Jeremy Allison [Wed, 21 Aug 2019 20:54:52 +0000 (13:54 -0700)]
s3: VFS: vfs_syncops. Remove mknod_fn(). No longer used.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Jeremy Allison [Wed, 21 Aug 2019 20:54:02 +0000 (13:54 -0700)]
s3: VFS: vfs_snapper. Remove mknod_fn(). No longer used.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Jeremy Allison [Wed, 21 Aug 2019 20:53:22 +0000 (13:53 -0700)]
s3: VFS: vfs_shadow_copy2. Remove mknod_fn(). No longer used.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Jeremy Allison [Wed, 21 Aug 2019 20:52:04 +0000 (13:52 -0700)]
s3: VFS: vfs_media_harmony. Remove mknod_fn(). No longer used.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Jeremy Allison [Wed, 21 Aug 2019 20:48:50 +0000 (13:48 -0700)]
s3: VFS: vfs_glusterfs. Remove mknod_fn(). No longer used.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Jeremy Allison [Wed, 21 Aug 2019 20:47:54 +0000 (13:47 -0700)]
s3: VFS: vfs_ceph_snapshots. Remove mknod_fn(). No longer used.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Jeremy Allison [Wed, 21 Aug 2019 20:45:52 +0000 (13:45 -0700)]
s3: VFS: vfs_ceph. Remove mknod_fn(). No longer used.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Jeremy Allison [Wed, 21 Aug 2019 20:45:02 +0000 (13:45 -0700)]
s3: VFS: vfs_cap. Remove mknod_fn(). No longer used.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Jeremy Allison [Wed, 21 Aug 2019 19:15:01 +0000 (12:15 -0700)]
s3: smbd: Make smb_unix_mknod() call SMB_VFS_MKNODAT() instead of SMB_VFS_MKNOD()
Use conn->cwd_fsp as current fsp.
No logic change for now.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Jeremy Allison [Wed, 21 Aug 2019 19:11:44 +0000 (12:11 -0700)]
s3: torture: Change cmd_mknod to call SMB_VFS_MKNODAT().
Use conn->cwd_fsp as current fsp.
No logic change for now.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Jeremy Allison [Wed, 21 Aug 2019 19:09:24 +0000 (12:09 -0700)]
s3: VFS: vfs_time_audit. Implement mknodat().
Currently identical to mknod().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Jeremy Allison [Wed, 21 Aug 2019 18:36:48 +0000 (11:36 -0700)]
s3: VFS: vfs_full_audit. Implement mknodat().
Currently identical to mknod().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Jeremy Allison [Wed, 21 Aug 2019 18:08:27 +0000 (11:08 -0700)]
s3: VFS: vfs_unityed_media. Implement mknodat().
Currently identical to mknod().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Jeremy Allison [Wed, 21 Aug 2019 18:06:17 +0000 (11:06 -0700)]
s3: VFS: vfs_syncops. Implement mknodat().
Currently identical to mknod().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Jeremy Allison [Wed, 21 Aug 2019 18:03:41 +0000 (11:03 -0700)]
s3: VFS: vfs_snapper. Implement mknodat().
Currently identical to mknod().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Jeremy Allison [Tue, 20 Aug 2019 23:57:24 +0000 (16:57 -0700)]
s3: VFS: vfs_shadow_copy2. Implement mknodat().
Currently identical to mknod().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Jeremy Allison [Tue, 20 Aug 2019 23:55:55 +0000 (16:55 -0700)]
s3: VFS: vfs_media_harmony. Implement mknodat().
Currently identical to mknod().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Jeremy Allison [Tue, 20 Aug 2019 23:54:05 +0000 (16:54 -0700)]
s3: VFS: vfs_glusterfs. Implement mknodat().
Currently identical to mknod().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Jeremy Allison [Tue, 20 Aug 2019 23:52:36 +0000 (16:52 -0700)]
3: VFS: vfs_ceph_snapshots. Implement mknodat().
Currently identical to mknod().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Jeremy Allison [Tue, 20 Aug 2019 23:50:57 +0000 (16:50 -0700)]
s3: VFS: vfs_ceph. Implement mknodat().
Currently identical to mknod().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Jeremy Allison [Tue, 20 Aug 2019 23:33:57 +0000 (16:33 -0700)]
s3: VFS: vfs_cap. Implement mknodat().
