Volker Lendecke [Sat, 11 Apr 2020 17:54:11 +0000 (19:54 +0200)]
utils: Convert smbtree to use libsmbclient
We have the domain browsing functionality in libsmbclient, don't
duplicate it in smbtree with special code. Not too much gain in lines
of code, but the new code is much more regular and reuses
functionality provided elsewhere.
This removes the "-b" option from smbtree, libsmbclient always does
that.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sat, 11 Apr 2020 17:03:39 +0000 (19:03 +0200)]
smbtree: Add "fail:" target, more failure paths with follow
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 13 Apr 2020 07:23:45 +0000 (09:23 +0200)]
libsmb: Slightly simplify get_ipc_connect()
No else required with an early return
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sat, 11 Apr 2020 16:13:52 +0000 (18:13 +0200)]
pidl: Align integer types in scompat files
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 16 Apr 2020 12:38:34 +0000 (14:38 +0200)]
ctdb: Fix a memleak
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14348
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Fri Apr 17 08:32:35 UTC 2020 on sn-devel-184
Jeremy Allison [Wed, 15 Apr 2020 19:07:57 +0000 (12:07 -0700)]
s4: torture: SMB2. Fix smb2.winattr to actually read the SD from the server and check it.
We need READ_CONTROL, and actually have to ask for
the OWNER|GROUP|DACL bits if we're going to properly
check the SD.
Tested against Windows 10.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Apr 16 20:42:58 UTC 2020 on sn-devel-184
Jeremy Allison [Wed, 15 Apr 2020 20:33:43 +0000 (13:33 -0700)]
s3: smbd: Ensure we don't try and read the on-disk security descriptor if no bits are requested.
The sdread test just added shows that a client
can open with READ_ATTRIBUTES and still issue
a query security descriptor. smbd passed that
test as it read the on-disk sd, but then threw
the information away and returned the NULL sd
the client expects.
Make sure that we don't try and read the on-disk
sd if the client doesn't request any bits.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Wed, 15 Apr 2020 18:59:17 +0000 (11:59 -0700)]
s4: torture: SMB2. Add a new test that exposes interesting SD query behavior.
If we open a file without READ_CONTROL, requesting a security
descriptor fails with ACCESS_DENIED if any of the requested
bits OWNER|GROUP|DACL are set.
However, if we send zero as the requested bits then a
security descriptor is returned containing no data,
even though reading an SD should fail based on the
access permissions we have on the handle.
This has been tested against Windows 10, and also
passes on Samba - although in smbd we actually
read the SD off disk first, before nulling out
all the data we read. We shouldn't (we have
no rights to do so) and a subsequent commit
will fix this.
This was discovered when investigating the
smb2.winattr test, which currently relies
on exactly this behavior. It shouldn't
and the next commit will fix that.
