Jeremy Allison [Mon, 27 Mar 2023 17:06:03 +0000 (10:06 -0700)]
s3: smbd: Add utility function smb2_strip_dfs_path().
Removes any DFS prefix from an SMB2 name. This will
enable me to clean up the mess around SMB2 DFS path
processing, remove some knownfails and eventually
make it much easier to add SMB3+POSIX path processing
now it can ignore DFS prefixes. Original idea from
Volker.
Not yet used.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Mon, 27 Mar 2023 18:25:59 +0000 (11:25 -0700)]
s3: smbd: Change smb2_file_link_information() to use srvstr_pull_talloc()/check_path_syntax_smb2().
It now looks like all other SMB2 path processing and
we can proceed to strip the DFS prefixes from SMB2 pathnames
before further processing.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Mon, 27 Mar 2023 18:14:59 +0000 (11:14 -0700)]
s3: smbd: In smb2_file_link_information(), don't ever expect @GMT tokens in the pathname.
They're an SMB1 thing, not an SMB2 thing. It will always be (and always was) zero.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Mon, 27 Mar 2023 18:07:07 +0000 (11:07 -0700)]
s3: smbd: Duplicate smb_file_link_information() hardlink handling as smb2_file_link_information().
We're going to change the SMB2 path handling for DFS and I
really don't want to try and mix these changes into the
existing smb_file_link_information() code.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Mon, 27 Mar 2023 17:43:55 +0000 (10:43 -0700)]
s3: smbd: Cleanup. smb2_file_rename_information() can never have a @GMT path in the destination.
That's an SMB1 thing. It will always be (and always was) zero.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Mon, 27 Mar 2023 16:48:26 +0000 (09:48 -0700)]
s3: smbd: Cleanup - don't set the FLAGS2_DFS_PATHNAMES in flags2 in the glue struct if it's not a DFS server or share.
Even if the client claims it's a DFS pathname. Matches what Windows does if it gets
a DFS pathname on a non-DFS share.
Remove samba3.smbtorture_s3.smb2.SMB2-NON-DFS-SHARE.smbtorture\(fileserver\)
test knownfail.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Andrew Bartlett [Wed, 29 Mar 2023 02:01:15 +0000 (15:01 +1300)]
selftest: Add test parsing krb5 PAC claims via ndrdump
Including
* compressed claims
* plain (uncompressed) claims
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Mar 31 02:50:30 UTC 2023 on atb-devel-224
Andrew Bartlett [Wed, 29 Mar 2023 21:56:49 +0000 (10:56 +1300)]
sefltest: Extend python NDR parsing tests to compressed and uncompressed claims
This confirms that the compression is transparent and that the
values from a PAC with claims provided by MS Windows are parsed
correctly.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Thu, 16 Mar 2023 06:06:04 +0000 (19:06 +1300)]
librpc/ndr: Use libndr compression for claims
This ensures our python layer and C layer (in the KDC, when implementated)
use the same compression logic and so allows us to test the production
compression via the IDL-generated interfaces.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Tue, 28 Mar 2023 22:49:43 +0000 (11:49 +1300)]
librpc/ndr: Make ndr_push_compression_state_free() a talloc destructor
This means that the generic_mszip_free() will still be called on failure.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Tue, 28 Mar 2023 22:43:10 +0000 (11:43 +1300)]
pidl: Automatically manage creating and freeing the compression state in generated code
Manually written code will handle this differently, but for generated code
this will create and free the context.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Tue, 28 Mar 2023 05:26:13 +0000 (18:26 +1300)]
librpc/ndr: Implement lzxpress_huffman() compression in libndr for Kerberos Claims
Rather than just pick the next value we re-arrange compression values
in libndr to be memnonic to values in MS Windows ntifs.h
This helps avoid confusing developers who compare these
algorithms with local the MS Windows interface.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Thu, 16 Mar 2023 06:05:39 +0000 (19:05 +1300)]
librpc/ndr: Add a "NONE" compression format to libndr
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Tue, 28 Mar 2023 05:31:45 +0000 (18:31 +1300)]
libndr/ndr: Remove unused argument from ndr_push_compression_{start,end}()
Removing the unused arguments avoids thier value being calculated in the
PIDL generated code, which can be expensive.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Tue, 28 Mar 2023 05:35:10 +0000 (18:35 +1300)]
libndr/ndr: Add NDR_COMPRESSION_INVALID
This will help make a mapping from wire-specified compression
algorithms to our available choices safer by allowing an invalid
choice to map to NDR_COMPRESSION_INVALID
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Fri, 17 Mar 2023 00:10:09 +0000 (13:10 +1300)]
librpc/ndr: Unimplement DRSUAPI_COMPRESSION_TYPE_XPRESS and rename
DRSUAPI_COMPRESSION_TYPE_XPRESS is not MS-XCA nor is it implemented by
lzexpress_compress(), so disconnect from that algorithm.
