Jo Sutton [Sun, 12 May 2024 22:58:51 +0000 (10:58 +1200)]
s4:kdc: Implement KDC plugin hardware authentication policy
NOTE: This commit finally works again!
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Jo Sutton [Wed, 15 May 2024 04:28:12 +0000 (16:28 +1200)]
s4:kdc: Remove trailing whitespace
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Jo Sutton [Thu, 9 May 2024 04:57:14 +0000 (16:57 +1200)]
third_party/heimdal: Import lorikeet-heimdal-
202405090452 (commit
49c8e97b7221db53355258059ef385c856e1385f)
NOTE: THIS COMMIT WON’T COMPILE/WORK ON ITS OWN!
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Jo Sutton [Tue, 14 May 2024 01:05:31 +0000 (13:05 +1200)]
tests/krb5: Adjust tests to pass against newer Windows versions that include ticket checksums in response to AS‐REQs
A lot of these tests are going to start failing, so skip them until
we’ve implemented the corresponding behaviour for the KDC.
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Jo Sutton [Mon, 6 May 2024 00:20:44 +0000 (12:20 +1200)]
s4:kdc: Initialize local variable just in case (CID
1596759)
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Jo Sutton [Mon, 6 May 2024 00:19:18 +0000 (12:19 +1200)]
s4:kdc: Free target principal string to avoid memory leak (CID
1596760)
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Jo Sutton [Mon, 6 May 2024 00:17:20 +0000 (12:17 +1200)]
s4:kdc: Initialize pointer variable just in case (CID
1596762)
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Jo Sutton [Tue, 30 Apr 2024 05:51:18 +0000 (17:51 +1200)]
s4:dsdb: Make map containing default attribute values static
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Jo Sutton [Mon, 29 Apr 2024 05:04:11 +0000 (17:04 +1200)]
s4:dsdb: Do not set lockoutTime for trust accounts
This matches the behaviour of Windows.
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Jo Sutton [Thu, 9 May 2024 01:53:00 +0000 (13:53 +1200)]
s4:dsdb: Make use of userAccountControl helper function
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Jo Sutton [Wed, 1 May 2024 00:38:04 +0000 (12:38 +1200)]
s4:dsdb: Add userAccountControl helper function
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Jo Sutton [Thu, 9 May 2024 01:19:35 +0000 (13:19 +1200)]
s4:dsdb: Remove redundant user flags macro
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Jo Sutton [Wed, 24 Apr 2024 03:49:27 +0000 (15:49 +1200)]
s4:auth: Accept previous gMSA password for NTLM authentication five minutes after a password change
gMSA password changes are usually triggered when the DC needs to fetch
the account’s keys and notices they are out of date.
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Jo Sutton [Tue, 16 Apr 2024 04:05:55 +0000 (16:05 +1200)]
lib:crypto: Add constant denoting maximum GKDI clock skew in minutes
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Jo Sutton [Wed, 24 Apr 2024 00:32:52 +0000 (12:32 +1200)]
s4:libnet: Remove unnecessary declarations
This declaration is a hold‐over from the Python 2 module initialization
pattern.
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Jo Sutton [Wed, 24 Apr 2024 00:34:36 +0000 (12:34 +1200)]
s4:libnet: Remove trailing whitespace
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Jo Sutton [Tue, 30 Apr 2024 04:34:53 +0000 (16:34 +1200)]
tests/krb5: Add more tests for gMSAs
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Jo Sutton [Fri, 26 Apr 2024 02:53:03 +0000 (14:53 +1200)]
tests/krb5: Test viewing gMSA passwords after performing simple binds
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Jo Sutton [Fri, 26 Apr 2024 00:50:51 +0000 (12:50 +1200)]
tests/krb5: Test that computers (and, by extension, gMSAs) cannot perform interactive logons
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Jo Sutton [Tue, 30 Apr 2024 04:28:44 +0000 (16:28 +1200)]
tests/krb5: Don’t pass gMSA as ‘domain_joined_mach_creds’ parameter
We just want to test whether a gMSA can use netlogon.
