Stefan Metzmacher [Wed, 14 Feb 2024 11:34:48 +0000 (12:34 +0100)]
s4:nbt_server: simulate nmbd and provide unexpected handling
This is needed in order to let nbt_getdc() work against
another AD DC and get back a modern response with
DNS based names. Instead of falling back to
the ugly name_status_find() that simulates just
an NETLOGON_SAM_LOGON_RESPONSE_NT40 response.
This way dsgetdcname() can work with just the netbios
domain name given and still return an active directory
response.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15620
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
796f33c05a0ca337b675b5d4d127f7c53b22528f)
Stefan Metzmacher [Wed, 14 Feb 2024 12:49:21 +0000 (13:49 +0100)]
s4:libcli/dgram: add nbt_dgram_send_raw() to send raw blobs
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15620
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
bfb10774b65af65f9c438a5d3e87529b1fcf46a1)
Stefan Metzmacher [Thu, 15 Feb 2024 16:47:45 +0000 (17:47 +0100)]
s4:libcli/dgram: make use of socket_address_copy()
This avoids talloc_reference...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15620
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
77f4f1c7dbaa2bb04d59d908923f6d11fd514da2)
Stefan Metzmacher [Thu, 15 Feb 2024 15:42:16 +0000 (16:42 +0100)]
s4:libcli/dgram: let the generic incoming handler also get unexpected mailslot messages
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15620
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
11861bcfc3054894bc445e631ae03befb4865db8)
Stefan Metzmacher [Thu, 15 Feb 2024 16:47:13 +0000 (17:47 +0100)]
libcli/nbt: add nbt_name_send_raw()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15620
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
cca373b806e01fc57bd5316d3f8a17578b4b6531)
Stefan Metzmacher [Thu, 15 Feb 2024 16:29:46 +0000 (17:29 +0100)]
s3:libsmb/dsgetdcname: use NETLOGON_NT_VERSION_AVOID_NT4EMUL
In 2024 we always want an active directory response...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15620
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
2b66663c75cdb3bc1b6bc5b1736dd9d35b094b42)
Stefan Metzmacher [Wed, 14 Feb 2024 10:38:19 +0000 (11:38 +0100)]
s3:libsmb/unexpected: pass nmbd_socket_dir from the callers of nb_packet_{server_create,reader_send}()
This will allow source4/nbt_server to make use of
nb_packet_server_create().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15620
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
696505a1efbcc9803a287d8c267fed9d04bf8885)
Stefan Metzmacher [Wed, 14 Feb 2024 12:49:43 +0000 (13:49 +0100)]
s3:libsmb/unexpected: don't use talloc_tos() in async code
It's not needed and it requires the caller to setup a
stackframe...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15620
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
f90cf0822d6e66426d72f92bd585119066e2a9c3)
Stefan Metzmacher [Thu, 15 Feb 2024 15:37:34 +0000 (16:37 +0100)]
s3:wscript: LIBNMB requires lp_ functions
We need to make this explicit in order to let LIBNMB be used
in source4 code.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15620
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
011f68ae5ddc3fae8b453744aeb95766d885915e)
Stefan Metzmacher [Thu, 15 Feb 2024 15:53:29 +0000 (16:53 +0100)]
s3:include: split out fstring.h
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15620
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
105247c90007474947e2314b63be72fb21f09811)
Stefan Metzmacher [Wed, 14 Feb 2024 13:15:47 +0000 (14:15 +0100)]
s3:include: let nameserv.h be useable on its own
A lot of stuff is private to nmbd and can
be moved from nameserv.h.
This allows move required types from smb.h to
nameserv.h, so that this can be standalone.
Including it from smb.h is not a huge problem
as nmbd internals are gone from nameserv.h.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15620
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
7f96c21029e3b94d38bd871c79cabf872ad77fae)
Stefan Metzmacher [Fri, 15 Oct 2021 01:34:11 +0000 (03:34 +0200)]
s3:libads: avoid changing ADS->server.workgroup
ads_find_dc() uses c_domain = ads->server.workgroup and
don't expect it to get out of scope deep in resolve_and_ping_dns().
The result are corrupted domain values in the debug output.
Valgrind shows this:
Invalid read of size 1
at 0x483EF46: strlen (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
by 0x608BE94: __vfprintf_internal (vfprintf-internal.c:1688)
by 0x609ED49: __vasprintf_internal (vasprintf.c:57)
by 0x5D2EC0F: __dbgtext_va (debug.c:1860)
by 0x5D2ED3F: dbgtext (debug.c:1881)
by 0x4BFFB50: ads_find_dc (ldap.c:570)
by 0x4C001F4: ads_connect (ldap.c:704)
by 0x4C1DC12: ads_dc_name (namequery_dc.c:84)
Address 0xb69f6f0 is 0 bytes inside a block of size 11 free'd
at 0x483CA3F: free (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
by 0x4BFF0AF: ads_try_connect (ldap.c:299)
by 0x4BFF40E: cldap_ping_list (ldap.c:367)
by 0x4BFF75F: resolve_and_ping_dns (ldap.c:468)
by 0x4BFFA91: ads_find_dc (ldap.c:556)
by 0x4C001F4: ads_connect (ldap.c:704)
by 0x4C1DC12: ads_dc_name (namequery_dc.c:84)
Block was alloc'd at
at 0x483B7F3: malloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
by 0x60B250E: strdup (strdup.c:42)
by 0x4FF1492: smb_xstrdup (util.c:743)
by 0x4C10E62: ads_init (ads_struct.c:148)
by 0x4C1DB68: ads_dc_name (namequery_dc.c:73)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14981
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
ca859e55d28f421196bc2660cfa84595ec5b57c6)
Stefan Metzmacher [Tue, 7 May 2024 14:53:24 +0000 (14:53 +0000)]
s3:libsmb: allow store_cldap_reply() to work with a ipv6 response
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15642
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri May 10 01:35:18 UTC 2024 on atb-devel-224
(cherry picked from commit
712ffbffc03c7dcd551c1e22815ebe7c0b9b45d2)
Stefan Metzmacher [Tue, 6 Feb 2024 20:09:58 +0000 (21:09 +0100)]
s4:dsdb/repl: let drepl_out_helpers.c always go via dreplsrv_out_drsuapi_send()
I have customer backtraces showing that 'drsuapi' is NULL in
dreplsrv_op_pull_source_get_changes_trigger() called from the
WERR_DS_DRA_SCHEMA_MISMATCH retry case of
dreplsrv_op_pull_source_apply_changes_trigger(), while 'drsuapi' was
a valid pointer there.
