Björn Jacke [Thu, 4 Jan 2024 11:55:53 +0000 (12:55 +0100)]
selftest: let list_servers.NT1 really use NT1 protocol
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Björn Jacke [Sat, 30 Dec 2023 18:53:36 +0000 (19:53 +0100)]
vfs_worm: add connect function to cache parameters
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Björn Jacke [Sat, 30 Dec 2023 17:28:59 +0000 (18:28 +0100)]
set_process_capability: log which capability was set or failed to be set
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Stefan Metzmacher [Fri, 29 Dec 2023 15:28:37 +0000 (15:28 +0000)]
script/autobuild.py: add some --private-libraries=ALL testing
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15545
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Björn Jacke <bjacke@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Jan 4 12:45:58 UTC 2024 on atb-devel-224
Stefan Metzmacher [Fri, 29 Dec 2023 10:05:18 +0000 (10:05 +0000)]
wafsamba: fix the usage of --private-extension-exception
It was completely unused...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15545
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Björn Jacke <bjacke@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Fri, 29 Dec 2023 10:04:59 +0000 (10:04 +0000)]
wscript: use opt.PRIVATE_EXTENSION_DEFAULT('private-samba')
The problem was that we used opt.PRIVATE_EXTENSION_DEFAULT('samba4') and
libndr as private will become libndr-samba4 and that already exists as
libndr-samba4 as we don't append the extension if it's already there.
So meant with --private-libraries=ALL we hit the following problem:
$ ./configure --private-libraries=ALL
$ make smbd/smbd
Waf: Leaving directory `/samba/bin/default'
Task dependency cycle in "run_after" constraints:
{task ...: cshlib dcerpc-samba4.empty.c.12.o,ndr_winbind_c.c.229.o -> libdcerpc-samba4.so}
make: *** [Makefile:131: smbd/smbd] Error 1
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15545
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Björn Jacke <bjacke@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Fri, 29 Dec 2023 15:27:38 +0000 (15:27 +0000)]
script/autobuild.py: nonshared-test works now
I guess the problem was related to wrapper libraries...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15545
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Björn Jacke <bjacke@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Fri, 29 Dec 2023 14:32:51 +0000 (14:32 +0000)]
third_party/*_wrapper: use SAMBA_LIBRARY(force_unversioned=True)
This prevents --private-libraries=ALL from creating unuseable
wrapper libraries, as they can't work with symbol versioning.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15545
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Björn Jacke <bjacke@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Fri, 29 Dec 2023 14:32:02 +0000 (14:32 +0000)]
wafsamba: introduce SAMBA_LIBRARY(force_unversioned=False)
This can be used in order to avoid a library to be
catched by --private-libraries=ALL.
It is needed for our wrapper libraries.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15545
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Björn Jacke <bjacke@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jones Syue [Thu, 4 Jan 2024 01:42:15 +0000 (09:42 +0800)]
s3:smbd multichannel: always refresh the network information
To maintain SMB Multichannel, windows client might periodically query with
FSCTL_QUERY_NETWORK_INTERFACE_INFO to get SMB server's network information,
in my case windows server 2022 would do this every 10 minutes (600 seconds).
Consider a scenario: the network information might have changed between
these queries, some become link down, new interface is link up, network
speed is changed, and etc. So far smbd might not aware of these changes and
still report out-of-date network information to windows client, until we
manually send a SIGHUP to smbd in order to trigger load_interfaces():
smbd_sig_hup_handler() > reload_services () > load_interfaces()
This might be a bit inconvenient because it is hard to decide when should
we manually send a SIGHUP to smbd for refreshing network information.
