Jule Anger [Wed, 1 Feb 2023 17:27:44 +0000 (18:27 +0100)]
VERSION: Disable GIT_SNAPSHOT for the 4.18.0rc2 release.
Signed-off-by: Jule Anger <janger@samba.org>
Jule Anger [Wed, 1 Feb 2023 17:27:16 +0000 (18:27 +0100)]
WHATSNEW: Add release notes for Samba 4.18.0rc2.
Signed-off-by: Jule Anger <janger@samba.org>
Jule Anger [Wed, 1 Feb 2023 17:35:25 +0000 (18:35 +0100)]
tmp
Andrew Bartlett [Wed, 1 Feb 2023 00:08:05 +0000 (13:08 +1300)]
WHATSNEW: Add note about Azure AD cloud connect sync support
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(v4-18-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-18-test): Wed Feb 1 17:26:50 UTC 2023 on atb-devel-224
Andrew Bartlett [Wed, 25 Jan 2023 02:24:57 +0000 (15:24 +1300)]
s4-drsuapi: Give an error that matches windows on destination_dsa_guid lookup failure
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Jan 31 13:43:54 UTC 2023 on atb-devel-224
(cherry picked from commit
0f2978bbc0ed5b65d75c20472650a749643312e7)
Andrew Bartlett [Wed, 25 Jan 2023 03:01:48 +0000 (16:01 +1300)]
s4-drsuapi: Clarify role of drs_security_access_check_nc_root()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
1838f349c94b878de1740af35351a2e8e0c8cffb)
Andrew Bartlett [Wed, 25 Jan 2023 01:18:11 +0000 (14:18 +1300)]
s4-rpc_server: Pre-check destination_dsa_guid in GetNCChanges for validity
This allows our new tests to pass as these need to be checked first.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
115a3a10440f44ba11029be5ae3a05534a7b98c0)
Andrew Bartlett [Wed, 25 Jan 2023 02:24:01 +0000 (15:24 +1300)]
s4-drsuapi: Use samdb_get_ntds_obj_by_guid() to find RODC in REPL_SECRET
We need to find the RODC per the destination_dsa_guid to mark the secrets as
having been replicated, and by using samdb_get_ntds_obj_by_guid() we are stricter
in the checks, as the RODC has to be the right objectClass (nTDSDSA) and under
the CN=Configuration partition.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
09ec6a1db2d3b831548bf7d66475c486be29b1d1)
Andrew Bartlett [Wed, 25 Jan 2023 02:18:47 +0000 (15:18 +1300)]
s4-dsdb: Require that the NTDS object is an nTDSDSA objectclass
This should avoid a user being able to specify the GUID of a different
type of object.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
adb776149e5ac0eb346992775610627106e1a986)
Andrew Bartlett [Wed, 25 Jan 2023 02:17:44 +0000 (15:17 +1300)]
s4-dsdb: Split samdb_get_ntds_obj_by_guid() out of samdb_is_rodc()
This will allow the logic here to be tighened up and shared
in the next few commits.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
d5a2af3feae98057ba29de444d308d499d633941)
Andrew Bartlett [Fri, 16 Dec 2022 01:22:20 +0000 (14:22 +1300)]
s4-rpc_server/drsuapi: Return correct error code for an invalid DN to EXOP_REPL_OBJ/EXOP_REPL_OBJ
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
cbe18353d8d7b2a35b965e4fc8c895ac497e67e8)
Andrew Bartlett [Tue, 31 Jan 2023 00:29:05 +0000 (13:29 +1300)]
s4-drs: Make drs_ObjectIdentifier_to_dn() safer and able to cope with DummyDN values
We want to totally ignore the string DN if there is a GUID,
as clients like "Microsoft Azure AD connect cloud sync" will
set a literal "DummyDN" string.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
73f3ece8b2b44ac4b3323a08fb969f29bf2b0380)
Andrew Bartlett [Sun, 11 Dec 2022 20:47:36 +0000 (09:47 +1300)]
s4-dsdb: rework drs_ObjectIdentifier_to_dn() into drs_ObjectIdentifier_to_dn_and_nc_root()
This make this funciton the gatekeeper between the wire format and the
internal struct ldb_dn, checking if the DN exists and which NC
it belongs to along the way, and presenting only a DB-returned
DN for internal processing.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
aee2039e63ceeb5e69a0461fb77e0f18278e4dc4)
Andrew Bartlett [Mon, 12 Dec 2022 03:15:44 +0000 (16:15 +1300)]
s4-rpc_server/drsuapi: Use dsdb_normalise_dn_and_find_nc_root()
This reuses the search done for dsdb_find_nc_root() to normalise the DN.
