Joseph Sutton [Wed, 10 Jan 2024 22:25:53 +0000 (11:25 +1300)]
s4:scripting: Generate HRESULT definitions as part of the build process
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Joseph Sutton [Wed, 10 Jan 2024 22:23:53 +0000 (11:23 +1300)]
s4:scripting: Ensure generated error definition files are closed after use
This helps to avoid warnings like this one:
/data/samba/source4/scripting/bin/gen_hresult.py:178: ResourceWarning: unclosed file <_io.TextIOWrapper name='/data/samba/bin/default/libcli/util/hresult.c' mode='w' encoding='UTF-8'>
main()
ResourceWarning: Enable tracemalloc to get the object allocation traceback
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Joseph Sutton [Wed, 10 Jan 2024 22:20:59 +0000 (11:20 +1300)]
s4:scripting: Remove global list of errors
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Joseph Sutton [Wed, 10 Jan 2024 22:19:22 +0000 (11:19 +1300)]
s4:scripting: Use common function to parse error descriptions
The version of parseErrorDescriptions() from gen_error_common is almost
the same as the one we’ve been using. One minor difference is that
ErrorDef.error_code is now an integer rather than a string.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Joseph Sutton [Wed, 10 Jan 2024 22:14:27 +0000 (11:14 +1300)]
s4:scripting: Remove blank line
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Joseph Sutton [Wed, 10 Jan 2024 22:13:33 +0000 (11:13 +1300)]
s4:scripting: Correctly report number of parsed lines
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Joseph Sutton [Wed, 10 Jan 2024 22:12:21 +0000 (11:12 +1300)]
s4:scripting: Let error definition generation scripts tolerate empty lines
Commit
beb99b80612556bc47e72a63f89fca75839d91d4 add a similar check just
for gen_hresult.py.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Joseph Sutton [Wed, 10 Jan 2024 22:11:15 +0000 (11:11 +1300)]
s4:scripting: Initialize line number to (possibly) more appropriate value
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Joseph Sutton [Wed, 10 Jan 2024 22:10:28 +0000 (11:10 +1300)]
s4:scripting: Initialize ‘isWinError’ in constructor
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Joseph Sutton [Wed, 10 Jan 2024 04:10:21 +0000 (17:10 +1300)]
libcli:util: Update NTSTATUS definitions
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Joseph Sutton [Wed, 10 Jan 2024 04:01:51 +0000 (17:01 +1300)]
libcli:util: Update HRESULT definitions
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Joseph Sutton [Wed, 10 Jan 2024 03:55:19 +0000 (16:55 +1300)]
s4:scripting: Align integer types
Commit
a41112fcc984c19d5123e4a49a5f5fd4341e811d updated the generated
code, but not the corresponding generation script.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andreas Schneider [Mon, 8 Jan 2024 09:51:18 +0000 (10:51 +0100)]
docs: Update idmap_ad.8 that rfc2307 is the default
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Björn Jacke <bjacke@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Jan 12 14:51:56 UTC 2024 on atb-devel-224
Andreas Schneider [Tue, 9 Jan 2024 07:50:01 +0000 (08:50 +0100)]
python:gp: Print a nice message if cepces-submit can't be found
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15552
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Jan 10 09:54:34 UTC 2024 on atb-devel-224
Andreas Schneider [Mon, 8 Jan 2024 15:15:03 +0000 (16:15 +0100)]
s3:rpc_server: Mark _lsa_CreateTrustedDomainEx as NOT_IMPLMENTED
There is no PDB backend supporting this.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Jan 9 14:17:40 UTC 2024 on atb-devel-224
Andreas Schneider [Mon, 8 Jan 2024 15:13:52 +0000 (16:13 +0100)]
s3:rpc_server: Mark _lsa_CreateTrustedDomain as NOT_IMPLMENTED
There is no PDB backend which is supporting this.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Fri, 24 Nov 2023 13:42:35 +0000 (14:42 +0100)]
dcesrv_reply: just drop responses if the connection is already terminating
There's no reason to waste resources...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Jan 9 11:26:55 UTC 2024 on atb-devel-224
Stefan Metzmacher [Fri, 24 Nov 2023 13:02:02 +0000 (14:02 +0100)]
dcesrv_core: add dcesrv_call_state->subreq in order to allow tevent_req_cancel() on termination
Requests might be cancelled if the connection got disconnected,
we got an ORPHANED or CO_CANCEL pdu.
