Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue May 31 21:51:07 UTC 2022 on sn-devel-184
David Mulder [Fri, 27 May 2022 16:56:25 +0000 (10:56 -0600)]
gpo: Move Group Policy code below gp directory
Moves the Group Policy extensions and supporting
code within the existing python/samba/gp directory.
Meant to clean up the clutter that's accumulating
in python/samba.
Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue May 31 20:15:45 UTC 2022 on sn-devel-184
Volker Lendecke [Tue, 24 May 2022 06:23:25 +0000 (08:23 +0200)]
winbind: Create local krb5.conf for idmap backend ad
Without this, it can happen that tldap will look at a possibly wrong
/etc/krb5.conf. I have not reliably reproduced this, because a
set_domain_online_request() in the idmap child might interfere with
this, so I could not write a comprehensive test for this. Manual
testing however fixes the issue that wbinfo --sid-to-uid can take ages
asking a potentially nonexisting KDC.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Martin Schwenke [Thu, 19 May 2022 05:09:41 +0000 (15:09 +1000)]
ctdb-recoverd: Do not ban on unknown error when taking cluster lock
If the cluster filesystem is unavailable then I/O errors may occur.
This is no worse than contention, so don't ban. This avoids having
services unavailable for longer than necessary.
Update the associated test to simply confirm that this results in a
leaderless cluster, and leadership is restored when the lock can once
again be taken.
Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Douglas Bagnall [Thu, 26 May 2022 03:50:23 +0000 (15:50 +1200)]
debug: update comments about setup_logging()
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon May 30 11:03:47 UTC 2022 on sn-devel-184
we wouldn't see anything in "/var/log/group_json.log", while the level
5 dsdb_group_json_audit messages would go into the main log.
Note that the named file would still be opened by winbindd and others
that use the s3 code, but would remain empty as they don't have anything
to say about dsdb_group_json_audit.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Pavel Filipenský [Thu, 26 May 2022 13:38:23 +0000 (15:38 +0200)]
py:gpo: Fix testing of 0x8000 bit
Signed-off-by: Pavel Filipenský <pfilipen@redhat.com> Reviewed-by: David Mulder <dmulder@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): David Mulder <dmulder@samba.org>
Autobuild-Date(master): Thu May 26 19:36:52 UTC 2022 on sn-devel-184
Uri Simchoni [Tue, 24 May 2022 19:54:04 +0000 (22:54 +0300)]
[ci-images] remove use of sudo in image building smoke test
Signed-off-by: Uri Simchoni <uri@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Uri Simchoni <uri@samba.org>
Autobuild-Date(master): Wed May 25 20:50:25 UTC 2022 on sn-devel-184
Uri Simchoni [Mon, 23 May 2022 19:58:16 +0000 (22:58 +0300)]
[ci-images] run podman directly instead of docker link
Instead of having a symbolic link from docker to podman,
use podman directly. This is made for better clarity, and
because docker and podman are not 100% intechangeable in this
script.
Signed-off-by: Uri Simchoni <uri@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Uri Simchoni [Mon, 23 May 2022 17:42:55 +0000 (20:42 +0300)]
[ci-images] use podman instead of docker
Use podman as image building tool instead of docker. The image-creation
pipeline still runs on docker only (until gitlab-runner supports
podman), but the pipeline image may emply podman instead of docker to
build images.
Signed-off-by: Uri Simchoni <uri@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
We process python args using PyArg_ParseTupleAndKeywords(), and use "p"
type modifier there. According to documentation, this type modifier,
while works for a boolean type, expects an argument of type int. But in
py_net_join_member() and py_net_leave() we use argument of type uint8_t
(no_dns_update, keep_account, r->in.debug). So when PyArg_ParseTupleAndKeywords()
tries to assign a value to &no_dns_update, it updates subsequent, unrelated bytes
too, - which ones depends on the stack and structure layout used by the compiler.
Fix this by using int type for all relevant variables, and by introducing proxy
variable "debug" (of the same type) for r->in.debug.
While at it, also ensure all variables have sensible default values.
