Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Isaac Boukris <iboukris@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Isaac Boukris <iboukris@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Isaac Boukris <iboukris@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Isaac Boukris <iboukris@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Isaac Boukris <iboukris@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Isaac Boukris <iboukris@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Isaac Boukris <iboukris@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Fri, 10 Sep 2021 02:02:22 +0000 (14:02 +1200)]
python/join: Check for correct msDS-KrbTgtLink attribute
Previously, the wrong case was used when checking for this attribute,
which meant krbtgt accounts were not being cleaned up.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Noel Power <npower@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 1 Sep 2021 03:42:28 +0000 (15:42 +1200)]
python: Don't leak file handles
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Noel Power <npower@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This patch fixes the comment by completing the orignal change to
correctly reflect current behavior.
Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Sep 21 20:28:49 UTC 2021 on sn-devel-184
With the removal of the call to flock LOCK_MAND, the only remaining use
of this VFS path is to register sharemodes with specific file systems.
Rename the VFS call to reflect that this is no longer related to flock.
Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
The external services running in separate processes have to use its own
dedicated ncalrpc endpoint, otherwise will race with main smbd serving the
embedded services to accept connections on ncalrpc default socket. If the
connection ends in an external process and the client tries to bind to an
interface not registered there (like winreg for example) the bind will fail.
Signed-off-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Sep 21 11:00:01 UTC 2021 on sn-devel-184
Samuel Cabrero [Thu, 16 Sep 2021 12:08:28 +0000 (14:08 +0200)]
s3: rpc_server: Avoid creating new handles when received an empty policy_handle
After merging s3 and s4 RPC handles implementations in commit 70fa7e817e48c9faa3c6c7ae3749e4a8ebf3e6c2 a new empty handle is allocated
when find_policy_by_hnd() or close_policy_hnd() is called with an empty
policy_handle (see dcesrv_handle_lookup() implementation).
This new behavior was causing a crash when running samba3.rpc.mdssvc test
with log level >= 10, because a debug message in _mdssvc_close() was
dereferencing the handle's associated data when called from
test_mdssvc_close() with an empty policy_handle.
Signed-off-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Sep 20 14:31:33 UTC 2021 on sn-devel-184
The only writer to this variable left with c377845d27d4dcd7. The
closest match for override_logfile is is_default_dyn_LOGFILEBASE()
with the opposite logic.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Sep 18 00:53:28 UTC 2021 on sn-devel-184
[1567/3959] Compiling lib/tsocket/tsocket_bsd.c
../../lib/tsocket/tsocket_bsd.c:415:8: error: use of undeclared identifier 'EAI_ADDRFAMILY'
case EAI_ADDRFAMILY:
^
On FreeBSD EAI_ADDRFAMILY is obsoleted. Here's the relevant excerpt
from netdb.h on FreeBSD 13.
-----------------------------------------------------------------
/*
* Error return codes from gai_strerror(3), see RFC 3493.
*/
#if 0
/* Obsoleted on RFC 2553bis-02 */
#define EAI_ADDRFAMILY 1 /* address family for hostname not supported */
#endif
-----------------------------------------------------------------
Signed-off-by: Amitay Isaacs <amitay@gmail.com> Reviewed-by: Uri Simchoni <uri@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Sep 16 19:42:19 UTC 2021 on sn-devel-184
Andrew Bartlett [Mon, 30 Aug 2021 06:17:47 +0000 (18:17 +1200)]
selftest: Update user_account_control tests to pass against Windows 2019
This gets us closer to passing against Windows 2019, without
making major changes to what was tested. More tests are needed,
but it is important to get what was being tested tested again.
Account types (eg UF_NORMAL_ACCOUNT, UF_WORKSTATION_TRUST_ACCOUNT)
are now required on all objects, this can't be omitted any more.
Also for UF_NORMAL_ACCOUNT for these accounts without a password
set |UF_PASSWD_NOTREQD must be included.
