Ralph Boehme [Wed, 27 Feb 2019 15:45:07 +0000 (16:45 +0100)]
smbcacls: add -x argument, prints maximum access
Signed-off-by: Ralph Boehme <slow@samba.org>
Ralph Boehme [Fri, 1 Mar 2019 08:49:17 +0000 (09:49 +0100)]
s3:libsmb: add cli_query_mxac()
Works only for SMB2.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Fri, 1 Mar 2019 08:48:25 +0000 (09:48 +0100)]
s3:libsmb: add cli_smb2_query_mxac()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Fri, 1 Mar 2019 17:06:48 +0000 (18:06 +0100)]
s4:torture: add a test with additional bits in SEC_FLAG_MAXIMUM_ALLOWED
When access_mask contains SEC_FLAG_MAXIMUM_ALLOWED, the server must still
proces other bits from access_mask. Eg if access_mask contains a right that
the requester doesn't have, the function must validate that against the
effective permissions.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Fri, 1 Mar 2019 17:57:23 +0000 (18:57 +0100)]
libcli/security: fix handling of deny type ACEs in access_check_max_allowed()
Deny ACEs must always be evaluated against explicitly granted rights
from previous ACEs.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13812
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Sun, 3 Mar 2019 07:33:51 +0000 (08:33 +0100)]
s4:torture: Add test_deny1().
Creates a 2-element ALLOW + DENY ACE showing that when calculating
effective permissions and maximum access already seen allow bits are not
removed.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13812
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Jeremy Allison [Thu, 28 Feb 2019 22:59:01 +0000 (14:59 -0800)]
s4:torture: Add test_owner_rights_deny1().
Creates a 3-element ALLOW + ALLOW + DENY ACE showing that when
calculating maximum access already seen allow bits are not removed.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13812
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Ralph Boehme [Fri, 1 Mar 2019 17:20:35 +0000 (18:20 +0100)]
libcli/security: correct access check and maximum access calculation for Owner Rights ACEs
We basically must process the Owner Rights ACEs as any other ACE wrt to the
order of adding granted permissions and checking denied permissions. According
to MS-DTYP 2.5.3.2 Owner Rights ACEs must be evaluated in the main loop over
the ACEs in an ACL and the corresponding access_mask must be directly applied
to bits_remaining. We currently defer this to after the loop over the ACEs in
ACL, this is wrong.
We just have to do some initial magic to determine if an ACL contains and
Owner Rights ACEs, and in case it doesn't we grant SEC_STD_WRITE_DAC |
SEC_STD_READ_CONTROL at the *beginning*. MS-DTYP:
-- the owner of an object is always granted READ_CONTROL and WRITE_DAC.
CALL SidInToken(Token, SecurityDescriptor.Owner, PrincipalSelfSubst)
IF SidInToken returns True THEN
IF DACL does not contain ACEs from object owner THEN
Remove READ_CONTROL and WRITE_DAC from RemainingAccess
Set GrantedAccess to GrantedAccess or READ_CONTROL or WRITE_OWNER
END IF
END IF
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13812
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Jeremy Allison [Thu, 28 Feb 2019 22:37:09 +0000 (14:37 -0800)]
s4:torture: Add test_owner_rights_deny().
Shows that owner and SID_OWNER_RIGHTS ACE
entries interact in max permissions requests.
Tested against Windows.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13812
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Thu, 28 Feb 2019 21:55:31 +0000 (13:55 -0800)]
s4:torture: Fix the test_owner_rights() test to show permissions are additive.
