Björn Baumbach [Mon, 30 Dec 2019 15:24:23 +0000 (16:24 +0100)]
python/samdb: add 'computer' to the default group member types for group member filters
Add the 'computer' type to the default member types, so that the next
commit does not change the default behavior.
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Ralph Boehme <slow@samba.org>
Björn Baumbach [Wed, 18 Dec 2019 16:15:13 +0000 (17:15 +0100)]
python/samdb: fetch specific error if there are more than one search results
There can be more than one contact with the same name.
Signed-off-by: Björn Baumbach <bb@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Björn Baumbach [Fri, 9 Aug 2019 14:26:58 +0000 (16:26 +0200)]
python/samdb: add more object types for adding/remove group members
The filters are based on the MS Windows filter, which are used by the
basic group member management dialog.
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Ralph Boehme <slow@samba.org>
Björn Baumbach [Fri, 9 Aug 2019 14:19:52 +0000 (16:19 +0200)]
python/samdb: add option to specify types of group members
The option can be used to specify the type of the object which have to
be added to (or removed) from a group. The search filter for the objects
will be created according to the types.
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jule Anger [Tue, 27 Aug 2019 10:21:29 +0000 (12:21 +0200)]
samba-tool tests: add test-case for 'ou list --base-dn'
Check if the ou list --base-dn / -b command uses a specific base dn.
Signed-off-by: Jule Anger <ja@sernet.de>
Reviewed-by: Björn Baumbach <bb@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jule Anger [Mon, 26 Aug 2019 08:25:18 +0000 (10:25 +0200)]
samba-tool: add -b/--base-dn option to OUs list command
With this option it's e.g. possible to list the OUs which are
located under a different specific place in the AD.
Signed-off-by: Jule Anger <ja@sernet.de>
Reviewed-by: Björn Baumbach <bb@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jule Anger [Wed, 28 Aug 2019 09:06:13 +0000 (11:06 +0200)]
samba-tool tests: add test-case for 'user list --base-dn'
Check if the user list --base-dn / -b command uses a specific base dn.
Signed-off-by: Jule Anger <ja@sernet.de>
Reviewed-by: Björn Baumbach <bb@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jule Anger [Mon, 26 Aug 2019 07:47:41 +0000 (09:47 +0200)]
samba-tool: add -b/--base-dn option to users list command
With this option it's e.g. possible to list the users of a
specify OU or users which are located under a different specific
place in the AD.
Signed-off-by: Jule Anger <ja@sernet.de>
Reviewed-by: Björn Baumbach <bb@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jule Anger [Tue, 27 Aug 2019 10:23:08 +0000 (12:23 +0200)]
samba-tool tests: add test-case for 'contact list --base-dn'
Check if the contact list --base-dn / -b command uses a specific base dn.
Signed-off-by: Jule Anger <ja@sernet.de>
Reviewed-by: Björn Baumbach <bb@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jule Anger [Mon, 26 Aug 2019 07:33:24 +0000 (09:33 +0200)]
samba-tool: add -b/--base-dn option to contacts list command
With this option it's e.g. possible to list the contacts of a
specify OU or contacts which are located under a different specific
place in the AD.
Signed-off-by: Jule Anger <ja@sernet.de>
Reviewed-by: Björn Baumbach <bb@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jule Anger [Tue, 27 Aug 2019 11:08:34 +0000 (13:08 +0200)]
samba-tool tests: add test-case for 'computer list --base-dn'
Check if the computer list --base-dn / -b command uses a specific base dn.
Signed-off-by: Jule Anger <ja@sernet.de>
Reviewed-by: Björn Baumbach <bb@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jule Anger [Mon, 26 Aug 2019 06:46:24 +0000 (08:46 +0200)]
samba-tool: add -b/--base-dn option to computer list command
With this option it's e.g. possible to list the computers of a
specify OU or computers which are located under a different specific
place in the AD.
Signed-off-by: Jule Anger <ja@sernet.de>
Reviewed-by: Björn Baumbach <bb@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jule Anger [Tue, 27 Aug 2019 10:00:15 +0000 (12:00 +0200)]
samba-tool tests: add test-case for 'group list --base-dn'
Check if the group list --base-dn / -b command uses a specific base dn.
