Günther Deschner [Thu, 30 Mar 2023 13:52:56 +0000 (15:52 +0200)]
s4-torture: add some basic dom_sid tests
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Andreas Schneider [Fri, 31 Mar 2023 09:14:11 +0000 (11:14 +0200)]
lib:krb5_wrap: Fix code spelling
Best reviewed with: `git show --word-diff`.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Apr 3 04:53:05 UTC 2023 on atb-devel-224
Andreas Schneider [Fri, 31 Mar 2023 09:11:34 +0000 (11:11 +0200)]
lib:fuzzing: Fix code spelling
Best reviewed with: `git show --word-diff`.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Fri, 31 Mar 2023 09:10:03 +0000 (11:10 +0200)]
lib:dbwrap: Fix code spelling
Best reviewed with: `git show --word-diff`.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Fri, 31 Mar 2023 09:07:46 +0000 (11:07 +0200)]
lib:crypto: Improve comment about weak crypto
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Fri, 31 Mar 2023 09:04:54 +0000 (11:04 +0200)]
lib:compression: Fix code spelling
Best reviewed with: `git show --word-diff`.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Fri, 31 Mar 2023 09:04:22 +0000 (11:04 +0200)]
lib:cmdline: Fix code spelling
Best reviewed with: `git show --word-diff`.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Fri, 31 Mar 2023 09:03:08 +0000 (11:03 +0200)]
lib:audit_logging: Fix code spelling
Best reviewed with: `git show --word-diff`.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Fri, 31 Mar 2023 09:01:47 +0000 (11:01 +0200)]
lib:addns: Fix code spelling
Best reviewed with: `git show --word-diff`.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Fri, 31 Mar 2023 09:00:50 +0000 (11:00 +0200)]
lib:addns: Rename additionals to additional
Fixes code spelling.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Dmitry Antipov [Fri, 31 Mar 2023 05:06:44 +0000 (08:06 +0300)]
s4:libnet: cleanup py_net_time()
Fix size of buffer passed to and always check the value returned
from strftime(), raise PyErr_NoMemory() and return NULL if zero,
or use it with PyUnicode_FromStringAndSize() (thus avoiding extra
internal call to strlen()) otherwise.
Signed-off-by: Dmitry Antipov <dantipov@cloudlinux.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
David Disseldorp [Tue, 28 Mar 2023 15:00:24 +0000 (17:00 +0200)]
s3:modules: call rpcgen only if vfs_nfs4acl_xattr is enabled
rpcgen may be missing, so wrap all of the vfs_nfs4acl_xattr associated
calls in an appropriate if bld.SAMBA3_IS_ENABLED_MODULE() check.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Amir Goldstein [Tue, 14 Mar 2023 17:57:08 +0000 (19:57 +0200)]
torture/smb2: do not use client time in delayed timestamp updates test
Client time cannot be compared to server timestamp, because the clocks
on client and server may not be in sync.
Compare server timestamps, only to previous timestamps read from server.
Signed-off-by: Amir Goldstein <amir@ctera.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Sat Apr 1 06:23:36 UTC 2023 on atb-devel-224
Volker Lendecke [Wed, 29 Mar 2023 10:20:01 +0000 (06:20 -0400)]
lib: Fix tdb_validate() for incorrect tdb entries
We should not overwrite the "rc=1" initialization with the tdb_check
retval. This will lead to tdb_validate_child() returning 0 even when
validate_fn() found invalid entries.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14789
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 29 Mar 2023 13:07:19 +0000 (09:07 -0400)]
torture3: Add tdb-validate test
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14789
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Fri, 31 Mar 2023 09:44:00 +0000 (11:44 +0200)]
smbd: squash check_path_syntax() variants
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Mar 31 21:21:57 UTC 2023 on atb-devel-224
Jeremy Allison [Tue, 28 Mar 2023 20:55:49 +0000 (13:55 -0700)]
s3: smbd: Correctly process SMB3 POSIX paths in create.
Remove knownfail for posix path handling of case/reserved char
Signed-off-by: David Mulder <dmulder@samba.org>
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Tue, 28 Mar 2023 20:53:20 +0000 (13:53 -0700)]
s3: smbd: Correctly set smb2req->smb1req->posix_pathnames from the calling fsp on SMB2 calls.
We must always do SMB3+POSIX operations on fsp's opened with a posix create context.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
David Mulder [Thu, 1 Dec 2022 17:53:44 +0000 (10:53 -0700)]
smbd: Ensure share root POSIX attrs are cleared after mode_fn
The call to mode_fn (smbd_dirptr_lanman2_mode_fn)
was filling the cleared attributes back in to the
stat. Ensure the clear happens after this call.