I wanted to preserve the current smb2.winattr
behavior in a test though.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Christof Schmitt [Wed, 15 Apr 2020 21:56:03 +0000 (14:56 -0700)]
docs: Update smbclient manpage that four digit years are also allowed
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Christof Schmitt <cs@samba.org>
Autobuild-Date(master): Thu Apr 16 19:06:32 UTC 2020 on sn-devel-184
Christof Schmitt [Wed, 15 Apr 2020 21:53:08 +0000 (14:53 -0700)]
test_smbclient_s3: Test four-digit year in smbclient utimes
Modify the test to also set the create_time, and specify the year with
using four digits to test the new codepath.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Christof Schmitt [Tue, 14 Apr 2020 23:40:55 +0000 (16:40 -0700)]
smbclient: Also allow four digit years in utimes command
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Christof Schmitt [Tue, 14 Apr 2020 23:38:03 +0000 (16:38 -0700)]
smbclient: Remove one level of indentation for the utimes command
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Noel Power [Tue, 14 Apr 2020 10:21:22 +0000 (11:21 +0100)]
s3/librpc/crypto: Fix double free with unresolved credential cache
We free gse_ctx->k5ctx but then free it again in the
talloc dtor. This patch just lets the talloc dtor handle
things and removes the extra krb5_free_context
Failed to resolve credential cache 'DIR:/run/user/1000/krb5cc'! (No credentials cache found)
==30762== Invalid read of size 8
==30762== at 0x108100F4: k5_os_free_context (in /usr/lib64/libkrb5.so.3.3)
==30762== by 0x107EA661: krb5_free_context (in /usr/lib64/libkrb5.so.3.3)
==30762== by 0x7945D2E: gse_context_destructor (gse.c:84)
==30762== by 0x645FB49: _tc_free_internal (talloc.c:1157)
==30762== by 0x645FEC5: _talloc_free_internal (talloc.c:1247)
==30762== by 0x646118D: _talloc_free (talloc.c:1789)
==30762== by 0x79462E4: gse_context_init (gse.c:241)
==30762== by 0x794636E: gse_init_client (gse.c:268)
==30762== by 0x7947602: gensec_gse_client_start (gse.c:786)
==30762== by 0xBC87A3A: gensec_start_mech (gensec_start.c:743)
==30762== by 0xBC87BC6: gensec_start_mech_by_ops (gensec_start.c:774)
==30762== by 0xBC8167F: gensec_spnego_client_negTokenInit_step (spnego.c:633)
==30762== Address 0x17259928 is 40 bytes inside a block of size 496 free'd
==30762== at 0x4C2F50B: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==30762== by 0x79462CA: gse_context_init (gse.c:238)
==30762== by 0x794636E: gse_init_client (gse.c:268)
==30762== by 0x7947602: gensec_gse_client_start (gse.c:786)
==30762== by 0xBC87A3A: gensec_start_mech (gensec_start.c:743)
==30762== by 0xBC87BC6: gensec_start_mech_by_ops (gensec_start.c:774)
==30762== by 0xBC8167F: gensec_spnego_client_negTokenInit_step (spnego.c:633)
==30762== by 0xBC813E2: gensec_spnego_client_negTokenInit_start (spnego.c:537)
==30762== by 0xBC84084: gensec_spnego_update_pre (spnego.c:1943)
==30762== by 0xBC83AE5: gensec_spnego_update_send (spnego.c:1741)
==30762== by 0xBC85622: gensec_update_send (gensec.c:449)
==30762== by 0x551BFD0: cli_session_setup_gensec_local_next (cliconnect.c:997)
==30762== Block was alloc'd at
==30762== at 0x4C306B5: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==30762== by 0x107EA7AE: krb5_init_context_profile (in /usr/lib64/libkrb5.so.3.3)
==30762== by 0xB853215: smb_krb5_init_context_common (krb5_samba.c:3597)
==30762== by 0x794615B: gse_context_init (gse.c:209)
==30762== by 0x794636E: gse_init_client (gse.c:268)
==30762== by 0x7947602: gensec_gse_client_start (gse.c:786)
==30762== by 0xBC87A3A: gensec_start_mech (gensec_start.c:743)
==30762== by 0xBC87BC6: gensec_start_mech_by_ops (gensec_start.c:774)
==30762== by 0xBC8167F: gensec_spnego_client_negTokenInit_step (spnego.c:633)
==30762== by 0xBC813E2: gensec_spnego_client_negTokenInit_start (spnego.c:537)
==30762== by 0xBC84084: gensec_spnego_update_pre (spnego.c:1943)
==30762== by 0xBC83AE5: gensec_spnego_update_send (spnego.c:1741)
==30762==
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14344
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Tue Apr 14 22:55:51 UTC 2020 on sn-devel-184
Jeremy Allison [Fri, 10 Apr 2020 21:14:25 +0000 (14:14 -0700)]
s3: VFS: Add cmocka test for vfs_full_audit to make sure all arrays are correct.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14343
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Apr 14 17:58:40 UTC 2020 on sn-devel-184
Jeremy Allison [Fri, 10 Apr 2020 20:27:18 +0000 (13:27 -0700)]
s3: VFS: full_audit. Add missing fcntl entry in vfs_op_names[] array.
