Andrew Bartlett [Fri, 18 Jun 2021 11:49:13 +0000 (23:49 +1200)]
selftest: Remove -d10 from test startup
It looks like "python:tests: Add SAMR password change tests for fips"
(which is also the title of
9a3ba502d8193b25799ef92917efafd52de2e8c2,
but this is also unrelated) and was a probalby a rebase artifact,
being a debugging aid that should have been omitted.
This reverts commit
ebd687335b9accfdbae7dbc65c9882ab4d5c0986.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Andrew Bartlett [Fri, 18 Jun 2021 11:48:26 +0000 (23:48 +1200)]
testprogs/blackbox: Remove joined dc for ldapcmp
We don't need this DC once the ldapcmp is over, and it avoids
the running DC spamming the logs looking for it.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Andrew Bartlett [Fri, 18 Jun 2021 08:46:51 +0000 (20:46 +1200)]
python/samba/tests: Remove DCs joined to test samba-tool behaviour
Otherwise we have the live DCs spamming the logs looking for the
long-gone test servers:
Failed to connect host fd00::5357:5f0b on port 135 - NT_STATUS_OBJECT_NAME_NOT_FOUND
Failed to connect host fd00::5357:5f0b (
6f44653d-18c8-4bf4-b2e7-
6f85cf7b0f74._msdcs.addom.samba.example.com) on port 135 - NT_STATUS_OBJECT_NAME_NOT_FOUND.
Failed to connect host 10.53.57.11 on port 135 - NT_STATUS_OBJECT_NAME_NOT_FOUND
Failed to connect host 10.53.57.11 (
6f44653d-18c8-4bf4-b2e7-
6f85cf7b0f74._msdcs.addom.samba.example.com) on port 135 - NT_STATUS_OBJECT_NAME_NOT_FOUND.
Failed to connect host 10.53.57.12 on port 135 - NT_STATUS_OBJECT_NAME_NOT_FOUND
This avoids spamming the GitLab pipeline logs with a lot of noise,
as there is a size limit to the output, as well as being cleaner.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Andreas Schneider [Thu, 17 Jun 2021 13:02:59 +0000 (15:02 +0200)]
python:tests: Fix group_edit test with system libldb
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sun Jun 20 22:52:05 UTC 2021 on sn-devel-184
Andreas Schneider [Thu, 17 Jun 2021 13:00:21 +0000 (15:00 +0200)]
python:tests: Fix user_edit test with system libldb
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Thu, 17 Jun 2021 12:57:41 +0000 (14:57 +0200)]
python:tests: Fix contact_edit test with system libldb
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
David Mulder [Thu, 17 Jun 2021 21:20:41 +0000 (15:20 -0600)]
samba-tool: Ensure commands don't crash without ad-dc
This simply ensures against import errors when
samba is built without the ad-dc. Calling every
help message guarantees the imports succeeded.
The test is intentionally run against the
fileserver test environment, because it's
configured --without-ad-dc and does not disable
ads.
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
David Mulder [Thu, 10 Jun 2021 15:53:56 +0000 (09:53 -0600)]
dns: Enable dnsserver_common install when not ad dc
dnsserver_common is enabled without the ad-dc to
prevent imports from failing when samba-tool is
called where the ad-dc was not built. The
server-side dns code is used in the client when
we do direct LDAP modification of DNS records.
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
David Mulder [Fri, 18 Sep 2020 17:28:02 +0000 (11:28 -0600)]
samba-tool: Disable AD DC options in samba-tool domain
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
David Mulder [Thu, 17 Sep 2020 19:26:18 +0000 (13:26 -0600)]
samba-tool: Enable samba-tool without ad dc (but with ads)
Much of samba-tool can operate without the full AD DC,
for remote operations.
However the samba-tool gpo command depends on ads being
built. Without ads, every samba-tool command
crashes because ads imports fail.
