Volker Lendecke [Fri, 3 Jan 2020 13:04:02 +0000 (14:04 +0100)]
auth: Check for talloc failure in smb_sess_key_ntlmv2()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Volker Lendecke [Fri, 3 Jan 2020 13:10:00 +0000 (14:10 +0100)]
auth: Slightly simplify smb_pwd_check_ntlmv1()
Do an early return for the failure case
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Volker Lendecke [Fri, 3 Jan 2020 13:04:02 +0000 (14:04 +0100)]
auth: Check for talloc failure in smb_pwd_check_ntlmv1()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Volker Lendecke [Fri, 3 Jan 2020 13:10:00 +0000 (14:10 +0100)]
auth: Slightly simplify smb_pwd_check_ntlmv2()
Do an early return for the failure case
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Volker Lendecke [Fri, 3 Jan 2020 13:04:02 +0000 (14:04 +0100)]
auth: Check for talloc failure in smb_pwd_check_ntlmv2()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Volker Lendecke [Fri, 3 Jan 2020 12:47:14 +0000 (13:47 +0100)]
auth: Remove the "typedef auth_methods"
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Volker Lendecke [Fri, 3 Jan 2020 11:42:03 +0000 (12:42 +0100)]
winbind: Fix CID
1456624 Uninitialized scalar variable
Coverity does not get that for (rc!=0) gnutls_error_to_ntstatus()
never returns NT_STATUS_OK
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Volker Lendecke [Thu, 2 Jan 2020 14:02:44 +0000 (15:02 +0100)]
auth3: Avoid a casts in auth3_check_password()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Volker Lendecke [Fri, 3 Jan 2020 11:51:04 +0000 (12:51 +0100)]
auth3: Simplify auth_get_ntlm_challenge()
Use generate_random_buffer() directly on the talloc'ed buffer
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Volker Lendecke [Thu, 2 Jan 2020 11:41:16 +0000 (12:41 +0100)]
auth3: Check for talloc failure
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Volker Lendecke [Fri, 3 Jan 2020 11:28:49 +0000 (12:28 +0100)]
tests: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Björn Jacke [Fri, 3 Jan 2020 14:29:34 +0000 (15:29 +0100)]
python/loadparm: check for AD DC required VFS modules
same as the previous commit, just for python's testparm code
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10560
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): Björn Jacke <bjacke@samba.org>
Autobuild-Date(master): Fri Jan 3 22:19:47 UTC 2020 on sn-devel-184
David Disseldorp [Fri, 3 Jan 2020 13:31:28 +0000 (14:31 +0100)]
loadparm: check for AD DC required VFS modules
When Samba is running as a domain controller and the "vfs objects"
parameter is not set, then the dfs_samba4 and acl_xattr modules are
automatically enabled.
However, if the "vfs objects" is defined, then the setting is left
as-is. This means that attempts to us other VFS modules have the side
effect of disabling the dfs_samba4 and acl_xattr modules, causing
unexpected behaviour, which is then blamed on the VFS modules that were
explicitly defined.
This change ensures that when running as a domain controller, Samba logs
an error if the required VFS modules are not enabled by an explicit
"vfs objects" definition.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10560
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Björn Jacke <bjacke@samba.org>
Volker Lendecke [Sun, 22 Dec 2019 17:20:12 +0000 (18:20 +0100)]
smbd: Remove an unused parameter from defer_open()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Fri Jan 3 01:30:24 UTC 2020 on sn-devel-184
Volker Lendecke [Mon, 16 Dec 2019 15:47:38 +0000 (16:47 +0100)]
smbd: Avoid a "? True : False"
VALID_STAT() already is a boolean expression
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Volker Lendecke [Sat, 7 Dec 2019 13:13:04 +0000 (14:13 +0100)]
lsasd: Align integer types
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Volker Lendecke [Sun, 1 Dec 2019 15:21:12 +0000 (16:21 +0100)]
dsdb: Align integer types
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Volker Lendecke [Sun, 1 Dec 2019 15:10:18 +0000 (16:10 +0100)]
audit_log: Align integer types
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Volker Lendecke [Mon, 30 Dec 2019 12:56:14 +0000 (13:56 +0100)]
ntlm_auth: Fix a DEBUG message
This is not routine auth_generic_prepare
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Volker Lendecke [Thu, 2 Jan 2020 10:15:48 +0000 (11:15 +0100)]
lib: Remove an unused variable from security_token_debug()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Martin Schwenke [Thu, 28 Nov 2019 03:00:58 +0000 (14:00 +1100)]
ctdb-tests: Skip some tests that don't work with IPv6
See the comments added to the tests.
