Martin Schwenke [Mon, 4 Mar 2024 03:29:41 +0000 (14:29 +1100)]
ctdb-doc: Fix a typo in the old NFS-Ganesha check file
program_stack_traces() expects a process name, not an RPC service
name. There will only every be 1 process.
Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Martin Schwenke [Mon, 4 Mar 2024 03:28:11 +0000 (14:28 +1100)]
ctdb-doc: Add example for NFS-Ganesha RPC checking
This one does an rpcinfo check, along with statistics mitigation. It
can be used in combination with the existing 20.nfs_ganesha.check.
Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Martin Schwenke [Mon, 4 Mar 2024 02:52:10 +0000 (13:52 +1100)]
ctdb-scripts: Implement NFS statistics retrieval for NFS-Ganesha
Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Martin Schwenke [Mon, 4 Mar 2024 02:36:07 +0000 (13:36 +1100)]
ctdb-scripts: Reformat with shfmt -w -p -i 0 -fn
Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Martin Schwenke [Mon, 19 Feb 2024 10:42:11 +0000 (21:42 +1100)]
ctdb-scripts: Add service_stats_command variable to NFS checks
When monitoring an RPC service, the rpcinfo command might time out
even though the service is making progress. In this case, it is just
slow, so counting the timeout as a failure and potentially restarting
the service will not help. The problem is determining if a service is
making progress.
Add a new NFS checks service_stats_command. This command is intended
to run a statistics command. The output is naively compared using
cmp(1). If the output changes then rpcinfo failures are converted to
successes.
Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Martin Schwenke [Mon, 19 Feb 2024 01:56:46 +0000 (12:56 +1100)]
ctdb-scripts: Reformat with shfmt -w -p -i 0 -fn
Tweak some lines to avoid overflowing 80 columns.
Best viewed with "git show -w".
Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Volker Lendecke [Wed, 15 May 2024 14:43:31 +0000 (16:43 +0200)]
smbd: Fix a typo in a few places
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed May 15 17:56:24 UTC 2024 on atb-devel-224
Volker Lendecke [Tue, 14 May 2024 14:20:03 +0000 (16:20 +0200)]
smbd: Modernize a few DEBUGs
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sat, 10 Feb 2024 10:15:58 +0000 (11:15 +0100)]
g_lock: Fix buffer length check in g_lock_parse()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 14 May 2024 14:30:21 +0000 (16:30 +0200)]
smbd: Simplify check_parent_access_fsp()
We don't need to explicitly call fetch_share_mode_unlocked,
get_file_infos does it for us behind the scenes
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 14 May 2024 15:01:40 +0000 (17:01 +0200)]
smbd: Remove an obsolete comment
notify_fname only sends a message to the notify daemon. There is no
potential deadlock anymore.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 13 May 2024 13:44:52 +0000 (15:44 +0200)]
smbd: Add reparse tag to smb3_posix_cc_info
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue May 14 23:29:46 UTC 2024 on atb-devel-224
Volker Lendecke [Mon, 13 May 2024 13:44:14 +0000 (15:44 +0200)]
smbd: Test reparse tag in smb3_posix_cc_info
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 13 May 2024 12:30:30 +0000 (14:30 +0200)]
smbd: Use fsctl_get_reparse_tag in fsctl_del_reparse_point
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 13 May 2024 12:28:55 +0000 (14:28 +0200)]
smbd: Use fsctl_get_reparse_tag in fsctl_set_reparse_point
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 13 May 2024 12:26:22 +0000 (14:26 +0200)]
smbd: Add fsctl_get_reparse_tag() helper function
There's a few places where we only care about the tag
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 13 May 2024 12:16:48 +0000 (14:16 +0200)]
smbd: Modernize a few DEBUGs
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 13 May 2024 09:16:21 +0000 (11:16 +0200)]
libsmb: Cap max_rdata at UINT16_MAX
The caller does not necessarily query max values for smb1 and smb2+.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 8 May 2024 14:05:40 +0000 (16:05 +0200)]
libsmb: Use the direct FSCC_FILE_ALL_INFORMATION define
(SMB_FILE_ALL_INFORMATION - 1000) looks a bit silly if you look at the
definition of SMB_FILE_ALL_INFORMATION...
