Jule Anger [Tue, 8 Mar 2022 14:47:32 +0000 (15:47 +0100)]
VERSION: Disable GIT_SNAPSHOT for the 4.16.0rc5 release.
Signed-off-by: Jule Anger <janger@samba.org>
Jule Anger [Tue, 8 Mar 2022 14:46:47 +0000 (15:46 +0100)]
WHATSNEW: Add release notes for Samba 4.16.0rc5.
Signed-off-by: Jule Anger <janger@samba.org>
Stefan Metzmacher [Mon, 21 Feb 2022 09:29:12 +0000 (10:29 +0100)]
s4:kdc: redirect pre-authentication failures to an RWDC
The most important case is that we still have a previous
password cached at the RODC and the inbound replication
hasn't wiped the cache yet and we also haven't triggered
a new replication yet.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14865
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
0f5d7ff1a9fd14fd412b09883d413d1d660fa7be)
Autobuild-User(v4-16-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-16-test): Tue Mar 8 14:30:45 UTC 2022 on sn-devel-184
Stefan Metzmacher [Thu, 24 Feb 2022 20:31:52 +0000 (21:31 +0100)]
s4:kdc: let pac functions in wdc-samba4.c take astgs_request_t
NOTE: This commit finally works again!
This aligns us with the following Heimdal change:
commit
11d8a053f50c88256b4d49c7e482c2eb8f6bde33
Author: Stefan Metzmacher <metze@samba.org>
AuthorDate: Thu Feb 24 18:27:09 2022 +0100
Commit: Luke Howard <lukeh@padl.com>
CommitDate: Thu Mar 3 09:58:48 2022 +1100
kdc-plugin: also pass astgs_request_t to the pac related functions
This is more consistent and allows the pac hooks to be more flexible.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14865
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
27ee5ad713b760e8226537d79c529ace1efb07bf)
Stefan Metzmacher [Thu, 3 Mar 2022 18:17:06 +0000 (19:17 +0100)]
third_party/heimdal: import lorikeet-heimdal-
202203031927 (commit
7abc451ddd74d0c2e57dbb32f3198bde8def73ab)
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14865
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
f33f73f82fb2d5d96928ce5910e2d0d939c2ff57)
Jule Anger [Fri, 4 Mar 2022 08:02:28 +0000 (09:02 +0100)]
s3:utils: assign ids to struct to list shares correctly
The commit "
99d1f1fa10d smbd: Remove unused "struct connections_key"" removes
also the assignment of information to connections_data, which are needed to list
shares.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14999
Signed-off-by: Jule Anger <janger@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Jule Anger <janger@samba.org>
Autobuild-Date(master): Mon Mar 7 15:27:48 UTC 2022 on sn-devel-184
(cherry picked from commit
9e9e6955ba93691545ea35e39ebdc285cd484406)
Autobuild-User(v4-16-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-16-test): Tue Mar 8 11:31:47 UTC 2022 on sn-devel-184
Jule Anger [Mon, 7 Mar 2022 09:13:33 +0000 (10:13 +0100)]
s3:tests: Add a test to check the output of smbstatus.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14999
Signed-off-by: Jule Anger <janger@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
b108e039ab13ee9f8f2c629c5b57085a462d14db)
Jeremy Allison [Thu, 17 Feb 2022 19:12:39 +0000 (11:12 -0800)]
s3: smbd: Fix our leases code to return the correct error in the non-dynamic share case.
We now return INVALID_PARAMETER when trying to open a
different file with a duplicate lease key on the same
(non-dynamic) share. This will enable us to pass another
Windows test suite leases test.
We now behave the same as Windows10.
Remove knownfail.d/smb2-lease-duplicateopen
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14737
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Mulder <dmulder@suse.com>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Feb 18 20:12:12 UTC 2022 on sn-devel-184
(cherry picked from commit
408be54323861c24b6377b804be4428cf45b471e)
Autobuild-User(v4-16-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-16-test): Mon Mar 7 11:49:31 UTC 2022 on sn-devel-184
Jeremy Allison [Thu, 17 Feb 2022 18:58:32 +0000 (10:58 -0800)]
s4: torture: Add new SMB2 lease test test_lease_duplicate_open().
Checks we return INVALID_PARAMETER when trying to open a
different file with a duplicate lease key on the same share.
Checked against Windows10. Currently fails against smbd
so add knownfail.d/smb2-lease-duplicateopen
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14737
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Mulder <dmulder@suse.com>
(cherry picked from commit
ca3896b6f8bbcad68f042720feceedfa29ddbd83)
Jeremy Allison [Thu, 17 Feb 2022 17:58:27 +0000 (09:58 -0800)]
s4: torture: Add new SMB2 lease test test_lease_duplicate_create().
Checks we return INVALID_PARAMETER when trying to create a
new file with a duplicate lease key on the same share.
Checked against Windows10. Samba already passes this
but we didn't have a test before.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14737
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Mulder <dmulder@suse.com>
(cherry picked from commit
bf22548d11fe67ea3f4ec10dff81773d626e4703)
Stefan Metzmacher [Mon, 21 Feb 2022 14:28:53 +0000 (15:28 +0100)]
s3:trusts_utils: use a password length of 120 for machine accounts
This is important when we change the machine password against
an RODC that proxies the request to an RWDC.
An RODC using NetrServerPasswordSet2() to proxy PasswordUpdateForward via
NetrLogonSendToSam() ignores a return of NT_STATUS_INVALID_PARAMETER
and reports NT_STATUS_OK as result of NetrServerPasswordSet2().
This hopefully found the last hole in our very robust machine account
password handling logic inside of trust_pw_change().
The lesson is: try to be as identical to how windows works as possible,
everything else may use is untested code paths on Windows.
