1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-25 23:21:54 +03:00
Commit Graph

122490 Commits

Author SHA1 Message Date
Douglas Bagnall
2323ea6f07 python: do not always import socket_server
This cost around 10ms for every Python script, and was only used in one
test.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-06-13 05:25:31 +00:00
Douglas Bagnall
5c06ab8338 python: do not always import urllib
Only provision.py wants a function from urllib, but we were importing
it in samba.compat, which is imported by samba, mening that every
python script importing anything from samba took 40ms longer to start
up.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-06-13 05:25:31 +00:00
David Mulder
4aba00b554 doc: Add markup to README.Coding for samba wiki links
Adding markup to the README.Coding allows us to
link to sections of the document from the samba
wiki and prevents documentation duplication.

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Jun 12 23:32:30 UTC 2020 on sn-devel-184
2020-06-12 23:32:30 +00:00
Andrew Bartlett
c433e17724 docs: protocolfreedom.org is no longer
It is just a random spam site now

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-06-12 22:11:43 +00:00
Andrew Bartlett
ad7639a127 Remove outdated install_with_python.sh
This was a cludge to help get past the need for Python on
the Samba build farm in particular.  We now need Python3
by default so clearly this has not been used in quite some
time so is safe to remove.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-06-12 22:11:43 +00:00
Andrew Bartlett
5ad6dcf2ec docs: Point to wiki Contribute page rather than samba-technical
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-06-12 22:11:43 +00:00
Andrew Bartlett
6446e86b54 build: Put the note from the bottom of the old BUILD_SYSTEMS.txt somewhere useful
This statement on how we handle --with options is best placed near where
the options are set, so developers see it when trying to choose the
correct thing to do.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-06-12 22:11:43 +00:00
Andrew Bartlett
bfe4e84bb9 docs: Remove the statement about why we moved to Waf
This is not important for new users or developers, and has little useful information

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-06-12 22:11:43 +00:00
Andrew Bartlett
8a08dc0074 Update README.md with more up to date information
In particular, point to the new Contribute page on the wiki

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-06-12 22:11:43 +00:00
Andrew Bartlett
0785658607 Update README.contributing to point to new Contributing wiki page
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-06-12 22:11:43 +00:00
Isaac Boukris
7655a0298e db-glue.c: set forwardable flag on cross-realm tgt tickets
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14233

Match Windows behavior and allow the forwardable flag to be
set in cross-realm tickets. We used to allow forwardable to
any server, but now that we apply disallow-forwardable policy
in heimdal we need to explicitly allow in the corss-realm case
(and remove the workaround we have for it the MIT plugin).

Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Jun 12 22:10:34 UTC 2020 on sn-devel-184
2020-06-12 22:10:34 +00:00
Isaac Boukris
fb7dfdbe8f selftest: test forwardable flag in cross-realm with s4u2proxy
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-06-12 20:42:38 +00:00
Isaac Boukris
9b302a57ff selftest: test forwardable flag in cross-realm tgt tickets
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14233

Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-06-12 20:42:38 +00:00
Isaac Boukris
a823cc1e8b selftest: allow EncASRepPart to be encoded as EncTGSRepPart
that's how MIT kdc encodes it, clients accept both.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14233

Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-06-12 20:42:38 +00:00
Isaac Boukris
8fdff19c54 heimdal: apply disallow-forwardable on server in TGS request
upstream commit: 839b073facd2aecda6740224d73e560bc79965dc

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14233

Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-06-12 20:42:38 +00:00
Isaac Boukris
197f97bc13 selftest: add test for disallowed-forwardable server
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14233

Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-06-12 20:42:38 +00:00
Rowland Penny
eae301e120 samba-tool dns query --help: Someone forgot 'PTR' from the list of record types
Signed-off-by: Rowland Penny <rpenny@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jun 11 04:37:37 UTC 2020 on sn-devel-184
2020-06-11 04:37:37 +00:00
Isaac Boukris
6095a4f0d5 kdc: allow checksum of PA-FOR-USER to be HMAC_MD5
even if the tgt session key uses different hmac.

