Joseph Sutton [Mon, 20 Sep 2021 03:10:35 +0000 (15:10 +1200)]
tests/krb5: Add classes for testing invalid checksums
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Sep 23 19:28:44 UTC 2021 on sn-devel-184
Joseph Sutton [Mon, 20 Sep 2021 03:06:18 +0000 (15:06 +1200)]
tests/krb5: Add method to determine if principal is krbtgt
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 20 Sep 2021 02:10:07 +0000 (14:10 +1200)]
tests/krb5: Verify checksums of tickets obtained from the KDC
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 21 Sep 2021 01:54:47 +0000 (13:54 +1200)]
tests/krb5: Add get_rodc_krbtgt_creds() to RawKerberosTest
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 20 Sep 2021 02:05:58 +0000 (14:05 +1200)]
tests/krb5: Simplify account creation
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 21 Sep 2021 23:41:45 +0000 (11:41 +1200)]
tests/krb5: Provide ticket enc-part key to tgs_req()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 20 Sep 2021 02:08:16 +0000 (14:08 +1200)]
tests/krb5: Fix checking for presence of authorization data
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 20 Sep 2021 01:58:09 +0000 (13:58 +1200)]
tests/krb5: Add method to get DC credentials
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 20 Sep 2021 01:59:24 +0000 (13:59 +1200)]
tests/krb5: Allow tgs_req() to check the returned ticket enc-part
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 20 Sep 2021 01:54:39 +0000 (13:54 +1200)]
tests/krb5: Set key version number for all accounts created with create_account()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 21 Sep 2021 05:11:28 +0000 (17:11 +1200)]
tests/krb5: Correctly check PA-SUPPORTED-ENCTYPES
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 21 Sep 2021 05:10:49 +0000 (17:10 +1200)]
tests/krb5: Get supported enctypes for credentials from database
Look up the account's msDS-SupportedEncryptionTypes attribute to get the
encryption types that it supports. Move the fallback to RC4 to when the
ticket decryption key is obtained.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 21 Sep 2021 09:01:46 +0000 (21:01 +1200)]
tests/krb5: Add methods to convert between enctypes and bitfields
These methods are useful for converting a collection of encryption types
into msDS-SupportedEncryptionTypes bit flags, and vice versa.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 21 Sep 2021 05:01:12 +0000 (17:01 +1200)]
tests/krb5: Make get_default_enctypes() return a set of enctype constants
This is often more convenient than a bitfield.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 21 Sep 2021 01:33:16 +0000 (13:33 +1200)]
tests/krb5: Simplify adding authdata to ticket by using modified_ticket()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Fri, 17 Sep 2021 03:26:12 +0000 (15:26 +1200)]
tests/krb5: Add method for modifying a ticket and creating PAC checksums
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Fri, 17 Sep 2021 02:56:51 +0000 (14:56 +1200)]
tests/krb5: Add method to verify ticket PAC checksums
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Ralph Boehme [Wed, 25 Aug 2021 07:26:00 +0000 (09:26 +0200)]
registry: skip root check when running with uid-wrapper enabled
Currently registry config is not used in the clustered testenv, so currently
there's no problem. But once we do add that, the check would be triggered.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14787
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Sep 22 16:57:25 UTC 2021 on sn-devel-184
Joseph Sutton [Thu, 16 Sep 2021 05:20:22 +0000 (17:20 +1200)]
tests/krb5: Add RodcPacEncryptionKey type allowing for RODC PAC signatures
Signatures created by an RODC have an RODCIdentifier appended to them
identifying the RODC's krbtgt account.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Sep 21 23:55:39 UTC 2021 on sn-devel-184
Joseph Sutton [Thu, 16 Sep 2021 04:54:57 +0000 (16:54 +1200)]
tests/krb5: Add methods for creating zeroed checksums and verifying checksums
Creating a zeroed checksum is needed for signing a PAC.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 20 Sep 2021 23:51:20 +0000 (11:51 +1200)]
