1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

61581 Commits

Author SHA1 Message Date
Volker Lendecke
3f17f19429 pylibsmb: clang-format for the calls to Py_BuildValue()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2024-04-30 22:44:32 +00:00
Volker Lendecke
8ef24d670b pylibsmb: Return reparse_tag from directory listing
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2024-04-30 22:44:32 +00:00
Volker Lendecke
ceea95af63 libsmb: Slightly simplify py_cli_list()
We don't need an & to take a function pointer

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2024-04-30 22:44:32 +00:00
Volker Lendecke
5d51be5891 smbd: Fix a copy&paste error in smbXsrv_client_remove()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2024-04-30 22:44:32 +00:00
Volker Lendecke
c2b80caf5e smbd: Use direct struct initialization in smbXsrv_client
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2024-04-30 22:44:32 +00:00
Volker Lendecke
60b724a7e5 smbd: Save a few lines in smbXsrv_client_global_init()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2024-04-30 22:44:32 +00:00
Volker Lendecke
7b4ab077c8 smbd: Do an early TALLOC_FREE in smbXsrv_client_global_init()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2024-04-30 22:44:32 +00:00
Volker Lendecke
45200770fe smbd: Simplify smbXsrv_open_clear_replay_cache()
GUID_buf_string() is designed to never fail

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2024-04-30 22:44:32 +00:00
Volker Lendecke
e5596cf4a6 smbd: Simplify smbXsrv_open_purge_replay_cache()
GUID_buf_string is supposed to never fail except if the guid passed in
is NULL. Our only current caller already checks
that. dbwrap_purge_bystring() could actually fail, so put the result
into a variable for the debugger.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2024-04-30 22:44:32 +00:00
Volker Lendecke
647d2c6481 smbd: Simplify an if-condition
(state->current_sid == NULL) is true if and only if we could not
assign state->current_sid because num_sids was too small. Make that
more explicit.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2024-04-30 22:44:32 +00:00
Volker Lendecke
56814d3ee2 smbd: Some README.Coding in smbXsrv_session
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2024-04-30 22:44:32 +00:00
Volker Lendecke
debb589484 libsmb: Remove unused setup_stat_from_stat_ex()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2024-04-30 22:44:32 +00:00
Volker Lendecke
fba4e66df5 smbd: Save a few bytes of .text
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2024-04-30 22:44:32 +00:00
Anna Popova
80159018e4 s3:utils: Fix Inherit-Only flag being automatically propagated to children
Inherit-only flag applies only to the container it was set to and it
shouldn't be automatically propagated to children.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15636

