1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00
Commit Graph

139427 Commits

Author SHA1 Message Date
Volker Lendecke
2459337a58 libcli: Move "struct cldap_netlogon" definition to torture
This structure is only used in torture/ldap/netlogon.c now for
historic reasons. Replacing it with something else would be the right
thing to do...

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-11-11 14:03:04 +00:00
Volker Lendecke
be846bf5a2 libcli: Remove cldap_netlogon() and friends
Replaced with netlogon_pings()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-11-11 14:03:04 +00:00
Volker Lendecke
4aff4c749b torture4: Replace direct netlogon ping calls with netlogon_pings()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-11-11 14:03:04 +00:00
Volker Lendecke
d260478195 torture4: Add ldap.netlogon-ping test
This will supersede the direct cldap based netlogon tests

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-11-11 14:03:04 +00:00
Volker Lendecke
462748afed torture4: Use netlogon_pings() in rpc.lsa tests
Allow LDAPS netlogon ping

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-11-11 14:03:04 +00:00
Volker Lendecke
63b5b5d05b torture4: Use netlogon_pings_send/recv in bench-cldap
This slightly changes behaviour: It uses separate client sockets per
ping instead of just one, but it allows to compare CLDAP with LDAP and
LDAPS (spoiler: LDAPS is *much* slower...)

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-11-11 14:03:04 +00:00
Volker Lendecke
74cec52bab libnet4: Use netlogon_pings() in finddcs_cldap
Enable LDAPS lookups

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-11-11 14:03:04 +00:00
Volker Lendecke
e7844537b6 libnet4: Use netlogon_pings() in unbecome_dc
Enable LDAPS lookups

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-11-11 14:03:04 +00:00
Volker Lendecke
bfa6f18a0e libnet4: Use netlogon_pings() in become_dc
Allow LDAPS netlogon pings

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-11-11 14:03:04 +00:00
Volker Lendecke
42cafe481d libnet4: Use netlogon_pings() in findsite
Enable LDAPS lookups

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-11-11 14:03:04 +00:00
Volker Lendecke
3ecb665422 libnet: Initialize variables in libnet_FindSite()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-11-11 14:03:04 +00:00
Volker Lendecke
dcc2767185 libnet: Simplify error return in libnet_FindSite()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-11-11 14:03:04 +00:00
Volker Lendecke
ccfbb5c2ed libnet: Save a few lines with talloc_move()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-11-11 14:03:04 +00:00
Volker Lendecke
eb8767a076 libads: Move check_cldap_reply_required_flags() to netlogon_ping.c
netlogon_ping.c depends on it but itself has fewer dependencies than
cldap.c, so we can use it in more places

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-11-11 14:03:04 +00:00
Volker Lendecke
fc7c55c938 libads: Simplify ads_fill_cldap_reply()
Both callers now guarantee via the filter in netlogon_pings() that the
reply contains DCs that have the required flags set. Remove those
checks from ads_fill_cldap_reply()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-11-11 14:03:04 +00:00
Volker Lendecke
759665fcf2 libads: Pass "required_flags" through ads_cldap_netlogon_5()
... down to netlogon_pings(). Passing 0 right now, this will change
for some callers

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-11-11 14:03:04 +00:00
Volker Lendecke
808b79b4a9 libads: Pass "required_flags" through ads_cldap_netlogon()
... down to netlogon_pings()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-11-11 14:03:04 +00:00
Volker Lendecke
b802870966 libads: Make ads_cldap_netlogon() static
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-11-11 14:03:04 +00:00
Volker Lendecke
523a1c6fa1 libads: remove cldap_multi_netlogon
Replaced by netlogon_pings()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-11-11 14:03:04 +00:00
Volker Lendecke
8bededd1b3 libsmb: Use netlogon_pings() in dsgetdcname
Use parallel requests and req_flags filtering provided by
netlogon_pings()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-11-11 14:03:04 +00:00
Volker Lendecke
cb00b78fa0 kerberos: Use netlogon_pings()
This also makes sure we've got a KDC via DS_KDC_REQUIRED

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-11-11 14:03:04 +00:00
Volker Lendecke
8a88f322db ldap: Use netlogon_pings
This already requests the flags that ads_fill_cldap_reply() will later
check for, so netlogon_pings will only feed sufficient DCs into
ads_fill_cldap_reply.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-11-11 14:03:04 +00:00
Volker Lendecke
df2844ca8f cldap: Use netlogon_pings()
Allow LDAPS for ads_cldap_netlogon()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-11-11 14:03:04 +00:00
Volker Lendecke
cf66ff3d1b libads: Add netlogon_pings()
This encapsulates our logic that we send CLDAP requests on UDP/389,
sending them with 100msec timeouts until someone replies. It also
contains the code to do this over LDAP/389 or LDAPS/636.

It also contains code to filter for domain controller flags like
DS_ONLY_LDAP_NEEDED, this logic exists in several places right now.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-11-11 14:03:04 +00:00
Volker Lendecke
e88db0a6b5 tldap: Add tldap_context_create_from_plain_stream()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-11-11 14:03:04 +00:00
Volker Lendecke
24dc8ef174 param: Add "client netlogon ping protocol"
Allow "net ads join" in environments where UDP/389 is blocked. Code
will follow.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-11-11 14:03:04 +00:00
Volker Lendecke
b3a8f845ec lib: Add a few required includes
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-11-11 14:03:04 +00:00
Volker Lendecke
baeedee534 build: Remove the big samba3util dependency from TLDAP
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-11-11 14:03:03 +00:00
Volker Lendecke
469e1ebd71 build: Make util_tsock its own subsystem
One step to strip TLDAP deps