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Wed, 26 May 2021 13:04:08 +0000 (15:04 +0200)]
s3:modules: Reduce debug level if file doesn't exists on dfs share
There is software out there trying to open desktop.ini in every
directory. Avoid spamming the logs with error messages.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Jun 18 18:14:11 UTC 2021 on sn-devel-184
Jeremy Allison [Wed, 16 Jun 2021 22:10:37 +0000 (15:10 -0700)]
s3: smbd: Optimization in non_widelink_open(). Don't need to vfs_ChDir(parent_dir_fname) if parent is "."
Save several system calls if we're operating at the root of the share.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Jun 18 17:21:31 UTC 2021 on sn-devel-184
Jeremy Allison [Wed, 9 Jun 2021 23:43:04 +0000 (16:43 -0700)]
s3: smbd: change_file_owner_to_parent_fsp(). Don't re-stat the pathref.
Optimization now becomes clear. We already have a valid stat of the parent
directory so we don't need to re-do a system call.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Wed, 9 Jun 2021 19:28:42 +0000 (12:28 -0700)]
s3: smbd: Change change_file_owner_to_parent() -> change_file_owner_to_parent_fsp().
Same changes as for change_dir_owner_to_parent_fsp().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Wed, 9 Jun 2021 19:15:42 +0000 (12:15 -0700)]
s3: smbd: Make change_file_owner_to_parent() static.
Only used inside open.c.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Wed, 9 Jun 2021 23:40:08 +0000 (16:40 -0700)]
s3: smbd: change_dir_owner_to_parent_fsp(). Don't re-stat the pathref.
Optimization now becomes clear. We already have a valid stat of the parent
directory so we don't need to re-do a system call.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Wed, 9 Jun 2021 19:13:38 +0000 (12:13 -0700)]
s3: smbd: Change change_dir_owner_to_parent() -> change_dir_owner_to_parent_fsp().
Operate on handles only.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Wed, 9 Jun 2021 19:01:03 +0000 (12:01 -0700)]
s3: smbd: open_directory(). Cleanup. We don't need 'int flags' here.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Douglas Bagnall [Thu, 8 Apr 2021 09:20:17 +0000 (21:20 +1200)]
util/charset: warn loudly on unexpected E2BIG
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Jun 18 04:27:17 UTC 2021 on sn-devel-184
Douglas Bagnall [Thu, 8 Apr 2021 09:18:46 +0000 (21:18 +1200)]
util/iconv: reject improperly packed UTF-8
If we allow a string that encodes say '\0' as a multi-byte sequence,
we are open to confusion where we mix NUL terminated strings with
sized data blobs, which is to say EVERYWHERE.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14684
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
Douglas Bagnall [Wed, 16 Jun 2021 05:35:19 +0000 (17:35 +1200)]
torture: talloc_string_sub tests for utf-8 brevity
If we allow overly long UTF-8 sequences (in the tests, encoding '\0'
as 2, 3, or 4 bytes), it might be possible for bad strings to slip
through.
We fail. But wait for the next commit.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14684
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
Garming Sam [Mon, 23 Sep 2019 03:25:42 +0000 (15:25 +1200)]
netcmd: Incorrect arguments to Exception constructor
Discovered by Semmle code analysis:
https://lgtm.com/projects/g/samba-team/samba
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Thu Jun 17 05:12:03 UTC 2021 on sn-devel-184
Garming Sam [Mon, 23 Sep 2019 01:28:44 +0000 (13:28 +1200)]
upgradeprovision: Remove duplicate key
Discovered by Semmle code analysis:
https://lgtm.com/projects/g/samba-team/samba
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Garming Sam [Mon, 23 Sep 2019 01:27:13 +0000 (13:27 +1200)]
perf_tests: Implicit string concatenation
Discovered by Semmle code analysis:
https://lgtm.com/projects/g/samba-team/samba
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Garming Sam [Mon, 23 Sep 2019 01:25:47 +0000 (13:25 +1200)]
join: provision_fill does not return anything
Discovered by Semmle code analysis:
https://lgtm.com/projects/g/samba-team/samba
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Wed, 16 Jun 2021 04:51:14 +0000 (16:51 +1200)]
heimdal_build: Improve error and warning handling on old and new compilers
The previous commit
1eadeaed0a6ca3a58eb9fd176a7ae5bcc28f64ef had a couple of
errors, the unpicky flags were being set on all builds (not just old
compiler builds) due to confusing variable names, and Ubuntu 16.04
would not build (for fuzzing) because it thought some variables
were maybe-uninitialized.
