1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

123034 Commits

Author SHA1 Message Date
Andreas Schneider
59a1272a6c auth:creds: Remove unused credentials autoproto header
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2020-08-19 16:22:40 +00:00
Andreas Schneider
b0ae876a6c s3:lib: Use smb_signing_setting_translate for cmdline parsing
The function will be removed soon.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2020-08-19 16:22:40 +00:00
Andreas Schneider
4bf8a66731 libcli:smb: Add smb_encryption_setting_translate()
Add encryption enum and function to avoid confusion when reading the
code.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2020-08-19 16:22:40 +00:00
Andreas Schneider
e524719010 libcli:smb: Add smb_signing_setting_translate()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2020-08-19 16:22:40 +00:00
Andreas Schneider
93e97d5afd lib:param: Add lpcfg_parse_enum_vals()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2020-08-19 16:22:40 +00:00
Andreas Schneider
5a733c3c1b docs-xml: Add 'client smb encrypt'
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2020-08-19 16:22:40 +00:00
Andreas Schneider
58e31f7874 s3:smbd: Use 'enum smb_encryption_setting' values
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2020-08-19 16:22:40 +00:00
Andreas Schneider
f03bb8ad8a param: Create and use enum_smb_encryption_vals
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2020-08-19 16:22:40 +00:00
Andreas Schneider
bd5a888746 param: Add 'server smb encrypt' parameter
And this also makes 'smb encrypt' a synonym of that.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2020-08-19 16:22:40 +00:00
Stefan Metzmacher
e913503540 auth:creds: Introduce CRED_SMB_CONF
We have several places where we check '> CRED_UNINITIALISED',
so we better don't use CRED_UNINITIALISED for values from
our smb.conf.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2020-08-19 16:22:40 +00:00
Andreas Schneider
46142d8398 libcli:smb2: Use talloc NULL context if we don't have a stackframe
If we execute this code from python we don't have a talloc stackframe
around and segfault with talloc_tos().

To fix the crash we use the NULL context as we take care for freeing the
memory as soon as possible.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2020-08-19 16:22:40 +00:00
Andreas Schneider
cf432bd452 libcli:smb2: Do not leak ptext on error
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2020-08-19 16:22:39 +00:00
Andreas Schneider
5de7c91e6d s3:smbd: Fix %U substitutions if it contains a domain name
'valid users = DOMAIN\%U' worked with Samba 3.6 and broke in a newer
version.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14467

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Aug 19 06:43:10 UTC 2020 on sn-devel-184
2020-08-19 06:43:10 +00:00
Andreas Schneider
53b6dd9512 s3:tests: Add test for 'valid users = DOMAIN\%U'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14467

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2020-08-19 05:21:40 +00:00
Jeremy Allison
cf0cfa03ac s3: libads: Don't re-do DNS lookups in ads_domain_func_level() if not needed.
ADS_STRUCT may be being reused after a
DC lookup from ads_find_dc(), so ads->ldap.ss may already have a
good address (even if ads->server.ldap_server == NULL).
Only re-initialize the ADS_STRUCT and redo the ads_find_fc()
DNS lookups if we have to.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Aug 18 09:46:28 UTC 2020 on sn-devel-184
2020-08-18 09:46:28 +00:00
Jeremy Allison
1d066f37b9 s3: libads: Don't re-do DNS lookups in ads_current_time() if not needed.
ADS_STRUCT may be being reused after a
DC lookup from ads_find_dc(), so ads->ldap.ss may already have a
good address (even if ads->server.ldap_server == NULL).
Only re-initialize the ADS_STRUCT and redo the ads_find_fc()
DNS lookups if we have to.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2020-08-18 08:25:39 +00:00
Jeremy Allison
c863cc2ba3 s3: libads: ads_connect can be passed in an ADS_STRUCT with an existing IP address.
ads_connect can be passed in a reused ADS_STRUCT
with an existing ads->ldap.ss IP address that
is stored by going through ads_find_dc()
if ads->server.ldap_server was NULL.

If ads->server.ldap_server is still NULL but
the target address isn't a zero ip address,
then store it off before zeroing out ads->ldap
so we don't keep doing multiple calls to
ads_find_dc() in the reuse case.

