Ralph Boehme [Fri, 3 Sep 2021 10:14:19 +0000 (12:14 +0200)]
nmbd: use POPT_COMMON_DAEMON
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14803
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Ralph Boehme [Fri, 3 Sep 2021 05:33:39 +0000 (07:33 +0200)]
smbd: use POPT_COMMON_DAEMON
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14803
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Ralph Boehme [Fri, 3 Sep 2021 05:28:45 +0000 (07:28 +0200)]
lib/cmdline: restore pre-4.15 logging behaviour for daemons
For servers ensure logging is configured to go to a logfile unless in
interactive mode by calling setup_logging() before lp_load_global() is
called.
In 4.14 servers had the chance to call setup_logging(getprogname(),
DEBUG_FILE) before they called lp_load_*() explicitly in the server.
Now in 4.15 lp_load_*() is called internally when parsing the command
line arguments triggered by the server running the poptGetNextOpt()
loop, so it's too late when the server calls
setup_logging(getprogname(), DEBUG_FILE) as lots of debugging from
lp_load_()* was already written to DEBUG_DEFAULT_STDERR.
Note that there's a chicken and egg problem *within* this patchset:
this change here breaks stdout logging for servers until the servers
are converted to use the new POPT_COMMON_DAEMON. The only way to
address that would be squashing all changes into one patchset, but for
the sake of reviewability (is that an actual english word? :)) I chose
to split the changes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14803
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Ralph Boehme [Fri, 3 Sep 2021 05:22:18 +0000 (07:22 +0200)]
lib/cmdline: add POPT_COMMON_DAEMON daemon popt options
Note: interactive=true implies fork=false. This matches the semantics
that currently 3/4 daemons implement manually.
Not used so far, no change in behaviour.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14803
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Jeremy Allison [Thu, 2 Sep 2021 21:40:53 +0000 (14:40 -0700)]
s3: smbd: Fix openat_pathref_fsp() to cope with FIFO's in the filesystem.
Remove skip test for the DISABLE_OPATH case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14816
RN: Fix pathref open of a filesystem fifo in the DISABLE_OPATH build
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Mon Sep 6 09:51:54 UTC 2021 on sn-devel-184
Jeremy Allison [Thu, 2 Sep 2021 22:32:27 +0000 (15:32 -0700)]
s3: smbd: Add fifo test for the DISABLE_OPATH case.
Currently we hang when trying to list a directory
containing a fifo when configured with DISABLE_OPATH.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14816
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Andrew Bartlett [Sun, 5 Sep 2021 20:52:21 +0000 (08:52 +1200)]
selftest: Add prefix to new schema attributes to avoid flapping dsdb_schema_attributes
If two of these unit tests run in the same second they could
select the same name, as the name was only based on the time
and a common prefix.
As observed by Jeremy Allison. Thanks for the report!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14819
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Sep 6 02:32:51 UTC 2021 on sn-devel-184
Andrew Bartlett [Wed, 25 Aug 2021 00:03:08 +0000 (12:03 +1200)]
s4-lsa: Cache sam.ldb handle in lsa_LookupSids3/LookupNames4
Since
5c0345ea9bb34695dcd7be6c913748323bebe937 this
would not have been implicitly cached via the ldb_wrap
cache, due to the recording of the remote IP address
(which is a good thing).
This creates a more explicit and direct correct
cache on the connection.
The common code, including the SCHANNEL check is
placed into a helper function.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14807
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sun Sep 5 03:19:26 UTC 2021 on sn-devel-184
Andrew Bartlett [Wed, 25 Aug 2021 09:54:04 +0000 (09:54 +0000)]
selftest: Add a test for LookupSids3 and LookupNames4 in python
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14807
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andrew Bartlett [Tue, 24 Aug 2021 21:41:11 +0000 (09:41 +1200)]
dsdb: Be careful to avoid use of the expensive talloc_is_parent()
The wrong talloc API was selected while addressing a memory leak.
commit
ee2fe56ba0ef6626b634376e8dc2185aa89f8c99
Author: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Date: Tue Nov 27 11:07:44 2018 +1300
drepl: memory leak fix
Fixes a memory leak where schema reference attached to ldb
instance is lost before it can be freed.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14042
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Wed Jul 17 06:17:10 UTC 2019 on sn-devel-184
By using talloc_get_parent() walking the entire talloc tree is
avoided.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14806
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andrew Bartlett [Sat, 4 Sep 2021 01:11:08 +0000 (13:11 +1200)]
selftest: Only run samba_tool_drs_showrepl test once
This test is not slow, but there is no value running it twice.
