]> git.ipfire.org Git - thirdparty/samba.git/log
thirdparty/samba.git
4 years agotests/krb5: Add check_reply() method to check for AS or TGS reply
Joseph Sutton [Mon, 26 Jul 2021 05:19:04 +0000 (17:19 +1200)] 
tests/krb5: Add check_reply() method to check for AS or TGS reply

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
4 years agotests/krb5: Add method to calculate account salt
Joseph Sutton [Thu, 22 Jul 2021 04:22:09 +0000 (16:22 +1200)] 
tests/krb5: Add method to calculate account salt

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
4 years agotests/krb5: Add more methods for obtaining machine and service credentials
Joseph Sutton [Mon, 5 Jul 2021 22:19:57 +0000 (10:19 +1200)] 
tests/krb5: Add more methods for obtaining machine and service credentials

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
4 years agotests/krb5: Allow specifying additional details when creating an account
Joseph Sutton [Mon, 5 Jul 2021 23:25:55 +0000 (11:25 +1200)] 
tests/krb5: Allow specifying additional details when creating an account

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
4 years agotests/krb5: Use encryption with admin credentials
Joseph Sutton [Tue, 3 Aug 2021 03:58:19 +0000 (15:58 +1200)] 
tests/krb5: Use encryption with admin credentials

This ensures that account creation using admin credentials succeeds.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
4 years agotests/krb5: Add get_EpochFromKerberosTime()
Joseph Sutton [Thu, 22 Jul 2021 04:27:17 +0000 (16:27 +1200)] 
tests/krb5: Add get_EpochFromKerberosTime()

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
4 years agotests/krb5: Make _test_as_exchange() return value more consistent
Joseph Sutton [Tue, 27 Jul 2021 02:27:47 +0000 (14:27 +1200)] 
tests/krb5: Make _test_as_exchange() return value more consistent

Always return the reply and the kdc_exchange_dict so that the caller has
more potentially useful information.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
4 years agotests/krb5: Add method to return dict containing padata elements
Joseph Sutton [Tue, 6 Jul 2021 00:51:54 +0000 (12:51 +1200)] 
tests/krb5: Add method to return dict containing padata elements

This makes checking multiple padata elements easier.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
4 years agotests/krb5: Add get_enc_timestamp_pa_data_from_key()
Joseph Sutton [Mon, 26 Jul 2021 05:18:38 +0000 (17:18 +1200)] 
tests/krb5: Add get_enc_timestamp_pa_data_from_key()

This makes it easier to create encrypted timestamp padata when the key
has already been obtained.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
4 years agotests/krb5: Refactor get_pa_data()
Joseph Sutton [Mon, 5 Jul 2021 22:16:01 +0000 (10:16 +1200)] 
tests/krb5: Refactor get_pa_data()

The function now returns a single padata object rather than a list,
making it easier to combine multiple padata elements into a request. The
new name 'get_enc_timestamp_pa_data' also makes it clearer as to what
the method generates.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
4 years agotests/krb5: Allow cf2 to automatically use the enctype of the first key
Joseph Sutton [Mon, 5 Jul 2021 22:24:52 +0000 (10:24 +1200)] 
tests/krb5: Allow cf2 to automatically use the enctype of the first key

RFC6113 states: "Unless otherwise specified, the resulting enctype of
KRB-FX-CF2 is the enctype of k1." This change means the enctype no
longer has to be specified manually.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
4 years agotests/krb5: Use credentials kvno when creating password key
Joseph Sutton [Mon, 5 Jul 2021 23:28:37 +0000 (11:28 +1200)] 
tests/krb5: Use credentials kvno when creating password key

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
4 years agotests/krb5: Check Kerberos protocol version number
Joseph Sutton [Tue, 27 Jul 2021 03:07:59 +0000 (15:07 +1200)] 
tests/krb5: Check Kerberos protocol version number

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
4 years agotests/krb5: Expect e-data except when the error code is KDC_ERR_GENERIC
Joseph Sutton [Wed, 28 Jul 2021 05:00:09 +0000 (17:00 +1200)] 
tests/krb5: Expect e-data except when the error code is KDC_ERR_GENERIC

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
4 years agotests/krb5: Fix encpart_decryption_key with MIT KDC
Joseph Sutton [Tue, 27 Jul 2021 02:06:29 +0000 (14:06 +1200)] 
tests/krb5: Fix encpart_decryption_key with MIT KDC

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
4 years agotests/krb5: Fix callback_dict parameter
Joseph Sutton [Mon, 26 Jul 2021 23:12:34 +0000 (11:12 +1200)] 
tests/krb5: Fix callback_dict parameter

Items contained in a default-created callback_dict should not be carried
over between unrelated calls to {as,tgs}_as_exchange_dict().

