Isaac Boukris [Wed, 4 Sep 2019 13:39:43 +0000 (16:39 +0300)]
selftest: add tests for no optimistic spnego exchange
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14106
Signed-off-by: Isaac Boukris <iboukris@redhat.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Isaac Boukris [Wed, 4 Sep 2019 13:31:21 +0000 (16:31 +0300)]
spnego: add client option to omit sending an optimistic token
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14106
Signed-off-by: Isaac Boukris <iboukris@redhat.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Isaac Boukris [Mon, 7 Oct 2019 20:51:19 +0000 (23:51 +0300)]
selftest: s3: add a test for spnego downgrade from krb5 to ntlm
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14106
Signed-off-by: Isaac Boukris <iboukris@redhat.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andreas Schneider [Thu, 10 Oct 2019 14:18:21 +0000 (16:18 +0200)]
s3:libsmb: Do not check the SPNEGO neg token for KRB5
The list is not protected and this could be a downgrade attack.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14106
Pair-Programmed-With: Isaac Boukris <iboukris@redhat.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Isaac Boukris <iboukris@redhat.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Isaac Boukris [Thu, 3 Oct 2019 10:09:29 +0000 (13:09 +0300)]
spnego: ignore server mech_types list
We should not use the mech list sent by the server in the last
'negotiate' packet in CIFS protocol, as it is not protected and
may be subject to downgrade attacks.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14106
Signed-off-by: Isaac Boukris <iboukris@redhat.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Mon, 30 Sep 2019 09:52:06 +0000 (11:52 +0200)]
wscript: split function check to one per line and sort alphabetically
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Oct 10 20:13:25 UTC 2019 on sn-devel-184
Ralph Boehme [Mon, 30 Sep 2019 09:49:28 +0000 (11:49 +0200)]
wscript: remove all checks for _FUNC and __FUNC
Those where historic artifacts not needed anymore.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Tue, 1 Oct 2019 15:38:57 +0000 (17:38 +0200)]
WHATSNEW: Mention performance improvements for SMB3 encryption
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Oct 10 09:41:26 UTC 2019 on sn-devel-184
Andrew Bartlett [Mon, 23 Sep 2019 05:08:56 +0000 (17:08 +1200)]
librpc: Remove server build of oxidresolver.idl
We do not have a server for this DCOM component so do not generate
the code for it.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Andrew Bartlett [Mon, 23 Sep 2019 04:58:35 +0000 (16:58 +1200)]
librpc: Remove client and server build of w32time.idl
We do not have a server for the Win32 Time Server so do not generate
the code for it.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Andrew Bartlett [Mon, 23 Sep 2019 04:57:48 +0000 (16:57 +1200)]
librpc: Remove client and server build of rot.idl
We do not have a client or server for this DCOM component so do not generate
the code for it.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Andrew Bartlett [Mon, 23 Sep 2019 04:47:48 +0000 (16:47 +1200)]
librpc: Remove s4 server build of dfs
We do not have a source4 varient of the dfs server, so do not generate
the code for it.
DFS is very closely tied to SMB so we use the DFS server in
smbd.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Andrew Bartlett [Mon, 23 Sep 2019 04:40:47 +0000 (16:40 +1200)]
librpc: Remove s3 server build of unixinfo
We do not have a source3 varient of the unixinfo server, so do not generate
the code for it.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Andrew Bartlett [Mon, 23 Sep 2019 04:39:11 +0000 (16:39 +1200)]
librpc: Add commnets on the split out of IDL files
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Andrew Bartlett [Mon, 23 Sep 2019 04:37:31 +0000 (16:37 +1200)]
librpc: Remove server build of remact.idl
We do not have a server for the DCOM Remote activation service, so do not generate
the code for it.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Andrew Bartlett [Mon, 23 Sep 2019 04:34:19 +0000 (16:34 +1200)]
librpc: Remove s4 server build of ntsvcs
We do not have a source4 varient of the ntsvcs server, so do not generate
the code for it.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Andrew Bartlett [Mon, 23 Sep 2019 04:32:38 +0000 (16:32 +1200)]
librpc: Remove s4 server build of initshutdown
We do not have a source4 varient of the initshutdown server, so do not generate
the code for it.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Andrew Bartlett [Mon, 23 Sep 2019 04:31:07 +0000 (16:31 +1200)]
librpc: Remove unused build of atsvc server
This avoids building server-side code we do not use and so makes the build
smaller and code auditing easier.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Fri, 4 Oct 2019 22:41:21 +0000 (15:41 -0700)]
s3: VFS: Complete the removal of SMB_VFS_RMDIR()
All users now use SMB_VFS_UNLINKAT(..., AT_REMOVEDIR).
