[SCM] Samba Shared Repository - branch v4-18-test created
Stefan Metzmacher
metze at samba.org
Wed Jan 18 16:04:23 UTC 2023
The branch, v4-18-test has been created
at 7105554cb05224373c296f8063498c9366b7f285 (commit)
- Log -----------------------------------------------------------------
commit 7105554cb05224373c296f8063498c9366b7f285
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Nov 2 16:56:31 2022 +0100
bootstrap: Update to Ubuntu 22.04 as base default OS
We'll try to move autobuild to ubuntu 22.04 soon.
Note we leave ubuntu 18.04 for the coverage and 32bit builds
for now. As well as 20.04 for samba-fuzz.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Wed Jan 18 14:17:23 UTC 2023 on atb-devel-224
commit 25aa870fed548805a8cf64037a01ce0c87c6a01f
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Jan 16 22:14:03 2023 +0100
third_party: Update uid_wrapper to version 1.3.0
This is mainly needed in order to have some interaction
with socket_wrapper 1.4.0 regarding the implementation
of syscall().
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Wed Jan 18 12:47:48 UTC 2023 on sn-devel-184
commit 77110bc9e8a09ebefaa42eb4fd3a7449373fec9a
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Jan 16 22:13:35 2023 +0100
third_party: Update socket_wrapper to version 1.4.0
The key feature is support for sendmmsg and recvmmsg,
which is required by modern libuv versions, e.g.
nsupdate -g makes use of libuv, so we need this for samba.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 35ee3e0231ac95cc81dee32eb8efd97e0c3016f9
Author: Volker Lendecke <vl at samba.org>
Date: Wed Jan 18 08:59:17 2023 +0100
ctdb: Fix the build on FreeBSD
"basename" is define in libgen.h included from system/dir.h
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 99de0cf6ff085476191d6f3e63327c5068a233f8
Author: Volker Lendecke <vl at samba.org>
Date: Thu Jan 5 16:06:40 2023 +0100
smbd: Modernize DBG statements in smbXsrv_open_global_store()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit c6f1e3a6a201429e1c9abf027b7abd7eb8fe2f1b
Author: Volker Lendecke <vl at samba.org>
Date: Wed Jan 4 20:09:32 2023 +0100
smbd: Make smbXsrv_open_global_id_to_key() a bit more type-safe
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 824b54174d842a2e9e7a0f5f60998b478b6d82f2
Author: Volker Lendecke <vl at samba.org>
Date: Wed Jan 11 14:07:42 2023 +0100
smbd: Directly initialize key in smbXsrv_open_global_fetch_locked()
Don't leave the key.dptr pointer uninitialized
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 6deee159f1d7fd4876f774d435998d16b89da37d
Author: Volker Lendecke <vl at samba.org>
Date: Wed Jan 4 16:50:01 2023 +0100
smbd: Remove unused smbXsrv_open_global_key_to_id()
This isn't exactly rocket science we would need to keep around
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit a39a3400ba65b4357d3608d2e423576d2b6ed1e3
Author: Volker Lendecke <vl at samba.org>
Date: Wed Jan 4 14:30:28 2023 +0100
smbd: Slightly simplify smbXsrv_open_create()
Move allocation of smbXsrv_open_global0 out of
smbXsrv_open_global_allocate()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit b88db811db9d2c12838e7ca33352b68abf7c64ad
Author: Volker Lendecke <vl at samba.org>
Date: Wed Jan 11 14:01:29 2023 +0100
smbd: Remove smbXsrv_open_global_destructor()
This did not do much.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit d55880d93dc46bf09b4de1a848a1c46e5de2302d
Author: Volker Lendecke <vl at samba.org>
Date: Wed Jan 4 14:05:55 2023 +0100
smbd: Slightly simplify smb2srv_open_recreate()
This moves the bit-fiddling right next to the check we do,
"global_zeros" was only used for this one purpose and its assignment
was a few lines away.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 8fbadada8c00ff7df311bd7868011f01e797a4e8
Author: Björn Baumbach <bb at sernet.de>
Date: Tue Jan 17 12:28:36 2023 +0100
lib/tsocket: fix a typo in the tsocket guide doc
Signed-off-by: Björn Baumbach <bb at sernet.de>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Björn Baumbach <bb at sernet.de>
Autobuild-Date(master): Tue Jan 17 18:23:18 UTC 2023 on sn-devel-184
commit 1289575af2c99d8abd5abfd5d1f90d1664d3e7f2
Author: Björn Baumbach <bb at sernet.de>
Date: Tue Jan 17 12:29:28 2023 +0100
s3/libsmb: fix a typo in parameter description
Signed-off-by: Björn Baumbach <bb at sernet.de>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 5a017b113ed902eb73f2233321d1fbe8d97c10c8
Author: Björn Baumbach <bb at sernet.de>
Date: Tue Jan 17 12:27:01 2023 +0100
samba-tool domain: fix a typo in samba-tool passwordsettings option description
Signed-off-by: Björn Baumbach <bb at sernet.de>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 86fde91621b9190df1a8df290441575ca284e6ed
Author: Björn Baumbach <bb at sernet.de>
Date: Tue Jan 17 12:26:10 2023 +0100
auth/creds: fix a typo in a comment
Signed-off-by: Björn Baumbach <bb at sernet.de>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 3d3d01cda8d3a6d0d18d1b808aa9414e71d56062
Author: Jeremy Allison <jra at samba.org>
Date: Thu Jan 12 11:20:08 2023 -0800
s3: smbd: Tweak openat_pathref_dirfsp_nosymlink() to NULL out fsp->fsp_name after calling fd_close() on intermediate directories, rather than before.
vfs_virusfilter expects a non-NULL fsp->fsp_name to use for printing debugs
(it always indirects fsp->fsp_name). vfs_fruit also does the same, so would
also crash in fruit_close() with 'debug level = 10' and vfs_default:VFS_OPEN_HOW_RESOLVE_NO_SYMLINKS = no
set (we don't test with that which is why we haven't noticed
this before).
Remove knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15283
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Fri Jan 13 08:33:47 UTC 2023 on sn-devel-184
commit c844bff3eca336547c6cedfeeb03adda4eed57c6
Author: Jeremy Allison <jra at samba.org>
Date: Thu Jan 12 10:22:09 2023 -0800
selftest: Show vfs_virusscanner crashes when traversing a 2-level directory tree.
Modify check_infected_read() test to use a 2-level deep
directory.
We must have vfs_default:VFS_OPEN_HOW_RESOLVE_NO_SYMLINKS = no
set on the virusscanner share as otherwise the openat flag
shortcut defeats the test.
Add knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15283
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit 1421969b86bf2eab2d192d4a071080b2d021cd38
Author: Ralph Boehme <slow at samba.org>
Date: Thu Nov 24 16:59:49 2022 +0100
CI: add a test for @GMT mask in SMB1 find
Without FLAGS2_REPARSE_PATH a path containing an @GMT token can be used to
create a file including the @GMT token in the name and a directory list will
also return the file as result. Verified against Windows. Samba behaves exactly
the same.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Jan 13 01:13:01 UTC 2023 on sn-devel-184
commit 425aaf6f7ebecc33463f6ed2f39573e95a72bf55
Author: Volker Lendecke <vl at samba.org>
Date: Thu Jan 12 12:00:26 2023 +0100
lib: Fix a use-after-free in "net vfs getntacl"
Don't hang "sd" off "fsp", which is free'ed before printing
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Thu Jan 12 16:41:07 UTC 2023 on sn-devel-184
commit d278fe4a8478c1108b0f95daa99eb0a4e8fa787c
Author: Volker Lendecke <vl at samba.org>
Date: Thu Jan 12 11:55:04 2023 +0100
lib: Fix out-of-bounds access in print_ace_flags()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 3a458a8198eef40e4e58a6dc10525409188d573f
Author: Volker Lendecke <vl at samba.org>
Date: Thu Jan 12 11:51:50 2023 +0100
lib: Use talloc_asprintf_addbuf() in print_ace_flags()
Simplifies code.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 6dcbea9e0fb09f2d420b2424081bb20d459277fb
Author: Volker Lendecke <vl at samba.org>
Date: Thu Jan 12 12:11:49 2023 +0100
build: Don't compile source3/lib/util_sd.c four times
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 98d84192a03a4f1135eaf1590fb62b16d8bc49c8
Author: Jones Syue <jonessyue at qnap.com>
Date: Thu Jan 12 15:47:20 2023 +0800
s3:utils:mdsearch go to cmdline_messaging_context_free
mdsearch utility would exit earlier with failure in several cases like:
a. samba server is not running yet,
[~] # mdsearch -Uuser%password1 ${server} Public '*=="Samba"'
main: Cannot connect to server: NT_STATUS_CONNECTION_REFUSED
b. spotlight backend service is not ready yet,
[~] # mdsearch -Uuser%password1 ${server} Public '*=="Samba"'
Failed to connect mdssvc
c. mdsearch utility paramters is not as expecred,
[~] # mdsearch -Uuser%password1 ${server} share_not_exist '*=="Samba"'
mdscli_search failed
And in the mean while once mdsearch utility exit earlier with failure,
the lock files are left behind in the directory 'msg.sock' and 'msg.lock'.
If a script to run mdsearch utility in a loop,
this might result in used space slowly growing-up on underlying filesystem.
Supposed to add a new label 'fail_free_messaging',
make it go through the cmdline_messaging_context_free() which deletes the
lock files in the directory msg.sock and msg.lock before mdsearch utility
is exiting with failure.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15284
Signed-off-by: Jones Syue <jonessyue at qnap.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Thu Jan 12 11:40:19 UTC 2023 on sn-devel-184
commit de5d31f452b2445bd92b1746efb05aa096716af8
Author: Jones Syue <jonessyue at qnap.com>
Date: Wed Jan 11 16:59:42 2023 +0800
s3:smbstatus: go to cmdline_messaging_context_free
If the locking.tdb is not found,
(for example, fresh new installed samba server is not running yet)
smbstatus utility would exit earlier,
and lock files are left behind in the directory 'msg.sock' and 'msg.lock'.
Consider that a script to run smbstatus utility in a loop,
this might result in used space slowly growing-up on the underlying filesystem.
Since the samba server is not running yet,
there is no cleanupd daemon could delete these files to reclaim space.
Supposed to use 'ret = 0; goto done;' instead of exit(0),
this would go through the cmdline_messaging_context_free() which deletes
the lock files in the directory msg.sock and msg.lock before smbstatus
utility is exiting.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15282
Signed-off-by: Jones Syue <jonessyue at qnap.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Wed Jan 11 17:08:10 UTC 2023 on sn-devel-184
commit 7ffa732d8280c2e88daab6c3b97de71a3cdfb3ba
Author: Jeremy Allison <jra at samba.org>
Date: Mon Jan 9 17:33:14 2023 -0800
s3: smbd: Move check_fsp_open() and check_fsp() to smb1_reply.c
As these functions can implicitly call reply_nterror(..., NT_STATUS_INVALID_HANDLE)
they should never be available to SMB2 code paths.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Wed Jan 11 08:17:04 UTC 2023 on sn-devel-184
commit 2fe95f6a3020ed2d582f94ab7640e8ef640a1c36
Author: Jeremy Allison <jra at samba.org>
Date: Mon Jan 9 17:22:12 2023 -0800
s3: smbd: Ensure check_fsp_ntquota_handle() doesn't send SMB1 error packets.
check_fsp_ntquota_handle() is called from SMB2 codepaths as
well as from SMB1. Even in the SMB1 cases the callers of
check_fsp_ntquota_handle() handle sendng the error packet when
check_fsp_ntquota_handle returns false so on a 'return false'
we'd end up sending an error packet twice.
The SMB2 callers of check_fsp_ntquota_handle()
already check that fsp is valid, so there's
no danger of us sending an SMB1 error packet
over the SMB2 stream (so I'm not classing
this as a bug to be back-ported).
Fix check_fsp_ntquota_handle() by inlineing
the check_fsp_open() functionality without
the reply_nterror() calls.
This will allow the next commit to move check_fsp_open()
with the implicit reply_nterror() and also check_fsp()
(which calls check_fsp_open()) into the SMB1 smb1_reply.c
file as SMB1-only code.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit 55f4ac65f9120d12ed4059b5c3214e9a97f97205
Author: Jeremy Allison <jra at samba.org>
Date: Mon Jan 9 17:28:06 2023 -0800
s3: smbd: SMB1 check_fsp_open() implicitly calls reply_nterror(.., NT_STATUS_INVALID_HANDLE) on error so don't duplicate in reply_close().
We'd end up sending 2 SMB1 error packets in this case.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit d7bab36ad11eb4d67dcb6b12fc18d421074b9c5e
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Dec 20 09:19:47 2022 +1300
tests/krb5: Use Python bindings for LZ77+Huffman compression
We can now remove our existing decompression implementation in Python.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Jan 10 21:18:01 UTC 2023 on sn-devel-184
commit ae6e76c082d476c260f156ab1eb2501320b8a65e
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Mon Jan 9 15:00:14 2023 +1300
lib/compression: Fix length check
Put the division on the correct side of the inequality.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 5aafff0aab3c284d2d5099e32c9064b741205ced
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Jan 10 13:06:31 2023 +1300
s4:rpc_server/dnsserver: Zero-initialise pointers
Ensuring pointers are always initialised simplifies the code and avoids
compilation errors with FORTIFY_SOURCE=2.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit cbe6fb38ec13adbe06667f16241d61d4e2a80545
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Jan 10 13:06:25 2023 +1300
lib/tfork: Don't overwrite 'ret' in cleanup phase
The cleanup phase of tfork_create() saves errno prior to calling
functions that might modify it, with the intention of restoring it
afterwards. However, the value of 'ret' is accidentally overwritten. It
will always be equal to 0, and hence errno will not be restored.
Fix this by introducing a new variable, ret2, for calling functions in
the cleanup phase.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 01bd234f6af37641017a00da0dec729928ad3060
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Jan 10 13:06:16 2023 +1300
lib/talloc: Zero-initialise chunk pointers
Ensuring pointers are always initialised avoids compilation errors with
FORTIFY_SOURCE=2.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 8ee203467455da0b9f774acbcc44e9b58570d811
Author: Volker Lendecke <vl at samba.org>
Date: Wed Jan 4 12:18:44 2023 +0100
smbd: Use an idtree for local IDs
Volatile file handle IDs are purely per-process, in fact we used a
dbwrap_rbt for this. To get a unique ID we however have the
specialized idtree data structure, we don't need to repeat the
allocation algorithm that already exists there.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Jan 10 01:23:38 UTC 2023 on sn-devel-184
commit b73ecb28a7ac5996e1a8c455d15f41f59d9d8765
Author: Volker Lendecke <vl at samba.org>
Date: Thu Jan 5 10:04:23 2023 +0100
lib: Remove idtree from samba_util.h
No need to recompile the world when only a few files need this.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 743df9009b4b9aa9d6f85a999fa9e5237f96f2b7
Author: Volker Lendecke <vl at samba.org>
Date: Wed Jan 4 12:34:43 2023 +0100
smbd: Simplify smbXsrv_open_set_replay_cache() with dbwrap_store_bystring()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit bac265689acd081c264013d680219078b1ef466d
Author: Volker Lendecke <vl at samba.org>
Date: Wed Jan 4 12:31:26 2023 +0100
smbd: Simplify smbXsrv_open_set_replay_cache() with a struct assignment
Use a direct struct assignment instead of a function call
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 43f041de6567bcb40a8e4564fce66ee08af6cc0b
Author: Volker Lendecke <vl at samba.org>
Date: Wed Jan 4 11:43:59 2023 +0100
lib: Add "starting_id" to idr_get_new_random()
To be used in smbXsrv_open.c, for this we need a lower bound.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit a71288e86bda43caf6feaff22a36942e6595a971
Author: Volker Lendecke <vl at samba.org>
Date: Wed Jan 4 11:29:51 2023 +0100
smbd: Remove smbXsrv_open->db_rec
This was only referenced in smbXsrv_open_close, but it was never
assigned anything but NULL.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit fdca0558efa7a22e98b851480509d2b7f11df2e0
Author: Volker Lendecke <vl at samba.org>
Date: Wed Jan 4 10:13:31 2023 +0100
smbd: Remove a "can't happen" NULL check
This should really not happen, crashing would be the right response.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 0c709cb6b70ed94b82a598bf3fb581ffb7c48200
Author: Volker Lendecke <vl at samba.org>
Date: Wed Jan 4 10:12:22 2023 +0100
smbd: Use talloc_tos() for pushing smbXsrv_open_globalB
Use the toplevel talloc pool
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 88191630d2060ead9698c791e0d708d6e97ab83e
Author: Volker Lendecke <vl at samba.org>
Date: Wed Jan 4 09:52:50 2023 +0100
lib: Use tdb_data_dbg() where appropriate
This changes the talloc hierarchy for a few callers, but as
talloc_tos() was initially designed exactly for this purpose (printing
SIDs in DEBUG), it should be okay.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 9d7c7357a4138989aaaa8311d0fb842968050a37
Author: Volker Lendecke <vl at samba.org>
Date: Wed Jan 4 09:40:06 2023 +0100
lib: Add tdb_data_dbg()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit ea7abdc1308e8a718862539b595fe1b09bc43ed9
Author: Volker Lendecke <vl at samba.org>
Date: Wed Jan 4 08:50:28 2023 +0100
smbd: Avoid explicit ZERO_STRUCT()
Saves a few bytes of .text
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit db25f0a07cff924939914a33068d1d3e4fc1ca3c
Author: Volker Lendecke <vl at samba.org>
Date: Wed Jan 4 06:22:55 2023 +0100
smbd: Move bytes from r/w data to r/o text section
Even const arrays of const strings need to be relocated at startup time.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit e0fc84668ba1ec2048354fb1b674d2673454fde7
Author: Volker Lendecke <vl at samba.org>
Date: Tue Jan 3 19:32:41 2023 +0100
lib: Move 16 bytes to readonly .text segment
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 14f761ec7dde9185717ef178d7fc2118d12ee49e
Author: Volker Lendecke <vl at samba.org>
Date: Tue Jan 3 19:27:50 2023 +0100
lib: Remove unused smb_mkstemp prototype
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 7ee474d9fd180c43f5344b81b6ba0b2fc09f756e
Author: Volker Lendecke <vl at samba.org>
Date: Tue Jan 3 19:14:24 2023 +0100
lib: Move tab_depth() to reg_parse_prs.c
Wow, I did not know we still use prs_struct...
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 6907db5cf0a586db2bfe3a508c753be44bdc317f
Author: Volker Lendecke <vl at samba.org>
Date: Tue Jan 3 18:45:14 2023 +0100
lib: Make map_share_mode_to_deny_mode() static to smbstatus
At some point in the future this might disappear, we should really not
show DOS share modes in smbstatus. Maybe this can't be changed though.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 158314e0b1df76e87fc3b1cd1260e703a21ce1ca
Author: Volker Lendecke <vl at samba.org>
Date: Tue Jan 3 18:41:04 2023 +0100
smbd: Make get_safe_[[SI]VAL|ptr] static to smb1_lanman.c
SMB1-specific, only used there.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 56837f3d3169a02d0d92bd085d9c8250415ce29b
Author: Samuel Cabrero <scabrero at suse.de>
Date: Thu Dec 22 16:32:40 2022 +0100
CVE-2022-38023 s3:rpc_server/netlogon: Avoid unnecessary loadparm_context allocations
After s3 and s4 rpc servers merge the loadparm_context is available in
the dcesrv_context structure.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Mon Jan 9 15:17:14 UTC 2023 on sn-devel-184
commit 02fba22b8c9e9b33ab430555ef45500c45eaa9d1
Author: Samuel Cabrero <scabrero at samba.org>
Date: Mon Jan 9 12:17:48 2023 +0100
CVE-2022-38023 docs-xml/smbdotconf: The "server schannel require seal[:COMPUTERACCOUNT]" options are also honoured by s3 netlogon server.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit a0b97e262318dc56fe663da89b0ee3172b2e7848
Author: Samuel Cabrero <scabrero at suse.de>
Date: Thu Dec 22 11:05:33 2022 +0100
CVE-2022-38023 s3:rpc_server/netlogon: Check for global "server schannel require seal"
By default we'll now require schannel connections with privacy/sealing/encryption.
But we allow exceptions for specific computer/trust accounts.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit ca07f4340ce58a7e940a1123888b7409176412f7
Author: Samuel Cabrero <scabrero at suse.de>
Date: Thu Dec 22 09:29:04 2022 +0100
CVE-2022-38023 s3:rpc_server/netlogon: make sure all _netr_LogonSamLogon*() calls go through dcesrv_netr_check_schannel()
Some checks are also required for _netr_LogonSamLogonEx().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 25300d354c80995997d552581cd91dddaf4bbf48
Author: Samuel Cabrero <scabrero at suse.de>
Date: Thu Dec 22 16:30:26 2022 +0100
CVE-2022-38023 s3:rpc_server/netlogon: Use dcesrv_netr_creds_server_step_check()
After s3 and s4 rpc servers merge we can avoid duplicated code.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 121e7b0e39478c5291100652ac92c263f406076b
Author: Samuel Cabrero <scabrero at suse.de>
Date: Thu Dec 22 14:03:23 2022 +0100
CVE-2022-38023 s4:rpc_server/netlogon: Move schannel and credentials check functions to librpc
Will be used later by s3 netlogon server.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit d9e6b490db3ead7e79bb3ff0c1f9ef8ab8bdc65b
Author: Samuel Cabrero <scabrero at samba.org>
Date: Thu Jan 5 18:13:09 2023 +0100
CVE-2022-38023 s4:rpc_server:wscript: Reformat following pycodestyle
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 3cd18690f83d2f85e847fc703ac127b4b04189fc
Author: Samuel Cabrero <scabrero at suse.de>
Date: Thu Dec 22 16:46:15 2022 +0100
CVE-2022-38023 selftest:Samba3: avoid global 'server schannel = auto'
Instead of using the generic deprecated option use the specific
server require schannel:COMPUTERACCOUNT = no in order to allow
legacy tests for pass.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 8141eae47aad849741beb138fae866c772e4ec4c
Author: Samuel Cabrero <scabrero at suse.de>
Date: Wed Dec 21 15:53:04 2022 +0100
CVE-2022-38023 s3:rpc_server/netlogon: 'server schannel != yes' warning to dcesrv_interface_netlogon_bind
Follow s4 netlogon server changes and move the checks to the RPC bind
hook. Next commits will remove the s3 netr_creds_server_step_check()
function.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 7779050a6765a37cc0c6438309e512782220dcb3
Author: Florian Weimer <fweimer at redhat.com>
Date: Mon Nov 21 14:12:43 2022 +0100
source3/wscript: Remove implicit int and implicit function declarations
This should fix the remaining C89isms in these configure checks.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15281
Signed-off-by: Florian Weimer <fweimer at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Mon Jan 9 11:46:35 UTC 2023 on sn-devel-184
commit d0ee9d5a43072ecbd37327f5dc936c546f97ba34
Author: Florian Weimer <fweimer at redhat.com>
Date: Mon Nov 21 13:53:17 2022 +0100
source3/wscript: Fix detection of major/minor macros
These macros are only available via <sys/sysmacros.h> as of glibc
commit e16deca62e16f645213dffd4ecd1153c37765f17 ("[BZ #19239] Don't
include sys/sysmacros.h from sys/types.h."), which went into
glibc 2.28.
This is different from the usual C99 cleanups because it changes
the configure check result with existing compilers that usually
accept implicit function declarations.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15281
Signed-off-by: Florian Weimer <fweimer at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 75db84b1e59a42737343445c43c41494460c89f0
Author: Florian Weimer <fweimer at redhat.com>
Date: Mon Nov 21 13:37:41 2022 +0100
buildtools/wafsamba: Avoid calling lib_func without a prototype
This is a backport of commit f4c0a750d4adebcf2342a44e85f04526c34
("WAF: Fix detection of linker features")
to buildtools/wafsamba/samba_conftests.py. It fixes the check for
rpath support with compilers in strict C99 mode.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15281
Signed-off-by: Florian Weimer <fweimer at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 7545e2c77b69fc57e436e3ed298fdb68033ce49f
Author: Ralph Boehme <slow at samba.org>
Date: Thu Jan 5 16:25:11 2023 +0100
nsswitch: avoid calling pthread_getspecific() on an uninitialized key
Found by ASAN:
$ bin/stress-nss-libwbclient
...
==1639426==ERROR: AddressSanitizer: unknown-crash on address 0x7f3907d85000 at pc 0x7f3907d649fb bp 0x7ffc6545f5b0 sp 0x7ffc6545f5a8
READ of size 4 at 0x7f3907d85000 thread T0
#0 0x7f3907d649fa in winbind_close_sock ../../nsswitch/wb_common.c:220
#1 0x7f3907d65866 in winbind_destructor ../../nsswitch/wb_common.c:246
#2 0x7f3907da5d3d in _dl_fini /usr/src/debug/glibc-2.35-20.fc36.x86_64/elf/dl-fini.c:142
#3 0x7f3907241044 in __run_exit_handlers (/lib64/libc.so.6+0x41044)
#4 0x7f39072411bf in exit (/lib64/libc.so.6+0x411bf)
#5 0x7f3907229516 in __libc_start_call_main (/lib64/libc.so.6+0x29516)
#6 0x7f39072295c8 in __libc_start_main_impl (/lib64/libc.so.6+0x295c8)
#7 0x56236a2042b4 in _start (/data/git/samba/scratch3/bin/default/nsswitch/stress-nss-libwbclient+0x22b4)
Address 0x7f3907d85000 is a wild pointer inside of access range of size 0x000000000004.
SUMMARY: AddressSanitizer: unknown-crash ../../nsswitch/wb_common.c:220 in winbind_close_sock
The pthread key in wb_global_ctx.key is only initialized if
wb_thread_ctx_initialize() is called via get_wb_global_ctx() -> get_wb_thread_ctx().
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Fri Jan 6 15:04:46 UTC 2023 on sn-devel-184
commit 0d096931196524a2d1bf59470bc629dc9231131e
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Dec 31 01:24:57 2022 +0100
s4:lib/messaging: fix interaction between imessaging_context_destructor and irpc_destructor
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15280
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit c29c487c5ab68560a73012a2dddad78009b08eef
Author: Andreas Schneider <asn at samba.org>
Date: Wed Jan 4 09:39:45 2023 +0100
third_party: Update waf to version 2.0.25
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit dd86376294fd4117521dd550165ee4943ae8bec1
Author: Volker Lendecke <vl at samba.org>
Date: Thu Jan 5 15:17:44 2023 +0100
smbd: Fix indentation
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Thu Jan 5 18:00:17 UTC 2023 on sn-devel-184
commit 17e9758b537e3a43f4f290debdc2b812abb394ed
Author: Volker Lendecke <vl at samba.org>
Date: Thu Jan 5 15:17:14 2023 +0100
smbd: Fix CID 1518901 Logically dead code
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit c1be654988a14ed5ac7fb337716cb8f41daebca1
Author: Volker Lendecke <vl at samba.org>
Date: Thu Jan 5 15:11:10 2023 +0100
smbd: Fix CID 1518902 Use after free
The SMB_REALLOC macro properly deals with failure to realloc, so
overwriting the target variable is correct here.
Signed-off-by: Volker Lendecke <vl at samba.org>
commit 316b8fa4a8ae1f5e48692c2a86c6c1c962953389
Author: Ralph Boehme <slow at samba.org>
Date: Wed Dec 21 14:48:06 2022 +0100
nsswitch: remove winbind_nss_mutex
We're now thread-safe by using TLS, so the global lock isn't needed anymore.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Thu Jan 5 12:34:35 UTC 2023 on sn-devel-184
commit 642a4452ce5b3333c50e41e54bc6ca779686ecc3
Author: Ralph Boehme <slow at samba.org>
Date: Sun Nov 6 16:57:27 2022 +0100
nsswitch: leverage TLS if available in favour over global locking
The global locking can lead to deadlocks when using nscd: when processing the
first request in winbind, when we know we call into code that will recurse into
winbind we call winbind_off() which sets an environment variable which is later
checked here in the nsswitch module.
But with nscd in the stack, we don't see the env variable in nsswitch, so when
we try to acquire the global lock again, it is already locked and we deadlock.
By using a thread specific winbindd_context, plus a few other thread local global
variables, we don't need a global lock anymore.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit ae4a06f4b087c6b247f55716a4b3f59aaa333379
Author: Ralph Boehme <slow at samba.org>
Date: Sun Nov 6 16:57:27 2022 +0100
nsswitch: prepare for removing global locking by using TLS
Switch to using TLS for all global variables. No change in behaviour.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 347f75499e832dc669268c5c1b0368224dbf0374
Author: Ralph Boehme <slow at samba.org>
Date: Mon Oct 31 16:19:21 2022 +0100
nsswitch/stress-nss-libwbclient: also test after fork
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 29a99e5e123465145f0faf66bddd94ecc26d15ff
Author: Ralph Boehme <slow at samba.org>
Date: Tue Nov 15 11:30:28 2022 +0100
libreplace: require TLS support if pthread support is available
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 73e7d3731d87b3c3ed907e718fcba5ed2e293e51
Author: Ralph Boehme <slow at samba.org>
Date: Thu Oct 27 07:51:49 2022 +0200
libreplace: update comment on __thread support
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 9636b40b05b90e5317bb1ef29985ffb91bccf482
Author: Volker Lendecke <vl at samba.org>
Date: Mon Jan 2 16:21:50 2023 +0100
smbd: Use get_dirent_ea_size() also for BOTH_DIRECTORY_INFO
This is a bit more involved as readdir_attr_data needs to be looked
at. The meaning of this if-statements should be the same though,
readdir_attr_data can only be non-NULL if we don't have a reparse
point around. See the beginning of smbd_marshall_dir_entry().
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Wed Jan 4 09:48:37 UTC 2023 on sn-devel-184
commit dc98e564604f4b61fbc6bd41ba8c05ead30e7aa2
Author: Volker Lendecke <vl at samba.org>
Date: Mon Jan 2 16:19:12 2023 +0100
smbd: Factor out get_dirent_ea_size()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 8000c1883748dcf4a5e2c2ea8f90115dff07254a
Author: Volker Lendecke <vl at samba.org>
Date: Mon Jan 2 16:01:10 2023 +0100
pylibsmb: Add reparse tag definitions
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit ecdb225a7c6688f1d8ad53e6f651e7e985297582
Author: Volker Lendecke <vl at samba.org>
Date: Mon Jan 2 14:29:12 2023 +0100
pylibsmb: Get reparse tag when listing directories
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit d4f47d4b86923741ef8644b6aee8fc2faab79d74
Author: Volker Lendecke <vl at samba.org>
Date: Wed Dec 28 23:18:20 2022 +0100
smbd: Modernize a DBG statement
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit eb0e911c73cfc8d1ec348a17de13f71344901f92
Author: Volker Lendecke <vl at samba.org>
Date: Wed Dec 28 23:14:25 2022 +0100
smbd: Shorten a few lines
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 852ce99e2aeea148c3f0d5301ad4e93be9c94630
Author: Volker Lendecke <vl at samba.org>
Date: Fri Dec 23 09:21:25 2022 +0100
smbd: Remove duplicate/unused #defines
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 7a21dc75645040e44a8940e6dad3e064124e918e
Author: Volker Lendecke <vl at samba.org>
Date: Sat Dec 24 14:08:40 2022 +0100
torture: Fix whitespace
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 71610e3633d2a0f58d851f17fc847be25a73002c
Author: Volker Lendecke <vl at samba.org>
Date: Mon Jan 2 09:47:05 2023 +0100
smbd: Move SMB_QUERY_FILE_UNIX_LINK to smb1_trans2.c
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit f48e2489ad7645a9923fbd97a179c85979651f4c
Author: Volker Lendecke <vl at samba.org>
Date: Sat Dec 31 17:41:16 2022 +0100
smbd: Move get_posix_fsp() to smb1_trans2.c
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 6fc64f53a80b192e7309a2c7a3a6b6ba420157d6
Author: Volker Lendecke <vl at samba.org>
Date: Sat Dec 31 17:39:09 2022 +0100
smbd: Move SMB_QUERY_POSIX_ACL to smb1_trans2.c
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 01e14e0fe138f13f64067ae3c932e9564cd7dd4e
Author: Volker Lendecke <vl at samba.org>
Date: Fri Dec 30 16:26:38 2022 +0100
smbd: Move SMB_QUERY_FILE_UNIX_[BASIC|INFO2] to smb1_trans2.c
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 0cfea6079270de7a9b420cb3ad34e31cfdd5d037
Author: Volker Lendecke <vl at samba.org>
Date: Fri Dec 30 22:22:31 2022 +0100
smbd: Remove an unnecessary if-statement
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 65fc2b105a30718cf33241e851f66c345ff2e3e5
Author: Volker Lendecke <vl at samba.org>
Date: Fri Dec 30 22:21:48 2022 +0100
smbd: Remove an unnecessary if-statement
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 4f69b76fa18c8f335919d4859f93bacaabc544ec
Author: Volker Lendecke <vl at samba.org>
Date: Fri Dec 30 20:49:11 2022 +0100
smbd: Move smb_set_posix_acl() to smb1_trans2.c
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 19c41395e556199ee823f24111bb8967c64dc390
Author: Volker Lendecke <vl at samba.org>
Date: Fri Dec 30 20:39:54 2022 +0100
smbd: Make get_posix_fsp() public
This will go static again soon.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit b0dfee968a4f4e2c277eb89b6001d982b1e96cd1
Author: Volker Lendecke <vl at samba.org>
Date: Fri Dec 30 22:15:50 2022 +0100
smbd: smbd_do_qfilepathinfo() does not need lock_data anymore
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit e53988cdea2875719e567d2f792c6bf9da2c8aca
Author: Volker Lendecke <vl at samba.org>
Date: Fri Dec 30 22:12:23 2022 +0100
smbd: Handle SMB_QUERY_POSIX_LOCK() in call_trans2qfileinfo()
smbd_do_qfilepathinfo() does not use the lock data anymore, we can
pass NULL/0 now.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit ad453a3827b375c1cad84096e3840ecff0853212
Author: Volker Lendecke <vl at samba.org>
Date: Fri Dec 30 21:43:06 2022 +0100
smbd: Remove two variables never set after initialization
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 2be0e68ec512b77f525edba904c25c545d2605dd
Author: Volker Lendecke <vl at samba.org>
Date: Fri Dec 30 16:26:38 2022 +0100
smbd: Move SMB_SET_FILE_UNIX_[BASIC|INFO2] to smb1_trans2.c
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 483aa4148093670b08cf9a1cc358dfd7c5982b54
Author: Volker Lendecke <vl at samba.org>
Date: Fri Dec 30 16:23:52 2022 +0100
smbd: Make map_info2_flags_to_sbuf() public
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 1c21fc72e9ab17ee861cbbf4899fe63493ee5d14
Author: Volker Lendecke <vl at samba.org>
Date: Fri Dec 30 16:23:27 2022 +0100
smbd: Make smb_set_file_size() public
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 765f9bcf6669b20bd98b146b3a5f39ba160ac9ea
Author: Volker Lendecke <vl at samba.org>
Date: Thu Dec 29 10:59:45 2022 +0100
smbd: Move handling smb_set_posix_lock() to smb1_trans2.c
Most of this is direct cut&paste without reformatting.
Don't pass SMB_SET_POSIX_LOCK through smbd_do_setfilepathinfo(),
directly handle it in call_trans2setfileinfo() where we know we have a
fsp.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 2cef6fcd6d13b68193a04ef64b3d9717a6d1173b
Author: Volker Lendecke <vl at samba.org>
Date: Thu Dec 29 10:47:12 2022 +0100
smbd: Move smb_set_file_unix_hlink() to smb1_trans2.c
Most of this is direct cut&paste without reformatting.
Don't pass SMB_SET_FILE_UNIX_HLINK through smbd_do_setfilepathinfo(),
directly handle it in call_trans2setpathinfo() where we know we have a
path.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 5273c1da12a2e8e1f34abdbe13051c6de7945900
Author: Volker Lendecke <vl at samba.org>
Date: Thu Dec 29 10:44:33 2022 +0100
smbd: Move smb_set_file_unix_link() to smb1_trans2.c
Most of this is direct cut&paste without reformatting.
Don't pass SMB_SET_FILE_UNIX_LINK through smbd_do_setfilepathinfo(),
directly handle it in call_trans2setpathinfo() where we know we have a
path.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit cabef7246977b19398affb0a323e22b0062c8dac
Author: Volker Lendecke <vl at samba.org>
Date: Thu Dec 29 00:07:21 2022 +0100
smbd: Move smb_posix_unlink() to smb1_trans2.c
Most of this is direct cut&paste without reformatting.
Don't pass SMB_POSIX_PATH_UNLINK through smbd_do_setfilepathinfo(),
directly handle it in call_trans2setpathinfo() where we know we have a
path.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit bcc621a69f90bc556b79eb5b0dd79faddb99a5d3
Author: Volker Lendecke <vl at samba.org>
Date: Thu Dec 29 00:06:58 2022 +0100
smbd: Make smb_set_file_disposition_info() public
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 38b15fada27e8bd6555d0902e94e69b603bf2b32
Author: Volker Lendecke <vl at samba.org>
Date: Wed Dec 28 23:50:53 2022 +0100
smbd: Move smb_posix_open() to smb1_trans2.c
Most of this is direct cut&paste without reformatting.
Don't pass SMB_POSIX_PATH_OPEN through smbd_do_setfilepathinfo(),
directly handle it in call_trans2setpathinfo() where we know we have a
path.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 58287995e5b38914c8357d00172a228e97c1f153
Author: Volker Lendecke <vl at samba.org>
Date: Wed Dec 28 23:47:42 2022 +0100
smbd: Make store_file_unix_basic[_info2] public
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit bad8aa10cd80c03f43b6e2e10b01a6a0ed92fddb
Author: Volker Lendecke <vl at samba.org>
Date: Fri Dec 30 12:23:58 2022 +0100
smbd: Factor out handle_trans2qfilepathinfo_result()
The error handling will be used in other places.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 5f7d16dbefaf26abe161ed32b7383c0bb1e2e7bb
Author: Volker Lendecke <vl at samba.org>
Date: Fri Dec 23 18:20:15 2022 +0100
smbd: Simplify call_trans2qfilepathinfo()
Move the file/path specific preparations to the respective callers.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit d66dc816716c63311c4e1faad089c3a3667b91c8
Author: Volker Lendecke <vl at samba.org>
Date: Fri Dec 23 17:23:36 2022 +0100
smbd: Fix qfileinfo profiling
This ran under qpathinfo profiling
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 3b76bc9689c4a1ac8bed2b9e2d13eb03dedfddc9
Author: Volker Lendecke <vl at samba.org>
Date: Fri Dec 30 10:27:11 2022 +0100
smbd: Remove call_trans2setfilepathinfo()
What's left was just a simple wrapper around smbd_do_setfilepathinfo()
and handle_trans2setfilepathinfo_result()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 5f38f23668b6c3af4515facd37f1f3bea97d32f4
Author: Volker Lendecke <vl at samba.org>
Date: Fri Dec 30 10:13:08 2022 +0100
smbd: Factor out handle_trans2setfilepathinfo_result()
This will be lifted up in the next patches. We can also remove the
REALLOC of *pparams, for this we only ever send 2 NULL bytes that we
stack-allocate now.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit f72572ff6f4cf5529124f8f7d65048ae21603035
Author: Volker Lendecke <vl at samba.org>
Date: Fri Dec 23 17:29:45 2022 +0100
smbd: Simplify call_trans2setfilepathinfo()
Move the file/path specific preparations to the respective callers.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 6619b16fec717813df94c26296270eab96bc4dc8
Author: Volker Lendecke <vl at samba.org>
Date: Fri Dec 23 17:18:30 2022 +0100
smbd: Fix setfileinfo profiling
This ran under setpathinfo profiling
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit c9a6e242d15ee707a2e30f973fd37e80b3225aca
Author: Jeremy Allison <jra at samba.org>
Date: Tue Jan 3 18:28:54 2023 -0800
s3: smbd: Strip any leading '\\' characters if the SMB2 DFS flag is set.
MacOS clients send SMB2 DFS pathnames as \server\share\file\name.
Ensure smbd can cope with this by stipping any leading '\\'
characters from an SMB2 packet with the DFS flag set.
Remove knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15277
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Wed Jan 4 07:46:06 UTC 2023 on sn-devel-184
commit d99d14cbc1db2e59e6c0d6169dd623bfb686fa0f
Author: Jeremy Allison <jra at samba.org>
Date: Tue Jan 3 17:53:17 2023 -0800
s3: smbtorture: Add SMB2-DFS-FILENAME-LEADING-BACKSLASH test.
Shows that we fail to cope with MacOSX clients that send a
(or more than one) leading '\\' character for an SMB2 DFS pathname.
I missed this in earlier tests as Windows, Linux, and
libsmbclient clients do NOT send a leading backslash
for SMB2 DFS paths. Only MacOSX (sigh:-).
Passes against Windows. Adds a knownfail for smbd.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15277
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit 01cdc5e00be78a51f0766634cc7fe50de2088203
Author: Andrew Walker <awalker at ixsystems.com>
Date: Tue Dec 27 10:59:14 2022 -0500
lib/replace - add extra check to bsd_attr_list
The FreeBSD extattr API may return success and truncated
namelist. We need to check for this in bsd_attr_list to
ensure that we don't accidentally read off the end of the
buffer. In the case of a truncated value, the pascal
strings for attr names will reflect the lengths as if
the value were not truncated. For example:
`58DosStrea`
In case of short read we now set error to ERANGE and
fail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15271
Signed-off-by: Andrew Walker <awalker at ixsystems.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Mon Jan 2 14:27:23 UTC 2023 on sn-devel-184
commit a6136b8817414176fd79575ce85b95f142f3c980
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Dec 31 23:24:28 2022 +0000
Happy New Year 2023!
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Sun Jan 1 00:24:02 UTC 2023 on sn-devel-184
commit f28553105be7465026bcc0fcbbed6a1a8c2133dd
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Dec 28 13:50:45 2022 +0100
s3:rpc_server/srvsvc: make sure we (re-)load all shares as root.
This fixes a regression in commit f03665bb7e8ea97699062630f2aa1bac4c5dfc7f
The use of reload_services() has a lot of side effects, e.g. reopen of
log files and other things, which are only useful in smbd, but not in rpcd_classic.
It was also unloading the user and registry shares we loaded a few lines
above.
We need to do all (re-)loading as root, otherwise we won't be able
to read root only smb.conf files, access registry shares, ...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15243
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15266
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Walker <awalker at ixsystems.com>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Thu Dec 29 21:14:02 UTC 2022 on sn-devel-184
commit a00c7395fbc7974a61a70ae54ea6ae6349933de2
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Dec 28 16:18:40 2022 +0100
selftest: add samba3.blackbox.registry_share
This demonstrates the regression introduced by
f03665bb7e8ea97699062630f2aa1bac4c5dfc7f, where
registry shares are no longer listed.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15243
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15266
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Walker <awalker at ixsystems.com>
commit 08be04bb930f8cdb370ea3d3a31907ab475d8989
Author: Andreas Schneider <asn at samba.org>
Date: Thu Dec 22 15:25:49 2022 +0100
s4:setup:tests: Use system ldbdump if we build with system ldb
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Fri Dec 23 15:31:31 UTC 2022 on sn-devel-184
commit 6b4cc4ccbca5a02a339d15b8b3557b5d38d70910
Author: Andreas Schneider <asn at samba.org>
Date: Thu Dec 22 15:29:56 2022 +0100
python:tests: Use system ldbsearch if we built against system libldb
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 9ac8dac6dbbdb470f0fa0878c1fa1aeca172b73a
Author: Andreas Schneider <asn at samba.org>
Date: Thu Dec 22 15:16:04 2022 +0100
python:tests: Use system ldbdump if we build with system ldb
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 11be7d802d33d0376ec5c36ddd8d30d32b088a1e
Author: Andreas Schneider <asn at samba.org>
Date: Thu Dec 22 14:47:25 2022 +0100
python:tests: Use system ldbsearch if we build with system libldb
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 5bed51fc6f001f521ab15bd01f4e30b034b4437b
Author: Andreas Schneider <asn at samba.org>
Date: Thu Dec 22 16:54:30 2022 +0100
nsswitch:tests: Use system_or_builddir_binary() for test_rfc2307_mapping
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit eb6f74bd74f4157caf5dec751f43d23a52aedf77
Author: Andreas Schneider <asn at samba.org>
Date: Thu Dec 22 14:43:45 2022 +0100
testprogs: Use system_or_builddir_binary() for upgradeprovision-oldrelease
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 40eeec0fff8d06b3c5a6e3c92f3fa1a61802092c
Author: Andreas Schneider <asn at samba.org>
Date: Thu Dec 22 14:42:12 2022 +0100
testprogs: Use system_or_builddir_binary() for tombstones-expunge
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 39468deb738e9e8c0c7eff74a3cc6a254eaa9b00
Author: Andreas Schneider <asn at samba.org>
Date: Thu Dec 22 14:37:21 2022 +0100
testprogs: Use system_or_builddir_binary() for test_trust_token
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 1106ef7189eeff49b47c295b5d5df179a3f8b672
Author: Andreas Schneider <asn at samba.org>
Date: Thu Dec 22 14:36:29 2022 +0100
testprogs: Use system_or_builddir_binary() for test_special_group
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 7c46c79a222e22d120632cf3ded739871f66b28f
Author: Andreas Schneider <asn at samba.org>
Date: Thu Dec 22 14:34:00 2022 +0100
testprogs: Use system_or_builddir_binary() for test_primary_group
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 605155f296c19485cfd770509d84f49ca6da43ed
Author: Andreas Schneider <asn at samba.org>
Date: Thu Dec 22 14:32:59 2022 +0100
testprogs: Use system_or_builddir_binary() for test_pkinit_simple
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 56b9723816f5f9bd1adbe39a7c64265122bf49d4
Author: Andreas Schneider <asn at samba.org>
Date: Thu Dec 22 14:31:54 2022 +0100
testprogs: Use system_or_builddir_binary() for test_pkinit_pac
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit c6cd1263275d5a48b98c2796e09f72909fb6455e
Author: Andreas Schneider <asn at samba.org>
Date: Thu Dec 22 14:03:29 2022 +0100
testprogs: Use system_or_builddir_binary() for test_old_enctypes
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 535bc5dca7fdda0b00293f7670f320a6feb14247
Author: Andreas Schneider <asn at samba.org>
Date: Thu Dec 22 14:02:04 2022 +0100
testprogs: Use system_or_builddir_binary() for test_net_ads_dns
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 376ca5a108f4e6e1e34166a7bd6047122f424744
Author: Andreas Schneider <asn at samba.org>
Date: Thu Dec 22 13:45:17 2022 +0100
testprogs: Use system_or_builddir_binary() for test_net_ads
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit d891e59088a20b154f2077be6ed186ae3d17cd7e
Author: Andreas Schneider <asn at samba.org>
Date: Thu Dec 22 13:38:27 2022 +0100
testprogs: Use system_or_builddir_binary() for test_ldb_simple
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit c11f1912c955a56d646526f409d0b42542cafa99
Author: Andreas Schneider <asn at samba.org>
Date: Thu Dec 22 13:34:39 2022 +0100
testprogs: Use system_or_builddir_binary() for test_ldb
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 7baa3e13f262286a0cde4253975955c71b9496d0
Author: Andreas Schneider <asn at samba.org>
Date: Thu Dec 22 13:24:21 2022 +0100
testprogs: Use system_or_builddir_binary() for test_ktpass
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit fa5cba8f6ff954bc19faebed2da2cdce5b337a3a
Author: Andreas Schneider <asn at samba.org>
Date: Thu Dec 22 13:22:36 2022 +0100
testprogs: Use system_or_builddir_binary() for test_kinit_mit
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit c9ca0f796cd63aee1aa7e13d7de15ab9930b8133
Author: Andreas Schneider <asn at samba.org>
Date: Thu Dec 22 13:21:18 2022 +0100
testprogs: Use system_or_builddir_binary() for test_kinit_heimdal
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 6b7e505963539f3d09c43ba9cb4d0dfe9e769187
Author: Andreas Schneider <asn at samba.org>
Date: Thu Dec 22 13:19:27 2022 +0100
testprogs: Use system_or_builddir_binary() for test_client_kerberos
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 6847110004564c2dace796013cca04d6defab836
Author: Andreas Schneider <asn at samba.org>
Date: Thu Dec 22 13:10:34 2022 +0100
testprogs: Use system_or_builddir_binary() for renamedc
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit e6ab157f82c0bf5e8e17f0c6280fdfcd60b15176
Author: Andreas Schneider <asn at samba.org>
Date: Thu Dec 22 13:06:55 2022 +0100
testprogs: Use system_or_builddir_binary() for ldapcmp_restoredc
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 2cfe2664392c6dc1d6505ef96f94621174fa04b2
Author: Andreas Schneider <asn at samba.org>
Date: Thu Dec 22 13:05:05 2022 +0100
testprogs: Use system_or_builddir_binary() for functionalprep
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 4981cb45dbdd6d0059b80f61091c8b97c36abbeb
Author: Andreas Schneider <asn at samba.org>
Date: Thu Dec 22 13:04:25 2022 +0100
testprogs: Use system_or_builddir_binary() for demote-saveddb
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit ee11fafcc91bcd24d94e81f449cd5c637ca95823
Author: Andreas Schneider <asn at samba.org>
Date: Thu Dec 22 13:03:13 2022 +0100
testprogs: Use system_or_builddir_binary() for dbcheck-oldrelease
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 0aa24330c55427f1feb0ce001a93808a23904e96
Author: Andreas Schneider <asn at samba.org>
Date: Thu Dec 22 12:57:39 2022 +0100
testprogs: Use system_or_builddir_binary() for dbcheck and runtime tests
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit e5910d2895ed6f7665f79876de433b861bfdb237
Author: Andreas Schneider <asn at samba.org>
Date: Thu Dec 22 08:36:26 2022 +0100
testprogs: Add system_or_builddir_binary()
This should be used if we use a system or builddir binary.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 9a32c8087a6ecd2aaa46e3f7728c99f862f553a1
Author: Andreas Schneider <asn at samba.org>
Date: Thu Dec 22 13:13:54 2022 +0100
testprogs: Fix remove_directory()
common_test_fns.inc: line 121: [: too many arguments
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 0c931fb301c5137668db671a6d861c5b5769aa18
Author: Andreas Schneider <asn at samba.org>
Date: Fri Nov 18 08:49:29 2022 +0100
waf: Run python tests also with tr_TR locale
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15248
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Fri Dec 23 14:17:31 UTC 2022 on sn-devel-184
commit 24275cd800b05538ae32e29cbe74529076184954
Author: Andreas Schneider <asn at samba.org>
Date: Thu Nov 10 14:44:59 2022 +0100
lib:ldb: Use ldb_ascii_toupper() for case folding
For example there are at least two locales (tr_TR and az_AZ) in glibc
having dotless i transformation different from Latin scripts and GUID
versus Guid comparison would be different there (attribute name would
not match in the test).
See also
https://en.wikipedia.org/wiki/Dotted_and_dotless_I
https://lists.samba.org/archive/samba-technical/2019-December/134659.html
This fixes: LC_ALL=tr_TR.UTF-8 make test
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15248
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit a8f6fa03ef68f086e46539af4d4594b35e638e37
Author: Andreas Schneider <asn at samba.org>
Date: Wed Mar 23 12:45:37 2022 +0100
lib:ldb: Add ldb_ascii_toupper()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15248
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 78ca66a1a54ede649ca9726e81b420993234b1cf
Author: Andreas Schneider <asn at samba.org>
Date: Thu Nov 10 14:46:47 2022 +0100
lib:ldb: Remove trailing white spaces in ldb_private.h
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15248
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit c8e3873e7e6677720c74882bcc63e72fb03e98cc
Author: Andreas Schneider <asn at samba.org>
Date: Wed Mar 23 12:44:07 2022 +0100
lib:ldb: Fix trailing whitespaces in common/ldb_utf8.c
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15248
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 14751e91a5218c168f50e0bd998593f425f7f4c0
Author: Andreas Schneider <asn at samba.org>
Date: Wed Mar 23 12:43:36 2022 +0100
lib:ldb: Fix trailing whitespaces in common/attrib_handlers.c
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15248
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit c515a5b2cc3f66b5d3c3fed5b2bdc70436bc80a9
Author: Volker Lendecke <vl at samba.org>
Date: Mon Dec 19 10:16:51 2022 +0100
smbd: Make send_trans2_replies() static
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Dec 22 20:46:53 UTC 2022 on sn-devel-184
commit 636daef0fef98d79161377aab78ca6c403cb71c3
Author: Volker Lendecke <vl at samba.org>
Date: Tue Dec 20 21:26:10 2022 +0100
smbd: Hide the SMB1 posix symlink behaviour behind UCF_LCOMP_LNK_OK
This will be used in the future to also open symlinks as reparse
points, so this won't be specific to only SMB1 posix extensions.
I have tried to avoid additional flags for several weeks by making
openat_pathref_fsp or other flavors of this to always open fsp's with
symlink O_PATH opens, because I think NT_STATUS_OBJECT_NAME_NOT_FOUND
with a valid stat is a really bad and racy way to express that we just
hit a symlink, but I miserably failed. Adding additional flags (another one
will follow) is wrong, but I don't see another way right now.
Signed-off-by: Volker Lendecke <vl at samba.org>
commit 70b515be9c8fa5ff44cc2c2c1c9829f1591a371b
Author: Volker Lendecke <vl at samba.org>
Date: Tue Dec 20 14:40:26 2022 +0100
smbd: Simplify filename_convert_dirfsp_nosymlink()
Avoid a nested if, the "&&" is easier to understand for me.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit aff8b4fde761dc31dd5a0043ff18abec19db9c07
Author: Volker Lendecke <vl at samba.org>
Date: Tue Dec 20 14:38:02 2022 +0100
smbd: Simplify filename_convert_dirfsp_nosymlink()
Factor out the symlink-case into a more obvious if-statement with less
indentation.
Review with git show -b
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 6e89a16df45f208d9e72c1080d7dff176dd1abf3
Author: Volker Lendecke <vl at samba.org>
Date: Tue Dec 20 14:14:45 2022 +0100
smbd: Reduce indentation in ucf_flags_from_smb_request()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit b20e95fb0a53e74891c043ebdb1375ce53831d91
Author: Volker Lendecke <vl at samba.org>
Date: Fri Dec 2 11:06:38 2022 +0100
smbd: Implement SET_REPARSE_POINT buffer size checks
Partially survives
samba.tests.reparsepoints.ReparsePoints.test_create_reparse
NTTRANS-FSCTL needs changing: Windows 2016 returns INVALID_BUFFER_SIZE
instead of our NOT_A_REPARSE_POINT. This is not the whole story, but
this smbtorture3 change makes autobuild survive.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit f70b38321bf3b9eb86fac99cfefe7927749c9821
Author: Volker Lendecke <vl at samba.org>
Date: Wed Dec 21 14:39:00 2022 +0100
smbd: Rename "ctx" to the more common "mem_ctx" in reparse functions
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 918a71f2a89b6ea4b323cb547ee91e9ce41a9810
Author: Volker Lendecke <vl at samba.org>
Date: Fri Dec 2 11:55:31 2022 +0100
smbd: Print the file name in reparse point functions
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 41249302a389e4e9c2c79a679d033d2331782f5b
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Fri Nov 25 16:43:52 2022 +1300
lib/compression: add simple python bindings
There are four functions, allowing compression and decompression in
the two formats we support so far. The functions will accept bytes or
unicode strings which are treated as utf-8.
The LZ77+Huffman decompression algorithm requires an exact target
length to decompress, so this is mandatory.
The plain decompression algorithm does not need an exact length, but
you can provide one to help it know how much space to allocate. As
currently written, you can provide a short length and it will often
succeed in decompressing to a different shorter string.
These bindings are intended to make ad-hoc investigation easier, not
for production use. This is reflected in the guesses about output size
that plain_decompress() makes if you don't supply one -- either they
are stupidly wasteful or ridiculously insufficient, depending on
whether or not you were trying to decompress a 20MB string.
>>> a = '12345678'
>>> import compression
>>> b = compression.huffman_compress(a)
>>> b
b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 #....
>>> len(b)
262
>>> c = compression.huffman_decompress(b, len(a))
>>> c
b'12345678' # note, c is bytes, a is str
>>> a
'12345678'
>>> d = compression.plain_compress(a)
>>> d
b'\xff\xff\xff\x0012345678'
>>> compression.plain_decompress(d) # no size specified, guesses
b'12345678'
>>> compression.plain_decompress(d,5)
b'12345'
>>> compression.plain_decompress(d,0) # 0 for auto
b'12345678'
>>> compression.plain_decompress(d,1)
b'1'
>>> compression.plain_decompress(a,444)
Traceback (most recent call last):
compression.CompressionError: unable to decompress data into a buffer of 444 bytes.
>>> compression.plain_decompress(b,444)
b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 #...
That last one decompresses the Huffman compressed file with the plain
compressor; pretty much any string is valid for plain decompression.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 9c707b4be27e2a6f79886d3ec8b5066c922b99bd
Author: Andreas Schneider <asn at samba.org>
Date: Thu Dec 22 10:31:11 2022 +0100
s3:client: Fix a use-after-free issue in smbclient
Detected by
make test TESTS="samba3.blackbox.chdir-cache"
with an optimized build or with AddressSanitizer.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15268
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Thu Dec 22 10:52:31 UTC 2022 on sn-devel-184
commit 0d1961267cd9e8f1158a407c5d135514c363f37e
Author: Andreas Schneider <asn at samba.org>
Date: Thu Dec 22 10:36:02 2022 +0100
s3:script: Improve test_chdir_cache.sh
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15268
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit a4ba6fa4c88225d1095189809a51dbdd94c538dc
Author: Andreas Schneider <asn at samba.org>
Date: Wed Dec 21 16:02:18 2022 +0100
autobuild: Don't use deprecated distutils
The distutils package was deprecated in Python 3.10 by PEP 632.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 429bf5ce231c417b678b576096b437d1bd58c348
Author: Andreas Schneider <asn at samba.org>
Date: Wed Dec 21 08:42:49 2022 +0100
third_party: Update resolv_wrapper to version 1.1.8
res_randomid() is marked as deprecated in newer glibc.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Dec 21 21:28:42 UTC 2022 on sn-devel-184
commit 6ec2488387635b61a5c1559240019df3a5052850
Author: Ralph Boehme <slow at samba.org>
Date: Wed Nov 23 14:14:45 2022 +0100
CI: add a test for wbinfo --change-secret-at=DC
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Dec 21 20:05:59 UTC 2022 on sn-devel-184
commit b907013053a4fc68a8fd55c444472ea382b4d5ef
Author: Ralph Boehme <slow at samba.org>
Date: Wed Nov 23 14:10:36 2022 +0100
CI: join ad_member_s3_join to vampire_dc
Currently ad_member_s3_join is only used for testing samba-tool join and that'll
work just fine being joined to vampire_dc instead of ad_dc.
vampire_dc is an additional DC in the SAMBADOMAIN "started" by ad_dc_ntvfs, so
by joining ad_member_s3_join to the SAMBADOMAIN, it is member of a domain with
more then one DC.
Subsequently I'll add a test that needs such an environment.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 52cdf1d93a24a6e5cbdf4e23a28e05971ea5adc3
Author: Ralph Boehme <slow at samba.org>
Date: Tue Nov 22 14:40:07 2022 +0100
wbinfo: Add --change-secret-at=dcname
Add WHATSNEW.txt entry and update wbinfo man page.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 682216aa29eda70885c7756927ebfbe88d655aa4
Author: Ralph Boehme <slow at samba.org>
Date: Tue Nov 22 12:00:14 2022 +0100
libwbclient: add wbc[Ctx]ChangeTrustCredentialsAt()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit eb1d1f19a23807c9951dd178b93f3cfd94f68146
Author: Ralph Boehme <slow at samba.org>
Date: Tue Nov 22 16:09:34 2022 +0100
winbindd: add dcname arg to ChangeMachineAccount request
Existing callers will pass an empty string, later a new caller will pass an
explicit DC name taken from the wbinfo command line.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 4a74748d329083e3e31201ecaf49f1fb1f2721c8
Author: Ralph Boehme <slow at samba.org>
Date: Tue Nov 22 14:23:21 2022 +0100
winbindd: Add force_dc to bypass cached connection and DC lookup
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 0fcf00121afd0d67c3e0eee11f8490c32e2f58a7
Author: Ralph Boehme <slow at samba.org>
Date: Thu Nov 24 12:17:32 2022 +0100
winbindd: More simplification of cm_open_connection()
This basically moves the functionality to connect the socket to the currently
preferred DC to a new helper function connect_preferred_dc() that is called from
the renamed function find_new_dc().
find_dc() now either returns a connected to the preferred DC or a new DC until
all possible DCs are exhausted and cm_open_connection() can just call find_dc()
to get a connected socket and pass it to cm_prepare_connection().
While at it reorder the args of find_dc() and make the only real out arg "fd"
the last one.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 7315c5f4a5dd08216885f4a7588f57753de6038d
Author: Ralph Boehme <slow at samba.org>
Date: Thu Nov 24 15:18:23 2022 +0100
winbindd: simplify cm_open_connection()
Simplify to retry logic: if cm_prepare_connection() succeeded just exit the
retry loop, only if it failed check the "retry" variable.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit ccb6b75482c80572862ca7a189bfe26565f23b45
Author: Ralph Boehme <slow at samba.org>
Date: Thu Nov 24 12:15:13 2022 +0100
winbindd: simplify find_new_dc()
Remove the dcname and pss args from find_new_dc(). The caller passes in the
domain anyway, so let's fill in domain->dcname and domain->dcaddr directly.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 2e496efe8c29dc0342ddd09cb61e253132fe17f9
Author: Ralph Boehme <slow at samba.org>
Date: Thu Nov 24 11:54:14 2022 +0100
winbindd: do an early exit in cm_open_connection()
Best viewed with git show -w. No change in behaviour.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 94b70d1ed92a6fac4a679ccc959c63c49d918349
Author: David Mulder <dmulder at samba.org>
Date: Mon Dec 12 10:05:16 2022 -0700
gp: Don't hide managed/recommended directories
Making these variables hidden prevents the parent
class gp_chromium_ext from reading them when
subclassed in gp_chrome_ext. This caused the
chrome policies to be installed in the chromium
directories.
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Dec 21 03:05:46 UTC 2022 on sn-devel-184
commit 0a1778cde011fecb000f5b7e6f43920f5ab59da0
Author: David Mulder <dmulder at samba.org>
Date: Fri Dec 9 10:31:49 2022 -0700
gp: Ensure rsop is tested for every CSE
A bug cropped up in the rsop that was causing a
crash because this wasn't being tested.
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit c435c105c511bd984b6d1bda3964100ad5ec2c31
Author: David Mulder <dmulder at samba.org>
Date: Fri Dec 9 09:40:34 2022 -0700
gp: Fix rsop when final value isn't a str
The output must be a string value, or it will
crash. Chromium policies output integers, which
was causing the parser to crash.
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 74598eeef72e6b260393df7451c957d7fde1f59a
Author: David Mulder <dmulder at samba.org>
Date: Thu Dec 8 15:15:15 2022 -0700
gp: Enable gpupdate output when testing
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 6710c50f54025d8174aacd17515d58ff50e6d28a
Author: David Mulder <dmulder at samba.org>
Date: Wed Dec 7 10:17:38 2022 -0700
gp: Ensure policy changes don't leave files behind
This test exercises the gp_file_applier and
ensures that when a policy is modified, no old
policy is left behind.
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit e6156b135021db5a6335bb8779acefff2f6a0bd3
Author: David Mulder <dmulder at samba.org>
Date: Wed Dec 7 09:51:12 2022 -0700
gp: Re-create files if manually removed
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit d170d8cfbb4571af8b66f1dcd7355a598b0abd1f
Author: David Mulder <dmulder at samba.org>
Date: Wed Dec 7 09:49:53 2022 -0700
gp: Test that files are re-created if manually removed
Currently applied files which are manually
removed do not get re-applied.
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 5037d402a54a0010382cc7825e6fba4322ba18b4
Author: David Mulder <dmulder at samba.org>
Date: Tue Dec 6 11:12:34 2022 -0700
gp: Modify Chromium CSE to use new files applier
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit f36542b50c70de74144b9e2e94e91944e8536421
Author: David Mulder <dmulder at samba.org>
Date: Tue Dec 6 08:56:24 2022 -0700
gp: Modify Cert Auto Enroll CSE to use new applier
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit acdc7fbe8985a16d41075b72f54a96f217c3f884
Author: David Mulder <dmulder at samba.org>
Date: Mon Dec 5 10:41:27 2022 -0700
gp: Modify Centrify Crontab compatible CSE to use new files applier
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit f20ca1a7db29ec2ccf3ef5de58a578aa7dfc4964
Author: David Mulder <dmulder at samba.org>
Date: Fri Dec 2 15:42:58 2022 -0700
gp: Modify Startup Scripts CSE to use new files applier
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit fb512e068033b49b7e8bc6baa6040b032d6b99c1
Author: David Mulder <dmulder at samba.org>
Date: Fri Dec 2 14:51:27 2022 -0700
gp: Modify GNOME Settings CSE to use new files applier
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit f3e24a325ea6d2d574f42f0e7f9f1e1fb040366c
Author: David Mulder <dmulder at samba.org>
Date: Tue Nov 29 14:01:13 2022 -0700
gp: Modify Machine Scripts CSE to use new files applier
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 64f4930dc0d46c21fefd8a798534b58670036faa
Author: David Mulder <dmulder at samba.org>
Date: Tue Nov 29 08:04:35 2022 -0700
gp: Modify Files CSE to use new files applier
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 2953329ba07cb7de6c8df1718779b7c9045d3910
Author: David Mulder <dmulder at samba.org>
Date: Mon Nov 28 13:37:52 2022 -0700
gp: Modify Sudoers CSEs to use new files applier
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 81dbcae9dfba2f2dd7b5e7e04f9ababca02ed49b
Author: David Mulder <dmulder at samba.org>
Date: Fri Nov 18 15:03:41 2022 -0700
gp: Modify OpenSSH CSE to use new files applier
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 50f4c3d44e1c99210e754c5aeff85f7c9ac9ed2b
Author: David Mulder <dmulder at samba.org>
Date: Fri Nov 18 14:22:17 2022 -0700
gp: Modify PAM Access CSE to use new files applier
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 3f7105894c1b65cb4b26702d1111a9fb35bb561c
Author: David Mulder <dmulder at samba.org>
Date: Fri Nov 18 14:04:13 2022 -0700
gp: Modify Symlink CSE to use new files applier
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 5715281918fc10a4840f682a9c314e0e0ae84ee3
Author: David Mulder <dmulder at samba.org>
Date: Fri Nov 18 13:59:32 2022 -0700
gp: Implement appliers for monitoring policy changes
This is currently a significant drawback of Samba
Group Policy. CSEs MUST be aware of policy changes
such as modification, removal, etc. This is a
complex process, and is easy to mess up. Here I
add 'appliers' (the first being for files), which
handle the complexty transparently to ensure this
is done correctly.
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 5b19288949e97a5af742ff2719992d56f21e364a
Author: Andrew Walker <awalker at ixsystems.com>
Date: Mon Dec 19 08:17:47 2022 -0500
s3:params:lp_do_section - protect against NULL deref
iServiceIndex may indicate an empty slot in the ServicePtrs
array. In this case, lpcfg_serivce_ok(ServicePtrs[iServiceIndex])
may trigger a NULL deref and crash. Skipping the check
here will cause a scan of the array in add_a_service() and the
NULL slot will be used safely.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15267
Signed-off-by: Andrew Walker <awalker at ixsystems.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Dec 20 18:49:54 UTC 2022 on sn-devel-184
commit 57ff5a33e9f4f1ff9677e44e75005e713b0a5607
Author: Andreas Schneider <asn at samba.org>
Date: Fri Dec 2 09:44:58 2022 +0100
s4:torture: Fix stack variable used out of scope in test_devicemode_full()
==17828==ERROR: AddressSanitizer: stack-use-after-scope on address 0x7ffc37790230 at pc 0x7fc37e2a3a11 bp 0x7ffc3778fec0 sp 0x7ffc3778feb8
READ of size 16 at 0x7ffc37790230 thread T0
#0 0x7fc37e2a3a10 in ndr_push_spoolss_GetPrinter librpc/gen_ndr/ndr_spoolss.c:27123
#1 0x7fc380629b30 in dcerpc_binding_handle_call_send ../../librpc/rpc/binding_handle.c:416
#2 0x7fc38062a132 in dcerpc_binding_handle_call ../../librpc/rpc/binding_handle.c:553
#3 0x7fc37ed113c9 in dcerpc_spoolss_GetPrinter_r librpc/gen_ndr/ndr_spoolss_c.c:1947
#4 0x5570ba6c4d03 in test_devicemode_full ../../source4/torture/rpc/spoolss.c:2249
#5 0x5570ba6e61ea in test_PrinterInfo_DevModes ../../source4/torture/rpc/spoolss.c:2384
#6 0x5570ba6e61ea in test_PrinterInfo_DevMode ../../source4/torture/rpc/spoolss.c:2488
#7 0x5570ba6e61ea in test_printer_dm ../../source4/torture/rpc/spoolss.c:9082
#8 0x7fc37fc7b67d in wrap_test_with_simple_test ../../lib/torture/torture.c:808
#9 0x7fc37fc7d40b in internal_torture_run_test ../../lib/torture/torture.c:516
#10 0x7fc37fc7d87c in torture_run_tcase_restricted ../../lib/torture/torture.c:581
#11 0x7fc37fc7deb2 in torture_run_suite_restricted ../../lib/torture/torture.c:435
#12 0x5570ba89a65d in run_matching ../../source4/torture/smbtorture.c:95
#13 0x5570ba89a6e4 in run_matching ../../source4/torture/smbtorture.c:105
#14 0x5570ba89a6e4 in run_matching ../../source4/torture/smbtorture.c:105
#15 0x5570ba89b3e4 in torture_run_named_tests ../../source4/torture/smbtorture.c:172
#16 0x5570ba89f3e0 in main ../../source4/torture/smbtorture.c:750
#17 0x7fc37c62c5af in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
#18 0x7fc37c62c678 in __libc_start_main_impl ../csu/libc-start.c:381
#19 0x5570ba49e824 in _start ../sysdeps/x86_64/start.S:115
Address 0x7ffc37790230 is located in stack of thread T0 at offset 160 in frame
#0 0x5570ba6c4562 in test_devicemode_full ../../source4/torture/rpc/spoolss.c:2186
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Dec 20 06:55:45 UTC 2022 on sn-devel-184
commit e3c9bea002d6ea94bcd4dd37670f07f7e4098aff
Author: Andreas Schneider <asn at samba.org>
Date: Fri Dec 2 10:44:16 2022 +0100
s4:torture: Pass the dcerpc struct 's' for SetPrinter down to the macro
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 34ae731b89f79998b6f3c21965d35b41e4e513da
Author: Andreas Schneider <asn at samba.org>
Date: Fri Dec 2 09:44:58 2022 +0100
s4:torture: Pass the dcerpc struct 'q' for GetPrinter down to the macro
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 0dc5f807690baae002f5c35c920663cc6c3617e0
Author: Andreas Schneider <asn at samba.org>
Date: Thu Dec 1 10:32:00 2022 +0100
s4:torture: Fix stack variable used out of scope in test_devmode_set_level()
==12122==ERROR: AddressSanitizer: stack-use-after-scope on address 0x7fff494dd900 at pc 0x7fdaebea71e3 bp 0x7fff494dd430 sp 0x7fff494dd428
READ of size 4 at 0x7fff494dd900 thread T0
#0 0x7fdaebea71e2 in ndr_push_spoolss_SetPrinterInfo8 librpc/gen_ndr/ndr_spoolss.c:8618
#1 0x7fdaebea71e2 in ndr_push_spoolss_SetPrinterInfo librpc/gen_ndr/ndr_spoolss.c:8796
#2 0x7fdaebea7482 in ndr_push_spoolss_SetPrinterInfoCtr librpc/gen_ndr/ndr_spoolss.c:9163
#3 0x7fdaebea7580 in ndr_push_spoolss_SetPrinter librpc/gen_ndr/ndr_spoolss.c:27000
#4 0x7fdaee3e1b30 in dcerpc_binding_handle_call_send ../../librpc/rpc/binding_handle.c:416
#5 0x7fdaee3e2132 in dcerpc_binding_handle_call ../../librpc/rpc/binding_handle.c:553
#6 0x7fdaecb103fd in dcerpc_spoolss_SetPrinter_r librpc/gen_ndr/ndr_spoolss_c.c:1722
#7 0x559a7294c2f1 in test_SetPrinter ../../source4/torture/rpc/spoolss.c:1293
#8 0x559a7297b4d4 in test_devmode_set_level ../../source4/torture/rpc/spoolss.c:2126
#9 0x559a7299cfa1 in test_PrinterInfo_DevModes ../../source4/torture/rpc/spoolss.c:2344
#10 0x559a7299cfa1 in test_PrinterInfo_DevMode ../../source4/torture/rpc/spoolss.c:2489
#11 0x559a7299cfa1 in test_printer_dm ../../source4/torture/rpc/spoolss.c:9083
#12 0x7fdaeda9867d in wrap_test_with_simple_test ../../lib/torture/torture.c:808
#13 0x7fdaeda9a40b in internal_torture_run_test ../../lib/torture/torture.c:516
#14 0x7fdaeda9a87c in torture_run_tcase_restricted ../../lib/torture/torture.c:581
#15 0x7fdaeda9aeb2 in torture_run_suite_restricted ../../lib/torture/torture.c:435
#16 0x559a72b51668 in run_matching ../../source4/torture/smbtorture.c:95
#17 0x559a72b516ef in run_matching ../../source4/torture/smbtorture.c:105
#18 0x559a72b516ef in run_matching ../../source4/torture/smbtorture.c:105
#19 0x559a72b523ef in torture_run_named_tests ../../source4/torture/smbtorture.c:172
#20 0x559a72b563eb in main ../../source4/torture/smbtorture.c:750
#21 0x7fdaea42c5af in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
#22 0x7fdaea42c678 in __libc_start_main_impl ../csu/libc-start.c:381
#23 0x559a72755824 in _start ../sysdeps/x86_64/start.S:115
Address 0x7fff494dd900 is located in stack of thread T0 at offset 32 in frame
#0 0x559a7297b111 in test_devmode_set_level ../../source4/torture/rpc/spoolss.c:2090
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 5c25e262e7dce3b40c9c4982444ce965a139b490
Author: Ralph Boehme <slow at samba.org>
Date: Fri Dec 16 10:43:11 2022 +0100
tests: add a Python test for case insensitive access
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Dec 20 01:32:07 UTC 2022 on sn-devel-184
commit 44a44005a6b3222c599d4757d60af924b9cea459
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed Dec 7 09:27:00 2022 +1300
compression/huffman: debug function bails upon disaster (CID 1517261)
We shouldn't get a node with a zero code, and there's probably nothing
to do but stop.