This avoids someone fixing lzxpress_compress() to work for DRSUAPI
and breaking claims support.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Fri, 24 Mar 2023 01:59:55 +0000 (14:59 +1300)]
librpc/ndr: Remove incorrect comment that ndr_compression.h is autogenerated
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Sun, 26 Mar 2023 22:26:31 +0000 (11:26 +1300)]
librpc: Remove incorrect NDR_COMPRESSION dependency from NDR_KRB5CCACHE
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Mon, 27 Mar 2023 22:38:15 +0000 (11:38 +1300)]
ndrdump: Allow a long string of hexidecimal digits as well as a hex dump for --hex-input
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Tue, 28 Mar 2023 02:10:39 +0000 (15:10 +1300)]
lib/compression: Fix documentation of lzxpress_huffman_compress()
The "inconvenience function" takes one type, and converts it to another
but the documentation was not updated.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Tue, 28 Mar 2023 02:42:39 +0000 (15:42 +1300)]
lib/compression: Add helper function lzxpress_huffman_max_compressed_size()
This allows the calculation of the worst case to be shared with callers.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Fri, 24 Mar 2023 02:00:33 +0000 (15:00 +1300)]
pidl: Allow variable expansion (eg of a value() attribute) in compression_alg argument
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Mon, 27 Mar 2023 01:19:51 +0000 (14:19 +1300)]
selftest: Add python test that verifies that we can parse a PAC
This give us a building block to test the PAC claims format
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Mon, 27 Mar 2023 22:33:22 +0000 (11:33 +1300)]
librpc/idl: Explain why PAC_TYPE_CLIENT_CLAIMS_INFO is not directly decoded
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Joseph Sutton [Mon, 20 Mar 2023 01:51:53 +0000 (14:51 +1300)]
s4:kdc: Split verifying a PAC out of updating it
This is to adapt to the changed Heimdal KDC plugin API.
When we add support for device claims, we want to be able to verify the
PAC of the armor ticket without modifying or updating it. Previously, we
couldn't do this as the two operations were tightly intertwined. Now the
parts that only perform verification are split out into a new function,
samba_kdc_verify_pac().
NOTE: This commit finally works again!
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 9 Jan 2023 03:13:33 +0000 (16:13 +1300)]
third_party/heimdal_build: Remove MD2
This is to adapt to Heimdal:
commit
3a5e91eca26284661fd2294dfc485305e5d5cc3d
Author: Nicolas Williams <nico@twosigma.com>
Date: Tue Oct 25 22:20:45 2022 -0500
hcrypto: Remove MD2 with prejudice
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 8 Mar 2023 20:00:02 +0000 (09:00 +1300)]
third_party/heimdal: Import lorikeet-heimdal-
202303200103 (commit
2ee541b5e963f7cffb1ec4acd1a8cc45426a9f28)
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Volker Lendecke [Sat, 25 Mar 2023 15:34:57 +0000 (16:34 +0100)]
pyldb: Fix a copy&paste error, CID
1524512 DEADCODE
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Mar 30 08:08:32 UTC 2023 on atb-devel-224
Andreas Schneider [Tue, 28 Mar 2023 08:17:29 +0000 (10:17 +0200)]
lib:talloc: Move talloc_get_size() out of the talloc reference group
This is not specific to talloc references.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Jeremy Allison [Tue, 21 Mar 2023 17:34:46 +0000 (10:34 -0700)]
s3: libcli: Refuse to connect to any server with zero values for max_trans_size, max_read_size, max_write_size.