Running this test twice just increases the chances we might
loose a race as it shows and validates live replication data.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andrew Bartlett [Sat, 4 Sep 2021 00:28:20 +0000 (12:28 +1200)]
selftest: Split up targets for samba_tool_drs from samba_tool_drs_showrepl
These now run in the disconnected sets schema_dc/schema_pair_dc and
ad_dc/vampire_dc/promoted_dc. By aiming at different sets ofservers
we can't cause cross-contamination in terms of which servers are
listed as outbound connections.
Also, by running the tests only once we reduce the chaces of trouble
by half.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Joseph Sutton [Wed, 28 Apr 2021 04:48:55 +0000 (16:48 +1200)]
Fix Python docstrings
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Sep 4 00:55:32 UTC 2021 on sn-devel-184
Joseph Sutton [Mon, 10 May 2021 23:21:21 +0000 (11:21 +1200)]
python: Fix usage strings
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Joseph Sutton [Wed, 14 Jul 2021 04:06:31 +0000 (16:06 +1200)]
libcli/smb: Don't call memcpy() with a NULL pointer
Doing so is undefined behaviour.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Joseph Sutton [Thu, 2 Sep 2021 05:14:44 +0000 (17:14 +1200)]
s4/dnsserver: Fix NULL check
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Joseph Sutton [Wed, 14 Jul 2021 04:09:01 +0000 (16:09 +1200)]
s4/dnsserver: Don't call memcpy() with a NULL pointer
Doing so is undefined behaviour.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Joseph Sutton [Wed, 14 Jul 2021 04:10:09 +0000 (16:10 +1200)]
dsdb/samdb/ldb_modules: Use correct member of union
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Wed, 25 Aug 2021 13:34:58 +0000 (15:34 +0200)]
third_party: Update waf to version 2.0.22
New in waf 2.0.22
* Fix stdin propagation with faulty vcvarsall scripts #2315
* Enable mixing Unix-style paths with destdir on Windows platforms #2337
* Fix shell escaping unit test parameters #2314
* Improve extras/clang_compilation_database and extras/swig compatibility #2336
* Propagate C++ flags to the Cuda compiler in extras/cuda #2311
* Fix detection of Qt 5.0.0 (preparation for Qt6) #2331
* Enable Haxe processing #2308
* Fix regression in MACOSX_DEPLOYMENT_TARGET caused by distutils #2330
* Fix extras/wafcache concurrent trimming issues #2312
* Fix extras/wafcache symlink handling #2327
The import was done like this:
./third_party/waf/update.sh
Then changing buildtools/bin/waf and buildtools/wafsamba/wafsamba.py
by hand.
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Sep 2 21:22:17 UTC 2021 on sn-devel-184
Andreas Schneider [Thu, 26 Aug 2021 12:52:14 +0000 (14:52 +0200)]
third_party: Add a script to update waf
./third_party/waf/update.sh
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Ralph Boehme [Fri, 20 Aug 2021 13:04:49 +0000 (15:04 +0200)]
winbind: ensure wb_parent_idmap_setup_send() gets called in winbindd_allocate_uid_send()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14804
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Sep 2 15:20:06 UTC 2021 on sn-devel-184
Ralph Boehme [Tue, 31 Aug 2021 15:04:56 +0000 (17:04 +0200)]
winbindd: call wb_parent_idmap_setup_send() in wb_queryuser_send()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14804
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Andrew Bartlett [Tue, 31 Aug 2021 10:38:01 +0000 (22:38 +1200)]
tests/krb5: Allow KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN for a missing sname
This allows our code to still pass with the error code that
MIT and Heimdal have chosen
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14770
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Sep 2 14:28:31 UTC 2021 on sn-devel-184
Luke Howard [Tue, 31 Aug 2021 05:38:16 +0000 (17:38 +1200)]
kdc: KRB5KDC_ERR_{C,S}_PRINCIPAL_UNKNOWN if missing field
If missing cname or sname in AS-REQ, return KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN and
KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN. This matches MIT behaviour.
