18:06:47 UTC 2022 on sn-devel-184
Stefan Metzmacher [Wed, 9 Mar 2022 11:53:18 +0000 (12:53 +0100)]
selftest: use 'kdc enable fast = no' for fl2000 fl2003
This makes sure we still run tests against KDCs without FAST support
and it already found a few regressions.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15002
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15005
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Stefan Metzmacher [Wed, 9 Mar 2022 11:39:07 +0000 (12:39 +0100)]
s4:kdc: make use of the 'kdc enable fast' option
This will useful to test against a KDC without FAST support
and find/prevent regressions.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15002
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15005
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Stefan Metzmacher [Wed, 9 Mar 2022 11:39:07 +0000 (12:39 +0100)]
docs-xml: add 'kdc enable fast' option
This will be useful to test against a KDC without FAST support
and find/prevent regressions.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15002
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15005
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Stefan Metzmacher [Thu, 10 Mar 2022 15:12:43 +0000 (16:12 +0100)]
third_party/heimdal: import lorikeet-heimdal-
202203101709 (commit
47863866da25cc21d292ce335a976b8b33fa1864)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15002
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15005
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Andrew Bartlett [Tue, 8 Mar 2022 09:46:02 +0000 (22:46 +1300)]
s4-kdc: Fix memory leak in FAST cookie handling
The call to sdb_free_entry() was forgotten.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15000
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Mar 11 11:05:55 UTC 2022 on sn-devel-184
Volker Lendecke [Fri, 4 Mar 2022 13:56:24 +0000 (14:56 +0100)]
smbd: Simplify non_widelink_open()
Don't depend on fsp->fsp_flags.is_directory: We can always take the
parent directory fname, chdir into it and openat(O_PATH|O_NOFOLLOW)
the relative file name. To properly handle the symlink case without
having O_PATH, upon failure we need the call to
fstatat(AT_SYMLINK_NOFOLLOW) as a replacement for the fstat-call that
we can do when we successfully opened the relative file name with
O_NOFOLLOW.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Mar 10 19:19:06 UTC 2022 on sn-devel-184
Volker Lendecke [Mon, 7 Mar 2022 17:00:20 +0000 (18:00 +0100)]
vfs: Convert get_real_filename() to NTSTATUS
This makes it possible to more easily handle STOPPED_ON_SYMLINK vs
OBJECT_PATH_NOT_FOUND vs OBJECT_NAME_NOT_FOUND and so on. The next
patch needs this to properly handle symlinks.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 6 Jan 2022 14:59:05 +0000 (15:59 +0100)]
vfs: Add SMB_VFS_FSTATAT
Useful if you want to stat/fstat/lstat relative to a directory without
doing chdir first.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 4 Mar 2022 15:38:34 +0000 (16:38 +0100)]
vfs: Don't mask shadow_copy2_convert()'s errno
If it's really ENOMEM, shadow_copy2_convert() did set this itself. It
might also return ENOENT for example. Found this while working on
other patches.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Jeremy Allison [Tue, 8 Mar 2022 01:47:15 +0000 (17:47 -0800)]
s3: smbd: Plumb in and use smbd_smb2_server_connection_read_handler() when server min protocol > NT1 (i.e. SMB2-only).
This will allow us to remove the SMB1 server specific code
when we disable SMB1, and still retain the ability to negotiate
up from SMB1 -> SMB2 for old clients.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>
Autobuild-User(master): David Mulder <dmulder@samba.org>
Autobuild-Date(master): Thu Mar 10 17:53:26 UTC 2022 on sn-devel-184
Jeremy Allison [Tue, 8 Mar 2022 00:08:46 +0000 (16:08 -0800)]
s3: smbd: Add SMB2-only smbd_smb2_server_connection_read_handler().
Restricts negotiation to SMB2-only. This will make it easier
to remove the SMB1-only parts of the server later.
The only allowed pre-SMB2 requests are a NBSSrequest
(to set the client NetBIOS name) and a 'normal' NBSSmessage
containing an SMB1 negprot. This allows smbd_smb2_server_connection_read_handler()
to work with older clients that use an initial SMB1negprot to
bootstrap into SMB2.