Found by yannick@in2ip.nl.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14343
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Ralph Boehme [Fri, 10 Apr 2020 11:51:39 +0000 (13:51 +0200)]
s4/torture: fix timeval wrap in torture_libsmbclient_utimes() test
Fixes the following flapping test:
UNEXPECTED(failure): samba4.libsmbclient.utimes.SMB3.utimes(nt4_dc)
REASON: Exception: Exception: ../../source4/torture/libsmbclient/libsmbclient.c:1249:
st.st_mtim.tv_nsec / 1000 was 98181 (0x17F85),
expected
1098181 (0x10C1C5): smbc_utimes did not update msec
https://gitlab.com/samba-team/devel/samba/-/jobs/
506361470
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Sat Apr 11 12:24:00 UTC 2020 on sn-devel-184
Jeremy Allison [Tue, 7 Apr 2020 16:58:08 +0000 (09:58 -0700)]
Update WHATSNEW.txt to explain the vfs_widelinks module addition.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Apr 9 21:21:46 UTC 2020 on sn-devel-184
Jeremy Allison [Tue, 7 Apr 2020 16:47:46 +0000 (09:47 -0700)]
docs-xml: Add a vfs_widelinks manpage.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Tue, 7 Apr 2020 00:44:56 +0000 (17:44 -0700)]
s3: smbd: Reformatting - fix indentation in fd_open().
Now we removed the lp_widelinks() clause we
left an extra {..} level of indirection. Just
reformat to remove it. No logic changes.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Tue, 7 Apr 2020 00:41:42 +0000 (17:41 -0700)]
s3: smbd: Reformatting - fix indentation in check_reduced_name().
Now we removed the lp_widelinks() clause we
left an extra {..} level of indirection. Just
reformat to remove it and update to modern
DBG_ macros. No logic changes
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Tue, 7 Apr 2020 00:36:44 +0000 (17:36 -0700)]
s3: smbd: Always call canonicalize_connect_path() for a share.
Share path definitions don't need to be aware of symlinks.
This is strictly a change in behavior, but the vfs_widelinks
module (if loaded) copes with symlinks in the share definition.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Tue, 7 Apr 2020 00:34:22 +0000 (17:34 -0700)]
s3: smbd: Always call canonicalize_connect_path() for a (synthesized) msdfs-share.
Share path definitions don't need to be aware of symlinks.
This is strictly a change in behavior, but the vfs_widelinks
module (if loaded) copes with symlinks in the share definition.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Tue, 7 Apr 2020 00:33:17 +0000 (17:33 -0700)]
s3: smbd: Remove allowing widelinks in fd_open path.
Widelinks are now always denied, unless the vfs_widelinks
VFS module is loaded.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Tue, 7 Apr 2020 00:31:16 +0000 (17:31 -0700)]
s3: VFS: Remove the lp_widelinks() check from check_reduced_name().
Widelinks are now always denied, unless the vfs_widelinks
VFS module is loaded.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Tue, 7 Apr 2020 00:24:10 +0000 (17:24 -0700)]
s3: smbd: VFS: Add custom initialization for vfs_widelinks.
As the widelinks logic is now moving into a
vfs_widelinks module, we need to custom load
it after the default module is initialized.
That way no changes to smb.conf files are
needed.
We may revisit this for Samba 5.0 and force
people to change their smb.conf files and
explicitly load this as a vfs module if they
want the insecure widelinks behavior.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Mon, 6 Apr 2020 19:18:50 +0000 (12:18 -0700)]
s3: VFS: Add cmocka tests for pathname parsing in vfs_widelinks.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Sat, 4 Apr 2020 01:24:42 +0000 (18:24 -0700)]
VFS: Add vfs_widelinks module.