This will allow a GUID-input DN to be compared safely with a RID Manager DN
or Naming Context.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
e96dfc74b3ece40fe64a33aa8b8d810b576982bd)
Andrew Bartlett [Mon, 12 Dec 2022 03:15:03 +0000 (16:15 +1300)]
s4-dsdb: Add dsdb_normalise_dn_and_find_nc_root() around dsdb_find_nc_root()
Reuse the search done for dsdb_find_nc_root() to normalise the DN.
This will allow a GUID-input DN to be compared safely with a RID Manager DN
or Naming Context.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
8e1122420efd11a91aa1c5d60c0cc8fd9ffaf157)
Andrew Bartlett [Thu, 15 Dec 2022 05:52:20 +0000 (18:52 +1300)]
s4-dsdb: Add better debugging to dsdb_objects_have_same_nc()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
0f501b2316af6568003e520848c1ec80c286fd36)
Andrew Bartlett [Mon, 5 Dec 2022 09:21:29 +0000 (22:21 +1300)]
s4-dsdb: Make dsdb_find_nc_root() first try and use DSDB_CONTROL_CURRENT_PARTITION_OID
This allows lookup of a DN with a GUID only or GUID and string,
possibly not yet in the database, yet still getting the correct result.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
d0444be4b74bdad6a731bc5fcf86da6142b03539)
Andrew Bartlett [Wed, 25 Jan 2023 20:44:01 +0000 (09:44 +1300)]
s4-dsdb: Schedule SD propegation only after successful rename
This avoids needing to anticipate errors that the rename might give
while allowing the dsdb_find_nc_root() routine to become stricter.
The problem is that dsdb_find_nc_root() will soon do a real search and
so fail more often, but these failures will give "wrong" error codes.
We do not need to do this work if the operation fails, so put this in
the callback.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
7032b86cd5c1456318558ed95f8890e353117ced)
Andrew Bartlett [Thu, 15 Dec 2022 03:02:55 +0000 (16:02 +1300)]
s4-selftest/drs: Confirm GetNCChanges REPL_SECRET works with a DummyDN and real GUID
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
7c43388576f768db564aaf15a47d3f9ce5796fb3)
Andrew Bartlett [Thu, 15 Dec 2022 03:02:27 +0000 (16:02 +1300)]
s4-selftest/drs: Confirm GetNCChanges full replication works with a DummyDN and real GUID
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
539221dda33f03a1abf5ee5f3153db0fe1a9bfe6)
Andrew Bartlett [Fri, 2 Dec 2022 02:30:05 +0000 (15:30 +1300)]
s4-selftest/drs: Confirm GetNCChanges REPL_OBJ works with a DummyDN and real GUID
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
70faccae6d595056174af8d63b3437c9fe3805aa)
Andrew Bartlett [Thu, 1 Dec 2022 22:56:38 +0000 (11:56 +1300)]
s4-selftest/drs Allow re-run of DRS tests after failed cleanup
Using a random base is a useful start, even if the better solution also includes a self.AddCleanup()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
3204d1350b21704474e577cb5f3f2439b673c421)
Andrew Bartlett [Thu, 1 Dec 2022 22:42:55 +0000 (11:42 +1300)]
s4-selftest/drs Allow some DRS tests to operate against an IP
This is not comprehensive, but makes some manual test runs easier by
avoiding the need for DNS names to resolve.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
a150a2dcb1fc7fc7f606838de17ad4d3e6072bda)
Andrew Bartlett [Thu, 1 Dec 2022 21:07:53 +0000 (10:07 +1300)]
s4-selftest/drs Add test of expected return code for invaid DNs in GetNCChanges
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
bee45e6b29b97e0cab19a9c3cf692d9a7585a717)
Andrew Bartlett [Wed, 14 Dec 2022 23:05:55 +0000 (12:05 +1300)]
s4-dsdb: Add tests of SamDB.get_nc_root()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
2c7bb58703c1fa26782ac6959ea7d81fccf3905c)
Noel Power [Wed, 25 Jan 2023 17:03:07 +0000 (17:03 +0000)]
s3/lib: Prevent use after free of messaging_ctdb_fde_ev structs
In a cluster setup samba-bgqd async callback
cups_pcap_load_async can access messaging_ctdb_fde_ev associated
with already destructed global_ctdb_ctx_destructor
==26053== Invalid read of size 8
==26053== at 0x71692E1: messaging_ctdb_fde_ev_destructor (messages_ctdb.c:181)
==26053== by 0x40B2309: _tc_free_internal (talloc.c:1158)
==26053== by 0x40B3539: _tc_free_children_internal (talloc.c:1669)
==26053== by 0x40B24C4: _tc_free_internal (talloc.c:1184)
==26053== by 0x40B3539: _tc_free_children_internal (talloc.c:1669)
