David Mulder [Thu, 12 May 2022 19:24:07 +0000 (13:24 -0600)]
gpo: Cert Auto Enroll use ldap trust cert if NDES disabled
If the CA does not have the Network Device
Enrollment Service enabled, we can still use the
certificate from the ldap request (unless this is
a complex request and ldap config isn't present).
Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri May 13 15:38:53 UTC 2022 on sn-devel-184
David Mulder [Wed, 4 May 2022 21:01:22 +0000 (15:01 -0600)]
gpo: Remove sscep depends from Cert Auto Enroll
Certificate Auto Enrollment currently depends on
sscep to retrieve the root certificate chain.
This isn't necessary, since this can be
accomplished with a simple GET.
Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Andreas Schneider <asn@samba.org>
David Mulder [Fri, 6 May 2022 15:46:44 +0000 (09:46 -0600)]
gpo: Halt Cert Auto Enroll process if data corrupted
If the CA URL cannot be processed, then halt
processing. Otherwise we'll end up in a broken
state later when trying to read from the end
points with missing data.
Signed-off-by: David Mulder <dmulder@suse.com> Revewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu May 12 18:45:41 UTC 2022 on sn-devel-184
David Mulder [Fri, 6 May 2022 15:41:19 +0000 (09:41 -0600)]
gpo: Supress error caused by ldap Cert Auto Enroll config
When the CA url specified on the SYSVOL is 'LDAP:'
this means that configuration should be fetched
from LDAP. This corrects an error message that
was being reported when the URL appeared improper
but really is not. This does not change the
code behavior (it was still working), but
removes the invalid error.
Signed-off-by: David Mulder <dmulder@suse.com> Revewed-by: Andreas Schneider <asn@samba.org>
Andrew Bartlett [Wed, 11 May 2022 22:54:22 +0000 (10:54 +1200)]
s4-samr: Fix missing check for GnuTLS errors from E_old_pw_hash()
Not likely to be an issue in the real world as the earlier calls
will have failed if weak crypto was disabled, but this was missed
in dce944e8a1119034f184336f6b71a28080152a0a.
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu May 12 03:18:42 UTC 2022 on sn-devel-184
Douglas Bagnall [Wed, 11 May 2022 00:46:21 +0000 (12:46 +1200)]
compression: fix lzxpress decompress with trailing flags
Every so often, lzxpress adds a 32-bit block of indicator flags to
help decode the next clump of 32 code words. A naive compressor (such
as we have) might do this at the very end for flags that aren't
actually used because there are no more bytes to decompress. If that
happens we need to stop processing, or we'll come to worse outcome at
the next CHECK_INPUT_BYTES.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 7 Mar 2022 23:19:45 +0000 (12:19 +1300)]
compression: Remove unneeded loop variable
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 7 Mar 2022 23:17:15 +0000 (12:17 +1300)]
compression: Reduce scope of variables
This makes the code clearer.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 7 Mar 2022 23:13:12 +0000 (12:13 +1300)]
compression: Use PUSH_LE_U32 for first output buffer write
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 7 Mar 2022 23:02:13 +0000 (12:02 +1300)]
compression: Fix writing output flags
If indic_bit == 0, the shift amount of 32 - indic_bit == 32 will equal
the width of a 32-bit integer type, and these shifts will invoke
undefined behaviour, which is likely to cause incorrect output. Fix this
by not shifting a 32-bit integer type by 32 bits or more.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Joseph Sutton [Mon, 7 Mar 2022 07:24:48 +0000 (20:24 +1300)]
compression: Make use of PUSH_LE_Uxx macros
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 7 Mar 2022 06:34:00 +0000 (19:34 +1300)]
compression: Consistently use PUSH_LE_Uxx macros
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 7 Mar 2022 06:30:43 +0000 (19:30 +1300)]
compression: Use explicit data sizes
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Matt Suiche [Tue, 23 Mar 2021 16:33:34 +0000 (20:33 +0400)]
compression: fix lzxpress-compress
Signed-off-by: Matt Suiche <msuiche@comae.com> Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Matt Suiche [Mon, 14 Jun 2021 23:14:51 +0000 (11:14 +1200)]
compression: lzxpress_compress: fix no-op shift of 0
Signed-off-by: Matt Suiche <msuiche@comae.com> Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Matt Suiche [Mon, 14 Jun 2021 23:52:37 +0000 (11:52 +1200)]
compression: fix lzxpress_decompress
Signed-off-by: Matt Suiche <msuiche@comae.com> Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Matt Suiche [Thu, 25 Mar 2021 12:50:42 +0000 (16:50 +0400)]
compression tests: add test for legacy compressed data
Signed-off-by: Matt Suiche <msuiche@comae.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Matt Suiche [Mon, 14 Jun 2021 22:45:19 +0000 (10:45 +1200)]
compression tests: add LZXpress tests based on [MS-XCA]
MS-XCA contains examples, and we should at least get those right.