Signed-off-by: Anna Popova <popova.anna235@gmail.com>
Reviewed-by: Noel Power <noel.power@suse.com>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Mon Apr 29 10:56:48 UTC 2024 on atb-devel-224
2024-04-29 10:56:48 +00:00
Andreas Schneider
96b5cfe4e6 s3:libsmb: Pass a memory context to get_ipc_connect()
Indirect leak of 792 byte(s) in 1 object(s) allocated from:                                                                                                                              #0 0x7f261b8dc03f in malloc (/lib64/libasan.so.8+0xdc03f) (BuildId: 3e1694ad218c99a8b1b69231666a27df63cf19d0)
    #1 0x7f261b2c2bc2 in __talloc_with_prefix ../../lib/talloc/talloc.c:783                                                                                                              #2 0x7f261b2c473d in __talloc ../../lib/talloc/talloc.c:825
    #3 0x7f261b2c473d in _talloc_named_const ../../lib/talloc/talloc.c:982
    #4 0x7f261b2c473d in _talloc_zero ../../lib/talloc/talloc.c:2421                                                                                                                     #5 0x7f2618cb42bc in smbXcli_conn_create ../../libcli/smb/smbXcli_base.c:350
    #6 0x7f261a74acd3 in cli_state_create ../../source3/libsmb/clientgen.c:196                                                                                                           #7 0x7f261a751f0d in cli_connect_nb_done ../../source3/libsmb/cliconnect.c:2715
    #8 0x7f261a69bacf in _tevent_req_notify_callback ../../lib/tevent/tevent_req.c:177                                                                                                   #9 0x7f261a69bd06 in tevent_req_finish ../../lib/tevent/tevent_req.c:234
    #10 0x7f261a69bd6e in _tevent_req_done ../../lib/tevent/tevent_req.c:240                                                                                                             #11 0x7f261a752dde in cli_connect_sock_done ../../source3/libsmb/cliconnect.c:2624
    #12 0x7f261a69bacf in _tevent_req_notify_callback ../../lib/tevent/tevent_req.c:177
    #13 0x7f261a69bd06 in tevent_req_finish ../../lib/tevent/tevent_req.c:234
    #14 0x7f261a69bd6e in _tevent_req_done ../../lib/tevent/tevent_req.c:240
    #15 0x7f261a7ba2c4 in smbsock_any_connect_connected ../../source3/libsmb/smbsock_connect.c:788
    #16 0x7f261a69bacf in _tevent_req_notify_callback ../../lib/tevent/tevent_req.c:177
    #17 0x7f261a69bd06 in tevent_req_finish ../../lib/tevent/tevent_req.c:234
    #18 0x7f261a69bd6e in _tevent_req_done ../../lib/tevent/tevent_req.c:240
    #19 0x7f261a7b75ad in smbsock_connect_connected ../../source3/libsmb/smbsock_connect.c:524
    #20 0x7f261a69bacf in _tevent_req_notify_callback ../../lib/tevent/tevent_req.c:177
    #21 0x7f261a69bd06 in tevent_req_finish ../../lib/tevent/tevent_req.c:234
    #22 0x7f261a69bd6e in _tevent_req_done ../../lib/tevent/tevent_req.c:240
    #23 0x7f261b4b400a in open_socket_out_connected ../../source3/lib/util_sock.c:484
    #24 0x7f261a69bacf in _tevent_req_notify_callback ../../lib/tevent/tevent_req.c:177
    #25 0x7f261a69bd06 in tevent_req_finish ../../lib/tevent/tevent_req.c:234
    #26 0x7f261a69be3e in tevent_req_trigger ../../lib/tevent/tevent_req.c:291
    #27 0x7f261a699df4 in tevent_common_invoke_immediate_handler ../../lib/tevent/tevent_immediate.c:190
    #28 0x7f261a699e31 in tevent_common_loop_immediate ../../lib/tevent/tevent_immediate.c:236
    #29 0x7f261a6ad3ec in epoll_event_loop_once ../../lib/tevent/tevent_epoll.c:905
    #30 0x7f261a6a679e in std_event_loop_once ../../lib/tevent/tevent_standard.c:110
    #31 0x7f261a696538 in _tevent_loop_once ../../lib/tevent/tevent.c:820

