David Mulder [Fri, 19 Feb 2021 19:36:50 +0000 (12:36 -0700)]
samba-tool: Add a gpo command for setting VGP Issue Group Policy
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Mar 8 20:57:50 UTC 2021 on sn-devel-184
David Mulder [Fri, 19 Feb 2021 19:33:42 +0000 (12:33 -0700)]
samba-tool: Test gpo manage issue set command
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Mulder [Fri, 19 Feb 2021 19:25:00 +0000 (12:25 -0700)]
samba-tool: Add a gpo command for listing VGP Issue Group Policy
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Mulder [Fri, 19 Feb 2021 18:01:08 +0000 (11:01 -0700)]
samba-tool: Test gpo manage issue list command
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Mulder [Fri, 19 Feb 2021 17:22:04 +0000 (10:22 -0700)]
gpo: Apply Group Policy Issue setting from VGP
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Mulder [Fri, 19 Feb 2021 16:45:38 +0000 (09:45 -0700)]
gpo: Test Group Policy VGP Issue Policy
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Mulder [Thu, 18 Feb 2021 16:42:49 +0000 (09:42 -0700)]
samba-tool: Add a gpo command for setting VGP MOTD Group Policy
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Mulder [Thu, 18 Feb 2021 15:50:25 +0000 (08:50 -0700)]
samba-tool: Test gpo manage motd set command
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Mulder [Thu, 18 Feb 2021 14:50:08 +0000 (07:50 -0700)]
samba-tool: Add a gpo command for listing VGP MOTD Group Policy
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Mulder [Wed, 17 Feb 2021 21:58:51 +0000 (14:58 -0700)]
samba-tool: Test gpo manage motd list command
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Mulder [Wed, 17 Feb 2021 21:43:50 +0000 (14:43 -0700)]
gpo: Apply Group Policy MOTD setting from VGP
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Mulder [Wed, 17 Feb 2021 20:24:55 +0000 (13:24 -0700)]
gpo: Test Group Policy VGP MOTD Policy
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Mulder [Fri, 26 Feb 2021 22:02:02 +0000 (15:02 -0700)]
gpo: Don't free talloc pointer held elsewhere
Freeing this pointer produces the following error:
ERROR: talloc_free with references at ../../libgpo/pygpo.c:481
reference at ../../pytalloc_util.c:164
reference at ../../pytalloc_util.c:164
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Mar 8 19:08:07 UTC 2021 on sn-devel-184
David Mulder [Fri, 26 Feb 2021 16:46:49 +0000 (09:46 -0700)]
gpo: vgp_sudoers_ext handle missing and dispersed principal names
If we don't anticipate a missing principal name,
the extension crashes. Also, principal names could
be in dispersed listelements.
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Mulder [Fri, 26 Feb 2021 21:01:48 +0000 (14:01 -0700)]
gpo: Ensure that vgp_sudoers_ext handles missing/dispersed principal names
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Mulder [Fri, 26 Feb 2021 16:46:15 +0000 (09:46 -0700)]
gpo: Add rsop output for vgp_openssh_ext
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Mulder [Fri, 26 Feb 2021 16:45:03 +0000 (09:45 -0700)]
gpo: vgp_openssh_ext create the config dir
We should create the /etc/ssh/sshd_config.d dir
if it doesn't exist.
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Mulder [Fri, 26 Feb 2021 16:43:30 +0000 (09:43 -0700)]
gpo: Improve the samba-gpupdate --rsop output
Use the CSE name based on the class name, not the
module name. Also ignore the Local Policy gpo.
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Mulder [Wed, 24 Feb 2021 19:43:55 +0000 (12:43 -0700)]
gpo: Add admxload warning about Windows templates
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Mulder [Wed, 24 Feb 2021 19:35:10 +0000 (12:35 -0700)]
gpo: Ensure that samba-gpupdate doesn't require ad-dc
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Mulder [Wed, 24 Feb 2021 17:53:17 +0000 (10:53 -0700)]
gpo: Test to ensure that samba-gpupdate doesn't require ad-dc
Running samba-gpupdate on a client is causing an
error in gp_access_ext, due to it attempting to
access sam.ldb before detecting whether we are on
an ad-dc.