A similar problem was fixed by this commit:
commit
609ca657652862fd9c81fd11f818efb74f72ff55
Author: Joseph Sutton <josephsutton@catalyst.net.nz>
Date: Wed Feb 24 02:03:25 2021 +1300
provision: Decrease the length of random machine passwords
The current length of 128-255 UTF-16 characters currently causes
generation of crypt() passwords to typically fail. This commit
decreases the length to 120 UTF-16 characters, which is the same as
that used by Windows.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14621
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14984
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Feb 23 08:49:54 UTC 2022 on sn-devel-184
(cherry picked from commit
5e2386336c49fab46c1192db972af5da1e916b32)
Stefan Metzmacher [Mon, 21 Feb 2022 14:23:54 +0000 (15:23 +0100)]
upgradehelpers.py: add a comment to update_krbtgt_account_password()
The backend generates its own random krbtgt password values.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14984
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
ad0b5561b492dfa28acfc9604b2358bb8b490703)
Stefan Metzmacher [Mon, 21 Feb 2022 14:22:50 +0000 (15:22 +0100)]
provision: add a comment that the value of krbtgtpass is ignored in the backend
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14984
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
725c94d57d3d656bc94633dacbac683a4c11d3e6)
Stefan Metzmacher [Mon, 21 Feb 2022 14:22:06 +0000 (15:22 +0100)]
upgradehelpers.py: let update_machine_account_password() use 120 character passwords
We already changed provision to use 120 character passwords with commit
609ca657652862fd9c81fd11f818efb74f72ff55.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14984
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
6bb7c0f24918329804b7f4fb71908e8fab99e266)
Stefan Metzmacher [Mon, 21 Feb 2022 14:08:34 +0000 (15:08 +0100)]
provision: use 120 characters for the dns account password
We should use the same as for the computer account.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14984
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
3b91be36581de1007427d539daffdaa62752412d)
Stefan Metzmacher [Mon, 21 Feb 2022 14:03:22 +0000 (15:03 +0100)]
samba-tool/join_member: let py_net_join_member() choose the password
It means we'll let trust_pw_new_value() generate the password.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14984
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
59ac782452c4993274fa837256a8b9c5675e707b)
Stefan Metzmacher [Mon, 21 Feb 2022 22:48:37 +0000 (23:48 +0100)]
s3:py_net: allow machinepass=None to py_net_join_member()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14984
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
576bdb08c51c47c390cc390fbefdcfee275b7f0f)
Douglas Bagnall [Thu, 23 Dec 2021 01:37:29 +0000 (14:37 +1300)]
s4/auth/simple_bind: correctly report TLS state
It went wrong in
366f8cf0903e3583fda42696df62a5337f22131f
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Jan 26 12:39:52 UTC 2022 on sn-devel-184
(cherry picked from commit
309f1982263677045d407463eb19a2444c165a63)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14996
Autobuild-User(v4-16-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-16-test): Mon Mar 7 10:11:23 UTC 2022 on sn-devel-184
Douglas Bagnall [Wed, 26 Jan 2022 02:53:45 +0000 (15:53 +1300)]
pytest:auth_log: expect TLS connections when using ldaps
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
f37682747898591b37405f9e96a8135c15638637)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14996
Stefan Metzmacher [Tue, 1 Mar 2022 21:10:08 +0000 (10:10 +1300)]
s4:kdc: hdb_samba4_audit() is only called once per request
So we need to restructure the logic a bit.
NOTE: This commit finally works again!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14995
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Joseph Sutton <jsutton@samba.org>
Autobuild-Date(master): Tue Mar 1 23:28:22 UTC 2022 on sn-devel-184
(cherry picked from commit
791be84c3eecb95e03611458e2305bae272ba267)
Autobuild-User(v4-16-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-16-test): Wed Mar 2 11:24:26 UTC 2022 on sn-devel-184
Andrew Bartlett [Tue, 1 Mar 2022 21:00:17 +0000 (10:00 +1300)]
s4-kdc: Adapt to move from HDB auditing to KDC auditing constants
This is to adapt to:
commit
6530021f09a5cab631be19a1b5898a0ba6b32f16
Author: Luke Howard <lukeh@padl.com>
Date: Thu Jan 13 14:37:29 2022 +1100
kdc: move auth event definitions into KDC header
Move KDC auth event macro definitions out of hdb.h and into a new KDC header,
kdc-audit.h.
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14995
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
(cherry picked from commit
c9b0b4bfc4e2e0b08b21f39bf56fd5395d66d66f)
Joseph Sutton [Tue, 22 Feb 2022 20:53:27 +0000 (09:53 +1300)]
s4:kdc: Adapt to removal of publicly accessible request structure members
We now have to use the accessor functions instead.
This is an adaptation to Heimdal:
commit
ec24edf7005c340018450a202d27ca75fcf322d4
Author: Luke Howard <lukeh@padl.com>
Date: Thu Jan 20 09:15:24 2022 +1100
kdc: add accessor functions for KDC request structure
Add accessor functions for use by Samba and other plugin developers.
Documentation is in kdc/kdc-accessors.h.
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14995
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
9399a15fabb5a1b8470b1069a098132e2fdb7f0f)
Joseph Sutton [Tue, 22 Feb 2022 06:41:14 +0000 (19:41 +1300)]
s4:kdc: Adapt to hdb_entry_ex removal
Rather than having a 'free_entry' member that can be called to free an
hdb_entry, we now implement the free function in HDB. We perform the
free only if the context pointer is non-NULL.
We also remove the ZERO_STRUCTP() in sdb_entry_to_hdb_entry(), as the
context pointer is now part of the 'hdb_entry' structure itself, and
this would undesirably zero it out.
This is an adaptation to Heimdal commits:
commit
c5551775e204d00c7ee8055ab6ddbba7e0590584
Author: Luke Howard <lukeh@padl.com>
Date: Fri Jan 7 12:15:55 2022 +1100
hdb: decorate HDB_entry with context member
Decorate HDB_entry with context and move free_entry callback into HDB structure
itself. Requires updating hdb_free_entry() signature to include HDB parameter.
A follow-up commit will consolidate hdb_entry_ex (which has a single hdb_entry
member) into hdb_entry.
commit
0e8c4ccc6ee0123ea39e53e8917fc3f6bb74e8c8
Author: Luke Howard <lukeh@padl.com>
Date: Fri Jan 7 12:54:40 2022 +1100
hdb: eliminate hdb_entry_ex
Remove hdb_entry_ex and revert to the original design of hdb_entry (except with
an additional context member in hdb_entry which is managed by the free_entry
method in HDB).
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14995
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
94d387abd5031c12989f925ee5eb733432402d1d)
Joseph Sutton [Tue, 22 Feb 2022 03:30:27 +0000 (16:30 +1300)]
s4:kdc: Increment plugin minor version
This is an adaptation to Heimdal:
commit
40e4a4df09c2d6c3ba7bf14df1dee74a0bc18110
Author: Luke Howard <lukeh@padl.com>
Date: Mon Jan 10 12:50:37 2022 +1100
kdc: use astgs_request_t for client/server name (TGS)
Store the client and server principal name from the TGT and request
(respectively) in the astgs_request_t rather than using local variables.