Hides symlinks from smbd. Will be used to replace
the lp_widelinks() code inside smbd.
Long description of how this module works
with notes is included.
The man page and WHATSNEW.txt update is done
in a later patch in this series.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Samuel Cabrero [Mon, 18 Nov 2019 13:01:52 +0000 (14:01 +0100)]
s3:rpc_server: Improve local dispatching
Craft core structures to dispatch local calls in the same way as remote
ones, removing the special handling in the autogenerated code.
This is also necessary to drop s3 rpc handles implementation.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Apr 8 22:23:05 UTC 2020 on sn-devel-184
Samuel Cabrero [Mon, 18 Nov 2019 15:55:39 +0000 (16:55 +0100)]
spoolss: Add NCALRPC endpoint
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Samuel Cabrero [Thu, 31 Oct 2019 13:31:37 +0000 (14:31 +0100)]
librpc:core: Make find_interface_by_uuid public
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Volker Lendecke [Sun, 5 Apr 2020 11:02:12 +0000 (13:02 +0200)]
smbtree: Align integer types
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Apr 8 16:22:17 UTC 2020 on sn-devel-184
Volker Lendecke [Sun, 5 Apr 2020 11:01:07 +0000 (13:01 +0200)]
libsmb: Move get_ipc_connect_master_ip_bcast() to smbtree.c
... the only user
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Sun, 5 Apr 2020 10:38:01 +0000 (12:38 +0200)]
libsmb: Remove unused cli_NetWkstaUserLogon()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Sun, 5 Apr 2020 10:31:24 +0000 (12:31 +0200)]
smbclient: Simplify browse_host()
We now have the check of the real connection's prootocol, so the
smb.conf's "client min protocol" does not really matter here
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Mon, 30 Mar 2020 19:43:51 +0000 (21:43 +0200)]
libsmb: Respect the full timeval for smbc_utimes()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Mon, 30 Mar 2020 20:08:40 +0000 (22:08 +0200)]
torture: Test smbc_utimes()
Prove that smbc_utimes throws away the tv_nsec field
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Tue, 31 Mar 2020 09:10:55 +0000 (11:10 +0200)]
libsmbclient: Don't throw away nsec fields in stat()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Thu, 26 Mar 2020 13:46:32 +0000 (14:46 +0100)]
libsmb: Remove unused cli_setpathinfo_basic()
We got beyond 1-sec timestamp resolution a while ago...
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Thu, 26 Mar 2020 13:42:39 +0000 (14:42 +0100)]
libsmb: Call cli_setpathinfo_ext() instead of .._basic()
Yes, the formatting is not according to README.Coding, but that's a
patch for another day.
Also, this is no functional change: All callers so far either set
.tv_sec only or set .tv_nsec to SAMBA_UTIME_OMIT.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Thu, 26 Mar 2020 11:29:13 +0000 (12:29 +0100)]
libsmb: Pass "struct timespec" to SMBC_setatr()
Prepare to set higher-precision timestamps. No change in behaviour so
far: The {.tv_nsec=SAMBA_UTIME_OMIT} implicitly sets .tv_sec=0, and
SMBC_setatr() only looks at .tv_sec
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Thu, 26 Mar 2020 13:38:45 +0000 (14:38 +0100)]
smbtorture3: Call cli_setpathinfo_ext() instead of .._basic()
The timestamps were never looked at
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Thu, 26 Mar 2020 13:33:58 +0000 (14:33 +0100)]
libsmb: Make cli_setpathinfo_ext() take structs instead of pointers
This simplifies the next commit: With direct (small) structs on the
stack we don't need declared variables in the callers
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Mon, 30 Mar 2020 13:19:34 +0000 (15:19 +0200)]
libsmb: Use cli_setfileinfo_send() in cli_ftruncate_send()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Mon, 30 Mar 2020 13:16:02 +0000 (15:16 +0200)]
libsmb: Use cli_setfilefinfo_send() in cli_nt_delete_on_close_send()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Mon, 30 Mar 2020 13:12:48 +0000 (15:12 +0200)]
libsmb: Add cli_setfileinfo_send/recv()
Encapsulate TRANSACT2_SETFILEINFO like cli_setpathinfo_send() does for