Signed-off-by: Jule Anger <ja@sernet.de>
Reviewed-by: Björn Baumbach <bb@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jule Anger [Mon, 12 Aug 2019 18:46:47 +0000 (20:46 +0200)]
samba-tool: add -b/--base-dn option to groups list command
With this option it's e.g. possible to list the groups of a
specify OU or groups which are located under a different specific
place in the AD.
Signed-off-by: Jule Anger <ja@sernet.de>
Pair-programmed-with: Björn Baumbach <bb@samba.org>
Reviewed-by: Björn Baumbach <bb@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Björn Baumbach [Tue, 21 Jan 2020 11:53:15 +0000 (12:53 +0100)]
samba-tool tests: add test-case for 'user getgrouops --full-dn'
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Ralph Boehme <slow@samba.org>
Björn Baumbach [Tue, 21 Jan 2020 10:39:30 +0000 (11:39 +0100)]
samba-tool: add --full-dn option for user getgroups command
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jule Anger [Tue, 27 Aug 2019 10:19:29 +0000 (12:19 +0200)]
samba-tool tests: add test-case for 'group listmembers --full-dn'
Check if the group listmembers --full-dn command displays DN instead of the sAMAccountName.
Signed-off-by: Jule Anger <ja@sernet.de>
Reviewed-by: Björn Baumbach <bb@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jule Anger [Thu, 22 Aug 2019 13:39:37 +0000 (15:39 +0200)]
samba-tool: add --full-dn option to group listmembers command
With this option the command lists the groupmembers distinguished names
instead of the sAMAccountName.
Signed-off-by: Jule Anger <ja@sernet.de>
Reviewed-by: Björn Baumbach <bb@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jule Anger [Wed, 28 Aug 2019 08:40:39 +0000 (10:40 +0200)]
samba-tool tests: add test case for 'user list --full-dn'
Check if the --full-dn option displays DN instead of the sAMAccountName.
Signed-off-by: Jule Anger <ja@sernet.de>
Reviewed-by: Björn Baumbach <bb@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jule Anger [Thu, 22 Aug 2019 07:30:21 +0000 (09:30 +0200)]
samba-tool: add --full-dn option to user list command
With this option the command lists the users distringuished names
instead of the sAMAccountNames.
Signed-off-by: Jule Anger <ja@sernet.de>
Reviewed-by: Björn Baumbach <bb@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jule Anger [Tue, 27 Aug 2019 11:05:03 +0000 (13:05 +0200)]
samba-tool tests: add test case for 'computer list --full-dn'
Check if the --full-dn option displays DN instead of the sAMAccountName.
Signed-off-by: Jule Anger <ja@sernet.de>
Reviewed-by: Björn Baumbach <bb@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jule Anger [Thu, 22 Aug 2019 07:12:31 +0000 (09:12 +0200)]
samba-tool: add --full-dn option to computer list command
With this option the command lists the computers distringuished names
instead of the sAMAccountNames.
Signed-off-by: Jule Anger <ja@sernet.de>
Reviewed-by: Björn Baumbach <bb@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jule Anger [Tue, 27 Aug 2019 09:49:12 +0000 (11:49 +0200)]
samba-tool tests: Add test-case for 'group list --full-dn'
Check if the --full-dn option displays DN instead of the sAMAccountName.
Signed-off-by: Jule Anger <ja@sernet.de>
Reviewed-by: Björn Baumbach <bb@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Björn Baumbach [Mon, 12 Aug 2019 18:43:48 +0000 (20:43 +0200)]
samba-tool: add --full-dn option to group list command
With this option the command lists the groups distringuished names
instead of the sAMAccountNames.
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Ralph Boehme <slow@samba.org>
David Disseldorp [Tue, 21 Jan 2020 10:32:50 +0000 (11:32 +0100)]
Revert "vfs_glusterfs: Return fake fd from pipe() during open"
This reverts commit
c9adf47ac5a5aa0dd12572c34b08cc51f15b2e97.
