1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

134195 Commits

Author SHA1 Message Date
Andreas Schneider
01c31c8f6d s3:spoolss: Remove dead code
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2023-08-03 14:31:34 +00:00
Andreas Schneider
0ed62798dd s3:utils: Fix code spelling
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2023-08-03 14:31:34 +00:00
Andreas Schneider
edcebcd48a lib:tevent: Fix code spelling
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2023-08-03 14:31:34 +00:00
Andreas Schneider
d0b2c27d2f lib:fuzzing: Fix code spelling
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2023-08-03 14:31:34 +00:00
Joseph Sutton
06d673a1a0 third_party/heimdal: Import lorikeet-heimdal-202308030152 (commit 2a036a6fd80833799316b8a85623cdea3a1135df)
This import fixes the build on 32-bit FreeBSD.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15443

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Joseph Sutton <jsutton@samba.org>
Autobuild-Date(master): Thu Aug  3 05:40:28 UTC 2023 on atb-devel-224
2023-08-03 05:40:28 +00:00
Andrew Bartlett
0031625598 dsdb: Make a shallow copy of ldb_parse_tree in operational module
We should not be making modifications to caller memory.  In
particular, this causes problems for logging of requests if the
original request becomes modified.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15442

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Aug  2 12:10:20 UTC 2023 on atb-devel-224
2023-08-02 12:10:19 +00:00
Andrew Bartlett
3b51091c20 dsdb: Replace talloc_steal() with a shallow copy and reference in dsdb_paged_results
We should not be stealing caller memory like this, and while a
talloc_reference() is not much better, this combined with a
shallow copy should be a little better in terms of polite
memory management.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15442

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-08-02 11:16:41 +00:00
Stefan Metzmacher
1b68bd977a paged_results: add no memory checks in paged_search()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15442

Signed-off-by: Arvid Requate <requate@univention.de>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>

[abartlet@samba.org combination of two patches by the above authors]
2023-08-02 11:16:41 +00:00
Andrew Bartlett
c67534fe3f selftest: Add test for combination of anr and paged_results
This combination was known to cause a segfault in Samba 4.13, fixed by
5f0590362c in later versions.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14970

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-08-02 11:16:41 +00:00
Jones Syue
8f4c1c67b4 vfs_aio_pthread: fix segfault if samba-tool ntacl get
If configured as AD DC and aio_pthread appended into 'vfs objects'[1],
run these commands would get segfault:
1. sudo samba-tool ntacl get .
2. sudo net vfs getntacl sysvol .
gdb said it goes through aio_pthread_openat_fn() @ vfs_aio_pthread.c[2],
and the fsp->conn->sconn->client is null (0x0).

'sconn->client' memory is allocated when a new connection is accpeted:
smbd_accept_connection > smbd_process > smbXsrv_client_create
While running local commands looks like it would not go through
smbXsrv_client_create so the 'client' is null, segfault might happen.
We should not dereference 'client->server_multi_channel_enabled',
if 'client' is null.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15441

[1] smb.conf example, samba-4.18.5, ubuntu 22.04.2
[global]
        dns forwarder = 127.0.0.53
        netbios name = U22-JONES-88X1
        realm = U22-JONES-88X1.X88X1.JONES
        server role = active directory domain controller
        workgroup = X88X1
        idmap_ldb:use rfc2307 = yes
        vfs objects = dfs_samba4 acl_xattr aio_pthread

[sysvol]
        path = /var/lib/samba/sysvol
        read only = No

[netlogon]
        path = /var/lib/samba/sysvol/u22-jones-88x1.x88x1.jones/scripts
        read only = No

[2] gdb
(gdb) run /usr/local/samba/bin/samba-tool ntacl get .
Starting program: /usr/local/Python3/bin/python3 /usr/local/samba/bin/samba-tool ntacl get .
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/libthread_db.so.1".

Program received signal SIGSEGV, Segmentation fault.
0x00007fffd0eb809e in aio_pthread_openat_fn (handle=0x8d5cc0, dirfsp=0x8c3070, smb_fname=0x18ab4f0, fsp=0x1af3550, flags=196608, mode=0)
    at ../../source3/modules/vfs_aio_pthread.c:467
warning: Source file is more recent than executable.
467             if (fsp->conn->sconn->client->server_multi_channel_enabled) {
(gdb) bt
    at ../../source3/modules/vfs_aio_pthread.c:467
    at ../../source3/smbd/pysmbd.c:320
---Type <return> to continue, or q <return> to quit---
(gdb) f
    at ../../source3/modules/vfs_aio_pthread.c:467
467             if (fsp->conn->sconn->client->server_multi_channel_enabled) {
(gdb) p fsp->conn->sconn->client
$1 = (struct smbXsrv_client *) 0x0
(gdb)

