Joseph Sutton [Tue, 29 Aug 2023 01:49:18 +0000 (13:49 +1200)]
docs-xml: Add missing paragraph section
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 24 Aug 2023 23:53:28 +0000 (11:53 +1200)]
s4:kdc: Fix leaks
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 24 Aug 2023 23:49:27 +0000 (11:49 +1200)]
s4:kdc: Don’t operate directly on caller‐owned pointer
This is more consistent with the other PAC blob functions, and easier to
reason about.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 24 Aug 2023 23:41:39 +0000 (11:41 +1200)]
s4:kdc: Allocate contents of PAC blobs on blob talloc contexts
The lifetime of a blob’s contents should be tied to the lifetime of the
blob itself.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 24 Aug 2023 23:35:12 +0000 (11:35 +1200)]
s4:kdc: Inline samba_get_requester_sid_pac_blob()
A wrapper doesn’t add much utility to a function this small. We might as
well join these two into a single function.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 7 Sep 2023 21:13:51 +0000 (09:13 +1200)]
s4:kdc: Fix error message
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 24 Aug 2023 23:30:27 +0000 (11:30 +1200)]
s4:kdc: Initialize pointers to NULL
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 24 Aug 2023 23:29:24 +0000 (11:29 +1200)]
s4:kdc: Correct error message
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 24 Aug 2023 23:28:07 +0000 (11:28 +1200)]
s4:kdc: Check return value of smb_krb5_principal_get_comp_string()
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 24 Aug 2023 23:18:34 +0000 (11:18 +1200)]
s4:kdc: Remove unused talloc context
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 24 Aug 2023 23:17:24 +0000 (11:17 +1200)]
s4:kdc: Check return value of samdb_result_dom_sid()
We should not pass a NULL pointer into dom_sid_split_rid().
Unlike samdb_result_dom_sid(), samdb_result_dom_sid_buf() produces an
error code on failure and does not require a heap allocation.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 24 Aug 2023 23:04:32 +0000 (11:04 +1200)]
claims.idl: Be more lenient in our expectations for the compression of claims
384 bytes is not a strict threshold below which claims are never to be
compressed. Windows has been known to compress claims a mere 368 bytes
in size.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 24 Aug 2023 23:01:09 +0000 (11:01 +1200)]
claims.idl: Allow empty claim value buffers
Windows doesn’t reject these, nor do we have any reason to do so.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 21 Aug 2023 01:55:27 +0000 (13:55 +1200)]
s4:kdc: Make functions to add special SIDs non‐static
This allows us to call them from elsewhere.
Change their names accordingly to start with ‘samba_kdc_’.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 21 Aug 2023 01:52:14 +0000 (13:52 +1200)]
s4:kdc: Check result of talloc_realloc()
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 21 Aug 2023 01:51:27 +0000 (13:51 +1200)]
s4:kdc: Handle invalid enum values
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 21 Aug 2023 01:49:38 +0000 (13:49 +1200)]
s4:kdc: Check result of dom_sid_parse()
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 21 Aug 2023 01:46:57 +0000 (13:46 +1200)]
s4:kdc: Remove unused flags
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Fri, 18 Aug 2023 03:00:20 +0000 (15:00 +1200)]
s4:kdc: Use smb_krb5_data_from_blob()
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Fri, 18 Aug 2023 03:00:04 +0000 (15:00 +1200)]
s4:kdc: Remove duplicate function signature
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 7 Sep 2023 04:35:39 +0000 (16:35 +1200)]
s4:kdc: Prefer explicit initialization to ZERO_STRUCT()
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Fri, 18 Aug 2023 00:33:01 +0000 (12:33 +1200)]
libcli:security: Prefer explicit initialization to ZERO_STRUCTP()
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 29 Aug 2023 23:58:34 +0000 (11:58 +1200)]
s4:scripting: Remove unused imports
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 16 Aug 2023 23:10:06 +0000 (11:10 +1200)]
python:tests: Remove unused imports
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 15 Aug 2023 00:38:35 +0000 (12:38 +1200)]
librpc:ndr: Avoid overflow in size calculation
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 9 Aug 2023 04:52:46 +0000 (16:52 +1200)]
libgpo: Remove unnecessary cast
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 9 Aug 2023 04:51:46 +0000 (16:51 +1200)]
lib:tdr: Remove unnecessary cast
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 9 Aug 2023 04:51:33 +0000 (16:51 +1200)]
lib:mscat: Remove unnecessary casts
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 7 Sep 2023 13:59:59 +0000 (15:59 +0200)]
nsswitch/wb_common.c: fix socket fd and memory leaks of global state
When we are called in wb_atfork_child() or winbind_destructor(),
wb_thread_ctx_destructor() is not called for the global state
of the current nor any other thread, which means we would
leak the related memory and socket fds.