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Jo Sutton [Fri, 26 Apr 2024 01:20:54 +0000 (13:20 +1200)]
tests/krb5: Test performing NTLMSSP logons at different times
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Jo Sutton [Wed, 1 May 2024 02:58:31 +0000 (14:58 +1200)]
s4:auth: Let dsdb gMSA time influence NTLM previous password allowed period
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Jo Sutton [Wed, 1 May 2024 03:00:19 +0000 (15:00 +1200)]
s4:dsdb: Let dsdb gMSA time influence pwdLastSet
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Jo Sutton [Fri, 26 Apr 2024 01:08:23 +0000 (13:08 +1200)]
tests/krb5: Test that gMSA passwords cannot be viewed over an unsealed connection
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Jo Sutton [Wed, 24 Apr 2024 05:22:45 +0000 (17:22 +1200)]
tests/krb5: Add ‘expect_success’ parameter to gensec_ntlmssp_logon()
View with ‘git show -b’.
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Jo Sutton [Wed, 24 Apr 2024 05:20:14 +0000 (17:20 +1200)]
tests/krb5: Make use of gmsa_series_for_account() method
This allows us to replace a call to
expected_current_gmsa_password_blob() with one to
expected_gmsa_password_blob(), a method which allows us to specify the
exact key we expect.
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Jo Sutton [Wed, 24 Apr 2024 05:18:09 +0000 (17:18 +1200)]
tests/krb5: Add quantized_time() method
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Jo Sutton [Wed, 24 Apr 2024 05:16:55 +0000 (17:16 +1200)]
tests/krb5: Read current time from correct SamDB
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Jo Sutton [Tue, 30 Apr 2024 02:36:07 +0000 (14:36 +1200)]
python:tests: Pass ServerPasswordSet2() parameters in correct order
‘account_name’ and ‘server_name’ are passed in the wrong order. While
Samba ignores the account name parameter and doesn’t have a problem with
it missing its trailing dollar, Windows checks it and requires the
trailing dollar to be present.
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Jo Sutton [Tue, 30 Apr 2024 02:35:13 +0000 (14:35 +1200)]
python:tests: Remove unnecessary ‘pass’ statement
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Jo Sutton [Tue, 30 Apr 2024 02:34:44 +0000 (14:34 +1200)]
python:tests: Remove unused netlogon connection parameter
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Jo Sutton [Mon, 29 Apr 2024 05:03:39 +0000 (17:03 +1200)]
s4:libcli: Add more controls to our list of known controls
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Jo Sutton [Mon, 29 Apr 2024 05:48:01 +0000 (17:48 +1200)]
s4:libcli: Fix code spelling
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Jo Sutton [Mon, 29 Apr 2024 05:02:39 +0000 (17:02 +1200)]
s4:setup: Update name of dsdb password change control
Commit
0a907c2f45c34efcac784738c9d75303b9d04d2f renamed this control to
DSDB_CONTROL_PASSWORD_CHANGE_OLD_PW_CHECKED_OID.