Currently identical to mknod().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Jeremy Allison [Tue, 20 Aug 2019 23:31:00 +0000 (16:31 -0700)]
s3: VFS: Add SMB_VFS_MKNODAT().
Currently identical to SMB_VFS_MKNOD().
Next, add to all VFS modules that implement
mknod and eventually remove mknod.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Jeremy Allison [Tue, 20 Aug 2019 23:28:18 +0000 (16:28 -0700)]
s3: smbd: Add sys_mknodat() wrapper call.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Jeremy Allison [Wed, 21 Aug 2019 21:38:03 +0000 (14:38 -0700)]
s3: VFS: Remove extraneous enum/struct values for removed SMB_VFS_OP_LINK.
Forgot this in removal of SMB_VFS_LINK() patch previously pushed.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Ralph Wuerthner [Mon, 19 Aug 2019 11:18:23 +0000 (13:18 +0200)]
s3:net: load registry shares too in 'net vfs stream2adouble'
Signed-off-by: Ralph Wuerthner <ralph.wuerthner@de.ibm.com>
Reviewed-by: Ralph Böhme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Aug 22 17:41:20 UTC 2019 on sn-devel-184
Björn Jacke [Thu, 22 Aug 2019 11:51:59 +0000 (13:51 +0200)]
docs-xml: fix problamatic quotes from panic action example
those quotes work for smbd but do not work for the samba binary. Without quotes
it works with both.
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Björn Jacke <bjacke@samba.org>
Autobuild-Date(master): Thu Aug 22 13:46:14 UTC 2019 on sn-devel-184
Björn Jacke [Thu, 4 Jul 2019 18:38:50 +0000 (20:38 +0200)]
python: use os.urandom, which is available in python by definition
os.urandom also uses CSPRNG methods like getrandom() when the underlying OS
provides those.
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Swen Schillig [Mon, 19 Aug 2019 11:09:25 +0000 (13:09 +0200)]
lib: free popt context in texpect
If done with popt context it should be free'd.
Signed-off-by: Swen Schillig <swen@linux.ibm.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Aug 22 01:41:37 UTC 2019 on sn-devel-184
Swen Schillig [Mon, 19 Aug 2019 12:33:33 +0000 (14:33 +0200)]
s4: free popt context in dnsserver
If done with popt context it should be free'd.
Signed-off-by: Swen Schillig <swen@linux.ibm.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Swen Schillig [Mon, 19 Aug 2019 12:31:23 +0000 (14:31 +0200)]
s4: free popt context in utils
If done with popt context it should be free'd.
Signed-off-by: Swen Schillig <swen@linux.ibm.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Swen Schillig [Mon, 19 Aug 2019 12:29:22 +0000 (14:29 +0200)]
s4: free popt context in client
If done with popt context it should be free'd.
Signed-off-by: Swen Schillig <swen@linux.ibm.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Swen Schillig [Mon, 19 Aug 2019 12:18:06 +0000 (14:18 +0200)]
s4: free popt context in torture
If done with popt context it should be free'd.
Signed-off-by: Swen Schillig <swen@linux.ibm.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Swen Schillig [Mon, 19 Aug 2019 12:11:54 +0000 (14:11 +0200)]
rpcclient: free popt context when done
If done with popt context it should be free'd.
Signed-off-by: Swen Schillig <swen@linux.ibm.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Swen Schillig [Mon, 19 Aug 2019 11:29:03 +0000 (13:29 +0200)]
s3: free popt context in utils
If done with popt context it should be free'd.
