Volker Lendecke [Wed, 4 Nov 2020 11:53:03 +0000 (12:53 +0100)]
smbd: Move setting d->modified=true to reset_share_mode_entry()
This function is only called from
vfs_default_durable_reconnect(). It is really the lower-level routine
that triggers the write of the locking.tdb record.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 30 Oct 2020 10:04:21 +0000 (11:04 +0100)]
lib: Fix a theoretical out-of-bounds write
This routine looked fishy: We do cap_vals[num_cap_vals++] = XXX based
on #ifdefs and capabilities. Then later on we did a check that we did
not overwrite the stack. The change I did is to just count the number
of num_cap_vals++, right now it's 5. I know it is in different switch
branches, but with the #ifdefs it's a bit clumsy to read the exact
number of actual num_cap_vals++ that can happen in one run. On debian
buster, cap_val_t is an int, so this is not really wasting too much.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Björn Jacke [Fri, 30 Oct 2020 11:59:06 +0000 (12:59 +0100)]
winbind: alternatively use prama fini for destructors if supported
Signed-off-by: Bjoern Jacke <bjacke@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Nov 10 08:17:53 UTC 2020 on sn-devel-184
Signed-off-by: Anoop C S <anoopcs@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Mon Nov 9 13:30:06 UTC 2020 on sn-devel-184
sefltest: Enable the dcerpc.createtrustrelax test against ad_dc_fips
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Nov 9 10:22:51 UTC 2020 on sn-devel-184
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Nov 9 04:10:45 UTC 2020 on sn-devel-184
Jeremy Allison [Tue, 20 Oct 2020 17:52:55 +0000 (10:52 -0700)]
lib: talloc: Fix memlimit on pool realloc.
We only have to do the memlimit check before any
real malloc or realloc. Allocations out of a
memory pool have already been counted in the
memory limit, so don't check in those cases.
This is an application-visible change (although
fixing a bug) so bump the ABI to 2.3.1 -> 2.3.2.
Remove statement about lack of support. Add description and example for
how to explicitly disable modules via a '!' prefix.
Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Nov 6 20:19:22 UTC 2020 on sn-devel-184
Isaac Boukris [Thu, 5 Nov 2020 13:38:19 +0000 (15:38 +0200)]
Remove source4/scripting/devel/createtrust script
We now have the 'samba-tool domain trust' command.
Signed-off-by: Isaac Boukris <iboukris@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Isaac Boukris <iboukris@samba.org>
Autobuild-Date(master): Fri Nov 6 11:25:02 UTC 2020 on sn-devel-184
Andrew Walker [Mon, 2 Nov 2020 21:42:29 +0000 (16:42 -0500)]
s4:libnet:py_net - free event context in dealloc fn
Creation of a new Net() object initializes an event context under
a NULL talloc context and then creates a new talloc context as a
child of the event context. The deallocation function for the
net object only frees the child and not the parent. This leaks an
fd for the tevent context and associated memory.
Signed-off-by: Andrew Walker <awalker@ixsystems.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Nov 6 04:58:31 UTC 2020 on sn-devel-184
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Nov 5 00:17:55 UTC 2020 on sn-devel-184
Add python canonicalization tests, loosely based on the code in
source4/torture/krb5/kdc-canon-heimdal.c. The long term goal is to move
the integration level tests out of kdc-canon-heimdal, leaving it as a
heimdal library unit test.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Pair-Programmed-With: Anoop C S <anoopcs@samba.org>
Pair-Programmed-With: Sachin Prabhu <sprabhu@redhat.com> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Nov 4 22:53:49 UTC 2020 on sn-devel-184
Bradley M. Kuhn [Mon, 26 Oct 2020 21:29:00 +0000 (14:29 -0700)]
VFS-License-clarification: minor improvements aligning w/ GPLv3 text
The phrase "derived work" and word "derived" don't appear in GPLv3;
instead, GPLv3 uses the phrases "modified version" and "based on" to
implement the strong copyleft clause. Herein, align the VFS
statement with the phrases as they appear in the GPLv3 since Samba's
license is GPLv3-or-later.
Included are also a few other very minor wording changes as suggested
by legal counsel who is experienced with presenting these sorts of
licensing statements to company lawyers and suggests these changes
will comfort that constituency.
Finally, update both occurrences of the statement in the codebase in
two different files.
Signed-off-by: Bradley M. Kuhn <bkuhn@sfconservancy.org> Reviewed-by: Jim McDonough <jmcd@samba.org> Reviewed-by: Karolin Seeger <kseeger@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sat, 31 Oct 2020 15:48:31 +0000 (16:48 +0100)]
libsmb: Remove cli_state->dfs_mountpoint
Not used anymore
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Nov 4 20:17:47 UTC 2020 on sn-devel-184
Volker Lendecke [Mon, 19 Oct 2020 07:37:03 +0000 (09:37 +0200)]
smbclient: Fix recursive "ls" across DFS links
This is an a bit subtle patch: The main trick is that the previous
code a DFS-style \\server\share\dir1\dir2 path ended up in the list of
directories to enumerate. This was then processed by do_list again,
passing it to cli_resolve_path. However, cli_resolve_path always
expects non-DFS style paths as input. This patch passes the original,
non-DFS path to do_list_helper(), so that it ends up without the DFS
style \\server\share prefix in the directory queue.