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-11-11 14:03:03 +00:00
Volker Lendecke
527d81fc5e param: Remove parameter "cldap port"
This was not used consistently across all of our code base, and I
don't see a reason why this should ever not be port 389.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-11-11 14:03:03 +00:00
Volker Lendecke
43b2d4104b cldap: Make finddcs.out.netlogon a pointer
struct netlogon_samlogon_response has subpointers, this patch enables
a proper talloc hierarchy.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-11-11 14:03:03 +00:00
Volker Lendecke
31d1fc0912 cldap: Make cldap_netlogon.out.netlogon a pointer
struct netlogon_samlogon_response has subpointers, this patch enables
a proper talloc hierarchy.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-11-11 14:03:03 +00:00
Volker Lendecke
a3f1cb1597 lib: Fix trailing whitespace
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-11-11 14:03:03 +00:00
Volker Lendecke
6edd49c68b cldap: Remove cldap_netlogon->in.map_response
We should not pass booleans down where the caller can do the same
thing with equal effort

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-11-11 14:03:03 +00:00
Volker Lendecke
82d8f345f5 libnet4: Call map_netlogon_samlogon_response directly
Avoid using a boolean flag passed down

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-11-11 14:03:03 +00:00
Volker Lendecke
a3eb60e7c8 libnet4: Call map_netlogon_samlogon_response directly
Avoid using a boolean flag passed down

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-11-11 14:03:03 +00:00
Volker Lendecke
d41efadde3 libnet4: Call map_netlogon_samlogon_response directly
Avoid using a boolean flag passed down

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-11-11 14:03:03 +00:00
Volker Lendecke
fc9810051e libcli4: Call map_netlogon_samlogon_response directly
Avoid using a boolean flag passed down

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-11-11 14:03:03 +00:00
Volker Lendecke
b5af90bd5c torture4: Simplifiy [tcp|udp]_ldap_netlogon()
Both callers set "map_response=true", so we don't need that flag here.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-11-11 14:03:03 +00:00
Volker Lendecke
e54a4f06b3 tldap_tls: Remove tldap_[gs]et_starttls_needed()
The caller setting up a tldap connection is aware of whether to use
starttls, which is one single ldap extended operation before the tls
crypto starts. There is no complex logic behind this that is
worthwhile to be hidden behind a flag and an API. If there was more to
it than just a simple call to tldap_extended(), I would all be for
passing down that flag, but for this case I would argue the logic
after this patch is simpler.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-11-11 14:03:03 +00:00
Volker Lendecke
2cc41bd6ae tldap_tls: Move creation of tls_params out of tldap_tls_connect()
Soon we will have a tldap user which does not want to verify the
certs. Instead of passing another boolean down, hand in pre-created
tstream_tls_params.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-11-11 14:03:03 +00:00
Volker Lendecke
19ab2db59a tstream_tls: Add tstream_tls_params_peer_name()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-11-11 14:03:03 +00:00
Ralph Boehme
f6d3e1117f smbtorture: use torture_assert_ntstatus_equal_goto() in CHECK_STATUS() in unlink.c
fixup

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Mon Nov 11 14:01:18 UTC 2024 on atb-devel-224
2024-11-11 14:01:18 +00:00
Ralph Boehme
3a32246bf2 smbtorture: move hardlink test in test_ntrename() to its own test
Some filesystems may not support hardlinks.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>
2024-11-11 12:53:05 +00:00
Ralph Boehme
83bca29e9d smbtorture: remove more allocation size checks
If the requested allocation size was 0, the resulting allocation size may be
larger due to xattrs and other filesystem dependent factors.

Cf commits fba4b29085 and
55b2f247f9.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>
2024-11-11 12:53:05 +00:00
Samuel Thibault
23ddfd3b03 lib/util: Include grp.h for setgroups during autoconf
Otherwise setresuid and friends don't get detected on GNU/Hurd because the
inclusion of <grp.h> is missing for the declaration of setgroups.

Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Nov 11 12:51:17 UTC 2024 on atb-devel-224
2024-11-11 12:51:17 +00:00
Samuel Thibault
a7071565b0 ctdb: Include replace.h for PATH_MAX
Fixes build on GNU/Hurd.

Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Nov 11 10:28:24 UTC 2024 on atb-devel-224
2024-11-11 10:28:23 +00:00
Earl Chew
1655413f12 Describe implication of upstream ICU-22610
Add commentary to link commit 86c7688 (MR !3447) to the upstream
fix for ICU-22610 in case there is subsequent breakage.

Signed-off-by: Earl Chew <earl_chew@yahoo.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Nov  8 00:20:38 UTC 2024 on atb-devel-224
2024-11-08 00:20:38 +00:00
Ralph Boehme
7653ae2702 smbd: initialize delete_on_close in smbd_smb2_setinfo_lease_break_fsp_check()
CID 1634488:  Uninitialized variables  (UNINIT)

/source3/smbd/smb2_setinfo.c: 475 in smbd_smb2_setinfo_lease_break_fsp_check()
469     			&delete_on_close);
470     		if (tevent_req_nterror(req, status)) {
471     			return;
472     		}
473     	}
474
>>>     CID 1634488:  Uninitialized variables  (UNINIT)
>>>     Using uninitialized value "delete_on_close".
475     	if (!rename && !delete_on_close) {
476     		return;
477     	}
478
479     	state->lck = get_existing_share_mode_lock(state, fsp->file_id);
480     	if (state->lck == NULL) {

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Nov  7 17:21:53 UTC 2024 on atb-devel-224
2024-11-07 17:21:53 +00:00
Stefan Metzmacher
f340dce654 libcli/auth: make use of netlogon_creds_cli_check_transport() in more places
This was somehow missing in commit
7a5ad9f64a

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Nov  7 09:14:33 UTC 2024 on atb-devel-224
2024-11-07 09:14:33 +00:00