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
4 years agotests/krb5: Fix including enc-authorization-data
Joseph Sutton [Mon, 26 Jul 2021 05:14:08 +0000 (17:14 +1200)] 
tests/krb5: Fix including enc-authorization-data

Remove the EncAuthorizationData parameters from AS_REQ_create(), since
it should only be present in the TGS-REQ form. Also, fix a call to
EncryptedData_create() to supply the key usage when creating
enc-authorization-data.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
4 years agotests/krb5: Remove magic constants
Joseph Sutton [Tue, 27 Jul 2021 01:49:27 +0000 (13:49 +1200)] 
tests/krb5: Remove magic constants

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
4 years agotests/krb5: Simplify Python syntax
Joseph Sutton [Tue, 3 Aug 2021 03:03:00 +0000 (15:03 +1200)] 
tests/krb5: Simplify Python syntax

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
4 years agotests/krb5: Use more compact dict lookup
Joseph Sutton [Mon, 2 Aug 2021 05:10:32 +0000 (17:10 +1200)] 
tests/krb5: Use more compact dict lookup

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
4 years agotests/krb5: Remove unneeded statements
Joseph Sutton [Mon, 2 Aug 2021 05:01:39 +0000 (17:01 +1200)] 
tests/krb5: Remove unneeded statements

A return statement is redundant as the last statement in a method, as
methods will otherwise return None. Also, code blocks consisting of a
single 'pass' statement can be safely omitted.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
4 years agotests/krb5: formatting
Joseph Sutton [Mon, 2 Aug 2021 05:00:09 +0000 (17:00 +1200)] 
tests/krb5: formatting

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
4 years agotests/krb5: Fix method name typo
Joseph Sutton [Mon, 5 Jul 2021 22:17:52 +0000 (10:17 +1200)] 
tests/krb5: Fix method name typo

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
4 years agotests/krb5: Fix comment typo
Joseph Sutton [Thu, 22 Jul 2021 04:26:17 +0000 (16:26 +1200)] 
tests/krb5: Fix comment typo

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
4 years agotests/krb5: Fix ms_kile_client_principal_lookup_test errors
Joseph Sutton [Mon, 26 Jul 2021 05:15:23 +0000 (17:15 +1200)] 
tests/krb5: Fix ms_kile_client_principal_lookup_test errors

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
4 years agopygensec: Don't modify Python bytes objects
Joseph Sutton [Mon, 19 Jul 2021 22:48:41 +0000 (10:48 +1200)] 
pygensec: Don't modify Python bytes objects

gensec_update() and gensec_unwrap() can both modify their input buffers
(for example, during the inplace RRC operation on GSSAPI tokens).
However, buffers obtained from Python bytes objects must not be modified
in any way. Create a copy of the input buffer so the original isn't
modified.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
4 years agopygensec: Fix memory leaks
Joseph Sutton [Mon, 19 Jul 2021 05:29:39 +0000 (17:29 +1200)] 
pygensec: Fix memory leaks

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
4 years agoregistry: check for running as root in clustering mode
Ralph Boehme [Sat, 7 Aug 2021 10:52:28 +0000 (10:52 +0000)] 
registry: check for running as root in clustering mode

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14787
RN:  net conf list crashes when run as normal user

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Aug 17 11:23:15 UTC 2021 on sn-devel-184

4 years agos3/lib/dbwrap: check if global_messaging_context() succeeded
Ralph Boehme [Sat, 7 Aug 2021 10:51:38 +0000 (10:51 +0000)] 
s3/lib/dbwrap: check if global_messaging_context() succeeded

The subsequent messaging_ctdb_connection() will fail an assert if messaging is
not up and running, maybe it's a bit better to add a check if
global_messaging_context() actually succeeded.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14787

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
4 years agotestsuite: Fix build with gcc >= 11.1.1
Andreas Schneider [Mon, 16 Aug 2021 10:42:47 +0000 (12:42 +0200)] 
testsuite: Fix build with gcc >= 11.1.1

Pair-Programmed-With: Jeremy Allison <jra@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Aug 16 17:20:37 UTC 2021 on sn-devel-184

4 years agolib:replace: Remove trailing spaces from testsuite.c
Andreas Schneider [Mon, 16 Aug 2021 10:39:31 +0000 (12:39 +0200)] 
lib:replace: Remove trailing spaces from testsuite.c

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 years agogpo: Print getcert message to debug
David Mulder [Fri, 23 Jul 2021 15:28:21 +0000 (09:28 -0600)] 
gpo: Print getcert message to debug

Otherwise re-running gpupdate to enforce policy
displays 'already exists' messages, which
confusingly appear to be a failure, but are
actually intentional behavior.

