Andrew Bartlett [Thu, 5 May 2022 03:44:05 +0000 (15:44 +1200)]
bootstrap: matplotlib is not a real Samba dep
This came in via the original list of packages used
at Catalyst when building Samba for testing, in particular
related to an example LDB module to trace LDB requests.
There is no testing need for this even in make test.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Andrew Bartlett [Fri, 6 May 2022 01:29:05 +0000 (13:29 +1200)]
bootstrap: chown the whole cloned repo, not just the subfolders
Modern git versions have started to notice the possible security issue.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Andrew Bartlett [Fri, 6 May 2022 05:53:29 +0000 (17:53 +1200)]
.gitlab-ci: Work around new git restrictions arising from CVE-2022-24765
It was realised that git would run commands found in a git repo
(eg from configuration).
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
David Mulder [Fri, 29 Apr 2022 21:21:33 +0000 (15:21 -0600)]
gpo: Add Centrify Compatible Crontab Extensions
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue May 10 20:05:48 UTC 2022 on sn-devel-184
David Mulder [Fri, 29 Apr 2022 20:40:41 +0000 (14:40 -0600)]
gpo: Test Centrify Compatible Crontab Extensions
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Mulder [Fri, 29 Apr 2022 16:29:01 +0000 (10:29 -0600)]
gpo: Add Centrify Compatible Sudoers Extension
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Mulder [Fri, 29 Apr 2022 15:14:10 +0000 (09:14 -0600)]
gpo: Test Centrify Compatible Sudoers Extension
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Pavel Filipenský [Sun, 5 Sep 2021 18:37:55 +0000 (20:37 +0200)]
winbind: send "debug traceid" from winbindd parent to child
Bumping WINBIND_INTERFACE_VERSION to 32
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue May 10 18:25:01 UTC 2022 on sn-devel-184
Pavel Filipenský [Sun, 5 Sep 2021 18:36:15 +0000 (20:36 +0200)]
winbind: enable "debug traceid" in main winbindd
Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Pavel Filipenský [Sun, 5 Sep 2021 20:18:11 +0000 (22:18 +0200)]
docs-xml: document "winbind debug traceid" in smb.conf
Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Pavel Březina [Wed, 1 Sep 2021 14:05:37 +0000 (16:05 +0200)]
s3:winbindd add "'winbind debug traceid" support via tevent tracing
Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Pavel Filipenský [Sun, 8 May 2022 19:06:13 +0000 (21:06 +0200)]
debug: add debug_traceid_set/get() interface
Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Pavel Filipenský [Sun, 8 May 2022 19:09:04 +0000 (21:09 +0200)]
debug: fix trailing whitespace
Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Pavel Filipenský [Tue, 10 May 2022 11:06:53 +0000 (13:06 +0200)]
s3:lib: reset all tevent trace callbacks in reinit_after_fork()
Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
With "tevent: add event trace api" we have now more callbacks to reset.
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Pavel Filipenský [Tue, 10 May 2022 11:06:05 +0000 (13:06 +0200)]
s3:lib: fix trailing whitespaces
Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Joseph Sutton [Thu, 5 May 2022 09:42:47 +0000 (21:42 +1200)]
python: Use 'is' for identity when comparing against None
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue May 10 06:12:10 UTC 2022 on sn-devel-184
Joseph Sutton [Thu, 5 May 2022 09:40:34 +0000 (21:40 +1200)]
kcc: Don't reuse outer loop variable for inner loop
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Joseph Sutton [Thu, 5 May 2022 09:32:13 +0000 (21:32 +1200)]
python: Remove redundant assignments
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Joseph Sutton [Thu, 5 May 2022 09:23:10 +0000 (21:23 +1200)]
source4/scripting/bin: Remove unnecessary global declarations
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Joseph Sutton [Thu, 5 May 2022 09:21:28 +0000 (21:21 +1200)]
python/wscript: Remove unused format() argument
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Joseph Sutton [Thu, 5 May 2022 09:19:34 +0000 (21:19 +1200)]
wintest: Remove unreachable return statement
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Joseph Sutton [Thu, 5 May 2022 09:18:49 +0000 (21:18 +1200)]
selftest: Remove unreachable return statement
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Joseph Sutton [Thu, 5 May 2022 09:16:17 +0000 (21:16 +1200)]
samba-tool: Don't try to delete local_tdo_handle twice.