This patch adds load_interfaces() at fsctl_network_iface_info(), while smbd
received FSCTL_QUERY_NETWORK_INTERFACE_INFO would go through this and refresh
local_interfaces, then respond to client with up-to-date network information;
also refresh num_ifaces to make sure interfaces count is consistent.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15547
Signed-off-by: Jones Syue <jonessyue@qnap.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Björn Jacke <bjacke@samba.org>
Stefan Metzmacher [Fri, 24 Nov 2023 10:51:54 +0000 (11:51 +0100)]
ctdb: add comments to "addip"/"delip" when CTDB_{CONTROL,EVENT,SRVID}_IPREALLOCATED happens
"addip"/"delip" are different from "moveip" so they don't need to
call ipreallocate() nor send_ipreallocated_control_to_nodes().
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Stefan Metzmacher [Fri, 24 Nov 2023 09:53:44 +0000 (10:53 +0100)]
ctdb: let "moveip" end with CTDB_CONTROL_IPREALLOCATED to all connected nodes
This matches the behavior of takeover_send/recv() from
ctdb_takeover_helper.c.
It means we consistently call the ipreallocated event scripts
and also send CTDB_SRVID_IPREALLOCATED after moving ips.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Stefan Metzmacher [Fri, 24 Nov 2023 09:50:16 +0000 (10:50 +0100)]
ctdb: remove unused ctdb_message_disable_ip_check()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Stefan Metzmacher [Thu, 23 Nov 2023 12:57:28 +0000 (13:57 +0100)]
ctdb: let "moveip" also use disable_takeover_runs()
That makes the behavior more consistent compared to a takeover run
started from the within ctdbd.
The behavior is the same but ctdb_message_disable_ip_check() used
a legacy code path and the next commits will also touch some
of the moveip logic...
The logic and comments are copied from control_reloadips().
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Stefan Metzmacher [Thu, 23 Nov 2023 14:04:09 +0000 (15:04 +0100)]
ctdb: send a CTDB_SRVID_IPREALLOCATED message after CTDB_EVENT_IPREALLOCATED
Event scripts run the "ipreallocated" hook in order to notice that some ip addresses
in the cluster potentially changed.
CTDB_SRVID_IPREALLOCATED gives C code a chance to get notified as well once the event
scripts are finished.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Andreas Schneider [Fri, 15 Dec 2023 07:23:25 +0000 (08:23 +0100)]
s3:utils: Fix the auth function to print correct values to the user
In order to show correct values in the password prompt displayed by
cli_credentials_get_password*(). We need to set the domain and username
in the credentials system.
The credentials supplied via the SMB URL have a higher priority than the
command line options.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15538
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Jan 4 11:26:52 UTC 2024 on atb-devel-224
Andreas Schneider [Fri, 15 Dec 2023 08:41:06 +0000 (09:41 +0100)]
s3:utils: Handle the domain before username and password
The cli_credentials_get_password*() function will interactively ask the
user for a password if none has been supplied via another ways. To show
the correct domain and username in the prompt, we need handle domain
and user first.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15538
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Volker Lendecke [Thu, 28 Dec 2023 13:38:37 +0000 (14:38 +0100)]
smbd: Fix traversing snapshot dirs that vanished in current fileset
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15544
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jan 2 20:37:01 UTC 2024 on atb-devel-224
Volker Lendecke [Thu, 28 Dec 2023 13:20:11 +0000 (14:20 +0100)]
shadow_copy: Add test for missing directory in "current" fileset
Right now we can't traverse a subdirectory in a snapshot which was
deleted in the current set of files.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15544
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Mon, 1 Jan 2024 00:03:20 +0000 (00:03 +0000)]
Happy New Year 2024!
