Jeremy Allison [Tue, 29 Sep 2020 20:58:22 +0000 (13:58 -0700)]
s3: smbd: Remove the wrapper srvstr_get_path_req_wcard().
Rename srvstr_get_path_req_wcard() -> srvstr_get_path_req()
as it no longer gets ward status.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Tue, 29 Sep 2020 20:51:46 +0000 (13:51 -0700)]
s3: smbd: Remove srvstr_get_path_wcard() - no longer used.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Tue, 29 Sep 2020 20:48:57 +0000 (13:48 -0700)]
s3: smbd: srvstr_get_path_wcard_posix() is no longer used.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Tue, 29 Sep 2020 20:47:08 +0000 (13:47 -0700)]
s3: smbd: smb_file_rename_information() doesn't need to use the wildcard status of the destination.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Tue, 29 Sep 2020 20:44:15 +0000 (13:44 -0700)]
s3: smbd: SMB1 call_nt_transact_rename() never needs wcard bool.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Tue, 29 Sep 2020 20:26:02 +0000 (13:26 -0700)]
s3: smbd: SMB1 reply_copy(). Use srvstr_get_path_req() not srvstr_get_path_req_wcard()
Now we check the wildcard status elsewhere. Don't pass to filename_convert() either.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Tue, 29 Sep 2020 20:24:29 +0000 (13:24 -0700)]
s3: smbd: SMB1 reply_copy() - set the xxx_has_wild flags from the processed names.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Tue, 29 Sep 2020 20:09:52 +0000 (13:09 -0700)]
s3: smbd: SMB1 reply_mv() no longer needs the XX_has_wcard variables.
Use srvstr_get_path_req() not srvstr_get_path_req_wcard().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Tue, 29 Sep 2020 20:08:01 +0000 (13:08 -0700)]
s3: smbd: SMB1 rename_internals() can figure out the wildcard status of the paths by itself.
No need to pass them as parameters.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Tue, 29 Sep 2020 19:32:02 +0000 (12:32 -0700)]
s3: smbd: SMB1 reply_unlink() - use srvstr_get_path_req() not srvstr_get_path_req_wcard()
Now unlink_internals() checks its own wildcard on the mask.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Tue, 29 Sep 2020 20:40:12 +0000 (13:40 -0700)]
s3: smbd: SMB1 call_trans2findnext() doesn't need the mask_contains_wcard bool.
dptr already knows this.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Tue, 29 Sep 2020 20:31:21 +0000 (13:31 -0700)]
s3: smbd: SMB1 call_trans2findfirst(). Don't need the wildcard status of the mask here.
dptr_create() can work this out all on its own.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Tue, 29 Sep 2020 19:30:53 +0000 (12:30 -0700)]
s3: smbd: unlink_internals() can figure out if the mask has a wildcard on its own.
Doesn't need a parameter for that.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Tue, 29 Sep 2020 19:14:11 +0000 (12:14 -0700)]
s3: smbd: SMB1 reply_fclose() doesn't need wcard, use srvstr_get_path_req() not srvstr_get_path_req_wcard().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Tue, 29 Sep 2020 19:07:39 +0000 (12:07 -0700)]
s3: smbd: SMB1 reply_search(). Use srvstr_get_path_req() not srvstr_get_path_req_wcard()
If we have a wildcard is found by other means now.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Tue, 29 Sep 2020 19:05:53 +0000 (12:05 -0700)]
s3: smbd: SMB1 reply_search(). The dptr already knows if the mask has a wildcard.
Get the value from the dptr instead.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Tue, 29 Sep 2020 18:49:01 +0000 (11:49 -0700)]
s3: smbd: SMB1 reply_search() doesn't actually care if the mask contains a wildcard or not.
Don't pass to filename_convert().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Tue, 29 Sep 2020 18:36:50 +0000 (11:36 -0700)]
s3: smbd: In SMB2 query directory we don't need to do full path resolution of the mask component.
get_original_lcomp() does all the name canonicalization required for the mask.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Tue, 29 Sep 2020 18:13:03 +0000 (11:13 -0700)]
s3: smbd: srvstr_get_path_req_wcard() is now static to reply.c
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Tue, 29 Sep 2020 18:11:43 +0000 (11:11 -0700)]
s3: smbd: SMB1 reply_ntrename() - now we set dest_has_wcard separately we don't need to pass it to filename_convert().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Tue, 29 Sep 2020 18:10:19 +0000 (11:10 -0700)]
s3: smbd: SMB1 reply_ntrename() - now we set dest_has_wcard separately we can use srvstr_get_path_req() instead of srvstr_get_path_req_wcard().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Tue, 29 Sep 2020 18:06:54 +0000 (11:06 -0700)]
s3: smbd: SMB1 reply_ntrename() - set dest_has_wcard from the parsed last component.
