Volker Lendecke [Wed, 25 Oct 2023 07:50:23 +0000 (09:50 +0200)]
smbd: Open file as REPARSE_POINT in unlink_internals()
In the future we'll block opening symlinks as such in
SMB_VFS_CREATE_FILE() unless we open as reparse points.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Nov 1 19:56:33 UTC 2023 on atb-devel-224
Volker Lendecke [Tue, 24 Oct 2023 11:18:32 +0000 (13:18 +0200)]
smbd: Fix previous_slash()
Untested code is broken code... previous_slash() did not return a
pointer to the slash but after it. This went undetected because so far
we never call symlink_target_path() with "unparsed==0". Once we
started doing that, we would find that the "unparsed==0" case actually
puts parent on the "previous slash", not the character behind it.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sun, 15 Oct 2023 09:39:32 +0000 (11:39 +0200)]
smbd: Simplify sys_proc_fd_path()
We know the buffer size up-front, create a struct for that. Also, I
think if we ever hit another /proc pattern this is very likely on a
different OS that could be handled by an #ifdef.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: David Mulder <dmulder@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Oct 31 05:41:17 UTC 2023 on atb-devel-224
Ralph Boehme [Sun, 29 Oct 2023 14:27:08 +0000 (15:27 +0100)]
libsmb: remove mode from struct file_info
There's already the "attr" member and this is even used in list_posix_helper()
in pylibsmb.c. While at it, remove the cast in list_posix_helper() by using "I"
instead of "i" format.
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: David Mulder <dmulder@samba.org>
Martin Schwenke [Tue, 19 Sep 2023 07:34:55 +0000 (17:34 +1000)]
ctdb-scripts: Update detect_init_style to use /etc/os-release
/etc/os-release is quite universal. It can be found on most Linux
distros and on FreeBSD.
Attempt to use /etc/os-release to detect Red Hat, SUSE and Debian
based distros. If /etc/os-release exists but distro is unknown then
$ID is printed as the detected distro, which will probably result in
sub-optimal behaviour, but when tracing it will at least indicate that
a new distro needs to be handled.
The only way to handle missing /etc/os-release is to set
CTDB_INIT_STYLE - see ctdb.sysconfig(5) for details.
The event script unit tests are updated to use /etc/os-release so
the new logic is exercised.
Signed-off-by: Martin Schwenke <mschwenke@ddn.com> Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Mon Oct 30 09:19:11 UTC 2023 on atb-devel-224
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Oct 27 21:19:35 UTC 2023 on atb-devel-224
Volker Lendecke [Thu, 26 Oct 2023 14:16:29 +0000 (16:16 +0200)]
tests: Get a file through an absolute symlink within a subdirectory
This shows that read_symlink_reparse() is broken when trying to
replace an absolute with a relative filename within a
share.
read_symlink_reparse() is used only in openat_pathref_fsp_nosymlink()
so far to chase symlinks for non-lcomp path components. Chasing lcomp
symlinks is done through non_widelink_open(), which gets it right.
Gabriel Nagy [Fri, 27 Oct 2023 08:21:50 +0000 (11:21 +0300)]
gp_pol: Test multiple values multi_sz roundtrip
Signed-off-by: Gabriel Nagy <gabriel.nagy@canonical.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: David Mulder <dmulder@samba.org>
Autobuild-User(master): David Mulder <dmulder@samba.org>
Autobuild-Date(master): Fri Oct 27 14:45:28 UTC 2023 on atb-devel-224
Gabriel Nagy [Tue, 24 Oct 2023 09:47:02 +0000 (12:47 +0300)]
gp_pol: Allow null data for REG_MULTI_SZ
The parser is able to convert data from binary to XML (it generates an
empty <Value> tag) but not the other way around. This is a common
occurrence for empty multitext fields.
