1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Commit Graph

51615 Commits

Author SHA1 Message Date
Andreas Schneider
86592673fb s3:lib: Fix undefined behavior in tdb_pack()
util_tdb.c:98:5: runtime error: null pointer passed as argument 2, which
is declared to never be null

This means the second argument of memcpy() can't be NULL.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2018-12-03 21:16:31 +01:00
Andreas Schneider
4e9b3ed412 s3:lib: Fix uninitialized variable
util_tdb.c:116:7: error: ‘len’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
   buf += len;
       ^~
../../source3/lib/util_tdb.c:44:6: note: ‘len’ was declared here
  int len;
      ^~~

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2018-12-03 21:16:31 +01:00
Ralph Boehme
46a6c6ff6d vfs_fruit: avoid dereferencing fsp->base_fsp in fruit_fstat_meta_stream()
This helps avoiding a NULL dereference on systems where additional
patches modify the following condition in open_file()

  if ((open_access_mask & (FILE_READ_DATA|FILE_WRITE_DATA|FILE_APPEND_DATA|FILE_EXECUTE)) ||
      (!file_existed && (local_flags & O_CREAT)) ||
      ((local_flags & O_TRUNC) == O_TRUNC) ) {

to

  if ((open_access_mask & (FILE_READ_DATA|FILE_WRITE_DATA|FILE_APPEND_DATA|FILE_EXECUTE|DELETE_ACCESS)) ||
      (!file_existed && (local_flags & O_CREAT)) ||
      ((local_flags & O_TRUNC) == O_TRUNC) ) {

Ie addtionally check open_access_mask against DELETE_ACCESS. As a result
opens with DELETE_ACCESS go through the code that does an fd_open() plus
a subsequent fstat().

That will trigger a crash in fruit_fstat_meta_stream() when a client
wants to delete a file for deletion. When we open base file for delete,
we call open_streams_for_delete() which internally calls create-file
with NTCREATEX_OPTIONS_PRIVATE_STREAM_DELETE which prevents opening of
the base_fsp. Voila, combined with the change described above you get a
NULL deref.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sun Dec  2 07:52:34 CET 2018 on sn-devel-144
2018-12-02 07:52:34 +01:00
Olly Betts
06061d39c1 Add simple tests for net rpc share allowedusers
Signed-off-by: Olly Betts <olly@survex.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-11-30 03:35:13 +01:00
Olly Betts
3d9ba1b7e6 Fix net rpc share allowedusers short description
This command allows one to list allowed users, not modify them.

Signed-off-by: Olly Betts <olly@survex.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-11-30 03:35:13 +01:00
Olly Betts
6af599223c net rpc share allowedusers: Allow restricting shares
The help already implies that you can specify "targets" for net rpc
share allowedusers, but actually the tail end of the command line
is just ignored.

This patch allows a list of shares to be specified, and only those
shares are checked, which can be much faster if you're only interested
in a few shares on a server which exports lots.

This subcommand already accepts an optional filename for the output
of net usersidlist, with a default of stdin.  Typically you'd just pipe
one command to the other so stdin is most likely what you want.  This
patch adds support for a filename of "-" to mean stdin so that you can
specify stdin explicitly when you provide a list of shares, since in
this case the filename can't be omitted.

Signed-off-by: Olly Betts <olly@survex.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-11-30 03:35:13 +01:00
Olly Betts
28aeb86a9f Fix spelling mistakes
Signed-off-by: Olly Betts <olly@survex.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-11-30 03:35:13 +01:00
Olly Betts
669249ae93 New testcase samba3.blackbox.net_rpc_join_creds
Tests that you can now use a credentials file with net.

Signed-off-by: Olly Betts <olly@survex.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-11-30 03:35:13 +01:00
Olly Betts
1cf84b6b99 net: Add support for a credentials file
Add support for the same -A authfile/--authentication-file authfile
option that most of the other tools already do.

Signed-off-by: Olly Betts <olly@survex.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-11-30 03:35:13 +01:00
Anoop C S
e99402235d s3/testparm: Reduce debug level to 1
Adhere to what we document in manual page for testparm that default
debug level is set to reasonable value 1.

