]> git.ipfire.org Git - thirdparty/samba.git/log
thirdparty/samba.git
3 years agolibsmb: Use tevent_req_nterror()'s retval
Volker Lendecke [Sat, 17 Sep 2022 17:24:08 +0000 (10:24 -0700)] 
libsmb: Use tevent_req_nterror()'s retval

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
3 years agoWHATSNEW: samba-tool: fewer tracebacks, more colour
Douglas Bagnall [Thu, 15 Sep 2022 04:48:31 +0000 (16:48 +1200)] 
WHATSNEW: samba-tool: fewer tracebacks, more colour

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Sep 19 07:14:31 UTC 2022 on sn-devel-184

3 years agodocs/man/samba-tool explain --color
Douglas Bagnall [Thu, 15 Sep 2022 00:41:13 +0000 (12:41 +1200)] 
docs/man/samba-tool explain --color

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
3 years agopy/dbcheck: improve 'please --fix' message
Douglas Bagnall [Sat, 17 Sep 2022 06:18:25 +0000 (18:18 +1200)] 
py/dbcheck: improve 'please --fix' message

The dbcheck module is used in places other than samba-tool (backup,
provision) where the old 'use --fix' message made no sense. Also,
now that we're not necessarily claiming to fix all errors, we say
how many we think we can.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
3 years agodbcheck: don't recommend --fix for errors we can't fix
Douglas Bagnall [Fri, 16 Sep 2022 04:26:41 +0000 (16:26 +1200)] 
dbcheck: don't recommend --fix for errors we can't fix

and/or won't fix.

I think there are others that should be here.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
3 years agodbcheck: do not crash on empty DN
Douglas Bagnall [Wed, 14 Sep 2022 23:20:25 +0000 (11:20 +1200)] 
dbcheck: do not crash on empty DN

we had

$ bin/samba-tool dbcheck -H st/rpc_proxy/private/sam.ldb
Checking 202 objects
ERROR(<class 'ValueError'>): uncaught exception - unable to parse dn string
  File "/home/douglasb/src/samba/bin/python/samba/netcmd/__init__.py", line 230, in _run
    return self.run(*args, **kwargs)
  File "/home/douglasb/src/samba/bin/python/samba/netcmd/dbcheck.py", line 173, in run
    error_count = chk.check_database(DN=DN, scope=search_scope,
  File "/home/douglasb/src/samba/bin/python/samba/dbchecker.py", line 255, in check_database
    error_count += self.check_object(object.dn, requested_attrs=attrs)
  File "/home/douglasb/src/samba/bin/python/samba/dbchecker.py", line 2616, in check_object
    expected_dn = ldb.Dn(self.samdb, "RDN=RDN,%s" % (parent_dn))

Now we have:

$ bin/samba-tool dbcheck -H st/rpc_proxy/private/sam.ldb
Checking 202 objects
ERROR: could not handle parent DN '': skipping RDN checks
Please use --fix to fix these errors
Checked 202 objects (1 errors)

which is still not really right, since --fix won't help.

(same with st/s4member/private/sam.ldb).

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
3 years agosamba-tool dbcheck: use colour if wanted
Douglas Bagnall [Wed, 14 Sep 2022 22:17:16 +0000 (10:17 +1200)] 
samba-tool dbcheck: use colour if wanted

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
3 years agopy/dbchecker: dbcheck prints bits of colour if asked
Douglas Bagnall [Wed, 14 Sep 2022 23:13:30 +0000 (11:13 +1200)] 
py/dbchecker: dbcheck prints bits of colour if asked

Prefixes like ERROR, WARNING, and INFO are given interpretive colours.

This won't change anything until samba-tool decides to ask for colour,
which, who knows, might even be in the next commit.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
3 years agoshadow_copy2: Remove an intermediate if-statement
Volker Lendecke [Thu, 15 Sep 2022 15:55:01 +0000 (08:55 -0700)] 
shadow_copy2: Remove an intermediate if-statement

Now we always pass in a dirfsp from our only caller

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Sep 17 05:15:04 UTC 2022 on sn-devel-184

3 years agosmbd: Remove non_widelink_open() support code
Volker Lendecke [Tue, 13 Sep 2022 16:49:31 +0000 (09:49 -0700)] 
smbd: Remove non_widelink_open() support code

process_symlink_open() and check_reduced_name() are no longer used,
non_widelink_open() was the only user of both.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
3 years agosmbd: Rewrite non_widelink_open()
Volker Lendecke [Mon, 12 Sep 2022 19:08:13 +0000 (12:08 -0700)] 
smbd: Rewrite non_widelink_open()

The previous implementation relied on recursion into
non_widelink_open() via process_symlink_open(). The latter used
readlink() to just make sure that the opened file is actually a
symlink.

This implementation now relies on a fstat/fstatat on failure to open a
file, removing a little complexity deciphering error codes
correctly. It also relies on reading the symlink in user space,
turning the recursion into a loop.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
3 years agosmbd: Make readlink_talloc() public
Volker Lendecke [Wed, 7 Sep 2022 08:43:23 +0000 (10:43 +0200)] 
smbd: Make readlink_talloc() public

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
3 years agosmbd: Slightly simplify non_widelink_open()
Volker Lendecke [Sat, 10 Sep 2022 08:36:11 +0000 (01:36 -0700)] 
smbd: Slightly simplify non_widelink_open()

Avoid the "is_share_root" boolean: One special case less to take care
of further down and in callers: Sanitize the relative name so that it
can never contain a path separator

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
3 years agoshadow_copy2: Use dirfsp if it's around
Volker Lendecke [Thu, 15 Sep 2022 13:11:55 +0000 (06:11 -0700)] 
shadow_copy2: Use dirfsp if it's around