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 22 Dec 2022 10:36:21 +0000 (11:36 +0100)]
smbd: Add DEBUG message got get_reparse_point
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 8 May 2024 14:03:29 +0000 (16:03 +0200)]
smbd: Return reparse tag as of MS-FSCC 2.4.6
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 8 May 2024 13:48:11 +0000 (15:48 +0200)]
smbd: Fix a DBG
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 9 May 2024 09:54:31 +0000 (11:54 +0200)]
tests: get TAG_INFORMATION
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 9 May 2024 09:59:20 +0000 (11:59 +0200)]
pylibsmb: Add py_cli_qfileinfo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 9 May 2024 10:00:00 +0000 (12:00 +0200)]
pylibsmb: Add FSCC QUERY_INFO levels
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 9 May 2024 08:37:49 +0000 (10:37 +0200)]
libsmb: Remove smb2 branch from cli_qfileinfo_basic_send
cli_qfileinfo_send now does it
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 9 May 2024 08:35:26 +0000 (10:35 +0200)]
libsmb: Add smb2 branch to cli_qfileinfo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 9 May 2024 08:34:13 +0000 (10:34 +0200)]
libsmb: Add a tevent_req_received() where appropriate
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 9 May 2024 08:12:14 +0000 (10:12 +0200)]
libsmb: Convert cli_qfileinfo to use FSCC levels
This will enable this routine to be used for SMB2 as well. The
translation table is from [MS-CIFS] 2.2.8.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 9 May 2024 08:27:48 +0000 (10:27 +0200)]
libsmb: Use SMB2_0_INFO_FILE instead of the raw "1"
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 9 May 2024 07:37:51 +0000 (09:37 +0200)]
libsmb: Use SMB2_0_INFO_SECURITY instead of the raw "3"
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 8 May 2024 12:17:34 +0000 (14:17 +0200)]
smbd: Modernize a DEBUG
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 7 May 2024 15:22:01 +0000 (17:22 +0200)]
test: Align integer types
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Pavel Filipenský [Fri, 22 Mar 2024 12:51:06 +0000 (13:51 +0100)]
s3:winbindd: Update non cache entries keys (non_centry_keys)
This change does NOT affect WHAT and HOW is cached. It only avoids
undefined behavior for "NDR" and "TRUSTDOMCACHE" when processed in
wcache_flush_cache() and wbcache_upgrade_v1_to_v2().
winbindd_cache.tdb contains two types of entries:
1) cache entries (typed as 'struct cache_entry')
- internal format is: [ntstatus; sequence_number; timeout]
2) non cache entries (keys listed in non_centry_keys)
- for "NDR" internal format is: [sequence_number; timeout]
Without this commit, "NDR" would be processed as the first type (instead
as the second type). E.g. in the stack below:
wcache_fetch_raw()
traverse_fn_cleanup()
wcache_flush_cache()
the triplet [ntstatus; sequence_number; timeout] would be initialized
from data containing only [sequence_number; timeout], leading to
mismatched values ('ntstatus' would be filled from 'sequence_number').
Anyway, current code is never calling wcache_flush_cache(), since
wcache_flush_cache() can be called only from get_cache() and get_cache()
will call it only if global/static wcache was not set yet. But wcache is
set very early in the main winbind (and all winbind children get it
after fork), sooner than any call of get_cache() can happen:
#1 init_wcache + 0x19
#2 initialize_winbindd_cache + 0x35
#3 winbindd_cache_validate_and_initialize + 0x25
#4 main + 0x806
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue May 14 21:04:57 UTC 2024 on atb-devel-224
Pavel Filipenský [Tue, 7 May 2024 11:01:02 +0000 (13:01 +0200)]
s3:winbindd: Use TDB_REPLACE in tdb_store
tdb_store() should use as a flag TDB_REPLACE instead of undocumented 0
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Earl Chew [Sat, 11 May 2024 02:46:28 +0000 (19:46 -0700)]
Restore empty string default for conf.env['icu-libs']
The reworked ICU libraries configuration code used [] as
default for conf.env['icu-libs']. This breaks dependency analysis
in samba_deps.py because SAMBA_SUBSYSTEM() expects deps to be
a string.
