libcli/smb: only fallback to the global smb2 signing key if we should sign
We should only sign if we're asked for it. The signing keys are
always generated, so we were always using global signing key
and signed with it when signing was not asked for.
By luck this was the correct signing key for the 1st channel.
But multi channel connections where broken is the server nor the client
require/desire signing. It seems the tests only ever run against
Windows domain controllers, which always require signing.
Note that the following code in smb2cli_req_create() makes
sure that we always sign session binds:
if (cmd == SMB2_OP_SESSSETUP &&
!smb2_signing_key_valid(session->smb2_channel.signing_key) &&
smb2_signing_key_valid(session->smb2->signing_key))
{
/*
* a session bind needs to be signed
*/
state->smb2.should_sign = true;
}
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Jun 11 15:25:56 UTC 2019 on sn-devel-184
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Noel Power [Mon, 27 May 2019 15:47:54 +0000 (15:47 +0000)]
lib/tdb/common: clang: Fix 'Value stored to 'last_ptr' is never read'
Fixes
lib/tdb/common/freelistcheck.c:96:3: warning: Value stored to 'last_ptr' is never read <--[clang]
last_ptr = rec_ptr;
^ ~~~~~~~
Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Gary Lockyer gary@catalyst.net.nz
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Tue Jun 11 13:31:01 UTC 2019 on sn-devel-184
Noel Power [Fri, 24 May 2019 14:08:58 +0000 (14:08 +0000)]
lib/util: clang: Fix dereference of a null pointer warning
Fixes:
lib/util/rbtree.c:170:8: warning: Access to field 'rb_parent_color' results in a dereference of a null pointer (loaded from variable 'other') <--[clang]
We could avoid accessing the NULL pointer but previously the code would
have crashed here. Given this is a rbtree probably better to preserve the
fatal nature of encountering a NULL pointer here while satisfying the static
checker.
Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Gary Lockyer gary@catalyst.net.nz
Noel Power [Fri, 24 May 2019 14:03:37 +0000 (14:03 +0000)]
lib/util: clang: Fix a dereference of a null pointer warning(s)
Fixes:
lib/util/ms_fnmatch.c:75:8: warning: Access to field 'predot' results in a dereference of a null pointer (loaded from variable 'max_n') <--[clang]
if (max_n->predot && max_n->predot <= n) {
^
lib/util/ms_fnmatch.c:91:8: warning: Access to field 'predot' results in a dereference of a null pointer (loaded from variable 'max_n') <--[clang]
if (max_n->predot && max_n->predot <= n) {
Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Gary Lockyer gary@catalyst.net.nz
Noel Power [Fri, 24 May 2019 13:01:30 +0000 (13:01 +0000)]
lib/tevent: clang:
Fixes:
lib/tevent/tevent_wrapper.c:213:6: warning: Access to field 'destroyed' results in a dereference of a null pointer (loaded from variable 'glue') <--[clang]
Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Gary Lockyer gary@catalyst.net.nz
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Tim Beale <timbeale@catalyst.net.nz>
Autobuild-User(master): Tim Beale <timbeale@samba.org>
Autobuild-Date(master): Mon Jun 10 06:13:27 UTC 2019 on sn-devel-184
TestCaseInSubDir should not have been modified in this way, instead
the downgradedatabase test should have removed the files it created
specifically (this is part of the test, it shows the right files were
created).