But this is all opt-in for the backends to choose.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Fri, 29 Dec 2023 09:20:02 +0000 (10:20 +0100)]
witness.idl: add flag(NDR_PAHEX) to some hex based enums
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Fri, 24 Nov 2023 15:38:06 +0000 (16:38 +0100)]
witness.idl: make some types public in order to be used elsewhere
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Samuel Cabrero [Wed, 21 Oct 2020 16:30:29 +0000 (18:30 +0200)]
witness.idl: Set cifs as auth service name for the witness interface
Windows clients use the 'cifs' service name to bind to the witness interface.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Fri, 24 Nov 2023 15:28:38 +0000 (16:28 +0100)]
tdb: fix python/tdbdump.py example
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Ralph Boehme [Sun, 28 Jan 2018 14:35:44 +0000 (15:35 +0100)]
examples/scripts: add smbXsrvdump
A simple python tool to dump smbXsrv TDB databases.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Fri, 24 Nov 2023 15:09:58 +0000 (16:09 +0100)]
smbXsrv.idl: add python bindings
This is useful for some scripting examples and debugging...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Fri, 15 Dec 2023 15:46:50 +0000 (16:46 +0100)]
smbstatus: let --json dump also session channels
This makes if easier to see how tcp connections belong
to a session or client_guid.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 28 Dec 2023 09:36:25 +0000 (10:36 +0100)]
smbstatus: let --json report the client_guid a session belongs to
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 28 Dec 2023 09:35:43 +0000 (10:35 +0100)]
smbXsrv_session: store session_global->client_guid
This is very useful for debugging...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Fri, 15 Dec 2023 15:45:54 +0000 (16:45 +0100)]
s3:sessionid: export smbXsrv_session_global via sessionid->global
This will allow smbstatus --json to dump more details.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 21 Dec 2023 12:02:43 +0000 (13:02 +0100)]
lib/util: let is_zero_addr() return true for AF_UNSPEC
It means the completely zero'ed structure is detected
as zero address, as AF_UNSPEC is 0.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Fri, 17 Nov 2023 12:36:02 +0000 (13:36 +0100)]
s3:smbd multichannel: improve smbXsrv_connection_dbg()
client_guid as well as local and remote address help a lot
for debugging...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Fri, 22 Dec 2023 20:50:57 +0000 (21:50 +0100)]
s3:smbd multichannel: let a cross-node session binding NT_STATUS_REQUEST_NOT_ACCEPTED
This is better than NT_STATUS_USER_SESSION_DELETED, as it means the
client can keep it's session alive. Otherwise a windows client believes
the whole session is gone and all other channels are invalid.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Fri, 29 Dec 2023 12:09:32 +0000 (13:09 +0100)]
s3:smbd multichannel: always allow multichannel to the ip of the queried connection
We can announce the ip of the current connection even if it's
a moveable cluster address... as the client is already connected to it.