Now we maintain a global list protected by a global mutex.
We traverse the list and close all socket fds, which are no
longer used (winbind_destructor) or no longer valid in the
current process (wb_atfork_child), in addition we 'autofree'
the ones, which are only visible internally as global (per thread)
context.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15464
Tested-by: Krzysztof Piotr Oledzki <ole@ans.pl>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Sep 14 18:53:07 UTC 2023 on atb-devel-224
Stefan Metzmacher [Fri, 8 Sep 2023 07:56:47 +0000 (09:56 +0200)]
nsswitch/wb_common.c: don't operate on a stale wb_global_ctx.key
If nss_winbind is loaded into a process that uses fork multiple times
without any further calls into nss_winbind, wb_atfork_child handler
was using a wb_global_ctx.key that was no longer registered in the
pthread library, so we operated on a slot that was potentially
reused by other libraries or the main application. Which is likely
to cause memory corruption.
So we better don't call pthread_key_delete() in wb_atfork_child().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15464
Reported-by: Krzysztof Piotr Oledzki <ole@ans.pl>
Tested-by: Krzysztof Piotr Oledzki <ole@ans.pl>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Fri, 8 Sep 2023 07:53:42 +0000 (09:53 +0200)]
nsswitch/wb_common.c: winbind_destructor can always use get_wb_global_ctx()
The HAVE_PTHREAD logic inside of get_wb_global_ctx() will do all
required magic.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15464
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Thu, 7 Sep 2023 14:02:32 +0000 (16:02 +0200)]
nsswitch/wb_common.c: fix build without HAVE_PTHREAD
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15464
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Fri, 8 Sep 2023 11:57:26 +0000 (13:57 +0200)]
nsswitch: add test for pthread_key_delete missuse (bug 15464)
This is based on https://bugzilla.samba.org/attachment.cgi?id=18081
written by Krzysztof Piotr Oledzki <ole@ans.pl>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15464
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andrew Bartlett [Tue, 5 Sep 2023 21:37:19 +0000 (09:37 +1200)]
.gitlab-ci: Allow ext4 jobs to run on shared runners
At the time of this commit, GitLab shared runners
tagged "gce" were 2x AMD EPYC 7B12 with 8GB ram.
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Thu, 14 Sep 2023 08:42:55 +0000 (10:42 +0200)]
.gitlab-ci: make it explicit that some tests require ext4/5.15 kernel
This is better then requiring private runners,
as we'll be able to use shared runners for ext4 soon.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 13 Sep 2023 15:07:34 +0000 (17:07 +0200)]
.gitlab-ci: restore starting ubuntu2204-samba-o3 for the default pipeline
This got lost in commit
bcc22d00569551cfa25851c8c267ec9decc63d21
for ubuntu1804-samba-o3 at the time...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Ralph Boehme [Fri, 4 Aug 2023 15:19:00 +0000 (17:19 +0200)]
smbd: make vfs_stat_fsp() a no-op on fake file-handles
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Sep 12 17:08:17 UTC 2023 on atb-devel-224
Samuel Cabrero [Thu, 7 Sep 2023 12:51:15 +0000 (14:51 +0200)]
auth:credentials: Check if password_obtained > obtained
Fixes reading the password from STDIN or environment vars if it was already
given in the command line:
$ export PASSWD_FD=0
$ ./bin/net offlinejoin composeodj <...> --password=FOO
<Waiting to read password from STDIN>
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Sep 11 03:36:28 UTC 2023 on atb-devel-224
Samuel Cabrero [Thu, 7 Sep 2023 12:53:22 +0000 (14:53 +0200)]
netapi: Pass net's cmdline credentials to libnetapi_net_init()
Avoid unnecessary credentials allocation and initialization by passing the
net's cmdline creds to libnetapi_net_init() directly.