The fake fd is no longer necessary, as vfs_glusterfs now provides a
fcntl_fn hook.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14241
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
David Disseldorp [Tue, 21 Jan 2020 00:14:38 +0000 (01:14 +0100)]
vfs_glusterfs: add .fcntl_fn hook
This hook is currently called via vfs_set_blocking(), so can safely be
ignored.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14241
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
David Disseldorp [Tue, 21 Jan 2020 00:12:42 +0000 (01:12 +0100)]
vfs_ceph: add .fcntl_fn hook
This hook is currently called via vfs_set_blocking(), so can safely be
ignored.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14241
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Volker Lendecke [Mon, 20 Jan 2020 20:28:18 +0000 (21:28 +0100)]
testenv: No "mktemp" for in_screen
We don't use this
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Volker Lendecke [Tue, 16 Oct 2018 13:08:25 +0000 (15:08 +0200)]
testenv: Simplify "in_screen"
We don't need "seq", bash can do that itself, and we assume bash here
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Volker Lendecke [Mon, 20 Jan 2020 20:22:39 +0000 (21:22 +0100)]
testenv: Properly kill daemons
Without this, all the daemons were kept around
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Volker Lendecke [Mon, 20 Jan 2020 20:19:40 +0000 (21:19 +0100)]
testenv: Be more careful deleting environment tmpfiles
If there is more than one server we will have for example nt4_dc.smbd,
nt4_dc.nmbd and nt4_dc.winbind as daemon environments, together with
the commandline environment "nt4_dc" coming last. Before this patch we
would have deleted all previous tmpfiles in the commandline environment.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Martin Schwenke [Fri, 20 Dec 2019 07:16:13 +0000 (18:16 +1100)]
WHATSNEW: Add CTDB changes for 4.12
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Tue Jan 21 13:05:00 UTC 2020 on sn-devel-184
Martin Schwenke [Fri, 10 Jan 2020 03:25:39 +0000 (14:25 +1100)]
ctdb-mutex: Change default re-check time for fcntl helper to 5s
Testing against a commonly used cluster filesystem has shown no
performance impact, as expected.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Fri, 10 Jan 2020 04:45:48 +0000 (15:45 +1100)]
ctdb-tests: Add some tests to check recovery from recovery lock issues
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Fri, 10 Jan 2020 03:04:14 +0000 (14:04 +1100)]
ctdb-tests: Put recovery lock for local daemons into a subdirectory
This makes it more like the way it works with a cluster filesystem.
It also allows the subdirectory to be manipulated in tests.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Fri, 17 Jan 2020 04:30:01 +0000 (15:30 +1100)]
ctdb-tests: Add local_daemons.sh option for recovery lock recheck interval
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Gary Lockyer [Mon, 16 Dec 2019 00:57:47 +0000 (13:57 +1300)]
CVE-2019-19344 kcc dns scavenging: Fix use after free in dns_tombstone_records_zone
ldb_msg_add_empty reallocates the underlying element array, leaving
old_el pointing to freed memory.
This patch takes two defensive copies of the ldb message, and performs
the updates on them rather than the ldb messages in the result.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14050
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(master): Tue Jan 21 11:38:38 UTC 2020 on sn-devel-184
Andrew Bartlett [Fri, 29 Nov 2019 07:58:47 +0000 (20:58 +1300)]
CVE-2019-14907 lib/util: Do not print the failed to convert string into the logs
The string may be in another charset, or may be sensitive and
certainly may not be terminated. It is not safe to just print.
Found by Robert Święcki using a fuzzer he wrote for smbd.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14208
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Fri, 6 Dec 2019 05:26:11 +0000 (18:26 +1300)]
repl_meta_data: Only reset replMetaData entry for name if we made a conflict name here
We previously set it for any rename
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Fri, 6 Dec 2019 05:15:16 +0000 (18:15 +1300)]
repl_meta_data: Do not set *rename = true unless there has been a conflict on the incoming DN
The normal case of a partner-sent rename is not a cause for updating the replPropertyMetaData
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Fri, 6 Dec 2019 04:55:13 +0000 (17:55 +1300)]
repl_meta_data: Add comment explaining what is being renamed after the conflict is resolved
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Thu, 12 Dec 2019 01:44:57 +0000 (14:44 +1300)]
CVE-2019-14902 dsdb: Change basis of descriptor module deferred processing to be GUIDs
We can not process on the basis of a DN, as the DN may have changed in a rename,
not only that this module can see, but also from repl_meta_data below.
