Anoop C S [Thu, 21 Mar 2024 11:19:04 +0000 (16:49 +0530)]
vfs_ceph: Implement SMB_VFS_FGET_DOS_ATTRIBUTES to preserve create_time
In order to avoid the dependency on dos attribute for create_time we now
preserve the btime before parsing dos attribute which may update btime
from its value with an old one unless we explicitly reset dos attribute
with new create_time in SMB_VFS_FNTIMES implementation. Therefore have
an implementation for SMB_VFS_FGET_DOS_ATTRIBUTES to save and restore
updated create_time.
Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Anoop C S [Fri, 22 Mar 2024 06:08:08 +0000 (11:38 +0530)]
source3/smbd: Update timestamps after a successful SMB_VFS_FNTIMES
When an open file handle is used to change timestamps we fail to return
updated values to clients until next open is issued. Unless we fill in
the timestamps subsequent calls like GETINFO cannot see the latest value
causing incorrect results. Therefore copy those timestamp values as soon
as it is set on the backend.
Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Tue, 27 Feb 2024 14:39:30 +0000 (15:39 +0100)]
lib: Use struct initialization in imessaging_client_init()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Mar 28 09:13:43 UTC 2024 on atb-devel-224
Volker Lendecke [Tue, 27 Feb 2024 14:39:16 +0000 (15:39 +0100)]
lib: Fix whitespace
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Volker Lendecke [Wed, 21 Feb 2024 09:55:55 +0000 (10:55 +0100)]
lib: Fix dbwrap_tdb.h prerequisites
It uses enum dbwrap_lock_order, so include dbwrap.h
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Volker Lendecke [Tue, 20 Feb 2024 12:04:28 +0000 (13:04 +0100)]
lib: Give tallocmsg.c its own header
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Volker Lendecke [Wed, 28 Feb 2024 15:45:57 +0000 (16:45 +0100)]
lib: Fix whitespace
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Volker Lendecke [Sat, 10 Feb 2024 13:27:38 +0000 (14:27 +0100)]
smbd: Remove an outdated comment
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Volker Lendecke [Sun, 4 Feb 2024 17:07:19 +0000 (18:07 +0100)]
smbd: Remove struct open_symlink_err
This was just a wrapper for a single pointer, remove it
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Volker Lendecke [Sun, 4 Feb 2024 16:42:28 +0000 (17:42 +0100)]
smbd: Remove "unparsed" from struct open_symlink_err
We have the reserved field unparsed_path_length as part of struct
symlink_reparse_struct.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Volker Lendecke [Sun, 4 Feb 2024 16:27:50 +0000 (17:27 +0100)]
smbd: Remove "st" from struct open_symlink_err
Since
c96010a2a9f nobody reads it anymore
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Volker Lendecke [Sun, 4 Feb 2024 17:50:47 +0000 (18:50 +0100)]
smbd: Fix returning symlink stat info in the NO_OPATH case
Our callers don't look at symlink_err's struct stat anymore, they look
at the fname's one since we return them properly even for symlinks. So
don't bother filling in symlink_err->st, nobody reads it anyways.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Volker Lendecke [Sun, 4 Feb 2024 15:07:22 +0000 (16:07 +0100)]
smbd: Make read_symlink_reparse() return a reparse_data_buffer
Will make generalized handling of reparse point error returns easier
once we will also allow creating symlink reparse point files over smb.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Volker Lendecke [Sun, 4 Feb 2024 10:10:18 +0000 (11:10 +0100)]
smbd: Simplify users of fsp_fullbasepath()
All three users had to strip a trailing "/.". Centralize this.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Andrew Bartlett [Wed, 20 Mar 2024 01:56:47 +0000 (14:56 +1300)]
python/samba/tests/krb5: Extend PKINIT tests to cover UF_SMARTCARD_REQUIRED
This in particular tests the returned NTLM password buffers as well as
the password rotation on expired accounts described at
https://learn.microsoft.com/en-us/windows-server/security/credentials-protection-and-management/whats-new-in-credential-protection
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Mar 28 02:53:53 UTC 2024 on atb-devel-224
Andrew Bartlett [Tue, 26 Mar 2024 01:29:49 +0000 (14:29 +1300)]
python/tests/krb5: Prepare to allow tests that use the PAC returned NT hash
We want to use the PAC returned NT hash in the UF_SMARTCARD_REQUIRED case
as it will usually be random bytes so we can not just assert on the
value any more.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
Andrew Bartlett [Tue, 26 Mar 2024 01:42:20 +0000 (14:42 +1300)]
python/tests/krb5: Allow getting a TGT in pkinit tests
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
Andrew Bartlett [Tue, 19 Mar 2024 01:37:24 +0000 (14:37 +1300)]
python/tests/krb5: Prepare for PKINIT tests with UF_SMARTCARD_REQUIRED
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
Jo Sutton [Thu, 21 Mar 2024 23:58:19 +0000 (12:58 +1300)]
tests/krb5: Fix PK-INIT test framework to allow expired password keys
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Wed, 13 Mar 2024 23:01:54 +0000 (12:01 +1300)]
python/samba/krb5: Allow client address (caddr) to be missing or empty
Currently (as of 2024-02) windows 21H2 returns this as [].