We eventually want to remove the last_component_has_wcard out of the srvstr_get_pathXXX()
calls and just use srvstr_get_path_req().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Tue, 29 Sep 2020 03:47:42 +0000 (20:47 -0700)]
s3: smbd: SMB1 reply_ntrename() - Move the call to get_original_lcomp() to before filename_convert() for the destination name.
Simple code re-arrangement to make the next change clear.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Tue, 29 Sep 2020 03:45:55 +0000 (20:45 -0700)]
s3: smbd: SMB1 reply_ntrename() - the source cannot have a wildcard.
Simplify the wildcard processing of the source name.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Tue, 29 Sep 2020 03:12:23 +0000 (20:12 -0700)]
s3: smbd: SMB1 comment out unused UCF_COND_ALLOW_WCARD_LCOMP flag.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Tue, 29 Sep 2020 03:10:32 +0000 (20:10 -0700)]
s3: smbd: SMB1 Remove the crazy semantics in filename_convert_internal() using UCF_COND_ALLOW_WCARD_LCOMP.
In the places where wildcards are allowed in SMB1
we always pass in UCF_ALWAYS_ALLOW_WCARD_LCOMP.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Tue, 29 Sep 2020 03:08:45 +0000 (20:08 -0700)]
s3: smbd: MS-DFS - We no longer ever set UCF_COND_ALLOW_WCARD_LCOMP so don't check for it.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Tue, 29 Sep 2020 03:07:36 +0000 (20:07 -0700)]
s3: smbd: SMB1 reply_ntrename() - the UCF_COND_ALLOW_WCARD_LCOMP makes no sense.
There's either a wildcard in the last component or not. Always use
UCF_ALWAYS_ALLOW_WCARD_LCOMP for calls that can take a wildcard.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Tue, 29 Sep 2020 03:06:04 +0000 (20:06 -0700)]
s3: smbd: SMB1 reply_copy() - the UCF_COND_ALLOW_WCARD_LCOMP makes no sense.
There's either a wildcard in the last component or not. Always use
UCF_ALWAYS_ALLOW_WCARD_LCOMP for calls that can take a wildcard.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Tue, 29 Sep 2020 03:04:51 +0000 (20:04 -0700)]
s3: smbd: SMB1 reply_mv() - the UCF_COND_ALLOW_WCARD_LCOMP makes no sense.
There's either a wildcard in the last component or not. Always use
UCF_ALWAYS_ALLOW_WCARD_LCOMP for calls that can take a wildcard.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Tue, 29 Sep 2020 03:03:08 +0000 (20:03 -0700)]
s3: smbd: SMB1 reply_unlink() - the UCF_COND_ALLOW_WCARD_LCOMP makes no sense.
There's either a wildcard in the last component or not. Always use
UCF_ALWAYS_ALLOW_WCARD_LCOMP for calls that can take a wildcard.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Tue, 29 Sep 2020 18:58:54 +0000 (11:58 -0700)]
s3: smbd: dptr_create() doesn't need a separate wcard_has_wild parameter.
It can figure this out by itself.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Simo Sorce [Fri, 25 Sep 2020 00:59:42 +0000 (20:59 -0400)]
Restrict GSSAPI query to the krb5 mechanism
Otherwise GSSAPI will consult other mechanisms if available and we can
only cope with krb5 credentials here.
