1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00
Commit Graph

105179 Commits

Author SHA1 Message Date
Uri Simchoni
0ed8b49faf cliquota: factor out fs quota parsing
This code will be reused by SMB2 code.

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-10-04 02:00:23 +02:00
Uri Simchoni
e0e500258a cliquota: implement quota listing in SMB2
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-10-04 02:00:23 +02:00
Uri Simchoni
debc97ef8e cliquota: factor out parsing of a quota record buffer
In preparation for SMB2 support, take parsing of the return
buffer into a separate function.

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-10-04 02:00:23 +02:00
Uri Simchoni
72c773c9c2 cliquota: some security hardening
Add some checks for validity of the offset in
the return buffer.

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-10-04 02:00:23 +02:00
Uri Simchoni
621d7b41d9 cliquota: refactor and cleanup listing of user quotas
Split cli_list_user_quota into an outer loop function and
an inner loop function.

This simplifies the code somewhat, paves the way for SMB2
support, and fixes a couple of memory leaks in error
conditions. No functional changes.

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-10-04 02:00:23 +02:00
Uri Simchoni
b6375ce549 s3-libsmb: support getting user's quota in SMB2
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-10-04 02:00:23 +02:00
Uri Simchoni
7f08a3b031 s3-libsmb: make parse_user_quota_record() public
For reuse by SMB2 client code.

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-10-04 02:00:23 +02:00
Uri Simchoni
2e7e5dfbc6 s3-libsmb: Support getting fs attributes via SMB2
Add a wrapper function arounf GET_INFO to obtain
file system attributes, and plumb it in.

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-10-04 02:00:23 +02:00
Uri Simchoni
175bc6f1e3 smbd: free talloc context if no quota records are available
When generating a list of user quota records, free the memory
context that controls this list if the list is empty. Otherwise,
the context remains unreferenced and memory is leaked.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12289

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-10-04 02:00:22 +02:00
Uri Simchoni
dad6c2d563 cliquota: fix param count when setting fs quota
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12288

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-10-04 02:00:22 +02:00
Uri Simchoni
dd8a0578d8 ntquotas: support "freeing" an empty quota list
This avoids dereferencing a null pointer if there's
an attempt to free an empty list.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12307

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-10-04 02:00:22 +02:00
Uri Simchoni
610c26d74c smbcquotas: fix error message listing quotas
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12270

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-10-04 02:00:22 +02:00
Uri Simchoni
5a947d6ca1 s3-cliquota: correctly handle no-more-entries
When listing quota records, a Windows server would
return STATUS_SUCCESS until no more entries are available,
where it would return STATUS_NO_MORE_ENTRIES.

The fix keeps old behavior of empty answer also signifying
end of record, to maintain compatibility with Samba servers.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12270

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-10-04 02:00:22 +02:00
Noel Power
7c786f8982 s3/winbindd: using default domain with user@domain.com format fails
For example for samba client joined to a windows AD DC the following
commands fail if 'winbind use default domain = yes'
   getent passwd user@domain.com
   ssh -o user=user@domain.com localhost

The same commands succeed if the setting above has the default 'no' value

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12298

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Oct  3 23:37:44 CEST 2016 on sn-devel-144
2016-10-03 23:37:44 +02:00
Noel Power
ebfe3c85d0 Add a blackbox tests for id & getent to test domain@realm type credentials
Using domain@realm credentials has been problematic when
global conf setting "winbind use default domain" is enabled, this patch
creates a new s4member_dflt_domain environment (where
"winbind use default domain" is enabled) and runs getent & id against the
normal s4member & and new s4member_dflt_domain environments

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12298

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2016-10-03 19:49:19 +02:00
Volker Lendecke
c514fb6b62 dbwrap_watch: Improve a debug message
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-10-03 19:49:19 +02:00
Uri Simchoni
3f1f6e03cd heimdal: revert 1f90983324
A different version has gone upstream, fixing the problem
elsewhere.