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14995
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
068f2bf117ab9968011fdb8d60b98bb37d529658)
Joseph Sutton [Mon, 21 Feb 2022 06:12:28 +0000 (19:12 +1300)]
third_party/heimdal_build: Don't generate .x source files
This is an adaptation to Heimdal:
commit
9427796f1a65906f12768b28abdb5a928222f3c6
Author: Jeffrey Altman <jaltman@secure-endpoints.com>
Date: Wed Jan 5 15:45:23 2022 -0500
Generate .x source files as .c source files
The generated .x source and .hx header files are plain C source files.
Generate them as .c source files and avoid unnecessary file copying
and special makefile rules.
Change-Id: Ifc4bbe3c46dd357fdd642040ad964c7cfe1d395c
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14995
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
7cb68fdba75c362cdfd8f3bf08bcd9c22bbe4556)
Joseph Sutton [Tue, 22 Feb 2022 02:56:32 +0000 (15:56 +1300)]
s4:kdc: Explicitly set plugin minor version
This is an adaptation to Heimdal:
commit
7cc4b7a9e624f5eecfbb38607d4cc0870a895671
Author: Luke Howard <lukeh@padl.com>
Date: Wed Jan 5 13:08:11 2022 +1100
kdc: KDC plugin API contract notes
Add some notes about the KDC plugin API contract, and require plugins to
explicitly indicate which version of the API they support (remove the macro
alias for the current version).
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14995
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
675f913e54d8fddb9173c1e67b9d14885cc1d878)
Joseph Sutton [Tue, 22 Feb 2022 02:53:34 +0000 (15:53 +1300)]
third_party/heimdal_build: Add SFU source file
This is an adaptation to Heimdal:
commit
0287558838de79313e38026d2f0905ffc987d0b8
Author: Luke Howard <lukeh@padl.com>
Date: Fri Dec 24 13:49:55 2021 +1100
kdc: move Services for User implementation out of krb5tgs.c
Move the Services for User (SFU/S4U) implementation -- protocol transition and
constrained delegation -- into its own compilation unit, with an interface that
only takes an astgs_request_t, so it can be easily factored out into a plugin
module in the future.
This refactoring is also careful to update all client names in the request
structure after the SFU/S4U validation has successfully completed.
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14995
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
b9f4ea8bdb70476d6cc6df962bf6b28805588ed5)
Joseph Sutton [Tue, 22 Feb 2022 02:48:12 +0000 (15:48 +1300)]
s4:kdc: Adapt to removal of auth audit event types
This is an adaptation to Heimdal:
commit
06f8985c55fcd23e3efe0017ed2480c5b3c4524f
Author: Luke Howard <lukeh@padl.com>
Date: Wed Jan 5 09:42:03 2022 +1100
hdb: consolidate preauth audit event types
Instead of having distinct preauth success/failure events for different
mechanisms, have a single event; the mechanism can be disambiguated by querying
the HDB_REQUEST_KV_PA_NAME key.
Note: there is still an explicit event for long-term key-based success/failure
in order to help the backend implement lockout.
Audit failure (HDB_AUTH_EVENT_PREAUTH_FAILED) in the main preauth loop, rather
than in each mechanism. Success is still audited in the mechanism to allow
client pre-authentication success to be noted even if something subsequent
(e.g. encoding a reply, memory allocation) fails. The generic catch-all for
success remains.
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14995
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
f234361abea4166ce4e10cfa4e7f4096b83480a9)
Joseph Sutton [Tue, 22 Feb 2022 01:39:13 +0000 (14:39 +1300)]
s4:kdc: Rename windc to kdc plugin
This is an adaptation to Heimdal:
commit
fcff5933ade652343d7c169659da92fac0e6e0d4
Author: Luke Howard <lukeh@padl.com>
Date: Mon Jan 3 11:10:18 2022 +1100
kdc: rename windc to kdc plugin
Rename the "windc" plugin API to the more general "kdc" plugin API, for two
reasons: the Heimdal KDC uses the Windows PAC even when not emulating a domain
controller, and the plugin API has accreted methods that are not specific to
emulating a domain controller (such as referral_policy and finalize_reply).
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14995
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
83586e8f5846fff7a8bbe47e743e03166b559584)
Joseph Sutton [Mon, 21 Feb 2022 06:25:06 +0000 (19:25 +1300)]
s4:kdc: Add referral policy callback
This is now used instead of a configuration option.
This is an adaption to Heimdal:
commit
3fa47f5a1a422e178d968a8ec0d59889eaa71548
Author: Luke Howard <lukeh@padl.com>
Date: Sun Jan 2 21:51:43 2022 +1100
kdc: add referral_policy callback to windc plugin
Add a referral policy hook to the TGS as a more elegant way of resolving
referral detection for Samba). The hook can either rewrite the server_princ in
the request, or it can return an error to disable built-in referral processing.
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14995
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
a5799cea037a4613ba4d1073fff6e6151ed06c76)
Joseph Sutton [Mon, 21 Feb 2022 23:16:49 +0000 (12:16 +1300)]
s4:kdc: Add 'not authorised' auth events
This is an adaptation to Heimdal:
commit
d683780b1d728bf8c5b794a1f66842e5a25bd360
Author: Luke Howard <lukeh@padl.com>
Date: Sat Jan 1 23:44:05 2022 +1100
kdc: separate PKINIT/GSS authorization failure
Create a new audit event for PKINIT/GSS authorization (impersonation) failure
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14995
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
0d37a1928100e229bea46701b41d4efa72e10266)
Joseph Sutton [Mon, 21 Feb 2022 07:45:45 +0000 (20:45 +1300)]
s4:kdc: Adapt to removal of auth event details
This is an adaptation to Heimdal:
commit
e15e711b13e2fb33f4480a054cba60b6c4c0183b
Author: Luke Howard <lukeh@padl.com>
Date: Sat Jan 1 18:05:51 2022 +1100
kdc: remove auth_event_details audit key
The auth event details audit key (formerly, parameter to auth_status)
contained, variously, an encryption type name; a PKINIT client certificate
name; or, a GSS initiator name. Audit these instead using individual keys that
reflect the values' contents.
