Andreas Schneider [Wed, 14 Apr 2021 09:44:51 +0000 (11:44 +0200)]
tests: Use --configfile instead of -s
We should use long options in tests to make clear what we are trying to
do.
Also the -s short option will be removed for --configfile later.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Fri, 9 Apr 2021 12:33:09 +0000 (14:33 +0200)]
testprogs: Use --suppress-prompt instead of -s for testparm
We should use long options in tests to make clear what we are trying to
do.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Thu, 17 Dec 2020 11:25:15 +0000 (12:25 +0100)]
tests: Use ldbsearch '--scope instead of '-s'
We should use long options in tests to make clear what we are trying to
do.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Thu, 3 Dec 2020 14:29:28 +0000 (15:29 +0100)]
docs-xml: Use 'desired' and 'required' for option 'client ipc signing'
For a better user experience we use disabled, desired, required
everywhere now. The arguments auto and mandatory are still working and
synonyms.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Thu, 3 Dec 2020 14:25:59 +0000 (15:25 +0100)]
docs-xml: Use 'desired' and 'required' for option 'client signing'
For a better user experience we use disabled, desired, required
everywhere now. The arguments auto and mandatory are still working and
synonyms.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Tue, 12 Jan 2021 09:07:56 +0000 (10:07 +0100)]
selftest: Specify /dev/null as the smbd config file
smbd will require a smb.conf later.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Mon, 11 Jan 2021 15:30:44 +0000 (16:30 +0100)]
s3:winbind: Pass the 'samba' daemon config file to winbindd
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Mon, 11 Jan 2021 15:27:48 +0000 (16:27 +0100)]
s4:winbind: Add a missing no memory check
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Mon, 11 Jan 2021 15:24:23 +0000 (16:24 +0100)]
file_server: Pass the 'samba' daemon config file to smbd
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Mon, 11 Jan 2021 15:24:00 +0000 (16:24 +0100)]
file_server: Add a missing no memory check
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Mon, 26 Apr 2021 06:15:00 +0000 (08:15 +0200)]
s3:utils: Link py_net only against needed cmdline_contexts library
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Mon, 29 Mar 2021 20:39:00 +0000 (09:39 +1300)]
build: Use bison at build time rather than lexyacc.sh to build the embedded heimdal
Because the filenames are changed to the *.tab.{h,c} format
a transitional header is added.
While the built compilers differ, the output of the compilers
and the resulting .o files have been verified not to have changed
on Ubuntu 20.04.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Sun, 18 Apr 2021 19:03:47 +0000 (07:03 +1200)]
heimdal: use correct prototype of yyparse()
As noted in
92c6891c368cae5c2402727c1f66f1c60778199d in upstream
Heimdal yyparse() returns an int.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Mon, 19 Apr 2021 00:57:38 +0000 (12:57 +1200)]
heimdal_build: Make HEIMDAL_BINARY be based on HEIMDAL_SUBSYSTEM
This is imporatant as it ensures that the warning -> error
logic and overrides are done for source files directly
listed in a HEIMDAL_BINARY and a HEIMDAL_SUBSYSTEM.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Viktor Dukhovni [Sun, 13 Nov 2016 19:51:17 +0000 (06:51 +1100)]
HEIMDAL: Avoid yydebug compiler warning
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry-picked from Heimdal commit
17d6d0ac1e8597e91d723399cbe9af9ea2e13f42)
Douglas Bagnall [Wed, 28 Apr 2021 01:07:51 +0000 (01:07 +0000)]
python: remove 'from __future__ import unicode_literals'
as well as a comment about Python 2 strings, which we don't want to be
reminded of.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 28 Apr 2021 01:06:06 +0000 (01:06 +0000)]
python/hostconfig: remove 'from __future__ import absolute_import'
obsolete in Python 3.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 28 Apr 2021 01:04:57 +0000 (01:04 +0000)]
python: remove all 'from __future__ import division'
This made '//' and '/' in Python 2 behave as in Python 3.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 28 Apr 2021 01:02:37 +0000 (01:02 +0000)]
python: remove all 'from __future__ import print_function'
This made Python 2's print behave like Python 3's print().