CID 1517261 (#1-2 of 2): Bad bit shift operation
(BAD_SHIFT)11. negative_shift: In expression j >> offset - k,
shifting by a negative amount has undefined behavior. The shift
amount, offset - k, is -3.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon Dec 19 23:29:04 UTC 2022 on sn-devel-184
commit 628f14c149772dc4277c004018b8f02420fa3997
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed Dec 7 09:17:17 2022 +1300
compression/huffman: double check distance in matches (CID 1517278)
Because we just wrote the intermediate representation to have no zero
distances, we can be sure it doesn't, but Coverity doesn't know. If
distance is zero, `bitlen_nonzero_16(distance)` would be bad.
CID 1517278 (#1 of 1): Bad bit shift operation
(BAD_SHIFT)41. large_shift: In expression 1 << code_dist, left
shifting by more than 31 bits has undefined behavior. The shift
amount, code_dist, is 65535.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 6b4d94c9877ec59081b9da946c00fa2647cad928
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed Dec 7 09:08:11 2022 +1300
compression: fix sign extension of long matches (CID 1517275)
Very long matches would be written instead as very very long matches.
We can't in fact hit this because we have a MAX_MATCH_LENGTH defined
as 64M, but if we could, it might make certain 2GB+ strings impossible
to compress.
CID 1517275 (#1 of 1): Unintended sign extension
(SIGN_EXTENSION)sign_extension: Suspicious implicit sign extension:
intermediate[i + 2UL] with type uint16_t (16 bits, unsigned) is
promoted in intermediate[i + 2UL] << 16 to type int (32 bits, signed),
then sign-extended to type unsigned long (64 bits, unsigned). If
intermediate[i + 2UL] << 16 is greater than 0x7FFFFFFF, the upper bits
of the result will all be 1.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit baba440ffaaf849e14e31862649767227e8c6432
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Tue Dec 6 11:28:58 2022 +1300
compression tests: avoid div by zero in failure (CID 1517297)
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit b99e0e9301d14574ed24181ce300ea61558d4d02
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Tue Dec 6 11:26:47 2022 +1300
compression/tests: calm the static analysts (CID: numerous)
None of our test vectors are 18446744073709551615 bytes long, which
means we can know an `expected_length == returned_length` check will
catch the case where the compression function returns -1 for error. We
know that, but Coverity doesn't.
It's the same thing over and over again, in two different patterns:
>>> CID 1517301: Memory - corruptions (OVERRUN)
>>> Calling "memcmp" with "original.data" and "original.length" is
suspicious because of the very large index, 18446744073709551615. The index
may be due to a negative parameter being interpreted as unsigned.
393 if (original.length != decomp_written ||
394 memcmp(decompressed.data,
395 original.data,
396 original.length) != 0) {
397 debug_message("\033[1;31mgot %zd, expected %zu\033[0m\n",
398 decomp_written,
*** CID 1517299: Memory - corruptions (OVERRUN)
/lib/compression/tests/test_lzxpress_plain.c: 296 in
test_lzxpress_plain_decompress_more_compressed_files()
290 debug_start_timer();
291 written = lzxpress_decompress(p.compressed.data,
292 p.compressed.length,
293 dest,
294 p.decompressed.length);
295 debug_end_timer("decompress", p.decompressed.length);
>>> CID 1517299: Memory - corruptions (OVERRUN)
>>> Calling "memcmp" with "p.decompressed.data" and
"p.decompressed.length" is suspicious because of the very large index,
18446744073709551615. The index may be due to a negative parameter being
interpreted as unsigned.
296 if (written == p.decompressed.length &&
297 memcmp(dest, p.decompressed.data, p.decompressed.length)
== 0) {
298 debug_message("\033[1;32mdecompressed %s!
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit d6a67908e13dd46b3bd336adae97e26920bb7f90
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Tue Dec 6 11:24:22 2022 +1300
compression/huffman: check again for invalid codes (CID 1517302)
We know that code is non-zero, because it comes from the combination of
the intermediate representation and the symbol tables that were generated
at the same time. But Coverity doesn't know that, and it thinks we could
be doing undefined things in the subsequent shift.
CID 1517302: Integer handling issues (BAD_SHIFT)
In expression "1 << code_bit_len", shifting by a negative amount has
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 27af27f9018b8bf32eac8ae79401354f6f18a4c6
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed Dec 7 12:01:32 2022 +1300
compression/huffman: tighten bit_len checks (fix SUSE -O3 build)
The struct write_context bit_len attribute is always between 0 and 31,
but if the next patches are applied without this, SUSE GCC -O3 will
worry thusly:
../../lib/compression/lzxpress_huffman.c: In function
‘lzxpress_huffman_compress’:
../../lib/compression/lzxpress_huffman.c:953:5: error: assuming signed
overflow does not occur when simplifying conditional to constant
[-Werror=strict-overflow]
if (wc->bit_len > 16) {
^
cc1: all warnings being treated as errors
Inspection tell us that the invariant holds. Nevertheless, we can
safely use an unsigned type and insist that over- or under- flow is
bad.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit e7489be7be4d05a75a7d31275654260f84a64c79
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Sun Dec 4 11:47:56 2022 +1300
fuzz: fix lzxpress plain round-trip fuzzer
The 'compressed' string can be about 9/8 the size of the decompressed
string, but we didn't allow enough memory in the fuzz target for that.
Then when it failed, we didn't check.
Credit to OSSFuzz.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 6f77b376d470dd318f0a9699b3528018ce8ea49a
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Sun Dec 4 11:33:29 2022 +1300
compression/huffman: avoid semi-defined behaviour in decompress
We had
output[output_pos - distance];
where output_pos and distance are size_t and distance can be greater
than output_pos (because it refers to a place in the previous block).
The underflow is defined, leading to a big number, and when
sizeof(size_t) == sizeof(*uint8_t) the subsequent overflow works as
expected. But if size_t is smaller than a pointer, bad things will
happen.
This was found by OSSFuzz with
'UBSAN_OPTIONS=print_stacktrace=1:silence_unsigned_overflow=1'.
Credit to OSSFuzz.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 80c0b416892bfacc0d919fe032461748d7962f05
Author: Andrew <awalker at ixsystems.com>
Date: Fri Dec 16 08:16:10 2022 -0800
rpc_server:srvsvc - retrieve share ACL via root context
share_info.tdb has permissions of 0o600 and so we need
to become_root() prior to retrieving the security info.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15265
Signed-off-by: Andrew Walker <awalker at ixsystems.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon Dec 19 20:41:15 UTC 2022 on sn-devel-184
commit 87fddbad78d9a9f6fe922efb7a87ded01996d6ec
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Jun 17 07:36:01 2019 -0700
smbd/locking: make use of the same tdb hash_size and flags for all SMB related tdb's
It's good to have a consistent set of hash_size/flags for all aspects of
an open file handle. Currently we're using 4 databases:
smbXsrv_open_global.tdb, leases.tdb, locking.tdb and brlock.tdb.
While at it also crank up the hashsize if the smbXsrv_tcon and smbXsrv_session
TDBs. The default TDB hash size is insanely small and disk space is cheap these
days, by going with the much larger hash size we get O(1) lookup instead of O(n)
for moderate to large loads with a few thousand objects.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Mon Dec 19 16:40:15 UTC 2022 on sn-devel-184
commit 07617a344e1a6864401ace0b42083985131c480f
Author: Günther Deschner <gd at samba.org>
Date: Wed Nov 9 16:21:16 2022 +0100
s4-auth: fix sam test binary ntstatus include path
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Dec 16 21:35:45 UTC 2022 on sn-devel-184
commit f7cc00f7308a1476579151778ad4254c9debbab2
Author: Günther Deschner <gd at samba.org>
Date: Thu Aug 18 16:35:29 2016 +0200
s3-librpc: use nbt_server_type in ads.idl
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 39e8489dfc51b2293afa13d58b167819b46918dc
Author: Günther Deschner <gd at samba.org>
Date: Wed Aug 17 11:58:02 2016 +0200
s3-librpc: add ads.idl and convert ads_struct to talloc.
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 89828c64c9a8114bb5f596bc007a7c126e803d80
Author: Volker Lendecke <vl at samba.org>
Date: Thu Dec 15 19:14:48 2022 +0100
libsmb: Simplify clistr_is_previous_version_path()
Nobody looks at the out params anymore
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Fri Dec 16 08:42:18 UTC 2022 on sn-devel-184
commit 833cb4cb8126dcbee914551bcd2e852cec67786c
Author: Volker Lendecke <vl at samba.org>
Date: Thu Dec 15 19:10:09 2022 +0100
libsmb: Slightly simplify cli_smb2_create_fnum_send()
We can now write to fname directly.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit c64c8af6d4b121b0fa7ebe13b5c7c28ee9cc8053
Author: Jeremy Allison <jra at samba.org>
Date: Thu Dec 15 13:32:35 2022 -0800
libsmb: Use clistr_smb2_extract_snapshot_token() in cli_smb2_create_fnum_send()
Now that fname is writable, we can avoid a bit of complexity with
clistr_smb2_extract_snapshot_token()
Signed-off-by: Volker Lendecke <vl at samba.org>
Signed-off-by: Jeremy Allison <jra at samba.org>
commit 157a79f0ca45a19db0826a7b49ab0582e8191a68
Author: Jeremy Allison <jra at samba.org>
Date: Thu Dec 15 13:26:49 2022 -0800
s3: lib: Add new clistr_smb2_extract_snapshot_token() function.
Strips @GMT from client pathnames for SMB2 (uses '\\' separator).
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit fdc6449a3fdfb342184d6a30f22d8cf9cf708841
Author: Jeremy Allison <jra at samba.org>
Date: Thu Dec 15 13:24:12 2022 -0800
s3: smbd: Make extract_snapshot_token() a wrapper for extract_snapshot_token_internal().
Allows us to pass in path separator from a new function without
changing existing calling code.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit 96d68c6b8aef33d6a227f3b52c241140cc0e8246
Author: Volker Lendecke <vl at samba.org>
Date: Thu Dec 15 18:54:58 2022 +0100
libsmb: Make a r/w copy of fname in cli_smb2_create_fnum_send()
We're messing with this in 2 places in this routine and have to make a
copy in both places. Make this writable, so we don't have to make a
copy further down.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 9189bd9c9c126b8983781a8de075efc9fe7fdfa5
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Dec 5 22:18:45 2022 +1300
build: Convert winexe to use enabled= in wscript
This also allows --without-winexe to stop building the .exe files even if
the compilers are present on the system.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15264
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Fri Dec 16 07:41:38 UTC 2022 on sn-devel-184
commit ddbb8f1999e9e949e3ef0db7cef94115feeb8148
Author: Volker Lendecke <vl at samba.org>
Date: Mon Dec 12 21:20:07 2022 +0100
lib: Move 448 bytes from R/W data segment to R/O text
The linker has to relocate the pointers in the array at startup, save
that. I know we have bigger .data blobs, but every bit counts :-)
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Dec 15 22:51:06 UTC 2022 on sn-devel-184
commit c5bc9f732fe45bc3a8099f57a1e771cda0036154
Author: Volker Lendecke <vl at samba.org>
Date: Mon Dec 12 21:02:29 2022 +0100
lib: Avoid an includes.h
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 148b86b2ce0a844a8d497c227d998371fc72c339
Author: Volker Lendecke <vl at samba.org>
Date: Mon Dec 12 21:02:17 2022 +0100
lib: Align an integer type
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit bb94ec26557f3d254ce3391d83c200ac3a05abdd
Author: Volker Lendecke <vl at samba.org>
Date: Mon Dec 12 21:20:07 2022 +0100
tdb: Move 160 bytes from R/W data segment to R/O text
The linker has to relocate the pointers in the array at startup, save
that. I know we have bigger .data blobs, but every bit counts :-)
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit e2ccd822037ac14cdedd971fde3a315922c0d135
Author: Volker Lendecke <vl at samba.org>
Date: Mon Dec 5 11:51:28 2022 +0100
smbd: Remove a pointless NULL check from readlink_talloc()
We should never call this without the place to put the target in.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 88848bc07325cec651a57443f5998a411403774a
Author: Volker Lendecke <vl at samba.org>
Date: Fri Dec 2 12:05:14 2022 +0100
smbd: Use direct struct initialization, avoid explicit ZERO_STRUCT()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit c26f7fcc625a365cf943151437953d3dbb0d1159
Author: Volker Lendecke <vl at samba.org>
Date: Mon Dec 5 16:33:37 2022 +0100
smbd: Fix a debug message
This used to be openat_pathref_nostream() at some point back
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 7fcbae4e4940c8d89717c4fa4199d57d69c1d3a4
Author: Volker Lendecke <vl at samba.org>
Date: Thu Dec 15 19:06:20 2022 +0100
libsmb: Don't mess up pathnames in cli_smb2_create_fnum_send()
Master-only bug introduced with dd9cdfb3b14: smb2_dfs_share_path() can
change the length of fname, and if it happens that the original length
hits a \ in the enlarged filename, we cut it off.
Found by accident, this really made me scratch my head when looking at
traces :-)
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 17bbd6ec4c2607afeadd91a29c245054a6ca6828
Author: Volker Lendecke <vl at samba.org>
Date: Wed Dec 14 17:35:17 2022 +0100
smbd: Add "posix" flag to openat_pathref_dirfsp_nosymlink()
Don't do the get_real_filename() retry if we're in posix context of if
the connection is case sensitive.
The whole concept of case sensivity blows my brain. In SMB1 without
posix extensions it's a per-request thing. In SMB2 without posix
extensions this should just depend on "case sensitive = yes/no", and
in future SMB2 posix extensions this will become a per-request thing
again, depending on the existence of the posix create context.
Then there are other semantics that are attached to posix-ness, which
have nothing to do with case sensivity. See for example merge request
2819 and bug 8776, or commit f0e1137425f. Also see
check_path_syntax_internal().
This patch uses the same flags as openat_pathref_fsp_case_insensitive()
does, but I am 100% certain this is wrong in a subtle way.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Thu Dec 15 11:30:04 UTC 2022 on sn-devel-184
commit 612c8da01cf54be1268f2fe27fb187161cc2d0b3
Author: Volker Lendecke <vl at samba.org>
Date: Wed Dec 14 18:05:04 2022 +0100
tests: Show that in smb1 posix we don't treat dirs as case sensitive
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 897f08f7a039a1ca837eb5054ca7d8ba9a6e747e
Author: Andreas Schneider <asn at samba.org>
Date: Mon Dec 5 11:03:25 2022 +0100
testprogs: Use new kerberos options for samba-tool in test_kpasswd_mit.sh
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Dec 14 23:56:50 UTC 2022 on sn-devel-184
commit bc5e8ba9f3aa67cff5d0420f8422b8f4765789b6
Author: Andreas Schneider <asn at samba.org>
Date: Mon Dec 5 08:40:08 2022 +0100
testprogs: Use new kerberos options for samba-tool in test_export_keytab_mit.sh
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 773659baaffd7530f3aaa2fca947709b57ad7cea
Author: Andreas Schneider <asn at samba.org>
Date: Sat Dec 3 20:56:08 2022 +0100
testprogs: Use new kerberos options for ldb and samba-tool in test_kinit_mit.sh
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit ecfa4e190a6d48db4e7b514c9011aa139a5b2ac4
Author: David Mulder <dmulder at samba.org>
Date: Wed Dec 14 14:24:24 2022 -0700
gp: Fix GNOME Settings writing unreadable user profile
This file must be readable by all users,
otherwise the policy doesn't get read or applied.
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 194f6661d665105a9433d4edb02ba70e1b70a396
Author: David Mulder <dmulder at samba.org>
Date: Wed Dec 14 14:23:48 2022 -0700
gp: Fix Firewalld RSoP output skipping Zones
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit c12518a9b6275602fd654a0dc47903d10843e91e
Author: Volker Lendecke <vl at samba.org>
Date: Wed Dec 14 13:58:25 2022 +0100
smbd: Remove source3/smbd/statcache.c
After I found that nobody calls stat_cache_add() anymore, there was no
reason to keep the rest of statcache.c.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit d04db4a576978be49b2c5c6533103cf8cab2f0b6
Author: Volker Lendecke <vl at samba.org>
Date: Wed Dec 14 13:44:50 2022 +0100
vfs: Fix whitespace
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit b94fd4229d77ef150530eb434006adff346151f5
Author: Volker Lendecke <vl at samba.org>
Date: Tue Dec 13 17:38:25 2022 +0100
smbd: Slightly simplify set_current_case_sensitive()
Remove a global cache of calculating case sensivity. The calculation
is really simple: It only references a bool per-share parameter and a
global variable. I really doubt there is any measurable benefit from
this cache, and if there was, I don't care if SMB1 gets a tiny bit
slower in response to reduced global state.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit d48481118bc5e2dd8999fc112967a99e508ddf80
Author: Volker Lendecke <vl at samba.org>
Date: Tue Dec 13 17:33:29 2022 +0100
smbd: Slightly simplify set_current_case_sensitive()
Assert this isn't called from SMB2
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 49fdf8f9ec967fb39f88f54752b2bf25e89672e5
Author: Volker Lendecke <vl at samba.org>
Date: Tue Dec 13 17:31:53 2022 +0100
smbd: Make set_current_case_sensitive() static
This is a SMB1-only thing
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit eb5df255faea7326a7b85c1e7ce5a66119a27c3a
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Dec 14 10:37:41 2022 +0100
s4:libnet: correctly handle gnutls_pbkdf2() errors
We should not ignore the error nor should we map
GNUTLS_E_UNWANTED_ALGORITHM to NT_STATUS_WRONG_PASSWORD,
instead we use NT_STATUS_CRYPTO_SYSTEM_INVALID as in most other places
in the same file.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15206
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Björn Baumbach <bbaumbach at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Wed Dec 14 13:35:20 UTC 2022 on sn-devel-184
commit 53d558365161be1793dad78ebcce877c732f2419
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Dec 14 10:32:31 2022 +0100
s4:libnet: fix error string for failing samr_ChangePasswordUser4()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15206
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Björn Baumbach <bbaumbach at samba.org>
commit ac78cb71d69d0307a668311e94e7181db6ad840e
Author: Volker Lendecke <vl at samba.org>
Date: Wed Nov 30 14:48:33 2022 +0100
libads: Save intermediate NULL checks with talloc_asprintf_addbuf()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Dec 14 05:29:51 UTC 2022 on sn-devel-184
commit 300ad4ff1273b8656986e4e7853418c9238122ca
Author: Volker Lendecke <vl at samba.org>
Date: Wed Nov 30 14:44:13 2022 +0100
lib: Save intermediate NULL checks with talloc_asprintf_addbuf()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 4156d37db177b3b047fc0a448912d9bcb9354994
Author: Volker Lendecke <vl at samba.org>
Date: Wed Nov 30 14:28:54 2022 +0100
winbind: Save lines with talloc_asprintf_addbuf()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit f25b6de771df587e58a28ae417bb5a2f596ec5a2
Author: Volker Lendecke <vl at samba.org>
Date: Wed Nov 30 14:23:26 2022 +0100
winbind: Save an intermediate NULL check with talloc_asprintf_addbuf()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit fa8a657b91c123849eb40f74dbce6974ec04338b
Author: Volker Lendecke <vl at samba.org>
Date: Tue Nov 29 10:48:25 2022 +0100
auth4: Save lines with talloc_asprintf_addbuf() in authsam_domain_group_filter()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 6b6f8debb5dedf1520a7bedfa0277849f70683dd
Author: Volker Lendecke <vl at samba.org>
Date: Tue Nov 29 10:46:42 2022 +0100
libcldap: Save lines in cldap_netlogon_create_filter() with talloc_asprintf_addbuf()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit c86112fe90b6ebd2f4206c9c2f78b845543cb96e
Author: Volker Lendecke <vl at samba.org>
Date: Tue Nov 29 10:37:03 2022 +0100
dns_server: Use talloc_asprintf_addbuf() in b9_format()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit cbcf7f0d21b146b52bf472a3627b7ea8cd3d0b80
Author: Volker Lendecke <vl at samba.org>
Date: Mon Nov 28 11:25:32 2022 +0100
lib: Use talloc_asprintf_addbuf() in rdn_name_add()
Add implicit NULL checks
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit ffba59b5c0b584d503f223dd5bcde84799b5d0c5
Author: Volker Lendecke <vl at samba.org>
Date: Mon Nov 28 11:07:25 2022 +0100
lib: Use talloc_asprintf_addbuf() in ldb_module_call_chain()
This was exactly what talloc_asprintf_addbuf() does.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit fe8895c83c560f424edd35d9394414c2801127d2
Author: Volker Lendecke <vl at samba.org>
Date: Mon Nov 28 11:01:16 2022 +0100
lib: Use talloc_asprintf_addbuf() in print_socket_options()
With the proper NULL checks we don't need the stackframe,
use a passed in context instead.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit bcdbe6ef6b59ae3638f263fbd5ddf4107c3f52cf
Author: Volker Lendecke <vl at samba.org>
Date: Mon Nov 28 10:58:46 2022 +0100
lib: Use talloc_asprintf_addbuf() in ldif_write_prefixMap()
The first call of talloc_asprintf_append() did not have a NULL check.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit c692b5c95bdc0d96ab7797a59b94addaa1c80d94
Author: Volker Lendecke <vl at samba.org>
Date: Mon Nov 28 10:55:04 2022 +0100
lib: Use talloc_asprintf_addbuf() in str_list_join_shell()
This adds proper NULL checks via talloc_asprintf_addbuf()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 2c7766c28f2801d0b103d6a5046098810a4f0bee
Author: Volker Lendecke <vl at samba.org>
Date: Mon Nov 28 10:43:06 2022 +0100
lib: Use talloc_asprintf_addbuf() in str_list_join()
This adds intermediate NULL checks via talloc_asprintf_addbuf()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 101396ab765a5cad90b43165253c960b579a2f1d
Author: Volker Lendecke <vl at samba.org>
Date: Mon Nov 28 10:38:50 2022 +0100
lib: Use talloc_asprintf_addbuf() in debug.c
Slightly simplify debug_list_class_names_and_levels()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit ccb5bafe93eb431ba53569b5176317bcbdeae322
Author: Volker Lendecke <vl at samba.org>
Date: Mon Nov 28 10:19:54 2022 +0100
lib: Move talloc_asprintf_addbuf() to talloc
I wanted to use this in debug.c, but this would have meant to pollute
debug's deps with a lot of stuff. Also, looking through uses of
talloc_asprint_append(), very many of those don't do NULL checks
properly and could benefit from the _addbuf() flavor. We can add a
vasprintf variant later if the need shows up.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 7870e82cb4405a983f106a119203f1e193cb2f12
Author: Volker Lendecke <vl at samba.org>
Date: Mon Nov 28 08:35:57 2022 +0100
lib: Fix whitespace
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 5955dc1e4fde7c1335cae5c7fd9bef71fd3fab3c
Author: Ralph Boehme <slow at samba.org>
Date: Fri Dec 2 09:49:11 2022 +0100
smbd: set long process name of smbd child processes to "smbd: <CLIENT IP>"
The resulting process listings, depending on the format chosen for the process
name, show the relevant smbd processes like this:
$ ps faxo pid,uid,comm | egrep "\_.*smbd" | grep -v grep
1690322 0 \_ smbd
1690326 0 \_ smbd-notifyd
1690327 0 \_ smbd-cleanupd
1690337 0 \_ smbd[::1]
$ ps faxo pid,uid,args | egrep "\_.*smbd" | grep -v grep
1690322 0 \_ ./bin/smbd -D
1690326 0 \_ smbd: notifyd
1690327 0 \_ smbd: cleanupd
1690337 0 \_ smbd: client [::1]
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Dec 14 02:47:24 UTC 2022 on sn-devel-184
commit fc57b88e6a93d59ad243364a513d33cecf66e4ab
Author: Ralph Boehme <slow at samba.org>
Date: Sat Dec 3 17:04:33 2022 +0100
smbd: remove process shortname arg from reinit_after_fork()
All callers pass NULL anyway, so it isn't used anymore.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 38ba7d1476c1bdb5bbde70c45b47d12ab1699516
Author: Ralph Boehme <slow at samba.org>
Date: Sat Dec 3 16:59:39 2022 +0100
smbd: remove process shortname arg from smbd_reinit_after_fork()
All callers already do this explicitly by calling process_set_title().
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 62cc0bbab0a5146f7fdc8b3865b662b0f55f89d2
Author: Ralph Boehme <slow at samba.org>
Date: Sat Dec 3 16:56:20 2022 +0100
smbd: explicitly call process_set_title()
Currently setting the shortname is achieved via the final arg to
smbd_reinit_after_fork(), but I'm going to remove that arg soon.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 096295a6fe348937a8f23b5064f14896b59e35e6
Author: Ralph Boehme <slow at samba.org>
Date: Thu Dec 1 18:18:29 2022 +0100
winbindd: Use process_set_title() instead of setproctitle()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 1b62dfa68d07a2cdec76b635e82fd9b099a43c41
Author: Ralph Boehme <slow at samba.org>
Date: Fri Dec 2 15:39:25 2022 +0100
s4/samba: use process_set_title()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 969e062724f39d7406fddfd335533f8c24cb641d
Author: Ralph Boehme <slow at samba.org>
Date: Fri Dec 2 15:38:44 2022 +0100
lib/util: use process_set_title() in tfork()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 14571c5cc47ccc1d168f38c65d786b61492485d9
Author: Ralph Boehme <slow at samba.org>
Date: Fri Dec 2 15:36:39 2022 +0100
smbd: prepare smbd for calling setproctitle()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 19c82c19c009eefe975ae95c8b709fc93f5f4c39
Author: Ralph Boehme <slow at samba.org>
Date: Fri Dec 2 15:17:20 2022 +0100
lib/util: add process_set_title()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 987cba90573f955fe9c781830daec85ad4d5bf92
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Nov 29 14:14:32 2022 +0100
CVE-2022-37966 python:/tests/krb5: call sys.path.insert(0, "bin/python") before any other imports
This allows the tests to be executed without an explicit
PYTHONPATH="bin/python".
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Tue Dec 13 14:06:14 UTC 2022 on sn-devel-184
commit d1999c152acdf939b4cd7eb446dd9921d3edae29
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Dec 6 12:55:45 2022 +0100
CVE-2022-37966 samba-tool: add 'domain trust modify' command
For now it only allows the admin to modify
the msDS-SupportedEncryptionTypes values.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
commit cca3c024fc514bee79bb60a686e470605cc98d6f
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Nov 30 09:39:19 2022 +0100
CVE-2022-37966 s4:kdc: apply restrictions of "kdc supported enctypes"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 36d0a495159f72633f1f41deec979095417a1727
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Nov 29 14:13:36 2022 +0100
CVE-2022-37966 param: Add support for new option "kdc supported enctypes"
This allows admins to disable enctypes completely if required.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit fa64f8fa8d92167ed15d1109af65bbb4daab4bad
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Nov 30 09:05:51 2022 +0100
CVE-2022-37966 param: let "kdc default domain supportedenctypes = 0" mean the default
In order to allow better upgrades we need the default value for smb.conf to the
same even if the effective default value of the software changes in future.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 7504a4d6fee7805aac7657b9dab88c48353d6db4
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Nov 30 09:02:41 2022 +0100
CVE-2022-37966 param: don't explicitly initialize "kdc force enable rc4 weak session keys" to false/"no"
This is not squashed in order to allow easier backports...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit fde745ec3491a4fd7b23e053a67093a2ccaf0905
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Mar 24 15:44:40 2022 +0100
CVE-2022-37966 s4:kdc: announce PA-SUPPORTED-ETYPES like windows.
We need to take the value from the msDS-SupportedEncryptionTypes
attribute and only take the default if there's no value or
if the value is 0.
For krbtgt and DC accounts we need to force support for
ARCFOUR-HMAC-MD5 and AES encryption types and add the related bits
in addtition. (Note for krbtgt msDS-SupportedEncryptionTypes is
completely ignored the hardcoded value is the default, so there's
no AES256-SK for krbtgt).
For UF_USE_DES_KEY_ONLY on the account we reset
the value to 0, these accounts are in fact disabled completely,
as they always result in KRB5KDC_ERR_ETYPE_NOSUPP.
Then we try to get all encryption keys marked in
supported_enctypes, and the available_enctypes
is a reduced set depending on what keys are
actually stored in the database.
We select the supported session key enctypes by the available
keys and in addition based on AES256-SK as well as the
"kdc force enable rc4 weak session keys" option.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13135
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 1dfa91682efd3b12d7d6af75287efb12ebd9e526
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Nov 29 17:11:01 2022 +0100
CVE-2022-37966 python:tests/krb5: test much more etype combinations
This tests work out the difference between
- msDS-SupportedEncryptionTypes value or it's default
- software defined extra flags for DC accounts
- accounts with only an nt hash being stored
- the resulting value in the KRB5_PADATA_SUPPORTED_ETYPES announcement
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13135
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit c7c576208960e336da276e251ad7a526e1b3ed45
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Nov 29 20:59:52 2022 +0100
CVE-2022-37966 python:tests/krb5: add better PADATA_SUPPORTED_ETYPES assert message
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 77bd3258f1db0ddf4639a83a81a1aad3ee52c87d
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Nov 29 16:42:58 2022 +0100
CVE-2022-37966 python:tests/krb5: add 'force_nt4_hash' for account creation of KDCBaseTest
This will allow us to create tests accounts with only an nt4 hash
stored, without any aes keys.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit f434a30ee7c40aac4a223fcabac9ddd160a155a5
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Nov 29 20:27:14 2022 +0100
CVE-2022-37966 python:tests/krb5: ignore empty supplementalCredentials attributes
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit d8fd6a22b67a2b3ae03a2e428cc4987f07af6e29
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Nov 29 14:15:40 2022 +0100
CVE-2022-37966 python:tests/krb5: allow ticket/supported_etypes to be passed KdcTgsBaseTests._{as,tgs}_req()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit e0f89b7bc8025db615dccf096aab4ca87e655368
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Nov 29 09:48:09 2022 +0100
CVE-2022-37966 python:tests/krb5: fix some tests running against Windows 2022
I'm using the following options:
SERVER=172.31.9.218 DC_SERVER=w2022-118.w2022-l7.base \
SMB_CONF_PATH=/dev/null STRICT_CHECKING=1 \
DOMAIN=W2022-L7 REALM=W2022-L7.BASE \
ADMIN_USERNAME=Administrator ADMIN_PASSWORD=A1b2C3d4 \
CLIENT_USERNAME=Administrator CLIENT_PASSWORD=A1b2C3d4 CLIENT_AS_SUPPORTED_ENCTYPES=28 CLIENT_KVNO=2 \
FULL_SIG_SUPPORT=1 TKT_SIG_SUPPORT=1 FORCED_RC4=1
in order to run these:
python/samba/tests/krb5/as_req_tests.py -v --failfast AsReqKerberosTests
python/samba/tests/krb5/etype_tests.py -v --failfast EtypeTests
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 4ebbe7e40754eeb1c8f221dd59018c3e681ab2ab
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Nov 29 15:45:56 2022 +0100
CVE-2022-37966 s4:libnet: allow python bindings to force setting an nthash via SAMR level 18
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 271cd82cd681d723572fcaeed24052dc98a83612
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Mar 24 14:09:50 2022 +0100
CVE-2022-37966 s4:libnet: add support LIBNET_SET_PASSWORD_SAMR_HANDLE_18 to set nthash only
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 9e69289b099b47e0352ef67ef7e6529d11688e9a
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Nov 29 15:42:27 2022 +0100
CVE-2022-37966 s4:libnet: initialize libnet_SetPassword() arguments explicitly to zero by default.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit f1c5fa28c460f7e011049606b1b9ef96443e5e1f
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Feb 3 16:27:15 2022 +0100
CVE-2022-37966 drsuapi.idl: add trustedDomain related ATTID values
For now this is only for debugging in order to see
DRSUAPI_ATTID_msDS_SupportedEncryptionTypes in the replication meta
data.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15219
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit d7ea197ed1a9903f601030e6466cc822f9b8f794
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Nov 7 18:03:45 2017 +0100
CVE-2022-37966 s4:kdc: use the strongest possible keys
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13135
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 621b8c3927b63776146940b183b03b3ea77fd2d7
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Nov 23 15:27:14 2022 +0100
CVE-2022-37966 s4:pydsdb: add ENC_HMAC_SHA1_96_AES256_SK
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit b7260c89e0df18822fa276e681406ec4d3921caa
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Nov 22 09:48:45 2022 +0100
CVE-2022-37966 s3:net_ads: let 'net ads enctypes list' pretty print AES256-SK and RESOURCE-SID-COMPRESSION-DISABLED
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 4cedaa643bf95ef2628f1b631feda833bb2e7da1
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Nov 23 15:20:40 2022 +0100
CVE-2022-37966 s3:net_ads: no longer reference des encryption types
We no longer have support for des encryption types in the kerberos
libraries anyway.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 40b47c194d7c41fbc6515b6029d5afafb0911232
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Nov 23 15:20:40 2022 +0100
CVE-2022-37966 s3:libnet: no longer reference des encryption types
We no longer have support for des encryption types in the kerberos
libraries anyway.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit a683507e560a499336c50b88abcd853d49618bf4
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Nov 23 15:20:40 2022 +0100
CVE-2022-37966 s3:libads: no longer reference des encryption types
We no longer have support for des encryption types in the kerberos
libraries anyway.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 16b805c8f376e0992a8bbb359d6bd8f0f96229db
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Nov 23 15:20:40 2022 +0100
CVE-2022-37966 lib/krb5_wrap: no longer reference des encryption types
We no longer have support for des encryption types in the kerberos
libraries anyway.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit f3fe1f2ce64ed36be5b001fb4fea92428e73e4e3
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Nov 23 15:19:48 2022 +0100
CVE-2022-37966 s3:net_ads: remove unused ifdef HAVE_ENCTYPE_AES*
aes encryption types are always supported.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 1a36c348d7a984bed8d0f3de5bf9bebd1cb3c47a
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Nov 23 15:19:48 2022 +0100
CVE-2022-37966 s3:libnet: remove unused ifdef HAVE_ENCTYPE_AES*
aes encryption types are always supported.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 2bd27955ce1000c13b468934eed8b0fdeb66e3bf
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Nov 23 15:18:02 2022 +0100
CVE-2022-37966 s3:libads: remove unused ifdef HAVE_ENCTYPE_AES*
aes encryption types are always supported.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit c9b10ee32c7e91521d024477a28fb7a622e4eb04
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Nov 23 15:16:51 2022 +0100
CVE-2022-37966 lib/krb5_wrap: remove unused ifdef HAVE_ENCTYPE_AES*
aes encryption types are always supported.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit a80f8e1b826ee3f9bbb22752464a73b97c2a612d
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Nov 23 15:12:47 2022 +0100
CVE-2022-37966 system_mitkrb5: require support for aes enctypes
This will never fail as we already require a version that supports aes,
but this makes it clearer.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 9da028c46f70db60a80d47f5dadbec194510211f
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Nov 23 15:12:14 2022 +0100
CVE-2022-37966 wafsamba: add support for CHECK_VARIABLE(mandatory=True)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 6b46b764fc5760d3bf83bb1ea5fa398d993cf68d
Author: Stefan Metzmacher <metze at samba.org>
Date: Sun Dec 4 21:05:39 2022 +0100
CVE-2022-37966 s4:kdc: also limit the krbtgt history to their strongest keys
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 4bb50c868c8ed14372cb7d27e53cdaba265fc33d
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Nov 22 11:32:34 2022 +1300
CVE-2022-37966 kdc: Assume trust objects support AES by default
As part of matching the behaviour of Windows, assume that trust objects
support AES256, but not RC4, if not specified otherwise.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15219
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 975e43fc45531fdea14b93a3b1529b3218a177e6
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Nov 1 15:20:47 2022 +1300
CVE-2022-37966 kdc: Implement new Kerberos session key behaviour since ENC_HMAC_SHA1_96_AES256_SK was added
ENC_HMAC_SHA1_96_AES256_SK is a flag introduced for by Microsoft in this
CVE to indicate that additionally, AES session keys are available. We
set the etypes available for session keys depending on the encryption
types that are supported by the principal.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15219
Pair-Programmed-With: Joseph Sutton <josephsutton at catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 44802c46b18caf3c7f9f2fb1b66025fc30e22ac5
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Wed Nov 23 16:05:04 2022 +1300
CVE-2022-37966 selftest: Run S4U tests against FL2003 DC
This shows that changes around RC4 encryption types do not break older
functional levels where only RC4 keys are available.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 371d7e63fcb966ab54915a3dedb888d48adbf0c0
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Fri Nov 18 12:11:39 2022 +1300
CVE-2022-37966 selftest: Add tests for Kerberos session key behaviour since ENC_HMAC_SHA1_96_AES256_SK was added
ENC_HMAC_SHA1_96_AES256_SK is a flag introduced for by Microsoft in this CVE
to indicate that additionally, AES session keys are available.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit a7a0b9ad0757d6586905d64bc645a8946fe5c10e
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Mon Nov 21 18:05:36 2022 +1300
CVE-2022-37966 tests/krb5: Test different preauth etypes with Protected Users group
Extend the RC4 Protected Users tests to use different preauth etypes.
This helps test the nuances of the new expected behaviour and allows the
tests to continue passing.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 086646865eef247a54897f5542495a2105563a5e
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Mon Nov 21 13:47:06 2022 +1300
CVE-2022-37966 samba-tool: Declare explicitly RC4 support of trust objects
As we will assume, as part of the fixes for CVE-2022-37966, that trust
objects with no msDS-SupportedEncryptionTypes attribute support AES
keys, RC4 support must now be explicitly indicated.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 6b155b22e6afa52ce29cc475840c1d745b0f1f5e
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Mon Nov 21 13:45:22 2022 +1300
CVE-2022-37966 samba-tool: Fix 'domain trust create' documentation
This option does the opposite of what the documentation claims.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit d6b3d68efc296190a133b4e38137bdfde39257f4
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Mon Nov 21 14:01:47 2022 +1300
CVE-2022-37966 third_party/heimdal: Fix error message typo
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit ee18bc29b8ef6a3f09070507cc585467e55a1628
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri Nov 18 13:44:28 2022 +1300
CVE-2022-37966 param: Add support for new option "kdc force enable rc4 weak session keys"
Pair-Programmed-With: Joseph Sutton <josephsutton at catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit d861d4eb28bd4c091955c11669edcf867b093a6f
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Nov 15 18:14:36 2022 +1300
CVE-2022-37966 param: Add support for new option "kdc default domain supportedenctypes"
This matches the Windows registry key
HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\KDC\DefaultDomainSupportedEncTypes
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit a50a2be622afaa7a280312ea12f5eb9c9a0c41da
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Wed Nov 9 13:45:13 2022 +1300
CVE-2022-37967 Add new PAC checksum
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15231
Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 538315a2aa6d03b7639b49eb1576efa8755fefec
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Nov 1 14:47:12 2022 +1300
CVE-2022-37966 HEIMDAL: Look up the server keys to combine with clients etype list to select a session key
We need to select server, not client, to compare client etypes against.
(It is not useful to compare the client-supplied encryption types with
the client's own long-term keys.)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 177334c04230d0ad74bfc2b6825ffbebd5afb9af
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Oct 25 19:32:27 2022 +1300
CVE-2022-37966 tests/krb5: Add a test requesting tickets with various encryption types
The KDC should leave the choice of ticket encryption type up to the
target service, and admit no influence from the client.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit e0a91dddc4a6c70d7425c2c6836dcf2dd6d9a2de
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Wed Oct 26 14:29:54 2022 +1300
CVE-2022-37966 tests/krb5: Add 'etypes' parameter to _tgs_req()
This lets us select the encryption types we claim to support in the
request body.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 50e075d2db21e9f23d686684ea3df9454b6b560e
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Wed Oct 26 14:26:01 2022 +1300
CVE-2022-37966 tests/krb5: Split out _tgs_req() into base class
We will use it for testing our handling of encryption types.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit c7cd6889177e8c705bb637172a60a5cf26734a3f
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Nov 1 12:34:57 2022 +1300
CVE-2022-37966 selftest: Allow krb5 tests to run against an IP by using the target_hostname binding string
This makes it easier to test against a server that is not accessible via DNS.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 0248907e34945153ff2be62dc11d75c956a05932
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Dec 5 21:45:08 2022 +0100
CVE-2022-37966 libcli/auth: let netlogon_creds_cli_warn_options() about "kerberos encryption types=legacy"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit c0c25cc0217b082c12330a8c47869c8428a20d0c
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Dec 5 21:36:23 2022 +0100
CVE-2022-37966 testparm: warn about 'kerberos encryption types = legacy'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit a4f6f51cbed53775cdfedc7eec2f28c7beb875cc
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Dec 5 21:31:37 2022 +0100
CVE-2022-37966 docs-xml/smbdotconf: "kerberos encryption types = legacy" should not be used
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 4d540473c3d43d048a30dd63efaeae9ff87b2aeb
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Dec 6 13:36:17 2022 +0100
CVE-2022-38023 testparm: warn about unsecure schannel related options
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit f964c0c357214637f80d0089723b9b11d1b38f7e
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Nov 30 15:13:47 2022 +0100
CVE-2022-38023 testparm: warn about server/client schannel != yes
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15260
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit b3ed90a0541a271a7c6d4bee1201fa47adc3c0c1
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Nov 25 14:05:30 2022 +0100
CVE-2022-38023 s4:rpc_server/netlogon: implement "server schannel require seal[:COMPUTERACCOUNT]"
By default we'll now require schannel connections with
privacy/sealing/encryption.
But we allow exceptions for specific computer/trust accounts.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15260
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 3c57608e1109c1d6e8bb8fbad2ef0b5d79d00e1a
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Dec 2 14:31:26 2022 +0100
CVE-2022-38023 s4:rpc_server/netlogon: add a per connection cache to dcesrv_netr_check_schannel()
It's enough to warn the admin once per connection.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 7732a4b0bde1d9f98a0371f17d22648495329470
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Nov 25 16:53:35 2022 +0100
CVE-2022-38023 docs-xml/smbdotconf: add "server schannel require seal[:COMPUTERACCOUNT]" options
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 689507457f5e6666488732f91a355a2183fb1662
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Nov 30 17:15:36 2022 +0100
CVE-2022-38023 s4:rpc_server/netlogon: make sure all dcesrv_netr_LogonSamLogon*() calls go through dcesrv_netr_check_schannel()
We'll soon add some additional contraints in dcesrv_netr_check_schannel(),
which are also required for dcesrv_netr_LogonSamLogonEx().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit f43dc4f0bd60d4e127b714565147f82435aa4f07
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Nov 30 16:57:24 2022 +0100
CVE-2022-38023 s4:rpc_server/netlogon: split out dcesrv_netr_check_schannel() function
This will allow us to reuse the function in other places.
As it will also get some additional checks soon.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 7ae3735810c2db32fa50f309f8af3c76ffa29768
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Nov 30 14:57:20 2022 +0100
CVE-2022-38023 selftest:Samba4: avoid global 'allow nt4 crypto = yes' and 'reject md5 clients = no'
Instead of using the generic deprecated option use the specific
allow nt4 crypto:COMPUTERACCOUNT = yes and
server reject md5 schannel:COMPUTERACCOUNT = no
in order to allow legacy tests for pass.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 43df4be35950f491864ae8ada05d51b42a556381
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Nov 25 13:13:36 2022 +0100
CVE-2022-38023 s4:rpc_server/netlogon: debug 'reject md5 servers' and 'allow nt4 crypto' misconfigurations
This allows the admin to notice what's wrong in order to adjust the
configuration if required.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 2ad302b42254e3c2800aaf11669fe2e6d55fa8a1
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Nov 25 14:02:11 2022 +0100
CVE-2022-38023 docs-xml/smbdotconf: document "server reject md5 schannel:COMPUTERACCOUNT"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit bd429d025981b445bf63935063e8e302bfab3f9b
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Nov 25 13:31:14 2022 +0100
CVE-2022-38023 docs-xml/smbdotconf: document "allow nt4 crypto:COMPUTERACCOUNT = no"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 69b36541606d7064de9648cd54b35adfdf8f0e8f
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Nov 25 13:13:36 2022 +0100
CVE-2022-38023 s4:rpc_server/netlogon: add 'server reject md5 schannel:COMPUTERACCOUNT = no' and 'allow nt4 crypto:COMPUTERACCOUNT = yes'
This makes it more flexible when we change the global default to
'reject md5 servers = yes'.
'allow nt4 crypto = no' is already the default.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit b09f51eefc311bbb1525efd1dc7b9a837f7ec3c2
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Nov 25 10:31:08 2022 +0100
CVE-2022-38023 s4:rpc_server/netlogon: defer downgrade check until we found the account in our SAM
We'll soon make it possible to use 'reject md5 servers:CLIENTACCOUNT$ = no',
which means we'll need use the account name from our SAM.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit c8e53394b98b128ed460a6111faf05dfbad980d1
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Nov 24 18:26:18 2022 +0100
CVE-2022-38023 docs-xml/smbdotconf: change 'reject md5 clients' default to yes
AES is supported by Windows Server >= 2008R2, Windows (Client) >= 7 and Samba >= 4.0,
so there's no reason to allow md5 clients by default.
However some third party domain members may need it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 4c7f84798acd1e3218209d66d1a92e9f42954d51
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Nov 25 10:10:33 2022 +0100
CVE-2022-38023 s4:rpc_server/netlogon: require aes if weak crypto is disabled
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit b6339fd1dcbe903e73efeea074ab0bd04ef83561
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Nov 25 09:54:17 2022 +0100
CVE-2022-38023 s4:rpc_server/netlogon: split out dcesrv_netr_ServerAuthenticate3_check_downgrade()
We'll soon make it possible to use 'reject md5 servers:CLIENTACCOUNT$ = no',
which means we'll need the downgrade detection in more places.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit cfd55a22cda113fbb2bfa373b54091dde1ea6e66
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Nov 28 15:02:13 2022 +0100
CVE-2022-38023 s4:torture: use NETLOGON_NEG_SUPPORTS_AES by default
For generic tests we should use the best available features.
And AES will be required by default soon.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 63c96ea6c02981795e67336401143f2a8836992c
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Nov 30 12:26:01 2022 +0100
CVE-2022-38023 selftest:Samba4: avoid global 'server schannel = auto'
Instead of using the generic deprecated option use the specific
server require schannel:COMPUTERACCOUNT = no in order to allow
legacy tests for pass.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 16ee03efc194d9c1c2c746f63236b977a419918d
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Nov 30 12:37:03 2022 +0100
CVE-2022-38023 s4:rpc_server/netlogon: improve CVE-2020-1472(ZeroLogon) debug messages
In order to avoid generating useless debug messages during make test,
we will use 'CVE_2020_1472:warn_about_unused_debug_level = 3'
and 'CVE_2020_1472:error_debug_level = 2' in order to avoid schannel warnings.
Review with: git show -w
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit ec62151a2fb49ecbeaa3bf924f49a956832b735e
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Nov 30 12:37:03 2022 +0100
CVE-2022-38023 s4:rpc_server/netlogon: re-order checking in dcesrv_netr_creds_server_step_check()
This will simplify the following changes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 0e6a2ba83ef1be3c6a0f5514c21395121621a145
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Dec 12 14:03:50 2022 +0100
CVE-2022-38023 s4:rpc_server/netlogon: add talloc_stackframe() to dcesrv_netr_creds_server_step_check()
This will simplify the following changes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 7baabbe9819cd5a2714e7ea4e57a0c23062c0150
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Dec 12 14:03:50 2022 +0100
CVE-2022-38023 s4:rpc_server/netlogon: add a lp_ctx variable to dcesrv_netr_creds_server_step_check()
This will simplify the following changes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit e060ea5b3edbe3cba492062c9605f88fae212ee0
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Dec 6 10:56:29 2022 +0100
CVE-2022-38023 s4:rpc_server/netlogon: 'server schannel != yes' warning to dcesrv_interface_netlogon_bind
This will simplify the following changes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 1c6c1129905d0c7a60018e7bf0f17a0fd198a584
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Nov 24 18:22:23 2022 +0100
CVE-2022-38023 docs-xml/smbdotconf: change 'reject md5 servers' default to yes
AES is supported by Windows >= 2008R2 and Samba >= 4.0 so there's no
reason to allow md5 servers by default.
Note the change in netlogon_creds_cli_context_global() is only cosmetic,
but avoids confusion while reading the code. Check with:
git show -U35 libcli/auth/netlogon_creds_cli.c
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit d60828f6391307a59abaa02b72b6a8acf66b2fef
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Nov 30 14:59:36 2022 +0100
CVE-2022-38023 s3:winbindd: also allow per domain "winbind sealed pipes:DOMAIN" and "require strong key:DOMAIN"
This avoids advising insecure defaults for the global options.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 1fdf1d55a5dd550bdb16d037b5dc995c33c1a67a
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Nov 30 16:16:05 2022 +0100
CVE-2022-38023 s3:net: add and use net_warn_member_options() helper
This makes sure domain member related 'net' commands print warnings
about unsecure smb.conf options.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 7e7adf86e59e8a673fbe87de46cef0d62221e800
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Nov 30 14:47:33 2022 +0100
CVE-2022-38023 libcli/auth: add/use netlogon_creds_cli_warn_options()
This warns the admin about insecure options
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 992f39a2c8a58301ceeb965f401e29cd64c5a209
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Nov 30 14:46:59 2022 +0100
CVE-2022-38023 libcli/auth: pass lp_ctx to netlogon_creds_cli_set_global_db()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 830e865ba5648f6520bc552ffd71b61f754b8251
Author: Ralph Boehme <slow at samba.org>
Date: Tue Dec 6 16:05:26 2022 +0100
CVE-2022-38023 docs-xml: improve wording for several options: "yields precedence" -> "is over-riden"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 8ec62694a94c346e6ba8f3144a417c9984a1c8b9
Author: Ralph Boehme <slow at samba.org>
Date: Tue Dec 6 16:00:36 2022 +0100
CVE-2022-38023 docs-xml: improve wording for several options: "takes precedence" -> "overrides"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 22128c718cadd34af892df102bd52df6a6b03303
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Dec 6 17:16:00 2022 +1300
selftest: make filter-subunit much more efficient for large knownfail lists
By compiling the knownfail lists ahead of time we change a 20min test
into a 90sec test.
This could be improved further by combining this into a single regular expression,
but this is enough for now. The 'reason' is thankfully not used.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15258
Pair-programmed-with: Joseph Sutton <josephsutton at catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 5259926de71d9915f6152d99e20cce3920ba4aeb
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Tue Dec 13 10:11:17 2022 +1300
s4/torture/smb2: avoid possibly closing undefined handle
From OSS-Fuzz compilation:
Step #3 - "compile-honggfuzz-address-x86_64": ../../source4/torture/smb2/dir.c:1456:2: error: variable 'dir_handle' is used uninitialized whenever 'if' condition is true [-Werror,-Wsometimes-uninitialized]
Step #3 - "compile-honggfuzz-address-x86_64": torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
Step #3 - "compile-honggfuzz-address-x86_64": ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Step #3 - "compile-honggfuzz-address-x86_64": ../../lib/torture/torture.h:748:3: note: expanded from macro 'torture_assert_ntstatus_ok_goto'
Step #3 - "compile-honggfuzz-address-x86_64": torture_assert_ntstatus_equal_goto(torture_ctx,expr,NT_STATUS_OK,ret,label,cmt)
Step #3 - "compile-honggfuzz-address-x86_64": ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Step #3 - "compile-honggfuzz-address-x86_64": ../../lib/torture/torture.h:316:6: note: expanded from macro 'torture_assert_ntstatus_equal_goto'
Step #3 - "compile-honggfuzz-address-x86_64": if (!NT_STATUS_EQUAL(__got, __expected)) { \
Step #3 - "compile-honggfuzz-address-x86_64": ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Step #3 - "compile-honggfuzz-address-x86_64": ../../source4/torture/smb2/dir.c:1582:24: note: uninitialized use occurs here
Step #3 - "compile-honggfuzz-address-x86_64": smb2_util_close(tree, dir_handle);
Step #3 - "compile-honggfuzz-address-x86_64": ^~~~~~~~~~
Step #3 - "compile-honggfuzz-address-x86_64": ../../source4/torture/smb2/dir.c:1456:2: note: remove the 'if' if its condition is always false
Step #3 - "compile-honggfuzz-address-x86_64": torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
Step #3 - "compile-honggfuzz-address-x86_64": ^
Step #3 - "compile-honggfuzz-address-x86_64": ../../lib/torture/torture.h:748:3: note: expanded from macro 'torture_assert_ntstatus_ok_goto'
Step #3 - "compile-honggfuzz-address-x86_64": torture_assert_ntstatus_equal_goto(torture_ctx,expr,NT_STATUS_OK,ret,label,cmt)
Step #3 - "compile-honggfuzz-address-x86_64": ^
Step #3 - "compile-honggfuzz-address-x86_64": ../../lib/torture/torture.h:316:2: note: expanded from macro 'torture_assert_ntstatus_equal_goto'
Step #3 - "compile-honggfuzz-address-x86_64": if (!NT_STATUS_EQUAL(__got, __expected)) { \
Step #3 - "compile-honggfuzz-address-x86_64": ^
Step #3 - "compile-honggfuzz-address-x86_64": ../../source4/torture/smb2/dir.c:1434:2: note: variable 'dir_handle' is declared here
Step #3 - "compile-honggfuzz-address-x86_64": struct smb2_handle dir_handle;
Step #3 - "compile-honggfuzz-address-x86_64": ^
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Tue Dec 13 07:45:20 UTC 2022 on sn-devel-184
commit 5d82af05f31bab9bea3de6b6a650a5bcc68e00af
Author: Volker Lendecke <vl at samba.org>
Date: Wed Nov 30 18:47:21 2022 +0100
smbd: Remove a few "extern userdom_struct current_user_info"
get_current_username() returns current_user_info.smb_name
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon Dec 12 22:14:20 UTC 2022 on sn-devel-184
commit 8cc0489c8040b1c8836e7a54e0561ed69cb87fec
Author: Volker Lendecke <vl at samba.org>
Date: Wed Nov 30 18:45:06 2022 +0100
lib: Add get_current_user_info_domain()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 46ce8a47109f3b92ac32d951e414b2e8c80cb5da
Author: Volker Lendecke <vl at samba.org>
Date: Wed Nov 30 16:28:56 2022 +0100
lib: Make substitute.c's "remote_proto" static
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 06408707a2e7153668d91eddd6e1d482f843af92
Author: Volker Lendecke <vl at samba.org>
Date: Wed Nov 30 15:14:08 2022 +0100
vfs: Remove an unnecessary if statement
get_local_machine_name() already does exactly this
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 0b070db63b95cff0dbc055c199890b70b10f7d4b
Author: Volker Lendecke <vl at samba.org>
Date: Wed Nov 30 14:17:29 2022 +0100
lib: Remove unused octal_string()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 3f7c6467749f868bae66178e34f1badc57be54b1
Author: Volker Lendecke <vl at samba.org>
Date: Wed Nov 30 14:14:43 2022 +0100
lib: Remove fstring_sub() that was used just once
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit f9c982b5a96bed750bdff0a5243dda73c3d17587
Author: Volker Lendecke <vl at samba.org>
Date: Tue Dec 6 10:54:48 2022 +0100
smbd: Simplify dos_mode_msdfs()
Use ISDOT[DOT]
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 080ded091025a4208625eccb142cac5b3c46d320
Author: Volker Lendecke <vl at samba.org>
Date: Fri Dec 9 16:25:25 2022 +0100
cldap_server: Align integer types
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit f30f5dd24537bc6bb252a141d4f0b6773302335f
Author: Volker Lendecke <vl at samba.org>
Date: Wed Dec 7 10:49:47 2022 +0100
smbd: Simplify is_visible_fsp()
We don't need the wrapping if-statement, we check for the individual
flags. The compiler should be smart enough so that this is not a
difference in execution speed.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 1625dc4b5683ddc06fa6bf77b5b21eed7093862d
Author: Volker Lendecke <vl at samba.org>
Date: Fri Dec 9 14:48:06 2022 +0100
tsocket: Fix the build on FreeBSD
FreeBSD does not have TCP_USER_TIMEOUT
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 6d365777158e141384acf43667cf6a599c183356
Author: Volker Lendecke <vl at samba.org>
Date: Fri Dec 9 14:36:04 2022 +0100
nsswitch: Align integer types
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit c8a37a24f716dc98670c3a39b4dc0a3ae4f3852c
Author: Volker Lendecke <vl at samba.org>
Date: Mon Dec 12 12:53:22 2022 +0100
smbd: Fix whitespace
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 4bb3e4df3e44dc7935d3852c8f45b5e4652a4df3
Author: Ralph Boehme <slow at samba.org>
Date: Thu Dec 1 06:13:22 2022 +0100
torture: test that a find with a mangled name works
This was spawned by https://bugzilla.samba.org/show_bug.cgi?id=13472 back
then. Samba implement this correctly, just add this test found in the attic.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Sat Dec 10 00:07:09 UTC 2022 on sn-devel-184
commit 08997ac1a711f4254603c7e5e90ee9309448f2a5
Author: Ralph Boehme <slow at samba.org>
Date: Thu Dec 1 06:09:09 2022 +0100
torture: convert mangling test to a suite
More tests to come...
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 0fa7c3f70c70db1420cbb0971493fee328d70915
Author: Ralph Boehme <slow at samba.org>
Date: Tue Nov 29 18:30:35 2022 +0100
torture: add an interactive test that works out maximum name and path lenghts
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 3ece2cb807a122b7684096f6fe5bcfa277a3844f
Author: Ralph Boehme <slow at samba.org>
Date: Thu Dec 1 21:38:32 2022 +0100
smbd: remove oplock paranoia check from file_find_dif()
Since 4.16 stat opens will have a real fd, the only case where currently the fd
can still be -1 is a POSIX request on a symlink.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 6e1f58ab7c68030a7cbc923cd22055636e233b42
Author: Ralph Boehme <slow at samba.org>
Date: Tue Nov 29 06:20:31 2022 +0100
torture: add a test veryfing timestamps across rename
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 8d58174cddeb2a5e62557ca23724b7acbb56e4c5
Author: Ralph Boehme <slow at samba.org>
Date: Tue Nov 29 12:07:19 2022 +0100
lib/torture: fix tctx arg usage in torture_assert_nttime_equal() macro
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 6c997c7fb5b114407566887a19e9b832d067b18b
Author: Ralph Boehme <slow at samba.org>
Date: Fri Nov 25 17:05:26 2022 +0100
torture: add another large directory enumeration performance test
This one renames one file per iteration and can also be used to torture any
directory caching the server may employ.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit cac95c3bba9f0fbd02f3e96691cd679e0cd2085e
Author: Ralph Boehme <slow at samba.org>
Date: Mon Nov 28 18:05:28 2022 +0100
torture: print duration of smb2.dir.test_large_files
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit c0be0b687301f5b613c917bc8f75248042fd32aa
Author: Ralph Boehme <slow at samba.org>
Date: Fri Nov 25 17:03:37 2022 +0100
torture: increase find buffer to 1 MB in multiple_smb2_search()
This is used by performance tests that don't want to measure network latency but
fileserver IO latency.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 9e1c2fedb8450703b4b18646d983a3c3f9df39e5
Author: Ralph Boehme <slow at samba.org>
Date: Fri Nov 25 16:02:27 2022 +0100
torture: add another simple DOS attributes test
- create file with ARCHIVE
- open file with ARCHIVE+HIDDEN+...
- check DOS attrs are still only ARCHIVE from the initial create
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit fba4b290856faaf17305103efc65f6383ea4f61c
Author: Ralph Boehme <slow at samba.org>
Date: Fri Nov 25 11:33:30 2022 +0100
s4:torture: remove remaining checks if alloc_size is 0 on empty files
commit 55b2f247f9ba56516efba52481418966a777343e already remove a few of these,
but a few remained.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 043ce404caeb043b2d00e6842731e7c580d748fd
Author: Ralph Boehme <slow at samba.org>
Date: Thu Jul 28 16:04:38 2022 +0200
vfs_zfsacl: fix mixed declaration and code error
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 09a844c69ebf29b437199f43c1c5d81d5cacb2e4
Author: Ralph Boehme <slow at samba.org>
Date: Thu Jul 28 16:04:26 2022 +0200
vfs_zfsacl: remove unused function
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 8a2c763d264c266eb00f31898b7bfa13916e97b4
Author: Ralph Boehme <slow at samba.org>
Date: Thu Jul 28 16:04:09 2022 +0200
lib/cmdline/tests: add missing includes
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 8ccbbbd4ba4de405ce5bbf839e3aa0236aaf274b
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Oct 11 17:42:18 2019 +0200
s3:locking: split out del_share_mode_open_id()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 6cc866b5901796aacb6fc6721e717058271daf32
Author: Ralph Boehme <slow at samba.org>
Date: Fri Nov 25 06:26:52 2022 +0100
smbd: introduce 'delete_on_close' helper variables
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 0db39fad9e7a79145146d95a1eecfe1703abfdb9
Author: Ralph Boehme <slow at samba.org>
Date: Fri Mar 25 15:50:54 2022 +0100
g_lock: check for zero timeout in g_lock_lock()
If the record is already locked check if the requested timeout is zero
and fail directly with NT_STATUS_LOCK_NOT_GRANTED.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit aa8b0ef8b93b9318b4182a6c52f4685c9bb7d8d8
Author: Ralph Boehme <slow at samba.org>
Date: Fri Nov 25 06:02:31 2022 +0100
smbd: debug in smbd_smb2_close_send()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 19a017496d65ba15d83ada8b9c98bf8d5f658e24
Author: Ralph Boehme <slow at samba.org>
Date: Thu Apr 7 11:10:15 2022 +0200
s3/locking: Revert "s3:locking: Remove dead code"
This reverts commit de493a3e3b5b8d54f62c45072e27f2fefd4af43a:
s3:locking: Remove dead code
Found by Coverity.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Isaac Boukris <iboukris at samba.org>
dbwrap_do_locked() correctly returns saved_errno which is a possible
errno returned by close() inside fd_close_posix_fn().
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit a9c6a329a255d678b62f617649ffcb436e532d01
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Oct 11 17:57:29 2019 +0200
s3:locking: re-add saved_errno handling to fd_close_posix()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 46ac8daa797748290cbc15c14774a5453f38befb
Author: Ralph Boehme <slow at samba.org>
Date: Wed May 11 18:14:11 2022 +0200
smbd: use fsp_getinfo_ask_sharemode() in open_file_ntcreate()
Note: this is a behaviour change in the non-default case when the user
has disabled "getinfo ask sharemode".
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit f0e0fc17d3a455b7c5c5170b582d2d8ff53670bb
Author: Ralph Boehme <slow at samba.org>
Date: Wed May 11 18:13:13 2022 +0200
smbd: use fsp_search_ask_sharemode() and fsp_getinfo_ask_sharemode()
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 0226e0c31e69aea03b7f73a648d02c9a4c28ec9d
Author: Ralph Boehme <slow at samba.org>
Date: Wed May 11 18:09:10 2022 +0200
smbd: add fsp_search_ask_sharemode() and fsp_getinfo_ask_sharemode()
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 7f20625f982cbb7f0ed05f4602dcedfa41278917
Author: Ralph Boehme <slow at samba.org>
Date: Fri Apr 8 11:54:01 2022 +0200
smbd: use reference_smb_fname_fsp_link() in rename_internals_fsp()
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit d1dd3f3d73fd283e4817ddc76d3687ed2e9933d0
Author: Ralph Boehme <slow at samba.org>
Date: Fri Apr 8 11:44:28 2022 +0200
smbd: factor out reference_smb_fname_fsp_link() from parent_pathref()
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 67042d95bb39fe4b479fa952eec0ae1c1c82ebd6
Author: Sushmita Bhattacharya <sushmita.bhattacharya at oracle.com>
Date: Fri Dec 9 10:55:53 2022 +0000
Fix memleak in _nss_winbind_initgroups_dyn
Free the response at the end of _nss_winbind_initgroups_dyn
Signed-off-by: Sushmita Bhattacharya <sushmita.bhattacharya at oracle.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 70e8da4291727329ba239da48de6eec16217864e
Author: Pavel Filipenský <pfilipensky at samba.org>
Date: Thu Dec 8 15:19:09 2022 +0100
s3:libads: Fix debug message
652c8ce1 has introduced talloc_move() which zeroes kdc_str
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Thu Dec 8 16:06:48 UTC 2022 on sn-devel-184
commit 99480c50ca69826b1b2b46c22d6fdf5178c8733f
Author: Volker Lendecke <vl at samba.org>
Date: Sat Dec 3 21:43:06 2022 +0100
smbd: Close the opened file in smbd_smb2_create_after_exec() error case
smbd_smb2_create_after_exec() is only called when the file has
successfully been opened. When this fails in the middle, we can't
leave the fsp around. Hard to test with current code, but with reparse
point handling we'll have a reproducable case soon.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Dec 6 23:37:52 UTC 2022 on sn-devel-184
commit 9e9c5c143518490e269562e8ea66c3f1e3d8a816
Author: Volker Lendecke <vl at samba.org>
Date: Sat Dec 3 21:42:49 2022 +0100
smbd: Centralize error handling in smbd_smb2_create_after_exec()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 68fc909a7f4d69c254d34bec85cf8431bcb6e72f
Author: Nicolas Williams <nico at twosigma.com>
Date: Wed Mar 10 16:49:04 2021 -0600
CVE-2022-44640 HEIMDAL: asn1: invalid free in ASN.1 codec
Heimdal's ASN.1 compiler generates code that allows specially
crafted DER encodings of CHOICEs to invoke the wrong free function
on the decoded structure upon decode error. This is known to impact
the Heimdal KDC, leading to an invalid free() of an address partly
or wholly under the control of the attacker, in turn leading to a
potential remote code execution (RCE) vulnerability.
This error affects the DER codec for all CHOICE types used in
Heimdal, though not all cases will be exploitable. We have not
completed a thorough analysis of all the Heimdal components
affected, thus the Kerberos client, the X.509 library, and other
parts, may be affected as well.
This bug has been in Heimdal since 2005. It was first reported by
Douglas Bagnall, though it had been found independently by the
Heimdal maintainers via fuzzing a few weeks earlier.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14929
(cherry-picked from Heimdal commit 9c9dac2b169255bad9071eea99fa90b980dde767)
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Tue Dec 6 13:41:05 UTC 2022 on sn-devel-184
commit 5a02915913a2410904886e186ada90a36492571f
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Dec 6 15:11:05 2022 +1300
CVE-2022-44640 selftest: Exclude Heimdal fuzz-inputs from source_chars test
A new file will shorlty fail as it is binary input
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14929
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 0c2146eb00c0e4fc4c933c3d5f2bf3469c3671ba
Author: Anoop C S <anoopcs at samba.org>
Date: Mon Dec 5 16:24:46 2022 +0530
lib/compression: Include missing stat header file
<sys/stat.h> was missing from compression library tests which resulted
in the following compile time error:
../../lib/compression/tests/test_lzx_huffman.c: In function
‘datablob_from_file’:
../../lib/compression/tests/test_lzx_huffman.c:383:21: error:
storage size of ‘s’ isn’t known
383 | struct stat s;
| ^
../../lib/compression/tests/test_lzx_huffman.c:389:15: warning:
implicit declaration of function ‘fstat’ [-Wimplicit-function-declaration]
389 | ret = fstat(fileno(fh), &s);
| ^~~~~
Signed-off-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Tue Dec 6 11:39:16 UTC 2022 on sn-devel-184
commit f569f2c17f87f551bcaa6c2fa5d6204107982c3b
Author: Noel Power <noel.power at suse.com>
Date: Fri Nov 25 13:04:17 2022 +0000
python/samba: use s3 param samba config parsing
follup to commit: b4d7540bb4798e6801accf34a26fc0f2636bdd1f
fix another instance to use s3 config parsing which is more
forgiving (e.g. include directives that point to non existing
files are ignored)
Signed-off-by: Noel Power <npower at samba.org>
Reviewed-by: David Mulder <dmulder at samba.org>
Autobuild-User(master): Noel Power <npower at samba.org>
Autobuild-Date(master): Tue Dec 6 10:38:56 UTC 2022 on sn-devel-184
commit 6ea1af287eef832641464c6f764ea84a484a06f7
Author: Volker Lendecke <vl at samba.org>
Date: Sun Dec 4 12:16:39 2022 +0100
smbd: Simplify symlink_target_below_conn()
readlink_talloc() deals exactly the same way with a NULL relname
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Mon Dec 5 16:06:51 UTC 2022 on sn-devel-184
commit f31fb6e1ad0664fdba351822ec754c0d1b771657
Author: Volker Lendecke <vl at samba.org>
Date: Sun Dec 4 12:14:12 2022 +0100
smbd: Simplify readlink_talloc()
SMB_VFS_READLINKAT() just looks at the basename, we can avoid the
relname being talloc'ed
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 453f846e1897f7cbcc454f3095eb21d7ffb32be8
Author: Volker Lendecke <vl at samba.org>
Date: Mon Oct 24 19:56:31 2022 +0200
smbd: No dfs_filename_convert() in filename_convert_smb1_search_path()
We further down call filename_convert_dirfsp(), which also has this
call. No need to copy that code here as well.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 71772c48f241bdc048f99f297b5e0a77fdfda253
Author: Volker Lendecke <vl at samba.org>
Date: Sun Dec 4 11:07:09 2022 +0100
libsmb: Remove sync cli_posix_readlink() wrapper
cli_readlink() now covers smb1 posix extensions as well
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit a7f4ed090845023069693412033da803edc32a31
Author: Volker Lendecke <vl at samba.org>
Date: Wed Oct 12 20:38:14 2022 +0200
smbclient: Use cli_readlink
Make smbclient's readlink command also work for SMB2 reparse style
symlink.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit f17131020ec23c5b88f56b4c8f4dfd4d3e88d6a2
Author: Volker Lendecke <vl at samba.org>
Date: Wed Oct 12 20:35:10 2022 +0200
libsmb: Make readlink issue posix_readlink
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 4be2569c002a8d592e08b0f1fb8b85154082e4a5
Author: Volker Lendecke <vl at samba.org>
Date: Tue Oct 11 17:01:28 2022 +0200
smbd: Fix a comment
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit a1a0a7119d746b884de43db6466b9e064d124a87
Author: Volker Lendecke <vl at samba.org>
Date: Wed Oct 12 07:27:36 2022 +0200
smbd: Slightly simplify smb_posix_unlink()
We did check VALID_STAT() above.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 0996ccdb821692f037eb1f6f2c01490aa7ab062e
Author: Volker Lendecke <vl at samba.org>
Date: Fri Dec 2 10:34:55 2022 +0100
tests: Test error codes for SET_REPARSE_POINT
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: David Mulder <dmulder at samba.org>
commit 96580c8e1957776a8564fc73363f30259827a686
Author: Volker Lendecke <vl at samba.org>
Date: Fri Dec 2 10:20:06 2022 +0100
tests: Try setting a 0-sized reparse point
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: David Mulder <dmulder at samba.org>
commit b58f5f3379abac496d27f6afc0e31c8b874aa851
Author: Volker Lendecke <vl at samba.org>
Date: Fri Dec 2 10:17:15 2022 +0100
tests: Ignore symlink trusts flags in symlink error returns
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: David Mulder <dmulder at samba.org>
commit ec86c377238ccc4e00b36ed3c9fe203a19a8139b
Author: Volker Lendecke <vl at samba.org>
Date: Fri Dec 2 10:10:12 2022 +0100
pylibsmb: Add symlink flags
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: David Mulder <dmulder at samba.org>
commit 7239d756290292f5056ea0235630e8413ef5960f
Author: Volker Lendecke <vl at samba.org>
Date: Fri Dec 2 10:06:31 2022 +0100
lib: Add symlink trust flags from dochelp
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: David Mulder <dmulder at samba.org>
commit f10f259eaebdb98f5e0827482e98f5abeb65e55c
Author: Volker Lendecke <vl at samba.org>
Date: Fri Dec 2 09:26:56 2022 +0100
tests: Fix use of self.assertRaises()
The with statement creates a new variable. I thought it opens a block
where "e" is only valid in that block. But instead it runs the whole
thing, expecting an exception somewhere. Learning python....
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: David Mulder <dmulder at samba.org>
commit 73233bc341e0dfe6cb61a638707567e79e639b28
Author: Volker Lendecke <vl at samba.org>
Date: Thu Dec 1 15:14:03 2022 +0100
tests: Show that we can write to a reparse point file
Works against Windows 2016
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: David Mulder <dmulder at samba.org>
commit 62302849dd9477a46684462db4106664d8d787e9
Author: Volker Lendecke <vl at samba.org>
Date: Thu Dec 1 14:49:37 2022 +0100
tests: Show that a directory with a reparse point can't be populated
Works against Windows 2016
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: David Mulder <dmulder at samba.org>
commit 7fe3fab655e92d8906f196d7984a2cd99e8462c1
Author: Volker Lendecke <vl at samba.org>
Date: Thu Dec 1 14:48:46 2022 +0100
tests: IO_REPARSE_TAG_NOT_HANDLED is acceptable for unlink
This happens when a path has an unknown reparse point in the middle
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: David Mulder <dmulder at samba.org>
commit ef8c8ac54cdf75ca4333223c1f3e580e31efca92
Author: Andreas Schneider <asn at samba.org>
Date: Mon Dec 5 11:18:10 2022 +0100
s3:utils: Fix stack smashing in net offlinejoin
Cast from 'uint32_t *' (aka 'unsigned int *') to 'size_t *' (aka
'unsigned long *') increases required alignment from 4 to 8
==10343==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffdc6784fc0 at pc 0x7f339f1ea500 bp 0x7ffdc6784ed0 sp 0x7ffdc6784ec8
WRITE of size 8 at 0x7ffdc6784fc0 thread T0
#0 0x7f339f1ea4ff in fd_load ../../lib/util/util_file.c:220
#1 0x7f339f1ea5a4 in file_load ../../lib/util/util_file.c:245
#2 0x56363209a596 in net_offlinejoin_requestodj ../../source3/utils/net_offlinejoin.c:267
#3 0x56363209a9d0 in net_offlinejoin ../../source3/utils/net_offlinejoin.c:74
#4 0x56363208f61c in net_run_function ../../source3/utils/net_util.c:453
#5 0x563631fe8a9f in main ../../source3/utils/net.c:1358
#6 0x7f339b22c5af in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
#7 0x7f339b22c678 in __libc_start_main_impl ../csu/libc-start.c:381
#8 0x563631faf374 in _start ../sysdeps/x86_64/start.S:115
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15257
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Mon Dec 5 12:05:24 UTC 2022 on sn-devel-184
commit b97d31abb44717a35951a9fcbef0248a7fb150af
Author: Andreas Schneider <asn at samba.org>
Date: Thu Dec 1 15:49:43 2022 +0100
nsswitch:tests: Use ldb(modify|search) from the system
If Samba is built against the system libldb, use the system tools.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Mon Dec 5 09:36:40 UTC 2022 on sn-devel-184
commit 5ea3a15be6896a0520382610e5d4ce6ac207aeec
Author: Mikhail Novosyolov <m.novosyolov at rosalinux.ru>
Date: Fri Oct 21 12:08:39 2022 +0300
manpages: samba-dcerpcd: fix typo (add missing space)
Signed-off-by: Mikhail Novosyolov <m.novosyolov at rosalinux.ru>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit 5f2565f0a8e57d7afb3cc84157c9ed9c55e66e01
Author: Andreas Schneider <asn at samba.org>
Date: Sat Dec 3 18:06:43 2022 +0100
testprogs: Do not run tests if undump.sh is not available
We don't include source4/selftest/provisions/ in source tarballs!