This change means in a typical ctdb cluster, where we only have public
addresses, the client can at least have more than one multichannel'ed
connection to the public ip.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 28 Dec 2023 09:18:51 +0000 (10:18 +0100)]
libcli/security: remove PRIMARY_{USER,GROUP}_SID_INDEX defines from security.h
These and more are also defined in security_token.h, which is later included
from security.h anyway.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Fri, 22 Dec 2023 23:04:33 +0000 (00:04 +0100)]
libcli/smb: add new SMB2_SHAREFLAG_ defines in smb2_constants.h
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Ralph Boehme [Fri, 15 Dec 2023 10:59:36 +0000 (11:59 +0100)]
smbd: move access override for previous versions to the SMB layer
Doing the previous version access checks and semantics at the SMB
layer means we can simplify the shadow_copy2 and remove the kludge.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Mon Jan 8 16:58:26 UTC 2024 on atb-devel-224
Ralph Boehme [Wed, 20 Dec 2023 14:09:59 +0000 (15:09 +0100)]
smbd: check for previous versions in check_any_access_fsp()
Now that check_any_access_fsp() is broadly used consistently to
restrict access for all modifying operations, we can add a check for
previous versions to check_any_access_fsp() and it gets enforced
consistently.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Wed, 20 Dec 2023 17:01:57 +0000 (18:01 +0100)]
smbd: use check_any_access_fsp() for all access checks
Replaces the direct access to fsp->access_mask with a call to
check_any_access_fsp() which allows doing additional checks if needed.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Wed, 20 Dec 2023 17:32:25 +0000 (18:32 +0100)]
smbd: replace CHECK_WRITE() macro with calls to check_any_access_fsp()
The additional check if fd underlying fd is valid and not -1 should not be done
at this place. I actually would prefer an write to fail with EBADF if this
happens, as it's likely easier to debug why this happened. These days we should
always have a valid fd.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Wed, 20 Dec 2023 17:03:22 +0000 (18:03 +0100)]
smbd: set fsp->fsp_flags.can_write to false for access to previous-versions
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Fri, 22 Dec 2023 10:19:38 +0000 (11:19 +0100)]
smbd: return correct error when trying to create a hardlink to a VSS file
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Thu, 21 Dec 2023 09:58:09 +0000 (10:58 +0100)]
smbd: fix check_any_access_fsp() for non-fsa fsps
smbd_check_access_rights_fsp() requires *all* rights in access_mask to
be granted by the underlying ACL, but the semantics of this function
is supposed to grant access if any one of the rights in
access_requested is allowed.
Fix this by looping over the requested access mask. If
smbd_check_access_rights_fsp() returns sucess, mask will be non-null
and when assigned to access_granted, the subsequent check will pass,
fail otherwise.
I'm not doing an early exit on purpose because a subsequent commit
adds additional security checks that are done in the subsequent code
path common for fsa and non-fsa fsps.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Thu, 21 Dec 2023 09:58:09 +0000 (10:58 +0100)]
smbd: rename check_access_fsp() to check_any_access_fsp()
The semantics of the access check in check_access_fsp() itself is to
allow access if *at least* one or more rights of the rights in
access_mask are allowed. The name check_any_access_fsp() better
reflects this.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Thu, 21 Dec 2023 15:27:42 +0000 (16:27 +0100)]
smbd: set fsp_flags.is_fsa to true on printer file handles
Printer file handles went through SMB_VFS_CREATE_FILE() and are network
callable, so it makes sense to set this on them.
This ensures that check_access_fsp() doesn't take the codepath calling
smbd_check_access_rights_fsp(), but just checks the request rights from
fsp->access_mask.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Tue, 19 Dec 2023 12:06:55 +0000 (13:06 +0100)]
smbd: return the correct error in can_rename()
This is what Windows returns for this case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Fri, 15 Dec 2023 18:55:23 +0000 (19:55 +0100)]
smbtorture: expand smb2.twrp.write test
Test more modifying operations are blocked and access masks are correct.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Fri, 22 Dec 2023 09:40:39 +0000 (10:40 +0100)]
s4/libcli/raw: implemement RAW_SFILEINFO_LINK_INFORMATION
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Thu, 21 Dec 2023 18:40:21 +0000 (19:40 +0100)]
selftest: remove error_inject from shadow_write share
Frankly, I can't remember why I added this as part of bug 13688. The
goal of the corresponding test is to verify a write on a read-only
file handle fails. As the file is opened O_RDONLY, the write will fail
anyway and there's no need to inject the error.
