1
0
mirror of https://github.com/samba-team/samba.git synced 2025-02-14 01:57:53 +03:00

129408 Commits

Author SHA1 Message Date
John Mulligan
3453ab9994 s3/lib/smbconf: replace uses of talloc_tos with talloc_stackframe
There are two calls to talloc_tos in the smbconf registry code.
In order not to make callers of this library have to "know" what
calls need an existing talloc stackframe, convert these uses
to match other functions in the same file that already use
talloc_stackframe.

Signed-off-by: John Mulligan <jmulligan@redhat.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2022-05-06 17:16:30 +00:00
Douglas Bagnall
e008c8f830 python/gp_cert_auto_enroll: removed unused imports
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: David Mulder <dmulder@suse.com>

Autobuild-User(master): David Mulder <dmulder@samba.org>
Autobuild-Date(master): Thu May  5 14:39:50 UTC 2022 on sn-devel-184
2022-05-05 14:39:50 +00:00
Douglas Bagnall
6d20b7fe2d py/gp_cert_auto_enroll_ext: avoid redundant iteration
self.__read_cep_data() does a 'for end_point_group in end_point_information:',
and we don't need to do it outside

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: David Mulder <dmulder@suse.com>
2022-05-05 13:42:32 +00:00
Douglas Bagnall
830193102d py/gp_cert_auto_enroll_ext: avoid shadowing loop variable
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: David Mulder <dmulder@suse.com>
2022-05-05 13:42:32 +00:00
Andreas Schneider
cda4db7d59 s3:tests: Reformat test_forceuser_validusers.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu May  5 11:53:51 UTC 2022 on sn-devel-184
2022-05-05 11:53:51 +00:00
Andreas Schneider
f1e40238e4 s3:tests: Reformat test_force_user_unlink.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-05-05 11:00:35 +00:00
Andreas Schneider
3c313a218a s3:tests: Reformat test_force_group_change.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-05-05 11:00:35 +00:00
Andreas Schneider
c72b48051b s3:tests: Reformat test_force_create_mode.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-05-05 11:00:35 +00:00
Andreas Schneider
2af74a2bdd s3:tests: Reformat test_force_close_share.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-05-05 11:00:35 +00:00
Andreas Schneider
ce301a78e3 s3:tests: Reformat test_fifo.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-05-05 11:00:35 +00:00
Andreas Schneider
ce1a0119b7 s3:tests: Reformat test_failure.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-05-05 11:00:35 +00:00
Andreas Schneider
cc606c7c78 s3:tests: Reformat test_durable_handle_reconnect.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu May  5 03:42:13 UTC 2022 on sn-devel-184
2022-05-05 03:42:13 +00:00
Andreas Schneider
7366bd1178 s3:tests: Reformat test_dropbox.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-05-05 02:47:38 +00:00
Andreas Schneider
4d79f8e158 s3:tests: Reformat test_dfree_quota.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-05-05 02:47:38 +00:00
Andreas Schneider
fcbcfc8653 s3:tests: Reformat test_dfree_command.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-05-05 02:47:38 +00:00
Andreas Schneider
cdecce9c07 s3:tests: Reformat test_delete_veto_files_only_rmdir.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-05-05 02:47:38 +00:00
Andrew Bartlett
7a36b01888 dsdb: Do not reuse "ret" variable as return code and for memcmp() comparison
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu May  5 01:19:54 UTC 2022 on sn-devel-184
2022-05-05 01:19:54 +00:00
Joseph Sutton
2f17cbf3b2 tests/krb5: Allow passing expected etypes to get_keys()
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-05-05 00:27:33 +00:00
Joseph Sutton
c294f72911 tests/passwords: Add tests for password history with simple binds
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-05-05 00:27:33 +00:00
Joseph Sutton
08904752bb tests/passwords: Remove unused imports
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-05-05 00:27:33 +00:00
Andrew Bartlett
127fe361b8 selftest: Run some tests in the ad_dc_no_ntlm environment to show expected behaviour
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2022-05-05 00:27:33 +00:00
Andrew Bartlett
a9caf760b6 selftest: Rework password_lockout_base.py to allow logon_basics test to be run in ad_dc_no_ntlm
We need to ensure that even if NTLM is disabled, that the test
can still bootstrap and fail normally.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2022-05-05 00:27:33 +00:00
Joseph Sutton
f85f6f89f1 samba-tool user: Consistently return a tuple
We would get an error when get_userPassword_hash() returned None, as
get_virtual_crypt_value() would try to unpack the result as a 2-element
tuple.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-05-05 00:27:33 +00:00
Joseph Sutton
c3b2dae027 samba-tool user: Remove unused imports
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-05-05 00:27:33 +00:00
Joseph Sutton
332b874a16 samba-tool tests: Remove unused variable
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-05-05 00:27:33 +00:00
Andrew Bartlett
5348bd8003 dsdb: Clarify that most errors in make_error_and_update_badPwdCount() are not returned
This is mainly just to be clear, and was done while failing to work around compiler
warnings.