This keeps stricter warnings->errors on modern compilers while
allowing the full build, even in the near future when a modern
Heimdal is imported.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Jun 16 14:43:17 UTC 2021 on sn-devel-184
Jeremy Allison [Tue, 15 Jun 2021 22:42:33 +0000 (15:42 -0700)]
s3: smbd: Fix smbd crash on dangling symlink with posix connection calling several non-posix info levels.
Tidy up fsp == NULL checks. Remove knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14742
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Wed Jun 16 11:58:00 UTC 2021 on sn-devel-184
Jeremy Allison [Tue, 15 Jun 2021 22:11:20 +0000 (15:11 -0700)]
s3: torture: Add POSIX-SYMLINK-SETPATHINFO regression test.
This ensure we never blunder into indirecting a NULL fsp pointer
in the server. Currently this crashes the server in several info
levels.
Add knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14742
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
Ralph Boehme [Mon, 10 May 2021 10:34:32 +0000 (12:34 +0200)]
mdssvc: avoid direct filesystem access, use the VFS
This ensures mdssvc uses the same FileIDs as the fileserver as well as Spotlight
can be used working on a virtual filesystem like GlusterFS.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14740
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Jun 16 05:59:13 UTC 2021 on sn-devel-184
Ralph Boehme [Tue, 15 Jun 2021 12:14:52 +0000 (14:14 +0200)]
mdssvc: chdir() to the conn of the RPC request
In preperation of calling VFS functions.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14740
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Mon, 10 May 2021 10:10:08 +0000 (12:10 +0200)]
mdssvc: maintain a connection struct in the mds_ctx
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14740
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Fri, 28 May 2021 07:25:22 +0000 (09:25 +0200)]
smbd: add create_conn_struct_cwd()
Compared to create_conn_struct_tos_cwd() this takes a TALLOC_CTX and
tevent_context as additional arguments and the resulting connection_struct is
stable across the lifetime of mem_ctx and ev.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14740
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Tue, 15 Jun 2021 09:17:57 +0000 (11:17 +0200)]
smbd: pass tevent context to create_conn_struct_as_root()
The next commit will add another caller of create_conn_struct_as_root() that is
going to pass a long-lived tevent context.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14740
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Mon, 10 May 2021 10:08:17 +0000 (12:08 +0200)]
mdssvc: pass messaging context to mds_init_ctx()
This is needed in a subsequent commit. Note that I prefer to do the event
context unwrapping in the caller and pass both the event and messaging context
explicitly to mds_init_ctx().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14740
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Mon, 10 May 2021 09:07:27 +0000 (11:07 +0200)]
mdssvc: don't fail mds_add_result() if result is not found in CNID set
Just skip adding the result to the pending results set, don't return an
error. Returning an error triggers an error at the MDSSVC RPC error which is NOT
what we want here.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14740
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Mon, 10 May 2021 09:04:38 +0000 (11:04 +0200)]
mdssvc: use a helper variable in mds_add_result()
No change in behaviour.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14740
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Wed, 2 Dec 2020 17:06:24 +0000 (18:06 +0100)]
lib:ldb-samba: Migrate samba extensions to new cmdline option parser
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Jun 16 01:25:28 UTC 2021 on sn-devel-184
Andreas Schneider [Fri, 18 Dec 2020 07:38:22 +0000 (08:38 +0100)]
lib:ldb-samba: Use talloc_zero_array() and use ldb as the mem context
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Thu, 17 Dec 2020 18:16:13 +0000 (19:16 +0100)]
lib:ldb-samba: Improve calculate_popt_array_length()
Note that memcmp() doesn't work well with padding bytes. So avoid it!