To make things worse, having the error injected meant we didn't notice
when the underlying logic of forcing the open to be done with O_RDONLY
was done as O_RDWR, resulting in the write on the handle to succeed.
This happened when we introduced reopen_from_fsp(): the initial
pathref open of a path with a twrp value was correctly detected and
handled by shadow_copy2_openat(). However, when converting the pathref
open to a real one via reopen_from_fsp(), shadow_copy2_openat() only
sees the magic /proc/fd path and has no way of inferring that this was
originating from a prevous version open with a twrp value.
Tl;dr: we can just remove this error injection, it is not needed, the
correct fix is to implement this in the SMB layer which is done in the
subsequent commits.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Björn Jacke [Thu, 4 Jan 2024 11:55:53 +0000 (12:55 +0100)]
selftest: let list_servers.NT1 really use NT1 protocol
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Björn Jacke <bjacke@samba.org>
Autobuild-Date(master): Fri Jan 5 01:43:51 UTC 2024 on atb-devel-224
Björn Jacke [Sat, 30 Dec 2023 18:53:36 +0000 (19:53 +0100)]
vfs_worm: add connect function to cache parameters
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Björn Jacke [Sat, 30 Dec 2023 17:28:59 +0000 (18:28 +0100)]
set_process_capability: log which capability was set or failed to be set
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Shachar Sharon [Mon, 13 Nov 2023 13:47:24 +0000 (15:47 +0200)]
vfs_ceph: use extra 'ceph_*at()' calls when available
As of libcephfs version-10.0.3 the high-level API has few more '*at()'
calls. Prefer those newer hooks over path-based when having an
appropriate directory fd (namely: ceph_mkdirat, ceph_openat,
cepth_unlinkat, ceph_symlinkat, ceph_readlinkat).
Ceph commit: https://github.com/ceph/ceph/commit/
3831aa12f3067d8cc362f39f7136dd53cb946d22
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15516
Signed-off-by: Shachar Sharon <ssharon@redhat.com>
Reviewed-by: Gunther Deschner <gd@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Thu Jan 4 21:09:54 UTC 2024 on atb-devel-224
Volker Lendecke [Tue, 19 Dec 2023 14:34:50 +0000 (15:34 +0100)]
lib: Confine the copy_no_nl memcpy to debug_gpfs_log()
gpfswrap_add_trace() seems not to have a format string that could
understand the %.*s notation.
While there this removes >4k of r/w memory from every smbd.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Jan 4 17:06:19 UTC 2024 on atb-devel-224
Volker Lendecke [Tue, 19 Dec 2023 13:47:24 +0000 (14:47 +0100)]
lib: Avoid memcpy in debug_lttng_log()
tracef() understands the %.*s format.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Volker Lendecke [Tue, 19 Dec 2023 13:44:12 +0000 (14:44 +0100)]
lib: Avoid memcpy in debug_systemd_log()
sd_journal_send() understands the %.*s format.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Fri, 29 Dec 2023 15:28:37 +0000 (15:28 +0000)]
script/autobuild.py: add some --private-libraries=ALL testing
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15545
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Björn Jacke <bjacke@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Jan 4 12:45:58 UTC 2024 on atb-devel-224
Stefan Metzmacher [Fri, 29 Dec 2023 10:05:18 +0000 (10:05 +0000)]
wafsamba: fix the usage of --private-extension-exception
It was completely unused...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15545
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Björn Jacke <bjacke@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Fri, 29 Dec 2023 10:04:59 +0000 (10:04 +0000)]
wscript: use opt.PRIVATE_EXTENSION_DEFAULT('private-samba')
The problem was that we used opt.PRIVATE_EXTENSION_DEFAULT('samba4') and
libndr as private will become libndr-samba4 and that already exists as
libndr-samba4 as we don't append the extension if it's already there.