tests/krb5: Cache obtained tickets
Now tickets obtained with get_tgt() and get_service_ticket() make use of
a cache so they can be reused, unless the 'fresh' parameter is specified
as true.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 20 Sep 2021 23:51:05 +0000 (11:51 +1200)]
tests/krb5: Return encpart from get_tgt() as part of KerberosTicketCreds
The encpart is already contained in ticket_creds, so it no longer needs
to be returned as a separate value.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 16 Sep 2021 01:24:46 +0000 (13:24 +1200)]
tests/krb5: Move get_tgt() and get_service_ticket() to kdc_base_test
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 16 Sep 2021 01:14:45 +0000 (13:14 +1200)]
tests/krb5: Allow get_tgt() to specify expected and unexpected flags
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 16 Sep 2021 01:14:06 +0000 (13:14 +1200)]
tests/krb5: Allow get_tgt() to specify different kdc-options
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 16 Sep 2021 00:41:46 +0000 (12:41 +1200)]
tests/krb5: Allow get_tgt() to get tickets from the RODC
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 16 Sep 2021 00:38:38 +0000 (12:38 +1200)]
tests/krb5: Allow get_service_ticket() to get tickets from the RODC
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 16 Sep 2021 00:19:28 +0000 (12:19 +1200)]
tests/krb5: Set DN of created accounts to ldb.Dn type
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 16 Sep 2021 00:13:51 +0000 (12:13 +1200)]
tests/krb5: Don't manually create PAC request and options in fast_tests
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 16 Sep 2021 00:06:51 +0000 (12:06 +1200)]
tests/krb5: Use PAC buffer type constants from krb5pac.idl
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 15 Sep 2021 23:52:46 +0000 (11:52 +1200)]
tests/krb5: Allow as_req() to specify different kdc-options
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 15 Sep 2021 23:25:01 +0000 (11:25 +1200)]
tests/krb5: Allow tgs_req() to send requests to the RODC
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 15 Sep 2021 23:18:12 +0000 (11:18 +1200)]
tests/krb5: Allow tgs_req() to specify different kdc-options
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 15 Sep 2021 23:16:27 +0000 (11:16 +1200)]
tests/krb5: Allow tgs_req() to send additional padata
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 15 Sep 2021 23:13:09 +0000 (11:13 +1200)]
tests/krb5: Refactor tgs_req() to use _generic_kdc_exchange
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 15 Sep 2021 23:22:28 +0000 (11:22 +1200)]
tests/krb5: Check correct flags element
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 15 Sep 2021 08:56:28 +0000 (20:56 +1200)]
tests/krb5: Add helper method for modifying PACs
This method can remove or replace a PAC in an authorization-data
container, while additionally returning the original PAC.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Fri, 17 Sep 2021 04:43:00 +0000 (16:43 +1200)]
autobuild: allow AUTOBUILD_FAIL_IMMEDIATELY=0 (say from a gitlab variable)
This allows making a push to do a full test ignoring errors without
needing "HACK!!!" commits on top.
Use like this:
git push -o ci.variable='AUTOBUILD_FAIL_IMMEDIATELY=0'
RN: Samba CI runs can now continue past the first error if AUTOBUILD_FAIL_IMMEDIATELY=0 is set
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14841
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org
Reviewed-by: Noel Power <npower@samba.org>
Joseph Sutton [Fri, 10 Sep 2021 02:02:22 +0000 (14:02 +1200)]
python/join: Check for correct msDS-KrbTgtLink attribute
Previously, the wrong case was used when checking for this attribute,
which meant krbtgt accounts were not being cleaned up.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 1 Sep 2021 03:42:28 +0000 (15:42 +1200)]
python: Don't leak file handles
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Michael Adam [Mon, 20 Sep 2021 11:27:59 +0000 (13:27 +0200)]
lib:cmdline: fix a comment
The default log target was changed in
726ccf1d56b2979c827dd8586d1aeb6cb8de236c
(as a side effect), but the comment was only partially updated.