This code is unreachable, as local_tdo_handle has already been deleted
and set to None earlier.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Joseph Sutton [Thu, 5 May 2022 09:12:05 +0000 (21:12 +1200)]
wafsamba: Fix previously unreachable exception path
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Joseph Sutton [Thu, 5 May 2022 09:11:07 +0000 (21:11 +1200)]
python: Remove unnecessary 'pass' statements
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Joseph Sutton [Thu, 5 May 2022 09:08:06 +0000 (21:08 +1200)]
samba-tool gpo: Fix unintended string concatenations
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Joseph Sutton [Thu, 5 May 2022 23:59:28 +0000 (11:59 +1200)]
samba-tool gpo tests: Fix unintended string concatenations
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Joseph Sutton [Thu, 5 May 2022 09:07:36 +0000 (21:07 +1200)]
examples: Make samr.py work with Python 3
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Joseph Sutton [Thu, 5 May 2022 09:06:46 +0000 (21:06 +1200)]
examples: Make netbios.py work with Python 3
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Joseph Sutton [Thu, 5 May 2022 09:04:48 +0000 (21:04 +1200)]
examples: Remove unused imports
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Joseph Sutton [Thu, 5 May 2022 08:42:18 +0000 (20:42 +1200)]
python/xattr: Properly process system.posix_acl_access
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Joseph Sutton [Thu, 5 May 2022 08:41:26 +0000 (20:41 +1200)]
samba-tool processes: Remove unused loop
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
John Mulligan [Mon, 25 Apr 2022 16:04:20 +0000 (12:04 -0400)]
lib/smbconf: add python wrapper functions for transaction management
The smbconf API supports transactions. This changes adds wrapper
functions transaction_start, transaction_commit, and transaction_cancel.
It also adds tests for the functions, one of which demonstrates a
semi-pythonic way to use said functions.
Signed-off-by: John Mulligan <jmulligan@redhat.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri May 6 18:14:30 UTC 2022 on sn-devel-184
John Mulligan [Mon, 25 Apr 2022 14:16:56 +0000 (10:16 -0400)]
lib/smbconf: add delete_global_parameter method to SMBConf
Add a delete_global_parameter method wrapping smbconf_delete_global_parameter.
Signed-off-by: John Mulligan <jmulligan@redhat.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
John Mulligan [Mon, 25 Apr 2022 13:59:36 +0000 (09:59 -0400)]
lib/smbconf: add delete_parameter method to SMBConf
Add a delete_parameter method wrapping smbconf_delete_parameter.
Signed-off-by: John Mulligan <jmulligan@redhat.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
John Mulligan [Sun, 24 Apr 2022 15:48:41 +0000 (11:48 -0400)]
lib/smbconf: add create_set_share method to SMBConf
Add the create_set_share method wrapping smbconf_create_set_share.
This method is one of the most complex as it must "unpack" the list
of key-value pairs from python and convert that to a `struct
smbconf_service` for the smbconfig C API.
Signed-off-by: John Mulligan <jmulligan@redhat.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
John Mulligan [Sun, 24 Apr 2022 14:25:50 +0000 (10:25 -0400)]
lib/smbconf: add delete_share method to SMBConf
Add a delete_share method wrapping smbconf_delete_share.
Signed-off-by: John Mulligan <jmulligan@redhat.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
John Mulligan [Sun, 24 Apr 2022 14:19:37 +0000 (10:19 -0400)]
lib/smbconf: add set_global_parameter method to SMBConf
Add a set_global_parameter method wrapping smbconf_set_global_parameter.
Signed-off-by: John Mulligan <jmulligan@redhat.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
John Mulligan [Sun, 24 Apr 2022 14:18:42 +0000 (10:18 -0400)]
lib/smbconf: add set_parameter method to SMBConf
Add a set_parameter method wrapping smbconf_set_parameter.
