1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-25 23:21:54 +03:00
Commit Graph

132382 Commits

Author SHA1 Message Date
Andreas Schneider
5595765d4e testprogs: Use random usernames for export keytab tests
This avoids that subsequent tests because users already exist and cleanup didn't
work.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15308

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-02-20 21:58:32 +00:00
Andreas Schneider
93c7bbf4d2 testprogs: Use random usernames for kinit tests
This avoids that subsequent tests because users already exist and cleanup didn't
work.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15308

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-02-20 21:58:32 +00:00
Douglas Bagnall
0eb459edd8 talloc: remove Python 2 #if clauses
Also fix an obsolete related comment.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Feb 17 14:52:26 UTC 2023 on atb-devel-224
2023-02-17 14:52:26 +00:00
Douglas Bagnall
2edd028fc7 s4/wmi: begone
We don't use this and will never use this.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-02-17 13:59:29 +00:00
baixiangcpp
206dcf7d42 lib:util: File descriptor being closed repeatedly.
In file_load()/file_lines_load(), the file's fd is obtained using
open(), and in fd_load() the fd is converted to a FILE* using
fdopen(). However, after fclose(), the fd is closed again using
close().

Bug: https://bugzilla.samba.org/show_bug.cgi?id=15311
Signed-off-by: baixiangcpp baixiangcpp@gmail.com
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Feb 16 12:13:05 UTC 2023 on atb-devel-224
2023-02-16 12:13:05 +00:00
Andreas Schneider
8441c03ccf lib:ldb: Print a debug message in case we have a corrupted MDB
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Feb 15 09:05:56 UTC 2023 on atb-devel-224
2023-02-15 09:05:56 +00:00
Andreas Schneider
240c031e7f lib:ldb: Add the location to ldb_kv_parse_data_unpack() debug output
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2023-02-15 08:12:35 +00:00
Martin Schwenke
238056e5aa ctdb-scripts: Avoid using testparm to process its own output
When testparm processes the output of "testparm -v" (which includes
default values) it appears to do global checks (or some other sort of
initialisation logic) for all specified values.  This includes a DNS
lookup for the node's hostname, as a side-effect of a libldap
ldap_set_option() call when processing "ldap debug level".  If DNS
servers are down then this can induce timeouts, possibly resulting in
monitor timeouts.

Avoid this by using sed to extract configuration values from the
testparm cache file.

This is already shown to work when retrieving share paths, where
testparm is basically used as cat.  Update the sed pattern to avoid
matching empty values on the right-hand side of the equals ('=') -
this avoids the default empty path value (and "smb ports" never has an
empty value).

Corresponding test changes:

* 50.samba.monitor.111.sh no longer expects a failure from being
  unable to set smb ports, since testparm is no longer used in that
  code path.

* smb ports needs to be set in fake smb.conf so it is in the default
  output and can be extracted using sed.

* Although testparm --parameter-name is no longer used in
  50.samba.script, update the stub implementation (in case it is ever
  used again) to extract from fake smb.conf, since "smb ports" is now
  set there.  The change from $parameter to $param allows a long line
  to stay below 80 columns.

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Feb 14 08:43:53 UTC 2023 on atb-devel-224
2023-02-14 08:43:53 +00:00
Martin Schwenke
9a04ca1e1c ctdb-scripts: Do not replace commas with spaces in "smb ports" list
The list changed back to space-separated in commit
93448f4be9, so simplify the code a
little.

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
2023-02-14 07:44:30 +00:00
Martin Schwenke
029dddfb79 ctdb-scripts: Reformat script with "shfmt -w -p -i 0 -fn"
Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
2023-02-14 07:44:30 +00:00
Volker Lendecke
5d8647376f vfs: Fix whitespace in vfs_aixacl_util.c
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Feb 13 21:23:43 UTC 2023 on atb-devel-224
2023-02-13 21:23:43 +00:00
Volker Lendecke
1a040c7f7e smbd: Remove dptr_struct->expect_close
This was only set but never read

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-02-13 20:28:33 +00:00
Volker Lendecke
a49edcd0d2 smbd: Remove dptr_struct->spid
This was only set but never read

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-02-13 20:28:33 +00:00
Volker Lendecke
5c19e6ca75 smbd: Simplify SeekDir() with an early return
Review with git show -w

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-02-13 20:28:33 +00:00
Volker Lendecke
a1d348fd5e smbd: Simplify struct dptr_struct
We can access the file name via "dir_hnd"

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-02-13 20:28:33 +00:00
Volker Lendecke
8846b09007 lib: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-02-13 20:28:33 +00:00
Volker Lendecke
4bbf2b1127 lib: Simplify ms_has_wild() with strpbrk()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-02-13 20:28:33 +00:00
Volker Lendecke
6e856074b1 smbd: Use ISDOT() in dptr_create()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-02-13 20:28:33 +00:00
John Mulligan
54a8da8640 vfs_ceph: use fsp_get_pathref_fd in ceph fstatat and close vfs calls
Replace fsp_get_io_fd with fsp_get_pathref_fd as these calls do use
pathref fsps. fsp_get_io_fd asserts that the fsp is not pathref and
asserts (on a debug build) or returns -1 (non debug build).