Signed-off-by: Anoop C S <anoopcs@redhat.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Nov 29 11:52:22 CET 2018 on sn-devel-144
2018-11-29 11:52:22 +01:00
Andreas Schneider
3872d4ab49 s3:winbindd: Use #ifdef instead of #if for config.h definitions
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2018-11-28 23:19:24 +01:00
Andreas Schneider
fce92606b3 s3:utils: Use #ifdef instead of #if for config.h definitions
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2018-11-28 23:19:24 +01:00
Andreas Schneider
95432e30e9 s3:smbd: Use #ifdef instead of #if for config.h definitions
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2018-11-28 23:19:24 +01:00
Andreas Schneider
a7e10f7853 s3:rpc_server: Use #ifdef instead of #if for config.h definitions
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2018-11-28 23:19:23 +01:00
Andreas Schneider
0c69078f3c s3:nmbd: Use #ifdef instead of #if for config.h definitions
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2018-11-28 23:19:23 +01:00
Andreas Schneider
32fda4fc64 s3:modules: Use #ifdef instead of #if for config.h definitions
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2018-11-28 23:19:23 +01:00
Andreas Schneider
77b88fd059 s3:libsmb: Use #ifdef instead of #if for config.h definitions
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2018-11-28 23:19:23 +01:00
Andreas Schneider
3f3cc42b51 s3:libads: Use #ifdef instead of #if for config.h definitions
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2018-11-28 23:19:23 +01:00
Andreas Schneider
72c6cd2d39 s3:lib: Use #ifdef instead of #if for config.h definitions
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2018-11-28 23:19:23 +01:00
Andreas Schneider
f4694b61f2 s3:include: Use #ifdef instead of #if for config.h definitions
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2018-11-28 23:19:23 +01:00
Andreas Schneider
99a9b092ca s3:ldap: Use #ifdef instead of #if for config.h definitions
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2018-11-28 23:19:23 +01:00
Andreas Schneider
be04480e08 s3:auth: Use #ifdef instead of #if for config.h definitions
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2018-11-28 23:19:22 +01:00
Andreas Schneider
9f28d8e896 s3: Remove unsused MMAP_BLACKLIST ifdef checks
This doesn't get defined by anything.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2018-11-28 23:19:21 +01:00
Volker Lendecke
899bbb4407 lib: Align integer types
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-11-28 17:44:15 +01:00
Volker Lendecke
a167014554 krb5_wrap: Add a talloc_ctx to smb_krb5_principal_get_realm()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-11-28 17:44:15 +01:00
Volker Lendecke
1f42e62e46 notifyd: Improve a debug message
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Nov 27 21:42:24 CET 2018 on sn-devel-144
2018-11-27 21:42:24 +01:00
Volker Lendecke
bb7c3b7c8f winbind: Use dom_sid_str_buf
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Nov 27 10:38:11 CET 2018 on sn-devel-144
2018-11-27 10:38:11 +01:00
Volker Lendecke
8be87034d4 idmap_cache: Use dom_sid_str_buf
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-11-27 07:13:14 +01:00
Volker Lendecke
e168a6738b winbind: Fix "wbint_Principals" definition
A signed integer does not make any sense for an IDL array length

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-11-27 07:13:14 +01:00
Volker Lendecke
a1ca40e63c winbind: Use dom_sid_str_buf
Also fix a DBG format string specifier

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-11-27 07:13:14 +01:00
Volker Lendecke
f144653336 winbind: Use dom_sid_str_buf
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-11-27 07:13:14 +01:00
Volker Lendecke
d2b2d89770 winbind: Use dom_sid_str_buf
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-11-27 07:13:14 +01:00
Volker Lendecke
f2e939b65b libads: Give krb5_errs.c its own header
The protos were declared in lib/krb5_wrap but the functions are not
available there.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-11-27 07:13:14 +01:00
Ralph Boehme
aa1fac6969 vfs_shadow_copy2: in fstat also convert fsp->fsp_name and fsp->base_fsp->fsp_name
Stacked VFS modules might use the file name, not the file
handle. Looking at you, vfs_fruit...

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13455

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-11-27 07:13:14 +01:00
Ralph Boehme
9c462e1b32 s3:smbd: pass down twrp from SMB2_CREATE to filename_convert()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13455

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-11-27 07:13:13 +01:00
Ralph Boehme
14b6e6842b s3:smbd: add twrp args to filename_convert()
All existing callers pass NULL, no change in behaviour.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13455

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-11-27 07:13:13 +01:00
Ralph Boehme
c69bd336a1 s3:smbd: add twrp processing to filename_convert_internal()
Not used for now, existing callers pass NULL.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13455

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-11-27 07:13:13 +01:00
Ralph Boehme
bffc540bc8 s3:smbd: prepare filename_convert_internal() for twrp
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13455