Eventually all other parts of the SMB1 server will
be removed.
Not yet used.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>
Jeremy Allison [Tue, 8 Mar 2022 01:45:23 +0000 (17:45 -0800)]
s3: smbd: Rename smbd_server_connection_read_handler() smbd_smb1_server_connection_read_handler()
Matches the name for the SMB2 connection read handler we're about to use.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>
Stefan Metzmacher [Thu, 3 Mar 2022 10:10:00 +0000 (11:10 +0100)]
s4:auth: let authenticate_ldap_simple_bind() pass down the mapped nt4names
authenticate_ldap_simple_bind*() needs to pass the
result of the cracknames operation into the auth stack
as user_info->client.{account,domain}_name, because
user_info->client.{account,domain}_name is also used
when forwarding the request via netrLogonSamLogon*
to a remote server, for exactly that the values are
also used in order to map a AUTH_PASSWORD_PLAIN into
AUTH_PASSWORD_RESPONSE, where the NTLMv2 response
contains the account and domain names passed in the
netr_IdentityInfo value.
Otherwise it would not be possible to forward the
LDAP simple bind authentication request to a remote
DC.
Currently this only applies to an RODC that forwards
the request to an RWDC.
But note that LDAP simple binds (as on Windows) only
work for users in the DCs forest, as the DsCrackNames
need to work and it can't work for users of remote
forests. I tested that in a DC of a forest root domain,
if rejected the LDAP simple bind against a different forest,
but allowed it for a users of a child domain in the
same forest. The NTLMSSP bind worked in both cases.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Mar 10 04:10:54 UTC 2022 on sn-devel-184
Stefan Metzmacher [Thu, 3 Mar 2022 10:10:00 +0000 (11:10 +0100)]
auth: let auth logging prefer user_info->orig_client.{account,domain}_name if available
The optional user_info->orig_client.{account,domain}_name are
the once really used by the client and should be used in
audit logging. But we still fallback to
user_info->client.{account,domain}_name.
This will be important for the next commit.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 3 Mar 2022 10:10:00 +0000 (11:10 +0100)]
s4:auth: rename user_info->mapped_state to user_info->cracknames_called
This makes it much clearer what it is used for and
it is a special hack for authenticate_ldap_simple_bind_send()
in order to avoid some additional work in
authsam_check_password_internals().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 3 Mar 2022 22:23:21 +0000 (23:23 +0100)]
winbindd: don't set mapped_state in winbindd_dual_auth_passdb()
mapped_state is a special hack for authenticate_ldap_simple_bind_send()
in order to avoid some additional work in authsam_check_password_internals()
This doesn't apply here. We should also handle wbinfo -a
authentication UPN names, e.g. administrator@DOMAIN,
even if the account belongs to the local sam.
With this change the behavior is consistent also locally on DCs and
also an RODC can handle these requests locally for cached accounts.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15003
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Mon, 7 Mar 2022 19:57:52 +0000 (20:57 +0100)]
nsswitch: let test_wbinfo.sh also test wbinfo -a $USERNAME@$DOMAIN
When winbindd forwards wbinfo -a via netrLogonSamLogon* to a remote
DC work fine for upn names, e.g. administrator@DOMAIN.
But it currently fails locally on a DC against the local sam.
For the RODC only work because it forwards the request to
an RWDC.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15003
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 3 Mar 2022 22:24:25 +0000 (23:24 +0100)]
s3:auth: make_user_info_map() should not set mapped_state
mapped_state is only evaluated in authsam_check_password_internals()
of auth_sam.c in source4, so setting it in the auth3 code
doesn't make any difference. I've proved that with
an SMB_ASSERT() and a full pipeline not triggering it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Mon, 7 Mar 2022 20:16:51 +0000 (21:16 +0100)]
s4:auth: fix confusing DEBUG message in authsam_want_check()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 3 Mar 2022 22:14:10 +0000 (23:14 +0100)]
s4:auth: check for user_info->mapped.account_name if it needs to be filled
mapped_state is a special hack for authenticate_ldap_simple_bind_send()
in order to avoid some additional work in authsam_check_password_internals().
But that code will be changed in the next commits, so we can simplify
the logic and only check for user_info->mapped.account_name being NULL.