[abartlet@samba.org Backported from Heimdal commit
892a1ffcaad98157e945c540b81f65edb14d29bd
and knownfail added]
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14770
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Joseph Sutton [Tue, 31 Aug 2021 07:42:33 +0000 (19:42 +1200)]
tests/krb5: Allow expected_error_mode to be a container type
This allows a range of possible error codes to be checked against, for
cases when the particular error code returned is not so important.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14770
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Joseph Sutton [Fri, 27 Aug 2021 01:37:16 +0000 (13:37 +1200)]
tests/krb5: Add tests for omitting sname in inner request
Note: the test 'test_fast_tgs_inner_no_sname' crashes the MIT KDC.
This is fixed in MIT Krb5 commit
d775c95af7606a51bf79547a94fa52ddd1cb7f49
and was given CVE-2021-37750
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14770
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Joseph Sutton [Fri, 27 Aug 2021 01:26:45 +0000 (13:26 +1200)]
tests/krb5: Allow specifying parameters specific to the inner FAST request body
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14770
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Joseph Sutton [Fri, 27 Aug 2021 01:02:04 +0000 (13:02 +1200)]
tests/krb5: Add tests for omitting sname in request
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14770
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Joseph Sutton [Fri, 27 Aug 2021 01:00:37 +0000 (13:00 +1200)]
tests/krb5: Check PADATA-PW-SALT element in e-data
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14770
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Joseph Sutton [Fri, 27 Aug 2021 01:00:21 +0000 (13:00 +1200)]
tests/krb5: Check e-data element for TGS-REP errors without FAST
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14770
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Andrew Bartlett [Tue, 31 Aug 2021 22:43:06 +0000 (10:43 +1200)]
tests/krb5: Remove harmful and a-typical return in as_req testcase
A test in a TestCase class should not return a value, the
test is determined by the assertions raised.
Other changes will shortly cause kdc_exchange_dict[preauth_etype_info2]
to not always be filled, so we need to remove this
rudundent code.
This also fixes a *lot* of tests against the MIT KDC
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14770
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Joseph Sutton [Thu, 29 Jul 2021 00:25:06 +0000 (12:25 +1200)]
CVE-2021-3671 tests/krb5: Add tests for omitting sname in outer request
Note: Without the previous patch, 'test_fast_tgs_outer_no_sname' would
crash the Heimdal KDC.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14770
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Luke Howard [Fri, 27 Aug 2021 01:42:48 +0000 (11:42 +1000)]
CVE-2021-3671 HEIMDAL kdc: validate sname in TGS-REQ
In tgs_build_reply(), validate the server name in the TGS-REQ is present before
dereferencing.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14770
[abartlet@samba.org backported from from Heimdal
commit
04171147948d0a3636bc6374181926f0fb2ec83a via reference
to an earlier patch by Joseph Sutton]
RN: An unuthenticated user can crash the AD DC KDC by omitting the server name in a TGS-REQ
Reviewed-by: Andreas Schneider <asn@samba.org>
Joseph Sutton [Thu, 29 Jul 2021 04:52:29 +0000 (16:52 +1200)]
tests/krb5: Add test for sending PA-ENCRYPTED-CHALLENGE without FAST
Note: This test crashed the MIT KDC prior to MIT commit
fc98f520caefff2e5ee9a0026fdf5109944b3562 which was given
CVE-2021-36222.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14770
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Joseph Sutton [Wed, 1 Sep 2021 02:43:53 +0000 (14:43 +1200)]
tests/krb5: Make cname checking less strict
Without this additional 'self.strict_checking' check, the tests in the
following patches do not get far enough to trigger a crash with the MIT
KDC.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Joseph Sutton [Fri, 27 Aug 2021 01:35:59 +0000 (13:35 +1200)]
tests/krb5: Make e-data checking less strict
Without this additional 'self.strict_checking' check, the tests in the
following patches do not get far enough to trigger a crash with the MIT
KDC, instead failing when obtaining a TGT for the user or machine.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14770
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Andrew Bartlett [Wed, 1 Sep 2021 08:53:45 +0000 (20:53 +1200)]
Update common on currently supported Fedora versions
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Andrew Bartlett [Wed, 1 Sep 2021 08:55:40 +0000 (20:55 +1200)]
bootstrap: SAMBA_CI_CONTAINER_TAG is now in .gitlab-ci-main.yml
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Andrew Bartlett [Wed, 1 Sep 2021 08:45:03 +0000 (20:45 +1200)]
bootstrap: Update to get newer krb5 on Fedora 34
We need the update FEDORA-2021-
20b495cb94 (krb5) to
get a fix for CVE-2021-37750 (explicit NULL deref on KDC)
so our CI will pass as we have a test for this.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Andrew Bartlett [Tue, 31 Aug 2021 21:40:08 +0000 (09:40 +1200)]
script/autobuild.py: Restore MIT ADDC tests against fl2008*
Commit
7387da74e6f0e33de5f80b9a5e59f268541f52cd incorrectly
ran the fl2000dc and fl2003dc tests twice, rather than the
fl2008dc and fl2008r2dc tests in samba-ad-dc-4b-mitkrb5.