TRANSACT2_SETPATHINFO.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Thu, 26 Mar 2020 13:24:14 +0000 (14:24 +0100)]
smbclient: Remove function set_remote_times()
This was just a wrapper around cli_setpathinfo_ext() with just one
caller
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Thu, 26 Mar 2020 13:21:15 +0000 (14:21 +0100)]
smbclient: Remove some unnecessary declarations
"cmd_ptr" is a global variable in this file anyway
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Tue, 31 Mar 2020 06:32:10 +0000 (08:32 +0200)]
torture4: Allow DBG output in libsmbclient tests
smbc_new_context() overwrites the global DEBUGLEVEL to 0.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Fri, 20 Mar 2020 12:27:43 +0000 (13:27 +0100)]
lib: Avoid casts in ctdb_packet_dump()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Wed, 25 Mar 2020 21:06:37 +0000 (22:06 +0100)]
libsmb: Remove a typedef
No API change, this is not used publically
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Thu, 12 Mar 2020 12:34:43 +0000 (13:34 +0100)]
lib: Fix a signed/unsigned warning
The types are deliberately distinct, but nwritten is >0 or ==-1, so
this should be okay.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Andreas Schneider [Fri, 3 Apr 2020 09:19:17 +0000 (11:19 +0200)]
gitlab-ci: Add runner for fips compliance testing
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Apr 8 14:45:18 UTC 2020 on sn-devel-184
Andreas Schneider [Mon, 16 Mar 2020 08:39:48 +0000 (09:39 +0100)]
selftest: Force fips mode for openssl in ad_dc_fips
This allows us to test MIT KRB5 and OpenLDAP in FIPS mode.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Andreas Schneider [Fri, 13 Mar 2020 15:15:52 +0000 (16:15 +0100)]
tests: Add test to check the server doesn't allow NTLM
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Andreas Schneider [Fri, 13 Mar 2020 13:36:18 +0000 (14:36 +0100)]
selftest: Start ad_dc_fips with forced fips mode
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Andreas Schneider [Fri, 13 Mar 2020 13:33:08 +0000 (14:33 +0100)]
selftest: Pass force_fips_mode to provision_raw_prepare()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Andreas Schneider [Fri, 13 Mar 2020 13:29:48 +0000 (14:29 +0100)]
selftest: Pass force_fips to provision()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Andreas Schneider [Fri, 13 Mar 2020 13:26:33 +0000 (14:26 +0100)]
selftest: Pass force_fips_mode to provision_ad_dc()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Andreas Schneider [Fri, 13 Mar 2020 12:58:57 +0000 (13:58 +0100)]
selftest: Pass extra_provision_options to provision_raw_prepare()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Andreas Schneider [Fri, 13 Mar 2020 11:39:54 +0000 (12:39 +0100)]
selftest: Add an ad_dc_fips environment
This is not FIPS ready yet.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Andreas Schneider [Fri, 13 Mar 2020 14:32:27 +0000 (15:32 +0100)]
s4:tls: Fix generating TLS RSA certs with FIPS140-2
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Andreas Schneider [Wed, 15 May 2019 06:46:56 +0000 (08:46 +0200)]
s4:samdb: Do not create WDdigests for HTTP if weak crypto is disabled
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Gary Lockyer [Tue, 31 Mar 2020 19:22:08 +0000 (08:22 +1300)]
lib ldb: lmdb init var before calling mdb_reader_check
Initilalise "stale" to zero before passing a pointer to it to
mdb_reader_check.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Apr 7 12:29:00 UTC 2020 on sn-devel-184
Martin Schwenke [Thu, 2 Apr 2020 03:42:21 +0000 (14:42 +1100)]
ctdb-vacuum: Reschedule vacuum event if VacuumInterval has increased
The vacuuming integration tests set VacuumInterval to a very high
number to avoid vacuuming collisions. This is done after the cluster
is healthy, so Samba will have already been started and vacuuming will
already be scheduled *at the default interval* for databases attached
by Samba. This means that vacuuming controls used by vacuuming tests
can still collide with the scheduled vacuuming events.