For the curious it was gcc version 4.8.5 20150623 (Red Hat 4.8.5-44) (CentOS 7)
build with -O3, which gave with other, later patches:

../../source4/dsdb/samdb/ldb_modules/password_hash.c: In function ‘check_password_restrictions_and_log’:
../../source4/dsdb/samdb/ldb_modules/password_hash.c:3231:5: error: assuming signed overflow does not occur when simplifying conditional to constant [-Werror=strict-overflow]
  if (ret == LDB_SUCCESS) {
     ^

Regardless, we make it clear that all values assigned to "ret" are
local small constants.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2022-05-05 00:27:33 +00:00
David Mulder
ddeedcb6b2 gpo: Add Cert Auto Enroll Advanced Config
Advanced configuration for Certifcate Auto
Enrollment is stored on the sysvol, and needs
to be parsed/used when provided.

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue May  3 21:48:57 UTC 2022 on sn-devel-184
2022-05-03 21:48:57 +00:00
David Mulder
a54d707435 gpo: Test Cert Auto Enroll Advanced Config
Adds advanced configuration to the testing of
certificate auto enrollment. Currently fails.

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-05-03 20:55:32 +00:00
David Mulder
ab2ef316c1 gpo: Generalize Cert Auto Enroll CA data
This will simplify fetching CAs from the
Registry.pol in a follow up commit.

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-05-03 20:55:32 +00:00
David Mulder
6171dfc528 gpo: Fix crash in Cert Auth Enroll RSOP
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-05-03 20:55:32 +00:00
David Mulder
45d76ecad2 gpo: Certificate Auto Enroll correctly check templates
[MS-CAESO] 4.4.5.3.2.4 and 4.4.5.3.2.4.2 explain
to fetch templates via cep, then to gather attrs
for the templates after. This code was reversed.
This will matter when implementing advanced
endpoint configuration.

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-05-03 20:55:32 +00:00
David Mulder
a49a5702eb gpo: Correct CA Initilization to obey [MS-CAESO]
fetch_certification_authorities() did not
correctly obey the [MS-CAESO] spec.

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-05-03 20:55:32 +00:00
Martin Schwenke
64275fc1a2 ctdb-tests: Add backtrace on abort to some tests
These are easier to debug with a backtrace.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Tue May  3 10:13:23 UTC 2022 on sn-devel-184
2022-05-03 10:13:23 +00:00
Martin Schwenke
d39377d6fc ctdb-tests: Provide a method to dump the stack on abort
Some tests make generous use of assert() and it can be difficult to
guess the cause of failures without resorting to GDB.  This provides
some help.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2022-05-03 09:19:31 +00:00
Martin Schwenke
73b27def7b build: Add missing ctdb-client dependencies
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2022-05-03 09:19:31 +00:00
Martin Schwenke
d57d624a77 ctdb-build: Drop unnecessary uses of include/ sub-directory
None of these include any files from the include/ sub-directory.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2022-05-03 09:19:31 +00:00
Martin Schwenke
6d3c9e64d9 ctdb-tests: Use test_case() to help document test cases
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2022-05-03 09:19:31 +00:00
Martin Schwenke
d52b497d11 ctdb-locking: Don't pass NULL to tevent_req_is_unix_error()
If there is an error then this pointer is unconditionally
dereferenced.