Signed-off-by: Simo Sorce <idra@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Sep 30 20:45:23 UTC 2020 on sn-devel-184
Volker Lendecke [Mon, 28 Sep 2020 13:03:41 +0000 (15:03 +0200)]
smbclient: Fix recursive mget
Make do_mget rely on do_list() already doing the recursion in a
breadth-first manner. The previous code called do_list() from within
its callback. Unfortunately the recent simplifications of do_list()
broke this, leading to recursive mget to segfault. Instead of figuring
out how this worked before the simplifications in do_list() (I did
spend a few hours on this) and fixing it, I chose to restructure
do_mget() to not recursively call do_list() anymore but instead rely
on do_list() to do the recursion. Saves quite a few lines of code and
complexity.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14517
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Sep 30 17:23:45 UTC 2020 on sn-devel-184
Volker Lendecke [Mon, 28 Sep 2020 14:29:27 +0000 (16:29 +0200)]
test3: Add a test showing that smbclient recursive mget is broken
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14517
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 28 Sep 2020 12:21:24 +0000 (14:21 +0200)]
smbclient: Slightly simplify do_mget()
Put the prompt query into a separate if-statement, move the "quest"
variable closer to its use
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14517
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 28 Sep 2020 12:11:13 +0000 (14:11 +0200)]
smbclient: Remove the "abort_mget" variable
This was never set to true anywhere in the code
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14517
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 28 Sep 2020 10:31:13 +0000 (12:31 +0200)]
lib: Remove an optimization in string_replace()
Why? This simplifies the code.
Why do I believe we can do this? I don't think this is a very common
operation in critical code paths. Also, next_codepoint() already has
the same optimization. If this turns out to be a measurable
performance issue, we should turn next_codepoint() into a static
inline function doing the 7-bit optimized code path inlined the same
way we did it for tdb_oob(). This way all callers would benefit from
this optimization.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 28 Sep 2020 09:56:33 +0000 (11:56 +0200)]
spoolss: Align some integer types
SPOOLSS_NOTIFY_MSG_CTR->num_groups is defined as uint32_t
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 28 Sep 2020 09:55:57 +0000 (11:55 +0200)]
spoolss: Align some integer types
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sun, 27 Sep 2020 19:05:53 +0000 (21:05 +0200)]
smbd: process.c does not need libsmb.h
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sun, 27 Sep 2020 19:04:40 +0000 (21:04 +0200)]
smbd: Align integer types in gid_in_use()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sun, 27 Sep 2020 11:43:19 +0000 (13:43 +0200)]
libsmb: Make cli_smb2_list() prototype more descriptive
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sun, 27 Sep 2020 09:41:48 +0000 (11:41 +0200)]
libsmb: Make cli_list() prototype more descriptive
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Jeremy Allison [Sun, 27 Sep 2020 05:14:33 +0000 (22:14 -0700)]
s3: smbd: Don't overwrite contents of fsp->aio_requests[0] with NULL via TALLOC_FREE().
They may have been carefully set by the aio_del_req_from_fsp()
destructor so we must not overwrite here.
Found via some *amazing* debugging work from Ashok Ramakrishnan <aramakrishnan@nasuni.com>.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14515
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Sep 30 11:18:43 UTC 2020 on sn-devel-184
Andrew [Fri, 4 Sep 2020 17:24:41 +0000 (13:24 -0400)]
s3:util:net_conf - allow empty path for [homes]
Validation for "net conf addshare" is overly strict. Empty string for
path for homes share is valid.
Signed-off-by: Andrew <awalker@ixsystems.com>
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Sep 24 21:41:12 UTC 2020 on sn-devel-184
Amitay Isaacs [Sun, 13 Sep 2020 23:45:50 +0000 (09:45 +1000)]
provision: BIND 9.17.x is not supported
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14487
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Rowland Penny <rpenny@samba.org>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Thu Sep 24 05:55:43 UTC 2020 on sn-devel-184
Amitay Isaacs [Fri, 11 Sep 2020 02:35:30 +0000 (12:35 +1000)]
provision: Add support for BIND 9.16.x
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14487
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Rowland Penny <rpenny@samba.org>
Amitay Isaacs [Fri, 11 Sep 2020 02:34:07 +0000 (12:34 +1000)]
bind9-dlz: Add support for BIND 9.16.x
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14487
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Rowland Penny <rpenny@samba.org>