==26053== by 0x40B24C4: _tc_free_internal (talloc.c:1184)
==26053== by 0x40B2685: _talloc_free_internal (talloc.c:1248)
==26053== by 0x40B3963: _talloc_free (talloc.c:1792)
==26053== by 0x4056BCA: tevent_req_received (tevent_req.c:301)
==26053== by 0x405673D: tevent_req_destructor (tevent_req.c:135)
==26053== by 0x40B2309: _tc_free_internal (talloc.c:1158)
==26053== by 0x40B3539: _tc_free_children_internal (talloc.c:1669)
==26053== by 0x40B24C4: _tc_free_internal (talloc.c:1184)
==26053== by 0x40B2685: _talloc_free_internal (talloc.c:1248)
==26053== by 0x40B3963: _talloc_free (talloc.c:1792)
==26053== by 0x1384EF: cups_pcap_load_async (print_cups.c:507)
==26053== by 0x13894B: cups_cache_reload (print_cups.c:602)
==26053== by 0x1373AE: pcap_cache_reload (pcap.c:140)
==26053== by 0x1369D2: register_printing_bq_handlers (queue_process.c:323)
==26053== by 0x122AD6: main (samba-bgqd.c:316)
==26053== Address 0xed64d48 is 120 bytes inside a block of size 128 free'd
==26053== at 0x4C370EB: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==26053== by 0x40B25E1: _tc_free_internal (talloc.c:1222)
==26053== by 0x40B2685: _talloc_free_internal (talloc.c:1248)
==26053== by 0x40B3963: _talloc_free (talloc.c:1792)
==26053== by 0x71691F6: messaging_ctdb_destroy (messages_ctdb.c:141)
==26053== by 0x7169C21: msg_ctdb_ref_destructor (messages_ctdb_ref.c:142)
==26053== by 0x40B2309: _tc_free_internal (talloc.c:1158)
==26053== by 0x40B3539: _tc_free_children_internal (talloc.c:1669)
==26053== by 0x40B24C4: _tc_free_internal (talloc.c:1184)
==26053== by 0x40B2685: _talloc_free_internal (talloc.c:1248)
==26053== by 0x40B3963: _talloc_free (talloc.c:1792)
==26053== by 0x4157380: messaging_reinit (messages.c:646)
==26053== by 0x416C01E: reinit_after_fork (util.c:488)
==26053== by 0x13844C: cups_pcap_load_async (print_cups.c:498)
==26053== by 0x13894B: cups_cache_reload (print_cups.c:602)
==26053== by 0x1373AE: pcap_cache_reload (pcap.c:140)
==26053== by 0x1369D2: register_printing_bq_handlers (queue_process.c:323)
==26053== by 0x122AD6: main (samba-bgqd.c:316)
==26053== Block was alloc'd at
==26053== at 0x4C346A4: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==26053== by 0x40B1989: __talloc_with_prefix (talloc.c:783)
==26053== by 0x40B1B23: __talloc (talloc.c:825)
==26053== by 0x40B1ECC: _talloc_named_const (talloc.c:982)
==26053== by 0x40B49C3: _talloc_zero (talloc.c:2421)
==26053== by 0x7168E68: messaging_ctdb_init (messages_ctdb.c:93)
==26053== by 0x716979D: messaging_ctdb_ref (messages_ctdb_ref.c:75)
==26053== by 0x415702A: messaging_init_internal (messages.c:563)
==26053== by 0x41572FD: messaging_init (messages.c:622)
==26053== by 0x4163ED3: global_messaging_context (global_contexts.c:62)
==26053== by 0x12273B: main (samba-bgqd.c:271)
==26053==
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15293
Signed-off-by: Noel Power <npower@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
7a880ef52dfc85ed2f674250b5baf5109f8d4691)
Autobuild-User(v4-18-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-18-test): Tue Jan 31 12:49:50 UTC 2023 on atb-devel-224
Stefan Metzmacher [Thu, 16 Dec 2021 17:24:16 +0000 (18:24 +0100)]
s3:auth: call wbcFreeMemory(info) in auth3_generate_session_info_pac()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15286
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
e27084f5d8c3a151c5d0b266118f0d71b641dc85)
Björn Baumbach [Thu, 19 Jan 2023 13:52:04 +0000 (14:52 +0100)]
WHATSNEW: add acl_xattr:security_acl_name option
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Ralph Boehme <slow@samba.org>
Douglas Bagnall [Thu, 19 Jan 2023 01:18:15 +0000 (14:18 +1300)]
WHATSNEW 4.18: mention samba-tool dsacl delete
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(v4-18-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-18-test): Fri Jan 20 12:00:40 UTC 2023 on atb-devel-224
Stefan Metzmacher [Thu, 19 Jan 2023 12:43:44 +0000 (13:43 +0100)]
VERSION: Bump version up to 4.18.0rc2...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(v4-18-test): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(v4-18-test): Thu Jan 19 14:33:06 UTC 2023 on atb-devel-224
Jule Anger [Wed, 18 Jan 2023 15:44:14 +0000 (16:44 +0100)]
VERSION: Disable GIT_SNAPSHOT for the Samba 4.18.0rc1 release.