There's nothing we can do to such a server (this
now matches the behavior for SMB1).
Remove knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15306
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Mar 29 18:58:33 UTC 2023 on atb-devel-224
Jeremy Allison [Tue, 21 Mar 2023 17:31:36 +0000 (10:31 -0700)]
tests: Add samba3.blackbox.zero_readsize test.
smbclient crashes when smbd has "smb2 max read = 0"
in the [global] section of smb.conf.
We should fail the protocol negotiation with
NT_STATUS_INVALID_NETWORK_RESPONSE in this case.
Adds knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15306
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Tue, 7 Mar 2023 16:21:56 +0000 (17:21 +0100)]
test: Add a test for "deny ous"
Not a comprehensive test for all possible combinations, but it shows
the basic functionality, and it found a bug in the initial
implementation :-)
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Tue, 7 Mar 2023 12:54:47 +0000 (13:54 +0100)]
tests: Slightly simplify test_idmap_ad.sh
ldbmodify can change multiple objects in one run
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Fri, 18 Nov 2022 10:36:28 +0000 (11:36 +0100)]
idmap_ad: Add "deny ous" and "allow ous" options
With these options, certain OUs can be denied or a list of OUs can be
explicitly permitted for idmapping.
Use case: Administration of OUs in AD has been delegated to people not
100% trusted by the unix server team, this can prevent arbitrary unix
IDs to be assigned by these delegated admins.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Tue, 7 Mar 2023 15:08:18 +0000 (16:08 +0100)]
idmap: Initialize struct idmap_ad_context
We'll add another pointer next that should be initialized to NULL
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Thu, 17 Nov 2022 09:43:22 +0000 (10:43 +0100)]
winbind: Add idmap_config_string_list()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Thu, 17 Nov 2022 09:40:36 +0000 (10:40 +0100)]
winbind: Factor out idmap_config_name()
3 times is enough, next patch will add a 4th one.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Andreas Schneider [Sat, 25 Mar 2023 16:10:19 +0000 (17:10 +0100)]
buildtools: Remove compile_commands.json symlink
We are telling clangd with the .clangd project config file where to find it.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Mar 29 17:54:05 UTC 2023 on atb-devel-224
Andreas Schneider [Sat, 25 Mar 2023 16:09:28 +0000 (17:09 +0100)]
Add .clangd configuration file
This is supported since clang 11.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Tue, 28 Mar 2023 12:46:14 +0000 (14:46 +0200)]
s3:waf: Fix One Definition Rule (ODR) violation of libsecrets3
==7109==ERROR: AddressSanitizer: odr-violation (0x7f7d682b4f00):
[1] size=88 'ndr_table_secrets' source3/librpc/gen_ndr/ndr_secrets.c:1002:34
[2] size=88 'ndr_table_secrets' source3/librpc/gen_ndr/ndr_secrets.c:1002:34
These globals were registered at these points:
[1]:
#0 0x7f7d6843eda8 (/lib64/libasan.so.8+0x3eda8)
#1 0x7f7d682970ed in _sub_I_00099_1 (bin/shared/private/libsecrets3-samba4.so+0x1a0ed)
#2 0x7f7d68af72fd in call_init /usr/src/debug/glibc-2.37/elf/dl-init.c:70
#3 0x7f7d68af72fd in call_init /usr/src/debug/glibc-2.37/elf/dl-init.c:26
[2]:
#0 0x7f7d6843eda8 (/lib64/libasan.so.8+0x3eda8)
#1 0x7f7d65d423fb in _sub_I_00099_1 (bin/shared/private/libndr-samba4.so+0x3423fb)
#2 0x7f7d68af72fd in call_init /usr/src/debug/glibc-2.37/elf/dl-init.c:70
#3 0x7f7d68af72fd in call_init /usr/src/debug/glibc-2.37/elf/dl-init.c:26
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Mon, 27 Mar 2023 07:59:50 +0000 (09:59 +0200)]
s3:libsmb: Fix conflicting declaration/implementation
../../source3/libsmb/clientgen.c:61:19: error: conflicting types for