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Mon Dec 5 08:22:29 UTC 2022 on sn-devel-184
commit 7d8347e8900ae01fc7073a8b9647c37959dfbe7c
Author: Andreas Schneider <asn at samba.org>
Date: Sun Dec 4 19:46:36 2022 +0100
testprogs: If built against system db use the system tools in ldapcmp_restoredc.sh
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit 9a97e54f35af800c5ccb15e54399d8935bf4f70d
Author: Andreas Schneider <asn at samba.org>
Date: Sun Dec 4 19:44:52 2022 +0100
testprogs: If built against system db use the system tools in test_net_ads_dns.sh
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit 4b9d1b3642428d8445ddfb46b47de394e80d5857
Author: Andreas Schneider <asn at samba.org>
Date: Sun Dec 4 19:34:35 2022 +0100
testprogs: If built against system db use the system tools in test_trust_token.sh
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit c0d7642a372de20aed498d4830a59a9a5af57020
Author: Andreas Schneider <asn at samba.org>
Date: Sat Dec 3 17:48:33 2022 +0100
testprogs: If built against system db use the system tools in test_primary_group.sh
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit a451fa5ef93539aa960b36f6282fd6080b9babcd
Author: Andreas Schneider <asn at samba.org>
Date: Sat Dec 3 18:20:53 2022 +0100
lib:compression: Initialize variables
lib/compression/tests/test_lzx_huffman.c: In function ‘test_lzxpress_huffman_overlong_matches’:
lib/compression/tests/test_lzx_huffman.c:1013:35: error: ‘j’ may be used uninitialized [-Werror=maybe-uninitialized]
1013 | assert_int_equal(score, i * j);
| ^
lib/compression/tests/test_lzx_huffman.c:979:19: note: ‘j’ was declared here
979 | size_t i, j;
| ^
lib/compression/tests/test_lzx_huffman.c: In function ‘test_lzxpress_huffman_overlong_matches_abc’:
lib/compression/tests/test_lzx_huffman.c:1059:39: error: ‘k’ may be used uninitialized [-Werror=maybe-uninitialized]
1059 | assert_int_equal(score, i * j * k);
| ^
lib/compression/tests/test_lzx_huffman.c:1020:22: note: ‘k’ was declared here
1020 | size_t i, j, k;
| ^
lib/compression/tests/test_lzx_huffman.c:1059:35: error: ‘j’ may be used uninitialized [-Werror=maybe-uninitialized]
1059 | assert_int_equal(score, i * j * k);
| ^
lib/compression/tests/test_lzx_huffman.c:1020:19: note: ‘j’ was declared here
1020 | size_t i, j, k;
| ^
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Sun Dec 4 09:12:30 UTC 2022 on sn-devel-184
commit cffe96ef6132966305c640a329ed91f0f9514452
Author: Christof Schmitt <cs at samba.org>
Date: Tue Nov 29 16:51:10 2022 -0700
nfs4_acl: Add comment for setting ACL as root
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Fri Dec 2 08:02:13 UTC 2022 on sn-devel-184
commit 154a0613f89a84becd6461e36d61a80509b9a9ef
Author: Christof Schmitt <cs at samba.org>
Date: Tue Jul 12 16:35:37 2022 -0700
posix_acls: Make try_chown and unpack_nt_owners static
These functions are now only called from check_chown in posix_acls.c
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit bfb4b368e1031c9c61274572fe8a453c055267a7
Author: Christof Schmitt <cs at samba.org>
Date: Tue Jul 12 16:32:08 2022 -0700
nfs4_acls: Call chown_if_needed function to remove duplicate code
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit eeb8a66bf76e4cc095532887cf2532b10e31b23f
Author: Christof Schmitt <cs at samba.org>
Date: Tue Nov 29 16:46:24 2022 -0700
posix_acl: Move chown checks to new function
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit 1f3826a7f65a9123be6ebe3f9cc234ca691b28ec
Author: Christof Schmitt <cs at samba.org>
Date: Tue Jul 12 16:08:07 2022 -0700
posix_acls: Remove redundant call to save mode
The same assignment is already done earlier, and nothing is changed in
between.
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit d9c192546faca3b4b692738249f552b78e72d83a
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Fri Nov 25 12:46:08 2022 +1300
lib/compression/lzxpress: fix our slow compression
This uses the same hash table method as lzxpress_huffman, though the
code can't be directly reused as the sizes of the offsets is
different, and there is not a block processing step here.
This will worsen the compression ratio compared to the exhaustive
search we previously used, though we still perform better than
Windows. To put numbers on it, the test files used to compress to 0.91
of Windows' compression size, and now they compress to 0.96.
On the other hand this is many orders of magnitude faster. It is
difficult to say exactly how much faster -- while the testsuite time
has only improved 200-fold (from 7 minutes to 2 seconds), most of the
remaining 2 seconds is used in data generation and management, not
compression. OSSFuzz consistently finds new vectors that time out
after a minute; on these we'll see nearly an order of magnitude of
orders of magnitude inprovement.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Autobuild-User(master): Joseph Sutton <jsutton at samba.org>
Autobuild-Date(master): Fri Dec 2 00:00:04 UTC 2022 on sn-devel-184
commit caa643e36e671be9cb446afc99dfae3003aa8c6e
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Fri Nov 25 12:38:11 2022 +1300
lib/compression/lzxpress: shift encoding into helper functions
This makes it easier to rework the encoding decision to depend on a
hash table match rather than the current exhaustive search.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
commit fb35cf29a426ee2cb0ee280e147627fd3e84a71d
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Thu Nov 17 16:15:00 2022 +1300
lib/compression/lzxpress compression: use a write context struct
This will make it possible to move encoding operations into helper
functions, which will make it easier to restructure the code to use a
hash table for faster matching.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
commit e4066b2be6d87cae130f40e3faf3a0c8815389f8
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Thu Nov 24 11:44:35 2022 +1300
lib/compression: more tests for lzxpress plain compression
These are based on (i.e. copied and pasted from) the LZ77 + Huffman
tests.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
commit c0f28d71858a0fd3035971ca4f2f5a6af6d450b6
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Thu Nov 24 22:51:01 2022 +1300
lib/compression: add test data for lzxpress plain compression
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
commit ce7ea07d073ed7169073a1870b61533b7f6f769b
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Thu Nov 24 11:11:15 2022 +1300
testdata: move compression examples to re-use with lzxpress plain
Everything that is in testdata/compression/lzxpress-huffman/ can also
be used for lzxpress plain tests, which is something we really need.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
commit 9589f5282b9e2adfacd7e1cfdc2651551c4c6702
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed Nov 23 13:06:41 2022 +1300
lib/compression/lzx-plain: relax size requirements on long file
We are going to change from a slow exact match algorithm to a fast
heuristic search that will not always get the same results as the
exhaustive search.
To be precise, a million zeros will compress to 112 rather than 93 bytes.
We don't insist on an exact size, because that is not an issue here.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
commit c2db7fda4e3af571b3b63b753b98517ac948b006
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed Nov 23 12:01:15 2022 +1300
lib/comression: convert test_lzxpress_plain to cmocka
Mainly so I can go
make bin/test_lzxpress_plain && bin/test_lzxpress_plain
valgrind bin/test_lzxpress_plain
rr bin/test_lzxpress_plain
rr replay
in a tight loop.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
commit 1f0aea77f5c065b1af069d09c1044a6e8de6261d
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Fri Nov 18 12:45:12 2022 +1300
selftest: be less confident in commending st/summary
st/summary is useless. If you'll find anything, it'll be in st/subunit.
However, in case *something* useful ever ends up there we still mention it.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
commit e5f9deed0d5a2b475361486b48095124a973bd71
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Mon Nov 21 11:25:20 2022 +1300
lib/compression: add test scripts README
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
commit 1a3d8da731320a3422fd6d093cd20beb9ff00167
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Mon Nov 21 10:17:54 2022 +1300
lib/compression: test util to generate fuzzing seeds
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
commit 6a7c0ca23c6e5a4cc5ba2f860b988269306697fa
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Tue Nov 22 08:49:39 2022 +1300
lib/compression: Windows utility to generate test vectors
If compiled on Windows using Cygwin, MSYS2, or similar, this will output
compressed versions of files exactly as specified by MZ-XCA, if the
following conditions are met:
1. The file > 300 bytes.
2. The compressed file is smaller than the decompressed file.
Otherwise it returns the data unchanged. Without warning; that's just
how the API works.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
commit 7804570a379f29809a0b7540b6d94abc51d4046c
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Tue Nov 22 08:35:14 2022 +1300
lib/compression: script to test 3 byte hash
Compression uses a 3 byte hash remember LZ77 matches in a 14-bit table.
This script runs the hash over all 16M combinations, then again over
all ASCII combinations, counting collisions to find hot-spots.
If you think you have a better hash, you are probably right, but you
should try it here -- alter h() -- before committing to it. This one is
literally the first one I thought of.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
commit dadecede544519e4747a8623a1f5e0d0a1450002
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Tue Nov 22 08:23:30 2022 +1300
lib/compression: helper script to make unbalanced data
Huffman tree re-quantisation and perhaps other code paths are only
triggered by pathological data like this.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
commit bce33816ec9160373110f0ccbf3174c301218c9a
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Thu Nov 17 20:02:21 2022 +1300
lib/compression: add a debug script to describe headers
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
commit e58e9935047e3d0c3a1965f04326798f7eb7e1f9
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Thu Nov 17 16:09:39 2022 +1300
fuzz: add fuzz_lzxpress_huffman_round_trip
This compresses some data, decompresses it, and asserts that the
result is identical to the original string.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
commit 307aded670c6a32620e45c16d2d7e447dda1b061
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Thu Nov 17 16:09:26 2022 +1300
fuzz: add fuzz_lzxpress_huffman_compress
This differs from fuzz_lzxpress_huffman_round_trip (next commit) in
that the output buffer might be too small for the compressed data, in
which case we want to see an error and not a crash.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
commit cda3c1a22706ea1b4ebfb2f2faacf03bb6192fc9
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Thu Nov 17 16:08:52 2022 +1300
fuzz: add fuzz_lzxpress_huffman_decompress
Most strings will not successfully decompress, which is OK. What we
care about of course is memory safety.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
commit e795985067eb881b857d711f23ac462adb45d052
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Fri Nov 18 09:54:57 2022 +1300
lib/compression/tests: add lzhuffman timer functions
With LZXHUFF_DEBUG_VERBOSE set, we measure the compression and
decompression rate relative to the decompressed size.
On reasonably long strings on my laptop, compiled with -O0, it turns
out to between 20 and 500 MB/s, both ways, depending on the complexity
of the string. Very short strings are of course dominated by overhead.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
commit 77048aaa61eaf29934cb9446fc552b0c44431f76
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Fri Nov 18 15:54:37 2022 +1300
lib/compression: debug routines for lzxpress-huffman
If you need to see a Huffman tree (and sometimes you do), set
DEBUG_HUFFMAN_TREE to true at the top of lzxpress_huffman.c, and run:
make bin/test_lzx_huffman && bin/test_lzx_huffman
Actually, that will show you hundreds of trees, and you'll be glad of
that if you are ever trying to understand this.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
commit 955214ef6ec0015d8c1e1f8a43cacdf239b4d253
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Mon Nov 21 10:23:53 2022 +1300
lib/compression/lzhuff: add debug flag to skip LZ77
Encoding without LZ77 matches is valid, and it is useful for isolating
bugs.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
commit d4e3f0c88ef6f9fdc03ef63c8b45a88ab581f854
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Thu Nov 17 23:14:58 2022 +1300
lib/compression: LZ77 + Huffman compression
This compresses files as described in MS-XCA 2.2, and as decompressed
by the decompressor in the previous commit.
As with the decompressor, there are two public functions -- one that
uses a talloc context, and one that uses pre-allocated memory. The
compressor requires a tightly bound amount of auxillary memory
(>220kB) in a few different buffers, which is all gathered together in
the public struct lzxhuff_compressor_mem. An instantiated but not
initialised copy of this struct is required by the non-talloc
function; it can be used over and over again.
Our compression speed is about the same as the decompression speed
(between 20 and 500 MB/s on this laptop, depending on the data), and
our compression ratio is very similar to that of Windows.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
commit f86035c65bf4ae41a2c210dbff132dbce499f03c
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Thu Nov 17 14:24:52 2022 +1300
lib/compression: add LZ77 + Huffman decompression
This format is described in [MS-XCA] 2.1 and 2.2, with exegesis in
many posts on the cifs-protocol list[1].
The two public functions are:
ssize_t lzxpress_huffman_decompress(const uint8_t *input,
size_t input_size,
uint8_t *output,
size_t output_size);
uint8_t *lzxpress_huffman_decompress_talloc(TALLOC_CTX *mem_ctx,
const uint8_t *input_bytes,
size_t input_size,
size_t output_size);
In both cases the caller needs to know the *exact* decompressed size,
which is essential for decompression. The _talloc version allocates
the buffer for you, and uses the talloc context to allocate a 128k
working buffer. THe non-talloc function will allocate the working
buffer on the stack.
This compression format gives better compression for messages of
several kilobytes than the "plain" LXZPRESS compression, but is
probably a bit slower to decompress and is certainly worse for very
short messages, having a fixed 256 byte overhead for the first Huffman
table.
Experiments show decompression rates between 20 and 500 MB per second,
depending on the compression ratio and data size, on an i5-1135G7 with
no compiler optimisations.
This compression format is used in AD claims and in SMB, but that
doesn't happen with this commit.
I will not try to describe LZ77 or Huffman encoding here. Don't expect
an answer in MS-XCA either; instead read the code and/or Wikipedia.
[1] Much of that starts here:
https://lists.samba.org/archive/cifs-protocol/2022-October/
but there's more earlier, particularly in June/July 2020, when
Aurélien Aptel was working on an implementation that ended up in
Wireshark.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Pair-programmed-with: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
commit bd35feaf7ed649968465a2643b42982d3e6f3d56
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Thu Nov 17 16:07:08 2022 +1300
testdata: add test vectors for LZ77+Huffman [de-]compression
Some of the decompressed files were found via fuzzing, some are public
domain texts, and some are designed to test one aspect or another of
the format. For example, some aspects of Huffman tree creation can
only be tested when there is an extreme imbalance in the frequency of
symbols.
See the README for what files are where.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
commit 7cff3ce28432124f46a5367ee085e460cd5fd9c6
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed Nov 23 12:10:20 2022 +1300
test/source_chars: ignore testdata/compression
We are going to have all kinds of rubbish there.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
commit f6cda06dfb7e6555f817774a1535f4540b57ede4
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Thu Nov 17 16:07:37 2022 +1300
lib/compression: move lzxpress_plain test into tests/
We are going to add more tests for lib/compression, and they can't all
be called "testsuite.c".
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
commit e24efb88ef5abc794612dae546c5dce37615d2d9
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed Nov 30 16:59:51 2022 +1300
fuzz: add fuzzers for stable_sort
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
commit 4e18e9239995b48744cca613e0a83e057d899480
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed Sep 28 14:40:10 2022 +1300
util: add stable sort functions
Sometimes (e.g. in lzxpress Huffman encoding, and in some of our
tests: c.f. https://lists.samba.org/archive/samba-technical/2018-March/126010.html)
we want a stable sort algorithm (meaning one that retains the previous
order of items that compare equal).
The GNU libc qsort() is *usually* stable, in that it first tries to
use a mergesort but reverts to quicksort if the necessary allocations
fail. That has led Samba developers to unthinkingly assume qsort() is
stable which is not the case on many platforms, and might not always
be on GNU/Linuxes either.
This adds four functions. stable_sort() sorts an array, and requires
an auxiliary working array of the same size. stable_sort_talloc()
takes a talloc context so it ca create a working array and call
stable_sort(). stable_sort_r() takes an opaque context blob that gets
passed to the compare function, like qsort_r() and ldb_qsort(). And
stable_sort_talloc_r() rounds out the quadrant.
These are LGPL so that the can be used in ldb, which has problems with
unstable sort.
The tests are borrowed and extended from test_ldb_qsort.c.
When sorting non-trivial structs this is roughly as fast as GNU qsort,
but GNU qsort has optimisations for small items, using direct
assignments of rather than memcpy where the size allows the item to be
cast as some kind of int.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
commit 39df9f4a593f4dd1f19c8b720fd7fd55081c29d1
Author: Jeremy Allison <jra at samba.org>
Date: Fri Nov 18 10:50:35 2022 -0800
s3: smbd: Fix schedule_smb2_aio_read() to allow the last read in a compound to go async.
Remove knownfail.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Thu Dec 1 16:04:07 UTC 2022 on sn-devel-184
commit 0bb4810719ce0864114d84b72f8d3b206f1a7d0e
Author: Jeremy Allison <jra at samba.org>
Date: Fri Nov 18 10:45:19 2022 -0800
s3: smbd: Fix schedule_aio_smb2_write() to allow the last write in a compound to go async.
Remove knownfail.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 088b8a1e3e56cc24a7c2a469042d1ece9e84df38
Author: Jeremy Allison <jra at samba.org>
Date: Thu Nov 17 15:50:30 2022 -0800
s4: torture: Add compound_async.read_read test to show we don't go async on the last read in a compound.
Add knownfail.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit ffd9b94fe0f59c2b552402543db406cb69003745
Author: Jeremy Allison <jra at samba.org>
Date: Thu Nov 17 15:39:16 2022 -0800
s4: torture: Add compound_async.write_write test to show we don't go async on the last write in a compound.
Add knownfail.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit fc6c76e6dabdc20bc7401cc2268baa6edb635ee1
Author: Jeremy Allison <jra at samba.org>
Date: Fri Nov 18 13:30:05 2022 -0800
s4: torture: Tweak the compound padding streamfile test to send 3 reads instead of 2, and check the middle read padding.
The protocol allows the last read in a related compound to be split
off and possibly go async (and smbd soon will do this). If the
last read is split off, then the padding is different. By sending
3 reads and checking the padding on the 2nd read, we cope with
the smbd change and are still correctly checking the padding
on a compound related read.
Do this for the stream filename compound padding test.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 48b12f11a5c4ebd9affb2a2589f47881b46b659b
Author: Jeremy Allison <jra at samba.org>
Date: Fri Nov 18 13:23:48 2022 -0800
s4: torture: Tweak the compound padding basefile test to send 3 reads instead of 2, and check the middle read padding.
The protocol allows the last read in a related compound to be split
off and possibly go async (and smbd soon will do this). If the
last read is split off, then the padding is different. By sending
3 reads and checking the padding on the 2nd read, we cope with
the smbd change and are still correctly checking the padding
on a compound related read.
Do this for the base filename compound padding test.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit f5b2ae58093a0920c7be0394f638b73736fbebc2
Author: Jeremy Allison <jra at samba.org>
Date: Fri Nov 18 09:53:23 2022 -0800
s3: tests: Change smb2.compound_async to run against share aio_delay_inject instead of tmp.
It doesn't hurt the fsync compound async tests, and we need this for
the next commits to ensure smb2_read/smb2_write compound tests take
longer than 500ms so can be sure the last read/write in the compound
will go async.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 49b40a1334353aec6febc82a09a49a7e9588e65c
Author: Andreas Schneider <asn at samba.org>
Date: Wed Nov 30 18:23:17 2022 +0100
s4:torture: Fix segfault in multichannel test
The timer for the timeout_cb() handler was created on a memory context
which doesn't get freed, so the timer was still valid when running
the next test and fired there. It was then writing into random memory
leading to segfaults.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Thu Dec 1 15:03:19 UTC 2022 on sn-devel-184
commit 357bafe62584e2ca1bbf0dfaf6f949262daf59dc
Author: Volker Lendecke <vl at samba.org>
Date: Tue Nov 22 16:00:53 2022 +0100
smbd: Allow POSIX getinfo levels for smb3 unix extensions
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: David Mulder <dmulder at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Tue Nov 29 11:23:58 UTC 2022 on sn-devel-184
commit bbc82a5d425ad51a269e1ab8e4db859943fcc4ff
Author: David Mulder <dmulder at samba.org>
Date: Thu Nov 3 10:28:58 2022 -0600
s3: Test that store_smb2_posix_info hides info for '..'
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit d0ad452fc81f65017d1f783e98a58117278d8289
Author: David Mulder <dmulder at samba.org>
Date: Tue Oct 18 07:37:47 2022 -0600
s3: smbd: store_smb2_posix_info hide info for '..'
When receiving a query for '..', hide the owner
and group sids, the inode, and the dev id.
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit bdb98c8397462805b4cdfaedeee24c5d2b294b86
Author: David Mulder <dmulder at samba.org>
Date: Mon Sep 12 16:09:50 2022 -0700
smbd: Implement SMB2_FS_POSIX_INFORMATION_INTERNAL
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit a73d903238807f0e53c70dc2ecb017093206b7e8
Author: David Mulder <dmulder at suse.com>
Date: Fri Aug 5 14:00:30 2022 -0600
tests/s3: Test file/dir permissions with SMB3 posix
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit 09c8426b95a0f95e10e1c22a1f0a285ce81fb19f
Author: David Mulder <dmulder at suse.com>
Date: Fri Aug 5 13:05:48 2022 -0600
tests/s3: Test case sensitive open with SMB3 posix
Disabled because we don't handle posix paths
correctly yet.
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit 160173ee0641c871981868ee100d84b4046710a6
Author: David Mulder <dmulder at suse.com>
Date: Fri Aug 5 10:56:32 2022 -0600
tests/s3: Test delete on close with SMB3 posix
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit f481cd4a60a55a30e78fe6da4aa5f5fe90fa433e
Author: David Mulder <dmulder at suse.com>
Date: Fri Jul 8 13:15:51 2022 -0600
libcli: Add client support for SMB2_FILE_POSIX_INFORMATION
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit f0e1137425f5ed1ff97c729e4b39be626602e6b7
Author: David Mulder <dmulder at suse.com>
Date: Thu Jul 7 12:57:01 2022 -0600
tests/s3: Test reserved chars in posix filename
Disabled because we don't handle posix paths
correctly yet.
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit 08226d6c2e8ed1e1d8104afcfcea37a66de0a413
Author: David Mulder <dmulder at suse.com>
Date: Fri Jun 17 15:06:29 2022 -0600
smbd: Implement SMB2_FILE_POSIX_INFORMATION in smbd_marshall_dir_entry
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit 7c2f08d564f74d8259d0ad8c3b25923eb3e5ece4
Author: David Mulder <dmulder at suse.com>
Date: Wed Jun 15 15:39:00 2022 -0600
tests/s3: Test SMB2_FIND_POSIX_INFORMATION dir query
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit 284787996d45ee8e5848a5071b42f114c791a56a
Author: David Mulder <dmulder at samba.org>
Date: Tue Sep 20 10:28:20 2022 -0600
libsmb: Allow listing with posix context
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit 99de8d7cfa390a06a0a7e5ac14843a3bea3c9365
Author: David Mulder <dmulder at suse.com>
Date: Wed Jun 15 13:20:30 2022 -0600
libsmb: Make info_level configurable in dir listing
This was hard coded to SMB2_FIND_ID_BOTH_DIRECTORY_INFO
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit 2c1a02d622c710bb77d2142c9cdf09b921ddb888
Author: Jeremy Allison <jra at samba.org>
Date: Mon Dec 18 13:27:06 2017 -0800
smbd: Plumb SMB2_FIND_POSIX_INFORMATION through the directory reading code.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit 72004f8f94824e00ed120d87893ec57c96c5f8f2
Author: Jeremy Allison <jra at samba.org>
Date: Thu Dec 14 15:18:21 2017 -0800
s3: smbd: Add SMB2_FILE_POSIX_INFORMATION getinfo info level (100 on the wire).
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit 535a08dfc4c045d7b0c0ed335f76b5d560dd7bbd
Author: Ralph Boehme <slow at samba.org>
Date: Tue Nov 22 07:31:52 2022 +0100
smbd: reject FILE_ATTRIBUTE_TEMPORARY on directories
Cf MS-FSA 2.1.5.14.2
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15252
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Mon Nov 28 10:14:12 UTC 2022 on sn-devel-184
commit fdb19ce8aa189f6cfbd2d1fd7ed6fe809ba93cf3
Author: Ralph Boehme <slow at samba.org>
Date: Tue Nov 22 10:45:35 2022 +0100
torture: add a test trying to set FILE_ATTRIBUTE_TEMPORARY on a directory
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15252
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit c8bf9495f43ed677f90e59937e1e805fc5e60d49
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Mar 27 04:34:12 2019 +0100
vfs: fix the build of nfs4acl_xattr_ without rpc/xdr.h support
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Fri Nov 25 06:07:32 UTC 2022 on sn-devel-184
commit 3b9ccfa4ac73332f324426dec940579e5eac96bc
Author: Ralph Boehme <slow at samba.org>
Date: Tue Jan 10 12:22:28 2017 +0100
net: use correct printf format, fi3_id is an uint32_t
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Thu Nov 24 16:39:12 UTC 2022 on sn-devel-184
commit 95676825adbb13ab2a0e24983780125218c17265
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Nov 22 10:41:39 2022 +0100
gitlab-ci: do some basic testing on ubuntu1804-32bit
For now we allow build warnings and only do some basic testing.
We also ignore timestamp related problems, as well as some charset
failures.
Over time we should try to address the situation by not allowing warnings
and verify if expected failures are harmless or not.
But it's already much better then having no 32bit testing at all!
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Thu Nov 24 12:05:26 UTC 2022 on sn-devel-184
commit 98c1e357a7fd25b6706b4341b3407c03369501fc
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Nov 22 10:31:19 2022 +0100
selftest: add --default-ldb-backend option
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 9ba10b97d3aa50f89f01bb038d98a8086d409c3e
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Nov 4 10:23:07 2022 +0000
selftest: samba-ktest-mit also needs $ENV{KRB5RCACHETYPE} = "none"
We need to pass --mitkrb5 to selftest.pl in all cases we use
system mit kerberos not only when we also test the kdc.
We can't use a replay cache in selftest verifies the stat.st_uid
against getuid().
BTW: while debugging this on ubuntu 22.04 I exported
KRB5_TRACE="/dev/stderr", which means we get tracing into
the servers log file and into selftest_prefix/subunit for the client...
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit dce639f8bd75ecdca261d1dc8b97ce6a8ebb4eb0
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Nov 16 12:08:45 2022 +0100
CVE-2022-42898: HEIMDAL: lib/krb5: fix _krb5_get_int64 on systems where 'unsigned long' is just 32-bit
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15203
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 838f62078795150bb7ec9ec1b4690a1d6a8991ae
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Nov 23 12:14:12 2022 +0100
third_party: Update socket_wrapper to version 1.3.5
This injects O_LARGEFILE as needed.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 6dddb268df08fd91f8e0f189f948ad76e5805dca
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Nov 23 11:38:20 2022 +0100
lib/replace: let rep_openat2() inject O_LARGEFILE as needed
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15251
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 4c2e1d6259c4c06fce5d1333553b611ffd8f0ef4
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Nov 22 10:47:33 2022 +0100
s3:locking: relax __SHARE_MODE_LOCK_SPACE check for 32bit platforms
sizeof(struct share_mode_lock) is only 28 bytes instead of 32 bytes
on 32bit systems...
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit 44192d5f2cae2350d7de109690799dea1a2a2e16
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Nov 7 17:40:07 2022 +0100
s4:kdc: make sure reset_bad_password_netlogon() stops subreq before return
We pass the stack variable 'req' to dcerpc_winbind_SendToSam_r_send(),
so we need to make sure the runtime of the subreq in not longer
than the stack variable.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15253
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 73ec7253139cf4704135ec7abfa6a669e158fddc
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Nov 7 17:15:32 2022 +0100
s4:messaging: add irpc_bh_do_ndr_print() in order to debug irpc calls
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15253
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 1414269dccfd7cb831889cc92df35920b034457c
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Nov 7 17:21:44 2022 +0100
CVE-2021-20251: s4:auth: fix use after free in authsam_logon_success_accounting()
This fixes a use after free problem introduced by
commit 7b8e32efc336fb728e0c7e3dd6fbe2ed54122124,
which has msg = current; which means the lifetime
of the 'msg' memory is no longer in the scope of th
caller.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15253
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 2dcd8369fe7e6c7664f5e18324e85e0c4eebb2d5
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Mon Oct 10 13:54:08 2022 +1300
bootstrap: Remove duplicate line from CentOS 8 powertools install
This was missed in 136ec5bc01e2648bae34a1158f923fbf5a86d561 when
we moved to CentOS 8 stream.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 3dbe8fd66ca7d98fd05f5ff9ed9e414b9dd1915b
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Oct 27 11:39:02 2022 +1300
bootstrap: Spelling fix in bootstrap from Michael Tokarev
This could not previously be included as all changes require a full image rebuild
as they change the SHA1 hash.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit f738842adba3a50a6019ff6d0360763e7540659d
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Oct 31 12:01:12 2022 +1300
tests: Replace OpenSSL MD4 invocation with a python3 call
This will allow the test to pass on Ubuntu 22.04 which has MD4 disabled
in OpenSSL by default.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 09f8d4ac81a4b846ae472411cfaa9d8ee14c94c2
Author: Volker Lendecke <vl at samba.org>
Date: Thu Oct 27 12:59:53 2022 +0200
tests: Start testing smb2 symlink error returns
This still all fails, but if you run them against Windows they work.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Nov 22 19:25:34 UTC 2022 on sn-devel-184
commit 2e3e27f7e313cee7a646f57e49e2b192282f40d4
Author: Volker Lendecke <vl at samba.org>
Date: Thu Oct 27 12:48:59 2022 +0200
tests: Add nosymlinks_smb1allow share
The next commits will create symlinks via posix extensions to test the
smb2 symlink error return. Creating posix symlinks is not allowed with
follow symlinks = no, but it's currently our only way to create
symlinks over SMB. This could go away once we can create symlinks via
reparse points.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 45091febd2aaeb9b030c8c14a4f44fe6e7f297bf
Author: Volker Lendecke <vl at samba.org>
Date: Thu Nov 10 18:31:11 2022 +0100
tests: Start testing reparsepoints
This still all fails, but if you run them against Windows they work.
How to run:
PYTHONPATH=bin/python \
LOCAL_PATH=/tmp \
SMB1_SHARE=share \
SMB2_SHARE=share \
SHARENAME=share \
SERVER_IP=<server-ip> \
DOMAIN=<your-domain> \
USERNAME=Administrator \
PASSWORD=<your-password> \
SMB_CONF_PATH=/usr/local/samba/etc/smb.conf \
SERVERCONFFILE="$SMB_CONF_PATH" \
python3 -m samba.subunit.run samba.tests.reparsepoints
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit c58c826e43c3b847b0cea3c8b6344274196506ca
Author: Volker Lendecke <vl at samba.org>
Date: Thu Nov 3 16:42:12 2022 +0100
pylibsmb: Add protocol()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit c33f3a386869cdeca59b02a51ba5781dd58c813c
Author: Volker Lendecke <vl at samba.org>
Date: Thu Nov 3 16:39:44 2022 +0100
pylibsmb: Add CreateDisposition values
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 5907dff30adb9600235e757044fc75f3e5734dd6
Author: Volker Lendecke <vl at samba.org>
Date: Thu Nov 3 16:18:37 2022 +0100
pylibsmb: Add FSCTL codes
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 7f63e98b95b8a9b6c02762618ee0f4be30cafa79
Author: Volker Lendecke <vl at samba.org>
Date: Thu Nov 3 12:26:34 2022 +0100
libcli: Add python wappers to reparse_symlink.c
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit e7516fa9884dfa114703c1d532fa39dddd9bef47
Author: Volker Lendecke <vl at samba.org>
Date: Thu Nov 10 13:46:25 2022 +0100
libsmb: Factor out reparse_buffer_marshall from symlink_reparse_buffer_marshall()
Make it easier to play with reparse points
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit d79566c782f308d470a6075593c3e8fb6b7bcad0
Author: Volker Lendecke <vl at samba.org>
Date: Tue Nov 1 16:14:06 2022 +0100
pylibsmb: Add fsctl()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 99730a59d5a35d5f91dee5343fd69a345a374d51
Author: Volker Lendecke <vl at samba.org>
Date: Tue Sep 20 17:58:04 2022 +0200
pylibsmb: Add create options
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 68a4be1edf77aef3589c8ab1bfcc291fc8e3a70c
Author: Volker Lendecke <vl at samba.org>
Date: Tue Oct 18 16:55:53 2022 +0200
pylibsmb: Add smb1_symlink()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 7d1339436786881514a006b33071a9cfe862e379
Author: Volker Lendecke <vl at samba.org>
Date: Tue Oct 18 16:41:30 2022 +0200
pylibsmb: Add smb1_readlink()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 98a627b93f475d2da9882db1abeb44f6ecad38cf
Author: Volker Lendecke <vl at samba.org>
Date: Sun Oct 16 19:41:58 2022 +0200
pylibsmb: Add smb1_posix() to request smb1 posix extensions
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 37784b86a06e92380a7935670afb0beda0e691df
Author: Volker Lendecke <vl at samba.org>
Date: Tue Sep 20 17:28:27 2022 +0200
pylibsmb: Pass symlink error to create_ex exception
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 18d6334ca4154649c66cb946834dc1b2588902df
Author: Volker Lendecke <vl at samba.org>
Date: Tue Sep 20 14:31:31 2022 +0200
libsmb: Pass symlink error up through cli_smb2_create_fnum_recv()
Not passing through the sync wrapper yet. Not needed right now, and
it's simple to add if required.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 0c419b8a204bd21e8991356ac88188c98bcfbb79
Author: Volker Lendecke <vl at samba.org>
Date: Mon Oct 25 15:23:43 2021 +0200
libsmb: Return symlink error struct from smb2cli_create_recv()
Looks larger than it is, this just adds a parameter and while there
adapts long lines to README.Coding
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 218baae2d364dff581bb88ccd2a773e617ec8be8
Author: Volker Lendecke <vl at samba.org>
Date: Wed Oct 26 13:58:56 2022 +0200
libsmb: Parse the smb2 symlink error response in smb2cli_create()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 3fbd4b27cb32f2f93793b8c6c44eb5d37034fcf8
Author: Volker Lendecke <vl at samba.org>
Date: Thu Oct 20 10:10:43 2022 +0200
libsmb: Keep name_utf16 around in smb2cli_create()
This is needed to pass up the "unparsed" part of the smb2 symlink
error response in unix charset form.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit f2c0f118fcccc19072639a7bccad673cc86dc5a6
Author: Volker Lendecke <vl at samba.org>
Date: Fri Oct 14 17:12:26 2022 +0200
smbd: Pass unparsed_path_length to symlink_reparse_buffer_marshall()
[MS-FSCC] 2.1.2.4 Symbolic Link Reparse Data Buffer lists this field
as reserved, but [MS-SMB2] 2.2.2.2.1 Symbolic Link Error Response is
the exact same format with the reserved field as UnparsedPathLength.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 9e07a8181247385a169e02adc184a03590d35573
Author: Volker Lendecke <vl at samba.org>
Date: Fri Oct 14 16:23:30 2022 +0200
smbd: Pass error_context_count through smbd_smb2_request_error_ex()
See [MS-SMB2] 2.2.2: This field MUST be set to 0 for SMB dialects
other than 3.1.1. For the SMB dialect 3.1.1, if this field is nonzero,
the ErrorData field MUST be formatted as a variable-length array of
SMB2 ERROR Context structures containing ErrorContextCount entries.
Not used right now yet, but once we start to return STOPPED_ON_SYMLINK properly
this is required.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit c14b8dc0aaf2d095498072367d2ddfc247a283fe
Author: Volker Lendecke <vl at samba.org>
Date: Tue Oct 25 10:26:26 2022 +0200
smbd: Factor out safe_symlink_target_path()
Small refactoring to make filename_convert_dirfsp() itself a bit
shorter using a subroutine.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit f71bdfbacbcc4753f1cf5a254194b93f9b29d775
Author: Volker Lendecke <vl at samba.org>
Date: Wed Nov 9 12:35:59 2022 +0100
tests: Fix an incorrect comment
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit b7fd2cf5bae6735c4b15d058159d7278ee091baa
Author: Volker Lendecke <vl at samba.org>
Date: Wed Nov 9 11:25:51 2022 +0100
libsmb: Add "DOMAIN" to authentication creds
If you want to create symlinks on Windows using reparse points, you
need to authenticate as local administrator, just "administrator" is
not enough. So this is required to run some tests against Windows.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit c3d65f10c5863749b3b3ead5f178bbd1deb6f287
Author: Volker Lendecke <vl at samba.org>
Date: Wed Nov 9 12:56:11 2022 +0100
libsmb: Fix cli_fsctl()
Untested code is broken code. Found while testing symlinks over SMB1.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit fdb7e91df048b94a8755e5976b5c34401545c89c
Author: Volker Lendecke <vl at samba.org>
Date: Tue Nov 1 16:12:33 2022 +0100
libsmb: Fix cli_smb2_fsctl_recv()
Untested code is broken code... data_blob_talloc() returns a NULL blob
for NULL/0 input.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit b4c45decd410c6012b21eebb786bf252665570ad
Author: Volker Lendecke <vl at samba.org>
Date: Thu Nov 10 17:40:22 2022 +0100
libsmb: Fix removing a rogue reparse point
If you set a reparse point for which Windows server does not have a
handler, it returns NT_STATUS_IO_REPARSE_TAG_NOT_HANDLED when you
later open it without FILE_OPEN_REPARSE_POINT.
See the discussion thread starting with
https://lists.samba.org/archive/cifs-protocol/2022-November/003888.html
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 71789c7f6b2d98219ae712ed810df86ebe4eda6a
Author: Volker Lendecke <vl at samba.org>
Date: Thu Nov 3 12:37:58 2022 +0100
pylibsmb: Add template code
I've looked this up in my samples too often :-)
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit b7d4b8eaac71e7af334d313d215139ed9bcaa7f8
Author: Volker Lendecke <vl at samba.org>
Date: Wed Nov 9 10:15:31 2022 +0100
lib: Whitespace fixes
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit cb6d9e7b8118829b2996363050960837222396b8
Author: Volker Lendecke <vl at samba.org>
Date: Wed Nov 2 13:24:22 2022 +0100
idl: Fix whitespace
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 0789dd6959a6f8fdc76ea6d706d494ab491add5b
Author: Volker Lendecke <vl at samba.org>
Date: Thu Nov 10 11:22:13 2022 +0100
libcli: Make "attr_strs" static
This saves 70 bytes of .text, we don't need this on the stack.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 9dddb9a2fc2943e835298976ad45ee4aff73330d
Author: Volker Lendecke <vl at samba.org>
Date: Thu Nov 10 13:42:01 2022 +0100
lib: Make lib/util/iov_buf.h self-contained
We need "struct iovec", which comes in via sys/uio.h, incuded by
system/filesys.h
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 9735498f60f83fd231ce20845db9288f4d343fe6
Author: Volker Lendecke <vl at samba.org>
Date: Fri Nov 4 11:23:52 2022 +0100
pam_winbind: Fix a memleak
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 59b5abbe8cec52d7cf1197a91f32d832670284d5
Author: David Mulder <dmulder at samba.org>
Date: Fri Nov 18 11:42:15 2022 -0700
gp: Test PAM Access with DENY_ALL
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon Nov 21 22:05:01 UTC 2022 on sn-devel-184
commit ca5f8072a4c7be6fdebef494664a27bbd73340ff
Author: David Mulder <dmulder at samba.org>
Date: Thu Nov 17 16:33:24 2022 -0700
gp: PAM Access should implicitly deny ALL w/ allow
If an allow entry is specified, the PAM Access
CSE should implicitly deny ALL (everyone other
than the explicit allow entries).
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 9f6cf276e22b82601a81286fabeae5303f58339c
Author: David Mulder <dmulder at samba.org>
Date: Thu Nov 17 12:37:20 2022 -0700
gp: samba-tool manage gpo access add don't fail w/out upn
The search response for the user could possibly
not include a upn (this happens with Administrator
for example).
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 8d0d79ba3b317401cfe089c0df871189bb79c9dc
Author: David Mulder <dmulder at samba.org>
Date: Wed Nov 16 15:04:16 2022 -0700
gp: Make samba-tool gpo manage sudoers remove backward compatible
Ensure `samba-tool gpo manage sudoers remove` is
backward compatible with the GPME sudo rules.
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit d0c4aebb0eff59716cfc51d86eec26a52f6913c5
Author: David Mulder <dmulder at samba.org>
Date: Wed Nov 16 15:03:18 2022 -0700
gp: Test that samba-tool gpo manage removes gpme sudoers
The file format for storing the sudo rules
changed in samba-tool, but these can still be
added via the GPME. We should still include them
here.
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit cc0c784d3ab914593356b4b1a0ca924c9dc4b9fa
Author: David Mulder <dmulder at samba.org>
Date: Wed Nov 16 10:46:11 2022 -0700
gp: Make samba-tool gpo manage sudoers list backward compatible
Ensure `samba-tool gpo manage sudoers list` is
backward compatible with the GPME sudo rules.
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 4c2b418882ecdb6293cc1d033c33685ada684c2e
Author: David Mulder <dmulder at samba.org>
Date: Wed Nov 16 10:44:22 2022 -0700
gp: Test that samba-tool gpo manage lists gpme sudoers
The file format for storing the sudo rules
changed in samba-tool, but these can still be
added via the GPME. We should still include them
here.
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit f03665bb7e8ea97699062630f2aa1bac4c5dfc7f
Author: Andreas Schneider <asn at samba.org>
Date: Wed Nov 16 11:24:12 2022 +0100
s3:rpc_server: Fix include directive substitution when enumerating shares
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15243
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Fri Nov 18 19:17:31 UTC 2022 on sn-devel-184
commit c213ead8c4c1b5287294a67e65f271fbb0b922b2
Author: Andreas Schneider <asn at samba.org>
Date: Wed Nov 16 11:23:44 2022 +0100
s3:tests: Add substitution test for listing shares
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15243
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit ce3d27a9f5a98b4680af5fb5a595b0e7e94f8c30
Author: Andreas Schneider <asn at samba.org>
Date: Tue Nov 15 16:35:15 2022 +0100
s3:tests: Add substitution test for include directive
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15243
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit 26adf3344337f4e8d5d2107e6ba42e5ea7656372
Author: Jeremy Allison <jra at samba.org>
Date: Thu Oct 20 15:19:05 2022 -0700
s3: smbd: Cause SMB2_OP_FLUSH to go synchronous in a compound anywhere but the last operation in the list.
Async read and write go synchronous in the same case,
so do the same here.
Remove knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15172
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Thu Nov 17 05:55:42 UTC 2022 on sn-devel-184
commit e668c3a82cd566b405c976d45659dd79786948de
Author: Jeremy Allison <jra at samba.org>
Date: Thu Oct 20 15:08:14 2022 -0700
s3: smbd: Add utility function smbd_smb2_is_last_in_compound().
Not yet used. Returns true if we're processing the last SMB2 request in a
compound.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15172
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 6f149dfd9d8d2619a9e18975ebcf5e69df2b7766
Author: Jeremy Allison <jra at samba.org>
Date: Thu Oct 20 14:22:25 2022 -0700
s4: torture: Add an async SMB2_OP_FLUSH + SMB2_OP_FLUSH test to smb2.compound_async.
Shows we fail sending an SMB2_OP_FLUSH + SMB2_OP_FLUSH
compound if we immediately close the file afterward.
Internally the flushes go async and we free the req, then
we process the close. When the flushes complete they try to access
already freed data.
Extra test which will allow me to test when the final
component (flush) of the compound goes async and returns
NT_STATUS_PENDING.
Add knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15172
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 17a110c1b58196eb8ecf3c76eb97e8508976c544
Author: Jeremy Allison <jra at samba.org>
Date: Tue Oct 18 16:22:33 2022 -0700
s4: torture: Add an async SMB2_OP_FLUSH + SMB2_OP_CLOSE test to smb2.compound_async.
Shows we fail sending an SMB2_OP_FLUSH + SMB2_OP_CLOSE
compound. Internally the flush goes async and
we free the req, then we process the close.
When the flush completes it tries to access
already freed data.
Found using the Apple MacOSX client at SNIA SDC 2022.
Add knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15172
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit f6284877ce07fc5ddf4f4e2d824013b645d6e12c
Author: Noel Power <noel.power at suse.com>
Date: Wed Nov 16 15:37:52 2022 +0000
nsswitch: Fix uninitialized memory when allocating pwdlastset_prelim
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15224
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Nov 16 19:29:21 UTC 2022 on sn-devel-184
commit ebaafb2375c3866d6ba1e178a2e2f5623f6212c8
Author: Andreas Schneider <asn at samba.org>
Date: Wed Nov 16 09:37:16 2022 +0100
gitlab-ci: Update Fedora to version 37
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Wed Nov 16 16:29:30 UTC 2022 on sn-devel-184
commit 7cb50405515298b75dcc512633fb3877045aabc6
Author: Jeremy Allison <jra at samba.org>
Date: Tue Nov 8 16:16:07 2022 -0800
nsswitch: Fix pam_set_data()/pam_get_data() to use pointers to a time_t, not try and embedd it directly.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15224
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
Autobuild-User(master): Noel Power <npower at samba.org>
Autobuild-Date(master): Wed Nov 16 15:09:45 UTC 2022 on sn-devel-184
commit 0fd7b13ebc38779a18ba4a22f7b17dc2628907cc
Author: Noel Power <noel.power at suse.com>
Date: Fri Nov 4 16:56:49 2022 +0000
s4:lib:tls: Don't negotiate session resumption with session tickets
tls_tstream can't properly handle 'New Session Ticket' messages
sent 'after' the client sends the 'Finished' message.
This is needed because some servers (at least elasticsearch) wait till
they get 'Finished' messgage from the client before sending the
"New Ticket" message.
Without this patch what typcially happens is when the application code
sends data it then tries to read the response, but, instead of the
response to the request it actually recieves the "New Session Ticket"
instead. The "New Session Ticket" message gets processed by the upper layer
logic e.g.
tstream_tls_readv_send
->tstream_tls_readv_crypt_next
->tstream_tls_retry_read
->gnutls_record_recv
instead of the core gnutls routines.
This results in the response processing failing due to the
currently 'unexpected' New Ticket message.
In order to avoid this scenario we can ensure the client doesn't
negotiate resumption with session tickets.
Signed-off-by: Noel Power <noel.power at suse.com>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Wed Nov 16 09:58:45 UTC 2022 on sn-devel-184
commit f0ca9546102acf09f1834c03f8907ed26bfc80f8
Author: Jeremy Allison <jra at samba.org>
Date: Tue Nov 15 13:29:46 2022 -0800
s3: smbd: In synthetic_pathref() change DBG_ERR -> DBG_NOTICE to avoid spamming the logs.
Can easily be seen by doing make test TESTS=fruit
and looking in st/nt4_dc/smbd_test.log.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15210
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Wed Nov 16 06:00:56 UTC 2022 on sn-devel-184
commit 434f461e9e5a914d4e5a9141324f1705e5e50cf9
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Fri Oct 14 16:45:37 2022 +1300
CVE-2022-42898 third_party/heimdal: PAC parse integer overflows
Catch overflows that result from adding PAC_INFO_BUFFER_SIZE.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15203
Heavily edited by committer Nico Williams <nico at twosigma.com>, original by
Joseph Sutton <josephsutton at catalyst.net.nz>.
Signed-off-by: Nico Williams <nico at twosigma.com>
[jsutton at samba.org Zero-initialised header_size in krb5_pac_parse() to
avoid a maybe-uninitialized error; added a missing check for ret == 0]
Autobuild-User(master): Jule Anger <janger at samba.org>
Autobuild-Date(master): Tue Nov 15 17:02:52 UTC 2022 on sn-devel-184
commit 15696da01515692b5a3ce647e3049229e5b82393
Author: David Mulder <dmulder at samba.org>
Date: Mon Nov 14 10:50:28 2022 -0700
gp: Fix startup scripts add not always set runonce
The runonce is always being set because neither
True nor False is ever None.
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Nov 15 02:09:45 UTC 2022 on sn-devel-184
commit 4321be515b41ac4b129e2334f19cfd628809cf3d
Author: David Mulder <dmulder at samba.org>
Date: Mon Nov 14 09:49:18 2022 -0700
gp: Fix startup scripts list not fail with empty args
This fixes the startup scripts list command to
not fail when the parameters variable is empty.
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit f04f205d273605b0c09799cc55fc218ce907c827
Author: David Mulder <dmulder at samba.org>
Date: Mon Nov 14 09:35:31 2022 -0700
gp: startup scripts list enclude newline in output
The output for listing startup scripts wasn't
clear because there was no newline between
entries.
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 3bee89c1cfa53f76728a54536f9d33e134b952c1
Author: David Mulder <dmulder at samba.org>
Date: Mon Nov 14 09:34:35 2022 -0700
gp: startup scripts add clarify 'args' option
Make sure it is clear how to specify args for the
command, and that multiple args can be passed
wrapped in quotes.
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 096a323a8ce57fd75f3857449d9aaf74cb10344b
Author: David Mulder <dmulder at samba.org>
Date: Mon Nov 14 09:31:41 2022 -0700
gp: Fix startup scripts add args
The args for the command could not be parsed
because samba-tool detects the '-' and thinks its
part of the samba-tool command.
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit fa4eba131b882c3858b28f5fd9864998e19a4510
Author: Jeremy Allison <jra at samba.org>
Date: Thu Nov 10 14:43:15 2022 -0800
s3: smbd: Always use metadata_fsp() when processing fsctls.
Currently all fsctls we implement need the base fsp, not
an alternate data stream fsp. We may revisit this later
if we implement fsctls that operate on an ADS.
Remove knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15236
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andrew Walker <awalker at ixsystems.com>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon Nov 14 18:13:31 UTC 2022 on sn-devel-184
commit abc4495e4591964bb4625c2669a1f84213faab77
Author: Jeremy Allison <jra at samba.org>
Date: Thu Nov 10 14:41:15 2022 -0800
s3: smbd: Add test to show smbd crashes when doing an FSCTL on a named stream handle.
Add knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15236
Signed-off-by: Andrew Walker <awalker at ixsystems.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 2ea3adfd04b07c6d449904b81d132ad3858f72fb
Author: David Mulder <dmulder at samba.org>
Date: Fri Nov 11 10:04:44 2022 -0700
gp: Test that Password and Kerberos policies fail on unknown key
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Sat Nov 12 01:34:17 UTC 2022 on sn-devel-184
commit 3ad8e8d4d43b08cf1747da048c2fcc16d45a59c5
Author: David Mulder <dmulder at samba.org>
Date: Fri Nov 11 09:41:52 2022 -0700
gp: Password and Kerberos policies fail on unknown key
If unrecognized keys are set in the GptTmpl.inf,
the extensions would fail to apply.
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 09e9dd576dad5a38287b2241a965f769f1264292
Author: Volker Lendecke <vl at samba.org>
Date: Mon Nov 7 20:34:57 2022 +0100
torture: Test the "server addresses" parameter
Thanks to Metze for the hint that all file servers already listen on 2
addressess -- V4 and V6 :-)
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Thu Nov 10 08:23:14 UTC 2022 on sn-devel-184
commit f9a3a6b434f6b82303241a57beae3e1762a2c41d
Author: Volker Lendecke <vl at samba.org>
Date: Wed Nov 9 14:09:34 2022 +0100
testprogs: Fix testit_expect_failure_grep()
Callers expect success (i.e. retval==0) if grep failed with non-zero
error status.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 55feb593012fc5b24e795a00081666fca740429c
Author: Volker Lendecke <vl at samba.org>
Date: Wed Nov 9 14:04:23 2022 +0100
testprogs: Add testit_grep_count() helper
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit e24481251ddc64abfd51b9bd101833814defd8c4
Author: Volker Lendecke <vl at samba.org>
Date: Fri Oct 21 17:02:07 2022 +0200
srvsvc: Only list shares in "server addresses"
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 23167a4dd7be30123f66826999db559a4bc0db7d
Author: Volker Lendecke <vl at samba.org>
Date: Fri Oct 21 16:58:36 2022 +0200
smbd: Implement "server addresses" for tree connect
Only allow share connections if the server address matches
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 9321a533cdc3cbb81afa03bcf3cd5030b8b317ea
Author: Volker Lendecke <vl at samba.org>
Date: Fri Oct 21 16:45:35 2022 +0200
lib: Add lp_allow_local_address()
Helper function for listing and accessing shares
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit d9c4f94e4fde22a91c230d2ddb2eb3b9c56f88b0
Author: Volker Lendecke <vl at samba.org>
Date: Fri Oct 21 17:01:21 2022 +0200
smbd: Add "server addresses" parameter
This is a per-share parameter to limit share visibility and
accessibility to specific server IP addresses.
This can be used to limit the visibility and accessibility of shares
on different subnets offered by the server.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 12edd038cfa1326c517cb51e6b4c7bdf75f471fa
Author: Volker Lendecke <vl at samba.org>
Date: Fri Oct 21 09:17:42 2022 +0200
smbd: Some whitespace fixes
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 4a68d43b7b02e191f007baac56b8b0e47e99b64d
Author: Andreas Schneider <asn at samba.org>
Date: Tue Nov 8 11:01:44 2022 +0100
third_party: Update nss_wrapper to version 1.1.13
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Wed Nov 9 23:15:07 UTC 2022 on sn-devel-184
commit 10537a89bb0b461ba31d614b7c9ed56a842422e7
Author: Jeremy Allison <jra at samba.org>
Date: Tue Nov 8 10:13:18 2022 -0800
s4: libcli: Ignore errors when getting A records after fetching AAAA records.
The target may only be available over IPv6.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15226
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Nov 9 20:34:07 UTC 2022 on sn-devel-184
commit 76adda9d2fea9f93f4cf97536db5c0be6deeb98c
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Oct 31 13:16:25 2022 +0100
lib/replace: fix memory leak in snprintf replacements
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15230
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Wed Nov 9 11:18:02 UTC 2022 on sn-devel-184
commit 3030813765ff2f9ef6c894a4e6eb51601fe07109
Author: David Mulder <dmulder at samba.org>
Date: Tue Nov 8 11:03:36 2022 -0700
gp: Ignore crontab -l error, since it means empty
We should not fail when crontab -l errors, this
just means the crontab is empty.
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Nov 8 22:33:37 UTC 2022 on sn-devel-184
commit 612eeff2704bf6705b2ccce4006f7d9c6f0ee06a
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Thu Nov 3 14:49:17 2022 +1300
tests/krb5: Add tests of PAC group handling
In which we make AS and TGS requests and verify the SIDs we expect are
returned in the PAC.
Example command to test against Windows Server 2019 functional level
2016 with FAST enabled:
ADMIN_USERNAME=Administrator ADMIN_PASSWORD=locDCpass1 \
CLAIMS_SUPPORT=1 COMPOUND_ID_SUPPORT=1 DC_SERVER=ADDC.EXAMPLE.COM \
DOMAIN=EXAMPLE EXPECT_PAC=1 FAST_SUPPORT=1 KRB5_CONFIG=krb5.conf \
PYTHONPATH=bin/python REALM=EXAMPLE.COM SERVER=ADDC.EXAMPLE.COM \
SKIP_INVALID=1 SMB_CONF_PATH=smb.conf STRICT_CHECKING=1 \
TKT_SIG_SUPPORT=1 python3 python/samba/tests/krb5/group_tests.py
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Tue Nov 8 03:37:37 UTC 2022 on sn-devel-184
commit 53f9ac4b6fc41cef4966b1f5eca0485be621f786
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Thu Nov 3 14:55:36 2022 +1300
tests/krb5: Allow checking domain SID in PAC
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 8556576d8df47710757ff4e32b04668fa5045daf
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Thu Nov 3 14:54:23 2022 +1300
tests/krb5: Overhaul PAC logon info group checking
We can now verify attributes of SIDs and the PAC locations in which SIDs
are placed. We also gain the ability to assert that no SIDs are present
in the PAC other than the ones we expect.
We lighten somewhat the requirement that no duplicates are present among
the SIDs, as such a situation may arise even with Windows, especially if
group types are changed. For example, if a Universal group containing a
user is changed to a Domain-Local group in between an AS-REQ and a
TGS-REQ, the group's SID will be added to the PAC once for each request.
We only verify that there are no exact duplicates (SID, attributes, and
PAC location all being identical).
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 5a613db6f511cfe3739cfe04cefa84e4f6681c99
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Thu Nov 3 14:51:26 2022 +1300
tests/krb5: Add (un)expected group parameters to get_service_ticket() and get_tgt()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit f59f6968003a3b314fb21ca84548806c03ae0b0a
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Thu Nov 3 14:48:09 2022 +1300
tests/krb5: Allow creating accounts without Resource SID compression support
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 29723765b31866524b7db5c37600b8f6c9c0a2e7
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Thu Nov 3 14:47:51 2022 +1300
tests/krb5: Allow adding multiple members to a group
As well as passing in a single 'str', we can now choose to pass a
collection of member DN strings.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 3a13e3b6667909fbdafaf95be88106d138013f9c
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Thu Nov 3 14:46:53 2022 +1300
tests/krb5: Allow creating groups with a specified type
This will be useful for testing the handling of Domain-Local groups.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 6674f67537d0cac81e40c2b88e882944cb368ad7
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Thu Nov 3 14:46:38 2022 +1300
tests/krb5: Fix bits_to_etypes() to not fail on Resource SID compression bit
It's not an encryption type bit, so we should ignore it here.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 90f39b695916bb99c7a8d3cb5d6a1153b61b1dec
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Wed Nov 2 17:27:12 2022 +1300
tests/krb5: Remember to pass in expected_groups parameter
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 0161d375746a1f5e145147d3ea4eb35f163bb5ec
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Thu Nov 3 14:48:48 2022 +1300
tests/krb5: Remove unused copy-and-paste remnant
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit bdbe5c5a3241488ff638350aaf6e74d157490bb9
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Feb 25 00:28:01 2022 +0100
s4:kdc: add initial support for compound claims
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit f96fbe6eb1f1f0fcf6ce2d72df5cc631f427bcf1
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Feb 25 00:19:06 2022 +0100
s4:kdc: fetch client_claims_blob from samba_kdc_get_pac_blobs()
The blob will be empty until we properly support claims.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 03250eefaaf21e819e8e855fc0db6ae25da6a9ee
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Feb 24 23:57:31 2022 +0100
s4:kdc: pass client_claims, device_info, device_claims into samba_make_krb5_pac()
This allows us to add claims blobs to the PAC once we have the ability
to create them.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit aa62775eb4ff6e4cd50d8ef932a2c299509c39d9
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Nov 1 19:01:15 2022 +1300
s4-auth: Make PAC parameters const
These functions have no need to modify the PACs passed in, and this
change permits us to operate on const PACs in the KDC.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 7d3416e8cb686453ecbedbc085073af95835001e
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Wed Nov 2 14:56:34 2022 +1300
krb5: Detect support for krb5_const_pac type
We can't unconditionally assume (as we did in
third_party/heimdal_build/wscript_configure) that Heimdal has this type,
since we may have an older system Heimdal that lacks it. We must also
check whether krb5_pac_get_buffer() is usable with krb5_const_pac, and
declare krb5_const_pac as a non-const typedef if not.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 6fe6992258d2c59dfc8cb979deb25ba6020a1c06
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Thu Nov 3 17:35:58 2022 +1300
wafsamba: Have CHECK_C_PROTOTYPE() pass through 'lib' into CHECK_CODE()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit a3ee0ce255c7acb7abf58e70b75025b5fefdb275
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Thu Nov 3 17:35:35 2022 +1300
wscript: Correctly determine dependencies for system Heimdal build
Previously, the call to CHECK_BUNDLED_SYSTEM() in
check_system_heimdal_lib() could have us pick up MIT Kerberos headers
when we should only be using system Heimdal headers. Now, we just
perform an explicit check for the functions we require, which should
avoid any use of the MIT libraries.
We also remove some library checks for Heimdal components that we don't
use directly, restricting the checks to only the functions we need.
Finally, we no longer need to recurse into third_party/heimdal_build
when performing a system Heimdal build.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 77bb72d67204b58d0ae7a183e2a8988597faf15c
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Thu Nov 3 17:31:20 2022 +1300
build: Remove unused dependencies
We don't need to include these any more, and removing them allows us to
simplify the build system for system Heimdal builds.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit be1431a8930a9386bb5dbf15604fc6b8330c42f4
Author: Volker Lendecke <vl at samba.org>
Date: Mon Nov 7 15:08:51 2022 +0100
smbd: Don't hide directories with "hide new files timeout"
The intention of this option was to hide *files*. Before this patch we
also hide directories where new files are dropped.
This is a change in behaviour, but I think this option is niche enough
to justify not adding another parameter that we then need to test. If
workflows break with this change and people depend on directories also
to be hidden, we can still add the additional option value required.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon Nov 7 22:58:33 UTC 2022 on sn-devel-184
commit e8848a3eab8fc43132640f67b858780f43f2b07c
Author: Volker Lendecke <vl at samba.org>
Date: Mon Nov 7 14:57:04 2022 +0100
torture: Show that "hide new files timeout" also hides directories
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 8b4a3c12a0d6f08827237aba5af3c1e3eb1c43e8
Author: Volker Lendecke <vl at samba.org>
Date: Mon Nov 7 14:56:28 2022 +0100
torture3: Run the "hidenewfiles" test against SMB2
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 721cfe94247da7c0150b1d78f95592f7bf3a2356
Author: Volker Lendecke <vl at samba.org>
Date: Mon Nov 7 12:11:52 2022 +0100
torture3: Fix a copy&paste error and a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 635b1adfc5c8525634cfbc3f4d64fb9efa1c6f09
Author: David Mulder <dmulder at samba.org>
Date: Tue Oct 25 08:28:22 2022 -0600
gpo: GPME doesn't permit nesting of admx categories in builtin
The gnome settings were nested within a builtin
admx category, which GPME does not permit. This
was hiding the GNOME settings anytime windows
admx templates were present.
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Nov 4 19:09:09 UTC 2022 on sn-devel-184
commit 1eb2f1cca4f2df0f0885bd9276427410c4241d7c
Author: David Mulder <dmulder at samba.org>
Date: Fri Oct 21 10:39:26 2022 -0600
gpo: Install the GNOME Settings admx templates
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 853a4ecd838fcb441cbf654894a96ea728bc2efe
Author: David Mulder <dmulder at samba.org>
Date: Wed Nov 2 08:39:17 2022 -0600
gp: Move GNOME admx templates
waf fails to install the templates if there is a
space in the name.
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit f5d77cb627d906bbebfbf863130bc5d1e36337c9
Author: Pavel Filipenský <pfilipen at redhat.com>
Date: Tue Jun 21 18:19:16 2022 +0200
s3:winbind: Avoid unnecessary locking in wb_parent_idmap_setup_send()
A function in tevent environment can span over several context loop iterations.
Every iteration 'unschedules' the current code and a different functions can
access not yet fully initialized structures.
A locking is used to avoid this. In tevent, we use tevent queues as a locking
mechanism. Every function trying to access lock protected data, puts itself to
a queue. The function must remove itself from the queue only after the complete
work is done.
A good coding practise is to lock only the smallest code path and not to use the
locking if not needed.
wb_parent_idmap_setup_send() uses queue "wb_parent_idmap_config_queue" for:
- testing if the setup is ready
- setting up all idmap domains
But "testing if the setup is ready" can be coded as an atomic operation without
needing a lock.
Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Fri Nov 4 10:06:28 UTC 2022 on sn-devel-184
commit b3292b541ec1feb3162a514a0493054a1a5318ab
Author: vporpo <v.porpodas at gmail.com>
Date: Sat Oct 1 14:45:18 2022 -0700
smbget: Adds a rate limiting option --limit-rate in KB/s
This patch implements a very simple rate limiter. It works by pausing the main
download loop whenever the bytes transferred are more than what we would get
with if it were transferred at the rate set by the user.
Please note that this may reduce the blocksize if the limit is too small.
Signed-off-by: Vasileios Porpodas <v.porpodas at gmail.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Nov 2 22:47:10 UTC 2022 on sn-devel-184
commit bf446bcf612791c7fcf8284cca4061b651b7d4f6
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Wed Sep 28 14:34:31 2022 +1300
third_party/heimdal_build: Update fallthrough macro for switch statements
This is an adaptation to Heimdal:
commit 133f5174820b34e2a12c3f3412bf554cae2ee22f
Author: Daria Phoebe Brashear <dariaphoebe at auristor.com>
Date: Fri Sep 16 09:57:24 2022 -0400
rewrite fallthrough to HEIM_FALLTHROUGH to deal with new Apple SDKs
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed Nov 2 05:21:29 UTC 2022 on sn-devel-184
commit ef28247f3bbbd7cf9daed7a4dba28855496ce38e
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Oct 31 14:33:09 2022 +1300
third_party/heimdal: import lorikeet-heimdal-202210310104 (commit 0fc20ff4144973047e6aaaeb2fc8708bd75be222)
This commit won't compile on it's own, as we need to fix the build system
to cope in the next commit.
The purpose of this commit is to update to a new lorikeet-heimdal tree
that includes the previous two patches and is rebased on a current
Heimdal master snapshot.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
commit ab4c7bda8daccdb99adaf6ec7fddf8b5f84be09a
Author: Volker Lendecke <vl at samba.org>
Date: Fri Jul 22 18:38:21 2022 +0200
heimdal: Fix the 32-bit build on FreeBSD
REF: https://github.com/heimdal/heimdal/pull/1004
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15220
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 074e92849715ed3485703cfbba3771d405e4e78a
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Sat Oct 22 10:11:53 2022 +1300
third_party/heimdal: Introduce macro for common plugin structure elements
Heimdal's HDB plugin interface, and hence Samba's KDC that depends upon
it, doesn't work on 32-bit builds due to structure fields being arranged
in the wrong order. This problem presents itself in the form of
segmentation faults on 32-bit systems, but goes unnoticed on 64-bit
builds thanks to extra structure padding absorbing the errant fields.
This commit reorders the HDB plugin structure fields to prevent crashes
and introduces a common macro to ensure every plugin presents a
consistent interface.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15110
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 6353f9e9c47d02dc0e18585bfaad48b2ce85441d
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Oct 27 13:07:34 2022 +1300
Add Heimdal test file test_base.c to bi-directional encoding ignore list
Heimdal commit c6a46f0c96dde73ef4f3a247a1e904d4cf15aeb2 introduces test data
that triggers our LTR and RTL detection code.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
commit bdbb38d16c8eaff33484bb747efa639c4d8e7f35
Author: Jeremy Allison <jra at samba.org>
Date: Fri Oct 28 15:31:39 2022 -0700
s3: libsmbclient: Fix smbc_getxattr() to return 0 on success.
Remove knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14808
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: David Mulder <dmulder at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Nov 1 18:31:22 UTC 2022 on sn-devel-184
commit 74636dfe24c15677261fc40c0a4ec62404898cf4
Author: Jeremy Allison <jra at samba.org>
Date: Fri Oct 28 15:28:41 2022 -0700
s4: torture: Show return value for smbc_getxattr() is incorrect (returns >0 for success, should return zero).
Add torture test to show smbc_getxattr() should return -1 on
failure, 0 on success.
Add knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14808
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: David Mulder <dmulder at samba.org>
commit ffc59fe094612ca2ed549a5a7c7bc7017401991c
Author: David Mulder <dmulder at samba.org>
Date: Fri Sep 9 08:14:44 2022 -0600
smbd: Correct store_smb2_posix_info size check
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Fri Oct 28 13:43:59 UTC 2022 on sn-devel-184
commit 69273c3a836ede97c7fde74e2f1fdc84e92ec86f
Author: Daniel Kobras <kobras at puzzle-itc.de>
Date: Fri Oct 21 16:40:14 2022 +0200
docs-xml: ea support option restricted to user ns
Update documentation to match current behavior.
Signed-off-by: Daniel Kobras <kobras at puzzle-itc.de>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Fri Oct 28 07:24:18 UTC 2022 on sn-devel-184
commit 34c6db64c2ff62673f8df218487cda4139c10843
Author: Daniel Kobras <kobras at puzzle-itc.de>
Date: Mon Sep 26 10:27:19 2022 +0200
s3: smbd: Consistently map EAs to user namespace
Samba has always been mapping Windows EAs to the 'user' namespace on the
POSIX side. However, in the opposite direction, the mapping would also map
other user-readable POSIX EA namespaces to Windows EAs, only stripping the
'user' namespace prefix, and passing all other EA names verbatim.
This means any POSIX EA 'other.foo' collides with 'user.other.foo' on the
Windows side, hence the mapping of non-user namespaces is unreliable.
Also, copy operations via Windows would rename an existing POSIX EA
'other.foo' in the source file to 'user.other.foo' in the destination. The
'user' namespace, however, may not be enabled on the underlying filesystem,
leading to subtle failure modes like the ones reported in eg.
<https://bugzilla.samba.org/show_bug.cgi?id=15186>
Fix the issues by restricting the mapping to the 'user' POSIX EA namespace
consistently for either direction.