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14995
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
7989ef0aa7b75b2e5af7be445fc64cbf49b2985c)
Joseph Sutton [Mon, 21 Feb 2022 07:28:42 +0000 (20:28 +1300)]
s4:kdc: Refactor HDB API
This is an adaptation to Heimdal:
commit
b1dcc1a47485165ada778ef3c3463cfc0779d183
Author: Luke Howard <lukeh@padl.com>
Date: Fri Dec 31 17:24:58 2021 +1100
kdc: refactor Samba-specific auditing API in terms of existing API
Make Samba-specific HDB auth status API a wrapper on the existing auditing API,
with a view towards unifying the two APIs in a future commit.
The term "auth status" is replaced with "auth event", and the HDB auth_status
method is replaced with a more general purpose audit method which has access to
the entire request structure.
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14995
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
a2f7987d58372cfc52bc5f9786c0719439956fee)
Joseph Sutton [Tue, 22 Feb 2022 01:09:52 +0000 (14:09 +1300)]
third_party/heimdal_build: Add source files to build
This is an adaptation to Heimdal:
commit
be708ca3cf98900c61919f8ff7ced4428b5d1f32
Author: Nicolas Williams <nico@twosigma.com>
Date: Wed Dec 22 17:01:12 2021 -0600
gsskrb5: Add simple name attributes support
This adds Kerberos mechanism support for:
- composite principal name export/import
- getting rudimentary name attributes from GSS names using
gss_get_name_attribute():
- all (raw) authorization data from the Ticket
- all (raw) authorization data from the Authenticator
- transit path
- realm
- component count
- each component
- gss_inquire_name()
- gss_display_name_ext() (just for the hostbased service name type
though)
The test exercises almost all of the functionality, except for:
- getting the PAC
- getting authz-data from the Authenticator
- getting the transit path
TBD (much) later:
- amend test_context to do minimal name attribute checks as well
- gss_set_name_attribute() (to request authz-data)
- gss_delete_name_attribute()
- getting specific authorization data elements via URN fragments (as
opposed to all of them)
- parsing the PAC, extracting SIDs (each one as a separate value)
- some configurable local policy (?)
- plugin interface for additional local policy
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14995
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
f2ca9c5db7e1bb20cfc6705633b48c32b1496334)
Joseph Sutton [Tue, 1 Mar 2022 01:17:54 +0000 (14:17 +1300)]
third_party/heimdal: import lorikeet-heimdal-
202203010107 (commit
0e7a12404c388e831fe6933fcc3c86e7eb334825)
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14995
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
51569b3152a952d07fddaa3a70d60c920618c704)
Joseph Sutton [Tue, 22 Feb 2022 03:41:52 +0000 (16:41 +1300)]
third_party/heimdal_build: Define fallthrough macro for switch statements
This is an adaptation to Heimdal:
commit
ddc61136100b32346c4c4efa2bb6ddb5baedfb3e
Author: Nicolas Williams <nico@twosigma.com>
Date: Fri Jan 14 16:32:04 2022 -0600
Use fallthrough statement attribute
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14995
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
fccf9859786dfb50b317ea2296c2494997f0ae09)
Joseph Sutton [Thu, 24 Feb 2022 02:24:13 +0000 (15:24 +1300)]
third_party/heimdal_build: Determine whether time_t is signed
Without this, Heimdal will assume time_t is unsigned, and a wrong
assumption will cause 'infinite' ticket lifetimes to be reckoned as from
the past, and thus requests will fail with KDC_ERR_NEVER_VALID.
This is an adaptation to Heimdal:
commit
9ae9902249732237aa1711591604a6adf24963fe
Author: Nicolas Williams <nico@twosigma.com>
Date: Tue Feb 15 17:01:00 2022 -0600
cf: Check if time_t is signed
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14995
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Mar 1 18:07:50 UTC 2022 on sn-devel-184
(cherry picked from commit
9eb27f296ae2b797803fffbb7f4cb34d8eb06f34)
Joseph Sutton [Thu, 24 Feb 2022 02:30:17 +0000 (15:30 +1300)]
s4:kdc: Don't pass empty PAC buffers to krb5_pac_add_buffer()
Heimdal will no longer allow us to pass a dummy zero-length buffer to
krb5_pac_add_buffer(), so we have to pass a buffer of length 1 instead.
This is an adaption to Heimdal:
commit
190263bb7a56fc775b50a6cd0dc91820d2b2e5eb
Author: Jeffrey Altman <jaltman@secure-endpoints.com>
Date: Wed Jan 19 22:55:33 2022 -0500
assert non-NULL ptrs before calling mem funcs
The definitions of memcpy(), memmove(), and memset() state that
the behaviour is undefined if any of the pointer arguments are
NULL, and some compilers are known to make use of this to
optimise away existing NULL checks in the source.
Change-Id: I489bc256e3eac7ff41d91becb0b43aba73dbb3f9
Link: https://www.imperialviolet.org/2016/06/26/nonnull.html
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14995
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
9936038fae72fb440864be543e9afd500444d502)
Joseph Sutton [Tue, 22 Feb 2022 02:30:17 +0000 (15:30 +1300)]
third_party/heimdal_build: Add KDC_LIB macro definitions
This is an adaptation to Heimdal:
commit
7bb00a40eabbed2bc1c268f5244bfb9736d9bebe
Author: Luke Howard <lukeh@padl.com>
Date: Tue Jan 4 13:08:35 2022 +1100
kdc: fix Windows build
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14995
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
6d8fec7006e8eadf5967a6f2f5add7d3c2c7bd3e)
Joseph Sutton [Tue, 22 Feb 2022 01:15:43 +0000 (14:15 +1300)]
auth: Cope with NULL upn_name in PAC
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14995
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
ef95fb439237910b945b8d6a3ad4a140a8d6d1ea)
Stefan Metzmacher [Fri, 25 Feb 2022 06:40:17 +0000 (07:40 +0100)]
s4:sam: Don't use talloc_steal for msg attributes in authsam_make_user_info_dc()
This is most likely not a problem for the current callers,
but that it is unexpected and will likely cause problems with future
changes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14993
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14995
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
f6fe86924c2ca756083d3628d5dbace0b12d06b0)
Volker Lendecke [Wed, 23 Feb 2022 14:56:41 +0000 (15:56 +0100)]
smbd: Fix a use-after-free
stat_cache_lookup() allocates its result on top of talloc_tos().
filename_convert_smb1_search_path() creates a talloc_stackframe(),
which makes the names which were supposed to be allocated on the "ctx"
parameter of filename_convert_smb1_search_path() go away too
early. Reparent the results from stat_cache_lookup() properly.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14989
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Mar 1 20:59:55 UTC 2022 on sn-devel-184
(cherry picked from commit
8c97743511e4d53f795f2469a28aabfb96da0dfa)
Jule Anger [Tue, 1 Mar 2022 07:58:07 +0000 (08:58 +0100)]
VERSION: Bump version up to Samba 4.16.0rc5...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Jule Anger <janger@samba.org>
Jule Anger [Tue, 1 Mar 2022 07:57:23 +0000 (08:57 +0100)]
VERSION: Disable GIT_SNAPSHOT for the 4.16.0rc4 release.