From general failure it just fails on the SMB1-based environments,
like the other smbclient_s3 ones in knownfail.d/smb1-tests
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sun, 18 Oct 2020 16:39:17 +0000 (18:39 +0200)]
smbclient: Add "mask" to do_list_helper_state
To me this is simpler to understand than to rely on the cli_list
callback which goes through some function call layers. Also, this
gives more obvious control over what we pass in the next patch.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 26 Oct 2020 08:18:57 +0000 (09:18 +0100)]
libsmb: Fix a signed/unsigned warning
"num_bytes" is uint32_t, "received" is uint16_t. The multiplication
seems to implicitly widen "received" to int, leading to a
signed/unsigned warning. This cast makes that warning go away.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Allow this lookup using realm to be done against primary domain when we
are a domain controller. This corresponds to FreeIPA use of Samba as a
DC. For normal domain members a realm-based lookup falls back to a
lookup over to its own domain controller with the help of winbindd.
Refactor user name parsing code to reuse cli_credentials_* API to be
consistent with other places. cli_credentials_parse_name() handles
both domain and realm-based user name variants.
Signed-off-by: Alexander Bokovoy <ab@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Alexander Bokovoy <ab@samba.org>
Autobuild-Date(master): Wed Nov 4 16:23:40 UTC 2020 on sn-devel-184
cli_credentials: add a helper to parse user or group names
cli_credentials_parse_string() parses a string specified for -U option
in command line tools. It has a side-effect that '%' character is always
considered to be a separator after which a password is specified.
Active Directory does allow to create user or group objects with '%' in
the name. It means cli_credentials_parse_string() will not be able to
properly parse such name.
Introduce cli_credentials_parse_name() for the cases when a password is
not expected in the name and call to cli_credentials_parse_name() from
cli_credentials_parse_string().
Test cli_credentials_parse_name() with its intended use in lookup_name()
refactoring.
Signed-off-by: Alexander Bokovoy <ab@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
cli_credentials_parse_string: fix parsing of principals
When parsing a principal-like name, user name was left with full
principal instead of taking only the left part before '@' sign.
>>> from samba import credentials
>>> t = credentials.Credentials()
>>> t.parse_string('admin@realm.test', credentials.SPECIFIED)
>>> t.get_username()
'admin@realm.test'
The issue is that cli_credentials_set_username() does a talloc_strdup()
of the argument, so we need to change order of assignment to allow
talloc_strdup() to copy the right part of the string.
Signed-off-by: Alexander Bokovoy <ab@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Björn Baumbach [Thu, 29 Oct 2020 11:38:51 +0000 (12:38 +0100)]
selftest: add test for new "samba-tool user unlock" command
Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Wed Nov 4 00:19:25 UTC 2020 on sn-devel-184
Björn Baumbach [Thu, 22 Oct 2020 15:29:56 +0000 (17:29 +0200)]
samba-tool: add new "user unlock" command
Can be used to unlock a user when the badPwdCount has been reached.
Introduces SamDB error classes, as suggested by
Douglas Bagnall <douglas.bagnall@catalyst.net.nz> - thanks!
This helps to handle expected failures.
Tracebacks of really unexpected failures will not be hidden.
Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
s3:vfs: Document the encryption_required flag in vfs.h
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Nov 3 16:47:57 UTC 2020 on sn-devel-184
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Nov 3 01:56:59 UTC 2020 on sn-devel-184
s3-vfs_glusterfs: refuse connection when write-behind xlator is present
s3-vfs_glusterfs: refuse connection when write-behind xlator is present
Once the new glusterfs api is available we will programmtically disable
the translator, for now we just refuse the connection as there is
a potential for serious data damage.
Signed-off-by: Guenther Deschner <gd@samba.org>
Pair-Programmed-With: Sachin Prabhu <sprabhu@redhat.com>
Pair-Programmed-With: Anoop C S <anoopcs@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Nov 2 21:40:33 UTC 2020 on sn-devel-184
Martin Schwenke [Wed, 28 Oct 2020 22:05:37 +0000 (09:05 +1100)]
selftest: Drop dummy environment variables for CTDB daemons
This existed to avoid UID_WRAPPER_ROOT=1 causing ctdbd to fail to
chown the socket. The chown is no longer done in test mode so remove
this confusing hack.
Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Amitay Isaacs <amitay@gmail.com> Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Mon Nov 2 10:20:45 UTC 2020 on sn-devel-184
projects / thirdparty / samba.git / log