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Björn Jacke [Mon, 25 Dec 2023 20:48:35 +0000 (21:48 +0100)]
s4/ldap_backend: do_call: use modern DBG macros
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Dec 29 13:50:05 UTC 2023 on atb-devel-224
Björn Jacke [Mon, 25 Dec 2023 20:46:47 +0000 (21:46 +0100)]
s4/ldap_backend: abandonrequest: use modern DBG macros
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Björn Jacke [Mon, 25 Dec 2023 20:45:55 +0000 (21:45 +0100)]
s4/ldap_backend: CompareRequest: use modern DBG macros
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Björn Jacke [Mon, 25 Dec 2023 20:37:29 +0000 (21:37 +0100)]
s4/ldap_backend: modifydnrequest: use modern DBG macros
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Björn Jacke [Mon, 25 Dec 2023 20:34:28 +0000 (21:34 +0100)]
s4/ldap_backend: delrequest: use modern DBG macros
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Björn Jacke [Mon, 25 Dec 2023 20:32:49 +0000 (21:32 +0100)]
s4/ldap_backend: addrequest: use modern DBG macros
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Björn Jacke [Mon, 25 Dec 2023 20:31:27 +0000 (21:31 +0100)]
s4/ldap_backend: modifyrequest: use modern DBG_ macro
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Björn Jacke [Mon, 25 Dec 2023 20:26:58 +0000 (21:26 +0100)]
s4/ldap_backend: SearchRequest: use modern DBG_ macro
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Björn Jacke [Mon, 25 Dec 2023 20:24:13 +0000 (21:24 +0100)]
s4/ldap_backend: unwilling: use modern DBG_ macro
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Björn Jacke [Mon, 25 Dec 2023 20:22:48 +0000 (21:22 +0100)]
s4/ldap_backend: encode: use modern DBG_ macro
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Björn Jacke [Mon, 25 Dec 2023 19:37:38 +0000 (20:37 +0100)]
s4/ldap_backend: change a printf %d to %u for results
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Björn Jacke [Mon, 25 Dec 2023 19:30:43 +0000 (20:30 +0100)]
s4/ldap_backend: fix a NULL dereference
Signed-off-by: Bjoern Jacke <bjacke@samba.org>>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Björn Jacke [Mon, 25 Dec 2023 18:53:30 +0000 (19:53 +0100)]
winbind_nss_netbsd: fix missing semicolon
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15541
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Björn Jacke [Mon, 25 Dec 2023 18:50:55 +0000 (19:50 +0100)]
docs-xml: use XML_CATALOG_FILES env var if defined
Thanks to Thierry LARONDE for the fix.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15540
Signed-off-by: Björn Jacke <bjacke@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Björn Jacke [Mon, 25 Dec 2023 18:49:38 +0000 (19:49 +0100)]
doc-xml: fix name of vfs_linux_xfs man page
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15542
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Joseph Sutton [Thu, 21 Dec 2023 22:04:51 +0000 (11:04 +1300)]
lib:crypto: Add tests for GKDI key derivation
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Dec 22 06:31:29 UTC 2023 on atb-devel-224
Joseph Sutton [Mon, 13 Nov 2023 04:08:58 +0000 (17:08 +1300)]
lib:crypto: Add implementation of GKDI key derivation
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 20 Dec 2023 03:39:14 +0000 (16:39 +1300)]
tests/krb5: Raise an error if root key data is the wrong length
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 20 Dec 2023 03:38:33 +0000 (16:38 +1300)]
tests/krb5: Test that root key data is the correct length in bytes
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 18 Dec 2023 20:38:27 +0000 (09:38 +1300)]
tests/krb5: Create root key just for implicit root key tests
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 18 Dec 2023 20:37:40 +0000 (09:37 +1300)]
tests/krb5: Check properties of current GKDI key
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 20 Dec 2023 01:26:00 +0000 (14:26 +1300)]
fuzz: allow max size conditional ACE round-trip failure
The encoder, being cautious not to overstep the arbitrary 10000 byte
boundary, might not encode an exactly 10000 byte condition. This
is an off-by-one, but in the safe direction.
Credit to OSS-Fuzz.
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65118
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Dec 22 00:51:13 UTC 2023 on atb-devel-224
Douglas Bagnall [Wed, 20 Dec 2023 00:40:15 +0000 (13:40 +1300)]
libcli/security: sddl conditional ACE: write -0 when asked
Credit to OSS-Fuzz.
