git.ipfire.org Git - thirdparty/samba.git/log

]> git.ipfire.org Git - thirdparty/samba.git/log

projects / thirdparty / samba.git / log

summary | shortlog | log | commit | commitdiff | tree
first ⋅ prev ⋅ next

commit | commitdiff | tree

Stefan Metzmacher [Wed, 11 Jan 2023 19:17:06 +0000 (20:17 +0100)]

lib/tsocket: make use of TEVENT_FD_ERROR in tstream_bsd_fde_handler()

This makes the logic introduced to fix bug #15202 simpler.

While developing this I noticed that a lot of callers
rely on the fact that they can read the pending bytes out
of the recv queue before EOF is reported.

So I changed the code handle TEVENT_FD_ERROR together with
TEVENT_FD_READ in a way that keep the existing callers happy.

In the next step we'll add a way to let callers opt-in in order
to fail immediately if TEVENT_FD_ERROR appears (even if there
are pending bytes remaining in the recv queue).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15202

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

commit | commitdiff | tree

Stefan Metzmacher [Wed, 11 Jan 2023 19:15:33 +0000 (20:15 +0100)]

lib/tsocket: let tstream_bsd_connect_send() use TEVENT_FD_ERROR instead of TEVENT_FD_READ

This mostly cosmetic, but now that we have TEVENT_FD_ERROR we should use it.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

commit | commitdiff | tree

Stefan Metzmacher [Thu, 12 Jan 2023 11:54:33 +0000 (12:54 +0100)]

lib/async_req: let writev_send/recv use TEVENT_FD_ERROR

Unless err_on_readability is true, we use TEVENT_FD_READ only
to detect errors. Now that we have TEVENT_FD_ERROR we should use it.

As a side effect it makes the code much simpler and clearer, as
we can directly map TEVENT_FD_ERROR to EPIPE.

In addition the err_on_readability=true case is now also
clearer, where we just map TEVENT_FD_READ to EPIPE.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

commit | commitdiff | tree

Stefan Metzmacher [Wed, 11 Jan 2023 19:04:26 +0000 (20:04 +0100)]

lib/async_req: let async_connect_send use TEVENT_FD_ERROR instead of TEVENT_FD_READ

This mostly cosmetic, but now that we have TEVENT_FD_ERROR we should use it.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

commit | commitdiff | tree

Stefan Metzmacher [Thu, 12 Jan 2023 10:35:11 +0000 (11:35 +0100)]

lib/tsocket: make use of samba_socket_sock_error()

This is nicer than calling getsockopt(state->fd, SOL_SOCKET, SO_ERROR)
directly.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

commit | commitdiff | tree

Stefan Metzmacher [Thu, 12 Jan 2023 10:35:11 +0000 (11:35 +0100)]

lib/tsocket: make use of samba_socket_poll_or_sock_error()

This is just a copy of the existing code...

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

commit | commitdiff | tree

Stefan Metzmacher [Thu, 12 Jan 2023 10:14:06 +0000 (11:14 +0100)]

lib/util: add samba_socket_{poll,sock,poll_or_sock}_error()

These are copies of the static functions in lib/tsocket/tsocket_bsd.c,
which we will replace in the next commit.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

commit | commitdiff | tree

Joseph Sutton [Fri, 20 Oct 2023 02:01:30 +0000 (15:01 +1300)]

s4:kdc: Add device to Authenticated Users for authentication policy evaluation

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Oct 24 01:59:32 UTC 2023 on atb-devel-224

commit | commitdiff | tree

Joseph Sutton [Fri, 20 Oct 2023 02:00:12 +0000 (15:00 +1300)]

s4:kdc: Add a flag indicating that the device should be added to Authenticated Users

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

commit | commitdiff | tree

Joseph Sutton [Thu, 19 Oct 2023 07:02:43 +0000 (20:02 +1300)]

s4:kdc: Add device to default groups for authentication policy evaluation

This means that expressions like ‘Device_Member_of(WD)’ will now work,
as they should.