Signed-off-by: Jule Anger <janger@samba.org>
Jule Anger [Tue, 1 Mar 2022 07:56:14 +0000 (08:56 +0100)]
WHATSNEW: Add release notes for Samba 4.16.0rc4.
Signed-off-by: Jule Anger <janger@samba.org>
Björn Jacke [Wed, 26 Dec 2018 00:03:29 +0000 (01:03 +0100)]
waf: re-add missing readlink test
this was another portability regression that came with the moving to waf
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13631
Signed-off-by: Bjoern Jacke <bj@sernet.de>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Feb 18 23:12:51 UTC 2022 on sn-devel-184
(cherry picked from commit
45cb14ac80889ac913f7f76dbfaebcb4d5ee14fd)
Autobuild-User(v4-16-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-16-test): Sun Feb 27 20:03:27 UTC 2022 on sn-devel-184
Björn Jacke [Wed, 26 Dec 2018 00:01:14 +0000 (01:01 +0100)]
readlink test: inverse return code
We need to return 0 in case readlink is *broken* here - this is because our waf
CHECK_CODE function does only allow generating defines in case the test succeeds
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13631
Signed-off-by: Bjoern Jacke <bj@sernet.de>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
e225ab70db0cc01454d319eaca5265d7e33f396c)
Bjoern Jacke [Fri, 11 Feb 2022 00:45:00 +0000 (00:45 +0000)]
vfs_aixacl: add proper header file
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7239
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
396c17160c19c6df43123074bf62268c6ed0f9e4)
Björn Jacke [Tue, 15 Feb 2022 13:25:41 +0000 (14:25 +0100)]
wscript: s/default/required/ _static_modules for the acl modules
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14974
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
89e903985b6968c5becc69b757b23144b1aba66e)
Björn Jacke [Fri, 11 Feb 2022 02:38:31 +0000 (03:38 +0100)]
acl: fix function arguments for AIX' and Solaris' sys_acl_get_fd()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14974
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
183ab5ced8377b63ad07d2e810396d3b414f4a7d)
Samuel Cabrero [Tue, 22 Feb 2022 13:28:44 +0000 (14:28 +0100)]
s3:winbind: Use the canonical principal name to renew the credentials
The principal name stored in the winbindd ccache entry might be an
enterprise principal name if enterprise principals are enabled. Use
the canonical name to renew the credentials.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14979
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
8246ccc23d064147412bb3475e6431a9fffc0d27)
Autobuild-User(v4-16-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-16-test): Fri Feb 25 18:08:19 UTC 2022 on sn-devel-184
Samuel Cabrero [Tue, 22 Feb 2022 12:19:02 +0000 (13:19 +0100)]
s3:winbind: Store canonical principal and realm in ccache entry
They will be used later to refresh the tickets.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14979
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
0f4f330773d272b4d28ff3ba5a41bdd4ba569c8b)
Samuel Cabrero [Tue, 22 Feb 2022 12:08:56 +0000 (13:08 +0100)]
s3:libads: Return canonical principal and realm from kerberos_return_pac()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14979
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
00b1f44a7e8f66976757535bcbc6bea97fb1c29f)
Samuel Cabrero [Tue, 22 Feb 2022 13:28:28 +0000 (14:28 +0100)]
lib:krb5_wrap: Fix wrong debug message and use newer debug macro
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
1b5b4107a5081f15ba215f3025056d509fcfcf2a)
Samuel Cabrero [Tue, 22 Feb 2022 12:00:05 +0000 (13:00 +0100)]
lib:krb5_wrap: Improve debug message and use newer debug macro
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
ed14513be055cc56eb39785323df2c538a813865)
Samuel Cabrero [Tue, 22 Feb 2022 11:59:44 +0000 (12:59 +0100)]
s3:libads: Fix memory leak in kerberos_return_pac() error path
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
3dbcd20de98cd28683a9c248368e5082b6388111)
Andreas Schneider [Tue, 1 Feb 2022 09:05:19 +0000 (10:05 +0100)]
docs-xml: Fix idmap_autorid documentation
What we want to avoid:
$ ./bin/testparm -s | grep "idmap config"
idmap config * : rangesize = 10000
idmap config * : range = 10000-19999
idmap config * : backend = autorid
$ ./bin/wbinfo --name-to-sid BUILTIN/Administrators
S-1-5-32-544 SID_ALIAS (4)
$ ./bin/wbinfo --sid-to-gid S-1-5-32-544
10000
$ ./bin/wbinfo --name-to-sid ADDOMAIN/alice
S-1-5-21-
4058748110-
895691256-
3682847423-1107 SID_USER (1)
$ ./bin/wbinfo --sid-to-gid S-1-5-21-
984165912-
589366285-
3903095728-1107
failed to call wbcSidToGid: WBC_ERR_DOMAIN_NOT_FOUND
Could not convert sid S-1-5-21-
984165912-
589366285-
3903095728-1107 to gid
If only one range is configured we are either not able to map users/groups
from our primary *and* the BUILTIN domain. We need at least two ranges to also
cover the BUILTIN domain!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14967
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit
7e5afd8f1f7e5cfab1a8ef7f4293ac465b7cd8de)
Autobuild-User(v4-16-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-16-test): Fri Feb 18 09:07:13 UTC 2022 on sn-devel-184
Andreas Schneider [Tue, 1 Feb 2022 09:07:50 +0000 (10:07 +0100)]
s3:utils: Add a testparm check for idmap autorid
What we want to avoid:
$ ./bin/testparm -s | grep "idmap config"
idmap config * : rangesize = 10000
idmap config * : range = 10000-19999
idmap config * : backend = autorid
$ ./bin/wbinfo --name-to-sid BUILTIN/Administrators
S-1-5-32-544 SID_ALIAS (4)
$ ./bin/wbinfo --sid-to-gid S-1-5-32-544
10000
$ ./bin/wbinfo --name-to-sid ADDOMAIN/alice
S-1-5-21-
4058748110-
895691256-
3682847423-1107 SID_USER (1)
$ ./bin/wbinfo --sid-to-gid S-1-5-21-
984165912-
589366285-
3903095728-1107
failed to call wbcSidToGid: WBC_ERR_DOMAIN_NOT_FOUND
Could not convert sid S-1-5-21-
984165912-
589366285-
3903095728-1107 to gid
If only one range is configured we are either not able to map users/groups