This patch fixes the comment by completing the orignal change to
correctly reflect current behavior.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Sep 21 20:28:49 UTC 2021 on sn-devel-184
Christof Schmitt [Mon, 20 Sep 2021 22:55:32 +0000 (15:55 -0700)]
smbd: Update debug messages for failed sharemode release
Use new macros, consistent log level and remove reference to flock.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Christof Schmitt <cs@samba.org>
Autobuild-Date(master): Tue Sep 21 19:39:10 UTC 2021 on sn-devel-184
Christof Schmitt [Mon, 20 Sep 2021 22:50:08 +0000 (15:50 -0700)]
smbd: Remove return variable for releasing filesystem sharemode
flock is no longer used, the existing "ret" variable can be used
instead.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Christof Schmitt [Mon, 20 Sep 2021 22:46:21 +0000 (15:46 -0700)]
smbd: Rename return variable for requesting filesystem sharemode
flock is no longer used, rename the variable accordingly.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Christof Schmitt [Mon, 20 Sep 2021 22:38:59 +0000 (15:38 -0700)]
smbd: Update comment for durable handles
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Christof Schmitt [Mon, 20 Sep 2021 22:29:22 +0000 (15:29 -0700)]
VFS: Update tracking documents for renamed function
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Christof Schmitt [Mon, 20 Sep 2021 22:27:07 +0000 (15:27 -0700)]
vfs_catia: Rename kernel_flock to filesystem_sharemode
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Christof Schmitt [Mon, 20 Sep 2021 22:26:19 +0000 (15:26 -0700)]
vfs_default: Rename kernel_flock to filesystem_sharemode
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Christof Schmitt [Mon, 20 Sep 2021 22:25:21 +0000 (15:25 -0700)]
vfs_streams_xattr: Rename kernel_flock to filesystem_sharemode
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Christof Schmitt [Mon, 20 Sep 2021 22:24:33 +0000 (15:24 -0700)]
vfs_gpfs: Rename kernel_flock to filesystem_sharemode
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Christof Schmitt [Mon, 20 Sep 2021 22:22:50 +0000 (15:22 -0700)]
vfs_time_audit: Fix message for fcntl VFS call
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Christof Schmitt [Mon, 20 Sep 2021 22:22:06 +0000 (15:22 -0700)]
vfs_time_audit: Rename kernel_flock to filesystem_sharemode
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Christof Schmitt [Mon, 20 Sep 2021 22:20:42 +0000 (15:20 -0700)]
vfs_glusterfs: Rename kernel_flock to filesystem_sharemode
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Christof Schmitt [Mon, 20 Sep 2021 22:18:56 +0000 (15:18 -0700)]
vfs_ceph: Rename kernel_flock to filesystem_sharemode
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Christof Schmitt [Mon, 20 Sep 2021 22:17:16 +0000 (15:17 -0700)]
docs-xml: Update vfs_full_audit manpage for renamed function
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Christof Schmitt [Mon, 20 Sep 2021 22:15:39 +0000 (15:15 -0700)]
vfs_full_audit: Rename kernel_flock to filesystem_sharemode
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Christof Schmitt [Mon, 20 Sep 2021 21:58:23 +0000 (14:58 -0700)]
s3: Remove definition of removed kernel_flock function
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Christof Schmitt [Mon, 20 Sep 2021 21:57:07 +0000 (14:57 -0700)]
examples/VFS/skel_opaque: Rename kernel_flock to filesystem_sharemode
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Christof Schmitt [Mon, 20 Sep 2021 21:56:08 +0000 (14:56 -0700)]
examples/VFS/skel_transparent: Rename kernel_flock to filesystem_sharemode
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Christof Schmitt [Mon, 20 Sep 2021 21:53:59 +0000 (14:53 -0700)]
VFS: Increase VFS version for renamed function
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Christof Schmitt [Mon, 20 Sep 2021 21:51:02 +0000 (14:51 -0700)]
VFS: Rename kernel_flock to filesystem_sharemode
With the removal of the call to flock LOCK_MAND, the only remaining use
of this VFS path is to register sharemodes with specific file systems.
Rename the VFS call to reflect that this is no longer related to flock.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Christof Schmitt [Mon, 20 Sep 2021 20:46:18 +0000 (13:46 -0700)]
profile: Remove syscall_kernel_flock profiling
This no longer calls flock, so it should not be part of the system call
profiling.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Samuel Cabrero [Mon, 23 Aug 2021 12:27:49 +0000 (14:27 +0200)]
s3:rpc_server: Do not use the default ncalrpc endpoint for external services
In samba3 it is possible to run some services externally, for example:
rpc_daemon:lsasd = fork
rpc_server:netlogon = disabled
rpc_server:samr = external
rpc_server:lsarpc = external
The external services running in separate processes have to use its own
dedicated ncalrpc endpoint, otherwise will race with main smbd serving the
embedded services to accept connections on ncalrpc default socket. If the