From reading the code I don't understand how this can happen,
but it does very often on RODCs. And this fix prevents the problem.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15573
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
83030780285290ecf64b57c1744634379b68ea01)
Stefan Metzmacher [Mon, 3 Jul 2023 13:14:38 +0000 (15:14 +0200)]
s3:utils: let smbstatus report anonymous signing/encryption explicitly
We should mark sessions/tcons with anonymous encryption or signing
in a special way, as the value of it is void, all based on a
session key with 16 zero bytes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15412
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu May 23 13:37:09 UTC 2024 on atb-devel-224
(cherry picked from commit
5a54c9b28abb1464c84cb4be15a49718d8ae6795)
Stefan Metzmacher [Fri, 30 Jun 2023 16:05:51 +0000 (18:05 +0200)]
s3:smbd: allow anonymous encryption after one authenticated session setup
I have captures where a client tries smb3 encryption on an anonymous session,
we used to allow that before commit
da7dcc443f45d07d9963df9daae458fbdd991a47
was released with samba-4.15.0rc1.
Testing against Windows Server 2022 revealed that anonymous signing is always
allowed (with the session key derived from 16 zero bytes) and
anonymous encryption is allowed after one authenticated session setup on
the tcp connection.
https://bugzilla.samba.org/show_bug.cgi?id=15412
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
f3ddfb828e66738ca461c3284c423defb774547c)
Stefan Metzmacher [Mon, 3 Jul 2023 13:12:38 +0000 (15:12 +0200)]
s3:utils: let smbstatus also report partial tcon signing/encryption
We already do that for sessions and also for the json output,
but it was missing in the non-json output for tcons.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15412
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
551756abd2c9e4922075bc3037db645355542363)
Stefan Metzmacher [Mon, 3 Jul 2023 13:12:38 +0000 (15:12 +0200)]
s3:utils: let smbstatus also report AES-256 encryption types for tcons
We already do that for sessions.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15412
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
8119fd6d6a49b869bd9e8ff653b500e194b070de)
Stefan Metzmacher [Mon, 3 Jul 2023 13:10:08 +0000 (15:10 +0200)]
s3:utils: let connections_forall_read() report if the session was authenticated
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15412
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
5089d8550640f72b1e0373f8ac321378ccaa8bd5)
Stefan Metzmacher [Mon, 3 Jul 2023 13:08:31 +0000 (15:08 +0200)]
s3:lib: let sessionid_traverse_read() report if the session was authenticated
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15412
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
596a10d1079f5c4a954108c81efc862c22a11f28)
Stefan Metzmacher [Mon, 3 Jul 2023 13:05:59 +0000 (15:05 +0200)]
s3:utils: remove unused signing_flags in connections_forall()
We never use the signing flags from the session, as the tcon
has its own signing flags.
https://bugzilla.samba.org/show_bug.cgi?id=15412
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
a9f84593f44f15a19c4cdde1e7ad53cd5e03b4d9)
Stefan Metzmacher [Wed, 15 May 2024 08:02:00 +0000 (10:02 +0200)]
s4:torture/smb2: add smb2.session.anon-{encryption{1,2,},signing{1,2}}
These demonstrate how anonymous encryption and signing work.
They pass against Windows 2022 as ad dc.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15412
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
6c5781b5f154857f1454f41133687fba8c4c9df9)
Stefan Metzmacher [Wed, 15 May 2024 08:51:42 +0000 (10:51 +0200)]
s4:libcli/smb2: add hack to test anonymous signing and encryption
This will be used in torture tests.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15412
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
6a89615d78119c0bff2fb07bd0c62e4c31ea8441)
Stefan Metzmacher [Tue, 14 May 2024 16:21:33 +0000 (18:21 +0200)]
smbXcli_base: add hacks to test anonymous signing and encryption
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15412
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
14d6e2672126adee85997dc3d3c64607c987e8b9)
Stefan Metzmacher [Wed, 8 May 2024 16:03:54 +0000 (18:03 +0200)]
tests/ntacls: unblock failing gitlab pipelines because test_setntacl_forcenative
This expects PermissionError: [Errno 1] Operation not permitted,
but it seems that setxattr() for security.NTACL works on gitlab
runners without being root.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
237d9d0228cfed6d2e08b41b888d30aac5ab89e3)
Stefan Metzmacher [Wed, 8 May 2024 14:12:06 +0000 (16:12 +0200)]
.gitlab-ci-main.yml: debug kernel details of the current runner
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
380d9c5a7392741ff2134ef1e83df45a29293db3)
Andrew Bartlett [Tue, 7 May 2024 10:32:08 +0000 (22:32 +1200)]
.gitlab-ci: Remove tags no longer provided by gitlab.com
GitLab.com removed a number of tags from their hosted
runners and this meant our CI was being redirected to
our private runners at a larger cost to the Samba Team.