Add some logic to reschedule a vacuuming event that has fired but
where VacuumInterval has increased since it was originally scheduled.
The increase in VacuumInterval is used as the time offset for
rescheduling the event.
Although this changes production behaviour for the convenience of
testing, the new behaviour is completely reasonable and obeys the
principle of least surprise.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Tue Apr 7 03:04:57 UTC 2020 on sn-devel-184
Martin Schwenke [Fri, 27 Mar 2020 03:38:09 +0000 (14:38 +1100)]
ctdb-vacuum: Store value of VacuumInterval in ctdb_vacuum_handle
No behaviour change. This is final staging to make the next change
completely obvious.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Thu, 2 Apr 2020 03:18:33 +0000 (14:18 +1100)]
ctdb-vacuum: Use vacuum_handle local variables
No behaviour change. This just makes future changes clearer by
avoiding reformatting (or introducing local variables).
Clean up error handling while touching a relevant line.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Andreas Schneider [Fri, 3 Apr 2020 13:40:48 +0000 (15:40 +0200)]
testprogs: Add 'net ads join createupn' test also verifying the keytab
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14336
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Apr 6 19:09:53 UTC 2020 on sn-devel-184
Andreas Schneider [Fri, 3 Apr 2020 13:58:28 +0000 (15:58 +0200)]
s3:libads: Fix ads_get_upn()
This adds the userPrincipalName to ads_find_machine_acct() which
fetches the data for us.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14336
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Andreas Schneider [Thu, 2 Apr 2020 11:43:44 +0000 (13:43 +0200)]
third_party: Update nss_wrapper to version 1.1.11
This fixes strict aliasing which leads to segfaults on certain
architectures, e.g. armv7hl.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
Autobuild-User(master): Samuel Cabrero <scabrero@samba.org>
Autobuild-Date(master): Mon Apr 6 17:34:53 UTC 2020 on sn-devel-184
Ralph Boehme [Mon, 6 Apr 2020 09:03:13 +0000 (11:03 +0200)]
selftest: add two more nbt.dgram flapping tests
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Mon Apr 6 10:43:18 UTC 2020 on sn-devel-184
Ralph Boehme [Mon, 6 Apr 2020 09:02:14 +0000 (11:02 +0200)]
selftest: remove unnecessary .* from flapping enty
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
Andreas Schneider [Mon, 30 Mar 2020 09:52:05 +0000 (11:52 +0200)]
gitlab-ci: Add coverity scan runner
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Noel Power [Fri, 3 Apr 2020 15:05:37 +0000 (16:05 +0100)]
selftest/flapping: mark samba3.nbt.dgram.netlogon.* as flapping
Post SMB1/SMB2 test env split to help in removing smb1
samba3.nbt.dgram.netlogon* fails randomly. It is unrelated as far
as we can see to the changes but must be a side affect of runtime
order or some such.