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Aug 13 20:06:31 UTC 2021 on sn-devel-184

4 years agogpo: Decode the bytes for cepces-submit failure
David Mulder [Thu, 22 Jul 2021 16:37:41 +0000 (10:37 -0600)] 
gpo: Decode the bytes for cepces-submit failure

When displaying the error from cepces-submit,
make sure to decode the bytes (otherwise it is
hard to read). Also print the error to debug
instead of warn (it may dump a traceback).

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 years agogpo: Ignore symlink failure on sscep renew
David Mulder [Thu, 22 Jul 2021 16:16:42 +0000 (10:16 -0600)] 
gpo: Ignore symlink failure on sscep renew

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 years agogpo: Apply Group Policy User Scripts
David Mulder [Tue, 20 Jul 2021 17:14:28 +0000 (11:14 -0600)] 
gpo: Apply Group Policy User Scripts

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 years agogpo: Test Group Policy User Scripts
David Mulder [Tue, 20 Jul 2021 17:13:21 +0000 (11:13 -0600)] 
gpo: Test Group Policy User Scripts

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 years agogpo: Enable Scripts ADMX for User Policy
David Mulder [Tue, 20 Jul 2021 19:48:42 +0000 (13:48 -0600)] 
gpo: Enable Scripts ADMX for User Policy

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 years agogpo: Enable user policy application
David Mulder [Tue, 20 Jul 2021 15:13:06 +0000 (09:13 -0600)] 
gpo: Enable user policy application

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 years agolibreplace: remove now unused USE_COPY_FILE_RANGE define
Ralph Boehme [Thu, 12 Aug 2021 16:31:40 +0000 (18:31 +0200)] 
libreplace: remove now unused USE_COPY_FILE_RANGE define

The only user was removed in the previous commit. We still need the preceeding
checks however, based on that replace.c provides a copy_file_range() fallback.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14795
RN: copy_file_range() may fail with EOPNOTSUPP

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Aug 13 11:45:17 UTC 2021 on sn-devel-184

4 years agovfs_default: detect EOPNOTSUPP and ENOSYS errors from copy_file_range()
Ralph Boehme [Thu, 12 Aug 2021 16:23:21 +0000 (18:23 +0200)] 
vfs_default: detect EOPNOTSUPP and ENOSYS errors from copy_file_range()

When building in a RHEL 7 container on a RHEL 8 host, the current configure
check will detect a working SYS_copy_file_range() syscall.

Later when the resulting smbd binary is run in a RHEL 7 container on a RHEL
7 (vs 8 on the build host) host, SYS_copy_file_range() will fail with
EOPNOTSUPP.

Since the kernel support for copy_file_range() included a fallback in case
filesystems didn't implement it, the caching of copy_file_range() support can be
made a global via the static try_copy_file_range bool, there's no need to deal
with per-fileystem behaviour differences. For the curious: SYS_copy_file_range()
appeared in Linux 4.5, fallback code being vfs_copy_file_range() ->
do_splice_direct().

On current kernels the fallback function is generic_copy_file_range() (which
still calls do_splice_direct()) called from the filesystem backends directly or
from vfs_copy_file_range() -> do_copy_file_range().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14795

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
4 years agos3:winbindd: Pass the right variable to the debug message
Andreas Schneider [Wed, 11 Aug 2021 12:58:39 +0000 (14:58 +0200)] 
s3:winbindd: Pass the right variable to the debug message

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14779

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Aug 12 20:08:25 UTC 2021 on sn-devel-184

4 years agos3:winbind: Do not start if the priviliged socket path is too long
Andreas Schneider [Wed, 11 Aug 2021 10:07:57 +0000 (12:07 +0200)] 
s3:winbind: Do not start if the priviliged socket path is too long

https://bugzilla.samba.org/show_bug.cgi?id=14792

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 years agowscript: fix installing pre-commit with 'git worktree'
Stefan Metzmacher [Wed, 11 Aug 2021 11:26:41 +0000 (13:26 +0200)] 
wscript: fix installing pre-commit with 'git worktree'

.git is not always a directory, with 'git worktree' it's a file.