‘cli_state_create’ due to enum/integer mismatch; have
‘struct cli_state *(TALLOC_CTX *, int, const char *, int
, int)’ {aka ‘struct cli_state *(void *, int, const char *, int,
int)’} [-Werror=enum-int-mismatch]
61 | struct cli_state *cli_state_create(TALLOC_CTX *mem_ctx,
| ^~~~~~~~~~~~~~~~
In file included from ../../source3/libsmb/libsmb.h:28,
from ../../source3/libsmb/clientgen.c:22:
../../source3/libsmb/proto.h:180:19: note: previous declaration of
‘cli_state_create’ with type
‘struct cli_state *(TALLOC_CTX *, int, const char *,
enum smb_signing_setting, int)’ {aka ‘struct cli_state *(void *, int,
const char *, enum smb_signing_setting, int)’}
180 | struct cli_state *cli_state_create(TALLOC_CTX *mem_ctx,
| ^~~~~~~~~~~~~~~~
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Mar 28 10:27:19 UTC 2023 on atb-devel-224
Andreas Schneider [Mon, 27 Mar 2023 07:59:22 +0000 (09:59 +0200)]
s3:libsmb: Remove trailing whitespaces in clientgen.c
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Mon, 27 Mar 2023 09:33:53 +0000 (11:33 +0200)]
examples: Improve comment in smb.conf.default
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Rowland Penny <rpenny@samba.org>
Andreas Schneider [Mon, 27 Mar 2023 09:33:32 +0000 (11:33 +0200)]
examples: Remove trailing whitespaces in smb.conf.default
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Rowland Penny <rpenny@samba.org>
Andreas Schneider [Wed, 22 Mar 2023 09:05:24 +0000 (10:05 +0100)]
examples: Fix code spelling
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Rowland Penny <rpenny@samba.org>
Andreas Schneider [Wed, 22 Mar 2023 09:07:06 +0000 (10:07 +0100)]
examples: Remove trailing whitespaces in mklogon.conf
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Rowland Penny <rpenny@samba.org>
Andreas Schneider [Wed, 22 Mar 2023 08:55:10 +0000 (09:55 +0100)]
examples: Remove trailing whitespaces in ol-schema-migrate.pl
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Rowland Penny <rpenny@samba.org>
Andreas Schneider [Tue, 14 Mar 2023 07:53:49 +0000 (08:53 +0100)]
buildtools: Fix code spelling
Best reviewed with: `git show --word-diff`
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Rowland Penny <rpenny@samba.org>
Andreas Schneider [Tue, 14 Mar 2023 07:50:34 +0000 (08:50 +0100)]
auth: Fix code spelling
Best reviewed with: `git show --word-diff`
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Rowland Penny <rpenny@samba.org>
Andreas Schneider [Tue, 28 Feb 2023 19:41:59 +0000 (20:41 +0100)]
s3:utils: Fix grammar in testparm
Best reviewed with: `git show --word-diff`
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Rowland Penny <rpenny@samba.org>
Pavel Filipenský [Sat, 25 Mar 2023 20:37:38 +0000 (21:37 +0100)]
s3:winbind: Fix wrong string zero termination for empty groups
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Pavel Filipensky <pfilipensky@samba.org>
Autobuild-Date(master): Tue Mar 28 08:36:50 UTC 2023 on atb-devel-224
Andreas Schneider [Wed, 22 Mar 2023 08:45:26 +0000 (09:45 +0100)]
ctdb:utils: Fix code spelling
Best reviewed with: `git show --word-diff`
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Martin Schwenke <mschwenke@ddn.com>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Mar 24 07:57:37 UTC 2023 on atb-devel-224
Andreas Schneider [Wed, 22 Mar 2023 08:45:04 +0000 (09:45 +0100)]
ctdb:utils: Remove trailing whitespaces in scsi_io.c
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Martin Schwenke <mschwenke@ddn.com>
Andreas Schneider [Wed, 22 Mar 2023 08:42:43 +0000 (09:42 +0100)]
ctdb:tool: Fix code spelling
Best reviewed with: `git show --word-diff`
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Martin Schwenke <mschwenke@ddn.com>