(Now ad-dc-mit-4b)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14815
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Thu Sep 2 05:56:12 UTC 2021 on sn-devel-184
Andrew Bartlett [Mon, 30 Aug 2021 02:54:39 +0000 (14:54 +1200)]
selftest: Replace internal loop in test_uac_bits_set() using @DynamicTestClass
This generates a single test per bit which is easier to
debug. Elsewhere we use this pattern where we want to
be able to put some cases in a knownfail, which is otherwise
not possible.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Mon, 30 Aug 2021 02:51:27 +0000 (14:51 +1200)]
selftest: Replace internal loop in test_uac_bits_add() using @DynamicTestClass
This generates a single test per bit which is easier to
debug. Elsewhere we use this pattern where we want to
be able to put some cases in a knownfail, which is otherwise
not possible.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Mon, 30 Aug 2021 02:37:06 +0000 (14:37 +1200)]
selftest: Use @DynamicTestCase in user_account_control test_uac_bits_unrelated_modify()
This is a nice easy example of how the test generation
code works, and it combined nicely with the earlier
patch to return string names from the UF_ constants.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Mon, 30 Aug 2021 01:03:15 +0000 (13:03 +1200)]
pydsdb: Add API to return strings of known UF_ flags
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Sun, 29 Aug 2021 22:10:56 +0000 (10:10 +1200)]
selftest: Use addCleanup rather than tearDown in user_account_control.py
self.addCleanup() is called regardless of the test failure or error status
and so is more reliable, particularly during development.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Sun, 29 Aug 2021 22:07:31 +0000 (10:07 +1200)]
selftest: Modernise user_account_control.py tests use a common self.OU
We set and use a single self.OU to ensure consistancy and
reduce string duplication.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Bjoern Jacke [Tue, 17 Aug 2021 11:39:24 +0000 (11:39 +0000)]
util_sock: fix assignment of sa_socklen
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14800
Autobuild-User(master): Björn Jacke <bjacke@samba.org>
Autobuild-Date(master): Tue Aug 31 09:54:35 UTC 2021 on sn-devel-184
Andrew Bartlett [Thu, 26 Aug 2021 04:30:37 +0000 (16:30 +1200)]
selftest: Remove skip of samba4.rpc.unixinfo
This test, and the rpcclient getwpuid call on a "real" system
with nss_winbind (under docker in my test) also works fine.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14691
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Aug 31 00:12:53 UTC 2021 on sn-devel-184
David Mulder [Wed, 25 Aug 2021 19:05:28 +0000 (13:05 -0600)]
gpo: Add Group Policy Firefox Extension
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Aug 30 21:57:09 UTC 2021 on sn-devel-184
David Mulder [Wed, 25 Aug 2021 19:04:47 +0000 (13:04 -0600)]
gpo: Test Group Policy Firefox Extension
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 5 Aug 2021 10:08:00 +0000 (12:08 +0200)]
vfs_gpfs: deal with pathrefs fsps in smbd_gpfs_set_times()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14771
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Aug 26 20:08:51 UTC 2021 on sn-devel-184
Ralph Boehme [Thu, 5 Aug 2021 10:05:16 +0000 (12:05 +0200)]
lib/gpfswrap: add gpfs_set_times_path() wrapper
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14771
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
Ralph Boehme [Fri, 13 Aug 2021 09:55:16 +0000 (11:55 +0200)]
vfs_gpfs: remove ENOSYS fallback from vfs_gpfs_fntimes()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14771
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
Ralph Boehme [Thu, 5 Aug 2021 09:58:58 +0000 (11:58 +0200)]
vfs_gpfs: pass fsp to smbd_gpfs_set_times()
No change in behaviour. Prepares for dealing with pathref fsps in
smbd_gpfs_set_times().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14771
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
Ralph Boehme [Thu, 5 Aug 2021 09:55:30 +0000 (11:55 +0200)]