So meant with --private-libraries=ALL we hit the following problem:
$ ./configure --private-libraries=ALL
$ make smbd/smbd
Waf: Leaving directory `/samba/bin/default'
Task dependency cycle in "run_after" constraints:
{task ...: cshlib dcerpc-samba4.empty.c.12.o,ndr_winbind_c.c.229.o -> libdcerpc-samba4.so}
make: *** [Makefile:131: smbd/smbd] Error 1
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15545
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Björn Jacke <bjacke@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Fri, 29 Dec 2023 15:27:38 +0000 (15:27 +0000)]
script/autobuild.py: nonshared-test works now
I guess the problem was related to wrapper libraries...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15545
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Björn Jacke <bjacke@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Fri, 29 Dec 2023 14:32:51 +0000 (14:32 +0000)]
third_party/*_wrapper: use SAMBA_LIBRARY(force_unversioned=True)
This prevents --private-libraries=ALL from creating unuseable
wrapper libraries, as they can't work with symbol versioning.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15545
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Björn Jacke <bjacke@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Fri, 29 Dec 2023 14:32:02 +0000 (14:32 +0000)]
wafsamba: introduce SAMBA_LIBRARY(force_unversioned=False)
This can be used in order to avoid a library to be
catched by --private-libraries=ALL.
It is needed for our wrapper libraries.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15545
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Björn Jacke <bjacke@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jones Syue [Thu, 4 Jan 2024 01:42:15 +0000 (09:42 +0800)]
s3:smbd multichannel: always refresh the network information
To maintain SMB Multichannel, windows client might periodically query with
FSCTL_QUERY_NETWORK_INTERFACE_INFO to get SMB server's network information,
in my case windows server 2022 would do this every 10 minutes (600 seconds).
Consider a scenario: the network information might have changed between
these queries, some become link down, new interface is link up, network
speed is changed, and etc. So far smbd might not aware of these changes and
still report out-of-date network information to windows client, until we
manually send a SIGHUP to smbd in order to trigger load_interfaces():
smbd_sig_hup_handler() > reload_services () > load_interfaces()
This might be a bit inconvenient because it is hard to decide when should
we manually send a SIGHUP to smbd for refreshing network information.
This patch adds load_interfaces() at fsctl_network_iface_info(), while smbd
received FSCTL_QUERY_NETWORK_INTERFACE_INFO would go through this and refresh
local_interfaces, then respond to client with up-to-date network information;
also refresh num_ifaces to make sure interfaces count is consistent.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15547
Signed-off-by: Jones Syue <jonessyue@qnap.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Björn Jacke <bjacke@samba.org>
Stefan Metzmacher [Fri, 24 Nov 2023 10:51:54 +0000 (11:51 +0100)]
ctdb: add comments to "addip"/"delip" when CTDB_{CONTROL,EVENT,SRVID}_IPREALLOCATED happens
"addip"/"delip" are different from "moveip" so they don't need to
call ipreallocate() nor send_ipreallocated_control_to_nodes().
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Stefan Metzmacher [Fri, 24 Nov 2023 09:53:44 +0000 (10:53 +0100)]
ctdb: let "moveip" end with CTDB_CONTROL_IPREALLOCATED to all connected nodes
This matches the behavior of takeover_send/recv() from
ctdb_takeover_helper.c.
It means we consistently call the ipreallocated event scripts
and also send CTDB_SRVID_IPREALLOCATED after moving ips.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Stefan Metzmacher [Fri, 24 Nov 2023 09:50:16 +0000 (10:50 +0100)]
ctdb: remove unused ctdb_message_disable_ip_check()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Stefan Metzmacher [Thu, 23 Nov 2023 12:57:28 +0000 (13:57 +0100)]
ctdb: let "moveip" also use disable_takeover_runs()
That makes the behavior more consistent compared to a takeover run
started from the within ctdbd.
The behavior is the same but ctdb_message_disable_ip_check() used
a legacy code path and the next commits will also touch some
of the moveip logic...
The logic and comments are copied from control_reloadips().
