Stefan Metzmacher [Mon, 19 Jul 2021 10:57:50 +0000 (12:57 +0200)]
tdb: version 1.4.5
* fix standalone usage of tdb.h
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Jul 20 11:48:38 UTC 2021 on sn-devel-184
Günther Deschner [Fri, 16 Jul 2021 15:29:40 +0000 (17:29 +0200)]
tdb: Fix invalid syntax in tdb.h
Defining _PUBLIC_ in the same way as in talloc.h resolves an issue with
a previous fix for Solaris Studio compiler 12.4 that prefixed all calls
in tdb.h with _PUBLIC_. Thanks to Lukas Slebodnik
<lslebodn@redhat.com>.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14762
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Martin Schwenke [Tue, 27 Apr 2021 05:45:17 +0000 (15:45 +1000)]
utils: Avoid pylint warning
pylint warns:
Use lazy % formatting in logging functions
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jose A. Rivera <jarrpa@samba.org>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Tue Jul 20 05:29:18 UTC 2021 on sn-devel-184
Martin Schwenke [Tue, 27 Apr 2021 05:37:43 +0000 (15:37 +1000)]
utils: Reformat lines that are longer than 80 columns
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jose A. Rivera <jarrpa@samba.org>
Martin Schwenke [Tue, 27 Apr 2021 04:56:20 +0000 (14:56 +1000)]
utils: Tweak exception handling to stop flake8 complaining
Don't bother with "as e" to avoid warning about unused variable.
Don't use bare "except:" (though pylint still complains about this
version).
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jose A. Rivera <jarrpa@samba.org>
Martin Schwenke [Wed, 26 May 2021 01:18:04 +0000 (11:18 +1000)]
utils: Simplify log level logic, drop global variable
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jose A. Rivera <jarrpa@samba.org>
Martin Schwenke [Tue, 27 Apr 2021 04:50:15 +0000 (14:50 +1000)]
utils: Inline defaults and help strings
Removes an unnecessary level of indirection: defaults and help strings
are now where they are expected. Also removes some global variables.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jose A. Rivera <jarrpa@samba.org>
Martin Schwenke [Wed, 26 May 2021 00:57:07 +0000 (10:57 +1000)]
utils: Move argument processing into function and call from main()
Removes the need for the global variables currently associated with
this processing. Also removes unnecessarily double-handling the
defaults, which are assigned to the global variables and set via
add_argument().
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jose A. Rivera <jarrpa@samba.org>
Martin Schwenke [Tue, 27 Apr 2021 03:00:49 +0000 (13:00 +1000)]
utils: Reorder imports so that standard imports are first
Avoids numerous pylint warnings.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jose A. Rivera <jarrpa@samba.org>
Martin Schwenke [Tue, 27 Apr 2021 02:59:17 +0000 (12:59 +1000)]
utils: Clean up ctdb_etcd_lock using autopep8
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jose A. Rivera <jarrpa@samba.org>
Martin Schwenke [Tue, 27 Apr 2021 05:46:14 +0000 (15:46 +1000)]
utils: Use Python 3
Due to the number of flake8 and pylint warnings it is unclear if the
source has Python 3 incompatibilities. These will be cleaned up in
subsequent commits.
Signed-off-by: "L.P.H. van Belle" <belle@bazuin.nl>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jose A. Rivera <jarrpa@samba.org>
Volker Lendecke [Sat, 26 Jun 2021 12:21:49 +0000 (14:21 +0200)]
examples: Make winreg.py sample work with python3 in current master
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Jul 19 17:44:08 UTC 2021 on sn-devel-184
Andreas Schneider [Thu, 15 Jul 2021 14:52:02 +0000 (16:52 +0200)]
gitignore: Add .cache directory
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Jul 19 15:27:14 UTC 2021 on sn-devel-184
Andreas Schneider [Thu, 15 Jul 2021 14:50:56 +0000 (16:50 +0200)]
selftest: Add PYTHONPATH for lsp servers to devel_env.sh
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Andreas Schneider [Wed, 14 Jul 2021 09:38:39 +0000 (11:38 +0200)]
s3:utils: Use better error message for smbtree
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Jul 16 03:45:19 UTC 2021 on sn-devel-184
Stefan Metzmacher [Tue, 29 Jun 2021 13:42:56 +0000 (15:42 +0200)]
libcli/smb: allow unexpected padding in SMB2 READ responses
Make use of smb2cli_parse_dyn_buffer() in smb2cli_read_done()
as it was exactly introduced for a similar problem see:
commit
4c6c71e1378401d66bf2ed230544a75f7b04376f
Author: Stefan Metzmacher <metze@samba.org>
AuthorDate: Thu Jan 14 17:32:15 2021 +0100
Commit: Volker Lendecke <vl@samba.org>
CommitDate: Fri Jan 15 08:36:34 2021 +0000
libcli/smb: allow unexpected padding in SMB2 IOCTL responses
A NetApp Ontap 7.3.7 SMB server add 8 padding bytes to an
offset that's already 8 byte aligned.
