1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00
Commit Graph

120292 Commits

Author SHA1 Message Date
Isaac Boukris
254739137b smbdes: convert des_crypt112 to use gnutls
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-12-10 00:30:31 +00:00
Isaac Boukris
dce944e8a1 smbdes: convert E_old_pw_hash to use gnutls
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-12-10 00:30:31 +00:00
Isaac Boukris
c57f429574 smbdes: convert des_crypt128() to use gnutls
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-12-10 00:30:30 +00:00
Isaac Boukris
a5548af018 smbdes: convert E_P24() and SMBOWFencrypt to use gnutls
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-12-10 00:30:30 +00:00
Isaac Boukris
2eef12904f smbdes: remove D_P16() (not used)
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-12-10 00:30:30 +00:00
Isaac Boukris
9fb6361a8b smbdes: convert E_P16() to use gnutls
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-12-10 00:30:30 +00:00
Isaac Boukris
ecee199803 smbdes: convert sam_rid_crypt() to use gnutls
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-12-10 00:30:30 +00:00
Isaac Boukris
bbcf568f31 SMBsesskeygen_lm_sess_key: use gnutls and return NTSTATUS
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-12-10 00:30:30 +00:00
Isaac Boukris
38189f76d8 netlogon_creds_des_encrypt/decrypt_LMKey: use gnutls and return NTSTATUS
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-12-10 00:30:30 +00:00
Isaac Boukris
0f855f1ab9 smbdes: add des_crypt56_gnutls() using DES-CBC with zeroed IV
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-12-10 00:30:30 +00:00
Isaac Boukris
2c470c8035 selftest: test sess_crypt_blob
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-12-10 00:30:30 +00:00
Isaac Boukris
6c5f153e47 selftest: test SMBsesskeygen_lm_sess_key
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-12-10 00:30:30 +00:00
Isaac Boukris
a4ec427e54 selftest: test des_crypt112_16
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-12-10 00:30:30 +00:00
Isaac Boukris
394debac6b selftest: test des_crypt112 and fix (unused) decryption
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-12-10 00:30:30 +00:00
Isaac Boukris
e2f8f686d1 selftest: test des_crypt128
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-12-10 00:30:30 +00:00
Isaac Boukris
8f042ba532 selftest: test E_old_pw_hash
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-12-10 00:30:29 +00:00
Isaac Boukris
dfad082596 selftest: test E_P24 and SMBOWFencrypt
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-12-10 00:30:29 +00:00
Isaac Boukris
0923f94bdc selftest: test sam_rid_crypt
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-12-10 00:30:29 +00:00
Isaac Boukris
7044a41a30 selftest: test E_P16
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-12-10 00:30:29 +00:00
Isaac Boukris
07b4606f89 libcli/auth: test des_crypt56() and add test_gnutls to selftest
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-12-10 00:30:29 +00:00
Andreas Schneider
01f531ba6b auth:tests: Only enable torture_gnutls_aes_128_cfb() on GnuTLS >= 3.6.11
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-12-10 00:30:29 +00:00
Andreas Schneider
1c65f1fddb auth:tests: Improve debug output of test_gnutls
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-12-10 00:30:29 +00:00
Andreas Schneider
adfdcc4791 s3:lib: Move NULL check before messaging_dgm_out_rearm_idle_timer()
We dereference out in messaging_dgm_out_rearm_idle_timer().

Found by covscan.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-12-10 00:30:29 +00:00
Andreas Schneider
8753d5f456 s3:smbd: Fix possible NULL deref in smbd_do_qfilepathinfo()
Found by covscan.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-12-10 00:30:29 +00:00
Andreas Schneider
cfa0526100 s3:torture: Do not segfault if cli is NULL
This can happen if we fail early and cli hasn't been initialized yet.

Found by covscan.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-12-10 00:30:29 +00:00
Andreas Schneider
94c3c12df1 s3:rpc_server: Fix string compare for utmp entries
The members of struct utmp are marked as nonstring. This means they
might not be nil-terminated.

Found by covscan.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-12-10 00:30:29 +00:00
Andreas Schneider
c2e55821bc s4:lib: Make sure we close fd's in error path
Found by covscan.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-12-10 00:30:29 +00:00
Volker Lendecke
bb2296f68a build: Fix the build without system gssapi headers
source4/heimdal/lib/gssapi/gssapi/gssapi_krb5.h and gssapi_spnego.h
have an #include <gssapi.h> which they need to find via the -I paths

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>

Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Tue Dec 10 00:29:55 UTC 2019 on sn-devel-184
2019-12-10 00:29:54 +00:00
Ralph Boehme
a5e3db5b51 lib: spelling fix
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Mon Dec  9 19:23:10 UTC 2019 on sn-devel-184
2019-12-09 19:23:10 +00:00
Volker Lendecke
f2a91426b7 smbd: Give a better error message for non-existing share modes
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Mon Dec  9 17:33:42 UTC 2019 on sn-devel-184
2019-12-09 17:33:42 +00:00
Volker Lendecke
b6ffbc7d92 net: Extend some debug information
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2019-12-09 16:10:38 +00:00
Volker Lendecke
37fa97b20e smbd: Call reopen_logs() in the notifyd
If you have per-process logfiles with %d, the notifyd will get its
own logfile

