1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Commit Graph

137985 Commits

Author SHA1 Message Date
Douglas Bagnall
267f307689 s3/torture: local_rbtree: avoid birthday collisions
We insert 999 keys, but if two of them happen to be the same, we
don't find 1000 nodes, and that is upsetting for CI:

[130(1421)/303 at 4m46s] samba3.smbtorture_s3.LOCAL-RBTREE
UNEXPECTED(failure): samba3.smbtorture_s3.LOCAL-RBTREE.smbtorture(none)
REASON: Exception: Exception: using seed 1716333987
host=foo share=bar user= myname=runner-jlguopmm-project-6378020-concurrent-0
Running LOCAL-RBTREE
run_local_rbtree: read1: 999 999, NT_STATUS_OK
run_local_rbtree: delete: 999 999, NT_STATUS_OK
run_local_rbtree: read2: 0 0, NT_STATUS_OK
TEST LOCAL-RBTREE FAILED!
LOCAL-RBTREE took 0.002706 secs

This has been flapping very occasionally for a long time:
https://lists.samba.org/archive/samba-technical/2016-March/112861.html

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2024-05-31 04:22:36 +00:00
Douglas Bagnall
3a7dbf8b77 examples:winexe: embed Samba version as exe timestamp
It turns out the timestamp doesn't need to be real, and it isn't used,
but it might as well tell you something. So let's make it tell you what
version of Samba it came from, which could be useful for people who have
lots of old winexes lying around, the poor souls.

00000040  0e 1f ba 0e 00 b4 09 cd  21 b8 01 4c cd 21 54 68  |........!..L.!Th|
00000050  69 73 20 70 72 6f 67 72  61 6d 20 63 61 6e 6e 6f  |is program canno|
00000060  74 20 62 65 20 72 75 6e  20 69 6e 20 44 4f 53 20  |t be run in DOS |
00000070  6d 6f 64 65 2e 0d 0d 0a  24 00 00 00 00 00 00 00  |mode....$.......|
00000080  50 45 00 00 64 86 0a 00  00 15 04 00 00 00 00 00  |PE..d...........|
                                    |  |  |
                                    |  |  major  4.
                                    |  minor     21.
                                    release      0

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13213

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Fri May 31 01:28:06 UTC 2024 on atb-devel-224
2024-05-31 01:28:06 +00:00
Douglas Bagnall
e604f75751 examples:winexe: reproducible builds with zero timestamp
Windows Portable Executable files have a timestamp field and a
checksum field. By default the timestamp field is updated to the
current time, which consequently changes the checksum. This makes the
build nondeterministic. It looks like this:

  --- a/tmp/winexe-1/winexesvc64_exe_binary.c
  +++ b/tmp/winexe-2/winexesvc64_exe_binary.c
  @@ -23,7 +23,7 @@ const DATA_BLOB *winexesvc64_exe_binary(void)
                0x6D, 0x6F, 0x64, 0x65, 0x2E, 0x0D, 0x0D, 0x0A,
                0x24, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
                0x50, 0x45, 0x00, 0x00, 0x64, 0x86, 0x0A, 0x00,
  -             0xB2, 0x16, 0x55, 0x66, 0x00, 0x00, 0x00, 0x00,
  +             0xD3, 0x3B, 0x55, 0x66, 0x00, 0x00, 0x00, 0x00,
                0x00, 0x00, 0x00, 0x00, 0xF0, 0x00, 0x2E, 0x02,
                0x0B, 0x02, 0x02, 0x26, 0x00, 0x86, 0x00, 0x00,
                0x00, 0xBA, 0x00, 0x00, 0x00, 0x0C, 0x00, 0x00,
  @@ -33,7 +33,7 @@ const DATA_BLOB *winexesvc64_exe_binary(void)
                0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
                0x05, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
                0x00, 0x40, 0x01, 0x00, 0x00, 0x04, 0x00, 0x00,
  -             0x73, 0xD7, 0x00, 0x00, 0x03, 0x00, 0x60, 0x01,
  +             0x94, 0xFC, 0x00, 0x00, 0x03, 0x00, 0x60, 0x01,
                0x00, 0x00, 0x20, 0x00, 0x00, 0x00, 0x00, 0x00,
                0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
                0x00, 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00,

https://learn.microsoft.com/en-us/windows/win32/debug/pe-format says
that a timestamp of zero can be used to represent a time that is not
"real or meaningful", so we do that.

As far as I can tell, the timestamp and checksum are only used in
DLLs, not directly executed .exe files.