'git rev-parse --git-path hooks' is the generic way to find the
patch for the githooks.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Aug 12 08:56:13 UTC 2021 on sn-devel-184

4 years agoscript/bisect-test.py: add support git worktree
Stefan Metzmacher [Wed, 11 Aug 2021 11:26:41 +0000 (13:26 +0200)] 
script/bisect-test.py: add support git worktree

.git is not always a directory, with 'git worktree' it's a file.

Note we could also use 'git rev-parse --show-toplevel', but that's
a patch for another day.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
4 years agowafsamba: add support git worktree to vcs_dir_contents()
Stefan Metzmacher [Wed, 11 Aug 2021 11:26:41 +0000 (13:26 +0200)] 
wafsamba: add support git worktree to vcs_dir_contents()

.git is not always a directory, with 'git worktree' it's a file.

Note we could also use 'git rev-parse --show-toplevel', but that's
a patch for another day.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
4 years agos3:libsmb: close the temporary IPC$ connection in cli_full_connection()
Stefan Metzmacher [Wed, 11 Aug 2021 13:30:12 +0000 (15:30 +0200)] 
s3:libsmb: close the temporary IPC$ connection in cli_full_connection()

We don't need the temporary IPC$ connection used for the
SMB1 UNIX CIFS extensions encryption setup anymore,
so we can also let the server close it.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14793

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Aug 11 23:03:11 UTC 2021 on sn-devel-184

4 years agos3:libsmb: start encryption as soon as possible after the session setup
Stefan Metzmacher [Wed, 11 Aug 2021 12:33:24 +0000 (14:33 +0200)] 
s3:libsmb: start encryption as soon as possible after the session setup

For the SMB1 UNIX CIFS extensions we create a temporary IPC$ tcon,
if there's no tcon yet.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14793

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 years agos3: smbd: For FSCTL calls that go async, add the outstanding tevent_reqs to the aio...
Jeremy Allison [Sat, 7 Aug 2021 06:33:06 +0000 (23:33 -0700)] 
s3: smbd: For FSCTL calls that go async, add the outstanding tevent_reqs to the aio list on the file handle.

Remove knownfails.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14769
RN: smbd panic on force-close share during offload write

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Aug 11 20:02:57 UTC 2021 on sn-devel-184

4 years agos4: torture: Add test for smb2.ioctl.bug14769.
Jeremy Allison [Fri, 6 Aug 2021 17:54:31 +0000 (10:54 -0700)] 
s4: torture: Add test for smb2.ioctl.bug14769.

Add knownfails.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14769

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
4 years agos3: smbd: Call smbd_fsctl_torture_async_sleep() when we get FSCTL_SMBTORTURE_FSP_ASYN...
Jeremy Allison [Thu, 5 Aug 2021 23:07:09 +0000 (16:07 -0700)] 
s3: smbd: Call smbd_fsctl_torture_async_sleep() when we get FSCTL_SMBTORTURE_FSP_ASYNC_SLEEP.

Now all we need is the client-side test.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14769

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
4 years agos3: smbd: Add smbd_fsctl_torture_async_sleep() server-side code.
Jeremy Allison [Thu, 5 Aug 2021 23:04:38 +0000 (16:04 -0700)] 
s3: smbd: Add smbd_fsctl_torture_async_sleep() server-side code.

Commented out as not yet called.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14769

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
4 years agos3: libcli: Add FSCTL_SMBTORTURE_FSP_ASYNC_SLEEP.
Jeremy Allison [Thu, 5 Aug 2021 18:01:44 +0000 (11:01 -0700)] 
s3: libcli: Add FSCTL_SMBTORTURE_FSP_ASYNC_SLEEP.

Prepare for async FSCTL tests on an fsp.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14769

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
4 years agos3: smbd: Split out smb2_ioctl_smbtorture() into a separate file.
Jeremy Allison [Thu, 5 Aug 2021 20:14:16 +0000 (13:14 -0700)] 
s3: smbd: Split out smb2_ioctl_smbtorture() into a separate file.