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
Andrew Bartlett [Wed, 20 Mar 2024 01:42:31 +0000 (14:42 +1300)]
auth/credentials: Remove use of pytalloc_get_type() of NDR types in pycredentials
This function is based on a flawed premise that the
pointer is a talloc context, but the second element
in an array and any element in a structure is not a
talloc context.
The type has already been checked above.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
Rob van der Linde [Mon, 25 Mar 2024 00:46:47 +0000 (13:46 +1300)]
netcmd: docs: update documentation for new auth policy command structure
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Wed, 20 Mar 2024 21:24:12 +0000 (10:24 +1300)]
netcmd: auth policy: remove old service-allowed-to-authenticate-from-silo and group
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Wed, 20 Mar 2024 20:58:02 +0000 (09:58 +1300)]
netcmd: auth policy: add service-allowed-to-authenticate-from subcommands
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Wed, 20 Mar 2024 20:48:25 +0000 (09:48 +1300)]
netcmd: auth policy: remove old user-allowed-to-authenticate-from-silo and group
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Wed, 20 Mar 2024 20:04:37 +0000 (09:04 +1300)]
netcmd: auth policy: add user-allowed-to-authenticate-from subcommands
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Wed, 20 Mar 2024 11:10:11 +0000 (00:10 +1300)]
netcmd: auth policy: remove old service-allowed-to-authenticate-to-silo and group
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Wed, 20 Mar 2024 10:44:28 +0000 (23:44 +1300)]
netcmd: auth policy: add service-allowed-to-authenticate-to subcommands
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Wed, 20 Mar 2024 10:29:12 +0000 (23:29 +1300)]
netcmd: auth policy: remove old user-allowed-to-authenticate-to-silo and group
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Wed, 20 Mar 2024 09:56:18 +0000 (22:56 +1300)]
netcmd: auth policy: add user-allowed-to-authenticate-to subcommands
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Wed, 20 Mar 2024 09:31:48 +0000 (22:31 +1300)]
netcmd: auth policy: remove old computer-allowed-to-authenticate-to-silo and group
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Wed, 20 Mar 2024 06:40:34 +0000 (19:40 +1300)]
netcmd: auth policy: add computer-allowed-to-authenticate-to subcommands
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Wed, 20 Mar 2024 06:20:06 +0000 (19:20 +1300)]
netcmd: auth policy: extract policy base commands into policy.py
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Wed, 20 Mar 2024 05:54:12 +0000 (18:54 +1300)]
netcmd: auth policy: turn policy.py into module
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Wed, 20 Mar 2024 06:14:32 +0000 (19:14 +1300)]
netcmd: auth silo: extract silo base commands into silo.py
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Wed, 20 Mar 2024 06:02:50 +0000 (19:02 +1300)]
netcmd: auth silo: move silo_member.py into silo module
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Wed, 20 Mar 2024 05:55:46 +0000 (18:55 +1300)]
netcmd: auth silo: turn silo.py into module
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Sun, 24 Mar 2024 23:51:22 +0000 (12:51 +1300)]
netcmd: docs: add section headings for auth policies and silos
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Mon, 25 Mar 2024 00:10:52 +0000 (13:10 +1300)]
netcmd: docs: consistently put <constant> around GROUP and SILO
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Mon, 25 Mar 2024 00:33:38 +0000 (13:33 +1300)]
netcmd: docs: --user-allowed-to-authenticate-from-device-group was missing
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Mon, 25 Mar 2024 00:29:43 +0000 (13:29 +1300)]
netcmd: docs: --user-allowed-to-authenticate-from-device-silo missing "device"
Make it consistent with --service-allowed-to-authenticate-from-device-silo by adding =SILO
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Mon, 25 Mar 2024 05:26:57 +0000 (18:26 +1300)]
netcmd: docs: add documentation for service-account group-msa-membership commands
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Mon, 25 Mar 2024 05:07:02 +0000 (18:07 +1300)]
netcmd: docs: add documentation for service-account base command