It *also* means that expressions like ‘Device_Member_of(NU)’ will work,
even though they shouldn’t. This is because we consider SID_NT_NETWORK
to be a default group.

Our new behaviour may be wrong, but at least it’s now consistent with
the behaviour of user‐relative expressions like ‘Member_of(WD)’ and
‘Member_of(NU)’.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

commit | commitdiff | tree

Joseph Sutton [Thu, 19 Oct 2023 07:02:32 +0000 (20:02 +1300)]

s4:kdc: Add a flag indicating that the device should be added to the default groups

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

commit | commitdiff | tree

Joseph Sutton [Thu, 19 Oct 2023 07:02:13 +0000 (20:02 +1300)]

s4:kdc: Make a copy of the device SIDs to be placed in the security token

We shall need to add extra SIDs on the end.

View with ‘git show -b’.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

commit | commitdiff | tree

Joseph Sutton [Thu, 19 Oct 2023 04:11:41 +0000 (17:11 +1300)]

tests/krb5: Test whether the device belongs to some default groups

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

commit | commitdiff | tree

Joseph Sutton [Thu, 19 Oct 2023 03:23:32 +0000 (16:23 +1300)]

tests/krb5: Work around Samba’s incorrect krbtgt principal handling

These tests fail only because they are using the ‘krbtgt@REALM’ form of
the krbtgt principal that Samba doesn’t handle correctly.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

commit | commitdiff | tree

Joseph Sutton [Thu, 19 Oct 2023 03:22:28 +0000 (16:22 +1300)]

tests/krb5: Remove unnecessary target_creds variables

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

commit | commitdiff | tree

Joseph Sutton [Tue, 17 Oct 2023 07:24:04 +0000 (20:24 +1300)]

s4:kdc: Permit RODC‐issued evidence tickets for constrained delegation

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Oct 19 22:39:19 UTC 2023 on atb-devel-224

commit | commitdiff | tree

Joseph Sutton [Tue, 17 Oct 2023 07:18:28 +0000 (20:18 +1300)]

s4:kdc: Add flag to indicate the upper sixteen bits of the kvno are specified

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

commit | commitdiff | tree

Joseph Sutton [Tue, 17 Oct 2023 07:18:12 +0000 (20:18 +1300)]

s4:kdc: Use HDB flag constants instead of SDB ones

These flags are passed to us by Heimdal, and so they are HDB flags, not
SDB flags.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

commit | commitdiff | tree

Joseph Sutton [Tue, 17 Oct 2023 01:24:46 +0000 (14:24 +1300)]

s4:kdc: Always regard device info when the client performs RBCD

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

commit | commitdiff | tree

Joseph Sutton [Mon, 16 Oct 2023 22:18:50 +0000 (11:18 +1300)]

s4:dsdb: Remove reference to non‐existent code

Commit 498542be0bbf4f26558573c1f87b77b8e3509371 removed the code in
question.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

commit | commitdiff | tree

Joseph Sutton [Wed, 18 Oct 2023 03:07:30 +0000 (16:07 +1300)]

tests/krb5: Delete connection variable

This avoids a ‘variable set but unused’ warning.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

commit | commitdiff | tree

Joseph Sutton [Wed, 18 Oct 2023 03:06:51 +0000 (16:06 +1300)]

tests/krb5: Make ‘services’ parameter required

We use it unconditionally without a check for None.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

commit | commitdiff | tree

Joseph Sutton [Wed, 18 Oct 2023 03:05:17 +0000 (16:05 +1300)]

tests/krb5: Remove unreachable exception handlers

‘IOError’ is a subclass of ‘error’, which has already been handled.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

commit | commitdiff | tree

Joseph Sutton [Wed, 18 Oct 2023 03:03:45 +0000 (16:03 +1300)]

tests/krb5: Fix RC4‐only Protected Users tests

We forgot to actually use the ‘supported_enctypes’ parameter.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

commit | commitdiff | tree

Joseph Sutton [Wed, 18 Oct 2023 03:02:36 +0000 (16:02 +1300)]

tests/krb5: Remove unnecessary f‐strings

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

commit | commitdiff | tree

Joseph Sutton [Wed, 18 Oct 2023 03:02:00 +0000 (16:02 +1300)]

tests/krb5: Remove unused imports

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

commit | commitdiff | tree

Joseph Sutton [Wed, 18 Oct 2023 02:59:56 +0000 (15:59 +1300)]

tests/krb5: Fix DES3CBC random_to_key()