We will be adding async supporting code to this, and we don't want to
clutter up smb2_ioctl.c.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14769

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
4 years agolibreplace: properly execute SYS_copy_file_range check
Ralph Boehme [Sat, 7 Aug 2021 15:18:25 +0000 (17:18 +0200)] 
libreplace: properly execute SYS_copy_file_range check

It seems some systems (like Centos 7) have the SYS_copy_file_range define but
fail the syscall when actually being called. The current configure check is only
compiled, not run so erroneously reports a working SYS_copy_file_range.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14786
RN: Insufficient libreplace check for SYS_copy_file_range check

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Aug 10 19:37:14 UTC 2021 on sn-devel-184

4 years agolibreplace: properly give headers to conf.CHECK_CODE when checking for copy_file_rang...
Ralph Boehme [Sat, 7 Aug 2021 15:18:08 +0000 (17:18 +0200)] 
libreplace: properly give headers to conf.CHECK_CODE when checking for copy_file_range_syscall

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14786

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 years agos3/rpc_server: track the number of policy handles with a talloc destructor
Ralph Boehme [Mon, 9 Aug 2021 13:12:31 +0000 (15:12 +0200)] 
s3/rpc_server: track the number of policy handles with a talloc destructor

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14783
RN: smbd "deadtime" parameter doesn't work anymore

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Aug 10 18:41:43 UTC 2021 on sn-devel-184

4 years agoselftest: add a test for the "deadtime" parameter
Ralph Boehme [Mon, 9 Aug 2021 10:31:07 +0000 (12:31 +0200)] 
selftest: add a test for the "deadtime" parameter

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14783

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 years agosmbd: Simplify mark_share_mode_disconnected()
Volker Lendecke [Wed, 16 Dec 2020 17:35:50 +0000 (18:35 +0100)] 
smbd: Simplify mark_share_mode_disconnected()

We can use reset_share_mode_entry() for this purpose. 32 lines less
code.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Aug  6 18:09:06 UTC 2021 on sn-devel-184

4 years agosmbd: Fix fetch_share_mode_send() error return
Volker Lendecke [Fri, 18 Dec 2020 12:04:47 +0000 (13:04 +0100)] 
smbd: Fix fetch_share_mode_send() error return

The "return" is unnecessary here, but in case the code changes later
on, it won't be forgotten. Also, we need to tell the callers that we
found an invalid record.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 years agonet: Use dbwrap_do_locked() in wipedbs_delete_records()
Volker Lendecke [Fri, 18 Dec 2020 13:57:08 +0000 (14:57 +0100)] 
net: Use dbwrap_do_locked() in wipedbs_delete_records()

Eventually I'd like to get rid of dbwrap_fetch_locked()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 years agolibsmbclient: Avoid a call to SMBC_errno() in SMBC_notify_ctx()
Volker Lendecke [Tue, 15 Dec 2020 16:15:21 +0000 (17:15 +0100)] 
libsmbclient: Avoid a call to SMBC_errno() in SMBC_notify_ctx()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 years agolibsmbclient: Avoid a call to SMBC_errno() in SMBC_attr_server()
Volker Lendecke [Tue, 15 Dec 2020 16:15:21 +0000 (17:15 +0100)] 
libsmbclient: Avoid a call to SMBC_errno() in SMBC_attr_server()

I think this also fixes the errno return, cli_shutdown() can do a lot and set
errno in between.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 years agolibsmbclient: Avoid a call to SMBC_errno() in SMBC_splice_ctx()
Volker Lendecke [Tue, 15 Dec 2020 16:15:21 +0000 (17:15 +0100)] 
libsmbclient: Avoid a call to SMBC_errno() in SMBC_splice_ctx()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 years agolibsmbclient: Avoid a call to SMBC_errno() in SMBC_read_ctx()
Volker Lendecke [Tue, 15 Dec 2020 16:15:21 +0000 (17:15 +0100)] 
libsmbclient: Avoid a call to SMBC_errno() in SMBC_read_ctx()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 years agolibsmbclient: Avoid a call to SMBC_errno() in SMBC_open_ctx()
Volker Lendecke [Tue, 15 Dec 2020 16:15:21 +0000 (17:15 +0100)] 
libsmbclient: Avoid a call to SMBC_errno() in SMBC_open_ctx()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 years agolibsmbclient: Avoid a call to SMBC_errno() in SMBC_chmod_ctx()
Volker Lendecke [Tue, 15 Dec 2020 16:15:21 +0000 (17:15 +0100)] 
libsmbclient: Avoid a call to SMBC_errno() in SMBC_chmod_ctx()

Directly use the return value from cli_setatr(), don't go via the cli_state
struct member