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Mon, 6 Jul 2020 15:27:05 +0000 (17:27 +0200)]
smbXsrv_client: move the connection passing to smb2srv_client_mc_negprot_send/recv
We need a full request/response pair in order to avoid races in
the multichannel connection passing.
smb2srv_client_mc_negprot_send/recv locks the
db record for the given client_guid.
If there's no entry found, we add ourself and
return NT_STATUS_OK.
If there's an existing process for that client guid
we start messaging_filtered_read_send()
dbwrap_watched_watch_send() before calling
smb2srv_client_connection_pass().
Then we release the lock and wait for either
MSG_SMBXSRV_CONNECTION_PASSED to arrive or
retry if dbwrap_watched_watch_recv signaled
a change in the database.
If we got MSG_SMBXSRV_CONNECTION_PASSED we'll
return NT_STATUS_MESSAGE_RETRIEVED in order to
signal that the other process will take care of
the connection and we terminate the current process.
All that is done completely async, which means that
the IDLE_CLOSED_TIMEOUT (60 seconds) may trigger
deadtime_fn(), which will send itself a MSG_SHUTDOWN.
So the process that accepted the tcp connection
exists if there was no MSG_SMBXSRV_CONNECTION_PASSED
within 60 seconds.
However the fd may still exists in the kernel (and
the new connection may still be handed to the other
process. If that process somehow exists before
there's no way to prevent a connection termination
for the client.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14433
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Mar 6 03:30:06 UTC 2021 on sn-devel-184
Stefan Metzmacher [Wed, 23 Sep 2020 11:07:20 +0000 (13:07 +0200)]
smbd: make sure that xconn is alive for the lifetime of smbXsrv_connection_shutdown_send/recv
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14533
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Wed, 23 Sep 2020 02:58:22 +0000 (04:58 +0200)]
s4:torture/smb2: add smb2.lease.timeout-disconnect test
This reproduces a problem that is triggered when
smbd_server_connection_terminate() is called recursively.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14533
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Wed, 23 Sep 2020 04:00:28 +0000 (06:00 +0200)]
smbXsrv_session: set session->db_rec = NULL after session->db_rec = local_rec
This actually fixes crashes due to stale pointers.
With multi-channel and with 2 (or more) connections,
we'll call smbXsrv_session_disconnect_xconn() when a connection
gets disconnected, but we'll leave smbXsrv_client and all other
connections in place.
However smbXsrv_session_disconnect_xconn_callback() left
a stale session->db_rec pointer in place, which means
a following smbXsrv_session_logoff() will call
dbwrap_record_delete(local_rec) on a stale pointer.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14532
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Wed, 23 Sep 2020 09:24:46 +0000 (11:24 +0200)]
smbXsrv_tcon: explicitly set tcon->db_rec = NULL after tcon->db_rec = local_rec
There's no know problem that we fix for the
smbXsrv_tcon_disconnect_all_callback() case,
but it might prevent future problems.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14532
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Wed, 23 Sep 2020 11:49:27 +0000 (13:49 +0200)]
s4:torture/smb2: add a smb2.session.two_logoff test
This reproduces a bug where two SMB2_LOGOFF messages kill the whole
client smbd when multi-channel is used, instead of just removing the
logical session.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14532
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Wed, 23 Sep 2020 11:13:22 +0000 (13:13 +0200)]
smbd: introduce a smbXsrv_connection_destructor()
For now it only prints a debug message, but that's already very
useful for multi-channel debugging.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14534
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Wed, 23 Sep 2020 11:13:01 +0000 (13:13 +0200)]
smbd: improve smbXsrv_connection_dbg() for debugging multi-channel problems
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14534
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Fri, 19 Jun 2020 10:32:59 +0000 (12:32 +0200)]
selftest: enable 'server multi channel support = yes'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14534
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Tue, 9 Feb 2021 15:54:18 +0000 (16:54 +0100)]
s4:torture/smb2: use %t (timestamp) instead of %R for lease.dynamic_share test
This test should be independent of the protocol in order to be
independent of multi-channel support of the server.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14534
