IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
If the user doesn't specify a username/password on the command line, we
should use the machine credentials to connect to AD. This is how it is
used by default and we should be able to retrieve SPNs.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Mar 30 06:48:18 UTC 2021 on sn-devel-184
Following MS-DNSP.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Mar 30 00:20:53 UTC 2021 on sn-devel-184
MS-DNSP uses the term "EntombedTime" in e.g. "2.2.2.2.4.23 DNS_RPC_RECORD_TS"
which is more descriptive than the generic "timestamp", and less likely to be
confused with dwTimestamp, which has been our curse. Let's make it grep-able,
google-able, and evocative.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
with improved diagnostics on bad arguments
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
These give a more detailed message than assertTrue(x in y).
They were new in Python 3.1, so we avoided them until recently.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
We are always setting zone to the same thing which we already know,
and we can reduce cognative stress by mentioning it less and not doing
that weird pop thing.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
We know it "really" just means uint64_t, but we also know it means
100-nanosecond intervals since 1601, and that makes any other use very
confusing (and not just to me, or there wouldn't be these bugs we're
chasing).
In these cases we are talking about 32 bit hours-since-1601 timestamps.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
In places we change NTTIME to uint32_t, because that is what is
actually wanted.
There is one instance of the calculation that we are not changing,
because there are other problems there.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
The dns structs have an unsigned 32 bit timestamp in hours since the
beginning of 1601. In a number of places we need to convert from unix
time to this timestamp, or from the timestamp to NTTIME.
You'll see subsequent patches that make use of these functions.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
Also, since we're there, avoid sorting an array of 1 element.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
Clang gives the following error:
../../libcli/smb/smb2_signing.c:547:48: error:
implicit conversion from enumeration type 'gnutls_mac_algorithm_t'
to different enumeration type 'gnutls_digest_algorithm_t'
[-Werror,-Wenum-conversion]
const size_t digest_len = gnutls_hash_get_len(GNUTLS_MAC_SHA256);
~~~~~~~~~~~~~~~~~~~ ^~~~~~~~~~~~~~~~~
Should be using GNUTLS_DIG_SHA256, which is set to GNUTLS_MAC_SHA256.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Gary Lockyer <gary@samba.org>
Autobuild-Date(master): Mon Mar 29 23:19:24 UTC 2021 on sn-devel-184
There's no reason to do something special here.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14449
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Mar 29 20:43:28 UTC 2021 on sn-devel-184
The session is valid for the lifetime of the requests anyway
and there's no point in having special handling for compound requests.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14449
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
In order to allow replays of requests on a channel failure, we should
not cancel pending requests, the strategie that seems to make windows
clients happy is to let the requests running and return
NT_STATUS_FILE_NOT_AVAILABLE as long as the original request is still
pending.
Here we introduce xconn->transport.shutdown_wait_queue, this is used
to keep the xconn alive for the lifetime of pending requests.
Now we only cancel pending requests if the disconnected connection
is the last channel for a session.
In that case smbXsrv_session_remove_channel() and
smb2srv_session_shutdown_send() will take care of it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14449
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Otherwise we'll keep the state of already finished requests arround.
This becomes critical as the next commit will cause us to
let pending requests running and keep the xconn alive for
the lifetime of pending requests, so we would not ever
make progress and deadlock.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14449
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Before processing an open we need to reserve the replay cache entry
in order to signal that we're still in progress.
If a reserved record is already present we need to return
FILE_NOT_AVAILABLE in order to let the client retry again.
[MS-SMB2] contains this:
<152> Section 3.2.5.1: For the following error codes, Windows-based clients
will retry the operation up to three times and then retry the operation every 5
seconds until the count of milliseconds specified by Open.ResilientTimeout is
exceeded:
- STATUS_SERVER_UNAVAILABLE
- STATUS_FILE_NOT_AVAILABLE
- STATUS_SHARE_UNAVAILABLE
This works fine for windows clients, but current windows servers seems to
return ACCESS_DENIED instead of FILE_NOT_AVAILABLE.
A Windows server doesn't do any replay detection on pending opens,
which wait for a HANDLE lease to be broken (because of a
SHARING_VIOLATION), at all.
As this is not really documented for the server part of the current [MS-SMB2],
I found the key hint in "SMB 2.2: Bigger. Faster. Scalier - (Parts 1 and 2)"
on page 24. There's a picture showing that a replay gets FILE_NOT_AVAILABLE
as long as the original request is still in progress. See:
https://www.snia.org/educational-library/smb-22-bigger-faster-scalier-parts-1-and-2-2011
A Windows client is unhappy with the current windows server behavior if it
such a situation happens. There's also a very strange interaction with oplock
where the replay gets SHARING_VIOLATION after 35 seconds because it conflicts with
the original open.
I think it's good to follow the intial design from the 2011 presentation and
make the clients happy by using FILE_NOT_AVAILABLE (and differ from Windows).
I'll report that to dochelp@microsoft.com in order to get this hopefully fixed in
their server too).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14449
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
There's nothing special regarding the last channel,
as the smb2.session.bind2 test demonstrates.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14449
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This demonstrates that a session and it's open handles is destroyed
when the last explicitly bound channel gets disconnected.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14449
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
These demonstrate that the replay detection for pending opens
either doesn't exist (for the share_access=NONE => SHARING_VIOLATION
case) or return the wrong status code => ACCESS_DENIED instead of
FILE_NOT_AVAILABLE.
Windows clients transparently retry after FILE_NOT_AVAILABLE,
while they pass ACCESS_DENIED directly to the application.
I'll report that to dochelp@microsoft.com in order to
clarify the situation.
In the meantime I added tests with a '-windows' suffix,
which demostrate the current windows server behavior,
while the tests with a '-sane' suffix expect the behavior
that whould make windows clients happy.
For Samba I'll implement the '-sane' behavior that
detects all replays and returns FILE_NOT_AVAILABLE
if the original request is still pending.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14449
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
We will get this supported later, but for now just disable async
opens as fsp->mid may not belong the first xconn of client->connections.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14449
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
GNUstep as an mdfind binary, and both should be co-instalable.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14431
Signed-off-by: Mathieu Parent <math.parent@gmail.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Björn Baumbach <bb@sernet.de>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Mon Mar 29 16:18:54 UTC 2021 on sn-devel-184
This may also fix the coverage build by ensuring --noline
is always specified to flex.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14586
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Mar 29 02:12:23 UTC 2021 on sn-devel-184
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Mar 26 04:06:41 UTC 2021 on sn-devel-184
This removes from our configure help a feature which we retain only
to support our selftest system.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This is a confusing hold-over from the NTVFS fileserver that never became part of
the merged architecture.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Add required includes
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Mar 24 21:28:48 UTC 2021 on sn-devel-184
I think even back then "printing.tdb" would have just been a stale
tdb that would have been better handled externally. It might have been
a product requirement back then, but I think a startup script and not
core code might have been a better choice to handle this.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Just looked a bit weird and different from all other fn pointer
references in Samba.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
See
https://docs.microsoft.com/en-us/windows/win32/secauthz/ace-strings
for reference.
We can only use them for decoding, many of our tests depend on our
string representation of the flags.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
If you try to allocate a GID before winbind is fully set up,
idmap_child_handle() is still NULL. Add the required
wb_parent_idmap_setup_send()/recv() to allocate_gid().
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14678
RN: Fix a crash in winbind when allocate-gid is called early
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