Signed-off-by: Earl Chew <earl_chew@yahoo.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue May 14 14:44:06 UTC 2024 on atb-devel-224
Pavel Filipenský [Mon, 13 May 2024 10:13:38 +0000 (12:13 +0200)]
python/tests: Fix nlink test in smb3unix on btrfs filesystem
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Pavel Filipensky <pfilipensky@samba.org>
Autobuild-Date(master): Tue May 14 13:37:53 UTC 2024 on atb-devel-224
Stefan Metzmacher [Sat, 11 May 2024 00:38:21 +0000 (02:38 +0200)]
lib/replace: make sure krb5_cc_default[_name]() is no longer used directly
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue May 14 11:22:28 UTC 2024 on atb-devel-224
Stefan Metzmacher [Sat, 11 May 2024 00:38:21 +0000 (02:38 +0200)]
auth/credentials_krb5: let cli_credentials_set_ccache() use smb_force_krb5_cc_default()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Sat, 11 May 2024 00:38:21 +0000 (02:38 +0200)]
auth/credentials_krb5: use system/{gssapi,kerberos}.h
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Sat, 11 May 2024 00:38:21 +0000 (02:38 +0200)]
smbspool: let kerberos_ccache_is_valid() use smb_force_krb5_cc_default_name()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Sat, 11 May 2024 00:38:21 +0000 (02:38 +0200)]
smbspool_krb5_wrapper: let kerberos_get_default_ccache() use smb_force_krb5_cc_default_name()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Sat, 11 May 2024 00:38:21 +0000 (02:38 +0200)]
smbspool_krb5_wrapper: remove unused includes
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Sat, 11 May 2024 00:38:21 +0000 (02:38 +0200)]
krb5_wrap: let smb_krb5_renew_ticket() use smb_force_krb5_cc_default_name()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Sat, 11 May 2024 00:38:21 +0000 (02:38 +0200)]
krb5_wrap: add smb_force_krb5_cc_default[_name]() wrappers
If we touch the global krb5_ccache we want to make that explicit,
so calling krb5_cc_default[_name] will result in an error during
the next patches.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Mon, 11 Mar 2024 16:46:45 +0000 (17:46 +0100)]
s3:libads: let kerberos_kinit_password_ext() require an explicit krb5 ccache
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Mon, 11 Mar 2024 16:46:45 +0000 (17:46 +0100)]
krb5_wrap: let ads_krb5_cli_get_ticket() require an explicit krb5 ccache
Reviewed-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Tue, 5 Mar 2024 16:55:14 +0000 (17:55 +0100)]
s3:libads: finally remove unused ads_connect[_user_creds]() and related code
That was a long way, but now we're cli_credentials/gensec only :-)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 7 Mar 2024 13:56:45 +0000 (14:56 +0100)]
s3:net: finally remove net_context->opt_{user_specified,user_name,password}
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 7 Mar 2024 12:50:39 +0000 (13:50 +0100)]
s3:net: remove unused net_context->smb_encrypt
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 7 Mar 2024 12:44:53 +0000 (13:44 +0100)]
s3:net: remove unused net_context->opt_kerberos
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 7 Mar 2024 12:27:06 +0000 (13:27 +0100)]
s3:include: remove unused krb5_env.h
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 7 Mar 2024 11:08:00 +0000 (12:08 +0100)]
s3:net_ads: remove unused use_in_memory_ccache()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 29 Feb 2024 13:07:05 +0000 (14:07 +0100)]
s3:net_ads: make use of ads_connect_{cldap_only,creds}() in ads_startup_int()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Mon, 11 Mar 2024 16:45:43 +0000 (17:45 +0100)]
s3:libads: let ads_krb5_set_password() require an explicit krb5 ccache to operate on
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Mon, 11 Mar 2024 16:45:43 +0000 (17:45 +0100)]
s3:libads: kerberos_set_password() don't need to kinit before ads_krb5_chg_password()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Mon, 11 Mar 2024 16:45:43 +0000 (17:45 +0100)]
s3:libads: remove unused kdc_host and time_offset arguments to kerberos_set_password()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Mon, 11 Mar 2024 16:45:43 +0000 (17:45 +0100)]
s3:libads: remove unused kdc_host and time_offset arguments to ads_krb5_chg_password()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Mon, 11 Mar 2024 16:45:43 +0000 (17:45 +0100)]
s3:libads: remove krb5_set_real_time() from ads_krb5_set_password()
Callers typically only pass in 0 anyway.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Mon, 11 Mar 2024 16:45:43 +0000 (17:45 +0100)]
s3:libads: remove unused kdc_host argument of ads_krb5_set_password()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Mon, 11 Mar 2024 16:45:43 +0000 (17:45 +0100)]