In some cases, where we had:
from __future__ import print_function
"""Intended module documentation..."""
this will have the side effect of making the intended module documentation
work as the actual module documentation (i.e. becoming __doc__), because
it is once again the first statement in the module.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Mon, 19 Apr 2021 19:45:31 +0000 (07:45 +1200)]
.gitlab-ci.yml: Always build the ubuntu1804-samba-o3 with --enable-coverage
This ensures that the coverage build always works, as it can trigger different warnings.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Mon, 19 Apr 2021 09:09:03 +0000 (21:09 +1200)]
.gitlab-ci.yml: Return code coverage reporting for "none" tasks
This was lost early on with
54f26cfcf2587a2b1d97f466a886fa89a116eea1
which did not take into account code coverage, which stopped running
for these tasks very early on with
71595201bea9b3fa28357065fa137806f9220f38.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Tue, 20 Apr 2021 02:39:40 +0000 (14:39 +1200)]
s3-modules: Fix "-Werror=maybe-uninitialized" errors only seen with -O3 and --enable-coverage
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Tue, 20 Apr 2021 02:38:37 +0000 (14:38 +1200)]
tests: Fix "-Werror=maybe-uninitialized" errors only seen with -O3 and --enable-coverage
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Mon, 19 Apr 2021 19:34:12 +0000 (07:34 +1200)]
torture: Avoid -Werror=strict-overflow in -O3 coverage build
The test_getinfo() function only needs to return if this happens
not how many times.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Thu, 15 Apr 2021 23:16:17 +0000 (11:16 +1200)]
.gitlab-ci.yml and autobuild: Publish the current HTML docs with the code coverage
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andreas Schneider [Tue, 27 Apr 2021 13:33:04 +0000 (15:33 +0200)]
lib:replace: Fix a posible double free
CID
1477397
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Apr 27 17:51:36 UTC 2021 on sn-devel-184
Volker Lendecke [Thu, 22 Apr 2021 08:29:24 +0000 (10:29 +0200)]
auth3: talloc_strackframe() panics on failure
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Apr 27 14:14:22 UTC 2021 on sn-devel-184
Volker Lendecke [Thu, 22 Apr 2021 08:29:14 +0000 (10:29 +0200)]
auth: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Volker Lendecke [Wed, 21 Apr 2021 19:51:44 +0000 (21:51 +0200)]
passdb: Add error checks in samu_set_unix_internal()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Volker Lendecke [Wed, 21 Apr 2021 19:30:30 +0000 (21:30 +0200)]
auth3: if (ret==False) just looks weird
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Volker Lendecke [Wed, 21 Apr 2021 10:56:04 +0000 (12:56 +0200)]
auth3: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Volker Lendecke [Wed, 21 Apr 2021 10:29:16 +0000 (12:29 +0200)]
auth3: Use auth3_context_set_challenge() in auth3_set_challenge()
Don't duplicate what's already there.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Volker Lendecke [Wed, 21 Apr 2021 10:28:12 +0000 (12:28 +0200)]
auth3: Apply some const to auth3_context_set_challenge()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Volker Lendecke [Wed, 21 Apr 2021 09:30:20 +0000 (11:30 +0200)]
gensec: Slightly simplify gensec_generate_session_info_pac()
Reduce indentation by an early error return and by introducing a
helper variable.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Volker Lendecke [Fri, 23 Apr 2021 14:37:31 +0000 (16:37 +0200)]
lib: Remove close_low_fds()
There were only two callers, it did not do proper error handling, and
it was confusing to call.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Volker Lendecke [Fri, 23 Apr 2021 14:35:02 +0000 (16:35 +0200)]
lib: Directly call close_low_fd() in become_daemon()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Volker Lendecke [Fri, 23 Apr 2021 14:31:08 +0000 (16:31 +0200)]
smbd: Replace call to close_low_fds() with direct calls