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Tue, 26 Mar 2024 21:11:26 +0000 (10:11 +1300)]
netcmd: gmsa: improve descriptions of --dns-host-name and match docs
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Thu, 21 Mar 2024 22:54:39 +0000 (11:54 +1300)]
python: domain: models: add OrganizationalUnit container model
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Thu, 21 Mar 2024 22:33:17 +0000 (11:33 +1300)]
python: domain: models: move OrganizationalPerson to org.py
There are other models like OrganizationalUnit which can go in org.py better if this is done first
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Thu, 21 Mar 2024 22:02:50 +0000 (11:02 +1300)]
python: domain: models: move MODELS to registry.py because it's not really a constant
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Mon, 25 Mar 2024 19:29:24 +0000 (08:29 +1300)]
python: domain: models: MODELS lookup does need to include base Model for shell command
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Mon, 25 Mar 2024 19:24:53 +0000 (08:24 +1300)]
python: domain: models: add children method to return a models direct children
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Mon, 25 Mar 2024 10:02:30 +0000 (23:02 +1300)]
python: tests: write a test for the Model.as_dict method
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Mon, 25 Mar 2024 09:04:19 +0000 (22:04 +1300)]
python: tests: computer model tests should clean up
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Sun, 24 Mar 2024 10:36:22 +0000 (23:36 +1300)]
python: domain: models: as_dict() should also exclude empty list fields
Empty list fields happen if many=True is used on the field. This means that the field is automatically initialised as an empty list, so this can only ever be sa list or None.
The side-effect of this was that it appears in as_dict() when it shouldn't, because the field isn't populated. This fixes it.
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Fri, 22 Mar 2024 03:58:40 +0000 (16:58 +1300)]
s4-dsdb: Create KdfParameters at runtime
While this is by definition less efficient, I prefer not to have the magic
buffer of pre-caclulated bytes, we don't create Root Keys very often.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Fri, 22 Mar 2024 03:43:38 +0000 (16:43 +1300)]
s4-dsdb: Indent DH parameters table in gkdi_create_root_key()
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Fri, 22 Mar 2024 01:08:22 +0000 (14:08 +1300)]
s4-dsdb: Populate new GKDI root keys from the server configuration object
This honours MS-GKDI 3.1.4.1.1 Creating a New Root Key
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Sun, 24 Mar 2024 23:44:29 +0000 (12:44 +1300)]
pyldb: Improve search for error string in PyErr_SetLdbError
We allow a fallback to ldb_strerror() even if there was an LDB context,
allowing failing functions to reset a previous error string but not
set a new one.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Mon, 25 Mar 2024 21:28:38 +0000 (10:28 +1300)]
dsdb: Add API tests for new_gkdi_root_key()
These show that the new root key should be based on the server
configuration object, not just hardcoded defaults.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Sun, 24 Mar 2024 23:36:35 +0000 (12:36 +1300)]
pyldb: Consolidate PyErr_SetLdbError() using the pyldb version
Now that pyldb-util is a private library to Samba, we have no excuses not to
consolidate helper functions like this.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Mon, 25 Mar 2024 09:33:02 +0000 (22:33 +1300)]
plydb: Keep talloc_reference() to the DN in PyDict_AsMessage
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Mon, 25 Mar 2024 09:30:29 +0000 (22:30 +1300)]
pyldb: Fix documentation comment on Message.from_dict() method
This method does not take keyword arguments.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Anoop C S [Wed, 27 Mar 2024 05:15:08 +0000 (10:45 +0530)]
s4/torture: Fix misplaced positional arguments for u64 comparison
torture_assert_u64_equal_goto() can only print meaningful error message
for incorrect values if only if the function is invoked with test run
value and expected value respectively as second and thrid arguments.