Not used yet, and the "if" around dirfsp!=NULL will go away in a later
patch.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
3 years agoshadow_copy2: Use dirfsp for connectpath
Volker Lendecke [Thu, 15 Sep 2022 03:41:55 +0000 (03:41 +0000)] 
shadow_copy2: Use dirfsp for connectpath

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
3 years agovfs: Add dirfsp to connectpath_fn()
Volker Lendecke [Thu, 15 Sep 2022 03:18:33 +0000 (20:18 -0700)] 
vfs: Add dirfsp to connectpath_fn()

So far we only call CONNECTPATH on full paths. In the future, we'll
have a call that will not have converted a relative path to absolute
just for efficiency reasons. To give shadow_copy2 the chance to still
find the snapshot directory, pass the dirfsp down to it.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
3 years agos3:auth: Flush the GETPWSID in memory cache for NTLM auth
Andreas Schneider [Mon, 12 Sep 2022 14:31:05 +0000 (16:31 +0200)] 
s3:auth: Flush the GETPWSID in memory cache for NTLM auth

Example valgrind output:

==22502== 22,747,002 bytes in 21,049 blocks are possibly lost in loss record 1,075 of 1,075
==22502==    at 0x4C29F73: malloc (vg_replace_malloc.c:309)
==22502==    by 0x11D7089C: _talloc_pooled_object (in /usr/lib64/libtalloc.so.2.1.16)
==22502==    by 0x9027834: tcopy_passwd (in /usr/lib64/libsmbconf.so.0)
==22502==    by 0x6A1E1A3: pdb_copy_sam_account (in /usr/lib64/libsamba-passdb.so.0.27.2)
==22502==    by 0x6A28AB7: pdb_getsampwnam (in /usr/lib64/libsamba-passdb.so.0.27.2)
==22502==    by 0x65D0BC4: check_sam_security (in /usr/lib64/samba/libauth-samba4.so)
==22502==    by 0x65C70F0: ??? (in /usr/lib64/samba/libauth-samba4.so)
==22502==    by 0x65C781A: auth_check_ntlm_password (in /usr/lib64/samba/libauth-samba4.so)
==22502==    by 0x14E464: ??? (in /usr/sbin/winbindd)
==22502==    by 0x151CED: winbind_dual_SamLogon (in /usr/sbin/winbindd)
==22502==    by 0x152072: winbindd_dual_pam_auth_crap (in /usr/sbin/winbindd)
==22502==    by 0x167DE0: ??? (in /usr/sbin/winbindd)
==22502==    by 0x12F29B12: tevent_common_invoke_fd_handler (in /usr/lib64/libtevent.so.0.9.39)
==22502==    by 0x12F30086: ??? (in /usr/lib64/libtevent.so.0.9.39)
==22502==    by 0x12F2E056: ??? (in /usr/lib64/libtevent.so.0.9.39)
==22502==    by 0x12F2925C: _tevent_loop_once (in /usr/lib64/libtevent.so.0.9.39)
==22502==    by 0x16A243: ??? (in /usr/sbin/winbindd)
==22502==    by 0x16AA04: ??? (in /usr/sbin/winbindd)
==22502==    by 0x12F29F68: tevent_common_invoke_immediate_handler (in /usr/lib64/libtevent.so.0.9.39)
==22502==    by 0x12F29F8F: tevent_common_loop_immediate (in /usr/lib64/libtevent.so.0.9.39)
==22502==    by 0x12F2FE3C: ??? (in /usr/lib64/libtevent.so.0.9.39)
==22502==    by 0x12F2E056: ??? (in /usr/lib64/libtevent.so.0.9.39)
==22502==    by 0x12F2925C: _tevent_loop_once (in /usr/lib64/libtevent.so.0.9.39)
==22502==    by 0x12F4C7: main (in /usr/sbin/winbindd)

You can find one for each string in pdb_copy_sam_account(), in total
this already has 67 MB in total for this valgrind run.

pdb_getsampwnam() -> memcache_add_talloc(NULL, PDB_GETPWSID_CACHE, ...)

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15169

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Sep 16 20:30:31 UTC 2022 on sn-devel-184

3 years agopytests:s4/dsdb/passwords: avoid unused imports
Douglas Bagnall [Thu, 15 Sep 2022 23:42:48 +0000 (11:42 +1200)] 
pytests:s4/dsdb/passwords: avoid unused imports

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Sep 16 06:47:43 UTC 2022 on sn-devel-184

3 years agopytests:s4/drs/getnc_schema: avoid unused imports
Douglas Bagnall [Thu, 15 Sep 2022 23:42:14 +0000 (11:42 +1200)] 
pytests:s4/drs/getnc_schema: avoid unused imports

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
3 years agopytests:s4/drs/repl_move: avoid unused and star imports
Douglas Bagnall [Thu, 15 Sep 2022 23:41:39 +0000 (11:41 +1200)] 
pytests:s4/drs/repl_move: avoid unused and star imports

Found the names using something like:

flake8 repl_move.py | \
  grep -oP "(?<=F405 ')[\w.]+" /tmp/repl_move | sort | uniq

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
3 years agopytests:s4/drs/repl_rodc: avoid unused imports
Douglas Bagnall [Thu, 15 Sep 2022 23:38:40 +0000 (11:38 +1200)] 
pytests:s4/drs/repl_rodc: avoid unused imports

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
3 years agopytests:s4/drs/linked_attributes_drs: avoid unused imports
Douglas Bagnall [Thu, 15 Sep 2022 23:38:08 +0000 (11:38 +1200)] 
pytests:s4/drs/linked_attributes_drs: avoid unused imports