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2019-12-09 16:10:38 +00:00
Volker Lendecke
27c69b5892 smbd: Call reopen_logs() in the smbd scavenger
If you have per-process logfiles with %d, the scavenger will get its
own logfile

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2019-12-09 16:10:38 +00:00
Volker Lendecke
a34d75f6f7 torture: Use sizeof() where appropriate
One magic number less that needs to be verified manually

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2019-12-09 16:10:38 +00:00
Volker Lendecke
f576c02bf9 smbd: Use NULL instead of 0 for a pointer type
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2019-12-09 16:10:38 +00:00
Ralph Boehme
e1230f6e45 lib: add a comment to nt_time_to_full_timespec()
Add a hint explaining why and how -1 should be treated differently in the
future. Also make use of the helper function make_omit_timespec().

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-12-09 16:10:38 +00:00
Ralph Boehme
f0813cbf4f lib: harden full_timespec_to_nt_time()
This protects against overflows when tv_sec is less then
TIME_FIXUP_CONSTANT_INT.

It also correctly limits the range of returned values to be
[NTTIME_MIN, NTTIME_MAX].

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-12-09 16:10:38 +00:00
Ralph Boehme
99d153fad1 lib: add NTTIME_MAX, NTTIME_MIN, NTTIME_OMIT and NTTIME_FREEZE definitions
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-12-09 16:10:38 +00:00
Andreas Schneider
67f455c3d5 s3:smbspool: Leave early if we print as root
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>

Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Mon Dec  9 14:18:11 UTC 2019 on sn-devel-184
2019-12-09 14:18:11 +00:00
Mikhail Novosyolov
c95d32f685 s3:smbspool: print a hint about smbspool_krb5_wrapper
When I first met with the situation that Kerberos kredentials cache of root
user was looked for instead of the one of the printing task creator,
it took a lot of time to understand that smbspool_krb5_wrapper will resolve this.

Signed-off-by: Mikhail Novosyolov <m.novosyolov@rosalinux.ru>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2019-12-09 12:48:45 +00:00
Mikhail Novosyolov
58a90358e2 s3:smbspool_krb5_wrapper: ignore unknown values of AUTH_INFO_REQUIRED
To make smbspool_krb5_wrapper usable as a default destination for symlink
/usr/lib/cups/backend/smb in Linux ditros, it has to be well-prepared
for any possible values of AUTH_INFO_REQUIRED set by cupsd and correctly
pass printing tasks to smbspool if it sees that Kerberos authentication
is not needed.

Discussed here: https://lists.samba.org/archive/samba-technical/2019-October/134470.html

Signed-off-by: Mikhail Novosyolov <m.novosyolov@rosalinux.ru>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2019-12-09 12:48:45 +00:00
Andreas Schneider
6201b30421 s3:smbspool_krb5_wrapper: Map AUTH_INFO_REQUIRED=none to anonymous
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2019-12-09 12:48:45 +00:00
Andreas Schneider
1b42ccfc23 s3:smbspool: Map AUTH_INFO_REQUIRED=none to anonymous connection
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2019-12-09 12:48:45 +00:00
Andreas Schneider
8987d7eef4 s3:selfest: Do not print the env twice
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Gary Lockyer <gary@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Dec  9 11:57:52 UTC 2019 on sn-devel-184
2019-12-09 11:57:52 +00:00
Andreas Schneider
b05be655a9 s3:tests: Remove the -I SERVER_IP so that Kerberos auth works
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Gary Lockyer <gary@samba.org>
2019-12-09 10:11:31 +00:00
Richard Sharpe
241f3709de docs-xml/Samba-Developers-Guide/vfs.xml: Fix incorrect VFS func names.
Use SMB_VFS_P{READ,WRITE} since the others have been retired.

Also, fix up the definitions.

Signed-off-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sun Dec  8 21:50:52 UTC 2019 on sn-devel-184
2019-12-08 21:50:52 +00:00
Ralph Boehme
5b8b9cd1c4 s4:smbtorture: also test for date >> UINT32_MAX in timestamps test
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-12-08 20:24:32 +00:00
Volker Lendecke
9c81aa9dab smbd: Fix a share_entries.tdb record leak
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-12-08 20:24:32 +00:00
Volker Lendecke
8435128582 smbd: Test cleanup of disconnected durable handle records
Right now this panics the scavenger daemon, preventing it from doing
its work. The reopen we expect to fail with
NT_STATUS_OBJECT_NAME_NOT_FOUND thus succeeds. I know that we should
more precisely detect the scavenger crash and with Jeremy's pattern in
46899ecf83 this would be possible. However, this is C code right now,
and scanning the logfile for the panic is more I have time for right
now. The test successfully indicates failure, as the next commit will
show.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-12-08 20:24:32 +00:00
Volker Lendecke
f3802023fe selftest: Make durable_v2_delay more specific
It will grow another subtest soon

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-12-08 20:24:31 +00:00