RN: Work around special SMB2 IOCTL response behavior of NetApp Ontap 7.3.7
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14607
Pair-Programmed-With: Volker Lendecke <vl@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Jan 15 08:36:34 UTC 2021 on sn-devel-184
RN: Work around special SMB2 READ response behavior of NetApp Ontap 7.3.7
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14607
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jul 15 23:53:55 UTC 2021 on sn-devel-184
Stefan Metzmacher [Tue, 29 Jun 2021 13:24:13 +0000 (15:24 +0200)]
libcli/smb: make smb2cli_ioctl_parse_buffer() available as smb2cli_parse_dyn_buffer()
It will be used in smb2cli_read.c soon...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14607
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Mon, 5 Jul 2021 15:49:00 +0000 (17:49 +0200)]
s3:smbd: implement FSCTL_SMBTORTURE_GLOBAL_READ_RESPONSE_BODY_PADDING8
This turns the 'smb2.read.bug14607' test from 'skip' into 'xfailure',
as the 2nd smb2cli_read() function will now return
NT_STATUS_INVALID_NETWORK_RESPONSE.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14607
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Mon, 5 Jul 2021 15:49:00 +0000 (17:49 +0200)]
s3:smbd: introduce a body_size variable in smbd_smb2_request_read_done
This will simplify the following changes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14607
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Tue, 6 Jul 2021 14:24:59 +0000 (16:24 +0200)]
s4:torture/smb2: add smb2.read.bug14607 test
This test will use a FSCTL_SMBTORTURE_GLOBAL_READ_RESPONSE_BODY_PADDING8
in order to change the server behavior of READ responses regarding
the data offset.
It will demonstrate the problem in smb2cli_read*() triggered
by NetApp Ontap servers.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14607
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Mulder [Mon, 12 Jul 2021 21:18:04 +0000 (15:18 -0600)]
Update WHATSNEW for Certificate Auto Enrollment
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jul 15 20:03:45 UTC 2021 on sn-devel-184
David Mulder [Fri, 2 Jul 2021 20:44:43 +0000 (20:44 +0000)]
gpo: Test Certificate Auto Enrollment Policy
Signed-off-by: David Mulder <dmulder@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Mulder [Mon, 28 Jun 2021 15:06:09 +0000 (09:06 -0600)]
gpo: Fix up rsop output of ca certificate
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Mulder [Thu, 17 Jun 2021 15:13:12 +0000 (09:13 -0600)]
gpo: Add Certificate Auto Enrollment Policy
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Karolin Seeger [Thu, 15 Jul 2021 07:42:49 +0000 (09:42 +0200)]
WHATSNEW: Start release notes for Samba 4.16.0pre1.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Jule Anger <janger@samba.org>
Karolin Seeger [Thu, 15 Jul 2021 07:38:41 +0000 (09:38 +0200)]
VERSION: Bump version up to 4.16.0pre1...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Jule Anger <janger@samba.org>
Karolin Seeger [Thu, 15 Jul 2021 07:09:37 +0000 (09:09 +0200)]
VERSION: Disable GIT_SNAPSHOT for the Samba 4.15.0rc1 release.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Jule Anger <janger@samba.org>
Karolin Seeger [Thu, 15 Jul 2021 07:06:20 +0000 (09:06 +0200)]
WHATSNEW: Up to Samba 4.15.0rc1.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Jule Anger <janger@samba.org>
Karolin Seeger [Thu, 15 Jul 2021 07:04:18 +0000 (09:04 +0200)]
WHATSNEW: Fix typos.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Jule Anger <janger@samba.org>
Jeremy Allison [Wed, 14 Jul 2021 18:23:54 +0000 (11:23 -0700)]
s3: VFS: default. In vfswrap_getxattrat_do_async() always use the pathref fsp.