Signed-off-by: Matt Suiche <msuiche@comae.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Jeremy Allison [Wed, 11 Dec 2019 23:06:40 +0000 (15:06 -0800)]
s3: libsmbclient: Cope with SMB2 servers that return STATUS_USER_SESSION_DELETED on a SMB2_ECHO (SMB2_OP_KEEPALIVE) call with a NULL session.
This is already tested by smb2.session.expire which
shows that Windows and Samba servers don't need this,
but some third party server are returning STATUS_USER_SESSION_DELETED
with a NULL sessionid.
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Bjoern Jacke <bjacke@samba.org>
Autobuild-User(master): Björn Jacke <bjacke@samba.org>
Autobuild-Date(master): Wed May 11 18:06:42 UTC 2022 on sn-devel-184
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed May 11 00:04:55 UTC 2022 on sn-devel-184
Joseph Sutton [Tue, 10 May 2022 01:02:30 +0000 (13:02 +1200)]
samdb: Avoid half-created accounts
If newuser() or newcomputer() create an account over LDAP, and an
attempt to modify it (e.g. to change the password) fails, ensure that we
properly clean up the account. If we are connected over LDAP, we won't
have transactions to clean things up for us.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 10 May 2022 00:49:50 +0000 (12:49 +1200)]
tests/samba-tool user_wdigest: Fix flapping test
The randomly-generated password for the user account may be too weak,
causing account creation to fail. This leads to further problems, as the
result of the command is not checked, and connecting over LDAP means
transactions cannot be used, leading to a half-created account and
failing tests.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Thu, 5 May 2022 03:44:05 +0000 (15:44 +1200)]
bootstrap: matplotlib is not a real Samba dep
This came in via the original list of packages used
at Catalyst when building Samba for testing, in particular
related to an example LDB module to trace LDB requests.
There is no testing need for this even in make test.
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
David Mulder [Fri, 29 Apr 2022 21:21:33 +0000 (15:21 -0600)]
gpo: Add Centrify Compatible Crontab Extensions
Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue May 10 20:05:48 UTC 2022 on sn-devel-184
winbind: send "debug traceid" from winbindd parent to child
Bumping WINBIND_INTERFACE_VERSION to 32
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Signed-off-by: Pavel Filipenský <pfilipen@redhat.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue May 10 18:25:01 UTC 2022 on sn-devel-184
Pavel Filipenský [Tue, 10 May 2022 11:06:53 +0000 (13:06 +0200)]
s3:lib: reset all tevent trace callbacks in reinit_after_fork()
Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
With "tevent: add event trace api" we have now more callbacks to reset. Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Joseph Sutton [Thu, 5 May 2022 09:42:47 +0000 (21:42 +1200)]
python: Use 'is' for identity when comparing against None
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue May 10 06:12:10 UTC 2022 on sn-devel-184
John Mulligan [Mon, 25 Apr 2022 16:04:20 +0000 (12:04 -0400)]
lib/smbconf: add python wrapper functions for transaction management
The smbconf API supports transactions. This changes adds wrapper
functions transaction_start, transaction_commit, and transaction_cancel.
It also adds tests for the functions, one of which demonstrates a
semi-pythonic way to use said functions.
Signed-off-by: John Mulligan <jmulligan@redhat.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri May 6 18:14:30 UTC 2022 on sn-devel-184
John Mulligan [Mon, 25 Apr 2022 14:16:56 +0000 (10:16 -0400)]
lib/smbconf: add delete_global_parameter method to SMBConf
Add a delete_global_parameter method wrapping smbconf_delete_global_parameter.
Signed-off-by: John Mulligan <jmulligan@redhat.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
John Mulligan [Mon, 25 Apr 2022 13:59:36 +0000 (09:59 -0400)]
lib/smbconf: add delete_parameter method to SMBConf
Add a delete_parameter method wrapping smbconf_delete_parameter.