Andreas Schneider [Wed, 22 Mar 2023 08:42:10 +0000 (09:42 +0100)]
ctdb:tests: Fix code spelling
Best reviewed with: `git show --word-diff`
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Martin Schwenke <mschwenke@ddn.com>
Andreas Schneider [Wed, 22 Mar 2023 08:40:05 +0000 (09:40 +0100)]
ctdb:tcp: Fix code spelling
Best reviewed with: `git show --word-diff`
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Martin Schwenke <mschwenke@ddn.com>
Andreas Schneider [Wed, 22 Mar 2023 08:36:23 +0000 (09:36 +0100)]
ctdb:server: Fix code spelling
Best reviewed with: `git show --word-diff`
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Martin Schwenke <mschwenke@ddn.com>
Andreas Schneider [Wed, 22 Mar 2023 08:35:55 +0000 (09:35 +0100)]
ctdb:server: Remove trailing whitespaces in ctdb_server.c
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Martin Schwenke <mschwenke@ddn.com>
Andreas Schneider [Wed, 22 Mar 2023 08:33:04 +0000 (09:33 +0100)]
ctdb:server: Remove trailing whitespaces in ctdb_recover.c
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Martin Schwenke <mschwenke@ddn.com>
Andreas Schneider [Wed, 22 Mar 2023 08:29:34 +0000 (09:29 +0100)]
ctdb:include: Fix code spelling
Best reviewed with: `git show --word-diff`
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Martin Schwenke <mschwenke@ddn.com>
Andreas Schneider [Wed, 22 Mar 2023 08:30:31 +0000 (09:30 +0100)]
ctdb:include: Remove trailing whitespaces in ctdb_protocol.h
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Martin Schwenke <mschwenke@ddn.com>
Andreas Schneider [Wed, 22 Mar 2023 08:24:04 +0000 (09:24 +0100)]
ctdb:common: Fix code spelling
Best reviewed with: `git show --word-diff`
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Martin Schwenke <mschwenke@ddn.com>
Andreas Schneider [Wed, 22 Mar 2023 08:22:37 +0000 (09:22 +0100)]
ctdb:client: Fix code spelling
Best reviewed with: `git show --word-diff`
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Martin Schwenke <mschwenke@ddn.com>
Stefan Metzmacher [Thu, 9 Feb 2023 14:04:26 +0000 (15:04 +0100)]
s4:dsdb/extended_dn_out: hide backlinks with DSDB_RMD_FLAG_HIDDEN_BL by default
Backlinks which are not allowed by the schema are hidden by default,
so we already set DSDB_RMD_FLAG_HIDDEN_BL on store, so we have a cheap
way to hide the backlinks.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12967
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Mar 23 08:19:20 UTC 2023 on atb-devel-224
Stefan Metzmacher [Thu, 9 Feb 2023 14:04:26 +0000 (15:04 +0100)]
s4:dsdb/extended_dn_out: use dsdb_dn_val_rmd_flags() instead of dsdb_dn_is_deleted_val()
We now check for DSDB_RMD_FLAG_DELETED, as we'll check for
DSDB_RMD_FLAG_HIDDEN_BL in the next step and it's better to
call dsdb_dn_val_rmd_flags() just once.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12967
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 9 Feb 2023 14:03:58 +0000 (15:03 +0100)]
s4:dsdb/extended_dn_out: make use of the existing have_reveal_control variable
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12967
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 9 Feb 2023 14:02:15 +0000 (15:02 +0100)]
s4:dsdb/objectclass_attrs: allow all backlinks even if not allowed by the schema
This only verifies internals store operations, adding invalid forward
links is already checked in other places.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12967
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 1 Mar 2023 00:10:37 +0000 (01:10 +0100)]
s4:dsdb/repl_meta_data: let replmd_process_backlink() set DSDB_RMD_FLAG_HIDDEN_BL is needed
If we find that the backlink should not be visible on the given objectClass
by default, we now set DSDB_RMD_FLAG_HIDDEN_BL.