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Tue, 28 Jul 2020 10:11:38 +0000 (12:11 +0200)]
smbd: let smbd_request_guid() use smb1req->xconn->channel_id
The unique identifier of a channel/connection is the channel_id,
the pointer of 'xconn' can be reused.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14534
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Thu, 27 Aug 2020 02:50:15 +0000 (04:50 +0200)]
docs-xml: clarify "smb2 disable lock sequence checking" section
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14534
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 2 Mar 2021 10:30:44 +0000 (11:30 +0100)]
dsdb: Fix CID
1473454: Null pointer dereferences
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 2 Mar 2021 10:27:07 +0000 (11:27 +0100)]
dsdb: Fix CID
1473453: Null pointer dereferences
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Samuel Cabrero [Mon, 1 Mar 2021 16:26:24 +0000 (17:26 +0100)]
librpc: Lower dcesrv_call_dispatch_local() errors from DBG_ERR to DBG_INFO
Before merging the s3 and s4 RPC servers the rpcint_dispatch function
was not logging any error.
This commit lowers from DBG_ERR to DBG_INFO the importance of error
messages when dispatching local RPC calls. There are some situations
where RPC functions return RPC faults and this is not a fatal condition.
One example is _lsa_QueryInfoPolicy2.
This change prevents a noisy error logged when winbindd tries to connect to
its primary domain in the nt4_member and ad_member test environments:
[2021/03/01 16:49:38.486111, 0, pid=12456] ../../librpc/rpc/dcesrv_core.c:2990(dcesrv_call_dispatch_local)
dcesrv_call_dispatch_local: DCE/RPC fault in call lsarpc:2E - DCERPC_NCA_S_OP_RNG_ERROR
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Samuel Cabrero [Mon, 1 Mar 2021 14:56:06 +0000 (15:56 +0100)]
winbind: Remove noisy error message in wb_open_internal_pipe()
Before merging the s4 and s3 RPC servers the make_internal_rpc_pipe_p()
function did not fail when the requested interface was not registered in
the calling process because it did not check the return value of
rpc_srv_get_pipe_cmds(). If the interface was not registed, the pointer
to the interface functions was NULL and later, when dispatching a call,
rpcint_dispatch() returned NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE in this
case.
After merging the RPC servers, the rpc_pipe_open_internal() function
will return NT_STATUS_RPC_INTERFACE_NOT_FOUND if the interface is not
registered in the calling process. This causes a noisy error message in
winbind when it tries to open the dssetup pipe to the primary domain and
it is not an AD domain.
The callers of wb_open_internal_pipe() when connecting to the domain
already logs the error at level greather or equal to five. This commit
moves the dupplicated and noisy error message at level zero from
wb_open_internal_pipe() to its callers outside winbindd_cm.c.
This error can be seen in winbindd logs of ad_member and nt4_member test
environments.
[2021/03/01 16:49:38.486004, 0, pid=12456] ../../source3/winbindd/winbindd_cm.c:1893(wb_open_internal_pipe)
open_internal_pipe: Could not connect to dssetup pipe: NT_STATUS_RPC_INTERFACE_NOT_FOUND
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 3 Mar 2021 18:15:31 +0000 (19:15 +0100)]
g_lock: Fix uninitalized variable reads
If dbwrap_watched_watch_recv() returns IO_TIMEOUT, "blockerdead" might
be an uninitialized non-false, and further down we'll remove the wrong
exclusive locker.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14636
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Mar 5 11:22:07 UTC 2021 on sn-devel-184
Volker Lendecke [Wed, 3 Mar 2021 18:19:23 +0000 (19:19 +0100)]
locking: Fix an uninitialized variable read
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14636
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Volker Lendecke [Wed, 3 Mar 2021 10:20:51 +0000 (11:20 +0100)]
vfs_aixacl2: Fix "mem_ctx" and "ppdesc" smb_fget_nt_acl_nfs4 args
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Björn Jacke <bjacke@samba.org>
Autobuild-User(master): Björn Jacke <bjacke@samba.org>
Autobuild-Date(master): Wed Mar 3 12:36:13 UTC 2021 on sn-devel-184
Björn Jacke [Tue, 2 Mar 2021 21:47:35 +0000 (22:47 +0100)]
wscript: use --as-needed only if tested successfully
Some OSes like Solaris based OmiOS don't support this.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14288
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Trever L. Adams [Fri, 26 Feb 2021 22:52:03 +0000 (14:52 -0800)]
s3:modules:vfs_virusfilter: Recent talloc changes cause infinite start-up failure
Recent talloc changes cause the current check for failure to allocate to be incorrectly triggered.