Signed-off-by: David Mulder <dmulder@samba.org>
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Tue, 28 Mar 2023 18:06:36 +0000 (11:06 -0700)]
s3: smbd: Add check_path_syntax_smb2_posix().
Not yet used. Simple wrapper, identical to check_path_syntax_posix().
I want to keep SMB1/SMB2 code as separate as possible so
we can remove any SMB1 code path later.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Tue, 28 Mar 2023 18:03:59 +0000 (11:03 -0700)]
s3: smbd: Flatten the check_path_syntax_smb2() wrapper.
Keep it, rather and move all SMB2 code to check_path_syntax()
as I want to keep SMB1/SMB2 code as separate as possible so
we can remove any SMB1 code path later.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Joseph Sutton [Tue, 28 Mar 2023 21:56:22 +0000 (10:56 +1300)]
s4:kdc: Add support for AD device claims
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Mar 31 09:30:17 UTC 2023 on atb-devel-224
Joseph Sutton [Mon, 20 Mar 2023 03:58:47 +0000 (16:58 +1300)]
s4:kdc: Add support for AD client claims
We now create a client claims blob and add it to the PAC.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 30 Mar 2023 19:38:09 +0000 (08:38 +1300)]
selftest: Account for have_fast_support in determining whether FAST is supported
have_fast_support is unconditionally set to 1, so this doesn't change
any behaviour.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 29 Mar 2023 02:54:26 +0000 (15:54 +1300)]
s4-dsdb: Account for Claims Valid SID in tokenGroups
More of these tests now pass against Windows. They still don't quite all
pass, but that's something to fix for another day.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 29 Mar 2023 01:34:57 +0000 (14:34 +1300)]
s4:torture: Make use of torture_assert_sid_equal()
This gives a more helpful diagnostic message.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 29 Mar 2023 01:24:11 +0000 (14:24 +1300)]
s4:torture: Assert that SID parsing succeeds
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 28 Mar 2023 22:27:33 +0000 (11:27 +1300)]
tests/krb5: Don't expect client claims to be missing
For this particular test, we don't care whether they're present or not.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 15 Mar 2023 22:25:57 +0000 (11:25 +1300)]
libcli/security: Add dom_sid_has_account_domain() to confirm a S-1-5-21 prefix
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 2 Mar 2023 20:17:39 +0000 (09:17 +1300)]
s4:kdc: Add utility functions for AD claims
get_claims_for_principal() is a new function that creates a claims blob
for a principal based on attributes in the database.
It's not hooked into the KDC yet, so this entails no change in
behaviour.
Constructed claims and certificate claims are not supported yet.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 30 Mar 2023 03:00:59 +0000 (16:00 +1300)]
s4:dsdb/schema: Add dsdb_attribute_by_cn_ldb_val()
This looks up a schema attribute by its CN, similar to
dsdb_class_by_cn_ldb_val().
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 15 Mar 2023 22:42:04 +0000 (11:42 +1300)]
ldb: Add ldb_val -> bool,uint64,int64 parsing functions
These functions allow us to parse any value of a message element, not
only the first. They also unambiguously indicate whether an error has
occurred.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 2 Mar 2023 20:17:39 +0000 (09:17 +1300)]
ldb: Split out ldb_val_as_dn() helper function
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Thu, 23 Mar 2023 03:13:55 +0000 (16:13 +1300)]
docs: update manpage for samba-tool
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Mar 31 08:25:11 UTC 2023 on atb-devel-224
Rob van der Linde [Thu, 23 Mar 2023 00:51:51 +0000 (13:51 +1300)]
netcmd: tests for claims client tool
Added delete protected test to known fail as Samba doesn't seem to enforce this yet.
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Mon, 20 Mar 2023 00:48:56 +0000 (13:48 +1300)]
netcmd: add claim sub-commands to samba-tool domain
Claim Type:
* samba-tool domain claim claim-type list
* samba-tool domain claim claim-type create
* samba-tool domain claim claim-type delete
* samba-tool domain claim claim-type modify
* samba-tool domain claim claim-type view
Claim Value Type:
* samba-tool domain claim value-type list
* samba-tool domain claim value-type view
To add a claim type use the attribute name, it will look up the attribute in the attribute schema and use that data type and description.
Claim types can be protected from accidental deletion just like Windows, use --protect
To delete protected claim types use --force.