As it's the important factor that user_info->mapped.account_name is
non-NULL down in the auth stack.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 3 Mar 2022 22:16:13 +0000 (23:16 +0100)]
s4:rpc_server/samr: don't set mapped_state in auth_usersupplied_info for audit logging
mapped_state is completely irrelevant for audit logging and
will also be removed in the next commits.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 3 Mar 2022 22:16:13 +0000 (23:16 +0100)]
s4:kdc: don't set mapped_state in auth_usersupplied_info for audit logging
mapped_state is completely irrelevant for audit logging and
will also be removed in the next commits.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 3 Mar 2022 22:16:13 +0000 (23:16 +0100)]
s4:dsdb: don't set mapped_state in auth_usersupplied_info for audit logging
mapped_state is completely irrelevant for audit logging and
will also be removed in the next commits.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 3 Mar 2022 22:16:13 +0000 (23:16 +0100)]
s4:smb_server: don't set mapped_state explicitly in auth_usersupplied_info
We already use talloc_zero() and mapped_state will be removed in the
next commits.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 3 Mar 2022 22:15:31 +0000 (23:15 +0100)]
auth/ntlmssp: don't set mapped_state explicitly in auth_usersupplied_info
We already use talloc_zero() and mapped_state will be removed in the
next commits.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 3 Mar 2022 22:14:38 +0000 (23:14 +0100)]
s4:auth: encrypt_user_info() should set password_state instead of mapped_state
user_info->mapped_state has nothing to do with enum auth_password_state,
user_info->password_state is the one that holds the auth_password_state value.
Luckily user_info->password_state was never referenced in the
encrypt_user_info() callers.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 2 Mar 2022 13:32:41 +0000 (14:32 +0100)]
s4:auth: a simple bind uses the DCs name as workstation
I've seen that in LogonSamLogonEx request triggered
by a simple bind with a user of a trusted domain
within the same forest. Note simple binds don't
work with users for another forest/external domain,
as the DsCrackNames call on the bind_dn fails.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14641
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 4 Mar 2022 10:41:20 +0000 (11:41 +0100)]
s3:rpc_client: let rpccli_netlogon_network_logon() fallback to workstation = lp_netbios_name()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14641
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Mon, 1 Apr 2019 02:46:48 +0000 (15:46 +1300)]
rodc: Add tests for simple BIND alongside NTLMSSP binds
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 4 Mar 2022 18:09:41 +0000 (19:09 +0100)]
s4:auth_sam: use USER_INFO_INTERACTIVE_LOGON as inducation for an interactive logon
Using != AUTH_PASSWORD_RESPONSE is not the correct indication
due to the local mappings from AUTH_PASSWORD_PLAIN via
AUTH_PASSWORD_HASH to AUTH_PASSWORD_RESPONSE.
It means an LDAP simble bind will now honour
'old password allowed period'.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15001
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Tue, 8 Mar 2022 14:14:09 +0000 (15:14 +0100)]
s3:auth: let make_user_info_netlogon_interactive() set USER_INFO_INTERACTIVE_LOGON
This is not really relevant for now, as USER_INFO_INTERACTIVE_LOGON is
not evaluated in the source3/auth stack. But better add it to
be consistent.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15001
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 4 Mar 2022 20:53:06 +0000 (21:53 +0100)]
dsdb/tests: add test_login_basics_simple()
This demonstrates that 'old password allowed period' also
applies to LDAP simple binds and not only to GSS-SPNEGO/NTLMSSP binds.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15001
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 4 Mar 2022 20:53:06 +0000 (21:53 +0100)]
dsdb/tests: prepare BasePasswordTestCase for simple bind tests
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 4 Mar 2022 22:35:26 +0000 (23:35 +0100)]
dsdb/tests: introduce assertLoginSuccess
This makes it possible to catch failures with knownfail entries.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 4 Mar 2022 22:35:26 +0000 (23:35 +0100)]
dsdb/tests: make use of assertLoginFailure helper
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 4 Mar 2022 23:09:17 +0000 (00:09 +0100)]
dsdb/tests: let all BasePasswordTestCase tests provide self.host_url[_ldaps]
This will make further changes easier.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Sat, 5 Mar 2022 00:36:50 +0000 (01:36 +0100)]
dsdb/tests: passwords.py don't need to import BasePasswordTestCase
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 4 Mar 2022 20:50:15 +0000 (21:50 +0100)]
python:tests: let insta_creds() also copy the bind_dn from the template
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Jeremy Allison [Tue, 8 Mar 2022 03:57:15 +0000 (19:57 -0800)]
s3: smbd: Rename srv_set_signing() -> smb1_srv_set_signing()
Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: David Mulder <dmulder@samba.org>
Autobuild-User(master): David Mulder <dmulder@samba.org>
Autobuild-Date(master): Tue Mar 8 23:05:19 UTC 2022 on sn-devel-184
Jeremy Allison [Tue, 8 Mar 2022 03:54:00 +0000 (19:54 -0800)]
s3: smbd: Rename srv_is_signing_negotiated() -> smb1_srv_is_signing_negotiated().
Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: David Mulder <dmulder@samba.org>
Jeremy Allison [Tue, 8 Mar 2022 03:51:06 +0000 (19:51 -0800)]
s3: smbd: Rename srv_is_signing_active() -> smb1_srv_is_signing_active().
Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: David Mulder <dmulder@samba.org>
Jeremy Allison [Tue, 8 Mar 2022 03:46:58 +0000 (19:46 -0800)]
s3: smbd: Rename srv_set_signing_negotiated() -> smb1_srv_set_signing_negotiated().
Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: David Mulder <dmulder@samba.org>
Jeremy Allison [Tue, 8 Mar 2022 03:45:19 +0000 (19:45 -0800)]
s3: smbd: Rename srv_cancel_sign_response() -> smb1_srv_cancel_sign_response().
Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: David Mulder <dmulder@samba.org>
Jeremy Allison [Tue, 8 Mar 2022 03:44:18 +0000 (19:44 -0800)]
s3: smbd: Rename srv_calculate_sign_mac() -> smb1_srv_calculate_sign_mac().
Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: David Mulder <dmulder@samba.org>
Jeremy Allison [Tue, 8 Mar 2022 03:43:10 +0000 (19:43 -0800)]
s3: smbd: Rename srv_check_sign_mac() -> smb1_srv_check_sign_mac().
Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: David Mulder <dmulder@samba.org>
Jeremy Allison [Tue, 8 Mar 2022 03:41:31 +0000 (19:41 -0800)]
s3: libcli: Rename smb_key_derivation() -> smb1_key_derivation()
Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: David Mulder <dmulder@samba.org>
Jeremy Allison [Tue, 8 Mar 2022 03:39:58 +0000 (19:39 -0800)]
s3: libcli: Rename smb_signing_is_negotiated() -> smb1_signing_is_negotiated()
Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: David Mulder <dmulder@samba.org>
Jeremy Allison [Tue, 8 Mar 2022 03:38:35 +0000 (19:38 -0800)]
s3: libcli: Rename smb_signing_set_negotiated() -> smb1_signing_set_negotiated()
Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: David Mulder <dmulder@samba.org>
Jeremy Allison [Tue, 8 Mar 2022 03:36:25 +0000 (19:36 -0800)]
s3: libcli: Rename smb_signing_is_mandatory() -> smb1_signing_is_mandatory()
Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: David Mulder <dmulder@samba.org>
Jeremy Allison [Tue, 8 Mar 2022 03:34:42 +0000 (19:34 -0800)]
s3: libcli: Rename smb_signing_is_desired() -> smb1_signing_is_desired()
Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: David Mulder <dmulder@samba.org>
Jeremy Allison [Tue, 8 Mar 2022 03:33:23 +0000 (19:33 -0800)]
s3: libcli: Remove unused smb_signing_is_allowed()
Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: David Mulder <dmulder@samba.org>
Jeremy Allison [Tue, 8 Mar 2022 03:31:34 +0000 (19:31 -0800)]
s3: libcli: Rename smb_signing_is_active() -> smb1_signing_is_active()
Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: David Mulder <dmulder@samba.org>
Jeremy Allison [Tue, 8 Mar 2022 03:29:57 +0000 (19:29 -0800)]
s3: libcli: Rename smb_signing_activate() -> smb1_signing_activate()
Fix the debugs that also used this name.
Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: David Mulder <dmulder@samba.org>
Jeremy Allison [Tue, 8 Mar 2022 03:26:54 +0000 (19:26 -0800)]
s3: libcli: Rename smb_signing_check_pdu() -> smb1_signing_check_pdu()
Fix the debugs that also used this name.
Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: David Mulder <dmulder@samba.org>
Jeremy Allison [Tue, 8 Mar 2022 03:22:51 +0000 (19:22 -0800)]
s3: libcli: Rename smb_signing_sign_pdu() -> smb1_signing_sign_pdu()
Fix the debugs that also used this name.
Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: David Mulder <dmulder@samba.org>
Jeremy Allison [Tue, 8 Mar 2022 03:20:27 +0000 (19:20 -0800)]
s3: libcli: Rename smb_signing_cancel_reply() -> smb1_signing_cancel_reply()
Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: David Mulder <dmulder@samba.org>
Jeremy Allison [Tue, 8 Mar 2022 03:18:39 +0000 (19:18 -0800)]
s3: libcli: Rename smb_signing_next_seqnum() -> smb1_signing_next_seqnum()
Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: David Mulder <dmulder@samba.org>
Jeremy Allison [Tue, 8 Mar 2022 03:16:07 +0000 (19:16 -0800)]
s3: libcli: Rename smb_signing_md5() -> smb1_signing_md5()
Fix the debug that also used this name.
Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: David Mulder <dmulder@samba.org>
Jeremy Allison [Tue, 8 Mar 2022 03:14:35 +0000 (19:14 -0800)]
s3: libcli: Rename smb_signing_good() -> smb1_signing_good()
Fix the debugs that also used this name.
Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: David Mulder <dmulder@samba.org>
Jeremy Allison [Tue, 8 Mar 2022 03:12:45 +0000 (19:12 -0800)]
s3: libcli: Rename smb_signing_init() -> smb1_signing_init()
Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: David Mulder <dmulder@samba.org>
Jeremy Allison [Tue, 8 Mar 2022 03:11:33 +0000 (19:11 -0800)]
s3: libcli: Rename smb_signing_init_ex() -> smb1_signing_init_ex()
Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: David Mulder <dmulder@samba.org>
Jeremy Allison [Tue, 8 Mar 2022 03:08:47 +0000 (19:08 -0800)]
s3: libcli: Rename static smb_signing_reset_info() -> smb1_signing_reset_info()
Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: David Mulder <dmulder@samba.org>
Jeremy Allison [Tue, 8 Mar 2022 03:06:34 +0000 (19:06 -0800)]
s3: smbd: Look at the correct signing state for the debug messages in make_connection_snum().
The rest of the changes should now be just renaming
the SMB1 signing functions to make it clear they are
SMB1 specific.
Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: David Mulder <dmulder@samba.org>
Jeremy Allison [Tue, 8 Mar 2022 03:04:23 +0000 (19:04 -0800)]
s3: smbd: Split srv_init_signing() into 2 static functions smb1_srv_init_signing() and smb2_srv_init_signing().
Correctly initialize and look at xconn->smb2.signing_mandatory
for the SMB2 signing state (this gets set correctly for the AD-DC
case etc. inside smb2_srv_init_signing()).
Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: David Mulder <dmulder@samba.org>
Jeremy Allison [Tue, 8 Mar 2022 02:13:11 +0000 (18:13 -0800)]
s3: smbd: Add smb2_srv_init_signing(). Initializes conn->smb2.signing_mandatory.
Not yet used.
Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: David Mulder <dmulder@samba.org>
Jeremy Allison [Tue, 8 Mar 2022 02:09:40 +0000 (18:09 -0800)]
s3: smbd: Add 'bool signing_mandatory' to struct smbXsrv_connection.smb2 component.
Not yet used.
Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: David Mulder <dmulder@samba.org>
Jeremy Allison [Tue, 8 Mar 2022 02:05:41 +0000 (18:05 -0800)]
s3: Simple rename 'struct smb_signing_state' -> 'struct smb1_signing_state'
This is only used by the SMB1 signing code, except for one
bool for SMB2 which we will replace next.
Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: David Mulder <dmulder@samba.org>
Jeremy Allison [Wed, 8 Sep 2021 22:06:11 +0000 (15:06 -0700)]
s3: smbd: notify_mid_maps is used by both SMB1 and SMB2.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>
Archana [Wed, 5 Jan 2022 04:38:06 +0000 (10:08 +0530)]
ctdb-tools: Remove deprecated networking commands and replace with new commands
The changes are made to replace the deprecated network commands
(ifconfig,netstat) with the new commands
(ip addr,ss) respectively
Signed-off-by: Archana Chidirala <archana.chidirala.chidirala@ibm.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Mar 8 12:30:53 UTC 2022 on sn-devel-184
Archana [Tue, 4 Jan 2022 04:31:55 +0000 (10:01 +0530)]
ctdb-packaging: Remove deprecated networking command netstat and replace with "ss" command
Signed-off-by: Archana Chidirala <archana.chidirala.chidirala@ibm.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Jule Anger [Fri, 4 Mar 2022 08:02:28 +0000 (09:02 +0100)]
s3:utils: assign ids to struct to list shares correctly
The commit "
99d1f1fa10d smbd: Remove unused "struct connections_key"" removes
also the assignment of information to connections_data, which are needed to list
shares.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14999
Signed-off-by: Jule Anger <janger@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Jule Anger <janger@samba.org>
Autobuild-Date(master): Mon Mar 7 15:27:48 UTC 2022 on sn-devel-184
Jule Anger [Mon, 7 Mar 2022 09:13:33 +0000 (10:13 +0100)]
s3:tests: Add a test to check the output of smbstatus.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14999
Signed-off-by: Jule Anger <janger@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Pavel Filipenský [Thu, 17 Feb 2022 18:20:46 +0000 (19:20 +0100)]
s3:rpcclient: Fix crash in rpcclient
rpcclient SERVER -c 'dfsenum 5' dumps core
Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Mar 7 00:00:32 UTC 2022 on sn-devel-184
Pavel Filipenský [Thu, 17 Feb 2022 18:20:46 +0000 (19:20 +0100)]
s3:rpcclient: Fix trailing whitespace in cmd_dfs.c
Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Pavel Filipenský [Wed, 23 Feb 2022 16:39:46 +0000 (17:39 +0100)]
s3:script: Blackbox tests for the rpcclient DFS commands
Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Stefan Metzmacher [Mon, 21 Feb 2022 09:29:12 +0000 (10:29 +0100)]
s4:kdc: redirect pre-authentication failures to an RWDC
The most important case is that we still have a previous
password cached at the RODC and the inbound replication
hasn't wiped the cache yet and we also haven't triggered
a new replication yet.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14865
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 24 Feb 2022 20:31:52 +0000 (21:31 +0100)]
s4:kdc: let pac functions in wdc-samba4.c take astgs_request_t
NOTE: This commit finally works again!
This aligns us with the following Heimdal change:
commit
11d8a053f50c88256b4d49c7e482c2eb8f6bde33
Author: Stefan Metzmacher <metze@samba.org>
AuthorDate: Thu Feb 24 18:27:09 2022 +0100
Commit: Luke Howard <lukeh@padl.com>
CommitDate: Thu Mar 3 09:58:48 2022 +1100
kdc-plugin: also pass astgs_request_t to the pac related functions
This is more consistent and allows the pac hooks to be more flexible.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14865
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Thu, 3 Mar 2022 18:17:06 +0000 (19:17 +0100)]
third_party/heimdal: import lorikeet-heimdal-
202203031927 (commit
7abc451ddd74d0c2e57dbb32f3198bde8def73ab)
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14865
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Samuel Cabrero [Tue, 15 Feb 2022 16:46:17 +0000 (17:46 +0100)]
examples: Update winbindd.stp and its generator script
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Samuel Cabrero [Fri, 4 Jun 2021 13:36:16 +0000 (15:36 +0200)]
s3:winbind: Convert ListTrustedDomains parent/child call to NDR
By using NDR we avoid manual marshalling (netr_DomainTrust array
to text string) and unmarshalling (parse the received text string
back to a netr_DomainTrust array).