Otherwise it displays the reversed message causing confusion in overall
test results.
Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Wed Mar 27 13:00:29 UTC 2024 on atb-devel-224
Björn Jacke [Wed, 24 Jan 2024 23:46:38 +0000 (00:46 +0100)]
Revert "token_util.c: prefer capabilities over become_root"
This reverts commit
944cb51506a94084d7ab52ee044fe6f66e1aaeb9.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15583
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Mar 27 10:47:23 UTC 2024 on atb-devel-224
Björn Jacke [Mon, 25 Mar 2024 16:04:45 +0000 (17:04 +0100)]
Revert "dosmode.c: prefer use of capabilities at two places over become_root"
This reverts commit
c1e2fbb1b9a7551becf5caa0f08d434edf9ad862.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15583
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Björn Jacke [Mon, 25 Mar 2024 16:04:23 +0000 (17:04 +0100)]
Revert "nfs4_acls.c: prefer capabilities over become_root"
This reverts commit
06e5c1e32ea7907523cc19f021225e7541e2075f.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15583
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Björn Jacke [Mon, 25 Mar 2024 16:04:17 +0000 (17:04 +0100)]
Revert "vfs_acl_common.c: prefer capabilities over become_root"
This reverts commit
12734848dc9901b932644139aaa7e3f78e55c8dc.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15583
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Björn Jacke [Mon, 25 Mar 2024 16:03:57 +0000 (17:03 +0100)]
Revert "vfs_default.c: prefer capabilities over become_root"
This reverts commit
62464bd2db2a95b1253364f4493bbb6770b73193.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15583
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Björn Jacke [Mon, 25 Mar 2024 16:03:50 +0000 (17:03 +0100)]
Revert "vfs_posix_eadb.c: prefer capabilities over become_root"
This reverts commit
92278418dc885ed411f545e73c800ce93f858090.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15583
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Björn Jacke [Mon, 25 Mar 2024 16:03:44 +0000 (17:03 +0100)]
Revert "vfs_recycle.c: prefer capabilities over become_root"
This reverts commit
4227b011f6ada97a4cd72a440ed887ffdb3f219e.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15583
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Björn Jacke [Mon, 25 Mar 2024 16:03:35 +0000 (17:03 +0100)]
Revert "open.c: prefer capabilities over become_root"
This reverts commit
b250f25fe407f9a6269b804382de4854501f2d86.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15583
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Björn Jacke [Mon, 25 Mar 2024 16:03:28 +0000 (17:03 +0100)]
Revert "posix_acls.c: prefer capabilities over become_root"
This reverts commit
1edf9ecaf56f3312e199e633bff0804243042e33.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15583
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Björn Jacke [Mon, 25 Mar 2024 16:03:14 +0000 (17:03 +0100)]
Revert "dosmode: prefer capabilities over become_root"
This reverts commit
5e925f9755fad180863861157aa7548d83dd3fde.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15583
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
David Mulder [Mon, 11 Mar 2024 13:36:58 +0000 (07:36 -0600)]
winbind: Log NOT_IMPLEMENTED as debug
This message happens frequently when running a
PDC/NT4 mode w/out winbind.