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Uri Simchoni <uri@samba.org>
Autobuild-Date(master): Mon Oct  3 11:12:29 CEST 2016 on sn-devel-144
2016-10-03 11:12:29 +02:00
Uri Simchoni
0b61d9e02e heimdal-lib/krb5: keep a copy of config etypes in the context
When reading configuration file, keep an extra copy of
the encryption types, and use this when resetting the
encryption types to default.

GSSAPI always resets the enctypes to default before obtaining
a TGS, because the enctypes might have previously altered,
so this prevents changing the etypes from the configured ones
to the full set of supported etypes.

The same patch has gone into upstream heimdal as commit
a3bece1. It is a different solution to the problem fixed
here by commit 1f90983, so this commit will be reverted next
to keep compatibility with uptream.

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-10-03 07:27:13 +02:00
Rowland Penny
780a80c28d bug 12293: stop group.py throwing errors if group is unknown
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12293

Signed-off-by: Rowland Penny <rpenny@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>

Autobuild-User(master): Alexander Bokovoy <ab@samba.org>
Autobuild-Date(master): Fri Sep 30 05:53:17 CEST 2016 on sn-devel-144
2016-09-30 05:53:16 +02:00
Rowland Penny
22da0887b2 bug 12292: stop user.py throwing errors if user is unknown
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12292

Signed-off-by: Rowland Penny <rpenny@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2016-09-30 02:11:21 +02:00
Christof Schmitt
1f9501cad6 winbind: Fix passing idmap failure from wb_sids2xids back to callers
If the idmap call in wb_sids2xids fails, the callers expect xid.type to
be set to ID_TYPE_NOT_SPECIFIED, not the internal type field that is
initialized from the lookupsids call.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12295

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Sep 30 02:10:29 CEST 2016 on sn-devel-144
2016-09-30 02:10:29 +02:00
Christof Schmitt
7a3b7804cb idmap_ad: Fix retrieving credentials from clustered secrets.tdb
cli_credentials_set_machine_account only reads from a local tdb. Change
that call to cli_credentials_set_machine_account_db_ctx to fix this for
clustered Samba.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12295

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2016-09-29 22:17:20 +02:00
Jeremy Allison
1017b22f68 s3: winbind: Trust name2sid mappings from the PAC.
Don't refresh sequence number in parent as the
mapping comes from a trusted DC.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-09-29 22:17:20 +02:00
Günther Deschner
f85b233a3e s4-kdc: Fix Coverity ID #1373385 (OVERRUN)
Guenther

Pair-Programmed-With: Volker Lendecke <vl@samba.org>
Pair-Programmed-With: Andreas Schneider <asn@samba.org>

Signed-off-by: Guenther Deschner <gd@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Thu Sep 29 22:16:52 CEST 2016 on sn-devel-144
2016-09-29 22:16:52 +02:00
Günther Deschner
9ad014ea4f s4-kdc: Fix Coverity ID #1373386 (Resource Leak)
Guenther

Pair-Programmed-With: Volker Lendecke <vl@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
2016-09-29 18:30:18 +02:00
Günther Deschner
9e98ac05c2 autobuild: add system-mitkrb5 build environment.
We finally need to make sure the build with MIT Kerberos does not break all the
time.

Guenther

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Guenther Deschner <gd@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2016-09-29 18:30:18 +02:00
Andreas Schneider
28eae08ef7 gensec_krb5: Implement smb_krb5_rd_req_decoded() with MIT Kerberos
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>

Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Thu Sep 29 11:56:41 CEST 2016 on sn-devel-144
2016-09-29 11:56:41 +02:00
Andreas Schneider
64b2b0dacd gensec_krb5: Create a MIT Kerberos gensec_krb5_session_info()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2016-09-29 08:02:18 +02:00
Jeremy Allison
32ae6721cf s3: winbind: refresh_sequence_number is only ever called with 'false'.
Remove redundant parameter.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2016-09-29 08:02:18 +02:00
Günther Deschner
a5264b187b mit: make it possible to build with MIT kerberos and --picky-developer
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2016-09-29 08:02:18 +02:00
Steve French
cad43f2cd4 lib: Annotate well known SID names
Add Samba specific well known SIDs for
Unix UID and GID owner.