Link: https://lists.samba.org/archive/samba-technical/2022-September/137634.html
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15186
Signed-off-by: Daniel Kobras <kobras at puzzle-itc.de>
Reviewed-by: Michael Weiser <michael.weiser at atos.net>
Tested-by: Michael Weiser <michael.weiser at atos.net>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit 8c94bbba2704a07c7f13f11496c4a3a93c4fda11
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Oct 27 14:32:27 2022 +0200
testprogs/blackbox: add 'net ads keytab delete' tests to test_net_ads.sh
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Oct 27 22:14:53 UTC 2022 on sn-devel-184
commit 797b38f5f9cebeb6920fb78697e8c058a1554666
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Oct 27 14:31:42 2022 +0200
testprogs/blackbox: fix prinicple => principal in test_net_ads.sh
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit dd0984c71919e3119dceeee35f5b7e0bd6482456
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Oct 27 14:30:48 2022 +0200
testprogs/blackbox: let test_net_ads.sh consistently use the tmp WORKDIR
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 17779a68339162546d5a4125f092984034a2f943
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Oct 26 11:36:44 2022 +0200
s3:util: add 'net ads keytab delete'
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 3dd26cb4d0cf9742f3284a334b38ea3d0b6b653f
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Oct 26 11:36:01 2022 +0200
s3:libads: add ads_keytab_delete_entry()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 956c6562ebaaec6f41d5b9e86af7ffe377ab00ab
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Oct 26 11:03:34 2022 +0200
lib/krb5_wrap: add explicit keep_old_kvno/enctype_only args to smb_krb5_kt_seek_and_delete_old_entries()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 3881a440eefa1e0a3a4be2f0e9ae9c2ecd65b267
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Oct 26 11:02:21 2022 +0200
s3:libads: ads_keytab_flush() doesn't need a valid kvno
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 173b6f6e60a3d0ea3298f31ca7f37104d10f47bb
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Oct 26 10:51:09 2022 +0200
lib/krb5_wrap: document the enctype argument of smb_krb5_kt_seek_and_delete_old_entries()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 7958e18b8abada5fa33d2f189166d524fb332050
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Oct 26 10:34:47 2022 +0200
lib/krb5_wrap: remove unused keep_old_entries argument from smb_krb5_kt_seek_and_delete_old_entries()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit b7ea69bdff3b58e3a0a15de26cd317d0e959df00
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Oct 26 10:34:47 2022 +0200
lib/krb5_wrap: remove unused keep_old_entries argument from smb_krb5_kt_add_entry()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 39cf93c79ef17eac4196e1de6e825955f7fbc8d8
Author: Samuel Cabrero <scabrero at samba.org>
Date: Thu Oct 27 09:05:46 2022 +0200
bootstrap: Update to openSUSE 15.4
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 6f1a9ef2072621a22cd0f38c89afc5c7598682e3
Author: Andreas Schneider <asn at samba.org>
Date: Thu Oct 27 08:32:20 2022 +0200
lib:replace: Require bool from C99
https://fedoraproject.org/wiki/Changes/PortingToModernC
We define True to true from stdbool.h and the same for false. So we
don't have to do a cleanup now.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Oct 27 19:11:30 UTC 2022 on sn-devel-184
commit ae86c620aadea19e47e3f7967b4770d496d4bc02
Author: Andreas Schneider <asn at samba.org>
Date: Thu Oct 27 10:45:40 2022 +0200
lib:replace: Fix trailing whitespace in wscript
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 3de61dc6773c67f44477f889deadf92656f3379e
Author: Andreas Schneider <asn at samba.org>
Date: Thu Oct 27 08:27:13 2022 +0200
wafsamba: Add -Werror=implicit-int
https://fedoraproject.org/wiki/Changes/PortingToModernC
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 0e8949bde01b5007612c1c0a17e10d2c5bbb1846
Author: Andreas Schneider <asn at samba.org>
Date: Thu Oct 27 08:43:39 2022 +0200
wafsamba: Add -Werror=old-style-definition
See https://fedoraproject.org/wiki/Changes/PortingToModernC
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit b787692b5e915031d4653bf375995320ed1aca07
Author: Andreas Schneider <asn at samba.org>
Date: Thu Oct 27 08:47:32 2022 +0200
s3:utils: Fix old-style function definition
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 81f4335dfb847c041bfd3d6110fc8f1d5741d41f
Author: Andreas Schneider <asn at samba.org>
Date: Thu Oct 27 08:46:39 2022 +0200
s3:client: Fix old-style function definition
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 80dc3bc2b80634ab7c6c71fa1f9b94f0216322b2
Author: Andreas Schneider <asn at samba.org>
Date: Thu Oct 27 08:44:58 2022 +0200
s3:param: Fix old-style function definition
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 7e29e70fd98c11f988d2941df0f999710cd2e700
Author: Volker Lendecke <vl at samba.org>
Date: Wed Oct 26 14:19:43 2022 +0200
pylibsmb: Simplify py_cli_create_returns()
Py_BuildValue() can create dictionaries.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 6d552b1e3e00e5aee0a006df439668175a694ffc
Author: Volker Lendecke <vl at samba.org>
Date: Thu Oct 20 16:46:18 2022 +0200
pylibsmb: Simplify py_cli_create_contexts()
Py_BuildValue() can create tuples.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit fa7ad454860fb6866fff2f7e075f9c8f64afa0c1
Author: Volker Lendecke <vl at samba.org>
Date: Fri Oct 7 11:55:18 2022 +0200
smbd: Apply some const to a variable that's never changed
Probably doesn't do much in compiled code, but looks cleaner to me
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 9d4ac46ea80ff214ce8055565f1268caa16a59ad
Author: Volker Lendecke <vl at samba.org>
Date: Wed Oct 19 09:38:36 2022 +0000
tests: Use samba.tests.libsmb.LibsmbTests in smb3unix.py
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit ab2c3859d62eb46aab1465e928f46aeb4c84b1b7
Author: Volker Lendecke <vl at samba.org>
Date: Wed Oct 19 11:34:40 2022 +0200
tests: Use samba.tests.libsmb.LibsmbTests in libsmb-basic.py
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 6be2d465704b5c41863d490310735dccc3465b1c
Author: Volker Lendecke <vl at samba.org>
Date: Wed Oct 19 11:32:22 2022 +0200
tests: Factor out libsmb environment setup
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 4638eebae8af6a1348ab7534d00a81789694bda5
Author: Volker Lendecke <vl at samba.org>
Date: Wed Oct 19 10:59:17 2022 +0200
tests: Rename python/samba/tests/libsmb.py
samba/libsmb.py will become a common file to do the library
initialization for our tests. We already have two copies in
smb3unix.py and libsmb.py, and there might be more soon.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 51e65fa9cb4711194e494d3001addc947ec9597a
Author: Volker Lendecke <vl at samba.org>
Date: Wed Oct 12 21:16:34 2022 +0200
lib: Whitespace fixes
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 6d334fe2d401d1754e255f21cc48e2d050060b2b
Author: Volker Lendecke <vl at samba.org>
Date: Thu Mar 17 19:33:36 2022 +0100
ntvfs: Remove orphans from 2006
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 15f958d76e4df1ca634800fbd318a456b933ccf7
Author: Volker Lendecke <vl at samba.org>
Date: Mon Mar 21 13:31:49 2022 +0100
rpc_server: Remove an unneeded #include
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 23ba1dabf5da48a5381a67c5a1dda161199ccbb0
Author: Volker Lendecke <vl at samba.org>
Date: Thu Mar 17 16:10:57 2022 +0100
lib: Avoid an #include includes.h
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit eaf38a445dce54e8bb7561ba3a8a86c8f7f95bb1
Author: Volker Lendecke <vl at samba.org>
Date: Thu Mar 17 16:19:39 2022 +0100
lib: Avoid an #include includes.h
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 167bc2cfc5d7cd3997fb08e64a27f63774e27a75
Author: Volker Lendecke <vl at samba.org>
Date: Thu Mar 17 17:14:40 2022 +0100
librpc: Avoid an else
With an early return; we don't need the "else"
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 8971f2ae0f61f310f733f252ab87c3aa442de71a
Author: Volker Lendecke <vl at samba.org>
Date: Sat Mar 19 17:57:15 2022 +0100
librpc: Align integer types
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit b0d321f8332522f2c327f06ec322a693d483bc4e
Author: Volker Lendecke <vl at samba.org>
Date: Sat Mar 19 18:38:04 2022 +0100
librpc: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit e287dfe9ed553f60070f8b13934fcbc47f4160f9
Author: Volker Lendecke <vl at samba.org>
Date: Sun Mar 20 08:43:34 2022 +0100
librpc: Add a pair of {}
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 53d1b188e8bd56c4e9f3c088db18842782027e95
Author: Volker Lendecke <vl at samba.org>
Date: Thu Mar 17 17:18:21 2022 +0100
pyrpc4: Simplify py_ndr_syntax_id() with GUID_buf_string()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit a91ff509fd02374617198fbedc180507842b7a1e
Author: Volker Lendecke <vl at samba.org>
Date: Wed Oct 12 21:22:42 2022 +0200
lib: Avoid an includes.h
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 12a556bded11d08456f7a0256702f4e5157383d7
Author: Volker Lendecke <vl at samba.org>
Date: Wed Oct 12 21:27:32 2022 +0200
lib: Remove two unused macros
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 653bcbc1f48ec2a211c872e24ff5c93685c6cf37
Author: Volker Lendecke <vl at samba.org>
Date: Sun Oct 16 16:02:31 2022 +0200
gensec: Align an integer type
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit f3eeb922c41ebb9ce9a242497195490a0b003213
Author: Volker Lendecke <vl at samba.org>
Date: Thu Oct 13 11:08:06 2022 +0200
torture3: Fix an error message
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 6404c3f64be8a2a7abf050e65cee446d190c0647
Author: Volker Lendecke <vl at samba.org>
Date: Fri Oct 7 13:53:39 2022 +0200
smbd: Cut long lines
This is recent enough to justify just a README.Coding formatting change
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 801731b60fd4a4bfea7279a6942c35fdf1a4e1c6
Author: Volker Lendecke <vl at samba.org>
Date: Thu Oct 20 17:08:40 2022 +0200
smbd: Remove "link_depth" parameter from non_widelink_open()
We don't recurse anymore but loop inside.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 80856941bff8e32cd76cbd3b05e05c9754785bf9
Author: Volker Lendecke <vl at samba.org>
Date: Mon Oct 24 20:24:53 2022 +0200
smbd: Remove a comment left by copy&paste
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 8b55dabf55335dc91cef54db8888ec40c9932434
Author: David Mulder <dmulder at samba.org>
Date: Thu Oct 27 06:40:41 2022 -0600
winbind: Add smbconf fallback for gpupdate_callback
We should use the configfile specified, but also
fallback if none is specified.
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit ea1f53fc8be3d7930efb2484bc7c2a41ac4a95df
Author: David Mulder <dmulder at samba.org>
Date: Wed Oct 26 12:37:01 2022 -0600
winbind: Fix user gpupdate called with NULL smb.conf
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 0a66c739532cbe9bad38deb78f76f48a676f7ffa
Author: Philipp Gesang <philipp.gesang at intra2net.com>
Date: Mon Oct 17 13:42:26 2022 +0200
s3-lib: restore truncating behavior of push_ascii_nstring()
Some users of push_ascii_nstring() (notably name_to_unstring())
expect the output to be truncated if it would exceed the size of
an nstring after conversion. However this broke in 2011 due to
commit d546adeab5 ("Change convert_string_internal() and
convert_string_error() to bool return"). This patch restores the
old behavior.
The issue can be observed in syslog after setting the
``workgroup`` to a 16+ characters long string which triggers a
DEBUG() message:
Oct 17 11:28:45 dev nmbd[11716]: name_to_nstring: workgroup name 0123456789ABCDEF0123456789ABCDEF is too long. Truncating to
Signed-off-by: Philipp Gesang <philipp.gesang at intra2net.com>
Reviewed-by: Noel Power <npower at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Noel Power <npower at samba.org>
Autobuild-Date(master): Tue Oct 25 16:25:40 UTC 2022 on sn-devel-184
commit 4f63c1280786a47185b0e1aac40ab96a2ac78ee3
Author: David Mulder <dmulder at samba.org>
Date: Mon Oct 24 16:50:37 2022 -0600
gpo: Fix startup scripts to not fail w/out params
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15212
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): David Mulder <dmulder at samba.org>
Autobuild-Date(master): Tue Oct 25 15:21:08 UTC 2022 on sn-devel-184
commit 42069152554f2768e52424841e633eeeb154aed5
Author: David Mulder <dmulder at samba.org>
Date: Mon Oct 24 16:49:21 2022 -0600
gpo: Test to ensure startup scripts don't crash w/out params
Startup scripts were failing to execute when no
parameters were provided to the script.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15212
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit d385058ce7c9914ea58613f65414e45f2f777481
Author: Volker Lendecke <vl at samba.org>
Date: Sat Oct 15 13:37:17 2022 +0200
CVE-2022-3592 smbd: Slightly simplify filename_convert_dirfsp()
subdir_of() calculates the share-relative rest for us, don't do the
strlen(connectpath) calculation twice. subdir_of() also checks that
the target properly ends on a directory. With just strncmp a symlink
to x->/aa/etc would qualify as in share /a, so a "get x/passwd" leads to a
pretty unfortunate result. This is the proper fix for bug 15207, so we
need to change the expected error code to OBJECT_PATH_NOT_FOUND
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15207
Signed-off-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Jule Anger <janger at samba.org>
Autobuild-Date(master): Tue Oct 25 11:27:02 UTC 2022 on sn-devel-184
commit d905dbddf8d2655e6c91752b750cbe9c15837ee5
Author: Volker Lendecke <vl at samba.org>
Date: Sat Oct 15 13:29:14 2022 +0200
CVE-2022-3592 lib: Move subdir_of() to source3/lib/util_path.c
Make it available for other components
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15207
Signed-off-by: Volker Lendecke <vl at samba.org>
commit fbc0feeca4061c4e1a2543b0a24c4333c1532587
Author: Volker Lendecke <vl at samba.org>
Date: Sat Oct 15 13:26:48 2022 +0200
CVE-2022-3592 lib: lib/util/fault.h requires _SAMBA_DEBUG_H for SMB_ASSERT()
fault.h has:
which leads to SMB_ASSERT not being defined when you include
samba_util.h (and thus fault.h) before debug.h.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15207
Signed-off-by: Volker Lendecke <vl at samba.org>
commit c770b7872daae21e5ead57374707d7ac334c8f69
Author: Volker Lendecke <vl at samba.org>
Date: Sat Oct 15 14:09:55 2022 +0200
CVE-2022-3592 torture3: Show that our symlink traversal checks are insecure
This test shows that we don't properly check whether symlink targets
are inside the exported share. Linking to <share-root>a/etc makes us
loop back into filename_convert_dirfsp_nosymlink() with /etc as a
directory name.
On Linux systems with openat2(RESOLVE_NO_SYMLINKS) we pass "/etc"
directly into that call after some checks for "."/".." as invalid file
name components. "/etc" is okay for openat2(), but this test must also
succeed on systems without RESOLVE_NO_SYMLINKS (sn-devel-184 for
example). On systems without RESOLVE_NO_SYMLINKS split up the path
"/etc" into path components, in this case "" and "etc". So we pass ""
down to openat(), which correctly fails with ENOENT.
Summary: Only with RESOLVE_NO_SYMLINKS we're hit by bug 15207, and
this test shows by expecting CONNECTION_DISCONNECTED that we violate
the internal assumption of empty path components with an unexpected
symlink target, making it testable on systems with and without
RESOLVE_NO_SYMLINKS.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15207
Signed-off-by: Volker Lendecke <vl at samba.org>
commit dc650bde6f97ea63d6105ead874b0249307db13b
Author: Volker Lendecke <vl at samba.org>
Date: Mon Oct 17 18:06:02 2022 +0200
CVE-2022-3592 smbd: No empty path components in openat_pathref_dirfsp_nosymlink()
Upper layers must have filtered this, everything else is a bug
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15207
Signed-off-by: Volker Lendecke <vl at samba.org>
commit 2671f995fed735bb03d9efd55d6603b35141ff38
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Wed Oct 12 13:57:33 2022 +1300
CVE-2022-3437 third_party/heimdal: Pass correct length to _gssapi_verify_pad()
We later subtract 8 when calculating the length of the output message
buffer. If padlength is excessively high, this calculation can underflow
and result in a very large positive value.
Now we properly constrain the value of padlength so underflow shouldn't
be possible.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15134
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit d12bd2cd50b45e064e5bea5a99c826ef156b4e64
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Mon Oct 10 20:33:09 2022 +1300
CVE-2022-3437 third_party/heimdal: Check for overflow in _gsskrb5_get_mech()
If len_len is equal to total_len - 1 (i.e. the input consists only of a
0x60 byte and a length), the expression 'total_len - 1 - len_len - 1',
used as the 'len' parameter to der_get_length(), will overflow to
SIZE_MAX. Then der_get_length() will proceed to read, unconstrained,
whatever data follows in memory. Add a check to ensure that doesn't
happen.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15134
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 2d0ad4ede7b391af3f38cd3664dc04c7ceea76e8
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Mon Aug 15 16:54:23 2022 +1200
CVE-2022-3437 third_party/heimdal: Check buffer length against overflow for DES{,3} unwrap
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15134
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 841b6ddcf2a80c085ed6159ec9d420f37ceb691e
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Mon Aug 15 16:53:55 2022 +1200
CVE-2022-3437 third_party/heimdal: Check the result of _gsskrb5_get_mech()
We should make sure that the result of 'total_len - mech_len' won't
overflow, and that we don't memcmp() past the end of the buffer.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15134
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit ba60f647524ec12b3b5901680c5922d6b2490420
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Mon Aug 15 16:53:45 2022 +1200
CVE-2022-3437 third_party/heimdal: Avoid undefined behaviour in _gssapi_verify_pad()
By decrementing 'pad' only when we know it's safe, we ensure we can't
stray backwards past the start of a buffer, which would be undefined
behaviour.
In the previous version of the loop, 'i' is the number of bytes left to
check, and 'pad' is the current byte we're checking. 'pad' was
decremented at the end of each loop iteration. If 'i' was 1 (so we
checked the final byte), 'pad' could potentially be pointing to the
first byte of the input buffer, and the decrement would put it one
byte behind the buffer.
That would be undefined behaviour.
The patch changes it so that 'pad' is the byte we previously checked,
which allows us to ensure that we only decrement it when we know we
have a byte to check.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15134
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit ad9d1690ed51d73fbfb7dcb07c6ecb7750cab290
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Wed Oct 12 13:57:42 2022 +1300
CVE-2022-3437 third_party/heimdal: Don't pass NULL pointers to memcpy() in DES unwrap
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15134
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit dffc997adaccaa0980911b62473470cb80969700
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Wed Oct 12 13:57:55 2022 +1300
CVE-2022-3437 third_party/heimdal: Use constant-time memcmp() in unwrap_des3()
The surrounding checks all use ct_memcmp(), so this one was presumably
meant to as well.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15134
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 16120b736f28e85e7b46f8c69b7aa02073b2e26c
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Wed Oct 12 13:57:13 2022 +1300
CVE-2022-3437 third_party/heimdal: Use constant-time memcmp() for arcfour unwrap
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15134
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit c8e85295c988d653c3c425e0c4b8900f30fa1bba
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Wed Oct 12 13:55:39 2022 +1300
CVE-2022-3437 s4/auth/tests: Add unit tests for unwrap_des3()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15134
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit ec456766d53da45c9d3edcb382569768cbef60dd
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Wed Oct 12 13:55:51 2022 +1300
CVE-2022-3437 third_party/heimdal_build: Add gssapi-subsystem subsystem
This allows us to access (and so test) functions internal to GSSAPI by
depending on this subsystem.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15134
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit cd48f2da59f48caa20e7ac652c958182671e804b
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Wed Oct 12 13:56:08 2022 +1300
CVE-2022-3437 third_party/heimdal: Remove __func__ compatibility workaround
As described by the C standard, __func__ is a variable, not a macro.
Hence this #ifndef check does not work as intended, and only serves to
unconditionally disable __func__. A nonoperating __func__ prevents
cmocka operating correctly, so remove this definition.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15134
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit ce7c418ca4f8f82e61a9a02a6589ab1c4df51d63
Author: Noel Power <noel.power at suse.com>
Date: Fri Oct 21 17:14:44 2022 +0100
python/samba/tests: fix samba.tests.auth_log_pass_change for later gnutls
later gnutls that support GNUTLS_PBKDF2 currently fail,
we need to conditionally switch test data to reflect use of
'samr_ChangePasswordUser3' or 'samr_ChangePasswordUser4'
depending on whether GNUTLS_PBKDF2 is supported or not
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Tue Oct 25 10:30:59 UTC 2022 on sn-devel-184
commit 416bf5a41827a4e486215bfc8e47abc570c6e899
Author: Noel Power <noel.power at suse.com>
Date: Fri Oct 21 17:40:36 2022 +0100
s4/rpc_server/sambr: don't mutate the return of samdb_set_password_aes
prior to this commit return of samdb_set_password_aes was set to
NT_STATUS_WRONG_PASSWORD on failure. Useful status that should be
returned such as NT_STATUS_PASSWORD_RESTRICTION are swallowed here
otherwise (and in this case can be partially responsible for failures
in test samba.tests.auth_log_pass_change (with later gnutls)
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 30ca92a8164e1c3a76cdb798ee997d27621a5abb
Author: Andreas Schneider <asn at samba.org>
Date: Mon Oct 17 09:02:28 2022 +0200
s4:libnet: If we successfully changed the password we are done
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15206
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
commit 16335412ff312ecb330f7890bd3e94117a5fa6ff
Author: Andreas Schneider <asn at samba.org>
Date: Fri Oct 7 14:35:15 2022 +0200
s3:rpcclient: Pass salt down to init_samr_CryptPasswordAES()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15206
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
commit e3ebda8c6ae6e0c202e2b11a65b98b4f247ae4db
Author: Andreas Schneider <asn at samba.org>
Date: Mon Oct 10 15:15:20 2022 +0200
s3:librpc: Improve GSE error message
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15206
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
commit da663b5d4f16478973510d3b0016e41d642fa256
Author: Christof Schmitt <cs at samba.org>
Date: Sun Oct 23 16:04:36 2022 -0700
vfs_gpfs: Remove documentation for removed gpfs:refuse_dacl_protected option
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15211
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Bjoern Jacke <bjacke at samba.org>
Autobuild-User(master): Björn Jacke <bjacke at samba.org>
Autobuild-Date(master): Mon Oct 24 16:41:03 UTC 2022 on sn-devel-184
commit 5c627988a268adc8da7b1c954f3706c5c878fd3b
Author: Christof Schmitt <cs at samba.org>
Date: Sun Oct 23 16:01:41 2022 -0700
vfs_gpfs: Remove support for old GPFS without DACL_PROTECTED support
GPFS 3.5 introduced support for storing the DACL_PROTECTED flag as part
of the ACL. That version has long been superceded. Remove this now
unused codepath.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15211
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Bjoern Jacke <bjacke at samba.org>
commit 284afec29ff5a97612aa5950e08ac8104997a596
Author: David Mulder <dmulder at samba.org>
Date: Fri Oct 14 09:00:45 2022 -0600
winbind: Enforce user group policy when enabled
This only enforces user group policy at logon.
We should also enforce this policy every 90 to
120 minutes, but a logoff will need to cancel the
timer and we cannot have multiple timers if there
are multiple sessions for the same user.
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Oct 21 18:48:18 UTC 2022 on sn-devel-184
commit 211a6a63cc62b2569958f18c3b11de8ac9fc97c8
Author: David Mulder <dmulder at samba.org>
Date: Fri Oct 21 11:01:41 2022 -0600
winbind: Fix potential memory leak in winbind gpupdate
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 37831c9e5075c46b1e74a6134d865178d71462c9
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Thu Oct 13 14:48:07 2022 +1300
docs-xml: Fix outdated comment in documentation
This was written prior to the release of Windows Vista and later
versions.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall at samba.org>
Autobuild-Date(master): Fri Oct 21 04:53:47 UTC 2022 on sn-devel-184
commit f50e0c3cb4369ca564479a60314cfe27cd2ec6cd
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Wed Oct 12 13:56:55 2022 +1300
s4:gensec Avoid memory leak in error case in gensec_gssapi
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit a503162ea4d3a2e6b3e4c0c00fedd44131161641
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Wed Oct 12 13:56:42 2022 +1300
python: Remove unused imports in auth_log tests
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit 12b53e0d431847294d32c14e2dde0bd1dc8754aa
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Wed Oct 12 13:56:32 2022 +1300
python: Fix invalid escape by using a raw string
These escapes are meant for the regular expression engine
not the string parser.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit a2ba0fa3ad30bb1c9a010849a8f6a79bfc5ca543
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Wed Oct 12 13:56:19 2022 +1300
python: Use list comprehension in string_to_byte_array()
Samba is now a mature user of Python and can cope with a
list comprehension from time to time.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit 6231c09ff29a84d8afdc6f94394a35f252b55e36
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Fri Oct 21 15:40:43 2022 +1300
samba-tool: Fix double-word in samba-tool domain passwordsettings
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14034
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit a4212081546bb186db6786b074d436570bfc44b8
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Fri Oct 21 15:38:57 2022 +1300
docs: Fix double-word in "prefork backoff increment"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14034
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit 6b7fd9bb82dba46bc4bb2251476d02344bd0ef70
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Wed Oct 5 13:29:32 2022 +1300
docs: Fix double-word in "inherit owner" manpage
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14034
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit e131450bfd7879f489b01edeb113c89a627eab02
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Oct 4 20:31:47 2022 +1300
testprogs: fix CVE reference in kpassed test
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit ca6cb0c69d0c7967538648063cc15448c96069dd
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Oct 4 20:07:25 2022 +1300
s4-join: Fix typos in recent GET_ANC patch set
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit 19895c9389e0109eeb84cdbbfe1fafafcbb516fe
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Fri Oct 21 14:17:30 2022 +1300
ldb: don't call comparison() directly in LDB_TYPESAFE_QSORT
The result is not used, it is only part of the macro to gain
type-checking.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit 1716efc0db65764627b143047185030a969ab28d
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Sep 27 15:06:52 2022 +1300
s4-dsdb: Remove unused variables in token_group python test
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit 81c23aa01512f43f89709881b79030a5d4bb4a7a
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Sep 27 15:06:42 2022 +1300
s4-dsdb: simplify conditional in python token_group test
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit 0042ace33d1552e02c1dc30b0077857c1978aa96
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Sep 27 15:06:33 2022 +1300
s4-dsdb: Remove unused import in token_group python test
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit 31eb2986da6fcde44cb2d0ef5298f1c97bb430c3
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Sep 27 15:05:56 2022 +1300
s3-utils: Fix typo in error message in net groupmap
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit 16746593db507ead2df227974b43c43c24b25340
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Sep 27 15:05:16 2022 +1300
libcli/security: Make null_sid static const, not just const
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit 7ec569b3a6023a8f7c673820920f0d740241b30e
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Sep 27 15:04:49 2022 +1300
libcli/security: Fix function header comments in SID handling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit f7d94c67811d1fd6c18866d46d55e2ba87640104
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Fri Oct 21 15:05:45 2022 +1300
s4-dsdb: Use Python 'del' rather than assigning over with None
This is the clearer way to trigger the destruction of this variable
and so the LDB connection under it.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit f5ed2936caf9a110a96e317206bd1e9ef16211c7
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Sep 27 14:49:16 2022 +1300
s4-dsdb: remove unused Python variables
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit cc38a61442ddf8313225678ede19849a8388975a
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Sep 27 14:49:00 2022 +1300
s4-dsdb: Use a raw python string to avoid creating and invalid escape sequence
While the invalid escape sequence worked and was passed to the LDB
layer for it's use, linting tools will complain so we should not do
this. We don't want to get caught out when a future python version
becomes more strict.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit 16b7c1f3d8a81113ca9f49d218e9e21309919780
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Fri Oct 21 14:58:40 2022 +1300
s4-dsdb: Make tdo_attrs static const
This follows the same with 'attrs' in the previous commit.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit fb1718094d0f8b3f3cdf119eebb81f341a02d137
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Sep 27 14:48:28 2022 +1300
s4-dsdb: Rename user_attrs to attrs to avoid conflict and add static const
This now local and static const list was otherwise a duplicate symbol
shadowing with the global user_attrs.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit 1b550258ef3d0c453ec070952c9780f3759b1da1
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Sep 27 14:47:33 2022 +1300
s4-auth: Mention correct PAC buffer in error msg
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit 2b331c67040882cd3604f2b04851e6a811fad0b4
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Sep 27 14:47:23 2022 +1300
s4-auth: Fix typo in erberos_pac_to_user_info_dc()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit 349c5794d30b08dd4a086728768d3c7dac609e0f
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Sep 27 14:46:50 2022 +1300
librpc/ndr: Fix incorrect error string in SID parser
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit 549f3f85c433e7348c4ba7457867a5905e834a02
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Sep 27 14:46:23 2022 +1300
s4-kdc: Correct MIT talloc ctx names
The name of the context looks like it should match the name of the
function, but doesn't quite.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit 2ccb69e0ba67e5acd3e585cfa5cc3213dc6bdb58
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Sep 27 14:46:14 2022 +1300
s4-kdc: Fix typo in MIT glue
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit ed35f40d756712345d889d08cc2f2818524df0e6
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Sep 27 14:45:36 2022 +1300
krb5: Add compatability for krb5_const_pac type
This allows this type to be used in Samba in the future for
both Kerberos implementations
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit 50cbdecf2e276e5f87b9c2d95fd3ca86d11a08e2
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Thu Oct 20 12:36:44 2022 +1300
tests/krb5: Add test requesting a TGT expiring post-2038
This demonstrates the behaviour of Windows 11 22H2 over Kerberos,
which changed to use a year 9999 date for a forever timetime in
tickets.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15197
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu Oct 20 05:00:23 UTC 2022 on sn-devel-184
commit 67811e121fbef08337675d473390160793544719
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Oct 4 12:25:08 2022 +1300
tests/krb5: Add test requesting a service ticket expiring post-2038
Windows 11 22H2 performs such requests, with year 9999.
The test fails with KDC_ERR_BAD_INTEGRITY on older
Heimdal versions, which are unable to verify a checksum
over the modified request body (due to a re-encoding failure).
REF: https://github.com/heimdal/heimdal/issues/1011
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15197
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit eb2f3526032803f34c88ef1619a832a741f71910
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Oct 13 10:17:25 2022 +0200
s4:ldap_server: let ldapsrv_call_writev_start use conn_idle_time to limit the time
If the client is not able to receive the results within connections idle
time, then we should treat it as dead. It's value is 15 minutes (900 s)
by default.
In order to limit that further an admin can use 'socket options'
and set TCP_KEEPCNT, TCP_KEEPIDLE, TCP_KEEPINTVL and/or TCP_USER_TIMEOUT
to useful values.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15202
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Wed Oct 19 17:13:39 UTC 2022 on sn-devel-184
commit e232ba946f00aac39d67197d9939bc923814479c
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Oct 12 17:26:16 2022 +0200
lib/tsocket: avoid endless cpu-spinning in tstream_bsd_fde_handler()
There were some reports that strace output an LDAP server socket is in
CLOSE_WAIT state, returning EAGAIN for writev over and over (after a call to
epoll() each time).
In the tstream_bsd code the problem happens when we have a pending
writev_send, while there's no readv_send pending. In that case
we still ask for TEVENT_FD_READ in order to notice connection errors
early, so we try to call writev even if the socket doesn't report TEVENT_FD_WRITE.
And there are situations where we do that over and over again.
It happens like this with a Linux kernel:
tcp_fin() has this:
struct tcp_sock *tp = tcp_sk(sk);
inet_csk_schedule_ack(sk);
sk->sk_shutdown |= RCV_SHUTDOWN;
sock_set_flag(sk, SOCK_DONE);
switch (sk->sk_state) {
case TCP_SYN_RECV:
case TCP_ESTABLISHED:
/* Move to CLOSE_WAIT */
tcp_set_state(sk, TCP_CLOSE_WAIT);
inet_csk_enter_pingpong_mode(sk);
break;
It means RCV_SHUTDOWN gets set as well as TCP_CLOSE_WAIT, but
sk->sk_err is not changed to indicate an error.
tcp_sendmsg_locked has this:
...
err = -EPIPE;
if (sk->sk_err || (sk->sk_shutdown & SEND_SHUTDOWN))
goto do_error;
while (msg_data_left(msg)) {
int copy = 0;
skb = tcp_write_queue_tail(sk);
if (skb)
copy = size_goal - skb->len;
if (copy <= 0 || !tcp_skb_can_collapse_to(skb)) {
bool first_skb;
new_segment:
if (!sk_stream_memory_free(sk))
goto wait_for_space;
...
wait_for_space:
set_bit(SOCK_NOSPACE, &sk->sk_socket->flags);
if (copied)
tcp_push(sk, flags & ~MSG_MORE, mss_now,
TCP_NAGLE_PUSH, size_goal);
err = sk_stream_wait_memory(sk, &timeo);
if (err != 0)
goto do_error;
It means if (sk->sk_err || (sk->sk_shutdown & SEND_SHUTDOWN)) doesn't
hit as we only have RCV_SHUTDOWN and sk_stream_wait_memory returns
-EAGAIN.
tcp_poll has this:
if (sk->sk_shutdown & RCV_SHUTDOWN)
mask |= EPOLLIN | EPOLLRDNORM | EPOLLRDHUP;
So we'll get EPOLLIN | EPOLLRDNORM | EPOLLRDHUP triggering
TEVENT_FD_READ and writev/sendmsg keeps getting EAGAIN.
So we need to always clear TEVENT_FD_READ if we don't
have readable handler in order to avoid burning cpu.
But we turn it on again after a timeout of 1 second
in order to monitor the error state of the connection.
And now that our tsocket_bsd_error() helper checks for POLLRDHUP,
we can check if the socket is in an error state before calling the
writable handler when TEVENT_FD_READ was reported.
Only on error we'll call the writable handler, which will pick
the error without calling writev().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15202
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 4c7e2b9b60de5d02bb3f69effe7eddbf466a6155
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Oct 13 16:23:03 2022 +0200
lib/tsocket: remember the first error as tstream_bsd->error
If we found that the connection is broken, there's no point
in trying to use it anymore, so just return the first error we detected.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15202
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 29a65da63d730ecead1e7d4a81a76dd1c8c179ea
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Oct 13 14:46:14 2022 +0200
lib/tsocket: check for errors indicated by poll() before getsockopt(fd, SOL_SOCKET, SO_ERROR)
This also returns an error if we got TCP_FIN from the peer,
which is only reported by an explicit POLLRDHUP check.
Also on FreeBSD getsockopt(fd, SOL_SOCKET, SO_ERROR) fetches
and resets the error, so a 2nd call no longer returns an error.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15202
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 9950efd83e1a4b5e711f1d36fefa8a5d5e8b2410
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Oct 13 10:39:59 2022 +0200
lib/tsocket: split out tsocket_bsd_error() from tsocket_bsd_pending()
This will be used on its own soon.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15202
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit f0fb8b9508346aed50528216fd959a9b1a941409
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Oct 17 16:08:42 2022 +1300
lib/tsocket: Add tests for loop on EAGAIN
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15202
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit fd0c01da1c744ae6fd9d8675616d8b6d3531e469
Author: Jeremy Allison <jra at samba.org>
Date: Mon Oct 17 13:24:27 2022 -0700
s3: libsmbclient: Fix smbc_stat() to return ENOENT on a non-existent file.
Remove knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15195
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Oct 19 00:13:56 UTC 2022 on sn-devel-184
commit 9eda432836bfff3d3d4a365a08a5ecb54f0f2e34
Author: Jeremy Allison <jra at samba.org>
Date: Mon Oct 17 13:14:41 2022 -0700
s4: torture: libsmbclient: Add a torture test to ensure smbc_stat() returns ENOENT on a non-existent file.
Add knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15195
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
commit 0326549a052c22e4929e3760fd5011c35e32fe33
Author: Noel Power <noel.power at suse.com>
Date: Mon Oct 17 10:27:31 2022 +0100
s3/utils: check result of talloc_strdup
follow to commit 4b15d8c2a5c8547b84e7926fed9890b5676b8bc3
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15205
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon Oct 17 19:49:37 UTC 2022 on sn-devel-184
commit 972127daddc7a32d23fb84d97102557035b06f5b
Author: Noel Power <noel.power at suse.com>
Date: Mon Oct 17 10:25:00 2022 +0100
s3/utils: Check return of talloc_strdup
followup to e82699fcca3716d9ed0450263fd83f948de8ffbe
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15205
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 19eb88bc53e481327bbd437b0c145d5765c6dcec
Author: Noel Power <noel.power at suse.com>
Date: Mon Oct 17 10:17:34 2022 +0100
s3/param: Check return of talloc_strdup
followup to commit ff003fc87b8164610dfd6572347c05308c4b2fd7
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15205
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 6dcf8d76ccce310515ffa693fa5a2120d8b5b206
Author: Volker Lendecke <vl at samba.org>
Date: Fri Oct 7 09:52:19 2022 +0200
vfs-docs: Fix the list of full_audit operations
I got this list with
modified source3/modules/test_vfs_full_audit.c
@@ -34,6 +34,7 @@ static void test_full_audit_array(void **state)
for (i=0; i<SMB_VFS_OP_LAST; i++) {
assert_non_null(vfs_op_names[i].name);
assert_int_equal(vfs_op_names[i].type, i);
+ fprintf(stderr, "%s\n", vfs_op_names[i].name);
}
}
which *should* be part of a script to fix
docs-xml/manpages/vfs_full_audit.8.xml
every time after a VFS change. I can't focus on the scripting right
now, so just fix it manually.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Oct 14 17:58:56 UTC 2022 on sn-devel-184
commit fbcaecab3c748feb9015b26545098117f792389f
Author: Volker Lendecke <vl at samba.org>
Date: Fri Oct 7 09:31:14 2022 +0200
full_audit: whitespace fixes
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 0671d91ac8b1627c9f2ce4c6e014c2d5a22c8f06
Author: Jeremy Allison <jra at samba.org>
Date: Fri Oct 7 17:39:39 2022 -0700
s3: VFS: vfs_full_audit. Remove SMB_VFS_OP_FSYNC, it no longer exists in sync form.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit 7e0e3f47cd67e4cadc101691cd14837f45d9506a
Author: Noel Power <noel.power at suse.com>
Date: Fri Oct 14 11:53:53 2022 +0100
s4/lib/registry: Fix use after free with popt 1.19
popt1.19 fixes a leak that exposes a use as free,
make sure we duplicate return of poptGetArg if
poptFreeContext is called before we use it.
==6357== Command: ./bin/regpatch file
==6357==
Can't load /home/npower/samba-back/INSTALL_DIR/etc/smb.conf - run testparm to debug it
==6357== Syscall param openat(filename) points to unaddressable byte(s)
==6357== at 0x4BFE535: open (in /usr/lib64/libc.so.6)
==6357== by 0x4861432: reg_diff_load (patchfile.c:345)
==6357== by 0x4861CD3: reg_diff_apply (patchfile.c:542)
==6357== by 0x10ADF9: main (regpatch.c:114)
==6357== Address 0x70f79d0 is 0 bytes inside a block of size 5 free'd
==6357== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6357== by 0x4AF38B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==6357== by 0x4AF45D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==6357== by 0x10ADCF: main (regpatch.c:111)
==6357== Block was alloc'd at
==6357== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6357== by 0x4AF52EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==6357== by 0x10ACBD: main (regpatch.c:79)
==6357==
==6357== Invalid read of size 1
==6357== at 0x4849782: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6357== by 0x4B5D50F: __vfprintf_internal (in /usr/lib64/libc.so.6)
==6357== by 0x4B7E719: __vasprintf_internal (in /usr/lib64/libc.so.6)
==6357== by 0x4AD32F0: __dbgtext_va (debug.c:1904)
==6357== by 0x4AD33F2: dbgtext (debug.c:1925)
==6357== by 0x4861515: reg_diff_load (patchfile.c:353)
==6357== by 0x4861CD3: reg_diff_apply (patchfile.c:542)
==6357== by 0x10ADF9: main (regpatch.c:114)
==6357== Address 0x70f79d0 is 0 bytes inside a block of size 5 free'd
==6357== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6357== by 0x4AF38B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==6357== by 0x4AF45D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==6357== by 0x10ADCF: main (regpatch.c:111)
==6357== Block was alloc'd at
==6357== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6357== by 0x4AF52EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==6357== by 0x10ACBD: main (regpatch.c:79)
==6357==
==6357== Invalid read of size 1
==6357== at 0x4849794: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6357== by 0x4B5D50F: __vfprintf_internal (in /usr/lib64/libc.so.6)
==6357== by 0x4B7E719: __vasprintf_internal (in /usr/lib64/libc.so.6)
==6357== by 0x4AD32F0: __dbgtext_va (debug.c:1904)
==6357== by 0x4AD33F2: dbgtext (debug.c:1925)
==6357== by 0x4861515: reg_diff_load (patchfile.c:353)
==6357== by 0x4861CD3: reg_diff_apply (patchfile.c:542)
==6357== by 0x10ADF9: main (regpatch.c:114)
==6357== Address 0x70f79d1 is 1 bytes inside a block of size 5 free'd
==6357== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6357== by 0x4AF38B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==6357== by 0x4AF45D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==6357== by 0x10ADCF: main (regpatch.c:111)
==6357== Block was alloc'd at
==6357== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6357== by 0x4AF52EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==6357== by 0x10ACBD: main (regpatch.c:79)
==6357==
==6357== Invalid read of size 1
==6357== at 0x4B83DD0: _IO_default_xsputn (in /usr/lib64/libc.so.6)
==6357== by 0x4B5D39E: __vfprintf_internal (in /usr/lib64/libc.so.6)
==6357== by 0x4B7E719: __vasprintf_internal (in /usr/lib64/libc.so.6)
==6357== by 0x4AD32F0: __dbgtext_va (debug.c:1904)
==6357== by 0x4AD33F2: dbgtext (debug.c:1925)
==6357== by 0x4861515: reg_diff_load (patchfile.c:353)
==6357== by 0x4861CD3: reg_diff_apply (patchfile.c:542)
==6357== by 0x10ADF9: main (regpatch.c:114)
==6357== Address 0x70f79d0 is 0 bytes inside a block of size 5 free'd
==6357== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6357== by 0x4AF38B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==6357== by 0x4AF45D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==6357== by 0x10ADCF: main (regpatch.c:111)
==6357== Block was alloc'd at
==6357== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6357== by 0x4AF52EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==6357== by 0x10ACBD: main (regpatch.c:79)
==6357==
==6357== Invalid read of size 1
==6357== at 0x4B83DDF: _IO_default_xsputn (in /usr/lib64/libc.so.6)
==6357== by 0x4B5D39E: __vfprintf_internal (in /usr/lib64/libc.so.6)
==6357== by 0x4B7E719: __vasprintf_internal (in /usr/lib64/libc.so.6)
==6357== by 0x4AD32F0: __dbgtext_va (debug.c:1904)
==6357== by 0x4AD33F2: dbgtext (debug.c:1925)
==6357== by 0x4861515: reg_diff_load (patchfile.c:353)
==6357== by 0x4861CD3: reg_diff_apply (patchfile.c:542)
==6357== by 0x10ADF9: main (regpatch.c:114)
==6357== Address 0x70f79d2 is 2 bytes inside a block of size 5 free'd
==6357== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6357== by 0x4AF38B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==6357== by 0x4AF45D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==6357== by 0x10ADCF: main (regpatch.c:111)
==6357== Block was alloc'd at
==6357== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6357== by 0x4AF52EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==6357== by 0x10ACBD: main (regpatch.c:79)
==6357==
Error reading registry patch file `file'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15205
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Fri Oct 14 13:38:55 UTC 2022 on sn-devel-184
commit 4b15d8c2a5c8547b84e7926fed9890b5676b8bc3
Author: Noel Power <noel.power at suse.com>
Date: Fri Oct 14 11:45:13 2022 +0100
s3/utils: Fix use after free with popt 1.19
popt1.19 fixes a leak that exposes a use as free,
make sure we duplicate return of poptGetArg if
poptFreeContext is called before we use it.
==6055== Command: ./bin/testparm /etc/samba/smb.conf
==6055==
==6055== Invalid read of size 1
==6055== at 0x4849782: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4C1E50F: __vfprintf_internal (in /usr/lib64/libc.so.6)
==6055== by 0x4C1EB74: buffered_vfprintf (in /usr/lib64/libc.so.6)
==6055== by 0x4C119E9: fprintf (in /usr/lib64/libc.so.6)
==6055== by 0x10EBFA: main (testparm.c:862)
==6055== Address 0x72dab70 is 0 bytes inside a block of size 20 free'd
==6055== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB28B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x4BB35D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EBAC: main (testparm.c:854)
==6055== Block was alloc'd at
==6055== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB42EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EB2E: main (testparm.c:830)
==6055==
==6055== Invalid read of size 1
==6055== at 0x4849794: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4C1E50F: __vfprintf_internal (in /usr/lib64/libc.so.6)
==6055== by 0x4C1EB74: buffered_vfprintf (in /usr/lib64/libc.so.6)
==6055== by 0x4C119E9: fprintf (in /usr/lib64/libc.so.6)
==6055== by 0x10EBFA: main (testparm.c:862)
==6055== Address 0x72dab71 is 1 bytes inside a block of size 20 free'd
==6055== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB28B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x4BB35D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EBAC: main (testparm.c:854)
==6055== Block was alloc'd at
==6055== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB42EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EB2E: main (testparm.c:830)
==6055==
==6055== Invalid read of size 1
==6055== at 0x4C44DD0: _IO_default_xsputn (in /usr/lib64/libc.so.6)
==6055== by 0x4C1E39E: __vfprintf_internal (in /usr/lib64/libc.so.6)
==6055== by 0x4C1EB74: buffered_vfprintf (in /usr/lib64/libc.so.6)
==6055== by 0x4C119E9: fprintf (in /usr/lib64/libc.so.6)
==6055== by 0x10EBFA: main (testparm.c:862)
==6055== Address 0x72dab70 is 0 bytes inside a block of size 20 free'd
==6055== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB28B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x4BB35D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EBAC: main (testparm.c:854)
==6055== Block was alloc'd at
==6055== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB42EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EB2E: main (testparm.c:830)
==6055==
==6055== Invalid read of size 1
==6055== at 0x4C44DDF: _IO_default_xsputn (in /usr/lib64/libc.so.6)
==6055== by 0x4C1E39E: __vfprintf_internal (in /usr/lib64/libc.so.6)
==6055== by 0x4C1EB74: buffered_vfprintf (in /usr/lib64/libc.so.6)
==6055== by 0x4C119E9: fprintf (in /usr/lib64/libc.so.6)
==6055== by 0x10EBFA: main (testparm.c:862)
==6055== Address 0x72dab72 is 2 bytes inside a block of size 20 free'd
==6055== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB28B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x4BB35D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EBAC: main (testparm.c:854)
==6055== Block was alloc'd at
==6055== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB42EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EB2E: main (testparm.c:830)
==6055==
Load smb config files from /etc/samba/smb.conf
==6055== Invalid read of size 1
==6055== at 0x4849782: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4927E1C: talloc_strdup (talloc.c:2470)
==6055== by 0x48B5D37: talloc_sub_basic (substitute.c:303)
==6055== by 0x4889B98: lp_load_ex (loadparm.c:4004)
==6055== by 0x488A29E: lp_load_with_registry_shares (loadparm.c:4237)
==6055== by 0x10EC06: main (testparm.c:864)
==6055== Address 0x72dab70 is 0 bytes inside a block of size 20 free'd
==6055== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB28B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x4BB35D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EBAC: main (testparm.c:854)
==6055== Block was alloc'd at
==6055== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB42EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EB2E: main (testparm.c:830)
==6055==
==6055== Invalid read of size 1
==6055== at 0x4849794: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4927E1C: talloc_strdup (talloc.c:2470)
==6055== by 0x48B5D37: talloc_sub_basic (substitute.c:303)
==6055== by 0x4889B98: lp_load_ex (loadparm.c:4004)
==6055== by 0x488A29E: lp_load_with_registry_shares (loadparm.c:4237)
==6055== by 0x10EC06: main (testparm.c:864)
==6055== Address 0x72dab71 is 1 bytes inside a block of size 20 free'd
==6055== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB28B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x4BB35D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EBAC: main (testparm.c:854)
==6055== Block was alloc'd at
==6055== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB42EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EB2E: main (testparm.c:830)
==6055==
==6055== Invalid read of size 8
==6055== at 0x484D3AE: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4927DC2: __talloc_strlendup (talloc.c:2457)
==6055== by 0x4927E32: talloc_strdup (talloc.c:2470)
==6055== by 0x48B5D37: talloc_sub_basic (substitute.c:303)
==6055== by 0x4889B98: lp_load_ex (loadparm.c:4004)
==6055== by 0x488A29E: lp_load_with_registry_shares (loadparm.c:4237)
==6055== by 0x10EC06: main (testparm.c:864)
==6055== Address 0x72dab70 is 0 bytes inside a block of size 20 free'd
==6055== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB28B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x4BB35D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EBAC: main (testparm.c:854)
==6055== Block was alloc'd at
==6055== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB42EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EB2E: main (testparm.c:830)
==6055==
==6055== Invalid read of size 2
==6055== at 0x484D400: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4927DC2: __talloc_strlendup (talloc.c:2457)
==6055== by 0x4927E32: talloc_strdup (talloc.c:2470)
==6055== by 0x48B5D37: talloc_sub_basic (substitute.c:303)
==6055== by 0x4889B98: lp_load_ex (loadparm.c:4004)
==6055== by 0x488A29E: lp_load_with_registry_shares (loadparm.c:4237)
==6055== by 0x10EC06: main (testparm.c:864)
==6055== Address 0x72dab80 is 16 bytes inside a block of size 20 free'd
==6055== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB28B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x4BB35D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EBAC: main (testparm.c:854)
==6055== Block was alloc'd at
==6055== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB42EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EB2E: main (testparm.c:830)
==6055==
==6055== Invalid read of size 1
==6055== at 0x484D430: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4927DC2: __talloc_strlendup (talloc.c:2457)
==6055== by 0x4927E32: talloc_strdup (talloc.c:2470)
==6055== by 0x48B5D37: talloc_sub_basic (substitute.c:303)
==6055== by 0x4889B98: lp_load_ex (loadparm.c:4004)
==6055== by 0x488A29E: lp_load_with_registry_shares (loadparm.c:4237)
==6055== by 0x10EC06: main (testparm.c:864)
==6055== Address 0x72dab82 is 18 bytes inside a block of size 20 free'd
==6055== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB28B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x4BB35D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EBAC: main (testparm.c:854)
==6055== Block was alloc'd at
==6055== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB42EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EB2E: main (testparm.c:830)
==6055==
==6055== Invalid read of size 1
==6055== at 0x4849782: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4927E1C: talloc_strdup (talloc.c:2470)
==6055== by 0x4B5974B: add_to_file_list (loadparm.c:1023)
==6055== by 0x4889BD4: lp_load_ex (loadparm.c:4011)
==6055== by 0x488A29E: lp_load_with_registry_shares (loadparm.c:4237)
==6055== by 0x10EC06: main (testparm.c:864)
==6055== Address 0x72dab70 is 0 bytes inside a block of size 20 free'd
==6055== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB28B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x4BB35D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EBAC: main (testparm.c:854)
==6055== Block was alloc'd at
==6055== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB42EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EB2E: main (testparm.c:830)
==6055==
==6055== Invalid read of size 1
==6055== at 0x4849794: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4927E1C: talloc_strdup (talloc.c:2470)
==6055== by 0x4B5974B: add_to_file_list (loadparm.c:1023)
==6055== by 0x4889BD4: lp_load_ex (loadparm.c:4011)
==6055== by 0x488A29E: lp_load_with_registry_shares (loadparm.c:4237)
==6055== by 0x10EC06: main (testparm.c:864)
==6055== Address 0x72dab71 is 1 bytes inside a block of size 20 free'd
==6055== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB28B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x4BB35D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EBAC: main (testparm.c:854)
==6055== Block was alloc'd at
==6055== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB42EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EB2E: main (testparm.c:830)
==6055==
==6055== Invalid read of size 8
==6055== at 0x484D3AE: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4927DC2: __talloc_strlendup (talloc.c:2457)
==6055== by 0x4927E32: talloc_strdup (talloc.c:2470)
==6055== by 0x4B5974B: add_to_file_list (loadparm.c:1023)
==6055== by 0x4889BD4: lp_load_ex (loadparm.c:4011)
==6055== by 0x488A29E: lp_load_with_registry_shares (loadparm.c:4237)
==6055== by 0x10EC06: main (testparm.c:864)
==6055== Address 0x72dab70 is 0 bytes inside a block of size 20 free'd
==6055== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB28B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x4BB35D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EBAC: main (testparm.c:854)
==6055== Block was alloc'd at
==6055== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB42EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EB2E: main (testparm.c:830)
==6055==
==6055== Invalid read of size 2
==6055== at 0x484D400: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4927DC2: __talloc_strlendup (talloc.c:2457)
==6055== by 0x4927E32: talloc_strdup (talloc.c:2470)
==6055== by 0x4B5974B: add_to_file_list (loadparm.c:1023)
==6055== by 0x4889BD4: lp_load_ex (loadparm.c:4011)
==6055== by 0x488A29E: lp_load_with_registry_shares (loadparm.c:4237)
==6055== by 0x10EC06: main (testparm.c:864)
==6055== Address 0x72dab80 is 16 bytes inside a block of size 20 free'd
==6055== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB28B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x4BB35D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EBAC: main (testparm.c:854)
==6055== Block was alloc'd at
==6055== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB42EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EB2E: main (testparm.c:830)
==6055==
==6055== Invalid read of size 1
==6055== at 0x484D430: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4927DC2: __talloc_strlendup (talloc.c:2457)
==6055== by 0x4927E32: talloc_strdup (talloc.c:2470)
==6055== by 0x4B5974B: add_to_file_list (loadparm.c:1023)
==6055== by 0x4889BD4: lp_load_ex (loadparm.c:4011)
==6055== by 0x488A29E: lp_load_with_registry_shares (loadparm.c:4237)
==6055== by 0x10EC06: main (testparm.c:864)
==6055== Address 0x72dab82 is 18 bytes inside a block of size 20 free'd
==6055== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB28B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x4BB35D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EBAC: main (testparm.c:854)
==6055== Block was alloc'd at
==6055== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB42EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EB2E: main (testparm.c:830)
==6055==
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15205
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit e82699fcca3716d9ed0450263fd83f948de8ffbe
Author: Noel Power <noel.power at suse.com>
Date: Fri Oct 14 11:35:51 2022 +0100
s3/utils: Fix use after free with popt 1.19
popt1.19 fixes a leak that exposes a use as free,
make sure we duplicate return of poptGetArg if
poptFreeContext is called before we use it.
==5914== Invalid read of size 1
==5914== at 0x4FDF740: strlcpy (in /usr/lib64/libbsd.so.0.11.6)
==5914== by 0x49E09A9: tdbsam_getsampwnam (pdb_tdb.c:583)
==5914== by 0x49D94E5: pdb_getsampwnam (pdb_interface.c:340)
==5914== by 0x10DED1: print_user_info (pdbedit.c:372)
==5914== by 0x111413: main (pdbedit.c:1324)
==5914== Address 0x73b6750 is 0 bytes inside a block of size 7 free'd
==5914== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5914== by 0x4C508B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==5914== by 0x4C515D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==5914== by 0x1113E6: main (pdbedit.c:1323)
==5914== Block was alloc'd at
==5914== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5914== by 0x4C522EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==5914== by 0x110AE5: main (pdbedit.c:1137)
==5914==
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15205
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 31d3d10b260f05080ca0a3cf9434aa4704d60739
Author: Noel Power <noel.power at suse.com>
Date: Fri Oct 14 11:26:24 2022 +0100
s3/utils: Add missing poptFreeContext
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15205
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit ff003fc87b8164610dfd6572347c05308c4b2fd7
Author: Noel Power <noel.power at suse.com>
Date: Fri Oct 14 11:23:37 2022 +0100
s3/param: Fix use after free with popt-1.19
popt1.19 fixes a leak that exposes a use as free,
make sure we duplicate return of poptGetArg if
poptFreeContext is called before we use it.
==5325== Invalid read of size 1
==5325== at 0x4849782: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4859E1C: talloc_strdup (talloc.c:2470)
==5325== by 0x48C0D37: talloc_sub_basic (substitute.c:303)
==5325== by 0x4894B98: lp_load_ex (loadparm.c:4004)
==5325== by 0x489529E: lp_load_with_registry_shares (loadparm.c:4237)
==5325== by 0x10ABD7: main (test_lp_load.c:98)
==5325== Address 0x72da8b0 is 0 bytes inside a block of size 20 free'd
==5325== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4B8F8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x4B905D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x10AB8E: main (test_lp_load.c:90)
==5325== Block was alloc'd at
==5325== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4B912EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x10AB49: main (test_lp_load.c:74)
==5325==
==5325== Invalid read of size 1
==5325== at 0x4849794: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4859E1C: talloc_strdup (talloc.c:2470)
==5325== by 0x48C0D37: talloc_sub_basic (substitute.c:303)
==5325== by 0x4894B98: lp_load_ex (loadparm.c:4004)
==5325== by 0x489529E: lp_load_with_registry_shares (loadparm.c:4237)
==5325== by 0x10ABD7: main (test_lp_load.c:98)
==5325== Address 0x72da8b1 is 1 bytes inside a block of size 20 free'd
==5325== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4B8F8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x4B905D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x10AB8E: main (test_lp_load.c:90)
==5325== Block was alloc'd at
==5325== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4B912EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x10AB49: main (test_lp_load.c:74)
==5325==
==5325== Invalid read of size 8
==5325== at 0x484D3AE: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4859DC2: __talloc_strlendup (talloc.c:2457)
==5325== by 0x4859E32: talloc_strdup (talloc.c:2470)
==5325== by 0x48C0D37: talloc_sub_basic (substitute.c:303)
==5325== by 0x4894B98: lp_load_ex (loadparm.c:4004)
==5325== by 0x489529E: lp_load_with_registry_shares (loadparm.c:4237)
==5325== by 0x10ABD7: main (test_lp_load.c:98)
==5325== Address 0x72da8b0 is 0 bytes inside a block of size 20 free'd
==5325== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4B8F8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x4B905D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x10AB8E: main (test_lp_load.c:90)
==5325== Block was alloc'd at
==5325== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4B912EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x10AB49: main (test_lp_load.c:74)
==5325==
==5325== Invalid read of size 2
==5325== at 0x484D400: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4859DC2: __talloc_strlendup (talloc.c:2457)
==5325== by 0x4859E32: talloc_strdup (talloc.c:2470)
==5325== by 0x48C0D37: talloc_sub_basic (substitute.c:303)
==5325== by 0x4894B98: lp_load_ex (loadparm.c:4004)
==5325== by 0x489529E: lp_load_with_registry_shares (loadparm.c:4237)
==5325== by 0x10ABD7: main (test_lp_load.c:98)
==5325== Address 0x72da8c0 is 16 bytes inside a block of size 20 free'd
==5325== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4B8F8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x4B905D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x10AB8E: main (test_lp_load.c:90)
==5325== Block was alloc'd at
==5325== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4B912EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x10AB49: main (test_lp_load.c:74)
==5325==
==5325== Invalid read of size 1
==5325== at 0x484D430: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4859DC2: __talloc_strlendup (talloc.c:2457)
==5325== by 0x4859E32: talloc_strdup (talloc.c:2470)
==5325== by 0x48C0D37: talloc_sub_basic (substitute.c:303)
==5325== by 0x4894B98: lp_load_ex (loadparm.c:4004)
==5325== by 0x489529E: lp_load_with_registry_shares (loadparm.c:4237)
==5325== by 0x10ABD7: main (test_lp_load.c:98)
==5325== Address 0x72da8c2 is 18 bytes inside a block of size 20 free'd
==5325== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4B8F8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x4B905D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x10AB8E: main (test_lp_load.c:90)
==5325== Block was alloc'd at
==5325== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4B912EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x10AB49: main (test_lp_load.c:74)
==5325==
==5325== Invalid read of size 1
==5325== at 0x4849782: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4859E1C: talloc_strdup (talloc.c:2470)
==5325== by 0x4B3B74B: add_to_file_list (loadparm.c:1023)
==5325== by 0x4894BD4: lp_load_ex (loadparm.c:4011)
==5325== by 0x489529E: lp_load_with_registry_shares (loadparm.c:4237)
==5325== by 0x10ABD7: main (test_lp_load.c:98)
==5325== Address 0x72da8b0 is 0 bytes inside a block of size 20 free'd
==5325== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4B8F8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x4B905D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x10AB8E: main (test_lp_load.c:90)
==5325== Block was alloc'd at
==5325== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4B912EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x10AB49: main (test_lp_load.c:74)
==5325==
==5325== Invalid read of size 1
==5325== at 0x4849794: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4859E1C: talloc_strdup (talloc.c:2470)
==5325== by 0x4B3B74B: add_to_file_list (loadparm.c:1023)
==5325== by 0x4894BD4: lp_load_ex (loadparm.c:4011)
==5325== by 0x489529E: lp_load_with_registry_shares (loadparm.c:4237)
==5325== by 0x10ABD7: main (test_lp_load.c:98)
==5325== Address 0x72da8b1 is 1 bytes inside a block of size 20 free'd
==5325== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4B8F8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x4B905D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x10AB8E: main (test_lp_load.c:90)
==5325== Block was alloc'd at
==5325== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4B912EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x10AB49: main (test_lp_load.c:74)
==5325==
==5325== Invalid read of size 8
==5325== at 0x484D3AE: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4859DC2: __talloc_strlendup (talloc.c:2457)
==5325== by 0x4859E32: talloc_strdup (talloc.c:2470)
==5325== by 0x4B3B74B: add_to_file_list (loadparm.c:1023)
==5325== by 0x4894BD4: lp_load_ex (loadparm.c:4011)
==5325== by 0x489529E: lp_load_with_registry_shares (loadparm.c:4237)
==5325== by 0x10ABD7: main (test_lp_load.c:98)
==5325== Address 0x72da8b0 is 0 bytes inside a block of size 20 free'd
==5325== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4B8F8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x4B905D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x10AB8E: main (test_lp_load.c:90)
==5325== Block was alloc'd at
==5325== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4B912EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x10AB49: main (test_lp_load.c:74)
==5325==
==5325== Invalid read of size 2
==5325== at 0x484D400: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4859DC2: __talloc_strlendup (talloc.c:2457)
==5325== by 0x4859E32: talloc_strdup (talloc.c:2470)
==5325== by 0x4B3B74B: add_to_file_list (loadparm.c:1023)
==5325== by 0x4894BD4: lp_load_ex (loadparm.c:4011)
==5325== by 0x489529E: lp_load_with_registry_shares (loadparm.c:4237)
==5325== by 0x10ABD7: main (test_lp_load.c:98)
==5325== Address 0x72da8c0 is 16 bytes inside a block of size 20 free'd
==5325== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4B8F8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x4B905D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x10AB8E: main (test_lp_load.c:90)
==5325== Block was alloc'd at
==5325== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4B912EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x10AB49: main (test_lp_load.c:74)
==5325==
==5325== Invalid read of size 1
==5325== at 0x484D430: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4859DC2: __talloc_strlendup (talloc.c:2457)
==5325== by 0x4859E32: talloc_strdup (talloc.c:2470)
==5325== by 0x4B3B74B: add_to_file_list (loadparm.c:1023)
==5325== by 0x4894BD4: lp_load_ex (loadparm.c:4011)
==5325== by 0x489529E: lp_load_with_registry_shares (loadparm.c:4237)
==5325== by 0x10ABD7: main (test_lp_load.c:98)
==5325== Address 0x72da8c2 is 18 bytes inside a block of size 20 free'd
==5325== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4B8F8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x4B905D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x10AB8E: main (test_lp_load.c:90)
==5325== Block was alloc'd at
==5325== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4B912EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x10AB49: main (test_lp_load.c:74)
==5325==
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15205
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit d26d3d9bff61f796c9c9ab54990ea078f575ab1e
Author: Noel Power <noel.power at suse.com>
Date: Fri Oct 14 10:03:17 2022 +0100
s3/rpcclient: Duplicate string returned from poptGetArg
popt1.19 fixes a leak that exposes a use as free,
make sure we duplicate return of poptGetArg if
poptFreeContext is called before we use it.
==4407== Invalid read of size 1
==4407== at 0x146263: main (rpcclient.c:1262)
==4407== Address 0x7b67cd0 is 0 bytes inside a block of size 10 free'd
==4407== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==4407== by 0x5B2E8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==4407== by 0x5B2F5D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==4407== by 0x146227: main (rpcclient.c:1251)
==4407== Block was alloc'd at
==4407== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==4407== by 0x5B302EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==4407== by 0x1461BC: main (rpcclient.c:1219)
==4407==
==4407== Invalid read of size 1
==4407== at 0x14627D: main (rpcclient.c:1263)
==4407== Address 0x7b67cd0 is 0 bytes inside a block of size 10 free'd
==4407== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==4407== by 0x5B2E8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==4407== by 0x5B2F5D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==4407== by 0x146227: main (rpcclient.c:1251)
==4407== Block was alloc'd at
==4407== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==4407== by 0x5B302EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==4407== by 0x1461BC: main (rpcclient.c:1219)
==4407==
==4407== Invalid read of size 1
==4407== at 0x4849782: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==4407== by 0x4980E1C: talloc_strdup (talloc.c:2470)
==4407== by 0x488CD96: dcerpc_parse_binding (binding.c:320)
==4407== by 0x1462B1: main (rpcclient.c:1267)
==4407== Address 0x7b67cd0 is 0 bytes inside a block of size 10 free'd
==4407== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==4407== by 0x5B2E8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==4407== by 0x5B2F5D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==4407== by 0x146227: main (rpcclient.c:1251)
==4407== Block was alloc'd at
==4407== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==4407== by 0x5B302EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==4407== by 0x1461BC: main (rpcclient.c:1219)
==4407==
==4407== Invalid read of size 1
==4407== at 0x4849794: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==4407== by 0x4980E1C: talloc_strdup (talloc.c:2470)
==4407== by 0x488CD96: dcerpc_parse_binding (binding.c:320)
==4407== by 0x1462B1: main (rpcclient.c:1267)
==4407== Address 0x7b67cd1 is 1 bytes inside a block of size 10 free'd
==4407== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==4407== by 0x5B2E8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==4407== by 0x5B2F5D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==4407== by 0x146227: main (rpcclient.c:1251)
==4407== Block was alloc'd at
==4407== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==4407== by 0x5B302EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==4407== by 0x1461BC: main (rpcclient.c:1219)
==4407==
==4407== Invalid read of size 8
==4407== at 0x484D3AE: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==4407== by 0x4980DC2: __talloc_strlendup (talloc.c:2457)
==4407== by 0x4980E32: talloc_strdup (talloc.c:2470)
==4407== by 0x488CD96: dcerpc_parse_binding (binding.c:320)
==4407== by 0x1462B1: main (rpcclient.c:1267)
==4407== Address 0x7b67cd0 is 0 bytes inside a block of size 10 free'd
==4407== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==4407== by 0x5B2E8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==4407== by 0x5B2F5D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==4407== by 0x146227: main (rpcclient.c:1251)
==4407== Block was alloc'd at
==4407== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==4407== by 0x5B302EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==4407== by 0x1461BC: main (rpcclient.c:1219)
==4407==
==4407== Invalid read of size 1
==4407== at 0x484D430: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==4407== by 0x4980DC2: __talloc_strlendup (talloc.c:2457)
==4407== by 0x4980E32: talloc_strdup (talloc.c:2470)
==4407== by 0x488CD96: dcerpc_parse_binding (binding.c:320)
==4407== by 0x1462B1: main (rpcclient.c:1267)
==4407== Address 0x7b67cd8 is 8 bytes inside a block of size 10 free'd
==4407== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==4407== by 0x5B2E8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==4407== by 0x5B2F5D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==4407== by 0x146227: main (rpcclient.c:1251)
==4407== Block was alloc'd at
==4407== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==4407== by 0x5B302EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==4407== by 0x1461BC: main (rpcclient.c:1219)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15205
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 266bcedc18efc52e29efde6bad220623a5423e30
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Sep 28 14:27:09 2022 +0200
s4:messaging: let imessaging_client_init() use imessaging_init_discard_incoming()
imessaging_client_init() is for temporary stuff only, so we should drop
(unexpected) incoming messages unless we expect irpc responses.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15201
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Thu Oct 13 13:32:30 UTC 2022 on sn-devel-184
commit 32df5e4961cf064b72bb496157cc6092126d9b8e
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Sep 28 14:14:41 2022 +0200
s3:auth_samba4: make use of imessaging_init_discard_incoming()
Otherwise we'll generate a memory leak of imessaging_post_state/
tevent_immediate structures per incoming message!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15201
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit a120fb1c724dfaed5a99e34aaf979502586f17c0
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Sep 28 13:47:13 2022 +0200
s4:messaging: add imessaging_init_discard_incoming()
We often create imessaging contexts just for sending messages,
but we'll never process incoming messages because a temporary event
context was used and we just queue a lot of imessaging_post_state
structures with immediate events.
With imessaging_init_discard_incoming() we'll discard any incoming messages
unless we have pending irpc requests.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15201
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 5d91ecf01dce95400da5d6ac181144df1e32ca35
Author: Anoop C S <anoopcs at samba.org>
Date: Thu Oct 13 15:54:10 2022 +0530
vfs_glusterfs: Add path based fallback mechanism for SMB_VFS_FNTIMES
Fallback mechanism was missing in vfs_gluster_fntimes() for path based
call. Therefore adding a similar mechanism as seen with other calls like
vfs_gluster_fsetxattr, vfs_gluster_fgetxattr etc.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15198
Signed-off-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 5d66d5b84f87267243dcd5223210906ce589af91
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Oct 12 14:57:18 2022 +0200
smbXsrv_client: handle NAME_NOT_FOUND from smb2srv_client_connection_{pass,drop}()
If we get NT_STATUS_OBJECT_NOT_FOUND from smb2srv_client_connection_{pass,drop}()
we should just keep the connection and overwrite the stale record in
smbXsrv_client_global.tdb. It's basically a race with serverid_exists()
and a process that doesn't cleanly teardown.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15200
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 8c8d8cf01e01c2726d03fa1c81e0ce9992ee736c
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Oct 12 14:15:53 2022 +0200
smbXsrv_client: make sure we only wait for smb2srv_client_mc_negprot_filter once and only when needed
This will simplify the following changes...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15200
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 56c597bc2b29dc3e555f737ba189f521d0e31e8c
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Oct 12 13:54:41 2022 +0200
smbXsrv_client: call smb2srv_client_connection_{pass,drop}() before dbwrap_watched_watch_send()
dbwrap_watched_watch_send() should typically be the last thing to call
before the db record is unlocked, as it's not that easy to undo.
In future we want to recover from smb2srv_client_connection_{pass,drop}()
returning NT_STATUS_OBJECT_NAME_NOT_FOUND and it would add complexity if
would need to undo dbwrap_watched_watch_send() at that point.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15200
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit acb3d821deaf06faa16f6428682ecdb02babeb98
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Oct 12 13:40:26 2022 +0200
smbXsrv_client: fix a debug message in smbXsrv_client_global_verify_record()
DBG_WARNING() already adds the function name as prefix.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15200
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 636ec45c93ad040ba70296aa543884c145b3e789
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Oct 12 13:30:32 2022 +0200
smbXsrv_client: ignore NAME_NOT_FOUND from smb2srv_client_connection_passed
If we hit a race, when a client disconnects the connection after the initial
SMB2 Negotiate request, before the connection is completely passed to
process serving the given client guid, the temporary smbd which accepted the
new connection may already detected the disconnect and exitted before
the long term smbd servicing the client guid was able to send the
MSG_SMBXSRV_CONNECTION_PASSED message.
The result was a log message like this:
smbXsrv_client_connection_pass_loop: smb2srv_client_connection_passed() failed => NT_STATUS_OBJECT_NAME_NOT_FOUND
and all connections belonging to the client guid were dropped,
because we called exit_server_cleanly().
Now we ignore NT_STATUS_OBJECT_NAME_NOT_FOUND from
smb2srv_client_connection_passed() and let the normal
event loop detect the broken connection, so that only
that connection is terminated (not the whole smbd process).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15200
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit cc397175cb9a1b06f268ecf6b3d62f621947cbba
Author: Anoop C S <anoopcs at samba.org>
Date: Tue Oct 11 23:02:48 2022 +0530
vfs_glusterfs: Simplify SMB_VFS_FDOPENDIR implementation
It was unnecessary to construct full directory path as "dir/." which is
same as "dir". We could just directly use fsp->fsp_name->base_name and
return directory stream obtained from glfs_opendir().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15198
Signed-off-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Wed Oct 12 12:48:50 UTC 2022 on sn-devel-184
commit 7af4bfe8285714c137b6347b17305c9cd0702bdd
Author: Anoop C S <anoopcs at samba.org>
Date: Mon Oct 10 20:29:13 2022 +0530
vfs_glusterfs: Add path based fallback mechanism for SMB_VFS_FGETXATTR
Fallback mechanism was missing in vfs_gluster_fgetxattr() for path based
call. Therefore adding a similar mechanism as seen with other calls like
vfs_gluster_fsetxattr, vfs_gluster_flistxattr etc.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15198
Signed-off-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 6a6bd1a0530424def64d2d462b54e4c1f4f9bebb
Author: Anoop C S <anoopcs at samba.org>
Date: Tue Oct 11 23:27:37 2022 +0530
vfs_glusterfs: Do not use glfs_fgetxattr() for SMB_VFS_GET_REAL_FILENAME_AT
glfs_fgetxattr() or generally fgetxattr() will return EBADF as dirfsp
here is a pathref fsp. GlusterFS client log had following entries
indicating the error:
W [MSGID: 114031] [client-rpc-fops_v2.c:993:client4_0_fgetxattr_cbk] \
0-vol-client-0: remote operation failed. [{errno=9}, {error=Bad file descriptor}]
Therefore use glfs_getxattr() only for implementing get_real_filename_at
logic.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15198
Signed-off-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 8cbd9e63724d80c06565d0c90bd107166dfd9bbe
Author: Anoop C S <anoopcs at samba.org>
Date: Tue Oct 11 23:25:46 2022 +0530
vfs_glusterfs: Simplify SMB_VFS_GET_REAL_FILENAME_AT implementation
It was unnecessary to construct full directory path as "dir/." which is
same as "dir". We could just directly use dirfsp->fsp_name->base_name
for glfs_getxattr() and return the result.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15198
Signed-off-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 0bf8d136769fd00f0de003c71e3551f936c5198e
Author: Björn Jacke <bj at sernet.de>
Date: Sun Sep 25 15:56:56 2022 +0200
docs-xml: some fixes to acl parameter documentation
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Oct 6 23:04:51 UTC 2022 on sn-devel-184
commit a7fba3ff5996330158d3cc6bc24746a59492b690
Author: Ralph Boehme <slow at samba.org>
Date: Thu Oct 6 14:31:08 2022 +0200
vfs_fruit: add missing calls to tevent_req_received()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15182
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Ralph Böhme <slow at samba.org>
commit 35c637f2e6c671acf8fb9c2a67774bd5e74dd7d0
Author: Jeremy Allison <jra at samba.org>
Date: Tue Sep 20 13:25:22 2022 -0700
s3: VFS: fruit. Implement fsync_send()/fsync_recv().
For type == ADOUBLE_META, fio->fake_fd is true so
writes are already synchronous, just call tevent_req_post().
For type == ADOUBLE_RSRC we know we are configured
with FRUIT_RSRC_ADFILE (because fruit_must_handle_aio_stream()
returned true), so we can just call SMB_VFS_NEXT_FSYNC_SEND()
after replacing fsp with fio->ad_fsp.
Remove knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15182
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Böhme <slow at samba.org>
commit 1b8a8732848169c632af12b7c2b4cd3ee73be244
Author: Jeremy Allison <jra at samba.org>
Date: Tue Sep 20 12:08:29 2022 -0700
s4: smbtorture: Add fsync_resource_fork test to fruit tests.
This shows we currently hang when sending an SMB2_OP_FLUSH on
an AFP_Resource fork.
Adds knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15182
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Böhme <slow at samba.org>
commit 688be0177b04d04709813a02ae6da1e983ac25dd
Author: Volker Lendecke <vl at samba.org>
Date: Fri Sep 30 17:02:41 2022 +0200
ctdb: Fix a use-after-free in run_proc
If you happen to talloc_free(run_ctx) before all the tevent_req's
hanging off it, you run into the following:
==495196== Invalid read of size 8
==495196== at 0x10D757: run_proc_state_destructor (run_proc.c:413)
==495196== by 0x488F736: _tc_free_internal (talloc.c:1158)
==495196== by 0x488FBDD: _talloc_free_internal (talloc.c:1248)
==495196== by 0x4890F41: _talloc_free (talloc.c:1792)
==495196== by 0x48538B1: tevent_req_received (tevent_req.c:293)
==495196== by 0x4853429: tevent_req_destructor (tevent_req.c:129)
==495196== by 0x488F736: _tc_free_internal (talloc.c:1158)
==495196== by 0x4890AF6: _tc_free_children_internal (talloc.c:1669)
==495196== by 0x488F967: _tc_free_internal (talloc.c:1184)
==495196== by 0x488FBDD: _talloc_free_internal (talloc.c:1248)
==495196== by 0x4890F41: _talloc_free (talloc.c:1792)
==495196== by 0x10DE62: main (run_proc_test.c:86)
==495196== Address 0x55b77f8 is 152 bytes inside a block of size 160 free'd
==495196== at 0x48399AB: free (vg_replace_malloc.c:538)
==495196== by 0x488FB25: _tc_free_internal (talloc.c:1222)
==495196== by 0x488FBDD: _talloc_free_internal (talloc.c:1248)
==495196== by 0x4890F41: _talloc_free (talloc.c:1792)
==495196== by 0x10D315: run_proc_context_destructor (run_proc.c:329)
==495196== by 0x488F736: _tc_free_internal (talloc.c:1158)
==495196== by 0x488FBDD: _talloc_free_internal (talloc.c:1248)
==495196== by 0x4890F41: _talloc_free (talloc.c:1792)
==495196== by 0x10DE62: main (run_proc_test.c:86)
==495196== Block was alloc'd at
==495196== at 0x483877F: malloc (vg_replace_malloc.c:307)
==495196== by 0x488EAD9: __talloc_with_prefix (talloc.c:783)
==495196== by 0x488EC73: __talloc (talloc.c:825)
==495196== by 0x488F0FC: _talloc_named_const (talloc.c:982)
==495196== by 0x48925B1: _talloc_zero (talloc.c:2421)
==495196== by 0x10C8F2: proc_new (run_proc.c:61)
==495196== by 0x10D4C9: run_proc_send (run_proc.c:381)
==495196== by 0x10DDF6: main (run_proc_test.c:79)
This happens because run_proc_context_destructor() directly does a
talloc_free() on the struct proc_context's and not the enclosing
tevent_req's. run_proc_kill() makes sure that we don't follow
proc->req, but it forgets the "state->proc", which is free()'ed, but
later dereferenced in run_proc_state_destructor().