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru> Reviewed-by: Alexander Bokovoy <ab@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed May 25 06:19:32 UTC 2022 on sn-devel-184
Noel Power [Mon, 23 May 2022 16:23:41 +0000 (17:23 +0100)]
s3/client: Restore '-E' handling
Sometimes we really do need to redirect output to stderr
e.g. when using the tar command to output the archive to stdout
we don't want debug or cmdline status messages straying into stdout.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15075 Signed-off-by: Noel Power <noel.power@suse.com>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Tue May 24 10:29:27 UTC 2022 on sn-devel-184
Samuel Cabrero [Mon, 23 May 2022 12:11:24 +0000 (14:11 +0200)]
s3:libads: Clear previous CLDAP ping flags when reusing the ADS_STRUCT
Before commit 1d066f37b9217a475b6b84a935ad51fbec88fe04, when the LDAP
connection wasn't established yet (ads->ldap.ld == NULL), the
ads_current_time() function always allocated and initialized a new
ADS_STRUCT even when ads->ldap.ss had a good address after having called
ads_find_dc().
After that commit, when the ADS_STRUCT is reused and passed to the
ads_connect() call, ads_try_connect() may fail depending on the
contacted DC because ads->config.flags field can contain the flags
returned by the previous CLDAP call. For example, when having 5 DCs:
* 192.168.101.31 has PDC FSMO role
* 192.168.101.32
* 192.168.101.33
* 192.168.101.34
* 192.168.101.35
The check_cldap_reply_required_flags() call fails because
ads->config.flags contain the flags returned by the previous CLDAP call,
even when the returned and required values match because they have
different semantics:
if (req_flags & DS_PDC_REQUIRED)
RETURN_ON_FALSE(ret_flags & NBT_SERVER_PDC);
translates to:
if (0xF1FC & 0x80)
RETURN_ON_FALSE(0xF1FC & 0x01);
which returns false because 192.168.101.35 has no PDC FSMO role.
The easiest fix for now is to reset ads->config.flags in
ads_current_time() when reusing an ADS_STRUCT before calling
ads_connect(), but we should consider storing the required and returned
flags in different fields or at least use the same bitmap for them
because check_cldap_reply_required_flags() is checking a
netr_DsRGetDCName_flags value using the nbt_server_type bitmap.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon May 23 19:18:38 UTC 2022 on sn-devel-184
Pavel Filipenský [Mon, 23 May 2022 11:10:31 +0000 (13:10 +0200)]
python/gp_cert_auto_enroll: Fix bitwise test in expression
Found by covscan.
result_independent_of_operands: "(e.data & 4) == 1" is always false regardless of the values of its operands. This occurs as the operand of assignment.
Signed-off-by: Pavel Filipenský <pfilipen@redhat.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon May 23 09:34:51 UTC 2022 on sn-devel-184
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Signed-off-by: Andreas Hasenack <andreas@canonical.com>
Pair-programmed-with: Andreas Hasenack <andreas@canonical.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Mon May 23 00:53:09 UTC 2022 on sn-devel-184
Volker Lendecke [Sun, 15 May 2022 11:30:09 +0000 (13:30 +0200)]
srvsvcd: Silence a integer type warning
Okay because lp_csc_policy() is an enum with 4 choices
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri May 20 19:59:07 UTC 2022 on sn-devel-184
All parent-child communication is based in NDR and dispatched as a local
RPC call.
Signed-off-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu May 19 18:50:24 UTC 2022 on sn-devel-184
Samuel Cabrero [Thu, 3 Jun 2021 18:05:48 +0000 (20:05 +0200)]
s3:winbind: Create a binding handle for each child
Next commits will convert InitConnection from struct based to NDR based
and this call will be directly issued to a domain child so create a 'wbint'
binding handle for domain childs too.
Signed-off-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Samuel Cabrero [Mon, 21 Jun 2021 15:25:50 +0000 (17:25 +0200)]
s3:winbind: Split getting and filling the password policy info
Next commits will convert from struct based to NDR based. The
samr_DomInfo1 struct will be returned by the child to the parent inside
the 'r' struct and the parent will just fill the winbindd_respone.