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 years agolib: Use TALLOC_FREE() in data_blob_free()
Volker Lendecke [Tue, 3 Aug 2021 07:09:05 +0000 (09:09 +0200)] 
lib: Use TALLOC_FREE() in data_blob_free()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 years agorpc_client: Avoid two casts with proper printf specifiers
Volker Lendecke [Tue, 3 Aug 2021 06:46:11 +0000 (08:46 +0200)] 
rpc_client: Avoid two casts with proper printf specifiers

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 years agorpc_client: Save 65 .text bytes with -Os
Volker Lendecke [Tue, 3 Aug 2021 06:43:57 +0000 (08:43 +0200)] 
rpc_client: Save 65 .text bytes with -Os

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 years agorpc_client: Simplify create_rpc_bind_req()
Volker Lendecke [Tue, 3 Aug 2021 06:40:59 +0000 (08:40 +0200)] 
rpc_client: Simplify create_rpc_bind_req()

In former times this switch statement had more than one branch

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 years agorpc_client: Replace ZERO_STRUCTP with struct assignment
Volker Lendecke [Thu, 29 Jul 2021 08:13:37 +0000 (10:13 +0200)] 
rpc_client: Replace ZERO_STRUCTP with struct assignment

Give the compiler simpler hints

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 years agorpc_client: Simplify rpc_pipe_bind_step_one_done()
Volker Lendecke [Thu, 29 Jul 2021 06:55:45 +0000 (08:55 +0200)] 
rpc_client: Simplify rpc_pipe_bind_step_one_done()

With just one case handled specially in a switch statement and the
rest being default:, a simple if-statement can reduce indentation.

Best viewed with "git show -b".

I wonder if the second "if (pauth->auth_type == DCERPC_AUTH_TYPE_NONE)"
leads to reachable code, this should have been taken care of already
further up. But for now I did the 1:1 translation of existing code.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 years agolibnetapi: Save lines with any_nt_status_not_ok()
Volker Lendecke [Sun, 25 Jul 2021 08:26:30 +0000 (10:26 +0200)] 
libnetapi: Save lines with any_nt_status_not_ok()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 years agonet: Align some integer types
Volker Lendecke [Sun, 25 Jul 2021 08:22:37 +0000 (10:22 +0200)] 
net: Align some integer types

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 years agonet3: Simplify name_to_sid(): dom_sid_parse checks for "S-" prefix
Volker Lendecke [Sun, 25 Jul 2021 07:51:10 +0000 (09:51 +0200)] 
net3: Simplify name_to_sid(): dom_sid_parse checks for "S-" prefix

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 years agonet3: Save a few lines with any_nt_status_not_ok()
Volker Lendecke [Sun, 25 Jul 2021 07:46:34 +0000 (09:46 +0200)] 
net3: Save a few lines with any_nt_status_not_ok()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 years agosamdb: Fix an uninitialized variable read
Volker Lendecke [Fri, 23 Jul 2021 06:47:47 +0000 (08:47 +0200)] 
samdb: Fix an uninitialized variable read

When the "(status == LDB_SUCCESS && msg != NULL)" condition in this
routine is not evaluating to true, "new_rid" is read uninitialized,
comparing it against ~0. Initialize new_rid and compare it against
UINT32_MAX instead of ~0.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 years agolib;smbd: Fix the -Os build by initializing variables
Volker Lendecke [Fri, 23 Jul 2021 06:46:51 +0000 (08:46 +0200)] 
lib;smbd: Fix the -Os build by initializing variables

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 years agolib: Fix a potential error path memleak
Volker Lendecke [Fri, 23 Jul 2021 06:27:37 +0000 (08:27 +0200)] 
lib: Fix a potential error path memleak

Don't directly overwrite the pointer for a realloc. On failure, the
original pointer is still valid.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 years agorpcclient: Align integer types
Volker Lendecke [Wed, 21 Jul 2021 06:28:20 +0000 (08:28 +0200)] 
rpcclient: Align integer types

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 years agos3: VFS: solarisacl: Fix compile error (missed variable rename).
David Gajewski [Mon, 2 Aug 2021 21:38:41 +0000 (14:38 -0700)] 
s3: VFS: solarisacl: Fix compile error (missed variable rename).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14773

Signed-off-by: David Gajewski <dgajews@math.utoledo.edu>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Aug  6 17:19:57 UTC 2021 on sn-devel-184

4 years agoktutil: Print the numeric enctype if krb5_enctype_to_string() fails
Andrew Bartlett [Sun, 1 Aug 2021 23:21:51 +0000 (11:21 +1200)] 
ktutil: Print the numeric enctype if krb5_enctype_to_string() fails

Sadly krb5_enctype_to_string() fails when des-cbc-crc encyrption
type is removed, leaving a failure the operate rather than
falling back to anything useful.