Signed-off-by: David Mulder <dmulder@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Mar 27 02:15:31 UTC 2024 on atb-devel-224
Noel Power [Mon, 25 Mar 2024 19:44:10 +0000 (19:44 +0000)]
libcli/http: Handle http chunked transfer encoding
Also removes the knownfail for the chunked transfer test
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15611
Noel Power [Thu, 23 Sep 2021 11:18:22 +0000 (12:18 +0100)]
tests: add test for chunked encoding with http cli library
Adds http test client to excercise the http client library
and a blackbox test to run the client. This client is built
only with selftest
also adds a knownfail for the test
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15611
Noel Power [Fri, 22 Mar 2024 08:55:49 +0000 (08:55 +0000)]
libcli/http: Optimise reading for content-length
Instead of reading byte-by-byte we know the content length we
want to read so lets use it.
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15611
Noel Power [Mon, 25 Mar 2024 16:25:55 +0000 (16:25 +0000)]
selftest: Add basic content-lenght http tests
very simple test of basic http request/response plus some checks to
ensure http response doesn't exceed the response max length set by
the client call.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15611
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Noel Power [Mon, 25 Mar 2024 19:21:54 +0000 (19:21 +0000)]
Add simple http_client for use in black box tests (in following commits)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15611
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Fri, 22 Mar 2024 19:27:41 +0000 (08:27 +1300)]
ndr: always attempt ACE coda pull if ACE type suggests a coda
We were skipping the pull in cases where the coda size was calculated
to be zero. This has the right result for empty conditional ACEs, but
not for Resource Attribute ACEs where the
CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1 coda was not intialised.
The situation is made a bit worse, because the function that
calculates the coda size (ndr_subcontext_size_of_ace_coda()) can
return zero in conditions that are not exactly errors, but in which
the would-be calculated value makes so little sense that zero is
thought to be a safer default.
Credit to OSS-Fuzz.
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=66577
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15613
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Mar 25 06:00:21 UTC 2024 on atb-devel-224
Volker Lendecke [Wed, 13 Mar 2024 15:19:48 +0000 (16:19 +0100)]
lib: Remove timeval_set()
We have the same function in tevent, no need to duplicate code. More lines just
due to clang-format.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Mar 22 06:07:42 UTC 2024 on atb-devel-224
Volker Lendecke [Wed, 13 Mar 2024 15:07:00 +0000 (16:07 +0100)]
lib: Remove timeval_until()
We have the same function in tevent, no need to duplicate code.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 21 Mar 2024 01:48:34 +0000 (14:48 +1300)]
fuzz:fuzz_ndr_X: don't skip printing on push error
push should not have changed the struct, so it is valid to
try to print it also.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 27 Dec 2023 23:45:41 +0000 (12:45 +1300)]
ldb-samba: matching rules: notify of search failure in transitive filter
It can be very hard to known where transitive checks fail, and this
will help.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15515
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 28 Dec 2023 00:46:48 +0000 (13:46 +1300)]
fuzz:_conditional_ace_blob discards a const
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 20 Mar 2024 04:29:52 +0000 (17:29 +1300)]
fuzz:fuzz_conditional_ace_blob lets long generated SDDL fail
This can legitimately fail, due to e.g. integers being interpreted as
local attributes due to their position (the original data is complete
nonsense, bravely decompiled by sddl_from_conditional_ace).
In the example found the original begins like
00000000 61 72 74 78 02 00 00 00 00 00 00 00 00 03 01 02 |artx............|
00000010 f7 ff ff ff ff ff ff ff 03 01 a1 02 00 3b 00 00 |.............;..|
00000020 00 00 00 00 03 01 a1 02 00 3b 00 00 00 00 00 00 |.........;......|
00000030 03 01 02 a5 ff ff ff ff ff ff ff 03 01 a1 02 78 |...............x|
00000040 00 00 00 00 00 00 00 03 01 85 02 00 3b 00 00 00 |............;...|
00000050 00 00 00 03 01 a1 02 00 3b 00 00 00 00 00 00 03 |........;.......|
00000060 01 02 a5 00 00 00 00 00 00 00 03 01 81 02 00 00 |................|
00000070 00 00 00 00 00 00 03 01 81 02 00 3b 00 00 00 00 |...........;....|
while the SDDL cycled version looks like
00000000 61 72 74 78 f8 04 00 00 00 30 00 30 00 f8 2e 00 |artx.....0.0....|
00000010 00 00 30 00 31 00 37 00 37 00 37 00 37 00 37 00 |..0.1.7.7.7.7.7.|
00000020 37 00 37 00 37 00 37 00 37 00 37 00 37 00 37 00 |7.7.7.7.7.7.7.7.|
00000030 37 00 37 00 37 00 37 00 37 00 37 00 36 00 37 00 |7.7.7.7.7.7.6.7.|
00000040 a1 f8 0c 00 00 00 30 00 33 00 35 00 34 00 30 00 |......0.3.5.4.0.|
00000050 30 00 a1 f8 0c 00 00 00 30 00 33 00 35 00 34 00 |0.......0.3.5.4.|
00000060 30 00 30 00 f8 2e 00 00 00 30 00 31 00 37 00 37 |0.0......0.1.7.7|
00000070 00 37 00 37 00 37 00 37 00 37 00 37 00 37 00 37 |.7.7.7.7.7.7.7.7|
and this new interpretation ends up being more than 10000 bytes long,
so the conversion fails.