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Stefan Metzmacher [Thu, 23 Nov 2023 14:04:09 +0000 (15:04 +0100)]
ctdb: send a CTDB_SRVID_IPREALLOCATED message after CTDB_EVENT_IPREALLOCATED
Event scripts run the "ipreallocated" hook in order to notice that some ip addresses
in the cluster potentially changed.
CTDB_SRVID_IPREALLOCATED gives C code a chance to get notified as well once the event
scripts are finished.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Andreas Schneider [Fri, 15 Dec 2023 07:23:25 +0000 (08:23 +0100)]
s3:utils: Fix the auth function to print correct values to the user
In order to show correct values in the password prompt displayed by
cli_credentials_get_password*(). We need to set the domain and username
in the credentials system.
The credentials supplied via the SMB URL have a higher priority than the
command line options.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15538
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Jan 4 11:26:52 UTC 2024 on atb-devel-224
Andreas Schneider [Fri, 15 Dec 2023 08:41:06 +0000 (09:41 +0100)]
s3:utils: Handle the domain before username and password
The cli_credentials_get_password*() function will interactively ask the
user for a password if none has been supplied via another ways. To show
the correct domain and username in the prompt, we need handle domain
and user first.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15538
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Volker Lendecke [Thu, 28 Dec 2023 13:38:37 +0000 (14:38 +0100)]
smbd: Fix traversing snapshot dirs that vanished in current fileset
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15544
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jan 2 20:37:01 UTC 2024 on atb-devel-224
Volker Lendecke [Thu, 28 Dec 2023 13:20:11 +0000 (14:20 +0100)]
shadow_copy: Add test for missing directory in "current" fileset
Right now we can't traverse a subdirectory in a snapshot which was
deleted in the current set of files.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15544
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Mon, 1 Jan 2024 00:03:20 +0000 (00:03 +0000)]
Happy New Year 2024!
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Björn Jacke [Mon, 25 Dec 2023 20:48:35 +0000 (21:48 +0100)]
s4/ldap_backend: do_call: use modern DBG macros
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Dec 29 13:50:05 UTC 2023 on atb-devel-224
Björn Jacke [Mon, 25 Dec 2023 20:46:47 +0000 (21:46 +0100)]
s4/ldap_backend: abandonrequest: use modern DBG macros
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Björn Jacke [Mon, 25 Dec 2023 20:45:55 +0000 (21:45 +0100)]
s4/ldap_backend: CompareRequest: use modern DBG macros
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Björn Jacke [Mon, 25 Dec 2023 20:37:29 +0000 (21:37 +0100)]
s4/ldap_backend: modifydnrequest: use modern DBG macros
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Björn Jacke [Mon, 25 Dec 2023 20:34:28 +0000 (21:34 +0100)]
s4/ldap_backend: delrequest: use modern DBG macros
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Björn Jacke [Mon, 25 Dec 2023 20:32:49 +0000 (21:32 +0100)]
s4/ldap_backend: addrequest: use modern DBG macros
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Björn Jacke [Mon, 25 Dec 2023 20:31:27 +0000 (21:31 +0100)]
s4/ldap_backend: modifyrequest: use modern DBG_ macro
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Björn Jacke [Mon, 25 Dec 2023 20:26:58 +0000 (21:26 +0100)]
s4/ldap_backend: SearchRequest: use modern DBG_ macro
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Björn Jacke [Mon, 25 Dec 2023 20:24:13 +0000 (21:24 +0100)]
s4/ldap_backend: unwilling: use modern DBG_ macro
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Björn Jacke [Mon, 25 Dec 2023 20:22:48 +0000 (21:22 +0100)]
s4/ldap_backend: encode: use modern DBG_ macro
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Björn Jacke [Mon, 25 Dec 2023 19:37:38 +0000 (20:37 +0100)]
s4/ldap_backend: change a printf %d to %u for results
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Björn Jacke [Mon, 25 Dec 2023 19:30:43 +0000 (20:30 +0100)]
s4/ldap_backend: fix a NULL dereference