This is always called via a path that mandates
smb_fname->fsp is valid.
https://bugzilla.samba.org/show_bug.cgi?id=14758
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Jul 15 05:48:05 UTC 2021 on sn-devel-184
Jeremy Allison [Wed, 14 Jul 2021 18:23:03 +0000 (11:23 -0700)]
s3: VFS: default. In vfswrap_getxattrat_do_sync() always use the pathref fsp.
This is always called via a path that mandates
smb_fname->fsp is valid.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14758
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Wed, 14 Jul 2021 18:35:06 +0000 (11:35 -0700)]
s3: VFS: default: Add 'handle' member to struct vfswrap_getxattrat_state
Not yet used.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14758
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Wed, 14 Jul 2021 18:17:49 +0000 (11:17 -0700)]
s3: VFS: default: Move vfswrap_fgetxattr() before the async versions.
We want to re-use this and don't want to have to add forward
declarations.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14758
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Wed, 14 Jul 2021 22:00:13 +0000 (15:00 -0700)]
s3: smbd: Allow "smbd async dosmode = yes" to return valid DOS attributes again.
We already have a valid smb_fname->fsp, don't drop
it when returning from smbd_dirptr_lanman2_entry()
to allow it to be reused inside dos_mode_at_send().
Remove knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14758
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Wed, 14 Jul 2021 22:29:01 +0000 (15:29 -0700)]
s3: tests: Add "SMB2-LIST-DIR-ASYNC" test.
Add as knownfail.
Shows our "smbd async dosmode" code wasn't working.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14758
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Wed, 14 Jul 2021 22:26:42 +0000 (15:26 -0700)]
s3: tests: Our tests for "smbd async dosmode = yes" haven't been working correctly as the parameter has been set incorrectly.
If must be "smbd async dosmode", not "smbd:async dosmode"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14758
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Wed, 14 Jul 2021 16:40:34 +0000 (18:40 +0200)]
WHATSNEW: add client/server smb3 signing/encryption algorithms
We can add more about this in the final 4.15.0 release notes later.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Jul 15 00:57:24 UTC 2021 on sn-devel-184
Stefan Metzmacher [Mon, 8 Mar 2021 01:05:55 +0000 (02:05 +0100)]
s3:smbd: improve the error returns for invalid session binding requests
This brings us closer to what a Windows Server with GMAC signing
returns.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Wed, 14 Jul 2021 14:12:41 +0000 (16:12 +0200)]
s4:torture: more smb2.session.bind_negative_smb3* combinations
This tests all kind of signing/encryption algorithm mismatches
and passes against Windows with GMAC signing support.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Tue, 13 Jul 2021 21:28:04 +0000 (23:28 +0200)]
docs-xml: offer aes-128-gmac by default
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Wed, 11 Nov 2020 13:10:01 +0000 (14:10 +0100)]
libcli/smb: add support for SMB2_SIGNING_AES128_GMAC
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Wed, 14 Jul 2021 13:04:22 +0000 (15:04 +0200)]
s4:torture: force AES_CMAC or HMAC_SHA256 for some SMB 3.1.1 tests
Allowing GMAC in future will generate different results, so
make sure the tests keep working as is.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Tue, 13 Jul 2021 19:26:19 +0000 (21:26 +0200)]
libcli/smb: actually make use of "client/server smb3 signing algorithms"
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Tue, 13 Jul 2021 19:26:19 +0000 (21:26 +0200)]
docs-xml: add "client/server smb3 signing algorithms" options
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Wed, 11 Nov 2020 13:27:30 +0000 (14:27 +0100)]
s3:smbd: prepare support for SMB2_SIGNING_CAPABILITIES
But notice that srv_sign_algos->num_algos is always 0 for now,
but that'll change in the next commits.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Thu, 11 Mar 2021 10:04:14 +0000 (11:04 +0100)]
libcli/smb: prepare support for SMB2_SIGNING_CAPABILITIES negotiation
For now client_sign_algos->num_algos will always be 0,
but that'll change in the next commits.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Wed, 11 Nov 2020 13:10:01 +0000 (14:10 +0100)]
libcli/smb: make sure smb2_signing_calc_signature() never generates a signature without a valid MID
This is important as AES-128-GMAC signing will derive the NONCE from the MID.