(gdb) ptype/o struct poptOption
/* offset | size */ type = struct poptOption {
/* 0 | 8 */ const char *longName;
/* 8 | 1 */ char shortName;
/* XXX 3-byte hole */
/* 12 | 4 */ unsigned int argInfo;
/* 16 | 8 */ void *arg;
/* 24 | 4 */ int val;
/* XXX 4-byte hole */
/* 32 | 8 */ const char *descrip;
/* 40 | 8 */ const char *argDescrip;
/* total size (bytes): 48 */
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Thu, 17 Dec 2020 10:56:08 +0000 (11:56 +0100)]
lib:ldb: Use C99 initializers for builtin_popt_options[]
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Thu, 17 Dec 2020 16:12:10 +0000 (17:12 +0100)]
s4:torture: Migrate masktest to new cmdline option parser
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Thu, 17 Dec 2020 16:05:51 +0000 (17:05 +0100)]
s4:torture: Migrate locktest to new cmdline option parser
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Thu, 17 Dec 2020 15:55:02 +0000 (16:55 +0100)]
s4:torture: Change -U|--user to --user1 and --user2
The '-U' option is already defined by the default cmdline parser!
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Thu, 17 Dec 2020 15:25:08 +0000 (16:25 +0100)]
s4:torture: Migrate gentest to new cmdline option parser
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Thu, 17 Dec 2020 15:24:48 +0000 (16:24 +0100)]
s4:torture: Change -U|--user to --user1 and --user2
The '-U' option is already defined by the default cmdline parser!
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Thu, 3 Dec 2020 07:02:58 +0000 (08:02 +0100)]
testprogs: Add smbtorture tests with new options
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Wed, 2 Dec 2020 16:24:22 +0000 (17:24 +0100)]
s4:torture: Migrate smbtorture to new cmdline option parser
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Wed, 16 Dec 2020 14:18:26 +0000 (15:18 +0100)]
s4:torture: Pass the pkinit ccache via a torture variable
Mixing -Uuser%password and --krb5-ccache doesn't really work on the
cmdline as -U overwrited the ccache.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Wed, 16 Dec 2020 09:56:23 +0000 (10:56 +0100)]
s4:torture: For NTLM make sure we have CRED_USE_KERBEROS_DESIRED
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Wed, 9 Dec 2020 09:49:51 +0000 (10:49 +0100)]
s4:torture: Write better error on invalid cmdline option
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Wed, 2 Dec 2020 16:16:49 +0000 (17:16 +0100)]
s4:torture: Remove unused include
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Fri, 18 Dec 2020 12:55:59 +0000 (13:55 +0100)]
s4:client: Migrate cifsdd to new cmdline option parser
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Thu, 19 Nov 2020 16:43:58 +0000 (17:43 +0100)]
testprogs: Use new kerberos options for smbclient(4) tests
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Thu, 19 Nov 2020 08:40:53 +0000 (09:40 +0100)]
s4:client: Migrate smbclient4 to new cmdline option parser
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Thu, 19 Nov 2020 08:33:53 +0000 (09:33 +0100)]
s4:client: Use a creds helper variable
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Tue, 1 Jun 2021 09:12:07 +0000 (11:12 +0200)]
testprogs: Remove --debuglevel from test_kinit_trusts_mit.sh
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Tue, 15 Jun 2021 03:24:17 +0000 (15:24 +1200)]
heimdal_build: Use lib/asn1/rfc2459.opt rather than hard-coded
Based on patch by Stefan Metzmacher in his Heimdal upgrade branch
lib/asn1/rfc2459.opt imported from
lorikeet-heimdal-abartlet/lorikeet-heimdal-
201107241840-plus-recent-changes
which is the closest tree I could find, and matches the options being
removed from the wscript_build file.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Jun 15 23:25:27 UTC 2021 on sn-devel-184
Stefan Metzmacher [Fri, 22 Nov 2019 15:01:07 +0000 (16:01 +0100)]
heimdal_build: Add C99 struct initializer in source4/heimdal_build/krb5-glue.c
This avoids uninitiliased structure members in this dummy
structure we include to avoid including more of Heimdal.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 22 Nov 2019 15:11:41 +0000 (16:11 +0100)]
build: in SAMBA_BINARY use TO_LIST(cflags)
This avoids unfortunate issues when the cflags is
already a list, as then -fPIC becomes ['-f', 'P', 'I', 'C'].