Signed-off-by: Swen Schillig <swen@linux.ibm.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Swen Schillig [Mon, 5 Aug 2019 09:19:49 +0000 (11:19 +0200)]
torture: fix mem leak found by ASAN (smb2_connect)
Direct leak of 96 byte(s) in 1 object(s) allocated from:
#0 0x7f0b16624c08 in __interceptor_malloc (/lib64/libasan.so.5+0xefc08)
#1 0x7f0b15e4ba5c in __talloc_with_prefix ../../lib/talloc/talloc.c:782
#2 0x7f0b15e4ba5c in __talloc ../../lib/talloc/talloc.c:824
#3 0x7f0b15e4ba5c in _talloc_named_const ../../lib/talloc/talloc.c:981
#4 0x7f0b15e4ba5c in talloc_named_const ../../lib/talloc/talloc.c:1748
#5 0x55ffdd30d591 in torture_smb2_connect ../../source4/torture/smb2/connect.c:199
#6 0x7f0b12723772 in wrap_simple_test ../../lib/torture/torture.c:633
#7 0x7f0b1272775e in internal_torture_run_test ../../lib/torture/torture.c:442
#8 0x7f0b12728543 in torture_run_tcase_restricted ../../lib/torture/torture.c:507
#9 0x7f0b12728dd5 in torture_run_suite_restricted ../../lib/torture/torture.c:357
#10 0x7f0b12729434 in torture_run_suite ../../lib/torture/torture.c:339
#11 0x55ffdd10c54a in run_matching ../../source4/torture/smbtorture.c:93
#12 0x55ffdd10df56 in torture_run_named_tests ../../source4/torture/smbtorture.c:143
#13 0x55ffdd11199d in main ../../source4/torture/smbtorture.c:691
#14 0x7f0b0aa45412 in __libc_start_main (/lib64/libc.so.6+0x24412)
Signed-off-by: Swen Schillig <swen@linux.ibm.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Aug 21 15:42:43 UTC 2019 on sn-devel-184
Martin Schwenke [Tue, 13 Aug 2019 04:45:33 +0000 (14:45 +1000)]
ctdb-tests: Clear deleted record via recovery instead of vacuuming
This test has been flapping because sometimes the record is not
vacuumed within the expected time period, perhaps even because the
check for the record can interfere with vacuuming. However, instead
of waiting for vacuuming the record can be cleared by doing a
recovery. This should be much more reliable.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14085
RN: Fix flapping CTDB tests
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Wed Aug 21 13:06:57 UTC 2019 on sn-devel-184
Martin Schwenke [Wed, 7 Aug 2019 06:58:37 +0000 (16:58 +1000)]
ctdb-tests: Wait for child process when killing cluster mutex helper
The following test sometimes fails:
==================================================
Running "cluster_mutex_test lock-unlock-lock-unlock ./tests/var/cluster_mutex.lockfile"
--------------------------------------------------
Output (Exit status: 134):
--------------------------------------------------
LOCK
UNLOCK
CONTENTION
NOLOCK
cluster_mutex_test: ../../tests/src/cluster_mutex_test.c:307: test_lock_unlock_lock_unlock: Assertion `dl2->mh != NULL' failed.
--------------------------------------------------
Required output (Exit status: 0):
--------------------------------------------------
LOCK
UNLOCK
LOCK
UNLOCK
FAILED
==========================================================================
TEST FAILED: tests/cunit/cluster_mutex_001.sh (status 1) (duration: 0s)
==========================================================================
This is due to a race in the test. For the first UNLOCK a signal is
sent to the cluster mutex handler but the test tries to retake the
lock before that process is scheduled and the signal is processed.
Therefore, the fcntl() lock is still held and contention is seen.
After unlocking, tests need to wait until the child has gone, so build
this into ctdb_kill(). This is one of the only places where the PID
is accessible.
Outside of testing, on a real system, nothing will never try
to (re)take the lock so quickly.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14085
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Mon, 29 Jul 2019 07:22:50 +0000 (17:22 +1000)]
ctdb-tests: Strengthen volatile DB traverse test
Check the record count more often, from multiple nodes. Add a case
with multiple records.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14085
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Wed, 21 Aug 2019 04:35:09 +0000 (14:35 +1000)]
ctdb-recoverd: Only check for LMASTER nodes in the VNN map
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14085
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Mon, 29 Jul 2019 06:45:07 +0000 (16:45 +1000)]
ctdb-tests: Don't retrieve the VNN map from target node for notlmaster
Use the VNN map from the node running node_has_status().
This means that
wait_until_node_has_status 1 notlmaster 10 0
will run "ctdb status" on node 0 and check (for up to 10 seconds) if
node 1 is in the VNN map.
If the LMASTER capability has been dropped on node 1 then the above
will wait for the VNN map to be updated on node 0. This will happen
as part of the recovery that is triggered by the change of LMASTER
capability. The next command will then only be able to attach to
$TESTDB after the recovery is complete thus guaranteeing a sane state
for the test to continue.