Because ‘keybytes’ is an immutable bytes object, ‘keybytes[7] = …’ has
no hope of working.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

commit | commitdiff | tree

Joseph Sutton [Wed, 18 Oct 2023 04:08:01 +0000 (17:08 +1300)]

tests/krb5: Make ‘keybytes’ a bytes object rather than a list

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

commit | commitdiff | tree

Joseph Sutton [Wed, 18 Oct 2023 02:08:47 +0000 (15:08 +1300)]

tests/krb5: Don’t expect edata if no error is expected

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

commit | commitdiff | tree

Joseph Sutton [Wed, 18 Oct 2023 01:18:47 +0000 (14:18 +1300)]

tests/krb5: Add parameter to _tgs() specifying whether FAST is to be used

View with ‘git show -b’.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

commit | commitdiff | tree

Joseph Sutton [Wed, 18 Oct 2023 01:17:59 +0000 (14:17 +1300)]

tests/krb5: Use None for the default values of parameters

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

commit | commitdiff | tree

Joseph Sutton [Wed, 18 Oct 2023 01:15:27 +0000 (14:15 +1300)]

tests/krb5: Move assignments closer to where the variables are used

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

commit | commitdiff | tree

Joseph Sutton [Wed, 18 Oct 2023 01:06:42 +0000 (14:06 +1300)]

tests/krb5: Remove incorrect functional level check

RBCD has no relevance to a method called _tgs().

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

commit | commitdiff | tree

Joseph Sutton [Wed, 18 Oct 2023 01:05:16 +0000 (14:05 +1300)]

tests/krb5: Update method names to be consistent with other tests

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

commit | commitdiff | tree

Joseph Sutton [Wed, 18 Oct 2023 00:53:59 +0000 (13:53 +1300)]

tests/krb5: Have _modify_tgt() accept only keyword arguments

to prevent further accidents.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

commit | commitdiff | tree

Joseph Sutton [Wed, 18 Oct 2023 00:52:55 +0000 (13:52 +1300)]

tests/krb5: Correctly pass arguments to _modify_tgt()

We were passing the new realm as the ‘renewable’ parameter!

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

commit | commitdiff | tree

Joseph Sutton [Wed, 18 Oct 2023 06:06:31 +0000 (19:06 +1300)]

tests/krb5: Add KDC_ERR_SERVER_NOMATCH error code

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

commit | commitdiff | tree

Joseph Sutton [Wed, 18 Oct 2023 03:51:24 +0000 (16:51 +1300)]

tests/krb5: Add ‘expect_edata’ parameter to _user2user()

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

commit | commitdiff | tree

Joseph Sutton [Mon, 16 Oct 2023 22:59:40 +0000 (11:59 +1300)]

tests/krb5: Fix comment

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

commit | commitdiff | tree

Joseph Sutton [Mon, 16 Oct 2023 22:25:43 +0000 (11:25 +1300)]

tests/krb5: Remove marker

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

commit | commitdiff | tree

Joseph Sutton [Mon, 16 Oct 2023 05:25:36 +0000 (18:25 +1300)]

s4:torture: Check return values of gnutls functions (CID 1547212)