Signed-off-by: Jule Anger <janger@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Jule Anger [Wed, 18 Jan 2023 15:43:03 +0000 (16:43 +0100)]
WHATSNEW: Up to Samba 4.18.0rc1.
Signed-off-by: Jule Anger <janger@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Wed, 18 Jan 2023 14:53:46 +0000 (15:53 +0100)]
ldb: version 2.7.0
* Support python 3.12
* Have python functions operating on DNs raise LdbError
* don't call comparison() directly in LDB_TYPESAFE_QSORT
* Use ldb_ascii_toupper() for case folding to support
tr_TR.UTF-8 and other dotless i locales,
see https://bugzilla.samba.org/show_bug.cgi?id=15248
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Jule Anger <janger@samba.org>
Stefan Metzmacher [Wed, 9 Nov 2022 12:32:04 +0000 (13:32 +0100)]
tevent: version 0.14.0
- Support python 3.12
- remove solaris port backend (it's not maintainable)
- make tevent_find_ops_byname() available for callers.
- allow the "standard" backend to be overloaded
- add interface for request/subrequest call depth tracking:
- tevent_thread_call_depth_activate
- tevent_thread_call_depth_deactivate
- tevent_thread_call_depth_start
- tevent_thread_call_depth_stop
- tevent_thread_call_depth_reset_from_req
Note the changes to ABI/tevent-0.13.0.sigs only
revert the temporary changes made there...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Pavel Filipenský [Thu, 16 Jun 2022 14:23:22 +0000 (16:23 +0200)]
tevent: Call depth tracking
The change to lib/tevent/ABI/tevent-0.13.0.sigs will be reverted
in the commit for the 0.14.0 release...
Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Stefan Metzmacher [Fri, 28 Oct 2022 12:10:15 +0000 (14:10 +0200)]
tevent: expose tevent_find_ops_byname() to callers
This makes it more flexible and allow a caller to overload
a tevent backend. Which will be used by Samba in order to
glue in io_uring support.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Stefan Metzmacher [Sat, 12 Nov 2022 15:27:30 +0000 (15:27 +0000)]
tevent: allow the "standard" backend to be overloaded
We'll export tevent_find_ops_byname() soon and will allow
the context_init() function of backends to find that standard ops
and hand over to standard_ops->context_init().
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Stefan Metzmacher [Wed, 9 Nov 2022 11:26:38 +0000 (12:26 +0100)]
tevent: remove solaris port backend
There's no way to verify changes we would have to do tevent_port.c,
as we don't have access to a solaris build machine.
