Douglas Bagnall [Thu, 28 Nov 2024 03:06:10 +0000 (16:06 +1300)]
librpc/wsp: use unsigned char for high byte comparison
../../librpc/wsp/wsp_util.c:244:28: warning: result of comparison of constant 160 with expression of type 'char' is always false [-Wtautological-constant-out-of-range-compare]
244 | if (strlen(t) == 1 && *t == 0xa0) {
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Volker Lendecke <vl@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Björn Jacke <bjacke@samba.org> Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Wed Mar 12 01:32:30 UTC 2025 on atb-devel-224
Xavi Hernandez [Tue, 4 Mar 2025 11:48:41 +0000 (12:48 +0100)]
vfs_ceph_new: detect case sensitivity in CephFS
CephFS has recently added support for case insensitive access to the
file system. This modification detects whether the shared volume is case
sensitive or not and reports the FILE_CASE_SENSITIVE_SEARCH capability
accordingly.
s3:utils: Remove call of ads_startup() from net_ads_keytab_create()
Calling ads_startup() is not needed in net_ads_keytab_create. Keytab
creation code in sync_pw2keytabs() decides if it needs to talk to DC or
not and connects to AD accordingly.
Fixing this, makes the bug below easier to reproduce using
'net ads keytab create'.
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Pavel Filipensky <pfilipensky@samba.org>
Autobuild-Date(master): Mon Mar 10 11:09:29 UTC 2025 on atb-devel-224
s3:libads: Make sure that REALM is always added to keytab principals
The code responsible for adding SPNs to keytab should always set the
REALM part. Current code is not adding it for e.g. SPNs synced from AD.
If REALM is missing, krb5_parse_name() will succeed (and add the REALM)
only if the krb5.conf contains libdefaults section with
default_realm set and will fail otherwise. E.g.:
Pair-Programmed-With: Noel Power <noel.power@suse.com>
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Pavel Filipensky <pfilipensky@samba.org>
Autobuild-Date(master): Sun Mar 9 00:25:08 UTC 2025 on atb-devel-224
Ralph Boehme [Wed, 5 Mar 2025 17:02:39 +0000 (18:02 +0100)]
docs-xml: enable SMB3 Unix Extensions by default
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Mar 7 20:06:31 UTC 2025 on atb-devel-224
Ralph Boehme [Fri, 7 Mar 2025 13:51:26 +0000 (14:51 +0100)]
s3:locking: make sure brl_conflict_posix() is only called with 2 POSIX_LOCKS
Otherwise we hit the assert if the caller is a windows lock
and the conflicting one a posix lock.
Or in the non-developer build we don't enforce the windows locking
rules.
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Ralph Boehme <slow@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Fri, 7 Mar 2025 13:47:49 +0000 (14:47 +0100)]
s3:locking: assert POSIX_LOCK in brl_[un]lock_posix()
This makes it clearer and prevents possible problems in future.
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Ralph Boehme <slow@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
which came in with commit f68fffa85d1de992384a210bb0b9261cda3fb168,
apparently forgetting to remove the previously existing initialization
locks[i].lock_flav=WINDOWS_LOCK.
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Ralph Boehme <slow@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Fri, 7 Mar 2025 11:57:24 +0000 (12:57 +0100)]
smbd: fix check for POSIX opens in have_file_open_below()
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Ralph Boehme <slow@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Fri, 7 Mar 2025 11:57:07 +0000 (12:57 +0100)]
smbd: fix checks for POSIX opens in file_find_subpath()
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Ralph Boehme <slow@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
Anoop C S [Tue, 25 Feb 2025 12:10:13 +0000 (17:40 +0530)]
vfs_ceph_new: Do not resolve by inode number
CephFS snapshots within snap directory shares the same inode number from
its parent. Until unless we resolve by name we may incorrectly point at
an inode which is not a snapshot directory. Therefore to be functionally
correct we avoid resolving by inode number but proper name.
Signed-off-by: Anoop C S <anoopcs@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Fri Mar 7 18:20:47 UTC 2025 on atb-devel-224
Anoop C S [Mon, 24 Feb 2025 08:30:56 +0000 (14:00 +0530)]
vfs_ceph_new: Handle absolute path in vfs_ceph_ll_walk
It can very well be the case that the incoming path is absolute in
nature which breaks the assumption inside vfs_ceph_ll_walk that it
is within the current working directory. Instead perform a check to
see whether the path includes current working directory path in its
components and accordingly trim it to make it relative in nature.
s4:auth: let auth_user_info_dc_expand_sids() add This Organization SID
We do that unless the Other Organization SID is already there.