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 2 Apr 2020 07:31:33 +0000 (07:31 +0000)]
heimdal_build: Provide C defines showing which Kerberos library is in use
Squashed from patches by Stefan Metzmacher as part of his Heimdal update branch
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Mon, 25 Sep 2017 02:18:34 +0000 (15:18 +1300)]
gse_krb5: Provide keytab name in fill_mem_keytab_from_dedicated_keytab() error strings.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Mon, 25 Sep 2017 23:01:37 +0000 (12:01 +1300)]
heimdal_build: check for secure_getenv
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Tue, 15 Jun 2021 01:50:48 +0000 (13:50 +1200)]
heimdal_build: Set up new build groups for the Heimdal hostcc components
This is based on various patches by Stefan Metzmacher in the patch set for
the Heimdal upgrade.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Sun, 13 Jun 2021 23:14:06 +0000 (11:14 +1200)]
heimdal_build: Rework Heimdal warning handling
If we have all the right -Wno-error flags then we can enable warnings
more generally, otherwise just set -Wno-strict-overflow (if available)
Adapted from patches by Stefan Metzmacher <metze@samba.org> in his
branch to update Heimdal.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Volker Lendecke [Sat, 12 Jun 2021 06:33:42 +0000 (08:33 +0200)]
docs: Improve wording, fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jun 15 19:02:18 UTC 2021 on sn-devel-184
Volker Lendecke [Tue, 15 Dec 2020 16:15:21 +0000 (17:15 +0100)]
libsmbclient: Avoid a call to SMBC_errno() in SMBC_mkdir_ctx()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 15 Dec 2020 16:05:34 +0000 (17:05 +0100)]
libsmb: Factor out cli_status_to_errno() from cli_errno()
cli_errno() calls far too many trivial but subtle functions, all
referencing cli->raw_status. This might be the first step towards
getting rid of that.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sat, 12 Jun 2021 18:46:20 +0000 (20:46 +0200)]
rpc_server: Make get_domain_userlist() independent of errno
In the "num_users==0" case (previously just return NULL) we depended
on errno==0 implicitly. When list_sessions() above in this routine had
to open smbXsrv_session_global, it could however happen that errno was
set. If then there were no users, get_domain_userlist() returned NULL
with errno set, which the callers interpreted then as a real error.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sat, 12 Jun 2021 18:39:49 +0000 (20:39 +0200)]
rpc_server: Make errno return of get_logged_on_userlist explicit
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sat, 12 Jun 2021 10:45:30 +0000 (12:45 +0200)]
rpc_server: Don't rely on TCP-bind() to return EADDRINUSE
socket_wrapper can't do EADDRINUSE because unix domain sockets don't
do it.
This currently works correctly because right now all RPC servers
either use explicit ports or all listen on the same socket.
The new code uses a static variable, so it only helps if a single
process listens for multiple RPC sockets. It won't work if multiple
processes start listening. But in case samba-dcerpcd goes in this will
be exactly the right thing to do.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Jeremy Allison [Mon, 14 Jun 2021 23:34:14 +0000 (16:34 -0700)]
s3: torture: Add POSIX-SYMLINK-GETPATHINFO regression test.
This ensure we never blunder into indirecting a NULL fsp pointer
in the server. We already pass this, but this test will ensure
we continue to do so as we make fileserver changes.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power<npower@samba.org>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Tue Jun 15 11:06:23 UTC 2021 on sn-devel-184
Julien ROPÉ [Fri, 23 Nov 2018 14:56:59 +0000 (15:56 +0100)]
Fix for https://bugzilla.samba.org/show_bug.cgi?id=9634
Add an option to smb.conf to list authorized zone transfer clients.