This patch ensures the original parameter is not NULL before attempting any talloc or strstr.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14634
RN: Fix failure of vfs_virusfilter starting due to talloc changes
Signed-off-by: Trever L. Adams" <trever.adams@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Mon Mar 1 21:44:55 UTC 2021 on sn-devel-184
Jelmer Vernooij [Sat, 27 Feb 2021 16:49:38 +0000 (16:49 +0000)]
Suggest running './configure' rather than 'waf configure'.
waf actively discourages system-wide waf installs, so the latter is unlikely
to work.
Signed-off-by: Jelmer Vernooij <jelmer@jelmer.uk>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Mar 1 04:56:15 UTC 2021 on sn-devel-184
Samuel Cabrero [Fri, 26 Feb 2021 09:36:02 +0000 (10:36 +0100)]
daemons: Do not notify systemd in child processes started by main samba
When samba runs as ADDC only the main 'samba' daemon have to notify
its status to systemd because our systemd unit files contains implied
NotifyAccess=main since commit
d1740fb3d5a72cb49e30b330bb0b01e7ef3e09cc.
This commit adds a function to disable the systemd notification in the
smbd and winbinddd child processes started by the main 'samba' daemon in
AD DC mode to avoid warnings like:
systemd[1]: samba-ad-dc.service: Got notification message from PID 26194,
but reception only permitted for main PID 26187
systemd[1]: samba-ad-dc.service: Got notification message from PID 26222,
but reception only permitted for main PID 26187
$ pstree -p
...
├─samba(26187)─┬─tfork(26189)(26188)───s3fs[master](26189)───tfork(26194)(26193)───smbd(26194)─┬─cleanupd(+
│ │ ├─lpqd(2623+
│ │ └─smbd-noti+
│ ├─tfork(26191)(26190)───rpc[master](26191)─┬─tfork(26198)(26195)───rpc(0)(26198)
│ │ ├─tfork(26200)(26199)───rpc(1)(26200)
│ │ ├─tfork(26206)(26201)───rpc(2)(26206)
│ │ └─tfork(26212)(26207)───rpc(3)(26212)
│ ├─tfork(26196)(26192)───nbt[master](26196)
│ ├─tfork(26202)(26197)───wrepl[master](26202)
│ ├─tfork(26204)(26203)───ldap[master](26204)─┬─tfork(26242)(26241)───ldap(0)(26242)
│ │ ├─tfork(26244)(26243)───ldap(1)(26244)
│ │ ├─tfork(26246)(26245)───ldap(2)(26246)
│ │ └─tfork(26248)(26247)───ldap(3)(26248)
│ ├─tfork(26208)(26205)───cldap[master](26208)
│ ├─tfork(26210)(26209)───kdc[master](26210)───tfork(26218)(26215)───krb5kdc(26218)
│ ├─tfork(26213)(26211)───drepl[master](26213)
│ ├─tfork(26216)(26214)───winbindd[master(26216)───tfork(26222)(26219)───winbindd(26222)───wi+
│ ├─tfork(26220)(26217)───ntp_signd[maste(26220)
│ ├─tfork(26223)(26221)───kcc[master](26223)
│ ├─tfork(26225)(26224)───dnsupdate[maste(26225)
│ └─tfork(26227)(26226)───dns[master](26227)
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Samuel Cabrero [Thu, 25 Feb 2021 16:13:46 +0000 (17:13 +0100)]
lib:util: Move variable initialization out of conditional compilation block
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Björn Baumbach [Wed, 20 Jan 2021 15:10:48 +0000 (16:10 +0100)]
test: samba-tool user show: Test ';format=[GeneralizedTime,UnixTime,TimeSpec] attributes
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Björn Baumbach <bb@sernet.de>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Tue, 19 Jan 2021 10:47:02 +0000 (11:47 +0100)]
samba-tool user: add ';format=[GeneralizedTime,UnixTime,TimeSpec]' support in "samba-tool user show"
This is useful to convert various time values to other formats.