Tested against Windows.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13812
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
David Disseldorp [Mon, 4 Mar 2019 10:35:45 +0000 (11:35 +0100)]
vfs: drop lseek stat-open checks
b9e91d2a8e41a43d7ebb7d7eed807a7d8de9b329 added fd==-1 checks to the
lseek() path to handle "stat opens". Current reply.c and
smb2_ioctl_filesys.c callers do not invoke SMB_VFS_LSEEK() with
stat-open fsp structs, so the fd==-1 checks can be removed from the
VFS.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Sun, 3 Mar 2019 21:09:26 +0000 (22:09 +0100)]
CI: don't use swap
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Mon Mar 4 13:59:42 UTC 2019 on sn-devel-144
Volker Lendecke [Thu, 28 Feb 2019 20:47:51 +0000 (21:47 +0100)]
libsmb: Make cli_posix_unlink/rmdir proper tevent_req/subreq pairs
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Mar 2 00:55:56 UTC 2019 on sn-devel-144
Volker Lendecke [Thu, 28 Feb 2019 20:18:06 +0000 (21:18 +0100)]
libsmb: Use tevent_req_simple_finish_ntstatus()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 28 Feb 2019 20:18:06 +0000 (21:18 +0100)]
libsmb: Use tevent_req_simple_finish_ntstatus()
Less lines... Just rediscovered this function :-)
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Disseldorp [Fri, 1 Mar 2019 15:40:50 +0000 (16:40 +0100)]
ctdb_mutex_ceph_rados_helper: revert strtoull_err() usage
Compilation currently fails, as ctdb_mutex_ceph_rados_helper doesn't
include or link against the samba-util library. Revert back to the
previous strtoull() behaviour, which works fine.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Mar 1 18:34:18 UTC 2019 on sn-devel-144
Amitay Isaacs [Fri, 1 Mar 2019 03:18:31 +0000 (14:18 +1100)]
ctdb-daemon: Fix maybe-uninitialized error with picky developer
263/386] Compiling ctdb/server/ctdb_recovery_helper.c
In file included from ../../server/ctdb_recovery_helper.c:24:0:
../../server/ctdb_recovery_helper.c: In function ‘main’:
../../../lib/talloc/talloc.h:911:34: error: ‘mem_ctx’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
#define TALLOC_FREE(ctx) do { if (ctx != NULL) { talloc_free(ctx); ctx=NULL; } } while(0)
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Björn Jacke [Thu, 28 Feb 2019 16:31:31 +0000 (17:31 +0100)]
wafbuild: create missing private library symlinks on platforms without soname support for shared libs
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9557
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Björn Jacke <bjacke@samba.org>
Autobuild-Date(master): Fri Mar 1 17:05:19 UTC 2019 on sn-devel-144
Volker Lendecke [Thu, 28 Feb 2019 12:47:22 +0000 (13:47 +0100)]
libsmb: Make cli_smb2_rmdir asynchronous
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Mar 1 01:30:35 UTC 2019 on sn-devel-144
Volker Lendecke [Wed, 20 Feb 2019 16:23:46 +0000 (17:23 +0100)]
libsmb: add in/out cblobs to cli_smb2_create_fnum
This is driven by the imminent smb2 unix extensions, we'll want to make use of
it from source3/libsmb.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 20 Feb 2019 16:06:32 +0000 (17:06 +0100)]
libsmb: Avoid a separate "cblobs" var sending smb2 create
Less lines of code, and we will add custom cblobs soon. This change
makes that logic easier.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 15 Feb 2019 17:24:31 +0000 (18:24 +0100)]
libsmb: Reformat the cli_smb2_create_fnum_send args
We'll add parameters in the next commit, make that commit a bit more obvious
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Swen Schillig [Tue, 5 Feb 2019 07:39:14 +0000 (08:39 +0100)]
lib: modify string conversion wrapper to handle signed input
The standard string conversion routines convert a "signed string"
into the positive representation of the resulting value.
This is not wanted and therefore now detected and flag'ed as an error.
Signed-off-by: Swen Schillig <swen@linux.ibm.com>
Reviewed-by: Ralph Böhme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Swen Schillig [Wed, 30 Jan 2019 09:28:52 +0000 (10:28 +0100)]
ctdb-utils: Use wrapper for string to integer conversion
In order to detect an value overflow error during
the string to integer conversion with strtoul/strtoull,
the errno variable must be set to zero before the execution and
checked after the conversion is performed. This is achieved by
using the wrapper function strtoul_err and strtoull_err.