vfs_gpfs: deal with pathref fsps in vfs_gpfs_fntimes()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14771
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
Ralph Boehme [Thu, 1 Jul 2021 14:08:02 +0000 (16:08 +0200)]
vfs_gpfs: add sys_proc_fd_path() fallback to vfs_gpfs_fset_dos_attributes()
gpfs_set_winattrs() is a modifying operation, my expectation thus is that it is
not allowed on pathref (O_PATH) handles even though a recent Linux kernel commit
44a3b87444058b2cb055092cdebc63858707bf66 allowed calling utimensat() on pathref
handles.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14771
RN: Some VFS operations on pathref (O_PATH) handles fail on GPFS
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
Ralph Boehme [Fri, 13 Aug 2021 09:39:05 +0000 (11:39 +0200)]
vfs_gpfs: remove ENOSYS fallback from vfs_gpfs_fset_dos_attributes()
This API call has existed for a long time, so we can safely assume that this
always works.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14771
Pair-Programmed-With: Christof Schmitt <cs@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Christof Schmitt <cs@samba.org>
Ralph Boehme [Thu, 29 Jul 2021 17:28:14 +0000 (19:28 +0200)]
vfs_gpfs: add path based fallback for gpfswrap_fstat_x() on pathref handles
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14771
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
Ralph Boehme [Thu, 29 Jul 2021 13:53:04 +0000 (15:53 +0200)]
vfs_gpfs: check for O_PATH support in gpfswrap_fstat_x()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14771
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
Ralph Boehme [Fri, 6 Aug 2021 10:05:44 +0000 (12:05 +0200)]
vfs_gpfs: make vfs_gpfs_connect() a no-op on IPC shares
We don't ever expect any filesystem IO operations to be called on an IPC shares,
so there's no need to initialize the module here.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14771
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
Stefan Metzmacher [Wed, 11 Aug 2021 14:23:24 +0000 (16:23 +0200)]
vfs_gpfs: don't check for struct gpfs_config_data in vfs_gpfs_[l]stat()
This is unused and the config object won't be avilable for IPC$ anymore with the
next commit.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14771
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
Ralph Boehme [Fri, 6 Aug 2021 10:03:38 +0000 (12:03 +0200)]
vfs_gpfs: call SMB_VFS_NEXT_CONNECT() before running some module initialization code
No change in behaviour. Prepares for a subsequent commit that checks for IPC shares.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14771
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
Ralph Boehme [Fri, 30 Jul 2021 13:17:44 +0000 (15:17 +0200)]
smbd: avoid calling creating a pathref in smb_set_file_dosmode()
We already have a fsp with a valid fsp->base_fsp if it's a stream.
Also remove the struct smb_filename arg, it's not needed, the only caller
already checks for a valid fsp.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14771
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
Stefan Metzmacher [Wed, 25 Aug 2021 14:33:03 +0000 (16:33 +0200)]
wafsamba: always generate compile_commands.json again, but only when the samba dependencies changed
This means the costs of the generation on a empty build are not paid
anymore, which was the reason for the explicit --enable-clangdb option.
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Aug 26 13:06:09 UTC 2021 on sn-devel-184
Andrew Bartlett [Mon, 16 Aug 2021 02:46:31 +0000 (14:46 +1200)]
mit-kdc: Remove build time support for KDB_API < 10
The previous commits restricted to MIT KDC build to MIT 1.19 and this removes the
#ifdef in the code of what will become untested code.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Aug 26 07:05:44 UTC 2021 on sn-devel-184
Andrew Bartlett [Mon, 16 Aug 2021 02:25:54 +0000 (14:25 +1200)]
build: Move minimum MIT krb5 version to 1.19 to align with what is tested
This avoid shipping untested code and aligns with the version
used in GitLab CI for all the MIT builds.