Fixes the problem of running cli_credentials_guess() (which runs password
callbacks) twice, one for the net's cmdline creds and a second time for the
creds initialized in libnetapi_net_init(), just to override them immediately
after.
Example:
$ export PASSWD_FD=0
$ ./bin/net offlinejoin composeodj <...>
foo
bar
Password is read from STDIN twice.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Samuel Cabrero [Thu, 7 Sep 2023 12:34:36 +0000 (14:34 +0200)]
netapi: Pass loadparm_context to libnetapi_net_init()
The net's tool cmdline lp_ctx can be reused, no need to init a new one except
for external library users.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 7 Sep 2023 21:35:51 +0000 (09:35 +1200)]
s3:rpc: bump named_pipe_auth_req_info version number
This is because commit
f893cf85cc387b66c496661e11073b1215270022
changed the security token in secuirty.idl, and bumping the version
was missed.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Wed, 30 Aug 2023 02:45:49 +0000 (14:45 +1200)]
.gitlab-ci.yml: Move coverity build to internal Heimdal
The opensuse155 image has MIT 1.20, not the required MIT 1.21, so build
with intenral Heimdal instead.
The opensuse155 image was chosen deliberatly in commit
f2eb411646bbc3cbedd4aecaba98bd363a6cd3df so this changes
the KDC choice rather than the image. Eventually we will
need to do both.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Joseph Sutton [Wed, 6 Sep 2023 00:06:26 +0000 (12:06 +1200)]
s4:wrepl_server: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 5 Sep 2023 23:33:59 +0000 (11:33 +1200)]
s4:torture: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 7 Sep 2023 04:24:56 +0000 (16:24 +1200)]
s4:samba: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 7 Sep 2023 04:18:24 +0000 (16:18 +1200)]
s4:rpc_server: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 7 Sep 2023 04:18:06 +0000 (16:18 +1200)]
s4:ntvfs: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 7 Sep 2023 04:17:44 +0000 (16:17 +1200)]
s4:libnet: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 4 Sep 2023 04:34:04 +0000 (16:34 +1200)]
s4:libcli: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 4 Sep 2023 04:52:57 +0000 (16:52 +1200)]
s4:kdc: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Fri, 1 Sep 2023 01:30:37 +0000 (13:30 +1200)]
s4:dsdb: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 6 Sep 2023 04:34:33 +0000 (16:34 +1200)]
s4:dns_server: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 7 Sep 2023 04:12:03 +0000 (16:12 +1200)]
s4:client: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 5 Sep 2023 04:04:28 +0000 (16:04 +1200)]
s4:auth: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 4 Sep 2023 02:17:35 +0000 (14:17 +1200)]
s3:winbindd: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 5 Sep 2023 04:04:18 +0000 (16:04 +1200)]
s3:utils: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 7 Sep 2023 04:09:38 +0000 (16:09 +1200)]
s3:smbd: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 7 Sep 2023 04:09:20 +0000 (16:09 +1200)]
s3:rpc_server: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 7 Sep 2023 04:08:57 +0000 (16:08 +1200)]
s3:rpc_client: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 7 Sep 2023 04:08:34 +0000 (16:08 +1200)]
s3:registry: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 7 Sep 2023 04:08:17 +0000 (16:08 +1200)]
s3:nmbd: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 5 Sep 2023 04:03:58 +0000 (16:03 +1200)]
s3:librpc: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 7 Sep 2023 04:07:41 +0000 (16:07 +1200)]
s3:libnet: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Fri, 1 Sep 2023 01:39:18 +0000 (13:39 +1200)]
s3:libads: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 7 Sep 2023 04:05:38 +0000 (16:05 +1200)]