Therefore remove all the complex tree-based change processing, leaving only
a tree-based sort of the possible objects to be changed, and a single
stopped_dn variable containing the DN to stop processing below (after
a no-op change).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12497
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Fri, 6 Dec 2019 05:26:42 +0000 (18:26 +1300)]
CVE-2019-14902 repl_meta_data: Set renamed = true (and so do SD inheritance) after any rename
Previously if there was a conflict, but the incoming object would still
win, this was not marked as a rename, and so inheritence was not done.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12497
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Tue, 26 Nov 2019 02:50:35 +0000 (15:50 +1300)]
CVE-2019-14902 repl_meta_data: Fix issue where inherited Security Descriptors were not replicated.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12497
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Fri, 6 Dec 2019 05:05:54 +0000 (18:05 +1300)]
CVE-2019-14902 repl_meta_data: schedule SD propagation to a renamed DN
We need to check the SD of the parent if we rename, it is not the same as an incoming SD change.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12497
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Fri, 6 Dec 2019 04:54:23 +0000 (17:54 +1300)]
CVE-2019-14902 dsdb: Ensure we honour both change->force_self and change->force_children
If we are renaming a DN we can be in a situation where we need to
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12497
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Tue, 26 Nov 2019 03:17:32 +0000 (16:17 +1300)]
CVE-2019-14902 dsdb: Add comments explaining why SD propagation needs to be done here
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12497
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Tue, 26 Nov 2019 02:44:32 +0000 (15:44 +1300)]
CVE-2019-14902 dsdb: Explain that descriptor_sd_propagation_recursive() is proctected by a transaction
This means we can trust the DB did not change between the two search
requests.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12497
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Sun, 15 Dec 2019 22:29:27 +0000 (11:29 +1300)]
selftest: Add test to confirm ACL inheritence really happens
While we have a seperate test (sec_descriptor.py) that confirms inheritance in
general we want to lock in these specific patterns as this test covers
rename.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Tue, 10 Dec 2019 02:16:24 +0000 (15:16 +1300)]
CVE-2019-14902 selftest: Add test for a special case around replicated renames
It appears Samba is currently string-name based in the ACL inheritence code.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12497
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Thu, 28 Nov 2019 04:16:16 +0000 (17:16 +1300)]
CVE-2019-14902 selftest: Add test for replication of inherited security descriptors
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12497
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Martin Schwenke [Tue, 1 Oct 2019 03:52:38 +0000 (13:52 +1000)]
util: Add detection of libunwind
The current detection doesn't seem to work, so libunwind doesn't seem
to be used.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Tue Jan 21 08:12:17 UTC 2020 on sn-devel-184
Martin Schwenke [Fri, 17 Jan 2020 02:47:02 +0000 (13:47 +1100)]
s3: lib: dbwrap_ctdb: Ensure value_valid is set when creating empty record
Fixes:
PANIC: assert failed at ../../lib/dbwrap/dbwrap.c(82): rec->value_valid
PANIC (pid 902392): assert failed: rec->value_valid
BACKTRACE: 16 stack frames:
#0 bin/shared/libsamba-util.so.0(log_stack_trace+0x30) [0x7fb161f69cb0]
#1 bin/shared/libsmbconf.so.0(smb_panic_s3+0x23) [0x7fb1619f4863]
#2 bin/shared/libsamba-util.so.0(smb_panic+0x2f) [0x7fb161f69daf]
#3 bin/shared/private/libdbwrap-samba4.so(dbwrap_record_get_value+0x27) [0x7fb160a04c57]
#4 bin/shared/libsamba-passdb.so.0(+0x2d27c) [0x7fb1618e627c]
#5 bin/shared/libsamba-passdb.so.0(pdb_add_aliasmem+0x33) [0x7fb1618db663]
#6 bin/shared/libsamba-passdb.so.0(+0x1edbb) [0x7fb1618d7dbb]
#7 bin/shared/libsamba-passdb.so.0(create_builtin_administrators+0x167) [0x7fb1618d8217]
#8 bin/shared/private/libauth-samba4.so(finalize_local_nt_token+0x39d) [0x7fb16194bd5d]
#9 bin/shared/private/libauth-samba4.so(create_local_nt_token_from_info3+0x304) [0x7fb16194c3f4]
#10 bin/shared/private/libauth-samba4.so(create_local_token+0x3d6) [0x7fb161945106]
#11 bin/shared/private/libauth-samba4.so(+0x154b4) [0x7fb1619474b4]
#12 bin/shared/private/libauth-samba4.so(init_guest_session_info+0x58) [0x7fb161947798]
#13 ./bin/smbd(main+0x80f) [0x55944ef8f91f]
#14 /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xeb) [0x7fb161076bbb]
#15 ./bin/smbd(_start+0x2a) [0x55944ef90f8a]
This is a similar, additional fix to commit
36ea1e188d5ea8d40c47ffc466a494c1160e471c.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Jan 20 04:25:57 UTC 2020 on sn-devel-184
Volker Lendecke [Fri, 17 Jan 2020 15:00:18 +0000 (16:00 +0100)]
smbd: Fix claiming version
We now have to do an explicit DOWNGRADE when we want to change from
G_LOCK_WRITE to G_LOCK_READ.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sun Jan 19 19:58:01 UTC 2020 on sn-devel-184
Volker Lendecke [Wed, 8 Jan 2020 15:07:30 +0000 (16:07 +0100)]
lib: Use closefrom() in smbrun.c
INSURE is never defined or used.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 17 Jan 2020 10:28:31 +0000 (11:28 +0100)]
ctdbd: Use struct initialization
2 lines less
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sun, 19 Jan 2020 11:29:56 +0000 (12:29 +0100)]
dsdb: Use write_data() to write to the password check script
A simple write() might be interrupted or do short writes. Highly
unlikely, but if it happens, it will be impossible to diagnose.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sun, 19 Jan 2020 11:29:39 +0000 (12:29 +0100)]
dsdb: Align integer types
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sun, 19 Jan 2020 10:50:57 +0000 (11:50 +0100)]
lib: Align integer types
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andrew Bartlett [Sat, 18 Jan 2020 08:35:42 +0000 (18:35 +1000)]
heimdal_build: Remove bashism from --address-sanitizer build rule
export FOO=bar is a Bash extension, and is not required in this case, we only need the asn1_compile
to run under the variable, there are no further commands in this sub-shell.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Isaac Boukris <iboukris@samba.org>
Autobuild-User(master): Isaac Boukris <iboukris@samba.org>
Autobuild-Date(master): Sat Jan 18 12:25:16 UTC 2020 on sn-devel-184
Ralph Boehme [Fri, 17 Jan 2020 09:56:00 +0000 (10:56 +0100)]
smbd: avoid calling vfs_file_id_from_sbuf() if statinfo is not valid
When we're about to create a file, the stat info will be all zero, so
vfs_file_id_from_sbuf() would return a bogus file_id. This is normally not a
problem, as open_file() itself also calls vfs_file_id_from_sbuf() after having
created the file.
This is however a problem when using the VFS module fileid, as that is doing
caching of /etc/mtab and failing to find smb_fname->st.st_ex_dev (all zero in
this case when creating a new file) in the mtab cache will trigger a mtab reload
which can be *very* expensive.