The "bronze bit" (CVE-2020-17049) security fixes will need
a new MIT KDB version in any case, this prepares the ground
by removing the older version support.
(knownfail_mit_kdc updates taken from a patch by
Andreas Schneider <asn@samba.org> that did this optionally)
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Andrew Bartlett [Mon, 16 Aug 2021 01:53:58 +0000 (13:53 +1200)]
autobuild.py: Do not build MIT builds by default (eg sn-devel)
This avoids the need for MIT KDC tests and the MIT KDC glue code to
operate against the older MIT 1.16 found on Ubuntu 18.04, which
is our current build environment.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Andrew Bartlett [Mon, 16 Aug 2021 01:52:04 +0000 (13:52 +1200)]
gitlab-ci: Move MIT builds to current Fedora so we can test against a current MIT KDC
Fedora packages current MIT builds pretty fast so we base our
MIT KDC tests there, as this avoids backporting and tests against
the most current code.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Andrew Bartlett [Wed, 18 Aug 2021 02:59:47 +0000 (14:59 +1200)]
gitlab-ci/autobuild: Add new build confirming behaviour on older MIT Kerberos
Because the MIT KDC builds are moving to current MIT and out of the default autobuild
this ensures that on our default host, which is closer to what most of our
users operate, Samba still works with Kerberos.
This uses the ktest environment that does not require the KDC to exist
and instead uses a static ccache and keytab.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Andrew Bartlett [Mon, 16 Aug 2021 01:40:39 +0000 (13:40 +1200)]
autobuild.py: Explain why each job is removed from the default set
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Jeremy Allison [Wed, 25 Aug 2021 16:57:05 +0000 (09:57 -0700)]
s4: ntvfs: Missed comma in
24c09f913d82528ada14013e3d673d277cf04a93, string would be concatenated.
Sorry for the mistake, I missed that in the review.
Caught by Coverity.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Björn Jacke <bjacke@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Aug 25 18:02:05 UTC 2021 on sn-devel-184
Jeremy Allison [Tue, 24 Aug 2021 00:42:40 +0000 (17:42 -0700)]
s3: smbd: In create_conn_struct_cwd(), don't TALLOC_FREE() an unallocated pointer on error.
Just return the status - if create_conn_struct_as_root() fails
the connection struct never gets returned.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14809
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Aug 25 17:09:23 UTC 2021 on sn-devel-184
Jeremy Allison [Tue, 24 Aug 2021 00:40:42 +0000 (17:40 -0700)]
s3: mdssvc: Correctly disconnect the VFS connection inside the mds_ctx destructor.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14809
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Björn Jacke [Mon, 28 Jun 2021 15:00:54 +0000 (17:00 +0200)]
mangle_hash2: remove LOCK$ from list of reserved names
see also:
https://docs.microsoft.com/en-us/windows/win32/fileio/naming-a-file?redirectedfrom=MSDN
BUG: https://bugzilla.samba.org/show_bug.cgi?id=8776
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Aug 24 19:26:59 UTC 2021 on sn-devel-184
Björn Jacke [Mon, 28 Jun 2021 14:56:18 +0000 (16:56 +0200)]
mangle_hash2: add missing COM/LPT ports that are also reserved names
see also:
https://docs.microsoft.com/en-us/windows/win32/fileio/naming-a-file?redirectedfrom=MSDN
BUG: https://bugzilla.samba.org/show_bug.cgi?id=8776
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Björn Jacke [Mon, 28 Jun 2021 14:55:04 +0000 (16:55 +0200)]
ntvfs: add missing COM/LPT ports that are also reserved names
see also:
https://docs.microsoft.com/en-us/windows/win32/fileio/naming-a-file?redirectedfrom=MSDN
BUG: https://bugzilla.samba.org/show_bug.cgi?id=8776
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sat, 12 Jun 2021 08:03:16 +0000 (10:03 +0200)]
rpcclient: Add unixinfo commands
The unixinfo pipe might go away in the future, but right now we have
it around. This code is simple and can go away again when unixinfo
dies.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Aug 24 18:22:56 UTC 2021 on sn-devel-184
Volker Lendecke [Sat, 19 Jun 2021 15:05:39 +0000 (17:05 +0200)]
winbindd: NULL-initialize a pointer
Patches from the dcerpc patchset will create warnings out of this not
being initialized.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 6 Aug 2021 12:03:55 +0000 (14:03 +0200)]
rpc_client: Align cli_api_pipe_send() with tevent_req() conventions
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 6 Aug 2021 12:05:30 +0000 (14:05 +0200)]
rpc_client: Use tevent_req_nterror() properly in cli_api_pipe
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 3 Aug 2021 10:13:13 +0000 (12:13 +0200)]
rpc_client: Make rpc_pipe_open_tcp() static
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 3 Aug 2021 07:37:12 +0000 (09:37 +0200)]
torture: Remove rpc_open_tcp test program
Its initial commit in 2008 stated that it still needs to be integrated
into the test suite. As far as I can see, this never happened.