Check the errors from close_low_fd(). Also, close_low_fds() does not
really add a lot of value, for example there's no caller that closes
stderr.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Volker Lendecke [Fri, 23 Apr 2021 09:17:33 +0000 (11:17 +0200)]
printing: Avoid zombies in the background daemon
Whatever you read about waitpid() tells you should should run it in a
loop.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Volker Lendecke [Fri, 23 Apr 2021 14:09:43 +0000 (16:09 +0200)]
printing: Reduce indentation in start_background_queue()
We don't need the "if(pid==0)" here, we've covered "if(pid!=0)" a few
lines above.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Volker Lendecke [Fri, 23 Apr 2021 14:07:38 +0000 (16:07 +0200)]
printing: Remove dead code
This was already covered a few lines above.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Volker Lendecke [Fri, 23 Apr 2021 14:03:57 +0000 (16:03 +0200)]
printing: Remove the pause_pipe[] from queue_process.c
Since
c80f70390c37 we don't need this explicit pipe anymore.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Björn Baumbach [Fri, 23 Apr 2021 16:03:53 +0000 (18:03 +0200)]
samba-tool group listmembers: always list objects which can not expire
Otherwise for example contacts wouldn't be listed when the
--hide-expired option is used. Contacts typically do not have the
accountExpires attribute.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14692
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Rowland penny <rpenny@samba.org>
Autobuild-User(master): Björn Baumbach <bb@sernet.de>
Autobuild-Date(master): Mon Apr 26 13:21:43 UTC 2021 on sn-devel-184
Björn Baumbach [Fri, 23 Apr 2021 16:01:33 +0000 (18:01 +0200)]
test samba-tool group listmembers: test listing contacts as group members
Make sure that contacts are listed as group members, even if the
--hide-expired option is used.
Expect failure. Fix follows up.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14692
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Rowland penny <rpenny@samba.org>
Björn Baumbach [Mon, 18 Jan 2021 15:48:21 +0000 (16:48 +0100)]
pyldb: fix a typo
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Rowland penny <rpenny@samba.org>
Andreas Schneider [Thu, 22 Apr 2021 13:25:57 +0000 (15:25 +0200)]
lib:replace: Fix possible resource leaks in test_closefrom()
Found by covscan
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sun Apr 25 22:02:20 UTC 2021 on sn-devel-184
Andreas Schneider [Thu, 22 Apr 2021 13:20:27 +0000 (15:20 +0200)]
lib:replace: Fix memory leak in test_asprintf()
Found by covscan
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Thu, 22 Apr 2021 13:05:07 +0000 (15:05 +0200)]
lib:replace: Fix a memleak in test_strndup()
Found by covscan
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Thu, 22 Apr 2021 13:03:25 +0000 (15:03 +0200)]
lib:replace: Fix a memleak in test_strdup()
Found by covscan
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Thu, 22 Apr 2021 13:01:39 +0000 (15:01 +0200)]
lib:replace: Fix resource leak in os2_delete test
Found by covscan
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Thu, 22 Apr 2021 09:09:03 +0000 (11:09 +0200)]
lib:ldb: Change page size of guidindexpackv1.ldb
As this is a TDB file, the file has been backed up using tdbbackup to
get a different page size. This fixes running the repack.py test on
aarch64.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Apr 23 08:26:00 UTC 2021 on sn-devel-184
Gary Lockyer [Thu, 22 Apr 2021 08:03:53 +0000 (10:03 +0200)]
lib:ldb: Use a 1MiB lmdb so the test also passes on aarch64 CentOS stream
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Gordon Ross [Mon, 19 Apr 2021 22:31:13 +0000 (18:31 -0400)]
Fix sigsegv in check_stream in smbtorture smb2.streams.io
torture_comment calls need a struct torture_context arg,
not its mem_ctx child. Use talloc_parent(). Also
need to call torture_result somewhere on failure.