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Jo Sutton [Mon, 29 Apr 2024 05:02:06 +0000 (17:02 +1200)]
s4:dsdb: Fix code spelling
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Jo Sutton [Mon, 29 Apr 2024 05:01:52 +0000 (17:01 +1200)]
s4:dsdb: Remove trailing whitespace
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Jo Sutton [Tue, 14 May 2024 04:42:31 +0000 (16:42 +1200)]
lib:fuzzing: Fix undefined shift
../../lib/fuzzing/fuzz_stable_sort_r_unstable.c:47:22: runtime error: left shift of negative value -34
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Jo Sutton [Tue, 14 May 2024 04:44:11 +0000 (16:44 +1200)]
lib:fuzzing: Remove unused variable
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Jo Sutton [Mon, 6 May 2024 23:43:48 +0000 (11:43 +1200)]
auth:credentials: Check for NT hash being NULL
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Volker Lendecke [Wed, 15 May 2024 14:43:31 +0000 (16:43 +0200)]
smbd: Fix a typo in a few places
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed May 15 17:56:24 UTC 2024 on atb-devel-224
Volker Lendecke [Tue, 14 May 2024 14:20:03 +0000 (16:20 +0200)]
smbd: Modernize a few DEBUGs
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sat, 10 Feb 2024 10:15:58 +0000 (11:15 +0100)]
g_lock: Fix buffer length check in g_lock_parse()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 14 May 2024 14:30:21 +0000 (16:30 +0200)]
smbd: Simplify check_parent_access_fsp()
We don't need to explicitly call fetch_share_mode_unlocked,
get_file_infos does it for us behind the scenes
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 14 May 2024 15:01:40 +0000 (17:01 +0200)]
smbd: Remove an obsolete comment
notify_fname only sends a message to the notify daemon. There is no
potential deadlock anymore.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 13 May 2024 13:44:52 +0000 (15:44 +0200)]
smbd: Add reparse tag to smb3_posix_cc_info
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue May 14 23:29:46 UTC 2024 on atb-devel-224
Volker Lendecke [Mon, 13 May 2024 13:44:14 +0000 (15:44 +0200)]
smbd: Test reparse tag in smb3_posix_cc_info
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 13 May 2024 12:30:30 +0000 (14:30 +0200)]
smbd: Use fsctl_get_reparse_tag in fsctl_del_reparse_point
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 13 May 2024 12:28:55 +0000 (14:28 +0200)]
smbd: Use fsctl_get_reparse_tag in fsctl_set_reparse_point
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 13 May 2024 12:26:22 +0000 (14:26 +0200)]
smbd: Add fsctl_get_reparse_tag() helper function
There's a few places where we only care about the tag
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 13 May 2024 12:16:48 +0000 (14:16 +0200)]
smbd: Modernize a few DEBUGs
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 13 May 2024 09:16:21 +0000 (11:16 +0200)]
libsmb: Cap max_rdata at UINT16_MAX
The caller does not necessarily query max values for smb1 and smb2+.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 8 May 2024 14:05:40 +0000 (16:05 +0200)]
libsmb: Use the direct FSCC_FILE_ALL_INFORMATION define
(SMB_FILE_ALL_INFORMATION - 1000) looks a bit silly if you look at the
definition of SMB_FILE_ALL_INFORMATION...
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 22 Dec 2022 10:36:21 +0000 (11:36 +0100)]
smbd: Add DEBUG message got get_reparse_point
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 8 May 2024 14:03:29 +0000 (16:03 +0200)]
smbd: Return reparse tag as of MS-FSCC 2.4.6
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 8 May 2024 13:48:11 +0000 (15:48 +0200)]
smbd: Fix a DBG
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 9 May 2024 09:54:31 +0000 (11:54 +0200)]
tests: get TAG_INFORMATION
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 9 May 2024 09:59:20 +0000 (11:59 +0200)]
pylibsmb: Add py_cli_qfileinfo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 9 May 2024 10:00:00 +0000 (12:00 +0200)]
pylibsmb: Add FSCC QUERY_INFO levels
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 9 May 2024 08:37:49 +0000 (10:37 +0200)]
libsmb: Remove smb2 branch from cli_qfileinfo_basic_send
cli_qfileinfo_send now does it
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 9 May 2024 08:35:26 +0000 (10:35 +0200)]
libsmb: Add smb2 branch to cli_qfileinfo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 9 May 2024 08:34:13 +0000 (10:34 +0200)]
libsmb: Add a tevent_req_received() where appropriate
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 9 May 2024 08:12:14 +0000 (10:12 +0200)]
libsmb: Convert cli_qfileinfo to use FSCC levels
This will enable this routine to be used for SMB2 as well. The
translation table is from [MS-CIFS] 2.2.8.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 9 May 2024 08:27:48 +0000 (10:27 +0200)]
libsmb: Use SMB2_0_INFO_FILE instead of the raw "1"
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 9 May 2024 07:37:51 +0000 (09:37 +0200)]
libsmb: Use SMB2_0_INFO_SECURITY instead of the raw "3"
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 8 May 2024 12:17:34 +0000 (14:17 +0200)]
smbd: Modernize a DEBUG
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 7 May 2024 15:22:01 +0000 (17:22 +0200)]
test: Align integer types
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Pavel Filipenský [Fri, 22 Mar 2024 12:51:06 +0000 (13:51 +0100)]
s3:winbindd: Update non cache entries keys (non_centry_keys)
This change does NOT affect WHAT and HOW is cached. It only avoids
undefined behavior for "NDR" and "TRUSTDOMCACHE" when processed in
wcache_flush_cache() and wbcache_upgrade_v1_to_v2().