It also means a STATUS_PENDING response must never be signed.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Thu, 6 May 2021 21:07:13 +0000 (23:07 +0200)]
libcli/smb: make sure we always send a valid MID in cancel PDUs
This is important as with AES-128-GMAC signing, the nonce will be
derived from the MID.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Mon, 8 Mar 2021 01:03:30 +0000 (02:03 +0100)]
libcli/smb: skip session setup signing for REQUEST_OUT_OF_SEQUENCE, NOT_SUPPORTED and ACCESS_DENIED
We should propagate these errors to the caller instead of masking them
with ACCESS_DENIED. And for ACCESS_DENIED we should not disconnect the
connection.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Wed, 14 Jul 2021 14:23:54 +0000 (16:23 +0200)]
libcli/smb: add smb2cli_conn_server_{signing,encryption}_algo()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Tue, 13 Jul 2021 20:37:36 +0000 (22:37 +0200)]
s3:smbd: make sure we don't try to sign CANCEL response PDUs
Normally these are never generated, but it can happen when the
signing check fails.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Fri, 11 Jun 2021 13:33:46 +0000 (13:33 +0000)]
s3:smbd: make sure STATUS_PENDING responses are never signed
It's important to match Windows here in order to avoid reusing
a NONCE for AES-128-GMAC signing.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Thu, 6 May 2021 21:55:49 +0000 (23:55 +0200)]
s3:smbstatus: pretty print the use of new signing/encryption algorithms
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Tue, 13 Jul 2021 19:50:27 +0000 (21:50 +0200)]
s3:smbd: only allow cancel with the same session
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Wed, 11 Nov 2020 12:47:11 +0000 (13:47 +0100)]
libcli/smb: add SMB2_SIGNING_CAPABILITIES related defines to smb2_constants.h
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Wed, 11 Nov 2020 12:47:11 +0000 (13:47 +0100)]
libcli/smb: add SMB2_RDMA_TRANSFORM_CAPABILITIES related defines to smb2_constants.h
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Wed, 11 Nov 2020 12:47:11 +0000 (13:47 +0100)]
libcli/smb: add SMB2_TRANSPORT_CAPABILITIES related defines to smb2_constants.h
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Tue, 10 Nov 2020 00:28:03 +0000 (01:28 +0100)]
lib/param: offer aes-256-{gcm,ccm} encryption by default
We match Windows and keep aes-128-{gcm,ccm} first...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Tue, 10 Nov 2020 00:25:19 +0000 (01:25 +0100)]
libcli/smb: add aes-256-{gcm,ccm} support to smb2_signing_[en|de]crypt_pdu()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Wed, 14 Jul 2021 10:13:49 +0000 (12:13 +0200)]
s3:smbd: let 'server smb3 encryption algorithms' disable aes-128-ccm for SMB3_0*
SMB 3.0 and 3.0.2 require aes-128-ccm, so we need to reject them unless
'client smb3 encryption algorithms' allows them.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Wed, 14 Jul 2021 10:13:49 +0000 (12:13 +0200)]
libcli/smb: add smb311_capabilities_check() helper
It checks that the resulting algorithms (most likely for
dialects < 3.1.1) are actually allowed.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Wed, 14 Jul 2021 10:13:49 +0000 (12:13 +0200)]
libcli/smb: let 'client smb3 encryption algorithms' disable aes-128-ccm for SMB3_0*
SMB 3.0 and 3.0.2 require aes-128-ccm, so we need to reject them unless
'client smb3 encryption algorithms' allows them.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Tue, 13 Jul 2021 16:16:10 +0000 (18:16 +0200)]
s3:smbd: make use of 'server smb3 encryption algorithms'
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Tue, 13 Jul 2021 16:16:10 +0000 (18:16 +0200)]
s4:param: make use of 'client smb3 encryption algorithms'
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Tue, 13 Jul 2021 16:16:10 +0000 (18:16 +0200)]
s3:libsmb: make use of 'client smb3 encryption algorithms'
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Tue, 13 Jul 2021 16:00:59 +0000 (18:00 +0200)]
libcli/smb: add helpers to parse client/server smb3 encryption algorithms into struct smb311_capabilities
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Tue, 13 Jul 2021 16:00:59 +0000 (18:00 +0200)]
docs-xml: add "client/server smb3 encryption algorithms" options
This gives administrators more control over the used algorithms.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Wed, 10 Mar 2021 15:34:54 +0000 (16:34 +0100)]
smb2_negprot: make use of struct smb311_capabilities.encryption
This makes the code more generic and allow the supported ciphers
to be easily added or depend on the configuration later.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Tue, 13 Jul 2021 22:16:06 +0000 (00:16 +0200)]
WHATNEW: document "server multi channel support" change
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Tue, 13 Jul 2021 22:14:24 +0000 (00:14 +0200)]
lib/param: enable "server multi channel support" by default on Linux and FreeBSD
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Tue, 13 Jul 2021 22:06:52 +0000 (00:06 +0200)]
lib/param: add lpcfg_parm_is_unspecified() helper
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Fri, 9 Jul 2021 13:36:12 +0000 (15:36 +0200)]
s3:smbd: fallback to smb2srv_session_lookup_global() for session setups with failed signing
The motivation is to get the same error responses as a windows server.