This stops simple/79_volatile_db_traverse.sh from going into recovery
during the traverse or at some other inconvenient time.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14085
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Mon, 29 Jul 2019 06:43:09 +0000 (16:43 +1000)]
ctdb-tests: Handle special cases first and return
All the other cases involve matching bits.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14085
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Mon, 29 Jul 2019 05:45:41 +0000 (15:45 +1000)]
ctdb-tests: Inline handling of recovered and notlmaster statuses
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14085
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Mon, 29 Jul 2019 05:40:16 +0000 (15:40 +1000)]
ctdb-tests: Drop unused node statuses frozen/unfrozen
Silently drop unused local variable mpat.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14085
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Mon, 29 Jul 2019 05:31:55 +0000 (15:31 +1000)]
ctdb-tests: Reformat node_has_status()
Re-indent and drop non-POSIX left-parenthesis from case labels.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14085
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Andreas Schneider [Fri, 15 Mar 2019 13:54:13 +0000 (14:54 +0100)]
lib:crypto: Do not build AES-CMAC if we use GnuTLS that supports it
This requires GnuTLS >= 3.6.5.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Aug 21 11:14:11 UTC 2019 on sn-devel-184
Andrew Bartlett [Fri, 16 Aug 2019 03:50:03 +0000 (15:50 +1200)]
libcli/smb: Use gnutls_error_to_ntstatus() in smb2_signing_check_pdu()
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Andreas Schneider [Fri, 15 Mar 2019 15:58:21 +0000 (16:58 +0100)]
libcli:smb: Use GnuTLS AES128 CMAC in smb2_signing_check_pdu()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Fri, 16 Aug 2019 03:47:49 +0000 (15:47 +1200)]
libcli/smb: Use gnutls_error_to_ntstatus() in smb2_signing_sign_pdu()
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Andreas Schneider [Wed, 27 Feb 2019 13:40:30 +0000 (14:40 +0100)]
libcli:smb: Use GnuTLS AES128 CMAC in smb2_signing_sign_pdu()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Adapted by Andrew Bartlett to followup from earlier patch to
allow compile without GnuTLS over the whole series.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Wed, 27 Feb 2019 13:40:07 +0000 (14:40 +0100)]
waf: Check for AES128 CMAC support in GnuTLS
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Tue, 26 Feb 2019 17:11:27 +0000 (18:11 +0100)]
s3:smbd: Use GnuTLS for AES constants
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Adapted to remove Samba AES
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Thu, 14 Mar 2019 09:10:34 +0000 (10:10 +0100)]
s3:smbd: Use smb2_signing_key structure for the decryption key
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Thu, 14 Mar 2019 09:02:27 +0000 (10:02 +0100)]
s3:smbd: Use smb2_signing_key structure for the encryption key
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Thu, 14 Mar 2019 08:48:54 +0000 (09:48 +0100)]
libcli:smb: Use a smb2_signing_key for storing the decryption key
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Thu, 14 Mar 2019 08:34:23 +0000 (09:34 +0100)]
libcli:smb: Use a smb2_signing_key for storing the encryption key
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Thu, 14 Mar 2019 08:26:04 +0000 (09:26 +0100)]
libcli:smb: Add gnutls_aead_cipher_hd_t to smb2_signing_key structure
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Adapted to remove Samba AES support
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Tue, 26 Feb 2019 17:12:57 +0000 (18:12 +0100)]
libcli:smb: Use GnuTLS for AES constants
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Adapted to remove Samba AES support
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Tue, 26 Feb 2019 17:06:46 +0000 (18:06 +0100)]
libcli:smb: Define SMB2_AES_128_CCM_NONCE_SIZE
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Thu, 15 Aug 2019 05:28:30 +0000 (17:28 +1200)]
build: Remove explicit check for HAVE_GNUTLS_AEAD as we require GnuTLS 3.4.7
We strictly require it and if this were to fail we would want the compile to fail.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Andrew Bartlett [Wed, 31 Jul 2019 04:37:00 +0000 (16:37 +1200)]
s4-samdb: Remove duplicate encrypted_secrets code using internal Samba AES
We now rely on GnuTLS 3.4.7 or later.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Andrew Bartlett [Thu, 15 Aug 2019 02:23:35 +0000 (14:23 +1200)]