Thanks to Freexian and the Debian LTS project for sponsoring this work.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13213

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-05-31 00:25:33 +00:00
Douglas Bagnall
3c72f733f4 examples:winexe: more efficient C array generation, no py2
We don't need to recreate the src array every time, and we don't need
to worry about Python 2 strings.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-05-31 00:25:33 +00:00
Douglas Bagnall
068b366709 buildtools:pidl: avoid hash randomisation in pidl
Like many languages, Perl uses has randomisation to prevent nasty
users using crafted values that hash to the same number to effect a
denial of service. This means the traversal order of perl HASH tables
is different every time.

The IDL handed to pidl is trusted, so we don't really need
randomisation, but we do want to be sure the build is the same every
time.

I am not aware of hash randomisation causing problems, but it seems
prudent to avoid it.

We do a similar thing with PYTHONHASHSEED for the entire build.

Thanks to Freexian and the Debian LTS project for sponsoring this work.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13213

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-05-31 00:25:33 +00:00
Douglas Bagnall
ea78a5ce83 pidl:python: Exception if unconvertable in ConvertObjectToPythonLevel
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-05-31 00:25:33 +00:00
Douglas Bagnall
f893c100c0 pidl:python: properly raise exception in ConvertObjectFromPythonData
Without the `$self->pidl("$fail");`, the exception is not raised.

We also try to improve the Python message.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-05-31 00:25:33 +00:00
Douglas Bagnall
f3433f60b8 pidl:Typelist: resolveType(): don't mistake a reference for a name
This function is only used by Python.pm, and was assuming any argument
unrecognised by hasType is a name. It sometimes isn't, resulting in
structures like this:

	{
	  'DATA' => {
		      'TYPE' => 'STRUCT'
		    },
	  'NAME' => {
		      'TYPE' => 'STRUCT',
		      'ALIGN' => undef,
		      'SURROUNDING_ELEMENT' => undef,
		      'ORIGINAL' => {
				      'TYPE' => 'STRUCT',
				      'FILE' => 'source3/librpc/idl/smbXsrv.idl',
				      'LINE' => 101,
				      'NAME' => 'tevent_context'
				    },
		      'ELEMENTS' => undef,
		      'NAME' => 'tevent_context',
		      'PROPERTIES' => undef
		    },
	  'TYPE' => 'TYPEDEF'
      };

The problem with that is we end up with the HASH reference as a name
in Python bindings, like this

      PyErr_SetString(PyExc_TypeError, "Can not convert C Type struct HASH(0x5e2dfe5ee278) from Python");

which makes the build nondeterministic (as well as making the message
a little mysterious).

I think all the structures for which this happens are marked
'[ignore]' in IDL, meaning they are not transmitted on the wire. They
should perhaps also not have useless Python getsetters, but let's call
that a different problem.

Thanks to Freexian and the Debian LTS project for sponsoring this work.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13213

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-05-31 00:25:33 +00:00
Andrew Bartlett
72112d4814 script/autobuild.py: Add test for --vendor-name and --vendor-patch-revision
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15654

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-05-31 00:25:33 +00:00
Andrew Bartlett
651fb94c37 build: Add --vendor-name --vendor-patch-revision options to ./configure
These options are for packagers and vendors to set so that when
Samba developers are debugging an issue, we know exactly which
package is in use, and so have an idea if any patches have been
applied.

This is included in the string that a Samba backtrace gives,
as part of the PANIC message.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15654
REF: https://lists.samba.org/archive/samba-technical/2024-May/138992.html

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-05-31 00:25:33 +00:00
Douglas Bagnall
8331475a18 python:smb tests: remove py2 compatibility code
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-05-31 00:25:33 +00:00
Douglas Bagnall
b4b8f18612 python/common: remove verbiage about old python versions
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-05-31 00:25:33 +00:00
Douglas Bagnall
5a317f7d8e buildtools: remove Python2 compatibility
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-05-31 00:25:33 +00:00
Douglas Bagnall
564b0a21ce tdb:pytests: remove unused Py2 test branches
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-05-31 00:25:33 +00:00
Douglas Bagnall
037e7ae9c5 ldb-samba:pytest: remove unused variable
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-05-31 00:25:33 +00:00
Douglas Bagnall
0fcba46957 talloc:pytest: remove tests that only test Python 2
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-05-31 00:25:33 +00:00
Douglas Bagnall
a0a025d902 tdb:pytdb:_tdb_text: remove Py2 compatibility code
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-05-31 00:25:33 +00:00
Douglas Bagnall
87356b327b selftest:dnshub: remove py2 compatibility code
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-05-31 00:25:32 +00:00
Martin Schwenke
e9eb581043 ctdb-scripts: Protect against races when starting grace period
While the PID check is worth it in relevant cases, NFS-Ganesha still
might go away after the check.  Unfortunately, neither grace command
fails an indicative exit code, so invent one by checking error
messages.  This can then be converted to success by the caller.

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu May 30 12:50:01 UTC 2024 on atb-devel-224
2024-05-30 12:50:01 +00:00
Martin Schwenke
911117c79a ctdb-scripts: Check NFS-Ganesha is running before attempting grace
If monitoring has failed because it isn't running, then don't fail
"startipreallocate" or "relaseip" by trying to go into grace.