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Jun 7 21:08:12 UTC 2019 on sn-devel-184
Andrew Bartlett [Thu, 6 Jun 2019 04:04:19 +0000 (06:04 +0200)]
py3: Remove unused PyInt_AsSsize_t macro from py3compat.h
Now that we are no longer developing new py2/py3 compatible code we can remove
any aspects of this header we do not use. This will make the eventual removal
easier.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Jun 6 13:26:05 UTC 2019 on sn-devel-184
Andrew Bartlett [Thu, 6 Jun 2019 04:02:49 +0000 (06:02 +0200)]
py3: Remove unused PyInt_AsUnsignedLongLongMask macro from py3compat.h
Now that we are no longer developing new py2/py3 compatible code we can remove
any aspects of this header we do not use. This will make the eventual removal
easier.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Thu, 6 Jun 2019 04:02:02 +0000 (06:02 +0200)]
py3: Remove unused PyInt_AS_LONG macro from py3compat.h
Now that we are no longer developing new py2/py3 compatible code we can remove
any aspects of this header we do not use. This will make the eventual removal
easier.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Thu, 6 Jun 2019 04:01:16 +0000 (06:01 +0200)]
py3: Remove unused PyInt_FromSize_t macro from py3compat.h
Now that we are no longer developing new py2/py3 compatible code we can remove
any aspects of this header we do not use. This will make the eventual removal
easier.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Thu, 6 Jun 2019 04:00:41 +0000 (06:00 +0200)]
py3: Remove unused PyInt_FromSsize_t macro from py3compat.h
Now that we are no longer developing new py2/py3 compatible code we can remove
any aspects of this header we do not use. This will make the eventual removal
easier.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Thu, 6 Jun 2019 03:59:56 +0000 (05:59 +0200)]
py3: Remove unused PyInt_FromString macro from py3compat.h
Now that we are no longer developing new py2/py3 compatible code we can remove
any aspects of this header we do not use. This will make the eventual removal
easier.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Thu, 6 Jun 2019 03:59:17 +0000 (05:59 +0200)]
py3: Remove unused PyInt_CheckExact macro from py3compat.h
Now that we are no longer developing new py2/py3 compatible code we can remove
any aspects of this header we do not use. This will make the eventual removal
easier.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Thu, 6 Jun 2019 03:57:43 +0000 (05:57 +0200)]
py3: Remove unused PY_DESC_PY3_STRING macro from py3compat.h
Now that we are no longer developing new py2/py3 compatible code we can remove
any aspects of this header we do not use. This will make the eventual removal
easier.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Thu, 6 Jun 2019 03:54:36 +0000 (05:54 +0200)]
py3: Remove unused PyStr_AsUTF8String macro from py3compat.h
Now that we are no longer developing new py2/py3 compatible code we can remove
any aspects of this header we do not use. This will make the eventual removal
easier.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Thu, 6 Jun 2019 03:53:44 +0000 (05:53 +0200)]
py3: Remove unused PyStr_Decode macro from py3compat.h
Now that we are no longer developing new py2/py3 compatible code we can remove
any aspects of this header we do not use. This will make the eventual removal
easier.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Thu, 6 Jun 2019 03:52:54 +0000 (05:52 +0200)]
py3: Remove unused PyStr_InternFromString macro from py3compat.h
Now that we are no longer developing new py2/py3 compatible code we can remove
any aspects of this header we do not use. This will make the eventual removal
easier.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Thu, 6 Jun 2019 03:52:07 +0000 (05:52 +0200)]
py3: Remove unused PyStr_InternInPlace macro from py3compat.h
Now that we are no longer developing new py2/py3 compatible code we can remove
any aspects of this header we do not use. This will make the eventual removal
easier.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Thu, 6 Jun 2019 03:50:49 +0000 (05:50 +0200)]
py3: Remove unused PyStr_Format macro from py3compat.h
Now that we are no longer developing new py2/py3 compatible code we can remove
any aspects of this header we do not use. This will make the eventual removal
easier.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Thu, 6 Jun 2019 03:50:19 +0000 (05:50 +0200)]
py3: Remove unused PyStr_Concat macro from py3compat.h
Now that we are no longer developing new py2/py3 compatible code we can remove
any aspects of this header we do not use. This will make the eventual removal
easier.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Thu, 6 Jun 2019 03:48:07 +0000 (05:48 +0200)]
py3: Remove unused PyStr_CheckExact macro from py3compat.h
Now that we are no longer developing new py2/py3 compatible code we can remove
any aspects of this header we do not use. This will make the eventual removal
easier.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Tue, 4 Jun 2019 22:34:17 +0000 (10:34 +1200)]
tests blackbox ndrdump: Clean up pep8 warnings
Clean up the test code and remove the pep8 warnings
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Jun 6 04:58:18 UTC 2019 on sn-devel-184
Gary Lockyer [Tue, 4 Jun 2019 20:44:09 +0000 (08:44 +1200)]
ndrdump: print public structures
Add a struct option to ndrdump that will allow it to print public
structures.