The SDDL ends up looking like this:
(((((((((((00) || (
01777777777777777777767)) || (035400)) || \
(((((((((((((((((((((((((((((((((((035400) || (
01777777777777777777645)) \
>= 0170) || (035400)) || (((((((((((((((((((((((((((((((035400 != 0245)
[...]
where all the octal digits on the left hand side of operators are
UTF-16 strings.
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65322
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 3 Jan 2024 22:06:46 +0000 (11:06 +1300)]
fuzzing: fuzz_ndr_X ndr_print does printing
By printing into a buffer, we might notice some errors.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Jo Sutton [Tue, 2 May 2023 03:42:24 +0000 (15:42 +1200)]
tests/krb5: Add tests for AllowedToAuthenticateTo with an AS-REQ
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15607
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Mar 21 04:19:18 UTC 2024 on atb-devel-224
Jo Sutton [Mon, 11 Mar 2024 22:08:30 +0000 (11:08 +1300)]
s4:auth: Update error messages
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Jo Sutton [Mon, 11 Mar 2024 22:08:14 +0000 (11:08 +1300)]
auth:credentials: Remove unused include
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Jo Sutton [Mon, 11 Mar 2024 22:07:56 +0000 (11:07 +1300)]
auth:credentials: Remove trailing line
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Jo Sutton [Fri, 8 Mar 2024 03:34:49 +0000 (16:34 +1300)]
tests/krb5: Allow specifying SamDB to use when creating an account
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Jo Sutton [Mon, 4 Mar 2024 00:38:10 +0000 (13:38 +1300)]
python:tests: Do not have current_time() and current_nt_time() implicitly include clock skew
This is just too error‐prone.
current_gkid() will still continue to return the next GKID if it’s
within clock skew.
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Jo Sutton [Thu, 7 Mar 2024 04:14:24 +0000 (17:14 +1300)]
python: Correct time conversion function name
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Jo Sutton [Mon, 4 Mar 2024 23:37:11 +0000 (12:37 +1300)]
s4:libnet: Fix code spelling
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Jo Sutton [Mon, 4 Mar 2024 23:32:16 +0000 (12:32 +1300)]
python: Type ‘format’ parameter as optional
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Jo Sutton [Mon, 4 Mar 2024 23:31:27 +0000 (12:31 +1300)]
python: Correctly qualify strptime()
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Jo Sutton [Mon, 4 Mar 2024 00:38:29 +0000 (13:38 +1300)]
python:tests: Fix code spelling
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Jo Sutton [Thu, 14 Mar 2024 02:14:55 +0000 (15:14 +1300)]
s4:auth: Allocate strings on shorter‐lived memory context
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Jo Sutton [Tue, 12 Mar 2024 21:12:33 +0000 (10:12 +1300)]
python:tests: Simplify expression
‘not keytab_bytes’ is shorter and equivalent.
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Jo Sutton [Tue, 12 Mar 2024 03:24:59 +0000 (16:24 +1300)]
python:tests: Use Managed Service Accounts well‐known GUID
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Jo Sutton [Tue, 12 Mar 2024 03:02:45 +0000 (16:02 +1300)]
s4:auth: Fix grammar in error message
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>