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Mar 6 17:35:50 UTC 2025 on atb-devel-224
Volker Lendecke [Wed, 26 Feb 2025 12:20:36 +0000 (13:20 +0100)]
vfs: Simplify DBGs
Avoid casts: We have PRIu64, size_t is printed with %zu. Only off_t
must be cast to intmax_t, but for that we should not need a macro.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Mar 5 18:42:03 UTC 2025 on atb-devel-224
Volker Lendecke [Fri, 3 Jan 2025 14:24:01 +0000 (15:24 +0100)]
vfs: Rewrite vfs_streams_depot
This started when I found vfs_streams_depot() is the last user of
recursive_rmdir() and ended as a pretty complete rewrite. Why? This
new version does not call the path-based NEXT_[L]STAT routines
anymore, it only uses FSTATAT. This is one tiny step towards getting
rid of the path-based calls we still have that implicitly depend on
the current working directory. In some distant future I want to get
rid of our chdir() calls and do everything relative to a O_PATH handle
that we opened on the share root when connecting to a share.
This patch removes a few lines, and I don't see a reasonable way to do
this in micro-steps. Structurally it should be simple though:
Everything works off streams_depot_rootdir_pathref(), which gives a
pathref fsp to the ".streams" directory, stream_dir_pathref() turns
this into a pathref of the actual per-file subdirectory.
We also have to remove the special handling of absolute paths in
vfs_shadow_copy2, streams_depot does not send absolute paths anymore.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Felix Bussmann [Mon, 18 Mar 2024 14:19:18 +0000 (15:19 +0100)]
smbclient3: Replacing Echos in the cli status check with TCP status check.
Replacing the echoes, which were being sent every 5 seconds by the client for a CLI status check, with a method that checks the status of the file descriptor instead, for a POLLHUP, POLLRDHUP, or a timeout.
Signed-off-by: Felix Bussmann <feb@sernet.de> Reviewed-by: Ralph Boehme <slow@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Wed Mar 5 16:21:34 UTC 2025 on atb-devel-224
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Mar 5 12:37:40 UTC 2025 on atb-devel-224
Signed-off-by: Martin Schwenke <mschwenke@ddn.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Wed Mar 5 03:40:15 UTC 2025 on atb-devel-224
Douglas Bagnall [Tue, 4 Mar 2025 00:00:21 +0000 (13:00 +1300)]
ldb: remove unused test-sqlite3.sh
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz> Reviewed-by: Martin Schwenke <mschwenke@ddn.com>
Douglas Bagnall [Mon, 3 Mar 2025 23:56:39 +0000 (12:56 +1300)]
codespellrc: remove reference to non-existent file
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz> Reviewed-by: Martin Schwenke <mschwenke@ddn.com>
Douglas Bagnall [Mon, 3 Mar 2025 23:54:38 +0000 (12:54 +1300)]
ldb: doxygen: don't mention sqlite
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz> Reviewed-by: Martin Schwenke <mschwenke@ddn.com>
Douglas Bagnall [Mon, 3 Mar 2025 23:54:11 +0000 (12:54 +1300)]
ldb:manpages: ldbedit: update url schemes
no sqlite://, but ldaps:// ldb://, mdb://.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz> Reviewed-by: Martin Schwenke <mschwenke@ddn.com>
Douglas Bagnall [Mon, 3 Mar 2025 22:02:57 +0000 (11:02 +1300)]
ldb: remove obsolete copy of https://ldb.samba.org
lib/ldb/web/index.html used to be the source for
https://ldb.samba.org/, but the web page has continued to evolve in
minor ways without git keeping up.
The current difference is all http:// have been converted to https://
and a few URL domains and paths have changed.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz> Reviewed-by: Martin Schwenke <mschwenke@ddn.com>
Douglas Bagnall [Mon, 3 Mar 2025 22:02:21 +0000 (11:02 +1300)]
ldb: remove unused nssldb
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz> Reviewed-by: Martin Schwenke <mschwenke@ddn.com>
Douglas Bagnall [Mon, 3 Mar 2025 22:02:01 +0000 (11:02 +1300)]
ldb: remove unused sqlite backend
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz> Reviewed-by: Martin Schwenke <mschwenke@ddn.com>
Shachar Sharon [Tue, 1 Oct 2024 09:09:40 +0000 (12:09 +0300)]
vfs_ceph_new: use libcephfs nonblocking API for async-io ops
Use libcephfs non-blocking API (ceph_ll_nonblocking_readv_writev[1]) in
combination with smb VFS async hooks ({pread,pwrite,fsync}_send/_recv).