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
3 years agopytests:s4/drs/ridalloc_exop: avoid unused imports
Douglas Bagnall [Thu, 15 Sep 2022 23:37:14 +0000 (11:37 +1200)] 
pytests:s4/drs/ridalloc_exop: avoid unused imports

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
3 years agopytests: remove backwards compat workaround for python 2.6
Douglas Bagnall [Thu, 15 Sep 2022 23:36:28 +0000 (11:36 +1200)] 
pytests: remove backwards compat workaround for python 2.6

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
3 years agopytest: samba-tool visualize: improve a message
Douglas Bagnall [Wed, 14 Sep 2022 09:12:47 +0000 (21:12 +1200)] 
pytest: samba-tool visualize: improve a message

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
3 years agosamba-tool: no stack trace on missing ldb tdb
Douglas Bagnall [Fri, 9 Sep 2022 04:13:12 +0000 (16:13 +1200)] 
samba-tool: no stack trace on missing ldb tdb

Now, in a testenv, if you forget to use '-s st/ad_dc/etc/smb.conf',
you only see this:

$ bin/samba-tool user rename  dsadsa
ldb: Unable to open tdb '$HERE/st/client/private/secrets.ldb': No such file or directory
ldb: Failed to connect to '$HERE/st/client/private/secrets.ldb' with backend 'tdb': Unable to open tdb '$HERE/st/client/private/secrets.ldb': No such file or directory
Could not find machine account in secrets database: Failed to fetch machine account password from secrets.ldb: Could not open secrets.ldb and failed to open $HERE/st/client/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO
ltdb: tdb($HERE/st/client/private/sam.ldb): tdb_open_ex: could not open file $HERE/st/client/private/sam.ldb: No such file or directory

Unable to open tdb '$HERE/st/client/private/sam.ldb': No such file or directory
Failed to connect to 'tdb://$HERE/st/client/private/sam.ldb' with backend 'tdb': Unable to open tdb '$HERE/st/client/private/sam.ldb': No such file or directory
ERROR(ldb): uncaught exception - Unable to open tdb '$HERE/st/client/private/sam.ldb': No such file or directory

rather than all that AND a stack trace.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
3 years agosamba-tool: write ERROR in red if colour is wanted
Douglas Bagnall [Fri, 9 Sep 2022 03:08:30 +0000 (15:08 +1200)] 
samba-tool: write ERROR in red if colour is wanted

Often we'll write something like

   ERROR: Unable to find user "potato"

which can get lost in the jumble of other output. With this patch, we
colour the word "ERROR" red but not the rest of the string, unless it is
determined that colour is not wanted (due to one of --color=never,
NO_COLOR=1, output is not a tty).

We choose to redden the word "ERROR" only to maintain legibility in the
actual message, while hopefully increasing the noticeability of the line.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
3 years agosamba-tool visualize: simplify --color-scheme calculations
Douglas Bagnall [Wed, 14 Sep 2022 06:23:16 +0000 (18:23 +1200)] 
samba-tool visualize: simplify --color-scheme calculations

If you ask for a --color-scheme, you are implicitly asking for --color.
That was documented in --help, but not followed here.

Now --color=no --color-scheme=ansi will use colour for the graph, but not
for other output. This might be useful when the graph is going to a
different place than everything else (`-o foo.txt > bar.txt`).

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
3 years agosamba-tool visualise: use global --color
Douglas Bagnall [Fri, 9 Sep 2022 02:56:08 +0000 (14:56 +1200)] 
samba-tool visualise: use global --color

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
3 years agopy:colour: is_colour_wanted() can take filenames
Douglas Bagnall [Sat, 10 Sep 2022 04:55:48 +0000 (16:55 +1200)] 
py:colour: is_colour_wanted() can take filenames

We need this for `samba-tool visualize -o -` which means output to
stdout, and which has always had a tty test for colour. Rather than
continue to duplicate the full logic there, we can reuse this.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
3 years agosamba-tool: --color=auto looks at stderr and stdout
Douglas Bagnall [Fri, 9 Sep 2022 03:24:29 +0000 (15:24 +1200)] 
samba-tool: --color=auto looks at stderr and stdout

More often than not we are using colour in stderr, but are deciding
based on stdout's tty-ness. This patch changes to use both, and will
affect the following situation:

 samba-tool  2>/tmp/errors   # used to be colour, now not.

of course, if you want colour, you can always

 samba-tool --color=yes 2>/tmp/errors

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
3 years agosamba-tool drs showrepl: use global --color option
Douglas Bagnall [Fri, 9 Sep 2022 02:50:13 +0000 (14:50 +1200)] 
samba-tool drs showrepl: use global --color option

This changes the default from --color=no to --color=auto.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
3 years agosamba-tool: save --color choice for subcommands
Douglas Bagnall [Fri, 9 Sep 2022 02:38:18 +0000 (14:38 +1200)] 
samba-tool: save --color choice for subcommands

In particular, visualize needs it to decide colour for an output
file that may or may not be stdout, so it needs to make its own
decision for that file.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
3 years agosamba-tool: make --color a general option
Douglas Bagnall [Fri, 9 Sep 2022 02:48:29 +0000 (14:48 +1200)] 
samba-tool: make --color a general option

We don't put --color into options.SambaOptions because we can't handle
the 'auto' case in the options module without knowing whether or not
self.outf is a tty, and a) this might not be resolved and b) is fiddly
to pass through.

The .use_colour class flag allows samba-tool subcommands to avoid having
--color, and is *also* useful in the short term for visualise and drs
commands to avoid having this --color clobber their own bespoke versions
(temporarily, during the transition).