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

commit | commitdiff | tree

Joseph Sutton [Mon, 16 Oct 2023 06:10:56 +0000 (19:10 +1300)]

s4:torture: Fix leaks

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

commit | commitdiff | tree

Joseph Sutton [Mon, 16 Oct 2023 06:09:54 +0000 (19:09 +1300)]

s4:torture: Check return values of talloc functions

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

commit | commitdiff | tree

Ralph Boehme [Wed, 18 Oct 2023 13:32:03 +0000 (15:32 +0200)]

smbd: put back code to fill in user and group SID

This is accidentally removed by 6874ed6a9defdf6f842e1e25f1ffd95708534ca6.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Oct 18 16:46:00 UTC 2023 on atb-devel-224

commit | commitdiff | tree

Pavel Filipenský [Wed, 18 Oct 2023 09:32:57 +0000 (11:32 +0200)]

s3:libads: Improve logging for failover scenarios

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Pavel Filipensky <pfilipensky@samba.org>
Autobuild-Date(master): Wed Oct 18 15:47:09 UTC 2023 on atb-devel-224

commit | commitdiff | tree

Pavel Filipenský [Wed, 18 Oct 2023 09:32:57 +0000 (11:32 +0200)]

s3:libsmb: Improve logging for failover scenarios

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

commit | commitdiff | tree

Pavel Filipenský [Wed, 18 Oct 2023 09:32:57 +0000 (11:32 +0200)]

s3:winbindd: Improve logging for failover scenarios in winbindd_pam.c

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

commit | commitdiff | tree

Pavel Filipenský [Wed, 18 Oct 2023 09:32:57 +0000 (11:32 +0200)]

s3:winbindd: Improve logging for failover scenarios in winbindd_cm.c

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

commit | commitdiff | tree

MikeLiu [Fri, 13 Oct 2023 03:55:52 +0000 (11:55 +0800)]

shadow_copy2: Add missing TALLOC_FREE

Signed-off-by: MikeLiu <mikeliu@qnap.com>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Oct 17 20:22:18 UTC 2023 on atb-devel-224

commit | commitdiff | tree

Andreas Schneider [Tue, 17 Oct 2023 12:29:03 +0000 (14:29 +0200)]

s4:torture: Increase multichannel timeout

This avoid running into timeouts on Gitlab CI.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

commit | commitdiff | tree

Stefan Metzmacher [Fri, 13 Oct 2023 07:18:25 +0000 (09:18 +0200)]

s4:rpc_server/epmapper: use ndr_syntax_id_equal() in dcesrv_epm_Map() to match the request

This matches it much easier to understand.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

commit | commitdiff | tree

Stefan Metzmacher [Fri, 13 Oct 2023 07:11:51 +0000 (09:11 +0200)]

s4:rpc_server/epmapper: check dcerpc_floor_get_uuid_full() result in dcesrv_epm_Map()

This already checks for EPM_PROTOCOL_UUID and simplifies the logic.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

commit | commitdiff | tree

Stefan Metzmacher [Thu, 12 Oct 2023 15:19:21 +0000 (17:19 +0200)]

s4:rpc_server: simplify logic in dcesrv_epm_Map matching

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

commit | commitdiff | tree

Stefan Metzmacher [Wed, 9 Aug 2023 17:39:21 +0000 (19:39 +0200)]

librpc/rpc: also get the 2nd half of the ndr_syntax_id from a floor

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

commit | commitdiff | tree

Stefan Metzmacher [Wed, 9 Aug 2023 17:23:59 +0000 (19:23 +0200)]

librpc/rpc: add dcerpc_floor_pack_uuid_full() helper function

This handles the full syntax with split major and minor version,
from lhs and rhs.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

commit | commitdiff | tree

Stefan Metzmacher [Sun, 13 Aug 2023 11:34:30 +0000 (13:34 +0200)]

s3:rpc_server: let create_policy_hnd() return a pointer

This allows a TALLOC_FREE() on it to unregister and destroy the
handle easily.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

commit | commitdiff | tree

Stefan Metzmacher [Thu, 12 Oct 2023 09:05:46 +0000 (11:05 +0200)]

s4:rpc_server/remote: make use of dcesrv_async_reply()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

commit | commitdiff | tree

Stefan Metzmacher [Thu, 12 Oct 2023 09:05:46 +0000 (11:05 +0200)]

s4:rpc_server/netlogon: make use of dcesrv_async_reply()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

commit | commitdiff | tree

Stefan Metzmacher [Thu, 12 Oct 2023 09:05:46 +0000 (11:05 +0200)]

s4:rpc_server/lsa: make use of dcesrv_async_reply()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