Per [MS-SFU] 2.2.1 PA-FOR-USER the checksum is
always HMAC_MD5, and that's what windows 7 client
and MIT client send.

In heimdal both the client and kdc use the checksum of
the tgt key instead and therefore work with each other
but windows and MIT clients fail against heimdal KDC.

Windows KDC allows either checksum (HMAC_MD5 or from
tgt) so we should do the same to support all clients.

Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Jun 11 02:48:58 UTC 2020 on sn-devel-184
2020-06-11 02:48:58 +00:00
Björn Baumbach
c8080bbd70 s3-libads: use ldap_init_fd() to initialize a ldap session if possible
Use the known ip address of the ldap server to open the connection and
initialize the ldap session with ldap_init_fd().

This avoid unnecessary DNS lookups which might block or prevent the
successful connection.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13124

Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-06-11 01:21:30 +00:00
Volker Lendecke
317538154a smbclient: Simplify do_list()
With the DLIST-based work queue we don't need to protect the "list
head" from reallocation anymore

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jun 10 23:43:04 UTC 2020 on sn-devel-184
2020-06-10 23:43:04 +00:00
Volker Lendecke
032105dd26 smbclient: Simplify the queue for recursive listing
We now have talloc and the DLIST macros. That simplifies things a bit.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-06-10 22:20:46 +00:00
Volker Lendecke
a2243f7506 smbclient: Simplify do_list_helper()
Do an early return when we don't want to recurse

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-06-10 22:20:46 +00:00
Volker Lendecke
a10dbe1745 smbclient: Slightly simplify do_list()
Nonrecursive listing is just a special case of recursive
listing. do_list_helper() checks that.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-06-10 22:20:46 +00:00
Volker Lendecke
d71564e07f smbclient: Do early return in do_list_helper().
Align integer types.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-06-10 22:20:46 +00:00
Volker Lendecke
9081138a22 smbclient: Align integer types
gcc complained that the if-condition compared unsigned rb_size with a
signed value. Somehow through the arithmetic the uint16_t's got
promoted to integer.

Also, avoid some printf casts

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-06-10 22:20:46 +00:00
Volker Lendecke
675bb46ab2 smbclient: Align some integer types
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-06-10 22:20:46 +00:00
Volker Lendecke
0221337a6b vfs: Fix typos
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-06-10 22:20:46 +00:00
Volker Lendecke
e343773a3d libsmb: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-06-10 22:20:46 +00:00
Volker Lendecke
fd60ab270c registry3: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-06-10 22:20:46 +00:00
David Disseldorp
787092b50a s3/torture: test rbtree TDB_INSERT and TDB_MODIFY flags
Confirm that record overwrite with TDB_INSERT and record insert with
TDB_MODIFY both fail with appropriate error values.

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jun 10 20:28:45 UTC 2020 on sn-devel-184
2020-06-10 20:28:45 +00:00
David Disseldorp
00a0da0503 s3/torture: use stack buffer for rbtree loop
Using the stack here simplifies the error paths.

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-06-10 19:08:40 +00:00
David Disseldorp
c5b10466c3 dbwrap_rbt: support TDB_INSERT and TDB_MODIFY store flags
These flags provide insert-new and overwrite-existing record semantics
respectively.

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-06-10 19:08:40 +00:00
Anoop C S
f501881a1c vfs_default: Remove an unused data member
This was added as part of 7f7ce0ec2f but
never got consumed.