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65122
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 20 Dec 2023 00:38:53 +0000 (13:38 +1300)]
libcli/security: rearrange conditional ACE sddl_write_int
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65122
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 20 Dec 2023 00:37:29 +0000 (13:37 +1300)]
libcli/security: tests for signed zeros in sddl condtional ACEs
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65122
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 21 Dec 2023 20:58:53 +0000 (09:58 +1300)]
librpc: Do not allow u16string to be encoded in a big‐endian context
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 20 Dec 2023 22:51:19 +0000 (11:51 +1300)]
librpc: Change type of ‘u16string’ from ‘const uint16_t *’ to ‘const unsigned char *’
A u16string is supposed to contain UTF‐16 code units, but
ndr_pull_u16string() and ndr_push_u16string() fail to correctly ensure
this on big‐endian systems. Code that relies on the u16string array
containing correct values will then fail.
Fix ndr_pull_u16string() and ndr_push_u16string() to work on big‐endian
systems, ensuring that other code can use these strings without having
to worry about first encoding them to little‐endian.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 21 Dec 2023 20:54:55 +0000 (09:54 +1300)]
librpc: Add missing spaces to error messages
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Ralph Boehme [Wed, 13 Dec 2023 06:57:46 +0000 (07:57 +0100)]
s3/lib: add log_panic_action()
Can be used to log a nice stack backtrace with full debug symbols by setting
"panic action" to something like
panic action = cd /home/slow/git/samba/master && /home/slow/git/samba/master/selftest/gdb_backtrace %d
This is similar to log_stack_trace(), but that doesn't come with debug symbols.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Ralph Boehme [Fri, 15 Dec 2023 06:15:22 +0000 (07:15 +0100)]
s3/lib: factor out call_panic_action() from smb_panic_s3()
No change in behaviour. Best viewed with git show -w.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Fri, 8 Dec 2023 03:38:21 +0000 (16:38 +1300)]
tests/krb5: Add Python implementation and tests for Group Key Distribution Service
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Dec 21 21:19:30 UTC 2023 on atb-devel-224
Joseph Sutton [Mon, 18 Dec 2023 06:11:37 +0000 (19:11 +1300)]
python: Add NT Time utility functions
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 12 Dec 2023 05:31:34 +0000 (18:31 +1300)]
pyglue: Export some GKDI constants
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 12 Dec 2023 05:31:19 +0000 (18:31 +1300)]
pyglue: Export some more HRESULT constants
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 12 Dec 2023 06:27:17 +0000 (19:27 +1300)]
pyglue: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 13 Nov 2023 04:08:58 +0000 (17:08 +1300)]
lib:crypto: Add GKDI module with some constants
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 12 Dec 2023 05:27:46 +0000 (18:27 +1300)]
gkdi.idl: Verify magic numbers of pulled GKDI structures
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Fri, 8 Dec 2023 02:58:32 +0000 (15:58 +1300)]
s4:libcli: Fix conversion from HRESULT and WERROR to Python objects
The inner values of HRESULT and WERROR are 32‐bit unsigned integers,
which might not be representable in type ‘int’. We must then use the ‘k’
format specifier, which corresponds to ‘unsigned long’, a type
guaranteed to be at least 32 bits in size.
Commit
c81aff362fe99a65385c6f8337ffcb47c9456829 fixed
PyErr_FromNTSTATUS(), but it did not attempt to fix the other cases.
PyErr_FromHRESULT() might return a tuple like this:
(-
2147024809, 'One or more arguments are invalid.')
which, after this commit, will become this:
(
2147942487, 'One or more arguments are invalid.')