So better use the poll backend instead. In performance critical code
we typically don't deal with a lot of file descriptors so the impact
should be fairly minimal.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Stefan Metzmacher [Tue, 23 Aug 2022 06:27:37 +0000 (08:27 +0200)]
tevent: remove unused register_backend() from python bindings
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Stefan Metzmacher [Tue, 23 Aug 2022 06:24:33 +0000 (08:24 +0200)]
tevent: remove unused tevent_liboop.c
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Pavel Filipenský [Thu, 16 Jun 2022 17:09:03 +0000 (19:09 +0200)]
tevent: Fix trailing whitespaces in tevent.c
Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Stefan Metzmacher [Tue, 10 Jan 2023 11:57:58 +0000 (12:57 +0100)]
tevent: use samba_tevent_set_debug() in testsuite.c
Note testsuite.c is only used in Samba's smbtorture as
'smbtorture //a/b local.event'
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Stefan Metzmacher [Wed, 9 Nov 2022 13:05:59 +0000 (14:05 +0100)]
lib/util: install a tevent_abort callback using smb_panic()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Stefan Metzmacher [Thu, 27 Oct 2022 20:17:55 +0000 (22:17 +0200)]
s4:lib/events: let s4_event_context_init() use samba_tevent_context_init()
This is no real change, but it makes sure we only have to
change samba_tevent_context_init() in future in order to
distribute the change to all places.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Stefan Metzmacher [Wed, 18 Jan 2023 10:53:02 +0000 (11:53 +0100)]
tdb: version 1.4.8
* Support python 3.12
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Jule Anger <janger@samba.org>
Stefan Metzmacher [Wed, 18 Jan 2023 10:52:33 +0000 (11:52 +0100)]
talloc: version 2.4.0
* Add talloc_asprintf_addbuf()
* Support python 3.12
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Jule Anger <janger@samba.org>
Stefan Metzmacher [Wed, 2 Nov 2022 15:56:31 +0000 (16:56 +0100)]
bootstrap: Update to Ubuntu 22.04 as base default OS
We'll try to move autobuild to ubuntu 22.04 soon.
Note we leave ubuntu 18.04 for the coverage and 32bit builds
for now. As well as 20.04 for samba-fuzz.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Jan 18 14:17:23 UTC 2023 on atb-devel-224
Stefan Metzmacher [Mon, 16 Jan 2023 21:14:03 +0000 (22:14 +0100)]
third_party: Update uid_wrapper to version 1.3.0
This is mainly needed in order to have some interaction
with socket_wrapper 1.4.0 regarding the implementation
of syscall().
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Jan 18 12:47:48 UTC 2023 on sn-devel-184
Stefan Metzmacher [Mon, 16 Jan 2023 21:13:35 +0000 (22:13 +0100)]
third_party: Update socket_wrapper to version 1.4.0
The key feature is support for sendmmsg and recvmmsg,
which is required by modern libuv versions, e.g.
nsupdate -g makes use of libuv, so we need this for samba.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Volker Lendecke [Wed, 18 Jan 2023 07:59:17 +0000 (08:59 +0100)]
ctdb: Fix the build on FreeBSD
"basename" is define in libgen.h included from system/dir.h
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Volker Lendecke [Thu, 5 Jan 2023 15:06:40 +0000 (16:06 +0100)]
smbd: Modernize DBG statements in smbXsrv_open_global_store()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Volker Lendecke [Wed, 4 Jan 2023 19:09:32 +0000 (20:09 +0100)]
smbd: Make smbXsrv_open_global_id_to_key() a bit more type-safe
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Volker Lendecke [Wed, 11 Jan 2023 13:07:42 +0000 (14:07 +0100)]
smbd: Directly initialize key in smbXsrv_open_global_fetch_locked()
Don't leave the key.dptr pointer uninitialized
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Volker Lendecke [Wed, 4 Jan 2023 15:50:01 +0000 (16:50 +0100)]
smbd: Remove unused smbXsrv_open_global_key_to_id()
This isn't exactly rocket science we would need to keep around
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Volker Lendecke [Wed, 4 Jan 2023 13:30:28 +0000 (14:30 +0100)]
smbd: Slightly simplify smbXsrv_open_create()
Move allocation of smbXsrv_open_global0 out of
smbXsrv_open_global_allocate()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Volker Lendecke [Wed, 11 Jan 2023 13:01:29 +0000 (14:01 +0100)]
smbd: Remove smbXsrv_open_global_destructor()
This did not do much.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Volker Lendecke [Wed, 4 Jan 2023 13:05:55 +0000 (14:05 +0100)]
smbd: Slightly simplify smb2srv_open_recreate()
This moves the bit-fiddling right next to the check we do,
"global_zeros" was only used for this one purpose and its assignment
was a few lines away.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Björn Baumbach [Tue, 17 Jan 2023 11:28:36 +0000 (12:28 +0100)]
lib/tsocket: fix a typo in the tsocket guide doc
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Björn Baumbach <bb@sernet.de>
Autobuild-Date(master): Tue Jan 17 18:23:18 UTC 2023 on sn-devel-184
Björn Baumbach [Tue, 17 Jan 2023 11:29:28 +0000 (12:29 +0100)]
s3/libsmb: fix a typo in parameter description
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Ralph Boehme <slow@samba.org>
Björn Baumbach [Tue, 17 Jan 2023 11:27:01 +0000 (12:27 +0100)]
samba-tool domain: fix a typo in samba-tool passwordsettings option description
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Ralph Boehme <slow@samba.org>
Björn Baumbach [Tue, 17 Jan 2023 11:26:10 +0000 (12:26 +0100)]
auth/creds: fix a typo in a comment
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Thu, 12 Jan 2023 19:20:08 +0000 (11:20 -0800)]
s3: smbd: Tweak openat_pathref_dirfsp_nosymlink() to NULL out fsp->fsp_name after calling fd_close() on intermediate directories, rather than before.