s3:net_ads: require kerberos if we use ads_krb5_set_password() in ads_user_add()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Mon, 11 Mar 2024 16:45:43 +0000 (17:45 +0100)]
s3:net_ads: use ADS_SASL_SEAL by default, so that we always get encryption
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 7 Mar 2024 13:55:09 +0000 (14:55 +0100)]
s3:net_ads: use cli_credentials_get_principal() in order to call kerberos functions
This is better than the value from cli_credentials_get_username()...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 7 Mar 2024 13:54:18 +0000 (14:54 +0100)]
s3:net: remove useless net_prompt_pass() wrapper
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 7 Mar 2024 12:43:13 +0000 (13:43 +0100)]
s3:net_rpc: make use of !c->explicit_credentials for NET_FLAGS_ANONYMOUS
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 7 Mar 2024 13:47:06 +0000 (14:47 +0100)]
s3:net: make use of c->explicit_credentials in order to check for valid credentials
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 7 Mar 2024 13:40:10 +0000 (14:40 +0100)]
s3:net: add net_context->explicit_credentials to check if credentials were passed
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 7 Mar 2024 12:50:39 +0000 (13:50 +0100)]
s3:net: correctly implement --use-ccache as legacy for --use-winbind-ccache for 'net'
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 7 Mar 2024 12:41:51 +0000 (13:41 +0100)]
s3:net_offlinejoin: we don't need to call libnetapi_set_use_kerberos() as we already passed cli_credentials
c->opt_kerberos is derived from c->creds...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 28 Apr 2022 15:59:00 +0000 (17:59 +0200)]
s3:libnet_join: pass down cli_credentials *admin_credentials to libnet_{Join,Unjoin}Ctx()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Tue, 5 Mar 2024 16:40:48 +0000 (17:40 +0100)]
s3:lib/netapi: make use of ads_simple_creds/libnetapi_get_creds in NetGetJoinableOUs_l
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Tue, 5 Mar 2024 16:38:25 +0000 (17:38 +0100)]
s3:lib/netapi: add libnetapi_get_creds()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Tue, 5 Mar 2024 16:21:02 +0000 (17:21 +0100)]
libgpo/pygpo: make use of ads_connect_{creds,machine}()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 28 Apr 2022 16:58:27 +0000 (18:58 +0200)]
s3:printing: make use of ads_connect_machine()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 28 Apr 2022 16:53:03 +0000 (18:53 +0200)]
s3:libads: add ads_connect_machine() helper
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 28 Apr 2022 15:51:57 +0000 (17:51 +0200)]
s3:libads: add ads_simple_creds() helper
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 28 Apr 2022 16:43:00 +0000 (18:43 +0200)]
s3:libads: make use of ads_connect_simple_anon() in ldap.c where possible
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 28 Apr 2022 16:38:17 +0000 (18:38 +0200)]
s3:libads: add ads_connect_simple_anon() helper
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 7 Mar 2024 11:03:05 +0000 (12:03 +0100)]
lib/addns: rewrite signed dns update code to use gensec instead of plain gssapi
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Sat, 11 May 2024 00:38:21 +0000 (02:38 +0200)]
s3:utils: let net_update_dns_internal() set status before goto done in all cases
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Tue, 27 Feb 2024 08:59:09 +0000 (09:59 +0100)]
s3:winbindd: make use of winbindd_get_trust_credentials() in idmap_ad.c
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Tue, 27 Feb 2024 08:53:04 +0000 (09:53 +0100)]
s3:winbindd: make use of winbindd_get_trust_credentials() in _winbind_LogonControl_TC_VERIFY()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Tue, 27 Feb 2024 08:44:54 +0000 (09:44 +0100)]
s3:winbindd: make use of samba_sockaddr to avoid compiler warnings
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Tue, 27 Feb 2024 08:44:19 +0000 (09:44 +0100)]
s3:winbindd: use winbindd_get_trust_credentials()/ads_connect_creds() in winbindd_ads.c
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Tue, 27 Feb 2024 08:23:17 +0000 (09:23 +0100)]
s3:winbindd: make winbindd_get_trust_credentials() public
We'll use it outside of winbindd_cm.c soon.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Wed, 6 Mar 2024 09:13:11 +0000 (10:13 +0100)]
s3:libads: add ads_set_reconnect_fn() and only reconnect if we can get creds
This reconnect is only useful for long running connections (e.g. in winbindd)
and there we'll make use of it...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Wed, 27 Apr 2022 11:11:26 +0000 (13:11 +0200)]
s3:libads: add ads_connect_creds() helper
In future ads_connect_creds() will be used by callers directly instead
of using ads_connect().
