1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

131460 Commits

Author SHA1 Message Date
Joseph Sutton
5a613db6f5 tests/krb5: Add (un)expected group parameters to get_service_ticket() and get_tgt()
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-11-08 02:39:37 +00:00
Joseph Sutton
f59f696800 tests/krb5: Allow creating accounts without Resource SID compression support
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-11-08 02:39:37 +00:00
Joseph Sutton
29723765b3 tests/krb5: Allow adding multiple members to a group
As well as passing in a single 'str', we can now choose to pass a
collection of member DN strings.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-11-08 02:39:37 +00:00
Joseph Sutton
3a13e3b666 tests/krb5: Allow creating groups with a specified type
This will be useful for testing the handling of Domain-Local groups.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-11-08 02:39:37 +00:00
Joseph Sutton
6674f67537 tests/krb5: Fix bits_to_etypes() to not fail on Resource SID compression bit
It's not an encryption type bit, so we should ignore it here.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-11-08 02:39:37 +00:00
Joseph Sutton
90f39b6959 tests/krb5: Remember to pass in expected_groups parameter
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-11-08 02:39:37 +00:00
Joseph Sutton
0161d37574 tests/krb5: Remove unused copy-and-paste remnant
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-11-08 02:39:37 +00:00
Stefan Metzmacher
bdbe5c5a32 s4:kdc: add initial support for compound claims
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-11-08 02:39:37 +00:00
Stefan Metzmacher
f96fbe6eb1 s4:kdc: fetch client_claims_blob from samba_kdc_get_pac_blobs()
The blob will be empty until we properly support claims.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-11-08 02:39:37 +00:00
Stefan Metzmacher
03250eefaa s4:kdc: pass client_claims, device_info, device_claims into samba_make_krb5_pac()
This allows us to add claims blobs to the PAC once we have the ability
to create them.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-11-08 02:39:37 +00:00
Joseph Sutton
aa62775eb4 s4-auth: Make PAC parameters const
These functions have no need to modify the PACs passed in, and this
change permits us to operate on const PACs in the KDC.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-11-08 02:39:37 +00:00
Joseph Sutton
7d3416e8cb krb5: Detect support for krb5_const_pac type
We can't unconditionally assume (as we did in
third_party/heimdal_build/wscript_configure) that Heimdal has this type,
since we may have an older system Heimdal that lacks it. We must also
check whether krb5_pac_get_buffer() is usable with krb5_const_pac, and
declare krb5_const_pac as a non-const typedef if not.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-11-08 02:39:37 +00:00
Joseph Sutton
6fe6992258 wafsamba: Have CHECK_C_PROTOTYPE() pass through 'lib' into CHECK_CODE()
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-11-08 02:39:37 +00:00
Joseph Sutton
a3ee0ce255 wscript: Correctly determine dependencies for system Heimdal build
Previously, the call to CHECK_BUNDLED_SYSTEM() in
check_system_heimdal_lib() could have us pick up MIT Kerberos headers
when we should only be using system Heimdal headers. Now, we just
perform an explicit check for the functions we require, which should
avoid any use of the MIT libraries.

We also remove some library checks for Heimdal components that we don't
use directly, restricting the checks to only the functions we need.

Finally, we no longer need to recurse into third_party/heimdal_build
when performing a system Heimdal build.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-11-08 02:39:37 +00:00
Joseph Sutton
77bb72d672 build: Remove unused dependencies
We don't need to include these any more, and removing them allows us to
simplify the build system for system Heimdal builds.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-11-08 02:39:37 +00:00
Volker Lendecke
be1431a893 smbd: Don't hide directories with "hide new files timeout"
The intention of this option was to hide *files*. Before this patch we
also hide directories where new files are dropped.

This is a change in behaviour, but I think this option is niche enough
to justify not adding another parameter that we then need to test. If
workflows break with this change and people depend on directories also
to be hidden, we can still add the additional option value required.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Nov  7 22:58:33 UTC 2022 on sn-devel-184
2022-11-07 22:58:33 +00:00
Volker Lendecke
e8848a3eab torture: Show that "hide new files timeout" also hides directories
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-11-07 21:57:33 +00:00
Volker Lendecke
8b4a3c12a0 torture3: Run the "hidenewfiles" test against SMB2
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-11-07 21:57:33 +00:00
Volker Lendecke
721cfe9424 torture3: Fix a copy&paste error and a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-11-07 21:57:33 +00:00
David Mulder
635b1adfc5 gpo: GPME doesn't permit nesting of admx categories in builtin
The gnome settings were nested within a builtin
admx category, which GPME does not permit. This
was hiding the GNOME settings anytime windows
admx templates were present.

Signed-off-by: David Mulder <dmulder@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Nov  4 19:09:09 UTC 2022 on sn-devel-184
2022-11-04 19:09:09 +00:00
David Mulder
1eb2f1cca4 gpo: Install the GNOME Settings admx templates
Signed-off-by: David Mulder <dmulder@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-11-04 18:08:29 +00:00
David Mulder
853a4ecd83 gp: Move GNOME admx templates
waf fails to install the templates if there is a
space in the name.

Signed-off-by: David Mulder <dmulder@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-11-04 18:08:29 +00:00
Pavel Filipenský
f5d77cb627 s3:winbind: Avoid unnecessary locking in wb_parent_idmap_setup_send()
A function in tevent environment can span over several context loop iterations.
Every iteration 'unschedules' the current code and a different functions can
access not yet fully initialized structures.

A locking is used to avoid this. In tevent, we use tevent queues as a locking
mechanism. Every function trying to access lock protected data, puts itself to
a queue. The function must remove itself from the queue only after the complete
work is done.