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-11-27 07:13:13 +01:00
Ralph Boehme
cfffa2e242 s3:selftest: add a VSS test reading a stream
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13455

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-11-27 07:13:13 +01:00
Ralph Boehme
cf95756235 vfs_shadow_copy2: nicely deal with attempts to open previous version for writing
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13688

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-11-27 07:13:13 +01:00
Ralph Boehme
14d6488d35 vfs_shadow_copy2: add shadow_copy2_strip_snapshot_converted
Can be used by callers to determine if a path is in fact pointing at a
file in a snapshot. Will be used in the next commit.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13688

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-11-27 07:13:13 +01:00
Ralph Boehme
87bf06ed79 vfs_shadow_copy2: add _already_converted arg to shadow_copy2_strip_snapshot_internal()
Not used for now, all existing callers pass NULL.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13688

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-11-27 07:13:13 +01:00
Ralph Boehme
12778f0159 s3:script/tests: add a test for VSS write behaviour
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13688

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-11-27 07:13:13 +01:00
Ralph Boehme
523a9b312c vfs_error_inject: add EBADF error
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13688

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-11-27 07:13:13 +01:00
Ralph Boehme
55a82f907f vfs_error_inject: add pwrite
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13688

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-11-27 07:13:12 +01:00
Volker Lendecke
baacc70394 libads: Align integer types
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Nov 23 20:23:57 CET 2018 on sn-devel-144
2018-11-23 20:23:57 +01:00
Volker Lendecke
d629c67dd3 libads: Use dom_sid_string_buf
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2018-11-23 17:14:08 +01:00
Gary Lockyer
40941e98f8 source4 smbd prefork: Add backoff to process restart
Add new smbd.conf variables 'prefork backoff increment' and
'prefork maximum backoff' to control the rate at which failed pre-forked
processes are restarted.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-11-23 08:25:19 +01:00
Andreas Schneider
502f56c1ce s3:lib: Fix undefined behavior in messages_dgm
source3/lib/messages_dgm.c:1290:7: runtime error: variable length array
bound evaluates to non-positive value 0

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2018-11-22 22:13:27 +01:00
Andreas Schneider
1642dc2fd4 s3:lib: Do not redefine bool and use stdbool.h
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2018-11-22 22:13:27 +01:00
Andreas Schneider
dbdd57e31c s3:tests: Initialize pointers with NULL in netdisplay test
Found by Undefined Sanitizer

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2018-11-22 22:13:26 +01:00
Swen Schillig
64fbc4c151 utils: Free host realm after processing
In case of error and at the end of processing the list
of realms have to be free'd again.

Signed-off-by: Swen Schillig <swen@linux.ibm.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Nov 22 11:18:41 CET 2018 on sn-devel-144
2018-11-22 11:18:41 +01:00
Swen Schillig
c73c345f6f utils: Free krb5 context for net_lookup_kdc
In case of an error while processing and at the end of processing
the krb5 conext must be free'd.

Signed-off-by: Swen Schillig <swen@linux.ibm.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2018-11-22 08:22:19 +01:00
Swen Schillig
1a6451decf librpc: Free krb5 context on error
If the call to krb5_cc_resolve() fails and processing is aborted,
the krb5 conext must be free'd before return.

Signed-off-by: Swen Schillig <swen@linux.ibm.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2018-11-22 08:22:18 +01:00
Swen Schillig
7f902798a7 s3: Free principal if smb_krb5_principal_get_realm() fails
If smb_krb5_principal_get_realm() fails, procesing is aborted and
resources have to be free'd. In this context free'ing the principal
was missing.

Signed-off-by: Swen Schillig <swen@linux.ibm.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2018-11-22 08:22:18 +01:00
Swen Schillig
a3dd28c635 smbspool: Free kerberos context on error
If processing cannot continue and the function returns
the kerberos context must be free'd.

Signed-off-by: Swen Schillig <swen@linux.ibm.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2018-11-22 08:22:18 +01:00
Swen Schillig
02514427db libads: set proper ads_keytab_flush() return code on error
The return code was left on success when the calls to
ads_get_machine_kvno() or ads_clear_service_principal_names()
failed and the processing had to be aborted.