If a caller wants a clean ADS_STRUCT they
will re-initialize by calling ads_init(), or
call ads_destroy() both of which ensures
ads->ldap.ss is a correctly zero'ed out IP address
by using ads_zero_ldap().

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2020-08-18 08:25:39 +00:00
Jeremy Allison
6b47f3dbbc s3: libads: In ads_connect(), and ads_disconnect(), replace ZERO_STRUCT(ads->ldap) with calls to ads_zero_ldap(ads)
This clears out the memory, but also leaves ads->ldap as a valid (zero) IPaddr.
Otherwise it's left by accident as AF_UNSPEC (0).

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2020-08-18 08:25:39 +00:00
Jeremy Allison
61895749f5 s3: libads: Where we implicitly zero out ads->ldap in ads_init() or ads_destroy() ensure we call ads_zero_ldap() after.
For ads_destroy(), this has a mode where the memory is not destroyed
but is being re-initialized. Horrid, but that's the way it works right
now.

This clears out the memory, but also leaves ads->ldap as a valid (zero) IPaddr.
Otherwise it's left by accident as AF_UNSPEC (0).

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2020-08-18 08:25:39 +00:00
Jeremy Allison
0535a265f9 s3: libads: Add utility function ads_zero_ldap().
When initializing or re-initializing the ldap part of the ADS_STRUCT,
we should call this to ensure that ads->ldap.ss is correctly recognized
as a zero IPaddr by is_zero_addr(). It zeros out the ads->ldap but
then adds zero_sockaddr() to initialize as AF_INET. Otherwise it's
left by accident as AF_UNSPEC (0).

Not yet used.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2020-08-18 08:25:39 +00:00
Martin Schwenke
8bb6a6607d ctdb-recoverd: Broadcast takeover run message when verifying IPs
This makes it consistent with the monitoring code.  If the master has
changed then this means the master will always get the message.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Tue Aug 18 06:24:11 UTC 2020 on sn-devel-184
2020-08-18 06:24:11 +00:00
Martin Schwenke
4aa8e72d60 ctdb-recoverd: Rename update_local_flags() -> update_flags()
This also updates remote flags so the name is misleading.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14466
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2020-08-18 05:02:25 +00:00
Martin Schwenke
702c7c4934 ctdb-recoverd: Change update_local_flags() to use already retrieved nodemaps
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14466
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2020-08-18 05:02:25 +00:00
Martin Schwenke
910a0b3b74 ctdb-recoverd: Get remote nodemaps earlier
update_local_flags() will be changed to use these nodemaps.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14466
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2020-08-18 05:02:25 +00:00
Martin Schwenke
d50919b0cb ctdb-recoverd: Do not fetch the nodemap from the recovery master
The nodemap has already been fetched from the local node and is
actually passed to this function.  Care must be taken to avoid
referencing the "remote" nodemap for the recovery master.  It also
isn't useful to do so, since it would be the same nodemap.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14466
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2020-08-18 05:02:25 +00:00
Martin Schwenke
762d1d8a96 ctdb-recoverd: Change get_remote_nodemaps() to use connected nodes
The plan here is to use the nodemaps retrieved by get_remote_nodes()
in update_local_flags().  This will improve efficiency, since
get_remote_nodes() fetches flags from nodes in parallel.  It also
means that get_remote_nodes() can be used exactly once early on in
main_loop() to retrieve remote nodemaps.  Retrieving nodemaps multiple
times is unnecessary and racy - a single monitoring iteration should
not fetch flags multiple times and compare them.