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
3 years agopy:colour: colour_if_wanted() returns the result
Douglas Bagnall [Fri, 9 Sep 2022 02:35:12 +0000 (14:35 +1200)] 
py:colour: colour_if_wanted() returns the result

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
3 years agopytest: samba-tool visualize: fix filename
Douglas Bagnall [Wed, 14 Sep 2022 05:36:08 +0000 (17:36 +1200)] 
pytest: samba-tool visualize: fix filename

Overwriting the other file was harmless but misleading.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
3 years agolibcli/auth/proto.h: remove unneeded path details.
Douglas Bagnall [Thu, 17 Dec 2020 01:34:50 +0000 (14:34 +1300)] 
libcli/auth/proto.h: remove unneeded path details.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
3 years agoldb: ldb_build_search_req() check for a talloc failure
Douglas Bagnall [Wed, 31 Aug 2022 03:42:46 +0000 (15:42 +1200)] 
ldb: ldb_build_search_req() check for a talloc failure

The failure in question would have to be a `talloc_strdup(dn, "")` in
ldb_dn_from_ldb_val().

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
3 years agos4/server: stop suggesting ntvfs in error message
Douglas Bagnall [Tue, 16 Aug 2022 22:12:28 +0000 (10:12 +1200)] 
s4/server: stop suggesting ntvfs in error message

I am not sure about the rpc proxy.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
3 years agolibaddns: remove duplicate declaration
Douglas Bagnall [Fri, 2 Jul 2021 03:45:45 +0000 (15:45 +1200)] 
libaddns: remove duplicate declaration

Also declared on line 257, exactly the same.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
3 years agopytest/password_lockout: be less verbose by default
Douglas Bagnall [Thu, 8 Sep 2022 02:32:13 +0000 (14:32 +1200)] 
pytest/password_lockout: be less verbose by default

leaving the carefully constructed verbosity there for whoever choses
to switch it on.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
3 years agosamba-tool: simplify and clarify SuperCommand._run() a little
Douglas Bagnall [Wed, 7 Sep 2022 03:41:17 +0000 (15:41 +1200)] 
samba-tool: simplify and clarify SuperCommand._run() a little

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
3 years agoctdb-tests: Reformat remaining test stubs with "shfmt -w -p -i 0 -fn"
Martin Schwenke [Thu, 25 Aug 2022 23:16:49 +0000 (09:16 +1000)] 
ctdb-tests: Reformat remaining test stubs with "shfmt -w -p -i 0 -fn"

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Fri Sep 16 04:35:09 UTC 2022 on sn-devel-184

3 years agoctdb-tests: Include eventscript stub commands in shellcheck test
Martin Schwenke [Wed, 17 Aug 2022 23:36:08 +0000 (09:36 +1000)] 
ctdb-tests: Include eventscript stub commands in shellcheck test

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
3 years agoctdb-tests: Avoid shellcheck warnings in remaining test stubs
Martin Schwenke [Wed, 17 Aug 2022 22:59:28 +0000 (08:59 +1000)] 
ctdb-tests: Avoid shellcheck warnings in remaining test stubs

A small amount of effort...

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
3 years agoctdb-scripts: Simplify determination of real interface
Martin Schwenke [Wed, 17 Aug 2022 01:38:44 +0000 (11:38 +1000)] 
ctdb-scripts: Simplify determination of real interface

This can now be made trivial.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
3 years agoctdb-tests: Implement "ip -brief link show" in ip stub
Martin Schwenke [Wed, 17 Aug 2022 01:37:56 +0000 (11:37 +1000)] 
ctdb-tests: Implement "ip -brief link show" in ip stub

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
3 years agoctdb-tests: Avoid ShellCheck warnings
Martin Schwenke [Wed, 17 Aug 2022 02:12:30 +0000 (12:12 +1000)] 
ctdb-tests: Avoid ShellCheck warnings

Although this is a test stub, it is complicated enough to encourage
ShellCheck cleanliness.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
3 years agoctdb-tests: Reformat script with "shfmt -w -p -i 0 -fn"
Martin Schwenke [Wed, 17 Aug 2022 01:41:33 +0000 (11:41 +1000)] 
ctdb-tests: Reformat script with "shfmt -w -p -i 0 -fn"

As per current Samba convention.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
3 years agoctdb-scripts: Drop assumption that there are VLANs with no '@'
Martin Schwenke [Wed, 17 Aug 2022 01:04:10 +0000 (11:04 +1000)] 
ctdb-scripts: Drop assumption that there are VLANs with no '@'

VLAN configuration on Linux often uses a convention of naming a VLAN
on <iface> with VLAN ID <tag> as <iface>.<tag>.  To be able to monitor
the underlying interface, the original 10.interface code naively
simply stripped off the '.' and everything after (i.e. ".*", as a glob
pattern).

Some users do not use the above convention.  A VLAN can be named
without including the underlying interface, but still with a
tag (e.g. vlan<tag> - the word "vlan" following by the tag) or, more
generally, perhaps without a tag (e.g. <vlan> - an arbitrary name).
The ip(8) command lists a VLAN as <vlan>@<iface>.  The underlying
interface can be found by stripping everything up to and including an
'@' (i.e. "*@").

Commit bc71251433ce618c95c674d7cbe75b01a94adad9 added support for
stripping "*@".  However, on suspicion, it kept support for the case
where there is no '@', falling back to stripping ".*".  If ip(8) ever
did this then it was a long time ago - it has been printing a format
including '@' since at least 2004.

Stripping ".*" interferes with interesting administrative decisions,
like having '.' in interface names.