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Sep 15 08:49:11 UTC 2021 on sn-devel-184
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Joseph Sutton [Sun, 12 Sep 2021 23:15:17 +0000 (11:15 +1200)]
pyldb: Avoid use-after-free in msg_diff()
Make a deep copy of the message elements in msg_diff() so that if either
of the input messages are deallocated early, the result does not refer
to non-existing elements.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Joseph Sutton [Thu, 2 Sep 2021 21:55:10 +0000 (09:55 +1200)]
tests/krb5: Get encpart decryption key from kdc_exchange_dict
Instead of using check_padata_fn to get the encpart decryption key, we
can get the key from the AS-REQ preauth phase or from the TGT, depending
on whether the message is an AS-REQ or a TGS-REQ. This allows removal of
check_padata_fn and some duplicated code.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
vfs_default: Return ENOTSUP for sharemodes flock call
Remove the call to kernel_flock, as this function will be deleted.
Have the function return ENOTSUP to indicate that this is not supported
by default (without a file-system specific VFS module).
Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
We don't do a special build for the oss-fuzz, this restores the
behaviour before e10910f8de542b0be9b89942791bd37288b7a32a and d048d7e17d756099e208fa4d6b931a147b0b1489 where oss-fuzz was only
tested as part of the main build. (In the case of a failure the
pipeline would fail, preventing a merge, just the same as for
any other failing test).
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org>
Autobuild-User(master): Uri Simchoni <uri@samba.org>
Autobuild-Date(master): Tue Sep 14 04:44:44 UTC 2021 on sn-devel-184
Joseph Sutton [Thu, 2 Sep 2021 21:18:32 +0000 (09:18 +1200)]
tests/krb5: Create testing accounts in appropriate containers
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Isaac Boukris <iboukris@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Sep 14 00:01:44 UTC 2021 on sn-devel-184
Joseph Sutton [Wed, 1 Sep 2021 07:47:27 +0000 (19:47 +1200)]
tests/krb5: Check for presence of 'key-expiration' element
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Isaac Boukris <iboukris@samba.org>
Joseph Sutton [Wed, 1 Sep 2021 07:45:57 +0000 (19:45 +1200)]
tests/krb5: Check 'caddr' element
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Isaac Boukris <iboukris@samba.org>
Joseph Sutton [Wed, 1 Sep 2021 07:43:41 +0000 (19:43 +1200)]
tests/krb5: Check for presence of 'renew-till' element
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Isaac Boukris <iboukris@samba.org>
Joseph Sutton [Wed, 1 Sep 2021 07:34:20 +0000 (19:34 +1200)]
tests/krb5: Allow Kerberos requests to be sent to DC or RODC
If run inside the 'rodc' testing environment, 'DC_SERVER' and 'SERVER'
refer to the hostnames of the DC and RODC respectively, and this commit
allows either one of them to be used as the KDC for Kerberos exchanges.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Isaac Boukris <iboukris@samba.org>
Joseph Sutton [Wed, 1 Sep 2021 07:15:17 +0000 (19:15 +1200)]
tests/krb5: Make time assertion less strict
This assertion could fail if there was a time difference between the KDC
and the client.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Isaac Boukris <iboukris@samba.org>
Joseph Sutton [Wed, 1 Sep 2021 07:13:11 +0000 (19:13 +1200)]
tests/krb5: Allow specifying ticket flags expected to be set or reset
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Isaac Boukris <iboukris@samba.org>
Joseph Sutton [Wed, 1 Sep 2021 05:46:02 +0000 (17:46 +1200)]
tests/krb5: Remove magic constants
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Isaac Boukris <iboukris@samba.org>
Joseph Sutton [Thu, 2 Sep 2021 02:38:33 +0000 (14:38 +1200)]
tests/krb5: Don't create PAC request or options manually in fast_tests
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Isaac Boukris <iboukris@samba.org>
Joseph Sutton [Thu, 2 Sep 2021 02:37:27 +0000 (14:37 +1200)]
tests/krb5: Don't create PAC request manually in as_req_tests