Signed-off-by: Gordon Ross <gordon.ross@tintri.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Apr 22 18:48:30 UTC 2021 on sn-devel-184
Andreas Schneider [Wed, 21 Apr 2021 08:30:56 +0000 (10:30 +0200)]
docs-xml: Update documentation for removal of NIS support
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Tue, 20 Apr 2021 16:01:02 +0000 (18:01 +0200)]
lib:replace: Remove NIS support
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Tue, 20 Apr 2021 15:59:34 +0000 (17:59 +0200)]
s3:smbd: Remove NIS support
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Wed, 21 Apr 2021 08:22:29 +0000 (10:22 +0200)]
s3:lib: Remove NIS support from substitute
%N is often used to get the netbios name (local machine name). So we
need to keep it.
This is covered by samba.tests.s3passdb.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Tue, 20 Apr 2021 15:53:49 +0000 (17:53 +0200)]
lib:util: Remove NIS support from string_match()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Tue, 20 Apr 2021 16:00:11 +0000 (18:00 +0200)]
lib:texpect: Do not link against nsl
I do not see what would use that in texpect.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Mulder [Tue, 27 Oct 2020 14:28:06 +0000 (08:28 -0600)]
samba-tool: Use s3 net join for member join
The s4 member join code has been broken for some
time. Modify samba-tool to instead use the
working s3 member join code.
Signed-off-by: David Mulder <dmulder@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): David Mulder <dmulder@samba.org>
Autobuild-Date(master): Wed Apr 21 21:40:13 UTC 2021 on sn-devel-184
David Mulder [Fri, 19 Mar 2021 18:31:42 +0000 (12:31 -0600)]
python: glue function for detecting if selftest is enabled
Signed-off-by: David Mulder <dmulder@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
David Mulder [Mon, 26 Oct 2020 21:13:50 +0000 (15:13 -0600)]
python: Test s3 net join and leave
Signed-off-by: David Mulder <dmulder@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
David Mulder [Wed, 21 Oct 2020 15:40:32 +0000 (09:40 -0600)]
s3: Add s3 net python bindings
This adds python bindings for the s3 net ads
join and leave commands.
Signed-off-by: David Mulder <dmulder@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Mon, 19 Apr 2021 12:07:50 +0000 (00:07 +1200)]
samba-tool: add dns zoneoptions for aging control
This adds a subcommand for altering zone parameters.
At the moment the only options are related to record aging (a.k.a
scavenging). The code is structured to make it easy to add more
integer or boolean options, but it is not clear that this would be
useful; many other parameters are not used or would only have
deleterious effects.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Apr 21 10:04:14 UTC 2021 on sn-devel-184
Andrew Bartlett [Thu, 15 Apr 2021 22:43:07 +0000 (10:43 +1200)]
docs: Expand the "log level" docs on audit logging
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14689
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Andrew Bartlett [Thu, 15 Apr 2021 02:40:30 +0000 (14:40 +1200)]
docs: underline special words in the audit logging part of "log level" in man smb.conf
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14689
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Andrew Bartlett [Thu, 15 Apr 2021 02:45:07 +0000 (14:45 +1200)]
docs: Further discourage the use of the "event notification" options
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14689
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Andrew Bartlett [Thu, 15 Apr 2021 02:44:22 +0000 (14:44 +1200)]
docs: Add proper explination on why transactions need to be audited.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14689
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Andrew Bartlett [Thu, 15 Apr 2021 02:39:49 +0000 (14:39 +1200)]
docs: Add missing documentation on dsdb_group_audit and dsdb_group_audit_json
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14689
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Andrew Bartlett [Thu, 15 Apr 2021 01:52:38 +0000 (13:52 +1200)]
debug: Synchronise "log level" in smb.conf with the code
This is done by pasting in the contents of default_classname_table[]
in lib/util/debug.c into
cut -f 2 -d \"| xargs -i sh -c 'echo "\t<listitem><para><parameter moreinfo=\"none\">{}</parameter></para></listitem>"'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14689
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Volker Lendecke [Mon, 19 Apr 2021 14:00:27 +0000 (16:00 +0200)]
libcli: Fix parsing access flags from multiple tables
We have to look at all available mappings for parsing sddl for each
special flag set. "GW" and "FX" come from two different tables, but
the previous code settled on one table and then expected both "GW" and
"FX" to come from that same table. Change the code to look at all
tables per special flag set.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Apr 21 00:04:36 UTC 2021 on sn-devel-184
Volker Lendecke [Mon, 19 Apr 2021 14:04:00 +0000 (16:04 +0200)]
torture: Show sddl_decode() failure for "GWFX" access mask
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 19 Apr 2021 12:46:21 +0000 (14:46 +0200)]
libcli: Factor out sddl_map_flag()
We have to look at more than one map, "FRSD" is not correctly handled
right now for example. This factors out walking a map to make walking
multiple maps easier.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Joseph Sutton [Sun, 11 Apr 2021 22:23:20 +0000 (10:23 +1200)]
util: Ensure debugger is not started until it is allowed to attach
Use a pipe to ensure that the debugger is not started until after the
prctl() call allowing it to attach to the parent, avoiding a potential
race condition.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Apr 20 12:33:40 UTC 2021 on sn-devel-184
Joseph Sutton [Mon, 29 Mar 2021 02:04:53 +0000 (15:04 +1300)]
util: Ensure debugger can be attached to process
samba_start_debugger() attempts to start a debugger attached to the
calling process by calling system() to start a background process.