Signed-off-by: Gabriel Nagy <gabriel.nagy@canonical.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: David Mulder <dmulder@samba.org>
Gabriel Nagy [Tue, 24 Oct 2023 09:26:42 +0000 (12:26 +0300)]
gp_pol: Test empty multi_sz roundtrip
Signed-off-by: Gabriel Nagy <gabriel.nagy@canonical.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: David Mulder <dmulder@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Oct 27 06:51:48 UTC 2023 on atb-devel-224
s3:passdb: Do not leak memory if memcache add fails
Indirect leak of 496 byte(s) in 1 object(s) allocated from:
#0 0x7ffb062dc03f in malloc (/lib64/libasan.so.8+0xdc03f) (BuildId: 3e1694ad218c99a8b1b69231666a27df63cf19d0)
#1 0x7ffb06025b3e in __talloc_with_prefix ../../lib/talloc/talloc.c:783
#2 0x7ffb06027512 in __talloc ../../lib/talloc/talloc.c:825
#3 0x7ffb06027512 in _talloc_named_const ../../lib/talloc/talloc.c:982
#4 0x7ffb06027512 in _talloc_zero ../../lib/talloc/talloc.c:2421
#5 0x7ffb05a0332c in samu_new ../../source3/passdb/passdb.c:63
#6 0x7ffb05a2031f in pdb_getsampwnam ../../source3/passdb/pdb_interface.c:351
#7 0x7ffb05a0540b in local_password_change ../../source3/passdb/passdb.c:752
#8 0x56291ddd4b8b in password_change ../../source3/utils/smbpasswd.c:273
#9 0x56291ddd5b59 in process_root ../../source3/utils/smbpasswd.c:478
#10 0x56291ddd5b59 in main ../../source3/utils/smbpasswd.c:661
#11 0x7ffb024281af in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
../../source3/utils/wspsearch.c:331:25: error: ‘row’ may be used
uninitialized [-Werror=maybe-uninitialized]
331 | *rows_processed = row;
| ~~~~~~~~~~~~~~~~^~~~~
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
python: silos: add support for allowed to authenticate from silo shortcut
this avoids the need to write SDDL, the user just needs to give the silo name
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Oct 27 00:30:05 UTC 2023 on atb-devel-224
python: add docstring for escaped_claim_id function
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
python: move method escaped_claim_id from test to samba.sd_utils
This is so that it can be used in other places too without the need to import or extend the test base class
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
python: silos: add some missing tests for auth policy command
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
python: tests: claims and silo tests make use of unique_name
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
python: tests: improve comments for auth silo and policy tests
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
python: tests: qa and developers were not in the correct case
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
python: tests: addCleanup is always before create operation
This way if it raises during a create, it will still end up running the cleanup.
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
python: tests: function to generate a unique name from caller
Uses the caller function to generate a unique name from the test function name.
Unique name is converted to camel case
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Makes self.members redundant and tearDown method can go completely.
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rename test function names that were starting to get very long.
They were all prefixed with the test name, stop doing that and use double underscore for better separation.
e.g. AuthPolicyCmdTestCase.test_authentication_policy_list_json
becomes AuthPolicyCmdTestCase.test_list__json
The claim types and value types test cases have been split into two testcases.
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
netcmd: silo command uses more consistent naming for tgt args
The args --user-tgt-lifetime-mins, --service-tgt-lifetime-mins and
--computer-tgt-lifetime-mins suffixed with -mins to be consistent
with Windows tooling.
For these, the internal names don't need to change and neither do
the model fields, only the external cli interface has this.
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
netcmd: silo command uses more consistent naming for policy args
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
netcmd: silo command remove combined --policy which set all 3
doesn't make much sense to set all 3 to the same policy, user authentication policy, service authentication policy, computer authentication policy
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Wed, 25 Oct 2023 22:17:43 +0000 (11:17 +1300)]
codespell: Ignore .git
Otherwise the first line of commit messages is checked,
because text is found in .git/logs/HEAD, but only on
autobuild and not in CI (which does a shallow clone),
and not the whole commit message either, which is inconsistent.
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Oct 26 23:27:29 UTC 2023 on atb-devel-224
Joseph Sutton [Wed, 20 Sep 2023 23:37:30 +0000 (11:37 +1200)]
s4:kdc: Simplify principal_comp_strcmp_int() to handle only equality
We only ever use the principal comparison functions to check equality.
Having these functions only handle equality simplifies their
implementation and makes them a bit easier to use.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Oct 26 02:26:02 UTC 2023 on atb-devel-224
Joseph Sutton [Wed, 20 Sep 2023 22:41:05 +0000 (10:41 +1200)]
s4:kdc: Have smb_krb5_principal_get_comp_string() properly indicate an error
The existing implementation did not differentiate between the case where
the relevant component was not present, and that where talloc_strndup()
failed. To correct this situation, put the result into an out parameter
on success and return an error on failure.
Douglas Bagnall [Wed, 5 Jul 2023 02:32:05 +0000 (14:32 +1200)]
libutil/iconv: avoid overflow in surrogate pairs
Consider the non-conforment utf-8 sequence "\xf5\x80\x80\x80", which
would encode 0x140000. We would set the high byte of the first
surrogate to 0xd8 | (0x130000 >> 18), or 0xdc, which is an invalid
start for a high surrogate, making the sequence as a whole invalid (as
you would expect -- the Unicode range was set precisely to that
covered by utf-16 surrogates).
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 5 Jul 2023 01:26:12 +0000 (13:26 +1200)]
libutil/iconv: don't allow wtf-8 surrogate pairs
At present, if we meet a string like "hello \xed\xa7\x96 world", the
bytes in the middle will be converted into half of a surrogate pair,
and the UTF-16 will be invalid. It is better to error out immediately,
because the UTF-8 string is already invalid.
https://learn.microsoft.com/en-us/windows/win32/api/Stringapiset/nf-stringapiset-widechartomultibyte#remarks
is a citation for the statement about this being a pre-Vista
problem.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
projects / thirdparty / samba.git / log