So fall back to printing 3 in the absense of anything more
useful.  A future fix could be to hard-code this mapping
in the smb_krb5_enctype_to_string() wrapper.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Aug  6 05:53:44 UTC 2021 on sn-devel-184

4 years agodocs: Add vfs_expand_msdfs manpage
Volker Lendecke [Thu, 5 Aug 2021 10:58:52 +0000 (12:58 +0200)] 
docs: Add vfs_expand_msdfs manpage

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12707

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Aug  5 18:09:11 UTC 2021 on sn-devel-184

4 years agomit-samba: Only set the function opening bracket once
Andreas Schneider [Thu, 15 Jul 2021 06:48:37 +0000 (08:48 +0200)] 
mit-samba: Only set the function opening bracket once

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Aug  5 10:33:18 UTC 2021 on sn-devel-184

4 years agomit-samba: Use talloc_get_type_abort() instead of casting
Andreas Schneider [Mon, 12 Jul 2021 11:05:59 +0000 (13:05 +0200)] 
mit-samba: Use talloc_get_type_abort() instead of casting

This is safer to use and fixes compiler warnings.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
4 years agomit-samba: Send the logging to the kdc log facility
Andreas Schneider [Mon, 11 Jun 2018 14:15:10 +0000 (16:15 +0200)] 
mit-samba: Send the logging to the kdc log facility

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
4 years agomit-samba: Define debug class for kdb module
Andreas Schneider [Wed, 14 Jul 2021 10:49:11 +0000 (12:49 +0200)] 
mit-samba: Define debug class for kdb module

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
4 years agos3: VFS: ceph. Fix enumerating directories. dirfsp->fh->fd != AT_FDCWD in this case.
Jeremy Allison [Sat, 17 Jul 2021 01:53:24 +0000 (18:53 -0700)] 
s3: VFS: ceph. Fix enumerating directories. dirfsp->fh->fd != AT_FDCWD in this case.

Same as the fix for glusterfs.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14766

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Aug  5 06:15:14 UTC 2021 on sn-devel-184

4 years agogitlab: Use shorter names for Samba AD DC env with MIT KRB5
Andreas Schneider [Tue, 3 Aug 2021 11:20:40 +0000 (13:20 +0200)] 
gitlab: Use shorter names for Samba AD DC env with MIT KRB5

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14779

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Aug  3 20:35:49 UTC 2021 on sn-devel-184

4 years agos3:winbindd: Add a check for the path length of 'winbindd socket directory'
Andreas Schneider [Tue, 3 Aug 2021 09:04:37 +0000 (11:04 +0200)] 
s3:winbindd: Add a check for the path length of 'winbindd socket directory'

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14779

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
4 years agoconfigure: Do not put arguments into double quotes
Andreas Schneider [Mon, 2 Aug 2021 15:43:01 +0000 (17:43 +0200)] 
configure: Do not put arguments into double quotes

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14777

This could create an issue that arguments don't get split by python and then the
following could happen:

    ./configure --libdir=/usr/lib64 --enable-clangdb

    LIBDIR='/usr/lib64 --enable-clangdb'

This ends then up in parameters.all.xml:

    <!ENTITY pathconfig.LIBDIR   '/usr/lib64 --enable-clangdb'>

The python parser then errors out:

    xml.etree.ElementTree.ParseError: not well-formed (invalid token)

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Aug  3 18:36:37 UTC 2021 on sn-devel-184

4 years agowinbindd_pam: add NT4 DC handling into winbind_samlogon_retry_loop()
Stefan Metzmacher [Mon, 2 Aug 2021 12:17:47 +0000 (14:17 +0200)] 
winbindd_pam: add NT4 DC handling into winbind_samlogon_retry_loop()

Handle the case where a NT4 DC does not fill in the acct_flags in
the samlogon reply info3. Yes, in 2021, there are still admins
arround with real NT4 DCs.

NT4 DCs reject authentication with workstation accounts with
NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT, even if
MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT is specified.

