1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

122942 Commits

Author SHA1 Message Date
Jeremy Allison
156f1dfc39 s4: tests: Add new async DNS unit test - samba4.blackbox.net_ads_dns_async(ad_member:local).
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2020-08-07 06:34:36 +00:00
Jeremy Allison
b3671de4ee s3: net: Add new 'net ads dns async <name>' command.
Will test the async DNS lookups in the next commit.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2020-08-07 06:34:36 +00:00
Jeremy Allison
a1b90237d6 lib: addns: Add code for asynchronously looking up AAAA records.
Returns an array of struct samba_sockaddr.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2020-08-07 06:34:36 +00:00
Jeremy Allison
47c1b87423 lib: addns: Add code for asynchronously looking up A records.
Returns an array of struct samba_sockaddr.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2020-08-07 06:34:36 +00:00
Douglas Bagnall
fc83b47051 libprc/test: add pull_string_array large array test
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Fri Aug  7 04:44:17 UTC 2020 on sn-devel-184
2020-08-07 04:44:17 +00:00
Douglas Bagnall
bf16cd72b2 ndr: fix ndr_pull_string_array() off by one alloc
The correct line should have been

       talloc_realloc(ndr->current_mem_ctx, a, const char *, count + 2);

because if the loop does not increment count on exit (it exits via
break), so count is left pointing at the thing that just got put in.
i.e., if there was one item it is at a[0], count is 0, but we also
need the trailing NULL byte at a[1] and the length is 2. Thus + 2, not
+ 1.

This will not affect ordinary (that is, non-malicious) traffic,
because talloc_realloc will not actually realloc unless it is saving a
kilobyte. Since the allocation grows slowly with the exponent ~1.25,
the actual reallocs will start happening at some point between 512 and
1024 items.

In the example we have, there were 666 pointers, and space for 824 was
allocated.

Rather than doing the +2 realloc, it is simpler to leave it off
altogether; in the common case (<512 items) it is a no-op anyway, and
in the best possible case it reduces the temporary array by 20%.

Credit to OSS-Fuzz.

REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24646

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-08-07 03:23:44 +00:00
Andrew Bartlett
889c461c00 kdc: Remind us that these values need to match other values
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-07 03:23:44 +00:00
Andrew Bartlett
9b7066506e selftest: Work around existing CA certificates to get PKINIT tests working
This could be reverted in the future, but for now the certificate validation is not what
we are testing and this allows the heimdal upgrade to work.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-07 03:23:44 +00:00
Andrew Bartlett
b063bbf8fd heimdal_build: Add missing dependency on heimbase
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-07 03:23:44 +00:00
Andrew Bartlett
d4a9e882f6 Revert "build: fix the coverage build"
This reverts commit 3e072b3fb7.

This is no longer required now that --noline is set globally
and that is a much nicer solution.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-07 03:23:44 +00:00
Gary Lockyer
fb0412360c heimdal_build: Do not allow warnings in the heimdal code!
(const excepted)

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

Updated to 2020 requirements since changes in
13a2f70a4d

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2020-08-07 03:23:44 +00:00
Andrew Bartlett
c51c15144e Compile .l files (flex) with the waf rule at runtime
Other parts of Samba already compile these directly.

This makes these files compile with modern compiler warnings.

The primary difference (other than being built with a newer
flex) is the loss of the #include "config.h" but
this is not used in the other .l files elsewehre and does not
seem to matter on modern systems.

The generated output from compile_et asn1_compile has not changed
(so I think the hx509 case is safe).