Signed-off-by: Swen Schillig <swen@linux.ibm.com>
Reviewed-by: Ralph Böhme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Swen Schillig [Wed, 30 Jan 2019 08:31:34 +0000 (09:31 +0100)]
source4: Use wrapper for string to integer conversion
In order to detect an value overflow error during
the string to integer conversion with strtoul/strtoull,
the errno variable must be set to zero before the execution and
checked after the conversion is performed. This is achieved by
using the wrapper function strtoul_err and strtoull_err.
Signed-off-by: Swen Schillig <swen@linux.ibm.com>
Reviewed-by: Ralph Böhme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Swen Schillig [Wed, 30 Jan 2019 07:39:15 +0000 (08:39 +0100)]
libcli: Use wrapper for string to integer conversion
In order to detect an value overflow error during
the string to integer conversion with strtoul/strtoull,
the errno variable must be set to zero before the execution and
checked after the conversion is performed. This is achieved by
using the wrapper function strtoul_err and strtoull_err.
Signed-off-by: Swen Schillig <swen@linux.ibm.com>
Reviewed-by: Ralph Böhme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Swen Schillig [Wed, 30 Jan 2019 07:33:02 +0000 (08:33 +0100)]
common-lib: Use wrapper for string to integer conversion
In order to detect an value overflow error during
the string to integer conversion with strtoul/strtoull,
the errno variable must be set to zero before the execution and
checked after the conversion is performed. This is achieved by
using the wrapper function strtoul_err and strtoull_err.
Signed-off-by: Swen Schillig <swen@linux.ibm.com>
Reviewed-by: Ralph Böhme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Swen Schillig [Tue, 29 Jan 2019 13:36:44 +0000 (14:36 +0100)]
wbinfo: Use wrapper for string to integer conversion
In order to detect an value overflow error during
the string to integer conversion with strtoul/strtoull,
the errno variable must be set to zero before the execution and
checked after the conversion is performed. This is achieved by
using the wrapper function strtoul_err and strtoull_err.
Signed-off-by: Swen Schillig <swen@linux.ibm.com>
Reviewed-by: Ralph Böhme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Swen Schillig [Tue, 29 Jan 2019 13:21:25 +0000 (14:21 +0100)]
libwbclient: Use wrapper for string to integer conversion
In order to detect an value overflow error during
the string to integer conversion with strtoul/strtoull,
the errno variable must be set to zero before the execution and
checked after the conversion is performed. This is achieved by
using the wrapper function strtoul_err and strtoull_err.
Signed-off-by: Swen Schillig <swen@linux.ibm.com>
Reviewed-by: Ralph Böhme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Swen Schillig [Tue, 29 Jan 2019 12:27:28 +0000 (13:27 +0100)]
ctdb-tools: Use wrapper for string to integer conversion
In order to detect an value overflow error during
the string to integer conversion with strtoul/strtoull,
the errno variable must be set to zero before the execution and
checked after the conversion is performed. This is achieved by
using the wrapper function strtoul_err and strtoull_err.
Signed-off-by: Swen Schillig <swen@linux.ibm.com>
Reviewed-by: Ralph Böhme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Swen Schillig [Tue, 29 Jan 2019 12:07:56 +0000 (13:07 +0100)]
ctdb-server: Use wrapper for string to integer conversion
In order to detect an value overflow error during
the string to integer conversion with strtoul/strtoull,
the errno variable must be set to zero before the execution and
checked after the conversion is performed. This is achieved by
using the wrapper function strtoul_err and strtoull_err.
Signed-off-by: Swen Schillig <swen@linux.ibm.com>
Reviewed-by: Ralph Böhme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Swen Schillig [Tue, 29 Jan 2019 12:03:20 +0000 (13:03 +0100)]
ctdb-protocol: Use wrapper for string to integer conversion
In order to detect an value overflow error during
the string to integer conversion with strtoul/strtoull,
the errno variable must be set to zero before the execution and
checked after the conversion is performed. This is achieved by
using the wrapper function strtoul_err and strtoull_err.