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Mon, 26 Feb 2024 20:02:08 +0000 (21:02 +0100)]
s3:libads: fix compiler warning in ads_mod_ber()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Tue, 27 Feb 2024 12:49:08 +0000 (13:49 +0100)]
s3:libads: move ads->auth.time_offset to ads->config.time_offset
There's no reason to pass the LDAP servers time to the kerberos
libraries, as we may talk to a KDC different than the LDAP server!
Also Heimdal handles AS-REQ with KRB5KRB_AP_ERR_SKEW fine and
retries with the time from the krb-error.
MIT records the time from the KDC_ERR_PREAUTH_REQUIRED response
in order to use the KDCs time.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Tue, 27 Feb 2024 12:03:46 +0000 (13:03 +0100)]
s3:libads: we only need to gensec_expire_time()...
The lifetime of a service ticket is never longer than
the lifetime of the TGT...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Tue, 27 Feb 2024 11:52:14 +0000 (12:52 +0100)]
s3:libads: remove unused ads->auth.renewable
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Tue, 5 Mar 2024 12:22:37 +0000 (13:22 +0100)]
s3:winbindd: remove useless 'renewable' argument to ads_cached_connection_connect()
There's really no need to get a reneable ticket for an ldap connection,
we currently always do a kinit for each connection anyway.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 29 Feb 2024 13:50:31 +0000 (14:50 +0100)]
s3:libads: let ads_sasl_spnego_bind() really use spnego to negotiate krb5/ntlmssp
For now we still do the ads_kinit_password() in ads_legacy_creds()
for callers that rely on the global krb5ccache to be filled.
E.g. the dns update code and the kpasswd code.
But at least ads_connect_internal() and ads_sasl_spnego_bind()
will allow to do the kinit in the gensec layer only if needed...
We'll remove ads_legacy_creds() during the following commits.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Wed, 13 Mar 2024 15:53:44 +0000 (16:53 +0100)]
testprogs/blackbox: add better testnames in test_weak_disable_ntlmssp_ldap.sh
This makes it easier to adjust the expected output when it changes in
the next commits.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 29 Feb 2024 13:08:55 +0000 (14:08 +0100)]
s3:net_ads: make use of ads_connect_cldap_only() and ADS_AUTH_GENERATE_KRB5_CONFIG in net_ads_password()
We don't need a real ldap connection here.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Tue, 5 Mar 2024 16:48:34 +0000 (17:48 +0100)]
s3:winbindd: make use of ads_connect_cldap_only() in dcip_check_name_ads()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Tue, 5 Mar 2024 16:47:37 +0000 (17:47 +0100)]
s3:net_ads: make use of ads_connect_cldap_only() in net_ads_check_int()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Tue, 5 Mar 2024 16:46:10 +0000 (17:46 +0100)]
s3:libsmb: make use of ads_connect_cldap_only()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Tue, 5 Mar 2024 16:45:35 +0000 (17:45 +0100)]
s3:libads: add ads_connect_cldap_only() helper
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 7 Mar 2024 08:56:00 +0000 (09:56 +0100)]
s3:libads: also avoid ADS_AUTH_GENERATE_KRB5_CONFIG for ADS_AUTH_ANON_BIND
For anonymous binds we don't need a krb5.conf.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>