However, if the spawned shell exits before the debugger has had a chance
to attach, the debugger process will no longer be a child of the parent
process (as it will have been reparented).
If the system does not allow tracing by non-child processes, attachment
may fail as a result.
This commit replaces the system() call and the implicit shell around
xterm with an explicit fork()/exec() so that the debugger remains a
child of the calling process, ensuring the attachment succeeds unless
tracing is disabled completely.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Fri, 3 Apr 2020 10:06:50 +0000 (12:06 +0200)]
heimdal_build: avoid cflags='-DSOCKET_WRAPPER_DISABLE=1 -D_SAMBA_HOSTCC_'
SOCKET_WRAPPER_DISABLE is unused for a long time already
and _SAMBA_HOSTCC_ is implied by use_hostcc=True now.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
[abartlet@samba.org: Adapted to current master from Metze's wip.git/master/heimdal
branch]
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Fri, 3 Apr 2020 09:50:53 +0000 (11:50 +0200)]
lib/replace: don't set -D_SAMBA_HOSTCC_ explicitly
use_hostcc=True already triggers this.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Fri, 3 Apr 2020 09:49:44 +0000 (11:49 +0200)]
wafsamba: let 'use_hostcc=True' result in -D_SAMBA_HOSTCC_
That's easier for the callers.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Andrew Bartlett [Wed, 20 May 2015 11:40:13 +0000 (13:40 +0200)]
selftest: Improve test names in kinit test for improved debugging
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Andrew Bartlett [Thu, 6 Sep 2018 02:54:50 +0000 (14:54 +1200)]
heimdal_build: Do not use LMDB in Heimdal even if we have it in Samba
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Fri, 3 Apr 2020 10:01:15 +0000 (12:01 +0200)]
heimdal_build: use TO_LIST from wafsamba.samba_utils
Signed-off-by: Stefan Metzmacher <metze@samba.org>
[abartlet@samba.org: adapted from patch in Metze's
wip.git/master-heimdal to current master
without the other patches]
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Jeremy Allison [Mon, 19 Apr 2021 23:38:00 +0000 (16:38 -0700)]
s3: smbd: Prevent fchmod on a symlink.
Remove selftest/knownfail.d/symlink_chmod.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Apr 20 08:23:42 UTC 2021 on sn-devel-184
Jeremy Allison [Mon, 19 Apr 2021 23:25:51 +0000 (16:25 -0700)]
s3: torture: Add samba3.smbtorture_s3.plain.POSIX-SYMLINK-CHMOD
Shows we must protect against a null fsp handle when doing POSIX chmod on a symlink,
whether the symlink points to a real object or is dangling.
Add to knownfail for now. Commit
9722732b1867e359304594ada72ff40cd1341be5
removed the fsp == NULL protection for POSIX, and we need to put it back.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
David Mulder [Mon, 19 Apr 2021 19:42:35 +0000 (13:42 -0600)]
gpo: Open ssh config to write bytes
Reopening the existing config file fails because
we fail to open to write bytes.