The new infrastructure is much larger than when we last
selected runners so we can just use the default, even for
the code coverage build.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15638
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue May 7 13:40:55 UTC 2024 on atb-devel-224
(cherry picked from commit
d58a72c572f63619111f43f6ea39ff84ae0df16e)
Jule Anger [Wed, 8 May 2024 08:00:33 +0000 (10:00 +0200)]
VERSION: Bump version up to Samba 4.20.2...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Jule Anger <janger@samba.org>
Jule Anger [Wed, 8 May 2024 08:00:17 +0000 (10:00 +0200)]
VERSION: Disable GIT_SNAPSHOT for the 4.20.1 release.
Signed-off-by: Jule Anger <janger@samba.org>
Jule Anger [Wed, 8 May 2024 07:59:43 +0000 (09:59 +0200)]
WHATSNEW: Add release notes for Samba 4.20.1.
Signed-off-by: Jule Anger <janger@samba.org>
Anna Popova [Fri, 12 Apr 2024 14:32:37 +0000 (17:32 +0300)]
s3:utils: Fix Inherit-Only flag being automatically propagated to children
Inherit-only flag applies only to the container it was set to and it
shouldn't be automatically propagated to children.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15636
Signed-off-by: Anna Popova <popova.anna235@gmail.com>
Reviewed-by: Noel Power <noel.power@suse.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Mon Apr 29 10:56:48 UTC 2024 on atb-devel-224
(cherry picked from commit
80159018e411c643fbfe7ef82bd33e30b6147901)
Autobuild-User(v4-20-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-20-test): Tue May 7 08:52:48 UTC 2024 on atb-devel-224
yuzu367 [Thu, 11 Apr 2024 08:31:07 +0000 (11:31 +0300)]
python/samba/tests/blackbox: Add tests for Inherit-only flag propagation
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15636
Signed-off-by: Anna Popova <popova.anna235@gmail.com>
Reviewed-by: Noel Power <noel.power@suse.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
eba2bfde347041a395f0fbd3c57235be63b1890d)
Pavel Filipenský [Thu, 14 Mar 2024 14:24:21 +0000 (15:24 +0100)]
tests: Add a test for "all_groups=no" to test_idmap_ad.sh
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15605
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Pavel Filipensky <pfilipensky@samba.org>
Autobuild-Date(master): Tue Apr 2 13:25:39 UTC 2024 on atb-devel-224
(cherry picked from commit
f8b72aa1f72881989990fabc9f4888968bb81967)
Autobuild-User(v4-20-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-20-test): Wed Apr 17 14:38:42 UTC 2024 on atb-devel-224
Pavel Filipenský [Mon, 25 Mar 2024 21:38:18 +0000 (22:38 +0100)]
selftest: Add "winbind expand groups = 1" to setup_ad_member_idmap_ad
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15605
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
2dab3a331b5511b4f2253f2b3b4513db7e52ea9a)
Pavel Filipenský [Tue, 12 Mar 2024 12:20:24 +0000 (13:20 +0100)]
s3:winbindd: Improve performance of lookup_groupmem() in idmap_ad
The LDAP query of lookup_groupmem() returns all group members from AD
even those with missing uidNumber. Such group members are useless in
UNIX environment for idmap_ad backend since there is no uid mapping.
'test_user' is member of group "Domanin Users" with 200K members,
only 20K members have set uidNumber.
Without this fix:
$ time id test_user
real 1m5.946s
user 0m0.019s
sys 0m0.012s
With this fix:
$ time id test_user
real 0m3.544s
user 0m0.004s
sys 0m0.007s
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15605
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
5d475d26a3d545f04791a04e85a06b8b192e3fcf)
Pavel Filipenský [Wed, 13 Mar 2024 12:55:41 +0000 (13:55 +0100)]
docs-xml: Add parameter all_groupmem to idmap_ad
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15605
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
a485d9de2f2d6a9815dcac6addb988a8987e111c)
Alexander Bokovoy [Thu, 22 Jun 2023 06:56:12 +0000 (09:56 +0300)]
Do not fail checksums for RFC8009 types
While Active Directory does not support yet RFC 8009 encryption and
checksum types, it is possible to verify these checksums when running
with both MIT Kerberos and Heimdal Kerberos. This matters for FreeIPA
domain controller which uses them by default.