Signed-off-by: John Mulligan <jmulligan@redhat.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
John Mulligan [Sun, 24 Apr 2022 12:17:53 +0000 (08:17 -0400)]
lib/smbconf: add drop method to SMBConf
Add a drop method wrapping smbconf_drop.
Signed-off-by: John Mulligan <jmulligan@redhat.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
John Mulligan [Sun, 24 Apr 2022 12:10:36 +0000 (08:10 -0400)]
lib/smbconf: add create_share method to SMBConf
Add a create_share method wrapping smbconf_create_share.
Signed-off-by: John Mulligan <jmulligan@redhat.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
John Mulligan [Sat, 23 Apr 2022 18:42:44 +0000 (14:42 -0400)]
python/samba/tests: add test cases for s3/registry init funcs
A previous change added smbconf initialization functions that allow
access to the registry back-end. Add some simple tests cases that
exercise these new functions.
Signed-off-by: John Mulligan <jmulligan@redhat.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
John Mulligan [Sat, 23 Apr 2022 18:38:42 +0000 (14:38 -0400)]
source3/lib/smbconf: add python bindings for init functions
Add functions that allow python to access the registry back-end
initialization function as well as the "general" init function
that parses the back-end out of given string "path".
With the registry back-end it will be possible to implement and
test read-write functions of smbconf API in the future.
Signed-off-by: John Mulligan <jmulligan@redhat.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
John Mulligan [Sat, 23 Apr 2022 18:19:59 +0000 (14:19 -0400)]
lib/smbconf: add a python function for raising smbconf exceptions
The previous implementation in C was private to the module. Add
a small python wrapper function so that a different python module
may reuse the implementation.
The python level function is prefixed with "_" to mark it as
"private". Only future cooperating modules in the samba sources
should make use of it.
The function is shared at the python level as per the recommendation:
https://stackoverflow.com/a/
2136670
Signed-off-by: John Mulligan <jmulligan@redhat.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
John Mulligan [Sat, 23 Apr 2022 18:17:48 +0000 (14:17 -0400)]
lib/smbconf: move python smbconf type definition to header
Moving the definition of the type to a header file will allow
future reuse of the C-type fields in a different C-API python
module.
Signed-off-by: John Mulligan <jmulligan@redhat.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
John Mulligan [Thu, 5 May 2022 14:05:49 +0000 (10:05 -0400)]
s3/lib/smbconf: add talloc_stackframe to smbconf_init_reg
Previously, if this function was called without an existing stackframe
then uses of talloc_tos in source3/registry trigger a panic. Since we
intend to add patches that allow access to this call with Python
bindings, that will not typically have a talloc_stackframe already, we
add a talloc_stackframe call around the call to
smbconf_init_reg_internal. This hides the use of talloc_tos in the
registry code from higher level code that needs to call smbconf.
Signed-off-by: John Mulligan <jmulligan@redhat.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
John Mulligan [Wed, 4 May 2022 14:57:49 +0000 (10:57 -0400)]
s3/lib/smbconf: replace uses of talloc_tos with talloc_stackframe
There are two calls to talloc_tos in the smbconf registry code.
In order not to make callers of this library have to "know" what
calls need an existing talloc stackframe, convert these uses
to match other functions in the same file that already use
talloc_stackframe.