winbindd_cache.tdb contains two types of entries:
1) cache entries (typed as 'struct cache_entry')
- internal format is: [ntstatus; sequence_number; timeout]
2) non cache entries (keys listed in non_centry_keys)
- for "NDR" internal format is: [sequence_number; timeout]
Without this commit, "NDR" would be processed as the first type (instead
as the second type). E.g. in the stack below:
wcache_fetch_raw()
traverse_fn_cleanup()
wcache_flush_cache()
the triplet [ntstatus; sequence_number; timeout] would be initialized
from data containing only [sequence_number; timeout], leading to
mismatched values ('ntstatus' would be filled from 'sequence_number').
Anyway, current code is never calling wcache_flush_cache(), since
wcache_flush_cache() can be called only from get_cache() and get_cache()
will call it only if global/static wcache was not set yet. But wcache is
set very early in the main winbind (and all winbind children get it
after fork), sooner than any call of get_cache() can happen:
#1 init_wcache + 0x19
#2 initialize_winbindd_cache + 0x35
#3 winbindd_cache_validate_and_initialize + 0x25
#4 main + 0x806
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue May 14 21:04:57 UTC 2024 on atb-devel-224
Pavel Filipenský [Tue, 7 May 2024 11:01:02 +0000 (13:01 +0200)]
s3:winbindd: Use TDB_REPLACE in tdb_store
tdb_store() should use as a flag TDB_REPLACE instead of undocumented 0
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Earl Chew [Sat, 11 May 2024 02:46:28 +0000 (19:46 -0700)]
Restore empty string default for conf.env['icu-libs']
The reworked ICU libraries configuration code used [] as
default for conf.env['icu-libs']. This breaks dependency analysis
in samba_deps.py because SAMBA_SUBSYSTEM() expects deps to be
a string.
Signed-off-by: Earl Chew <earl_chew@yahoo.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue May 14 14:44:06 UTC 2024 on atb-devel-224
Pavel Filipenský [Mon, 13 May 2024 10:13:38 +0000 (12:13 +0200)]
python/tests: Fix nlink test in smb3unix on btrfs filesystem
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Pavel Filipensky <pfilipensky@samba.org>
Autobuild-Date(master): Tue May 14 13:37:53 UTC 2024 on atb-devel-224
Stefan Metzmacher [Sat, 11 May 2024 00:38:21 +0000 (02:38 +0200)]
lib/replace: make sure krb5_cc_default[_name]() is no longer used directly
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue May 14 11:22:28 UTC 2024 on atb-devel-224
Stefan Metzmacher [Sat, 11 May 2024 00:38:21 +0000 (02:38 +0200)]
auth/credentials_krb5: let cli_credentials_set_ccache() use smb_force_krb5_cc_default()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Sat, 11 May 2024 00:38:21 +0000 (02:38 +0200)]
auth/credentials_krb5: use system/{gssapi,kerberos}.h
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Sat, 11 May 2024 00:38:21 +0000 (02:38 +0200)]
smbspool: let kerberos_ccache_is_valid() use smb_force_krb5_cc_default_name()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Sat, 11 May 2024 00:38:21 +0000 (02:38 +0200)]
smbspool_krb5_wrapper: let kerberos_get_default_ccache() use smb_force_krb5_cc_default_name()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Sat, 11 May 2024 00:38:21 +0000 (02:38 +0200)]
smbspool_krb5_wrapper: remove unused includes
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Sat, 11 May 2024 00:38:21 +0000 (02:38 +0200)]
krb5_wrap: let smb_krb5_renew_ticket() use smb_force_krb5_cc_default_name()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Sat, 11 May 2024 00:38:21 +0000 (02:38 +0200)]
krb5_wrap: add smb_force_krb5_cc_default[_name]() wrappers
If we touch the global krb5_ccache we want to make that explicit,
so calling krb5_cc_default[_name] will result in an error during
the next patches.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Mon, 11 Mar 2024 16:46:45 +0000 (17:46 +0100)]