Pair-Programmed-With: Björn Baumbach <bb@sernet.de>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Tue, 19 Jan 2021 10:47:20 +0000 (11:47 +0100)]
samba-tool user: add ';format=[GeneralizedTime,UnixTime,TimeSpec]' support
These are useful to convert various time values to other formats.
Pair-Programmed-With: Björn Baumbach <bb@sernet.de>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Mon, 18 Jan 2021 14:51:37 +0000 (15:51 +0100)]
samba-tool user: use an implicit_attrs list instead of add_ATTR variables
We'll extent GetPasswordCommand.get_password_attributes() to handle
more virtual formats in future. It'll be much easier to
to maintain a list of attributes we need to filter out again.
sAMAccountName and userPrincipalName are always implicitly
requested in order to keep the existing code sane.
supplementalCredentials and unicodePwd are requested by default
when generating virtual password attributes.
Pair-Programmed-With: Björn Baumbach <bb@sernet.de>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 2 Dec 2020 14:42:10 +0000 (15:42 +0100)]
pyglue: add float2nttime() and nttime2float()
The float value is what the native python time.time()
returns, it's basically a struct timespec converted to
double/float.
Pair-Programmed-With: Björn Baumbach <bb@sernet.de>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Tue, 19 Jan 2021 15:53:55 +0000 (16:53 +0100)]
pyldb: catch potential overflow error in py_timestring
Pair-Programmed-With: Björn Baumbach <bb@sernet.de>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Björn Baumbach [Tue, 19 Jan 2021 09:53:48 +0000 (10:53 +0100)]
samba-tool user: use remote domain information
Required, when running get_account_attributes() against a remote samdb.
avoid:
ERROR(<class 'AttributeError'>): uncaught exception - 'NoneType' object has no attribute 'get'
File "bin/python/samba/netcmd/__init__.py", line 186, in _run
return self.run(*args, **kwargs)
File "bin/python/samba/netcmd/user.py", line 2769, in run
obj = self.get_account_attributes(samdb, username,
File "bin/python/samba/netcmd/user.py", line 1250, in get_account_attributes
realm = self.lp.get("realm")
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Björn Baumbach [Tue, 19 Jan 2021 17:04:38 +0000 (18:04 +0100)]
samba-tool user: fix some typos
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Björn Baumbach [Thu, 21 Jan 2021 12:20:17 +0000 (13:20 +0100)]
s4:dsdb/dirsync: fix a typo in a comment
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Björn Baumbach [Thu, 21 Jan 2021 12:18:41 +0000 (13:18 +0100)]
s3:libsmb: fix a typo in a comment
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Björn Baumbach [Thu, 21 Jan 2021 12:16:34 +0000 (13:16 +0100)]
selftest: fix typos in README files
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Noel Power [Fri, 12 Feb 2021 15:06:40 +0000 (15:06 +0000)]
vfs: update status of SMB_VFS_LISTXATTR
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Feb 26 22:35:04 UTC 2021 on sn-devel-184
Noel Power [Wed, 10 Feb 2021 16:21:36 +0000 (16:21 +0000)]
VFS: Remove SMB_VFS_LISTXATTR, no longer used
---------------
/ \
/ REST \
/ IN \
/ PEACE \
/ \
| |
| SMB_VFS_LISTXATTR |
| |
| |
| 10 February |
| 2021 |
| |
| |
*| * * * | *
_________)/\\_//(\/(/\)/\//\/\////|_)_______
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Noel Power [Wed, 10 Feb 2021 12:46:09 +0000 (12:46 +0000)]
s3/smbd: Remove connection_struct from get_ea_names_from_file
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Noel Power [Wed, 10 Feb 2021 11:54:29 +0000 (11:54 +0000)]
s3/smbd: Adjust estimate_ea_size to take files_struct alone
Remove connection_struct parameter (and use fsp->conn)
instead.