Amitay Isaacs [Sun, 13 Sep 2020 23:45:04 +0000 (09:45 +1000)]
provision: BIND 9.15.x is not supported
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14487
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Rowland Penny <rpenny@samba.org>
Amitay Isaacs [Fri, 11 Sep 2020 02:26:21 +0000 (12:26 +1000)]
provision: Add support for BIND 9.14.x
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14487
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Rowland Penny <rpenny@samba.org>
Amitay Isaacs [Fri, 11 Sep 2020 02:24:51 +0000 (12:24 +1000)]
bind9-dlz: Add support for BIND 9.14.x
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14487
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Rowland Penny <rpenny@samba.org>
Amitay Isaacs [Sun, 13 Sep 2020 23:44:10 +0000 (09:44 +1000)]
provision: BIND 9.13.x is not supported
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14487
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Rowland Penny <rpenny@samba.org>
Amitay Isaacs [Fri, 11 Sep 2020 02:16:01 +0000 (12:16 +1000)]
bind9-dlz: Bind 9.13.x switched to using bool as isc_boolean_t instead of int.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14487
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Rowland Penny <rpenny@samba.org>
David Disseldorp [Tue, 22 Sep 2020 22:14:25 +0000 (00:14 +0200)]
ctdb/test_ceph_rados_reclock: check for service registration
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Thu Sep 24 00:52:42 UTC 2020 on sn-devel-184
David Disseldorp [Tue, 22 Sep 2020 21:53:58 +0000 (23:53 +0200)]
ctdb/doc: mention ctdb_mutex_ceph_rados_helper mgr registration
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
David Disseldorp [Tue, 22 Sep 2020 21:17:14 +0000 (23:17 +0200)]
ctdb/ceph: register recovery lock holder with ceph-mgr
The Ceph Manager's service map is useful for tracking the status of
Ceph related services. By registering the CTDB recovery lock holder,
Ceph storage administrators can more easily identify where and when a
CTDB cluster is up and running.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
Volker Lendecke [Wed, 27 May 2020 13:45:58 +0000 (15:45 +0200)]
smbd: Propagate reload-config message to all worker smbds
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Sep 23 20:40:48 UTC 2020 on sn-devel-184
Volker Lendecke [Tue, 22 Sep 2020 11:55:19 +0000 (13:55 +0200)]
libsmb: Fix CID
1467087: Resource leaks
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Sep 23 18:20:36 UTC 2020 on sn-devel-184
Volker Lendecke [Tue, 22 Sep 2020 11:52:57 +0000 (13:52 +0200)]
libsmb: Use talloc_realloc() correctly in resolve_hosts()
On realloc failure the old value is still around
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 22 Sep 2020 11:50:01 +0000 (13:50 +0200)]
libsmb: Protect against rogue getaddrinfo result
Probably a "won't happen", but to me this looked fishy
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 22 Sep 2020 11:49:10 +0000 (13:49 +0200)]
libsmb: README.Coding for resolve_hosts()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 22 Sep 2020 11:47:45 +0000 (13:47 +0200)]
libsmb: Use direct struct initialization
Give the compiler more hints
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Mon, 21 Sep 2020 05:48:43 +0000 (07:48 +0200)]
s3: fix fcntl waf configure check
RN: Fix fcntl waf configure check
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14503
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Sep 21 07:26:54 UTC 2020 on sn-devel-184
Gary Lockyer [Fri, 18 Sep 2020 03:57:34 +0000 (15:57 +1200)]
CVE-2020-1472(ZeroLogon): s4 torture rpc: repeated bytes in client challenge
Ensure that client challenges with the first 5 bytes identical are
rejected.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Sep 18 14:13:17 UTC 2020 on sn-devel-184
Gary Lockyer [Fri, 18 Sep 2020 00:39:54 +0000 (12:39 +1200)]
CVE-2020-1472(ZeroLogon): s4 torture rpc: Test empty machine acct pwd
Ensure that an empty machine account password can't be set by
netr_ServerPasswordSet2
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Thu, 17 Sep 2020 15:27:54 +0000 (17:27 +0200)]
CVE-2020-1472(ZeroLogon): docs-xml: document 'server require schannel:COMPUTERACCOUNT'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Günther Deschner [Thu, 17 Sep 2020 12:42:52 +0000 (14:42 +0200)]
CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: log warnings about unsecure configurations
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Günther Deschner <gd@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Günther Deschner [Thu, 17 Sep 2020 12:23:16 +0000 (14:23 +0200)]
CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: support "server require schannel:WORKSTATION$ = no"
This allows to add expections for individual workstations, when using "server schannel = yes".