We no longer call dcerpc_samr_QueryUserInfo(level=16)
to get the acct_flags, as we only ever got
ACB_NORMAL back (maybe with ACB_PWNOEXP in addition),
which is easy to calculate on our own.
This was removed in commit (for 4.15.0rc1):

  commit 73528f26eea24033a7093e5591b8f89ad2b8644e
  Author:     Ralph Boehme <slow@samba.org>
  AuthorDate: Mon Jan 11 14:59:46 2021 +0100
  Commit:     Jeremy Allison <jra@samba.org>
  CommitDate: Thu Jan 21 22:56:20 2021 +0000

      winbind: remove legacy flags fallback

      Some very old NT4 DCs might have not returned the account flags filled in. This
      shouldn't be a problem anymore. Additionally, on a typical domain member server,
      this request is (and can only be) send to the primary domain, so this will not
      work with accounts from trusted domains.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
      Autobuild-User(master): Jeremy Allison <jra@samba.org>
      Autobuild-Date(master): Thu Jan 21 22:56:20 UTC 2021 on sn-devel-184

It means one more caller of the problematic cm_connect_sam()
function is removed! SAMR connections may not be allowed for
machine accounts with modern AD DCs.

For network logons NT4 DCs also skip the
account_name, so we have to fallback to the
one given by the client. We have code to cope
with that deeply hidden inside of netsamlogon_cache_store().

Up to Samba 4.7 netsamlogon_cache_store() operated on the
info3 structure that was passed to the caller of winbind_dual_SamLogon()
and pass propagated up to auth_winbind in smbd.

But for Samba 4.8 the following commit:

  commit f153c95176b7759e10996b24b66d9917945372ed
  Author: Ralph Boehme <slow@samba.org>
  Date:   Mon Dec 11 16:25:35 2017 +0100

      winbindd: let winbind_dual_SamLogon return validation

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
actually changed the situation and only a temporary info3 structure
was passed into netsamlogon_cache_store(), which means
account_name was NULL and get propagated as "" into auth_winbind
in smbd, where getpwnam() is no longer possible and every
smb access gets NT_STATUS_LOGON_FAILURE.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14772

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Aug  3 11:10:27 UTC 2021 on sn-devel-184

4 years agos4:torture: Add rpc netlogon fips test
Andreas Schneider [Mon, 26 Jul 2021 08:18:05 +0000 (10:18 +0200)] 
s4:torture: Add rpc netlogon fips test

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Aug  3 10:18:26 UTC 2021 on sn-devel-184

4 years agos4:torture: Remove trailing whitespaces in rpc.c
Andreas Schneider [Mon, 26 Jul 2021 08:17:38 +0000 (10:17 +0200)] 
s4:torture: Remove trailing whitespaces in rpc.c

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
4 years agos4:selftest: Pass environ to plansmbtorture4testsuite()
Andreas Schneider [Wed, 28 Jul 2021 09:57:02 +0000 (11:57 +0200)] 
s4:selftest: Pass environ to plansmbtorture4testsuite()

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
4 years agoselftest: Fix setting environ for plansmbtorture4testsuite()
Andreas Schneider [Wed, 28 Jul 2021 09:56:12 +0000 (11:56 +0200)] 
selftest: Fix setting environ for plansmbtorture4testsuite()

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
4 years agonetlogon:schannel: If weak crypto is disabled, do not announce RC4 support.
Andreas Schneider [Thu, 3 Sep 2020 13:58:56 +0000 (15:58 +0200)] 
netlogon:schannel: If weak crypto is disabled, do not announce RC4 support.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
4 years agos4:libnet: Allow libnet_SetPassword() for encrypted SMB connections
Andreas Schneider [Mon, 26 Jul 2021 08:13:52 +0000 (10:13 +0200)] 
s4:libnet: Allow libnet_SetPassword() for encrypted SMB connections

This is needed for smbtorture to join a domain in FIPS mode.

FYI: The correct way would be to join using LDAP as the s3 code is doing it. But
this requires a bigger rewrite.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
4 years agos4:libnet: Remove trailing whitespaces
Andreas Schneider [Mon, 26 Jul 2021 08:12:56 +0000 (10:12 +0200)] 
s4:libnet: Remove trailing whitespaces

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
4 years agos4:rpc_server: Allow to set user password in FIPS mode
Andreas Schneider [Mon, 26 Jul 2021 08:02:13 +0000 (10:02 +0200)] 
s4:rpc_server: Allow to set user password in FIPS mode

Only in case we have an SMB encrypted connection ...

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>