commit | commitdiff | tree

Stefan Metzmacher [Thu, 12 Oct 2023 09:05:46 +0000 (11:05 +0200)]

s4:rpc_server/common: make use of dcesrv_async_reply()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

commit | commitdiff | tree

Stefan Metzmacher [Thu, 12 Oct 2023 09:05:46 +0000 (11:05 +0200)]

s4:rpc_server/echo: make use of dcesrv_async_reply()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

commit | commitdiff | tree

Stefan Metzmacher [Mon, 14 Aug 2023 10:58:14 +0000 (12:58 +0200)]

librpc/rpc: add dcesrv_async_reply() helper that disconnects as needed

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

commit | commitdiff | tree

Stefan Metzmacher [Mon, 14 Aug 2023 10:48:28 +0000 (12:48 +0200)]

librpc/rpc: allow dcesrv_context to propose the preferred ndr syntax

This allows specific services to use ndr64.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

commit | commitdiff | tree

Stefan Metzmacher [Thu, 12 Oct 2023 13:39:38 +0000 (15:39 +0200)]

s3:rpc_server: distribute clients based on available association group slots

The important factor to distribute connection to workers
should be the number of used association group slots instead
of the raw number of connections. If one worker has a lot of
association groups with just one connection each, but another
with few association groups, but multiple connections per
association group. The one with less association groups should
get the connection. Note each worker is only able to allocate
UINT16_MAX allocation groups, but the number of connections
is only limited by RAM.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

commit | commitdiff | tree

Stefan Metzmacher [Thu, 12 Oct 2023 10:49:42 +0000 (12:49 +0200)]

dcesrv_core: maintain the number of allocated association groups per dce_ctx

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

commit | commitdiff | tree

Stefan Metzmacher [Thu, 12 Oct 2023 12:21:44 +0000 (14:21 +0200)]

s3:rpc_server: improve debugging in rpc_host_distribute_clients()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

commit | commitdiff | tree

Stefan Metzmacher [Thu, 12 Oct 2023 12:16:48 +0000 (14:16 +0200)]

s3:rpc_server: simplify rpc_host_find_worker()

This will help me in the next commits.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

commit | commitdiff | tree

Stefan Metzmacher [Thu, 19 Jan 2023 11:27:20 +0000 (12:27 +0100)]

s3:rpc_server: correctly allow up to 65536 workers processes

We already limit the per worker portion of the association
group id to UINT16_MAX, so we can also use 16-bit instead
of just 8-bit to encode the worker index.

While there we should actually ensure that the max worker
index is UINT16_MAX.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

commit | commitdiff | tree

Stefan Metzmacher [Thu, 12 Oct 2023 10:30:00 +0000 (12:30 +0200)]

rpc_host.idl: change server_index from uint8 to uint32

This reflects what we're using in the C code already...

Note this is an incompatible change, but we also changed
from named_pipe_auth_req_info7 to named_pipe_auth_req_info8
in master...

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

commit | commitdiff | tree

Stefan Metzmacher [Wed, 16 Aug 2023 14:47:24 +0000 (16:47 +0200)]

s3:rpc_server: call reopen_logs before we print the copyright notice

This matches what we do in smbd, winbindd and nmbd.

For the workers it's important to call it at all, otherwise
things like 'debug pid = yes' or 'debug class = yes' have no effect
in the workers.

We could argue if we want the copyright notice on the start
of each worker at all, but that's a different discussion...

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

commit | commitdiff | tree

Stefan Metzmacher [Wed, 9 Aug 2023 14:41:33 +0000 (16:41 +0200)]

s3:rpc_server: make use of dcesrv_register_default_auth_types[_machine_principal]()

This mostly matches windows now...