Why remove it? Without this we can make rpc_open_tcp() static for
easier refactoring.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 6 Aug 2021 10:11:32 +0000 (12:11 +0200)]
rpc_client: Simplify get_complete_frag_send()
tevent_req_oom() and tevent_req_nomem() instead of explicit
NT_STATUS_NO_MEMORY; do an early return if done.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 6 Aug 2021 10:12:31 +0000 (12:12 +0200)]
rpc_client: Simplify get_complete_frag_got_header()
tevent_req_nterror() returns a bool, no separate check required
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 6 Aug 2021 10:12:58 +0000 (12:12 +0200)]
rpc_client: Simplify get_complete_frag_got_header()
Use tevent_req_oom()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 6 Aug 2021 10:14:23 +0000 (12:14 +0200)]
rpc_client: Simplify get_complete_frag_got_rest()
tevent_req_simple_finish_ntstatus() is made precisely for this simple
case where we just pass on a subreq's NTSTATUS
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 6 Aug 2021 12:16:22 +0000 (14:16 +0200)]
rpc_client: Simplify rpc_api_pipe_auth3_done()
Use tevent_req_simple_finish_ntstatus()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 6 Aug 2021 12:18:26 +0000 (14:18 +0200)]
rpc_client: Avoid casts
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 6 Aug 2021 12:21:23 +0000 (14:21 +0200)]
rpc_client: Use tevent_req_nterror() properly
Signed-off-by: Volker Lendecke <vl@samba.org>
Volker Lendecke [Fri, 6 Aug 2021 12:22:47 +0000 (14:22 +0200)]
rpc_client: Simplify rpccli_bh_disconnect_recv()
Use tevent_req_simple_recv_ntstatus()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sun, 25 Jul 2021 13:55:46 +0000 (15:55 +0200)]
winbind: Remove an unused include
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sat, 7 Aug 2021 08:26:03 +0000 (10:26 +0200)]
rpc_client: Adapt rpc_write_send() to tevent_req conventions
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 10 Aug 2021 13:56:57 +0000 (15:56 +0200)]
rpc_client: Adapt rpc_api_pipe_send() to recent coding conventions
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 10 Aug 2021 14:12:19 +0000 (16:12 +0200)]
rpc_client: Use ndr_syntax_id_equal() in check_bind_response()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 10 Aug 2021 14:13:09 +0000 (16:13 +0200)]
rpc_client: Use struct init/assignment
Don't leave structures/unions partially uninitialized
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 13 Aug 2021 13:51:07 +0000 (15:51 +0200)]
rpc_client: Adapt rpc_pipe_bind_send() to talloc_req conventions
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 13 Aug 2021 14:05:00 +0000 (16:05 +0200)]
rpc_client: Avoid ZERO_STRUCTP in prepare_verification_trailer()
Direct struct assignments are easier to read for me, but YMMV.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 13 Aug 2021 14:15:16 +0000 (16:15 +0200)]
rpc_client: Adapt rpc_api_pipe_req_send() to talloc_req conventions
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 17 Aug 2021 05:42:48 +0000 (07:42 +0200)]
rpc_client: Slightly simplify rpc_api_pipe_req_send()
tevent_req_create() zero-initializes "state"
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 17 Aug 2021 05:49:27 +0000 (07:49 +0200)]
rpc_client: Early TALLOC_FREE() in prepare_verification_trailer()
We don't need "t" from here on anymore
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>