We'll evaluate that in the next commits in order to hide the
backlink by default.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12967
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 15 Mar 2023 14:02:29 +0000 (15:02 +0100)]
s4:dsdb/common: rename DSDB_RMD_FLAG_INVISIBLE to DSDB_RMD_FLAG_HIDDEN_BL
DSDB_RMD_FLAG_INVISIBLE was introduced in commit
00b39c70f57882a453a8d2e6b0f1f37fd39a2d2a, but never used.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12967
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Tue, 28 Feb 2023 23:42:53 +0000 (00:42 +0100)]
s4:dsdb/repl_meta_data: let replmd_process_backlink() use the source_dn variable
We first create source_dn as trimmed down copy of bl->forward_dn
and then only use it for debug messages.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12967
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Tue, 28 Feb 2023 23:42:28 +0000 (00:42 +0100)]
s4:dsdb/repl_meta_data: let replmd_process_backlink() use dsdb_module_obj_by_guid()
This will simplify the following changes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12967
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Tue, 28 Feb 2023 23:38:06 +0000 (00:38 +0100)]
s4:dsdb/util: split out dsdb_module_obj_by_guid() from dsdb_module_dn_by_guid()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12967
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 1 Mar 2023 13:06:30 +0000 (14:06 +0100)]
s4:dsdb/repl_meta_data: check replmd_add_backlink() result in replmd_modify_la_add()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12967
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 1 Mar 2023 20:04:56 +0000 (21:04 +0100)]
s3:dsdb/repl_meta_data: fix possible memleak on error in replmd_modify_la_add()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12967
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 1 Mar 2023 10:30:55 +0000 (11:30 +0100)]
s4:dsdb/schema: remember if a backlink attribute is not allowed on class 'top'
Backlink attributes which are not "allowed" in objectClass 'top'
are always possible, but only visible by default based on the
real objectClass.
In order to avoid pay the cost for finding out if a backlink
should be visible or not, we remember a 'bool bl_maybe_invisible'
both on the forward link as well as the backlink dsdb_attribute.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12967
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 15 Mar 2023 11:16:30 +0000 (12:16 +0100)]
s4:dsdb/tests: let a test to demonstrate the behavior of invisible backlinks
msDS-KeyCredentialLink/msDS-KeyCredentialLink-BL are defined as linked attribute pair,
but msDS-KeyCredentialLink-BL is not defined as allowed on any object class definition,
still it's possible to create msDS-KeyCredentialLink attributes.
msDS-KeyPrincipal/msDS-KeyPrincipalBL are also defined as linked attribute pair
and msDS-KeyPrincipalBL is only allowed on object class 'user', but it's possible
to create msDS-KeyPrincipal values pointing to non 'user' objects.
The result is that 'user' objects have a visible msDS-KeyPrincipalBL, but
the others don't have msDS-KeyPrincipalBL visible, by default.
The backlinks are always visible if the backlink attributes are
explicitly requested.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12967
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 15 Mar 2023 11:15:45 +0000 (12:15 +0100)]
s4:dsdb/tests: let linked_attributes.py use a container as testbase
The tests don't require an organizationalUnit as parent object
and it makes it possible to create msDS-KeyCredential objects
within the container in the next step.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12967
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Thu, 23 Mar 2023 01:41:15 +0000 (14:41 +1300)]
script/autobuild: Use logger.debug() for debug messages (visible with --verbose)
Lots of the autobuild.py log outputs are really debugging, so should be
controlled as such.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Thu, 23 Mar 2023 01:39:55 +0000 (14:39 +1300)]
script/autobuild: Use --verbose to control python logger verbosity
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Thu, 23 Mar 2023 01:28:49 +0000 (14:28 +1300)]
script/autobuild: Use python logger to print times on log lines to aid in debugging.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Stefan Metzmacher [Fri, 17 Mar 2023 15:48:26 +0000 (16:48 +0100)]
python:join: run domain adprep as part of join_provision_own_domain()
This is currently unused as we don't support more than one
domain per forest, but it will help it future.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Mar 22 23:05:39 UTC 2023 on atb-devel-224
Stefan Metzmacher [Fri, 17 Mar 2023 15:48:26 +0000 (16:48 +0100)]
python:provision: run adprep as part of provision
With the default of base_schema=2019 we'll adprep to 2016.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 23 Feb 2023 14:05:01 +0000 (15:05 +0100)]
samba-tool: let 'domain provision' to use the 2019 schema by default
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 23 Feb 2023 14:05:01 +0000 (15:05 +0100)]
samba-tool: let 'domain schemaupgrade' to use the 2019 schema by default
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 23 Feb 2023 14:05:01 +0000 (15:05 +0100)]
samba-tool: let 'domain functionalprep' to use functional level 2016 by default
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 23 Feb 2023 14:05:01 +0000 (15:05 +0100)]
samba-tool: allow 'domain level raise' to support level 2016
We don't support anything higher than 2008_R2 in Samba, but
it's possible to run this against a remove server too.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Sat, 18 Mar 2023 15:00:14 +0000 (16:00 +0100)]
python/samba: let get_domain_descriptor() include adprep 2016 ACEs
We need to make sure a new provision as well as dbcheck
--reset-well-known-acls include acls used by adprep 2016,
otherwise we would undo the adprep result.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 23 Feb 2023 14:15:55 +0000 (15:15 +0100)]
domain_update: implement updates 82-89 in order to reach the latest w2016 level
I implemented them by looking at
source4/setup/adprep/WindowsServerDocs/Domain-Wide-Updates.md.unused
and looking at a network capture where a Windows 2022 joins an
Windows 2008R2 domain.