lib/crypto: Remove unused RC4 code from Samba
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Andrew Bartlett [Fri, 16 Aug 2019 04:08:57 +0000 (16:08 +1200)]
s4-rpc_server/backupkey: consistently check error codes from GnuTLS
This uses the new gnutls_error_to_werror()
This should resolve Coverity
1452111 as forwarded by Volker.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Andrew Bartlett [Wed, 31 Jul 2019 04:13:38 +0000 (16:13 +1200)]
s4-rpc_server: Remove Heimdal-based BackupKey server
We rely on a modern GnuTLS now.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Andrew Bartlett [Thu, 15 Aug 2019 02:25:41 +0000 (14:25 +1200)]
build: Set minimum GnuTLS version at 3.4.7
This will soon be required for encrypted_secrets in the AD DC, the BackupKey server
and SMB2 as we remove use of the internal AES code.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Andreas Schneider [Fri, 15 Mar 2019 13:54:13 +0000 (14:54 +0100)]
lib:crypto: Prepare not to build AES or AES-CMAC if we use GnuTLS support it
Samba will soon require GnuTLS >= 3.4.7.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Adjusted by Andrew Bartlett from an earlier more comprehensive patch by Andreas
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Fri, 16 Aug 2019 03:45:43 +0000 (15:45 +1200)]
auth/gensec: Use gnutls_error_to_ntstatus() in netsec_do_seal()
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Andreas Schneider [Mon, 18 Mar 2019 15:24:54 +0000 (16:24 +0100)]
auth:gensec: Use GnuTLS AES CFB8 in netsec_do_seal()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Fri, 16 Aug 2019 03:43:01 +0000 (15:43 +1200)]
auth/gensec: Use gnutls_error_to_ntstatus() consistently in schannel
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Andreas Schneider [Fri, 1 Mar 2019 16:55:02 +0000 (17:55 +0100)]
auth:gensec: Use GnuTLS AES128 CFB8 in netsec_do_seq_num()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Fri, 16 Aug 2019 02:29:45 +0000 (14:29 +1200)]
auth/credentials: Check NTSTATUS return from netlogon_creds_aes_encrypt()
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Andrew Bartlett [Fri, 16 Aug 2019 02:22:42 +0000 (14:22 +1200)]
s3-librpc: Remove unused init_netr_CryptPassword()
Unused since
38d4dba37406515181e4d6f1a1faffc18e652e27 in 2013
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Andrew Bartlett [Fri, 16 Aug 2019 02:15:45 +0000 (14:15 +1200)]
s4-rpc_server: Check NTSTATUS return value from netlogon_creds_aes_decrypt()
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Andrew Bartlett [Fri, 16 Aug 2019 02:05:38 +0000 (14:05 +1200)]
s3-rpc_server: Check NTSTATUS return value from netlogon_creds_aes_decrypt()
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Andrew Bartlett [Fri, 16 Aug 2019 01:55:49 +0000 (13:55 +1200)]
libcli:auth Check NTSTATUS from netlogon_creds_aes_{en,de}crypt()
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Andrew Bartlett [Fri, 16 Aug 2019 01:52:36 +0000 (13:52 +1200)]
crypto: Update REQUIREMENTS file with new minimum version
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Andrew Bartlett [Fri, 16 Aug 2019 00:34:28 +0000 (12:34 +1200)]
libcli:auth Return NTSTATUS from netlogon_creds_aes_decrypt()
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Andreas Schneider [Mon, 18 Mar 2019 14:13:08 +0000 (15:13 +0100)]
libcli:auth: Use GnuTLS AES128 CFB for netlogon_creds_aes_decrypt()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Wed, 29 May 2019 14:38:09 +0000 (16:38 +0200)]
libcli:auth: Return NTSTATUS for netlogon_creds_aes_encrypt()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Adapted by Andrew Bartlett to use gnutls_error_to_ntstatus()
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Fri, 1 Mar 2019 16:41:11 +0000 (17:41 +0100)]
libcli:auth: Use GnuTLS AES128 CFB for netlogon_creds_aes_encrypt()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Fri, 1 Mar 2019 16:33:01 +0000 (17:33 +0100)]
libcli:auth: Use netlogon_creds_aes_encrypt() in netlogon_creds_step_crypt()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Fri, 1 Mar 2019 16:35:02 +0000 (17:35 +0100)]
waf: Check for GNUTLS AES CFB support
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Tue, 26 Feb 2019 17:33:09 +0000 (18:33 +0100)]
s4:samdb: Only include necessary header files in encrypted_secrets
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Tue, 26 Feb 2019 17:32:34 +0000 (18:32 +0100)]
s4:samdb: Remove dual-stack mode from (test_)encrypted_secrets
Now we either build with GnuTLS or Samba crypto. If a modern GnuTLS
version is detected that will be used and Samba crypto wont be
available.