Implement restriction in dlz_bind9 module to allow transfers only to selected IPs.
Deny zone transfer by default in dlz_bind9.
Adds test for the restriction in DNZ zone transfer clients.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9634
Signed-off-by: Julien ROPÉ <jrope@linagora.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Jun 11 19:28:10 UTC 2021 on sn-devel-184
Jeremy Allison [Wed, 9 Jun 2021 19:22:26 +0000 (12:22 -0700)]
s3: smbd: Remove erroneous TALLOC_FREE(smb_fname_parent) in change_file_owner_to_parent() error path.
Caller is still using this !
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14736
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power<npower@samba.org>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Fri Jun 11 10:17:46 UTC 2021 on sn-devel-184
Noel Power [Wed, 9 Jun 2021 13:58:41 +0000 (14:58 +0100)]
VFX: vxfs: Fixup some warnings
../../source3/modules/vfs_vxfs.c:343:6: error: unused variable ‘i’ [-Werror=unused-variable]
int i, offset = 0;
^
../../source3/modules/vfs_vxfs.c:342:17: error: unused variable ‘n_id’ [-Werror=unused-variable]
uint32_t e_id, n_id;
^~~~
../../source3/modules/vfs_vxfs.c:342:11: error: unused variable ‘e_id’ [-Werror=unused-variable]
uint32_t e_id, n_id;
^~~~
../../source3/modules/vfs_vxfs.c:341:35: error: unused variable ‘n_perm’ [-Werror=unused-variable]
uint16_t e_type, n_type, e_perm, n_perm;
^~~~~~
../../source3/modules/vfs_vxfs.c:341:27: error: unused variable ‘e_perm’ [-Werror=unused-variable]
uint16_t e_type, n_type, e_perm, n_perm;
^~~~~~
../../source3/modules/vfs_vxfs.c: In function ‘vxfs_compare’:
../../source3/modules/vfs_vxfs.c:407:6: error: unused variable ‘i’ [-Werror=unused-variable]
int i, count = 0;
^
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Noel Power [Thu, 10 Jun 2021 13:52:04 +0000 (14:52 +0100)]
VFS: vxfs: ifdef out vxfs_sys_acl_set_fd
as the sys_acl_set_fd_fn definition for vxfs_sys_acl_set_fd is ifdef'ed
out we also need ifdef out the vxfs_sys_acl_set_fd implementation itself
otherwise we get the following error.
source3/modules/vfs_vxfs.c:484:12: error: ‘vxfs_sys_acl_set_fd’ defined but not used [-Werror=unused-function]
static int vxfs_sys_acl_set_fd(vfs_handle_struct *handle,
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Noel Power [Thu, 10 Jun 2021 13:11:03 +0000 (14:11 +0100)]
s3/smbd: Remove unecessary 'else' block
This is an inconsequential cosmetic change, it just caught my eye
as looking a bit out of place compared to the surrounding code style.
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Noel Power [Thu, 10 Jun 2021 10:32:06 +0000 (11:32 +0100)]
s3/smbd: dos_mode_check_compressed: remove smb_fname, conn fn parms
smb_fname is unused and we can get conn from the fsp passed in
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Noel Power [Thu, 10 Jun 2021 09:04:39 +0000 (10:04 +0100)]
s3/smbd: dos_mode_post: remove smb_fname param
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org
Noel Power [Thu, 10 Jun 2021 08:45:02 +0000 (09:45 +0100)]
s3/smbd: call dos_mode_post with fsp
Next commit can remove smb_name param from dos_mode_post
signature.
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Jeremy Allison [Thu, 10 Jun 2021 17:30:17 +0000 (10:30 -0700)]
s3: smbd: Protect dos_mode_at_send() from running into a symlink.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power<npower@samba.org>
Douglas Bagnall [Wed, 28 Apr 2021 05:40:08 +0000 (17:40 +1200)]
pytests: add dns_aging, embracing and extending ageing tests
This incorporates tests from various dns*.py files, but makes them
correct.