However, the only possible error appears to be ENOMEM, where a crash
caused by dereferencing a NULL pointer isn't a terrible outcome.  In
the absence of a security issue this is probably not worth
backporting.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2022-05-03 09:19:31 +00:00
Martin Schwenke
490e5f4d4c ctdb-mutex: Don't pass NULL to tevent_req_is_unix_error()
If there is an error then this pointer is unconditionally
dereferenced.

However, the only possible error appears to be ENOMEM, where a crash
caused by dereferencing a NULL pointer isn't a terrible outcome.  In
the absence of a security issue this is probably not worth
backporting.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2022-05-03 09:19:31 +00:00
Andreas Schneider
45b648486b s3:tests: Reformat test_deadtime.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue May  3 00:10:53 UTC 2022 on sn-devel-184
2022-05-03 00:10:53 +00:00
Andreas Schneider
0d29cbf041 s3:tests: Reformat test_close_denied_share.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-05-02 23:15:37 +00:00
Andreas Schneider
9d32559fb1 s3:tests: Reformat test_chdir_cache.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-05-02 23:15:37 +00:00
Andreas Schneider
a3d0655ee0 s3:tests: Reformat test_async_req.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-05-02 23:15:37 +00:00
Andreas Schneider
6aaf527fc8 s3:tests: Reformat test_aio_outstanding.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-05-02 23:15:37 +00:00
Andreas Schneider
facc2c002c s3:tests: Reformat test_acl_xattr.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-05-02 23:15:37 +00:00
Andreas Schneider
b4ee11d083 s3:tests: Reformat printing_var_exp_lpr_cmd.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-05-02 23:15:37 +00:00
Andreas Schneider
bfbae4f94c s3:tests: Reformat dlopen.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-05-02 23:15:37 +00:00
Andrew Bartlett
e93d73b618 docs: Explain the impact of "ntlm auth = disabled" on simple bind forwarding
An RODC will forward an LDAP Simple bind, just like any other authentication,
when the password is not present locally.

If the full DC does not support NTLMv2 authentication this forwarded password
will be rejected.  A future Samba version should prefer Kerberos or send the
plaintext, but we can not change the MS Windows behaviour, so we document this.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2022-05-02 23:15:37 +00:00
Stefan Metzmacher
54c6cf8666 libcli/smb: allow SMB2 Negotiate responses with security_offset = 0 and security_length = 0
This fixes connections against the Azure SMB3 server.

It's not possible to demonstrate the bug with a test and a knownfail
entry, because it fails to even startup the test environments,
but the following change to our server demonstrates the problem
and shows the fix works:

    diff --git a/source3/smbd/smb2_negprot.c b/source3/smbd/smb2_negprot.c
    index da567951c0bf..25fdaea2df7b 100644
    --- a/source3/smbd/smb2_negprot.c
    +++ b/source3/smbd/smb2_negprot.c
    @@ -711,6 +711,8 @@ NTSTATUS smbd_smb2_request_process_negprot(struct smbd_smb2_request *req)
                    }
            }

    +       security_buffer = data_blob_null;
    +
            if (out_negotiate_context_blob.length != 0) {
                    static const uint8_t zeros[8];
                    size_t pad = 0;
    @@ -759,6 +761,8 @@ NTSTATUS smbd_smb2_request_process_negprot(struct smbd_smb2_request *req)
                    return smbd_smb2_request_error(req, NT_STATUS_NO_MEMORY);
            }

    +       security_offset = 0;
    +
            SSVAL(outbody.data, 0x00, 0x40 + 1);    /* struct size */
            SSVAL(outbody.data, 0x02,
                  security_mode);                   /* security mode */

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15050

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon May  2 20:13:10 UTC 2022 on sn-devel-184
2022-05-02 20:13:10 +00:00
Stefan Metzmacher
8ca99c25ba lib/util: data_blob_append() should not fail if both parts have length=0
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15050

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-05-02 19:13:31 +00:00