Fills libcephfs' struct ceph_ll_io_info with single iovec and
submit/complete the operation asynchronously on libcephfs side, with
corresponding tevent schedule-immediate upon completion on smbd side.
Control nonblocking/normal I/O mode via config parameter. The common
parts of async I/O (with/without HAVE_CEPH_ASYNCIO) are united.
Specifically, use same struct vfs_ceph_aio_state and common code via
helper function for all async I/O hooks. When HAVE_CEPH_ASYNCIO
is True _and_ config option 'asyncio = yes' use libcephfs asynchronous
I/O API. Otherwise, fake async operation using normal blocking APIs.
Pavel Filipenský [Thu, 20 Feb 2025 14:22:36 +0000 (15:22 +0100)]
docs-xml: Update description of dns hotsname (G)
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Pavel Filipensky <pfilipensky@samba.org>
Autobuild-Date(master): Mon Mar 3 10:36:29 UTC 2025 on atb-devel-224
Signed-off-by: Ivan Korytov <korytovip@basealt.ru> Reviewed-by: Alexander Bokovoy <ab@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Alexander Bokovoy <ab@samba.org>
Autobuild-Date(master): Fri Feb 28 13:26:45 UTC 2025 on atb-devel-224
Douglas Bagnall [Mon, 24 Feb 2025 22:30:03 +0000 (11:30 +1300)]
bootstrap: remove wintest-only dependency
Nobody has run Wintest in the last 10 years, and we don't need it
in our CI tests.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Thu Feb 27 01:00:10 UTC 2025 on atb-devel-224
GNU getopt(3) is by default non-POSIX compliant and accepts options after
positional arguments (unless forced with POSIXLY_CORRECT). This is not portable,
e..g., on FreeBSD. Put options first and then positional arguments.
Signed-off-by: Andrea Venturoli <ml@netfence.it> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
python:tests/krb5: let create_trust() take {ingress,egress}_claims_tf_rules
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Mon Feb 24 10:28:02 UTC 2025 on atb-devel-224
s4:kdc: split access check preparation from the actual check in samba_kdc_update_pac()
This allows us to add more access checks later...
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Sat Feb 22 23:04:04 UTC 2025 on atb-devel-224
s4:kdc: move device_{info,claims}_blob generation in samba_kdc_update_pac()
We should generate the device blobs after generating the client blobs
and also after all access checking.
We also use the samba_kdc_get_claims_blob() helper,
which is currently only a wrapper around
claims_data_encoded_claims_set(), but that will change in future...
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
s4:kdc: regenerate the client claims blob in samba_kdc_update_pac() if needed
Note that samba_kdc_get_claims_data() already handles the
samba_kdc_entry_pac_issued_by_trust() case to clear the
claims received from a trusted domain.
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
s4:kdc: rewrite the logic in samba_kdc_get_claims_data()
We should also go via samba_kdc_get_claims_data_from_pac()
if the pack was issued by a trust. But for now we still
clear the claims, which is the default if
msDS-IngressClaimsTransformationPolicy is missing
on the trustedDomain object.
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
s4:kdc: let samba_kdc_get_pac() use samba_kdc_get_claims_blob()
We should avoid calling claims_data_encoded_claims_set() directly,
we'll have to do more than claims_data_encoded_claims_set() in future,
so make sure we always go via the common samba_kdc_get_claims_blob()
helper.
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
s4:kdc: introduce need_device helper variable in samba_kdc_update_pac()
Also use samba_kdc_entry_pac_valid_principal() in order to catch
all conditions for a valid device. For principals issued by
trusted domains there's no device.entry pointer!
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
s4:kdc: pass samba_kdc_entry_pac to samba_kdc_check_s4u2proxy_rbcd()
This simplifies and unifies the callers.
For the MIT kdc we avoid using via kerberos_pac_to_user_info_dc()
directly.
Now both go via samba_kdc_get_user_info_dc() and MIT also
handles the samba_kdc_get_claims_data() path.
For the MIT kdc it means kerberos_pac_to_user_info_dc() is now
called via samba_kdc_get_user_info_dc() ->
samba_kdc_get_user_info_from_pac() and it is followed by
authsam_update_user_info_dc() consistently.
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
projects / thirdparty / samba.git / log