vfs_virusfilter expects a non-NULL fsp->fsp_name to use for printing debugs
(it always indirects fsp->fsp_name). vfs_fruit also does the same, so would
also crash in fruit_close() with 'debug level = 10' and vfs_default:VFS_OPEN_HOW_RESOLVE_NO_SYMLINKS = no
set (we don't test with that which is why we haven't noticed
this before).
Remove knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15283
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Jan 13 08:33:47 UTC 2023 on sn-devel-184
Jeremy Allison [Thu, 12 Jan 2023 18:22:09 +0000 (10:22 -0800)]
selftest: Show vfs_virusscanner crashes when traversing a 2-level directory tree.
Modify check_infected_read() test to use a 2-level deep
directory.
We must have vfs_default:VFS_OPEN_HOW_RESOLVE_NO_SYMLINKS = no
set on the virusscanner share as otherwise the openat flag
shortcut defeats the test.
Add knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15283
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Ralph Boehme [Thu, 24 Nov 2022 15:59:49 +0000 (16:59 +0100)]
CI: add a test for @GMT mask in SMB1 find
Without FLAGS2_REPARSE_PATH a path containing an @GMT token can be used to
create a file including the @GMT token in the name and a directory list will
also return the file as result. Verified against Windows. Samba behaves exactly
the same.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Jan 13 01:13:01 UTC 2023 on sn-devel-184
Volker Lendecke [Thu, 12 Jan 2023 11:00:26 +0000 (12:00 +0100)]
lib: Fix a use-after-free in "net vfs getntacl"
Don't hang "sd" off "fsp", which is free'ed before printing
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Jan 12 16:41:07 UTC 2023 on sn-devel-184
Volker Lendecke [Thu, 12 Jan 2023 10:55:04 +0000 (11:55 +0100)]
lib: Fix out-of-bounds access in print_ace_flags()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Thu, 12 Jan 2023 10:51:50 +0000 (11:51 +0100)]
lib: Use talloc_asprintf_addbuf() in print_ace_flags()
Simplifies code.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Thu, 12 Jan 2023 11:11:49 +0000 (12:11 +0100)]
build: Don't compile source3/lib/util_sd.c four times
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jones Syue [Thu, 12 Jan 2023 07:47:20 +0000 (15:47 +0800)]
s3:utils:mdsearch go to cmdline_messaging_context_free
mdsearch utility would exit earlier with failure in several cases like:
a. samba server is not running yet,
[~] # mdsearch -Uuser%password1 ${server} Public '*=="Samba"'
main: Cannot connect to server: NT_STATUS_CONNECTION_REFUSED
b. spotlight backend service is not ready yet,
[~] # mdsearch -Uuser%password1 ${server} Public '*=="Samba"'
Failed to connect mdssvc
c. mdsearch utility paramters is not as expecred,
[~] # mdsearch -Uuser%password1 ${server} share_not_exist '*=="Samba"'
mdscli_search failed
And in the mean while once mdsearch utility exit earlier with failure,
the lock files are left behind in the directory 'msg.sock' and 'msg.lock'.
If a script to run mdsearch utility in a loop,
this might result in used space slowly growing-up on underlying filesystem.
Supposed to add a new label 'fail_free_messaging',
make it go through the cmdline_messaging_context_free() which deletes the
lock files in the directory msg.sock and msg.lock before mdsearch utility
is exiting with failure.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15284
Signed-off-by: Jones Syue <jonessyue@qnap.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Jan 12 11:40:19 UTC 2023 on sn-devel-184
Jones Syue [Wed, 11 Jan 2023 08:59:42 +0000 (16:59 +0800)]
s3:smbstatus: go to cmdline_messaging_context_free
If the locking.tdb is not found,
(for example, fresh new installed samba server is not running yet)
smbstatus utility would exit earlier,
and lock files are left behind in the directory 'msg.sock' and 'msg.lock'.