Signed-off-by: John Mulligan <jmulligan@redhat.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Douglas Bagnall [Thu, 5 May 2022 04:21:45 +0000 (16:21 +1200)]
python/gp_cert_auto_enroll: removed unused imports
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: David Mulder <dmulder@suse.com>
Autobuild-User(master): David Mulder <dmulder@samba.org>
Autobuild-Date(master): Thu May 5 14:39:50 UTC 2022 on sn-devel-184
Douglas Bagnall [Thu, 5 May 2022 04:35:18 +0000 (16:35 +1200)]
py/gp_cert_auto_enroll_ext: avoid redundant iteration
self.__read_cep_data() does a 'for end_point_group in end_point_information:',
and we don't need to do it outside
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: David Mulder <dmulder@suse.com>
Douglas Bagnall [Thu, 5 May 2022 04:33:34 +0000 (16:33 +1200)]
py/gp_cert_auto_enroll_ext: avoid shadowing loop variable
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: David Mulder <dmulder@suse.com>
Andreas Schneider [Fri, 22 Apr 2022 13:34:09 +0000 (15:34 +0200)]
s3:tests: Reformat test_forceuser_validusers.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu May 5 11:53:51 UTC 2022 on sn-devel-184
Andreas Schneider [Fri, 22 Apr 2022 13:34:09 +0000 (15:34 +0200)]
s3:tests: Reformat test_force_user_unlink.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Fri, 22 Apr 2022 13:34:09 +0000 (15:34 +0200)]
s3:tests: Reformat test_force_group_change.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Fri, 22 Apr 2022 13:34:09 +0000 (15:34 +0200)]
s3:tests: Reformat test_force_create_mode.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Fri, 22 Apr 2022 13:34:08 +0000 (15:34 +0200)]
s3:tests: Reformat test_force_close_share.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Fri, 22 Apr 2022 13:34:08 +0000 (15:34 +0200)]
s3:tests: Reformat test_fifo.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Fri, 22 Apr 2022 13:34:08 +0000 (15:34 +0200)]
s3:tests: Reformat test_failure.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Fri, 22 Apr 2022 13:34:08 +0000 (15:34 +0200)]
s3:tests: Reformat test_durable_handle_reconnect.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu May 5 03:42:13 UTC 2022 on sn-devel-184
Andreas Schneider [Fri, 22 Apr 2022 13:34:08 +0000 (15:34 +0200)]
s3:tests: Reformat test_dropbox.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Fri, 22 Apr 2022 13:34:08 +0000 (15:34 +0200)]
s3:tests: Reformat test_dfree_quota.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Fri, 22 Apr 2022 13:34:08 +0000 (15:34 +0200)]
s3:tests: Reformat test_dfree_command.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Fri, 22 Apr 2022 13:34:08 +0000 (15:34 +0200)]
s3:tests: Reformat test_delete_veto_files_only_rmdir.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Thu, 31 Mar 2022 08:22:08 +0000 (21:22 +1300)]
dsdb: Do not reuse "ret" variable as return code and for memcmp() comparison
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu May 5 01:19:54 UTC 2022 on sn-devel-184
Joseph Sutton [Mon, 11 Apr 2022 03:43:00 +0000 (15:43 +1200)]
tests/krb5: Allow passing expected etypes to get_keys()
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 11 Apr 2022 04:43:42 +0000 (16:43 +1200)]
tests/passwords: Add tests for password history with simple binds
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 11 Apr 2022 04:37:10 +0000 (16:37 +1200)]
tests/passwords: Remove unused imports
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Thu, 31 Mar 2022 08:16:03 +0000 (21:16 +1300)]
selftest: Run some tests in the ad_dc_no_ntlm environment to show expected behaviour
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Andrew Bartlett [Thu, 31 Mar 2022 09:45:40 +0000 (22:45 +1300)]
selftest: Rework password_lockout_base.py to allow logon_basics test to be run in ad_dc_no_ntlm
We need to ensure that even if NTLM is disabled, that the test
can still bootstrap and fail normally.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Joseph Sutton [Sun, 10 Apr 2022 23:50:53 +0000 (11:50 +1200)]
samba-tool user: Consistently return a tuple
We would get an error when get_userPassword_hash() returned None, as
get_virtual_crypt_value() would try to unpack the result as a 2-element
tuple.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Sun, 10 Apr 2022 23:50:25 +0000 (11:50 +1200)]
samba-tool user: Remove unused imports
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 11 Apr 2022 01:15:23 +0000 (13:15 +1200)]
samba-tool tests: Remove unused variable
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Thu, 31 Mar 2022 23:06:45 +0000 (12:06 +1300)]
dsdb: Clarify that most errors in make_error_and_update_badPwdCount() are not returned
This is mainly just to be clear, and was done while failing to work around compiler
warnings.
