Douglas Bagnall [Fri, 27 Oct 2023 23:09:04 +0000 (12:09 +1300)]
pytest:samba-tool domain test policy: test SDDL diagnostics
The existing 'bad SDDL' test has SDDL so bad that the diagnostics
are not exercised.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Nov 1 21:12:33 UTC 2023 on atb-devel-224
Douglas Bagnall [Wed, 25 Oct 2023 02:56:30 +0000 (15:56 +1300)]
s4/librpc/py_security: add SDDLValueError
This will soon be raised for SDDL parsing errors.
It would have been nice to have it as a subclass of
ValueError, meaning that all existing callers would
continue to catch this error as before, but it turns
out that that is quite difficult.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Usually the conditions are embedded in part of some SDDL, and the
offset from the beginning of the condtions is a bit useless and
confusing. Callers of sddl_decode_err_msg get the offset from the
beginning of the SDDL which is a different and more useful number.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Fri, 20 Oct 2023 23:47:33 +0000 (12:47 +1300)]
libcli/security: SDDL accepts lowercase "s-" in SIDs
This is what Windows does, and it removes a couple of knownfails.
We can change it here cheaply without affecting the core dom_sid code,
which is good because there seem to be other places where we need the
uppercase S (for example in ldap search <SID=> queries).
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 10 Jul 2023 03:47:03 +0000 (15:47 +1200)]
librpc:ndr: Introduce ‘libndr_flags’ type
The LIBNDR_FLAG_ namespace is getting dangerously full, with only a
single flag value (1 << 9) remaining for use. After that flag is put
into use, we won’t be able to add any new flags without increasing the
flag width to 64‐bit.
Up to now we’ve used a haphazard mix of int, unsigned, and uint32_t to
store these flags. Introduce a new type, ‘libndr_flags’, to be used
consistently to hold LIBNDR flags. If in the future we find we need to
move to 64‐bit flags, this type gives us an opportunity to do that.
Bump the NDR version to 4.0.0 — an major version increment, for we’re
changing the function ABI and adding the new symbol
ndr_print_libndr_flags.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Volker Lendecke [Wed, 25 Oct 2023 07:50:23 +0000 (09:50 +0200)]
smbd: Open file as REPARSE_POINT in unlink_internals()
In the future we'll block opening symlinks as such in
SMB_VFS_CREATE_FILE() unless we open as reparse points.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Nov 1 19:56:33 UTC 2023 on atb-devel-224
Volker Lendecke [Tue, 24 Oct 2023 11:18:32 +0000 (13:18 +0200)]
smbd: Fix previous_slash()
Untested code is broken code... previous_slash() did not return a
pointer to the slash but after it. This went undetected because so far
we never call symlink_target_path() with "unparsed==0". Once we
started doing that, we would find that the "unparsed==0" case actually
puts parent on the "previous slash", not the character behind it.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sun, 15 Oct 2023 09:39:32 +0000 (11:39 +0200)]
smbd: Simplify sys_proc_fd_path()
We know the buffer size up-front, create a struct for that. Also, I
think if we ever hit another /proc pattern this is very likely on a
different OS that could be handled by an #ifdef.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: David Mulder <dmulder@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Oct 31 05:41:17 UTC 2023 on atb-devel-224
Ralph Boehme [Sun, 29 Oct 2023 14:27:08 +0000 (15:27 +0100)]
libsmb: remove mode from struct file_info
There's already the "attr" member and this is even used in list_posix_helper()
in pylibsmb.c. While at it, remove the cast in list_posix_helper() by using "I"
instead of "i" format.
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: David Mulder <dmulder@samba.org>
Martin Schwenke [Tue, 19 Sep 2023 07:34:55 +0000 (17:34 +1000)]
ctdb-scripts: Update detect_init_style to use /etc/os-release
/etc/os-release is quite universal. It can be found on most Linux
distros and on FreeBSD.
Attempt to use /etc/os-release to detect Red Hat, SUSE and Debian
based distros. If /etc/os-release exists but distro is unknown then
$ID is printed as the detected distro, which will probably result in
sub-optimal behaviour, but when tracing it will at least indicate that
a new distro needs to be handled.
