Andrew Bartlett [Wed, 3 Jun 2020 04:16:49 +0000 (16:16 +1200)]
Remove outdated install_with_python.sh
This was a cludge to help get past the need for Python on
the Samba build farm in particular. We now need Python3
by default so clearly this has not been used in quite some
time so is safe to remove.
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Andrew Bartlett [Wed, 3 Jun 2020 04:06:34 +0000 (16:06 +1200)]
build: Put the note from the bottom of the old BUILD_SYSTEMS.txt somewhere useful
This statement on how we handle --with options is best placed near where
the options are set, so developers see it when trying to choose the
correct thing to do.
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Match Windows behavior and allow the forwardable flag to be
set in cross-realm tickets. We used to allow forwardable to
any server, but now that we apply disallow-forwardable policy
in heimdal we need to explicitly allow in the corss-realm case
(and remove the workaround we have for it the MIT plugin).
Signed-off-by: Isaac Boukris <iboukris@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Jun 12 22:10:34 UTC 2020 on sn-devel-184
Rowland Penny [Fri, 5 Jun 2020 06:56:21 +0000 (07:56 +0100)]
samba-tool dns query --help: Someone forgot 'PTR' from the list of record types
Signed-off-by: Rowland Penny <rpenny@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jun 11 04:37:37 UTC 2020 on sn-devel-184
Isaac Boukris [Mon, 12 Nov 2018 10:26:25 +0000 (12:26 +0200)]
kdc: allow checksum of PA-FOR-USER to be HMAC_MD5
even if the tgt session key uses different hmac.
Per [MS-SFU] 2.2.1 PA-FOR-USER the checksum is
always HMAC_MD5, and that's what windows 7 client
and MIT client send.
In heimdal both the client and kdc use the checksum of
the tgt key instead and therefore work with each other
but windows and MIT clients fail against heimdal KDC.
Windows KDC allows either checksum (HMAC_MD5 or from
tgt) so we should do the same to support all clients.
Signed-off-by: Isaac Boukris <iboukris@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Jun 11 02:48:58 UTC 2020 on sn-devel-184
Volker Lendecke [Fri, 5 Jun 2020 13:09:44 +0000 (15:09 +0200)]
smbclient: Simplify do_list()
With the DLIST-based work queue we don't need to protect the "list
head" from reallocation anymore
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jun 10 23:43:04 UTC 2020 on sn-devel-184
Volker Lendecke [Fri, 5 Jun 2020 12:04:08 +0000 (14:04 +0200)]
smbclient: Align integer types
gcc complained that the if-condition compared unsigned rb_size with a
signed value. Somehow through the arithmetic the uint16_t's got
promoted to integer.
Also, avoid some printf casts
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
s3/torture: test rbtree TDB_INSERT and TDB_MODIFY flags
Confirm that record overwrite with TDB_INSERT and record insert with
TDB_MODIFY both fail with appropriate error values.
Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jun 10 20:28:45 UTC 2020 on sn-devel-184
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Jun 10 10:10:16 UTC 2020 on sn-devel-184
Andrew Bartlett [Wed, 3 Jun 2020 00:33:50 +0000 (12:33 +1200)]
Add docs build to CI
We did not check we could actually build the HTML of the
Samba Developers guide and HTML of the manpages previously.
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Jun 10 07:11:59 UTC 2020 on sn-devel-184
Martin Schwenke [Fri, 5 Jun 2020 12:05:42 +0000 (22:05 +1000)]
util: Reallocate larger buffer if getpwuid_r() returns ERANGE
Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Tue Jun 9 21:07:24 UTC 2020 on sn-devel-184
Martin Schwenke [Tue, 9 Jun 2020 01:52:50 +0000 (11:52 +1000)]
util: Simplify input validation
It appears that snprintf(3) is being used for input validation.
However, this seems like overkill because it causes szPath to be
copied an extra time. The mostly likely protections being sought
here, according to https://cwe.mitre.org/data/definitions/20.html,
look to be DoS attacks involving CPU and memory usage. A simpler
check that uses strnlen(3) can mitigate against both of these and is
simpler.
Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Volker Lendecke <vl@samba.org>
All AD servers support "GSS-SPNEGO". So we better
remove code that doesn't use gensec.
If we ever need this back we could use the
"gssapi_krb5_sasl" gensec module explicit
or just pass the SASL mech list to gensec.
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Isaac Boukris <iboukris@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Jun 9 17:24:31 UTC 2020 on sn-devel-184
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Jun 5 13:17:55 UTC 2020 on sn-devel-184
Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Jun 5 11:54:06 UTC 2020 on sn-devel-184
Björn Baumbach [Thu, 4 Jun 2020 13:41:34 +0000 (15:41 +0200)]
s4-auth/unix_token: add new function auth_session_info_set_unix()
Used to fill the unix info in a struct auth_session_info similar to
auth_session_info_fill_unix().
The new auth_session_info_set_unix() receives the uid and gid for
the unix token as an parameter. It does not query the unix token from
winbind (via security_token_to_unix_token()).
This is useful to fill a user session info manually if winbind is not
available.
Volker Lendecke [Thu, 4 Jun 2020 13:29:48 +0000 (15:29 +0200)]
libsmb: Remove unused cli_smb2_qfileinfo_basic()
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jun 4 18:36:17 UTC 2020 on sn-devel-184
Volker Lendecke [Thu, 4 Jun 2020 06:38:31 +0000 (08:38 +0200)]
libsmb: Use SMBgetattrE in cli_qfileinfo_basic_send() if necessary
This is a behaviour change: Before this patch, independent of the actual
protocol we tried to do the trans2 getinfo call. All the remaining callers just
do a direct fallback to SMBgetattrE when that fails without even looking at the
error code. Here we deterministically decide after the negotiated protocol
which flavour to use without a fallback.
It *might* be relevant for very old embedded systems that we don't know, but if
we break something we can easily fix it.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 3 Jun 2020 15:56:53 +0000 (17:56 +0200)]
net: Copy hires timestamps in net_copy_fileattr()
In this routine we're using cli_ntcreate, so I would assume the hires
timestamp calls to be available. My goal is to reduce the use of the
second-resolution calls and potentially push their fallback use into
clifile.c.
Only tested manually.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Andrew Bartlett [Tue, 2 Jun 2020 21:46:30 +0000 (21:46 +0000)]
Update SECURITY.md to point to security releases
Signed-off-by: Andrew Bartlet <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Jun 3 15:55:10 UTC 2020 on sn-devel-184
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Jun 3 06:19:21 UTC 2020 on sn-devel-184