The mdssvc case just has changed file locations and line numbers.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-07 03:23:44 +00:00
Gary Lockyer
8a148193da heimdal_build: provide a prototype with the dummy afs header-only function stubs
We do not do AFS in Samba

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-07 03:23:43 +00:00
Gary Lockyer
e8f5a25fa7 heimdal_build: Include keys.c in the hdb autoproto
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-07 03:23:43 +00:00
Gary Lockyer
cb721715b9 Make HEIMDAL_WARN_UNUSED_RESULT_ATTRIBUTE available in krb5.h
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-07 03:23:43 +00:00
Andrew Bartlett
1663ada975 heimdal: Exclude more of plugin.c if HAVE_DLOPEN (which Samba unsets) is not set
This allows us to avoid warnings and errors due to unsued variables
and functions.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-07 03:23:43 +00:00
Gary Lockyer
1687813ec2 heimdal: Use #ifdef HAVE_DLOPEN around function used by HAVE_DLOPEN
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-07 03:23:43 +00:00
Gary Lockyer
4e8f3fdf82 heimdal: Use #ifdef HAVE_DLOPEN around functions used only by HAVE_DLOPEN
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-07 03:23:43 +00:00
Stefan Metzmacher
ebaa002270 wafsamba: run SAMBA_GENERATOR('VERSION') with group='setup'
This means this is the first thing that's done.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-07 03:23:43 +00:00
Volker Lendecke
04b2db7d88 libsmb: Fix CID 1465656 Resource leak
This is very likely a false positive, because Coverity does not see
that we only assign "dns_addrs" when NT_STATUS_IS_OK(status), so we
might not want this. But it is a fresh finding and looks cleaner this
way.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Aug  6 20:23:53 UTC 2020 on sn-devel-184
2020-08-06 20:23:53 +00:00
Volker Lendecke
1b139de552 libcli/ldap: Fix CID 1462695 Resource leak
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-08-06 19:00:36 +00:00
Volker Lendecke
de2a7574e8 libcli/ldap: Fix CID 1462696 Resource leak
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-08-06 19:00:36 +00:00
Volker Lendecke
41beb510be libcli/ldap: Fix CID 1465278 Resource leak
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-08-06 19:00:36 +00:00
David Mulder
d512b1a4bd gpo: Remove unused gp_ext_setter code
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

Autobuild-User(master): David Mulder <dmulder@samba.org>
Autobuild-Date(master): Thu Aug  6 18:01:49 UTC 2020 on sn-devel-184
2020-08-06 18:01:49 +00:00
David Mulder
627fb5471b gpo: Extract Access policy from Security extension
Rewrite the extension to be easier to understand,
and to remove references to gp_ext_setter.

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-06 16:38:36 +00:00
David Mulder
8971876128 gpo: Extract Kerberos policy from Security extension
Rewrite the extension to be easier to understand,
and to remove references to gp_ext_setter.

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-06 16:38:36 +00:00
David Mulder
bf74bf1c4e gpo: Add RSOP output for Scripts Extension
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-06 16:38:36 +00:00
David Mulder
1f63103041 gpo: Add RSOP output for Security Extension
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-06 16:38:36 +00:00
David Mulder
5361f25800 gpo: Test samba-gpupdate --rsop
Test that the rsop command produces the expected
output.

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-06 16:38:36 +00:00
David Mulder
f5202c7b55 gpo: Add --rsop option to samba-gpupdate
This command prints the Resultant Set of Policy
for applicable GPOs, for either the Computer or
User policy (depending on the target specified).
Policy specific output must be implemented for
each client side extension.

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-06 16:38:36 +00:00
David Mulder
0f3066abbb gpo: Properly decode utf-8/16 inf files from bytes
This code was python 2 specific (string handling
has changed dramatically in python 3), and didn't
correctly decode utf-16 in python3. We should
instead read the file as bytes, then attempt a
utf-8 decode (the default), and try utf-16 if
encountering a decode failure.
The existing code actually throws an exception on
the initial file read when the data is utf-16,
since it tries to decode the bytes to a utf-8
string.

