Andrew Bartlett [Thu, 31 Mar 2022 23:06:45 +0000 (12:06 +1300)]
dsdb: Clarify that most errors in make_error_and_update_badPwdCount() are not returned
This is mainly just to be clear, and was done while failing to work around compiler
warnings.
For the curious it was gcc version 4.8.5 20150623 (Red Hat 4.8.5-44) (CentOS 7)
build with -O3, which gave with other, later patches:
../../source4/dsdb/samdb/ldb_modules/password_hash.c: In function ‘check_password_restrictions_and_log’:
../../source4/dsdb/samdb/ldb_modules/password_hash.c:3231:5: error: assuming signed overflow does not occur when simplifying conditional to constant [-Werror=strict-overflow]
if (ret == LDB_SUCCESS) {
^
Regardless, we make it clear that all values assigned to "ret" are
local small constants.
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
David Mulder [Tue, 12 Apr 2022 18:50:25 +0000 (12:50 -0600)]
gpo: Add Cert Auto Enroll Advanced Config
Advanced configuration for Certifcate Auto
Enrollment is stored on the sysvol, and needs
to be parsed/used when provided.
Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue May 3 21:48:57 UTC 2022 on sn-devel-184
David Mulder [Mon, 11 Apr 2022 20:26:50 +0000 (14:26 -0600)]
gpo: Certificate Auto Enroll correctly check templates
[MS-CAESO] 4.4.5.3.2.4 and 4.4.5.3.2.4.2 explain
to fetch templates via cep, then to gather attrs
for the templates after. This code was reversed.
This will matter when implementing advanced
endpoint configuration.
Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org>
Martin Schwenke [Fri, 21 Jan 2022 01:14:05 +0000 (12:14 +1100)]
ctdb-locking: Don't pass NULL to tevent_req_is_unix_error()
If there is an error then this pointer is unconditionally
dereferenced.
However, the only possible error appears to be ENOMEM, where a crash
caused by dereferencing a NULL pointer isn't a terrible outcome. In
the absence of a security issue this is probably not worth
backporting.
Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Fri, 21 Jan 2022 01:09:45 +0000 (12:09 +1100)]
ctdb-mutex: Don't pass NULL to tevent_req_is_unix_error()
If there is an error then this pointer is unconditionally
dereferenced.
However, the only possible error appears to be ENOMEM, where a crash
caused by dereferencing a NULL pointer isn't a terrible outcome. In
the absence of a security issue this is probably not worth
backporting.
Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue May 3 00:10:53 UTC 2022 on sn-devel-184
Andrew Bartlett [Tue, 12 Apr 2022 00:23:54 +0000 (12:23 +1200)]
docs: Explain the impact of "ntlm auth = disabled" on simple bind forwarding
An RODC will forward an LDAP Simple bind, just like any other authentication,
when the password is not present locally.
If the full DC does not support NTLMv2 authentication this forwarded password
will be rejected. A future Samba version should prefer Kerberos or send the
plaintext, but we can not change the MS Windows behaviour, so we document this.
libcli/smb: allow SMB2 Negotiate responses with security_offset = 0 and security_length = 0
This fixes connections against the Azure SMB3 server.
It's not possible to demonstrate the bug with a test and a knownfail
entry, because it fails to even startup the test environments,
but the following change to our server demonstrates the problem
and shows the fix works:
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon May 2 20:13:10 UTC 2022 on sn-devel-184
Samuel Cabrero [Fri, 25 Feb 2022 13:26:07 +0000 (14:26 +0100)]
s3:winbind: Remove unused functions
Signed-off-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Apr 30 01:07:12 UTC 2022 on sn-devel-184
The winbindd_dual_pam_auth_crap() will be converted to a local RPC call
handler and the winbindd_response won't be filled by the child process
but in the parent's winbindd_pam_auth_crap_recv() function.
Move all code filling the winbindd_response struct to a common place,
winbindd_pam_auth_crap_recv().
