kdc: warn if DES-only keys enforced on the account
With MIT Kerberos 1.21+ DES is not available by default and will be
refused. This means userAccountFlags with UF_DES_KEYS_ONLY will result
in a likely authentication falure (unless allow_des=true is set in
krb5.conf).
Warn about such cases to give admins yet another chance to detect an
error in setting userAccountFlags.
Signed-off-by: Alexander Bokovoy <ab@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Alexander Bokovoy <ab@samba.org>
Autobuild-Date(master): Sat Aug 17 11:59:01 UTC 2024 on atb-devel-224
Anoop C S [Wed, 14 Aug 2024 14:19:04 +0000 (19:49 +0530)]
docs-xml: Fix script location in syncmachinepasswordscript.xml
Update the change in installation path for winbind_ctdb_updatekeytab.sh
from SAMBA_DATADIR to newly defined CTDB_DATADIR.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15689 Signed-off-by: Anoop C S <anoopcs@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org> Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Fri Aug 16 09:49:30 UTC 2024 on atb-devel-224
Anoop C S [Wed, 14 Aug 2024 14:17:35 +0000 (19:47 +0530)]
source3/script: Fix installation of winbind_ctdb_updatekeytab.sh
winbind_ctdb_updatekeytab.sh assumes the presence `onnode` utility to
execute `net ads` command on all nodes in the cluster. But `onnode`
is only built when configured with clustering support. Therefore perform
the script installation only with ctdb configuration. Also fix the
installation path to /usr/share/ctdb/scripts.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15689 Signed-off-by: Anoop C S <anoopcs@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org> Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Aug 13 22:29:28 UTC 2024 on atb-devel-224
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Aug 13 15:27:26 UTC 2024 on atb-devel-224
Shachar Sharon [Mon, 5 Aug 2024 13:21:10 +0000 (16:21 +0300)]
vfs_ceph_new: use 'ceph_new' for config-param prefix
Use explicit 'ceph_new' prefix to each of the ceph specific config
parameters to avoid confusion with legacy 'vfs_ceph' module. Hence,
users will have in their smb.conf a format similar to:
Take special care for readdir errno setting: in case of error, update
errno by libcephfs (and protect from possible over-write by debug
logging); in the case of successful result or end-of-stream restore
errno to its previous value before calling the readdir_fn VFS hook.
vfs_ceph{_new}: do not set errno upon successful call to libcephfs
There is code in Samba that expects errno from a previous system call
to be preserved through a subsequent system call. Thus, avoid setting
"errno = 0" in status_code() and lstatus_code() upon successful return
from libcephfs API call.
smbd: Assert we have an fsp in smbd_do_setfilepathinfo
With this in the future we can avoid some special cases in our callees
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Aug 6 17:37:39 UTC 2024 on atb-devel-224
Pass the persistent/volatile handle as uint64's. Why? I found the
talloc_memdup() slightly misleading, and smbXcli handles those 2 id's
separately. map_smb2_handle_to_fnum() is the function to create the
smb2_hnd.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Aug 6 16:16:27 UTC 2024 on atb-devel-224
John Mulligan [Fri, 2 Aug 2024 17:58:59 +0000 (13:58 -0400)]
ctdb-doc: document nodes list configuration parameter
Add the initial documentation of the node list configuration parameter.
Signed-off-by: John Mulligan <jmulligan@redhat.com> Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Tue Aug 6 01:50:12 UTC 2024 on atb-devel-224
John Mulligan [Wed, 31 Jul 2024 20:29:44 +0000 (16:29 -0400)]
ctdb-tests: add USENODESCOMMAND directive to fake ctdb
Add a single line USENODESCOMMAND directive to the fake ctdb in order to
enable use of a nodes script instead of a nodes file. For simplicity
the fake ctdb always uses `nodes.sh` in the CTDB_BASE.
Signed-off-by: John Mulligan <jmulligan@redhat.com> Reviewed-by: Martin Schwenke <martin@meltin.net>
John Mulligan [Thu, 1 Aug 2024 18:25:38 +0000 (14:25 -0400)]
ctdb-conf: add boolean arg for verbosity when loading config
In a future commit we will add support for loading the config file from
the `ctdb` command line tool. Prior to this change the config file load
func always called D_NOTICE that causes the command to emit new text and
thus break all the tests that rely on the specific test output (not to
mention something users could notice). This change plumbs a new
`verbose` argument into some of the config file loading functions.
Generally, all existing functions will have verbose set to true to match
the existing behavior. Future callers of this function can set it to
false in order to avoid emitting the extra text.
Signed-off-by: John Mulligan <jmulligan@redhat.com> Reviewed-by: Martin Schwenke <martin@meltin.net>
John Mulligan [Thu, 6 Jun 2024 14:00:10 +0000 (10:00 -0400)]
ctdb-server: use the new "nodes list" configuration option
Use the new "nodes list" configuration option. Executing the given path
if the path is prefixed by a `!`. The use case is to decouple the nodes
file from the shared storage, especially in the case where the shared
storage is provided by a vfs module.