from our primary *and* the BUILTIN domain. We need at least two ranges to also
cover the BUILTIN domain!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14967
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit
db6d4da3411a910e7ce45fe1fecfabf2864eb9f4)
Andreas Schneider [Tue, 1 Feb 2022 09:06:30 +0000 (10:06 +0100)]
s3:winbindd: Add a sanity check for the range
What we want to avoid:
$ ./bin/testparm -s | grep "idmap config"
idmap config * : rangesize = 10000
idmap config * : range = 10000-19999
idmap config * : backend = autorid
$ ./bin/wbinfo --name-to-sid BUILTIN/Administrators
S-1-5-32-544 SID_ALIAS (4)
$ ./bin/wbinfo --sid-to-gid S-1-5-32-544
10000
$ ./bin/wbinfo --name-to-sid ADDOMAIN/alice
S-1-5-21-
4058748110-
895691256-
3682847423-1107 SID_USER (1)
$ ./bin/wbinfo --sid-to-gid S-1-5-21-
984165912-
589366285-
3903095728-1107
failed to call wbcSidToGid: WBC_ERR_DOMAIN_NOT_FOUND
Could not convert sid S-1-5-21-
984165912-
589366285-
3903095728-1107 to gid
If only one range is configured we are either not able to map users/groups
from our primary *and* the BUILTIN domain. We need at least two ranges to also
cover the BUILTIN domain!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14967
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit
fe84ae5547313e482ea0eba8ddca5b38a033dc8f)
Martin Schwenke [Sat, 22 Jan 2022 20:08:02 +0000 (07:08 +1100)]
ctdb-tests: Add a test for stalled node triggering election
A stalled node probably continues to hold the cluster lock, so confirm
elections work in this case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14958
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Mon Feb 14 02:46:01 UTC 2022 on sn-devel-184
(cherry picked from commit
331c435ce520bef1274e076e6ed491400db3b5ad)
Autobuild-User(v4-16-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-16-test): Tue Feb 15 09:55:38 UTC 2022 on sn-devel-184
Martin Schwenke [Sat, 22 Jan 2022 19:42:52 +0000 (06:42 +1100)]
ctdb-tests: Factor out functions to detect when generation changes
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14958
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
265e44abc42e1f5b7fef6550cd748459dbef80cb)
Martin Schwenke [Sat, 22 Jan 2022 19:21:51 +0000 (06:21 +1100)]
ctdb-recoverd: Consistently log start of election
Elections should now be quite rare, so always log when one begins.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14958
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
0e74e03c9cf83d5dc2d97fa9f38ff8fbaa3d2685)
Martin Schwenke [Sat, 22 Jan 2022 19:18:51 +0000 (06:18 +1100)]
ctdb-recoverd: Always send unknown leader broadcast when starting election
This is currently missed when the cluster lock is lost.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14958
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
bf55a0117d045e8ca888f7e01591cc2a2bce9223)
Martin Schwenke [Sat, 22 Jan 2022 18:49:18 +0000 (05:49 +1100)]
ctdb-recoverd: Consistently have caller set election-in-progress
The problem here is that election-in-progress must be set to
potentially avoid restarting the election broadcast timeout in
main_loop(), so this is already done by leader_handler().
Have force_election() set election-in-progress for all election types
and do not bother setting it in cluster_lock_election().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14958
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
9b3fab052bd2dccf2fc3fe9bd2b4354dff0b9ebb)
Martin Schwenke [Fri, 21 Jan 2022 07:09:47 +0000 (18:09 +1100)]
ctdb-recoverd: Always cancel election in progress
Election-in-progress is set by unknown leader broadcast, so needs to
be cleared in all cases when election completes.
This was seen in a case where the leader node stalled, so didn't send
leader broadcasts for some time. The node continued to hold the
cluster lock, so another node could not become leader. However, after
the node returned to normal it still did not send leader broadcasts
because election-in-progress was never cleared.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14958
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
188a9021565bc2c1bec1d7a4830d6f47cdbc44a9)
Jule Anger [Tue, 15 Feb 2022 07:12:02 +0000 (08:12 +0100)]
VERSION: Bump version up to Samba 4.16.0rc4...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Jule Anger <janger@samba.org>
Jule Anger [Tue, 15 Feb 2022 07:11:16 +0000 (08:11 +0100)]
VERSION: Disable GIT_SNAPSHOT for the 4.16.0rc3 release.
Signed-off-by: Jule Anger <janger@samba.org>
Jule Anger [Tue, 15 Feb 2022 07:10:19 +0000 (08:10 +0100)]
WHATSNEW: Add release notes for Samba 4.16.0rc3.
Signed-off-by: Jule Anger <janger@samba.org>
Volker Lendecke [Thu, 3 Feb 2022 12:20:11 +0000 (13:20 +0100)]
smbd: Safeguards for getpwuid
Attempt to fix
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14900
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
929ccd3d1afb864ea715fa4d3d8af8f997e5d2aa)
Autobuild-User(v4-16-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-16-test): Mon Feb 14 22:18:31 UTC 2022 on sn-devel-184
Volker Lendecke [Thu, 3 Feb 2022 16:17:07 +0000 (17:17 +0100)]
smbd: Only file_free() a self-created fsp in create_file_unixpath()
This fixes a use-after-free in smb_full_audit_create_file() when
calling SMB_VFS_CREATE_FILE with fsp->fsp_name as smb_fname.
create_file_unixpath() has this comment:
* This is really subtle. If someone passes in an smb_fname
* where smb_fname actually is taken from fsp->fsp_name, then
* the lifetime of these objects is meant to be the same.
so it seems legitimate to call CREATE_FILE this way.
When CREATE_FILE runs into an error, create_file_unixpath() does a
file_free, which also takes fsp->fsp_name with
it. smb_full_audit_create_file() wants to log the failure including
the smb_fname after NEXT_CREATE_FILE has exited, but this will then
use the already free'ed data.