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

commit | commitdiff | tree

Stefan Metzmacher [Wed, 9 Aug 2023 14:06:06 +0000 (16:06 +0200)]

s3:rpc_server: let get_servers() callback of rpc_worker_main() return NTSTATUS

This means the rpc_worker_main() logic is the only layer that
needs to call exit() and its able to do some cleanup before.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

commit | commitdiff | tree

Stefan Metzmacher [Wed, 9 Aug 2023 13:37:12 +0000 (15:37 +0200)]

s3:rpc_server: let register_ep_server() errors result in DBG_ERR()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

commit | commitdiff | tree

Stefan Metzmacher [Wed, 9 Aug 2023 13:29:29 +0000 (15:29 +0200)]

librpc/rpc: add dcesrv_register_default_auth_types[_machine_principal]() helpers

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

commit | commitdiff | tree

Stefan Metzmacher [Wed, 9 Aug 2023 11:26:31 +0000 (13:26 +0200)]

librpc/rpc: implement dcesrv_mgmt_inq_princ_name infrastructure

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

commit | commitdiff | tree

Stefan Metzmacher [Wed, 9 Aug 2023 15:05:56 +0000 (17:05 +0200)]

librpc/rpc: let dcesrv_mgmt_inq_if_ids() filter out the mgmt syntax_id

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

commit | commitdiff | tree

Stefan Metzmacher [Wed, 9 Aug 2023 10:42:43 +0000 (12:42 +0200)]

librpc/rpc: apply some code cleanup and error checks to dcesrv_mgmt.c

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

commit | commitdiff | tree

Stefan Metzmacher [Wed, 9 Aug 2023 15:24:07 +0000 (17:24 +0200)]

s4:torture/rpc: let test_inq_princ_name_size also test for princ_name_size = 0 and BAD_STUB_DATA

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

commit | commitdiff | tree

Stefan Metzmacher [Wed, 9 Aug 2023 15:32:11 +0000 (17:32 +0200)]

s3:selftest: also run rpc.mgmt against the nt4_dc (and ad_dc)

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

commit | commitdiff | tree

Stefan Metzmacher [Fri, 18 Aug 2023 08:59:00 +0000 (10:59 +0200)]

libcli/util: let win_errstr() fallback to hresult_errstr()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

commit | commitdiff | tree

Pavel Filipenský [Sun, 24 Sep 2023 13:03:24 +0000 (15:03 +0200)]

s3:tests: Plan test_smbspool_krb.sh for environment ad_member_fips

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Pavel Filipensky <pfilipensky@samba.org>
Autobuild-Date(master): Tue Oct 17 19:19:32 UTC 2023 on atb-devel-224

commit | commitdiff | tree

Pavel Filipenský [Sun, 24 Sep 2023 13:03:35 +0000 (15:03 +0200)]

s3:tests: Add smbspool test using kerberos authentication: test_smbspool_krb.sh

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

commit | commitdiff | tree

Pavel Filipenský [Mon, 25 Sep 2023 07:11:52 +0000 (09:11 +0200)]

s3:tests: The correct name of shell variable is 'samba_smbspool_krb5'

There is no shell variable named 'smbspool_krb5'.

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

commit | commitdiff | tree

Michael Adam [Mon, 16 Oct 2023 17:04:55 +0000 (19:04 +0200)]

gitignore: add WAF lockfile

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15497

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Christof Schmitt <christof.schmitt@us.ibm.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Oct 17 04:16:29 UTC 2023 on atb-devel-224

commit | commitdiff | tree

Christof Schmitt [Thu, 12 Sep 2013 23:11:34 +0000 (16:11 -0700)]

build: Add 'make printversion' to provide version string

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15497

Signed-off-by: Christof Schmitt <christof.schmitt@us.ibm.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

commit | commitdiff | tree

Joseph Sutton [Wed, 11 Oct 2023 22:56:01 +0000 (11:56 +1300)]

s4:kdc: Remove unused function int2SDBFlags()

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

commit | commitdiff | tree

Joseph Sutton [Wed, 11 Oct 2023 22:54:50 +0000 (11:54 +1300)]

s4:kdc: Explicitly initialize SDBFlags structures

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

commit | commitdiff | tree

Joseph Sutton [Thu, 12 Oct 2023 00:40:21 +0000 (13:40 +1300)]

s4:kdc: Make ‘struct user_info_dc’ members const

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

commit | commitdiff | tree

Joseph Sutton [Fri, 6 Oct 2023 01:11:24 +0000 (14:11 +1300)]

s4:dsdb: Check return value of ldb_msg_add_empty() (CID 1449667)