Copying many small files to a Samba server in this situation will result in
abysimal performance.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14237
Pair-Programmed-With: Jeremy Allison <jra@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Jan 17 22:38:14 UTC 2020 on sn-devel-184
Anoop C S [Wed, 14 Aug 2019 12:33:01 +0000 (18:03 +0530)]
vfs_glusterfs: Return fake fd from pipe() during open
GlusterFS currently doesn't have an API implementation to set flags on
open file descriptor. Thus we use pipe() to provide valid file descriptor
from the system.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14241
Signed-off-by: Anoop C S <anoopcs@redhat.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Fri Jan 17 17:14:43 UTC 2020 on sn-devel-184
Douglas Bagnall [Thu, 16 Jan 2020 21:19:32 +0000 (10:19 +1300)]
fuzz_oLschema2ldif: check multiple possible NULLs
Address sanitizer will object to a theoretically possible NULL dereference
so we can't ignore these checks in set-up.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Jan 17 14:33:18 UTC 2020 on sn-devel-184
Douglas Bagnall [Thu, 16 Jan 2020 20:59:26 +0000 (09:59 +1300)]
fuzzing: check for NULL on ldb_init()
We simply return 0 because failure here is not a problem with the code we
are actually trying to fuzz. Without this asan is unhappy.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Günther Deschner [Thu, 16 Jan 2020 13:53:19 +0000 (14:53 +0100)]
librpc: add clusapi_GroupSetControlCode enum
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jan 16 21:34:27 UTC 2020 on sn-devel-184
Günther Deschner [Thu, 16 Jan 2020 13:38:56 +0000 (14:38 +0100)]
s4-torture: increase various bufsizes to better deal with Windows 2019 clusters
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Günther Deschner [Thu, 16 Jan 2020 10:19:52 +0000 (11:19 +0100)]
s4-torture: fix copy/paste error in clusapi group test
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Günther Deschner [Mon, 13 Jan 2020 13:37:40 +0000 (14:37 +0100)]
s4-torture: add clusapi GroupSet tests
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Günther Deschner [Mon, 13 Jan 2020 17:30:14 +0000 (18:30 +0100)]
s4-torture: fix asserts in clusapi_NodeControl tests
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Günther Deschner [Mon, 13 Jan 2020 15:11:26 +0000 (16:11 +0100)]
s4-torture: save cluster version in clusapi test context
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Günther Deschner [Fri, 10 Jan 2020 15:44:39 +0000 (16:44 +0100)]
librpc: add various new clusapi functions and types
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Douglas Bagnall [Thu, 16 Jan 2020 01:12:02 +0000 (14:12 +1300)]
samba-tool gpo: improve UNC parsing
The "UNC doesn't start with \\\\ or //" message was unreachable due to
a logic error, and an UNC starting with \\ would have been split on
/ if there were enough /s in the string.
The unreachable exception was first noticed by Gerhard Lausser in a
github pull request (https://github.com/samba-team/samba/pull/123),
but that patch no longer applies with this more thorough rewrite.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 14 Jan 2020 12:13:17 +0000 (13:13 +0100)]
torture: Test smbcontrol close-denied-share
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jan 15 22:51:14 UTC 2020 on sn-devel-184
Volker Lendecke [Mon, 13 Jan 2020 14:19:58 +0000 (15:19 +0100)]
smbd: Add close-denied-share message
This is like close-share, but kicks out only active users where share
access controls are changed such that now access would be denied
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 13 Jan 2020 14:37:25 +0000 (15:37 +0100)]
smbd: Move sharename check of conn_force_tdis() into a callback
Next commit will have an additional check
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 15 Jan 2020 11:40:38 +0000 (12:40 +0100)]
texpect: Avoid duplicate sys_write()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 15 Jan 2020 11:37:59 +0000 (12:37 +0100)]
texpect: Reformat long line
There will be more deps soon
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 15 Jan 2020 11:37:22 +0000 (12:37 +0100)]
texpect: Use lib/replace's closefrom()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Samuel Cabrero [Tue, 14 Jan 2020 16:12:33 +0000 (17:12 +0100)]
s3:libsmb: Fix querying all names registered within broadcast area
Wait for additional replies until timeout when '*' is given to nmblookup
as name.