Fix by only doing the file_free() on an fsp that
create_file_unixpath() created itself.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14975
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Feb 10 19:11:33 UTC 2022 on sn-devel-184
(cherry picked from commit
434e6d4b4b45757878642d229d26d146792a3878)
Autobuild-User(v4-16-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-16-test): Mon Feb 14 18:36:26 UTC 2022 on sn-devel-184
Volker Lendecke [Wed, 9 Feb 2022 17:03:33 +0000 (18:03 +0100)]
smbd: Introduce close_file_smb()
This does almost everything that close_file_free() does, but it leaves
the fsp around.
A normal close_file() now calls fsp_unbind_smb() twice. Functionally
this is not a problem, fsp_unbind_smb() is idempotent. The only
potential performance penalty might come from the loops in
remove_smb2_chained_fsp(), but those only are potentially large with
deeply queued smb2 requests. If that turns out to be a problem, we'll
cope with it later. The alternative would be to split up file_free()
into even more routines and make it more difficult to figure out which
of the "rundown/unbind/free" routines to call in any particular
situation.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14975
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
e91b59c4dfb2b35661dbecbc5769584109e23571)
Volker Lendecke [Wed, 9 Feb 2022 16:23:03 +0000 (17:23 +0100)]
smbd: Factor out fsp_unbind_smb() from file_free()
For example, remove our entry from smbXsrv_open_global.tdb
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14975
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
e751c6237b750adb4cb59df4a42bb9f39354e7e4)
Volker Lendecke [Thu, 3 Feb 2022 14:25:11 +0000 (15:25 +0100)]
torture: Add a test to show that full_audit uses a ptr after free
Run vfstest with this vfstest.cmd under valgrind and you'll see what
happens. Exact explanation a few patches further down...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14975
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
5f1ceead7094aefc6ad1f209468e9ea8f009716c)
Volker Lendecke [Wed, 2 Feb 2022 11:42:08 +0000 (12:42 +0100)]
smbd: Simplify the flow in close_file_free()
We are no longer called on base_fsp's in SHUTDOWN_CLOSE. That
simplifies the logic in the common case, we now have a linear flow for
the very often-called close_file()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14975
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
93fe9c83145d31ea11a9cd25049ac527ad4a000d)
Volker Lendecke [Wed, 2 Feb 2022 07:58:15 +0000 (08:58 +0100)]
smbd: No base fsps to close_file_free() from file_close_user()
Same logic as the change for file_close_conn()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14975
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
1fbd9877fead466a17d697c143cd370c0b27f610)
Volker Lendecke [Wed, 2 Feb 2022 11:27:50 +0000 (12:27 +0100)]
smbd: Factor out close_file_in_loop() from file_close_conn_fn()
To be reused in file_close_user(). Deliberately a separate commit to
make the previous commit easier to understand.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14975
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
61f57ba24ee2e54abf224118f93bd0ccda44ec41)
Volker Lendecke [Wed, 2 Feb 2022 07:58:15 +0000 (08:58 +0100)]
smbd: No base fsps to close_file_free() from file_close_conn()
close_file_free() needs to handle base fsps specially. This can be
simplified a lot if we pass the the open files a second time in case
we encountered base_fsps that we could not immediately delete.
file_close_conn() is not our hot code path, and also we don't expect
many thousand open files that we need to walk a second time.
A subsequent patch will simplify close_file_free(), the complicated
logic is now in files.c, where it IMHO belongs because
file_set_base_fsp() are here as well.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14975
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
d1341d666af12965b4318f89b1d0e1e8769e861e)
Volker Lendecke [Tue, 1 Feb 2022 16:47:29 +0000 (17:47 +0100)]
smbd: NULL out "fsp" in close_file()
Quite a few places already had this in the caller, but not all. Rename
close_file() to close_file_free() appropriately. We'll factor out
close_file_smb() doing only parts of close_file_free() later.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14975
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
f5bc73a2ad97647f76143f7962c964f45aa6b1a0)
Volker Lendecke [Tue, 1 Feb 2022 16:21:24 +0000 (17:21 +0100)]
smbd: Call file_free() just once in close_file()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14975
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
363ac7533895fda786f56c4fe8346128753f38a5)
Volker Lendecke [Tue, 1 Feb 2022 16:19:54 +0000 (17:19 +0100)]
smbd: Move the call to file_free() out of close_fake_file()
Centralize calling file_free(), but leave close_fake_file() in for API
symmetry reasons.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14975
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
244c5a7d31c3a37082b320680f2b71108d77bbd4)
Volker Lendecke [Tue, 1 Feb 2022 16:17:36 +0000 (17:17 +0100)]
smbd: Move the call to file_free() out of close_normal_file()
Call file_free() just once
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14975
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
2293ca5b572178404273856f8d8989a5ee7de80c)
Volker Lendecke [Tue, 1 Feb 2022 16:14:34 +0000 (17:14 +0100)]
smbd: Move the call to file_free() out of close_directory()
Call file_free() just once
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14975
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
9966b5e233ef2ff0368ba5860c824c7cd6420415)
Volker Lendecke [Wed, 9 Feb 2022 09:02:46 +0000 (10:02 +0100)]
smbd: Slightly simplify create_file_unixpath()
Avoid the "needs_fsp_unlink" variable, describe the talloc hierarchy a
bit differently in the comments.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14975
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
1c1734974fcf1d060bc6bcdbe1858cba1b7e5a73)
Pavel Filipenský [Mon, 7 Feb 2022 22:06:10 +0000 (23:06 +0100)]
s3:modules: Fix virusfilter_vfs_openat
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14971
Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Feb 10 22:09:06 UTC 2022 on sn-devel-184
(cherry picked from commit
3f1c958f6fa9d2991185f4e281a377a295d09f9c)
Autobuild-User(v4-16-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-16-test): Mon Feb 14 14:26:30 UTC 2022 on sn-devel-184
Pavel Filipenský [Tue, 8 Feb 2022 14:35:48 +0000 (15:35 +0100)]
s3:selftest: Add test for virus scanner
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14971
Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
a25c714c34d3e00e0f3c29d2acfa98cf9cdbc544)
Pavel Filipenský [Tue, 8 Feb 2022 14:34:56 +0000 (15:34 +0100)]
selftest: Fix trailing whitespace in Samba3.pm
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14971
Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
547b4c595a8513a4be99177edbaa39ce43840f7a)
Pavel Filipenský [Tue, 8 Feb 2022 21:35:29 +0000 (22:35 +0100)]
docs-xml:manpages: Document 'dummy' virusfilter and 'virusfilter:infected files'
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14971
Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
2fd518e5cc63221c162c9b3f8526b9b7c9e34969)
Pavel Filipenský [Tue, 8 Feb 2022 11:07:03 +0000 (12:07 +0100)]
s3:modules: Implement dummy virus scanner that uses filename matching
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14971
Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
9f34babec7c6aca3d91f226705d3b3996792e5f1)
Andreas Schneider [Wed, 9 Feb 2022 15:33:10 +0000 (16:33 +0100)]
selftest: Do not force -d0 for smbd/nmbd/winbindd
We have the env variable SERVER_LOG_LEVEL which allows you to change
the log level on the command line. If we force -d0 this will not work.