This introduces a temporary behaviour change but it will be of no
consequence when the above changes are made.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14466
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2020-08-18 05:02:25 +00:00
Martin Schwenke
368c83bfe3 ctdb-recoverd: Fix node_pnn check and assignment of nodemap into array
This array is indexed by the same index as nodemap, not the PNN.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14466
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2020-08-18 05:02:25 +00:00
Martin Schwenke
10ce0dbf1c ctdb-recoverd: Add fail callback to assign banning credits
Also drop error handling in main_loop() that is replaced by this
change.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14466
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2020-08-18 05:02:25 +00:00
Martin Schwenke
a079ee3169 ctdb-recoverd: Add an intermediate state struct for nodemap fetching
This will allow an error callback to be added.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14466
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2020-08-18 05:02:25 +00:00
Martin Schwenke
2eaa0af616 ctdb-recoverd: Move memory allocation into get_remote_nodemaps()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14466
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2020-08-18 05:02:25 +00:00
Martin Schwenke
3324dd272c ctdb-recoverd: Change signature of get_remote_nodemaps()
Change 1st argument to a rec context, since this will be needed later.
Drop the nodemap argument and access it via rec->nodemap instead.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14466
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2020-08-18 05:02:25 +00:00
Martin Schwenke
d2d90f2502 ctdb-recoverd: Fix a local memory leak
The memory is allocated off the memory context used by the current
iteration of main loop.  It is freed when main loop completes the fix
doesn't require backporting to stable branches.  However, it is sloppy
so it is worth fixing.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14466
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2020-08-18 05:02:25 +00:00
Martin Schwenke
52f520d39c ctdb-recoverd: Basic cleanups for get_remote_nodemaps()
Don't log an error on failure - let the caller can do this.  Apart
from this: fix up coding style and modernise the remaining error
message.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14466
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2020-08-18 05:02:25 +00:00
Andrew Bartlett
20606fd0a4 WHATSNEW: list deprecated parameters
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14460

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Aug 18 01:32:21 UTC 2020 on sn-devel-184
2020-08-18 01:32:21 +00:00
Andrew Bartlett
8c9d9441ed docs: deprecate "raw NTLMv2 auth"
This parameter is appicable only to SMBv1 and we are deprecating SMBv1 specific
authentication options for possible removal.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14460

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2020-08-18 00:10:40 +00:00
Andrew Bartlett
37583b19d2 docs: deprecate "client plaintext auth"
This parameter is appicable only to SMBv1 and we are deprecating SMBv1 specific
authentication options for possible removal.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14460

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2020-08-18 00:10:40 +00:00
Andrew Bartlett
5543c11c8b docs: deprecate "client NTLMv2 auth"
This parameter is appicable only to SMBv1 and we are deprecating SMBv1 specific
authentication options for possible removal.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14460

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2020-08-18 00:10:40 +00:00
Andrew Bartlett
ac8e5ea22d docs: deprecate "client lanman auth"
This parameter is appicable only to SMBv1 and we are deprecating SMBv1 specific
authentication options for possible removal.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14460

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2020-08-18 00:10:40 +00:00
Andrew Bartlett
1b85db57e5 docs: deprecate "client use spnego"
This parameter is appicable only to SMBv1 and we are deprecating SMBv1 specific
authentication options for possible removal.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14460

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2020-08-18 00:10:40 +00:00
Andrew Bartlett
c6aa710f8d docs: Deprecate NT4-like domains and SMBv1-only protocol options
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14460

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2020-08-18 00:10:40 +00:00
Andrew Bartlett
9e212dd15e selftest: Do not let deprecated option warnings muck this test up
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14460

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2020-08-18 00:10:40 +00:00
Andrew Bartlett
d14cc45c98 param: Allow tests to silence deprecation warnings
This helps make output sensitive tests more reliable.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14460

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2020-08-18 00:10:40 +00:00
Andrew Bartlett
d3ff49f485 selftest: Add test for suppression of deprecation warnings
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14460

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2020-08-18 00:10:39 +00:00
Volker Lendecke
546a0f99e8 auth: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Aug 17 20:59:51 UTC 2020 on sn-devel-184
2020-08-17 20:59:51 +00:00
Volker Lendecke
6c42bc48f4 tests: Fix typos
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-08-17 19:35:38 +00:00
Volker Lendecke
f05f40316d Fix a comment typo copied around
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-08-17 19:35:38 +00:00
Volker Lendecke
4f3ab0e9ca ldap_server: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-08-17 19:35:37 +00:00
Volker Lendecke
07c6484433 torture: Align a few integer types
Also move a variable closer to its use

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-08-17 19:35:37 +00:00
Volker Lendecke
a6e506afd8 torture: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-08-17 19:35:37 +00:00
Volker Lendecke
5416fd2ce3 torture: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-08-17 19:35:37 +00:00