Consider that a script to run smbstatus utility in a loop,
this might result in used space slowly growing-up on the underlying filesystem.
Since the samba server is not running yet,
there is no cleanupd daemon could delete these files to reclaim space.
Supposed to use 'ret = 0; goto done;' instead of exit(0),
this would go through the cmdline_messaging_context_free() which deletes
the lock files in the directory msg.sock and msg.lock before smbstatus
utility is exiting.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15282
Signed-off-by: Jones Syue <jonessyue@qnap.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Jan 11 17:08:10 UTC 2023 on sn-devel-184
Jeremy Allison [Tue, 10 Jan 2023 01:33:14 +0000 (17:33 -0800)]
s3: smbd: Move check_fsp_open() and check_fsp() to smb1_reply.c
As these functions can implicitly call reply_nterror(..., NT_STATUS_INVALID_HANDLE)
they should never be available to SMB2 code paths.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Jan 11 08:17:04 UTC 2023 on sn-devel-184
Jeremy Allison [Tue, 10 Jan 2023 01:22:12 +0000 (17:22 -0800)]
s3: smbd: Ensure check_fsp_ntquota_handle() doesn't send SMB1 error packets.
check_fsp_ntquota_handle() is called from SMB2 codepaths as
well as from SMB1. Even in the SMB1 cases the callers of
check_fsp_ntquota_handle() handle sendng the error packet when
check_fsp_ntquota_handle returns false so on a 'return false'
we'd end up sending an error packet twice.
The SMB2 callers of check_fsp_ntquota_handle()
already check that fsp is valid, so there's
no danger of us sending an SMB1 error packet
over the SMB2 stream (so I'm not classing
this as a bug to be back-ported).
Fix check_fsp_ntquota_handle() by inlineing
the check_fsp_open() functionality without
the reply_nterror() calls.
This will allow the next commit to move check_fsp_open()
with the implicit reply_nterror() and also check_fsp()
(which calls check_fsp_open()) into the SMB1 smb1_reply.c
file as SMB1-only code.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Jeremy Allison [Tue, 10 Jan 2023 01:28:06 +0000 (17:28 -0800)]
s3: smbd: SMB1 check_fsp_open() implicitly calls reply_nterror(.., NT_STATUS_INVALID_HANDLE) on error so don't duplicate in reply_close().
We'd end up sending 2 SMB1 error packets in this case.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Joseph Sutton [Mon, 19 Dec 2022 20:19:47 +0000 (09:19 +1300)]
tests/krb5: Use Python bindings for LZ77+Huffman compression
We can now remove our existing decompression implementation in Python.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jan 10 21:18:01 UTC 2023 on sn-devel-184
Joseph Sutton [Mon, 9 Jan 2023 02:00:14 +0000 (15:00 +1300)]
lib/compression: Fix length check
Put the division on the correct side of the inequality.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
Joseph Sutton [Tue, 10 Jan 2023 00:06:31 +0000 (13:06 +1300)]
s4:rpc_server/dnsserver: Zero-initialise pointers
Ensuring pointers are always initialised simplifies the code and avoids
compilation errors with FORTIFY_SOURCE=2.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
Joseph Sutton [Tue, 10 Jan 2023 00:06:25 +0000 (13:06 +1300)]
lib/tfork: Don't overwrite 'ret' in cleanup phase
The cleanup phase of tfork_create() saves errno prior to calling
functions that might modify it, with the intention of restoring it
afterwards. However, the value of 'ret' is accidentally overwritten. It
will always be equal to 0, and hence errno will not be restored.