Signed-off-by: Swen Schillig <swen@linux.ibm.com>
Reviewed-by: Ralph Böhme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Swen Schillig [Mon, 28 Jan 2019 13:35:30 +0000 (14:35 +0100)]
rpcclient: Use wrapper for string to integer conversion
In order to detect an value overflow error during
the string to integer conversion with strtoul/strtoull,
the errno variable must be set to zero before the execution and
checked after the conversion is performed. This is achieved by
using the wrapper function strtoul_err and strtoull_err.
Signed-off-by: Swen Schillig <swen@linux.ibm.com>
Reviewed-by: Ralph Böhme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Swen Schillig [Mon, 28 Jan 2019 13:30:15 +0000 (14:30 +0100)]
modules: Use wrapper for string to integer conversion
In order to detect an value overflow error during
the string to integer conversion with strtoul/strtoull,
the errno variable must be set to zero before the execution and
checked after the conversion is performed. This is achieved by
using the wrapper function strtoul_err and strtoull_err.
Signed-off-by: Swen Schillig <swen@linux.ibm.com>
Reviewed-by: Ralph Böhme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Swen Schillig [Mon, 28 Jan 2019 13:07:39 +0000 (14:07 +0100)]
winbindd: Use wrapper for string to integer conversion
In order to detect an value overflow error during
the string to integer conversion with strtoul/strtoull,
the errno variable must be set to zero before the execution and
checked after the conversion is performed. This is achieved by
using the wrapper function strtoul_err and strtoull_err.
Signed-off-by: Swen Schillig <swen@linux.ibm.com>
Reviewed-by: Ralph Böhme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Swen Schillig [Mon, 28 Jan 2019 12:57:15 +0000 (13:57 +0100)]
passdb: Use wrapper for string to integer conversion
In order to detect an value overflow error during
the string to integer conversion with strtoul/strtoull,
the errno variable must be set to zero before the execution and
checked after the conversion is performed. This is achieved by
using the wrapper function strtoul_err and strtoull_err.
Signed-off-by: Swen Schillig <swen@linux.ibm.com>
Reviewed-by: Ralph Böhme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Swen Schillig [Mon, 28 Jan 2019 12:36:45 +0000 (13:36 +0100)]
utils: Use wrapper for string to integer conversion
In order to detect an value overflow error during
the string to integer conversion with strtoul/strtoull,
the errno variable must be set to zero before the execution and
checked after the conversion is performed. This is achieved by
using the wrapper function strtoul_err and strtoull_err.
Signed-off-by: Swen Schillig <swen@linux.ibm.com>
Reviewed-by: Ralph Böhme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Swen Schillig [Mon, 28 Jan 2019 12:12:09 +0000 (13:12 +0100)]
groupdb: Use wrapper for string to integer conversion
In order to detect an value overflow error during
the string to integer conversion with strtoul/strtoull,
the errno variable must be set to zero before the execution and
checked after the conversion is performed. This is achieved by
using the wrapper function strtoul_err and strtoull_err.
Signed-off-by: Swen Schillig <swen@linux.ibm.com>
Reviewed-by: Ralph Böhme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Swen Schillig [Mon, 28 Jan 2019 11:54:07 +0000 (12:54 +0100)]
lib: Use wrapper for string to integer conversion
In order to detect an value overflow error during
the string to integer conversion with strtoul/strtoull,
the errno variable must be set to zero before the execution and
checked after the conversion is performed. This is achieved by
using the wrapper function strtoul_err and strtoull_err.
Signed-off-by: Swen Schillig <swen@linux.ibm.com>
Reviewed-by: Ralph Böhme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Swen Schillig [Mon, 28 Jan 2019 08:42:13 +0000 (09:42 +0100)]
util: Add two wrapper for string to int conversion
Adding wrapper strtoull_err and strtoul_err to handle
error conditions of the conversion process.