This removes the dual-stack mode that encrypted with one and decrypted
with the other in the testsuite.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Commit message clarified by Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Thu, 15 Aug 2019 03:27:30 +0000 (15:27 +1200)]
encrypted_secrets: Add known and expected value test
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Andreas Schneider [Mon, 29 Jul 2019 07:21:11 +0000 (09:21 +0200)]
s4:samdb: Add test_gnutls_value_decryption()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Marco Wang [Wed, 14 Aug 2019 06:05:05 +0000 (14:05 +0800)]
s3: net: net_ads: fix a typo in comment
Signed-off-by: Marco Wang <m.aesophor@gmail.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Aug 21 08:39:43 UTC 2019 on sn-devel-184
Swen Schillig [Thu, 15 Aug 2019 12:43:22 +0000 (14:43 +0200)]
talloc: ASAN fix for test_magic_protection
Direct leak of 1152 byte(s) in 1 object(s) allocated from:
#0 0x7f06393dfc08 in __interceptor_malloc (/lib64/libasan.so.5+0xefc08)
#1 0x7f06392cfd59 in __talloc_with_prefix ../../talloc.c:782
#2 0x7f06392cfd59 in _talloc_pool ../../talloc.c:837
#3 0x7f06392cfd59 in talloc_pool ../../talloc.c:859
#4 0x40b83c in test_magic_protection ../../testsuite.c:1960
#5 0x40b83c in torture_local_talloc ../../testsuite.c:2164
#6 0x402603 in main ../../testsuite_main.c:32
#7 0x7f063908a412 in __libc_start_main (/lib64/libc.so.6+0x24412)
Signed-off-by: Swen Schillig <swen@linux.ibm.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Matthias Dieter Wallnöfer <mdw@samba.org>
Swen Schillig [Thu, 15 Aug 2019 12:39:58 +0000 (14:39 +0200)]
talloc: ASAN fix for test_rusty
Direct leak of 100 byte(s) in 1 object(s) allocated from:
#0 0x7f06393dfc08 in __interceptor_malloc (/lib64/libasan.so.5+0xefc08)
#1 0x7f06392d1af3 in __talloc_with_prefix ../../talloc.c:782
#2 0x7f06392d1af3 in __talloc ../../talloc.c:824
#3 0x7f06392d1af3 in __talloc_strlendup ../../talloc.c:2455
#4 0x7f06392d1af3 in talloc_strdup ../../talloc.c:2471
#5 0x40b4f0 in test_rusty ../../testsuite.c:1543
#6 0x40b4f0 in torture_local_talloc ../../testsuite.c:2146
#7 0x402603 in main ../../testsuite_main.c:32
#8 0x7f063908a412 in __libc_start_main (/lib64/libc.so.6+0x24412)
Signed-off-by: Swen Schillig <swen@linux.ibm.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Matthias Dieter Wallnöfer <mdw@samba.org>
Swen Schillig [Thu, 15 Aug 2019 12:36:59 +0000 (14:36 +0200)]
talloc: ASAN fix for test_pool_nest
Direct leak of 96 byte(s) in 1 object(s) allocated from:
#0 0x7f06393dfc08 in __interceptor_malloc (/lib64/libasan.so.5+0xefc08)
#1 0x7f06392d0c45 in __talloc_with_prefix ../../talloc.c:782
#2 0x7f06392d0c45 in __talloc ../../talloc.c:824
#3 0x7f06392d0c45 in _talloc_named_const ../../talloc.c:981
#4 0x7f06392d0c45 in talloc_named_const ../../talloc.c:1748
#5 0x40901e in test_pool_nest ../../testsuite.c:1451
#6 0x40901e in torture_local_talloc ../../testsuite.c:2096
#7 0x402603 in main ../../testsuite_main.c:32
#8 0x7f063908a412 in __libc_start_main (/lib64/libc.so.6+0x24412)
Signed-off-by: Swen Schillig <swen@linux.ibm.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Matthias Dieter Wallnöfer <mdw@samba.org>
Swen Schillig [Thu, 15 Aug 2019 12:33:32 +0000 (14:33 +0200)]
talloc: ASAN fix for test_talloc_free_in_destructor
Indirect leak of 104 byte(s) in 1 object(s) allocated from:
#0 0x7f06393dfc08 in __interceptor_malloc (/lib64/libasan.so.5+0xefc08)
#1 0x7f06392d0c45 in __talloc_with_prefix ../../talloc.c:782
#2 0x7f06392d0c45 in __talloc ../../talloc.c:824
#3 0x7f06392d0c45 in _talloc_named_const ../../talloc.c:981
#4 0x7f06392d0c45 in talloc_named_const ../../talloc.c:1748
#5 0x409edd in test_talloc_free_in_destructor ../../testsuite.c:1256
#6 0x409edd in torture_local_talloc ../../testsuite.c:2138
#7 0x402603 in main ../../testsuite_main.c:32
#8 0x7f063908a412 in __libc_start_main (/lib64/libc.so.6+0x24412)
Signed-off-by: Swen Schillig <swen@linux.ibm.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Matthias Dieter Wallnöfer <mdw@samba.org>
Swen Schillig [Thu, 15 Aug 2019 12:22:46 +0000 (14:22 +0200)]
talloc: ASAN fix for test_realloc_on_destructor_parent
Direct leak of 96 byte(s) in 1 object(s) allocated from:
#0 0x7fd52c00dc08 in __interceptor_malloc (/lib64/libasan.so.5+0xefc08)
#1 0x7fd52befec45 in __talloc_with_prefix ../../talloc.c:782
#2 0x7fd52befec45 in __talloc ../../talloc.c:824
#3 0x7fd52befec45 in _talloc_named_const ../../talloc.c:981
#4 0x7fd52befec45 in talloc_named_const ../../talloc.c:1748
#5 0x4099bd in test_realloc_on_destructor_parent ../../testsuite.c:1000
#6 0x4099bd in torture_local_talloc ../../testsuite.c:2129
#7 0x402603 in main ../../testsuite_main.c:32
#8 0x7fd52bcb8412 in __libc_start_main (/lib64/libc.so.6+0x24412)
Signed-off-by: Swen Schillig <swen@linux.ibm.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Matthias Dieter Wallnöfer <mdw@samba.org>
Jeremy Allison [Fri, 16 Aug 2019 23:40:37 +0000 (16:40 -0700)]
s3: VFS: Complete the replacement of SMB_VFS_LINK() -> SMB_VFS_LINKAT().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Aug 20 22:26:17 UTC 2019 on sn-devel-184
Jeremy Allison [Fri, 16 Aug 2019 23:29:11 +0000 (16:29 -0700)]
s3: VFS: vfs_time_audit. Remove link_fn(). No longer used.
NB, this will now fail smb_vfs_assert_all_fns()
until we remove the rename_fn() from the VFS definitions.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Jeremy Allison [Fri, 16 Aug 2019 23:21:42 +0000 (16:21 -0700)]
s3: VFS: vfs_full_audit. Remove link_fn(). No longer used.
NB, this will now fail smb_vfs_assert_all_fns()
until we remove the rename_fn() from the VFS definitions.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Jeremy Allison [Fri, 16 Aug 2019 23:28:16 +0000 (16:28 -0700)]
s3: VFS: vfs_unityed_media. Remove link_fn(). No longer used.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Jeremy Allison [Fri, 16 Aug 2019 23:27:25 +0000 (16:27 -0700)]
s3: VFS: vfs_syncops. Remove link_fn(). No longer used.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Jeremy Allison [Fri, 16 Aug 2019 23:26:34 +0000 (16:26 -0700)]
s3: VFS: vfs_snapper. Remove link_fn(). No longer used.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Jeremy Allison [Fri, 16 Aug 2019 23:25:37 +0000 (16:25 -0700)]
s3: VFS: vfs_shadow_copy2. Remove link_fn(). No longer used.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Jeremy Allison [Fri, 16 Aug 2019 23:24:53 +0000 (16:24 -0700)]
s3: VFS: vfs_media_harmony. Remove link_fn(). No longer used.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Jeremy Allison [Fri, 16 Aug 2019 23:24:38 +0000 (16:24 -0700)]
s3: VFS: vfs_glusterfs. Remove link_fn(). No longer used.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>