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Isaac Boukris <iboukris@samba.org>
Joseph Sutton [Thu, 2 Sep 2021 02:36:42 +0000 (14:36 +1200)]
tests/krb5: add options to kdc_exchange_dict to specify including PAC-REQUEST or PAC-OPTIONS
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Isaac Boukris <iboukris@samba.org>
Joseph Sutton [Thu, 2 Sep 2021 02:27:00 +0000 (14:27 +1200)]
tests/krb5: Move padata generation methods to base class
This allows them to be used directly from RawKerberosTest.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Isaac Boukris <iboukris@samba.org>
Joseph Sutton [Wed, 1 Sep 2021 04:35:58 +0000 (16:35 +1200)]
tests/krb5: Keep track of account DN in credentials object
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Isaac Boukris <iboukris@samba.org>
Joseph Sutton [Wed, 1 Sep 2021 04:34:46 +0000 (16:34 +1200)]
tests/krb5: Allow specifying additional User Account Control flags for account
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Isaac Boukris <iboukris@samba.org>
Joseph Sutton [Wed, 1 Sep 2021 04:34:02 +0000 (16:34 +1200)]
tests/krb5: Allow specifying an OU to create accounts in
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Isaac Boukris <iboukris@samba.org>
Joseph Sutton [Wed, 1 Sep 2021 04:31:56 +0000 (16:31 +1200)]
tests/krb5: Replace expected_cname_private with expected_anon parameter
This is used in the case where the KDC returns 'WELLKNOWN/ANONYMOUS' as
the cname, and makes the reply checking logic easier to follow. This
also removes the need to fetch the client credentials in the test
methods.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Isaac Boukris <iboukris@samba.org>
Joseph Sutton [Wed, 1 Sep 2021 04:21:55 +0000 (16:21 +1200)]
tests/krb5: Use more compact dict lookup
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Isaac Boukris <iboukris@samba.org>
Joseph Sutton [Wed, 1 Sep 2021 04:05:39 +0000 (16:05 +1200)]
tests/krb5: Add KDCOptions flag for constrained delegation
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Isaac Boukris <iboukris@samba.org>
Joseph Sutton [Wed, 1 Sep 2021 03:57:26 +0000 (15:57 +1200)]
tests/krb5: Use signed integers to represent key version numbers in ASN.1
As specified in 'MS-KILE 3.1.5.8: Key Version Numbers', Windows uses
signed 32-bit integers to represent key version numbers. This makes a
difference for an RODC with a msDS-SecondaryKrbTgtNumber greater than
32767, where the kvno should be encoded in four bytes rather than five.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Isaac Boukris <iboukris@samba.org>
Joseph Sutton [Wed, 1 Sep 2021 03:50:26 +0000 (15:50 +1200)]
tests/krb5: Add methods to obtain the length of checksum types
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Isaac Boukris <iboukris@samba.org>
Joseph Sutton [Wed, 1 Sep 2021 03:46:42 +0000 (15:46 +1200)]
tests/krb5: Calculate expected salt if not given explicitly
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Isaac Boukris <iboukris@samba.org>
Joseph Sutton [Wed, 1 Sep 2021 03:40:59 +0000 (15:40 +1200)]
security.idl: Add well-known SIDs for FAST
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Isaac Boukris <iboukris@samba.org>
Joseph Sutton [Wed, 1 Sep 2021 03:39:19 +0000 (15:39 +1200)]
krb5pac.idl: Add ticket checksum PAC buffer type
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Isaac Boukris <iboukris@samba.org>
Uri Simchoni [Sun, 12 Sep 2021 19:23:53 +0000 (22:23 +0300)]
tsocket: set errno on some failures of tsocket_address_inet_from_strings
Fix setting errno on all failure modes of
tsocket_address_inet_from_strings.
Signed-off-by: Uri Simchoni <uri@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Sep 13 22:27:59 UTC 2021 on sn-devel-184
That script had a bug and did not remove this filename if
the particular version of lex generated it, and so it
likely was added to git as a result.
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org>
Autobuild-User(master): Uri Simchoni <uri@samba.org>
Autobuild-Date(master): Mon Sep 13 05:41:30 UTC 2021 on sn-devel-184
projects / thirdparty / samba.git / log
