Volker Lendecke [Fri, 3 Jan 2025 14:24:01 +0000 (15:24 +0100)]
vfs: Rewrite vfs_streams_depot
This started when I found vfs_streams_depot() is the last user of
recursive_rmdir() and ended as a pretty complete rewrite. Why? This
new version does not call the path-based NEXT_[L]STAT routines
anymore, it only uses FSTATAT. This is one tiny step towards getting
rid of the path-based calls we still have that implicitly depend on
the current working directory. In some distant future I want to get
rid of our chdir() calls and do everything relative to a O_PATH handle
that we opened on the share root when connecting to a share.
This patch removes a few lines, and I don't see a reasonable way to do
this in micro-steps. Structurally it should be simple though:
Everything works off streams_depot_rootdir_pathref(), which gives a
pathref fsp to the ".streams" directory, stream_dir_pathref() turns
this into a pathref of the actual per-file subdirectory.
We also have to remove the special handling of absolute paths in
vfs_shadow_copy2, streams_depot does not send absolute paths anymore.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Felix Bussmann [Mon, 18 Mar 2024 14:19:18 +0000 (15:19 +0100)]
smbclient3: Replacing Echos in the cli status check with TCP status check.
Replacing the echoes, which were being sent every 5 seconds by the client for a CLI status check, with a method that checks the status of the file descriptor instead, for a POLLHUP, POLLRDHUP, or a timeout.
Signed-off-by: Felix Bussmann <feb@sernet.de> Reviewed-by: Ralph Boehme <slow@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Wed Mar 5 16:21:34 UTC 2025 on atb-devel-224
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Mar 5 12:37:40 UTC 2025 on atb-devel-224
Signed-off-by: Martin Schwenke <mschwenke@ddn.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Wed Mar 5 03:40:15 UTC 2025 on atb-devel-224
Douglas Bagnall [Tue, 4 Mar 2025 00:00:21 +0000 (13:00 +1300)]
ldb: remove unused test-sqlite3.sh
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz> Reviewed-by: Martin Schwenke <mschwenke@ddn.com>
Douglas Bagnall [Mon, 3 Mar 2025 23:56:39 +0000 (12:56 +1300)]
codespellrc: remove reference to non-existent file
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz> Reviewed-by: Martin Schwenke <mschwenke@ddn.com>
Douglas Bagnall [Mon, 3 Mar 2025 23:54:38 +0000 (12:54 +1300)]
ldb: doxygen: don't mention sqlite
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz> Reviewed-by: Martin Schwenke <mschwenke@ddn.com>
Douglas Bagnall [Mon, 3 Mar 2025 23:54:11 +0000 (12:54 +1300)]
ldb:manpages: ldbedit: update url schemes
no sqlite://, but ldaps:// ldb://, mdb://.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz> Reviewed-by: Martin Schwenke <mschwenke@ddn.com>
Douglas Bagnall [Mon, 3 Mar 2025 22:02:57 +0000 (11:02 +1300)]
ldb: remove obsolete copy of https://ldb.samba.org
lib/ldb/web/index.html used to be the source for
https://ldb.samba.org/, but the web page has continued to evolve in
minor ways without git keeping up.
The current difference is all http:// have been converted to https://
and a few URL domains and paths have changed.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz> Reviewed-by: Martin Schwenke <mschwenke@ddn.com>
Douglas Bagnall [Mon, 3 Mar 2025 22:02:21 +0000 (11:02 +1300)]
ldb: remove unused nssldb
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz> Reviewed-by: Martin Schwenke <mschwenke@ddn.com>
Douglas Bagnall [Mon, 3 Mar 2025 22:02:01 +0000 (11:02 +1300)]
ldb: remove unused sqlite backend
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz> Reviewed-by: Martin Schwenke <mschwenke@ddn.com>
Shachar Sharon [Tue, 1 Oct 2024 09:09:40 +0000 (12:09 +0300)]
vfs_ceph_new: use libcephfs nonblocking API for async-io ops
Use libcephfs non-blocking API (ceph_ll_nonblocking_readv_writev[1]) in
combination with smb VFS async hooks ({pread,pwrite,fsync}_send/_recv).
Fills libcephfs' struct ceph_ll_io_info with single iovec and
submit/complete the operation asynchronously on libcephfs side, with
corresponding tevent schedule-immediate upon completion on smbd side.
Control nonblocking/normal I/O mode via config parameter. The common
parts of async I/O (with/without HAVE_CEPH_ASYNCIO) are united.