For an example, imagine a script that runs `curl` on a URL for a
highly-available web server where the URL provides the content
of the nodes file.
Signed-off-by: John Mulligan <jmulligan@redhat.com> Reviewed-by: Martin Schwenke <martin@meltin.net>
John Mulligan [Thu, 6 Jun 2024 14:00:09 +0000 (10:00 -0400)]
ctdb-conf: add "nodes list" configuration option
Add a "nodes list" configuration option to the [cluster] section of the
ctdb server config. This option will be used similarly to the `cluster
lock` parameter works. When unset it defaults to the same value as
before (/etc/ctdb/nodes). If given a path that is not prefixed by `!` it
instead loads the nodes file from the given path If given a path
prefixed by `!` then it executes the path as a command and reads the
standard output as if it were the content of the nodes file.
Signed-off-by: John Mulligan <jmulligan@redhat.com> Reviewed-by: Martin Schwenke <martin@meltin.net>
John Mulligan [Thu, 6 Jun 2024 14:00:10 +0000 (10:00 -0400)]
ctdb-conf: add ctdb_read_nodes_cmd function
Add ctdb_read_nodes_cmd a function that works similarly to
ctdb_read_nodes_file but reads the nodes list from the stdout of a
subprocess instead of a file in the file system.
Signed-off-by: John Mulligan <jmulligan@redhat.com> Reviewed-by: Martin Schwenke <martin@meltin.net>
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Günther Deschner <gd@samba.org>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Tue Aug 6 00:42:56 UTC 2024 on atb-devel-224
Anoop C S [Fri, 2 Aug 2024 05:40:28 +0000 (11:10 +0530)]
vfs_ceph_new: Unconditionally use ceph_select_filesystem
Currently we don't have an explicit check for the presence of
ceph_select_filesystem() libcephfs API as it is always found to
be present with the minimum ceph version that is supported with
Samba right now. Therefore under this assumption directly call
ceph_select_filesystem() without any #ifdefs. Please note that
this change is already part of vfs_ceph via ef0068cd.
ref: https://gitlab.com/samba-team/samba/-/merge_requests/3715
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686 Signed-off-by: Anoop C S <anoopcs@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Mon Aug 5 16:06:47 UTC 2024 on atb-devel-224
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org> Reviewed-by: Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Pavel Filipensky <pfilipensky@samba.org>
Autobuild-Date(master): Mon Aug 5 13:29:25 UTC 2024 on atb-devel-224
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Sun Aug 4 01:35:55 UTC 2024 on atb-devel-224
Jo Sutton [Tue, 30 Jul 2024 04:55:17 +0000 (16:55 +1200)]
lib:cmdline: Load network interfaces in _samba_cmdline_load_config_s4()
This makes the samba.tests.domain_backup tests start working again when
they are run standalone. Without the load_interfaces() call,
smb_sysvol_conn() fails to make a connection to the sysvol share.
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Direct leak of 102 byte(s) in 1 object(s) allocated from:
#0 0x7f35322fc7d7 in malloc ../../../../libsanitizer/asan/asan_malloc_linux.cpp:69
#1 0x7f3531e43bc2 in __talloc_with_prefix ../../lib/talloc/talloc.c:783
#2 0x7f3531e45034 in __talloc ../../lib/talloc/talloc.c:825
#3 0x7f3531e45034 in __talloc_strlendup ../../lib/talloc/talloc.c:2454
#4 0x7f3531e45034 in talloc_strdup ../../lib/talloc/talloc.c:2470
#5 0x7f352f90264b in smbcli_parse_unc ../../source4/libcli/cliconnect.c:269
#6 0x55fbf83aa207 in torture_parse_target ../../source4/torture/smbtorture.c:192
#7 0x55fbf83ae031 in main ../../source4/torture/smbtorture.c:744
#8 0x7f352ca2a1ef in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Aug 1 16:55:43 UTC 2024 on atb-devel-224
smbd: Respect per-user hide and veto files with parametric options
For my taste this is a nicer configuration syntax than
/../username1/file1/../username2/file2/
Is this too expensive? I don't think so. The scanning only happens an
tcon time, and it only walks the parametric options. If this turns out
to be a performance problem, we should think about smarter data
structures for parametric options instead of just a linked list of
string triples for everything.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15688 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
lib: Factor out append_namearray from set_namearray
We'll have to add to an existing namearray soon.
This turns one talloc_array() into a set of reallocs. This is slower,
but set_namearray is only used for smb.conf entries where we don't
expect hundreds or more entries to add. I've done this to avoid array
length calculations, but if it turns out to be too slow we can get
smarter again.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15688 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
projects / thirdparty / samba.git / log
