sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-11 05:18:09 +03:00
Code
137,646 Commits 60 Branches 1,145 Tags 452 MiB
176c55efb2
Commit Graph

137646 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Stefan Metzmacher
176c55efb2 auth/credentials: use smb_krb5_cc_new_unique_memory() in cli_credentials_shallow_ccache() 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2024-05-07 11:30:33 +00:00
Stefan Metzmacher
5d385ab691 auth/credentials: use smb_krb5_cc_new_unique_memory() in smb_gss_krb5_copy_ccache() 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2024-05-07 11:30:33 +00:00
Stefan Metzmacher
92bebeb58e auth/credentials: use smb_krb5_cc_new_unique_memory() in krb5_cc_remove_cred_wrap() 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2024-05-07 11:30:33 +00:00
Stefan Metzmacher
21b96f010a lib/krb5_wrap: make use of smb_krb5_cc_new_unique_memory() in smb_krb5_kinit_s4u2_ccache() 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2024-05-07 11:30:33 +00:00
Stefan Metzmacher
48bcc218c9 lib/krb5_wrap: add smb_krb5_cc_new_unique_memory() 
This generates a memory credential cache that is
not visible to a (the default) credential cache collection.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2024-05-07 11:30:33 +00:00
Stefan Metzmacher
e3f97f35b1 s3:gse: don't call krb5_cc_resolve() as server 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2024-05-07 11:30:33 +00:00
Stefan Metzmacher
6ced3c6af2 s3:gse: avoid prompting for a password that we don't use in the end 
Currently we rely on a valid default credential cache being available
and don't make use of the password.

In future we'll do a kinit on demand, but that's for another day.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2024-05-07 11:30:33 +00:00
Stefan Metzmacher
ce05fe3b71 s3:gse: make use of gensec_kerberos_possible() 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2024-05-07 11:30:33 +00:00
Stefan Metzmacher
4dd2468d5b s4:gensec_gssapi: make use of gensec_kerberos_possible() 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2024-05-07 11:30:33 +00:00
Stefan Metzmacher
a3c87bf440 auth/gensec: add gensec_get_unparsed_target_principal() helper 
This will be useful for debugging.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2024-05-07 11:30:33 +00:00
Stefan Metzmacher
996fd13949 auth/gensec: add gensec_kerberos_possible() helper 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2024-05-07 11:30:33 +00:00
Stefan Metzmacher
1275e77933 s3:client: avoid cli_credentials_get_password() to check for a specified password 
Using cli_credentials_get_password_obtained() is more lightweight as
it avoids a possible password prompt.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2024-05-07 11:30:33 +00:00
Andreas Schneider
b9cf6c8dd4 auth:creds: Add test for cli_credentials_get_username_obtained() 
Signed-off-by: Andreas Schneider <asn@samba.org>
 2024-05-07 11:30:33 +00:00
Stefan Metzmacher
f9afd24c90 auth/credentials: add cli_credentials_get_username_obtained() 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2024-05-07 11:30:33 +00:00
Andreas Schneider
7f0aff4682 auth:creds: Add test for cli_credentials_get_password_obtained() 
Signed-off-by: Andreas Schneider <asn@samba.org>
 2024-05-07 11:30:33 +00:00
Stefan Metzmacher
c14366cce4 auth/credentials: add cli_credentials_get_password_obtained() 
It's often useful to know if a password was already explicitly
specified without triggering the password callback function.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2024-05-07 11:30:33 +00:00
Stefan Metzmacher
a85f1b6fac lib/cmdline: skip the password prompt if we have a valid krb5 ccache 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15018

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2024-05-07 11:30:33 +00:00
Stefan Metzmacher
c7d3946659 auth/credentials: add cli_credentials_get_ccache_name_obtained() 
It's often good to know if a credential structure already has
a valid kerberos credential cache attached, without the side
effect of doing a kinit and prompt for a password.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15018

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2024-05-07 11:30:33 +00:00
Andreas Schneider
4723d69560 auth:creds: Add test for cli_credentials_get_principal_obtained() 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15018