Signed-off-by: Swen Schillig <swen@linux.ibm.com>
Reviewed-by: Ralph Böhme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Wed, 27 Feb 2019 17:07:03 +0000 (18:07 +0100)]
libcli/security: add "Owner Rights" calculation to access_check_max_allowed()
This was missing in
44590c1b70c0a24f853c02d5fcdb3c609401e2ca.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13812
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Thu Feb 28 19:18:16 UTC 2019 on sn-devel-144
Ralph Boehme [Thu, 28 Feb 2019 13:48:02 +0000 (14:48 +0100)]
s4:torture: add a Maximum Access check with an Owner Rights ACE
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13812
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Ralph Boehme [Thu, 28 Feb 2019 13:47:18 +0000 (14:47 +0100)]
s4:libcli: remember return code from maximum access
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13812
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Volker Lendecke [Tue, 26 Feb 2019 14:23:17 +0000 (15:23 +0100)]
lib: Remove some unused code
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Feb 28 13:53:41 UTC 2019 on sn-devel-144
Volker Lendecke [Tue, 26 Feb 2019 14:17:36 +0000 (15:17 +0100)]
passdb: Make [ug]id_to_sid use xid_to_sid
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813
Volker Lendecke [Tue, 26 Feb 2019 14:10:21 +0000 (15:10 +0100)]
passdb: Introduce xid_to_sid
This explicitly avoids the legacy_[ug]id_to_sid calls, which create
long-term cache entries to S-1-22-x-y if anthing fails. We can't do
this, because this will turn temporary winbind communication failures
into long-term problems: A short hickup in winbind_uid_to_sid will
create a mapping to S-1-22-1-uid for a week. It should be up to the
lower layers to do the caching.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813
Volker Lendecke [Tue, 26 Feb 2019 13:45:32 +0000 (14:45 +0100)]
lib: Introduce winbind_xid_to_sid
This does not merge a winbind communication error into
"global_sid_NULL" (S-1-0-0), which by the way non-intuitively does not
go along with is_null_sid(). Instead, this just touches the output sid
when winbind returned success. This success might well be a negative
mapping indicated by S-0-0, which *is* is_null_sid()...
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813
Volker Lendecke [Tue, 26 Feb 2019 13:34:56 +0000 (14:34 +0100)]
winbind: Use idmap_cache_find_xid2sid
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813
Volker Lendecke [Wed, 27 Feb 2019 13:54:12 +0000 (14:54 +0100)]
torture: Add tests for idmap cache
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813
Volker Lendecke [Tue, 26 Feb 2019 13:32:52 +0000 (14:32 +0100)]
idmap_cache: Introduce idmap_cache_find_xid2sid
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813
Volker Lendecke [Mon, 25 Feb 2019 13:55:00 +0000 (14:55 +0100)]
winbind: Now we explicitly track if we got ids from cache
This now properly makes us use negative cache entries
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813
Volker Lendecke [Tue, 26 Feb 2019 11:52:28 +0000 (12:52 +0100)]
winbind: Initialize "expired" parameter to idmap_cache_xid2sid
The code in idmap_cache only touches its output parameters upon success
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813
Volker Lendecke [Tue, 26 Feb 2019 11:46:39 +0000 (12:46 +0100)]
idmap_cache: Only touch "sid" on success in find_xid_to_sid
Why? This makes the negative mapping condition (is_null_sid) more
explicit in the code.