Signed-off-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Samuel Cabrero [Thu, 24 Feb 2022 16:48:27 +0000 (17:48 +0100)]
s3:winbind: Move big NTLMv2 blob checks to parent process
The winbindd_dual_pam_auth_crap() function will be converted to a local
RPC call handler and it won't receive a winbindd_cli_state struct. Move
the checks accessing this struct to the parent.
Signed-off-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Samuel Cabrero [Tue, 15 Jun 2021 12:06:27 +0000 (14:06 +0200)]
s3:winbind: Pass the challenge to winbind_dual_SamLogon() as a data blob
Next commits will covert the winbindd_dual_pam_auth_crap() function to a
local RPC call handler receiving the challenge as a DATA_BLOB in the 'r'
struct.
Signed-off-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Apr 29 15:50:21 UTC 2022 on sn-devel-184
Jeremy Allison [Wed, 27 Apr 2022 19:50:59 +0000 (12:50 -0700)]
s4: torture: Add a new test - samba3.smb2.durable-open.stat-open.
Passes against Windows. Shows that Windows allows a durable handle
on a leased open for READ_ATTRUBUTES only (a stat open).
Mark as knownfail for now.
NB. Not sure why we are testing smb2.durable-open against ad_dc
as that provisioning has "smb2 leases = no" which precludes
granting durable handles. Not changing for this bug but this
should be looked at in future.
script/autobuild.py: allow to run from within git rebase -i
The 'git clone' used by autobuild.py fails if
GIT_DIR and GIT_WORK_TREE are already defined in the
environment.
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Apr 28 15:23:24 UTC 2022 on sn-devel-184
Volker Lendecke [Wed, 8 Dec 2021 06:08:10 +0000 (07:08 +0100)]
smbd: Add filename_convert_dirfsp()
As part of the filename_convert() process, keep a pathref dirfsp of
the containing directory for later use. This avoids having to do
another non_widelink_open() on every SMB2_CREATE and ntcreate&x in
later patches.
Future work will be to go through other filename_convert() calls and
make them use filename_convert_dirfsp(). If we manage to convert all
of them except the one in filename_convert_dirfsp() itself, we can
simplify filename_convert() and unix_convert() significantly.
Too large a patch, but I don't know how to split this up into smaller
logic pieces.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Ralph Boehme [Wed, 2 Mar 2022 15:10:28 +0000 (16:10 +0100)]
CI: use native Python functions to detect system and release
This ensures we detect the runtime system and release, not the ones
when Samba was build. It's necessary to detect the correct kernel
version we're running on because for kernels before 5.3.1 O_PATH opens
unnecessarily broke kernel oplocks, which breaks our tests. And in
gitlab it can happen that we build on kernels after 5.3.1 and later
run on older kernels. In this situation we can't run kernel oplock
tests.
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Copy the logic from ceph_snap_gmt_get_real_filename(). This is
untested in autobuild, but as ceph is broken anyway due to 812cb602e3be, we need to talk to the ceph developers before 4.17.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Sun, 13 Mar 2022 15:31:20 +0000 (16:31 +0100)]
smbd: Add get_real_filename_at()
Make get_real_filename() a wrapper.
Right now shadow_copy2 does a fallback to do get_real_filename() on
the twrp=0 tree in case of snapdirseverywhere because snapdirs can be
somewhere deep in the tree, and doing that correctly would be a
full-tree walk. I'd say that snapdirseverywhere is impossible to
implement if you want symlink safety, i.e. careful top-down tree
traversal together with snapdirseverywhere. If you have
snapdirseverywhere you need to pass down the full path very deep down,
which contradicts our fd-based approach we want to take.
Also, I believe that our test does not 100% correctly reflect what
actually is there: My understanding is that if you activate
snapdirseverywhere for example in GPFS, you see all snapshots at every
level (this would need to be verified). Our test does something more
nasty: It creates and tests a specific snapshot only at one place deep
in the directory hierarchy, which makes it impossible to find without
the full path.
This is all a big mess, but for now we need to deal with it. This adds
the twrp=0 fallback to core smbd, but I don't see any other way to do
that properly. And I do want a fd-based getrealfilename....