Signed-off-by: Andreas Schneider <asn@samba.org>
 2024-05-07 11:30:33 +00:00
Stefan Metzmacher
1e5546748c auth/credentials: add cli_credentials_get_principal_obtained() 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15018

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2024-05-07 11:30:33 +00:00
Volker Lendecke
5edd1e7c3e smbd: Implement FSCTL_DELETE_REPARSE_POINT 
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon May  6 21:55:03 UTC 2024 on atb-devel-224
 2024-05-06 21:55:03 +00:00
Volker Lendecke
97c79d47dd tests: Test FSCTL_DELETE_REPARSE_POINT 
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2024-05-06 20:55:37 +00:00
Volker Lendecke
d80a884f54 tests: Run reparse tests 
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2024-05-06 20:55:37 +00:00
Volker Lendecke
4fa6cffcfa tests: Expected failures in reparse point tests should not be errors 
We need to put them into knownfail.d individually

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2024-05-06 20:55:37 +00:00
Volker Lendecke
8ace45e0da smbd: Implement fsctl_set_reparse_point 
Store the data in the "user.SmbReparse" xattr. Only allow this on
regular files. Windows does it for directories too, but we can not
allow this: Setting a symlink reparse point in a xattr on a directory
would go unnoticed by our openat2-optimization. If someone really
needs this, we could have a VFS module disallowing openat2 and doing
the appropriate checks on every openat-call.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2024-05-06 20:55:37 +00:00
Volker Lendecke
6eba4b794f smbd: Implement fsctl_get_reparse_point 
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2024-05-06 20:55:37 +00:00
Volker Lendecke
7dc07710fb tests: Clean up behind ourselves in test_create_reparse 
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2024-05-06 20:55:37 +00:00
Volker Lendecke
4536cfb1ec tests: Codify IO_REPARSE_TAG_MISMATCH behaviour 
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2024-05-06 20:55:37 +00:00
Volker Lendecke
fb74b3b507 tests: Clarify a reparse point test 
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2024-05-06 20:55:37 +00:00
Jeremy Allison
6526f20e42 s3: smbd: smb2-posix: Add SAMBA_XATTR_REPARSE_ATTRIB "user.SmbReparse" name. 
Ensure it's prohibited for normal user access.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
 2024-05-06 20:55:37 +00:00
Volker Lendecke
deed7fab03 selftest: Default to "tmp" share in reparsepoints.py 
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2024-05-06 20:55:37 +00:00
Volker Lendecke
1fa7668ee8 smbd: Use reparse_buffer_check() in fsctl_set_reparse_point() 
check_reparse_data_buffer() was duplicated code

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2024-05-06 20:55:37 +00:00
Volker Lendecke
4b98f993a2 smbd: Prepare to return the reparse tag from fsctl_get_reparse_point 
We'll need this in many places, for example when listing directories