It may be possible to rewrite these so they do something sane for
IPv6... some other time.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14227
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Fri Jan 3 00:00:55 UTC 2020 on sn-devel-184
Martin Schwenke [Fri, 13 Dec 2019 00:09:04 +0000 (11:09 +1100)]
ctdb-scripts: Strip square brackets when gathering connection info
ss added square brackets around IPv6 addresses in versions > 4.12.0
via commit
aba9c23a6e1cb134840c998df14888dca469a485. CentOS 7 added
this feature somewhere mid-release. So, backward compatibility is
obviously needed.
As per the comment protocol/protocol_util.c should probably print and
parse such square brackets. However, for backward compatibility the
brackets would have to be stripped in both places in
update_tickles()... or added to the ss output when missing. Best to
leave this until we have a connection tracking daemon.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14227
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Stefan Metzmacher [Wed, 1 Jan 2020 09:05:07 +0000 (10:05 +0100)]
Happy New Year 2020!
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Jan 1 12:04:52 UTC 2020 on sn-devel-184
Volker Lendecke [Fri, 20 Dec 2019 15:20:00 +0000 (16:20 +0100)]
lib: Fix contending with a READ lock
When contending a WRITE with an existing READ, the contender puts
himself into the exclusive slot, waiting for the READers to go
away. If the async lock request is canceled before we got the lock, we
need to remove ourselves again. This is done in the destructor of the
g_lock_lock_state. In the successful case, the destructor needs to go
away.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sun Dec 22 18:57:17 UTC 2019 on sn-devel-184
Volker Lendecke [Sun, 22 Dec 2019 13:05:17 +0000 (14:05 +0100)]
torture3: Add a test that contends with a READ, not a WRITE lock
This walks different code paths in the subsequent locker. And the one
that we did not test so far is in fact buggy
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sun, 22 Dec 2019 13:01:07 +0000 (14:01 +0100)]
torture3: Parametrize lock4_child()s locktype
We'll call it twice soon
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sat, 21 Dec 2019 09:47:37 +0000 (10:47 +0100)]
torture3: Introduce "key" helper variable
Call string_term_tdb_data() once instead of three times
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
awalker [Fri, 30 Aug 2019 19:30:57 +0000 (15:30 -0400)]
vfs_zfsacl: fix issue with ACL inheritance in zfsacl
Add parameter zfsacl:map_dacl_protected to address issue preventing Windows Clients
from disabling inheritance on ACLs. FreeBSD does not currently expose the ACL_PROTECTED
NFS4.1 flag, but it does expose ACE4_INHERITED_ACE. When the parameter is enabled,
map the absence of ACE4_INHERITED_ACE to SEC_DESC_DACL_PROTECTED.
See also the discussion at
https://gitlab.com/samba-team/samba/merge_requests/719
Signed-off-by: Andrew Walker <awalker@ixsystems.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Dec 20 23:24:54 UTC 2019 on sn-devel-184
Ralph Boehme [Sat, 19 Oct 2019 13:37:45 +0000 (15:37 +0200)]
vfs_zfsacl: pass config to zfs_get_nt_acl_common()
Not used for now, that comes next.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Walker <awalker@ixsystems.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Sat, 19 Oct 2019 13:36:15 +0000 (15:36 +0200)]
vfs_zfsacl: pass nfs4_params to smb_set_nt_acl_nfs4()
Now that we parse nfs4_params in the VFS connect in this module, we can pass it
to smb_set_nt_acl_nfs4() which avoids having smb_set_nt_acl_nfs4() parse
it *every time* it's called.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Walker <awalker@ixsystems.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
awalker [Fri, 30 Aug 2019 19:17:26 +0000 (15:17 -0400)]
vfs_zfsacl: add manpage entry for zfsacl:denymissingspecial
Signed-off-by: Andrew Walker <awalker@ixsystems.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
awalker [Fri, 30 Aug 2019 19:15:37 +0000 (15:15 -0400)]
vfs_zfsacl: load parameters on connect
Convert zfsacl:denymissingspecial so that the parameter loads on connect.