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-06 16:38:36 +00:00
David Mulder
70a38eb548 gpo: Test proper decoding of utf-16 inf files
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-06 16:38:36 +00:00
David Mulder
88b6266168 gpo: Apply Group Policy Sudo Rights
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-06 16:38:36 +00:00
David Mulder
9679ba9577 gpo: Test Group Policy Sudo Rights
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-06 16:38:36 +00:00
David Mulder
e387aa937e gpo: Scripts gpo add warning about generated scripts
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-06 16:38:36 +00:00
David Mulder
edf4b6eb12 gpo: Scripts extension use 'gp_' prefix, not 'tmp'
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-06 16:38:36 +00:00
David Mulder
cd4efb95da gpo: Move all scripts to a sub-category in samba.admx
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-06 16:38:36 +00:00
David Mulder
b30a604f73 gpo: Apply Group Policy Weekly Scripts
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-06 16:38:35 +00:00
David Mulder
7e5c842cba gpo: Test gpo weekly scripts apply
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-06 16:38:35 +00:00
David Mulder
1810e4f10c gpo: Apply Group Policy Monthly Scripts
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-06 16:38:35 +00:00
David Mulder
63703c9a07 gpo: Test gpo monthly scripts apply
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-06 16:38:35 +00:00
David Mulder
42f043ab51 gpo: Apply Group Policy Hourly Scripts
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-06 16:38:35 +00:00
David Mulder
ae56a07ae7 gpo: Test gpo hourly scripts apply
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-06 16:38:35 +00:00
Ralph Boehme
182cde4f9e lib: fix smb_strtox.[c|h] license header
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Aug  5 10:17:06 UTC 2020 on sn-devel-184
2020-08-05 10:17:06 +00:00
Jeremy Allison
860510b196 s3: libsmb: Move all calls to convert_ss2service() to one place now all methods return a sockaddr_storage.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Isaac Boukris <iboukris@samba.org>

Autobuild-User(master): Isaac Boukris <iboukris@samba.org>
Autobuild-Date(master): Tue Aug  4 10:13:53 UTC 2020 on sn-devel-184
2020-08-04 10:13:53 +00:00
Jeremy Allison
03112db121 s3: libsmb: Now all resolution functions return a ss_list on success, we only need one local variable for this.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Isaac Boukris <iboukris@samba.org>
2020-08-04 08:51:43 +00:00
Jeremy Allison
ecaa424448 s3: libsmb: Change resolve_ads() to return a talloc'ed ss_list, matching the other name resolution methods.
Now we can move all the convert_ss2service() calls to one place.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Isaac Boukris <iboukris@samba.org>
2020-08-04 08:51:43 +00:00
Jeremy Allison
d53ade5beb s3: libsmb: Rewrite resolve_ads() to use the previously added dns_lookup_list() function.
Clean up internals - a LOT.

This one needs careful review. Ditch the (unused) port returns from
the SRV replies.

Internally uses talloc'ed arrays of struct sockaddr_storage
which it then convert to MALLOC'ed struct ip_service.

Still returns struct ip_service but this will be
fixed in the next commit.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Isaac Boukris <iboukris@samba.org>
2020-08-04 08:51:43 +00:00
Jeremy Allison
d0fa32bdcd s3: libsmb: Add in (currently unused) function dns_lookup_list().
This function takes a list of names returned from a DNS SRV
query which didn't have returned IP addresses and returns an
array of struct sockaddr_storage.

Currently synchronous, but this is the function that will
be changed to be asynchronous later.

Compiles but commented out for now so we don't get "unused
function" warnings.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Isaac Boukris <iboukris@samba.org>
2020-08-04 08:51:42 +00:00
Jeremy Allison
97781fe0ae s3: libsmb: Pass in TALLOC_CTX * parameter to resolve_ads() instead of creating one internally.
Pass in talloc_tos() to make it match the other resolve_XXX() functions.

No memory leaks as this is used for transient data and is cleaned up
when the calling frame in internal_resolve_name() is destroyed.

Preparing to have it return a talloc'ed struct sockaddr_storage array
rather than a malloc'ed struct ip_service array.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Isaac Boukris <iboukris@samba.org>
2020-08-04 08:51:42 +00:00