We already fallback to smb2srv_session_lookup_global() in other places
where we don't have a valid session in the current smbd process.
If signing is failing while verifying a session setup request,
we should do the same if we don't have a valid channel binding
for the connection yet.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Tue, 13 Jul 2021 14:37:42 +0000 (16:37 +0200)]
s3:smbd: remove dead code from smbd_smb2_request_dispatch()
We have '} else if (signing_required || (flags & SMB2_HDR_FLAG_SIGNED)) {'
before...
Use 'git show -U52' to see the whole story...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Wed, 14 Jul 2021 15:15:52 +0000 (17:15 +0200)]
s3:smbd: make sure smbXsrv_session_update() doesn't segfault with table == NULL
There might be other places than smb2srv_update_crypto_flags(), which
may call smbXsrv_session_update() with a fake session, they should
return in error instead of segfaulting.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Thu, 10 Jun 2021 16:03:15 +0000 (16:03 +0000)]
s3:smbd: fix a NULL pointer deference caused by smb2srv_update_crypto_flags()
When we used a fake session structure from
smb2srv_session_lookup_global() there's no point in updating
any database.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Thu, 10 Jun 2021 16:03:15 +0000 (16:03 +0000)]
s3:smbd: let smb2srv_session_lookup_global() clear the signing/encryption_flags
When we make use of this we only in order to provide the correct
error codes anyway.
This actually fixes even more error codes.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Thu, 10 Jun 2021 16:03:15 +0000 (16:03 +0000)]
s4:torture: let smb2.session.bind_negative_* tests also use a different client guid
Testing also with a different client guid between channels
triggers (at least in samba) a different code path compaired
to the tests using the same client guid.
Testing both already revealed a bug.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Thu, 10 Jun 2021 16:03:15 +0000 (16:03 +0000)]
s4:torture: let smb2.session.bind_negative_* also test without session keys
This checks the result of a 2nd session setup without the BIND flags
and also without signing being already enabled.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Fri, 9 Jul 2021 10:37:38 +0000 (12:37 +0200)]
WHATSNEW: document the removal of SMB2_22, SMB2_24 and SMB3_10
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Fri, 9 Jul 2021 10:04:30 +0000 (12:04 +0200)]
libcli/smb: remove unused PROTOCOL_SMB3_10 definition
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Fri, 9 Jul 2021 10:03:06 +0000 (12:03 +0200)]
docs-xml: remove support for "SMB3_10"
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Wed, 11 Nov 2020 14:14:12 +0000 (15:14 +0100)]
libcli/smb: replace PROTOCOL_SMB3_10 with PROTOCOL_SMB3_11
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Wed, 11 Nov 2020 14:14:12 +0000 (15:14 +0100)]
s3:smbd: replace PROTOCOL_SMB3_10 with PROTOCOL_SMB3_11
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Fri, 9 Jul 2021 10:04:30 +0000 (12:04 +0200)]
libcli/smb: remove unused PROTOCOL_SMB2_24 definition
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Fri, 9 Jul 2021 10:03:06 +0000 (12:03 +0200)]
docs-xml: remove support for "SMB2_24"
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Wed, 11 Nov 2020 14:14:12 +0000 (15:14 +0100)]
libcli/smb: replace PROTOCOL_SMB2_24 with PROTOCOL_SMB3_00
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Wed, 11 Nov 2020 14:14:12 +0000 (15:14 +0100)]
s3:smbd: replace PROTOCOL_SMB2_24 with PROTOCOL_SMB3_00
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Fri, 9 Jul 2021 10:04:30 +0000 (12:04 +0200)]
libcli/smb: remove unused PROTOCOL_SMB2_22 definition
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Fri, 9 Jul 2021 10:03:06 +0000 (12:03 +0200)]
docs-xml: remove support for "SMB2_22"
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Wed, 11 Nov 2020 14:14:12 +0000 (15:14 +0100)]
libcli/smb: replace PROTOCOL_SMB2_22 with PROTOCOL_SMB3_00