This is an attempt at a quick fix, I believe we should convert
run_proc_context->plist into an array of tevent_req's, so that we can
properly TALLOC_FREE() according to the "natural" hierarchy and not
just pull an arbitrary thread out of that heap.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Thu Oct 6 15:10:20 UTC 2022 on sn-devel-184
commit 9a8bc67f4a5e4afecd648523f43a8e97584fcfd0
Author: Anoop C S <anoopcs at samba.org>
Date: Mon Oct 3 15:36:13 2022 +0530
vfs_glusterfs: Remove special handling of O_CREAT flag
Special handling of O_CREAT flag in SMB_VFS_OPENAT code path was the
only option to ensure correctness due to a bug in libgfapi as detailed
in issue #3838[1] from GlusterFS upstream. This has been fixed recently
so that O_CREAT is handled correctly within glfs_openat() enbaling us to
remove the corresponding special case from vfs_gluster_openat().
[1] https://github.com/gluster/glusterfs/issues/3838
Signed-off-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Thu Oct 6 08:34:56 UTC 2022 on sn-devel-184
commit 3ad0fa692556b5544307110b179626bfb4b4381f
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Fri Sep 23 10:41:32 2022 +1200
pyldb: Fix typos in function names
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed Oct 5 05:23:50 UTC 2022 on sn-devel-184
commit b32a3d715bcf1ffc8078eba06ebded02049251d6
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Sat Sep 24 12:25:10 2022 +1200
s4:kdc: Don't copy data for empty PAC buffer
Heimdal's 'data->length > 0' assertion in krb5_pac_add_buffer() is gone
as of f33f73f82fb2d5d96928ce5910e2d0d939c2ff57, so we no longer need to
specify a non-zero length.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit d4ce0a0e982ed6b2cf1a0980270196c80c8eecb9
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Wed Sep 21 10:42:54 2022 +1200
s4:kdc: Make use of smb_krb5_data_from_blob() helper function
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit f86404b7ab8a557cd3d3366b6567867065c2e28e
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Wed Sep 21 10:26:38 2022 +1200
s4:kdc: Refactor samba_make_krb5_pac()
This function is longwinded and needlessly allocates intermediary
buffers. Simplify it.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 84796220965527a56ac492d04f220b39ce279cf4
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Sat Sep 24 12:36:25 2022 +1200
lib:krb5_wrap: Add helper functions to make krb5_data structure
These will be used in following commits.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 27a2ee0d1d9a7f3360537a0a806e827272242823
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Sep 20 09:28:27 2022 +1200
dbcheck: Fix truncation of warning messages
We are stripping off one too many characters.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit b346a3691173e70d560a69539cc89dabcd14bbbf
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Sat Sep 24 11:53:08 2022 +1200
docs-xml: Remove nested calls to translate()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 2344af97406c9f56bdadf8957f7e2da3e4694b35
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Sat Sep 24 11:52:31 2022 +1200
docs-xml: Remove reference to invalid 'user' parameter
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit ffdf0177b5202dc7aad5ae0d98e70e1f21c07775
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Sat Sep 24 11:52:12 2022 +1200
docs-xml: 'security = auto' is now the default parameter
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 534bc646d7e6f46d29c5d2bb653d6e7f6e56bf31
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Sat Sep 24 11:51:22 2022 +1200
docs-xml: Fix references to 'encrypt passwords' parameter
It should be 'encrypt passwords', not 'encrypted passwords'.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 2a26dd3aab38c566cad8064be7f9fd27fda2bfc0
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Sat Sep 24 11:50:01 2022 +1200
docs-xml: Fix reference to 'wide links' parameter
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 112e43fcb3f35888d517268828c6ddff3741cf15
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Sat Sep 24 11:49:33 2022 +1200
docs-xml: Fix reference to 'read only' parameter
It should be 'read only', not 'read-only'.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 728fabea68329d943c0e327c074f95619087ae13
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Sat Sep 24 11:49:16 2022 +1200
docs-xml: Remove references to obsolete 'write cache size' parameter
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit e9f4528d7273f84ee0de33411ea035f5dec8d25f
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Sat Sep 24 11:48:58 2022 +1200
docs-xml: Fix reference to obsolete 'lock spin count' parameter
We should not create a dangling link.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit de23fd66e46dcb0d8904b00862ebab12d1160556
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Sat Sep 24 11:48:37 2022 +1200
docs-xml: Fix section links
These are not valid smbconfoptions, so we end up with dangling links.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 90c371d6cd15a00e4b9cd93fc9e0d59a91d5d50b
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Fri Sep 16 12:55:58 2022 +1200
pytest: samba-tool: Fix undefined escape sequence
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 352064979be1245c6eb4ebe28bd46907207e0b28
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Thu Sep 15 16:16:43 2022 +1200
pyldb: Fix tests going unused
These tests are redeclared later and so are never used. Give them new
names so that they will be run again.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit c52f5ee84ba5b8e7c9d2c67151cf3a6b9a7a780b
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Fri Sep 23 16:22:14 2022 +1200
lib:crypto: Change error return to SMB_ASSERT()
Getting an HMAC too long to fit our array is a programming error. It
should always be 64 bytes exactly.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 01b6c87c4faa8c484a4064872cd1cd918fa05da8
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue May 17 20:25:19 2022 +1200
lib:krb5_wrap: Use case-sensitive comparison against 'krbtgt'
This matches the other comparisons against krbtgt, kadmin, etc., which
are all case-sensitive.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit d2c5a297f25a48c74a9f93beb2a18d50f3352b43
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Fri Apr 29 12:19:35 2022 +1200
s4-auth: Add missing newlines to log messages
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit ccbce565ebfa2048bbecbe51925be32561def6a6
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Fri May 6 15:21:20 2022 +1200
tests/krb5: Add create_ccache_with_ticket()
This function returns a ccache containing a previously obtained ticket.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 0c78480837fca684c2c64fe05d1e19aece302726
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Fri May 6 14:58:52 2022 +1200
tests/krb5: Make use of client_opts for TGS-REQs
Previously we would ignore 'client_opts' and always use the same user
and machine accounts for TGS-REQs. Use 'client_opts' and add a new
'armor_opts' parameter for specifying options of the armoring account.
Furthermore, our test-specific ticket caching is no longer of use, for
get_tgt() and get_service_ticket() now implement ticket caching. Remove
it and eliminate the possibility of mistakenly using stale tickets.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 12677ff65e97e6d3d3e51bac6e0430811d17c02b
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Fri Sep 30 11:50:30 2022 +1300
python: Handle LdbError thrown from functions operating on DNs
None of these functions can return False now. Instead we must catch the
LdbError if we want to perform further error handling.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit a68428a9510a7d536e6e488323211e972bdd214d
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Fri Sep 30 11:46:40 2022 +1300
pyldb: Have functions operating on DNs raise LdbError
The return codes of these functions are not often checked. Throwing an
exception ensures we won't continue blindly on if DN manipulation fails.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 0c19fca3f9d0d135aaf7a9e1d97c66ee2bc9611f
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Wed Jul 27 14:12:07 2022 +1200
python/samba: Fix typos in error messages
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 8f3cbf30a9f9ca874c42ccc8187cf5eca96e4c8a
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Fri Aug 26 11:32:50 2022 +1200
pdb_samba_dsdb: Handle dsdb_search_one() errors
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit ab7b16428d1327c68172f8a9de11cfea5e6dd878
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Fri Mar 4 16:57:27 2022 +1300
selftest: Simplify krb5 test environments
We don't need the local configuration here.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 37406b9d97f123576c811b9fe22b39b02af62f83
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Fri Sep 23 12:32:25 2022 +1200
CVE-2007-4559 python: ensure sanity in our tarfiles
Python's tarfile module is not very careful about paths that step out
of the target directory. We can be a bit better at little cost.
This was reported in 2007[1], and has recently been publicised [2, for
example].
We were informed of this bug in December 2021 by Luis Alberto López
Alvar, but decided then that there were no circumstances under which
this was a security concern. That is, if you can alter the backup
files, you can already do worse things. But there is a case to guard
against an administrator being tricked into trying to restore a file
that isn't based on a real backup.
[1] https://nvd.nist.gov/vuln/detail/CVE-2007-4559
[2] https://www.theregister.com/2022/09/22/python_vulnerability_tarfile/
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15185
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Tue Oct 4 03:48:43 UTC 2022 on sn-devel-184
commit 6a5d03e2f7bfa84eea1f1c44604ab70b1257d349
Author: Nikola Radovanovic <nikoladsp at gmail.com>
Date: Fri Sep 30 09:38:12 2022 +0200
samba-tool: Use authentication file to pass credentials
In order not to pass credentials in clear-text directly over command line, this is a patch to store username/password/domain in a file and use it during domain join for example.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15031
Signed-off-by: Nikola Radovanovic <radovanovic.extern at univention.de>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
commit bff2bc9c7d69ec2fbe9339c2353a0a846182f1ea
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Sep 15 17:10:24 2022 +1200
python-drs: Add client-side debug and fallback for GET_ANC
Samba 4.5 and earlier will fail to do GET_ANC correctly and will not
replicate non-critical parents of objects with isCriticalSystemObject=TRUE
when DRSUAPI_DRS_CRITICAL_ONLY is set.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15189
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit 483c48f52d6ff5e8149ed12bfeb2b6608c946f01
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Sep 20 13:37:30 2022 +1200
s4-libnet: Add messages to object count mismatch failures
This helps explain these better than WERR_GEN_FAILURE.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15189
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit b0bbc94d4124d63b1d5a35ccbc88ffd51d520ba0
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Sep 29 14:54:14 2022 +1300
selftest: Enable "old Samba" mode regarding GET_ANC/GET_TGT
The chgdcpass server now emulates older verions of Samba that
fail to implement DRSUAPI_DRS_GET_ANC correctly and totally fails to support
DRSUAPI_DRS_GET_TGT.
We now show this is in effect by the fact that tests now fail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15189
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit 314bc44fa9b8fc99c80bfcfff71f2cec67bbda36
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Sep 29 14:53:38 2022 +1300
s4-rpc_server:getncchanges Add "old Samba" mode regarding GET_ANC/GET_TGT
This emulates older verions of Samba that fail to implement
DRSUAPI_DRS_GET_ANC correctly and totally fails to support
DRSUAPI_DRS_GET_TGT.
This will allow testing of a client-side fallback, allowing migration
from sites that run very old Samba versions over DRSUAPI (currently
the only option is to attempt an in-place upgrade).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15189
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit 7ff743d65dcf27ffe0c6861720e8ce531bfa378d
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Sep 29 03:05:03 2022 +0000
selftest: Add tests for GetNCChanges GET_ANC using samba-tool drs clone-dc-database
This test, compared with the direct to RPC tests, will succeed, then fail once the
server is changed to emulate Samba 4.5 and and again succeed once the python code
changes to allow skipping the DRSUAPI_DRS_CRITICAL_ONLY step
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15189
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit 62b426243f4eaa4978c249b6e6ce90d35aeaefe4
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Sep 15 09:36:45 2022 +1200
selftest: Prepare for "old Samba" mode regarding getncchanges GET_ANC/GET_TGT
The chgdcpass environment will emulate older verions of Samba
that fail to implement DRSUAPI_DRS_GET_ANC correctly and
totally fails to support DRSUAPI_DRS_GET_TGT.
This will allow testing of a client-side fallback, allowing migration
from sites that run very old Samba versions over DRSUAPI (currently
the only option is to attempt an in-place upgrade).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15189
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit a91fa70ad568bbca34dc9d09e098686b8482d0ed
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Fri Apr 29 12:20:06 2022 +1200
tevent: Fix flag clearing
We presumably meant to clear this bit, rather than clearing all bits
other than it.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon Oct 3 21:05:31 UTC 2022 on sn-devel-184
commit 3804161dca1d23ab44b2c22bdf199bf640fd6cb5
Author: Volker Lendecke <vl at samba.org>
Date: Thu Sep 29 15:41:30 2022 +0200
libsmb: Fix the smbclient readlink command
We use cli_smb2_qpathinfo_basic() for cli_resolve_path() before
calling cli_readlink(). This fails as it never tries with
FILE_OPEN_REPARSE_POINT, so we never get to the point where we
actually can issue the FSCTL_GET_REPARSE_POINT.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit f471b2c70ed67507a7a6abe70321089617565426
Author: Volker Lendecke <vl at samba.org>
Date: Thu Sep 29 12:49:10 2022 +0200
libsmb: Remove unused cli_smb2_set_reparse_point_fnum_send/recv
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 3d2d066c13a5fda4aea4089d3dc78b4828717494
Author: Volker Lendecke <vl at samba.org>
Date: Thu Sep 29 12:47:45 2022 +0200
libsmb: Convert cli_symlink to cli_fsctl
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 091ce9c50d6951cfe6bfdbd3cb6461a373ae56dd
Author: Volker Lendecke <vl at samba.org>
Date: Thu Sep 29 12:41:54 2022 +0200
libsmb: Remove unused cli_smb2_get_reparse_point_fnum_send/recv
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit aaacbd0f2a95245863fa90bcd0fdbed68f590c7a
Author: Volker Lendecke <vl at samba.org>
Date: Thu Sep 29 12:40:45 2022 +0200
libsmb: Convert cli_readlink() to cli_fsctl_send/recv
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit dccc060bc9caba6f3be1a65e213e322ccdfefd94
Author: Volker Lendecke <vl at samba.org>
Date: Thu Sep 29 12:22:10 2022 +0200
libsmb: Add cli_fsctl_send/recv
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 50b13868d4fce15cd2348ac9dea1bca3f049e4ad
Author: Volker Lendecke <vl at samba.org>
Date: Thu Sep 29 12:21:53 2022 +0200
libsmb: Add cli_smb2_fsctl_send/recv
Slightly refactor the symlink operations later based on this
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 4388ba47ea25213d364402da7ddcd032845d2ad3
Author: Volker Lendecke <vl at samba.org>
Date: Thu Sep 29 11:08:12 2022 +0200
libsmb: Centralize the SMB2 protocol check
Instead of checking protocol correctness in every highlevel routine,
we should rely on the lowerlevel one in smbXcli_base.c to give the
INVALID_PARAMETER error return when running on SMB1
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 36bd73e836f733068bdc9bb5df704f825fac7d2e
Author: Volker Lendecke <vl at samba.org>
Date: Thu Sep 29 11:00:41 2022 +0200
smbXcli: Align smb2cli_req_create() with tevent_req conventions
We don't return NULL if tevent_req_create() succeeded, and elsewhere
in this function we already pass tevent_req_nterror or
tevent_req_nomem (via set_endtime).
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 25bb94e00e2b82b8637814399241c382212bc180
Author: Volker Lendecke <vl at samba.org>
Date: Tue Sep 20 16:21:44 2022 +0200
python: whitespace fixes
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 4b3bfbaf0f2179bc6a8172dbec62128c0db74dbc
Author: Volker Lendecke <vl at samba.org>
Date: Thu Sep 29 10:45:19 2022 +0200
torture3: Align integer types
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit d257c760a53246857afa223b528a8066a00c8940
Author: Volker Lendecke <vl at samba.org>
Date: Thu Sep 22 10:46:56 2022 +0200
vfs: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 318da783e9df83550d86fcefcf89f55a77addcbe
Author: Jeremy Allison <jra at samba.org>
Date: Tue Sep 27 10:37:41 2022 -0700
s3: smbtorture3: Add new SMB2-DFS-SHARE-NON-DFS-PATH test.
Uses non-DFS names and DFS-names against a DFS share, shows that Windows
looks correctly at the DFS flag when SMB2 requests are
made on a DFS share. Passes against Windows 2022.
Mark as knownfail for smbd.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
Autobuild-User(master): Noel Power <npower at samba.org>
Autobuild-Date(master): Wed Sep 28 19:34:29 UTC 2022 on sn-devel-184
commit f3dc1a42f578bec784d01b8caf6ff13e230116a2
Author: Jeremy Allison <jra at samba.org>
Date: Mon Sep 26 18:05:49 2022 -0700
s3: torture: Fix test SMB2-DFS-PATHS to pass against Windows server 2022.
There is only one difference between Windows 2022 and Windows 2008.
Opening an empty ("") DFS path succeeds in opening the share
root on Windows 2008 but fails with NT_STATUS_INVALID_PARAMETER
on Windows 2022. Allow the test to cope with both.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
commit d89400b6201013ffdf06dc5480f59d9a41eb2f2a
Author: Christian Merten <christian at merten.dev>
Date: Mon Sep 19 23:28:07 2022 +0200
samba-tool dsacl: Add additional unit test for delete subcommand
Added one more unit test to the delete subcommand. This test adds
two ACEs, deletes one of them and checks if the right one was deleted
and the other one stayed the same.
Signed-off-by: Christian Merten <christian at merten.dev>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Sep 27 17:46:22 UTC 2022 on sn-devel-184
commit 50eb747c14ebf5cbcb3c80bd2a5e4e82580c0d5b
Author: Christian Merten <christian at merten.dev>
Date: Mon Sep 19 23:22:04 2022 +0200
python security: Add unit tests for comparing ACEs and exporting as SDDL
Added two unit tests for the python functions to compare ACEs and to
export an ACE as SDDL.
Signed-off-by: Christian Merten <christian at merten.dev>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 42b88992bd1a1f5ed890c1f73a187bffad963388
Author: Christian Merten <christian at merten.dev>
Date: Thu Sep 15 10:38:22 2022 +0200
samba-tool dsacl: Add get and delete subcommand to samba-tool dsacl man section
Added get and delete subcommands to the man section of samba-tool dsacl.
Signed-off-by: Christian Merten <christian at merten.dev>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit dff58819d02ef32c62292982ec6844ce634bebdd
Author: Christian Merten <christian at merten.dev>
Date: Thu Sep 15 10:20:04 2022 +0200
samba-tool dsacl: Create common superclass for dsacl commands
Created a base class for dsacl commands providing print_acl and some fixed command line options to
reduce code duplication.
Signed-off-by: Christian Merten <christian at merten.dev>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit c9902b0574fab9b3e10f440898d4980383dfe3c7
Author: Christian Merten <christian at merten.dev>
Date: Thu Sep 15 10:08:47 2022 +0200
samba-tool dsacl: Create helper functions to remove code duplication
Make multiple methods of dsacl command classes separate helper functions to avoid code duplication.
Signed-off-by: Christian Merten <christian at merten.dev>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 492d3316d888b2ded61d949adc405d9a13fa7d10
Author: Christian Merten <christian at merten.dev>
Date: Wed Sep 14 01:33:18 2022 +0200
samba-tool dsacl: Add unit tests for delete subcommand
Two unit tests for the new samba-tool dsacl delete command have been added.
Signed-off-by: Christian Merten <christian at merten.dev>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 1bd08133067c50b6125addb2f94d293261a192fa
Author: Christian Merten <christian at merten.dev>
Date: Wed Sep 14 01:29:34 2022 +0200
samba-tool dsacl: Add subcommand to delete ACEs
A new subcommand has been added to samba-tool dsacl to delete one or multiple ACEs from the security
descriptor of an object.
Signed-off-by: Christian Merten <christian at merten.dev>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 80cf4c86594ca1210d23712daadecb6deb829066
Author: Christian Merten <christian at merten.dev>
Date: Mon Sep 19 23:12:59 2022 +0200
librpc ndr/py_security: Export sddl_encode_ace to python
Added sddl_encode_ace as new method as_sddl to security_ace class in python.
Signed-off-by: Christian Merten <christian at merten.dev>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit b0f494c10860535c907376432a9b1678f4038d7f
Author: Christian Merten <christian at merten.dev>
Date: Mon Sep 19 23:11:37 2022 +0200
librpc ndr/py_security: Export security_ace_equal as richcmp to python
Patched security_ace with a richcmp function given by
security_ace_equal.
Signed-off-by: Christian Merten <christian at merten.dev>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 84a54d2fa2b1590fdb4e2ea986ded9c39a82cf78
Author: Christian Merten <christian at merten.dev>
Date: Mon Sep 19 23:01:34 2022 +0200
librpc ndr/py_security: Export ACE deletion functions to python
Exported security_descriptor_sacl_del and security_descriptor_dacl_del as new methods of the
security descriptor class to python.
Signed-off-by: Christian Merten <christian at merten.dev>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 6501e4f00e5a36debdf44add1335818a791552f0
Author: Christian Merten <christian at merten.dev>
Date: Mon Sep 19 22:53:45 2022 +0200
libcli security/sddl: Make sddl_encode_ace visible
Removed static flag from sddl_encode_ace and added to headers.
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
Signed-off-by: Christian Merten <christian at merten.dev>
commit 1a9aac53e8ee081cf6d2028de759563120619554
Author: Christian Merten <christian at merten.dev>
Date: Mon Sep 19 22:50:58 2022 +0200
libcli security_descriptor: Compare object type and inherited object type when comparing ACEs
Fixed security_ace_equal returning true, despite differing object type, by checking (inherited) object type
of both ACEs is equal.
Signed-off-by: Christian Merten <christian at merten.dev>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 7efe673fbdcd27ddd23f36281c5f5338681a68fe
Author: Christian Merten <christian at merten.dev>
Date: Mon Sep 19 22:47:10 2022 +0200
libcli security_descriptor: Add function to delete a given ace from a security descriptor
Two functions have been added to delete a given ace from the SACL or the DACL of a security descriptor.
Signed-off-by: Christian Merten <christian at merten.dev>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit b600b0c8d9690cb5eeded1e5925c8e667c11af04
Author: Jeremy Allison <jra at samba.org>
Date: Wed Sep 14 17:05:05 2022 -0700
s3: smbd: Fix memory leak in smbd_server_connection_terminate_done().
The function smbd_server_connection_terminate_done() does not free subreq
which is allocated in smbXsrv_connection_shutdown_send, this can be a
memory leakage if multi-channel is enabled.
Suggested fix by haihua yang <hhyangdev at gmail.com>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15174
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
Autobuild-User(master): Noel Power <npower at samba.org>
Autobuild-Date(master): Fri Sep 23 09:51:20 UTC 2022 on sn-devel-184
commit f6b391e04a4d5974b908f4f375bd2876083aa7b2
Author: Volker Lendecke <vl at samba.org>
Date: Mon Aug 22 15:24:01 2022 +0200
vfs_gpfs: Protect against timestamps before the Unix epoch
In addition to b954d181cd2 we should also protect against timestamps
before the epoch.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15151
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Fri Sep 23 06:50:17 UTC 2022 on sn-devel-184
commit d9dda4b7af284ecbee4d04a89bd16fc0098e2931
Author: Martin Schwenke <martin at meltin.net>
Date: Tue Sep 6 11:59:11 2022 +1000
ctdb-scripts: Add debugging variable CTDB_KILLTCP_DEBUGLEVEL
To debug ctdb_killtcp failures, add
CTDB_KILLTCP_DEBUGLEVEL=DEBUG
to script.options.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay at samba.org>
Autobuild-Date(master): Tue Sep 20 11:42:16 UTC 2022 on sn-devel-184
commit 9f7d69a05b6114efe18bf4c86ca8de7789e9a96d
Author: Martin Schwenke <martin at meltin.net>
Date: Mon Aug 15 10:52:27 2022 +1000
ctdb-common: Support IB in pcap-based capture
Add simple support for IPoIB via DLT_LINUX_SLL and DLT_LINUX_SLL2.
This seems to work, even when an IB interface is specified.
If this is later found to be insufficient, support for DLT_IPOIB can
be implemented. See https://www.tcpdump.org/linktypes.html for a
starting point.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
commit e5541a7e0220a88d59d574d501626b0598050c52
Author: Martin Schwenke <martin at meltin.net>
Date: Mon Aug 15 10:51:47 2022 +1000
ctdb-common: Support "any" interface for pcap-based capture
This uses Linux cooked capture link-layer headers. See:
https://www.tcpdump.org/linktypes/LINKTYPE_LINUX_SLL.html
https://www.tcpdump.org/linktypes/LINKTYPE_LINUX_SLL2.html
The header type needs to be checked to ensure the protocol
type (i.e. ether type, for the protocols we might be interested in) is
meaningful. The size of the header needs to be known so it can be
skipped, allowing the IP header to be found and parsed.
It would be possible to define support for DLT_LINUX_SLL2 if it is
missing. However, if a platform is missing support in the header file
then it is almost certainly missing in the run-time library too.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
commit 3bf20300ac5962e71069be3998ef7f0502045d24
Author: Martin Schwenke <martin at meltin.net>
Date: Mon Aug 15 09:43:58 2022 +1000
ctdb-common: Add packet type detection to pcap-based capture
The current code will almost certainly generate ENOMSG for
non-ethernet packets, even for ethernet packets when the "any"
interface is used.
pcap_datalink(3PCAP) says:
Do NOT assume that the packets for a given capture or ``savefile``
will have any given link-layer header type, such as DLT_EN10MB for
Ethernet. For example, the "any" device on Linux will have a
link-layer header type of DLT_LINUX_SLL or DLT_LINUX_SLL2 even if
all devices on the sys‐ tem at the time the "any" device is opened
have some other data link type, such as DLT_EN10MB for Ethernet.
So, pcap_datalink() must be used.
Detect pcap packet types that are supported (currently only ethernet)
in the open code. There is no use continuing if the read code can't
parse packets. The pattern of using switch statements supports future
addition of other packet types.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
commit 5dd964aa0297b6e9ab8e1d0ff9fa0565c97ea43e
Author: Martin Schwenke <martin at meltin.net>
Date: Mon Aug 15 09:41:09 2022 +1000
ctdb-tools: Improve/add debug
In particular, knowing the reason fetching the packet fails can help
with debugging unsupported protocols in the pcap code.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
commit 33a80c1d63fd2e6163ef6c704b2e714e71b01384
Author: Martin Schwenke <martin at meltin.net>
Date: Mon Aug 15 14:30:09 2022 +1000
ctdb-common: Improve/add debug
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
commit 075414dc05455a5cd33a244efd51be60fc294e95
Author: Martin Schwenke <martin at meltin.net>
Date: Thu Aug 11 09:00:25 2022 +1000
ctdb-common: Use pcap_get_selectable_fd()
This is preferred because it will fail for devices that do not support
epoll_wait() and similar.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
commit 40380a8042dfc2efa6f8f06ed7ac86c3c20a343f
Author: Martin Schwenke <martin at meltin.net>
Date: Tue Aug 9 13:49:42 2022 +1000
ctdb-common: Stop a pcap-related crash on error
errbuf can't be NULL. Might as well use it.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
commit 8b54587b1aed28aa2f3af7161a077aa9dd83894c
Author: Martin Schwenke <martin at meltin.net>
Date: Mon Aug 8 11:31:03 2022 +1000
ctdb-common: Fix a warning in the pcap code
[173/416] Compiling ctdb/common/system_socket.c
../../common/system_socket.c: In function ‘ctdb_sys_read_tcp_packet’:
../../common/system_socket.c:1016:15: error: cast discards ‘const’ qualifier from pointer target type [-Werror=cast-qual]
1016 | eth = (struct ether_header *)buffer;
| ^
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
commit ad445abebdea55f71b0c79eb31c0e6b0aee06763
Author: Martin Schwenke <martin at meltin.net>
Date: Mon Aug 8 11:30:15 2022 +1000
ctdb-common: Do not use raw socket when ENABLE_PCAP is defined
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
commit c522f4f6045b48bffe47a12a246f356e71fbeec0
Author: Martin Schwenke <martin at meltin.net>
Date: Mon Aug 8 11:29:36 2022 +1000
ctdb-common: Move a misplaced comment
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
commit d1543d5c7889f3ac42f80fc5d1eddf54f9c5d0d6
Author: Martin Schwenke <martin at meltin.net>
Date: Mon Aug 8 11:26:54 2022 +1000
ctdb-build: Add --enable-pcap configure option
This forces the use pcap for packet capture on Linux.
It appears that using a raw socket for capture does not work with
infiniband - pcap support for that to come.
Don't (yet?) change the default capture method to pcap. On some
platforms (e.g. my personal Intel NUC, running Debian testing), pcap
is much less reliable than the raw socket. However, pcap seems fine
on most other platforms.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
commit a83e9ca696a37b00231ce40cca5a043beb9b5590
Author: Martin Schwenke <martin at meltin.net>
Date: Fri Jul 23 14:39:05 2021 +1000
ctdb-build: Use pcap-config when available
The build currently fails on AIX, which can't find the pcap headers
because they're installed in a non-standard place. However, there is
a pcap-config script available.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
commit 3b6255b5b902a062744912a6a3a82f7fb7279b23
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Aug 31 15:51:21 2022 +0200
s3:locking: remove unused get_share_mode_lock()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Sep 20 01:34:55 UTC 2022 on sn-devel-184
commit 680c7907325b433856ac1dd916ab63e671fbe4ab
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Aug 29 16:48:04 2022 +0200
s3:smbd: make use of share_mode_entry_prepare_{lock_add,unlock}() in open_{file_ntcreate,directory}()
This gives a nice speed up...
The following test with 256 commections all looping with open/close
on the same inode (share root) is improved drastically:
smbtorture //127.0.0.1/m -Uroot%test smb2.bench.path-contention-shared \
--option='torture:bench_path=' \
--option="torture:timelimit=60" \
--option="torture:nprocs=256" \
--option="torture:qdepth=1"
From something like this:
open[num/s=11536,avslat=0.011450,minlat=0.000039,maxlat=0.052707]
close[num/s=11534,avslat=0.010878,minlat=0.000022,maxlat=0.052342]
(only this commit with the close part reverted) to:
open[num/s=12722,avslat=0.009548,minlat=0.000051,maxlat=0.054338]
close[num/s=12720,avslat=0.010701,minlat=0.000033,maxlat=0.054372]
(with both patches) to:
open[num/s=37680,avslat=0.003471,minlat=0.000040,maxlat=0.061411]
close[num/s=37678,avslat=0.003440,minlat=0.000022,maxlat=0.051536]
So we are finally perform similar like we did in Samba 4.12,
which resulted in:
open[num/s=36846,avslat=0.003574,minlat=0.000043,maxlat=0.020378]
close[num/s=36844,avslat=0.003552,minlat=0.000026,maxlat=0.020321]
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 12f6c129219670ab0d7392434f88751dedace6ed
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Sep 13 02:41:14 2022 +0200
s3:smbd: let open_file_ntcreate() calculate info = FILE_WAS_* before get_share_mode_lock()
This will simplify further changes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 1ae7e47a6b0e47c8c78af91188007eafc1239835
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Aug 30 05:31:41 2022 +0000
s3:smbd: make use of share_mode_entry_prepare_{lock_del,unlock}() in close_{remove_share_mode,directory}()
This gives a nice speed up...
The following test with 256 commections all looping with open/close
on the same inode (share root) is improved drastically:
smbtorture //127.0.0.1/m -Uroot%test smb2.bench.path-contention-shared \
--option='torture:bench_path=' \
--option="torture:timelimit=60" \
--option="torture:nprocs=256" \
--option="torture:qdepth=1"
From some like this:
open[num/s=11536,avslat=0.011450,minlat=0.000039,maxlat=0.052707]
close[num/s=11534,avslat=0.010878,minlat=0.000022,maxlat=0.052342]
to:
open[num/s=13225,avslat=0.010504,minlat=0.000042,maxlat=0.054023]
close[num/s=13223,avslat=0.008971,minlat=0.000022,maxlat=0.053838]
But this is only half of the solution, the next commits will
add a similar optimization to the open code, at the end we'll
perform like we did in Samba 4.12:
open[num/s=37680,avslat=0.003471,minlat=0.000040,maxlat=0.061411]
close[num/s=37678,avslat=0.003440,minlat=0.000022,maxlat=0.051536]
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit d04b6e9dd0d933e99848547efc9d17edc437c1be
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Aug 30 05:31:41 2022 +0000
s3:smbd: make use of close_share_mode_lock_{prepare,cleanup}() in close_directory()
It's good to have this in common as close_remove_share_mode()
and in the end we'll avoid get_existing_share_mode_lock()
and call them via share_mode_entry_prepare_{lock,unlock}(),
so that they can run under a tdb chainlock.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit f9ea78398949109ba7fec90cbaaf294a446042ca
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Aug 30 05:31:41 2022 +0000
s3:smbd: split out some generic code from close_remove_share_mode()
close_share_mode_lock_prepare() will operates on share_mode_lock
in order to check if the object needs to be deleted or if
we can remove the share_mode_entry directly.
close_share_mode_lock_cleanup() will finish after the object
has been deleted.
We can reuse these function in close_directory() soon and
in the end we'll avoid get_existing_share_mode_lock()
and call them via share_mode_entry_prepare_{lock,unlock}(),
so that they can run under a tdb chainlock.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 0f02f68f9f197ee7ec4b24a32a7b5a4b985ebe9b
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Sep 13 01:30:48 2022 +0200
s3:smbd: avoid remove_oplock() in close_remove_share_mode()
This inlines remove_oplock() into close_remove_share_mode() and
calls remove_share_oplock() and release_file_oplock() directly.
The idea is that we'll soon call remove_share_oplock()
under a tdb chainlock, while release_file_oplock() needs to be called outside.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit ac811f6f8cbc268d95f1204214614640b928fb3f
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Sep 12 19:49:09 2022 +0200
s3:smbd: let close_directory() only change the user if needed
The logic is now similar to close_remove_share_mode().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit b0082076f9f3d81a6b47a692c7263be5b85ff99d
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Sep 12 19:41:25 2022 +0200
s3:smbd: remove one indentation level in close_directory()
We now use a goto done in order to skip the deletion part.
This means the code flow is now almost idential compared to
close_remove_share_mode().
It prepares to split common code to be shared by
close_remove_share_mode() and close_directory().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit dab7df932119ab10bb9fa88c8adbe02064bfee16
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Sep 12 19:35:38 2022 +0200
s3:smbd: let close_directory() use the same delete_dir logic as close_remove_share_mode()
This will make further changes simpler.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit ce868b095c0154401e3f4af7f296a575c8701863
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Sep 12 18:00:39 2022 +0200
s3:smbd: improve !delete_file logic in close_remove_share_mode()
This makes it much easier to understand the logic (at least for me).
It will make the following changes easier.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 095da847e747b732c16c0a7f8516fb535b0f0f1c
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Sep 12 19:15:58 2022 +0200
s3:smbd: let close_directory() hold the lock during delete_all_streams/rmdir_internals
Now that we're using g_lock, it doesn't mean we're holding a tdb
chainlock.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 387f126d0749355eed32f75708d488ef6ad17349
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Aug 30 09:48:40 2022 +0200
s3:smbd: remove static from release_file_oplock()
It will be used in close.c in the next commit.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit a4dd4d5f0fdb8cb242dde93cf620f238fccf9e9c
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Aug 15 17:42:33 2022 +0200
s3:smbd: maintain all SHARE_MODE_LEASE_* flags not only _READ
Remember SMB2 Create is the only was to upgrade a lease.
The strategy is that opening of a file will always result
in storing the total lease bits.
But we're lazy clearing the flags on close.
We'll only clear them by traversing all entries when
we break a NONE or when opening a new handle.
We don't do any decision on SHARE_MODE_LEASE_{HANDLE,WRITE},
maybe we'll do in future, but at least it should be much more
sane for debugging now!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 26669613e2dc673d55e0f8977d7758477eab6fd6
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Aug 15 08:08:37 2022 +0200
s3:smbd: split out check_and_store_share_mode()
This shows that the code in open_file_ntcreate() and
open_directory() is basically the same now, which
simplifies things a lot.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 9e619f535fa561a5d37d98f3809726bffd6ff91d
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Aug 10 09:23:25 2022 +0000
s3:smbd: also call handle_share_mode_lease for directories
It means we call open_mode_check() now only via handle_share_mode_lease()
and the fact that we never grant any directory leases (yet), means
that delay_for_oplocks() avoids the share_mode_forall_entries() loop.
This is a way into supporting directory leases, but that's not
the point for this commit, the point is that.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 0a8619c8458fe1ab3445b9b6b22ec8ffd86e9e06
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Aug 19 12:00:15 2022 +0200
s3:smbd: prepare delay_for_oplock() for directories
We don't support directory leases yet, so it should be
an noop for now.
The point is that we want to call
delay_for_oplock(oplock_request=NO_OPLOCK)
for directories soon.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 0bfdae92db09a2943a531f9dc0aa53c1c5c70f00
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Aug 10 08:48:25 2022 +0000
s3:smbd: call set_file_oplock() after set_share_mode()
The important part is the call to get a kernel oplock is deferred
until after set_share_mode(). The goal is to get the code
between get_share_mode_lock() and set_share_mode() free of any
blocking operation.
As we were optimistic to get the oplock that was asked for,
we need to remove_share_oplock() in order to set NO_OPLOCK
also in the share_mode entry.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 4d06aa1550bbc980a983e881a5f1394fb6f87c1b
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Aug 10 08:48:25 2022 +0000
s3:smbd: call grant_fsp_lease() after set_share_mode()
This means we don't have to call remove_lease_if_stale() if
set_share_mode() fails. It's easier to cleanup the share mode entry.
And it makes the code flow easier to the following changes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit aae504cdaa086735150ce1108075a9d926d65bec
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Aug 10 08:30:18 2022 +0000
s3:smbd: move grant_fsp_lease()/set_file_oplock() out of handle_share_mode_lease()
The aim is to call set_file_oplock() after set_share_mode(), so that we
only ask for kernel oplocks after set_share_mode().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 0796c5de6f382b96cfb65bc659a0c34ab0b0af58
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Aug 10 07:58:02 2022 +0000
s3:smbd: move grant_fsp_lease()/set_file_oplock() out of delay_for_oplocks()
It means delay_for_oplocks() is no longer asking for kernel oplocks.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 150308d1d0d891bd86e46da0134ad15c251dc5f9
Author: Stefan Metzmacher <metze at samba.org>
Date: Sun Aug 21 11:46:16 2022 +0200
s3:smbd: add more detailed debugging to delay_for_oplock()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 775dc007d211b8153fbc5741f52dc77f92d9c314
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Aug 29 13:44:00 2022 +0200
s3:locking: add share_mode_entry_prepare_{lock,unlock}() infrastructure
When adding or deleting share mode entries elements, we typically
have a pattern like this:
1. get the g_lock via get_[existing_]share_mode_lock()
2. do some checking of the existing record
3. add/delete a share_mode_entry to the record
4. do some vfs operations still protected by the g_lock
5. (optional) cleanup of the record on failure
6. release the g_lock
We can optimize this to:
- Run 1-3. under a tdb chainlock
- Only protect vfs operations with the g_lock
if a new file was created/will be deleted
- Regrab the g_lock for a cleanup.
The new share_mode_entry_prepare_lock()
allows the caller to run a function within a tdb chainlock
similar to share_mode_do_locked_vfs_denied() where vfs calls are denied
and the execution is done within a tdb chainlock.
But the callback function is allowed to decide if it wants to
keep the lock at the g_lock layer on return.
The decision is kept in struct share_mode_entry_prepare_state,
which is then passed to share_mode_entry_prepare_unlock()
with an optional callback to do some cleanup under the
still existing g_lock or a regrabed g_lock.
In the ideal case the callback function passed to
share_mode_entry_prepare_lock() is able to decide that
it can drop the g_lock and the share_mode_entry_prepare_unlock().
gets a NULL callback as there's nothing to cleanup.
In this case share_mode_entry_prepare_unlock() is a noop.
This will allow us to avoid fallbacks to the dbwrap_watch based
waiting for the g_lock in the SMB2 Create and Close code paths.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit cba169252ea270bb725ec06aff71d841492099f5
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Aug 29 12:50:20 2022 +0200
s3:locking: optimize share_mode_do_locked_vfs_denied() with g_lock_lock callback
It means that in callers function will run under a single tdb chainlock,
which means callers from the outside will never see the record being
locked at g_lock level, as the g_lock is only held in memory.
within the single tdb chainlock. As a result we'll very unlikely hit
the case where we need to wait for a g_lock using the dbwrap_watch
logic.
Review with: git show -w
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit b971a21aa3494d1ac57bfebdb9e1d224e5d79c9c
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Aug 29 12:50:20 2022 +0200
s3:locking: add current_share_mode_glck helper functions
We'll soon make use of callback functions passed to g_lock_lock(),
during these callback function we'll only be allowed to
call 'g_lock_lock_cb_state' based functions.
Given that nesting of share_mode call, we need to
make it transparent to the callers and the detail
that we optimize using g_lock_lock() callbacks.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 17e496c6f91ec464766fc562f31381e057cebe65
Author: Stefan Metzmacher <metze at samba.org>
Date: Sun Aug 28 13:08:48 2022 +0200
s3:g_lock: add callback function to g_lock_lock()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 37c9600ff1babbb3e1fc2db3d29dfb12ca0c707a
Author: Stefan Metzmacher <metze at samba.org>
Date: Sun Aug 28 12:38:24 2022 +0200
s3:g_lock: add callback function to g_lock_lock_send()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 01c629a409860e5cccfc64e78fa63c90303a4b7a
Author: Stefan Metzmacher <metze at samba.org>
Date: Sun Aug 28 11:41:46 2022 +0200
s3:g_lock: add callback function to g_lock_lock_simple_fn()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 63291ea5c5d32e295b3638afd530e805ec59a190
Author: Stefan Metzmacher <metze at samba.org>
Date: Sun Aug 28 12:38:24 2022 +0200
s3:g_lock: add callback function to g_lock_trylock()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 6bda68910e2a2d9b986d6d65c9790684b2f15e48
Author: Stefan Metzmacher <metze at samba.org>
Date: Sun Aug 28 12:31:23 2022 +0200
s3:g_lock: reorder the logic in g_lock_trylock()
We now have only one code path that stores the fully
granted lock.
This is not change in behavior, but it will simplify further
changes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 7cac6eb5d810f78e52292964808f7e163ced105c
Author: Stefan Metzmacher <metze at samba.org>
Date: Sun Aug 28 11:58:14 2022 +0200
s3:g_lock: remove redundant code in g_lock_trylock()
g_lock_cleanup_shared() handles lck.num_shared == 0 just fine...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit d19fa657d725e887ec0cd2f19b479e827230faa6
Author: Stefan Metzmacher <metze at samba.org>
Date: Sun Aug 28 11:41:46 2022 +0200
s3:g_lock: add g_lock_ctx->busy and assert it to false
This prepares some helper functions in order to
allow callers of g_lock_lock() to pass in a callback function
that will run under the tdb chainlock when G_LOCK_WRITE was granted.
The idea is that the callers callback function would run with
g_lock_ctx->busy == true and all key based function are not be allowed
during the execution of the callback function. Only the
g_lock_lock_cb_state based helper function are allowed to be used.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit a75194d41b4257800595e2036772953318285d4c
Author: Stefan Metzmacher <metze at samba.org>
Date: Sun Aug 28 11:41:46 2022 +0200
s3:g_lock: add g_lock_lock_cb_state infrastructure
This prepares some helper functions in order to
allow callers of g_lock_lock() to pass in a callback function
that will run under the tdb chainlock when G_LOCK_WRITE was granted.
The idea is that the callers callback function would only be allowed
to run these new helper functions, while all key based function are
not to be allowed.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 3a5174136d6706540ace5567d4e8193534dbd13a
Author: Stefan Metzmacher <metze at samba.org>
Date: Sun Aug 28 10:30:38 2022 +0200
s3:g_lock: reorder the logic in g_lock_lock_simple_fn()
First we fully check if we'll get the lock
and then store the lock.
This is not change in behavior, but it will simplify further changes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 3c26ee84ce8bcd50e3788b1c4df5ebe2d101899c
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Sep 10 17:33:31 2022 +0200
lib/dbwrap: allow dbwrap_merge_dbufs() to update an existing buffer
This will be useful in future...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 6f2ce1fd34642e56a68b0997decbf50255063ea4
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Sep 10 18:13:24 2022 +0200
s3:dbwrap_watch: add dbwrap_watched_watch_force_alerting()
This is useful when we want to wakeup the next watcher
without modifying the record.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 3829acc4743db0f395ed3c3945c343a11a9e9486
Author: Stefan Metzmacher <metze at samba.org>
Date: Sun Aug 28 13:34:25 2022 +0200
s3:dbwrap_watch: add dbwrap_watched_watch_reset_alerting() helper
This can be used if the decision of using dbwrap_watched_watch_skip_alerting()
needs to be reverted...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit c1ec8310496ef7355b950bcf1e4b2d882740aa94
Author: Stefan Metzmacher <metze at samba.org>
Date: Sun Aug 28 13:32:59 2022 +0200
s3:dbwrap_watch: let dbwrap_watched_watch_skip_alerting() also clear the selected watcher
If a watcher was already selected for a wakeup notification reset it...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit d7f429469280676594f0c98882c5d82dc358da6e
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Aug 26 13:06:40 2022 +0200
s3:locking: let _share_mode_do_locked_vfs_* use get/put_share_mode_lock_internal
This avoids calling talloc(mem_ctx, struct share_mode_lock)
and uses stack variables instead.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit a2f6f96ac74b25e99c9765bff341bfc9060a7bbf
Author: Stefan Metzmacher <metze at samba.org>
Date: Sun Aug 28 09:58:51 2022 +0200
s3:locking: split out put_share_mode_lock_internal()
This pairs with get_share_mode_lock_internal() and will allow us
to use a struct share_mode_lock stack variable in future,
which will be much cheaper.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 977498d3eb821c6c30c5a991949054f796579966
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Aug 26 13:03:33 2022 +0200
s3:locking: split out get_share_mode_lock_internal()
This detaches the logic from the talloc(mem_ctx, struct share_mode_lock).
In future we will have cases where we use a stack variable instead,
which will be much cheaper.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 0b94695ebf8eb2edd6de7fc549857393461e4d50
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Aug 26 09:50:00 2022 +0200
s3:locking: remove static_share_mode_data_refcount
The effective value of share_mode_lock_key_refcount
is 'share_mode_lock_key_refcount + static_share_mode_data_refcount',
which is quite confusing.
This complexity is not needed and we can just use
share_mode_lock_key_refcount.
This will also simplify further changes.
Review with: git show -U15 -w
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit ca9014d0378e1da8c30da4aae99a05005fe89b10
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Aug 26 09:42:45 2022 +0200
s3:locking: move from uint8_t share_mode_lock_key_data[] to struct file_id
This will allow us to have better debug messages and will also make
further changes easier.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 0fbd125453f7cf63e158d56b130b500e362fcbcb
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Sep 1 13:25:06 2022 +0200
s3:smb2_trans2: make use of share_mode_do_locked_vfs_allowed() in smb_posix_unlink()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit b80bc6307cf4ec7d54284e1b940ce9f7430e6716
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Aug 30 08:11:12 2022 +0200
s3:smbd: let update_write_time_on_close() use share_mode_do_locked_vfs_denied()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 1288989f0f5043f3a3dff9fda217f41b16d33958
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Aug 30 05:57:48 2022 +0000
s3:smbd: let update_write_time_on_close() use share_mode_{old,changed}_write_time()
We're already holding a share_mode_lock, so we can use it directly.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit b9edf3c6428652671eae8a5ec8e18460c6d31196
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Sep 1 12:54:35 2022 +0200
s3:locking: make use of share_mode_do_locked_vfs_denied() in set_sticky_write_time()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 2474b063da95d3ef8662f9c7c27ed96e37f7a722
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Sep 1 12:49:51 2022 +0200
s3:locking: make use of share_mode_do_locked_vfs_denied() in set_write_time()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 1198e8c0f6c0277e0c32a6c1091b222a6d8a5f14
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Sep 1 12:34:16 2022 +0200
s3:locking: make use of share_mode_do_locked_vfs_denied() in file_has_open_streams()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 42f96d29335dd1ee361f6af70460aa9ff8d33d63
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Aug 31 17:14:09 2022 +0200
s3:smbd: let lease_match() use share_mode_do_locked_vfs_denied()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit c8458f237cd415f35dd5582876c80a9b44d0a053
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Aug 31 16:34:40 2022 +0200
s3:locking: let set_delete_on_close() use share_mode_do_locked_vfs_denied()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit bb7d765663813875a5391df203038edc9747bf0d
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Aug 30 05:55:57 2022 +0000
s3:locking: make use of new share_mode_set_{changed,old}_write_time() helpers
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 432272a7c834b3ebf56d335a1f458fdc392f7e51
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Aug 30 05:55:03 2022 +0000
s3:locking: add share_mode_set_{changed,old}_write_time() helpers
These will be used in future to call them unter an existing share mode
lock...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit c5c7a377c3d395883a9d9cad3bb4256044aac0dc
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Aug 29 16:01:20 2022 +0200
s3:smbd: let setup_poll_open() use share_mode_do_locked_vfs_denied()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 47f1d9362e93b0d6262df6642b495afe010d8149
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Aug 29 15:53:11 2022 +0200
s3:smbd: move get_existing_share_mode_lock() into setup_poll_open()
This will simplify the next steps...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 8979311c6bde49d6210ce64b37c28b6f6fa527fb
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Aug 26 10:44:59 2022 +0200
s3:locking: make 'struct share_mode_lock' private to share_mode_lock.c
There are no callers left dereferencing it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 06e2aa3cba7af00bd8f9ee92496cd6e4e94f14a1
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Aug 26 12:11:44 2022 +0200
s3:locking: make use of share_mode_lock_access_private_data() in reset_share_mode_entry()
We should avoid dereference 'struct share_mode_lock' as much as possible.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit e6ef5474009be017a3d8dc4edbad0b15d12ae877
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Aug 26 12:10:55 2022 +0200
s3:locking: pass struct share_mode_data to share_mode_entry_do()
We should avoid dereference 'struct share_mode_lock' as much as possible.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit f63b9b5311f3a51dcc5cfe2c1ed0adb960033933
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Aug 26 12:09:06 2022 +0200
s3:locking: make use of share_mode_lock_access_private_data() in share_mode_forall_entries()
We should avoid dereference 'struct share_mode_lock' as much as possible.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit eef0c8e25bcedb6b0028866c7540c6feeabb0dd0
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Aug 26 12:08:03 2022 +0200
s3:locking: make use of share_mode_lock_file_id() in share_mode_watch_send()
We should avoid dereference 'struct share_mode_lock' as much as possible.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 557323ca03713c0f0f7b1b5d0f6116095ec405e0
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Aug 26 12:05:04 2022 +0200
s3:locking: add and use share_mode_lock_assert_private_data()
We should avoid dereference 'struct share_mode_lock' as much as possible.
In some places we just rely on share_mode_lock_access_private_data()
to work, if needed the caller should already check it's result...
Note that share_mode_lock_assert_private_data() can't fail up to
now, but we want to change that in future and only load it on
demand.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit faf9388e96028bb499f0ec9e34d5bb12ad26a0e8
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Aug 26 11:17:51 2022 +0200
s3:locking: let get_share_mode_write_time() use share_mode_lock_access_private_data()
We should avoid dereference 'struct share_mode_lock' as much as possible.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit db0e67329297e34ade2062e73ec023a6d46efb00
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Aug 26 11:17:51 2022 +0200
s3:locking: let set_write_time() use share_mode_lock_access_private_data()
We should avoid dereference 'struct share_mode_lock' as much as possible.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit e018c6347f1e5d306f801458ab7e68434bd582c3
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Aug 26 11:17:51 2022 +0200
s3:locking: let set_sticky_write_time() use share_mode_lock_access_private_data()
We should avoid dereference 'struct share_mode_lock' as much as possible.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit ee78d948129bca8650bf1729b7d15826f2e564cd
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Aug 26 11:17:51 2022 +0200
s3:locking: let is_delete_on_close_set() use share_mode_lock_access_private_data()
We should avoid dereference 'struct share_mode_lock' as much as possible.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit c5334b0db4910a252c4eb9434385a5b70cf194d8
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Aug 26 11:17:51 2022 +0200
s3:locking: let get_delete_on_close_token() use share_mode_lock_access_private_data()
We should avoid dereference 'struct share_mode_lock' as much as possible.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 2e7ccb72a075f39ea6a406cba0ae53a1fd5314ff
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Aug 26 11:17:51 2022 +0200
s3:locking: let set_delete_on_close_lck() use share_mode_lock_access_private_data()
We should avoid dereference 'struct share_mode_lock' as much as possible.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 7d982e8558567c6baaae888e023bde5a83ca1714
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Aug 26 11:17:51 2022 +0200
s3:locking: let reset_delete_on_close_lck() use share_mode_lock_access_private_data()
We should avoid dereference 'struct share_mode_lock' as much as possible.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 45253acc81e613d0ab6a47d55c008f95af421bf1
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Aug 26 10:43:12 2022 +0200
s3:locking: let remove_lease_if_stale() use share_mode_lock_file_id()
We should avoid dereference 'struct share_mode_lock' as much as possible.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit d42bb5d831ccc2e5134a2c3776546e1dda2736ac
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Aug 26 10:40:44 2022 +0200
s3:locking: add share_mode_lock_file_id()
This will simplify some (mostly debug) code soon.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 357adc2f27e3efaeb4c38d84de06176175b6c39b
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Aug 26 10:24:52 2022 +0200
s3:locking: make use of share_mode_lock_access_private_data() in rename_share_filename()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 4d697278386b924441f5119dc998f06755aee915
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Aug 26 10:21:25 2022 +0200
s3:locking: let rename_share_filename_state maintain a struct share_mode_data pointer
We only need to access lck->data once...
This will simplify further changes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit b6789ff1c07202d43822c5c7cc0c51df84aba4cd
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Aug 26 10:24:52 2022 +0200
s3:locking: add share_mode_lock_access_private_data()
In future we should avoid dereference 'struct share_mode_lock'
as much as possible.
This will also allow us to load struct share_mode_data
only if required in future.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit b508c5a0be6565355351cb036ce6495e35d76862
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Aug 26 09:27:44 2022 +0200
s3:locking: let share_mode_wakeup_waiters() use share_mode_do_locked_vfs_denied()
This allows us get rid of the otherwise unused share_mode_do_locked().
It means we only have one code path that handles the g_lock handling.
This looks like a performance degradation, but all callers of
share_mode_wakeup_waiters() already took the share_mode_lock,
so we only increment the refcount. Note the additional
talloc(mem_ctx, struct share_mode_lock) will be optimized away
in the next commits.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 7e2ec6ee5670c42bdbb88507fa82c657c035c865
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Aug 18 14:38:55 2022 +0200
s3:locking: make share_mode_do_locked() static
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 0d5a96038164aef951473c94e97edd743ef0c593
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Aug 18 13:57:56 2022 +0200
s3:locking: protect do_lock() with share_mode_do_locked_vfs_allowed()
share_mode_do_locked() will be make static soon.
Here we just want to avoid concurrent access to brlock.tdb
in order to maintain the lock order, we're not interested in the
locking.tdb content at all, expect that there's at least one
entry.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 7c6113de2b61f9a87906bb56c1b2a1f4c7974e89
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Aug 18 13:57:56 2022 +0200
s3:smbd: protect smbd_do_unlocking() with share_mode_do_locked_vfs_allowed()
share_mode_do_locked() will be make static soon.
Here we just want to avoid concurrent access to brlock.tdb
in order to maintain the lock order, we're not interested in the
locking.tdb content at all, expect that there's at least one
entry and we want to wake potential watchers.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit f971a4ae31fd664ecb0ab3fd2c2ab1fc2275e68d
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Aug 18 13:26:47 2022 +0200
s3:locking: add share_mode_do_locked_vfs_{denied,allowed}()
These function will add an abstraction to protect
a function that is not allowed to call vfs functions
or allow vfs functions to be called.
Currently these are implemented similar,
but we'll optimize them in the next commits.
The idea is that share_mode_do_locked_vfs_denied()
will be able to run fast enough in order to run
under a tdb chainlock (just a pthread mutex).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit aa7df0fb9fa62cf2f6bc774c020da26ce878e7b0
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Sep 3 02:46:34 2022 +0200
s3:smbd: add smb_vfs_assert_allowed() to kernel oplock code
Kernel oplocks can block in the same way vfs operations can do.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit f2fdeb17ec432314a81c06863f59110aad4f558c
Author: Stefan Metzmacher <metze at samba.org>
Date: Sun Aug 21 15:37:18 2022 +0200
s3:smbd: add helpers to deny vfs calls in some sections
Code denying vfs calls can do:
{
struct smb_vfs_deny_state vfs_deny = {};
smb_vfs_deny_push(&vfs_deny);
VFS calls are not allowed here...
smb_vfs_deny_pop(&vfs_deny);
}
This will allow us to safely run some code under a
tdb chainlock later...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 641bfc5905b0ec21ec7c65cda5139cb676d24917
Author: Stefan Metzmacher <metze at samba.org>
Date: Sun Aug 21 15:19:59 2022 +0200
s3:smbd: move VFS_FIND() to smbd/vfs.c
It's only used there...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit e7cf1b07b6928f18b0147f4b6b74a97ae3fb667b
Author: Stefan Metzmacher <metze at samba.org>
Date: Sun Aug 21 15:15:09 2022 +0200
s3:smbd: move locking related vfs functions to smbd/vfs.c
This allows us to make VFS_FIND local to smbd/vfs.c in the
next step.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 6ab4457b4be139c4e5a3f44ce9bf8018ad09a58b
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Aug 22 16:19:40 2022 +0200
s3:locking: just use g_lock_dump() for fsp_update_share_mode_flags()
We don't need to protect this with g_lock_lock/g_lock_unlock
as we just want the current flags, we're still protected by the
dbwrap layer lock.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 65715e3431a87f519528b0daa7d877f668875a84
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Aug 22 23:26:06 2022 +0200
s3:locking: move fsp_update_share_mode_flags* related functions further down
It will soon need to use 'struct locking_tdb_data'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit f4e0a6fe00bc61b052ab3f1094bbce113e127d1d
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Aug 22 16:53:38 2022 +0200
s3:locking: replace locking_tdb_data_store() with share_mode_data_ltdb_store()
This means we flush share_mode_data at the same time...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit db78fe13a37d7143f622d8f2e710f2ebd2d97abc
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Sep 3 23:35:06 2022 +0000
s3:locking: let share_mode_forall_entries() call TALLOC_FREE(ltdb)
We should free ltdb as soon as possible...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 703a4ff525655c6f99ac24351be7eb898d4ded28
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Aug 22 16:53:38 2022 +0200
s3:locking: split out share_mode_data_ltdb_store()
This will allow us to use it in other places too
and we'll avoid to storing multiple times.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 5bba79d639b6498073e3917b8112bb50b4aa0c39
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Aug 22 16:53:38 2022 +0200
s3:locking: introduce share_mode_data->not_stored
share_mode_data->fresh was very similar, but only set
and never used.
Now we remember 'not_stored' instead, the 'not_' is easier
as ndr_pull sets [skip] elements to 0.
We use this as indication to move the value to
memcache.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit e1d1b3403e58f96947ebfaa3c633a75c3edb2cc8
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Sep 10 20:39:19 2022 +0200
s3:locking: change some debug messages to level unless we got NT_STATUS_NOT_FOUND
NT_STATUS_NOT_FOUND is not a real error in most cases so we should keep
it on level 10, but all other errors should never be without notice...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 96fe4239131f4cf7749ed25f48ba435ddee9d166
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Sep 10 20:39:19 2022 +0200
s3:locking: log all share_mode_forall_entries() errors at level 0
These should never fail without notice...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit ca2dce3147d6d011db9526a4658271619274992a
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Sep 10 20:39:19 2022 +0200
s3:locking: let share_mode_forall_leases() log all errors at level 0
These should never fail without notice...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit f0e0c0af20d93456241cc2079b7282c07ab1ad62
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Sep 12 07:18:00 2022 +0000
s3:locking: let set_delete_on_close_lck() log errors and panic
Most of the calls in set_delete_on_close_lck() are checked with
asserts, so do panic in all situation where things go wrong in an
unexpected way.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit dd4a94ec925cf09da20c6c4f40a879131ef4be67
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Sep 10 20:39:19 2022 +0200
s3:locking: log g_lock_dump() error in locking_tdb_data_fetch() at level 0
This should never fail without notice...
Note we already checked for NT_STATUS_NOT_FOUND before.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit b19e50634a8abd569a0170113000a37998d28f30
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Sep 10 20:39:19 2022 +0200
s3:locking: log add locking_tdb_data_store() errors at level 0
These should never fail without notice...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit e12c3b56daed806b79076ad8f0fd7c0c9bbb4ae4
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Sep 10 20:39:19 2022 +0200
s3:locking: log g_lock_locks() error at level 0
These should never fail without notice...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 3e5775084aa423d946c0264df594497f64bf2b82
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Sep 10 20:39:19 2022 +0200
s3:locking: let fsp_update_share_mode_flags() log all errors at level 0
These should never fail without notice, share_mode_do_locked() should
never fail with NT_STATUS_NOT_FOUND for an existing fsp.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit c61a375f14b7a3d98472eedf9873ab0973010211
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Sep 10 20:39:19 2022 +0200
s3:locking: log all g_lock_writev_data() errors at level 0
These should never fail without notice.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit d8de42c1558559107bbb22e0c05738621a4ac753
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Sep 10 20:39:19 2022 +0200
s3:locking: log all locking_tdb_data_{get,fetch}() errors at level 0
These should never fail without notice.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit bd088b4639213af8a2ee8c700e2c1105ba095674
Author: Stefan Metzmacher <metze at samba.org>
Date: Sun Aug 21 11:17:19 2022 +0200
s3:open_files.idl: add share_mode_entry_op_type
This makes it easier to read log files...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 170a4812a6b05b667ea6fd7a73d417e09e24e010
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Jun 30 10:25:47 2022 +0000
s3:smbd: let smbXsrv_{session,tcon,open}_global.tdb use TDB_VOLATILE
This avoids using fcntl() locks for dbwrap_delete()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 3ef567472e1d1c6b0c59445d6dcb792e0ded26dd
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Sep 10 19:03:44 2022 +0200
s3:g_lock: fix error handling in g_lock_watch_data_send()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15167
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 9b815ab65ba5b28fd86797202cc5bd6236e9ab81
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Aug 31 17:11:15 2022 +0200
s3:smbd: let lease_match() call TALLOC_FREE(lck); on error
We ignore the error from share_mode_forall_leases(), but
we still need to cleanup the share_mode_lock we are holding...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 50188fb441b43d84daca607e3d74f1c2187cedae
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Sep 10 20:39:37 2022 +0200
s3:locking: let reset_share_mode_entry() report errors to the caller
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15166
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit fb2776f790cc6f8a4da38339c13ebde1f56e9550
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Sep 10 20:41:17 2022 +0200
s3:locking: remove unused NO_LOCKING_COUNT
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 7014475f5b8d22b267e8805c710fa6f46f2d23ca
Author: Stefan Metzmacher <metze at samba.org>
Date: Sun Aug 21 20:47:13 2022 +0200
s3:torture: fix strict aliasing warnings in cmd_vfs.c
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 36c5f31d77a6307ba1fe009c960419a8485525cf
Author: Volker Lendecke <vl at samba.org>
Date: Sat Sep 17 14:02:31 2022 -0700
libsmb: Use find_snapshot_token() for clistr_is_previous_version_path()
Dedup that string parsing logic
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon Sep 19 18:21:56 UTC 2022 on sn-devel-184
commit 6a3da608b87b137fbe1712cb7ed5c1de3aae83c9
Author: Volker Lendecke <vl at samba.org>
Date: Sat Sep 17 13:48:31 2022 -0700
lib: Add separator argument to find_snapshot_token()
We'll use the logic for \ based strings next
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit bfe07fda67f1dac932f57c984b0cdac1df8bc11c
Author: Volker Lendecke <vl at samba.org>
Date: Sat Sep 17 10:13:27 2022 -0700
lib: Move extract_snapshot_token() to util_path.c
Make it available to replace clistr_is_previous_version_path() in
libsmb/
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit f0108015515da97fe31eb1b896a9fc36e5052b49
Author: Volker Lendecke <vl at samba.org>
Date: Fri Sep 16 20:29:30 2022 -0700
vfs: Simplify xattr_tdb_mkdirat()
We have the dirfsp and the relative name. And with fstatat we don't
need the full pathname anymore.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit e343d24d2376601afbaaaf010f0cdd8861a33bd1
Author: Volker Lendecke <vl at samba.org>
Date: Fri Sep 16 09:54:05 2022 -0700
streams_xattr: Avoid a talloc_strdup
We can print a short string with %.*s, no talloc_strdup()
and *stype='\0' required.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit b7359c527da297861ca24d59bd7e2a91b8d72e85
Author: Volker Lendecke <vl at samba.org>
Date: Wed Sep 7 11:32:26 2022 +0200
smbd: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 46f4d64596729bf665c92fd8ca3fe57e780c1018
Author: Volker Lendecke <vl at samba.org>
Date: Wed Sep 7 10:39:26 2022 +0200
smbd: Use PATH_MAX as symlink target buffer
We use that instead of the arbitrary 4k in open.c as well
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 9d5f4563831c50fd7cc68594168d5944af1b53bc
Author: Volker Lendecke <vl at samba.org>
Date: Wed Sep 14 17:16:46 2022 -0700
shadow_copy2: Don't implicitly return memory off talloc_tos()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 26bfffc6209c413bed36c7684ad10c3824933961
Author: Volker Lendecke <vl at samba.org>
Date: Fri Sep 9 05:55:46 2022 +0200
shadow_copy2: Avoid a few ZERO_STRUCT()s
Give the compiler more hints what's going on
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 724dcb1457c4c006214887594a95abe6eb136949
Author: Volker Lendecke <vl at samba.org>
Date: Mon Sep 12 10:20:38 2022 -0700
source3: A few whitespace fixes
review with git sh -w
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit f41c7ea8a27fa49e3d5d5446ced5123aedd58d0e
Author: Volker Lendecke <vl at samba.org>
Date: Mon Sep 12 10:17:09 2022 -0700
registry3: Move registry_value_cmp() to its only user
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit cb6d2a91d0c265dffae74b01c1494a284df9ae1d
Author: Volker Lendecke <vl at samba.org>
Date: Mon Sep 12 10:13:46 2022 -0700
registry3: Remove some unused functions
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 3b344f502d595fb43e15c1677a67b75fa8f61f68
Author: Volker Lendecke <vl at samba.org>
Date: Fri Sep 9 13:59:28 2022 +0200
vfs: Simplify vfswrap_parent_pathname()
We don't really need a talloc_stackframe() here
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit e4d8dc7943b33f749b18f2c55738a6cfad2c8e55
Author: Volker Lendecke <vl at samba.org>
Date: Fri Sep 9 13:43:54 2022 +0200
vfs: Avoid a talloc in vfswrap_parent_pathname()
We copy smb_fname_in->base_name just to overwrite it again
immediately. Expand synthetic_smb_fname() here.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 68d20326db8a2bf6296e6efc5f2ab831db3a1521
Author: Volker Lendecke <vl at samba.org>
Date: Sat Sep 17 10:24:08 2022 -0700
libsmb: Use tevent_req_nterror()'s retval
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 063976fca375be367fa6b471389a3d7258b73460
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Thu Sep 15 16:48:31 2022 +1200
WHATSNEW: samba-tool: fewer tracebacks, more colour
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Mon Sep 19 07:14:31 UTC 2022 on sn-devel-184
commit dad0c9a52eb142ea105231ab1e8df75ff00da210
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Thu Sep 15 12:41:13 2022 +1200
docs/man/samba-tool explain --color
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 98c7af03945e9af7fa032dc2d8682838b0b2d5fc
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Sat Sep 17 18:18:25 2022 +1200
py/dbcheck: improve 'please --fix' message
The dbcheck module is used in places other than samba-tool (backup,
provision) where the old 'use --fix' message made no sense. Also,
now that we're not necessarily claiming to fix all errors, we say
how many we think we can.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 10bcf2bb08ee742023325bcbb3005d6a9e8295b6
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Fri Sep 16 16:26:41 2022 +1200
dbcheck: don't recommend --fix for errors we can't fix
and/or won't fix.
I think there are others that should be here.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit d71258b45502a5552cf3540c854b925be3194b8c
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Thu Sep 15 11:20:25 2022 +1200
dbcheck: do not crash on empty DN
we had
$ bin/samba-tool dbcheck -H st/rpc_proxy/private/sam.ldb
Checking 202 objects
ERROR(<class 'ValueError'>): uncaught exception - unable to parse dn string
File "/home/douglasb/src/samba/bin/python/samba/netcmd/__init__.py", line 230, in _run
return self.run(*args, **kwargs)
File "/home/douglasb/src/samba/bin/python/samba/netcmd/dbcheck.py", line 173, in run
error_count = chk.check_database(DN=DN, scope=search_scope,
File "/home/douglasb/src/samba/bin/python/samba/dbchecker.py", line 255, in check_database
error_count += self.check_object(object.dn, requested_attrs=attrs)
File "/home/douglasb/src/samba/bin/python/samba/dbchecker.py", line 2616, in check_object
expected_dn = ldb.Dn(self.samdb, "RDN=RDN,%s" % (parent_dn))
Now we have:
$ bin/samba-tool dbcheck -H st/rpc_proxy/private/sam.ldb
Checking 202 objects
ERROR: could not handle parent DN '': skipping RDN checks
Please use --fix to fix these errors
Checked 202 objects (1 errors)
which is still not really right, since --fix won't help.
(same with st/s4member/private/sam.ldb).
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 2b039eb8c52a491c3d7b5bcae952e826b3ac1b21
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Thu Sep 15 10:17:16 2022 +1200
samba-tool dbcheck: use colour if wanted
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 318eb65cb8d777651861266818c646246f82e1a1
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Thu Sep 15 11:13:30 2022 +1200
py/dbchecker: dbcheck prints bits of colour if asked
Prefixes like ERROR, WARNING, and INFO are given interpretive colours.
This won't change anything until samba-tool decides to ask for colour,
which, who knows, might even be in the next commit.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 6e5d79ff40892b4f8f4962b36c1c3fb2d2ce9d55
Author: Volker Lendecke <vl at samba.org>
Date: Thu Sep 15 08:55:01 2022 -0700
shadow_copy2: Remove an intermediate if-statement
Now we always pass in a dirfsp from our only caller
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Sat Sep 17 05:15:04 UTC 2022 on sn-devel-184
commit f3350bff4532b35b3c9e99e0d0865ecec55e1be5
Author: Volker Lendecke <vl at samba.org>
Date: Tue Sep 13 09:49:31 2022 -0700
smbd: Remove non_widelink_open() support code
process_symlink_open() and check_reduced_name() are no longer used,
non_widelink_open() was the only user of both.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 2c8935cf3d79dd09bc6d00793cf8fdaf031d21fc
Author: Volker Lendecke <vl at samba.org>
Date: Mon Sep 12 12:08:13 2022 -0700
smbd: Rewrite non_widelink_open()
The previous implementation relied on recursion into
non_widelink_open() via process_symlink_open(). The latter used
readlink() to just make sure that the opened file is actually a
symlink.