[2023/06/16 21:51:04.923873, 10, pid=51149, effective(0, 0), real(0, 0)]
../../lib/krb5_wrap/krb5_samba.c:1496(smb_krb5_kt_open_relative)
smb_krb5_open_keytab: resolving: FILE:/etc/samba/samba.keytab
[2023/06/16 21:51:04.924196, 2, pid=51149, effective(0, 0), real(0, 0),
class=auth] ../../auth/kerberos/kerberos_pac.c:66(check_pac_checksum)
check_pac_checksum: Checksum Type 20 is not supported
[2023/06/16 21:51:04.924228, 5, pid=51149, effective(0, 0), real(0, 0),
class=auth] ../../auth/kerberos/kerberos_pac.c:353(kerberos_decode_pac)
PAC Decode: Failed to verify the service signature: Invalid argument
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15635
Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
8e931fce126e8c1128da893c806702731c08758a)
Autobuild-User(v4-20-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-20-test): Tue Apr 16 12:24:55 UTC 2024 on atb-devel-224
Douglas Bagnall [Wed, 10 Apr 2024 23:52:14 +0000 (11:52 +1200)]
s4:dns_server: less noisy, more informative debug messages
This shouldn't have been DBG_ERR, and it might as well say something
about the tombstone.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15630
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Apr 12 15:18:05 UTC 2024 on atb-devel-224
(cherry picked from commit
dde973d170e479632d1a411279f4f0fad6608539)
Andreas Schneider [Mon, 4 Mar 2024 09:58:23 +0000 (10:58 +0100)]
packaging: Provide a systemd service file for samba-bgqd
There might be scenarios where the background queue daemon should be
running all the time instead of being started on demand. This makes
especially sense for bigger printing servers with a lot of printers. It
takes ~1 sec to get a printer from cups, so a print server with 100
printers needs 100 seconds to update the printer_list.tdb. The service
will be killed because of idle in the meantime.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15600
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit
c97071726e163b40f0e391af70e81b3e6c1ab0eb)
Noel Power [Thu, 28 Mar 2024 10:48:58 +0000 (10:48 +0000)]
libcli/http: Detect unsupported Transfer-encoding type
Also removes knownfail for test that now passes
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15611
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
a18c53a9b98e2e8dea08cf0ef08efc59e58ec137)
Autobuild-User(v4-20-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-20-test): Thu Apr 11 12:24:08 UTC 2024 on atb-devel-224
Noel Power [Thu, 28 Mar 2024 09:16:33 +0000 (09:16 +0000)]
selftest: Add new test for testing non-chunk transfer encoding
And add a known fail because there is a bug :-(
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15611
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
93709d31590d4ca25fbac813b9e499755b81ddb5)
Noel Power [Thu, 28 Mar 2024 09:09:02 +0000 (09:09 +0000)]
selftest: fix potential reference before assigned error
This would only happen if the test failed (but the message would be
incorrect as 'e' the exception to be stringified doesn't exist.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15611
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
efdbf0511e0a89f865210170001fbebf17a45278)
Noel Power [Mon, 25 Mar 2024 19:44:10 +0000 (19:44 +0000)]
libcli/http: Handle http chunked transfer encoding
Also removes the knownfail for the chunked transfer test
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15611
(cherry picked from commit
03240c91fb6ffcf5afe47c14a1ba7a8bc12f2348)
Noel Power [Thu, 23 Sep 2021 11:18:22 +0000 (12:18 +0100)]
tests: add test for chunked encoding with http cli library
Adds http test client to excercise the http client library
and a blackbox test to run the client. This client is built
only with selftest
also adds a knownfail for the test
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15611
(cherry picked from commit
30acd609f560352d3edb0c931b9a864110025b2c)
Noel Power [Fri, 22 Mar 2024 08:55:49 +0000 (08:55 +0000)]
libcli/http: Optimise reading for content-length
Instead of reading byte-by-byte we know the content length we
want to read so lets use it.
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15611
(cherry picked from commit
5f03d84e3b52bf5a31a0f885cb83bdcb48ec96f7)
Noel Power [Mon, 25 Mar 2024 16:25:55 +0000 (16:25 +0000)]
selftest: Add basic content-lenght http tests
very simple test of basic http request/response plus some checks to
ensure http response doesn't exceed the response max length set by
the client call.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15611
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
74cdebeae3d1bc35eea96b51b9491f6c52844b10)
Noel Power [Mon, 25 Mar 2024 19:21:54 +0000 (19:21 +0000)]
Add simple http_client for use in black box tests (in following commits)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15611
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
cd6c075476c820b4fe8bdc10a24d8fc8ac74e9c9)
Jule Anger [Wed, 27 Mar 2024 16:13:13 +0000 (17:13 +0100)]
VERSION: Bump version up to Samba 4.20.1...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Jule Anger <janger@samba.org>
Jule Anger [Wed, 27 Mar 2024 16:12:54 +0000 (17:12 +0100)]
VERSION: Disable GIT_SNAPSHOT for the 4.20.0 release.
Signed-off-by: Jule Anger <janger@samba.org>
Jule Anger [Wed, 27 Mar 2024 16:10:58 +0000 (17:10 +0100)]
WHATSNEW: Add release notes for Samba 4.20.0.