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Samuel Cabrero [Tue, 1 Mar 2022 11:24:41 +0000 (12:24 +0100)]
s3:winbind: Remove list_all_domains condition always false
The 'list_all_domains' flag in a winbind request is only set by the
torture_winbind_struct_list_trustdom() test, in fact to check the flag
is ignored.
The WINBINDD_LIST_TRUSTDOM command received by winbind parent is handled
by winbindd_list_trusted_domains() which fills the response from the
cached domain list and does not handle the flag.
The WINBINDD_LIST_TRUSTDOM command sent from the parent to the domain
childs when the rescan timer expires do not set this flag, so this
commit removes the code handling it in the child.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Samuel Cabrero [Tue, 1 Mar 2022 10:40:31 +0000 (11:40 +0100)]
s3:winbind: Move the function to list trusted domains to winbindd_dual_srv.c
This function will be converted to a local RPC call handler so move it
to the file including ndr_winbindd_scompat.c.
Updated debug message and use newer debug macros.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Pavel Filipenský [Mon, 28 Feb 2022 22:33:22 +0000 (23:33 +0100)]
s3:lib: Fix possible 32-bit arithmetic overflow
Reported by covscan.
Potentially overflowing expression "glue->gtimeout * 1000" with type "int"
(32 bits, signed) is evaluated using 32-bit arithmetic, and then used in
a context that expects an expression of type "uint64_t" (64 bits, unsigned).
Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Sat Mar 5 08:04:28 UTC 2022 on sn-devel-184
Jeremy Allison [Thu, 3 Mar 2022 17:49:15 +0000 (09:49 -0800)]
s3: smbd: Cleanup - Make rmdir_internals() use NTSTATUS internally without depending on errno.
As we already need to return NTSTATUS, map errno to NTSTATUS directly at point of failure
and don't depend on keeping it around. No change in client-visible behavior but makes
rmdir_internals() easier to understand (for me at least).
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Mar 4 18:39:48 UTC 2022 on sn-devel-184
Jeremy Allison [Thu, 3 Mar 2022 17:34:45 +0000 (09:34 -0800)]
s3: smbd: Cleanup - make recursive_rmdir() return a more expressive NTSTATUS not bool.
Next cleanup the internals of rmdir_internals() to do an early map
of errno -> NTSTATUS to avoid mapping back and forth.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Fri, 4 Mar 2022 07:39:01 +0000 (08:39 +0100)]
smbd: Make complex if-expression in file_set_dosmode() easier to read
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Fri, 4 Mar 2022 07:36:04 +0000 (08:36 +0100)]
smbd: Fix indentation in rename_internals_fsp()
This one space character makes it more obvious where in the copmlex
if-expression lp_store_dos_attributes() lives.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Thu, 3 Mar 2022 20:49:47 +0000 (21:49 +0100)]
smbd: Save a few lines in file_set_dosmode() with "goto done;"
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Thu, 3 Mar 2022 20:48:26 +0000 (21:48 +0100)]
smbd: Remove unused "lret" variable from file_set_dosmode()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Thu, 3 Mar 2022 10:52:12 +0000 (11:52 +0100)]
smbd: Pass dirfsp instead of a parent filename to unix_mode
This converts a STAT (with potential symlink race problems) into an
FSTAT on the O_PATH fd we have for the directory
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Thu, 3 Mar 2022 19:13:25 +0000 (20:13 +0100)]
smbd: Log close_file_free() failure in copy_internals()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Thu, 3 Mar 2022 10:32:20 +0000 (11:32 +0100)]
smbd: Pass dirfsp instead of an fname to open_file()
Moving slowly towards passing directory handles instead of names,
representing the idea that we hold a O_PATH file descriptor on
directories.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Thu, 3 Mar 2022 10:32:20 +0000 (11:32 +0100)]
smbd: Inherit acl from an fsp instead of a fname
Moving slowly towards passing directory handles instead of names,
representing the idea that we hold a O_PATH file descriptor on
directories.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Thu, 3 Mar 2022 10:28:57 +0000 (11:28 +0100)]
smbd: Remove a deref forgotten in
c2ac6a9cd7b
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>