All but one of these tests pass against Windows 2012r2.
Further patches will remove the broken tests in other files, and fix
Samba so it passes these.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Jun 11 09:29:23 UTC 2021 on sn-devel-184
Douglas Bagnall [Thu, 13 May 2021 03:51:45 +0000 (03:51 +0000)]
py: samba.dnsserver: add helper for record buffers
We *always* make these steps when we get a record.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 19 May 2021 02:39:00 +0000 (02:39 +0000)]
pytest:dns_base: make_txt_update can set arbitrary TTL
Also, improve a variable name.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Fri, 28 May 2021 06:08:56 +0000 (18:08 +1200)]
pydns: expose dns_records_match() as dsdb_dns.records.match()
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Sat, 29 May 2021 09:25:29 +0000 (21:25 +1200)]
dns: merge dns_records_match and dns_record_match
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Fri, 23 Apr 2021 07:49:05 +0000 (19:49 +1200)]
dlz: remove pretense of HINFO support
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Tue, 13 Apr 2021 00:06:16 +0000 (12:06 +1200)]
dns_record_match: drop pretense of HINFO support
We don't support it really, and if we did there is no sense in which
it could be updated, which is the context in which this function is
used.
(modern HINFO returns the constant string "RFC8482". See RFC 8482).
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Mon, 12 Apr 2021 21:57:33 +0000 (09:57 +1200)]
dns common: dns_records_match() matches tombstones
This will be needed by the RPC server. Other callers already filter
out tombstones, so this is OK.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Mon, 12 Apr 2021 19:00:41 +0000 (07:00 +1200)]
dns: merge dlz/internal dns_records_match()
We have had three nearly identical functions called
dns_record[s]_match. This patch merges two of them, attempting to keep
the good bits and not the bugs.
That means:
1. We use the AAAA match from dlz, which is agnostic to all the
billions of ways you can write the same IPv6 address (case sensitivity
is just the beginning).
2. We lean more on the TXT match from dns_utils, because the dlz used
a weird bitwise &= operator, but we adjust to exit early.
3. Keep HINFO from dlz (for now).
4. Use the dns_name_equal() that was already in dns_common, which was
used by dlz. dns_utils had a strange one that probably did the same
thing.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Mon, 12 Apr 2021 18:36:03 +0000 (06:36 +1200)]
dlz_bind9: remove redundant logging in b9_record_match()
This log message will never be seen. We know because:
1. Always (two places) we are comparing an incoming record against a
database record.
2. The incoming record has come from b9_parse(), which makes the same
check.
3. If the database record is bad, we will never get here because the
first check is b9_record_match() is
if (rec1->wType != rec2->wType) {
return false;
}
and rec1->wType is not going to equal the corrupt database record's
wType, because point 2.
OK, but why? So we can shift this into dnsserver_common.c, because
the internal dns server has an inferior record_match() and it could do
with sharing this one.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 28 Apr 2021 01:55:02 +0000 (13:55 +1200)]
python:subunit: Avoid misleading "Test was never started" error message
subunithelper.py keeps track of tests that have been started, and
displays an error message if a test reports an outcome without having
previously been started. However, it makes the assumption that a test
has finished once it has reported a single outcome. This means that a
misleading error message will be displayed if it receives multiple
outcomes from the same test (which can happen if a test using the Python
unittest framework does not complete successfully, and the cleanup
subsequently fails), and any actual errors from the cleanup remain
undisplayed.
This commit ensures that only a single outcome is reported for each
test, and only after the test has finished. Outcomes are buffered up
until the stopTest() function is called, when a single outcome is
determined and all errors received for that test are output.
FilterOps still needs to output test outcomes immediately rather than
buffering them, otherwise they are never picked up and passed on to the
remote test case by subunithelper.parse_results(). This would result in
an error as the test would be considered to have never finished.