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Oct 10 07:26:43 UTC 2019 on sn-devel-184
Jeremy Allison [Fri, 4 Oct 2019 22:23:44 +0000 (15:23 -0700)]
s3: VFS: vfs_time_audit: Remove rmdir_fn(). No longer used.
NB, this will now fail smb_vfs_assert_all_fns()
until we remove the rmdir_fn() from the VFS definitions.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Fri, 4 Oct 2019 22:22:19 +0000 (15:22 -0700)]
s3: VFS: vfs_time_audit: Remove rmdir_fn(). No longer used.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Fri, 4 Oct 2019 22:21:21 +0000 (15:21 -0700)]
s3: VFS: vfs_syncops: Remove rmdir_fn(). No longer used.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Fri, 4 Oct 2019 22:17:32 +0000 (15:17 -0700)]
s3: VFS: vfs_streams_depot: Remove rmdir_fn(). No longer used.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Fri, 4 Oct 2019 22:10:58 +0000 (15:10 -0700)]
s3: VFS: vfs_snapper: Remove rmdir_fn(). No longer used.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Fri, 4 Oct 2019 22:10:07 +0000 (15:10 -0700)]
s3: VFS: vfs_shadow_copy2: Remove rmdir_fn(). No longer used.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Fri, 4 Oct 2019 22:09:00 +0000 (15:09 -0700)]
s3: VFS: vfs_posix_eadb: Remove rmdir_fn(). No longer used.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Fri, 4 Oct 2019 21:52:18 +0000 (14:52 -0700)]
s3: VFS: vfs_media_harmony: Remove rmdir_fn(). No longer used.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Fri, 4 Oct 2019 21:51:15 +0000 (14:51 -0700)]
s3: VFS: vfs_glusterfs: Remove rmdir_fn(). No longer used.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Fri, 4 Oct 2019 21:49:54 +0000 (14:49 -0700)]
s3: VFS: vfs_extd_audit: Remove rmdir_fn(). No longer used.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Fri, 4 Oct 2019 21:44:48 +0000 (14:44 -0700)]
s3: VFS: vfs_ceph_snapshots: Remove rmdir_fn(). No longer used.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Fri, 4 Oct 2019 21:44:08 +0000 (14:44 -0700)]
s3: VFS: vfs_ceph: Remove rmdir_fn(). No longer used.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Fri, 4 Oct 2019 21:43:11 +0000 (14:43 -0700)]
s3: VFS: vfs_catia: Remove rmdir_fn(). No longer used.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Fri, 4 Oct 2019 21:42:26 +0000 (14:42 -0700)]
s3: VFS: vfs_cap: Remove rmdir_fn(). No longer used.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Fri, 4 Oct 2019 21:41:26 +0000 (14:41 -0700)]
s3: VFS: vfs_audit: Remove rmdir_fn(). No longer used.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Fri, 4 Oct 2019 21:40:26 +0000 (14:40 -0700)]
s3: VFS: vfs_acl_xattr: Remove rmdir_fn(). No longer used.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Fri, 4 Oct 2019 21:39:30 +0000 (14:39 -0700)]
s3: VFS: vfs_acl_tdb: Remove rmdir_fn(). No longer used.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Fri, 4 Oct 2019 21:14:17 +0000 (14:14 -0700)]
s3: VFS: vfs_fruit: Remove rmdir_fn. No longer used.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Fri, 4 Oct 2019 21:01:55 +0000 (14:01 -0700)]
s3: VFS: vfs_unityed_media: Remove rmdir_fn. No longer used.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Fri, 4 Oct 2019 20:53:13 +0000 (13:53 -0700)]
s3: VFS: vfs_xattr_tdb: Remove rmdir_fn. No longer used.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Fri, 4 Oct 2019 20:51:09 +0000 (13:51 -0700)]
s3: smbd: Change rmdir_internals() to call SMB_VFS_UNLINKAT() in rmdir cases.