This implementation now relies on a fstat/fstatat on failure to open a
file, removing a little complexity deciphering error codes
correctly. It also relies on reading the symlink in user space,
turning the recursion into a loop.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 1bf0289b23cae861ec1fa3c4a46e267392315726
Author: Volker Lendecke <vl at samba.org>
Date: Wed Sep 7 10:43:23 2022 +0200
smbd: Make readlink_talloc() public
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit b4445ef9ab1b258fbb17bb5aaa9998f14e4adfcc
Author: Volker Lendecke <vl at samba.org>
Date: Sat Sep 10 01:36:11 2022 -0700
smbd: Slightly simplify non_widelink_open()
Avoid the "is_share_root" boolean: One special case less to take care
of further down and in callers: Sanitize the relative name so that it
can never contain a path separator
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit dbf93c9e0f5d592b3cbac4c705cb10dbc9e20ea6
Author: Volker Lendecke <vl at samba.org>
Date: Thu Sep 15 06:11:55 2022 -0700
shadow_copy2: Use dirfsp if it's around
Not used yet, and the "if" around dirfsp!=NULL will go away in a later
patch.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit fbc17c41aeb8eae4e603aef0fe8822b468b57205
Author: Volker Lendecke <vl at samba.org>
Date: Thu Sep 15 03:41:55 2022 +0000
shadow_copy2: Use dirfsp for connectpath
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit e1ca4e28d89237c8910e77146824ecc3444ce272
Author: Volker Lendecke <vl at samba.org>
Date: Wed Sep 14 20:18:33 2022 -0700
vfs: Add dirfsp to connectpath_fn()
So far we only call CONNECTPATH on full paths. In the future, we'll
have a call that will not have converted a relative path to absolute
just for efficiency reasons. To give shadow_copy2 the chance to still
find the snapshot directory, pass the dirfsp down to it.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 9ef2f7345f0d387567fca598cc7008af95598903
Author: Andreas Schneider <asn at samba.org>
Date: Mon Sep 12 16:31:05 2022 +0200
s3:auth: Flush the GETPWSID in memory cache for NTLM auth
Example valgrind output:
==22502== 22,747,002 bytes in 21,049 blocks are possibly lost in loss record 1,075 of 1,075
==22502== at 0x4C29F73: malloc (vg_replace_malloc.c:309)
==22502== by 0x11D7089C: _talloc_pooled_object (in /usr/lib64/libtalloc.so.2.1.16)
==22502== by 0x9027834: tcopy_passwd (in /usr/lib64/libsmbconf.so.0)
==22502== by 0x6A1E1A3: pdb_copy_sam_account (in /usr/lib64/libsamba-passdb.so.0.27.2)
==22502== by 0x6A28AB7: pdb_getsampwnam (in /usr/lib64/libsamba-passdb.so.0.27.2)
==22502== by 0x65D0BC4: check_sam_security (in /usr/lib64/samba/libauth-samba4.so)
==22502== by 0x65C70F0: ??? (in /usr/lib64/samba/libauth-samba4.so)
==22502== by 0x65C781A: auth_check_ntlm_password (in /usr/lib64/samba/libauth-samba4.so)
==22502== by 0x14E464: ??? (in /usr/sbin/winbindd)
==22502== by 0x151CED: winbind_dual_SamLogon (in /usr/sbin/winbindd)
==22502== by 0x152072: winbindd_dual_pam_auth_crap (in /usr/sbin/winbindd)
==22502== by 0x167DE0: ??? (in /usr/sbin/winbindd)
==22502== by 0x12F29B12: tevent_common_invoke_fd_handler (in /usr/lib64/libtevent.so.0.9.39)
==22502== by 0x12F30086: ??? (in /usr/lib64/libtevent.so.0.9.39)
==22502== by 0x12F2E056: ??? (in /usr/lib64/libtevent.so.0.9.39)
==22502== by 0x12F2925C: _tevent_loop_once (in /usr/lib64/libtevent.so.0.9.39)
==22502== by 0x16A243: ??? (in /usr/sbin/winbindd)
==22502== by 0x16AA04: ??? (in /usr/sbin/winbindd)
==22502== by 0x12F29F68: tevent_common_invoke_immediate_handler (in /usr/lib64/libtevent.so.0.9.39)
==22502== by 0x12F29F8F: tevent_common_loop_immediate (in /usr/lib64/libtevent.so.0.9.39)
==22502== by 0x12F2FE3C: ??? (in /usr/lib64/libtevent.so.0.9.39)
==22502== by 0x12F2E056: ??? (in /usr/lib64/libtevent.so.0.9.39)
==22502== by 0x12F2925C: _tevent_loop_once (in /usr/lib64/libtevent.so.0.9.39)
==22502== by 0x12F4C7: main (in /usr/sbin/winbindd)
You can find one for each string in pdb_copy_sam_account(), in total
this already has 67 MB in total for this valgrind run.
pdb_getsampwnam() -> memcache_add_talloc(NULL, PDB_GETPWSID_CACHE, ...)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15169
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Sep 16 20:30:31 UTC 2022 on sn-devel-184
commit 3e95c677f242b28eaa031ed402a28dbdc0958d9f
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Fri Sep 16 11:42:48 2022 +1200
pytests:s4/dsdb/passwords: avoid unused imports
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Fri Sep 16 06:47:43 UTC 2022 on sn-devel-184
commit 884f105214973d0b414fdf2b3be6eaff4c75512c
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Fri Sep 16 11:42:14 2022 +1200
pytests:s4/drs/getnc_schema: avoid unused imports
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 1cf48a588fc440eba665b27cf5d8f56264d2ca51
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Fri Sep 16 11:41:39 2022 +1200
pytests:s4/drs/repl_move: avoid unused and star imports
Found the names using something like:
flake8 repl_move.py | \
grep -oP "(?<=F405 ')[\w.]+" /tmp/repl_move | sort | uniq
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 7283fed0b3524cd00d256eb1a9292685e0f9b43a
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Fri Sep 16 11:38:40 2022 +1200
pytests:s4/drs/repl_rodc: avoid unused imports
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 7f9fedd744c1f5144518efbe975330ea0df1cfd0
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Fri Sep 16 11:38:08 2022 +1200
pytests:s4/drs/linked_attributes_drs: avoid unused imports
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit b1ff59fb8b729f07836c4953a77eb710dc361f4c
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Fri Sep 16 11:37:14 2022 +1200
pytests:s4/drs/ridalloc_exop: avoid unused imports
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 3c5cb27885a542e0c0ba80e6c9b776859a29d2ff
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Fri Sep 16 11:36:28 2022 +1200
pytests: remove backwards compat workaround for python 2.6
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 2775d6b5d1c92aa72d02bde617927020cd8a79a2
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed Sep 14 21:12:47 2022 +1200
pytest: samba-tool visualize: improve a message
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit ed72ec763133b3ed17a9f75bf4ae0bf0782c2967
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Fri Sep 9 16:13:12 2022 +1200
samba-tool: no stack trace on missing ldb tdb
Now, in a testenv, if you forget to use '-s st/ad_dc/etc/smb.conf',
you only see this:
$ bin/samba-tool user rename dsadsa
ldb: Unable to open tdb '$HERE/st/client/private/secrets.ldb': No such file or directory
ldb: Failed to connect to '$HERE/st/client/private/secrets.ldb' with backend 'tdb': Unable to open tdb '$HERE/st/client/private/secrets.ldb': No such file or directory
Could not find machine account in secrets database: Failed to fetch machine account password from secrets.ldb: Could not open secrets.ldb and failed to open $HERE/st/client/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO
ltdb: tdb($HERE/st/client/private/sam.ldb): tdb_open_ex: could not open file $HERE/st/client/private/sam.ldb: No such file or directory
Unable to open tdb '$HERE/st/client/private/sam.ldb': No such file or directory
Failed to connect to 'tdb://$HERE/st/client/private/sam.ldb' with backend 'tdb': Unable to open tdb '$HERE/st/client/private/sam.ldb': No such file or directory
ERROR(ldb): uncaught exception - Unable to open tdb '$HERE/st/client/private/sam.ldb': No such file or directory
rather than all that AND a stack trace.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit b350a9c37c997eed219d22f7ae010358b620fef4
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Fri Sep 9 15:08:30 2022 +1200
samba-tool: write ERROR in red if colour is wanted
Often we'll write something like
ERROR: Unable to find user "potato"
which can get lost in the jumble of other output. With this patch, we
colour the word "ERROR" red but not the rest of the string, unless it is
determined that colour is not wanted (due to one of --color=never,
NO_COLOR=1, output is not a tty).
We choose to redden the word "ERROR" only to maintain legibility in the
actual message, while hopefully increasing the noticeability of the line.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit a64e6c9639ce9162d615fbb2f1f0349e1bd9720e
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed Sep 14 18:23:16 2022 +1200
samba-tool visualize: simplify --color-scheme calculations
If you ask for a --color-scheme, you are implicitly asking for --color.
That was documented in --help, but not followed here.
Now --color=no --color-scheme=ansi will use colour for the graph, but not
for other output. This might be useful when the graph is going to a
different place than everything else (`-o foo.txt > bar.txt`).
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 07cbb10dc07381df6409f12ca0b4ecb6911ce495
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Fri Sep 9 14:56:08 2022 +1200
samba-tool visualise: use global --color
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit adf8b8b4a16493d2e0c2f33c00e7a4970b8a9c2a
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Sat Sep 10 16:55:48 2022 +1200
py:colour: is_colour_wanted() can take filenames
We need this for `samba-tool visualize -o -` which means output to
stdout, and which has always had a tty test for colour. Rather than
continue to duplicate the full logic there, we can reuse this.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit c0d0c13670a1082427c1a62f1fd36c0e0a672a9f
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Fri Sep 9 15:24:29 2022 +1200
samba-tool: --color=auto looks at stderr and stdout
More often than not we are using colour in stderr, but are deciding
based on stdout's tty-ness. This patch changes to use both, and will
affect the following situation:
samba-tool 2>/tmp/errors # used to be colour, now not.
of course, if you want colour, you can always
samba-tool --color=yes 2>/tmp/errors
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 7d4387d15dff755a57724d4df5e25b75ae5bee6b
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Fri Sep 9 14:50:13 2022 +1200
samba-tool drs showrepl: use global --color option
This changes the default from --color=no to --color=auto.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit baf7c5c585de35a01699a1b0e18bbb339c14afa0
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Fri Sep 9 14:38:18 2022 +1200
samba-tool: save --color choice for subcommands
In particular, visualize needs it to decide colour for an output
file that may or may not be stdout, so it needs to make its own
decision for that file.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 5dd4696fb792cff37534eccb943be66cdd9e544c
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Fri Sep 9 14:48:29 2022 +1200
samba-tool: make --color a general option
We don't put --color into options.SambaOptions because we can't handle
the 'auto' case in the options module without knowing whether or not
self.outf is a tty, and a) this might not be resolved and b) is fiddly
to pass through.
The .use_colour class flag allows samba-tool subcommands to avoid having
--color, and is *also* useful in the short term for visualise and drs
commands to avoid having this --color clobber their own bespoke versions
(temporarily, during the transition).
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 4c623356ce547ea2dd4d9055ef9162f227d4cabd
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Fri Sep 9 14:35:12 2022 +1200
py:colour: colour_if_wanted() returns the result
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 4f30d06a365540aa237976f4807e23b9455e9c90
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed Sep 14 17:36:08 2022 +1200
pytest: samba-tool visualize: fix filename
Overwriting the other file was harmless but misleading.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 3119349a3f1973697980aff0a012dff92be3402a
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Thu Dec 17 14:34:50 2020 +1300
libcli/auth/proto.h: remove unneeded path details.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 53f6dbe03f7389242a6ebfaddc90bc39865b17fc
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed Aug 31 15:42:46 2022 +1200
ldb: ldb_build_search_req() check for a talloc failure
The failure in question would have to be a `talloc_strdup(dn, "")` in
ldb_dn_from_ldb_val().
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 9983ea0ed26fb61b205b369796b26e701c546b85
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed Aug 17 10:12:28 2022 +1200
s4/server: stop suggesting ntvfs in error message
I am not sure about the rpc proxy.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 1f60e881973ea8faffbd136971c3ae3f3dd233a5
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Fri Jul 2 15:45:45 2021 +1200
libaddns: remove duplicate declaration
Also declared on line 257, exactly the same.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit eab89c8e29d77922420f345ae0198425ad0ac937
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Thu Sep 8 14:32:13 2022 +1200
pytest/password_lockout: be less verbose by default
leaving the carefully constructed verbosity there for whoever choses
to switch it on.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 7af1326a58ed371209b82f561a6720df2c893849
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed Sep 7 15:41:17 2022 +1200
samba-tool: simplify and clarify SuperCommand._run() a little
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 4f5b4bd9dfb7690359dbae6b687f97946761dd22
Author: Martin Schwenke <martin at meltin.net>
Date: Fri Aug 26 09:16:49 2022 +1000
ctdb-tests: Reformat remaining test stubs with "shfmt -w -p -i 0 -fn"
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay at samba.org>
Autobuild-Date(master): Fri Sep 16 04:35:09 UTC 2022 on sn-devel-184
commit 0e388a1994e0f6715466eba1d3bdd765c36f956f
Author: Martin Schwenke <martin at meltin.net>
Date: Thu Aug 18 09:36:08 2022 +1000
ctdb-tests: Include eventscript stub commands in shellcheck test
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
commit 4ee0abaece92efd28901801c020cfdf5b80fcadb
Author: Martin Schwenke <martin at meltin.net>
Date: Thu Aug 18 08:59:28 2022 +1000
ctdb-tests: Avoid shellcheck warnings in remaining test stubs
A small amount of effort...
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
commit a31fb7e5ab8439349bc2670b3fde1020ba2c48b5
Author: Martin Schwenke <martin at meltin.net>
Date: Wed Aug 17 11:38:44 2022 +1000
ctdb-scripts: Simplify determination of real interface
This can now be made trivial.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
commit 5abaec499275bc47fb596e6bf2fa9fe98a891e79
Author: Martin Schwenke <martin at meltin.net>
Date: Wed Aug 17 11:37:56 2022 +1000
ctdb-tests: Implement "ip -brief link show" in ip stub
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
commit ef921bdbdbacecf39ee2a1851f16dbba62175fcc
Author: Martin Schwenke <martin at meltin.net>
Date: Wed Aug 17 12:12:30 2022 +1000
ctdb-tests: Avoid ShellCheck warnings
Although this is a test stub, it is complicated enough to encourage
ShellCheck cleanliness.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
commit 67e0ca5e01439b9efe4611c5fcfd0bf2ac69423b
Author: Martin Schwenke <martin at meltin.net>
Date: Wed Aug 17 11:41:33 2022 +1000
ctdb-tests: Reformat script with "shfmt -w -p -i 0 -fn"
As per current Samba convention.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
commit 517f09eb6f325af0d69b14d5b6b0e6b84616c6ce
Author: Martin Schwenke <martin at meltin.net>
Date: Wed Aug 17 11:04:10 2022 +1000
ctdb-scripts: Drop assumption that there are VLANs with no '@'
VLAN configuration on Linux often uses a convention of naming a VLAN
on <iface> with VLAN ID <tag> as <iface>.<tag>. To be able to monitor
the underlying interface, the original 10.interface code naively
simply stripped off the '.' and everything after (i.e. ".*", as a glob
pattern).
Some users do not use the above convention. A VLAN can be named
without including the underlying interface, but still with a
tag (e.g. vlan<tag> - the word "vlan" following by the tag) or, more
generally, perhaps without a tag (e.g. <vlan> - an arbitrary name).
The ip(8) command lists a VLAN as <vlan>@<iface>. The underlying
interface can be found by stripping everything up to and including an
'@' (i.e. "*@").
Commit bc71251433ce618c95c674d7cbe75b01a94adad9 added support for
stripping "*@". However, on suspicion, it kept support for the case
where there is no '@', falling back to stripping ".*". If ip(8) ever
did this then it was a long time ago - it has been printing a format
including '@' since at least 2004.
Stripping ".*" interferes with interesting administrative decisions,
like having '.' in interface names.
So, drop the fallback to stripping ".*" because it appears to be
unnecessary and can cause inconvenience.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
commit cc64ea24daa649dc8de4a212c7abfbe111095655
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri Sep 16 14:18:37 2022 +1200
CVE-2020-25720 s4:dsdb/descriptor: explain lack of dSHeuristics check
It is strange that sDRightsEffective pays no attention to the
dSHeuristics flags.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14810
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Fri Sep 16 03:31:42 UTC 2022 on sn-devel-184
commit 95fe9659574337234616625fc32d5f00035ae7c9
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Thu May 5 17:21:42 2022 +1200
CVE-2020-25720 s4:dsdb/descriptor: Validate owner SIDs written to security descriptors
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14810
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit acc9999a08f12d5bff6edb631a9515fe7e5087c3
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Thu May 5 19:30:13 2022 +1200
CVE-2020-25720 s4-acl: Omit sDRightsEffective for computers unless all rights are granted
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14810
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 5073d5997cb1d7f654423655e0d1eeb117bdab38
Author: Nadezhda Ivanova <nivanova at symas.com>
Date: Fri Oct 22 21:33:03 2021 +0300
CVE-2020-25720: s4-acl: Owner no longer has implicit Write DACL
The implicit right of an object's owner to modify its security
descriptor no longer exists, according to the new access rules. However,
we continue to grant this implicit right for fileserver access checks.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14810
Signed-off-by: Nadezhda Ivanova <nivanova at symas.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 72b8e98252b0231868f04d40456459057126980c
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Mon Sep 5 14:53:26 2022 +1200
CVE-2020-25720 s4:ntvfs: Use se_file_access_check() to check file access rights
se_access_check() will be changed in a following commit to remove the
implicit WRITE_DAC right that comes with being the owner of an object.
We want to keep this implicit right for file access, and by using
se_file_access_check() we can preserve the existing behaviour.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14810
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 6dc6ca56bd517a5cba85bb4ec120fcfb5feadfb8
Author: Nadezhda Ivanova <nivanova at symas.com>
Date: Fri Oct 22 21:10:35 2021 +0300
CVE-2020-25720: s4-acl: Adjusted some tests to work with the new behavior
Test using non-priviledged accounts now need to make sure they have
WP access on the prvided attributes, or Write-DACL
Some test create organizational units with a specific SD, and those now
need the user to have WD or else they give errors
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14810
Signed-off-by: Nadezhda Ivanova <nivanova at symas.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 08187833fee57a8dba6c67546dfca516cd1f9d7a
Author: Nadezhda Ivanova <nivanova at symas.com>
Date: Mon Oct 25 13:10:56 2021 +0300
CVE-2020-25720: s4-acl: Change behavior of Create Children check
Up to now, the rights to modify an attribute were not checked during an LDAP
add operation. This means that even if a user has no right to modify
an attribute, they can still specify any value during object creation,
and the validated writes were not checked.
This patch changes this behavior. During an add operation,
a security descriptor is created that does not include the one provided by the
user, and is used to verify that the user has the right to modify the supplied attributes.
Exception is made for an object's mandatory attributes, and if the user has Write DACL right,
further checks are skipped.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14810
Pair-Programmed-With: Joseph Sutton <josephsutton at catalyst.net.nz>
Signed-off-by: Nadezhda Ivanova <nivanova at symas.com>
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 0e1d8929f872708e79edf802e5d2ff847c9b3ee5
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Fri Apr 22 15:01:00 2022 +1200
CVE-2020-25720: s4-acl: Move definition of acl_check_self_membership()
This allows us to make use of it in acl_add().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14810
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit c2761a47fd12cc2a79a02707ed9d778e496b1fd4
Author: Nadezhda Ivanova <nivanova at symas.com>
Date: Mon Oct 25 11:34:57 2021 +0300
CVE-2020-25720 s4-acl: Test Create Child permission should not allow full write to all attributes
Up to now, the rights to modify an attribute were not checked during an LDAP
add operation. This means that even if a user has no right to modify
an attribute, they can still specify any value during object creation,
and the validated writes were not checked.
This patch includes tests for the proposed change of behavior.
test_add_c3 and c4 pass, because mandatory attributes can still be
set, and in the old behavior SD permissions were irrelevant
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14810
Pair-Programmed-With: Joseph Sutton <josephsutton at catalyst.net.nz>
Signed-off-by: Nadezhda Ivanova <nivanova at symas.com>
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 2563f85237bd4260b7b527f3695f27da4cc61a74
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Wed Sep 14 13:21:34 2022 +1200
CVE-2020-25720 pydsdb: Add AD schema GUID constants
This helps reduce the profusion of magic constant values in Python
tests.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14810
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit cc709077822a39227174b91ed2345c2bd603f61f
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Sep 6 19:23:13 2022 +1200
CVE-2020-25720 pydsdb: Add dsHeuristics constant definitions
We want to be able to use these values in Python tests.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14810
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 0af5706b559e89c77123ed174b41fd3d01705aa5
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Thu Apr 28 20:34:36 2022 +1200
CVE-2020-25720 s4/dsdb/util: Add functions for dsHeuristics 28, 29
These are the newly-added AttributeAuthorizationOnLDAPAdd and
BlockOwnerImplicitRights.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14810
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 890d2c5cf5d47758b5429f87a064f04512ff7136
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Sat Apr 30 13:55:39 2022 +1200
CVE-2020-25720 python:tests: Ensure that access checks don't succeed
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14810
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit cbbf3fd7412ba073b26b0d0a32fe25b343fed5ca
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Thu Apr 28 21:00:56 2022 +1200
CVE-2020-25720 s4:tests/sec_descriptor: Add missing security descriptor modify
The variable sub_sddl1 previously went unused, so this call to
modify_sd_on_dn() was presumably intended to go here.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14810
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit b4455f04879d39aefc4d4e39e6611c54be00e62d
Author: Jeremy Allison <jra at samba.org>
Date: Fri Sep 9 10:29:30 2022 -0700
s3: libsmb: In cli_posix_open_internal_send() (SMBtrans2:TRANSACT2_SETPATHINFO) check for DFS pathname.
See smbtorture3: SMB1-DFS-PATHS: test_smb1_setpathinfo_XXXX()
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Sep 15 19:44:00 UTC 2022 on sn-devel-184
commit fa7e6899b3ba5d672a805220021268e1d3165015
Author: Jeremy Allison <jra at samba.org>
Date: Fri Sep 9 09:40:12 2022 -0700
s3: libsmb: In cli_qpathinfo_send() (SMBtrans2:TRANSACT2_QPATHINFO) check for DFS pathname.
See smbtorture3: SMB1-DFS-PATHS: test_smb1_qpathinfo()
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
commit adc4a1b290a96221b8198a030977760d21aebae0
Author: Jeremy Allison <jra at samba.org>
Date: Thu Sep 8 16:21:20 2022 -0700
s3: libsmb: In cli_set_ea_path() (SMBtrans2:TRANSACT2_SETPATHINFO) check for DFS pathname.
See smbtorture3: SMB1-DFS-PATHS: test_smb1_setpathinfo_XXXX()
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
commit 5c083e8bc3a15b6cdab906dfbaefe9fa2a3692fe
Author: Jeremy Allison <jra at samba.org>
Date: Thu Sep 8 14:28:41 2022 -0700
s3: libsmb: In cli_ctemp_send() (SMBctemp) check for DFS pathname.
smbtorture3: SMB1-DFS-OPERATIONS: test_smb1_ctemp() shows
SMBctemp uses DFS paths.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
commit 6a82167f11fa499bac6176a5dfd2f9a423721058
Author: Jeremy Allison <jra at samba.org>
Date: Thu Sep 8 12:25:49 2022 -0700
s3: libsmb: In cli_chkpath_send() (SMBcheckpath) check for DFS pathname.
smbtorture3: SMB1-DFS-OPERATIONS: test_smb1_chkpath() shows
SMBcheckpath uses DFS paths.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
commit a53c049c4de8f737e55f021b84060f2ed5fc57ed
Author: Jeremy Allison <jra at samba.org>
Date: Thu Sep 8 11:53:33 2022 -0700
s3: libsmb: In cli_setatr_send() (SMBsetatr) check for DFS pathname.
smbtorture3: SMB1-DFS-OPERATIONS: test_smb1_setatr() shows
SMBsetatr uses DFS paths.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
commit 75339aec0ee963c8f7605aaf5016bacdcaa23b99
Author: Jeremy Allison <jra at samba.org>
Date: Thu Sep 8 09:50:56 2022 -0700
s3: libsmb: In cli_getatr_send() (SMBgetatr) check for DFS pathname.
smbtorture3: SMB1-DFS-OPERATIONS: test_smb1_getatr() shows
SMBgetatr uses DFS paths.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
commit b58cee42512320f3b5ee1b6f4ae41eaf597690ef
Author: Jeremy Allison <jra at samba.org>
Date: Wed Sep 7 12:52:42 2022 -0700
s3: libsmb: In cli_openx_create() (SMBopenX) check for DFS pathname.
smbtorture3: SMB1-DFS-OPERATIONS: test_smb1_openx() shows
SMBopenX uses DFS paths.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
commit ab1257226420c98621aec4fa0737882ae0291c94
Author: Jeremy Allison <jra at samba.org>
Date: Wed Sep 7 12:05:53 2022 -0700
s3: libsmb: In cli_nttrans_create_send() (SMBnttrans:NT_TRANSACT_CREATE) check for DFS pathname.
smbtorture3: SMB1-DFS-OPERATIONS: test_smb1_nttrans_create() shows
SMBnttrans:NT_TRANSACT_CREATE uses DFS paths.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
commit 198869afecd4c5bd87e8325ba5530736a39c41ab
Author: Jeremy Allison <jra at samba.org>
Date: Wed Sep 7 11:26:46 2022 -0700
s3: libsmb: In cli_ntcreate1_send() (SMBntcreateX) check for DFS pathname.
smbtorture3: SMB1-DFS-OPERATIONS: test_smb1_ntcreatex() shows
SMBntcreateX uses DFS paths.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
commit 8561eaa02d9810b337378ee3ed448570d20496b8
Author: Jeremy Allison <jra at samba.org>
Date: Wed Sep 7 10:47:37 2022 -0700
s3: libsmb: In cli_rmdir_send() (SMBrmdir) check for DFS pathname.
smbtorture3: SMB1-DFS-OPERATIONS: test_smb1_rmdir() shows
SMBrmdir uses DFS paths.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
commit 47cf519e98f937cf21cc3c8c62e38efa7010f091
Author: Jeremy Allison <jra at samba.org>
Date: Wed Sep 7 10:45:01 2022 -0700
s3: libsmb: In cli_mkdir_send() (SMBmkdir) check for DFS pathname.
smbtorture3: SMB1-DFS-OPERATIONS: test_smb1_mkdir() shows
SMBmkdir uses DFS paths.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
commit e2efea7d1f2b635057b6a25b1e086645eb2f38be
Author: Jeremy Allison <jra at samba.org>
Date: Tue Sep 6 17:26:58 2022 -0700
s3: libsmb: In cli_unlink_send() (SMBunlink) check for DFS pathname.
smbtorture3: SMB1-DFS-OPERATIONS: test_smb1_unlink() shows
SMBunlink uses DFS paths.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
commit 73a6e2b14a1cfbfd7f3572eddaf4d037bee5b3f3
Author: Jeremy Allison <jra at samba.org>
Date: Fri Sep 2 13:18:06 2022 -0700
s3: libsmb: In cli_ntrename_internal_send() (SMBntrename) check for DFS dst pathname.
See smbtorture3: SMB1-DFS-PATHS: test_smb1_ntrename_rename().
and smbtorture3: SMB1-DFS-PATHS: test_smb1_ntrename_hardlink().
Remove the old code that stripped a DFS name from the
destination filename, and go through smb1_dfs_share_path()
as we did for fname_src in the last commit.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
commit f1765c9c7be95b8aacd5275a0c502be8c1afcd58
Author: Jeremy Allison <jra at samba.org>
Date: Fri Sep 2 13:12:51 2022 -0700
s3: libsmb: In cli_ntrename_internal_send() (SMBntrename) check for DFS source pathname.
smbtorture3: SMB1-DFS-PATHS: test_smb1_ntrename_rename() shows
SMBntrename uses DFS for src and dst.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
commit 44bf2bc89a47ead4c7efb77ffa34017dfb9220dc
Author: Jeremy Allison <jra at samba.org>
Date: Fri Sep 2 12:40:19 2022 -0700
s3: libsmb: In cli_cifs_rename_send() (SMBmv) check for DFS dst pathname.
See smbtorture3: SMB1-DFS-PATHS: test_smb1_mv().
Remove the old code that stripped a DFS name from the
destination filename, and go through smb1_dfs_share_path()
as we did for fname_src in the last commit.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
commit 4da3c724d5b3a60cd4af83b0a301b96a0d2ee945
Author: Jeremy Allison <jra at samba.org>
Date: Fri Sep 2 12:33:48 2022 -0700
s3: libsmb: In cli_cifs_rename_send() (SMBmv) check for DFS source pathname.
smbtorture3: SMB1-DFS-PATHS: test_smb1_mv() shows
SMBmv uses DFS for src and dst.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
commit 2d28696efe66c49a969b9de12e2f1a143e1a6d8e
Author: Jeremy Allison <jra at samba.org>
Date: Fri Sep 2 12:27:36 2022 -0700
s3: libsmb: Make cli_setpathinfo_send() (SMBtrans2: TRANSACT2_SETPATHINFO) DFS path aware.
See smbtorture3: SMB1-DFS-PATHS: test_smb1_setpathinfo_XXXX()
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
commit f34fad61fdc28bf9d35a8d5d426b48d5f0c083b0
Author: Jeremy Allison <jra at samba.org>
Date: Fri Sep 2 11:46:08 2022 -0700
s3: smbcacls: Now cli_resolve_path() and cli_list() can handle DFS names we no longer need local_cli_resolve_path().
Remove local_cli_resolve_path(). No more special treatment for DFS names in smbcacls.
Signed-off-by: Jeremy Allison <jra at samba.org>
Signed-off-by: Noel Power <noel.power at suse.com>
commit 3c2a31b43843a31da727b7d4350a8d969a1c4edd
Author: Jeremy Allison <jra at samba.org>
Date: Fri Sep 2 11:44:47 2022 -0700
s3: libsmb: Fix cli_resolve_path() to cope with DFS paths passed in as well as local paths.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
commit d9f0d924795b199c416f72cc1e844e987efed8dd
Author: Jeremy Allison <jra at samba.org>
Date: Thu Sep 1 16:12:35 2022 -0700
s3: libsmb: Fix SMB1 cli_list_old_send() to cope with DFS paths.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
commit 4a9458d03dd1559c67f3ad9210bfce7af6192c61
Author: Jeremy Allison <jra at samba.org>
Date: Thu Sep 1 16:10:49 2022 -0700
s3: libsmb: Fix SMB1 cli_list_trans_send() (SMBtrans2:TRANSACT2_FINDFIRST) to cope with DFS paths.
See smbtorture3: SMB1-DFS-SEARCH-PATHS: test_smb1_findfirst_path
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
commit c98d165e517c9bccb056d22b82ed5a2d591e0483
Author: Jeremy Allison <jra at samba.org>
Date: Thu Sep 1 16:07:10 2022 -0700
s3: libsmb: Add smb1_dfs_share_path() to convert a name into a DFS path if needed.
Not yet used.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
commit dd9cdfb3b1488a5f262767089d456ae9269f72f0
Author: Jeremy Allison <jra at samba.org>
Date: Thu Sep 1 15:32:40 2022 -0700
s3: libsmb: For SMB2 opens on a DFS share, convert to a DFS path if not already done.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
commit 26b4a6951b6ae2a8ba2341d64fa888fe52f6463a
Author: Jeremy Allison <jra at samba.org>
Date: Fri Aug 19 14:59:04 2022 -0700
s3: libsmb: Add cli_dfs_is_already_full_path() function.
Returns true if it's already a fully qualified DFS path.
Not yet used.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
commit 070b73e3f96c46bb4a96a8149c4c77ab3080a946
Author: Jeremy Allison <jra at samba.org>
Date: Thu Sep 1 16:07:34 2022 -0700
s3: libsmb: In cli_list_old_send(), push state->mask into the packet, not just mask.
This doesn't matter right now, but it will when I
add DFS path awareness to cli_list().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
commit ad97a97bd80f22350e7a5014a0a5d251c5e2e57a
Author: Jeremy Allison <jra at samba.org>
Date: Tue Aug 23 17:40:55 2022 -0700
s3: libsmb: Make cli_state_save_tcon()/cli_state_restore_tcon() static.
There are no external callers.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
commit 4e3ea1b2e723f1de3225112311e5fe38fa69683f
Author: Jeremy Allison <jra at samba.org>
Date: Tue Aug 23 17:37:48 2022 -0700
s3: smbcacls: In cli_lsa_lookup_domain_sid(), replace cli_state_save_tcon()/cli_state_restore_tcon() with cli_state_save_tcon_share()/cli_state_restore_tcon_share().
There are now no more external users of cli_state_save_tcon()/cli_state_restore_tcon()
so we can make them static.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
commit fddade459f2512709cf0e2e4b9b45de540f4e29f
Author: Jeremy Allison <jra at samba.org>
Date: Tue Aug 23 17:34:43 2022 -0700
s3: utils: In show_userlist() replace cli_state_save_tcon()/cli_state_restore_tcon() with cli_state_save_tcon_share()/cli_state_restore_tcon_share().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
commit d116a079e99227140292d020318d381985c350b0
Author: Jeremy Allison <jra at samba.org>
Date: Tue Aug 23 17:32:46 2022 -0700
s3: torture: In run_tcon_test() replace cli_state_save_tcon()/cli_state_restore_tcon() with cli_state_save_tcon_share()/cli_state_restore_tcon_share().
Also fix a comment in run_uid_regression_test().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
commit cf02ed2f6054325dfbcf3d98ba1b9f5d454b100e
Author: Jeremy Allison <jra at samba.org>
Date: Tue Aug 23 17:30:14 2022 -0700
s3: torture: In run_smb2_basic(), replace cli_state_save_tcon()/cli_state_restore_tcon() with cli_state_save_tcon_share()/cli_state_restore_tcon_share().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
commit fcf090279e29ce72a6aee2b6059b168f7a479d91
Author: Jeremy Allison <jra at samba.org>
Date: Tue Aug 23 17:28:21 2022 -0700
s3: libsmb: In cli_check_msdfs_proxy() replace cli_state_save_tcon()/cli_state_restore_tcon() with cli_state_save_tcon_share()/cli_state_restore_tcon_share().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
commit 83dab4238cd12592d84dd5898b25463d58fb546f
Author: Jeremy Allison <jra at samba.org>
Date: Tue Aug 23 17:25:40 2022 -0700
s3: libsmb: In cli_lsa_lookup_name() replace cli_state_save_tcon()/cli_state_restore_tcon() with cli_state_save_tcon_share()/cli_state_restore_tcon_share().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
commit 73fde1fbbf0fe569c49bfdcd49bc5efe31c7d891
Author: Jeremy Allison <jra at samba.org>
Date: Tue Aug 23 17:18:16 2022 -0700
s3: libsmb: In cli_lsa_lookup_sid() replace cli_state_save_tcon()/cli_state_restore_tcon() with cli_state_save_tcon_share()/cli_state_restore_tcon_share().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
commit c3c716498502e5f1a833a469e0a4936a9668338e
Author: Jeremy Allison <jra at samba.org>
Date: Tue Aug 23 17:13:58 2022 -0700
s3: libsmb: Add pair cli_state_save_tcon_share()/cli_state_restore_tcon_share().
Wraps cli_state_save_tcon()//cli_state_restore_tcon() but
also returns cli->sharename.
We are going to replace all uses of cli_state_save_tcon()/cli_state_restore_tcon()
so we also save/restore the cli->share for DFS purposes.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviwed-by: Noel Power <npower at samba.org>
commit dfd7c6ca784d3bfd79aa1c238b22e3e9a778334c
Author: Jeremy Allison <jra at samba.org>
Date: Fri Sep 2 11:00:09 2022 -0700
s3: libsmb: Cleanup - remove unused fname_src parameter from cli_dfs_target_check().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
commit c7749103b22f83f7193267e9593ae6610c04dedf
Author: Jeremy Allison <jra at samba.org>
Date: Wed Sep 7 12:50:25 2022 -0700
s3: libsmb: Add missing memory allocation fail check in cli_openx_create().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
commit a213a371aeb2fae4df0f41e85faca2cfd38f6447
Author: Jeremy Allison <jra at samba.org>
Date: Wed Sep 7 11:12:08 2022 -0700
s3: libsmb: Add missing memory allocation fail checks in cli_ntcreate1_send().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
commit 95bd776d2a3167467f5ad9249049d982848886e3
Author: Jeremy Allison <jra at samba.org>
Date: Fri Sep 9 09:35:38 2022 -0700
s3: smbtorture3: Add test_smb1_qpathinfo() DFS test to run_smb1_dfs_operations().
Passes against Windows.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Sep 14 18:37:06 UTC 2022 on sn-devel-184
commit 85dc30f95982cbb24620c11bf78c96417c70ca7a
Author: Jeremy Allison <jra at samba.org>
Date: Thu Sep 8 14:24:38 2022 -0700
s3: smbtorture3: Add test_smb1_ctemp() DFS test to run_smb1_dfs_operations().
NB. This passes against Windows, but SMBctemp is broken on a Windows DFS
share and always returns NT_STATUS_FILE_IS_A_DIRECTORY.
When we fix the Samba server to correctly process DFS
pathnames we'll have to change this test to understand
it's running against smbd and modify the expected behavior
to match a working server.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
commit 7b5955dcd5a8452fc6be8b251f44d9f236bb3eff
Author: Jeremy Allison <jra at samba.org>
Date: Thu Sep 8 12:23:23 2022 -0700
s3: smbtorture3: Add test_smb1_chkpath() DFS test to run_smb1_dfs_operations().
Passes against Windows.
Signed-off-by: Jeremy Allison <jra at samba.org>
Signed-off--by: Noel Power <npower at samba.org>
commit 5cbb8abc1b0ade63a80a1e77969c1d0b67ad5506
Author: Jeremy Allison <jra at samba.org>
Date: Thu Sep 8 11:45:54 2022 -0700
s3: smbtorture3: Add test_smb1_setatr() DFS test to run_smb1_dfs_operations().
Passes against Windows.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
commit 243433bd57aeceb6c37a26dc62bb7bce8f6dac19
Author: Jeremy Allison <jra at samba.org>
Date: Wed Sep 7 16:04:03 2022 -0700
s3: smbtorture3: Add test_smb1_getatr() DFS test to run_smb1_dfs_operations().
Passes against Windows.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
commit cc3d76d877b395a25266476fd29266641fe077c7
Author: Jeremy Allison <jra at samba.org>
Date: Wed Sep 7 15:42:09 2022 -0700
s3: smbtorture3: Add test_smb1_create() DFS test to run_smb1_dfs_operations().
Tests SMBcreate and SMBmknew.
Passes against Windows.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
commit f1475e64b07d7864c6465e9ada72a218a81eeb86
Author: Jeremy Allison <jra at samba.org>
Date: Wed Sep 7 15:26:55 2022 -0700
s3: smbtorture3: Add test_smb1_open() DFS test to run_smb1_dfs_operations().
Passes against Windows.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
commit ad472f7741adeb8c1210d63dc20cba954cf5649d
Author: Jeremy Allison <jra at samba.org>
Date: Wed Sep 7 12:48:53 2022 -0700
s3: smbtorture3: Add test_smb1_openx() DFS test to run_smb1_dfs_operations().
Passes against Windows.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
commit 4e8e78e2345c1de4955039809487492ded4d737f
Author: Jeremy Allison <jra at samba.org>
Date: Wed Sep 7 12:03:08 2022 -0700
s3: smbtorture3: Add test_smb1_nttrans_create() DFS test to run_smb1_dfs_operations().
Passes against Windows.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
commit 18bdcd85e4b24647d1225b79ff7f9607e753df2e
Author: Jeremy Allison <jra at samba.org>
Date: Wed Sep 7 11:23:45 2022 -0700
s3: smbtorture3: Add test_smb1_ntcreatex() DFS test to run_smb1_dfs_operations().
Passes against Windows.
Signed-off-by: Jeremy Allison <jra at samba.org>
commit f7b06ea37c6aba15a62a905192a46fcc5211871a
Author: Jeremy Allison <jra at samba.org>
Date: Wed Sep 7 10:41:53 2022 -0700
s3: smbtorture3: Add test_smb1_rmdir() DFS test to run_smb1_dfs_operations().
Passes against Windows.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
commit 2eb561f0a7c1340227c7197946c7d4524c2e6b43
Author: Jeremy Allison <jra at samba.org>
Date: Tue Sep 6 17:49:05 2022 -0700
s3: smbtorture3: Add test_smb1_mkdir() DFS test to run_smb1_dfs_operations().
Passes against Windows.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
commit ddc88e5c5ab4e62869816e38ea619e9f48fd46f4
Author: Jeremy Allison <jra at samba.org>
Date: Tue Sep 6 17:25:18 2022 -0700
s3: smbtorture3: Add an SMB1 operations torture tester.
Only tests SMB1unlink for now, but I will add other operations
later.
smbtorture3 test is: SMB1-DFS-OPERATIONS.
Passes fully against Windows. Adds knownfail for smbd.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
commit 84e44cff39b58985f53d6440c508abb7dfb41fd7
Author: Jeremy Allison <jra at samba.org>
Date: Thu Sep 8 16:42:26 2022 -0700
s3: smbtorture3: Add a new test SMB2-NON-DFS-SHARE.
This one is tricky. It sends SMB2 DFS pathnames to a non-DFS
share, and sets the SMB2 flag FLAGS2_DFS_PATHNAMES in the SMB2
packet.
Windows will have non of it and (correctly) treats the pathnames
as local paths (they're going to a non-DFS share). Samba fails.
This proves the server looks as the share DFS capability to
override the flag in the SMB2 packet.
Passes against Windows. Added knownfail for Samba.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
commit 8ae0c38d54f065915e927bbfe1b656400a79eb13
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Aug 2 14:43:19 2022 +1200
CVE-2021-20251 s3: Ensure bad password count atomic updates for SAMR AES password change
The bad password count is supposed to limit the number of failed login
attempt a user can make before being temporarily locked out, but race
conditions between processes have allowed determined attackers to make
many more than the specified number of attempts. This is especially
bad on constrained or overcommitted hardware.
To fix this, once a bad password is detected, we reload the sam account
information under a user-specific mutex, ensuring we have an up to
date bad password count.
We also update the bad password count if the password is wrong, which we
did not previously do.
Derived from a similar patch to source3/auth/check_samsec.c by
Jeremy Allison <jra at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Tue Sep 13 00:08:07 UTC 2022 on sn-devel-184
commit 1d869a2a666cfada1495d891021de6c2b8567a96
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Aug 2 14:43:09 2022 +1200
CVE-2021-20251 s3:rpc_server: Split change_oem_password() call out of samr_set_password_aes()
Now samr_set_password_aes() just returns the new password in a similar
manner to check_oem_password(). This simplifies the logic for the
following change to recheck whether the account is locked out, and to
update the bad password count.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 7981cba87e3a7256b12bfc5fdd89b136c12979ff
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Aug 2 14:40:01 2022 +1200
CVE-2021-20251 dsdb/common: Remove transaction logic from samdb_set_password()
All of its callers, where necessary, take out a transaction covering the
entire password set or change operation, so a transaction is no longer
needed here.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit fcabcb326d385c1e1daaa8dae9820e33a3868f56
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Aug 2 14:39:43 2022 +1200
CVE-2021-20251 s4-rpc_server: Extend scope of transaction for ChangePasswordUser3
Now the initial account search is performed under the transaction,
ensuring the overall password change is atomic. We set DSDB_SESSION_INFO
to drop our privileges to those of the user before we perform the actual
password change, and restore them afterwards if we need to update the
bad password count.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit f74f92aea164af40d9177b332778a76d7ecabcbd
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Aug 2 14:39:06 2022 +1200
CVE-2021-20251 s4-rpc_server: Use user privileges for SAMR password change
We don't (and shouldn't) need system prvileges to perform the password
change, so drop to the privileges of the user by setting
DSDB_SESSION_INFO. We need to reuse the same sam_ctx: creating a new one
with only user privileges would not work, because any database
modifications would be blocked by the transaction taken out on the
original context.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit fabbea25310a31c0409b1c11eaced39bd8cde8dd
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Aug 2 14:37:52 2022 +1200
CVE-2021-20251 s4-rpc_server: Use authsam_search_account() to find the user
This helps the bad password and audit log handling code as it
allows assumptions to be made about the attributes found in
the variable "msg", such as that DSDB_SEARCH_SHOW_EXTENDED_DN
was used.
This ensures we can re-search on the DN via the embedded GUID,
which in in turn rename-proof.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 1258746ba85b8702628f95a19aba9afea96eab8b
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Sep 6 14:54:08 2022 +1200
s3:rpc_server: Use BURN_STR() to zero password
This ensures these calls are not optimised away.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 6edf88f5c40421b9881666a2e78038ea9c547c24
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Aug 2 14:35:50 2022 +1200
libcli:auth: Keep passwords from convert_string_talloc() secret
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 03a50d8f7d872b6ef701d1207061c88b73d171bb
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Aug 2 14:35:33 2022 +1200
lib:util: Check memset_s() error code in talloc_keep_secret_destructor()
Panic if memset_s() fails.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 65c473d4a53fc8a22a0d531aff45203ea3a4d99b
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Jul 5 20:17:33 2022 +1200
CVE-2021-20251 s3: Ensure bad password count atomic updates for SAMR password change
The bad password count is supposed to limit the number of failed login
attempt a user can make before being temporarily locked out, but race
conditions between processes have allowed determined attackers to make
many more than the specified number of attempts. This is especially
bad on constrained or overcommitted hardware.
To fix this, once a bad password is detected, we reload the sam account
information under a user-specific mutex, ensuring we have an up to
date bad password count.
Derived from a similar patch to source3/auth/check_samsec.c by
Jeremy Allison <jra at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 8587734bf989aeaafa9d09d78d0f381caf52d285
Author: Jeremy Allison <jra at samba.org>
Date: Mon Jan 11 12:11:35 2021 -0800
CVE-2021-20251 s3: ensure bad password count atomic updates
The bad password count is supposed to limit the number of failed login
attempt a user can make before being temporarily locked out, but race
conditions between processes have allowed determined attackers to make
many more than the specified number of attempts. This is especially
bad on constrained or overcommitted hardware.
To fix this, once a bad password is detected, we reload the sam account
information under a user-specific mutex, ensuring we have an up to
date bad password count.
Discovered by Nathaniel W. Turner.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 268ea7bef5af4b9c8a02f4f5856113ff0664d9e8
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Mon Jul 4 20:51:38 2022 +1200
CVE-2021-20251 s4:auth_winbind: Check return status of authsam_logon_success_accounting()
This may return an error if we find the account is locked out.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit a268a1a0e304d0702469e4ac146d8af5e7384c39
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Sat Jul 9 15:55:02 2022 +1200
CVE-2021-20251 s4-rpc_server: Check badPwdCount update return status
If the account has been locked out in the meantime (indicated by
NT_STATUS_ACCOUNT_LOCKED_OUT), we should return the appropriate error
code.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit bdfc9d96f8fe5070ab8a189bbf42ccb7e77afb73
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Sat Jul 9 15:54:52 2022 +1200
CVE-2021-20251 s4:kdc: Check badPwdCount update return status
If the account has been locked out in the meantime (indicated by
NT_STATUS_ACCOUNT_LOCKED_OUT), we should return the appropriate error
code.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit b1e740896ebae14ba64250da2f718e1d707e9eed
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Fri Jul 1 15:04:41 2022 +1200
CVE-2021-20251 s4:kdc: Check return status of authsam_logon_success_accounting()
If we find that the user has been locked out sometime during the request
(due to a race), we will now return an error code.
Note that we cannot avoid the MIT KDC aspect of the issue by checking
the return status of mit_samba_zero_bad_password_count(), because
kdb_vftabl::audit_as_req() returning void means we cannot pass on the
result.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 2b593c34c4f5cb82440b940766e53626c1cbec5b
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Wed Jul 6 11:11:43 2022 +1200
CVE-2021-20251 s4:kdc: Move logon success accounting code into existing branch
This simplifies the code for the following commit.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 96479747bdb5bc5f33d903085f5f69793f369e3a
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Sat Jul 9 15:54:12 2022 +1200
CVE-2021-20251 s4:dsdb: Make badPwdCount update atomic
We reread the account details inside the transaction in case the account
has been locked out in the meantime. If it has, we return the
appropriate error code.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit a65147a9e98ead70869cdfa20ffcc9c167dbf535
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Sat Jul 9 15:44:21 2022 +1200
CVE-2021-20251 s4:dsdb: Update bad password count inside transaction
Previously, there was a gap between calling dsdb_update_bad_pwd_count()
and dsdb_module_modify() where no transaction was in effect. Another
process could slip in and modify badPwdCount, only for our update to
immediately overwrite it. Doing the update inside the transaction will
help for the following commit when we make it atomic.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit d8a862cb811489abb67d4cf3a7fbd83d05c7e5cb
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Sat Jul 9 15:53:51 2022 +1200
CVE-2021-20251 s4-auth: Pass through error code from badPwdCount update
The error code may be NT_STATUS_ACCOUNT_LOCKED_OUT, which we use in
preference to NT_STATUS_WRONG_PASSWORD.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit b5f78b7b895a6b92cfdc9221b18d67ab18bc2a24
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Mar 30 16:48:31 2021 +1300
CVE-2021-20251 auth4: Avoid reading the database twice by precaculating some variables
These variables are not important to protect against a race with
and a double-read can easily be avoided by moving them up the file
a little.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 712181032a47318576ef35f6a6cf0f958aa538fb
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Mar 25 15:33:08 2021 +1300
CVE-2021-20251 auth4: Inline samdb_result_effective_badPwdCount() in authsam_logon_success_accounting()
By bringing this function inline it can then be split out in a
subsequent commit.
Based on work by Gary Lockyer <gary at catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 55147335aec8194b6439169b040556a96db22e95
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Mar 25 14:42:39 2021 +1300
CVE-2021-20251 auth4: Split authsam_calculate_lastlogon_sync_interval() out
authsam_calculate_lastlogon_sync_interval() is split out of authsam_update_lastlogon_timestamp()
Based on work by Gary Lockyer <gary at catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit b954acfde258a1909ed60c1c3e1015701582719f
Author: Gary Lockyer <gary at catalyst.net.nz>
Date: Thu Mar 25 11:30:59 2021 +1300
CVE-2021-20251 auth4: Return only the result message and free the surrounding result
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 4a9e0fdccfa218fbb2c3eb87e1a955ade0364b98
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Mar 30 16:35:44 2021 +1300
CVE-2021-20251 auth4: Add missing newline to debug message on PSO read failure
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit de4cc0a3dae89f3e51a099282615cf80c8539e11
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Mar 30 18:01:39 2021 +1300
CVE-2021-20251 s4 auth: make bad password count increment atomic
Ensure that the bad password count is incremented atomically,
and that the successful logon accounting data is updated atomically.
Use bad password indicator (in a distinct TDB) to determine if to open a transaction
We open a transaction when we have seen the hint that this user
has recorded a bad password. This allows us to avoid always
needing one, while not missing a possible lockout.
We also go back and get a transation if we did not take out
one out but we chose to do a write (eg for lastLogonTimestamp)
Based on patches by Gary Lockyer <gary at catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 336e303cf1962b56b64c0d9d2b05ac15d00e8692
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Jul 5 20:17:49 2022 +1200
CVE-2021-20251 auth4: Detect ACCOUNT_LOCKED_OUT error for password change
This is more specific than NT_STATUS_UNSUCCESSFUL, and for the SAMR
password change, matches the result the call to samdb_result_passwords()
would give.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit d6cf245b96fb02edb3bcc52733d040d5f03fb918
Author: Gary Lockyer <gary at catalyst.net.nz>
Date: Tue Feb 9 11:59:05 2021 +1300
CVE-2021-20251 s4 auth test: Unit tests for source4/auth/sam.c
cmocka unit tests for the authsam_reread_user_logon_data in
source4/auth/sam.c
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 7b8e32efc336fb728e0c7e3dd6fbe2ed54122124
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Mar 30 17:57:10 2021 +1300
CVE-2021-20251 auth4: Reread the user record if a bad password is noticed.
As is, this is pointless, as we need a transaction to make this
any less of a race, but this provides the steps towards that goal.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 408717242aad8adf4551f2394eee2d80a06c7e63
Author: Gary Lockyer <gary at catalyst.net.nz>
Date: Wed Jan 27 14:24:58 2021 +1300
CVE-2021-20251 s4 auth: Prepare to make bad password count increment atomic
To ensure that the bad password count is incremented atomically,
and that the successful logon accounting data is updated atomically,
without always opening a transaction, we will need to make a note
of all bad and successful passwords in a side-DB outside the
transaction lock.
This provides the functions needed for that and hooks them in
(future commits will handle errors and use the results).
Based on patches by Gary Lockyer <gary at catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 2087b0cd986b8959b2a402b9a1891472e47ca0b0
Author: Gary Lockyer <gary at catalyst.net.nz>
Date: Tue Mar 16 10:52:58 2021 +1300
CVE-2021-20251 auth4: split samdb_result_msds_LockoutObservationWindow() out
samdb_result_msds_LockoutObservationWindow() is split out of
samdb_result_effective_badPwdCount()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 439f96a2cfe77f6cbf331d965a387512c2db91c6
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Mar 30 10:51:26 2021 +1300
CVE-2021-20251 s4-rpc_server: Use authsam_search_account() to find the user
This helps the bad password and audit log handling code as it
allows assumptions to be made about the attributes found in
the variable "msg", such as that DSDB_SEARCH_SHOW_EXTENDED_DN
was used.
This ensures we can re-search on the DN via the embedded GUID,
which in in turn rename-proof.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 91e2e5616ccd507fcaf097533c5fc25974119c1e
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Mon Jul 4 20:48:48 2022 +1200
CVE-2021-20251 tests/krb5: Add tests for password lockout race
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 4bb9d85fed8498566bdb87baa71a3147806baafc
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Aug 2 14:35:19 2022 +1200
CVE-2021-20251 lib:crypto: Add Python functions for AES SAMR password change
These functions allow us to perform key derivation and AES256 encryption
in Python. They will be used in a following commit.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 17b8d164f69a5ed79d9b7b7fc2f3f84f8ea534c8
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Wed Jul 13 14:20:59 2022 +1200
CVE-2021-20251 lib:crypto: Add md4_hash_blob() for hashing data with MD4
This lets us access MD4, which might not be available in hashlib, from
Python. This function is used in a following commit for hashing a
password to obtain the verifier for a SAMR password change.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit b27a67af0216811d330d8a4c52390cf4fc04b5fd
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Wed Jul 6 15:36:26 2022 +1200
CVE-2021-20251 lib:crypto: Add des_crypt_blob_16() for encrypting data with DES
This lets us access single-DES from Python. This function is used in a
following commit for encrypting an NT hash to obtain the verifier for a
SAMR password change.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 121e439e24a9c03ae900ffca1ae1dda8e059008c
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Aug 2 14:34:55 2022 +1200
lib:crypto: Use constant time memory comparison to check HMAC
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit cec59b82f7041a305c228091a84257c28e0818d5
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Aug 2 14:34:26 2022 +1200
lib:crypto: Check for overflow before filling pauth_tag array
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 03f0e4d55be80a1a6dcc0dba8e6ed74d9da63dc3
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Aug 2 15:21:43 2022 +1200
s4:torture: Zero samr_UserInfo union in password set test
If init_samr_CryptPasswordAES() does not fill the
u.info31.password.auth_data array completely, we may be comparing
uninitialised bytes.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit f9850c776f81d596ffbd2761c85fe7a72d369bae
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Aug 2 15:19:02 2022 +1200
lib:crypto: Zero auth_tag array in encryption test
If samba_gnutls_aead_aes_256_cbc_hmac_sha512_encrypt() does not fill the
array completely, we may be comparing uninitialised bytes.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 6932ccf3ccffbd9ab1907c4fb39b46c971e88d49
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Aug 2 14:01:59 2022 +1200
s3:rpc_server: Fix typo in error message
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit c9a71e07ad1b14f5dcd96ecce8e92f67a92b041f
Author: Jeremy Allison <jra at samba.org>
Date: Wed Sep 7 15:15:38 2022 -0700
s3: smbtorture: In run_smb1_dfs_paths() ensure we're actually reading and testing crtimes from the filesystem.
Ensures crtime of the root of the share and a newly created
file crtime are different. Should help avoid mistakes like the
error fixed by the previous commit.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
Autobuild-User(master): Noel Power <npower at samba.org>
Autobuild-Date(master): Mon Sep 12 16:21:23 UTC 2022 on sn-devel-184
commit 15f464a3886c40ce2459fc06c6c94506288f65f7
Author: Jeremy Allison <jra at samba.org>
Date: Wed Sep 7 15:13:45 2022 -0700
s3: smbtorture3: Fix invalid tests for file identity.
The test SMB1-DFS-PATHS was using the file ino number
to check for file identity, fetching it using cli_qfileinfo_basic().
This works for SMB2, but the info level used by this for SMB1
(SMB_QUERY_FILE_ALL_INFO) doesn't return the ino number, so
all comparisons were succeeding as zero.
Change to using crtime (create time) for identity comparison
instead. This fix is mostly a rename of ino -> crtime, with
some changes around the tests and printf on error, but it
is easier to do in one go.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
commit 66289ab678ebe998673e7cec510702ef40bbcd79
Author: Andreas Schneider <asn at samba.org>
Date: Fri Sep 9 12:32:57 2022 +0200
s4:kdc: Set Kerberos debug class for all KDC files
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Mon Sep 12 03:27:55 UTC 2022 on sn-devel-184
commit 534b88dea210f5a35c16031d1c3a97bf182dd5a8
Author: Björn Jacke <bj at sernet.de>
Date: Sun Sep 11 21:35:07 2022 +0200
docs-xml: some fixes and updates for ea and acl docs in smb.conf
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 3ce1d2fde5dac8a9da2ff0a91ec104cb52d0c6bd
Author: Michael Tokarev <mjt at tls.msk.ru>
Date: Fri Sep 9 13:45:38 2022 -0700
Fix spelling mistakes.
Signed-off-by: Michael Tokarev <mjt at tls.msk.ru>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon Sep 12 02:29:32 UTC 2022 on sn-devel-184
commit dadd32238822c6f2ee10cd55442c88e2034fb11a
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Fri Mar 4 16:23:32 2022 +1300
tests/krb5: Add claims tests
Based on tests originally written by Stefan Metzmacher <metze at samba.org>
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Fri Sep 9 01:11:05 UTC 2022 on sn-devel-184
commit 8b8a268084b494e61a8e41e0ee11916474cc3bbd
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Mon Mar 7 17:07:03 2022 +1300
tests/krb5: Allow specifying sname for getting service ticket
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 6170d46cdd77da1ed2ae6f19b893fad74cd21196
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Fri Mar 4 16:22:07 2022 +1300
tests/krb5: Check claims buffers
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit fa90633b8109696c923e4559a17b82761f4dc486
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Fri Mar 4 16:21:19 2022 +1300
tests/krb5: Add xpress (de)compression functions
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 200823404335cb781b18e5be25934a2625018dd1
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Fri Mar 4 16:20:18 2022 +1300
tests/krb5: Add function for creating claims
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 88c9e2af205cc8327d4977b9ca0ea626b6a3c1e1
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Fri Mar 4 16:17:40 2022 +1300
krb5pac.idl: Add definitions for claims PAC buffers
The PAC device info definition comes from [MS-PAC] 2.12.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit e53455497c90be9665905fa878efb40872efa09b
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Fri Sep 9 11:02:01 2022 +1200
claims.idl: Add claim type definitions
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit 761ce8cfe41139ab5656dec5cc05f2f576095216
Author: Andreas Schneider <asn at samba.org>
Date: Tue Sep 6 10:19:54 2022 +0200
s4:kdc: Set kerberos debug class for kdc service
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu Sep 8 23:34:15 UTC 2022 on sn-devel-184
commit a88bb04ca233cbe19aa9bae1cc5078274785cb4d
Author: Andreas Schneider <asn at samba.org>
Date: Tue Sep 6 10:06:37 2022 +0200
selftest: Add Address Sanitizer suppressions
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 7800097af4e8ba071b31cecaf19a76b0e4b8a053
Author: Andreas Schneider <asn at samba.org>
Date: Tue Sep 6 10:06:05 2022 +0200
selftest: Create asan_options variable
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 1591d7bdbf045bee45e7e2775a7be464fe236d1c
Author: Andreas Schneider <asn at samba.org>
Date: Tue Sep 6 08:59:56 2022 +0200
selftest: Fix address sanitizer with python3
==9542==AddressSanitizer: failed to intercept 'crypt'
==9542==AddressSanitizer: failed to intercept 'crypt_r'
[..]
AddressSanitizer:DEADLYSIGNAL
=================================================================
==29768==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x000000000000 bp 0x7ffcec4bf3c0 sp 0x7ffcec4beb58 T0)
==29768==Hint: pc points to the zero page.
==29768==The signal is caused by a READ memory access.
==29768==Hint: address points to the zero page.
#0 0x0 (<unknown module>)
#1 0x7f052cca4129 in crypt_crypt_impl /usr/src/debug/python310-core-3.10.6-3.1.x86_64/Modules/_cryptmodule.c:44
We would need to build python without --as-needed as we can't so that
we need to preload the library to avoid a segfault.
See also: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98669
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 08dda9cefdddf6953ac54b282e8b0e434426d1d6
Author: Andreas Schneider <asn at samba.org>
Date: Tue Sep 6 08:48:49 2022 +0200
selftest: Remove tailing whitspaces in selftest.pl
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 6b9018d3c98113c6984a1fe65cce42771ccb4600
Author: Andreas Schneider <asn at samba.org>
Date: Tue Sep 6 08:47:47 2022 +0200
waf: Do not use as-needed if we build with Address Sanitizer
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98669
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit b475e02066437920b671bdd0f91602f4f5b7c5f0
Author: Andreas Schneider <asn at samba.org>
Date: Thu Sep 8 10:32:38 2022 +0200
s4:gensec: Do not link subsystems against dlopen() modules!
This is not a shared library. This only worked because we use
'--as-needed' as linker option.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit b5013634175ef4b0a32e120e8b5806ad7283623b
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed Sep 7 22:17:41 2022 +1200
pytest samba-tool forest: use runcmd
This is an example/test to show how runsublevelcmd() converts into
runcmd() whilst ensuring it works.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 098886946fae21e67574cf931047bdae233cbbf0
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed Sep 7 22:17:05 2022 +1200
make runcmd, runsubcmd, exact aliases
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 273797d8cf937eaa9262ad5b9f860d3f9a0fb0c4
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed Sep 7 16:57:46 2022 +1200
pytest: samba-tool: coalesce run*cmd functions
We have had three different functions for resolving samba-tool commands,
depending on whether they are nested 1, 2, or n deep (where n could also
be 1 or 2). This API evolved around a separation of sub-command names and
options, so that the Command that was eventually found could be given the
right outf and errf.
Now we can just use the same outf and errf for all levels, and we can not
care about this distinction.
All these functions are now synonyms, and we keep them all for now for
backward-compatibility.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 4bfcd16a3c6af3fc21d9c57f8fbdb2ea5fd15f25
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Thu Sep 8 10:17:54 2022 +1200
samba-tool: binary uses samba_tool function
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit a1c615f87de8184eeb7ba7fb5f959a0b6a5ccac3
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Thu Sep 8 20:27:33 2022 +1200
pytest/samba-tool: entry function follows too logic
To further align the logic of the tool and the tests, we use
the same logic in the test function as in samba-tool. In
effect, this means the function is even less likely to raise
an exception, rahter printing it out and returning an error code.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 8b23ef30032416e074efbe6db991dfb0744eb54d
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed Sep 7 22:04:08 2022 +1200
pytest/password-lockout: fix using samba_tool function
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 202182e0fdc58388a5c4b0de0b94aa5431c01018
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed Sep 7 22:03:16 2022 +1200
pytest/samba_dnsupdate: fix using samba-tool function
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit c41887d903fc5a4f384dd6ef2166fd6288406e11
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed Sep 7 22:03:47 2022 +1200
pytest/netcmd: fix for new samba-tool api
In this case we are skipping _resolve().
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 5247c87cc2ce756196a1d0354d20327870cb36a4
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Thu Sep 8 10:00:36 2022 +1200
samba-tool: add a convenience function that does it all
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 153ad8fc3a90446fe25108a8ba4f41812e9b2462
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Thu Sep 8 08:56:45 2022 +1200
samba-tool: command that has exception, shows exception
This will make a difference to the string printed in the cases that
call self.usage(), resulting in more specified usage for the
sub-command. It would also matter if the samba-tool sub-command had a
different .show_command_error() or .errf, but I don't think that
happens.
Note: usually command._run() will have caught and shown the exception,
returning -1.
We also rename away 'cmd' so we don't again imagine it is the command
we are running.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 304ac5bb777029701b79b4f64370643865d3ee4f
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed Sep 7 16:33:33 2022 +1200
samba-tool: _resolve() can set outf, errf
We catch output in outf and errf for testing, which we currently do
with
cmd.outf = self.stringIO()
cmd.errf = self.stringIO()
on the final resolved commands. But this does not catch the output of
the super-commands, of which we normally expect none. Using
supercmd._resolve(*args, outf=self.stringIO(), errf=self.stringIO())
will redirect output all the way up the chain.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit ed78786989779f31d97de2aa81b06ef0c0ad7f39
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed Sep 7 15:07:43 2022 +1200
samba-tool: more conventional usage of parser.parse_args
By default parse_args will use sys.argv[1:], which is to say the
command-line without the command name. We have always fed it the
equivalent of sys.argv, then trimmed the command off the result. That
was a bit silly.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 9ec0863ff244494ba1b3fdc1b2d3be38e195e146
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed Sep 7 15:34:23 2022 +1200
samba-tool: separate ._run() from command resolution
Prior to this commit, in super-commands, the first half of the _run()
is resolving what sub-command to run, and the second half is working
out what to print if that failed. Some issues with that are:
* it looks a little bit complicated.
* the tests can't use the tool's resolution code, because it runs
immediately, while the tests first want to fiddle with self.outf
and so on.
* it makes it harder to subclass and override the resolution code, so
instead we do strange things like where we subclass dict as in
main.py.
So we split it into ._resolve() and ._run().
There are a few tests that break. We mark these as flapping, rather
than knownfail, so as to avoid going into extremely fine-grain filters
for tests that will be fixed within a few commits.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 8b403ab7c55aa3f269b38b19553f50303012025c
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Tue Aug 16 13:43:54 2022 +1200
samba-tool: do not crash on unimplemented .run()
The run() method is always called with arguments, so it crashes before
the NotImplementedError() is ever reached. That's OK, but this is better.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 8132edf119757ee91070facffef016c93de9c2a6
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Aug 24 16:11:06 2022 +0200
s3:libads: let cldap_ping_list() use cldap_multi_netlogon()
We have a list of ip addresses, so we can request them
all together under a single timeout, instead of asking
each ip with it's own timeout.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Thu Sep 8 08:12:46 UTC 2022 on sn-devel-184
commit ab6b9465eda9f219bbed3bd65e89668e5e2c93c6
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Aug 24 16:36:17 2022 +0200
s3:libads: split out ads_fill_cldap_reply() out of ads_try_connect()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit c2e235efd402719f963b0147f795aacf86878bd7
Author: Andrew Walker <awalker at ixsystems.com>
Date: Tue Sep 6 16:45:58 2022 -0400
s3:modules - fix read of uninitialized memory
For loop accesses entry->next after entry
has been removed from list in glfs_clear_preopened().
Signed-off-by: Andrew Walker <awalker at ixsystems.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Sep 7 19:40:17 UTC 2022 on sn-devel-184
commit 1dc8a996a341868091840bdb1479b7a02f2766cd
Author: Volker Lendecke <vl at samba.org>
Date: Tue Sep 6 20:52:27 2022 +0200
ntlm_auth: Remove an unused #include
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit f1050f5ba840ab27db6730d9f54eae184ed93d41
Author: Volker Lendecke <vl at samba.org>
Date: Tue Sep 6 10:43:29 2022 +0200
torture3: Pass NULL to ReadDirName
Do the necessary fstat manually
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 4a54e3f28f7e4f80250203febd3ef74390235e3e
Author: Volker Lendecke <vl at samba.org>
Date: Tue Sep 6 09:29:18 2022 +0200
smbd: Remove an unused variable
ReadDirName happily takes NULL for "sbuf"
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 04e127d952b36f5ae1039f688bca6e678a2f211a
Author: Volker Lendecke <vl at samba.org>
Date: Tue Sep 6 09:16:14 2022 +0200
torture3: Remove an unused variable
ReadDirName happily takes NULL for "sbuf"
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 5a4098ae60aeec7e1ffd7ccff13156e360871a62
Author: Volker Lendecke <vl at samba.org>
Date: Tue Sep 6 09:07:31 2022 +0200
smbd: Remove unused variables
ReadDirName happily takes NULL for "sbuf"
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit d74a5a7c741e5351e844b384e53d13af04ac102a
Author: Volker Lendecke <vl at samba.org>
Date: Mon Sep 5 15:31:19 2022 +0200
smbd: Shorten long lines
This code is young enough to justify a README.Coding patch, at least
IMO.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit f14a45275be4a0276d6eaec77221e756035bcbf6
Author: Volker Lendecke <vl at samba.org>
Date: Mon Sep 5 13:08:54 2022 +0200
smbtorture3: Avoid an "else"
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 47e2df56f6d9534fb89cd18a939abe750ed8952c
Author: Volker Lendecke <vl at samba.org>
Date: Tue Sep 6 12:35:20 2022 +0200
ldb: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 9aca11a71a4239af089064fb7795c15791c989a3
Author: Volker Lendecke <vl at samba.org>
Date: Tue Sep 6 12:15:14 2022 +0200
ldb: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 9d432f3c1a4e20ac85e0affa5336cf81412db464
Author: Volker Lendecke <vl at samba.org>
Date: Wed Aug 31 17:35:42 2022 +0200
librpc: Simplify ndr_size_dom_sid28()
Don't duplicate the calculation
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 2ae7ad97ab2837df96a979073c7462b689ac0038
Author: Volker Lendecke <vl at samba.org>
Date: Wed Aug 31 17:35:03 2022 +0200
librpc: Simplify ndr_size_dom_sid28()
all_zero() treats a NULL pointer as true.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit c3855fb6823ca49189659663232bfc380e197a7c
Author: Volker Lendecke <vl at samba.org>
Date: Thu Sep 1 12:30:57 2022 +0200
smbd: Save a few lines by using tevent_req_nterror()'s retval
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 5a4b050ff7b790f892c4f0edb9ecd9745184e0f4
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Thu Aug 11 11:26:44 2022 +1200
samba-tool ntacl: better messages for missing files
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14937
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Douglas Bagnall <dbagnall at samba.org>
Autobuild-Date(master): Wed Sep 7 06:02:20 UTC 2022 on sn-devel-184
commit dc9f29e5c35982e7ce2cb5135ce906e9960579af
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Thu Sep 1 01:18:12 2022 +0000
pysmbd: set_nt_acl() can raise FileNotFoundError
rather than an NTStatusError, which is harder to decipher, and which
carries less information (namely, not the name of the problematic file).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14937
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 1b4938c3b1afc8600d693ef92b6944b18e449415
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Thu Sep 1 11:25:26 2022 +1200
pysmbd: get_nt_acl() raises FileNotFoundError if appropriate
rather than an NTStatusError, which is harder to decipher, and which
carries less information (namely, not the name of the problematic
file).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14937
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit a5eeed52efa3656fc44ec44874f72790e82c9d91
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Thu Sep 1 11:06:03 2022 +1200
pysmbd: avoid leaks in get_nt_acl()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14937
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit dfc92d2922fb773a3e5246d91631417a9de4adaf
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed Sep 7 12:56:37 2022 +1200
pybindings: xattr_native raises OSError not TypeError
Most likely it is a bad filename or attribute, not the wrong type of
argument.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14937
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit a64839bc297bdb8b71db446ac6b55fb4503bdc0e
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed Sep 7 12:46:42 2022 +1200
pytest: posixacl getntacl should raise OSError
Not TypeError, which is supposed to be about Python data types. This
way we get to check/see an errno and strerror, and will allow us to
set the filename which will be useful for some errors.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 8df9fdc551a2bf2feca24f2d80fc20825441cecc
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Thu Sep 1 10:29:59 2022 +1200
pytest: samba-tool ntacl should report errors better
We want `samba-tool ntacl sysvolreset` and `samba-tool ntacl
sysvolcheck` to fail when the Policies folder is not in place, but not
to produce an inscrutable stacktrace.
https://bugzilla.samba.org/show_bug.cgi?id=14937
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 84002281410d0ce67d301aeadead63c909f1a6d2
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed Aug 31 14:40:46 2022 +1200
samba-tool domain: use string_to_level helper()
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Douglas Bagnall <dbagnall at samba.org>
Autobuild-Date(master): Tue Sep 6 22:07:23 UTC 2022 on sn-devel-184
commit 8b17b2a50771387bb267efb4dbd098e83fb64735
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed Aug 31 13:47:45 2022 +1200
samba-tool domain: add string_to_level() helper
Reverse transform of level_to_string(), obviously.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 5af823a709738c343354dd20251025530bbb28bb
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed Aug 31 13:35:57 2022 +1200
samba-tool domain: expand string_version_to_constant range
This won't actually have any effect yet -- the new values are
inaccessible in the place it is used because the range is limited by
the --function-level option config.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit bcc9f7f35e96b64b7947651f8dcd5e397388ba77
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed Aug 31 13:13:20 2022 +1200
samba-tool domain show: report level 2016
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 0363879d1fc1c76ec717467e98f2f15f5e902b09
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed Aug 31 13:28:50 2022 +1200
samba-tool domain show: use level_to_string()
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 6d4015265a1df57a79fe6172ab7bbf6c0c992ce3
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed Aug 31 13:12:06 2022 +1200
samba-tool domain: helper function for domain level names
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 2cdafb943121db8df843c0ca1b12e87f2058cbf2
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Thu Aug 18 11:53:29 2022 +1200
samba-tool ldapcmp: use CommandError on auth failure
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 960ae819ade522a72e3b8677fccd8ccd557f9a43
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Thu Aug 18 11:52:54 2022 +1200
samba-tool ldapcmp: use CommandError, not assertion
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit b13c121fcbafc9b84e29e438715727e3e780ff92
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Thu Aug 18 11:38:35 2022 +1200
samba-tool ldapcmp: do not assume common attributes
This has caused numerous reports of
ERROR(<class 'KeyError'>): uncaught exception - 'serverReferenceBL'
File /usr/lib/python3/dist-packages/samba/netcmd/__init__.py, line 185, in _run
return self.run(*args, **kwargs)
File /usr/lib/python3/dist-packages/samba/netcmd/ldapcmp.py, line 957, in run
if b1.diff(b2):
File /usr/lib/python3/dist-packages/samba/netcmd/ldapcmp.py, line 781, in diff
if object1 == object2:
File /usr/lib/python3/dist-packages/samba/netcmd/ldapcmp.py, line 549, in __eq__
return self.cmp_attrs(other)
File /usr/lib/python3/dist-packages/samba/netcmd/ldapcmp.py, line 590, in cmp_attrs
if isinstance(self.attributes[x], list) and isinstance(other.attributes[x], list):
because other does not have attribute 'x'.
It is better to assume other.attributes[x] is None, which will compare
as unequal to whatever self.attributes[x] is, showing up as a diff
rather than a crash.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit c26a8f6a41bceba071147b101ce66bf54f098042
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Thu Aug 18 11:34:53 2022 +1200
samba-tool ldapcmp: use shorter names in cmp_attrs
This simplifies a fix in the next commit.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 4959d07b965b5567f486405c987af8f251ea4c19
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Thu Aug 18 11:32:25 2022 +1200
samba-tool ldapcmp: use ValueError, not Exception
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit fbd815c111317568cf9001d9b68099276d42c1a2
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Thu Aug 18 10:58:54 2022 +1200
samba-tool dns: catch werror.WERR_ACCESS_DENIED
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 2aa5b56b7919ceedef7937c7f3ea17bd2e8ccde2
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Sat Aug 13 12:55:01 2022 +1200
samba-tool dns: use DnsconnWrapper in zonecreate
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit ca82806f68ac86c842717d634407632bf0fd8127
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Thu Aug 18 09:21:39 2022 +1200
samba-tool dns: update_record uses DnsConnWrapper
The special thing about this one is the dns_conn is also used in the
dns_record_match() library function, which wants a real dns
connection.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 99d48c857f41f01a722b86720893b6827171dad8
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Fri Aug 12 17:17:16 2022 +1200
samba-tool dns: delete uses DnsConnWrapper messages
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 38ccbf460dc7d687f0bf4bc4dbea53d982ec6c9b
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Fri Aug 12 16:51:25 2022 +1200
samba-tool dns: add uses DnsConnWrapper messages
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit bee727a559a827c1e15a3b382fd9363c5bf285c0
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Fri Aug 12 16:46:03 2022 +1200
samba-tool dns: query uses DnsConnWrapper messages
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 633872c7d25e59c65f0f23c2f8f87535a171bfec
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Fri Aug 12 16:44:31 2022 +1200
samba-tool dns: zonedelete uses DnsConnWrapper messages
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 36241042dd6ef241e9a674c92131f17e317f78f4
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed Aug 17 17:59:50 2022 +1200
samba-tool dns: NAME_DOES_NOT_EXIST errors; add docstring
In practice, these always refer to zones.