s3:lib: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 7 Sep 2023 04:05:13 +0000 (16:05 +1200)]
s3:auth: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 7 Sep 2023 04:04:41 +0000 (16:04 +1200)]
selftest: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Sun, 3 Sep 2023 22:22:42 +0000 (10:22 +1200)]
python:tests: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 23 Aug 2023 03:53:59 +0000 (15:53 +1200)]
pidl: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 30 Aug 2023 03:18:19 +0000 (15:18 +1200)]
librpc: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 7 Sep 2023 04:01:50 +0000 (16:01 +1200)]
libgpo: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 5 Sep 2023 22:54:46 +0000 (10:54 +1200)]
libcli: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 7 Sep 2023 03:57:53 +0000 (15:57 +1200)]
lib:charset: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 7 Sep 2023 03:57:14 +0000 (15:57 +1200)]
tevent: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 7 Sep 2023 03:56:56 +0000 (15:56 +1200)]
tdb: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 7 Sep 2023 03:56:20 +0000 (15:56 +1200)]
lib:printer_driver: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 5 Sep 2023 22:54:35 +0000 (10:54 +1200)]
ldb: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 4 Sep 2023 04:46:10 +0000 (16:46 +1200)]
lib:krb5_wrap: Fix spelling in documentation
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 7 Sep 2023 03:52:26 +0000 (15:52 +1200)]
lib:crypto: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 4 Sep 2023 04:43:20 +0000 (16:43 +1200)]
lib:compression: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 4 Sep 2023 00:14:58 +0000 (12:14 +1200)]
docs-xml: Fix spelling
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 7 Sep 2023 03:47:05 +0000 (15:47 +1200)]
ctdb: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 5 Sep 2023 04:02:59 +0000 (16:02 +1200)]
auth: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 21 Aug 2023 02:23:25 +0000 (14:23 +1200)]
Makefile: Fix spelling
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Volker Lendecke [Wed, 30 Aug 2023 07:22:13 +0000 (09:22 +0200)]
libsmb: Fix parsing symlink reparse points
Untested code is broken code. For symlinks we need to hand over the
full reparse buffer into symlink_reparse_buffer_parse(), as this is
also used for the smb2 error response handling. For that, the
"reserved" field in [MS-FSCC] 2.1.2.4 Symbolic Link Reparse Data
Buffer is used for the "unparsed" field.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Sep 8 17:24:19 UTC 2023 on atb-devel-224
Volker Lendecke [Thu, 7 Sep 2023 13:25:57 +0000 (15:25 +0200)]
tests: Add test_symlink_reparse_data_buffer_parse
The blob was taken from a smbclient allinfo command for a Windows
symlink. Show that reparse_data_buffer_parse() is broken.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 7 Sep 2023 15:00:17 +0000 (17:00 +0200)]
tests: Create symlinks using posix extensions
This way we can run the tests and more easily put them into knownfail
individually. Before this, everything went into the error category,
which was not so easy to catch in something like knownfail.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Douglas Bagnall [Wed, 23 Aug 2023 00:04:29 +0000 (12:04 +1200)]
security.idl: extend security token for claims
A security token contains the context needed to make access decisions
for a particular client, which has until now been a number of SIDs and
flags. Claims are arbitrary attributes that can be tacked onto the
security token. Typically they will arrive via a Kerberos PAC, but we
don't need to worry about that now -- only that they are stored on the
token.