Signed-off-by: Steve French <smfrench@gmail.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
2016-09-29 08:02:18 +02:00
Jeremy Allison
ccfba2537d s3: auth: Use wbcAuthenticateUserEx to prime the caches.
Idea by Volker - use WBC_AUTH_USER_LEVEL_PAC to pass
the PAC to winbind from smbd on auth, this allows
winbind to prime the user info via netsamlogon_cache_store()
and the name2sid cache *before* smbd looks up the user.

Note that as this is merely a cache prime having
winbind not available is not an error.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11259

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Sep 28 22:45:27 CEST 2016 on sn-devel-144
2016-09-28 22:45:27 +02:00
Jeremy Allison
cf0f28819e s3: winbind: Make WBC_AUTH_USER_LEVEL_PAC prime the name2sid cache.
In addition to priming the netsamlogon cache.

This prevents a winbind AD-DC lookup for something
the PAC already told us.

Note we only do this in the case where the PAC successfully
passed signature verification.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11259

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-09-28 19:02:26 +02:00
Volker Lendecke
f92590d10a lib: Fix bug 12291
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12291
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Sep 28 19:01:02 CEST 2016 on sn-devel-144
2016-09-28 19:01:02 +02:00
Volker Lendecke
f1c8786e11 lib: Fix CID 1373388 Uninitialized scalar variable
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-09-28 15:19:21 +02:00
Volker Lendecke
d4884b54ff lib: Fix CID 1373389 Uninitialized scalar variable
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-09-28 15:19:21 +02:00
Volker Lendecke
78009659b9 messaging: Add wrap check to messaging_rec_dup
Just paranoia

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Sep 28 03:58:22 CEST 2016 on sn-devel-144
2016-09-28 03:58:22 +02:00
Volker Lendecke
77b447bfdc wbclient: "ev" is no longer used in wbc_xids_to_sids
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-09-28 00:04:36 +02:00
Volker Lendecke
0a42a4c14b wbclient: "ev" is no longer used in wbc_sids_to_xids
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-09-28 00:04:36 +02:00
Volker Lendecke
73b23331df lib: Only return "rec" on demand in messaging_filtered_read_recv
The message could be just a trigger without contents.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-09-28 00:04:36 +02:00
Günther Deschner
f82cbd1703 werror: removed WERR_RPC_E_INVALID_HEADER (unused, already known as HRES_RPC_E_INVALID_HEADER)
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-09-28 00:04:36 +02:00
Günther Deschner
5dfd783136 werror: removed WERR_RPC_E_REMOTE_DISABLED (replaced with HRES_RPC_E_REMOTE_DISABLED)
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-09-28 00:04:36 +02:00
Günther Deschner
3487d6d78f werror: replace WERR_RPC_E_REMOTE_DISABLED with HRES_RPC_E_REMOTE_DISABLED
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-09-28 00:04:35 +02:00
Günther Deschner
5ad3a95f46 werror: removed WERR_SEC_E_ALGORITHM_MISMATCH (unused, already known as HRES_SEC_E_ALGORITHM_MISMATCH)
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-09-28 00:04:35 +02:00
Günther Deschner
d013dc4af1 werror: replace WERR_SEC_E_DECRYPT_FAILURE with HRES_SEC_E_DECRYPT_FAILURE
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-09-28 00:04:35 +02:00
Günther Deschner
08586e2824 werror: remove WERR_SEC_E_ENCRYPT_FAILURE (there is HRES_SEC_E_ENCRYPT_FAILURE)
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-09-28 00:04:35 +02:00
Günther Deschner
6b1c5b485c werror: replace WERR_CLASS_NOT_REGISTERED with HRES_REGDB_E_CLASSNOTREG
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-09-28 00:04:35 +02:00
Günther Deschner
05f272f492 werror: remove two duplicate error mappings.
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-09-28 00:04:35 +02:00
Günther Deschner
3ffd4cb274 werror: use autogenerated error codes.
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-09-28 00:04:35 +02:00
Günther Deschner
68368c69f8 werror: removed WERR_SHUTDOWN_ALREADY_IN_PROGRESS (unused, already known as WERR_SHUTDOWN_IN_PROGRESS)
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-09-28 00:04:35 +02:00