Signed-off-by: Andrew Walker <awalker@ixsystems.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Mulder [Tue, 10 Dec 2019 20:49:28 +0000 (13:49 -0700)]
Convert samba4.base.rw1 test to smb2
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Ralph Böhme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Mulder [Tue, 10 Dec 2019 14:47:12 +0000 (07:47 -0700)]
Convert samba4.base.*attr tests to smb2
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Ralph Böhme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Mon, 25 Nov 2019 09:17:38 +0000 (10:17 +0100)]
s3: remove unused session_keystr from struct user_struct
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Dec 20 13:06:20 UTC 2019 on sn-devel-184
Ralph Boehme [Fri, 22 Nov 2019 17:08:56 +0000 (18:08 +0100)]
s3: remove unused macro FSP_BELONGS_CONN()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Mon, 16 Dec 2019 14:24:23 +0000 (15:24 +0100)]
s3: simplify create_conn_struct_as_root()
Now that all callers pass in a valid session_info, we can remove handling of
session_info=NULL. Add an assert(session_info != NULL) just in case... :)
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Tue, 17 Dec 2019 13:58:57 +0000 (14:58 +0100)]
pysmbd: add "session_info" arg tp py_smbd_create_file()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Tue, 17 Dec 2019 13:57:53 +0000 (14:57 +0100)]
pysmbd: add "session_info" arg to py_smbd_mkdir()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Tue, 17 Dec 2019 13:56:18 +0000 (14:56 +0100)]
pysmbd: add "session_info" arg to py_smbd_get_sys_acl()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Tue, 17 Dec 2019 13:54:40 +0000 (14:54 +0100)]
pysmbd: add "session_info" arg to py_smbd_set_sys_acl()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Tue, 17 Dec 2019 13:52:49 +0000 (14:52 +0100)]
pysmbd: make "session_info" arg to py_smbd_get_nt_acl() mandatory
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Tue, 17 Dec 2019 13:49:42 +0000 (14:49 +0100)]
pysmbd: make "session_info" arg to py_smbd_set_nt_acl() mandatory
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Tue, 17 Dec 2019 13:14:45 +0000 (14:14 +0100)]
pysmbd: add "session_info" arg to py_smbd_unlink()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Tue, 17 Dec 2019 13:14:07 +0000 (14:14 +0100)]
pysmbd: add "session_info" arg to py_smbd_chown()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Tue, 17 Dec 2019 13:13:30 +0000 (14:13 +0100)]
pysmbd: add "session_info" arg to py_smbd_set_simple_acl()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Tue, 17 Dec 2019 14:32:17 +0000 (15:32 +0100)]
python/tests: use a system session_info in posixacl.py
Previously posixacl.py passed None as session_info object from
get_session_info().
That meant that the if/else branch referring to session_info:
if nwrap_winbind_active or session_info:
self.assertEquals(posix_acl.acl[1].a_perm, 7)
else:
self.assertEquals(posix_acl.acl[1].a_perm, 6)
must be tweaked to take into account that session info is now either
* a system session_info in which case we must continue to use the if branch in
the code, or
* a user session_info in which case we must continue to go through the else
branch
Using
is_user_session = not session_info.security_token.is_system()
in place of just "session_info" does the trick.