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Fri, 8 Dec 2023 02:54:14 +0000 (15:54 +1300)]
s4:libcli: Remove trailing whitespace
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Fri, 8 Dec 2023 01:44:48 +0000 (14:44 +1300)]
python:tests: Catch strings passed to utf16_encoded_len() with embedded nulls
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Fri, 8 Dec 2023 01:10:42 +0000 (14:10 +1300)]
selftest: Rename ‘samba.unittests.test_gnutls_sp800_108’ to something more consistent with existing tests
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 18 Dec 2023 20:53:50 +0000 (09:53 +1300)]
gkdi.idl: Add ‘additional_info’ field to KeyEnvelope structure
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 18 Dec 2023 20:51:30 +0000 (09:51 +1300)]
gkdi.idl: Comment on domain and forest name fields
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Sun, 17 Dec 2023 20:31:11 +0000 (09:31 +1300)]
s3:utils: Do not pass invalid file descriptor to close() (CID
1550131)
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 14 Dec 2023 21:26:31 +0000 (10:26 +1300)]
tests/krb5: Remove redundant definitions
These items are already defined elsewhere.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 14 Dec 2023 02:26:39 +0000 (15:26 +1300)]
ldb: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 13 Dec 2023 19:25:38 +0000 (08:25 +1300)]
buildtools: Use correct variable in error message
When this error message was copied from CHECK_FUNCS_IN(), the variable
name was not changed. This results in messages like this:
“Mandatory library 'lib' not found for functions '<class 'list'>'”
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 13 Dec 2023 03:40:06 +0000 (16:40 +1300)]
lib:cmdline: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 12 Dec 2023 04:37:53 +0000 (17:37 +1300)]
pyglue: Remove unnecessary uses of discard_const_p()
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 12 Dec 2023 06:34:11 +0000 (19:34 +1300)]
python:tests: Don’t needlessly create single‐element tuple
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Sun, 10 Dec 2023 23:55:05 +0000 (12:55 +1300)]
lib:util: Use portable integer constants
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Sun, 10 Dec 2023 21:23:23 +0000 (10:23 +1300)]
s3:param: Remove unnecessary use of discard_const_p()
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 7 Dec 2023 21:48:40 +0000 (10:48 +1300)]
python:tests: Rename parameter to be consistent with overridden method
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 7 Dec 2023 21:30:14 +0000 (10:30 +1300)]
python:tests: Raise exception of more specific type NotImplementedError
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 7 Dec 2023 19:34:38 +0000 (08:34 +1300)]
python:tests: Use ‘False’ in boolean expression rather than ‘None’
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 30 Nov 2023 02:31:32 +0000 (15:31 +1300)]
librpc:ndr: Don’t unnecessarily parenthesize macro arguments
If we’re just passing a parameter to another macro which we know
correctly parenthesizes its arguments, then we don’t need to
parenthesize the parameter ourselves.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 30 Nov 2023 02:00:08 +0000 (15:00 +1300)]
lib:util: Remove redundant casts in PUSH_*() macros
The PUSH_*() macros already cast their arguments to the expected type,
so we don’t need to cast the arguments *again* prior to invoking the
macros.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 30 Nov 2023 02:11:10 +0000 (15:11 +1300)]
lib:util: Don’t unnecessarily parenthesize macro arguments
If we’re just passing a parameter to another macro which we know
correctly parenthesizes its arguments, then we don’t need to
parenthesize the parameter ourselves.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 30 Nov 2023 02:08:04 +0000 (15:08 +1300)]
lib:util: Cast macro parameter ‘val’ to expected type
These macros are now consistent with PUSH_BE_U8() and with the
PUSH_LE_*() macros.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 30 Nov 2023 02:06:15 +0000 (15:06 +1300)]
lib:util: Parenthesize macro parameters
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 28 Nov 2023 21:42:36 +0000 (10:42 +1300)]
s4:auth: Clarify comment about requiring FAST armor
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 18 Dec 2023 21:23:14 +0000 (10:23 +1300)]
s3:lib: Define TIME_FIXUP_CONSTANT_INT using INT64_C() macro