Don't check this for "takeip".  In that case NFS-Ganesha had better be
running.

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
2024-05-30 11:42:30 +00:00
Martin Schwenke
27c53880c2 ctdb-scripts: Improve service PID check
No need to grovel around in /proc.  ps will happily tell us the
command.

Factor out the actual check into a separate function that can be used
elsewhere.

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
2024-05-30 11:42:30 +00:00
Martin Schwenke
bc10704aec ctdb-scripts: Improve NFS-Ganesha export path extraction
Path values do not need to have quotes.  The current code fails if
there aren't any.

Instead, implement a 2 stage parser using 2 sed commands.  See
comments in the code for details.

Regexps are POSIX basic regular expressions, apart from \<WORD\> (used
to ensure WORD is on word boundaries, and the 'i' flag for case
insensitivity.  The latter is supported in FreeBSD sed.

This code successfully parses Path values out of the following
monstrosity:

path = "/foo/bar1;a";
   Path = /foo/bar2;
Something = false;
Pseudo = "/foo/bar3x" ; Path = "/foo/bar3; y" ; Access_type = RO;
Pseudo = "/foo/bar4x" ; path=/foo/bar4; Access_type = RO;
Pseudo = "/foo/barNONONO" ; not_Path=/foo/barNONONO; Access_type = RO;
   Path = /foo/bar5
Pseudo = "/foo/bar6x Path=foo" ; Path=/foo/bar6; Access_type = RO

This is probably the best that can be done within a shell script.

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
2024-05-30 11:42:30 +00:00
Martin Schwenke
944d9d308d ctdb-scripts: Add script option CTDB_NFS_EXPORTS_FILE
Exports may be contained in an include file rather than the top-level
ganesha.conf.

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
2024-05-30 11:42:30 +00:00
Martin Schwenke
1be5b1df1b ctdb-scripts: Fix usage message
An IP address is passed to these actions.

Reported-by: Arnab Tah <atah@ddn.com>
Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
2024-05-30 11:42:30 +00:00
Martin Schwenke
2a3d7c0971 ctdb-scripts: Change NFS-Ganesha PID file location
This is the current default.

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
2024-05-30 11:42:30 +00:00
Martin Schwenke
a534f71347 ctdb-scripts: Quote variable expansions
Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
2024-05-30 11:42:30 +00:00
Martin Schwenke
6ffb73bb55 ctdb-scripts: Reformat with "shfmt -w -p -i 0 -fn"
Best reviewed with "git show -w".

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
2024-05-30 11:42:30 +00:00
Martin Schwenke
991d21d075 ctdb-scripts: No longer run statd-callout under sudo
This simplifies and removes a bad hack.  Also, in my test environment,
it also drops the average time take to run an add-client/del-client
pair from ~0.055s to ~0.030s.

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
2024-05-30 11:42:30 +00:00
Martin Schwenke
ecb9545b3f ctdb-scripts: Use find_statd_sm_dir() in one more place
Take advantage of new function find_statd_sm_dir() when clearing the
local system statd state directory, so it uses the correct directory
when running on a non-RH distro.

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
2024-05-30 11:42:30 +00:00
Martin Schwenke
50b3cebeb3 ctdb-scripts: Set ownership of statd-callout state directory
For add-client and del-client, statd-callout is called by rpc.statd,
which runs as rpcuser, statd or some other non-root system user.  This
means that add-client and del-client can't write in the statd-callout
state directory if it is only writable by root.  rpc.statd must be
able to write to its own local system statd state directory, so find
this directory and use it as a reference to set the ownership of
CTDB's statd-callout state directory.

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
2024-05-30 11:42:30 +00:00
Martin Schwenke
608557c6ce ctdb-scripts: Avoid connecting to ctdbd in add-client/del-client
rpc.statd runs statd-callout as a non-root user, which is currently
hacked around using some sudo logic that fails to work in some
contexts (e.g. in a container).

Use $CTDB_MY_PUBLIC_IPS_CACHE to access the node's currently assigned
public IPs, for add-client/del-client.  This avoids connecting to
ctdbd when called from rpc.statd.

Also, use $CTDB_MY_PUBLIC_IPS_CACHE in other places where it makes
sense.

Connections to ctdbd are still made in the "notify" action, but this
is always run as root.

In the test code, set the PNN after public addresses setup so that the
cache of assigned IPs correctly initialised.

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
2024-05-30 11:42:30 +00:00
Martin Schwenke
5a4209b713 ctdb-tests: Default PNN is 0
This is called in a couple of places without an argument, so give it a
default.