Prior to these changes running ls on the root of the share failed.
Logging from the failure case:
```
openat_pathref_fsp: smb_fname [.]
openat_pathref_fullname: smb_fname [.]
fsp_new: allocated files structure (1 used)
file_name_hash: //. hash 0x3dfcc1c2
check_reduced_name: check_reduced_name [.] [/]
cephwrap_realpath: [CEPH] realpath(0x55604da9a030, .) = //.
check_reduced_name realpath [.] -> [//.]
check_reduced_name: . reduced to //.
cephwrap_openat: [CEPH] openat(0x55604da9a030, ., 0x55604da81f00, 133120, 0)
cephwrap_openat: [CEPH] open(...) = 10
cephwrap_fstat: fsp_get_io_fd: fsp [.] is a path referencing fsp
[CEPH] fstat(0x55604da9a030, -1)
fsp_get_io_fd: fsp [.] is a path referencing fsp
cephwrap_fstat: [CEPH] fstat(...) = -9
fd_openat: name ., flags = 04000 mode = 00, fd = 10.  NT_STATUS_INVALID_HANDLE
openat_pathref_fullname: Opening pathref for [.] failed: NT_STATUS_INVALID_HANDLE
```

This change also seems to match the recommendations in the `When to use
fsp_get_io_fd() or fsp_get_pathref_fd()` section of The_New_VFS.txt
document.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15307

Signed-off-by: John Mulligan <jmulligan@redhat.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Gunther Deschner <gdeschne@redhat.com>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Feb 13 20:04:38 UTC 2023 on atb-devel-224
2023-02-13 20:04:38 +00:00
Pavel Filipenský
58cdcce582 Add gitleaks configuration file to avoid false positives
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Pavel Filipensky <pfilipensky@samba.org>
Autobuild-Date(master): Mon Feb 13 18:45:21 UTC 2023 on atb-devel-224
2023-02-13 18:45:21 +00:00
Volker Lendecke
cc4e11d028 smbd: Remove smbXsrv_open_global0->db_rec
The only user by now was net serverid wipedbs, and there it was easy to replace

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Feb 13 10:49:43 UTC 2023 on atb-devel-224
2023-02-13 10:49:43 +00:00
Volker Lendecke
1bd16bc6d4 smbd: Use dbwrap_do_locked() in smb2srv_open_recreate()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-02-13 09:53:38 +00:00
Stefan Metzmacher
fede6b9f46 smbd: rename 'op' into 'global' in smbXsrv_open_cleanup_fn()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2023-02-13 09:53:38 +00:00
Volker Lendecke
ca872ad6ba smbd: let smbXsrv_open_cleanup() delete broken records
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Volker Lendecke <vl@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2023-02-13 09:53:38 +00:00
Volker Lendecke
a69950db4a smbd: Use dbwrap_do_locked() in smbXsrv_open_cleanup()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-02-13 09:53:38 +00:00
Volker Lendecke
62a6633193 smbd: Use dbwrap_do_locked() in smbXsrv_open_close()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-02-13 09:53:38 +00:00
Volker Lendecke
26b29ecbb9 smbd: Use dbwrap_do_locked() in smbXsrv_open_update()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-02-13 09:53:38 +00:00
Volker Lendecke
bfede670bd smbd: Use dbwrap_do_locked() in smbXsrv_open_global_allocate()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-02-13 09:53:38 +00:00
Volker Lendecke
84d22dc5f5 smbd: Make smbXsrv_open_global_allocate() store the record
Micro-step towards using dbwrap_do_locked()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-02-13 09:53:38 +00:00
Volker Lendecke
95e3ad7e43 smbd: Simplify smbXsrv_open_global_store()
Avoid the dependency on global->db_rec. This makes the callers more
verbose, but it makes the data dependencies much more obvious. This
will enable removing smbXsrv_open_global0->db_rec at some point.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-02-13 09:53:38 +00:00
Volker Lendecke
fafebc46c8 smbd: Move smbXsrv_open_global_verify_record() down in smbXsrv_open.c
Avoid prototypes

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-02-13 09:53:38 +00:00
Volker Lendecke
a93d93a97d smbd: Use generate_nonce_buffer() in smbXsrv_open_global_allocate()
We don't need anything cryptographic for persistent file handle ids

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-02-13 09:53:38 +00:00
Jeremy Allison
e8abe52df2 s3: smbd: Fix log spam. Change a normal error message from DBG_ERR (level 0) to DBG_INFO (level 5).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15302

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Sat Feb 11 08:48:05 UTC 2023 on atb-devel-224
2023-02-11 08:48:05 +00:00
David Mulder
5b7fc5b696 gp: gp_sudoers_ext warn w/out visudo installed
Rather than print an ugly error message from
Popen, display a warning to the user if visudo
is missing.

Signed-off-by: David Mulder <dmulder@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): David Mulder <dmulder@samba.org>
Autobuild-Date(master): Fri Feb 10 20:31:37 UTC 2023 on atb-devel-224
2023-02-10 20:31:37 +00:00
David Mulder
ff98ddf0f9 gp: Log ext failure with file and line number
Rather than dumping a traceback when there is a
failure, simply log the file name, line number
and the error message instead. This is much
cleaner.

