Günther Deschner [Tue, 16 Feb 2021 15:11:14 +0000 (16:11 +0100)]
s3-dsgetdcname: add dsgetonedcname()
The idea is to run the same DC validation steps as for dsgetdcname()
just omit the query list of DCs via DNS/netbios step but instead
validate a given DC right away.
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
Günther Deschner [Mon, 15 Feb 2021 19:57:56 +0000 (20:57 +0100)]
s3-libnet_join: add support for libnet_DomainOfflineJoin
libnet_DomainOfflineJoin will consume the provided offline domain join
blob and lay out libnet_Join information to properly store join metadata
in the local database.
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
This function maintains an arbitrary mapping of GUID strings to
integers. This is required as only integers can be used as
discriminators for autogenerated ODJ unions.
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
Jeremy Allison [Tue, 13 Jul 2021 00:58:29 +0000 (17:58 -0700)]
s3: VFS: Update status of SMB_VFS_READ_DFS_PATHAT.
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Jul 14 08:58:30 UTC 2021 on sn-devel-184
Jeremy Allison [Tue, 13 Jul 2021 00:56:13 +0000 (17:56 -0700)]
s3: smbd: In dfs_path_lookup(), use relative dirfsp, atname lookups in SMB_VFS_READ_DFS_PATHAT() for the pathname walk fallback.
Note that parent_pathref() must succeed before we call SMB_VFS_READ_DFS_PATHAT().
If parent_pathref() fails, just step back a component without calling
SMB_VFS_READ_DFS_PATHAT().
There are no longer any non-relative uses of SMB_VFS_READ_DFS_PATHAT().
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Tue, 13 Jul 2021 00:53:19 +0000 (17:53 -0700)]
s3: smbd: In dfs_path_lookup(), use relative dirfsp, atname lookups in SMB_VFS_READ_DFS_PATHAT() for the whole path optimization.
Note parent_pathref() must succeed before we can call SMB_VFS_READ_DFS_PATHAT().
Otherwise, just skip the whole path optimization and go onto the path walk code.
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Ralph Boehme [Sat, 3 Jul 2021 13:46:11 +0000 (15:46 +0200)]
vfs_shadow_copy2: ensure we call convert_sbuf() in shadow_copy2_*stat() on already converted paths with absolute path
shadow_copy2_strip_snapshot() will happily return without modifying the passed
timestamp=0 if the path is already converted and refers to an object in a
snapshot, eg (first debug line from extra debugging patch [1]):
As check_for_converted_path() detects an "already converted path",
_shadow_copy2_strip_snapshot_internal() just returns without modifying the value
of the timestamp.
By using shadow_copy2_strip_snapshot_converted() instead of
shadow_copy2_strip_snapshot() we can check if the path is in fact referring to a
VSS object by checking the "converted" bool.
An alternative way would have been directly checking fsp->fsp_name->twrp != 0,
but that would be a new semantic in the module, I'll leave this excersize for
the future when we clean up the usage of shadow_copy2_strip_snapshot() in the
whole module.
This change also switches to using the absolute paths in both place where
convert_sbuf() is called.
shadow_copy2 calculates inode numbers of snapshot files based on the path of the
file. The result of that when doing a path based stat() from filename_convert()
was
Later in the open code called from openat_pathref_fsp() -> fd_openat() ->
non_widelink_open() since 4.14 we call SMB_VFS_FSTAT() where fsp->fsp_name will
be set to the new relative *basename* of the file:
Jeremy Allison [Mon, 28 Jun 2021 20:54:52 +0000 (13:54 -0700)]
s3: smbd: Explicitly code the semantics of "dos filemode" into the chown code.
We actually don't need this to get the right semantics, as the open or the
set_sd() code catches the correct cases and returns ACCESS_DENIED, but it
makes me much happier to see the prerequisites needed expressed in code here
right at the point of use.
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Jul 13 08:11:36 UTC 2021 on sn-devel-184
libcli/smb: let smb2_negotiate_context_parse() only parse the expected number of contexts
Any garbage at the end needs to be ignored.
This fixes the Negotiate_SMB311_ContextID_NetName test from:
https://github.com/microsoft/WindowsProtocolTestSuites/blob/main/TestSuites/FileServer/src/SMB2/TestSuite/Negotiate/Negotiation.cs#L730
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Jul 12 21:25:21 UTC 2021 on sn-devel-184
David Mulder [Wed, 7 Jul 2021 14:00:36 +0000 (08:00 -0600)]
WHATSNEW: samba-tool without ad-dc
Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): David Mulder <dmulder@samba.org>
Autobuild-Date(master): Thu Jul 8 14:43:11 UTC 2021 on sn-devel-184
Andrew Bartlett [Mon, 23 Nov 2020 07:54:29 +0000 (20:54 +1300)]
selftest: Print dns_update_cache path into the logs
This sometimes get stuck in a loop and this may help debug it.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Jul 8 12:44:49 UTC 2021 on sn-devel-184
Samuel Cabrero [Fri, 31 Jul 2020 09:13:27 +0000 (11:13 +0200)]
lib/tsocket: Free subreq as soon as possible
This is not a memory leak as it is freed when the parent req's state is
freed, but will help in low memory situations.
Signed-off-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Jul 8 10:21:25 UTC 2021 on sn-devel-184
Isaac Boukris [Thu, 8 Oct 2020 12:00:44 +0000 (14:00 +0200)]
selftest: Add test for one-way trust wbinfo auth
Signed-off-by: Isaac Boukris <iboukris@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Jul 7 15:01:22 UTC 2021 on sn-devel-184
selftest: fl2000dc: Add outgoing trust from fl2000dc to ad_dc
Pair-Programmed-With: Andreas Schneider <asn@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org> Signed-off-by: Isaac Boukris <iboukris@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Jul 7 05:54:16 UTC 2021 on sn-devel-184
Pavel Březina [Tue, 1 Jun 2021 11:57:45 +0000 (13:57 +0200)]
tevent: add custom tag to events
Adds a new API to set and get an uint64_t tag on fd, timer, signal and
immediate events. This can be used to assign a unique and known id to
the event to allow easy tracking of such event.
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Pavel Březina <pbrezina@redhat.com> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
We want to be really clear which credentials cache we use.
The kerberos_kinit() shell function uses this internally.
-c is the common option between MIT and Heimdal, and is
equivilant to --cache
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Jul 5 23:51:43 UTC 2021 on sn-devel-184
Douglas Bagnall [Wed, 5 May 2021 14:55:47 +0000 (14:55 +0000)]
printing: avoid crash in LPRng_time
If the string is too shhort we don't want to atoi() whatever is beyond
the end of it.
Found using Honggfuzz and the fuzz_parse_lpq_entry fuzzer.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Jul 5 05:07:13 UTC 2021 on sn-devel-184
Douglas Bagnall [Sun, 20 Jun 2021 02:52:48 +0000 (14:52 +1200)]
samba-tool: dns update rejects malformed addresses
Because neither filling out the struct will not necessarily tell you
you got it wrong, and the RPC could succeed in setting an arbitrary
wrong address (typically, an IPv6 address would set an A record to
"255.255.255.255").
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Mon, 29 Mar 2021 00:03:45 +0000 (13:03 +1300)]
ldb-samba: dns tombstone matching: constrict value length
We know the only values we want to see are uint32, ie < ~4 billion
(and real values will be 7 digits for hundreds of years).
We also know the caller (we have just checked) is a trusted system
session which won't be padding the thing with spaces. But if they do,
let's call them out.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>