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Apr 29 09:48:47 UTC 2024 on atb-devel-224
2024-04-29 09:48:47 +00:00
Andreas Schneider
56426eda9b s3:libsmb: Make get_ipc_connect() static
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2024-04-29 08:43:32 +00:00
Andreas Schneider
bf688e0d2a s3:libnet: Fix memory leak in libnet_join_connect_dc_ipc()
Direct leak of 885 byte(s) in 1 object(s) allocated from:
    #0 0x7f261b8dc03f in malloc (/lib64/libasan.so.8+0xdc03f) (BuildId: 3e1694ad218c99a8b1b69231666a27df63cf19d0)
    #1 0x7f261b2c2bc2 in __talloc_with_prefix ../../lib/talloc/talloc.c:783
    #2 0x7f261b2c543c in _talloc_pool ../../lib/talloc/talloc.c:838
    #3 0x7f261b2c543c in _talloc_pooled_object ../../lib/talloc/talloc.c:906
    #4 0x7f261a69cac9 in __tevent_req_create ../../lib/tevent/tevent_req.c:98
    #5 0x7f261a75bf55 in cli_full_connection_creds_send ../../source3/libsmb/cliconnect.c:3455
    #6 0x7f261a75c4b7 in cli_full_connection_creds ../../source3/libsmb/cliconnect.c:3818
    #7 0x7f261b70d39f in libnet_join_connect_dc_ipc ../../source3/libnet/libnet_join.c:1146
    #8 0x7f261b715794 in libnet_join_lookup_dc_rpc ../../source3/libnet/libnet_join.c:1188
    #9 0x7f261b715794 in libnet_DomainJoin ../../source3/libnet/libnet_join.c:2812
    #10 0x7f261b715794 in libnet_Join ../../source3/libnet/libnet_join.c:3040
    #11 0x555bd93671ea in net_ads_join ../../source3/utils/net_ads.c:1855
    #12 0x555bd9415ca9 in net_join ../../source3/utils/net_join.c:45
    #13 0x555bd940b972 in net_run_function ../../source3/utils/net_util.c:464
    #14 0x555bd9363129 in main ../../source3/utils/net.c:1372
    #15 0x7f2616a281af in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2024-04-29 08:43:32 +00:00
Andreas Schneider
d2297b41a2 s3:libsmb: Pass memory context to cli_full_connection_creds()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2024-04-29 08:43:32 +00:00
Andreas Schneider
5c63d5bdab s3:libsmb: Pass memory context to cli_full_connection_creds_recv()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2024-04-29 08:43:32 +00:00
Andreas Schneider
8888f95947 s3:libsmb: Pass a memory context to cli_start_connection()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2024-04-29 08:43:32 +00:00
Andreas Schneider
f3fda1e440 s3:libsmb: Pass a memory context to cli_start_connection_recv()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2024-04-29 08:43:32 +00:00
Andreas Schneider
bbb21797bf s3:libsmb: Pass memory context to cli_connect_nb()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2024-04-29 08:43:32 +00:00
Andreas Schneider
4f62937dfa s3:torture: Remove trailing spaces in torture.c
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2024-04-29 08:43:32 +00:00
Andreas Schneider
c8eabee18b s3:nmbd: Remove trailing spaces in nmbd_synclists.c
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2024-04-29 08:43:32 +00:00
Andreas Schneider
2154bd37e4 s3:libsmb: Pass a memory context to cli_connect_nb_recv()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2024-04-29 08:43:32 +00:00
Stefan Metzmacher
a34532cd9b s3:selftest/tests.py: run TLDAP tests with sasl-sign,sasl-seal,ldaps,starttls
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-23 23:50:34 +00:00
Stefan Metzmacher
d189952f0e s3:torture: add ldaps/starttls support to run_tldap()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-23 23:50:34 +00:00
Stefan Metzmacher
09647d1dc9 s3:torture: add '-T 'option=value' this is similar to '--option='=value'
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-23 23:50:34 +00:00
Stefan Metzmacher
0f8a7c9ef6 s3:idmap_ad: add support for ADS_AUTH_SASL_{STARTTLS,LDAPS}
Review with: git show --patience

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-23 23:50:34 +00:00
Stefan Metzmacher
864ed28ce0 s3:libads: add support for ADS_AUTH_SASL_{STARTTLS,LDAPS}
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-23 23:50:34 +00:00
Stefan Metzmacher
844e1bdc6d smbdotconf: add client ldap sasl wrapping = {starttls,ldaps}
In order to use SASL authentitation within a TLS connection
we now provide "client ldap sasl wrapping = starttls" or
"client ldap sasl wrapping = ldaps".