Signed-off-by: Jule Anger <janger@samba.org>
Björn Jacke [Wed, 24 Jan 2024 23:46:38 +0000 (00:46 +0100)]
Revert "token_util.c: prefer capabilities over become_root"
This reverts commit
944cb51506a94084d7ab52ee044fe6f66e1aaeb9.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15583
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Mar 27 10:47:23 UTC 2024 on atb-devel-224
(cherry picked from commit
0dec2ef188a93504da873d927ca2b26f8c491fb8)
Autobuild-User(v4-20-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-20-test): Wed Mar 27 16:51:00 UTC 2024 on atb-devel-224
Björn Jacke [Mon, 25 Mar 2024 16:04:45 +0000 (17:04 +0100)]
Revert "dosmode.c: prefer use of capabilities at two places over become_root"
This reverts commit
c1e2fbb1b9a7551becf5caa0f08d434edf9ad862.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15583
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
32aa11e9b570ce1c0bec889b699bc4897c9d9843)
Björn Jacke [Mon, 25 Mar 2024 16:04:23 +0000 (17:04 +0100)]
Revert "nfs4_acls.c: prefer capabilities over become_root"
This reverts commit
06e5c1e32ea7907523cc19f021225e7541e2075f.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15583
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
33e88911ee7a8974d52021632ca25c1ddfcb6f45)
Björn Jacke [Mon, 25 Mar 2024 16:04:17 +0000 (17:04 +0100)]
Revert "vfs_acl_common.c: prefer capabilities over become_root"
This reverts commit
12734848dc9901b932644139aaa7e3f78e55c8dc.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15583
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
af7b930e2bfe2275cee14dc2154f2aea8875fa63)
Björn Jacke [Mon, 25 Mar 2024 16:03:57 +0000 (17:03 +0100)]
Revert "vfs_default.c: prefer capabilities over become_root"
This reverts commit
62464bd2db2a95b1253364f4493bbb6770b73193.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15583
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
52ad635b2705bcfc8166bd90b1ad35ebb9cbc986)
Björn Jacke [Mon, 25 Mar 2024 16:03:50 +0000 (17:03 +0100)]
Revert "vfs_posix_eadb.c: prefer capabilities over become_root"
This reverts commit
92278418dc885ed411f545e73c800ce93f858090.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15583
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
10c7a3e47c62dcb1dfe7e384960d60cafcb9e44e)
Björn Jacke [Mon, 25 Mar 2024 16:03:44 +0000 (17:03 +0100)]
Revert "vfs_recycle.c: prefer capabilities over become_root"
This reverts commit
4227b011f6ada97a4cd72a440ed887ffdb3f219e.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15583
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
7f19afbd40d3ad3c8d186d0a2a64d07a2a8bd00a)
Björn Jacke [Mon, 25 Mar 2024 16:03:35 +0000 (17:03 +0100)]
Revert "open.c: prefer capabilities over become_root"
This reverts commit
b250f25fe407f9a6269b804382de4854501f2d86.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15583
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
88eb58af6783ad23d2e2b602ee9fdbbdf556b354)
Björn Jacke [Mon, 25 Mar 2024 16:03:28 +0000 (17:03 +0100)]
Revert "posix_acls.c: prefer capabilities over become_root"
This reverts commit
1edf9ecaf56f3312e199e633bff0804243042e33.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15583
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
87479544381e103ee2b1def574a5865a3f6a93d9)
Björn Jacke [Mon, 25 Mar 2024 16:03:14 +0000 (17:03 +0100)]
Revert "dosmode: prefer capabilities over become_root"
This reverts commit
5e925f9755fad180863861157aa7548d83dd3fde.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15583
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
58ea952fd0c716f94b1b79b8ed1829bb72732ccc)
Noel Power [Tue, 20 Feb 2024 09:26:29 +0000 (09:26 +0000)]
s3/smbd: If we fail to close file_handle ensure we should reset the fd
if fsp_flags.fstat_before_close == true then close_file_smb will call
vfs_stat which can fail. If it does fail then the fd associated
with the file handle will still be set (and we will hit an assert
is the file handle destructor) when calling file_free.
We need to set fd to -1 to avoid that. To achieve that we capture and
return the vfs_stat_fsp failure status while still processing the rest
of the fd_close logic.
[2024/02/20 09:23:48.454671, 0, pid=9744] ../../source3/smbd/smb2_close.c:226(smbd_smb2_close)
smbd_smb2_close: close_file[]: NT_STATUS_ACCESS_DENIED
[2024/02/20 09:23:48.454757, 0, pid=9744] ../../source3/smbd/fd_handle.c:40(fd_handle_destructor)
PANIC: assert failed at ../../source3/smbd/fd_handle.c(40): (fh->fd == -1) || (fh->fd == AT_FDCWD)
[2024/02/20 09:23:48.454781, 0, pid=9744] ../../lib/util/fault.c:178(smb_panic_log)
===============================================================
[2024/02/20 09:23:48.454804, 0, pid=9744] ../../lib/util/fault.c:185(smb_panic_log)
INTERNAL ERROR: assert failed: (fh->fd == -1) || (fh->fd == AT_FDCWD) in smbd (smbd[192.168.10) (client [192.168.100.15]) pid 9744 (4.21.0pre1-DEVELOPERBUILD)
[2024/02/20 09:23:48.454844, 0, pid=9744] ../../lib/util/fault.c:190(smb_panic_log)
If you are running a recent Samba version, and if you think this problem is not yet fixed in the latest versions, please consider reporting this bug, see https://wiki.samba.org/index.php/Bug_Reporting
[2024/02/20 09:23:48.454869, 0, pid=9744] ../../lib/util/fault.c:191(smb_panic_log)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15527
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Wed Mar 13 10:34:45 UTC 2024 on atb-devel-224
(cherry picked from commit
6ee3f809a54d7b833ff798e68a93ada00a215d4d)
Autobuild-User(v4-20-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-20-test): Wed Mar 27 15:41:37 UTC 2024 on atb-devel-224
Ralph Boehme [Mon, 5 Feb 2024 14:03:48 +0000 (15:03 +0100)]
smbd: simplify handling of failing fstat() after unlinking file
close_remove_share_mode() already called vfs_stat_fsp(), so we can skip the
fstat() triggered in fd_close() by fsp->fsp_flags.fstat_before_close being true.
This avoids getting an EACCESS error when doing an fstat() on the removed file
which seems to happen with some FUSE filesystems.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15527
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
6e6324cff29089a636823786183222a73fe7cb28)
Douglas Bagnall [Fri, 22 Mar 2024 19:27:41 +0000 (08:27 +1300)]
ndr: always attempt ACE coda pull if ACE type suggests a coda
We were skipping the pull in cases where the coda size was calculated
to be zero. This has the right result for empty conditional ACEs, but
not for Resource Attribute ACEs where the
CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1 coda was not intialised.
The situation is made a bit worse, because the function that
calculates the coda size (ndr_subcontext_size_of_ace_coda()) can
return zero in conditions that are not exactly errors, but in which
the would-be calculated value makes so little sense that zero is
thought to be a safer default.
Credit to OSS-Fuzz.