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Wed, 11 Nov 2020 14:14:12 +0000 (15:14 +0100)]
s3:smbd: replace PROTOCOL_SMB2_22 with PROTOCOL_SMB3_00
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Fri, 9 Jul 2021 09:57:17 +0000 (11:57 +0200)]
s3:torture: replace PROTOCOL_SMB2_22 with PROTOCOL_SMB3_00
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Wed, 11 Nov 2020 14:14:12 +0000 (15:14 +0100)]
smb2_negprot: no longer use experimental dialects 2.2.2, 2.2.4, 3.1.0 on the wire
These were only used in Windows development versions but not in
production.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Wed, 11 Nov 2020 14:14:12 +0000 (15:14 +0100)]
libcli/smb: no longer use experimental dialects 2.2.2, 2.2.4, 3.1.0 on the wire
These were only used in Windows development versions but not in
production.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Fri, 9 Jul 2021 12:58:24 +0000 (14:58 +0200)]
s4:torture:libsmbclient: make use of PROTOCOL_* enum values instead of of hardcoded int values
We should also test protocol versions which are not our default.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Fri, 9 Jul 2021 12:12:39 +0000 (14:12 +0200)]
selftest: use SAMBA_DEPRECATED_SUPPRESS=1 for all tests
The deprecation warnings are filling the logs and make it hard to
find/see real problems.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Jul 14 21:57:11 UTC 2021 on sn-devel-184
Stefan Metzmacher [Wed, 14 Jul 2021 04:30:03 +0000 (06:30 +0200)]
s3:tests: use SAMBA_DEPRECATED_SUPPRESS=1 for backbox tests
These tests should not depend on the number of deprecation warnings
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Wed, 14 Jul 2021 20:50:19 +0000 (22:50 +0200)]
ldb: version 2.4 will be used for Samba 4.15
- Improve calculate_popt_array_length()
- Use C99 initializers for builtin_popt_options[]
- pyldb: Fix Message.items() for a message containing elements
- pyldb: Add test for Message.items()
- tests: Use ldbsearch '--scope instead of '-s'
- pyldb: fix a typo
- Change page size of guidindexpackv1.ldb
- Use a 1MiB lmdb so the test also passes on aarch64 CentOS stream
- attrib_handler casefold: simplify space dropping
- fix ldb_comparison_fold off-by-one overrun
- CVE-2020-27840: pytests: move Dn.validate test to ldb
- CVE-2020-27840 ldb_dn: avoid head corruption in ldb_dn_explode
- CVE-2021-20277 ldb/attrib_handlers casefold: stay in bounds
- CVE-2021-20277 ldb tests: ldb_match tests with extra spaces
- improve comments for ldb_module_connect_backend()
- test/ldb_tdb: correct introductory comments
- ldb.h: remove undefined async_ctx function signatures
- correct comments in attrib_handers val_to_int64
- dn tests use cmocka print functions
- ldb_match: remove redundant check
- add tests for ldb_wildcard_compare
- ldb_match: trailing chunk must match end of string
- pyldb: catch potential overflow error in py_timestring
- ldb: remove some 'if PY3's in tests
- Add missing break in switch statement
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Wed, 14 Jul 2021 20:30:19 +0000 (22:30 +0200)]
tdb: version 1.4.4
- Fix a memory leak on error
- python: remove all 'from __future__ import print_function'
- Fix CID
1471761 String not null terminated
- Use hex_byte() in parse_hex()
- Use hex_byte() in read_data()
- fix studio compiler build
- Fix some signed/unsigned comparisons
- also use __has_attribute macro to check for attribute support
- Fix clang 9 missing-field-initializer warnings
- pytdb tests: add test for storev()
- pytdb: add python binding for storev()
- tdbtorture: Use ARRAY_DEL_ELEMENT()
- py3: Remove #define PyInt_FromLong PyLong_FromLong
- py3: Remove #define PyInt_AsLong PyLong_AsLong
- py3: Remove #define PyInt_Check PyLong_Check
- tdb: Align integer types
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Wed, 14 Jul 2021 20:28:19 +0000 (22:28 +0200)]
talloc: version 2.3.3
- python: Ensure reference counts are properly incremented
- Bug 9931: change pytalloc source to LGPL
Signed-off-by: Stefan Metzmacher <metze@samba.org>