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Sat Apr 4 01:12:05 UTC 2020 on sn-devel-184
Ralph Boehme [Fri, 3 Apr 2020 07:48:58 +0000 (09:48 +0200)]
smbd: move files_struct.lock_failure_seen to a bitfield
Updated comment in vfs.h explaining ABI change.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Apr 3 20:41:34 UTC 2020 on sn-devel-184
Ralph Boehme [Fri, 3 Apr 2020 06:06:27 +0000 (08:06 +0200)]
smbd: move files_struct.closing to a bitfield
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Fri, 3 Apr 2020 06:02:23 +0000 (08:02 +0200)]
smbd: move files_struct.use_ofd_locks to a bitfield
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Fri, 3 Apr 2020 06:01:45 +0000 (08:01 +0200)]
smbd: move files_struct.backup_intent to a bitfield
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Fri, 3 Apr 2020 05:52:10 +0000 (07:52 +0200)]
smbd: move files_struct.is_sparse to a bitfield
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Fri, 3 Apr 2020 05:48:08 +0000 (07:48 +0200)]
smbd: move files_struct.delete_on_close to a bitfield
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Fri, 3 Apr 2020 05:43:38 +0000 (07:43 +0200)]
smbd: move files_struct.initial_delete_on_close to a bitfield
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Fri, 3 Apr 2020 05:39:34 +0000 (07:39 +0200)]
smbd: move files_struct.aio_write_behind to a bitfield
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 2 Apr 2020 16:21:11 +0000 (18:21 +0200)]
smbd: move files_struct.is_directory to a bitfield
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 2 Apr 2020 15:37:02 +0000 (17:37 +0200)]
smbd: move files_struct.modified to a bitfield
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 2 Apr 2020 15:28:32 +0000 (17:28 +0200)]
smbd: move files_struct.can_write to a bitfield
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 2 Apr 2020 15:18:43 +0000 (17:18 +0200)]
smbd: move files_struct.can_read to a bitfield
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 2 Apr 2020 15:09:36 +0000 (17:09 +0200)]
smbd: move files_struct.can_lock to a bitfield
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 2 Apr 2020 13:39:32 +0000 (15:39 +0200)]
smbd: move files_struct.write_time_forced to a bitfield
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 2 Apr 2020 13:37:15 +0000 (15:37 +0200)]
smbd: move files_struct.update_write_time_on_close to a bitfield
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 2 Apr 2020 13:31:10 +0000 (15:31 +0200)]
smbd: move files_struct.update_write_time_triggered to a bitfield
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Wed, 1 Apr 2020 09:59:10 +0000 (11:59 +0200)]
smbd: move files_struct.kernel_share_modes_taken to a bitfield
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 2 Apr 2020 08:29:15 +0000 (10:29 +0200)]
smbd: reindent if expression in real_write_file()
No change in behaviour.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 2 Apr 2020 08:27:21 +0000 (10:27 +0200)]
smbd: fix if expression that checks when to call vfs_fill_sparse()
Noone complained so far, skip bugreport.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 2 Apr 2020 07:56:46 +0000 (09:56 +0200)]
smbd: reformat an if expression in smbd_smb2_close()
No change in behavour.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 2 Apr 2020 07:23:22 +0000 (09:23 +0200)]
smbd: reformat a function call in rename_internals_fsp()
No change in behaviour.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 2 Apr 2020 07:13:56 +0000 (09:13 +0200)]
smbd: reformat an if expression in reply_readbraw()
No change in behaviour.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 2 Apr 2020 06:16:33 +0000 (08:16 +0200)]
smbd: reformat calling ensure_canon_entry_valid_on_set() in unpack_canon_ace()
No change in behaviour.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Wed, 1 Apr 2020 13:19:51 +0000 (15:19 +0200)]
smbd: CHECK_WRITE macro reformatting
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Wed, 1 Apr 2020 13:08:50 +0000 (15:08 +0200)]
smbd: CHECK_READ_IOCTL macro reformatting
A subsequent commit will replace can_read with something much longer.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Wed, 1 Apr 2020 13:08:50 +0000 (15:08 +0200)]
smbd: CHECK_READ_SMB2 macro reformatting
A subsequent commit will replace can_read with something much longer.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Wed, 1 Apr 2020 13:08:50 +0000 (15:08 +0200)]
smbd: CHECK_READ macro reformatting
A subsequent commit will replace can_read with something much longer.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>