"server schannel = auto" is very insecure and will be removed soon.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Günther Deschner <gd@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Günther Deschner [Thu, 17 Sep 2020 12:57:22 +0000 (14:57 +0200)]
CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: refactor dcesrv_netr_creds_server_step_check()
We should debug more details about the failing request.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Günther Deschner <gd@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Stefan Metzmacher [Thu, 17 Sep 2020 11:37:26 +0000 (13:37 +0200)]
CVE-2020-1472(ZeroLogon): s4:rpc_server/netlogon: log warnings about unsecure configurations
This should give admins wawrnings until they have a secure
configuration.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Stefan Metzmacher [Wed, 16 Sep 2020 08:56:53 +0000 (10:56 +0200)]
CVE-2020-1472(ZeroLogon): s4:rpc_server/netlogon: support "server require schannel:WORKSTATION$ = no"
This allows to add expections for individual workstations, when using "server schannel = yes".
"server schannel = auto" is very insecure and will be removed soon.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Stefan Metzmacher [Wed, 16 Sep 2020 08:18:45 +0000 (10:18 +0200)]
CVE-2020-1472(ZeroLogon): s4:rpc_server/netlogon: refactor dcesrv_netr_creds_server_step_check()
We should debug more details about the failing request.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Jeremy Allison [Wed, 16 Sep 2020 19:53:50 +0000 (12:53 -0700)]
CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: protect netr_ServerPasswordSet2 against unencrypted passwords
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Jeremy Allison [Wed, 16 Sep 2020 19:48:21 +0000 (12:48 -0700)]
CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: Fix mem leak onto p->mem_ctx in error path of _netr_ServerPasswordSet2().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Stefan Metzmacher [Wed, 16 Sep 2020 17:20:25 +0000 (19:20 +0200)]
CVE-2020-1472(ZeroLogon): s4:rpc_server/netlogon: protect netr_ServerPasswordSet2 against unencrypted passwords
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Stefan Metzmacher [Wed, 16 Sep 2020 14:17:29 +0000 (16:17 +0200)]
CVE-2020-1472(ZeroLogon): libcli/auth: reject weak client challenges in netlogon_creds_server_init()
This implements the note from MS-NRPC 3.1.4.1 Session-Key Negotiation:
7. If none of the first 5 bytes of the client challenge is unique, the
server MUST fail session-key negotiation without further processing of
the following steps.
It lets ./zerologon_tester.py from
https://github.com/SecuraBV/CVE-2020-1472.git
report: "Attack failed. Target is probably patched."
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Stefan Metzmacher [Wed, 16 Sep 2020 14:15:26 +0000 (16:15 +0200)]
CVE-2020-1472(ZeroLogon): libcli/auth: add netlogon_creds_is_random_challenge() to avoid weak values
This is the check Windows is using, so we won't generate challenges,
which are rejected by Windows DCs (and future Samba DCs).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Stefan Metzmacher [Wed, 16 Sep 2020 14:10:53 +0000 (16:10 +0200)]
CVE-2020-1472(ZeroLogon): s4:rpc_server:netlogon: make use of netlogon_creds_random_challenge()
This is not strictly needed, but makes things more clear.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Stefan Metzmacher [Wed, 16 Sep 2020 14:10:53 +0000 (16:10 +0200)]
CVE-2020-1472(ZeroLogon): s3:rpc_server:netlogon: make use of netlogon_creds_random_challenge()
This is not strictly needed, but makes things more clear.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Stefan Metzmacher [Wed, 16 Sep 2020 14:08:38 +0000 (16:08 +0200)]
CVE-2020-1472(ZeroLogon): libcli/auth: make use of netlogon_creds_random_challenge() in netlogon_creds_cli.c
This will avoid getting rejected by the server if we generate
a weak challenge.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Stefan Metzmacher [Wed, 16 Sep 2020 14:07:30 +0000 (16:07 +0200)]
CVE-2020-1472(ZeroLogon): s4:torture/rpc: make use of netlogon_creds_random_challenge()
This will avoid getting flakey tests once our server starts to
reject weak challenges.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Stefan Metzmacher [Wed, 16 Sep 2020 14:04:57 +0000 (16:04 +0200)]
CVE-2020-1472(ZeroLogon): libcli/auth: add netlogon_creds_random_challenge()
