This was removed accidentally remvoed by a7c65958a15149918415b7456d6f20ee8c9669d2 because the original code
only installed the json file if the mdssvc was built as module:
if bld.SAMBA3_IS_ENABLED_MODULE('rpc_mdssvc_module'):
bld.INSTALL_FILES(bld.env.SAMBA_DATADIR,
'mdssvc/elasticsearch_mappings.json')
Installing the json file should just depend on Elasticsearch support
being enabled, regardless of the removed module support.
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Noel Power <npower@samba.org>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Fri Jan 28 10:22:31 UTC 2022 on sn-devel-184
samba-bgqd daemon is started by existing Samba daemons. When running
under systemd, those daemons control systemd notifications and
samba-bgqd messages need to be silenced.
Signed-off-by: FeRD (Frank Dana) <ferdnyc@gmail.com> Reviewed-by: Alexander Bokovoy <ab@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Alexander Bokovoy <ab@samba.org>
Autobuild-Date(master): Thu Jan 27 10:53:50 UTC 2022 on sn-devel-184
Make 'unix extensions' a synonym for "smb1 unix extensions".
This will allow us to have a separate "smb2 unix extensions"
parameter that we can examine separately.
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: David Mulder <dmulder@suse.com>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jan 25 21:43:59 UTC 2022 on sn-devel-184
Jeremy Allison [Thu, 20 Jan 2022 18:58:45 +0000 (10:58 -0800)]
s3: smbd: Cleanup - Split out smbd_marshall_security_desc() from smbd_do_query_security_desc().
This is part two of a cleanup to split this up into a fetch()/marshal()
pair. Allows easy modification of the sd before returning if we need
to add the SMB2+unix mode information here on a SMB2 posix handle.
Also makes the code much clearer.
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: David Mulder <dmulder@suse.com>
Jeremy Allison [Thu, 20 Jan 2022 18:05:51 +0000 (10:05 -0800)]
s3: smbd: Cleanup - Split out smbd_fetch_security_desc() from smbd_do_query_security_desc().
This is part one of a cleanup to split this up into a fetch()/marshal()
pair. Allows easy modification of the sd before returning if we need
to add the SMB2+unix mode information here on a SMB2 posix handle.
Also makes the code much clearer.
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: David Mulder <dmulder@suse.com>
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Jan 24 16:18:34 UTC 2022 on sn-devel-184
It also fixes some corner cases regarding whitespaces in the
output, that's why we have to mark a few tests as knownfail,
they will be fixed in the next commit.
dcesrv_core: wrap gensec_*() calls in [un]become_root() calls
This is important for the source3/rpc_server code as it might
be called embedded in smbd and may not run as root with access
to our private tdb/ldb files.
Note this is only really needed for 4.15 and older, as
we no longer run the rpc_server embedded in smbd,
but we better be consistent for now.
This should be able to fix the problem the printing no longer works
on Windows 7 with 2021-10 monthly rollup patch (KB5006743).
Windows uses NTLMSSP with privacy at the DCERPC layer on top
of NCACN_NP (smb).
Björn Jacke [Sun, 23 Jan 2022 11:35:22 +0000 (12:35 +0100)]
s4:librpc: raise log level for failed connection attempts
this keeps the log files silent when other DCs are currently not running. We
saw frequent NT_STATUS_HOST_UNREACHABLE messages at log level 0 for now.
https://bugzilla.samba.org/show_bug.cgi?id=11537
Signed-off-by: Bjoern Jacke <bjacke@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Sun Jan 23 12:51:44 UTC 2022 on sn-devel-184
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Signed-off-by: Pavel Filipenský <pfilipen@redhat.com> Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Sat Jan 22 00:27:52 UTC 2022 on sn-devel-184
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Signed-off-by: Pavel Filipenský <pfilipen@redhat.com> Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Pavel Filipenský <pfilipen@redhat.com> Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Pavel Filipenský <pfilipen@redhat.com> Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Pavel Filipenský <pfilipen@redhat.com> Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Signed-off-by: Pavel Filipenský <pfilipen@redhat.com> Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Signed-off-by: Pavel Filipenský <pfilipen@redhat.com> Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Signed-off-by: Pavel Filipenský <pfilipen@redhat.com> Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Pavel Filipenský <pfilipen@redhat.com> Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Signed-off-by: Pavel Filipenský <pfilipen@redhat.com> Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
wafsamba: Add our own implmentation to generate the clangdb
Pair-Programmed-With: Andreas Schneider <asn@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
This generates an incomplete database where defines and includes are missing.
Pair-Programmed-With: Andreas Schneider <asn@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
Volker Lendecke [Mon, 17 Jan 2022 09:49:13 +0000 (10:49 +0100)]
build: Without getrandom() require gnutls 3.7.2
gnutls before 3.7.2 and without getrandom() will open /dev/urandom at library
initialization time before main() is run. We use closefrom(3) in samba-bgqd and
samba-dcerpd, which closes /dev/urandom, which then breaks gnutls. On system
with getrandom(), no file descriptor is opened and gnutls 3.7.2+ will open and
close /dev/urandom whenever it needs to access it.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Jan 21 21:42:08 UTC 2022 on sn-devel-184
Volker Lendecke [Thu, 20 Jan 2022 11:23:43 +0000 (12:23 +0100)]
libcli/dns: Fix TCP fallback
A customer has come across a DNS server that really just cuts a SRV
reply if it's too long. This makes the packet invalid according to
ndr_pull and according to wireshark. DNS_FLAG_TRUNCATION is however
set. As this seems to be legal according to the DNS RFCs, we need to
hand-parse the first two uint16's and look whether DNS_FLAG_TRUNCATION
is set.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jan 20 18:01:41 UTC 2022 on sn-devel-184
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Jan 20 14:19:02 UTC 2022 on sn-devel-184
s4:dsdb/vlv_pagination: fix segfault in vlv_results()
It can happen that the vlv_results() failes, e.g. due to
LDB_ERR_TIME_LIMIT_EXCEEDED, if that happens we should not
dereference ares->response, if ares is NULL.