Cf the classes SessionedPosixAclMappingTests and
UnixSessionedPosixAclMappingTests in posixacl.py, those are the ones that
trigger test execution with a user session.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Tue, 17 Dec 2019 13:58:32 +0000 (14:58 +0100)]
pysmbd: reformat py_smbd_create_file() kwnames
No change in behaviour.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Tue, 17 Dec 2019 13:57:20 +0000 (14:57 +0100)]
pysmbd: reformat py_smbd_mkdir() kwnames
No change in behaviour.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Tue, 17 Dec 2019 13:55:54 +0000 (14:55 +0100)]
pysmbd: reformat py_smbd_get_sys_acl() kwnames and PyArg_ParseTupleAndKeywords() call
No change in behaviour.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Tue, 17 Dec 2019 13:54:04 +0000 (14:54 +0100)]
pysmbd: reformat py_smbd_set_sys_acl() kwnames and PyArg_ParseTupleAndKeywords() call
No change in behaviour.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Tue, 17 Dec 2019 13:21:03 +0000 (14:21 +0100)]
pysmbd: reformat py_smbd_get_nt_acl() kwnames
No change in behaviour.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Tue, 17 Dec 2019 13:16:52 +0000 (14:16 +0100)]
pysmbd: reformat py_smbd_have_posix_acls() kwnames and PyArg_ParseTupleAndKeywords() call
No change in behaviour.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Tue, 17 Dec 2019 11:59:32 +0000 (12:59 +0100)]
pysmbd: reformat py_smbd_unlink() kwnames and PyArg_ParseTupleAndKeywords() call
No change in behaviour.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Tue, 17 Dec 2019 11:58:08 +0000 (12:58 +0100)]
pysmbd: reformat py_smbd_chown() kwnames and PyArg_ParseTupleAndKeywords() call
No change in behaviour.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Tue, 17 Dec 2019 11:54:11 +0000 (12:54 +0100)]
pysmbd: reformat py_smbd_set_simple_acl() kwnames and PyArg_ParseTupleAndKeywords() call
No change in behaviour.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Mon, 16 Dec 2019 17:00:26 +0000 (18:00 +0100)]
python: move system_session_unix to new auth_util.py
system_session_unix() will be used by many more callers soon.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Mon, 16 Dec 2019 13:42:04 +0000 (14:42 +0100)]
smbd: pass session_info to create_conn_struct_tos()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Mon, 16 Dec 2019 13:41:03 +0000 (14:41 +0100)]
s3:rpc_server: pass session_info to get_nt_acl_no_snum()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Mon, 16 Dec 2019 13:40:21 +0000 (14:40 +0100)]
s3:rpc_server: pass session_info to elog_check_access()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Fri, 13 Dec 2019 15:19:37 +0000 (16:19 +0100)]
smbd: pass session info to create_conn_struct_tos_cwd()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Fri, 13 Dec 2019 15:53:36 +0000 (16:53 +0100)]
smbd: pass session_info to form_junctions()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Fri, 13 Dec 2019 15:51:16 +0000 (16:51 +0100)]
smbd: pass session info to count_dfs_links()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Fri, 13 Dec 2019 15:31:04 +0000 (16:31 +0100)]
s3: pass session_info to enum_msdfs_links()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Fri, 13 Dec 2019 15:27:51 +0000 (16:27 +0100)]
smbd: pass session_info to junction_to_local_path_tos()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Fri, 13 Dec 2019 15:25:44 +0000 (16:25 +0100)]
s3: pass session_info to remove_msdfs_link()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Fri, 13 Dec 2019 15:23:38 +0000 (16:23 +0100)]
s3: pass session_info to create_msdfs_link()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Fri, 13 Dec 2019 15:19:03 +0000 (16:19 +0100)]
s3: pass session info to get_referred_path()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Thu, 19 Dec 2019 21:50:09 +0000 (10:50 +1300)]
librpc: Do not access name[-1] trying to push "" into a dnsp_name
This simply matches the behaviour from before
e7b1acaddf2ccc7de0301cc67f72187ab450e7b5
when the logic for a trailing . was added. This matches what is added in
the dnsRecord attribute for a name of "." over the dnsserver RPC
management interface and is based on what Windows does for that name
in (eg) an MX record.