The security token in [MS-DTYP] 2.5.2 is described in abstract terms
(it is not transmitted on the wire) as behaving *as if* it held claims
in three arrays of CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1 structures. We
take that suggestion literally. This is *almost* the same as storing
the [MS-ADTS] 2.2.18 claims wire structures that the claims are
presumably derived from, and doing that might seem like a small
optimisation. But we don't do that because of subtle differences and
we already need CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1 in security.idl
for resource attribute ACEs.
The three stored claim types are user claims, device claims, and local
claims. Local claims relate to local Windows accounts and are unlikely
to occur in Samba. Nevertheless we have the array there just in case.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Sep 7 05:50:24 UTC 2023 on atb-devel-224
Douglas Bagnall [Wed, 23 Aug 2023 00:03:53 +0000 (12:03 +1200)]
librpc:security.idl: add Resource Attribute claim types
This will be used in Resource Attribute ACEs, and in security tokens
when security tokens become claim-aware.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 13 Jul 2023 09:31:50 +0000 (21:31 +1200)]
librpc:security.idl: add enums for resource attribute aces
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Tue, 5 Sep 2023 21:36:45 +0000 (09:36 +1200)]
libcli:sec:display: use macro for more ace types
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Tue, 13 Dec 2022 21:56:42 +0000 (10:56 +1300)]
libcli:sec:display: print callback ace types
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 1 Dec 2022 23:44:54 +0000 (12:44 +1300)]
librpc:security.idl: add more ACE enum types, with annotations
The callback types are used for conditional ACEs. The others are just
there and we might as well know them.
Several ACE types are "reserved for future use" by Microsoft.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Fri, 21 Jul 2023 02:36:20 +0000 (14:36 +1200)]
libcli/security: create_descriptor handles unknown ACE types
Because we're going to add more ACE types.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 8 Feb 2023 21:44:46 +0000 (10:44 +1300)]
librpc/idl: add conditional ACE structures and constants
This will be used to decode the expressions on conditional ACEs.
At the moment it changes nothing.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Fri, 21 Jul 2023 04:40:38 +0000 (16:40 +1200)]
libcli/security: make sddl_encode_sid an external function
Mirroring the last commit for sddl_decode_sid, we want to be able to
encode SIDs from sibling source files.
The dom_sid functions are insufficient for this because they don't know
the SDDL short aliases, like "WD".
sddl_transition_encode_sid() is used internally.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 1 Dec 2022 23:43:21 +0000 (12:43 +1300)]
libcli/security: make sddl_decode_sid an external function
We are going to need it in for parsing SDDL for conditional ACEs and
resource ACEs, which will go in a separate file because it's huge.
This means changing the interface for `sddl_decode_sid` to that from
before
7d466a913f2c0038b30424403a7355db849fee7a which introduced
sddl_transition_state to deal ease the shift to disambiguated machine/
domain/forest SIDs. Internal callers use `sddl_transition_decode_sid()`
which is the old function; external callers use the same shim pattern as
the other externally available functions.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Fri, 2 Jun 2023 01:07:48 +0000 (13:07 +1200)]