Use conn->cwd_fsp as current fsp.
No logic change for now.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Fri, 4 Oct 2019 19:54:05 +0000 (12:54 -0700)]
s3: smbd: Change recursive_rmdir() to call SMB_VFS_UNLINKAT() in rmdir case.
Use conn->cwd_fsp as current fsp.
No logic change for now.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Fri, 4 Oct 2019 19:51:06 +0000 (12:51 -0700)]
s3: cmd_vfs: Change cmd_pathfunc() to call SMB_VFS_UNLINKAT() in rmdir case.
Use conn->cwd_fsp as current fsp.
No logic change for now.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Fri, 4 Oct 2019 21:03:39 +0000 (14:03 -0700)]
s3: VFS: vfs_fruit: Change fruit_rmdir_internal() to call UNLINKAT instead of RMDIR.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Fri, 4 Oct 2019 22:40:34 +0000 (15:40 -0700)]
s3: VFS: vfs_streams_depot: Change RMDIR -> UNLINKAT inside streams_depot_unlink_internal().
No logic change.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Fri, 4 Oct 2019 22:38:45 +0000 (15:38 -0700)]
s3: VFS: vfs_streams_depot: Change RMDIR -> UNLINKAT inside stream_dir().
No logic change.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Fri, 4 Oct 2019 22:14:21 +0000 (15:14 -0700)]
s3: VFS: vfs_streams_depot: Add a dirfsp parameter to streams_depot_rmdir_internal().
Not yet used.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Fri, 4 Oct 2019 22:12:30 +0000 (15:12 -0700)]
s3: VFS: vfs_streams_depot: Rename streams_depot_rmdir() to streams_depot_rmdir_internal().
Make rmdir_fn() a wrapper function. This will
allow us to add the dirfsp parameter.
Fix DEBUG statement so it doesn't print the wrong function name.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Fri, 4 Oct 2019 22:16:06 +0000 (15:16 -0700)]
s3: VFS: vfs_posix_eadb: Convert streams_depot_rmdir_internal() to call UNLINKAT() instead of RMDIR().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Fri, 4 Oct 2019 22:07:46 +0000 (15:07 -0700)]
s3: VFS: vfs_posix_eadb: Convert posix_eadb_rmdir_internal() to call UNLINKAT() instead of RMDIR().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Fri, 4 Oct 2019 22:06:23 +0000 (15:06 -0700)]
s3: VFS: vfs_posix_eadb: Add a dirfsp parameter to posix_eadb_rmdir_internal().
Not yet used.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Fri, 4 Oct 2019 22:04:02 +0000 (15:04 -0700)]
s3: VFS: vfs_posix_eadb: Rename posix_eadb_rmdir() to posix_eadb_rmdir_internal().
Make rmdir_fn() a wrapper function. This will
allow us to add the dirfsp parameter.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Fri, 4 Oct 2019 21:37:01 +0000 (14:37 -0700)]
s3: VFS: vfs_acl_common: Convert rmdir_acl_common() to use UNLINKAT instead of RMDIR.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Fri, 4 Oct 2019 21:34:41 +0000 (14:34 -0700)]
s3: VFS: Change rmdir_acl_common() to take a files_struct *dirfsp pointer.
Pass in the passed dirfsp if available, else handle->conn->cwd_fsp.
No logic changes.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Fri, 4 Oct 2019 21:25:00 +0000 (14:25 -0700)]
s3: VFS: vfs_acl_common: Change acl_common_remove_object() to use UNLINKAT instead of RMDIR.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Fri, 4 Oct 2019 21:31:59 +0000 (14:31 -0700)]
s3: VFS: vfs_acl_xattr. Wrap rmdir_acl_common() by acl_xattr_rmdir() so we don't call it directly.
This will allow adding the extra dirfsp parameter to
rmdir_acl_common().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Tue, 8 Oct 2019 15:37:56 +0000 (17:37 +0200)]
smbd: Fix an uninitalized variable
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Oct 10 01:04:33 UTC 2019 on sn-devel-184
Ralph Boehme [Fri, 23 Aug 2019 16:43:02 +0000 (18:43 +0200)]
mdssvc.idl: pass policy_handle as pointer
No change in behaviour, this just changes all functions to take the
policy_handle argument as pointer instead of passing it by value.