Signed-off-by: David Mulder <dmulder@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-02-10 19:35:34 +00:00
Andrew Bartlett
075bd6b9f1 s4-auth: Free user_info_dc in KDC caller to authsam_update_user_info_dc()
It is up to the caller to choose if it wants to clean up the user_info_dc
memory early, we do so only in the KDC as was allocated on a context
provided to samba_kdc_update_pac_blob(), whereas auth_winbind uses
a locally managed tevent state as the memory context.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Feb  8 01:05:47 UTC 2023 on atb-devel-224
2023-02-08 01:05:47 +00:00
Joseph Sutton
6f09f06adc auth: Free empty SID arrays
In the unlikely event that these arrays are empty, they can be freed
early.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-02-08 00:03:40 +00:00
Joseph Sutton
77036bba01 tests/krb5: Use consistent ordering for etypes
The 'etype' field in a Kerberos request is ordered. Make this fact
clearer by using a tuple or an array to represent etypes rather than a
set.

get_default_enctypes() now returns encryption types in order of
strength. As a consequence, the encryption type chosen by the MIT KDC
matches up with that chosen by Windows, and more tests begin to pass.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-02-08 00:03:40 +00:00
Joseph Sutton
e5a6b001fd auth: Discard non-base SIDs when creating SamInfo2
Our SamLogon tests are now all passing.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-02-08 00:03:40 +00:00
Joseph Sutton
690748412e tests/krb5: Test groups returned by SamLogon
Levels NetlogonValidationSamInfo2 and NetlogonValidationSamInfo4 behave
as might be expected, so we pass those tests. NetlogonValidationSamInfo
returns no resource groups and doesn't set the NETLOGON_EXTRA_SIDS flag,
and we fail its test.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-02-08 00:03:40 +00:00
Joseph Sutton
718da90414 tests/krb5: Return validation structure from _test_samlogon()
This lets us check the groups that are returned.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-02-08 00:03:40 +00:00
Joseph Sutton
f38d4a33a6 tests/krb5: Allow tests to set SamLogon validation level
We'll want to test various levels to ensure they all behave as expected.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-02-08 00:03:40 +00:00
Joseph Sutton
f44943b2ba tests/krb5: Move _test_samlogon() to base class
We'll want to make use of it in the group tests.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-02-08 00:03:40 +00:00
Joseph Sutton
d2dc8370dd s4/dsdb/samldb: Disallow setting a domain-local group as a primary group
Windows also disallows this. Note that changing a primary group to a
domain-local group is allowed by both Windows and Samba.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-02-08 00:03:40 +00:00
Joseph Sutton
4f2f316213 selftest: Expect setting domain-local group as primary group to fail
This will no longer be allowed.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-02-08 00:03:40 +00:00
Joseph Sutton
1c3a8fa20c auth: Correct primary group handling
Heretofore we have treated the primary group SID specially, storing it
in a fixed position as the second element of the user_info_dc->sids
array, and filtering out other copies in the PAC_LOGON_INFO base
structure. This filtering has made it difficult to distinguish between
the case where the primary group is a universal or global group, located
in the base RIDs, and the case where it is a domain-local group, missing
from the base RIDs; especially since the attributes of a domain-local
primary group are lost by being stored in the PAC. Domain-local primary
groups are normally disallowed by Windows, but are allowed by Samba, and
so it is reasonable to support them with at least some measure of
consistency.

The second element of user_info_dc->sids is still reserved for the
primary group's SID, but we no longer filter out any other copies in the
array. The first two elements are no more than the SIDs of the user and
the primary group respectively; and the remaining SIDs are as if taken
without modification from arrays of SIDs in the PAC. user_info_dc->sids
should therefore become a more faithful representation of the SIDs in
the PAC. After adding resource SIDs to it with
dsdb_expand_resource_groups(), we should have a result that more closely
and in more cases matches that of Windows.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-02-08 00:03:40 +00:00
Joseph Sutton
4e21362935 s4-dsdb: Use correct primary group SID in token group test
This test will thereby continue to pass when we correct the handling of
primary groups.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-02-08 00:03:40 +00:00
Joseph Sutton
39e2413585 s4:torture: Remove assertion that primary group is not duplicated in user_info_dc
This assertion is one we will be breaking shortly.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-02-08 00:03:40 +00:00
Joseph Sutton
96485d8e16 tests/krb5: Add tests for the primary group
Primary groups are handled differently from normal groups of which a
user is simply a member. Of particular note is the case where a
domain-local group is made a primary group; a case normally disallowed
by Windows, but not by Samba. Therefore we want tests for it.

Our testing framework must be able to set the user's primary group, and
to clean up afterwards; to set the primary group RID of a PAC; and to
check that the primary group RID is as expected in the PAC returned to
us.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-02-08 00:03:40 +00:00
Joseph Sutton
e00eeed9d2 auth: Align integer types
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-02-08 00:03:40 +00:00