So, drop the fallback to stripping ".*" because it appears to be
unnecessary and can cause inconvenience.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
3 years agoCVE-2020-25720 s4:dsdb/descriptor: explain lack of dSHeuristics check
Andrew Bartlett [Fri, 16 Sep 2022 02:18:37 +0000 (14:18 +1200)] 
CVE-2020-25720 s4:dsdb/descriptor: explain lack of dSHeuristics check

It is strange that sDRightsEffective pays no attention to the
dSHeuristics flags.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14810

Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Sep 16 03:31:42 UTC 2022 on sn-devel-184

3 years agoCVE-2020-25720 s4:dsdb/descriptor: Validate owner SIDs written to security descriptors
Joseph Sutton [Thu, 5 May 2022 05:21:42 +0000 (17:21 +1200)] 
CVE-2020-25720 s4:dsdb/descriptor: Validate owner SIDs written to security descriptors

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14810

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
3 years agoCVE-2020-25720 s4-acl: Omit sDRightsEffective for computers unless all rights are...
Joseph Sutton [Thu, 5 May 2022 07:30:13 +0000 (19:30 +1200)] 
CVE-2020-25720 s4-acl: Omit sDRightsEffective for computers unless all rights are granted

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14810

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
3 years agoCVE-2020-25720: s4-acl: Owner no longer has implicit Write DACL
Nadezhda Ivanova [Fri, 22 Oct 2021 18:33:03 +0000 (21:33 +0300)] 
CVE-2020-25720: s4-acl: Owner no longer has implicit Write DACL

The implicit right of an object's owner to modify its security
descriptor no longer exists, according to the new access rules. However,
we continue to grant this implicit right for fileserver access checks.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14810

Signed-off-by: Nadezhda Ivanova <nivanova@symas.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
3 years agoCVE-2020-25720 s4:ntvfs: Use se_file_access_check() to check file access rights
Joseph Sutton [Mon, 5 Sep 2022 02:53:26 +0000 (14:53 +1200)] 
CVE-2020-25720 s4:ntvfs: Use se_file_access_check() to check file access rights

se_access_check() will be changed in a following commit to remove the
implicit WRITE_DAC right that comes with being the owner of an object.
We want to keep this implicit right for file access, and by using
se_file_access_check() we can preserve the existing behaviour.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14810

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
3 years agoCVE-2020-25720: s4-acl: Adjusted some tests to work with the new behavior
Nadezhda Ivanova [Fri, 22 Oct 2021 18:10:35 +0000 (21:10 +0300)] 
CVE-2020-25720: s4-acl: Adjusted some tests to work with the new behavior

Test using non-priviledged accounts now need to make sure they have
WP access on the prvided attributes, or Write-DACL
Some test create organizational units with a specific SD, and those now
need the user to have WD or else they give errors

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14810

Signed-off-by: Nadezhda Ivanova <nivanova@symas.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
3 years agoCVE-2020-25720: s4-acl: Change behavior of Create Children check
Nadezhda Ivanova [Mon, 25 Oct 2021 10:10:56 +0000 (13:10 +0300)] 
CVE-2020-25720: s4-acl: Change behavior of Create Children check

Up to now, the rights to modify an attribute were not checked during an LDAP
add operation. This means that even if a user has no right to modify
an attribute, they can still specify any value during object creation,
and the validated writes were not checked.
This patch changes this behavior. During an add operation,
a security descriptor is created that does not include the one provided by the
user, and is used to verify that the user has the right to modify the supplied attributes.
Exception is made for an object's mandatory attributes, and if the user has Write DACL right,
further checks are skipped.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14810

Pair-Programmed-With: Joseph Sutton <josephsutton@catalyst.net.nz>

Signed-off-by: Nadezhda Ivanova <nivanova@symas.com>
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
3 years agoCVE-2020-25720: s4-acl: Move definition of acl_check_self_membership()
Joseph Sutton [Fri, 22 Apr 2022 03:01:00 +0000 (15:01 +1200)] 
CVE-2020-25720: s4-acl: Move definition of acl_check_self_membership()

This allows us to make use of it in acl_add().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14810

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
3 years agoCVE-2020-25720 s4-acl: Test Create Child permission should not allow full write to...
Nadezhda Ivanova [Mon, 25 Oct 2021 08:34:57 +0000 (11:34 +0300)] 
CVE-2020-25720 s4-acl: Test Create Child permission should not allow full write to all attributes

Up to now, the rights to modify an attribute were not checked during an LDAP
add operation. This means that even if a user has no right to modify
an attribute, they can still specify any value during object creation,
and the validated writes were not checked.
This patch includes tests for the proposed change of behavior.
test_add_c3 and c4 pass, because mandatory attributes can still be
set, and in the old behavior SD permissions were irrelevant

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14810

Pair-Programmed-With: Joseph Sutton <josephsutton@catalyst.net.nz>

Signed-off-by: Nadezhda Ivanova <nivanova@symas.com>
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
3 years agoCVE-2020-25720 pydsdb: Add AD schema GUID constants
Joseph Sutton [Wed, 14 Sep 2022 01:21:34 +0000 (13:21 +1200)] 
CVE-2020-25720 pydsdb: Add AD schema GUID constants

This helps reduce the profusion of magic constant values in Python
tests.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14810

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
3 years agoCVE-2020-25720 pydsdb: Add dsHeuristics constant definitions
Joseph Sutton [Tue, 6 Sep 2022 07:23:13 +0000 (19:23 +1200)] 
CVE-2020-25720 pydsdb: Add dsHeuristics constant definitions

We want to be able to use these values in Python tests.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14810

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
3 years agoCVE-2020-25720 s4/dsdb/util: Add functions for dsHeuristics 28, 29
Joseph Sutton [Thu, 28 Apr 2022 08:34:36 +0000 (20:34 +1200)] 
CVE-2020-25720 s4/dsdb/util: Add functions for dsHeuristics 28, 29