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Mon, 20 Mar 2023 00:35:24 +0000 (13:35 +1300)]
sd_utils: fix typo in get_sd_as_sddl docstring
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Wed, 1 Mar 2023 01:19:15 +0000 (14:19 +1300)]
netcmd: simplify boolean check
Should use "is" for checking booleans rather than "==" in Python, however these can also be simplified.
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Fri, 31 Mar 2023 00:41:49 +0000 (13:41 +1300)]
netcmd: domain: move trust command to domain/trust.py
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Fri, 31 Mar 2023 00:37:01 +0000 (13:37 +1300)]
netcmd: domain: move tombstones command to domain/tombstones.py
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Fri, 31 Mar 2023 00:34:20 +0000 (13:34 +1300)]
netcmd: domain: move schemaupgrade command to domain/schemaupgrade.py
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Fri, 31 Mar 2023 00:30:17 +0000 (13:30 +1300)]
netcmd: domain: move samba3upgrade command to domain/samba3upgrade.py
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Fri, 31 Mar 2023 00:28:17 +0000 (13:28 +1300)]
netcmd: domain: move provision command to domain/provision.py
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Fri, 31 Mar 2023 00:18:50 +0000 (13:18 +1300)]
netcmd: domain: move paswordsettings command to domain/passwordsettings.py
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Fri, 31 Mar 2023 00:09:14 +0000 (13:09 +1300)]
netcmd: domain: move level command to domain/level.py
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Fri, 31 Mar 2023 00:05:07 +0000 (13:05 +1300)]
netcmd: domain: move leave command to domain/leave.py
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Fri, 31 Mar 2023 00:02:57 +0000 (13:02 +1300)]
netcmd: domain: move keytab command to domain/keytab.py
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Fri, 31 Mar 2023 00:00:26 +0000 (13:00 +1300)]
netcmd: domain: move join command to domain/join.py
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Thu, 30 Mar 2023 23:57:45 +0000 (12:57 +1300)]
netcmd: domain: move info command to domain/info.py
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Thu, 30 Mar 2023 23:54:49 +0000 (12:54 +1300)]
netcmd: domain: move functional_prep command to domain/functional_prep.py
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Thu, 30 Mar 2023 23:42:24 +0000 (12:42 +1300)]
netcmd: domain: move demote command to domain/demote.py
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Thu, 30 Mar 2023 23:24:33 +0000 (12:24 +1300)]
netcmd: domain: move dcpromo command to domain/dcpromo.py
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Thu, 30 Mar 2023 23:12:55 +0000 (12:12 +1300)]
netcmd: domain: move classicupgrade command to domain/classicupgrade.py
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Thu, 30 Mar 2023 22:54:58 +0000 (11:54 +1300)]
netcmd: domain: move domain_backup.py to domain/backup.py
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Thu, 30 Mar 2023 23:32:07 +0000 (12:32 +1300)]
netcmd: domain: fix unused imports
Fix existing unused imports first, before splitting the file.
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Thu, 30 Mar 2023 22:50:13 +0000 (11:50 +1300)]
netcmd: domain: turn domain.py into a module
The domain.py file has become quite large at over 5000 lines, splitting it now before adding more sub commands.
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Jeremy Allison [Thu, 30 Mar 2023 20:19:22 +0000 (13:19 -0700)]
s3: smbd: Fix dumb typos that meant smb1.SMB1-DFS-* tests were running against an SMB2-only fileserver.
Remove knownfail on SMB1-DFS-SEARCH-PATHS, as we now
pass it with the new SMB1 remove DFS paths before pathname processing
changes.
Note, we still fail:
smb1.SMB1-DFS-PATHS.smbtorture\(fileserver_smb1\)
smb1.SMB1-DFS-OPERATIONS.smbtorture\(fileserver_smb1\)
even with the new SMB1 remove DFS paths before pathname
processing as those tests test *very* specific Windows behaviors. We now
pass many more of the individual internal tests, but
in order to pass them all completely I need to add
specific --with-sambaserver checks to avoid some
of the Windows DFS SMB1 insanity (error messages).
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Mar 31 06:07:01 UTC 2023 on atb-devel-224
Jeremy Allison [Thu, 30 Mar 2023 20:01:08 +0000 (13:01 -0700)]
s3: smbd: Remove now unused dfs_filename_convert().
And all the static functions it called.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Ralph Boehme [Thu, 30 Mar 2023 14:22:31 +0000 (16:22 +0200)]
smbd: RIP DFS pathname processing in filename_convert_dirfsp_nosymlink()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Jeremy Allison [Thu, 30 Mar 2023 20:02:01 +0000 (13:02 -0700)]
s3: smbd: In smb_file_link_information() and smb_file_rename_information() the target path is never DFS.