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
2024-05-30 11:42:30 +00:00
Martin Schwenke
ed3f041c30 ctdb-scripts: Add caching function for public IPs
This is way more complicated than I would like but, as per the
comment, this is due to complexities in the way public IPs work.  The
main consumer will be statd-callout, which will then be able to run as
a non-root user.

Also generate the cache file in test code, whenever the PNN is set.
However, this can cause "ctdb ip" to generate a fake IP layout before
public IPs are setup.  So, have the "ctdb ip" stub generate the IP
layout every time it is run to avoid it being stale.

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
2024-05-30 11:42:30 +00:00
Martin Schwenke
558cf280b2 ctdb-scripts: Move state directory creation to "startup" action
Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
2024-05-30 11:42:30 +00:00
Martin Schwenke
d02fb20d79 ctdb-scripts: Avoid globally changing to queue directory
Add new variables statd_callout_state_dir and statd_callout_queue_dir
- the latter is for files queued by add-client/del-client.

Use $statd_callout_queue_dir to avoid a global cd to the queue
directory near the top of the script.

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
2024-05-30 11:42:30 +00:00
Martin Schwenke
b90d72c7b8 ctdb-scripts: Move ctdb.tdb attach to statd-callout
All of the other uses of ctdb.tdb are in statd-callout.

New variable statd_callout_db makes it easy to change the database
name in future, perhaps even allowing it to be configurable.

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
2024-05-30 11:42:30 +00:00
Martin Schwenke
c912e406c1 ctdb-scripts: Reformat with shfmt -w -p -i 0 -fn
Tweak some lines to avoid overflowing 80 columns.

Best viewed with "git show -w".

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
2024-05-30 11:42:30 +00:00
Martin Schwenke
7b24cc032e ctdb-scripts: Improve documentation
Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
2024-05-30 11:42:30 +00:00
Martin Schwenke
5176b43da7 ctdb-scripts: Avoid ShellCheck warning SC2162
SC2162 read without -r will mangle backslashes.

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
2024-05-30 11:42:30 +00:00
Martin Schwenke
5401522380 ctdb-scripts: Reformat with "shfmt -w -p -i 0 -fn"
Best reviewed with "git show -w".

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
2024-05-30 11:42:30 +00:00
Stefan Metzmacher
5a54c9b28a s3:utils: let smbstatus report anonymous signing/encryption explicitly
We should mark sessions/tcons with anonymous encryption or signing
in a special way, as the value of it is void, all based on a
session key with 16 zero bytes.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15412

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu May 23 13:37:09 UTC 2024 on atb-devel-224
2024-05-23 13:37:09 +00:00
Stefan Metzmacher
f3ddfb828e s3:smbd: allow anonymous encryption after one authenticated session setup
I have captures where a client tries smb3 encryption on an anonymous session,
we used to allow that before commit da7dcc443f
was released with samba-4.15.0rc1.

Testing against Windows Server 2022 revealed that anonymous signing is always
allowed (with the session key derived from 16 zero bytes) and
anonymous encryption is allowed after one authenticated session setup on
the tcp connection.

https://bugzilla.samba.org/show_bug.cgi?id=15412

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2024-05-23 12:35:37 +00:00
Stefan Metzmacher
551756abd2 s3:utils: let smbstatus also report partial tcon signing/encryption
We already do that for sessions and also for the json output,
but it was missing in the non-json output for tcons.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15412

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2024-05-23 12:35:37 +00:00
Stefan Metzmacher
8119fd6d6a s3:utils: let smbstatus also report AES-256 encryption types for tcons
We already do that for sessions.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15412

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2024-05-23 12:35:37 +00:00
Stefan Metzmacher
5089d85506 s3:utils: let connections_forall_read() report if the session was authenticated
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15412

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2024-05-23 12:35:37 +00:00
Stefan Metzmacher
596a10d107 s3:lib: let sessionid_traverse_read() report if the session was authenticated
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15412

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2024-05-23 12:35:37 +00:00
Stefan Metzmacher
a9f84593f4 s3:utils: remove unused signing_flags in connections_forall()
We never use the signing flags from the session, as the tcon
has its own signing flags.

https://bugzilla.samba.org/show_bug.cgi?id=15412

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2024-05-23 12:35:37 +00:00
Stefan Metzmacher
6c5781b5f1 s4:torture/smb2: add smb2.session.anon-{encryption{1,2,},signing{1,2}}
These demonstrate how anonymous encryption and signing work.
They pass against Windows 2022 as ad dc.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15412

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2024-05-23 12:35:37 +00:00
Stefan Metzmacher
6a89615d78 s4:libcli/smb2: add hack to test anonymous signing and encryption
This will be used in torture tests.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15412

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2024-05-23 12:35:37 +00:00
Stefan Metzmacher
14d6e26721 smbXcli_base: add hacks to test anonymous signing and encryption
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15412

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2024-05-23 12:35:37 +00:00