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=66577
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15613
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Mar 25 06:00:21 UTC 2024 on atb-devel-224
(cherry picked from commit
6fb98f70c6274e172787c8d5f73aa93920171e7c)
Autobuild-User(v4-20-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-20-test): Tue Mar 26 11:17:58 UTC 2024 on atb-devel-224
Jo Sutton [Tue, 2 May 2023 03:42:24 +0000 (15:42 +1200)]
tests/krb5: Add tests for AllowedToAuthenticateTo with an AS-REQ
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15607
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Mar 21 04:19:18 UTC 2024 on atb-devel-224
(cherry picked from commit
4f0ed9b00389fa641a423b88ab5462b32dd7bbca)
Autobuild-User(v4-20-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-20-test): Fri Mar 22 11:06:51 UTC 2024 on atb-devel-224
Douglas Bagnall [Sun, 17 Mar 2024 10:08:23 +0000 (23:08 +1300)]
libcli/security: check again for NULL values
BUG: https://bugzilla.samba.org/show_bug.cgi?id=156067
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Mar 18 02:51:08 UTC 2024 on atb-devel-224
(cherry picked from commit
b815abe77991d7929717ea3ed4b9d7bef7179715)
Autobuild-User(v4-20-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-20-test): Wed Mar 20 12:03:45 UTC 2024 on atb-devel-224
Douglas Bagnall [Sun, 17 Mar 2024 10:07:17 +0000 (23:07 +1300)]
libcli/security: claims_conversions: check for NULL in claims array
If by mistake we end up with a NULL in our array of claims pointers,
it is better to return an error than crash.
There can be NULLs in the array if a resource attribute ACE has a
claim that uses 0 as a relative data pointer. Samba assumes this means
a NULL pointer, rather than a zero offset.
Credit to OSS-Fuzz.
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=66777
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15606
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
78f728063a1e510966a45f7f1d9515ea3bd16214)
Stefan Metzmacher [Fri, 15 Mar 2024 22:17:36 +0000 (23:17 +0100)]
WHATSNEW: announce Service Witness Protocol [MS-SWN] and related options
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Autobuild-User(v4-20-test): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(v4-20-test): Tue Mar 19 13:30:31 UTC 2024 on atb-devel-224
Andreas Schneider [Tue, 5 Mar 2024 12:17:19 +0000 (13:17 +0100)]
libgpo: Do not segfault if we don't have a valid security descriptor
Program received signal SIGSEGV, Segmentation fault.
ndr_push_security_descriptor (ndr=ndr@entry=0x555555bf41b0, ndr_flags=ndr_flags@entry=768, r=r@entry=0x0) at librpc/gen_ndr/ndr_security.c:713
713 NDR_CHECK(ndr_push_security_descriptor_revision(ndr, NDR_SCALARS, r->revision));
Thread 1 (Thread 0x7ffff7ece740 (LWP 21460) "python3"):
#0 ndr_push_security_descriptor (ndr=ndr@entry=0x555555bf41b0, ndr_flags=ndr_flags@entry=768, r=r@entry=0x0) at librpc/gen_ndr/ndr_security.c:713
_flags_save_STRUCT = 0
_status = <optimized out>
_status = <optimized out>
_status = <optimized out>
_status = <optimized out>
_status = <optimized out>
_status = <optimized out>
_status = <optimized out>
_status = <optimized out>
_status = <optimized out>
_status = <optimized out>
_status = <optimized out>
_status = <optimized out>
_status = <optimized out>
_status = <optimized out>
_status = <optimized out>
_status = <optimized out>
_status = <optimized out>
_status = <optimized out>
_status = <optimized out>
_status = <optimized out>
__FUNCTION__ = "ndr_push_security_descriptor"
#1 0x00007ffff617237f in ndr_push_struct_blob (blob=blob@entry=0x7fffffffdb20, mem_ctx=0x555555aa3bd0, p=0x0, fn=0x7ffff6074ad0 <ndr_push_security_descriptor>, fn@entry=0x7ffff60706c8 <ndr_push_security_descriptor@plt>) at ../../librpc/ndr/ndr.c:1438
_status = <optimized out>
ndr = 0x555555bf41b0
#2 0x00007ffff607cccf in marshall_sec_desc (mem_ctx=<optimized out>, secdesc=<optimized out>, data=data@entry=0x7fffffffdb80, len=len@entry=0x7fffffffdb78) at ../../libcli/security/secdesc.c:241
blob = {data = 0x7fffffffdb40 "`\333\377\377\377\177", length =
140737352374299}
ndr_err = <optimized out>
__FUNCTION__ = "marshall_sec_desc"
#3 0x00007ffff29edd94 in GPO_marshall_get_sec_desc_buf (self=<optimized out>, args=<optimized out>, kwds=<optimized out>) at ../../libgpo/pygpo.c:119
gpo_ptr = <optimized out>
status = <optimized out>
data = 0x0
len = 0
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15599
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>
(cherry picked from commit
b13d4359f2f16e391763d1dc6a5718def973fabb)
Autobuild-User(v4-20-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-20-test): Fri Mar 15 10:29:54 UTC 2024 on atb-devel-224
Andreas Schneider [Mon, 4 Mar 2024 15:42:38 +0000 (16:42 +0100)]
libgpo: Fix trailing spaces in pygpo.c
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>
(cherry picked from commit
6fb86a0fa62d93c1c84c2000f01c381a9e8217e1)
Jule Anger [Mon, 11 Mar 2024 14:54:24 +0000 (15:54 +0100)]
VERSION: Bump version up to Samba 4.20.0rc5...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Jule Anger <janger@samba.org>
Jule Anger [Mon, 11 Mar 2024 14:53:57 +0000 (15:53 +0100)]
VERSION: Disable GIT_SNAPSHOT for the 4.20.0rc4 release.