Ensure we strip from ucs_flags before calling filename_convert_dirfsp().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Ralph Boehme [Thu, 30 Mar 2023 14:44:07 +0000 (16:44 +0200)]
smbd: use smb1_strip_dfs_path() in call_trans2findfirst()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 30 Mar 2023 14:43:58 +0000 (16:43 +0200)]
smbd: use smb1_strip_dfs_path() in reply_search()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 30 Mar 2023 14:10:31 +0000 (16:10 +0200)]
smbd: use smb1_strip_dfs_path() in call_trans2mkdir()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 30 Mar 2023 14:09:48 +0000 (16:09 +0200)]
smbd: use smb1_strip_dfs_path() in call_trans2setpathinfo()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 30 Mar 2023 14:08:53 +0000 (16:08 +0200)]
smbd: use smb1_strip_dfs_path() in smb_set_file_unix_hlink()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 30 Mar 2023 14:08:11 +0000 (16:08 +0200)]
smbd: use smb1_strip_dfs_path() in call_trans2qpathinfo()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 30 Mar 2023 14:07:05 +0000 (16:07 +0200)]
smbd: use smb1_strip_dfs_path() in call_trans2open()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 30 Mar 2023 14:06:44 +0000 (16:06 +0200)]
smbd: use smb1_strip_dfs_path() in reply_mv()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 30 Mar 2023 14:06:04 +0000 (16:06 +0200)]
smbd: use smb1_strip_dfs_path() in reply_mv()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 30 Mar 2023 14:05:04 +0000 (16:05 +0200)]
smbd: use smb1_strip_dfs_path() in reply_rmdir()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 30 Mar 2023 14:04:31 +0000 (16:04 +0200)]
smbd: use smb1_strip_dfs_path() in reply_mkdir()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 30 Mar 2023 14:04:02 +0000 (16:04 +0200)]
smbd: use smb1_strip_dfs_path() in reply_unlink()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 30 Mar 2023 14:03:30 +0000 (16:03 +0200)]
smbd: use smb1_strip_dfs_path() in reply_ctemp()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 30 Mar 2023 14:02:55 +0000 (16:02 +0200)]
smbd: use smb1_strip_dfs_path() in reply_mknew()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 30 Mar 2023 14:02:32 +0000 (16:02 +0200)]
smbd: use smb1_strip_dfs_path() in reply_open_and_X()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 30 Mar 2023 14:02:08 +0000 (16:02 +0200)]
smbd: use smb1_strip_dfs_path() in reply_open()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 30 Mar 2023 14:01:42 +0000 (16:01 +0200)]
smbd: use smb1_strip_dfs_path() in reply_setatr()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 30 Mar 2023 14:01:17 +0000 (16:01 +0200)]
smbd: use smb1_strip_dfs_path() in reply_getatr
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 30 Mar 2023 13:45:55 +0000 (15:45 +0200)]
smbd: use smb1_strip_dfs_path() in reply_checkpath()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 30 Mar 2023 13:44:59 +0000 (15:44 +0200)]
smbd: use smb1_strip_dfs_path() in reply_ntrename()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 30 Mar 2023 13:43:24 +0000 (15:43 +0200)]
smbd: use smb1_strip_dfs_path() in reply_ntrename()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 30 Mar 2023 13:42:24 +0000 (15:42 +0200)]
smbd: use smb1_strip_dfs_path() in call_nt_transact_create()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 30 Mar 2023 13:41:43 +0000 (15:41 +0200)]
smbd: use smb1_strip_dfs_path() in reply_ntcreate_and_X()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 30 Mar 2023 13:55:53 +0000 (15:55 +0200)]
s3: smbd: Add utility function smb1_strip_dfs_path().
Signed-off-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Jeremy Allison <jra@samba.org>
Jeremy Allison [Mon, 27 Mar 2023 19:24:57 +0000 (12:24 -0700)]
s3: smbd: Remove unused and commented out check_path_syntax_smb2_msdfs().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Mon, 27 Mar 2023 19:23:44 +0000 (12:23 -0700)]
s3: smbd: Remove 'is_dfs' parameter to check_path_syntax_smb2().
check_path_syntax_smb2() is now a simple wrapper around check_path_syntax().
Leave it alone for now to keep things separate when we add SMB3+POSIX parsing.
check_path_syntax_smb2_msdfs() is now no longer used.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Mon, 27 Mar 2023 19:16:32 +0000 (12:16 -0700)]
s3: smbd: Add assertion to filename_convert_dirfsp_nosymlink() that shows SMB2 is *never* dealing with a DFS path here.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Mon, 27 Mar 2023 19:01:56 +0000 (12:01 -0700)]
s3: smbd: Remove all DFS path prefixes before passing to check_path_syntax_smb2().