Introduced by
8da8c36b53cc115f0d446b666fc24fc9423d808e.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=8927
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Douglas Bagnall [Fri, 10 Jan 2020 02:44:27 +0000 (15:44 +1300)]
fuzz: add nmblib/parse_packet target
We want to ensure that parse_packet() can parse a packet without
crashing, and that that parsed packet won't cause trouble further down
the line.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Gary Lockyer <gary@samba.org>
Autobuild-Date(master): Wed Jan 15 21:24:31 UTC 2020 on sn-devel-184
Douglas Bagnall [Fri, 10 Jan 2020 04:33:03 +0000 (17:33 +1300)]
fuzz: ldb binary decode/enode
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Douglas Bagnall [Thu, 9 Jan 2020 23:35:54 +0000 (12:35 +1300)]
fuzz: add ldb ldif fuzzer
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Douglas Bagnall [Thu, 9 Jan 2020 23:35:30 +0000 (12:35 +1300)]
fuzz: ldb_dn parsing
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Gary Lockyer [Tue, 14 Jan 2020 01:42:26 +0000 (14:42 +1300)]
lib ldb common: Fix memory leak
TALLOC_FREE the ldb_control allocated in ldb_parse_control_from_string
when none of the cases match.
Credit to OSS-Fuzz
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Björn Baumbach [Tue, 14 Jan 2020 14:19:40 +0000 (15:19 +0100)]
tests: Test samba-tool user setprimarygroup command
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Jan 15 13:30:53 UTC 2020 on sn-devel-184
Björn Baumbach [Tue, 14 Jan 2020 14:10:09 +0000 (15:10 +0100)]
tests: Test samba-tool user getgroups command
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Björn Baumbach [Wed, 18 Dec 2019 10:56:03 +0000 (11:56 +0100)]
selftest: create working directory for blackbox test
Required to run test separately.
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Wed, 16 May 2018 11:00:16 +0000 (13:00 +0200)]
samba-tool: implement user getgroups command
samba-tool user getgroups command to list a users group memberships.
Pair-programmed-with: Björn Baumbach <bb@sernet.de>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Björn Baumbach [Wed, 16 May 2018 08:19:16 +0000 (10:19 +0200)]
samba-tool: implement user setprimary group command (set primaryGroupID)
Introduce an option to set the primaryGroupID attribute of a user account.
Pair-programmed-with: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Björn Baumbach <bb@sernet.de>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Björn Jacke [Mon, 13 Jan 2020 15:43:21 +0000 (16:43 +0100)]
clitar: use modern DBG macros
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jan 14 20:42:10 UTC 2020 on sn-devel-184
Björn Jacke [Tue, 7 Jan 2020 11:04:49 +0000 (12:04 +0100)]
smbtar: adopt for new tar verbose option
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Björn Jacke [Sat, 4 Jan 2020 20:47:59 +0000 (21:47 +0100)]
smbclient/tar: add verbose mode
A verbose mode got lost with the introduction of libarchive support.
The verbose mode is optional, default is quiet mode.
The output format is close to the verbose output format of POSIX tar
implementations and should be good parsable.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11642
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 13 Jan 2020 14:23:45 +0000 (15:23 +0100)]
smbd: Protect against non-string "close-share" sharenames
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 14 Jan 2020 12:10:05 +0000 (13:10 +0100)]
test3: Fix usage check for test_sharesec.sh
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 14 Jan 2020 12:05:00 +0000 (13:05 +0100)]
lib: Avoid an unnecessary include
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 14 Jan 2020 12:03:45 +0000 (13:03 +0100)]
lib: Remove "msg_ctx" from server_id_watch_send()
Not needed
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 14 Jan 2020 12:02:27 +0000 (13:02 +0100)]
lib: Use tevent version of timeval_current_ofs()
We have tevent available anyway, use that infrastructure
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 14 Jan 2020 10:21:01 +0000 (11:21 +0100)]
nfs4acl: Align integer types
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Tue, 14 Jan 2020 13:36:52 +0000 (14:36 +0100)]
docs-xml: 'mangled names = illegal' is the new default
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Jan 14 15:18:02 UTC 2020 on sn-devel-184
Björn Jacke [Mon, 13 Jan 2020 12:02:29 +0000 (13:02 +0100)]
tests/DNS: add MX/SRV record tests with multiple spaces
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13788
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Björn Baumbach <bb@samba.org>
Autobuild-User(master): Björn Baumbach <bb@sernet.de>
Autobuild-Date(master): Tue Jan 14 11:58:20 UTC 2020 on sn-devel-184
git.samba.org / metze / samba / wip.git / log