These are the newly-added AttributeAuthorizationOnLDAPAdd and
BlockOwnerImplicitRights.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14810

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
3 years agoCVE-2020-25720 python:tests: Ensure that access checks don't succeed
Joseph Sutton [Sat, 30 Apr 2022 01:55:39 +0000 (13:55 +1200)] 
CVE-2020-25720 python:tests: Ensure that access checks don't succeed

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14810

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
3 years agoCVE-2020-25720 s4:tests/sec_descriptor: Add missing security descriptor modify
Joseph Sutton [Thu, 28 Apr 2022 09:00:56 +0000 (21:00 +1200)] 
CVE-2020-25720 s4:tests/sec_descriptor: Add missing security descriptor modify

The variable sub_sddl1 previously went unused, so this call to
modify_sd_on_dn() was presumably intended to go here.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14810

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
3 years agos3: libsmb: In cli_posix_open_internal_send() (SMBtrans2:TRANSACT2_SETPATHINFO) check...
Jeremy Allison [Fri, 9 Sep 2022 17:29:30 +0000 (10:29 -0700)] 
s3: libsmb: In cli_posix_open_internal_send() (SMBtrans2:TRANSACT2_SETPATHINFO) check for DFS pathname.

See smbtorture3: SMB1-DFS-PATHS: test_smb1_setpathinfo_XXXX()

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Sep 15 19:44:00 UTC 2022 on sn-devel-184

3 years agos3: libsmb: In cli_qpathinfo_send() (SMBtrans2:TRANSACT2_QPATHINFO) check for DFS...
Jeremy Allison [Fri, 9 Sep 2022 16:40:12 +0000 (09:40 -0700)] 
s3: libsmb: In cli_qpathinfo_send() (SMBtrans2:TRANSACT2_QPATHINFO) check for DFS pathname.

See smbtorture3: SMB1-DFS-PATHS: test_smb1_qpathinfo()

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
3 years agos3: libsmb: In cli_set_ea_path() (SMBtrans2:TRANSACT2_SETPATHINFO) check for DFS...
Jeremy Allison [Thu, 8 Sep 2022 23:21:20 +0000 (16:21 -0700)] 
s3: libsmb: In cli_set_ea_path() (SMBtrans2:TRANSACT2_SETPATHINFO) check for DFS pathname.

See smbtorture3: SMB1-DFS-PATHS: test_smb1_setpathinfo_XXXX()

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
3 years agos3: libsmb: In cli_ctemp_send() (SMBctemp) check for DFS pathname.
Jeremy Allison [Thu, 8 Sep 2022 21:28:41 +0000 (14:28 -0700)] 
s3: libsmb: In cli_ctemp_send() (SMBctemp) check for DFS pathname.

smbtorture3: SMB1-DFS-OPERATIONS: test_smb1_ctemp() shows
SMBctemp uses DFS paths.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
3 years agos3: libsmb: In cli_chkpath_send() (SMBcheckpath) check for DFS pathname.
Jeremy Allison [Thu, 8 Sep 2022 19:25:49 +0000 (12:25 -0700)] 
s3: libsmb: In cli_chkpath_send() (SMBcheckpath) check for DFS pathname.

smbtorture3: SMB1-DFS-OPERATIONS: test_smb1_chkpath() shows
SMBcheckpath uses DFS paths.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
3 years agos3: libsmb: In cli_setatr_send() (SMBsetatr) check for DFS pathname.
Jeremy Allison [Thu, 8 Sep 2022 18:53:33 +0000 (11:53 -0700)] 
s3: libsmb: In cli_setatr_send() (SMBsetatr) check for DFS pathname.

smbtorture3: SMB1-DFS-OPERATIONS: test_smb1_setatr() shows
SMBsetatr uses DFS paths.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
3 years agos3: libsmb: In cli_getatr_send() (SMBgetatr) check for DFS pathname.
Jeremy Allison [Thu, 8 Sep 2022 16:50:56 +0000 (09:50 -0700)] 
s3: libsmb: In cli_getatr_send() (SMBgetatr) check for DFS pathname.

smbtorture3: SMB1-DFS-OPERATIONS: test_smb1_getatr() shows
SMBgetatr uses DFS paths.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
3 years agos3: libsmb: In cli_openx_create() (SMBopenX) check for DFS pathname.
Jeremy Allison [Wed, 7 Sep 2022 19:52:42 +0000 (12:52 -0700)] 
s3: libsmb: In cli_openx_create() (SMBopenX) check for DFS pathname.

smbtorture3: SMB1-DFS-OPERATIONS: test_smb1_openx() shows
SMBopenX uses DFS paths.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
3 years agos3: libsmb: In cli_nttrans_create_send() (SMBnttrans:NT_TRANSACT_CREATE) check for...
Jeremy Allison [Wed, 7 Sep 2022 19:05:53 +0000 (12:05 -0700)] 
s3: libsmb: In cli_nttrans_create_send() (SMBnttrans:NT_TRANSACT_CREATE) check for DFS pathname.

smbtorture3: SMB1-DFS-OPERATIONS: test_smb1_nttrans_create() shows
SMBnttrans:NT_TRANSACT_CREATE uses DFS paths.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
3 years agos3: libsmb: In cli_ntcreate1_send() (SMBntcreateX) check for DFS pathname.
Jeremy Allison [Wed, 7 Sep 2022 18:26:46 +0000 (11:26 -0700)] 
s3: libsmb: In cli_ntcreate1_send() (SMBntcreateX) check for DFS pathname.