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Noel Power [Wed, 10 Feb 2021 10:26:53 +0000 (10:26 +0000)]
s3/smbd: let canonicalize_ea_name accept fsp and fstring only in sig
Remove the connection_struct & smb_fname parameters from
canonicalize_ea_name, they arent needed (and can be got from
files_struct)
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Noel Power [Wed, 10 Feb 2021 10:13:46 +0000 (10:13 +0000)]
s3/smbd: replace get_ea_list_from_file_path with get_ea_list_from_fsp
Additionally remove the old get_ea_list_from_file_path.
get_ea_list_from_file_path & new get_ea_list_from_fsp are identical
except for test for an addition test
+ if (is_ntfs_stream_smb_fname(fsp->fsp_name)) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
This test should should be fine here too.
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Noel Power [Wed, 10 Feb 2021 10:07:51 +0000 (10:07 +0000)]
s3/smbd: rename get_ea_list_from_fsp_new to get_ea_list_from_fsp
And remove the old get_ea_list_from_fsp
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Noel Power [Wed, 10 Feb 2021 09:53:23 +0000 (09:53 +0000)]
s3/smbd: Create new file get_ea_list_from_fsp_new (not used)
On the way to removing get_ea_list_from_file_path and replacing
it with get_ea_list_from_fsp create a copy of get_ea_list_from_file_path
called get_ea_list_from_fsp_new. It is ifdef'ed out for the moment
as it isn't used yet
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Noel Power [Tue, 9 Feb 2021 17:55:50 +0000 (17:55 +0000)]
s3/smbd: remove connection_struct from get_ea_list_from_file_path
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Noel Power [Tue, 9 Feb 2021 17:55:08 +0000 (17:55 +0000)]
s3/smsbd: prepare to remove connection_struct param from get_ea_list_from_file_path
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Noel Power [Fri, 5 Feb 2021 17:10:20 +0000 (17:10 +0000)]
s3/torture: migrate SMB_VFS_FLISTXATTR calls to SMB_VFS_FLISTXATTR
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Noel Power [Mon, 8 Feb 2021 17:38:54 +0000 (17:38 +0000)]
s3/smbd: remove connection_struct param from get_ea_list_from_file
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Noel Power [Mon, 8 Feb 2021 17:29:30 +0000 (17:29 +0000)]
s3/smbd: rename get_ea_list_from_path -> get_ea_list_from_fsp
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Noel Power [Tue, 2 Feb 2021 19:33:39 +0000 (19:33 +0000)]
s3/smbd: no longer pass smb_fname to get_ea_list_from_file
Finally remove the smb_fname paramater as it is no longer used
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Noel Power [Tue, 2 Feb 2021 17:05:49 +0000 (17:05 +0000)]
s3/smbd: prepare get_ea_list_from_file to receive fsp alone
A step to transition away from using smb_fname & fsp
parameter combination with this function by using
the fsp provided by smb_filename->fsp
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Noel Power [Fri, 26 Feb 2021 14:09:52 +0000 (14:09 +0000)]
s3/smbd: modify get_ea_list_from_file_path fn signature to take fsp only
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Noel Power [Mon, 1 Feb 2021 21:09:08 +0000 (21:09 +0000)]
s3/smbd: modify estimate_ea_size fn signature to take fsp only
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Noel Power [Fri, 29 Jan 2021 14:54:47 +0000 (14:54 +0000)]
s3/smbd: use smb_fname->fsp for get_ea_list_from_file_path in estimate_ea_size()
Additionally ensure get_ea_list_from_file_path is called with base file.