The only way to handle missing /etc/os-release is to set
CTDB_INIT_STYLE - see ctdb.sysconfig(5) for details.
The event script unit tests are updated to use /etc/os-release so
the new logic is exercised.
Signed-off-by: Martin Schwenke <mschwenke@ddn.com> Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Mon Oct 30 09:19:11 UTC 2023 on atb-devel-224
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Oct 27 21:19:35 UTC 2023 on atb-devel-224
Volker Lendecke [Thu, 26 Oct 2023 14:16:29 +0000 (16:16 +0200)]
tests: Get a file through an absolute symlink within a subdirectory
This shows that read_symlink_reparse() is broken when trying to
replace an absolute with a relative filename within a
share.
read_symlink_reparse() is used only in openat_pathref_fsp_nosymlink()
so far to chase symlinks for non-lcomp path components. Chasing lcomp
symlinks is done through non_widelink_open(), which gets it right.
Gabriel Nagy [Fri, 27 Oct 2023 08:21:50 +0000 (11:21 +0300)]
gp_pol: Test multiple values multi_sz roundtrip
Signed-off-by: Gabriel Nagy <gabriel.nagy@canonical.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: David Mulder <dmulder@samba.org>
Autobuild-User(master): David Mulder <dmulder@samba.org>
Autobuild-Date(master): Fri Oct 27 14:45:28 UTC 2023 on atb-devel-224
Gabriel Nagy [Tue, 24 Oct 2023 09:47:02 +0000 (12:47 +0300)]
gp_pol: Allow null data for REG_MULTI_SZ
The parser is able to convert data from binary to XML (it generates an
empty <Value> tag) but not the other way around. This is a common
occurrence for empty multitext fields.
Signed-off-by: Gabriel Nagy <gabriel.nagy@canonical.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: David Mulder <dmulder@samba.org>
Gabriel Nagy [Tue, 24 Oct 2023 09:26:42 +0000 (12:26 +0300)]
gp_pol: Test empty multi_sz roundtrip
Signed-off-by: Gabriel Nagy <gabriel.nagy@canonical.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: David Mulder <dmulder@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Oct 27 06:51:48 UTC 2023 on atb-devel-224
s3:passdb: Do not leak memory if memcache add fails
Indirect leak of 496 byte(s) in 1 object(s) allocated from:
#0 0x7ffb062dc03f in malloc (/lib64/libasan.so.8+0xdc03f) (BuildId: 3e1694ad218c99a8b1b69231666a27df63cf19d0)
#1 0x7ffb06025b3e in __talloc_with_prefix ../../lib/talloc/talloc.c:783
#2 0x7ffb06027512 in __talloc ../../lib/talloc/talloc.c:825
#3 0x7ffb06027512 in _talloc_named_const ../../lib/talloc/talloc.c:982
#4 0x7ffb06027512 in _talloc_zero ../../lib/talloc/talloc.c:2421
#5 0x7ffb05a0332c in samu_new ../../source3/passdb/passdb.c:63
#6 0x7ffb05a2031f in pdb_getsampwnam ../../source3/passdb/pdb_interface.c:351
#7 0x7ffb05a0540b in local_password_change ../../source3/passdb/passdb.c:752
#8 0x56291ddd4b8b in password_change ../../source3/utils/smbpasswd.c:273
#9 0x56291ddd5b59 in process_root ../../source3/utils/smbpasswd.c:478
#10 0x56291ddd5b59 in main ../../source3/utils/smbpasswd.c:661
#11 0x7ffb024281af in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
../../source3/utils/wspsearch.c:331:25: error: ‘row’ may be used
uninitialized [-Werror=maybe-uninitialized]
331 | *rows_processed = row;
| ~~~~~~~~~~~~~~~~^~~~~
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
python: silos: add support for allowed to authenticate from silo shortcut
this avoids the need to write SDDL, the user just needs to give the silo name
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Oct 27 00:30:05 UTC 2023 on atb-devel-224
python: add docstring for escaped_claim_id function
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
python: move method escaped_claim_id from test to samba.sd_utils
This is so that it can be used in other places too without the need to import or extend the test base class
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
projects / thirdparty / samba.git / log