smbtorture3: SMB1-DFS-OPERATIONS: test_smb1_ntcreatex() shows
SMBntcreateX uses DFS paths.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
3 years agos3: libsmb: In cli_rmdir_send() (SMBrmdir) check for DFS pathname.
Jeremy Allison [Wed, 7 Sep 2022 17:47:37 +0000 (10:47 -0700)] 
s3: libsmb: In cli_rmdir_send() (SMBrmdir) check for DFS pathname.

smbtorture3: SMB1-DFS-OPERATIONS: test_smb1_rmdir() shows
SMBrmdir uses DFS paths.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
3 years agos3: libsmb: In cli_mkdir_send() (SMBmkdir) check for DFS pathname.
Jeremy Allison [Wed, 7 Sep 2022 17:45:01 +0000 (10:45 -0700)] 
s3: libsmb: In cli_mkdir_send() (SMBmkdir) check for DFS pathname.

smbtorture3: SMB1-DFS-OPERATIONS: test_smb1_mkdir() shows
SMBmkdir uses DFS paths.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
3 years agos3: libsmb: In cli_unlink_send() (SMBunlink) check for DFS pathname.
Jeremy Allison [Wed, 7 Sep 2022 00:26:58 +0000 (17:26 -0700)] 
s3: libsmb: In cli_unlink_send() (SMBunlink) check for DFS pathname.

smbtorture3: SMB1-DFS-OPERATIONS: test_smb1_unlink() shows
SMBunlink uses DFS paths.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
3 years agos3: libsmb: In cli_ntrename_internal_send() (SMBntrename) check for DFS dst pathname.
Jeremy Allison [Fri, 2 Sep 2022 20:18:06 +0000 (13:18 -0700)] 
s3: libsmb: In cli_ntrename_internal_send() (SMBntrename) check for DFS dst pathname.

See smbtorture3: SMB1-DFS-PATHS: test_smb1_ntrename_rename().
and smbtorture3: SMB1-DFS-PATHS: test_smb1_ntrename_hardlink().

Remove the old code that stripped a DFS name from the
destination filename, and go through smb1_dfs_share_path()
as we did for fname_src in the last commit.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
3 years agos3: libsmb: In cli_ntrename_internal_send() (SMBntrename) check for DFS source pathname.
Jeremy Allison [Fri, 2 Sep 2022 20:12:51 +0000 (13:12 -0700)] 
s3: libsmb: In cli_ntrename_internal_send() (SMBntrename) check for DFS source pathname.

smbtorture3: SMB1-DFS-PATHS: test_smb1_ntrename_rename() shows
SMBntrename uses DFS for src and dst.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
3 years agos3: libsmb: In cli_cifs_rename_send() (SMBmv) check for DFS dst pathname.
Jeremy Allison [Fri, 2 Sep 2022 19:40:19 +0000 (12:40 -0700)] 
s3: libsmb: In cli_cifs_rename_send() (SMBmv) check for DFS dst pathname.

See smbtorture3: SMB1-DFS-PATHS: test_smb1_mv().

Remove the old code that stripped a DFS name from the
destination filename, and go through smb1_dfs_share_path()
as we did for fname_src in the last commit.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
3 years agos3: libsmb: In cli_cifs_rename_send() (SMBmv) check for DFS source pathname.
Jeremy Allison [Fri, 2 Sep 2022 19:33:48 +0000 (12:33 -0700)] 
s3: libsmb: In cli_cifs_rename_send() (SMBmv) check for DFS source pathname.

smbtorture3: SMB1-DFS-PATHS: test_smb1_mv() shows
SMBmv uses DFS for src and dst.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
3 years agos3: libsmb: Make cli_setpathinfo_send() (SMBtrans2: TRANSACT2_SETPATHINFO) DFS path...
Jeremy Allison [Fri, 2 Sep 2022 19:27:36 +0000 (12:27 -0700)] 
s3: libsmb: Make cli_setpathinfo_send() (SMBtrans2: TRANSACT2_SETPATHINFO) DFS path aware.

See smbtorture3: SMB1-DFS-PATHS: test_smb1_setpathinfo_XXXX()

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
3 years agos3: smbcacls: Now cli_resolve_path() and cli_list() can handle DFS names we no longer...
Jeremy Allison [Fri, 2 Sep 2022 18:46:08 +0000 (11:46 -0700)] 
s3: smbcacls: Now cli_resolve_path() and cli_list() can handle DFS names we no longer need local_cli_resolve_path().

Remove local_cli_resolve_path(). No more special treatment for DFS names in smbcacls.

Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Noel Power <noel.power@suse.com>
3 years agos3: libsmb: Fix cli_resolve_path() to cope with DFS paths passed in as well as local...
Jeremy Allison [Fri, 2 Sep 2022 18:44:47 +0000 (11:44 -0700)] 
s3: libsmb: Fix cli_resolve_path() to cope with DFS paths passed in as well as local paths.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
3 years agos3: libsmb: Fix SMB1 cli_list_old_send() to cope with DFS paths.
Jeremy Allison [Thu, 1 Sep 2022 23:12:35 +0000 (16:12 -0700)] 
s3: libsmb: Fix SMB1 cli_list_old_send() to cope with DFS paths.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
3 years agos3: libsmb: Fix SMB1 cli_list_trans_send() (SMBtrans2:TRANSACT2_FINDFIRST) to cope...
Jeremy Allison [Thu, 1 Sep 2022 23:10:49 +0000 (16:10 -0700)] 
s3: libsmb: Fix SMB1 cli_list_trans_send() (SMBtrans2:TRANSACT2_FINDFIRST) to cope with DFS paths.

See smbtorture3: SMB1-DFS-SEARCH-PATHS: test_smb1_findfirst_path

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
3 years agos3: libsmb: Add smb1_dfs_share_path() to convert a name into a DFS path if needed.
Jeremy Allison [Thu, 1 Sep 2022 23:07:10 +0000 (16:07 -0700)] 
s3: libsmb: Add smb1_dfs_share_path() to convert a name into a DFS path if needed.