pytests:security: don't use invalid domain SID S-2-0-0
The '2' is a version number, but there is not yet a version 2, so we
can't even say what the rest of the string should look like.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Wed, 6 Sep 2023 07:14:49 +0000 (09:14 +0200)]
s4:samdb: Avoid memory leaks in partition_metadata_get_uint64()
==395==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 96 byte(s) in 1 object(s) allocated from:
#0 0x7f4c5dedc03f in malloc (/lib64/libasan.so.8+0xdc03f) (BuildId:
b10bafa0ba3304197db35cc24e0024cb0492168a)
#1 0x7f4c5d252b3e in __talloc_with_prefix ../../lib/talloc/talloc.c:783
#2 0x7f4c5d2543cc in __talloc ../../lib/talloc/talloc.c:825
#3 0x7f4c5d2543cc in _talloc_named_const ../../lib/talloc/talloc.c:982
#4 0x7f4c5d2543cc in talloc_named_const ../../lib/talloc/talloc.c:1751
#5 0x7f4c504acc53 in partition_metadata_get_uint64 ../../source4/dsdb/samdb/ldb_modules/partition_metadata.c:50
#6 0x7f4c504add29 in partition_metadata_sequence_number_increment ../../source4/dsdb/samdb/ldb_modules/partition_metadata.c:398
#7 0x7f4c504a66aa in partition_sequence_number ../../source4/dsdb/samdb/ldb_modules/partition.c:1401
#8 0x7f4c504a66aa in partition_extended ../../source4/dsdb/samdb/ldb_modules/partition.c:1680
#9 0x7f4c5c498c44 in ldb_next_request ../../lib/ldb/common/ldb_modules.c:559
#10 0x7f4c503980c8 in replmd_extended ../../source4/dsdb/samdb/ldb_modules/repl_meta_data.c:8455
#11 0x7f4c5c498c44 in ldb_next_request ../../lib/ldb/common/ldb_modules.c:559
#12 0x7f4c502fae5c in samldb_extended ../../source4/dsdb/samdb/ldb_modules/samldb.c:5718
#13 0x7f4c5c498c44 in ldb_next_request ../../lib/ldb/common/ldb_modules.c:559
#14 0x7f4c52f0b94c in acl_extended ../../source4/dsdb/samdb/ldb_modules/acl.c:2854
#15 0x7f4c5c498c44 in ldb_next_request ../../lib/ldb/common/ldb_modules.c:559
#16 0x7f4c52eb019c in descriptor_extended ../../source4/dsdb/samdb/ldb_modules/descriptor.c:1450
#17 0x7f4c5c498c44 in ldb_next_request ../../lib/ldb/common/ldb_modules.c:559
#18 0x7f4c52ed8687 in log_extended ../../source4/dsdb/samdb/ldb_modules/audit_log.c:1824
#19 0x7f4c5c498c44 in ldb_next_request ../../lib/ldb/common/ldb_modules.c:559
#20 0x7f4c505aa337 in unlazy_op ../../source4/dsdb/samdb/ldb_modules/lazy_commit.c:40
#21 0x7f4c5c498c44 in ldb_next_request ../../lib/ldb/common/ldb_modules.c:559
#22 0x7f4c502d0f82 in schema_load_extended ../../source4/dsdb/samdb/ldb_modules/schema_load.c:593
#23 0x7f4c5c498c44 in ldb_next_request ../../lib/ldb/common/ldb_modules.c:559
#24 0x7f4c5035a010 in rootdse_extended ../../source4/dsdb/samdb/ldb_modules/rootdse.c:1780
#25 0x7f4c5c4914ef in ldb_request ../../lib/ldb/common/ldb.c:1244
#26 0x7f4c5c492a2d in ldb_extended ../../lib/ldb/common/ldb.c:1714
#27 0x7f4c5c492bdf in ldb_sequence_number ../../lib/ldb/common/ldb.c:1943
#28 0x7f4c503a9abd in replmd_add ../../source4/dsdb/samdb/ldb_modules/repl_meta_data.c:1316
#29 0x7f4c5c4989f4 in ldb_next_request ../../lib/ldb/common/ldb_modules.c:543
#30 0x7f4c50458783 in rdn_name_add ../../lib/ldb/modules/rdn_name.c:206
#31 0x7f4c5c4989f4 in ldb_next_request ../../lib/ldb/common/ldb_modules.c:543
#32 0x7f4c504f4852 in attr_handler ../../source4/dsdb/samdb/ldb_modules/objectclass_attrs.c:334
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
Stefan Metzmacher [Wed, 30 Sep 2020 21:42:48 +0000 (23:42 +0200)]
smb2_server: move struct msghdr to smbd_smb2_send_queue
The main reason is the preparation of io_uring support,
as it can't be on the stack for async operations.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Sep 6 20:31:04 UTC 2023 on atb-devel-224