The strange thing is that Windows (tested with server 2022) uses
c81fc9cc-0130-f4d1-b272-
634d74818133 for update 83, while
Domain-Wide-Updates.md and a fresh installation use
c81fc9cc-0130-4fd1-b272-
634d74818133. In order to match a fresh
installation we use
c81fc9cc-0130-4fd1-b272-
634d74818133.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 23 Feb 2023 14:13:09 +0000 (15:13 +0100)]
forest_update: behave more like a Windows 2022 server
It means we apply updates from 11-142 and list
all known updates. It turns out that update 53 is actually
update 54...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Sat, 23 Feb 2019 07:44:05 +0000 (08:44 +0100)]
setup/adprep: import the latest {Domain-Wide,Forest-Wide,Read-Only-Domain-Controller,Schema}-Updates.md
We have Domain-Wide-Updates.md and Read-Only-Domain-Controller-Updates.md only
for completeness, they are not parsed/used yet, so we added .unused in
order to avoid confusion in future.
Initially I tried to go with an ms_domain_updates_markdown.py,
but it is easier to add the current updates by hand to
domain_update.py, which will follow in the next commits.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Sat, 23 Feb 2019 07:44:05 +0000 (08:44 +0100)]
setup/ad-schema: add the latest v1803 and v1903 schema files from Microsoft
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 23 Feb 2023 14:02:29 +0000 (15:02 +0100)]
python/samba: adapt ms_schema[_markdown].py to the latest schema definitions
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 23 Feb 2023 14:02:04 +0000 (15:02 +0100)]
python/samba: adapt ms_forest_updates_markdown.py to the latest Forest-Wide-Updates.md
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Mon, 13 Mar 2023 14:03:39 +0000 (15:03 +0100)]
python/samba: add support for LDB_CHANGETYPE_MODRDN to modify_ldif()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Mon, 13 Mar 2023 13:58:29 +0000 (14:58 +0100)]
lib/ldb: add LDB_CHANGETYPE_MODRDN support to ldb_ldif_to_pyobject()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Mon, 13 Mar 2023 13:56:55 +0000 (14:56 +0100)]
python/samba: add support for LDB_CHANGETYPE_DELETE to modify_ldif()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Mon, 13 Mar 2023 13:55:12 +0000 (14:55 +0100)]
lib/ldb: add LDB_CHANGETYPE_DELETE support to ldb_ldif_to_pyobject()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Mon, 13 Mar 2023 13:42:29 +0000 (14:42 +0100)]
python/samba: let modify_ldif() verify the changetype value
DELETE and MODRDN are not really supported yet.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Mon, 13 Mar 2023 13:35:20 +0000 (14:35 +0100)]
lib/ldb: re-order code in ldb_ldif_to_pyobject()
We don't allow MODRDN and DELETE for now as they
don't work as is anyway. We'll add these in the next steps.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 23 Feb 2023 13:56:39 +0000 (14:56 +0100)]
lib/ldb: let ldb_ldif_parse_modrdn() handle names without 'rdn_name=' prefix
This is needed in order to process schema updates.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
git.samba.org / samba.git / log