Not yet used.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
3 years agos3: libsmb: For SMB2 opens on a DFS share, convert to a DFS path if not already done.
Jeremy Allison [Thu, 1 Sep 2022 22:32:40 +0000 (15:32 -0700)] 
s3: libsmb: For SMB2 opens on a DFS share, convert to a DFS path if not already done.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
3 years agos3: libsmb: Add cli_dfs_is_already_full_path() function.
Jeremy Allison [Fri, 19 Aug 2022 21:59:04 +0000 (14:59 -0700)] 
s3: libsmb: Add cli_dfs_is_already_full_path() function.

Returns true if it's already a fully qualified DFS path.

Not yet used.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
3 years agos3: libsmb: In cli_list_old_send(), push state->mask into the packet, not just mask.
Jeremy Allison [Thu, 1 Sep 2022 23:07:34 +0000 (16:07 -0700)] 
s3: libsmb: In cli_list_old_send(), push state->mask into the packet, not just mask.

This doesn't matter right now, but it will when I
add DFS path awareness to cli_list().

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
3 years agos3: libsmb: Make cli_state_save_tcon()/cli_state_restore_tcon() static.
Jeremy Allison [Wed, 24 Aug 2022 00:40:55 +0000 (17:40 -0700)] 
s3: libsmb: Make cli_state_save_tcon()/cli_state_restore_tcon() static.

There are no external callers.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
3 years agos3: smbcacls: In cli_lsa_lookup_domain_sid(), replace cli_state_save_tcon()/cli_state...
Jeremy Allison [Wed, 24 Aug 2022 00:37:48 +0000 (17:37 -0700)] 
s3: smbcacls: In cli_lsa_lookup_domain_sid(), replace cli_state_save_tcon()/cli_state_restore_tcon() with cli_state_save_tcon_share()/cli_state_restore_tcon_share().

There are now no more external users of cli_state_save_tcon()/cli_state_restore_tcon()
so we can make them static.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
3 years agos3: utils: In show_userlist() replace cli_state_save_tcon()/cli_state_restore_tcon...
Jeremy Allison [Wed, 24 Aug 2022 00:34:43 +0000 (17:34 -0700)] 
s3: utils: In show_userlist() replace cli_state_save_tcon()/cli_state_restore_tcon() with cli_state_save_tcon_share()/cli_state_restore_tcon_share().

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
3 years agos3: torture: In run_tcon_test() replace cli_state_save_tcon()/cli_state_restore_tcon...
Jeremy Allison [Wed, 24 Aug 2022 00:32:46 +0000 (17:32 -0700)] 
s3: torture: In run_tcon_test() replace cli_state_save_tcon()/cli_state_restore_tcon() with cli_state_save_tcon_share()/cli_state_restore_tcon_share().

Also fix a comment in run_uid_regression_test().

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
3 years agos3: torture: In run_smb2_basic(), replace cli_state_save_tcon()/cli_state_restore_tco...
Jeremy Allison [Wed, 24 Aug 2022 00:30:14 +0000 (17:30 -0700)] 
s3: torture: In run_smb2_basic(), replace cli_state_save_tcon()/cli_state_restore_tcon() with cli_state_save_tcon_share()/cli_state_restore_tcon_share().

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
3 years agos3: libsmb: In cli_check_msdfs_proxy() replace cli_state_save_tcon()/cli_state_restor...
Jeremy Allison [Wed, 24 Aug 2022 00:28:21 +0000 (17:28 -0700)] 
s3: libsmb: In cli_check_msdfs_proxy() replace cli_state_save_tcon()/cli_state_restore_tcon() with cli_state_save_tcon_share()/cli_state_restore_tcon_share().

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
3 years agos3: libsmb: In cli_lsa_lookup_name() replace cli_state_save_tcon()/cli_state_restore_...
Jeremy Allison [Wed, 24 Aug 2022 00:25:40 +0000 (17:25 -0700)] 
s3: libsmb: In cli_lsa_lookup_name() replace cli_state_save_tcon()/cli_state_restore_tcon() with cli_state_save_tcon_share()/cli_state_restore_tcon_share().

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
3 years agos3: libsmb: In cli_lsa_lookup_sid() replace cli_state_save_tcon()/cli_state_restore_t...
Jeremy Allison [Wed, 24 Aug 2022 00:18:16 +0000 (17:18 -0700)] 
s3: libsmb: In cli_lsa_lookup_sid() replace cli_state_save_tcon()/cli_state_restore_tcon() with cli_state_save_tcon_share()/cli_state_restore_tcon_share().

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
3 years agos3: libsmb: Add pair cli_state_save_tcon_share()/cli_state_restore_tcon_share().
Jeremy Allison [Wed, 24 Aug 2022 00:13:58 +0000 (17:13 -0700)] 
s3: libsmb: Add pair cli_state_save_tcon_share()/cli_state_restore_tcon_share().

Wraps cli_state_save_tcon()//cli_state_restore_tcon() but
also returns cli->sharename.

We are going to replace all uses of cli_state_save_tcon()/cli_state_restore_tcon()
so we also save/restore the cli->share for DFS purposes.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviwed-by: Noel Power <npower@samba.org>
3 years agos3: libsmb: Cleanup - remove unused fname_src parameter from cli_dfs_target_check().
Jeremy Allison [Fri, 2 Sep 2022 18:00:09 +0000 (11:00 -0700)] 
s3: libsmb: Cleanup - remove unused fname_src parameter from cli_dfs_target_check().

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>