For the curious it was gcc version 4.8.5
20150623 (Red Hat 4.8.5-44) (CentOS 7)
build with -O3, which gave with other, later patches:
../../source4/dsdb/samdb/ldb_modules/password_hash.c: In function ‘check_password_restrictions_and_log’:
../../source4/dsdb/samdb/ldb_modules/password_hash.c:3231:5: error: assuming signed overflow does not occur when simplifying conditional to constant [-Werror=strict-overflow]
if (ret == LDB_SUCCESS) {
^
Regardless, we make it clear that all values assigned to "ret" are
local small constants.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
David Mulder [Tue, 12 Apr 2022 18:50:25 +0000 (12:50 -0600)]
gpo: Add Cert Auto Enroll Advanced Config
Advanced configuration for Certifcate Auto
Enrollment is stored on the sysvol, and needs
to be parsed/used when provided.
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue May 3 21:48:57 UTC 2022 on sn-devel-184
David Mulder [Tue, 12 Apr 2022 18:27:41 +0000 (12:27 -0600)]
gpo: Test Cert Auto Enroll Advanced Config
Adds advanced configuration to the testing of
certificate auto enrollment. Currently fails.
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Mulder [Tue, 12 Apr 2022 16:29:39 +0000 (10:29 -0600)]
gpo: Generalize Cert Auto Enroll CA data
This will simplify fetching CAs from the
Registry.pol in a follow up commit.
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Mulder [Tue, 12 Apr 2022 16:25:51 +0000 (10:25 -0600)]
gpo: Fix crash in Cert Auth Enroll RSOP
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Mulder [Mon, 11 Apr 2022 20:26:50 +0000 (14:26 -0600)]
gpo: Certificate Auto Enroll correctly check templates
[MS-CAESO] 4.4.5.3.2.4 and 4.4.5.3.2.4.2 explain
to fetch templates via cep, then to gather attrs
for the templates after. This code was reversed.
This will matter when implementing advanced
endpoint configuration.
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Mulder [Fri, 8 Apr 2022 19:42:55 +0000 (13:42 -0600)]
gpo: Correct CA Initilization to obey [MS-CAESO]
fetch_certification_authorities() did not
correctly obey the [MS-CAESO] spec.
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Martin Schwenke [Mon, 28 Feb 2022 04:44:59 +0000 (15:44 +1100)]
ctdb-tests: Add backtrace on abort to some tests
These are easier to debug with a backtrace.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Tue May 3 10:13:23 UTC 2022 on sn-devel-184
Martin Schwenke [Wed, 5 Jan 2022 02:45:33 +0000 (13:45 +1100)]
ctdb-tests: Provide a method to dump the stack on abort
Some tests make generous use of assert() and it can be difficult to
guess the cause of failures without resorting to GDB. This provides
some help.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Mon, 2 May 2022 04:25:42 +0000 (14:25 +1000)]
build: Add missing ctdb-client dependencies
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Sun, 6 Feb 2022 22:37:14 +0000 (09:37 +1100)]
ctdb-build: Drop unnecessary uses of include/ sub-directory
None of these include any files from the include/ sub-directory.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Mon, 28 Feb 2022 04:44:04 +0000 (15:44 +1100)]
ctdb-tests: Use test_case() to help document test cases
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Fri, 21 Jan 2022 01:14:05 +0000 (12:14 +1100)]
ctdb-locking: Don't pass NULL to tevent_req_is_unix_error()
If there is an error then this pointer is unconditionally
dereferenced.
However, the only possible error appears to be ENOMEM, where a crash
caused by dereferencing a NULL pointer isn't a terrible outcome. In
the absence of a security issue this is probably not worth
backporting.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Fri, 21 Jan 2022 01:09:45 +0000 (12:09 +1100)]
ctdb-mutex: Don't pass NULL to tevent_req_is_unix_error()
If there is an error then this pointer is unconditionally
dereferenced.