This is how all other IDLs pass it.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Oct 9 15:52:55 UTC 2019 on sn-devel-184
Ralph Boehme [Tue, 20 Aug 2019 15:00:49 +0000 (17:00 +0200)]
s3:mdssvc: fix service startup in deamon mode
Changes:
* Don't initialize the RPC service by calling setup_rpc_module() in the parent
mdssd. This is not needed in the parent, only in the worker childs.
* In the worker childs call setup_rpc_module() instead of init_rpc_module()
which ensures rpc_mdssvc_init() is called with the mdssvc callback which is
needed to initialize mdssvc via mdssvc_init_cb() -> init_service_mdssvc()
* Finally rpc_setup_mdssvc() is adjusted to be a noop if mdssvc is configured to
as external and when called by the main parent smbd via dcesrv_ep_setup() ->
setup_rpc_modules()
I've manually tested all 4 combinations of external=yes|no X module=yes|no with
the new mdfind command.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
Ralph Boehme [Tue, 20 Aug 2019 14:50:52 +0000 (16:50 +0200)]
s3:mdssvc: use a helper variable for the service type
No change in behaviour. Simplifies a subsequent logical change.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
Ralph Boehme [Tue, 20 Aug 2019 15:00:12 +0000 (17:00 +0200)]
mdssd: fix a debug message
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
Ralph Boehme [Mon, 19 Aug 2019 13:50:36 +0000 (15:50 +0200)]
s3: rpc_server: enable mdssvc by default
Now that mdssvc is built by default and also tested in CI, enable it by default,
running as embedded service.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
Ralph Boehme [Sat, 17 Aug 2019 09:36:55 +0000 (11:36 +0200)]
selftest: add mdfind blackbox test
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
Ralph Boehme [Thu, 2 May 2019 19:33:46 +0000 (21:33 +0200)]
s3:utils: add mdfind
A small command line tool to run macOS Spotlight searches against an SMB server
that runs the Spotlight mdssvc RPC service, including macOS and Samba.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
Ralph Boehme [Sun, 28 Jul 2019 13:25:54 +0000 (15:25 +0200)]
selftest: add end-to-end tests for mdssvc with a fake HTTP server
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
Ralph Boehme [Tue, 30 Jul 2019 10:00:18 +0000 (12:00 +0200)]
selftest: split fileserver testenv into simpleserver and fileserver
The simpleserver testenv continues to be built with minimal
dependencies. fileserver otoh will be built with bells and whistles including
JSON which I need for using the env as target for Spotlight tests.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
Ralph Boehme [Tue, 30 Jul 2019 10:47:03 +0000 (12:47 +0200)]
s3:mdssvc: add unit tests for the Spotlight to Elasticsearch parser
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
Ralph Boehme [Mon, 5 Aug 2019 14:25:01 +0000 (16:25 +0200)]
s3:mdssvc: add Elasticsearch backend
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
Ralph Boehme [Tue, 13 Aug 2019 12:16:07 +0000 (14:16 +0200)]
s3:mdssvc: add missing mds_ctx deallocation
The mds_ctx object was created in _mdssvc_open() as a talloc child of the pipe
which means as long as the pipe is connected it's not freed.
To ensure we do proper rundown of all resources including backend connections
and pending queries, we must free the mds_ctx object.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
Ralph Boehme [Tue, 13 Aug 2019 12:13:20 +0000 (14:13 +0200)]
s3:mdssvc: fix a long line
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
Ralph Boehme [Tue, 13 Aug 2019 12:11:23 +0000 (14:11 +0200)]
s3:mdssvc: modernize a few DEBUG macros
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
Ralph Boehme [Tue, 13 Aug 2019 10:55:33 +0000 (12:55 +0200)]
s3:mdssvc: remove unused snum from struct sl_query
Looks like this was never used, it's also available via mds_ctx->snum.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
Ralph Boehme [Fri, 10 May 2019 16:49:20 +0000 (18:49 +0200)]
build: add SAMBA_DATADIR as "samba" subdirectory of DATADIR
DATADIR should have been set to this path from the beginning, too late to change
that now as ut's used as parent for two other directory varialbles: SETUPDIR and
CODEPAGEDIR.