connection ends in an external process and the client tries to bind to an
interface not registered there (like winreg for example) the bind will fail.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Sep 21 11:00:01 UTC 2021 on sn-devel-184
Samuel Cabrero [Thu, 19 Aug 2021 10:52:04 +0000 (12:52 +0200)]
librpc:core: Add a function to register an interface passing the binding handle
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Samuel Cabrero [Mon, 23 Aug 2021 12:23:58 +0000 (14:23 +0200)]
pidl:NDR/ServerCompat.pm: Do not register disabled services
In samba3 it is possible to disable RPC services, for exapmle:
rpc_server:netlogon = disabled
If a service is disabled do not register the interface neither create its
endpoint.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Volker Lendecke [Mon, 20 Sep 2021 10:09:55 +0000 (12:09 +0200)]
lib: Move closefrom_except*() to a separate file
Enable use in other daemons
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Sep 21 01:12:12 UTC 2021 on sn-devel-184
Volker Lendecke [Mon, 20 Sep 2021 09:59:13 +0000 (11:59 +0200)]
samba-bgqd: Convert closeall_*() to closefrom_*()
Align it with closefrom() in preparation for use elsewhere
Signed-off-by: Volker Lendecke <vl@samba.org>
Volker Lendecke [Thu, 16 Sep 2021 15:05:25 +0000 (17:05 +0200)]
lib: Avoid an "includes.h"
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sat, 18 Sep 2021 06:30:07 +0000 (08:30 +0200)]
lib: Give util_specialsids.c its own prototype header
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 16 Sep 2021 15:04:47 +0000 (17:04 +0200)]
lib: Add required #includes
dom_sid.h itself references talloc, and security.h references
DATA_BLOB.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sat, 18 Sep 2021 05:59:25 +0000 (07:59 +0200)]
winbind: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 17 Sep 2021 13:00:36 +0000 (15:00 +0200)]
rpc_server4: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sun, 19 Sep 2021 08:01:33 +0000 (10:01 +0200)]
samba-bgqd: Enable smbcontrol pool-usage
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sat, 18 Sep 2021 06:51:59 +0000 (08:51 +0200)]
lib: Simplify sid_linearize()
We have ndr_push_dom_sid() for this
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Samuel Cabrero [Thu, 16 Sep 2021 12:08:28 +0000 (14:08 +0200)]
s3: rpc_server: Avoid creating new handles when received an empty policy_handle
After merging s3 and s4 RPC handles implementations in commit
70fa7e817e48c9faa3c6c7ae3749e4a8ebf3e6c2 a new empty handle is allocated
when find_policy_by_hnd() or close_policy_hnd() is called with an empty
policy_handle (see dcesrv_handle_lookup() implementation).
This new behavior was causing a crash when running samba3.rpc.mdssvc test
with log level >= 10, because a debug message in _mdssvc_close() was
dereferencing the handle's associated data when called from
test_mdssvc_close() with an empty policy_handle.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Sep 20 14:31:33 UTC 2021 on sn-devel-184
Volker Lendecke [Fri, 17 Sep 2021 08:22:29 +0000 (10:22 +0200)]
debug: Remove "override_logfile"
The only writer to this variable left with
c377845d27d4dcd7. The
closest match for override_logfile is is_default_dyn_LOGFILEBASE()
with the opposite logic.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Sep 18 00:53:28 UTC 2021 on sn-devel-184
Volker Lendecke [Fri, 10 Sep 2021 10:22:46 +0000 (12:22 +0200)]
smbtorture: Fix epmapper.Map_full test
For detailed knownfail on subtests we need torture_assert() calls
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Amitay Isaacs [Wed, 15 Sep 2021 04:29:28 +0000 (14:29 +1000)]
lib/tsocket: Fix build on Freebsd
This fixes the following build error on freebsd.
[1567/3959] Compiling lib/tsocket/tsocket_bsd.c
../../lib/tsocket/tsocket_bsd.c:415:8: error: use of undeclared identifier 'EAI_ADDRFAMILY'
case EAI_ADDRFAMILY:
^
On FreeBSD EAI_ADDRFAMILY is obsoleted. Here's the relevant excerpt
from netdb.h on FreeBSD 13.
-----------------------------------------------------------------
/*
* Error return codes from gai_strerror(3), see RFC 3493.
*/
#if 0
/* Obsoleted on RFC 2553bis-02 */
#define EAI_ADDRFAMILY 1 /* address family for hostname not supported */
#endif
-----------------------------------------------------------------
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Uri Simchoni <uri@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Sep 16 19:42:19 UTC 2021 on sn-devel-184
Andrew Bartlett [Mon, 30 Aug 2021 06:17:47 +0000 (18:17 +1200)]
selftest: Update user_account_control tests to pass against Windows 2019
This gets us closer to passing against Windows 2019, without
making major changes to what was tested. More tests are needed,
but it is important to get what was being tested tested again.
Account types (eg UF_NORMAL_ACCOUNT, UF_WORKSTATION_TRUST_ACCOUNT)
are now required on all objects, this can't be omitted any more.