However, the only possible error appears to be ENOMEM, where a crash
caused by dereferencing a NULL pointer isn't a terrible outcome. In
the absence of a security issue this is probably not worth
backporting.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Andreas Schneider [Fri, 22 Apr 2022 13:34:08 +0000 (15:34 +0200)]
s3:tests: Reformat test_deadtime.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue May 3 00:10:53 UTC 2022 on sn-devel-184
Andreas Schneider [Fri, 22 Apr 2022 13:34:08 +0000 (15:34 +0200)]
s3:tests: Reformat test_close_denied_share.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Fri, 22 Apr 2022 13:34:08 +0000 (15:34 +0200)]
s3:tests: Reformat test_chdir_cache.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Fri, 22 Apr 2022 13:34:08 +0000 (15:34 +0200)]
s3:tests: Reformat test_async_req.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Fri, 22 Apr 2022 13:34:08 +0000 (15:34 +0200)]
s3:tests: Reformat test_aio_outstanding.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Fri, 22 Apr 2022 13:34:08 +0000 (15:34 +0200)]
s3:tests: Reformat test_acl_xattr.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Fri, 22 Apr 2022 13:34:08 +0000 (15:34 +0200)]
s3:tests: Reformat printing_var_exp_lpr_cmd.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Fri, 22 Apr 2022 13:34:08 +0000 (15:34 +0200)]
s3:tests: Reformat dlopen.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Tue, 12 Apr 2022 00:23:54 +0000 (12:23 +1200)]
docs: Explain the impact of "ntlm auth = disabled" on simple bind forwarding
An RODC will forward an LDAP Simple bind, just like any other authentication,
when the password is not present locally.
If the full DC does not support NTLMv2 authentication this forwarded password
will be rejected. A future Samba version should prefer Kerberos or send the
plaintext, but we can not change the MS Windows behaviour, so we document this.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Tue, 26 Apr 2022 08:38:15 +0000 (10:38 +0200)]
libcli/smb: allow SMB2 Negotiate responses with security_offset = 0 and security_length = 0
This fixes connections against the Azure SMB3 server.
It's not possible to demonstrate the bug with a test and a knownfail
entry, because it fails to even startup the test environments,
but the following change to our server demonstrates the problem
and shows the fix works:
diff --git a/source3/smbd/smb2_negprot.c b/source3/smbd/smb2_negprot.c
index
da567951c0bf..
25fdaea2df7b 100644
--- a/source3/smbd/smb2_negprot.c
+++ b/source3/smbd/smb2_negprot.c
@@ -711,6 +711,8 @@ NTSTATUS smbd_smb2_request_process_negprot(struct smbd_smb2_request *req)
}
}
+ security_buffer = data_blob_null;
+
if (out_negotiate_context_blob.length != 0) {
static const uint8_t zeros[8];
size_t pad = 0;
@@ -759,6 +761,8 @@ NTSTATUS smbd_smb2_request_process_negprot(struct smbd_smb2_request *req)
return smbd_smb2_request_error(req, NT_STATUS_NO_MEMORY);
}
+ security_offset = 0;
+
SSVAL(outbody.data, 0x00, 0x40 + 1); /* struct size */
SSVAL(outbody.data, 0x02,
security_mode); /* security mode */
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15050
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon May 2 20:13:10 UTC 2022 on sn-devel-184
Stefan Metzmacher [Thu, 28 Apr 2022 14:08:42 +0000 (16:08 +0200)]
lib/util: data_blob_append() should not fail if both parts have length=0
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15050
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Thu, 28 Apr 2022 14:08:28 +0000 (16:08 +0200)]
lib/util: add tests for data_blob_append() with the resulting blob length=0
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15050
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Joseph Sutton [Tue, 15 Feb 2022 23:10:19 +0000 (12:10 +1300)]
s4/dsdb/repl_meta_data: Receive function arguments in correct order
The incorrect ordering was introduced in commit
b9c5417b523c4c53cb275c12ec84bbc849705bec.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15007
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
Joseph Sutton [Mon, 28 Mar 2022 21:03:55 +0000 (10:03 +1300)]
rpc_server/lsa: Match Windows security descriptor
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Mon, 2 May 2022 14:29:49 +0000 (16:29 +0200)]
smbd: optimize and streamline smbd_smb2_close()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>