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Sun, 13 Mar 2022 11:15:59 +0000 (12:15 +0100)]
vfs: Add SMB_VFS_GET_REAL_FILENAME_AT
In a patchset that I'm working on right now there's the need to call
getrealfilename while the code does have a pathref fsp already
around. Doing the name-based call including non_widelink_open is not
necessary in this case. Start by adding the _at based call to the VFS.
For now, fall back to the name-based call. glusterfs-fuse will in a
future patch be converted to fgetxattr.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Mon, 14 Mar 2022 21:52:11 +0000 (22:52 +0100)]
smbd: Pass up stat-info from openat_pathref_fsp() on error
If openat_pathref_fsp() fails, callers might want to inspect the stat
info. If we really failed on STOPPED_ON_SYMLINK, the caller might need
to know this, although openat_pathref_fsp() masked this error.
As there is no smb_fname->fsp returned from openat_pathref_fsp() on
error, we need to pass this up in smb_fname itself.
This essentially reverts de439cd03047, which does basically the same
thing but is too specific. We need to cover the general !O_PATH case
more broadly.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
vfs_gpfs: Ignore pathref fds for gpfs:recalls check
Setting gpfs:recalls=no should prevent data access to offline files.
Since Samba 4.14, the VFS openat function is also called with O_PATH to
get a reference to the path. These accesses should not be blocked,
otherwise this would prevent offline files from being included in
directory listings.
Move includes.h for struct files_struct to fd_handle.c. Both
printing.c and smb1_utils.c depended on fd_handle.h to include the
prototypes. Do that explicitly in those files.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Apr 26 20:16:33 UTC 2022 on sn-devel-184
s3:passdb: Add support to handle UPNs in lookup_name()
This address an issue if sssd is running and handling nsswitch. If we look up
a user with getpwnam("DOMAIN\user") it will return user@REALM in the passwd
structure. We need to be able to deal with that.
Building Samba on CentOS 7 with GCC version 4.8.5 results in the
following error:
[2725/3398] Compiling libcli/echo/tests/echo.c
../../lib/smbconf/pysmbconf.c: In function 'py_from_smbconf_service':
../../lib/smbconf/pysmbconf.c:72:2: error: 'for' loop initial
declarations are only allowed in C99 mode
for (uint32_t i = 0; i < svc->num_params; i++) {
^
../../lib/smbconf/pysmbconf.c:72:2: note: use option -std=c99 or
-std=gnu99 to compile your code
../../lib/smbconf/pysmbconf.c: In function 'obj_share_names':
../../lib/smbconf/pysmbconf.c:181:2: error: 'for' loop initial
declarations are only allowed in C99 mode
for (uint32_t i = 0; i < num_shares; i++) {
^
../../lib/smbconf/pysmbconf.c: In function 'obj_get_config':
../../lib/smbconf/pysmbconf.c:267:2: error: 'for' loop initial
declarations are only allowed in C99 mode
for (uint32_t i = 0; i < num_shares; i++) {
^
Therefore declare variables right at the start aligning to default C90
standard available with GCC version on CentOS 7.
Signed-off-by: Anoop C S <anoopcs@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Apr 25 13:23:18 UTC 2022 on sn-devel-184
John Mulligan [Thu, 31 Mar 2022 20:54:49 +0000 (16:54 -0400)]
lib/smbconf: add an initial set of python bindings
The smbconf library provides a generic interface for Samba configuration
backends. In order to access these backends, including the read-write
registry backend, we add a new python binding for smbconf - the general
interface library.
This initial set of bindings covers some basic read-only calls. This
includes function calls for listing shares (config sections) and getting
the parameters of the shares. The `init_txt` construction function must
be used to get a new SMBConf object. This is done so that other
backends, specifically the registry backend from source3 can be used in
the future. Those will provide their own construction funcs.
Signed-off-by: John Mulligan <jmulligan@redhat.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz Reviewed-by: David Mulder <dmulder@suse.com> Reviewed-by: Guenther Deschner <gd@samba.org>
projects / thirdparty / samba.git / log