make test TESTS="samba" SERVER_LOG_LEVEL=10
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
9693f7ea7383c6a51ab58b7c8255b30206f18a3b)
Andreas Schneider [Wed, 26 Jan 2022 07:44:13 +0000 (08:44 +0100)]
s4:kdc: Translate HDB flags to SDB flags
We used to have a 1 to 1 mapping, but now we have
a conflict with these:
#define SDB_F_FORCE_CANON 16384
#define HDB_F_PRECHECK 16384
We currently don't really care about HDB_F_PRECHECK,
so we can just filter it out.
In the long run we may change the SDB flags space to uint64...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14960
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
6063e8016fccbefd1c3fe378e3807c77bc04e4ec)
Autobuild-User(v4-16-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-16-test): Mon Feb 14 09:58:46 UTC 2022 on sn-devel-184
Andreas Schneider [Wed, 26 Jan 2022 07:43:41 +0000 (08:43 +0100)]
s4:kdc: Remove trailing spaces in hdb-samba4.c
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14960
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
2a0d6c11330c40f5692dc07ed6482c7107035bd4)
Andreas Schneider [Wed, 26 Jan 2022 07:39:50 +0000 (08:39 +0100)]
s4:kdc: Add a HDB to SDB mask
For most flags the mapping is 1 to 1, but it's not always
the case anymore.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14960
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
63e00f81b5dd05b50e6ac286e87b8637a4ecd7e0)
Stefan Metzmacher [Mon, 31 Jan 2022 19:33:43 +0000 (20:33 +0100)]
libcli/smb: let smb2_signing_decrypt_pdu() cope with gnutls_aead_cipher_decrypt() ptext_len bug
The initial implementation of gnutls_aead_cipher_decrypt() had a bug and
used:
*ptext_len = ctext_len;
instead of:
*ptext_len = ctext_len - tag_size;
This got fixed with gnutls 3.5.2.
As we only require gnutls 3.4.7 we need to cope with this...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14968
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Feb 2 18:29:08 UTC 2022 on sn-devel-184
(cherry picked from commit
735f3d7dde3daf5d0af2e8a1de60422b88663992)
Autobuild-User(v4-16-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-16-test): Sun Feb 13 10:18:29 UTC 2022 on sn-devel-184
Stefan Metzmacher [Mon, 31 Jan 2022 19:33:43 +0000 (20:33 +0100)]
libcli/smb: fix error checking in smb2_signing_decrypt_pdu() invalid ptext_len
When the ptext_size != m_total check fails, we call this:
status = gnutls_error_to_ntstatus(rc, NT_STATUS_INTERNAL_ERROR);
goto out;
As rc is 0 at that point we'll exit smb2_signing_decrypt_pdu()
with NT_STATUS_OK, but without copying the decrypted data
back into the callers buffer. Which leads to strange errors
in the caller.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14968
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
99182af4ab5a3413311e27c2a193e09babceb01c)
Stefan Metzmacher [Tue, 1 Feb 2022 09:52:27 +0000 (10:52 +0100)]
selftest/quick: add smb2.session
We run the quicktest on each linux distro as part of samba-o3 builds.
We should make sure smb2 signing/enctyption works on all of them
and all different system libraries.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14968
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
68e62962b08497da8359ddbe4324443818c05cd1)
Ralph Boehme [Fri, 28 Jan 2022 16:51:10 +0000 (17:51 +0100)]
s3/libads: ensure a sockaddr variable is correctly zero initialized
is_zero_addr() doesn't work with addresses that have been zero-initialized.
This fixes the logic added in
c863cc2ba34025731a18ac735f714b5b888504da.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14674
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2354
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Feb 8 20:24:12 UTC 2022 on sn-devel-184
(cherry picked from commit
3ee690455eb963dedc7955b79316481387d4ac8c)
Autobuild-User(v4-16-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-16-test): Wed Feb 9 12:03:17 UTC 2022 on sn-devel-184
Ralph Boehme [Mon, 31 Jan 2022 11:54:12 +0000 (12:54 +0100)]
s3/libads: simplify storing existing ads->ldap.ss
We just need temporal storage for ads->ldap.ss, no need to store it as a struct
samba_sockaddr.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14674
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2354
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
c266ed40aeb1b1f59a1811cd4511e32e44a4a719)
Jeremy Allison [Thu, 3 Feb 2022 23:59:51 +0000 (15:59 -0800)]
s3: libsmb: Call cli_dfs_target_check() from cli_smb2_rename_send().
Strips off any DFS prefix from the target if passed in.
Remove knownfail selftest/knownfail.d/msdfs-rename.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14169
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Fri Feb 4 12:02:36 UTC 2022 on sn-devel-184
(cherry picked from commit
b9b82f3611c56e837e9189f5275ae9a78e647262)
Jeremy Allison [Thu, 3 Feb 2022 23:56:51 +0000 (15:56 -0800)]
s3: libsmb: Call cli_dfs_target_check() from cli_cifs_rename_send().
Strips off any DFS prefix from the target if passed in.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14169
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
(cherry picked from commit
4473aea926fe4ddd23a6e0913009bb1a0a1eaa90)
Jeremy Allison [Thu, 3 Feb 2022 23:54:55 +0000 (15:54 -0800)]
s3: libsmb: Call cli_dfs_target_check() from cli_smb1_rename_send().
Strips off any DFS prefix from the target if passed in.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14169
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
(cherry picked from commit
dd0317f6ecb572a80893405daa83e079dbcdf113)