Signed-off-by: Jones Syue <jonessyue@qnap.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-08-02 11:16:40 +00:00
Andrew Bartlett
d23dd3e26c dsdb: Add tracing to dsdb_search_dn() similar to gendb_search_v()
The aim of this tracing is to make it simple to follow the
requests made from the RPC server and similar to LDB now that
gendb_search_v() is no longer the dominant interface.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Jul 31 11:49:19 UTC 2023 on atb-devel-224
2023-07-31 11:49:19 +00:00
Andrew Bartlett
78669a0458 dsdb: Add tracing to dsdb_search() similar to gendb_search_v()
The aim of this tracing is to make it simple to follow the
requests made from the RPC server and similar to LDB now that
gendb_search_v() is no longer the dominant interface.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-07-31 10:56:54 +00:00
Andrew Bartlett
acf6d89c3e dsdb: Add dsdb_search_scope_as_string() and use in ldap_backend.c
This will be useful when adding debugging to other routines.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-07-31 10:56:54 +00:00
Andrew Bartlett
5cc861603a lib/util: Move DEBUG() calls in gendb_search_v to common levels and new DBG_*() pattern
This moves success logs 6 -> 10, failure logs 4 -> 5.

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2023-07-31 10:56:54 +00:00
Pavel Filipenský
c58a714232 lib:krb5_wrap: Fix resource leak in smb_krb5_kt_seek_and_delete_old_entries
Reported by Red Hat internal covscan
leaked_storage: Variable "cursor" going out of scope leaks the storage it points to.

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-07-31 10:56:54 +00:00
Pavel Filipenský
3ef5162dcd auth:credentials: Fix resource leak in cli_credentials_set_from_ccache()
Reported by Red Hat internal covscan
leaked_storage: Variable "princ" going out of scope leaks the storage it points to.

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-07-31 10:56:54 +00:00
Pavel Filipenský
256471299a auth:kerberos: Fix resource leak in smb_krb5_update_keytab()
Reported by Red Hat internal covscan
leaked_storage: Variable "keytab" going out of scope leaks the storage it points to.

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-07-31 10:56:54 +00:00
Pavel Filipenský
f1356805ba auth:kerberos: Fix resource leak in smb_krb5_get_keytab_container()
Reported by Red Hat internal covscan
leaked_storage: Variable "keytab" going out of scope leaks the storage it points to.

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-07-31 10:56:54 +00:00
Pavel Filipenský
dfc26dc494 auth:kerberos: Fix resource leak in parse_principal()
Reported by Red Hat internal covscan
leaked_storage: Variable "princ" going out of scope leaks the storage it points to.

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-07-31 10:56:54 +00:00
Pavel Filipenský
f374da1dd9 s4:auth: Fix trailing whitespaces in kerberos_util.c
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-07-31 10:56:54 +00:00
David Mulder
16eaf7fd52 gp: Cleanup some unused code
Signed-off-by: David Mulder <dmulder@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Jul 31 10:55:26 UTC 2023 on atb-devel-224
2023-07-31 10:55:26 +00:00
David Mulder
ab2cda7928 gp: Ensure centrify crontab user policy performs proper cleanup
This resolves cleanup issues for user and group
centrify compatible policies. It also ensures the
crontab policies use functions from the scripts
policy, to avoid code duplication and simplify
cleanup.

Signed-off-by: David Mulder <dmulder@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-07-31 09:58:30 +00:00
David Mulder
8cc706c102 gp: Ensure script user policy performs proper cleanup
This resolves cleanup issues for scripts user
policy.

Signed-off-by: David Mulder <dmulder@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-07-31 09:58:30 +00:00
David Mulder
b278f15890 gp: Ensure smb.conf policy preforms proper cleanup
Signed-off-by: David Mulder <dmulder@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-07-31 09:58:30 +00:00
David Mulder
a330ad7b2c gp: Ensure MOTD policy preforms proper cleanup
Signed-off-by: David Mulder <dmulder@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-07-31 09:58:30 +00:00
David Mulder
8bdb1b6533 gp: Ensure Issue policy preforms proper cleanup
Signed-off-by: David Mulder <dmulder@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-07-31 09:58:30 +00:00
David Mulder
8a24829093 gp: Ensure Messages policy preforms proper cleanup
Signed-off-by: David Mulder <dmulder@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-07-31 09:58:30 +00:00
David Mulder
03d796c677 gp: Ensure Firefox policy preforms proper cleanup
Now uses gp_misc_applier to ensure old settings
are properly cleaned up.

Signed-off-by: David Mulder <dmulder@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-07-31 09:58:30 +00:00
David Mulder
8f59ce543a gp: Add a misc applier, to assist some gp exts
Signed-off-by: David Mulder <dmulder@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-07-31 09:58:30 +00:00
David Mulder
6ac22de749 gp: Ensure Firewalld preforms proper cleanup
Now uses gp_applier to ensure old settings are
properly cleaned up.