s3:libads: let kerberos_kinit_password_ext() require an explicit krb5 ccache
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Mon, 11 Mar 2024 16:46:45 +0000 (17:46 +0100)]
krb5_wrap: let ads_krb5_cli_get_ticket() require an explicit krb5 ccache
Reviewed-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Tue, 5 Mar 2024 16:55:14 +0000 (17:55 +0100)]
s3:libads: finally remove unused ads_connect[_user_creds]() and related code
That was a long way, but now we're cli_credentials/gensec only :-)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 7 Mar 2024 13:56:45 +0000 (14:56 +0100)]
s3:net: finally remove net_context->opt_{user_specified,user_name,password}
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 7 Mar 2024 12:50:39 +0000 (13:50 +0100)]
s3:net: remove unused net_context->smb_encrypt
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 7 Mar 2024 12:44:53 +0000 (13:44 +0100)]
s3:net: remove unused net_context->opt_kerberos
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 7 Mar 2024 12:27:06 +0000 (13:27 +0100)]
s3:include: remove unused krb5_env.h
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 7 Mar 2024 11:08:00 +0000 (12:08 +0100)]
s3:net_ads: remove unused use_in_memory_ccache()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 29 Feb 2024 13:07:05 +0000 (14:07 +0100)]
s3:net_ads: make use of ads_connect_{cldap_only,creds}() in ads_startup_int()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Mon, 11 Mar 2024 16:45:43 +0000 (17:45 +0100)]
s3:libads: let ads_krb5_set_password() require an explicit krb5 ccache to operate on
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Mon, 11 Mar 2024 16:45:43 +0000 (17:45 +0100)]
s3:libads: kerberos_set_password() don't need to kinit before ads_krb5_chg_password()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Mon, 11 Mar 2024 16:45:43 +0000 (17:45 +0100)]
s3:libads: remove unused kdc_host and time_offset arguments to kerberos_set_password()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Mon, 11 Mar 2024 16:45:43 +0000 (17:45 +0100)]
s3:libads: remove unused kdc_host and time_offset arguments to ads_krb5_chg_password()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Mon, 11 Mar 2024 16:45:43 +0000 (17:45 +0100)]
s3:libads: remove krb5_set_real_time() from ads_krb5_set_password()
Callers typically only pass in 0 anyway.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Mon, 11 Mar 2024 16:45:43 +0000 (17:45 +0100)]
s3:libads: remove unused kdc_host argument of ads_krb5_set_password()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Mon, 11 Mar 2024 16:45:43 +0000 (17:45 +0100)]
s3:net_ads: require kerberos if we use ads_krb5_set_password() in ads_user_add()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Mon, 11 Mar 2024 16:45:43 +0000 (17:45 +0100)]
s3:net_ads: use ADS_SASL_SEAL by default, so that we always get encryption
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 7 Mar 2024 13:55:09 +0000 (14:55 +0100)]
s3:net_ads: use cli_credentials_get_principal() in order to call kerberos functions
This is better than the value from cli_credentials_get_username()...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 7 Mar 2024 13:54:18 +0000 (14:54 +0100)]
s3:net: remove useless net_prompt_pass() wrapper
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 7 Mar 2024 12:43:13 +0000 (13:43 +0100)]
s3:net_rpc: make use of !c->explicit_credentials for NET_FLAGS_ANONYMOUS
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 7 Mar 2024 13:47:06 +0000 (14:47 +0100)]
s3:net: make use of c->explicit_credentials in order to check for valid credentials
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 7 Mar 2024 13:40:10 +0000 (14:40 +0100)]
s3:net: add net_context->explicit_credentials to check if credentials were passed
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>