Signed-off-by: John Mulligan <jmulligan@redhat.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
John Mulligan [Sun, 24 Apr 2022 15:48:41 +0000 (11:48 -0400)]
lib/smbconf: add create_set_share method to SMBConf
Add the create_set_share method wrapping smbconf_create_set_share.
This method is one of the most complex as it must "unpack" the list
of key-value pairs from python and convert that to a `struct
smbconf_service` for the smbconfig C API.
Signed-off-by: John Mulligan <jmulligan@redhat.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
John Mulligan [Sun, 24 Apr 2022 14:25:50 +0000 (10:25 -0400)]
lib/smbconf: add delete_share method to SMBConf
Add a delete_share method wrapping smbconf_delete_share.
Signed-off-by: John Mulligan <jmulligan@redhat.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
John Mulligan [Sun, 24 Apr 2022 14:19:37 +0000 (10:19 -0400)]
lib/smbconf: add set_global_parameter method to SMBConf
Add a set_global_parameter method wrapping smbconf_set_global_parameter.
Signed-off-by: John Mulligan <jmulligan@redhat.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
John Mulligan [Sun, 24 Apr 2022 14:18:42 +0000 (10:18 -0400)]
lib/smbconf: add set_parameter method to SMBConf
Add a set_parameter method wrapping smbconf_set_parameter.
Signed-off-by: John Mulligan <jmulligan@redhat.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
John Mulligan [Sun, 24 Apr 2022 12:17:53 +0000 (08:17 -0400)]
lib/smbconf: add drop method to SMBConf
Add a drop method wrapping smbconf_drop.
Signed-off-by: John Mulligan <jmulligan@redhat.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
John Mulligan [Sun, 24 Apr 2022 12:10:36 +0000 (08:10 -0400)]
lib/smbconf: add create_share method to SMBConf
Add a create_share method wrapping smbconf_create_share.
Signed-off-by: John Mulligan <jmulligan@redhat.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
John Mulligan [Sat, 23 Apr 2022 18:42:44 +0000 (14:42 -0400)]
python/samba/tests: add test cases for s3/registry init funcs
A previous change added smbconf initialization functions that allow
access to the registry back-end. Add some simple tests cases that
exercise these new functions.
Signed-off-by: John Mulligan <jmulligan@redhat.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
John Mulligan [Sat, 23 Apr 2022 18:38:42 +0000 (14:38 -0400)]
source3/lib/smbconf: add python bindings for init functions
Add functions that allow python to access the registry back-end
initialization function as well as the "general" init function
that parses the back-end out of given string "path".
With the registry back-end it will be possible to implement and
test read-write functions of smbconf API in the future.
Signed-off-by: John Mulligan <jmulligan@redhat.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
John Mulligan [Sat, 23 Apr 2022 18:19:59 +0000 (14:19 -0400)]
lib/smbconf: add a python function for raising smbconf exceptions
The previous implementation in C was private to the module. Add
a small python wrapper function so that a different python module
may reuse the implementation.
The python level function is prefixed with "_" to mark it as
"private". Only future cooperating modules in the samba sources
should make use of it.
The function is shared at the python level as per the recommendation:
https://stackoverflow.com/a/2136670
Signed-off-by: John Mulligan <jmulligan@redhat.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
John Mulligan [Sat, 23 Apr 2022 18:17:48 +0000 (14:17 -0400)]
lib/smbconf: move python smbconf type definition to header
Moving the definition of the type to a header file will allow
future reuse of the C-type fields in a different C-API python
module.
Signed-off-by: John Mulligan <jmulligan@redhat.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
John Mulligan [Thu, 5 May 2022 14:05:49 +0000 (10:05 -0400)]
s3/lib/smbconf: add talloc_stackframe to smbconf_init_reg
Previously, if this function was called without an existing stackframe
then uses of talloc_tos in source3/registry trigger a panic. Since we
intend to add patches that allow access to this call with Python
bindings, that will not typically have a talloc_stackframe already, we
add a talloc_stackframe call around the call to
smbconf_init_reg_internal. This hides the use of talloc_tos in the
registry code from higher level code that needs to call smbconf.
Signed-off-by: John Mulligan <jmulligan@redhat.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
projects / thirdparty / samba.git / log