This is more portable than using preprocessor conditionals.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 27 Nov 2023 03:24:00 +0000 (16:24 +1300)]
lib:util: Define TIME_FIXUP_CONSTANT_INT using INT64_C() macro
This is more portable than using preprocessor conditionals.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Tue, 15 Aug 2023 06:57:57 +0000 (08:57 +0200)]
s3:ctdbd_conn: fix ctdbd_public_ip_foreach() for ipv6 addresses
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15534
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Dec 21 11:09:30 UTC 2023 on atb-devel-224
Andrew Bartlett [Mon, 18 Dec 2023 04:24:26 +0000 (17:24 +1300)]
WHATSNEW: Add entry for "samba-tool user get-kerberos-ticket"
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Thu Dec 21 03:04:12 UTC 2023 on atb-devel-224
Andrew Bartlett [Fri, 15 Dec 2023 04:10:42 +0000 (17:10 +1300)]
selftest: Add tests for "samba-tool user get-kerberos-ticket"
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Thu, 14 Dec 2023 01:50:05 +0000 (14:50 +1300)]
python/netcmd: Improve documentation for "samba-tool user getpassword"
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Thu, 14 Dec 2023 01:43:44 +0000 (14:43 +1300)]
python/netcmd: Add "samba-tool user get-kerberos-ticket" to get a ticket for a gMSA
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Mon, 18 Dec 2023 04:14:27 +0000 (17:14 +1300)]
WHATSNEW: Add entry for "samba-tool user getpassword" changes
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Rob van der Linde [Thu, 7 Dec 2023 02:53:01 +0000 (15:53 +1300)]
python: tests: blackbox test for GMSA
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Rob van der Linde [Fri, 15 Dec 2023 02:12:42 +0000 (15:12 +1300)]
samba-tool: document that -H can be used with gMSA accounts
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Rob van der Linde [Fri, 15 Dec 2023 02:10:39 +0000 (15:10 +1300)]
samba-tool: fix some grammar in getpassword docstrings
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Mon, 11 Dec 2023 07:56:16 +0000 (20:56 +1300)]
samba-tool: Make samba-tool user getpassword support a ';previous=1' option
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Mon, 11 Dec 2023 07:55:10 +0000 (20:55 +1300)]
samba-tool user getpassword: Prepare to support a ;previous=1 option, change behaviour for ;rounds=
This will return the previous password, but the pattern is to include
the option in the returned attribute name, so we need to use
vatter["raw_attr"], not 'a'.
This changes the behaviour for the ;rounds= option used when we hold
the plaintext password (possibly under GPG encryption).
This is now consistant with other parameters in the LDAP attribute,
and is now included in the returned attribute name.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Mon, 11 Dec 2023 08:40:44 +0000 (21:40 +1300)]
selftest: Modify expected output of 'samba-tool user getpassword' to be more consistant
This is consistant with ;format= support for time attributes and
other users of this parameter style elsewhere in LDAP.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Rob van der Linde [Thu, 14 Dec 2023 23:36:14 +0000 (12:36 +1300)]
selftest: fix failing user setpassword test
A side effect of being able to generate at read time unicodePwd for a gMSA is that we can also generate the unicodePwd from a virtualSambaGPG password.
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Mon, 11 Dec 2023 07:49:44 +0000 (20:49 +1300)]
samba-tool: Add support for getting the generated unicodePwd for a gMSA account
This pre-hashed value may be more practical to use than the random "UTF-16"
password. In particular it is easy to compare with the DB values.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Rob van der Linde [Fri, 1 Dec 2023 03:14:16 +0000 (16:14 +1300)]
netcmd: user: samba-tool support to allow non-windows use of GMSA accounts (show password)
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Tue, 12 Dec 2023 03:38:13 +0000 (16:38 +1300)]
samba-tool user getpassword: Use UTF16_MUNGED charcnv to map "UTF16" to UTF8
This copes with random invalid UTF-16 as seen with gMSA accounts.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Mon, 11 Dec 2023 03:54:57 +0000 (16:54 +1300)]
samba-tool: Prepare to allow samba-tool user getpasswords to operate against a remote server
While passwords are not normally available for read, Group Managed Service Account
passwords are, as this is how they are distributed.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>