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Jan 20 10:04:39 UTC 2022 on sn-devel-184
s4:dsdb/paged_results: fix segfault in paged_results()
It can happen that the paged_results() failes, e.g. due to
LDB_ERR_TIME_LIMIT_EXCEEDED, if that happens we should not
dereference ares->response, if ares is NULL.
We also should not call ldb_module_done() if paged_results()
fails, as it was already called.
HEIMDAL: move code from source4/heimdal* to third_party/heimdal*
This makes it clearer that we always want to do heimdal changes
via the lorikeet-heimdal repository.
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Autobuild-User(master): Joseph Sutton <jsutton@samba.org>
Autobuild-Date(master): Wed Jan 19 21:41:59 UTC 2022 on sn-devel-184
Joseph Sutton [Sun, 5 Dec 2021 22:10:01 +0000 (11:10 +1300)]
s4:torture: Adapt LSA tests to newer Heimdal version
The Heimdal upgrade results in some changes that affect these tests. The
cname is now non-NULL in certain circumstances, the IO counts are
different due to a change between the ordering of capaths and referrals,
some requests no longer fail, and referral tickets are not cached
anymore, and so cannot be checked.
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Isaac Boukris [Thu, 8 Nov 2018 22:20:06 +0000 (00:20 +0200)]
s4:torture: return ETYPE_INFO2 on PREAUTH_FAILED
This is an alternative to 978bc8681e74ffa17f96fd5d4355094c4a26691c
which got overriten by the upgrade merge.
One difference however, is that we don't return ENC_TIMESTAMP like
in PREAUTH_REQUIRED but only ETYPE_INFO2 same as Windows.
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
Signed-off-by: Isaac Boukris <iboukris@gmail.com> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Wed, 8 Dec 2021 01:56:39 +0000 (14:56 +1300)]
selftest: knownfail updates after Heimdal Upgrade
The Heimdal upgrade brings the new feature of FAST, allowing more tests to pass.
However it causes a regression in FL2003 for the returned salt format in
the AS-REP, but FL 2003 has not been the default since Samba 4.2 as AES
keys are much stronger and should be preferred.
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Tue, 14 Dec 2021 23:30:28 +0000 (12:30 +1300)]
s4:kdc: Set require_pac and no-ENC_TS in FAST for new Heimdal import
This allows us to continue to avoid CVE-2020-25719 in particular
and pass our tests for expected FAST behaviour as the patches
we requested by upstream to be conditional, not hard-coded.
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Thu, 17 Jun 2021 09:27:06 +0000 (21:27 +1200)]
s4:kdc/heimdal: Always include the salt in the PA-ETYPE-INFO[2]
This matches Windows and is detected by our samba.tests.krb5.as_canonicalization_tests
test as this always expects the salt, which Windows always provides.
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Rename and fix as/tgs-use-strongest-key config parameters
Different ticket session key enctype selection options should
distinguish between target principal type (krbtgt vs. not), not
between KDC request types.
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
[abartlet@samba.org Researched and updated the commit message] Reviewed-by: Stefan Metzmacher <metze@samba.org>
s4:kerberos: adapt the heimdal send_to_kdc hooks to the send_to_kdc/realm plugin interface
With the recent heimdal upgrade we better try to use the send_to_realm()
hooks as it allows us to handle the KDC lookup as well as only getting
each logical request just once in the testing code, which makes it
let dependend on the heimdal internal kdc lookup logic.
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
tests/auth_log: adjust expected authDescription for test_smb_bad_user
With NO_SUCH_USER we don't know if any pre-authentication was requested,
so with the new Heimdal code we now used use "AS-REQ" instead of
assuming ENC-TS Pre-authentication.
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Andrew Bartlett [Wed, 23 Jun 2021 00:08:34 +0000 (12:08 +1200)]
s4:kdc: Adapt wamba_wdc_check_client_access() to modern Heimdal
Modern Heimdal falls back to kdc_check_flags() internally
when KRB5_PLUGIN_NO_HANDLE is returned, avoiding the need
to call back into the internal KDC APIs.
Selected from patch by by Stefan Metzmacher <metze@samba.org>
from his Heimdal upgrade branch.
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
See
https://git.samba.org/?p=lorikeet-heimdal.git;a=shortlog;h=refs/heads/lorikeet-heimdal-202201172009
or
https://gitlab.com/samba-team/devel/lorikeet-heimdal/-/tree/lorikeet-heimdal-202201172009
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
Pair-Programmed-With: Joseph Sutton <josephsutton@catalyst.net.nz>
Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
The Coverity Scan tools are not updated very often and miss support for the
latest gcc build. Lets use Fedora 34 for that and stay behind a bit.
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Jan 19 10:49:18 UTC 2022 on sn-devel-184
Volker Lendecke [Sun, 16 Jan 2022 20:50:25 +0000 (21:50 +0100)]
smbd: Remove a duplicate protoype
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jan 18 21:17:43 UTC 2022 on sn-devel-184
s4:kdc: improve DEBUG messages in samba_wdc_reget_pac2()
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Autobuild-User(master): Joseph Sutton <jsutton@samba.org>
Autobuild-Date(master): Mon Jan 17 20:55:41 UTC 2022 on sn-devel-184
projects / thirdparty / samba.git / log