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2024-05-06 20:55:37 +00:00
Volker Lendecke
db5c23e4be smbd: Change the output of fsctl_get_reparse_point to uint8 
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2024-05-06 20:55:37 +00:00
Volker Lendecke
fafe29a264 reparse: Tighten reparse point length check 
test_create_reparse shows that the length checks need to be precise,
not just checking for overflow.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2024-05-06 20:55:37 +00:00
Volker Lendecke
2defbc994d smbd: Return FILE_ATTRIBUTE_REPARSE_POINT from "user.DOSATTRIB" 
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2024-05-06 20:55:37 +00:00
Andreas Schneider
c5a1c8d45b s4:dsdb: Fix stack use after scope in gkdi_create_root_key() 
==20978==ERROR: AddressSanitizer: stack-use-after-scope on address 0x7f4f91ff51a0 at pc 0x7f4f94cf93d6 bp 0x7ffdb90fc510 sp 0x7ffdb90fbcd0
READ of size 64 at 0x7f4f91ff51a0 thread T0
    #0 0x7f4f94cf93d5 in memcpy ../../../../libsanitizer/sanitizer_common/sanitizer_common_interceptors_memintrinsics.inc:115
    #1 0x7f4f933bdb67 in ldb_val_dup ../../lib/ldb/common/ldb_msg.c:325
    #2 0x7f4f933c11d1 in ldb_msg_copy ../../lib/ldb/common/ldb_msg.c:1182
    #3 0x7f4f933c13d2 in ldb_msg_normalize ../../lib/ldb/common/ldb_msg.c:1235
    #4 0x7f4f933ab556 in ldb_request ../../lib/ldb/common/ldb.c:1196
    #5 0x7f4f8e82b1d4 in dsdb_autotransaction_request ../../source4/dsdb/common/util.c:1220
    #6 0x7f4f8e831c8a in dsdb_add ../../source4/dsdb/common/util.c:5354
    #7 0x7f4f8e853a01 in gkdi_create_root_key ../../source4/dsdb/gmsa/gkdi.c:493
    #8 0x7f4f8e853a01 in gkdi_new_root_key ../../source4/dsdb/gmsa/gkdi.c:551
    #9 0x7f4f8cd4ca52 in py_dsdb_create_gkdi_root_key ../../source4/dsdb/pydsdb.c:1388
    #10 0x7f4f947ce01c  (/lib64/libpython3.11.so.1.0+0x1ce01c) (BuildId: 170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
    #11 0x7f4f947de4c0 in _PyObject_Call (/lib64/libpython3.11.so.1.0+0x1de4c0) (BuildId: 170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
    #12 0x7f4f947be6ca in _PyEval_EvalFrameDefault (/lib64/libpython3.11.so.1.0+0x1be6ca) (BuildId: 170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
    #13 0x7f4f947b6e79  (/lib64/libpython3.11.so.1.0+0x1b6e79) (BuildId: 170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
    #14 0x7f4f947de5d8  (/lib64/libpython3.11.so.1.0+0x1de5d8) (BuildId: 170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
    #15 0x7f4f947be6ca in _PyEval_EvalFrameDefault (/lib64/libpython3.11.so.1.0+0x1be6ca) (BuildId: 170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
    #16 0x7f4f947b6e79  (/lib64/libpython3.11.so.1.0+0x1b6e79) (BuildId: 170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
    #17 0x7f4f947edabb  (/lib64/libpython3.11.so.1.0+0x1edabb) (BuildId: 170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
    #18 0x7f4f947de5d8  (/lib64/libpython3.11.so.1.0+0x1de5d8) (BuildId: 170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
    #19 0x7f4f947be6ca in _PyEval_EvalFrameDefault (/lib64/libpython3.11.so.1.0+0x1be6ca) (BuildId: 170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
    #20 0x7f4f947b6e79  (/lib64/libpython3.11.so.1.0+0x1b6e79) (BuildId: 170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
    #21 0x7f4f947ed9fb  (/lib64/libpython3.11.so.1.0+0x1ed9fb) (BuildId: 170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
    #22 0x7f4f947be6ca in _PyEval_EvalFrameDefault (/lib64/libpython3.11.so.1.0+0x1be6ca) (BuildId: 170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
    #23 0x7f4f947b6e79  (/lib64/libpython3.11.so.1.0+0x1b6e79) (BuildId: 170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
    #24 0x7f4f947be6ca in _PyEval_EvalFrameDefault (/lib64/libpython3.11.so.1.0+0x1be6ca) (BuildId: 170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
    #25 0x7f4f947b6e79  (/lib64/libpython3.11.so.1.0+0x1b6e79) (BuildId: 170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
    #26 0x7f4f94839997 in PyEval_EvalCode (/lib64/libpython3.11.so.1.0+0x239997) (BuildId: 170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
    #27 0x7f4f94856862  (/lib64/libpython3.11.so.1.0+0x256862) (BuildId: 170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
    #28 0x7f4f94852e59  (/lib64/libpython3.11.so.1.0+0x252e59) (BuildId: 170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
    #29 0x7f4f94868fb1  (/lib64/libpython3.11.so.1.0+0x268fb1) (BuildId: 170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
    #30 0x7f4f948687a3 in _PyRun_SimpleFileObject (/lib64/libpython3.11.so.1.0+0x2687a3) (BuildId: 170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
    #31 0x7f4f94868453 in _PyRun_AnyFileObject (/lib64/libpython3.11.so.1.0+0x268453) (BuildId: 170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
    #32 0x7f4f94861c53 in Py_RunMain (/lib64/libpython3.11.so.1.0+0x261c53) (BuildId: 170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
    #33 0x7f4f94829996 in Py_BytesMain (/lib64/libpython3.11.so.1.0+0x229996) (BuildId: 170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
    #34 0x7f4f9422a1ef in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
    #35 0x7f4f9422a2b8 in __libc_start_main_impl ../csu/libc-start.c:360
    #36 0x5604497e3084 in _start (/usr/bin/python3.11+0x1084) (BuildId: f5d6e3bdbf9098a6ddde0b7f2e07ffc9ad1b1dc3)