Example subunitrun output before the change:
time: 2021-04-28 01:28:49.862123Z
test: samba.tests.example.ExampleTests.test
time: 2021-04-28 01:28:49.862215Z
failure: samba.tests.example.ExampleTests.test [
Traceback (most recent call last):
File "bin/python/samba/tests/example.py", line 28, in test
self.fail()
AssertionError: None
]
time: 2021-04-28 01:28:49.862407Z
failure: samba.tests.example.ExampleTests.test [
Traceback (most recent call last):
File "bin/python/samba/tests/example.py", line 31, in tearDown
self.fail()
AssertionError: None
]
time: 2021-04-28 01:28:49.862467Z
time: 2021-04-28 01:28:49.862510Z
and after:
time: 2021-04-28 01:29:19.949347Z
test: samba.tests.example.ExampleTests.test
time: 2021-04-28 01:29:19.949440Z
time: 2021-04-28 01:29:19.949590Z
time: 2021-04-28 01:29:19.949640Z
failure: samba.tests.example.ExampleTests.test [
Traceback (most recent call last):
File "bin/python/samba/tests/example.py", line 28, in test
self.fail()
AssertionError: None
Traceback (most recent call last):
File "bin/python/samba/tests/example.py", line 31, in tearDown
self.fail()
AssertionError: None
]
time: 2021-04-28 01:29:19.949702Z
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 28 Apr 2021 01:54:44 +0000 (13:54 +1200)]
python:subunit: Remove write_traceback()
This functionality is already present in the Python unittest framework,
and so is not necessary to include here.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 28 Apr 2021 02:17:56 +0000 (14:17 +1200)]
python:subunit: Fix skipping a test with no reason given
Not specifying a reason means addSkip() is passed an empty string rather
than None. As a result, this condition was never hit, and the call to
_addOutcome() had an incorrect parameter.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 3 Jun 2021 23:37:56 +0000 (11:37 +1200)]
dbcheck: formatting
Reduce the length of some lines to 79 characters or less.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Jun 11 08:28:28 UTC 2021 on sn-devel-184
Joseph Sutton [Thu, 3 Jun 2021 23:32:00 +0000 (11:32 +1200)]
dbcheck: Refactor RID Set check to use free_rid_bounds()
This function provides a simpler method of getting the bounds of the
range of RIDs we want to check. We also now check that the low bound is
less than the high bound for both rIDAllocationPool and
rIDPreviousAllocationPool.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Joseph Sutton [Wed, 2 Jun 2021 05:00:33 +0000 (17:00 +1200)]
netcmd: Avoid conflicting SIDs when creating an offline backup
To allow the new DC object to be created in a restored domain while
avoiding conflicts with existing SIDS, we fetch a SID that is available
at the time of backing up and store it in the backed-up database.
However, if a new security principal is created on this DC during the
backup process, the stored SID may be reused for that object, resulting
in an error on restoration.
By getting the SID for restore only after all the database files have
been backed up, we ensure that the chosen SID does not conflict with any
objects in the backed-up database.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Joseph Sutton [Tue, 1 Jun 2021 00:03:38 +0000 (12:03 +1200)]
ridalloc: Don't skip the first RID of a pool
Previously, if either of the rIDPreviousAllocation and rIDNextRID
attributes were not present in a RID Set, the first RID in
rIDAllocationPool was skipped over when determining their values.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Joseph Sutton [Thu, 27 May 2021 03:35:35 +0000 (15:35 +1200)]
netcmd: Use next_free_rid() function to calculate a SID for restoring a backup
This means we won't get errors if the DC doesn't have a rIDNextRID
attribute, but we will still error if there is no RID Set or if all its
pools are exhausted.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14669
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Joseph Sutton [Mon, 24 May 2021 04:46:28 +0000 (16:46 +1200)]
python/tests/dsdb: Add tests for RID allocation functions
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14669
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Joseph Sutton [Mon, 24 May 2021 00:59:59 +0000 (12:59 +1200)]
dsdb: Add next_free_rid() function to allocate a RID without modifying the database
If used to generate SIDs for objects, care should be taken, as the
possibility for having duplicate objectSIDs can arise.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14669
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>