In smb2, smb1req->flags2 now never uses FLAGS2_DFS_PATHNAMES,
ucf_flags never has UCF_DFS_PATHNAME, and all calls to check_path_syntax_smb2()
pass "false" in this is_dfs parameter.
Remove all knownfails for smb2.SMB2-DFS* tests.
Now I can clean up check_path_syntax_smb2() and add
an assertion into filename_convert_dirfsp_nosymlink() that
UCF_DFS_PATHNAME is *NEVER* set in the ucf_flags for an
SMB2 connection.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Mon, 27 Mar 2023 17:06:03 +0000 (10:06 -0700)]
s3: smbd: Add utility function smb2_strip_dfs_path().
Removes any DFS prefix from an SMB2 name. This will
enable me to clean up the mess around SMB2 DFS path
processing, remove some knownfails and eventually
make it much easier to add SMB3+POSIX path processing
now it can ignore DFS prefixes. Original idea from
Volker.
Not yet used.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Mon, 27 Mar 2023 18:25:59 +0000 (11:25 -0700)]
s3: smbd: Change smb2_file_link_information() to use srvstr_pull_talloc()/check_path_syntax_smb2().
It now looks like all other SMB2 path processing and
we can proceed to strip the DFS prefixes from SMB2 pathnames
before further processing.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Mon, 27 Mar 2023 18:14:59 +0000 (11:14 -0700)]
s3: smbd: In smb2_file_link_information(), don't ever expect @GMT tokens in the pathname.
They're an SMB1 thing, not an SMB2 thing. It will always be (and always was) zero.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Mon, 27 Mar 2023 18:07:07 +0000 (11:07 -0700)]
s3: smbd: Duplicate smb_file_link_information() hardlink handling as smb2_file_link_information().
We're going to change the SMB2 path handling for DFS and I
really don't want to try and mix these changes into the
existing smb_file_link_information() code.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Mon, 27 Mar 2023 17:43:55 +0000 (10:43 -0700)]
s3: smbd: Cleanup. smb2_file_rename_information() can never have a @GMT path in the destination.
That's an SMB1 thing. It will always be (and always was) zero.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Mon, 27 Mar 2023 16:48:26 +0000 (09:48 -0700)]
s3: smbd: Cleanup - don't set the FLAGS2_DFS_PATHNAMES in flags2 in the glue struct if it's not a DFS server or share.
Even if the client claims it's a DFS pathname. Matches what Windows does if it gets
a DFS pathname on a non-DFS share.
Remove samba3.smbtorture_s3.smb2.SMB2-NON-DFS-SHARE.smbtorture\(fileserver\)
test knownfail.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Andrew Bartlett [Wed, 29 Mar 2023 02:01:15 +0000 (15:01 +1300)]
selftest: Add test parsing krb5 PAC claims via ndrdump
Including
* compressed claims
* plain (uncompressed) claims
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Mar 31 02:50:30 UTC 2023 on atb-devel-224
Andrew Bartlett [Wed, 29 Mar 2023 21:56:49 +0000 (10:56 +1300)]
sefltest: Extend python NDR parsing tests to compressed and uncompressed claims
This confirms that the compression is transparent and that the
values from a PAC with claims provided by MS Windows are parsed
correctly.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Thu, 16 Mar 2023 06:06:04 +0000 (19:06 +1300)]
librpc/ndr: Use libndr compression for claims
This ensures our python layer and C layer (in the KDC, when implementated)
use the same compression logic and so allows us to test the production
compression via the IDL-generated interfaces.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Tue, 28 Mar 2023 22:49:43 +0000 (11:49 +1300)]
librpc/ndr: Make ndr_push_compression_state_free() a talloc destructor
This means that the generic_mszip_free() will still be called on failure.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Tue, 28 Mar 2023 22:43:10 +0000 (11:43 +1300)]
pidl: Automatically manage creating and freeing the compression state in generated code
Manually written code will handle this differently, but for generated code
this will create and free the context.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Tue, 28 Mar 2023 05:26:13 +0000 (18:26 +1300)]
librpc/ndr: Implement lzxpress_huffman() compression in libndr for Kerberos Claims
Rather than just pick the next value we re-arrange compression values
in libndr to be memnonic to values in MS Windows ntifs.h
This helps avoid confusing developers who compare these
algorithms with local the MS Windows interface.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>