Previously fsp was set to NULL if fsp pointed to a ntfs stream which in
turn ensured that 'base_path' from the smb_fname was used (which points
to the base file). Now we get a pathref fsp (pointing to the base file)
instead
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Noel Power [Sun, 31 Jan 2021 19:18:03 +0000 (19:18 +0000)]
s3/smbd: modify get_ea_names_from_file signature fn to take fsp alone
Removes the smb_filename function parameter
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Noel Power [Fri, 29 Jan 2021 14:53:43 +0000 (14:53 +0000)]
s3/smbd: use SMB_VFS_FLISTXATTR() alone (also added assert fsp is not NULL)
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Noel Power [Mon, 8 Feb 2021 10:42:22 +0000 (10:42 +0000)]
s3/modules: Ensure vfs_streaminfo gets passed valid pathref smb_filename
the smb_filename/smb_filename->fsp passed to vfs_streaminfo
eventually is passed to SMB_VFS_FLISTXATTR, we need to ensure this is
properly setup and not NULL
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Noel Power [Fri, 29 Jan 2021 18:54:20 +0000 (18:54 +0000)]
s3/smbd: call get_ea_list_from_file with smb_fname->fsp
A step to transition away from using smb_fname & fsp
paramater combination with this function.
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Peter Eriksson [Tue, 23 Feb 2021 20:13:37 +0000 (12:13 -0800)]
s3: VFS: nfs4_acls. Add missing TALLOC_FREE(frame) in error path.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14648
Signed-off-by: Peter Eriksson <pen@lysator.liu.se>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>
Autobuild-User(master): David Mulder <dmulder@samba.org>
Autobuild-Date(master): Thu Feb 25 20:46:02 UTC 2021 on sn-devel-184
David Mulder [Tue, 16 Feb 2021 21:12:02 +0000 (14:12 -0700)]
samba-tool: Add a gpo command for removing VGP Startup Scripts Group Policy
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Feb 24 22:01:08 UTC 2021 on sn-devel-184
David Mulder [Fri, 12 Feb 2021 21:49:16 +0000 (14:49 -0700)]
samba-tool: Test gpo manage script startup remove command
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Mulder [Fri, 12 Feb 2021 21:13:51 +0000 (14:13 -0700)]
samba-tool: Add a gpo command for adding VGP Startup Scripts Group Policy
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Mulder [Fri, 12 Feb 2021 15:04:30 +0000 (08:04 -0700)]
samba-tool: Test gpo manage script startup add command
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Mulder [Tue, 9 Feb 2021 13:16:32 +0000 (06:16 -0700)]
samba-tool: Add a gpo command for listing VGP Startup Scripts Group Policy
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Mulder [Mon, 8 Feb 2021 20:08:02 +0000 (13:08 -0700)]
samba-tool: Test gpo manage script startup list command
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Mulder [Tue, 2 Feb 2021 19:33:11 +0000 (12:33 -0700)]
gpo: Apply Group Policy Startup Scripts from VGP
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Mulder [Fri, 29 Jan 2021 20:34:50 +0000 (13:34 -0700)]
gpo: Test Group Policy VGP Startup Script Policy
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Douglas Bagnall [Thu, 11 Feb 2021 02:50:53 +0000 (15:50 +1300)]
ldb: remove some 'if PY3's in tests
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: David Mulder <dmulder@suse.com>
Autobuild-User(master): David Mulder <dmulder@samba.org>
Autobuild-Date(master): Mon Feb 22 15:50:55 UTC 2021 on sn-devel-184
Douglas Bagnall [Thu, 11 Feb 2021 04:35:59 +0000 (17:35 +1300)]
pytest/segfault: fix the rpc.echo test
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: David Mulder <dmulder@suse.com>
Douglas Bagnall [Thu, 11 Feb 2021 04:35:32 +0000 (17:35 +1300)]
pytest/segfaults: drop a useless line
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: David Mulder <dmulder@suse.com>
Douglas Bagnall [Thu, 11 Feb 2021 09:19:31 +0000 (22:19 +1300)]
selftest: preforkrestartdc doesn't need gdb-backtraces
There are tests in this environment that kill processes with SEGV
signals, which causes a backtrace that is entirely spurious from a
debugging point of view.