From <https://www.gnu.org/prep/standards/html_node/Directory-Variables.html>:
datadir
The directory for installing idiosyncratic read-only
architecture-independent data files for this program. This is usually the
same place as ‘datarootdir’, but we use the two separate variables so that
you can move these program-specific files without altering the location for
Info files, man pages, etc.
This should normally be /usr/local/share, but write it as
$(datarootdir). (If you are using Autoconf, write it as ‘@datadir@’.)
The definition of ‘datadir’ is the same for all packages, so you should
install your data in a subdirectory thereof. Most packages install their
data under $(datadir)/package-name/.
Currently Samba doesn't install any application specific data files, but I'm
going to do just that in a subsequent commit.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
Ralph Boehme [Sun, 28 Jul 2019 13:08:29 +0000 (15:08 +0200)]
s3: add mdscli Python bindings
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
Ralph Boehme [Thu, 2 May 2019 05:45:39 +0000 (07:45 +0200)]
s3:rpc_client: add a mdssvc client library
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
Ralph Boehme [Sun, 28 Jul 2019 13:05:13 +0000 (15:05 +0200)]
librpc: add Python mdssvc bindings
Not used for now, but soon.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
Andreas Schneider [Thu, 22 Aug 2019 14:31:30 +0000 (16:31 +0200)]
testprogs: Add test for 'net ads join createcomputer='
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Oct 9 08:26:17 UTC 2019 on sn-devel-184
Andreas Schneider [Thu, 8 Aug 2019 12:40:04 +0000 (14:40 +0200)]
s3:libads: Just change the machine password if account already exists
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13884
Pair-Programmed-With: Guenther Deschner <gd@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Andreas Schneider [Wed, 14 Aug 2019 08:15:19 +0000 (10:15 +0200)]
s3:libnet: Improve debug messages
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Andreas Schneider [Tue, 13 Aug 2019 14:34:34 +0000 (16:34 +0200)]
s3:libads: Fix creating machine account using LDAP
This implements the same behaviour as Windows.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13884
Pair-Programmed-With: Guenther Deschner <gd@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Andreas Schneider [Wed, 14 Aug 2019 10:17:20 +0000 (12:17 +0200)]
s3:libads: Don't set supported encryption types during account creation
This is already handled by libnet_join_post_processing_ads_modify()
which calls libnet_join_set_etypes() if encrytion types should be set.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Andreas Schneider [Wed, 14 Aug 2019 11:01:19 +0000 (13:01 +0200)]
s3:libads: Fix detection if acount already exists in ads_find_machine_count()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Andreas Schneider [Wed, 21 Aug 2019 10:22:32 +0000 (12:22 +0200)]
s3:libads: Use a talloc_asprintf in ads_find_machine_acct()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Andreas Schneider [Tue, 13 Aug 2019 14:30:07 +0000 (16:30 +0200)]
s3:libads: Cleanup error code paths in ads_create_machine_acct()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Andreas Schneider [Tue, 13 Aug 2019 15:41:40 +0000 (17:41 +0200)]
s3:libnet: Require sealed LDAP SASL connections for joining
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Andreas Schneider [Tue, 13 Aug 2019 15:06:58 +0000 (17:06 +0200)]
s3:libads: Use ldap_add_ext_s() in ads_gen_add()
ldap_add_s() is marked as deprecated.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Andreas Schneider [Thu, 8 Aug 2019 12:35:38 +0000 (14:35 +0200)]
testprogs: Fix failure count in test_net_ads.sh
There are missing ` at the end of the line.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13884
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Andreas Schneider [Fri, 23 Aug 2019 07:12:21 +0000 (09:12 +0200)]
libcli:smb: Use gnutls_aead_cipher_decryptv2() for AES GCM or CCM
This is a new call which has been added with GnuTLS 3.6.10 and will
recuduce memory allocations and copying of data.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Simo Sorce <idra@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Oct 8 14:12:44 UTC 2019 on sn-devel-184
Andreas Schneider [Fri, 23 Aug 2019 06:54:54 +0000 (08:54 +0200)]
libcli:smb: Use gnutls_aead_cipher_encryptv2() for AES GCM or CCM
This is a new call which has been added with GnuTLS 3.6.10 and will
recuduce memory allocations and copying of data.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Simo Sorce <idra@samba.org>
Andreas Schneider [Fri, 23 Aug 2019 06:40:00 +0000 (08:40 +0200)]
waf: Check for gnutls_aead_cipher_encryptv2()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Simo Sorce <idra@samba.org>
Alexander Bokovoy [Mon, 7 Oct 2019 15:24:28 +0000 (18:24 +0300)]
samba-tool: create working private krb5.conf
DNS update tool uses private krb5.conf which should have enough details
to authenticate with GSS-TSIG when running nsupdate.