i.e. binn/ndrdump dns dns_name_packet struct data.file
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Tue, 4 Jun 2019 20:43:33 +0000 (08:43 +1200)]
pidl: Allow ndrdump to print public structures
Generate code to allow ndrdump to operate on public structures.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Ralph Boehme [Mon, 13 May 2019 18:16:47 +0000 (20:16 +0200)]
s3:auth: explicitly add BUILTIN\Guests to the guest token
This changes ensures that smbd always adds BUILTIN\Guests to the guest token
which is required for guest authentication.
Currently the guest token depends on the on-disk configured group mappings. If
there's an existing group mapping for BUILTIN\Guests, but LOCALSAM\Guest is not
a member, the final guest token won't contain BUILTIN\Guests.
For SMB2 the flag SMB2_SESSION_FLAG_IS_GUEST will not be set in the final SMB2
SESSION_SETUP response, because smbd sets it based on the token containing the
BUILTIN\Guests SID S-1-5-32-546.
At the same time, the packet is not signed which causes Windows clients and
smbclient to reject the unsigned SMB2 SESSION_SETUP response.
Pair-programmed-with: Stefan Metzmacher <metze@samba.org> Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Jun 5 16:55:26 UTC 2019 on sn-devel-184
Ralph Boehme [Thu, 16 May 2019 10:47:34 +0000 (12:47 +0200)]
tests: add a test for guest authentication
This verifies that smbd always adds BUILTIN\Guests to the guest token which is
required for guest authentication.
Currently the guest token depends on the on-disk configured group mappings. If
there's an existing group mapping for BUILTIN\Guests, but LOCALSAM\Guest is not
a member, the final guest token won't contain BUILTIN\Guests.
Test had a race condition with other SamLogon events on the domain
server. The tests can now handle multiple SamLogon messages and filter
out the SamLogon messages for other logons.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Martin Schwenke [Wed, 29 May 2019 09:05:49 +0000 (19:05 +1000)]
ctdb-daemon: Attempt to silence CID 1357985 (Unchecked return value)
Yes, the other callers check the return value of ctdb_lockdb_mark().
However, this is called in a void function and ctdb_lockdb_mark() has
already printed any error message. All we can do is explicitly ignore
the return value.
Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Tue, 28 May 2019 00:55:19 +0000 (10:55 +1000)]
ctdb-tools: Fix signed/unsigned comparison by declaring as int
There's no point using unsigned here. tdb_traverse() returns an int
for the number of records traversed and the number of empty records
can't exceed this value.
Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Wed, 22 May 2019 11:52:17 +0000 (21:52 +1000)]
ctdb-tools: Fix signed/unsigned comparisons by declaring as unsigned
These are the simple cases where a variable (usually a loop variable)
needs to be declared as an unsigned type (usually unsigned int or
size_t) instead of an int.
Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Amitay Isaacs <amitay@gmail.com>
net.ipv4.tcp_tw_recycle has been removed from Linux 4.12 but, still,
makes sense to check its existence. Unfortunately, current check does
not test for the procfs file existence. This commit fixes the issue.
Signed-off-by: Rafael David Tinoco <rafaeldtinoco@ubuntu.com> Reviewed-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Jun 4 23:31:24 UTC 2019 on sn-devel-184
projects / thirdparty / samba.git / log