Signed-off-by: Anoop C S <anoopcs@redhat.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-06-10 19:08:40 +00:00
Andreas Schneider
accbd9ee1c Revert "s3:libsmb: add a cache for cli_session_creds_prepare_krb5()"
This reverts commit b458f8fbb7.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Jun 10 10:10:16 UTC 2020 on sn-devel-184
2020-06-10 10:10:15 +00:00
Andrew Bartlett
0208d5f64b Add docs build to CI
We did not check we could actually build the HTML of the
Samba Developers guide and HTML of the manpages previously.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Jun 10 07:11:59 UTC 2020 on sn-devel-184
2020-06-10 07:11:59 +00:00
Andrew Bartlett
4a3ed0d845 docs-xml: Remove GNU TexInfo build
This does not build and is not a common or required format for
documentation any more.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
2020-06-10 05:44:37 +00:00
Andrew Bartlett
9392c3f81c docs-xml: Remove references to inkscape (not used any more, no more SVG files)
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
2020-06-10 05:44:37 +00:00
Andrew Bartlett
ccb606c469 docs-xml: Remove final references to Samba3-HOWTO and Samba3-ByExample
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
2020-06-10 05:44:37 +00:00
Andrew Bartlett
cedd00fdff docs-xml: Remove references to building docs using Plucker
This was for Palm OS based handheld devices, Windows Mobile devices, and other PDAs...

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
2020-06-10 05:44:37 +00:00
Andrew Bartlett
158cea3ba8 Remove "undocumented" target mentioned in configure script
This was left over from 12aed897ec

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
2020-06-10 05:44:37 +00:00
Martin Schwenke
ddac6b2eb4 util: Reallocate larger buffer if getpwuid_r() returns ERANGE
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Tue Jun  9 21:07:24 UTC 2020 on sn-devel-184
2020-06-09 21:07:24 +00:00
Martin Schwenke
847208cd8a util: Fix build on FreeBSD by avoiding NSS_BUFLEN_PASSWD
NSS_BUFLEN_PASSWD is not defined on FreeBSD.  Use
sysconf(_SC_GETPW_R_SIZE_MAX) instead, as per POSIX.

Use a dynamically allocated buffer instead of trying to cram all of
the logic into the declarations.  This will come in useful later
anyway.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Volker Lendecke <vl@samba.org>
2020-06-09 19:46:37 +00:00
Martin Schwenke
922bce2668 util: Simplify input validation
It appears that snprintf(3) is being used for input validation.
However, this seems like overkill because it causes szPath to be
copied an extra time.  The mostly likely protections being sought
here, according to https://cwe.mitre.org/data/definitions/20.html,
look to be DoS attacks involving CPU and memory usage.  A simpler
check that uses strnlen(3) can mitigate against both of these and is
simpler.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Volker Lendecke <vl@samba.org>
2020-06-09 19:46:37 +00:00
Stefan Metzmacher
7e36b1ec2e s3:libads: remove unused "GSSAPI" support
All AD servers support "GSS-SPNEGO". So we better
remove code that doesn't use gensec.

If we ever need this back we could use the
"gssapi_krb5_sasl" gensec module explicit
or just pass the SASL mech list to gensec.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Jun  9 17:24:31 UTC 2020 on sn-devel-184
2020-06-09 17:24:30 +00:00
Andreas Schneider
9e922b75d0 talloc: Mark ptr of talloc_unlink() not as a tainted scalar
This should address a lot of issues reported by Coverity.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2020-06-09 16:02:59 +00:00
Stefan Metzmacher
b458f8fbb7 s3:libsmb: add a cache for cli_session_creds_prepare_krb5()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2020-06-09 16:02:59 +00:00
Stefan Metzmacher
05e1417396 s4:torture:smb2: use delete-on-close in test_rw_invalid()
We test the limits here and leave a 16TB file with zeros.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14361

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Jun  5 13:17:55 UTC 2020 on sn-devel-184
2020-06-05 13:17:55 +00:00
Björn Baumbach
72d69eef13 pysmbd: make sure that session unix info is filled
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14400

Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Jun  5 11:54:06 UTC 2020 on sn-devel-184
2020-06-05 11:54:06 +00:00
Björn Baumbach
26fd73de7b tests/pysmbd: fill session unix info in ntacl tests
Valid unix info is required.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=14400

Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Ralph Boehme <slow@samba.org>
2020-06-05 10:32:31 +00:00
Björn Baumbach
efea16f367 python/samba/provision: set unix session info for user session, used for sysvol acl reset
The unix session info is required and expected by e.g. many vfs
modules. Missing unix session info leads to samba panic.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=14400

Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Ralph Boehme <slow@samba.org>
2020-06-05 10:32:31 +00:00