Unfortunately, the configuration we provide is not enough. We set
defaults to not lookup REALM via DNS but at the same time we don't
provide any realm definition. As result, MIT Kerberos cannot actually
find a working realm for Samba AD deployment because it cannot query DNS
for a realm discovery or pick it up from the configuration.
Extend private krb5.conf with a realm definition that will allow MIT
Kerberos to look up KDC over DNS.
Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Anoop C S [Fri, 27 Sep 2019 06:37:40 +0000 (12:07 +0530)]
s3: VFS: Use SMB_VFS_FCNTL to set fd flags in open_file()
Signed-off-by: Anoop C S <anoopcs@redhat.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Oct 8 09:57:19 UTC 2019 on sn-devel-184
Anoop C S [Fri, 27 Sep 2019 05:49:37 +0000 (11:19 +0530)]
s3: VFS: Add SMB_VFS_FCNTL
Signed-off-by: Anoop C S <anoopcs@redhat.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Mon, 7 Oct 2019 09:28:24 +0000 (11:28 +0200)]
gitlab-ci: Add CentOS 8 to CI
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Oct 8 08:27:50 UTC 2019 on sn-devel-184
Andreas Schneider [Mon, 7 Oct 2019 11:28:07 +0000 (13:28 +0200)]
bootstrap: We can only build docker images on gitlab shared runners
Our rackspace runners don't provide a running docker.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Andreas Schneider [Mon, 7 Oct 2019 09:50:58 +0000 (11:50 +0200)]
bootstrap: Remove pyhton2 packages
We dropped support for python2 in Samba already.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Noel Power [Fri, 6 Sep 2019 14:48:54 +0000 (14:48 +0000)]
s3/passdb: clang: Fix 'Value stored during initialization is never read'
Fixes:
source3/passdb/pdb_ldap.c:1933:11: warning: Value stored to 'ret' during its initialization is never read <--[clang]
NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
^~~ ~~~~~~~~~~~~~~~~~~~~~~
source3/passdb/pdb_ldap.c:4094:11: warning: Value stored to 'ntstatus' during its initialization is never read <--[clang]
NTSTATUS ntstatus = NT_STATUS_UNSUCCESSFUL;
^~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~
2 warnings generated.
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Oct 8 02:40:24 UTC 2019 on sn-devel-184
Gordon Ross [Mon, 9 May 2016 17:45:07 +0000 (13:45 -0400)]
torture: Allow running on FS that does not support EAs
Signed-off-by: Gordon Ross <gordon.w.ross@gmail.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Oct 7 22:05:59 UTC 2019 on sn-devel-184
Andreas Schneider [Wed, 2 Oct 2019 12:27:41 +0000 (14:27 +0200)]
replace: Improve sys/sysctl.h check to catch warning on glibc >= 2.30
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Oct 7 11:48:24 UTC 2019 on sn-devel-184
Günther Deschner [Sat, 28 Sep 2019 11:10:32 +0000 (13:10 +0200)]
libcli/auth: add gnutls test for aes-128-cfb8 cipher bug
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Oct 7 09:31:35 UTC 2019 on sn-devel-184
Günther Deschner [Tue, 17 Sep 2019 20:37:06 +0000 (22:37 +0200)]
auth/gensec: fix AES schannel seal and unseal
Workaround bug present in gnutls 3.6.8:
gnutls_cipher_decrypt() uses an optimization
internally that breaks decryption when processing
buffers with their length not being a multiple
of the blocksize.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Pair-Programmed-With: Guenther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
git.samba.org / metze / samba / wip.git / log