We can turn that off, saving processor time and moments of developer
confusion.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: David Mulder <dmulder@suse.com>
Douglas Bagnall [Thu, 11 Feb 2021 09:16:33 +0000 (22:16 +1300)]
pytest:segfault: avoid gdb_backtrace on knownfail
We know that test_net_replicate_init__3() segfaults. It is a knownfail
and we don't need to see the gdb backtrace every time.
This saves nearly two minutes on `make test TESTS=segfault`.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: David Mulder <dmulder@suse.com>
Douglas Bagnall [Thu, 11 Feb 2021 04:39:18 +0000 (17:39 +1300)]
selftest/gdb_backtrace: add an off switch
Sometime you know a test is going to crash and produce a LOT of
backtrace, and you already know what it will look like. For those
times you can set
PLEASE_NO_GDB_BACKTRACE=1
and there will be no backtrace, which can save quite a bit of time and
thousands of lines of log file. (In particular, backtraces of Python
programs can take over a minute to complete).
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: David Mulder <dmulder@suse.com>
Ralph Boehme [Tue, 16 Feb 2021 13:24:05 +0000 (14:24 +0100)]
printing: use correct error out in get_correct_cversion() when openat_pathref_fsp() fails
Fixes a regression introduced by
a74f0af1a91fe0bbc68e4d41d65f43ec383ae8bf: if
there's no existing file, openat_pathref_fsp() will fail with
NT_STATUS_OBJECT_NAME_NOT_FOUND which must be handled the same way it is done by
the SMB_VFS_CREATE_FILE() call below.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14635
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Wed Feb 17 19:53:00 UTC 2021 on sn-devel-184
Ralph Boehme [Tue, 16 Feb 2021 13:23:02 +0000 (14:23 +0100)]
printing: use correct error out in file_version_is_newer() when openat_pathref_fsp() fails
Fixes a regression introduced by
ef5e913bca584f0232d5bfff14df4ccba2dda35c: if
there's no existing file, openat_pathref_fsp() will fail with
NT_STATUS_OBJECT_NAME_NOT_FOUND which must be handled the same way it is done by
the SMB_VFS_CREATE_FILE() call below.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14635
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Ralph Boehme [Tue, 16 Feb 2021 13:19:51 +0000 (14:19 +0100)]
printing: use correct error out in file_version_is_newer() when openat_pathref_fsp() fails
Fixes a regression introduced by
cbe25e1777d0c43c21e8acc2cea79fd03fdaf2ea: if
there's no existing file, openat_pathref_fsp() will fail with
NT_STATUS_OBJECT_NAME_NOT_FOUND which must be handled the same way it is done by
the SMB_VFS_CREATE_FILE() call below.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14635
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
David Mulder [Wed, 23 Dec 2020 15:09:32 +0000 (08:09 -0700)]
samba-tool: Replace gpo command for removing Sudoers Group Policy
Replace it with the VGP command for removing
sudoers entries from an xml file.
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sun Feb 14 00:53:41 UTC 2021 on sn-devel-184
David Mulder [Tue, 22 Dec 2020 22:36:59 +0000 (15:36 -0700)]
samba-tool: Test gpo manage vgp sudoers remove command
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Mulder [Tue, 22 Dec 2020 20:34:19 +0000 (13:34 -0700)]
samba-tool: Replace gpo command for adding Sudoers Group Policy
Replace it with the VGP command for adding
sudoers entries in an xml file.
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Mulder [Tue, 22 Dec 2020 18:23:34 +0000 (11:23 -0700)]
samba-tool: Test VGP sudoers add command
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>