It's good to have just a single isolated function that will generate
random challenges, in future we can add some logic in order to
avoid weak values, which are likely to be rejected by a server.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Björn Jacke [Mon, 7 Sep 2020 21:53:21 +0000 (23:53 +0200)]
nt_printing_ads: add missing printShareName attribute when publishing printers
Without printShareName attribute in LDAP, Windows doesn't list the pinters at all.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9771
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Sep 18 01:58:22 UTC 2020 on sn-devel-184
Björn Jacke [Mon, 7 Sep 2020 18:09:56 +0000 (20:09 +0200)]
cli_winreg_spoolss: handle also printer sharename
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9771
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Björn Jacke [Mon, 7 Sep 2020 21:45:06 +0000 (23:45 +0200)]
srv_spoolss_nt.c: fix wrong value in debug message
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Samuel Cabrero [Tue, 15 Sep 2020 10:32:44 +0000 (12:32 +0200)]
tests: Disable kerberos for weak crypto test
Otherwise the test fails because the client is authenticated using
spnego and gse_krb5, not triggering the weak crypto restrictions.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Thu Sep 17 00:05:51 UTC 2020 on sn-devel-184
Samuel Cabrero [Tue, 15 Sep 2020 11:32:00 +0000 (13:32 +0200)]
selftest: set pid directory in client's smb.conf
Set a pid file directory to avoid the following testparm error:
ERROR: pid directory /usr/local/samba/var/run does not exist
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Samuel Cabrero [Wed, 16 Sep 2020 11:00:33 +0000 (13:00 +0200)]
selftest: Create client directories in a loop
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Jeremy Allison [Wed, 9 Sep 2020 17:58:20 +0000 (10:58 -0700)]
s3: libsmb: Cleanup - in internal_resolve_name() only write the out parameters on success.
All callers already correctly initialize them.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Tue Sep 15 11:33:35 UTC 2020 on sn-devel-184
Jeremy Allison [Wed, 9 Sep 2020 17:48:19 +0000 (10:48 -0700)]
s3: Remove struct ip_service.
---------------
/ \
/ REST \
/ IN \
/ PEACE \
/ \
| |
| struct ip_service |
| |
| |
| 9 August |
| In the year of the |
| pandemic |
| 2020 |
*| * * * | *
_________)/\\_//(\/(/\)/\//\/\////|_)_______
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
Jeremy Allison [Wed, 9 Sep 2020 17:46:49 +0000 (10:46 -0700)]
s3: libsmb: namequery. Rename remove_duplicate_addrs2_sa() to remove_duplicate_addrs2()
It's now the only function.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
Jeremy Allison [Wed, 9 Sep 2020 17:45:21 +0000 (10:45 -0700)]
s3: libsmb: namequery.c: Remove unused remove_duplicate_addrs2().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
Jeremy Allison [Wed, 9 Sep 2020 17:43:45 +0000 (10:43 -0700)]
s3: libsmb: namequery.c: Remove now unused internal_resolve_name() wrapper.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
Jeremy Allison [Wed, 9 Sep 2020 17:42:46 +0000 (10:42 -0700)]
s3: libsmb: namequery.c: Remove now unused convert_ss2service().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
Jeremy Allison [Wed, 9 Sep 2020 17:42:09 +0000 (10:42 -0700)]
s3: libsmb: namequery.c: Remove now unused ip_service_to_samba_sockaddr().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
Jeremy Allison [Wed, 9 Sep 2020 17:41:02 +0000 (10:41 -0700)]
3: libsmb: namequery: Convert _internal_resolve_name() -> internal_resolve_name() returning talloced samba_sockaddr arrays.
Wrapper function internal_resolve_name() is now commented out,
along with the now unused ip_service_to_samba_sockaddr() and
convert_ss2service() functions.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
Jeremy Allison [Wed, 9 Sep 2020 17:24:13 +0000 (10:24 -0700)]
s3: libsmb: namequery: Add utility function sockaddr_array_to_samba_sockaddr_array().
Not yet used. Will help convert _internal_resolve_name() to internal_resolve_name().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
Jeremy Allison [Wed, 9 Sep 2020 17:17:31 +0000 (10:17 -0700)]
s3: libsmb: Rename prioritize_ipv4_list_sa() -> prioritize_ipv4_list() now it's the only use.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
Jeremy Allison [Wed, 9 Sep 2020 17:16:54 +0000 (10:16 -0700)]
s3: libsmb: Remove unused prioritize_ipv4_list().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>