Also for UF_NORMAL_ACCOUNT for these accounts without a password
set |UF_PASSWD_NOTREQD must be included.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Sep 15 08:49:11 UTC 2021 on sn-devel-184
Joseph Sutton [Mon, 13 Sep 2021 09:24:31 +0000 (21:24 +1200)]
tests/krb5: Allow replicating accounts to the created RODC
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Joseph Sutton [Mon, 13 Sep 2021 09:24:05 +0000 (21:24 +1200)]
tests/krb5: Create RODC account for testing
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Joseph Sutton [Mon, 13 Sep 2021 10:13:24 +0000 (22:13 +1200)]
tests/krb5: Allow replicating accounts to the RODC
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Joseph Sutton [Mon, 13 Sep 2021 08:58:01 +0000 (20:58 +1200)]
tests/krb5: Add get_secrets() method to get the secret attributes of a DN
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Joseph Sutton [Mon, 13 Sep 2021 08:20:23 +0000 (20:20 +1200)]
tests/krb5: Add method to get RODC krbtgt credentials
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Joseph Sutton [Mon, 13 Sep 2021 09:14:18 +0000 (21:14 +1200)]
tests/krb5: Sign-extend kvno from 32-bit integer
This helps to avoid problems with RODC kvnos that have the high bit set.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Joseph Sutton [Sun, 12 Sep 2021 23:15:17 +0000 (11:15 +1200)]
pyldb: Avoid use-after-free in msg_diff()
Make a deep copy of the message elements in msg_diff() so that if either
of the input messages are deallocated early, the result does not refer
to non-existing elements.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14836
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Joseph Sutton [Mon, 13 Sep 2021 23:08:41 +0000 (11:08 +1200)]
ldb_msg: Don't fail in ldb_msg_copy() if source DN is NULL
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14836
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Joseph Sutton [Sun, 12 Sep 2021 23:34:56 +0000 (11:34 +1200)]
pytest:segfault: Add test for ldb.msg_diff()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14836
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Joseph Sutton [Tue, 7 Sep 2021 23:28:52 +0000 (11:28 +1200)]
tests/krb5: Generate padata for FAST tests
This gives us access to parameters of kdc_exchange_dict and enables us
to simplify the logic.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Joseph Sutton [Fri, 3 Sep 2021 03:36:24 +0000 (15:36 +1200)]
tests/krb5: Add get_cached_creds() method to create persistent accounts for testing
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Joseph Sutton [Thu, 2 Sep 2021 21:55:10 +0000 (09:55 +1200)]
tests/krb5: Get encpart decryption key from kdc_exchange_dict
Instead of using check_padata_fn to get the encpart decryption key, we
can get the key from the AS-REQ preauth phase or from the TGT, depending
on whether the message is an AS-REQ or a TGS-REQ. This allows removal of
check_padata_fn and some duplicated code.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Joseph Sutton [Thu, 2 Sep 2021 21:40:02 +0000 (09:40 +1200)]
tests/krb5: Get expected cname from TGT for TGS-REQ messages
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Joseph Sutton [Wed, 1 Sep 2021 07:26:43 +0000 (19:26 +1200)]
tests/krb5: Allow specifying status code to be checked
This allows us to check the status code that may be sent in an error
reply to a TGS-REQ message.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Christof Schmitt [Tue, 14 Sep 2021 17:32:58 +0000 (10:32 -0700)]
WHATSNEW: Document changes for "kernel share modes"
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Sep 15 00:04:47 UTC 2021 on sn-devel-184
Christof Schmitt [Mon, 13 Sep 2021 20:25:09 +0000 (13:25 -0700)]
docs-xml: Update manpage for "kernel share modes" option
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Christof Schmitt [Tue, 14 Sep 2021 16:54:22 +0000 (09:54 -0700)]
loadparm: Set default of "kernel share modes" to "no"
selftest: Remove knownfail for smb2.lock.replay_smb3_specification_durable
With the changed default for "kernel share modes", this test can now
acquire durable handles and succeed.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Christof Schmitt [Mon, 13 Sep 2021 20:14:49 +0000 (13:14 -0700)]
wscript: Remove config check for LOCK_MAND
The define set from this check is no longer needed.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Christof Schmitt [Mon, 13 Sep 2021 20:13:44 +0000 (13:13 -0700)]
system: Remove kernel_flock
LOCK_MAND will be deprecated in the Linux kernel, so stop using this
feature and remove the kernel_flock function.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Christof Schmitt [Tue, 14 Sep 2021 16:49:16 +0000 (09:49 -0700)]
vfs_default: Return ENOTSUP for sharemodes flock call
Remove the call to kernel_flock, as this function will be deleted.
Have the function return ENOTSUP to indicate that this is not supported
by default (without a file-system specific VFS module).
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Christof Schmitt [Mon, 13 Sep 2021 20:00:03 +0000 (13:00 -0700)]
vfs_gpfs: Remove call to kernel_flock
The function kernel_flock will be deleted.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>