Signed-off-by: Bjoern Jacke <bjacke@samba.org>>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Björn Jacke [Mon, 25 Dec 2023 18:53:30 +0000 (19:53 +0100)]
winbind_nss_netbsd: fix missing semicolon
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15541
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Björn Jacke [Mon, 25 Dec 2023 18:50:55 +0000 (19:50 +0100)]
docs-xml: use XML_CATALOG_FILES env var if defined
Thanks to Thierry LARONDE for the fix.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15540
Signed-off-by: Björn Jacke <bjacke@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Björn Jacke [Mon, 25 Dec 2023 18:49:38 +0000 (19:49 +0100)]
doc-xml: fix name of vfs_linux_xfs man page
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15542
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Joseph Sutton [Thu, 21 Dec 2023 22:04:51 +0000 (11:04 +1300)]
lib:crypto: Add tests for GKDI key derivation
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Dec 22 06:31:29 UTC 2023 on atb-devel-224
Joseph Sutton [Mon, 13 Nov 2023 04:08:58 +0000 (17:08 +1300)]
lib:crypto: Add implementation of GKDI key derivation
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 20 Dec 2023 03:39:14 +0000 (16:39 +1300)]
tests/krb5: Raise an error if root key data is the wrong length
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 20 Dec 2023 03:38:33 +0000 (16:38 +1300)]
tests/krb5: Test that root key data is the correct length in bytes
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 18 Dec 2023 20:38:27 +0000 (09:38 +1300)]
tests/krb5: Create root key just for implicit root key tests
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 18 Dec 2023 20:37:40 +0000 (09:37 +1300)]
tests/krb5: Check properties of current GKDI key
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 20 Dec 2023 01:26:00 +0000 (14:26 +1300)]
fuzz: allow max size conditional ACE round-trip failure
The encoder, being cautious not to overstep the arbitrary 10000 byte
boundary, might not encode an exactly 10000 byte condition. This
is an off-by-one, but in the safe direction.
Credit to OSS-Fuzz.
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65118
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Dec 22 00:51:13 UTC 2023 on atb-devel-224
Douglas Bagnall [Wed, 20 Dec 2023 00:40:15 +0000 (13:40 +1300)]
libcli/security: sddl conditional ACE: write -0 when asked
Credit to OSS-Fuzz.
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65122
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 20 Dec 2023 00:38:53 +0000 (13:38 +1300)]
libcli/security: rearrange conditional ACE sddl_write_int
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65122
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 20 Dec 2023 00:37:29 +0000 (13:37 +1300)]
libcli/security: tests for signed zeros in sddl condtional ACEs
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65122
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 21 Dec 2023 20:58:53 +0000 (09:58 +1300)]
librpc: Do not allow u16string to be encoded in a big‐endian context
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 20 Dec 2023 22:51:19 +0000 (11:51 +1300)]
librpc: Change type of ‘u16string’ from ‘const uint16_t *’ to ‘const unsigned char *’
A u16string is supposed to contain UTF‐16 code units, but
ndr_pull_u16string() and ndr_push_u16string() fail to correctly ensure
this on big‐endian systems. Code that relies on the u16string array
containing correct values will then fail.
Fix ndr_pull_u16string() and ndr_push_u16string() to work on big‐endian
systems, ensuring that other code can use these strings without having
to worry about first encoding them to little‐endian.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 21 Dec 2023 20:54:55 +0000 (09:54 +1300)]
librpc: Add missing spaces to error messages
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Ralph Boehme [Wed, 13 Dec 2023 06:57:46 +0000 (07:57 +0100)]
s3/lib: add log_panic_action()
Can be used to log a nice stack backtrace with full debug symbols by setting
"panic action" to something like
panic action = cd /home/slow/git/samba/master && /home/slow/git/samba/master/selftest/gdb_backtrace %d
This is similar to log_stack_trace(), but that doesn't come with debug symbols.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>