Address 0x7f4f91ff51a0 is located in stack of thread T0 at offset 416 in frame
    #0 0x7f4f8e852b37 in gkdi_new_root_key ../../source4/dsdb/gmsa/gkdi.c:537

  This frame has 12 object(s):
    [32, 40) 'root_key_dn' (line 539)
    [64, 72) 'res' (line 540)
    [96, 104) 'server_config_res' (line 118)
    [128, 136) 'kdf_algorithm' (line 128)
    [160, 168) 'domain_dn' (line 388)
    [192, 208) 'kdf_parameters_blob' (line 129)
    [224, 240) 'root_key_data_blob' (line 353)
    [256, 272) 'guid_blob' (line 467)
    [288, 312) 'kdf_parameters' (line 226)
    [352, 368) 'root_key_id' (line 116)
    [384, 400) 'guid_buf' (line 466)
    [416, 480) 'root_key_data' (line 352) <== Memory access at offset 416 is inside this variable

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Joseph Sutton <jsutton@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri May  3 12:20:55 UTC 2024 on atb-devel-224
 2024-05-03 12:20:55 +00:00
Volker Lendecke
6bf51860a0 smbd: Remove unused [push_pull]_file_id_24 
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Apr 30 23:48:21 UTC 2024 on atb-devel-224
 2024-04-30 23:48:21 +00:00
Volker Lendecke
5ef6a8a01f smbd: Use struct oplock_break_message for MSG_SMB_KERNEL_BREAK 
Signed-off-by: Volker Lendecke <vl@samba.org>
 2024-04-30 22:44:32 +00:00
Volker Lendecke
7d860a73ca smbd: Remove message_to_share_mode_entry and vice versa 
Used only for closing files from rpc srvsvc these days

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2024-04-30 22:44:32 +00:00
Volker Lendecke
037b9dac21 smbd: Use struct oplock_break_message for MSG_CLOSE_FILE 
We only need to transmit the file_id and share_file_id. Next patch
will show why :-)

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2024-04-30 22:44:32 +00:00
Volker Lendecke
e2201a8dff smbd: Fix a typo 
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2024-04-30 22:44:32 +00:00
Volker Lendecke
8f1cc217a8 smbd: Simplify sending oplock_break_message 
This is fixed length of 33 bytes, no need to talloc

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2024-04-30 22:44:32 +00:00
Volker Lendecke
4fe0808ebe lib: Convert push_file_id_16 to take uint8_t instead of char 
All callers had a cast from uint8_t to char, avoid those.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2024-04-30 22:44:32 +00:00
Volker Lendecke
e889d76fad vfs: Convert return_data from char * to uint8_t 
Prepares for a small simplification in the next patch

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2024-04-30 22:44:32 +00:00
Volker Lendecke
6f2aa43a3f passdb: Use getline(3) to read our old machine sid 
Don't read the whole file.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2024-04-30 22:44:32 +00:00
Volker Lendecke
30b7cf9b3c pylibsmb: Avoid talloc() 
dom_sid_string() does an implicit talloc_strdup() which is not
necessary here.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2024-04-30 22:44:32 +00:00
Volker Lendecke
3f17f19429 pylibsmb: clang-format for the calls to Py_BuildValue() 
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2024-04-30 22:44:32 +00:00
Volker Lendecke
8ef24d670b pylibsmb: Return reparse_tag from directory listing 
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2024-04-30 22:44:32 +00:00
Volker Lendecke
ceea95af63 libsmb: Slightly simplify py_cli_list() 
We don't need an & to take a function pointer

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2024-04-30 22:44:32 +00:00