Specifically, use same struct vfs_ceph_aio_state and common code via
helper function for all async I/O hooks. When HAVE_CEPH_ASYNCIO
is True _and_ config option 'asyncio = yes' use libcephfs asynchronous
I/O API. Otherwise, fake async operation using normal blocking APIs.
Pavel Filipenský [Thu, 20 Feb 2025 14:22:36 +0000 (15:22 +0100)]
docs-xml: Update description of dns hotsname (G)
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Pavel Filipensky <pfilipensky@samba.org>
Autobuild-Date(master): Mon Mar 3 10:36:29 UTC 2025 on atb-devel-224
Signed-off-by: Ivan Korytov <korytovip@basealt.ru> Reviewed-by: Alexander Bokovoy <ab@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Alexander Bokovoy <ab@samba.org>
Autobuild-Date(master): Fri Feb 28 13:26:45 UTC 2025 on atb-devel-224
Douglas Bagnall [Mon, 24 Feb 2025 22:30:03 +0000 (11:30 +1300)]
bootstrap: remove wintest-only dependency
Nobody has run Wintest in the last 10 years, and we don't need it
in our CI tests.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Thu Feb 27 01:00:10 UTC 2025 on atb-devel-224
GNU getopt(3) is by default non-POSIX compliant and accepts options after
positional arguments (unless forced with POSIXLY_CORRECT). This is not portable,
e..g., on FreeBSD. Put options first and then positional arguments.
Signed-off-by: Andrea Venturoli <ml@netfence.it> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
python:tests/krb5: let create_trust() take {ingress,egress}_claims_tf_rules
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Mon Feb 24 10:28:02 UTC 2025 on atb-devel-224
s4:kdc: split access check preparation from the actual check in samba_kdc_update_pac()
This allows us to add more access checks later...
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Sat Feb 22 23:04:04 UTC 2025 on atb-devel-224
s4:kdc: move device_{info,claims}_blob generation in samba_kdc_update_pac()
We should generate the device blobs after generating the client blobs
and also after all access checking.
We also use the samba_kdc_get_claims_blob() helper,
which is currently only a wrapper around
claims_data_encoded_claims_set(), but that will change in future...
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
s4:kdc: regenerate the client claims blob in samba_kdc_update_pac() if needed
Note that samba_kdc_get_claims_data() already handles the
samba_kdc_entry_pac_issued_by_trust() case to clear the
claims received from a trusted domain.
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
s4:kdc: rewrite the logic in samba_kdc_get_claims_data()
We should also go via samba_kdc_get_claims_data_from_pac()
if the pack was issued by a trust. But for now we still
clear the claims, which is the default if
msDS-IngressClaimsTransformationPolicy is missing
on the trustedDomain object.
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
s4:kdc: let samba_kdc_get_pac() use samba_kdc_get_claims_blob()
We should avoid calling claims_data_encoded_claims_set() directly,
we'll have to do more than claims_data_encoded_claims_set() in future,
so make sure we always go via the common samba_kdc_get_claims_blob()
helper.
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
s4:kdc: introduce need_device helper variable in samba_kdc_update_pac()
Also use samba_kdc_entry_pac_valid_principal() in order to catch
all conditions for a valid device. For principals issued by
trusted domains there's no device.entry pointer!
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
s4:kdc: pass samba_kdc_entry_pac to samba_kdc_check_s4u2proxy_rbcd()
This simplifies and unifies the callers.
For the MIT kdc we avoid using via kerberos_pac_to_user_info_dc()
directly.
Now both go via samba_kdc_get_user_info_dc() and MIT also
handles the samba_kdc_get_claims_data() path.
For the MIT kdc it means kerberos_pac_to_user_info_dc() is now
called via samba_kdc_get_user_info_dc() ->
samba_kdc_get_user_info_from_pac() and it is followed by
authsam_update_user_info_dc() consistently.
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
winbindd: find_auth_domain() and find_lookup_domain_from_name() should handle namespaces
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Sat Feb 22 17:03:27 UTC 2025 on atb-devel-224
s3:rpc_server/netlogon: let _netr_NTLMv2_RESPONSE_verify() generate trust_forest_domain_info array
MS-NRPC 3.5.4.5.1.1 Pass-through domain name validation,
requires to pass information about the trust topology to
NTLMv2_RESPONSE_verify_netlogon_creds()...
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
s4:rpc_server/netlogon: let dcesrv_netr_NTLMv2_RESPONSE_verify generate trust_forest_domain_info array
MS-NRPC 3.5.4.5.1.1 Pass-through domain name validation,
requires to pass information about the trust topology to
NTLMv2_RESPONSE_verify_netlogon_creds()...
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
projects / thirdparty / samba.git / log