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-23 23:50:34 +00:00
Stefan Metzmacher
576ac69cbb s3:libads: call gensec_set_channel_bindings() for tls connections
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-23 23:50:34 +00:00
Stefan Metzmacher
da87dbcea5 s3:libads: call ldap_set_option(LDAP_OPT_PROTOCOL_VERSION) as soon as possible
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-23 23:50:34 +00:00
Stefan Metzmacher
6a84552d59 s3:libads: add tls_wrapping into openldap
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-23 23:50:34 +00:00
Stefan Metzmacher
f1a83feb0e s3:libads: always require ber_sockbuf_add_io() and LDAP_OPT_SOCKBUF
There's no point in trying to support --with-ads, but only use
plaintext ldap without sign/seal.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-23 23:50:34 +00:00
Stefan Metzmacher
86e03bd515 s3:libads: use the correct struct sockbuf_io_desc type for 'sbiod' pointer
Using 'Sockbuf_IO_Desc' in idl implicitly means pidl will use
'struct Sockbuf_IO_Desc', which doesn't exist!

Using 'struct sockbuf_io_desc' which is used in OpenLDAP to
typedef Sockbuf_IO_Desc, we won't need to cast the assign the
'sbiod' pointer.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-23 23:50:34 +00:00
Stefan Metzmacher
e6593c297e s3:libads: no longer pass "GSS-SPNEGO" to ads_sasl_spnego_gensec_bind()
That's the only thing we use...

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-23 23:50:34 +00:00
Stefan Metzmacher
4775869589 s3:libads: remove dead code in ads_sasl_spnego_{gensec}_bind()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-23 23:50:34 +00:00
Stefan Metzmacher
aeed081fc8 s3:libads: directly use kerberos without asking the server
Every AD DC supports kerberos so we can just use it without
asking the server (in an untrusted way) if kerberos is supported.
So remove another useless roundtrip.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-23 23:50:34 +00:00
Stefan Metzmacher
09b69a12a6 s3:libads: use GSS-SPNEGO directly without asking for supportedSASLMechanisms
Every AD DC supports 'GSS-SPNEGO' and that's the only one we use anyway,
so remove an unused roundtrip.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-23 23:50:34 +00:00
Stefan Metzmacher
29b77a34aa s3:tldap: add support for [START]TLS
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-23 23:50:34 +00:00
Stefan Metzmacher
3798dc7aea s3:tldap: make tldap_gensec_bind_send/recv public
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-23 23:50:34 +00:00
Stefan Metzmacher
eb29f28a29 s3:tldap: add tldap_extended*
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-23 23:50:34 +00:00
Stefan Metzmacher
557de8f39e s3:tldap: store plain and gensec tstream
Also allow resetting to plain.

We now have ld->active as the currently active
tstream, which will allow us to add tls support
soon.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-23 23:50:34 +00:00
Stefan Metzmacher
3bf3d4d855 s3:tldap: let tldap_gensec_bind_send/recv use gensec_update_send/recv
We should not use the sync gensec_update() in async code!

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-23 23:50:34 +00:00
Stefan Metzmacher
4b22fa0153 s3:tldap: don't use 'supportedSASLMechanisms' and force 'GSS-SPNEGO' instead
All active directory dcs support 'GSS-SPNEGO'.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-23 23:50:34 +00:00
Stefan Metzmacher
8c5b522682 s3:tldap: simplify tldap_gensec_bind.h
We don't need any includes...

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-23 23:50:34 +00:00
Stefan Metzmacher
30440e0ee3 s3:tldap: simplify read_ldap_more() by using asn1_peek_full_tag()
An LDAP pdu is at least 7 bytes long, so we read at least 7 bytes,
then it's easy to use asn1_peek_full_tag() in order to find out the
whole length of the pdu on one go.

As a side effect it's now possible that wireshark can reassemble
the fragments in a socket_wrapper generated pcap file.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-23 23:50:34 +00:00
Stefan Metzmacher
ded41b0946 s3:libads: remove unused ADS_AUTH_SIMPLE_BIND code
We have other code to test simple binds.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-23 23:50:34 +00:00
Stefan Metzmacher
2e975ae983 s3:libads: remove unused include of gensec_internal.h
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-23 23:50:34 +00:00