Signed-off-by: Jule Anger <janger@samba.org>
Jule Anger [Mon, 11 Mar 2024 14:53:16 +0000 (15:53 +0100)]
WHATSNEW: Add release notes for Samba 4.20.0rc4.
Signed-off-by: Jule Anger <janger@samba.org>
Andreas Schneider [Wed, 21 Feb 2024 08:10:47 +0000 (09:10 +0100)]
python:gp: Implement client site lookup in site_dn_for_machine()
This is [MS-GPOL] 3.2.5.1.4 Site Search.
The netr_DsRGetSiteName() needs to run over local rpc, however we do not
have the call implemented in our rpc_server. What netr_DsRGetSiteName()
actually does is an ldap query to get the sitename, we can just do the
same.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15588
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
e4c3c61302b12419f041867b58350f11dc800318)
Autobuild-User(v4-20-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-20-test): Fri Mar 1 09:01:06 UTC 2024 on atb-devel-224
Andreas Schneider [Wed, 21 Feb 2024 07:56:06 +0000 (08:56 +0100)]
librpc:idl: Make netlogon_samlogon_response public
This is required that we can use it with ndrdump or in python to decode
a NETLOGON_SAM_LOGON_RESPONSE_EX ldap response.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15588
Signed-off-by: Andreas Schneider <asn@samba.org>
Pair-Programmed-With: Guenther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
e758425869729a43136ae51e6baecb2061d1525b)
Jule Anger [Mon, 26 Feb 2024 11:36:59 +0000 (12:36 +0100)]
VERSION: Bump version up to Samba 4.20.0rc4...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Jule Anger <janger@samba.org>
Jule Anger [Mon, 26 Feb 2024 11:36:25 +0000 (12:36 +0100)]
VERSION: Disable GIT_SNAPSHOT for the 4.20.0rc3 release.
Signed-off-by: Jule Anger <janger@samba.org>
Jule Anger [Mon, 26 Feb 2024 11:35:56 +0000 (12:35 +0100)]
WHATSNEW: Add release notes for Samba 4.20.0rc3.
Signed-off-by: Jule Anger <janger@samba.org>
Noel Power [Thu, 8 Feb 2024 14:05:43 +0000 (14:05 +0000)]
s3/rpc_client: Fix array offset check
Previous to this commit we were modifying the offset before
the array offset check. This was causing a spurious debug
message indicating the offset was out of bounds. An second
problem is that upon detecting the error we don't exit the loop.
A third problem was that when reading the offset the check
didn't cater for the size of the integer address about to be read.
This commit moves the offset check to before the first read,
additionally when an error is detected now we actually exit the loop
and the offset have been corrected to include the size of the
integer to be read
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15579
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Sat Feb 17 17:58:43 UTC 2024 on atb-devel-224
(cherry picked from commit
885850b6aaabf089f422b1b015481a0ccff4f90e)
Autobuild-User(v4-20-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-20-test): Mon Feb 26 10:37:37 UTC 2024 on atb-devel-224
Noel Power [Wed, 14 Feb 2024 11:19:39 +0000 (11:19 +0000)]
s3/rpc_client: Ensure max possible row buffer size is not exceeded
The max buf size of rows buffer should not exceed 0x00004000.
Ensuring this value is within limits means we can safely use
uint32_t offsets.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15579
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
f487211706a74d516bf447ed393222b4c0dce7b0)
Noel Power [Wed, 14 Feb 2024 12:01:28 +0000 (12:01 +0000)]
idl: Add constant for max rows buffer size
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15579
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
01e901ef869a1a87fba0e67bce311dbeb199b717)
Noel Power [Wed, 10 Jan 2024 14:43:58 +0000 (14:43 +0000)]
s3/rpc_client: cleanup unmarshalling of variant types from row columns
Prior to this change fn 'extract_variant_addresses' actually returns offsets
to the variant stored not the addresses, additionally the param in the
signature of the method is named offset where the param in reality is a
base address.
This change makes fn 'extract_variant_addresses' actually return addresses
instead of offsets and also changes the name of the incoming param. The
resulting changes are propaged to callers which hopefully makes what the
code is actually doing a little clearer
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Tue Jan 30 17:22:37 UTC 2024 on atb-devel-224
(cherry picked from commit
9b2f2302ee4828ae54f5903a3bf649ffd255fb4a)
Noel Power [Mon, 8 Jan 2024 15:56:38 +0000 (15:56 +0000)]
s3/utils: use full 64 bit address for getrows (with 64bit offsets)
if 64bit offsets are used the hi 32-bits of address are stored in
the ulreserved2 member of the message header field and the low 32-bits
are stored in the ulclientbase member of the cpmgetrows message
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
6ecb614b8ec6953ba15e8061fce9b395615b035a)
Noel Power [Wed, 10 Jan 2024 10:59:23 +0000 (10:59 +0000)]
s3/rpc_client: Remove stray unnecessary comment
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
efa60ff3105ac80ffff6d2a5d82dd0615ddb7578)
Noel Power [Mon, 8 Jan 2024 15:12:35 +0000 (15:12 +0000)]
s3/rpc_client: change type of offset to uint64_t
Offset can be a 32 or 64 bit address depending on the indexing addressing
mode negotiated by the client
With a 32 bit param we can only specify a 32 bit base address. This change
alone doesn't affect anything as it is the client itself that choses and
passes the base address offset and wspsearch is the only current user of
this code.
In this case even with 64bit addressing negotiated the address passed
represents only the lower 32-bits part of the address.