Signed-off-by: David Mulder <dmulder@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-07-31 09:58:30 +00:00
David Mulder
7db3b63e76 gp: Test modifying centrify crontab user policy enforces changes
Signed-off-by: David Mulder <dmulder@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-07-31 09:58:30 +00:00
David Mulder
70d3601fc6 gp: Test modifying script user policy enforces changes
Signed-off-by: David Mulder <dmulder@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-07-31 09:58:30 +00:00
David Mulder
5c2dc0cce4 gp: Test modifying smb.conf policy enforces changes
Signed-off-by: David Mulder <dmulder@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-07-31 09:58:30 +00:00
David Mulder
c557171800 gp: Test modifying Issue policy enforces changes
Signed-off-by: David Mulder <dmulder@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-07-31 09:58:30 +00:00
David Mulder
ae752b8c0b gp: Test modifying Messages policy enforces changes
Signed-off-by: David Mulder <dmulder@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-07-31 09:58:30 +00:00
David Mulder
ef0c54d7c2 gp: Test modifying MOTD policy enforces changes
Signed-off-by: David Mulder <dmulder@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-07-31 09:58:30 +00:00
David Mulder
32a70df7e4 gp: Test modifying firefox policy enforces changes
Signed-off-by: David Mulder <dmulder@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-07-31 09:58:30 +00:00
David Mulder
b49d150db9 gp: Test modifying firewalld policy enforces changes
Ensure that modifying the firewalld policy and
re-applying will enforce the correct policy.

Signed-off-by: David Mulder <dmulder@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-07-31 09:58:30 +00:00
David Mulder
217beca6e9 gp: Ensure Firewalld tests don't flop
This test was failing depending on the system it
was run on, since the result depends on whether
firewalld python bindings were installed. This
wasn't failing in CI (and so there is no flopping
test marked), but does fail on some local systems.

Signed-off-by: David Mulder <dmulder@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-07-31 09:58:30 +00:00
Andrew Bartlett
5571ce9619 dsdb: Use samdb_system_container_dn() in pdb_samba_dsdb_*()
This makes more calls to add children, but avoids the cn=system string in the
codebase which makes it easier to audit that this is always being built
correctly.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Jul 31 07:20:21 UTC 2023 on atb-devel-224
2023-07-31 07:20:21 +00:00
Andrew Bartlett
4250d07e4d dsdb: Use samdb_system_container_dn() in dsdb_trust_*()
This is now exactly the same actions, but just uses common code to do it.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-07-31 06:18:33 +00:00
Andrew Bartlett
9b4f3f3cb4 s4-rpc_server/backupkey: Use samdb_system_container_dn() in get_lsa_secret()
This is now exactly the same actions, but just uses common code to do it.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-07-31 06:18:33 +00:00
Andrew Bartlett
13eed1e0e7 s4-rpc_server/backupkey: Use samdb_system_container_dn() in set_lsa_secret()
This is now exactly the same actions, but just uses common code to do it.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-07-31 06:18:33 +00:00
Andrew Bartlett
a900f6aa5d s4-rpc_server/netlogon: Use samdb_system_container_dn() in fill_trusted_domains_array()
This is now exactly the same actions, but just uses common code to do it.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-07-31 06:18:33 +00:00
Andrew Bartlett
4e18066fa2 s4-rpc_server/lsa: Use samdb_system_container_dn() in dcesrv_lsa_get_policy_state()
This is now exactly the same actions, but just uses common code to do it.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-07-31 06:18:33 +00:00
Andrew Bartlett
3669caa97f dsdb: Use samdb_get_system_container_dn() to get Password Settings Container
By doing this we use the common samdb_get_system_container_dn() routine and we
avoid doing a linerize and parse step on the main DN, instead using the
already stored parse of the DN.  This is more hygenic.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-07-31 06:18:33 +00:00
Andrew Bartlett
97b682e0eb dsdb: Use samdb_system_container_dn() in samldb.c
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-07-31 06:18:33 +00:00
Andrew Bartlett
25b0e1102e dsdb: Add new function samdb_system_container_dn()
This will replace many calls crafting or searching for this DN
elsewhere in the code.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2023-07-31 06:18:33 +00:00
Arvid Requate
2d461844a2 Bug #9959: Don't search for CN=System
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959

Signed-off-by: Arvid Requate <requate@univention.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-07-31 06:18:32 +00:00
Arvid Requate
b6e80733c3 For Bug #9959: local talloc frame for next commit
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959

Signed-off-by: Arvid Requate <requate@univention.de>

[abartlet@samba.org Added additional talloc_free() in failure paths]
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-07-31 06:18:32 +00:00