No a security bug because we use talloc and so name will be just the
end of the talloc header.
Credit to OSS-Fuzz
Found using the fuzz_ndr_X fuzzer
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Dec 20 11:33:52 UTC 2019 on sn-devel-184
Andrew Bartlett [Thu, 19 Dec 2019 22:34:38 +0000 (11:34 +1300)]
selftest: Confirm parse of dnsProperty records
This confirms a name of "." will round-trip correctly.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Andrew Bartlett [Fri, 20 Dec 2019 03:33:54 +0000 (16:33 +1300)]
WHATSNEW: Celebrate the end of smbdes and the almost-end of in-tree AES
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Andrew Bartlett [Wed, 18 Dec 2019 22:20:30 +0000 (11:20 +1300)]
s4-smbd: Also restart prefork children lost to SIGKILL (-9)
Samba 4.10 and later versions have a process restart capability to greatly
reduce the impact of crashes due to a NULL pointer de-reference or abort().
However SIGKILL was deliberatly omitted.
Sadly this is the most likely case, due to the OOM killer, as raised here:
https://lists.samba.org/archive/samba-technical/2019-November/134529.html
Subsequent discussion (offline) has been to agree that we should restart in
this case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14221
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Andreas Schneider [Mon, 16 Dec 2019 15:45:38 +0000 (16:45 +0100)]
librpc: Add test for ndr_string_length()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Dec 20 09:01:30 UTC 2019 on sn-devel-184
Andreas Schneider [Mon, 16 Dec 2019 14:50:17 +0000 (15:50 +0100)]
librpc: Fix string length checking in ndr_pull_charset_to_null()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14219
Pair-Programmed-With: Guenther Deschner <gd@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Thu, 19 Dec 2019 03:31:46 +0000 (16:31 +1300)]
upgradedns: ensure lmdb lock files linked
Ensure that the '-lock' files for the dns partitions as well as the data
files are linked when running
samba_dnsupgrade --dns-backend=BIND9_DLZ
failure to create these links can cause corruption of the corresponding
data file.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14199
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Thu, 19 Dec 2019 03:31:24 +0000 (16:31 +1300)]
test upgradedns: ensure lmdb lock files linked
Add tests to check that the '-lock' files for the dns partitions as well as
the data files are linked when running
samba_dnsupgrade --dns-backend=BIND9_DLZ
failure to create these links can cause corruption of the corresponding
data file.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14199
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Ralph Boehme [Tue, 26 Nov 2019 08:50:48 +0000 (09:50 +0100)]
selftest: don't use NTVFS fileserver in chgdcpass
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Dec 20 07:34:42 UTC 2019 on sn-devel-184
Ralph Boehme [Tue, 26 Nov 2019 08:50:48 +0000 (09:50 +0100)]
selftest: don't use NTVFS fileserver in rodc
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Ralph Boehme [Tue, 26 Nov 2019 08:50:48 +0000 (09:50 +0100)]
selftest: don't use NTVFS fileserver in fl2008r2dc
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Ralph Boehme [Tue, 26 Nov 2019 08:50:48 +0000 (09:50 +0100)]
selftest: don't use NTVFS fileserver in fl2003dc
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Ralph Boehme [Tue, 26 Nov 2019 08:50:48 +0000 (09:50 +0100)]
selftest: don't use NTVFS fileserver in fl2000dc
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Ralph Boehme [Tue, 26 Nov 2019 08:50:48 +0000 (09:50 +0100)]
selftest: don't use NTVFS fileserver in vampire_dc
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Ralph Boehme [Tue, 26 Nov 2019 08:50:48 +0000 (09:50 +0100)]
selftest: don't use NTVFS fileserver in promoted_dc
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Ralph Boehme [Mon, 25 Nov 2019 12:03:28 +0000 (13:03 +0100)]
selftest: make fl2008dc an alias for ad_dc, not ad_dc_ntvfs