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
pavel.filipensky [Fri, 16 Apr 2021 12:24:15 +0000 (14:24 +0200)]
s3:passdb: Fix 'return 1' in secrets_store_creds()
The recently introduced function secrets_store_creds() should always
use 'return false' in case of a failure. It is not only spelling issue
since 'return 1' actually means 'return true'.
Signed-off-by: Pavel Filipensky <pavel.filipensky@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Apr 20 06:42:50 UTC 2021 on sn-devel-184
Volker Lendecke [Mon, 12 Apr 2021 09:43:06 +0000 (09:43 +0000)]
lib: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Apr 19 19:07:01 UTC 2021 on sn-devel-184
Volker Lendecke [Fri, 16 Apr 2021 20:18:29 +0000 (22:18 +0200)]
auth3: Make auth3_session_info_create() static
Only used in the static artifical session creation
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 16 Apr 2021 15:32:27 +0000 (17:32 +0200)]
torture: Move sddl tests to python
This kind of test is better hosted in python than in C. More lines,
but the ones in source4/libcli/security/tests/sddl.c were preeetty
long...
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 16 Apr 2021 15:22:12 +0000 (17:22 +0200)]
librpc: Add py_descriptor_richcmp() equality function
Only a python3 version. Do we still need the python2 flavor?
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 16 Apr 2021 07:15:43 +0000 (09:15 +0200)]
librpc: Use GUID_buf_string() in python wrappers
No need for the talloc'ed strings
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 15 Apr 2021 10:05:34 +0000 (12:05 +0200)]
py_security: Avoid casts in py_random_sid()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 14 Apr 2021 15:44:54 +0000 (17:44 +0200)]
libcli: Simplify sddl_encode_ace()
Use GUID_buf_string() instead of GUID_string() for encoding objects,
no need to check for NULL anymore.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 14 Apr 2021 18:42:27 +0000 (20:42 +0200)]
auth3: Add an error check to auth_generic_prepare()
gensec_set_credentials() can fail
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 14 Apr 2021 18:37:39 +0000 (20:37 +0200)]
auth3: Remove unnecessary talloc_unlink() calls
The structures we unlinked have been talloc_reference()ed in gensec
and thus don't need the second talloc parent anymore. But this
talloc_unlink isn't necessary because tmp_ctx is free()ed a few lines
down.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 14 Apr 2021 14:30:16 +0000 (16:30 +0200)]
dsdb: Slightly tune get_new_descriptor()
DBG_DEBUG only calls its arguments if required according to the debug
level. A simple talloc_new/TALLOC_FREE in the normal case should be
much cheaper than the full sddl_encode().
I just stumbled across this code, this is has not shown up in any
profiles. I just think it's cleaner this way.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 14 Apr 2021 10:33:09 +0000 (12:33 +0200)]
auth3: Make load_auth_module() static
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 14 Apr 2021 10:31:27 +0000 (12:31 +0200)]
auth3: Remove auth_skel.c
Authentication is a very complex topic, and someone who is able to
write a custom auth module turning a struct auth_usersupplied_info
into a struct auth_serversupplied_info should be able to live without
this skeleton module.
This module also gave an example to load a secondary authentication
module via a module parameter (the call to load_module()). We have
abandoned this practice, and since the "auth methods" parameter has
gone we don't use this anymore internally.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 14 Apr 2021 08:48:04 +0000 (10:48 +0200)]
create_local_token: Add error checks
add_sid_to_array_unique() only fails for ENOMEM, and other parts of
the auth stack would probably crash under ENOMEM anyway. But this is
authorization-related code that should be as clean as possible.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 14 Apr 2021 08:43:44 +0000 (10:43 +0200)]
auth3: Fix a few error path memleaks in create_local_token()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 14 Apr 2021 08:28:21 +0000 (10:28 +0200)]
auth3: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 14 Apr 2021 08:05:59 +0000 (10:05 +0200)]
auth3: Simplify check_samba4_security()
First set up "server_info" in a local variable and once it's fully set
up, assign it to the out parameter "pserver_info".
Pointer dereferencing obfuscates the code for me.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>