Signed-off-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 18 May 2022 14:01:08 +0000 (16:01 +0200)]
srvsvc: Announce [username] in NetShareEnum
This patch has two flaws: First, it does not cover api_RNetShareEnum()
for SMB1, and the second one is: To make this elegant, we would have
to restructure our share handling. It is really only listing shares
for which we have to pull in everything from smb.conf, registry,
usershares and potentially printers. What we should do is modify our
loadparm handling to only load share definitions on demand and for
listing shares handle all the potential sources specially. Add code
that walks the registry shares without adding them to our services
list and so on.
This patch is the quick&dirty way to fix the bug, the alternative
would be weeks or more. And hopefully nobody notices the SMB1
problem...
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed May 18 17:42:20 UTC 2022 on sn-devel-184
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed May 18 07:56:52 UTC 2022 on sn-devel-184
Douglas Bagnall [Sun, 15 May 2022 00:28:32 +0000 (12:28 +1200)]
lzxpress: compress shortcut if we've reached maximum length
A simple degenerate case for our compressor has been a large number of
repeated bytes that will match the maximum length (~64k) at all 8192
search positions, 8191 of which searches are in vain because the
matches are not of greater length than the first one.
Here we recognise the inevitable and reduce runtime proportionately.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Tue May 17 23:11:21 UTC 2022 on sn-devel-184
Anoop C S [Fri, 13 May 2022 11:16:01 +0000 (16:46 +0530)]
vfs_glusterfs: Fix fdopendir implementation
Directory stream returned for fdopendir() within vfs_glusterfs doesn't
correctly point to required directory fd. Since GlusterFS still don't
support *at() variant syscalls we will have to rely on full path/name
constructed out of fsp.
Signed-off-by: Anoop C S <anoopcs@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue May 17 20:20:05 UTC 2022 on sn-devel-184
glfd(gluster fd) used in glfs_fgetxattr() for get_real_filename_at()
implementation doesn't correctly point to required directory fd. Since
GlusterFS still don't support *at() variant syscalls we will have to
rely on full path/name constructed out of dirfsp.
Signed-off-by: Anoop C S <anoopcs@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Pavel Filipenský [Wed, 11 May 2022 12:20:34 +0000 (14:20 +0200)]
s3:smbd: Covscan: remove dead code
Covscan:
source3/smbd/files.c:575: check_after_deref: Null-checking "fsp" suggests that it
may be null, but it has already been dereferenced on all paths leading to the check.
Signed-off-by: Pavel Filipenský <pfilipen@redhat.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat May 14 04:41:57 UTC 2022 on sn-devel-184
Pavel Filipenský [Wed, 11 May 2022 12:19:44 +0000 (14:19 +0200)]
s3:smbd Fix trailing whitespace in files.c
Signed-off-by: Pavel Filipenský <pfilipen@redhat.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Pavel Filipenský [Wed, 11 May 2022 08:14:53 +0000 (10:14 +0200)]
s3:libsmb: Covscan: unchecked return value for cli_credentials_set_smb_encryption()
Signed-off-by: Pavel Filipenský <pfilipen@redhat.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Pavel Filipenský [Wed, 11 May 2022 10:11:21 +0000 (12:11 +0200)]
auth: Covscan: unchecked return value for cli_credentials_set_smb_encryption()
Signed-off-by: Pavel Filipenský <pfilipen@redhat.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Pavel Filipenský [Wed, 11 May 2022 10:10:36 +0000 (12:10 +0200)]
auth: Fix trailing whitespace in pycredentials.c
Signed-off-by: Pavel Filipenský <pfilipen@redhat.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Pavel Filipenský [Wed, 11 May 2022 10:06:22 +0000 (12:06 +0200)]
ctdb: Covscan: unchecked return value for trbt_traversearray32()
Signed-off-by: Pavel Filipenský <pfilipen@redhat.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Pavel Filipenský [Wed, 11 May 2022 10:04:34 +0000 (12:04 +0200)]
ctdb: Fix trailing whitespace in rb_tree.c
Signed-off-by: Pavel Filipenský <pfilipen@redhat.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Pavel Filipenský [Wed, 11 May 2022 09:39:28 +0000 (11:39 +0200)]