The callers in lookup_sid initialized "psid" anyway before, and the ones
in wb_xids2sids now do as well. This is more in line with other APIs we
have: Only touch output parameters if you have something to say.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813
Volker Lendecke [Mon, 25 Feb 2019 13:38:50 +0000 (14:38 +0100)]
lib: Make idmap_cache return negative mappings
Without this we'd query non-existent mappings over and over
again.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813
Volker Lendecke [Tue, 26 Feb 2019 10:06:29 +0000 (11:06 +0100)]
libwbclient: Protect wbcCtxUnixIdsToSids against integer-wrap
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
David Disseldorp [Wed, 27 Feb 2019 11:09:52 +0000 (12:09 +0100)]
docs: fix minor typo in smb.conf "log level" section
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Wed Feb 27 16:22:27 UTC 2019 on sn-devel-144
David Disseldorp [Tue, 26 Feb 2019 12:54:21 +0000 (13:54 +0100)]
vfs_ceph: drop ifdef HAVE_FCHOWN/_FCHMOD
The cephwrap_fchown() and cephwrap_fchmod() wrappers call the
corresponding libcephfs functions. It doesn't make sense to make this
logic dependent on regular fchown()/fchmod() function presence, so remove
the ifdefs.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
David Disseldorp [Wed, 27 Feb 2019 10:52:42 +0000 (11:52 +0100)]
vfs_ceph: remove ceph_fallocate/ceph_ftruncate fallback
Both libcephfs functions are supported and capable of extending files,
so fallback can be dropped.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13807
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
David Disseldorp [Tue, 26 Feb 2019 15:07:27 +0000 (16:07 +0100)]
vfs_ceph: fix strict_allocate_ftruncate()
The vfs_ceph "strict allocate = yes" ftruncate wrapper may attempt
*local* filesystem ftruncate(). Fix this.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13807
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
David Disseldorp [Tue, 26 Feb 2019 20:26:27 +0000 (21:26 +0100)]
vfs_ceph: add missing fallocate hook
SMB_VFS_FALLOCATE() calls atop a vfs_ceph share currently fall through
to vfs_default, which results in a local filesystem I/O attempt using a
libcephfs file-descriptor. Add the missing fallocate hook to vfs_ceph.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13807
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Wed, 27 Feb 2019 07:22:09 +0000 (08:22 +0100)]
selftest: force running with TZ=UTC
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Feb 27 11:24:59 UTC 2019 on sn-devel-144
Stefan Metzmacher [Tue, 26 Feb 2019 21:55:05 +0000 (22:55 +0100)]
autobuild: try to distribute the tasks a bit more
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 21 Feb 2019 08:05:18 +0000 (09:05 +0100)]
.gitlab-ci.yml: use .shared_template for samba
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Tue, 26 Feb 2019 14:04:14 +0000 (15:04 +0100)]
autobuild: spread ad-dc tests over 6 autobuild/ci separate tasks/jobs
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Tue, 26 Feb 2019 13:59:00 +0000 (14:59 +0100)]
autobuild: add samba-ad-member task
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Tue, 26 Feb 2019 14:12:36 +0000 (15:12 +0100)]
autobuild: run ad_dc_backup tests in samba-ad-dc-backup
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 21 Feb 2019 07:42:50 +0000 (08:42 +0100)]
autobuild: move maptoguest and simpleserver to 'samba-fileserver'
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 21 Feb 2019 07:37:53 +0000 (08:37 +0100)]
autobuild: move nt4_dc_schannel out of 'samba'
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Tue, 26 Feb 2019 13:04:42 +0000 (14:04 +0100)]
s4:selftest: make use of ad_dc_backup
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Tue, 26 Feb 2019 13:03:29 +0000 (14:03 +0100)]
selftest:Samba4: add ad_dc_backup alias to ad_dc
This will allow us to run really most tests in an isolated
autobuild/ci task later.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Tue, 26 Feb 2019 13:04:42 +0000 (14:04 +0100)]
s4:selftest: make use of ad_dc_default
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Tue, 26 Feb 2019 13:03:29 +0000 (14:03 +0100)]
selftest:Samba4: add ad_dc_default alias to ad_dc_ntvfs
This will allow us to run really most tests in an isolated
autobuild/ci task later.