We're adding the docstring now, because it made no sense when
default_messages was empty.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 1ae4738a8ca0bdd22f1766bd39876456f7cba389
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed Aug 17 17:58:50 2022 +1200
samba-tool dns: RECORD_DOES_NOT_EXIST errors as CommandErrors
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 47684f5739b253ea55b28bbfeb07c63dd62bd6f2
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed Aug 17 17:58:03 2022 +1200
samba-tool dns: catch ZONE_ALREADY_EXISTS errors as CommandErrors
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 9e774fc14ace6f27f479511b7c780aa4e8941159
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed Aug 17 17:57:16 2022 +1200
samba-tool dns: catch DS_UNAVAILABLE errors as CommandErrors
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit e931104d1d9476c63b32dea58e45889b1af642e6
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Fri Aug 12 16:40:03 2022 +1200
samba-tool dns: use DnsConnWrapper widely
This covers all the cases where there are no existing CommandError
messages, and no other uses of the dns_conn (i.e., not cmd_update).
Forthcoming commits will introduce default messages for these.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 26b86bc57e85280a9fc9aba26a49a16859c91b78
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Fri Aug 12 16:38:59 2022 +1200
samba-tool dns: add a wrapper for better error messages
This will help turn simple common errors into CommandError messages.
At this stage, no messages are intercepted.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit c824ad8dcb9222a75c7bdf756f605b840fb68a00
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed Oct 28 09:51:06 2020 +1300
samba-tool domain: fix error string for account lockout duration
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 6b1b5eade2ff32200ad4c543dfb1543d5bd897ef
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Thu Aug 11 15:18:02 2022 +1200
samba-tool dbcheck: improve --help for --reset-well-known-acls
This option is for updating from pre-4.0.4 when something went wrong
with ACLs.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9872
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 98e85fc611bc7ba64ef56b3cb03b60213af1b79b
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Mon Aug 22 11:48:53 2022 +1200
samba-tool domain provision: better message if tdbbackup missing
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12893
Reported-by: Jeff Sadowski <jeff.sadowski at gmail.com>
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit f580c8b0427d5aa4f63b5c6704d9c7819a0c61c4
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Thu Sep 1 01:16:53 2022 +0000
samba-tool: do not force a traceback on CommandError
When a CommandError has an 'inner exception', we have been printing
drowning out the error message with a long traceback of the exception
we tried to catch.
People who really want to see tracebacks can use -d3.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 90780936202c3233e33fc6e2a8fac53680cdf63b
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Fri Aug 19 17:06:48 2022 +1200
samba-tool: avoid traceback for NT_STATUS_NETWORK_UNREACHABLE
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 1137647460cc143509eae598708bb9f1529463f6
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Fri Aug 19 16:53:40 2022 +1200
py/getopt: allow --option arguments to contain '='
smb.conf lines can have = on the right hand side. For example, in
st/ad_dc/etc/smb.conf we have 3 examples, including:
gpo update command = python3 source4/scripting/bin/samba-gpupdate [...] --target=Computer
If we tried to provide the same line via --option, it would split on
both '=', and the set value would end at '--target'.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit c2178d87c2fe524913d2ae059be2b3622ad7bd08
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Fri Aug 19 16:50:54 2022 +1200
py/getopt: improve messages for bad --realm
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 604832b8ffd242025d613fb5e35707a5185e8855
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Fri Aug 19 16:49:24 2022 +1200
py/getopt: improve messages for bad --debug arg
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit ca7535912b1d0564654a612deed4f002a2382da8
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Thu Sep 1 15:32:07 2022 +1200
samba-tool: avoid traceback for options errors
What option? None yet, but see the next two commits.
We use a local reference to optparse.OptionValueError, to save typing
and make the eventual switch to argparse easier.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 62fe118e99e6f0f2c9c09101ec0f79283a342171
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Fri Aug 19 10:12:07 2022 +1200
samba-tool: reduce repetitious jargon on credentials failure
We already print the following due to DBG_ERR()s:
cli_credentials_failed_kerberos_login: krb5_cc_get_principal failed: No such file or directory
Failed to bind - LDAP error 49 LDAP_INVALID_CREDENTIALS - <8009030C: LdapErr: DSID-0C0904DC, comment: AcceptSecurityContext error, data 52e, v1db1> <>
Failed to connect to 'ldap://10.53.57.30' with backend 'ldap': LDAP error 49 LDAP_INVALID_CREDENTIALS - <8009030C: LdapErr: DSID-0C0904DC, comment: AcceptSecurityContext error, data 52e, v1db1> <>
We don't *really* need to follow that with:
ERROR(ldb): LDAP connection to ldap://10.53.57.30 failed - LDAP error 49 LDAP_INVALID_CREDENTIALS - <8009030C: LdapErr: DSID-0C0904DC, comment: AcceptSecurityContext error, data 52e, v1db1> <>
rather we can say:
Bad username or password.
Also, we don't really need to print a traceback, which we seem to do
for some commands and not others.
Maybe *sometimes* "bad username or password" might be technically
incorrect (e.g. --simple-bind-dn), but in those cases the user is
already behaving strangely, and they will still see the
LDAP_INVALID_CREDENTIALS twice. Kerberos failures don't come this way.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9608
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit c61e8cdefcae917f65ae83cfe89d6e284df6b687
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed Aug 17 14:28:15 2022 +1200
s4/tests/samba-tool drs showrepl: test NO_COLOR and --color variants
"--color variants" meaning --color=always instead of --color=yes, etc.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
commit 7d178ab95bc5b7017e46041cdbe7174590e21ea9
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed Aug 17 14:26:29 2022 +1200
s4/tests/samba-tool drs showrepl: use vars for common strings
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
commit eefc030458674b5bb5b8338f7a3b9c1df48ad8ef
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed Jul 7 10:43:59 2021 +1200
samba-tool: respect NO_COLOR env variable and --color options
This allows the NO_COLOR environment variable and --color=never to
work for samba-tool commands that use this method. So far that means
some parts of drs showrepl.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
commit ade31017583542aae13aabf819cb9f4fd7bea7b7
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed Jul 7 10:43:17 2021 +1200
py/samba/logger: respect NO_COLOR env variable
As per https://no-color.org/
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
commit a45c76b5cd95ada77905ed5cfc979c5523c84160
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Thu Jan 20 12:32:48 2022 +1300
python/colour: helper functions to read all signs
The accepted hints are presumably arguments to --color.
We follow the behaviour of `ls` in what we accept.
`git` is stricter, accepting only {always,never,auto}.
`grep` is looser accepting mixed case variants.
historically we have used {yes,no,auto}.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
commit 37f92c6cc69b220439aef0c687c92a8e6baeb211
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed Aug 17 13:15:15 2022 +1200
samba-tool visualise: expand set of --color switches
To match convention, and elsewhere.
We can't easily use colour.is_colour_wanted() because we could (via
--output) be intending to write to a file that isn't open yet, so we
have no .isatty() to query.
Also, because --color-scheme implies --color (as documented in
--help), it trumps most 'auto' checks, but not NO_COLOR.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
commit 664653b8d14cbe21c954d248b2bb5ef0d2d60043
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed Aug 17 11:50:55 2022 +1200
pytest/samba-tool visualize: test '--color' aliases
By convention, 'tty' is a common alias for 'auto', 'always' and
'force' mean 'yes', and 'never' means no. It seems 'never; and
'always' are more common than 'yes' and 'no'.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
commit 6160e956b5931a2cbeb98e042c2fe71981115ba0
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed Aug 17 11:57:00 2022 +1200
samba-tool visualize: remove py2 compat for colour calculations
io.StringIO has .isatty(); the old cStringIO did not,
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
commit 6ced3d21513907dee7da6c0f7a4bd345120b439d
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed Aug 17 11:51:40 2022 +1200
samba-tool visualize: respect $NO_COLOR
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
commit e7d78400bdd66e53dea1f7317bc48b9fc0fd82b1
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Tue Aug 16 14:04:57 2022 +1200
pytest samba-tool visualize: extend colour tests for $NO_COLOR
As described at https://no-color.org/, the NO_COLOR environment
variable is a widely used defacto-ish standard for asking for no
colour. If someone goes
NO_COLOR=whatever samba-tool ...
we want to assume they want no ANSI colour codes, as if they had used
--color=no. But first we want to test that, so here we are.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
commit d9443fadba2f09871fe14caac1c00b8c753223d3
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed Aug 17 11:48:58 2022 +1200
pytest/samba-tool visualize: fix docstring
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
commit 98f5332b46fbddd44366ccaa2b11346a1d2bc10d
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Sun Aug 14 12:08:16 2022 +1200
pytest: SambaToolCmdTest allows easier StringIO replacement
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
commit 0a5298f0c191c1a6d5451b45ee1fc37c960f4166
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Thu Jun 9 15:16:44 2022 +1200
pytests: move ValidNetbiosNameTests to samba.tests.netbios
These were the only tests in __init__.py.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
commit 24f7d71416753b792d6fe029da6f366adb10383e
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed Jun 15 13:23:32 2022 +1200
pytest/samba_tool_drs_no_dns: use TestCaseInTempDir.rm_files/.rm_dirs
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
commit 3f0aab45c81c9f9b6b87eb68bc785902619dc10d
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed Jun 8 19:53:57 2022 +1200
pytest/samba_tool_drs: use TestCaseInTempDir.rm_files/.rm_dirs
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
commit 251360d6e58986dd53f0317319544e930dc61444
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed Jun 15 13:22:24 2022 +1200
pytest/samdb: use TestCaseInTempDir.rm_files/.rm_dirs
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
commit 7455c53fa4f7871b3980f820d22b0fd411195704
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed Jun 15 13:21:16 2022 +1200
pytest/join: use TestCaseInTempDir.rm_files/dirs
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
commit 4e3dabad0be0900a203896c2c2acb270d31b0a42
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed Jun 15 13:20:41 2022 +1200
pytest/samdb_api: use TestCaseInTempDir.rm_files
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
commit 85bc1552e3919d049d39a065824172a24933d38b
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed Jun 15 13:19:28 2022 +1200
pytest/downgradedatabase: use TestCaseInTempDir.rm_files
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
commit 2359741b2854a8de9d151fe189be80a4bd087ff9
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Thu Jun 9 13:16:31 2022 +1200
pytest: add file removal helpers for TestCaseInTempDir
In several places we end a test by deleting a number of files and
directories, but we do it rather haphazardly with unintentionally
differing error handling. For example, in some tests we currently have
something like:
try:
shutil.rmtree(os.path.join(self.tempdir, "a"))
os.remove(os.path.join(self.tempdir, "b"))
shutil.rmtree(os.path.join(self.tempdir, "c"))
except Exception:
pass
where if, for example, the removal of "b" fails, the removal of "c" will
not be attempted. That will result in the tearDown method raising an
exception, and we're no better off. If the above code is replaced with
self.rm_files('b')
self.rm_dirs('a', 'c')
the failure to remove 'b' will cause a test error, *unless* the failure
was due to a FileNotFoundError (a.k.a. an OSError with errno ENOENT),
in which case we ignore it, as was probably the original intention.
If on the other hand, we have
self.rm_files('b', must_exist=True)
self.rm_dirs('a', 'c')
then the FileNotFoundError causes a failure (not an error).
We take a little bit of care to stay within self.tempdir, to protect
test authors who accidentally write something like `self.rm_dirs('/')`.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
commit aa9f3a2da97ae13cce3e50fe3d58f143200e9a17
Author: Andrew Walker <awalker at ixsystems.com>
Date: Fri Sep 2 16:31:32 2022 -0400
nsswitch:libwbclient - fix leak in wbcCtxPingDc2
Memory allocated for response is never freed.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15164
Signed-off-by: Andrew Walker <awalker at ixsystems.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Sep 6 20:10:17 UTC 2022 on sn-devel-184
commit 8591d9424371e173b079d5c8a267ea4c2cb266ad
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Aug 30 20:45:50 2022 +0200
smbXsrv_client: notify a different node to drop a connection by client guid.
If a client disconnected all its interfaces and reconnects when
the come back, it will likely start from any ip address returned
dns, which means it can try to connect to a different ctdb node.
The old node may not have noticed the disconnect and still holds
the client_guid based smbd.
Up unil now the new node returned NT_STATUS_NOT_SUPPORTED to
the SMB2 Negotiate request, as messaging_send_iov[_from]() will
return -1/ENOSYS if a file descriptor os passed to a process on
a different node.
Now we tell the other node to teardown all client connections
belonging to the client-guid.
Note that this is not authenticated, but if an attacker can
capture the client-guid, he can also inject TCP resets anyway,
to get the same effect.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15159
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Sep 2 20:59:15 UTC 2022 on sn-devel-184
commit 21ef01e7b8368caa050ed82b9d787d1679220b2b
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Aug 30 16:56:12 2022 +0200
smbXsrv_client: correctly check in negotiate_request.length smbXsrv_client_connection_pass[ed]_*
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15159
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 0efcfaa49c3d61f2c8116ebafd55b72d3277d0d8
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Aug 31 14:04:10 2022 +0200
s3:tests: add test_smbXsrv_client_cross_node.sh
This demonstrates that a client-guid connected to ctdb node 0
caused a connection with the same client-guid to be rejected by
ctdb node 1. Node 1 rejects the SMB2 Negotiate with
NT_STATUS_NOT_SUPPORTED, because passing the multi-channel connection
to a different node is not supported.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15159
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 3fd18a0d5b77a9f78c595852c342d4c8c33fac61
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Aug 31 13:55:19 2022 +0200
s3:tests: let test_smbXsrv_client_dead_rec.sh cleanup the correct files
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15159
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 2643b7b5746c7f9e8fba1aa7f4bb6fec47390842
Author: Saurabh Singh <saurabh.singh at veritas.com>
Date: Thu Mar 3 19:43:24 2022 +0530
Cleanup and bug fixes in vxfs vfs code.
1) Added debug messages in lib_vxfs.c for get, set and list attr functions
2) Removed vxfs_clearwxattr_fd and vxfs_clearwxattr_path code since it is no longer required now.
3) Replaced strcasecmp with vxfs_strcasecmp
4) Changed vxfs_fset_xattr to retain security.NTACL attribute
5) Fixed deny permissions not retained for a file created on CIFS share in vxfs_set_xattr
Signed-off-by: Saurabh Singh <saurabh.singh at veritas.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Sep 2 17:40:00 UTC 2022 on sn-devel-184
commit a8ed244148a98e3b1f49ea7de426e795b6a28e06
Author: Jeremy Allison <jra at samba.org>
Date: Tue Aug 30 15:26:12 2022 -0700
s3: torture: Add a comprehensive SMB1 DFS path torture tester.
smbtorture3 test is: SMB1-DFS-PATHS
Tests open, and then all 4 methods of renaming/hardlinking
files:
1). SMBmv
2). SMBtrans2 SETPATHINFO
3). SMBtrans2 SETFILEINFO
4). SMBntrename
Also added a test for SMB1findfirst.
smbtorture3 test is: SMB1-DFS-SEARCH-PATHS.
What this shows is that Windows strips off the
SMB1findfirst mask *before* calling the DFS path
parser (smbd currently does not).
Added so we know how to fix the server code to match Windows
behavior in parsing DFS paths in different calls going forward.
Passes fully against Windows. Adds knownfails for smbd.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
commit 3a37e4155c3cd82388652f89b611f2c46fee8525
Author: Volker Lendecke <vl at samba.org>
Date: Fri Sep 2 11:46:53 2022 +0200
smbd: Catch streams on non-stream shares
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15161
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Fri Sep 2 15:56:56 UTC 2022 on sn-devel-184
commit 201e1969bf31af07e8bd52876ff7f4d72b48a848
Author: Ralph Boehme <slow at samba.org>
Date: Fri Sep 2 12:09:53 2022 +0200
smbd: return NT_STATUS_OBJECT_NAME_INVALID if a share doesn't support streams
This is what a Windows server returns. Tested with a share residing on a FAT
formatted drive, a Windows filesystem that doesn't support streams.
Combinations tested:
file::$DATA
file:stream
file:stream:$DATA
All three fail with NT_STATUS_OBJECT_NAME_INVALID.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15161
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit 3dcdab86f13fabb7a8c6ce71c59a565287d11244
Author: Ralph Boehme <slow at samba.org>
Date: Thu Sep 1 18:55:23 2022 +0200
smbtorture: add a test trying to create a stream on share without streams support
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15161
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit a5156649d58df07f58e479076ea8a0b41b450ea4
Author: Volker Lendecke <vl at samba.org>
Date: Wed Aug 31 12:38:23 2022 +0200
tests: Test basic handling of SMB2_CREATE_TAG_POSIX
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Fri Sep 2 14:31:25 UTC 2022 on sn-devel-184
commit eaaa7425b563c6fa88210ff23d5c5d7f0d46b9f5
Author: Volker Lendecke <vl at samba.org>
Date: Thu Sep 1 12:17:44 2022 +0200
smbd: Handle SMB2_CREATE_TAG_POSIX at the smb2 layer
We're not doing anything with this yet, this is just to provide a test
counterpart. Protected by -DDEVELOPER and "smb3 unix extensions = yes"
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 95657d40f08a7fc7468690b86e8b49333e9eabc3
Author: Volker Lendecke <vl at samba.org>
Date: Wed Aug 31 15:37:03 2022 +0200
smbd: Introduce helper var in smbd_smb2_create_fetch_create_ctx()
xconn will be used in another place soon
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit cb0381ddc692efdff7dd1d7007e161628b8132af
Author: Volker Lendecke <vl at samba.org>
Date: Mon Aug 29 17:02:25 2022 +0200
pylibsmb: Add create_ex()
This is an extension of the create() function allowing smb2 create
contexts to be passed back and forth and also returning the
smb_create_returns. A new function seemed necessary for me because we
need to return not just the fnum. So I chose a 3-tuple, see the test
for an example how to use this.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 68ba30215da2623edd0bdb6b92e576d616cee0f3
Author: Volker Lendecke <vl at samba.org>
Date: Wed Aug 31 11:37:54 2022 +0200
pylibsmb: Add smb2 create tag strings
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 51f99b7f191b18c4aabc632e4e32bfa8fc8a3ee7
Author: Volker Lendecke <vl at samba.org>
Date: Fri Aug 26 16:29:32 2022 +0200
tests: Test invalid smb3 unix negotiate contexts
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit b833431b5ca40d6c6b9a46f93a625aff02415113
Author: Volker Lendecke <vl at samba.org>
Date: Fri Aug 26 15:38:04 2022 +0200
pylibsmb: Allow passing negotiate contexts
Pass in a list of tuples with (type, bytes)
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 5d95de0637cbf978ba9603e4074ccd3ce37fba9b
Author: Volker Lendecke <vl at samba.org>
Date: Fri Aug 26 14:17:26 2022 +0200
libsmb: Allow smb2 neg ctx in cli_full_connection_creds_send()
Will be used to test smb3 posix contexts
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 887facd37384ba932a93393e135cf82af66cb058
Author: Volker Lendecke <vl at samba.org>
Date: Fri Aug 26 14:00:28 2022 +0200
tests: Add smb3 posix negotiate tests
Make sure we do and don't announce posix depending on "smb3 unix
extensions" parameter
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 0f75963cf4c3b0d1b67ce7fc9513c0b578ec86f6
Author: Volker Lendecke <vl at samba.org>
Date: Thu Aug 25 16:42:37 2022 +0200
param: Add "smb3 unix extensions"
Only available in DEVELOPER builds. Adding now to get some testing
step by step done.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 0bd31c71ab114930dcfa220faa1f03dbd4e7c059
Author: Volker Lendecke <vl at samba.org>
Date: Thu Aug 25 16:28:04 2022 +0200
pylibsmb: Add "have_posix" function
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit b9eff7b90c508dfe61a5739d144bb8532bf3fb4c
Author: Volker Lendecke <vl at samba.org>
Date: Thu Aug 25 16:27:42 2022 +0200
pylibsmb: Allow requesting Posix extensions
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 2711521b5f60e1899f60443f0b97fef5398726c5
Author: Volker Lendecke <vl at samba.org>
Date: Thu Aug 25 12:20:26 2022 +0200
libsmb: Allow to request SMB311 posix in source3/libsmb
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit ae5dc52d23627e285214c92798f8412f265e9852
Author: Volker Lendecke <vl at samba.org>
Date: Thu Aug 25 15:16:10 2022 +0200
smbXcli: Detect the SMB311 posix negotiate context
The server will only return this if the client requested in via
smbXcli_negprot_send()'s in_ctx parameter. This adds knowledge about
SMB2_CREATE_TAG_POSIX to smbXcli_base.c with a function to query
it. The alternative would have been to detect this in the caller, but
this would have meant that we also would need a
smbXcli_conn_set_have_posix() function or something similar.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit d7e928794e4aebe1ca6c28773cfea97bbb6eb99e
Author: Volker Lendecke <vl at samba.org>
Date: Thu Sep 1 14:49:33 2022 +0200
smbd: Convert store_smb2_posix_info() to use an existing blob
Less malloc
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit efc81874ef3bdf2ddc71185a3db84338cade011e
Author: Volker Lendecke <vl at samba.org>
Date: Thu Sep 1 14:49:33 2022 +0200
smbd: Convert smb2_posix_cc_info() to use an existing blob
Less malloc
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 43811868d1d55ee6d23de3956d73c25b163b671c
Author: Volker Lendecke <vl at samba.org>
Date: Thu Sep 1 14:46:39 2022 +0200
smbd: Introduce "conn" helper var in smbd_smb2_create_after_exec()
Will be used more in the future
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 1788b59bc0aaa8f18186ad9b9945fbd634f02445
Author: Noel Power <noel.power at suse.com>
Date: Wed Aug 31 12:27:53 2022 +0100
s3/winbindd: Fix bad access to sid array (with debug level >= info)
==6436== at 0xA85F95B: dom_sid_string_buf (dom_sid.c:444)
==6436== by 0xA85FBF2: dom_sid_str_buf (dom_sid.c:515)
==6436== by 0x17EDF8: wb_lookupusergroups_recv (wb_lookupusergroups.c:115)
==6436== by 0x17F964: wb_gettoken_gotgroups (wb_gettoken.c:123)
==6436== by 0x56AD332: _tevent_req_notify_callback (tevent_req.c:141)
==6436== by 0x56AD493: tevent_req_finish (tevent_req.c:193)
==6436== by 0x56AD5C0: tevent_req_trigger (tevent_req.c:250)
==6436== by 0x56AC119: tevent_common_invoke_immediate_handler (tevent_immediate.c:190)
==6436== by 0x56AC268: tevent_common_loop_immediate (tevent_immediate.c:236)
==6436== by 0x56B678A: epoll_event_loop_once (tevent_epoll.c:919)
==6436== by 0x56B31C3: std_event_loop_once (tevent_standard.c:110)
==6436== by 0x56AA621: _tevent_loop_once (tevent.c:825)
==6436==
==6436== Invalid read of size 1
==6436== at 0xA85F95B: dom_sid_string_buf (dom_sid.c:444)
==6436== by 0xA85FBF2: dom_sid_str_buf (dom_sid.c:515)
==6436== by 0x17EDF8: wb_lookupusergroups_recv (wb_lookupusergroups.c:115)
==6436== by 0x17F964: wb_gettoken_gotgroups (wb_gettoken.c:123)
==6436== by 0x56AD332: _tevent_req_notify_callback (tevent_req.c:141)
==6436== by 0x56AD493: tevent_req_finish (tevent_req.c:193)
==6436== by 0x56AD5C0: tevent_req_trigger (tevent_req.c:250)
==6436== by 0x56AC119: tevent_common_invoke_immediate_handler (tevent_immediate.c:190)
==6436== by 0x56AC268: tevent_common_loop_immediate (tevent_immediate.c:236)
==6436== by 0x56B678A: epoll_event_loop_once (tevent_epoll.c:919)
==6436== by 0x56B31C3: std_event_loop_once (tevent_standard.c:110)
==6436== by 0x56AA621: _tevent_loop_once (tevent.c:825)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15160
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Wed Aug 31 15:07:31 UTC 2022 on sn-devel-184
commit e492986661039f2e8a1000529e21dc5b2061d5f6
Author: Jeremy Allison <jra at samba.org>
Date: Mon Aug 29 14:37:35 2022 -0700
s3: torture: Add a comprehensive SMB2 DFS path torture tester.
Passes fully against Windows.
This shows that DFS paths on Windows on SMB2 must
be of the form:
SERVER\SHARE\PATH
but the actual contents of the strings SERVER and
SHARE don't need to match the given server or share.
The algorithm the Windows server uses is the following:
Look for a '\\' character, and assign anything before
that to the SERVER component. The characters in this
component are not checked for validity.
Look for a second '\\' character and assign anything
between the first and second '\\' characters to the
SHARE component. The characters in the share component
are checked for validity, but only ':' is flagged as
an illegal sharename character despite what:
[MS-FSCC] https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-fscc/dc9978d7-6299-4c5a-a22d-a039cdc716ea
says.
Anything after the second '\\' character is assigned
to the PATH component and becomes the share-relative
path.
If there aren't two '\\' characters it removes
everything and ends up with the empty string as
the share relative path.
To give some examples, the following pathnames all map
to the directory at the root of the DFS share:
SERVER\SHARE
SERVER
""
ANY\NAME
ANY
::::\NAME
the name:
SERVER\:
is illegal (sharename contains ':') and the name:
ANY\NAME\file
maps to a share-relative pathname of "file",
despite "ANY" not being the server name, and
"NAME" not being the DFS share name we are
connected to.
Adds a knownfail for smbd as our current code
in parse_dfs_path() is completely incorrect
here and tries to map "incorrect" DFS names
into local paths. I will work on fixing this
later, but we should be able to remove parse_dfs_path()
entirely and move the DFS pathname logic before
the call to filename_convert_dirfsp() in the
same way Volker suggested and was able to achieve
for extract_snapshot_token() and the @GMT pathname
processing.
Also proves the "target" paths for SMB2_SETINFO
rename and hardlink must *not* be DFS-paths.
Next I will work on a torture tester for SMB1
DFS paths.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reivewed-by: Noel Power <npower at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Aug 30 17:10:33 UTC 2022 on sn-devel-184
commit 772319412df7804236e1cc06056474469bcdcb66
Author: Ralph Boehme <slow at samba.org>
Date: Fri Aug 19 12:02:43 2022 +0200
smbd: fix opening a READ-ONLY file with SEC_FLAG_MAXIMUM_ALLOWED
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14215
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon Aug 29 18:20:20 UTC 2022 on sn-devel-184
commit 169d8fe4a956c98da9558ccef9b1c90ea6a841e4
Author: Ralph Boehme <slow at samba.org>
Date: Wed Aug 24 11:40:41 2022 +0200
smbd: cache DOS attributes in struct smb_filename.cached_dos_attributes
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14215
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 9da1e7a4041a9f4258e23e70230bd75c60c55490
Author: Ralph Boehme <slow at samba.org>
Date: Sun Aug 21 13:39:02 2022 +0200
smbd: update smb_fname->st btime with the rounded value with NTTIME granularity
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14215
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 5ed188e492cfca9fef9266aa66041726f3ab6de5
Author: Ralph Boehme <slow at samba.org>
Date: Sun Aug 21 13:38:16 2022 +0200
smbd: remove const from smb_fname arg of set_ea_dos_attribute()
We need to update the btime of fsp->fsp_name->st.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14215
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit e3d883c0b1caf13596dc8a18a8a108e3e48e7543
Author: Ralph Boehme <slow at samba.org>
Date: Fri Aug 19 11:01:31 2022 +0200
smbtorture: add a test opening a READ-ONLY file with SEC_FLAG_MAXIMUM_ALLOWED
Passes against Windows, currently fails against Samba.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14215
RN: Requesting maximum allowed permission of file with DOS read-only attribute results in access denied error
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit c73d666e5abe8717a5ea333a6dae3619d9621d48
Author: Ralph Boehme <slow at samba.org>
Date: Fri Aug 19 10:45:10 2022 +0200
smbtorture: turn maximum_allowed test into a test suite
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14215
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 12e0c579785b84a99ad6f1877aa1c45391aba60e
Author: Ralph Boehme <slow at samba.org>
Date: Sun Aug 21 18:55:29 2022 +0200
smbtorture: close handle and delete file in tree_base()
Otherwise the session might still be around with the open handle when the next
test starts and then fails to delete the testfile.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14215
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 0d5016fb3a906e3b3c7db753d1b1c8f9904a4894
Author: Jeremy Allison <jra at samba.org>
Date: Wed Aug 17 22:51:26 2022 -0700
s3: smbd: parse_dfs_path() - Fix comment explaining where this is called from and with what kind of path.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Sun Aug 28 20:58:57 UTC 2022 on sn-devel-184
commit 3c18b27888de30c91dce6f38339f0bc3dfb12d3c
Author: Jeremy Allison <jra at samba.org>
Date: Wed Aug 10 21:52:34 2022 -0700
s3: smbd: Remove allow_broken_path parameter from parse_dfs_path().
Nothing now looks at it.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 5f0efdfe3cb3b267f09677659bd0149975382356
Author: Jeremy Allison <jra at samba.org>
Date: Wed Aug 10 21:49:51 2022 -0700
s3: smbd: Now parse_dfs_path() is only called from dfs_filename_convert() replace allow_broken_path with an SMB1 check.
dfs_filename_convert() always sets allow_broken_path = !smb2,
so just move this bool inside of parse_dfs_path().
We can now remove allow_broken_path.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 63e569a48cd977299999e213beff00c2cc5504b5
Author: Jeremy Allison <jra at samba.org>
Date: Wed Aug 10 21:42:31 2022 -0700
s3: smbd: Remove allow_broken_path from create_junction().
We no longer look at it, we know we must have a canonicalized
DFS path here.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 32f6eb2e9891c13cc82455cadf363aea2edfaefc
Author: Jeremy Allison <jra at samba.org>
Date: Wed Aug 10 21:40:47 2022 -0700
s3: smbd: Remove allow_broken_path from get_referred_path() and it's callers.
It no longer looks at this bool, we must already have a
canonicalized path here.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 9d65f1c221fbc7122b48dd1065bb448c799dc670
Author: Jeremy Allison <jra at samba.org>
Date: Wed Aug 10 21:37:41 2022 -0700
s3: smbd: Remove unneeded NULL check inside msdfs_servicename_matches_connection().
This is now only called from is from parse_dfs_path(),
and for that we know conn is non-NULL.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 2780509a3c861215e64db8ccb6d8db5fa7ac7c5d
Author: Jeremy Allison <jra at samba.org>
Date: Wed Aug 17 21:50:19 2022 -0700
s3: smbd: In create_junction() don't read hostname from parse_dfs_path_strict().
It isn't used anymore inside create_junction().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit b33787fbb0064780ab16fdd8898742f80fab42a7
Author: Jeremy Allison <jra at samba.org>
Date: Thu Aug 11 11:06:05 2022 -0700
s3: smbd: In create_junction() remove hostname check. parse_dfs_path_strict() already does this.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit e4045bd7f155d0b750e2d3f3434d3105a9f0740c
Author: Jeremy Allison <jra at samba.org>
Date: Wed Aug 10 21:34:29 2022 -0700
s3: smbd: Change create_junction() to use parse_dfs_path_strict().
Note we no longer use allow_broken_path.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 6869e015d54c2ec11240c2675d9f840308845a14
Author: Jeremy Allison <jra at samba.org>
Date: Wed Aug 10 21:33:32 2022 -0700
s3: smbd: Change get_referred_path() to use parse_dfs_path_strict().
Remove #ifdef's around parse_dfs_path_strict() as we're
now using it.
Note we no longer use allow_broken_path.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 88e920491e0603821ba615a97a99069e7610a3b1
Author: Jeremy Allison <jra at samba.org>
Date: Wed Aug 17 14:23:45 2022 -0700
s3: smbd: Add a comment explaing why dfs_filename_convert() must continue to use parse_dfs_path().
libsmbclient libraries will always set the FLAGS2_DFS_PATHNAMES
bit when talking to a DFS share, but don't always canonicalize
the incoming pathname to a DFS one (see the code for cli_list()
that puts a non-DFS pathname into SMB2trans2_FindFirst for
example). This is a problem in our client libraries for both
SMB1 and SMB2+
As we still must cope with these older clients we must
keep the lenient parsing for DFS filenames sent over SMB1/2/3.
A future task - change the use of parse_dfs_path() in
dfs_filename_convert() to parse_dfs_path_strict() for SMB2
only and then try and get all our torture tests to pass.
This is not an easy fix (and would still break old clients
out there as well :-( ).
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit b6afd481a4001593d36230a29f33804dc64b0852
Author: Jeremy Allison <jra at samba.org>
Date: Wed Aug 17 14:21:59 2022 -0700
s3: smbd: In dfs_filename_convert(), don't ask for hostname, sharename and then just free them.
Wastes a talloc/free.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 06750a9684bd9158e7f3b75a7bbce0d8e96c35ce
Author: Jeremy Allison <jra at samba.org>
Date: Wed Aug 17 14:17:23 2022 -0700
s3: smbd: Add a new function parse_dfs_path_strict().
#ifdef'ed out as not yet used. This will replace
parse_dfs_path() for all client sent names via
DFS RPC calls and for SMB_VFS_GET_DFS_REFERRALS().
The paths sent in these calls are guaranteed
to be of canonical form:
\SERVER\share\pathname.
Both for SMB1 and SMB2+ so we can be more strict
when parsing them.
Checks DFS path starts with separator.
Checks hostname is ours.
Ensures servicename (share) is sent, and
if so, terminates the name or is followed by
\pathname.
Errors out if any checks fail.
Reserve parse_dfs_path() for DFS names sent
via "ordinary" SMB 1/2/3 calls where we must
be more lenient in parsing.
Note parse_dfs_path_strict() does not have
bool allow_broken_path or 'struct connection_struct'
as it will not be called from places that use
these.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 78ef185afdcecdba7da10f24b614073f47277725
Author: Ralph Boehme <slow at samba.org>
Date: Sun Aug 28 11:12:52 2022 +0200
smbd: add missing check for IPC share for TRANS2_GET_DFS_REFERRAL
Cf MS-CIFS 3.3.5.58.11.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 4ddd277c0b77c502ed6b11e07c92c91f24ac9c15
Author: Volker Lendecke <vl at samba.org>
Date: Thu Aug 25 09:54:52 2022 +0200
smbXcli: Pass negotiate contexts through smbXcli_negprot_send/recv
We already don't allow setting max_credits in the sync wrapper, so
omit the contexts there as well.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Aug 26 19:54:03 UTC 2022 on sn-devel-184
commit a4f9f7c825c216d25bd14beeb2e547d0fff74c51
Author: Volker Lendecke <vl at samba.org>
Date: Thu Aug 25 10:43:54 2022 +0200
libsmb: Introduce helper var to cli_tree_connect_*_done()
README.Coding, makes it easier to debug
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit f3b2c2b5ef8657e8d43044a67af866e29ee94f2e
Author: Volker Lendecke <vl at samba.org>
Date: Thu Aug 25 10:31:42 2022 +0200
libsmb: Remove cli_full_connection_creds_sess_start()
This contained very simple tevent_req logic, hiding that confused the
code for me when reading. Also, this change saves 3 lines...
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit c31df02cb231d4d975bd796020a250dac36a6bf1
Author: Volker Lendecke <vl at samba.org>
Date: Tue Aug 23 13:13:48 2022 +0200
libsmb: Remove unused code
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 05267304bd241067d61225f37ab0868b6f5e1ec3
Author: Volker Lendecke <vl at samba.org>
Date: Tue Aug 23 12:59:50 2022 +0200
libsmb: Remove map_fnum_to_smb2_handle() from cli_smb2_qpathinfo2()
Not used
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit ffc9072fc0f03fb7dcb833a098ef4acc66e20821
Author: Volker Lendecke <vl at samba.org>
Date: Tue Aug 23 12:59:29 2022 +0200
libsmb: Remove map_fnum_to_smb2_handle() from cli_smb2_getatr()
Not used
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 767eb334803158c161a0e86993ff353c86de90d2
Author: Volker Lendecke <vl at samba.org>
Date: Sun Aug 14 16:13:32 2022 +0200
libsmb: Correctly return ioctl error from cli_readlink()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit ba70eb480cbdf3ceb414208e7d135b6647c99b7b
Author: Volker Lendecke <vl at samba.org>
Date: Sat Aug 13 15:43:47 2022 +0200
libsmb: Save a few lines in cli_unix_extensions_version()
This is more recent style for sync wrappers
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 7b96948e4deb8841984054952efe1ea1222fe12f
Author: Volker Lendecke <vl at samba.org>
Date: Sat Aug 13 15:42:50 2022 +0200
libsmb: Add tevent_req_received() to cli_posix_readlink_recv()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 1025349ae234cd3bbd43a0e5f911e7da089a5600
Author: Volker Lendecke <vl at samba.org>
Date: Sat Aug 13 13:30:26 2022 +0200
lib: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 9fca3007ac9822fbf32ddbe425d31c767a1a5d8e
Author: Volker Lendecke <vl at samba.org>
Date: Fri Aug 12 12:49:07 2022 +0200
smbd: Modernize DBG statements in open_fake_file()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit c047c6601f735c2a89b290a7f10124c5432000b9
Author: Volker Lendecke <vl at samba.org>
Date: Wed Aug 17 07:56:18 2022 +0200
libsmb: Move static strings to the .text segment
We don't need to copy these to the stack, this saves 200 bytes of .text
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 4df36cd170c2f25e8b5b6c83b04949563c1303b2
Author: Volker Lendecke <vl at samba.org>
Date: Wed Aug 17 11:40:11 2022 +0200
examples: A tiny bit of README.Coding for teststat.c
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 6a74546ab8cee9a60d1b0c317a1de7bd86f44cc2
Author: Volker Lendecke <vl at samba.org>
Date: Wed Aug 17 12:08:44 2022 +0200
libsmb: Tab-indent SMBC_module_[init|terminate]()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit b93c2d5b372190bacfe64deeea32822cf4756f51
Author: Volker Lendecke <vl at samba.org>
Date: Wed Aug 17 12:07:38 2022 +0200
libsmb: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit c53d86594a115f4b6c9970cbe5486237bd244d32
Author: Volker Lendecke <vl at samba.org>
Date: Wed Aug 17 12:03:35 2022 +0200
libsmb: Slightly simplify SMBC_parse_path()
Don't manually duplicate the talloc_strndup() functionality
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 7c26512b6da6b12cbb4f36d40292f9863a4b2536
Author: Volker Lendecke <vl at samba.org>
Date: Wed Aug 10 08:39:12 2022 +0200
smbd: Adapt np_[read|write]_send() to more recent tevent_req conventions
We usually don't do "goto post_status;" anymore
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 556e1a5ee4e574679bbcbc13ba6091c17b6c9c51
Author: Volker Lendecke <vl at samba.org>
Date: Wed Aug 17 10:51:06 2022 +0200
examples: Make libsmbclient samples look a *bit* less ugly
Remove trailing whitespace, indent to tabs. Yes, this introduces long
lines, but makes review with "git show -w" trivial.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit df4c3f0f28e2385cfdace905da4ad3cc4a59dd43
Author: Volker Lendecke <vl at samba.org>
Date: Fri Jul 29 14:57:54 2022 +0200
smbd: Save a line with tevent_req_nomem()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 7fe12e79f99fb590b3fca1b530c153e563856669
Author: Volker Lendecke <vl at samba.org>
Date: Mon Aug 1 12:30:51 2022 +0200
lib: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 3aa9d05ee4faa81383b5e5af9d387f9fcc8d2338
Author: Volker Lendecke <vl at samba.org>
Date: Wed Aug 10 08:13:26 2022 +0200
dfs_server: Fix typos
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 281b00a2b97c49bbccce879f8073e67512e0f079
Author: Volker Lendecke <vl at samba.org>
Date: Tue Aug 9 16:26:13 2022 +0200
vfs: Fix a copy&paste error
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit f05b529b0ea18e426d6c3753f05d693c5db3817b
Author: Volker Lendecke <vl at samba.org>
Date: Tue Aug 9 14:51:10 2022 +0200
smbd: Adapt a call to setup_dfs_referral() to README.Coding
Makes it easier to handle in a debugger
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 9a1336024aeb5938141ca23715917d6490cc4d0d
Author: Volker Lendecke <vl at samba.org>
Date: Thu Aug 25 10:34:51 2022 +0200
libsmbclient: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit b7c460b902800c0156385b2edb82efb07f561c51
Author: Anoop C S <anoopcs at samba.org>
Date: Wed Aug 24 15:01:31 2022 +0530
vfs_glusterfs: Implement SMB_VFS_FSTATAT
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15157
Signed-off-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Aug 26 17:33:15 UTC 2022 on sn-devel-184
commit 65f4c4e31e4cc60eb9ebca3858275a29f43d5e12
Author: Anoop C S <anoopcs at samba.org>
Date: Fri Aug 19 12:16:08 2022 +0530
vfs_glusterfs: Use glfs_fgetxattr() for SMB_VFS_GET_REAL_FILENAME_AT
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15157
Signed-off-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 55548d7405ceca1d20e788a459e685c56f2ff139
Author: Anoop C S <anoopcs at samba.org>
Date: Fri Aug 19 13:08:42 2022 +0530
vfs_glusterfs: Use glfs_readlinkat() for SMB_VFS_READ_DFS_PATHAT
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15157
Signed-off-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 310a908098b4ff3130a61594c15e91d5e561f357
Author: Anoop C S <anoopcs at samba.org>
Date: Fri Aug 19 12:51:16 2022 +0530
vfs_glusterfs: Use glfs_symlinkat() for SMB_VFS_CREATE_DFS_PATHAT
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15157
Signed-off-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit a4235200383fa4dc2f376ce042ed067a45f105d5
Author: Anoop C S <anoopcs at samba.org>
Date: Fri Aug 19 12:15:10 2022 +0530
vfs_glusterfs: Use glfs_mknodat() for SMB_VFS_MKNODAT
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15157
Signed-off-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 21654af5a5a062d831f7cb1efec1f1b1eb333bd2
Author: Anoop C S <anoopcs at samba.org>
Date: Fri Aug 19 12:14:29 2022 +0530
vfs_glusterfs: Use glfs_linkat() for SMB_VFS_LINKAT
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15157
Signed-off-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 58b6cdabc0c3d788b407d3bfa46570311e910180
Author: Anoop C S <anoopcs at samba.org>
Date: Fri Aug 19 12:13:33 2022 +0530
vfs_glusterfs: Use glfs_readlinkat() for SMB_VFS_READLINKAT
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15157
Signed-off-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit b2746eb5fa64e0ec58e99eed5be10c98ea4e1c1e
Author: Anoop C S <anoopcs at samba.org>
Date: Fri Aug 19 12:12:43 2022 +0530
vfs_glusterfs: Use glfs_symlinkat() for SMB_VFS_SYMLINKAT
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15157
Signed-off-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 2fa71202ab347fd057bb9b42740e57344e2679e1
Author: Anoop C S <anoopcs at samba.org>
Date: Fri Aug 19 12:11:54 2022 +0530
vfs_glusterfs: Use glfs_unlinkat() for SMB_VFS_UNLINKAT
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15157
Signed-off-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 2b721ff22be04cea90086dde2a50f4287d075326
Author: Anoop C S <anoopcs at samba.org>
Date: Fri Aug 19 12:11:02 2022 +0530
vfs_glusterfs: Use glfs_renameat() for SMB_VFS_RENAMEAT
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15157
Signed-off-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 56c4aab11190b8d48a5b92babea7fc7e78b54b4e
Author: Anoop C S <anoopcs at samba.org>
Date: Fri Aug 19 12:10:16 2022 +0530
vfs_glusterfs: Use glfs_mkdirat() for SMB_VFS_MKDIRAT
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15157
Signed-off-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 184a9913241acd4f69128ced3370d3bf49b95f3b
Author: Anoop C S <anoopcs at samba.org>
Date: Fri Aug 19 12:07:08 2022 +0530
vfs_glusterfs: Use glfs_openat() for SMB_VFS_OPENAT
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15157
Signed-off-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 3425fa0daf9e32d09c7716692cdfdffdc09856d7
Author: Anoop C S <anoopcs at samba.org>
Date: Fri Aug 19 12:17:33 2022 +0530
source3/wscript: Detect glusterfs-api with *at() calls support
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15157
Signed-off-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 5f51fa9c07e194bcc3c4f39a1bfc2e01139c917b
Author: Anoop C S <anoopcs at samba.org>
Date: Fri Aug 19 11:58:34 2022 +0530
vfs_glusterfs: Accept fsp with const qualifier
This is in preparation to avoid any `const` qualifier being discarded
warning with future changes to various *_at() calls which has `const
file_struct` arguments.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15157
Signed-off-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit fa3f0499cc1709fefaf95a6a6902651ba3961c8d
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed Jun 22 15:21:31 2022 +1200
pyglue:generate_random_[machine]_password: ValueError for bad values
The actual range is 14 to 255 for machine passwords, and there is a
min <= max check for both.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Fri Aug 26 08:59:28 UTC 2022 on sn-devel-184
commit 4f902dba336f9d2aabb31e2ba6acf2b8ad726fcc
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed Jun 22 11:12:30 2022 +1200
pyglue: generate_random_[machine]_password: reject negative numbers
Other range errors (e.g. min > max) are caught in the wrapped
functions which returns EINVAL, so we don't recapitulate that logic
(see next commit though).
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit b7b4d6da5fa81635e71c5e5e84dbdd13e7915b4b
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Mon Aug 5 00:41:49 2019 +1200
pyglue: generate_random_bytes/str accept positive numbers only
We aren't yet able to generate negative numbers of random bytes.
Instead a request for -n bytes is implicitly converted into one for
SIZE_MAX - n bytes, which is typically very large. Memory exhaustion
seems a likely outcome.
With this patch callers will see a ValueError.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 333e1efa27f1d99bbfc69d94d3bf47e7b99c1e40
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Mon Aug 5 00:28:31 2019 +1200
pyglue: check talloc buffer for random bytes
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 9aa52bb37e90a00fa38fb5048fd1debb599b03df
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Fri Aug 5 12:39:24 2022 +1200
pytest/segfault: abort for generate_random_bytes(-1)
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 9c2ffef0d51029132313593e413f2e2f4f671e6b
Author: Pavel Filipenský <pfilipensky at samba.org>
Date: Sat Aug 20 15:37:26 2022 +0200
s3:passdb: Zero sensitive memory in lsa_secret_{set/get}_common()
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 79754f04bbfcc36977377c98d8dd6addc93af892
Author: Pavel Filipenský <pfilipensky at samba.org>
Date: Sat Aug 20 09:38:55 2022 +0200
s3:passdb: Zero secrets_domain_info1_password created via secrets_domain_info_password_create()
Zero out these members of struct secrets_domain_info1_password:
DATA_BLOB cleartext_blob;
struct samr_Password nt_hash;
struct secrets_domain_info1_kerberos_key *keys;
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit da2c723266c38e241e35c7cbf28e480d19cb40f6
Author: Pavel Filipenský <pfilipensky at samba.org>
Date: Sat Aug 20 09:34:30 2022 +0200
s3:passdb: Zero secrets_domain_info1_password created via secrets_fetch()
Zero out these members of struct secrets_domain_info1_password:
DATA_BLOB cleartext_blob;
struct samr_Password nt_hash;
struct secrets_domain_info1_kerberos_key *keys;
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 01c0ab191a58d109f277aea8330fcf31bd7a83f6
Author: Pavel Filipenský <pfilipensky at samba.org>
Date: Fri Aug 19 15:25:28 2022 +0200
s3:passdb: Zero local memory in secrets_domain_info_kerberos_keys()
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit ebfc16723358b4077499edead99a66ef0056ef94
Author: Pavel Filipenský <pfilipensky at samba.org>
Date: Thu Aug 11 10:09:00 2022 +0200
s3:passdb: Zero local memory in secrets_fetch()
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 28a3d5119ad5f254a2a3af380d9a4259ed8433db
Author: Pavel Filipenský <pfilipensky at samba.org>
Date: Wed Aug 17 17:33:42 2022 +0200
lib:krb5: Change memset() to BURN_PTR_SIZE()
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 4b2df80e898c837707b6854a1a94fccf8d87f6b8
Author: Pavel Filipenský <pfilipensky at samba.org>
Date: Wed Aug 10 09:07:07 2022 +0200
s3:afs: Zero memory for afs_keyfile
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 83dc061fd3c670f5f1e2bed5c4e8db94ce81dfc5
Author: Pavel Filipenský <pfilipensky at samba.org>
Date: Tue Aug 9 15:37:15 2022 +0200
s3:net: Zero password in secrets_fetch_ipc_userpass() callers
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 2578eb3b5e2c202e51c8263cd660ba8626503405
Author: Pavel Filipenský <pfilipensky at samba.org>
Date: Thu Aug 11 10:39:37 2022 +0200
s3:passdb: Fix possible memory leak in secrets_fetch_ipc_userpass()
If domain or username are empty strings (""), we need to free them.
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 5b64751394073f692cbf169a1df5621f443abce9
Author: Pavel Filipenský <pfilipensky at samba.org>
Date: Tue Aug 9 15:36:34 2022 +0200
s3:passdb: Zero password in secrets_fetch_ipc_userpass()
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 8941c748c775ccd07bc35336f43e295cfaab142e
Author: Pavel Filipenský <pfilipensky at samba.org>
Date: Wed Aug 10 14:48:14 2022 +0200
s3:net: Fix trailing whitespace in net.c
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 1772a05757ddf3ac017de122589bf77ebc64201b
Author: Pavel Filipenský <pfilipensky at samba.org>
Date: Tue Aug 9 09:09:49 2022 +0200
s3:passdb: Zero memory in pdb_set_pw_history()
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 003854a4f5d4eca6bf75b21364722597f8e137d8
Author: Pavel Filipenský <pfilipensky at samba.org>
Date: Mon Aug 8 18:23:40 2022 +0200
s3:passdb: Zero memory in pdb_set_plaintext_passwd()
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 12478c24b0b994adc909c06e85d7c6c5330f9db2
Author: Pavel Filipenský <pfilipensky at samba.org>
Date: Mon Aug 8 17:49:11 2022 +0200
s3:passdb: s/BURN_PTR_SIZE/BURN_STR/ in samu_destroy()
This makes sure that strlen(user->plaintext_pw) is not called twice.
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit ccae2a4ab5478acea7c37134d486c3562ff5c3dc
Author: Pavel Filipenský <pfilipensky at samba.org>
Date: Mon Aug 8 15:23:05 2022 +0200
s3:auth: Zero memory in sam_password_ok()
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 035e2021fa986fe7a1b9a7af5a0102163697eda3
Author: Pavel Filipenský <pfilipensky at samba.org>
Date: Mon Aug 8 14:30:24 2022 +0200
s3:passdb: Zero memory for plaintext_pw from 'struct samu'
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 02f667587c69bd4c3ffa5ea2bfe2fb9d09f88d5f
Author: Pavel Filipenský <pfilipensky at samba.org>
Date: Mon Aug 8 14:14:53 2022 +0200
s3:passdb: Fix whitespaces in pdb_get_set.c
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 3151e760548ce4cbcf6ec5f6907e96b37eb18dde
Author: Pavel Filipenský <pfilipensky at samba.org>
Date: Wed Aug 10 20:51:46 2022 +0200
s3:passdb: Zero password in fetch_ldap_pw() callers
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 84d5e156ffb0fc9ae2bf0e7439bccb9aab40be7f
Author: Pavel Filipenský <pfilipensky at samba.org>
Date: Thu Aug 11 10:49:01 2022 +0200
s3:passdb: Zero password in fetch_ldap_pw()
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 2357f6e21ec50a40ed36bc15624eebdd98013020
Author: Pavel Filipenský <pfilipensky at samba.org>
Date: Fri Aug 5 11:44:53 2022 +0200
s3:passdb: Fix trailing whitespaces in pdb_ldap.c
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 2706fdae54d89351a6405f85adbb9d237d9762c2
Author: Pavel Filipenský <pfilipensky at samba.org>
Date: Fri Aug 5 11:11:37 2022 +0200
s3:lib: Fix trailing whitespaces in smbldap.c
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 04d4bc54949e646cfa86a14b051879edde56048a
Author: Pavel Filipenský <pfilipensky at samba.org>
Date: Fri Aug 5 11:09:37 2022 +0200
s3: Zero memory of idmap_fetch_secret() users
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 0d7e34a63d5accedc2d792c002d5f60cdd4255dd
Author: Pavel Filipenský <pfilipensky at samba.org>
Date: Wed Aug 3 21:06:21 2022 +0200
s3:passdb: Zero password in secrets_{fetch,store}_trusted_domain_password()
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit ad9044a17a34450fe0a2c246c5d5e5c9d11accd2
Author: Pavel Filipenský <pfilipensky at samba.org>
Date: Tue Aug 2 17:32:43 2022 +0200
s3:passdb: Zero memory using BURN_FREE_STR() in get_trust_pw_hash2()
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit ca3c9fa0f35a92d487ebafabbe2acfa375fb88d2
Author: Pavel Filipenský <pfilipensky at samba.org>
Date: Tue Aug 2 17:24:29 2022 +0200
s3:passdb: Zero memory using BURN_FREE_STR() in secrets_fetch_or_upgrade_domain_info()
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit b6dde7d31bc3731471ce92b68c8eaf3ef9779392
Author: Pavel Filipenský <pfilipensky at samba.org>
Date: Tue Jul 26 19:03:11 2022 +0200
s3:passdb: Zero memory using BURN_FREE() in secrets_fetch_trust_account_password_legacy() and secrets_fetch_domain_info1_by_key()
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 988077c33602c62a47a1dab67e846ed28352088d
Author: Pavel Filipenský <pfilipensky at samba.org>
Date: Wed Jul 27 17:21:08 2022 +0200
s3:libsmb: Zero memory in trust_pw_change()
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 4df98ed05d4171d0d13bf6c45577cdeb03958f22
Author: Pavel Filipenský <pfilipensky at samba.org>
Date: Wed Jul 27 17:21:07 2022 +0200
s3:libads: Zero memory in ads_change_trust_account_password()
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 8de685741b13bcb433d748ef7de6296a6dee0726
Author: Pavel Filipenský <pfilipensky at samba.org>
Date: Tue Jul 26 19:02:28 2022 +0200
lib:util: Zero memory in generate_random_machine_password()
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 8564380346ace981b957bb8464f2ecf007032062
Author: Pavel Filipenský <pfilipensky at samba.org>
Date: Mon Aug 8 17:47:28 2022 +0200
lib:replace: Add macro BURN_STR() to zero memory of a string
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit fa29eed6810844dee1ca481a74ab80810baeda6b
Author: Pavel Filipenský <pfilipensky at samba.org>
Date: Wed Jul 27 17:40:03 2022 +0200
lib:util: Add BURN_FREE() and BURN_FREE_STR()
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit c9c120da110269b473b39d6854a44cf78ce5c578
Author: Pavel Filipenský <pfilipensky at samba.org>
Date: Wed Jul 27 16:03:55 2022 +0200
s3:libsmb: Fix trailing whitespaces in trusts_util.c
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit f641abfcb5977b62a23ff5c199dd2f8ca5463829
Author: Pavel Filipenský <pfilipensky at samba.org>
Date: Wed Jul 27 16:01:25 2022 +0200
s3:libads: Fix trailing whitespaces in util.c
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 9fa6ab2233ac3f07013cbc169118564f35195ad2
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Thu Aug 25 14:03:17 2022 +1200
s3:tests: Transfer test files into temporary directory
The presence of these two files is causing 'check-clean-tree' to fail.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Aug 25 17:56:31 UTC 2022 on sn-devel-184
commit 989aa441dfb6ba7a5e8b8f6e833f9d76b94d64f8
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Thu Aug 25 13:56:47 2022 +1200
s3:tests: Create test directory and file prior to revoking permissions
If 'chmod 0' is performed first, then we won't have the required
permissions for the subsequent 'mkdir' and 'touch', and they will fail.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit a0e0fde039e924d192294ad95da4344eff390c0c
Author: Martin Schwenke <martin at meltin.net>
Date: Mon Aug 8 18:19:34 2022 +1000
ctdb-tests: Avoid shellcheck warnings
Mostly
SC2086: Double quote to prevent globbing and word splitting.
Use ctdb_onnode() where it simplifies code. No behaviour changes
intended.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay at samba.org>
Autobuild-Date(master): Thu Aug 25 16:15:45 UTC 2022 on sn-devel-184
commit ff4935d180e1a290e4ba7ab0f8710d9a022d1b82
Author: Martin Schwenke <martin at meltin.net>
Date: Thu Aug 11 09:15:38 2022 +1000
ctdb-tests: Simplify IP address checking
Use a new function and wait_until() to simplify.
get_test_ip_mask_and_iface() not needed here because
select_test_node_and_ips() sets $test_ip, and neither $mask nor $iface
is used.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
commit 42aedc62e3a16bcdafbef06140105650f15f6269
Author: Martin Schwenke <martin at meltin.net>
Date: Mon Aug 8 18:11:26 2022 +1000
ctdb-tests: Fix typos
These lines are just wrong:
try_command_on_node -v $test_node "ip addr show to ${test_node}"
if -n "$out"; then
The 2nd variable referenced should be $test_ip. The 2nd line causes
"-n: command not found" because it is missing [] test command
brackets.
Both typos would probably make the test pass unconditionally.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
commit b88e7322d9b4cf617381b12deb393edd87d1cf73
Author: Martin Schwenke <martin at meltin.net>
Date: Mon Aug 8 18:09:56 2022 +1000
ctdb-tests: Reformat script using shfmt -w -p -i 0 -fn
Whitespace changes only.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
commit f99fb9aa120c5a7d499bff717b812d81ddd7e9f1
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Thu Aug 25 20:21:01 2022 +1200
python:tests: Allocate OID range for testing to avoid collisions
sid_strings.py used the same OID range as ldap_schema.py, which
occasionally led to test failures when the same OID was generated twice.
Using a different range, and making use of the expected RID if we have
it, should reduce the likelihood of collisions.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Thu Aug 25 13:55:47 UTC 2022 on sn-devel-184
commit 672ec6135f9ae3d7b5439523a4f456c19fb03a88
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Thu Aug 25 20:15:33 2022 +1200
schema_samba4.ldif: Allocate previously added OIDs
DSDB_CONTROL_FORCE_ALLOW_VALIDATED_DNS_HOSTNAME_SPN_WRITE_OID was added
to source4/dsdb/samdb/samdb.h in commit
c2ab1f4696fa3f52918a126d0b37993a07f68bcb.
DSDB_EXTENDED_SCHEMA_LOAD was added in commit
1fd4cdfafaa6a41c824d1b3d76635bf3e446de0f.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 6d493a9d568c08cfe5242821ccbd5a5ee1fe5284
Author: Ralph Boehme <slow at samba.org>
Date: Sun Aug 14 18:46:24 2022 +0200
smbd: implement access checks for SMB2-GETINFO as per MS-SMB2 3.3.5.20.1
The spec lists the following as requiring special access:
- for requiring FILE_READ_ATTRIBUTES:
FileBasicInformation
FileAllInformation
FileNetworkOpenInformation
FileAttributeTagInformation
- for requiring FILE_READ_EA:
FileFullEaInformation
All other infolevels are unrestricted.
We ignore the IPC related infolevels:
FilePipeInformation
FilePipeLocalInformation
FilePipeRemoteInformation
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15153
RN: Missing SMB2-GETINFO access checks from MS-SMB2 3.3.5.20.1
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Tue Aug 23 12:54:08 UTC 2022 on sn-devel-184
commit 9b2d28157107602fcbe659664cf9ca25f08bb30b
Author: Ralph Boehme <slow at samba.org>
Date: Fri Aug 19 17:29:55 2022 +0200
smbtorture: check required access for SMB2-GETINFO
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15153
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 66e40690bdd41800a01333ce4243bd62ee2b1894
Author: Ralph Boehme <slow at samba.org>
Date: Sun Aug 14 18:51:30 2022 +0200
s4/libcli/smb2: avoid using smb2_composite_setpathinfo() in smb2_util_setatr()
smb2_composite_setpathinfo() uses SEC_FLAG_MAXIMUM_ALLOWED which can
have unwanted side effects like breaking oplocks if the effective access
includes [READ|WRITE]_DATA.
For changing the DOS attributes we only need SEC_FILE_WRITE_ATTRIBUTE. With this
change test_smb2_oplock_batch25() doesn't trigger an oplock break anymore.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15153
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 339e78f2075a7c0bbf780063597892ba56dac390
Author: Andreas Schneider <asn at samba.org>
Date: Mon Feb 21 11:36:39 2022 +0100
gitlab-ci: Add a shellcheck runner
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
Autobuild-User(master): Pavel Filipensky <pfilipensky at samba.org>
Autobuild-Date(master): Mon Aug 22 21:30:09 UTC 2022 on sn-devel-184
commit f12aa54ba0d38fc5c6412a3cfb9152af969258ac
Author: Andreas Schneider <asn at samba.org>
Date: Mon Jun 13 16:11:31 2022 +0200
testprogs: Fix shellcheck errors in upgradeprovision-oldrelease.sh
testprogs/blackbox/upgradeprovision-oldrelease.sh:134:103: error: Double
quote array expansions to avoid re-splitting elements. [SC2068]
testprogs/blackbox/upgradeprovision-oldrelease.sh:140:117: error: Double
quote array expansions to avoid re-splitting elements. [SC2068]
testprogs/blackbox/upgradeprovision-oldrelease.sh:145:105: error: Double
quote array expansions to avoid re-splitting elements. [SC2068]
testprogs/blackbox/upgradeprovision-oldrelease.sh:151:122: error: Double
quote array expansions to avoid re-splitting elements. [SC2068]
testprogs/blackbox/upgradeprovision-oldrelease.sh:156:110: error: Double
quote array expansions to avoid re-splitting elements. [SC2068]
testprogs/blackbox/upgradeprovision-oldrelease.sh:162:134: error: Double
quote array expansions to avoid re-splitting elements. [SC2068]
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
commit c4ba21bc770e17139edf052dc55fd9dd9485b134
Author: Andreas Schneider <asn at samba.org>
Date: Mon Jun 13 16:08:40 2022 +0200
testprogs: Fix shellcheck errors in test_wintest.sh
testprogs/blackbox/test_wintest.sh:15:97: error: Double quote array
expansions to avoid re-splitting elements. [SC2068]
testprogs/blackbox/test_wintest.sh:40:31: error: Double quote array
expansions to avoid re-splitting elements. [SC2068]
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
commit 355f620653fdc377673fde146e369c243bc9098f
Author: Andreas Schneider <asn at samba.org>
Date: Mon Jun 13 16:07:21 2022 +0200
testprogs: Fix shellcheck errors in test_weak_crypto_server.sh
testprogs/blackbox/test_weak_crypto_server.sh:59:65: error: Use braces
when expanding arrays, e.g. ${array[idx]} (or ${var}[.. to quiet).
[SC1087]
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
commit cd24e2dfb792d261814d88517eb893cb8d50ab75
Author: Andreas Schneider <asn at samba.org>
Date: Mon Jun 13 16:03:39 2022 +0200
testprogs: Fix shellchecks errors in test_pdbtest.sh
testprogs/blackbox/test_pdbtest.sh:61:53: error: Double quote array
expansions to avoid re-splitting elements. [SC2068]
testprogs/blackbox/test_pdbtest.sh:73:157: error: Double quote array
expansions to avoid re-splitting elements. [SC2068]
testprogs/blackbox/test_pdbtest.sh:76:79: error: Double quote array
expansions to avoid re-splitting elements. [SC2068]
testprogs/blackbox/test_pdbtest.sh:78:92: error: Double quote array
expansions to avoid re-splitting elements. [SC2068]
testprogs/blackbox/test_pdbtest.sh:80:79: error: Double quote array
expansions to avoid re-splitting elements. [SC2068]
testprogs/blackbox/test_pdbtest.sh:90:79: error: Double quote array
expansions to avoid re-splitting elements. [SC2068]
testprogs/blackbox/test_pdbtest.sh:92:75: error: Double quote array
expansions to avoid re-splitting elements. [SC2068]
testprogs/blackbox/test_pdbtest.sh:96:73: error: Double quote array
expansions to avoid re-splitting elements. [SC2068]
testprogs/blackbox/test_pdbtest.sh:100:99: error: Double quote array
expansions to avoid re-splitting elements. [SC2068]
testprogs/blackbox/test_pdbtest.sh:104:89: error: Double quote array
expansions to avoid re-splitting elements. [SC2068]
testprogs/blackbox/test_pdbtest.sh:111:125: error: Double quote array
expansions to avoid re-splitting elements. [SC2068]
testprogs/blackbox/test_pdbtest.sh:115:70: error: Double quote array
expansions to avoid re-splitting elements. [SC2068]
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
commit 150cbc0f3a9887f569416f0eab5e10b3aeaee998
Author: Andreas Schneider <asn at samba.org>
Date: Mon Jun 13 15:58:34 2022 +0200
testprogs: Fix shellcheck errors in test_password_settings.sh
testprogs/blackbox/test_password_settings.sh:48:57: error: Double quote
array expansions to avoid re-splitting elements. [SC2068]
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
commit d9ebb77c11e11cf0d3cbbbc6943d5941c89a004a
Author: Andreas Schneider <asn at samba.org>
Date: Mon Jun 13 15:57:35 2022 +0200
testprogs: Fix shellcheck errors in test_kpasswd_heimdal.sh
testprogs/blackbox/test_kpasswd_heimdal.sh:46:57: error: Double quote
array expansions to avoid re-splitting elements. [SC2068]
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
commit 1e4ea99e5ff0332e1409d7c1789fa92fd00d0818
Author: Andreas Schneider <asn at samba.org>
Date: Mon Jun 13 15:55:25 2022 +0200
testprogs: Fix shellcheck errors in test_kinit_trusts_mit.sh
testprogs/blackbox/test_kinit_trusts_mit.sh:55:63: error: Double quote
array expansions to avoid re-splitting elements. [SC2068]
testprogs/blackbox/test_kinit_trusts_mit.sh:109:106: error: Double quote
array expansions to avoid re-splitting elements. [SC2068]
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
commit 391d0cf667d9e58aa7539e26ec991870d92a598d
Author: Andreas Schneider <asn at samba.org>
Date: Mon Jun 13 15:52:58 2022 +0200
testprogs: Fix shellcheck errors in test_kinit_heimdal.sh
testprogs/blackbox/test_kinit_heimdal.sh:83:107: error: Double quote
array expansions to avoid re-splitting elements. [SC2068]
testprogs/blackbox/test_kinit_heimdal.sh:87:126: error: Double quote
array expansions to avoid re-splitting elements. [SC2068]
testprogs/blackbox/test_kinit_heimdal.sh:101:126: error: Double quote
array expansions to avoid re-splitting elements. [SC2068]
testprogs/blackbox/test_kinit_heimdal.sh:103:154: error: Double quote
array expansions to avoid re-splitting elements. [SC2068]
testprogs/blackbox/test_kinit_heimdal.sh:105:112: error: Double quote
array expansions to avoid re-splitting elements. [SC2068]
testprogs/blackbox/test_kinit_heimdal.sh:118:195: error: Double quote
array expansions to avoid re-splitting elements. [SC2068]
testprogs/blackbox/test_kinit_heimdal.sh:145:154: error: Double quote
array expansions to avoid re-splitting elements. [SC2068]
testprogs/blackbox/test_kinit_heimdal.sh:217:122: error: Double quote
array expansions to avoid re-splitting elements. [SC2068]
testprogs/blackbox/test_kinit_heimdal.sh:251:116: error: Double quote
array expansions to avoid re-splitting elements. [SC2068]
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
commit 4aa50e72b048a299d1fdeca953cf9965bdb2093b
Author: Andreas Schneider <asn at samba.org>
Date: Mon Jun 13 15:48:39 2022 +0200
testprogs: Fix shellcheck errors in test_kinit_trusts_heimdal.sh
testprogs/blackbox/test_kinit_trusts_heimdal.sh:80:114: error: Double
quote array expansions to avoid re-splitting elements. [SC2068]
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
commit 4ce5d8df254ae565a179c5c41e672538a8ded663
Author: Andreas Schneider <asn at samba.org>
Date: Mon Jun 13 15:47:20 2022 +0200
testprogs: Fix shellcheck errors in test_kinit_mit.sh
testprogs/blackbox/test_kinit_mit.sh:54:62: error: Double quote array
expansions to avoid re-splitting elements. [SC2068]
testprogs/blackbox/test_kinit_mit.sh:110:107: error: Double quote array
expansions to avoid re-splitting elements. [SC2068]
testprogs/blackbox/test_kinit_mit.sh:114:126: error: Double quote array
expansions to avoid re-splitting elements. [SC2068]
testprogs/blackbox/test_kinit_mit.sh:128:126: error: Double quote array
expansions to avoid re-splitting elements. [SC2068]
testprogs/blackbox/test_kinit_mit.sh:130:154: error: Double quote array
expansions to avoid re-splitting elements. [SC2068]
testprogs/blackbox/test_kinit_mit.sh:132:118: error: Double quote array
expansions to avoid re-splitting elements. [SC2068]
testprogs/blackbox/test_kinit_mit.sh:164:195: error: Double quote array
expansions to avoid re-splitting elements. [SC2068]
testprogs/blackbox/test_kinit_mit.sh:201:154: error: Double quote array
expansions to avoid re-splitting elements. [SC2068]
testprogs/blackbox/test_kinit_mit.sh:263:122: error: Double quote array
expansions to avoid re-splitting elements. [SC2068]
testprogs/blackbox/test_kinit_mit.sh:301:116: error: Double quote array
expansions to avoid re-splitting elements. [SC2068]
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
commit e4a4ce9cc8e4b0aeb9a3fcc016fee40d0197038f
Author: Andreas Schneider <asn at samba.org>
Date: Mon Jun 13 15:39:58 2022 +0200
testprogs: Fix shellcheck errors in test_export_keytab_mit.sh
testprogs/blackbox/test_export_keytab_mit.sh:45:47: error: Double quote
array expansions to avoid re-splitting elements. [SC2068]
testprogs/blackbox/test_export_keytab_mit.sh:92:98: error: Double quote
array expansions to avoid re-splitting elements. [SC2068]
testprogs/blackbox/test_export_keytab_mit.sh:94:106: error: Double quote
array expansions to avoid re-splitting elements. [SC2068]
testprogs/blackbox/test_export_keytab_mit.sh:97:117: error: Double quote
array expansions to avoid re-splitting elements. [SC2068]
testprogs/blackbox/test_export_keytab_mit.sh:100:166: error: Double
quote array expansions to avoid re-splitting elements. [SC2068]
testprogs/blackbox/test_export_keytab_mit.sh:102:177: error: Double
quote array expansions to avoid re-splitting elements. [SC2068]
testprogs/blackbox/test_export_keytab_mit.sh:105:155: error: Double
quote array expansions to avoid re-splitting elements. [SC2068]
testprogs/blackbox/test_export_keytab_mit.sh:107:173: error: Double
quote array expansions to avoid re-splitting elements. [SC2068]
testprogs/blackbox/test_export_keytab_mit.sh:132:94: error: Double quote
array expansions to avoid re-splitting elements. [SC2068]
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
commit edf0433204e375619a0158fb61a4b30327435fd1
Author: Andreas Schneider <asn at samba.org>
Date: Mon Jun 13 15:37:11 2022 +0200
testprogs: Fix shellcheck errors in test_export_keytab_heimdal.sh
testprogs/blackbox/test_export_keytab_heimdal.sh:65:79: error: Double
quote array expansions to avoid re-splitting elements. [SC2068]
testprogs/blackbox/test_export_keytab_heimdal.sh:67:102: error: Double
quote array expansions to avoid re-splitting elements. [SC2068]
testprogs/blackbox/test_export_keytab_heimdal.sh:69:113: error: Double
quote array expansions to avoid re-splitting elements. [SC2068]
testprogs/blackbox/test_export_keytab_heimdal.sh:72:158: error: Double
quote array expansions to avoid re-splitting elements. [SC2068]
testprogs/blackbox/test_export_keytab_heimdal.sh:74:169: error: Double
quote array expansions to avoid re-splitting elements. [SC2068]
testprogs/blackbox/test_export_keytab_heimdal.sh:77:147: error: Double
quote array expansions to avoid re-splitting elements. [SC2068]
testprogs/blackbox/test_export_keytab_heimdal.sh:79:165: error: Double
quote array expansions to avoid re-splitting elements. [SC2068]
testprogs/blackbox/test_export_keytab_heimdal.sh:82:178: error: Double
quote array expansions to avoid re-splitting elements. [SC2068]
testprogs/blackbox/test_export_keytab_heimdal.sh:112:80: error: Double
quote array expansions to avoid re-splitting elements. [SC2068]
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
commit 5dd28adeea9c495bb6572a71852403667b4d4818
Author: Andreas Schneider <asn at samba.org>
Date: Mon Jun 13 15:33:55 2022 +0200
testprogs: Fix shellcheck errors in test_chgdcpass.sh
testprogs/blackbox/test_chgdcpass.sh:48:79: error: Double quote array
expansions to avoid re-splitting elements. [SC2068]
testprogs/blackbox/test_chgdcpass.sh:49:74: error: Double quote array
expansions to avoid re-splitting elements. [SC2068]
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
commit 447e6b929104b88a10cf29288c0cb7b1c1b386c6
Author: Andreas Schneider <asn at samba.org>
Date: Mon Jun 13 15:31:38 2022 +0200
testprogs: Fix shellcheck errors in dbcheck-oldrelease.sh
testprogs/blackbox/dbcheck-oldrelease.sh:249:95: error: Double quote
array expansions to avoid re-splitting elements. [SC2068]
testprogs/blackbox/dbcheck-oldrelease.sh:304:166: error: Double quote
array expansions to avoid re-splitting elements. [SC2068]
testprogs/blackbox/dbcheck-oldrelease.sh:316:128: error: Double quote
array expansions to avoid re-splitting elements. [SC2068]
testprogs/blackbox/dbcheck-oldrelease.sh:325:145: error: Double quote
array expansions to avoid re-splitting elements. [SC2068]
testprogs/blackbox/dbcheck-oldrelease.sh:398:197: error: Double quote
array expansions to avoid re-splitting elements. [SC2068]
testprogs/blackbox/dbcheck-oldrelease.sh:420:97: error: Double quote
array expansions to avoid re-splitting elements. [SC2068]
testprogs/blackbox/dbcheck-oldrelease.sh:428:134: error: Double quote
array expansions to avoid re-splitting elements. [SC2068]
testprogs/blackbox/dbcheck-oldrelease.sh:438:122: error: Double quote
array expansions to avoid re-splitting elements. [SC2068]
testprogs/blackbox/dbcheck-oldrelease.sh:446:146: error: Double quote
array expansions to avoid re-splitting elements. [SC2068]
testprogs/blackbox/dbcheck-oldrelease.sh:455:134: error: Double quote
array expansions to avoid re-splitting elements. [SC2068]
testprogs/blackbox/dbcheck-oldrelease.sh:474:146: error: Double quote
array expansions to avoid re-splitting elements. [SC2068]
testprogs/blackbox/dbcheck-oldrelease.sh:483:134: error: Double quote
array expansions to avoid re-splitting elements. [SC2068]
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
commit 4b19bbaa93a67566519caec1a6f974e6874d84d6
Author: Andreas Schneider <asn at samba.org>
Date: Mon Jun 13 15:27:58 2022 +0200
s4:utils: Fix shellcheck errors in test_samba_tool.sh
source4/utils/tests/test_samba_tool.sh:38:110: error: Double quote array
expansions to avoid re-splitting elements. [SC2068]
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
commit cbf1f8904bcbafa3edf323e1e829204d51e070ee
Author: Andreas Schneider <asn at samba.org>
Date: Mon Jun 13 15:27:04 2022 +0200
s4:torture: Fix shellcheck errors in test_masktest.sh
source4/torture/tests/test_masktest.sh:26:117: error: Double quote array
expansions to avoid re-splitting elements. [SC2068]
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
commit 0618bd8a6c9477ea17defddde42cd43a0a27a422
Author: Andreas Schneider <asn at samba.org>
Date: Mon Jun 13 15:25:58 2022 +0200
s4:tortue: Fix shellcheck errors in test_locktest.sh
source4/torture/tests/test_locktest.sh:26:137: error: Double quote array
expansions to avoid re-splitting elements. [SC2068]
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
commit 7a89d22bed3163a445433197deead42ec5dee4e6
Author: Andreas Schneider <asn at samba.org>
Date: Mon Jun 13 11:29:15 2022 +0200
s4:torture: Fix shellcheck errors in test_gentest.sh
source4/torture/tests/test_gentest.sh:31:235: error: Double quote array
expansions to avoid re-splitting elements. [SC2068]
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
commit 8c1c63aab820897f95d6c5ae2aa65275ddd97e50
Author: Andreas Schneider <asn at samba.org>
Date: Mon Jun 13 11:27:53 2022 +0200
s4:selftest: Fix shellcheck errors in wintest_rpc.sh
source4/selftest/win/wintest_rpc.sh:61:27: error: Use braces when
expanding arrays, e.g. ${array[idx]} (or ${var}[.. to quiet). [SC1087]
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
commit b7a024e4ef8f0cbc40a125f91d03e5ce526f1052
Author: Andreas Schneider <asn at samba.org>
Date: Mon Jun 13 11:26:38 2022 +0200
s4:selftest: Fix shellcheck errors in wintest_net.sh
source4/selftest/win/wintest_net.sh:57:27: error: Use braces when
expanding arrays, e.g. ${array[idx]} (or ${var}[.. to quiet). [SC1087]
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
Autobuild-User(master): Pavel Filipensky <pfilipensky at samba.org>
Autobuild-Date(master): Mon Aug 22 15:15:11 UTC 2022 on sn-devel-184
commit b1e80d02c761879ef526d7d80195e3a812b6bffc
Author: Andreas Schneider <asn at samba.org>
Date: Fri Jun 10 13:29:19 2022 +0200
s4:setup: Fix shellcheck errors in provision_fileperms.sh
source4/setup/tests/provision_fileperms.sh:27:14: error: Iterating over
ls output is fragile. Use globs. [SC2045]
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
commit 6c2871429f8cfc7b480fcae9e944d75709ff74ee
Author: Andreas Schneider <asn at samba.org>
Date: Fri Jun 10 13:22:00 2022 +0200
s4:selftest: Fix shellcheck errors in wintest_2k3_dc.sh
source4/selftest/win/wintest_2k3_dc.sh:57:16: error: Use braces when
expanding arrays, e.g. ${array[idx]} (or ${var}[.. to quiet). [SC1087]
source4/selftest/win/wintest_2k3_dc.sh:62:16: error: Use braces when
expanding arrays, e.g. ${array[idx]} (or ${var}[.. to quiet). [SC1087]
source4/selftest/win/wintest_2k3_dc.sh:85:16: error: Use braces when
expanding arrays, e.g. ${array[idx]} (or ${var}[.. to quiet). [SC1087]
source4/selftest/win/wintest_2k3_dc.sh:101:16: error: Use braces when
expanding arrays, e.g. ${array[idx]} (or ${var}[.. to quiet). [SC1087]
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
commit 4b2f4189491dfe5fc5d31689a87694730986b71d
Author: Andreas Schneider <asn at samba.org>
Date: Fri Jun 10 13:10:07 2022 +0200
s4:selftest: Fix shellcheck errors in test_w2k3.sh
source4/selftest/test_w2k3.sh:40:67: error: Use braces when expanding
arrays, e.g. ${array[idx]} (or ${var}[.. to quiet). [SC1087]
source4/selftest/test_w2k3.sh:46:66: error: Use braces when expanding
arrays, e.g. ${array[idx]} (or ${var}[.. to quiet). [SC1087]
source4/selftest/test_w2k3.sh:48:66: error: Use braces when expanding
arrays, e.g. ${array[idx]} (or ${var}[.. to quiet). [SC1087]
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
commit d85a2dbfd78ed58219f6572b7a5ae08d2422464d
Author: Andreas Schneider <asn at samba.org>
Date: Fri Jun 10 13:07:49 2022 +0200
s4:script: Fix shellcheck errors in find_unused_options.sh
source4/script/find_unused_options.sh:20:16: error: Use braces when
expanding arrays, e.g. ${array[idx]} (or ${var}[.. to quiet). [SC1087]
source4/script/find_unused_options.sh:30:16: error: Use braces when
expanding arrays, e.g. ${array[idx]} (or ${var}[.. to quiet). [SC1087]
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
commit 866b8dcb54750304371fa2457c1b1f859328049e
Author: Andreas Schneider <asn at samba.org>
Date: Fri Jun 10 13:05:37 2022 +0200
s4:client: Fix shellcheck errors in test_smbclient.sh
source4/client/tests/test_smbclient.sh:31:99: error: Double quote array
expansions to avoid re-splitting elements. [SC2068]
source4/client/tests/test_smbclient.sh:41:116: error: Double quote array
expansions to avoid re-splitting elements. [SC2068]
source4/client/tests/test_smbclient.sh:43:94: error: Double quote array
expansions to avoid re-splitting elements. [SC2068]
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
commit a82301d5f2cb3a5b6269e46f36e51d17da825a6a
Author: Andreas Schneider <asn at samba.org>
Date: Wed Jun 8 14:55:28 2022 +0200
testprogs: Fix shellcheck errors in common_test_fns.inc
common_test_fns.inc:13:64: error: Double quote array expansions to avoid
re-splitting elements. [SC2068]
common_test_fns.inc:32:64: error: Double quote array expansions to avoid
re-splitting elements. [SC2068]
common_test_fns.inc:53:64: error: Double quote array expansions to avoid
re-splitting elements. [SC2068]
common_test_fns.inc:80:64: error: Double quote array expansions to avoid
re-splitting elements. [SC2068]
common_test_fns.inc:106:61: error: Double quote array expansions to
avoid re-splitting elements. [SC2068]
common_test_fns.inc:110:32: error: Double quote array expansions to
avoid re-splitting elements. [SC2068]
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
commit 25e9a74e2eb95e67620d506b45d91c9a817b4843
Author: Andreas Schneider <asn at samba.org>
Date: Wed Jun 8 14:47:20 2022 +0200
s3:script: Fix shellcheck errors in test_smbstatus.sh
test_smbstatus.sh:78:22: error: Use braces when expanding arrays, e.g.