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Ralph Boehme [Mon, 25 Nov 2019 12:03:28 +0000 (13:03 +0100)]
selftest: make ad_dc_slowtests an alias for ad_dc, not ad_dc_ntvfs
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Ralph Boehme [Tue, 26 Nov 2019 12:32:04 +0000 (13:32 +0100)]
selftest: make ad_dc_default an alias for ad_dc, not ad_dc_ntvfs
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Ralph Boehme [Mon, 25 Nov 2019 16:43:37 +0000 (17:43 +0100)]
selftest: run samba.tests.samba_tool.user against ad_dc_ntvfs:local explicitly
No change in behaviour.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Ralph Boehme [Mon, 25 Nov 2019 15:52:41 +0000 (16:52 +0100)]
selftest: run samba.ldap.referrals against ad_dc_ntvfs explicitly
No change in behaviour.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Ralph Boehme [Mon, 25 Nov 2019 15:52:29 +0000 (16:52 +0100)]
selftest: run samba4.ldap.dipython against ad_dc_ntvfs explicitly
No change in behaviour.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Ralph Boehme [Mon, 25 Nov 2019 15:49:34 +0000 (16:49 +0100)]
selftest: run samba.tests.dcerpc.srvsvc against ad_dc_ntvfs explicitly
No change in behaviour.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Ralph Boehme [Mon, 25 Nov 2019 15:14:49 +0000 (16:14 +0100)]
selftest: run rpc.srvsvc and rpc.mgmt against ad_dc_ntvfs explicitly
No change in behaviour.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Ralph Boehme [Tue, 26 Nov 2019 12:39:31 +0000 (13:39 +0100)]
selftest: hardcode ad_dc_ntvfs for the rpc.netlogon testsuite
The rpc.netlogon testsuite has a test that verifies LSA over netlogon which is
only enabled in the ad_dc_ntvfs env.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Ralph Boehme [Tue, 26 Nov 2019 12:35:29 +0000 (13:35 +0100)]
selftest: make testenv name logic more flexible for the rpc testcases
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Ralph Boehme [Mon, 25 Nov 2019 13:17:50 +0000 (14:17 +0100)]
selftest: use ad_dc_ntvfs env instead of ad_dc_default for samba4.ldb.ldaps
ad_dc_default is currently an alias for ad_dc_ntvfs, so this is currently no
change in behaviour, but this is going to change.
As the ad_dc_ntvfs env specifies "ldap server require strong auth =
allow_sasl_over_tls" and this is needed for the test, we have to let the test
use the ad_dc_ntvfs env explicitly.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Andreas Schneider [Mon, 25 Nov 2019 10:11:13 +0000 (11:11 +0100)]
libsmbclient: If over SMB1 first try to do a posix stat on the file.
Disable in future, if server doesn't support this.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14101
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Dec 19 15:44:25 UTC 2019 on sn-devel-184
Andreas Schneider [Mon, 25 Nov 2019 10:10:49 +0000 (11:10 +0100)]
s3:libsmb: Add a setup_stat_from_stat_ex() function
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14101
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Mon, 25 Nov 2019 10:09:52 +0000 (11:09 +0100)]
s3:libsmb: Return a 'struct stat' buffer for SMBC_getatr()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14101
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Mon, 25 Nov 2019 10:06:57 +0000 (11:06 +0100)]
s3:libsmb: Add try_posixinfo to SMBSRV struct. Only enable for SMB1 with UNIX for now.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14101
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Wed, 18 Dec 2019 12:27:26 +0000 (13:27 +0100)]
s3:libsmb: Generate the inode only based on the path component
Currently we use the full smb url which includes also username and
password.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14101
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Tue, 26 Nov 2019 07:21:27 +0000 (08:21 +0100)]
s3:script: Try to fix a Perl warning
Scalar value @ENV{"BASH_ENV"} better written as $ENV{"BASH_ENV"} at
/tmp/samba-testbase/b23/samba-ad-dc-1/source3/script/tests/printing/modprinter.pl
line 134.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>