Signed-off-by: Swen Schillig <swen@linux.ibm.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2018-11-22 08:22:18 +01:00
Volker Lendecke
88d82b44c3 libsmb: Make cli_notify_send cancellable
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Nov 21 20:50:13 CET 2018 on sn-devel-144
2018-11-21 20:50:13 +01:00
Volker Lendecke
4c984f3f50 libsmb: Make cli_notify_send/recv smb2-aware
smb2-awareness only existed in the sync wrapper

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-11-21 16:53:42 +01:00
Volker Lendecke
d4a8bed855 libsmb: Introduce cli_smb2_notify_send/recv
This only existed as a sync wrapper where the underlying function could do
send/recv already.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-11-21 16:53:42 +01:00
Volker Lendecke
9c9ccf2349 libsmb: Make cli_trans_send cancellable
Required to cancel SMB1 notify

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-11-21 16:53:41 +01:00
Volker Lendecke
bb843be3bf libsmb: Make cli_trans a normal subreq function
A lot of "state" variables, but still I don't think the additional complexity
is justified by saving a few lines. Make this a completely regular tevent_req
"req/subreq" function.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-11-21 16:53:40 +01:00
Volker Lendecke
da1d7af1a7 lib: Fix CID 1441264 Error handling issues (CHECKED_RETURN)
This is not worth keeping a CID around :-)

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-11-16 18:35:22 +01:00
Jeremy Allison
9b79d5f2a2 s3: VFS: fake_acls: Fix Coverity CID 1435850 Uninitialized pointer read.
map_acl_perms_to_permset() can return an error, check it.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2018-11-15 16:30:17 +01:00
Jeremy Allison
a4a85aca32 s3: VFS: Remove logically dead code. Coverity CID: 1419117
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Nov 14 21:35:45 CET 2018 on sn-devel-144
2018-11-14 21:35:45 +01:00
Andreas Schneider
4a272b83af s3:passdb: Use discard_const_p() in py_passdb
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Nov 14 11:46:06 CET 2018 on sn-devel-144
2018-11-14 11:46:06 +01:00
Noel Power
a25367685d s3/torture: PY3 port samba.ntlm_auth
Use bytes in test rather than str

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-11-14 05:07:16 +01:00
Andreas Schneider
56ac8944eb s3:rpcclient: Initialize domain_name
This could be passed uninitialized to dcerpc_netr_DsRGetDCName()

Found by cppcheck.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13680

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-11-14 05:07:15 +01:00
Jeremy Allison
3634e20c76 s3: lib: nmbname: Ensure we limit the NetBIOS name correctly. CID: 1433607
Firstly, make the exit condition from the loop explicit (we must
never write into byte n, where n >= sizeof(name->name).

Secondly ensure exiting from the loop that n==MAX_NETBIOSNAME_LEN,
as this is the sign of a correct NetBIOS name encoding (RFC1002)
in order to properly read the NetBIOS name type (which is always
encoded in byte 16 == name->name[15]).

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>

Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Tue Nov 13 20:54:56 CET 2018 on sn-devel-144
2018-11-13 20:54:56 +01:00
Ralph Boehme
bb93e691ca s3:smb2_sesssetup: check session_info security level before it gets talloc_move'd
We talloc_move() session_info to session->global->auth_session_info
which sets session_info to NULL.

This means security_session_user_level(NULL, NULL) will always return
SECURITY_ANONYMOUS so we never sign the session setup response.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Nov 13 14:22:46 CET 2018 on sn-devel-144
2018-11-13 14:22:46 +01:00
Ralph Boehme
b86c94f0b9 s3:selftest: also run smb2.session torture testsuite against ad_member
The next commit adds a subtest to the smb2.session testsuite that
requires Kerberos (ad_dc would work), but where neither SMB2 server or
client must require signing (ad_dc, being an AD DC, requires signing).

The ad_member environment supports Kerberos with the SMB2 server not
mandating signing, that'll do.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2018-11-13 11:13:03 +01:00
Ralph Boehme
d0a8899ed5 s3:selftest: split "raw.session" and "smb2.session"
The next commit is going to add a testsuite to "smb2.session".