${array[idx]} (or ${var}[.. to quiet). [SC1087]
test_smbstatus.sh:135:22: error: Use braces when expanding arrays, e.g.
${array[idx]} (or ${var}[.. to quiet). [SC1087]
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
commit a8b19ebfc81ff4257f410671eb77cfd65c5f1630
Author: Andreas Schneider <asn at samba.org>
Date: Wed Jun 8 14:42:48 2022 +0200
s3:script: Fix shellcheck errors in test_smbspool.sh
test_smbspool.sh:124:24: error: Couldn't parse this test expression. Fix
to allow more checks. [SC1073]
test_smbspool.sh:124:44: error: If grouping expressions inside [..], use
\( ..\). [SC1026]
test_smbspool.sh:124:46: error: Expected test to end here (don't wrap
commands in []/[[]]). Fix any mentioned problems and try again. [SC1072]
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
commit 47eacce86be0c0bc3da84d8c327e49659044fb51
Author: Andreas Schneider <asn at samba.org>
Date: Fri Mar 4 12:08:28 2022 +0100
s3:script: Fix shellcheck errors in test_smbclient_s3.sh
source3/script/tests/test_smbclient_s3.sh:270:5: error: Couldn't parse
this test expression. Fix to allow more checks. [SC1073]
source3/script/tests/test_smbclient_s3.sh:270:11: error: Expected test
to end here (don't wrap commands in []/[[]]). Fix any mentioned problems
and try again. [SC1072]
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
commit ae67e068be9d0816072f21e71f8fd201968965a6
Author: Andreas Schneider <asn at samba.org>
Date: Fri Mar 4 12:05:06 2022 +0100
s3:script: Fix shellcheck errors in test_rpcclient_samlogon.sh
source3/script/tests/test_rpcclient_samlogon.sh:17:114: error: Double
quote array expansions to avoid re-splitting elements. [SC2068]
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
commit 4abfa262b230fcb9f9cf107e37d3c84ace0d353a
Author: Andreas Schneider <asn at samba.org>
Date: Fri Mar 4 12:03:19 2022 +0100
s3:script: Fix shellcheck errors in test_preserve_case.sh
source3/script/tests/test_preserve_case.sh:42:59: error: Double quote
array expansions to avoid re-splitting elements. [SC2068]
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
commit 4edb4d979bf720b70387c6f347eab17943df933c
Author: Andreas Schneider <asn at samba.org>
Date: Thu Mar 3 15:25:14 2022 +0100
s3:script: Fix shellcheck errors in test_net_registry_roundtrip.sh
source3/script/tests/test_net_registry_roundtrip.sh:51:2: error: Double
quote array expansions to avoid re-splitting elements. [SC2068]
source3/script/tests/test_net_registry_roundtrip.sh:55:16: error:
Argument mixes string and array. Use * or separate argument. [SC2145]
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
commit 6f65ecfe5a3bffe88796aa467206ece050c6d69a
Author: Andreas Schneider <asn at samba.org>
Date: Thu Mar 3 15:23:25 2022 +0100
s3:script: Fix shellcheck errors in test_net_registry_check.sh
source3/script/tests/test_net_registry_check.sh:33:32: error: Double
quote array expansions to avoid re-splitting elements. [SC2068]
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
commit 4c02eb4df34f389125a768b6ce13a5002caf607e
Author: Andreas Schneider <asn at samba.org>
Date: Thu Mar 3 15:21:33 2022 +0100
s3:script: Fix shellcheck errors in test_net_lookup.sh
source3/script/tests/test_net_lookup.sh:37:9: error: Remove spaces
around = to assign (or use [ ] to compare, or quote '=' if literal).
[SC2283]
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
commit 8b359fa4df803a8e5790865476f217e15a31c3d1
Author: Andreas Schneider <asn at samba.org>
Date: Thu Mar 3 15:18:45 2022 +0100
s3:script: Fix shellcheck errors in test_net_cred_change.sh
source3/script/tests/test_net_cred_change.sh:13:64: error: Double quote
array expansions to avoid re-splitting elements. [SC2068]
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
commit 249b8e8af8c20f28005cdd56deda919aaddaec05
Author: Andreas Schneider <asn at samba.org>
Date: Thu Feb 24 11:41:14 2022 +0100
s3:script: Fix shellcheck errors in test_dfree_quota.sh
source3/script/tests/test_dfree_quota.sh:125:65: error: Double quote
array expansions to avoid re-splitting elements. [SC2068]
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
commit 8c23b829a12417fa859205b8a6f482941aad70ec
Author: Andreas Schneider <asn at samba.org>
Date: Thu Feb 24 11:39:24 2022 +0100
s3:script: Fix shellcheck errors in test_dfree_command.sh
source3/script/tests/test_dfree_command.sh:38:59: error: Double quote
array expansions to avoid re-splitting elements. [SC2068]
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
commit 3f080f7db6f68adf882d9d71840cf1e09a707802
Author: Andreas Schneider <asn at samba.org>
Date: Thu Feb 24 11:36:58 2022 +0100
s3:script: Fix shellcheck errors in dlopen.sh
source3/script/tests/dlopen.sh:51:12: error: Double quote array
expansions to avoid re-splitting elements. [SC2068]
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
commit 4b87e58fe4394dde6b9024c7ca666e8f60f7ce8b
Author: Andreas Schneider <asn at samba.org>
Date: Thu Feb 24 11:32:53 2022 +0100
s3:script: Fix shellcheck errors in mksyms.sh
source3/script/mksyms.sh:33:19: error: Double quote array expansions to
avoid re-splitting elements. [SC2068]
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
commit 75e03ea021afa66842b6e0dea21072b1b8026d58
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Mon Aug 22 16:56:46 2022 +1200
libcli/smb: Set error status if 'iov' pointer is NULL
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15152
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Mon Aug 22 09:03:29 UTC 2022 on sn-devel-184
commit 40d4912d841e6bcd7cd37810ef101d5f89268ee7
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Mon Aug 22 15:50:02 2022 +1200
libcli/smb: Ensure we call tevent_req_nterror() on failure
Commit 3594c3ae202688fd8aae5f7f5e20464cb23feea9 added a NULL check for
'inhdr', but it meant we didn't always call tevent_req_nterror() when we
should.
Now we handle connection errors. We now also set an error status if the
NULL check fails.
I noticed this when an ECONNRESET error from a server refusing SMB1
wasn't handled, and the client subsequently hung in epoll_wait().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15152
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 968a5ae89f0d0da219e7dd05dd1f7f7c96dbb910
Author: Ralph Boehme <slow at samba.org>
Date: Sun Aug 14 16:39:37 2022 +0200
smbd: directly pass fsp to SMB_VFS_FGETXATTR() in fget_ea_dos_attribute()
We're now consistently passing the base_fsp to SMB_VFS_FSET_DOS_ATTRIBUTES(), so
we don't need to check for a stream_fsp here anymore.
Additionally vfs_default will assert a non-stream fsp inside
vfswrap_fgetxattr(), so in case any caller wrongly passes a stream fsp, this is
caught in vfs_default.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 3f7d8db9945a325020e4d1574289dea9e8331c29
Author: Ralph Boehme <slow at samba.org>
Date: Thu Aug 11 17:18:13 2022 +0200
smbd: add and use vfs_fget_dos_attributes()
Commit d71ef1365cdde47aeb3465699181656b0655fa04 caused a regression where the
creation date on streams wasn't updated anymore on the stream fsp.
By adding a simple wrapper vfs_fget_dos_attributes() that takes care of
- passing only the base_fsp to the VFS, so the VFS can be completely agnostic of
all the streams related complexity like fake fds,
- propagating any updated btime from the base_fsp->fsp_name to the
stream_fsp->fsp_name
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit e74b10e17ee5df0f77ac5349242841be8d71c4e8
Author: Ralph Boehme <slow at samba.org>
Date: Sat Aug 13 16:13:07 2022 +0200
smbtorture: add test smb2.stream.attributes2
Specifically torture the creation date is the same for the file and its streams.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit b5848d391be4f7633745d9c36e432ac8b1c9dba2
Author: Ralph Boehme <slow at samba.org>
Date: Sat Aug 13 17:04:50 2022 +0200
smbtorture: rename smb2.streams.attributes to smb2.streams.attributes1
A subsequent commit adds another streams test named "attributes2", this change
avoids matching the new testname with the existing knownfail entries.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit d4f18f99d3a40a8df00beb006e2731959aa6fad9
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Aug 15 09:56:15 2022 +0200
s3:smbd: let delay_for_oplock_fn() only call leases_db_get() once
get_lease_type() will just call leases_db_get() again for leases,
so only call it for oplocks.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Aug 19 19:39:18 UTC 2022 on sn-devel-184
commit 60ae7a5a2ed9a03d8693b9b455b7b3696386aeb1
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Aug 15 09:45:43 2022 +0200
s3:smbd: lease_match_break_fn() only needs leases_db_get() once
get_lease_type() will just call leases_db_get() again...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 76da56aa65bb9fe7f2f8c4a2e30e278a61db1ff5
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Aug 18 12:52:54 2022 +0200
s3:smbd: inline fsp_lease_type_is_exclusive() logic into contend_level2_oplocks_begin_default
SMB2_LEASE_WRITE is the indication for an exclusive lease,
the fact that a SMB2_LEASE_WRITE can't exists without
SMB2_LEASE_READ is not important here.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit bf8f2258497f7d2a5a5f8d1cacf1a30899ed455c
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Aug 18 14:14:20 2022 +0200
s3:locking: move get_existing_share_mode_lock() to share_mode_lock.[ch]
This should be where get_share_mode_lock() is located.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 8b3b316680221487f84a7cfe14f52e8ffd64ba85
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Aug 10 08:27:15 2022 +0000
s3:locking: pass lease_key explicitly to set_share_mode()
We should avoid accessing fsp->lease if possible.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 0fbca175ae4763d82f8a414ee3d6354c95d5294e
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Aug 19 15:17:41 2022 +0000
s3:smbd: only run validate_oplock_types() with smbd:validate_oplock_types = yes
This is really expensive as share_mode_forall_entries() is currently
doing a talloc_memdup() of the whole record...
This is mainly used to avoid regressions, so only
use smbd:validate_oplock_types = yes in make test,
but skip it for production.
This improves the following test:
time smbtorture //127.0.0.1/m -Uroot%test \
smb2.create.bench-path-contention-shared \
--option='torture:bench_path=file.dat' \
--option="torture:timelimit=60" \
--option="torture:nprocs=256" \
--option="torture:qdepth=1"
From:
open[num/s=8852,avslat=0.014999,minlat=0.000042,maxlat=0.054600]
close[num/s=8850,avslat=0.014136,minlat=0.000025,maxlat=0.054537]
to:
open[num/s=11377,avslat=0.012075,minlat=0.000041,maxlat=0.054107]
close[num/s=11375,avslat=0.010594,minlat=0.000023,maxlat=0.053620]
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit c75de325710c0fbbd50a0acd3af55404165440d6
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Aug 18 17:32:43 2022 +0200
s3:g_lock: avoid useless talloc_array(0) in g_lock_dump()
In the common case we don't have any shared lock holders,
so there's no need to allocate memory for the empty array.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit bb3dddcdf11e6c2f5319d64bf2ef20636d0ed82f
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Aug 18 17:52:33 2022 +0200
s3:g_lock: add some const to the shared array passed via g_lock_dump*()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit bf1dd1a188c096093bedc628a14bb037e3209630
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Aug 18 16:06:02 2022 +0200
lib/util: add unlikely() to SMB_ASSERT()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 06f35edaf129ce3195960905d38af73ec12fc716
Author: Volker Lendecke <vl at samba.org>
Date: Tue Sep 1 13:24:55 2020 +0200
lib: Map ERANGE to NT_STATUS_INTEGER_OVERFLOW
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15151
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Fri Aug 19 12:43:06 UTC 2022 on sn-devel-184
commit b954d181cd25d9029d3c222e8d97fe7a3b0b2400
Author: Volker Lendecke <vl at samba.org>
Date: Mon Aug 31 16:14:14 2020 +0200
vfs_gpfs: Prevent mangling of GPFS timestamps after 2106
gpfs_set_times as of August 2020 stores 32-bit unsigned tv_sec. We
should not silently garble time stamps but reject the attempt to set
an out-of-range timestamp.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15151
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
commit 96e2a82760ea06a89b7387b5cd3e864732afded3
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Aug 15 22:45:17 2022 +0200
s3:smbd: only clear LEASE_READ if there's no read lease is left
If contend_level2_oplocks_begin_default() skips break it's
own lease, we should not clear SHARE_MODE_LEASE_READ
in share_mode_data->flags.
Otherwise that lease won't see any lease break notifications
for writes from other clients (file handles not using the same lease
key).
So we need to count the number existing read leases (including
the one with the same lease key) in order to know it's
safe to clear SMB2_LEASE_READ/SHARE_MODE_LEASE_READ.
Otherwise the next run (likely from another client)
will get the wrong result from file_has_read_lease().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15148
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Aug 18 19:41:33 UTC 2022 on sn-devel-184
commit 9e5ff607eb1b9c45c8836d3cff9d51b418740b87
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Aug 17 17:07:08 2022 +0200
s4:torture/smb2: add smb2.lease.v[1,2]_bug_15148
This demonstrates the bug that happens with a
write to a file handle holding an R lease,
while there are other openers without any lease.
When one of the other openers writes to the file,
the R lease of the only lease holder isn't broken to NONE.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15148
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 7592aad4d7a84d0ac66a156a22af3ad77803e55c
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Aug 15 10:49:13 2022 +0200
s3:smbd: share_mode_flags_set() takes SMB2_LEASE_* values
We currently only ever pass SMB2_LEASE_READ and both
have the same value of 0x1, so for now it's only cosmetic,
but that will change soon.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15148
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit cf5f7b1489930f6d64c3e3512f116ccf286d4605
Author: Jeremy Allison <jra at samba.org>
Date: Wed Aug 17 11:43:47 2022 -0700
s3: smbd: Plumb close_type parameter through close_file_in_loop(), file_close_conn()
Allows close_file_in_loop() to differentiate between SHUTDOWN_CLOSE
(previously it only used this close type) and ERROR_CLOSE - called
on error from smbXsrv_tcon_disconnect() in the error path. In that
case we want to close the fd, but not run any delete-on-close actions.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15128
Signed-off-by: Jeremy Allison <jra at samba.org>
Reivewed-by: Noel Power <npower at samba.org>
Autobuild-User(master): Noel Power <npower at samba.org>
Autobuild-Date(master): Thu Aug 18 14:10:18 UTC 2022 on sn-devel-184
commit 7005a6354df5522d9f665fb30052c458dfc93124
Author: Jeremy Allison <jra at samba.org>
Date: Wed Aug 17 11:39:36 2022 -0700
s3: smbd: Add "enum file_close_type close_type" parameter to file_close_conn().
Not yet used.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15128
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
commit 9203d17106c0e55a30813ff1ed76869c7581a343
Author: Jeremy Allison <jra at samba.org>
Date: Wed Aug 17 11:35:29 2022 -0700
s3: smbd: Add "enum file_close_type close_type" parameter to close_cnum().
Not yet used, but needed so we can differentiate between
SHUTDOWN_CLOSE and ERROR_CLOSE in smbXsrv_tcon_disconnect()
if we fail to chdir. In that case we want to close the fd,
but not run any delete-on-close actions.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15128
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
commit e4371a4c3b891ae4e88bd91cda8eb84eb7304e04
Author: Andreas Schneider <asn at samba.org>
Date: Wed Feb 23 12:19:19 2022 +0100
release-script: Fix shellcheck errors
./release-scripts/build-docs:4:7: error: Double quote array expansions
to avoid re-splitting elements. [SC2068]
Same error for the other scripts.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
Autobuild-User(master): Pavel Filipensky <pfilipensky at samba.org>
Autobuild-Date(master): Wed Aug 17 11:03:54 UTC 2022 on sn-devel-184
commit 233a0cd6de9d0d0aac07f1f8d753780e53dbe2b0
Author: Andreas Schneider <asn at samba.org>
Date: Tue Feb 22 18:01:31 2022 +0100
lib:fuzzing: Fix shellcheck errors in build_samba.sh
lib/fuzzing/oss-fuzz/build_samba.sh:24:27: error: Double quote array
expansions to avoid re-splitting elements. [SC2068]
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
commit 72f16b635445025a9b523974ba08c753ea78ed58
Author: Andreas Schneider <asn at samba.org>
Date: Tue Feb 22 17:58:47 2022 +0100
nsswitch: Fix shellcheck errors in test_rfc2307_mapping.sh
nsswitch/tests/test_rfc2307_mapping.sh:65:139: error: Double quote array
expansions to avoid re-splitting elements. [SC2068]
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
commit c3823ff371fe5c605ddaa61a3c76bc233d5f1501
Author: Andreas Schneider <asn at samba.org>
Date: Tue Feb 22 17:50:34 2022 +0100
examples: Fix shellcheck error in VampireDriversFunctions
examples/printing/VampireDriversFunctions:183:24: error: Double quote
array expansions to avoid re-splitting elements. [SC2068]
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
commit fe33eaba026cab7881ab07e424e4dde94d896a1e
Author: Andreas Schneider <asn at samba.org>
Date: Tue Feb 22 17:51:16 2022 +0100
examples: Remove trailing spaces in VampireDriversFunctions
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
commit 0461fa13d4af0565ed885873cfdad18bb07ba9fd
Author: Andreas Schneider <asn at samba.org>
Date: Tue Feb 22 17:42:55 2022 +0100
examples: Fix shellcheck error in get_next_oid
examples/LDAP/get_next_oid:6:4: error: Remove spaces around += to assign
(or quote '+=' if literal). [SC2285]
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
commit 9594778895ee1be90c491c9b1d13c97cce16cc53
Author: Andreas Schneider <asn at samba.org>
Date: Mon Feb 21 11:24:07 2022 +0100
testprogs: Fix variable asignment in test_wintest.sh
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
commit 665db97662664cc8f657a9d3b1af286748356e76
Author: Andreas Schneider <asn at samba.org>
Date: Mon Feb 21 11:23:27 2022 +0100
s3:script: Fix variable asignment in test_dfree_command.sh
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
commit b696ae1b02bdcbaa58d863ba23ecb945f904d81f
Author: Andreas Schneider <asn at samba.org>
Date: Mon Feb 21 11:25:37 2022 +0100
script: Add script to run shellcheck on shell scripts
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
commit 5ae4a6249f6228c6c231ca79138790943673efe6
Author: Andreas Schneider <asn at samba.org>
Date: Mon Feb 21 11:29:29 2022 +0100
bootstrap: Install ShellCheck and shfmt
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
commit f92bacbe216d2d74ea3ccf3fe0df5c1cc9860996
Author: Jeremy Allison <jra at samba.org>
Date: Fri Jul 22 16:28:03 2022 +0100
s3/smbd: Use after free when iterating smbd_server_connection->connections
Change conn_free() to just use a destructor. We now
catch any other places where we may have forgetten to
call conn_free() - it's implicit on talloc_free(conn).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15128
Based on code from Noel Power <noel.power at suse.com>.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
Autobuild-User(master): Noel Power <npower at samba.org>
Autobuild-Date(master): Wed Aug 17 09:54:06 UTC 2022 on sn-devel-184
commit 0bdfb5a5e60df214c088df0782c4a1bcc2a4944a
Author: Jeremy Allison <jra at samba.org>
Date: Tue Aug 16 13:51:27 2022 -0700
s3/smbd: Use after free when iterating smbd_server_connection->connections
In SMB2 smbd_smb2_tree_connect() we create a new conn struct
inside make_connection_smb2() then move the ownership to tcon using:
tcon->compat = talloc_move(tcon, &compat_conn);
so the lifetime of tcon->compat is tied directly to tcon.
Inside smbXsrv_tcon_disconnect() we have:
908 ok = chdir_current_service(tcon->compat);
909 if (!ok) {
910 status = NT_STATUS_INTERNAL_ERROR;
911 DEBUG(0, ("smbXsrv_tcon_disconnect(0x%08x, '%s'): "
912 "chdir_current_service() failed: %s\n",
913 tcon->global->tcon_global_id,
914 tcon->global->share_name,
915 nt_errstr(status)));
916 tcon->compat = NULL;
917 return status;
918 }
919
920 close_cnum(tcon->compat, vuid);
921 tcon->compat = NULL;
If chdir_current_service(tcon->compat) fails, we return status without ever having
called close_cnum(tcon->compat, vuid), leaving the conn pointer left in the linked
list sconn->connections.
The caller frees tcon and (by ownership) tcon->compat, still leaving the
freed tcon->compat pointer on the sconn->connections linked list.
When deadtime_fn() fires and walks the sconn->connections list it
indirects this freed pointer. We must call close_cnum() on error also.
Valgrind trace from Noel Power <noel.power at suse.com> is:
==6432== Invalid read of size 8
==6432== at 0x52CED3A: conn_lastused_update (conn_idle.c:38)
==6432== by 0x52CEDB1: conn_idle_all (conn_idle.c:54)
==6432== by 0x5329971: deadtime_fn (smb2_process.c:1566)
==6432== by 0x5DA2339: smbd_idle_event_handler (util_event.c:45)
==6432== by 0x685F2F8: tevent_common_invoke_timer_handler (tevent_timed.c:376)
==6432== Address 0x19074b88 is 232 bytes inside a block of size 328 free'd
==6432== at 0x4C3451B: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==6432== by 0x5B38521: _tc_free_internal (talloc.c:1222)
==6432== by 0x5B39463: _tc_free_children_internal (talloc.c:1669)
==6432== by 0x5B38404: _tc_free_internal (talloc.c:1184)
==6432== by 0x5B39463: _tc_free_children_internal (talloc.c:1669)
==6432== by 0x5B38404: _tc_free_internal (talloc.c:1184)
==6432== by 0x5B39463: _tc_free_children_internal (talloc.c:1669)
==6432== by 0x5B38404: _tc_free_internal (talloc.c:1184)
==6432== by 0x5B39463: _tc_free_children_internal (talloc.c:1669)
==6432== by 0x5B38404: _tc_free_internal (talloc.c:1184)
==6432== by 0x5B385C5: _talloc_free_internal (talloc.c:1248)
==6432== by 0x5B3988D: _talloc_free (talloc.c:1792)
==6432== by 0x5349B22: smbd_smb2_flush_send_queue (smb2_server.c:4828)
==6432== Block was alloc'd at
==6432== at 0x4C332EF: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==6432== by 0x5B378D9: __talloc_with_prefix (talloc.c:783)
==6432== by 0x5B37A73: __talloc (talloc.c:825)
==6432== by 0x5B37E0C: _talloc_named_const (talloc.c:982)
==6432== by 0x5B3A8ED: _talloc_zero (talloc.c:2421)
==6432== by 0x539873A: conn_new (conn.c:70)
==6432== by 0x532D692: make_connection_smb2 (smb2_service.c:909)
==6432== by 0x5352B5E: smbd_smb2_tree_connect (smb2_tcon.c:344)
https://bugzilla.samba.org/show_bug.cgi?id=15128
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
commit 123f1c07c41b40de6a9d53599d3d9a42f1a5e92b
Author: Christian Ambach <ambi at samba.org>
Date: Mon Aug 15 23:30:23 2022 +0200
s3:utils remove documentation of -l as alias for --long
This was removed in 94fc9ca4c506468ab1907d501c0964d67b9d963c, so remove it from
the usage output and manpage.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15145
Signed-off-by: Christian Ambach <ambi at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Wed Aug 17 07:14:21 UTC 2022 on sn-devel-184
commit 563a2c8d7296e77ae12de1c5a1a3797e72294068
Author: Andreas Schneider <asn at samba.org>
Date: Wed Aug 10 13:55:48 2022 +0200
waf: Fix SO version number of libsamba-errors
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15141
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
commit ddbf1b29eee140b3112eb238852bfdc8285eb04f
Author: Jule Anger <janger at samba.org>
Date: Mon Aug 15 15:27:55 2022 +0200
manpages: add smbstatus option --json with sample output
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15147
Signed-off-by: Jule Anger <janger at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Jule Anger <janger at samba.org>
Autobuild-Date(master): Tue Aug 16 15:04:54 UTC 2022 on sn-devel-184
commit 4b91702a6ea2c6474e635d5ae5f7acd9aebbbab7
Author: Jule Anger <janger at samba.org>
Date: Tue Aug 16 12:25:13 2022 +0200
s3:tests: let smbstatus json tests fail if jq is not installed
Signed-off-by: Jule Anger <janger at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 55b3bcc30b4ffb026798f3a2626322d13c96ba24
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Aug 16 09:36:09 2022 +0200
s3:vfs.h: change SMB_VFS_INTERFACE_VERSION to 48 for 4.18
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Tue Aug 16 11:51:36 UTC 2022 on sn-devel-184
commit 5adf051228b56c05fe1205e7a865a497b58e81d9
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Aug 16 09:35:16 2022 +0200
s3:vfs.h: add comment about VFS_OPEN_HOW_RESOLVE_NO_SYMLINKS
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15146
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 1654eae11b9c13308b2b78f70309eb3a56960619
Author: Jeremy Allison <jra at samba.org>
Date: Thu Aug 11 10:03:58 2022 -0700
s3: smbd: Add IS_VETO_PATH checks to openat_pathref_fsp_case_insensitive().
Returns NT_STATUS_OBJECT_NAME_NOT_FOUND for final component.
Note we have to call the check before each call to
openat_pathref_fsp(), as each call may be using a
different filesystem name. The first name is the
one passed into openat_pathref_fsp_case_insensitive()
by the caller, the second one is a name retrieved from
get_real_filename_cache_key(), and the third one is the name
retrieved from get_real_filename_at(). The last two
calls may have demangled the client given name into
a veto'ed path on the filesystem.
Remove knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15143
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Tue Aug 16 08:26:54 UTC 2022 on sn-devel-184
commit 1c293060204d96bf94427f91eb20eb9decc29a41
Author: Jeremy Allison <jra at samba.org>
Date: Thu Aug 11 09:55:56 2022 -0700
s3: smbd: Add IS_VETO_PATH check to openat_pathref_dirfsp_nosymlink().
Returns NT_STATUS_OBJECT_PATH_NOT_FOUND for directory component.
Note IS_VETO_PATH only looks at the last component, so we must
do it during the directory walk on each component.
Note, we also have to check after a call to get_real_filename_at()
as it may have demangled the client sent name into a filesystem
name that matches the "veto files" parameter.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15143
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit c6933673222ea9ae2eb74d5586c9495269f51ea0
Author: Jeremy Allison <jra at samba.org>
Date: Thu Aug 11 09:51:11 2022 -0700
s3: tests: Add samba3.blackbox.test_veto_files.
Shows we currently don't look at smb.conf veto files parameter
when opening a file or directory. Checks multi-component paths.
Also checks veto files that might be hidden behind a mangled
name.
Add knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15143
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 076c22fbd7ecbf22dbfeb1711609f07fd42f88b0
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Aug 12 10:55:42 2022 +0200
selftest/Samba3: let nt4_dc* use vfs_default:VFS_OPEN_HOW_RESOLVE_NO_SYMLINKS=no
We should always test the code path without openat2 being available,
even if the kernel supports it.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Mon Aug 15 16:00:26 UTC 2022 on sn-devel-184
commit 4708ba2f013c5f5ea5aa5dcf4873c2b4a86fb8ff
Author: Volker Lendecke <vl at samba.org>
Date: Fri Jun 17 17:41:52 2022 +0200
vfs_default: Use openat2(RESOLVE_NO_SYMLINKS) if available
This improves the following test:
time smbtorture //127.0.0.1/m -Uroot%test \
smb2.create.bench-path-contention-shared \
--option='torture:bench_path=Apps\1\2\3\4\5\6\7\8\9\10' \
--option="torture:timelimit=600" \
--option="torture:nprocs=1"
From:
open[num/s=14186,avslat=0.000044,minlat=0.000042,maxlat=0.000079]
close[num/s=14185,avslat=0.000027,minlat=0.000025,maxlat=0.000057]
to:
open[num/s=16917,avslat=0.000038,minlat=0.000035,maxlat=0.000340]
close[num/s=16916,avslat=0.000020,minlat=0.000019,maxlat=0.000104]
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Volker Lendecke <vl at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit 8544f4490a0b5e54b807daedddb96778744b62ee
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Jul 27 18:43:14 2022 +0000
vfs_default: prepare O_PATH usage with openat2()
When O_PATH is specified in flags, flag bits other than O_CLOEXEC,
O_DIRECTORY, and O_NOFOLLOW are ignored.
In preparation to use openat2(), which gives an error instead of
ignoring flags, we better remove unexpected flags, callers typically
pass O_RDONLY and O_NONBLOCK.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit d6653067b20e61af1f05423764c8486a1a5445c8
Author: Volker Lendecke <vl at samba.org>
Date: Thu Jul 14 19:44:04 2022 +0200
s3:smbd: let openat_pathref_dirfsp_nosymlink() try VFS_OPEN_HOW_RESOLVE_NO_SYMLINKS first
This will reduce the amount of syscalls and the related cost drastically
for long path names.
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Volker Lendecke <vl at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit 35b99c87ef92df006f8b0a41bbea051f0faeadb9
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Aug 12 19:12:44 2022 +0200
s3:smbd: let openat_pathref_dirfsp_nosymlink() handle ELOOP similar to ENOTDIR
This is no likely to happen as we use O_NOFOLLOW with O_DIRECTORY,
but it's better to be prepared...
This will be more important in the upcoming openat2(RESOLVE_NO_SYMLINK)
case, but we should be consitent...
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit 17484d069b92d08b0228fb509ea42ab4c3f496a8
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Aug 10 22:01:10 2022 +0200
s3:smbd: let openat_pathref_dirfsp_nosymlink() do a verification loop against . and .. first
I guess we should catch NT_STATUS_OBJECT_NAME_INVALID first,
currently the check is already done in check_path_syntax*,
but we may remove it in future.
But the most important reason for this is the
openat2(RESOLVE_NO_SYMLINK) optimization, which will
be introduced in the following commits.
Review with: git show -w
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit f7dc27558329eea7d2c4d75ee101c7f9d3a7afe3
Author: Volker Lendecke <vl at samba.org>
Date: Fri Jun 3 16:45:41 2022 +0200
vfs: define VFS_OPEN_HOW_RESOLVE_NO_SYMLINKS
This will allow us to make use of openat2(RESOLVE_NO_SYMLINKS) soon.
The caller should check if connection_struct.open_how_resolve contains
VFS_OPEN_HOW_RESOLVE_NO_SYMLINKS before using it, this avoids waisting
cpu time. But even then the caller must be prepared to handle -1/ENOSYS.
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Volker Lendecke <vl at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit ae1a84f7313bdf4702492451714eacc78ee7745f
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Aug 12 10:53:06 2022 +0200
lib/replace: let DISABLE_OPATH also undef __NR_openat2
The reason for DISABLE_OPATH is to simulate a non-linux
system, so we should not use openat2() either.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit f7618dd31a9f8f6c0dbfdedd1a664eed25e2e449
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Aug 8 15:33:24 2022 +0200
lib/replace: add fallback defines for __NR_openat2
sys/syscall.h might be older than the runtime kernel.
If the kernel has support for openat2() we should
try to use if anyway.
The callers have to deal with ENOSYS anyway,
so there's no difference if we get that from syscall(__NR_openat2)
or directly from rep_openat2().
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit b89001e9226ecb0f4e5c906f7195f0e53cd7d608
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Aug 8 15:25:39 2022 +0200
lib/replace: use syscall(__NR_openat2) if available
There's no glibc wrapper for openat2() yet, so we need
to use syscall(__NR_openat2) ourself.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit 37ba6df174d73b82e951de401cba7f839ad61ab5
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Aug 8 15:24:28 2022 +0200
lib/replace: always include <sys/syscall.h> in replace.c if available
It will be used for openat2() soon.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit ce804b78164a3166a16ca3071028536761fd18d7
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Aug 8 15:23:29 2022 +0200
lib/replace: add a replacement for openat2() that returns ENOSYS
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit 2369d0833361faf4a125431e735fce7efb6024d6
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Aug 8 15:29:28 2022 +0200
vfs_btrfs: fix include order, includes.h or replace.h should be first
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit cea9451f780d13e528f1722a67eccbbc78b2daf9
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Aug 9 10:29:24 2022 +0000
vfs_io_uring: hide a possible definition of struct open_how in liburing/compat.h
liburing.h will include liburing/compat.h, which either includes
linux/openat2.h or defines struct open_how itself.
This will help with the following changes, which will provide
openat2() via libreplace's system/filesys.h, either including
linux/openat2.h or defining open_how ourself.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit 2b51bad747551605ba3b70ac3b692107a0cd7aad
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Aug 11 00:41:28 2022 +0200
wafsamba: allow cflags for CHECK_TYPE[_IN]()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit 085f14857531dab179af66a69962486c7dd2592c
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Aug 12 19:07:39 2022 +0200
s3:tests: add a lot more tests to test_symlink_traversal_smb2.sh
We now also test more path components checking the difference between
OBJECT_NAME_NOT_FOUND and OBJECT_PATH_NOT_FOUND.
We also test with symlinks within the path instead of only checking
symlinks as final path components (at least for the dirfsp part).
This ensures the following commits won't introduce regressions
when adding the openat2(RESOLVE_NO_SYMLINK) optimization.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit a38fad29803f9e2891b2264ac3258394152e8deb
Author: Andreas Schneider <asn at samba.org>
Date: Wed Aug 10 08:51:06 2022 +0200
s3:utils: Fix NULL check
CID 1507864
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15140
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Aug 12 21:50:23 UTC 2022 on sn-devel-184
commit 4a702cddaebf7e616706e0c728685567e141b493
Author: Andreas Schneider <asn at samba.org>
Date: Wed Aug 10 08:41:24 2022 +0200
s3:util: Initialize json_object structures so we can call json_free()
CID 1507863
CID 1507865
CID 1507866
CID 1507867
CID 1507868
CID 1507869
CID 1507870
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15140
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 78e4aac76df977cea6cdbcfdf082fd3acdffbd95
Author: Jeremy Allison <jra at samba.org>
Date: Mon Aug 8 21:59:14 2022 -0700
s3: smbd: Remove unix_convert() and associated functions.
All code now uses filename_convert_dirfsp() for race-free
filename conversion.
Best viewed with:
$ git show --patience
----------------
/ \
/ REST \
/ IN \
/ PEACE \
/ \
| |
| unix_convert |
| |
| |
| 9th August |
| 2022 |
| |
| |
*| * * * | *
_________)/\\_//(\/(/\)/\//\/\///\/|_)_______
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15144
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Aug 12 19:18:25 UTC 2022 on sn-devel-184
commit cc638c25e0332d366016880d174d9349940cba3f
Author: Jeremy Allison <jra at samba.org>
Date: Tue Aug 9 12:13:10 2022 -0700
s3: smbd: Remove the old dfs_path_lookup() code.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15144
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 88e8bfec59412fdc0e83251fef60b45d2cc3a884
Author: Jeremy Allison <jra at samba.org>
Date: Tue Aug 9 12:11:07 2022 -0700
s3: smbd: Switch get_referred_path() over to use the new dfs_path_lookup().
New function doesn't need a TWRP argument and returns NT_STATUS_OK
on successful redirect, not NT_STATUS_PATH_NOT_COVERED.
Comment out the old dfs_path_lookup().
There are now no more users of unix_convert().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15144
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 22d4f62537199d9454be312a546e251f04022497
Author: Jeremy Allison <jra at samba.org>
Date: Tue Aug 9 12:07:30 2022 -0700
s3: smbd: Add new version of dfs_path_lookup() that uses filename_convert_dirfsp().
Commented out as not yet used but it's easier to see the
new logic this way.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15144
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 6b1224b22012b54b1ae20b682daf61c877362a7b
Author: Jeremy Allison <jra at samba.org>
Date: Wed Aug 10 11:34:24 2022 -0700
s3: smbd: Remove dfs_redirect().
A moment of silence please.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15144
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit d20b60c3200b5e1881cdf4b59da154d1af7e3994
Author: Jeremy Allison <jra at samba.org>
Date: Wed Aug 10 11:32:30 2022 -0700
s3: smbd: Remove call to dfs_redirect() from filename_convert_dirfsp_nosymlink().
Use dfs_filename_convert() instead. There are now no more callers of dfs_redirect().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15144
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit fcf19d91c09edc6dfbf5bd7cbeedcd641030eb31
Author: Jeremy Allison <jra at samba.org>
Date: Wed Aug 10 11:29:33 2022 -0700
s3: smbd: Remove call to dfs_redirect() from filename_convert_smb1_search_path().
Use dfs_filename_convert() instead. Code is now much simpler.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15144
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit d80bedc3c418b6839b1bde78ba8d3db06611be2a
Author: Jeremy Allison <jra at samba.org>
Date: Mon Aug 8 13:18:56 2022 -0700
s3: smbd: In filename_convert_dirfsp_nosymlink(), cope with an MS-DFS link as the terminal component.
If the terminal component was an MSDFS link, openat_pathref_fsp_case_insensitive() will
return NT_STATUS_OBJECT_NAME_NOT_FOUND with a VALID_STAT of a symlink.
If this is the case, check if we actually found a terminal MS-DFS link
at the end of the pathname and return NT_STATUS_PATH_NOT_COVERED.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15144
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 07ef9e3029b8cca1b92d900d6ed684ca0ac6afe4
Author: Jeremy Allison <jra at samba.org>
Date: Mon Aug 8 13:15:17 2022 -0700
s3: smbd: In filename_convert_dirfsp_nosymlink(), allow a NT_STATUS_PATH_NOT_COVERED error to be returned.
openat_pathref_dirfsp_nosymlink() can now return NT_STATUS_PATH_NOT_COVERED.
Don't convert this automatically into NT_STATUS_OBJECT_PATH_NOT_FOUND.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15144
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit b5f6809593524e7e9aca1c09ff379e02a1cde61b
Author: Jeremy Allison <jra at samba.org>
Date: Mon Aug 8 11:31:39 2022 -0700
s3: smbd: Allow openat_pathref_dirfsp_nosymlink() to return NT_STATUS_PATH_NOT_COVERED for a DFS link on a DFS share.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15144
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit a92f4f7af0eaa035deebfb1c930ca0cc12d992d5
Author: Jeremy Allison <jra at samba.org>
Date: Thu Aug 11 23:57:51 2022 -0700
s3: smbd: In get create_junction(), make sure check_path_syntax() is called on returned reqpath.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15144
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit da625e4ab4bc670e44fcb6ad7456aa64d0f1f9d2
Author: Jeremy Allison <jra at samba.org>
Date: Thu Aug 11 23:55:58 2022 -0700
s3: smbd: In get referred_path(), make sure check_path_syntax() is called on returned reqpath.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15144
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 245d07ab84852b829c029496618e56782d070e83
Author: Jeremy Allison <jra at samba.org>
Date: Mon Aug 8 11:16:17 2022 -0700
s3: smbd: Add dfs_filename_convert(). Simple wrapper around parse_dfs_path().
Not yet used.
This is what we will use to replace dfs_redirect() in the filename
conversion code. Keep as a wrapper for now as we might want to
add some error checking around the 'hostname' and 'service'
returns.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15144
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit a3c9eb7931cb4da0dd5bc5d600125979dd1a7df5
Author: Jeremy Allison <jra at samba.org>
Date: Tue Aug 9 10:58:24 2022 -0700
s3: smbd: Use helper function msdfs_servicename_matches_connection() in dfs_redirect().
Replaces ugly complex logic.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15144
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit c0a1d7c7a8a7f24890e60c7a371498949dec11c2
Author: Jeremy Allison <jra at samba.org>
Date: Tue Aug 9 10:53:18 2022 -0700
s3: smbd: Use helper function msdfs_servicename_matches_connection() in parse_dfs_path().
Replaces ugly complex logic.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15144
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 4f5d02f8c0efc1520b2113ce656c78483deb7826
Author: Jeremy Allison <jra at samba.org>
Date: Tue Aug 9 10:49:46 2022 -0700
s3: smbd: Add helper function msdfs_servicename_matches_connection().
Not yet used so commented out.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15144
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 6c83c674bab8e57ecaf6271eb3a403171bbbacca
Author: Jeremy Allison <jra at samba.org>
Date: Mon Aug 8 10:27:16 2022 -0700
s3: smbd: Remove definition of struct dfs_path.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15144
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit f92711f000a3cb658dfb8fffe92ae6bba78b4f91
Author: Jeremy Allison <jra at samba.org>
Date: Wed Aug 10 11:17:49 2022 -0700
s3: smbd: Remove use of 'struct dfs_path'. Not needed for a (hostname, servicename, path) tuple.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15144
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 2df8a8ab87a1372f2b67880be4454a0285b3104b
Author: Jeremy Allison <jra at samba.org>
Date: Wed Aug 10 11:06:47 2022 -0700
s3: smbd: Add TALLOC_CTX * parameter to parse_dfs_path().
Not yet used. Preparing to remove 'struct dfs_path'.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15144
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 0a4a27ce48bc7090aa821eea5e56f8d44c686716
Author: Jeremy Allison <jra at samba.org>
Date: Tue Aug 9 10:43:45 2022 -0700
s3: smbd: Ensure smb2_file_rename_information() uses the SMB2 pathname parsers, not the SMB1 parsers.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15144
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit a2a097fc3d6a89fb970c1ea3ea75fde93ddb545e
Author: Jeremy Allison <jra at samba.org>
Date: Tue Aug 9 10:41:39 2022 -0700
s3: smbd: Make sure we have identical check_path_syntax logic in smbd_smb2_create_durable_lease_check(), as for smb2_create.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15144
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 4fafc3418931de06ea2d91baca1eef8d904cc4e6
Author: Jeremy Allison <jra at samba.org>
Date: Tue Aug 9 10:39:41 2022 -0700
s3: smbd: In smbd_smb2_create_send() call the helper function check_path_syntax_smb2().
Previously for DFS names we were skipping this.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15144
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 7bd7fa0a0b46ad6826097a1987595e2ab6f83384
Author: Jeremy Allison <jra at samba.org>
Date: Tue Aug 9 10:36:00 2022 -0700
s3: smbd: Add helper function check_path_syntax_smb2().
Not yet used, but uses check_path_syntax_smb2_msdfs()
so remove the #ifdef's around that.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15144
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit bcba5502282eb6dcc346d7c63aa3218cda2f9bb0
Author: Jeremy Allison <jra at samba.org>
Date: Fri Aug 5 12:16:44 2022 -0700
s3: smbd: Add new function check_path_syntax_smb2_msdfs() for SMB2 MSDFS paths.
#ifdef'ed out as static and not yet used.
We can't just call check_path_syntax() on these as
they are of the form hostname\share[\extrapath]
(where [\extrapath] is optional).
hostname here can be an IPv6 ':' separated address,
which check_path_syntax() fails on due to the streamname
processing.
NB. This also has to cope with out existing (broken)
libsmbclient libraries that sometimes set the DFS
flag and then send a local pathname. Cope by just
calling the normal check_path_syntax() on the
whole pathname in that case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15144
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 2818fd6910201fd4a18b921933a0b7392a0a8995
Author: Jeremy Allison <jra at samba.org>
Date: Fri Aug 5 19:27:33 2022 -0700
s3: smbd: Fix cosmetic bug logging pathnames from Linux kernel clients using SMB1 DFS calls.
The Linux kernel SMB1 client has a bug - it sends
DFS pathnames as:
\\server\share\path
instead of:
\server\share\path
Causing us to mis-parse server,share,remaining_path here
and jump into 'goto local_path' at 'share\path' instead
of 'path'.
This doesn't cause an error as the limits on share names
are similar to those on pathnames.
parse_dfs_path() which we call before filename parsing
copes with this by calling trim_char on the leading '\'
characters before processing.
Do the same here so logging of pathnames looks better.
How did I find this ? Lots and lots of manual
testing with the Linux kernel client to make
sure all the recent changes haven't broken Linux
SMB1/2/3 DFS :-).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15144
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 23988f19e7cc2823d6c0c0f40af0195d0a3b81bf
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Aug 10 13:14:52 2022 +0000
s4:torture/smb2: add smb2.bench.echo
This test calls SMB2_Echo in a loop per connection.
For 4 connections with 2 parallel loops use this:
time smbtorture //127.0.0.1/m -Uroot%test smb2.bench.echo \
--option="torture:timelimit=600" \
--option="torture:nprocs=1" \
--option="torture:qdepth=2"
Sometimes the bottleneck is the smbtorture process.
In order to bring the smbd process to 100% cpu, you can use
'--option="libsmb:client_guid=6112f7d3-9528-4a2a-8861-0ca129aae6c4"'
and run multiple instances of the test at the same time,
which both talk to the same smbd process.
This is a very useful test to show how many requests are possible
at the raw SMB2 layer.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Aug 11 19:23:37 UTC 2022 on sn-devel-184
commit 8ee783c4803d28cccc39144afa7b78c4b9e0cc2e
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Aug 10 11:43:20 2022 +0000
s4:torture/smb2: teach smb2.bench.path-contention-shared about --option="torture:qdepth=4"
This can now test more than one open/close loop per connection.
time smbtorture //127.0.0.1/m -Uroot%test \
smb2.create.bench-path-contention-shared \
--option='torture:bench_path=' \
--option="torture:timelimit=60" \
--option="torture:nprocs=1" \
--option="torture:qdepth=4"
The default is still 1, but it's very useful for tests.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 72caffbe1115c57ad38270eaeb951f6b97bf62b3
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Aug 10 13:15:45 2022 +0000
s4:param: add --option="libsmb:client_guid=6112f7d3-9528-4a2a-8861-0ca129aae6c4" support...
We already handle this in the source3/libsmb code, but it's good to
have this also for torture tests.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit cd01f5134696f7789fbc2933629ac2606feb0b5e
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Aug 10 13:16:14 2022 +0000
s3:g_lock: use TDB_VOLATILE to avoid fcntl locks
This improves 'time smbtorture3 //foo/bar -U% local-g-lock-ping-pong -o 50000000'
from ~1.400.000 to ~3.400.000 operations per second any a testsystem.
As we also use TDB_VOLATILE for locking.tdb, this is a much more
realistic test now.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit a0a97d27f7a60dbd86317b51bec0ece2476e8c8d
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Aug 9 14:07:12 2022 +0000
smbd: avoid calling SMB_VFS_FGET_NT_ACL() if do_not_check_mask already covers all
This is inspired by 0d4cb5a641e1fea2d369bdc66470a580321366c2,
which avoids SMB_VFS_FGET_NT_ACL() for the root user again.
Opens with just FILE_READ_ATTRIBUTES are very common, so it's worth
optimizing for it.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 8c7e8c5f80f1488456f9dd6225020d29f74458d2
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Aug 10 16:45:26 2022 +0200
s3:include: remove unused update_stat_ex_file_id() prototype
It was removed by commit 643da37fd139413651a6198fb0f6e550f7de6584
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 1b470aaa67b0d5b2405621306c5b0d99d1fa0770
Author: Pavel Filipenský <pfilipensky at samba.org>
Date: Fri Aug 5 21:43:25 2022 +0200
s3:passdb: Consolidate error checking in fetch_ldap_pw()
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Thu Aug 11 06:34:56 UTC 2022 on sn-devel-184
commit 60ce54c36d70c0ceddd5984343fb51462a6b1b76
Author: Pavel Filipenský <pfilipensky at samba.org>
Date: Fri Aug 5 17:30:19 2022 +0200
s3:passdb: Remove upgrade support of samba-2.2 style ldap password
It was introduced in 2002. Probably we no longer need to support
password upgrade from samba-2.2.
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit fc45fcfde51b0b0bdcd524c82a0f9eabf7273045
Author: Ralph Boehme <slow at samba.org>
Date: Wed Jul 27 18:40:21 2022 +0200
vfs_default: assert all passed in fsp's and names are non-stream type
Enforce fsp is a non-stream one in as many VFS operations as possible in
vfs_default. We really need an assert here instead of returning an error, as
otherwise he can have very hard to diagnose bugs.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Wed Aug 10 16:32:35 UTC 2022 on sn-devel-184
commit 51243e3849736acbbf1d8f52cc02cdec5995fde4
Author: Ralph Boehme <slow at samba.org>
Date: Fri Jul 29 07:07:25 2022 +0200
vfs_streams_xattr: restrict which fcntl's are allowed on streams
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit f0299abf1b28a14518328710d9f84bef17fd2ecf
Author: Ralph Boehme <slow at samba.org>
Date: Wed Jul 27 15:58:37 2022 +0200
smbd: skip access checks for stat-opens on streams in open_file()
For streams, access is already checked in create_file_unixpath() by
check_base_file_access().
We already skip the access check in this function when doing an IO open of a
file, see above in open_file(), also skip it for "stat opens".
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit 06555c6bcb5644fc9eea35b3cbae8d8801c65ab6
Author: Ralph Boehme <slow at samba.org>
Date: Wed Jul 27 19:05:26 2022 +0200
smbd: use metadata_fsp() in get_acl_group_bits()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit 3af8f8e8741cc8c889bbf416ccd38a1b702917ec
Author: Ralph Boehme <slow at samba.org>
Date: Fri Jul 29 14:56:41 2022 +0200
smbd: ignore request to set the SPARSE attribute on streams
As per MS-FSA 2.1.1.5 this is a per stream attribute, but our backends don't
support it in a consistent way, therefor just pretend success and ignore the
request.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit 55e55804bb2d0f21c1bbe207257bb40555f3b7a2
Author: Ralph Boehme <slow at samba.org>
Date: Fri Jul 29 14:56:21 2022 +0200
smbd: use metadata_fsp() with SMB_VFS_FSET_DOS_ATTRIBUTES()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit 03b9ce84736d536ab2dd8a5ce1a2656e6a90c8c8
Author: Ralph Boehme <slow at samba.org>
Date: Fri Jul 29 14:55:08 2022 +0200
smbd: use metadata_fsp() with SMB_VFS_FGET_DOS_ATTRIBUTES()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit 4ab29e2a345b48ebba652d5154e96adf954a6757
Author: Ralph Boehme <slow at samba.org>
Date: Fri Jul 29 14:54:07 2022 +0200
smbd: use metadata_fsp() with SMB_VFS_FSET_NT_ACL()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit c949e4b2a42423ac3851e86e489fd0c5d46d7f1f
Author: Ralph Boehme <slow at samba.org>
Date: Fri Jul 29 14:49:56 2022 +0200
smbd: use metadata_fsp() with SMB_VFS_FGET_NT_ACL()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit 23bc760ec5d61208c2d8778991e3d7e202eab352
Author: Ralph Boehme <slow at samba.org>
Date: Wed Jul 27 13:37:32 2022 +0200
CI: add a test trying to delete a stream on a pathref ("stat open") handle
When using vfs_streams_xattr, for a pathref handle of a stream the system fd
will be a fake fd created by pipe() in vfs_fake_fd().
For the following callchain we wrongly pass a stream fsp to
SMB_VFS_FGET_NT_ACL():
SMB_VFS_CREATE_FILE(..., "file:stream", ...)
=> open_file():
if (open_fd):
-> taking the else branch:
-> smbd_check_access_rights_fsp(stream_fsp)
-> SMB_VFS_FGET_NT_ACL(stream_fsp)
This is obviously wrong and can lead to strange permission errors when using
vfs_acl_xattr:
in vfs_acl_xattr we will try to read the stored ACL by calling
fgetxattr(fake-fd) which of course faild with EBADF. Now unfortunately the
vfs_acl_xattr code ignores the specific error and handles this as if there was
no ACL stored and subsequently runs the code to synthesize a default ACL
according to the setting of "acl:default acl style".
As the correct access check for streams has already been carried out by calling
check_base_file_access() from create_file_unixpath(), the above problem is not
a security issue: it can only lead to "decreased" permissions resulting in
unexpected ACCESS_DENIED errors.
The fix is obviously going to be calling
smbd_check_access_rights_fsp(stream_fsp->base_fsp).
This test verifies that deleting a file works when the stored NT ACL grants
DELETE_FILE while the basic POSIX permissions (used in the acl_xattr fallback
code) do not.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit 92e0045d7ca7c0b94efd0244ba0e426cad0a05b6
Author: Ralph Boehme <slow at samba.org>
Date: Wed Jul 27 12:47:21 2022 +0200
vfs_xattr_tdb: add "xattr_tdb:ignore_user_xattr" option
Allows passing on "user." xattr to the backend. This can be useful for testing
specific aspects of operation on streams when "streams_xattr" is configured as
stream filesystem backend.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit 451ad315a9bf32c627e1966ec30185542701c87e
Author: Ralph Boehme <slow at samba.org>
Date: Wed Jul 27 11:59:54 2022 +0200
vfs_xattr_tdb: add a module config
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit b26dc252aaf3f4b960bdfdb6a3dfe612b89fcdd5
Author: Ralph Boehme <slow at samba.org>
Date: Wed Jul 27 12:43:01 2022 +0200
vfs_xattr_tdb: move close_xattr_db()
This just makes the diff of the next commit smaller and easier to digest.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit 0d3995cec10c5fae8c8b6a1df312062e38437e6f
Author: Ralph Boehme <slow at samba.org>
Date: Wed Jul 27 16:04:24 2022 +0200
smdb: use fsp_is_alternate_stream() in open_file()
No change in behaviour.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit 042141efdb56d1e8d9f0246c9dff3a6c4329b8d4
Author: Andreas Schneider <asn at samba.org>
Date: Wed Feb 23 12:11:07 2022 +0100
third_party: Reformat shell scripts
shfmt -w -p -i 0 -fn third_party/update.sh
shfmt -w -p -i 0 -fn third_party/waf/update.sh
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
Autobuild-User(master): Pavel Filipensky <pfilipensky at samba.org>
Autobuild-Date(master): Wed Aug 10 14:14:04 UTC 2022 on sn-devel-184
commit bb2e0622f04355bc3c8ac7dc8d0d6dcf7a66b107
Author: Andreas Schneider <asn at samba.org>
Date: Wed Feb 23 12:12:09 2022 +0100
testsuite: Reformat shell scripts
shfmt -f testsuite/ | xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
commit db8849ea05ec9b5e7a6873d576b3469ddf77f8af
Author: Andreas Schneider <asn at samba.org>
Date: Fri Apr 22 15:46:06 2022 +0200
testprogs: Reformat upgradeprovision-oldrelease.sh
shfmt -w -p -i 0 -fn testprogs/blackbox/upgradeprovision-oldrelease.sh
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
commit c1325fc1fdc2e4684c934d14f0d395ed8cfab66a
Author: Andreas Schneider <asn at samba.org>
Date: Fri Apr 22 15:46:06 2022 +0200
testprogs: Reformat tombstones-expunge.sh
shfmt -w -p -i 0 -fn testprogs/blackbox/tombstones-expunge.sh
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
commit 022f5aa77b828c460530ae03e18fdc92ae525257
Author: Andreas Schneider <asn at samba.org>
Date: Fri Apr 22 15:46:06 2022 +0200
testprogs: Reformat test_wintest.sh
shfmt -w -p -i 0 -fn testprogs/blackbox/test_wintest.sh
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
commit 1c89bdb6a900b6184f53a27d5d5ea01221969418
Author: Andreas Schneider <asn at samba.org>
Date: Fri Apr 22 15:46:06 2022 +0200
testprogs: Reformat test_weak_disable_ntlmssp_ldap.sh
shfmt -w -p -i 0 -fn testprogs/blackbox/test_weak_disable_ntlmssp_ldap.sh
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
commit 4973baf665fda140fb861adc9127e7a3a0799c9b
Author: Andreas Schneider <asn at samba.org>
Date: Fri Apr 22 15:46:06 2022 +0200
testprogs: Reformat test_weak_crypto_server.sh
shfmt -w -p -i 0 -fn testprogs/blackbox/test_weak_crypto_server.sh
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
commit 34322c499ee996b75e82da6a18fe6c59f2fb66b1
Author: Andreas Schneider <asn at samba.org>
Date: Fri Apr 22 15:46:06 2022 +0200
testprogs: Reformat test_weak_crypto.sh
shfmt -w -p -i 0 -fn testprogs/blackbox/test_weak_crypto.sh
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
commit 138e7f0505bd6e54b26ac673356318f2dafc0f37
Author: Andreas Schneider <asn at samba.org>
Date: Fri Apr 22 15:46:06 2022 +0200
testprogs: Reformat test_trust_utils.sh
shfmt -w -p -i 0 -fn testprogs/blackbox/test_trust_utils.sh
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
commit 8c65813c4a5ce2ffd1105ae93b9f339e3d570d65
Author: Andreas Schneider <asn at samba.org>
Date: Fri Apr 22 15:46:05 2022 +0200
testprogs: Reformat test_trust_user_account.sh
shfmt -w -p -i 0 -fn testprogs/blackbox/test_trust_user_account.sh
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
commit eced0939154837d4bef7ff0d9e6c1b41dabe1948
Author: Andreas Schneider <asn at samba.org>
Date: Fri Apr 22 15:46:05 2022 +0200
testprogs: Reformat test_trust_token.sh
shfmt -w -p -i 0 -fn testprogs/blackbox/test_trust_token.sh
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
commit 12d67003cee004b1b25ef187e89c76ec8335d255
Author: Andreas Schneider <asn at samba.org>
Date: Fri Apr 22 15:46:05 2022 +0200
testprogs: Reformat test_trust_ntlm.sh
shfmt -w -p -i 0 -fn testprogs/blackbox/test_trust_ntlm.sh
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
commit 854a45ca24a8841a53fc5bcb46663f1204d6c24c
Author: Andreas Schneider <asn at samba.org>
Date: Fri Apr 22 15:46:05 2022 +0200
testprogs: Reformat test_special_group.sh
shfmt -w -p -i 0 -fn testprogs/blackbox/test_special_group.sh
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
Autobuild-User(master): Pavel Filipensky <pfilipensky at samba.org>
Autobuild-Date(master): Wed Aug 10 10:21:48 UTC 2022 on sn-devel-184
commit 2d64eafa8be952e4a6b25359ced51422ed00060b
Author: Andreas Schneider <asn at samba.org>
Date: Fri Apr 22 15:46:05 2022 +0200
testprogs: Reformat test_smbtorture_test_names.sh
shfmt -w -p -i 0 -fn testprogs/blackbox/test_smbtorture_test_names.sh
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
commit dae369f483c1076de1edc209fde93a41d6091d16
Author: Andreas Schneider <asn at samba.org>
Date: Fri Apr 22 15:46:05 2022 +0200
testprogs: Reformat test_samba_upgradedns.sh
shfmt -w -p -i 0 -fn testprogs/blackbox/test_samba_upgradedns.sh
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
commit eff28db8d6ae68f93a2a1ea0522ec4ac466b06a8
Author: Andreas Schneider <asn at samba.org>
Date: Fri Apr 22 15:46:05 2022 +0200
testprogs: Reformat test_samba-tool_ntacl.sh
shfmt -w -p -i 0 -fn testprogs/blackbox/test_samba-tool_ntacl.sh
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
commit f1ebc2d78f7f9c54556931f0ed2aeb30103c2b81
Author: Andreas Schneider <asn at samba.org>
Date: Fri Apr 22 15:46:05 2022 +0200
testprogs: Reformat test_s4u_heimdal.sh
shfmt -w -p -i 0 -fn testprogs/blackbox/test_s4u_heimdal.sh
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
commit 4627320e94037972cd6f4a8f763ac0aa12146620
Author: Andreas Schneider <asn at samba.org>
Date: Fri Apr 22 15:46:05 2022 +0200
testprogs: Reformat test_rpcclient_schannel.sh
shfmt -w -p -i 0 -fn testprogs/blackbox/test_rpcclient_schannel.sh
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
commit ef9dc7277e4c5937711de61f7efc945b33eca124
Author: Andreas Schneider <asn at samba.org>
Date: Fri Apr 22 15:46:05 2022 +0200
testprogs: Reformat test_primary_group.sh
shfmt -w -p -i 0 -fn testprogs/blackbox/test_primary_group.sh
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
commit 6e300ccd19253b507d19d408f177db163fb6105f
Author: Andreas Schneider <asn at samba.org>
Date: Fri Apr 22 15:46:05 2022 +0200
testprogs: Reformat test_pkinit_simple.sh
shfmt -w -p -i 0 -fn testprogs/blackbox/test_pkinit_simple.sh
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
commit c253c99d5299a0787fc0de64c489f5394c2b4167
Author: Andreas Schneider <asn at samba.org>
Date: Fri Apr 22 15:46:05 2022 +0200
testprogs: Reformat test_pkinit_pac.sh
shfmt -w -p -i 0 -fn testprogs/blackbox/test_pkinit_pac.sh
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
commit 9d1a255232deba5ae352853e0d66afe6ecdbab09
Author: Andreas Schneider <asn at samba.org>
Date: Fri Apr 22 15:46:05 2022 +0200
testprogs: Reformat test_pdbtest.sh
shfmt -w -p -i 0 -fn testprogs/blackbox/test_pdbtest.sh
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
commit 8490449f60feeaf1686640bfeefe2083d40cdc4c
Author: Andreas Schneider <asn at samba.org>
Date: Fri Apr 22 15:46:05 2022 +0200
testprogs: Reformat test_password_settings.sh
shfmt -w -p -i 0 -fn testprogs/blackbox/test_password_settings.sh
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
commit c7d013420472406032b227ead3c939984fb357a6
Author: Andreas Schneider <asn at samba.org>
Date: Fri Apr 22 15:46:05 2022 +0200
testprogs: Reformat test_old_enctypes.sh
shfmt -w -p -i 0 -fn testprogs/blackbox/test_old_enctypes.sh
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
commit 0a4eb5d8922ef5a464a869572efbb05a7fd78bcc
Author: Andreas Schneider <asn at samba.org>
Date: Fri Apr 22 15:46:05 2022 +0200
testprogs: Reformat test_offline_logon.sh
shfmt -w -p -i 0 -fn testprogs/blackbox/test_offline_logon.sh
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
commit 7403de7eaf752c97411cf9ecfb19ef5d6a9ae77a
Author: Andreas Schneider <asn at samba.org>
Date: Fri Apr 22 15:46:05 2022 +0200
testprogs: Reformat test_net_rpc_user.sh
shfmt -w -p -i 0 -fn testprogs/blackbox/test_net_rpc_user.sh
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
commit a43a7e78f9b51eabc33da2275ecabc9a23c0be46
Author: Andreas Schneider <asn at samba.org>
Date: Fri Apr 22 15:46:05 2022 +0200
testprogs: Reformat test_net_offline.sh
shfmt -w -p -i 0 -fn testprogs/blackbox/test_net_offline.sh
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
commit 8a4a8b7a3a35b9445dd77794d9d04efed451cf37
Author: Andreas Schneider <asn at samba.org>
Date: Fri Apr 22 15:46:05 2022 +0200
testprogs: Reformat test_net_ads_fips.sh
shfmt -w -p -i 0 -fn testprogs/blackbox/test_net_ads_fips.sh
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
commit 865531f9c687f023f0f1708743da21cce12a1c64
Author: Andreas Schneider <asn at samba.org>
Date: Fri Apr 22 15:46:05 2022 +0200
testprogs: Reformat test_net_ads_dns.sh
shfmt -w -p -i 0 -fn testprogs/blackbox/test_net_ads_dns.sh
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
commit 81f1694995df68a300bd74d12659c8059fc5b85c
Author: Andreas Schneider <asn at samba.org>
Date: Fri Apr 22 15:46:05 2022 +0200
testprogs: Reformat test_net_ads.sh
shfmt -w -p -i 0 -fn testprogs/blackbox/test_net_ads.sh
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
commit c44289ce1c826a35057b3815745be338555a47ce
Author: Andreas Schneider <asn at samba.org>
Date: Fri Apr 22 15:46:05 2022 +0200
testprogs: Reformat test_ldb_simple.sh
shfmt -w -p -i 0 -fn testprogs/blackbox/test_ldb_simple.sh
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
commit 19f73f19f4d2d0fb488c1feeedca0bce4d174b8a
Author: Andreas Schneider <asn at samba.org>
Date: Fri Apr 22 15:46:05 2022 +0200
testprogs: Reformat test_ldb.sh
shfmt -w -p -i 0 -fn testprogs/blackbox/test_ldb.sh
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
commit 4d015b4b6db20235d6d821204d03b0e1fce1c681
Author: Volker Lendecke <vl at samba.org>
Date: Tue Aug 9 12:42:05 2022 +0200
smbstatus: Fix the 32-bit build on FreeBSD
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Aug 9 20:04:26 UTC 2022 on sn-devel-184
commit b1b513eebb0999cdfabab597927305be7d978605
Author: Volker Lendecke <vl at samba.org>
Date: Mon Aug 8 14:05:46 2022 +0200
smbd: Use dirfsp where we have it
One reference to conn->cwd_fsp less, makes "mkdir" look less ugly in
strace.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit d6490bdc0f69be3c5e78f08fad7b3f23b4857aa1
Author: Pavel Filipenský <pfilipensky at samba.org>
Date: Sat Aug 6 00:35:22 2022 +0200
s3:passdb: Remove unused function secrets_fetch_trust_account_password()
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon Aug 8 19:03:08 UTC 2022 on sn-devel-184
commit cb8518e19362ee84fe7525cbaab6d779d7e9f254
Author: Pavel Filipenský <pfilipensky at samba.org>
Date: Sat Aug 6 10:11:47 2022 +0200
s3:include: Fix trailing whitespaces in secrets.h
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 751b2b853b36e3a48cf508a9865a52da0ce79cc8
Author: Jule Anger <janger at samba.org>
Date: Mon Aug 8 16:49:03 2022 +0200
ldb: change the version to 2.7.0 for Samba 4.18
Signed-off-by: Jule Anger <janger at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Jule Anger <janger at samba.org>
Autobuild-Date(master): Mon Aug 8 15:51:44 UTC 2022 on sn-devel-184
commit 4292cfa4c8a59dc0acf273d3d52bebeeb44006eb
Author: Jule Anger <janger at samba.org>
Date: Mon Aug 8 16:24:21 2022 +0200
WHATSNEW: Start release notes for Samba 4.18.0pre1.
Signed-off-by: Jule Anger <janger at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit f5faafb559f2b06cf5931df5281a70678905b33b
Author: Jule Anger <janger at samba.org>
Date: Mon Aug 8 16:19:11 2022 +0200
VERSION: Bump version up to 4.18.0pre1...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Jule Anger <janger at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
-----------------------------------------------------------------------
--
Samba Shared Repository
More information about the samba-cvs
mailing list