Fix this by introducing a new variable, ret2, for calling functions in
the cleanup phase.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
Joseph Sutton [Tue, 10 Jan 2023 00:06:16 +0000 (13:06 +1300)]
lib/talloc: Zero-initialise chunk pointers
Ensuring pointers are always initialised avoids compilation errors with
FORTIFY_SOURCE=2.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 4 Jan 2023 11:18:44 +0000 (12:18 +0100)]
smbd: Use an idtree for local IDs
Volatile file handle IDs are purely per-process, in fact we used a
dbwrap_rbt for this. To get a unique ID we however have the
specialized idtree data structure, we don't need to repeat the
allocation algorithm that already exists there.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jan 10 01:23:38 UTC 2023 on sn-devel-184
Volker Lendecke [Thu, 5 Jan 2023 09:04:23 +0000 (10:04 +0100)]
lib: Remove idtree from samba_util.h
No need to recompile the world when only a few files need this.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 4 Jan 2023 11:34:43 +0000 (12:34 +0100)]
smbd: Simplify smbXsrv_open_set_replay_cache() with dbwrap_store_bystring()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 4 Jan 2023 11:31:26 +0000 (12:31 +0100)]
smbd: Simplify smbXsrv_open_set_replay_cache() with a struct assignment
Use a direct struct assignment instead of a function call
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 4 Jan 2023 10:43:59 +0000 (11:43 +0100)]
lib: Add "starting_id" to idr_get_new_random()
To be used in smbXsrv_open.c, for this we need a lower bound.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 4 Jan 2023 10:29:51 +0000 (11:29 +0100)]
smbd: Remove smbXsrv_open->db_rec
This was only referenced in smbXsrv_open_close, but it was never
assigned anything but NULL.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 4 Jan 2023 09:13:31 +0000 (10:13 +0100)]
smbd: Remove a "can't happen" NULL check
This should really not happen, crashing would be the right response.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 4 Jan 2023 09:12:22 +0000 (10:12 +0100)]
smbd: Use talloc_tos() for pushing smbXsrv_open_globalB
Use the toplevel talloc pool
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 4 Jan 2023 08:52:50 +0000 (09:52 +0100)]
lib: Use tdb_data_dbg() where appropriate
This changes the talloc hierarchy for a few callers, but as
talloc_tos() was initially designed exactly for this purpose (printing
SIDs in DEBUG), it should be okay.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 4 Jan 2023 08:40:06 +0000 (09:40 +0100)]
lib: Add tdb_data_dbg()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 4 Jan 2023 07:50:28 +0000 (08:50 +0100)]
smbd: Avoid explicit ZERO_STRUCT()
Saves a few bytes of .text
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 4 Jan 2023 05:22:55 +0000 (06:22 +0100)]
smbd: Move bytes from r/w data to r/o text section
Even const arrays of const strings need to be relocated at startup time.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 3 Jan 2023 18:32:41 +0000 (19:32 +0100)]
lib: Move 16 bytes to readonly .text segment
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 3 Jan 2023 18:27:50 +0000 (19:27 +0100)]
lib: Remove unused smb_mkstemp prototype
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 3 Jan 2023 18:14:24 +0000 (19:14 +0100)]
lib: Move tab_depth() to reg_parse_prs.c
Wow, I did not know we still use prs_struct...
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 3 Jan 2023 17:45:14 +0000 (18:45 +0100)]
lib: Make map_share_mode_to_deny_mode() static to smbstatus
At some point in the future this might disappear, we should really not
show DOS share modes in smbstatus. Maybe this can't be changed though.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 3 Jan 2023 17:41:04 +0000 (18:41 +0100)]
smbd: Make get_safe_[[SI]VAL|ptr] static to smb1_lanman.c
SMB1-specific, only used there.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Samuel Cabrero [Thu, 22 Dec 2022 15:32:40 +0000 (16:32 +0100)]
CVE-2022-38023 s3:rpc_server/netlogon: Avoid unnecessary loadparm_context allocations
After s3 and s4 rpc servers merge the loadparm_context is available in
the dcesrv_context structure.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Jan 9 15:17:14 UTC 2023 on sn-devel-184
Samuel Cabrero [Mon, 9 Jan 2023 11:17:48 +0000 (12:17 +0100)]
CVE-2022-38023 docs-xml/smbdotconf: The "server schannel require seal[:COMPUTERACCOUNT]" options are also honoured by s3 netlogon server.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Samuel Cabrero [Thu, 22 Dec 2022 10:05:33 +0000 (11:05 +0100)]
CVE-2022-38023 s3:rpc_server/netlogon: Check for global "server schannel require seal"
By default we'll now require schannel connections with privacy/sealing/encryption.
But we allow exceptions for specific computer/trust accounts.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Samuel Cabrero [Thu, 22 Dec 2022 08:29:04 +0000 (09:29 +0100)]
CVE-2022-38023 s3:rpc_server/netlogon: make sure all _netr_LogonSamLogon*() calls go through dcesrv_netr_check_schannel()
Some checks are also required for _netr_LogonSamLogonEx().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Samuel Cabrero [Thu, 22 Dec 2022 15:30:26 +0000 (16:30 +0100)]
CVE-2022-38023 s3:rpc_server/netlogon: Use dcesrv_netr_creds_server_step_check()
After s3 and s4 rpc servers merge we can avoid duplicated code.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
git.samba.org / samba.git / log