However, for coverage purposes it would be better for the client to use an
address that covers the full 64bit range of the address (when 64 bit
addressing is negotiated).
This change will alow the wspsearch client in a future commit to pass a
base address value with both the hi and low 32 bits values set to make up
the full 64 bit address.
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
a61eb7032896265eaef3ba225aafd6f293e7569d)
Martin Schwenke [Fri, 9 Feb 2024 06:29:46 +0000 (17:29 +1100)]
ctdb-protocol: Add missing push support for new controls
CTDB_CONTROL_TCP_CLIENT_DISCONNECTED and
CTDB_CONTROL_TCP_CLIENT_PASSED were added in commits
c6602b686b4e50d93272667ef86d3904181fb1ab and
037e8e449deb136ad5ed5e4de05439411b545b6d. They were missing test
support for the packet push/pull. While adding the testing (for
completeness, before adding another new control) I noticed that the
push functionality was absent. This adds that, along with the test
support.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15580
Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Feb 19 10:21:48 UTC 2024 on atb-devel-224
(cherry picked from commit
dd9b11acbc4fbde1941719968aeb463b853b0ffb)
Autobuild-User(v4-20-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-20-test): Tue Feb 20 13:46:47 UTC 2024 on atb-devel-224
Jo Sutton [Thu, 1 Feb 2024 23:23:58 +0000 (12:23 +1300)]
python: Remove ‘typing.Final’
This is only present in Python 3.8 and above.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15575
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
d6fe66ddeeb99c550fa9a0f1abb845e6daf71f8a)
Autobuild-User(v4-20-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-20-test): Mon Feb 19 15:35:39 UTC 2024 on atb-devel-224
Rob van der Linde [Thu, 1 Feb 2024 23:54:41 +0000 (12:54 +1300)]
python: do not make use of typing.Final for python 3.6
Python 3.6 does not have typing.Final yet
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15575
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
ecc84aa448a962f1a224144bbb65f0cef36a4279)
Stefan Metzmacher [Thu, 8 Feb 2024 14:43:39 +0000 (15:43 +0100)]
docs-xml: document "smb3 share cap:{CONTINUOUS AVAILABILITY,SCALE OUT,CLUSTER,ASYMMETRIC}"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15577
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Tue Feb 13 21:06:24 UTC 2024 on atb-devel-224
(cherry picked from commit
7a674ee9ffeca047ceed7ac046db1b168d4025a6)
Stefan Metzmacher [Thu, 8 Feb 2024 14:31:10 +0000 (15:31 +0100)]
smb2_tcon: only announce SMB3 related share capabilities if SMB3 is used
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15577
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit
32b84c5bce00c4f91191596dc00d9824e82e0f24)
Stefan Metzmacher [Thu, 8 Feb 2024 14:15:28 +0000 (15:15 +0100)]
smb2_tcon: only announce SMB2_SHARE_CAP_CLUSTER if rpcd_witness can run
rpcd_witness needs ncacn_ip_tcp support and that's only
available if samba-dcerpcd is not started on demand.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15577
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit
d8bfdaaaa737032c6a8623512fcb2cd01850628a)
Stefan Metzmacher [Thu, 8 Feb 2024 13:25:05 +0000 (14:25 +0100)]
docs-xml: add details for 'net witness'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15577
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit
1d0938d6fe46c06432ae5fda9e7491b908a9ac56)
Stefan Metzmacher [Thu, 8 Feb 2024 14:07:42 +0000 (15:07 +0100)]
s3:utils: fix help string for 'net witness force-response'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15577
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit
7a23429ed6a04bb14509758492bfaee5db6dbd0d)
Stefan Metzmacher [Fri, 2 Feb 2024 12:54:20 +0000 (13:54 +0100)]
ctdb/events: add 47.samba-dcerpcd.script
If someone wants to enable the witness service
samba-dcerpcd needs to be started as standalone service
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15577
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit
f1f68108cc303b92b8a88728d12c2b699fdfc731)
Stefan Metzmacher [Fri, 2 Feb 2024 12:54:20 +0000 (13:54 +0100)]
ctdb/events: use 'service "$CTDB_SERVICE_NMB" status' in 48.netbios.script
We can easily monitor if the service is running at all,
that better than no monitoring at all...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15577
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit
ff8f778e39af563d97b1d38f89368a3c148532f2)
Jule Anger [Mon, 12 Feb 2024 13:05:12 +0000 (14:05 +0100)]
VERSION: Bump version up to Samba 4.20.0rc3...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Jule Anger <janger@samba.org>
Jule Anger [Mon, 12 Feb 2024 13:04:39 +0000 (14:04 +0100)]
VERSION: Disable GIT_SNAPSHOT for the 4.20.0rc2 release.
Signed-off-by: Jule Anger <janger@samba.org>
Jule Anger [Mon, 12 Feb 2024 13:01:59 +0000 (14:01 +0100)]
WHATSNEW: Add release notes for Samba 4.20.0rc2.
Signed-off-by: Jule Anger <janger@samba.org>
Andrew Bartlett [Wed, 31 Jan 2024 22:33:27 +0000 (11:33 +1300)]
WHATSNEW: Explain new AD DC Claims, authentication policies and Silos
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15566
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(v4-20-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-20-test): Mon Feb 12 11:55:51 UTC 2024 on atb-devel-224
Douglas Bagnall [Mon, 15 Jan 2024 02:21:11 +0000 (15:21 +1300)]
WHATSNEW: Add some information about new conditional aces feature
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15566
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Douglas Bagnall [Mon, 15 Jan 2024 02:22:27 +0000 (15:22 +1300)]
WHATSNEW: note "acl_claims evaluation" smb.conf option
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15566
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>