s4:libcli: Covscan: unchecked return value for file_save()
Signed-off-by: Pavel Filipenský <pfilipen@redhat.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Pavel Filipenský [Wed, 11 May 2022 09:38:45 +0000 (11:38 +0200)]
s4:libcli: Fix trailing whitespace in browse.c
Signed-off-by: Pavel Filipenský <pfilipen@redhat.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Pavel Filipenský [Wed, 11 May 2022 09:36:48 +0000 (11:36 +0200)]
s4:libcli: Covscan: unchecked return value for file_save()
Signed-off-by: Pavel Filipenský <pfilipen@redhat.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Pavel Filipenský [Wed, 11 May 2022 09:36:03 +0000 (11:36 +0200)]
s4:libcli: Fix trailing whitespace in netlogon.c
Signed-off-by: Pavel Filipenský <pfilipen@redhat.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Pavel Filipenský [Wed, 11 May 2022 09:32:47 +0000 (11:32 +0200)]
libcli: Covscan: unchecked return value for file_save()
Signed-off-by: Pavel Filipenský <pfilipen@redhat.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Pavel Filipenský [Wed, 11 May 2022 09:31:52 +0000 (11:31 +0200)]
libcli: Fix trailing whitespace in netlogon.c
Signed-off-by: Pavel Filipenský <pfilipen@redhat.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
David Mulder [Thu, 12 May 2022 19:24:07 +0000 (13:24 -0600)]
gpo: Cert Auto Enroll use ldap trust cert if NDES disabled
If the CA does not have the Network Device
Enrollment Service enabled, we can still use the
certificate from the ldap request (unless this is
a complex request and ldap config isn't present).
Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri May 13 15:38:53 UTC 2022 on sn-devel-184
David Mulder [Wed, 4 May 2022 21:01:22 +0000 (15:01 -0600)]
gpo: Remove sscep depends from Cert Auto Enroll
Certificate Auto Enrollment currently depends on
sscep to retrieve the root certificate chain.
This isn't necessary, since this can be
accomplished with a simple GET.
Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Andreas Schneider <asn@samba.org>
David Mulder [Fri, 6 May 2022 15:46:44 +0000 (09:46 -0600)]
gpo: Halt Cert Auto Enroll process if data corrupted
If the CA URL cannot be processed, then halt
processing. Otherwise we'll end up in a broken
state later when trying to read from the end
points with missing data.
Signed-off-by: David Mulder <dmulder@suse.com> Revewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu May 12 18:45:41 UTC 2022 on sn-devel-184
David Mulder [Fri, 6 May 2022 15:41:19 +0000 (09:41 -0600)]
gpo: Supress error caused by ldap Cert Auto Enroll config
When the CA url specified on the SYSVOL is 'LDAP:'
this means that configuration should be fetched
from LDAP. This corrects an error message that
was being reported when the URL appeared improper
but really is not. This does not change the
code behavior (it was still working), but
removes the invalid error.
Signed-off-by: David Mulder <dmulder@suse.com> Revewed-by: Andreas Schneider <asn@samba.org>
Andrew Bartlett [Wed, 11 May 2022 22:54:22 +0000 (10:54 +1200)]
s4-samr: Fix missing check for GnuTLS errors from E_old_pw_hash()
Not likely to be an issue in the real world as the earlier calls
will have failed if weak crypto was disabled, but this was missed
in dce944e8a1119034f184336f6b71a28080152a0a.
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu May 12 03:18:42 UTC 2022 on sn-devel-184
Douglas Bagnall [Wed, 11 May 2022 00:46:21 +0000 (12:46 +1200)]
compression: fix lzxpress decompress with trailing flags
Every so often, lzxpress adds a 32-bit block of indicator flags to
help decode the next clump of 32 code words. A naive compressor (such
as we have) might do this at the very end for flags that aren't
actually used because there are no more bytes to decompress. If that
happens we need to stop processing, or we'll come to worse outcome at
the next CHECK_INPUT_BYTES.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 7 Mar 2022 23:19:45 +0000 (12:19 +1300)]
compression: Remove unneeded loop variable
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 7 Mar 2022 23:17:15 +0000 (12:17 +1300)]
compression: Reduce scope of variables
This makes the code clearer.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
projects / thirdparty / samba.git / log