This will apply to tests, which may not rely on the ntvfs backend, so
the ad_dc_default alias can point to another environment in future.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Tue, 26 Feb 2019 13:04:42 +0000 (14:04 +0100)]
s4:selftest: make use of ad_dc_slowtests
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Tue, 26 Feb 2019 13:03:29 +0000 (14:03 +0100)]
selftest:Samba4: add ad_dc_slowtests alias to ad_dc_ntvfs
This will allow us to run really slow tests in an isolated
autobuild/ci task later.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 21 Feb 2019 14:07:42 +0000 (15:07 +0100)]
s4:selftest: use the fl2008dc alias when looping over all functional levels
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Tue, 26 Feb 2019 13:01:10 +0000 (14:01 +0100)]
selftest:Samba4: add fl2008dc as alias to ad_dc_ntvfs
Using aliases it will be possible to split the large amount
of tests which use ad_dc_ntvfs into multiple autobuild/ci
tasks/jobs later.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Tue, 26 Feb 2019 12:58:31 +0000 (13:58 +0100)]
s4:selftest: move very slow tests on ad_dc_ntvfs into one location in tests.py
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Andreas Schneider [Wed, 27 Feb 2019 07:00:05 +0000 (08:00 +0100)]
libcli:auth: Remove unused header file
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Feb 27 10:00:32 UTC 2019 on sn-devel-144
Andreas Schneider [Wed, 27 Feb 2019 07:09:11 +0000 (08:09 +0100)]
s4:torture: Remove unused header file
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Andreas Schneider [Wed, 27 Feb 2019 07:05:05 +0000 (08:05 +0100)]
s4:dsdb: Remove unused header file
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Andreas Schneider [Wed, 27 Feb 2019 07:03:05 +0000 (08:03 +0100)]
libcli:samsync: Remove unused header file
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Andreas Schneider [Wed, 27 Feb 2019 07:07:37 +0000 (08:07 +0100)]
s4:dsdb: Only use the required md4 and md5 header files
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Andreas Schneider [Wed, 27 Feb 2019 07:06:21 +0000 (08:06 +0100)]
s4:dsdb: Only use the required md4 header file
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Andreas Schneider [Wed, 27 Feb 2019 07:02:24 +0000 (08:02 +0100)]
libcli:auth: Only use the required md4 header
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Andreas Schneider [Wed, 27 Feb 2019 06:59:18 +0000 (07:59 +0100)]
libcli:auth: Only use the required md4 header
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Andreas Schneider [Wed, 27 Feb 2019 06:57:44 +0000 (07:57 +0100)]
krb5_wrap: Only use the required md4 header
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Andreas Schneider [Tue, 26 Feb 2019 17:30:22 +0000 (18:30 +0100)]
lib:crypto: Include only the required header files
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Andreas Schneider [Fri, 26 Oct 2018 12:50:29 +0000 (14:50 +0200)]
libcli:auth: Avoid explicit ZERO_STRUCT
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Feb 27 03:22:50 CET 2019 on sn-devel-144
Andreas Schneider [Tue, 30 Oct 2018 16:08:35 +0000 (17:08 +0100)]
auth:gensec: Make sure we zero the checksum after use
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Thu, 11 Oct 2018 12:33:52 +0000 (14:33 +0200)]
libcli:smb: Zero sensitive memory after use
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 10 Jan 2019 20:13:36 +0000 (21:13 +0100)]
rpc_server: Use dom_sid_str_buf
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 7 Jan 2019 20:03:06 +0000 (21:03 +0100)]
libnet: Use dom_sid_str_buf
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 25 Oct 2018 19:29:29 +0000 (21:29 +0200)]
dsdb: Align integer types
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 8 Jan 2019 08:47:40 +0000 (09:47 +0100)]
audit_log: Use dom_sid_str_buf
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 12 Nov 2018 11:54:58 +0000 (12:54 +0100)]
winbind: Avoid a "==False"
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 15 Oct 2018 06:32:33 +0000 (08:32 +0200)]
winbind: Fix an error path memleak
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 9 Nov 2018 20:17:57 +0000 (21:17 +0100)]
winbind: Align integer types
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 30 Oct 2018 13:55:35 +0000 (14:55 +0100)]
winbindd: Fix typos
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sat, 12 Jan 2019 13:59:58 +0000 (14:59 +0100)]
libads: Align integer types
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 9 Nov 2018 20:12:51 +0000 (21:12 +0100)]
libads: Use dom_sid_str_buf
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
git.samba.org / samba.git / log