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

commit | commitdiff | tree

Joseph Sutton [Mon, 16 Oct 2023 02:37:29 +0000 (15:37 +1300)]

tests/krb5: Fix ASN.1 source

It currently fails to compile.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

commit | commitdiff | tree

Joseph Sutton [Mon, 16 Oct 2023 01:41:51 +0000 (14:41 +1300)]

tests/krb5: Don’t expect groups if we’re expecting an error

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

commit | commitdiff | tree

Joseph Sutton [Sun, 1 Oct 2023 23:20:48 +0000 (12:20 +1300)]

tests/krb5: Fix tests that crash Windows

Expect an actual error code or an outcome, not CRASHES_WINDOWS.

I don’t know which error codes Windows might be expected to produce, so
I’ve chosen some that seem plausible.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

commit | commitdiff | tree

Joseph Sutton [Tue, 17 Oct 2023 01:03:33 +0000 (14:03 +1300)]

tests/krb5: Expect a status code with policy errors

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

commit | commitdiff | tree

Joseph Sutton [Tue, 17 Oct 2023 00:34:29 +0000 (13:34 +1300)]

tests/krb5: Don’t consider RODC‐issued tickets to be banned with RBCD

If we’re verifying that a ticket was permitted to be issued by an RODC,
and not trusting the group SIDs in the ticket, is there any reason to
ban its use with RBCD?

A client with a ticket issued by an RODC that happens to select a DC to
direct an RBCD request at should not have the request mysteriously fail.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

commit | commitdiff | tree

Joseph Sutton [Thu, 12 Oct 2023 23:38:35 +0000 (12:38 +1300)]

buildtools: Correctly raise exception

This avoids errors like the following:
‘RuntimeError: No active exception to reraise’

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

commit | commitdiff | tree

Joseph Sutton [Thu, 12 Oct 2023 22:23:27 +0000 (11:23 +1300)]

buildtools: Don’t call normpath() repeatedly

A non‐negligible fraction of the build process — especially for
incremental builds — is spent calling normpath() over and over again.

Make builds faster by not doing that.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

commit | commitdiff | tree

Stefan Metzmacher [Wed, 11 Oct 2023 13:58:22 +0000 (15:58 +0200)]

s4:kdc: fix user2user tgs-requests for normal user accounts

User2User tgs requests use the session key of the additional
ticket instead of the long term keys based on the password.

In addition User2User also asserts that client and server
are the same account (cecked based on the sid).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15492

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Oct 16 15:38:12 UTC 2023 on atb-devel-224

commit | commitdiff | tree

Stefan Metzmacher [Sun, 15 Oct 2023 23:33:15 +0000 (12:33 +1300)]

third_party/heimdal kdc: introduce HDB_F_USER2USER_PRINCIPAL (import lorikeet-heimdal-202310152331 (commit a571340c9e1b75d4f5d96f08fcf9fd660d3ba3d4))

This allows HDB backends to do special handling for
User2User TGS-REQs. The main reason is to let
the HDB_F_GET_SERVER lookup to succeed even for
non-computer accounts. In Samba these are typically
not returned in HDB_F_GET_SERVER in order to avoid
generating tickets with the user password.

But for User2User the account password is not used,
so it is safe to return the server entry.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15492

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
[abartlet@samba.org Adapted to be an import from lorikeet-heimdal as requested]

commit | commitdiff | tree

Stefan Metzmacher [Wed, 11 Oct 2023 13:54:15 +0000 (15:54 +0200)]

tests/krb5/kdc_tgs_tests: add user2user tests using a normal user account

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15492

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

commit | commitdiff | tree

Stefan Metzmacher [Fri, 29 Jan 2016 22:35:31 +0000 (23:35 +0100)]

CVE-2018-14628: python:descriptor: let samba-tool dbcheck fix the nTSecurityDescriptor on CN=Deleted Objects containers

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13595

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Mirror of https://github.com/samba-team/samba.git