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2018-11-13 11:13:02 +01:00
Volker Lendecke
716715496c smbd: Use wire_perms_to_unix in unix_perms_from_wire
Same code, less lines

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Nov 13 04:10:54 CET 2018 on sn-devel-144
2018-11-13 04:10:54 +01:00
Volker Lendecke
751c0cc7c4 winbindd: Fix crash when taking profiles
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13629
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Björn Baumbach <bbaumbach@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Nov 12 20:20:52 CET 2018 on sn-devel-144
2018-11-12 20:20:52 +01:00
Andreas Schneider
f49b62b44d s3:winbind: Log client process name for PAM auth
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-11-12 09:50:25 +01:00
Andreas Schneider
ec87ca8bdc s3:winbind: Log client process name in winbind_misc
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-11-12 09:50:25 +01:00
Andreas Schneider
d26caa27e1 s3:winbind: Log client process name
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-11-12 09:50:25 +01:00
Andreas Schneider
305f3bc492 s3:winbindd: Also log the process name in winbindd
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-11-12 09:50:25 +01:00
Andreas Schneider
ba9ad12665 wbclient: Send the client process name talking to winbind
This is for better debugging messages.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-11-12 09:50:25 +01:00
Volker Lendecke
a979bb28b3 lib: Use dom_sid_str_buf
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Nov 10 02:19:29 CET 2018 on sn-devel-144
2018-11-10 02:19:29 +01:00
Volker Lendecke
87ae595b38 idmap: Use dom_sid_str_buf
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-11-09 22:42:29 +01:00
Volker Lendecke
1e484da792 idmap: Use dom_sid_str_buf
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-11-09 22:42:29 +01:00
Volker Lendecke
f564776ebd idmap: Use dom_sid_str_buf
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-11-09 22:42:29 +01:00
Volker Lendecke
beba440c0e passdb: Use dom_sid_str_buf
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-11-09 22:42:29 +01:00
Volker Lendecke
9060b26cac passdb: Use dom_sid_str_buf
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-11-09 22:42:29 +01:00
Volker Lendecke
94cfb4ded1 passdb: Use dom_sid_str_buf
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-11-09 22:42:29 +01:00
Volker Lendecke
efcd3ae682 passdb: Use dom_sid_str_buf
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-11-09 22:42:28 +01:00
Volker Lendecke
58e77b5422 winbind: Use dom_sid_str_buf
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-11-09 22:42:28 +01:00
Volker Lendecke
21bfc77439 winbind: Use dom_sid_str_buf
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-11-09 22:42:28 +01:00
Volker Lendecke
e8743444f7 winbind: Use dom_sid_str_buf
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-11-09 22:42:28 +01:00
Ralph Boehme
a7c877847f vfs_fruit: validation of writes on AFP_AfpInfo stream
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13677

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-11-09 22:42:27 +01:00
Ralph Boehme
4901d71c3d vfs_fruit: move a comment to the right place
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13677

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-11-09 22:42:27 +01:00
Volker Lendecke
f21bc3adda selftest: Test hide new files timeout
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Nov  9 03:49:55 CET 2018 on sn-devel-144
2018-11-09 03:49:55 +01:00
Volker Lendecke
593fdd2192 smbd: Add "hide new files" option
See the manpage for the description

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-11-09 00:47:22 +01:00
Andreas Schneider
2d512b278e debug: Use debuglevel_(get|set) function
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Nov  8 11:03:11 CET 2018 on sn-devel-144
2018-11-08 11:03:11 +01:00
Andreas Schneider
9f4b400237 nsswitch:tests: Pass the envname to the script
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-11-08 08:07:10 +01:00
Gary Lockyer
700b4ce981 source4 smbd prefork: Increase default worklers to 4
Increase the default number of worker processes started by the pre-fork
process model from 1 to 4.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-11-07 17:55:09 +01:00
Volker Lendecke
608df97d5d gencache: Prune expired entries
This solves the problem that gencache never shrinks right
now. Whenever we write an entry, we now walk that entry's chain and
delete expired entries. This should be a good balance between
performance and cleanup actions: Reading is still unaffected, and
those who write pay a small penalty while keeping gencache size under
control.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-11-06 18:57:26 +01:00
Volker Lendecke
c13eb55253 gencache: Wipe corrupt databases
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-11-06 18:57:26 +01:00
Volker Lendecke
1386200be5 gencache: Remove transaction-based tdb
At more than one large site I've seen significant problems due to
gencache_stabilize. gencache_stabilize was mainly introduced to
survive machine crashes with the cache still being in place. Given
that most installations crash rarely and this is still a cache, this
safety is overkill and causes real problems.

With the recent changes to tdb, we should be safe enough to run on
completely corrupted databases and properly detect errors. A further
commit will introduce code that wipes the gencache.tdb if such a
corruption is detected.

There is one kind of corruption that we don't properly handle:
Orphaned space in the database. I don't have a good idea yet how to
handle this in a graceful and efficient way during normal operations,
but maybe this idea pops up at some point.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-11-06 18:57:26 +01:00