A good coding practise is to lock only the smallest code path and not to use the
locking if not needed.

wb_parent_idmap_setup_send() uses queue "wb_parent_idmap_config_queue" for:
- testing if the setup is ready
- setting up all idmap domains

But "testing if the setup is ready" can be coded as an atomic operation without
needing a lock.

Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Nov  4 10:06:28 UTC 2022 on sn-devel-184
2022-11-04 10:06:28 +00:00
vporpo
b3292b541e smbget: Adds a rate limiting option --limit-rate in KB/s
This patch implements a very simple rate limiter. It works by pausing the main
download loop whenever the bytes transferred are more than what we would get
with if it were transferred at the rate set by the user.
Please note that this may reduce the blocksize if the limit is too small.

Signed-off-by: Vasileios Porpodas <v.porpodas@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Nov  2 22:47:10 UTC 2022 on sn-devel-184
2022-11-02 22:47:10 +00:00
Joseph Sutton
bf446bcf61 third_party/heimdal_build: Update fallthrough macro for switch statements
This is an adaptation to Heimdal:

commit 133f5174820b34e2a12c3f3412bf554cae2ee22f
Author: Daria Phoebe Brashear <dariaphoebe@auristor.com>
Date:   Fri Sep 16 09:57:24 2022 -0400

    rewrite fallthrough to HEIM_FALLTHROUGH to deal with new Apple SDKs

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Nov  2 05:21:29 UTC 2022 on sn-devel-184
2022-11-02 05:21:29 +00:00
Andrew Bartlett
ef28247f3b third_party/heimdal: import lorikeet-heimdal-202210310104 (commit 0fc20ff4144973047e6aaaeb2fc8708bd75be222)
This commit won't compile on it's own, as we need to fix the build system
to cope in the next commit.

The purpose of this commit is to update to a new lorikeet-heimdal tree
that includes the previous two patches and is rebased on a current
Heimdal master snapshot.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2022-11-02 04:23:34 +00:00
Volker Lendecke
ab4c7bda8d heimdal: Fix the 32-bit build on FreeBSD
REF: https://github.com/heimdal/heimdal/pull/1004
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15220

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-11-02 04:23:34 +00:00
Joseph Sutton
074e928497 third_party/heimdal: Introduce macro for common plugin structure elements
Heimdal's HDB plugin interface, and hence Samba's KDC that depends upon
it, doesn't work on 32-bit builds due to structure fields being arranged
in the wrong order. This problem presents itself in the form of
segmentation faults on 32-bit systems, but goes unnoticed on 64-bit
builds thanks to extra structure padding absorbing the errant fields.

This commit reorders the HDB plugin structure fields to prevent crashes
and introduces a common macro to ensure every plugin presents a
consistent interface.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15110

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-11-02 04:23:34 +00:00
Andrew Bartlett
6353f9e9c4 Add Heimdal test file test_base.c to bi-directional encoding ignore list
Heimdal commit c6a46f0c96dde73ef4f3a247a1e904d4cf15aeb2 introduces test data
that triggers our LTR and RTL detection code.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2022-11-02 04:23:34 +00:00
Jeremy Allison
bdbb38d16c s3: libsmbclient: Fix smbc_getxattr() to return 0 on success.
Remove knownfail.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14808

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Nov  1 18:31:22 UTC 2022 on sn-devel-184
2022-11-01 18:31:22 +00:00
Jeremy Allison
74636dfe24 s4: torture: Show return value for smbc_getxattr() is incorrect (returns >0 for success, should return zero).
Add torture test to show smbc_getxattr() should return -1 on
failure, 0 on success.

Add knownfail.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14808

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>
2022-11-01 17:32:30 +00:00
David Mulder
ffc59fe094 smbd: Correct store_smb2_posix_info size check
Signed-off-by: David Mulder <dmulder@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Oct 28 13:43:59 UTC 2022 on sn-devel-184
2022-10-28 13:43:59 +00:00
Daniel Kobras
69273c3a83 docs-xml: ea support option restricted to user ns
Update documentation to match current behavior.

Signed-off-by: Daniel Kobras <kobras@puzzle-itc.de>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Oct 28 07:24:18 UTC 2022 on sn-devel-184
2022-10-28 07:24:18 +00:00
Daniel Kobras
34c6db64c2 s3: smbd: Consistently map EAs to user namespace
Samba has always been mapping Windows EAs to the 'user' namespace on the
POSIX side. However, in the opposite direction, the mapping would also map
other user-readable POSIX EA namespaces to Windows EAs, only stripping the
'user' namespace prefix, and passing all other EA names verbatim.

This means any POSIX EA 'other.foo' collides with 'user.other.foo' on the
Windows side, hence the mapping of non-user namespaces is unreliable.
Also, copy operations via Windows would rename an existing POSIX EA
'other.foo' in the source file to 'user.other.foo' in the destination. The
'user' namespace, however, may not be enabled on the underlying filesystem,
leading to subtle failure modes like the ones reported in eg.
<https://bugzilla.samba.org/show_bug.cgi?id=15186>

Fix the issues by restricting the mapping to the 'user' POSIX EA namespace
consistently for either direction.

Link: https://lists.samba.org/archive/samba-technical/2022-September/137634.html
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15186

Signed-off-by: Daniel Kobras <kobras@puzzle-itc.de>
Reviewed-by: Michael Weiser <michael.weiser@atos.net>
Tested-by: Michael Weiser <michael.weiser@atos.net>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2022-10-28 06:24:30 +00:00
Stefan Metzmacher
8c94bbba27 testprogs/blackbox: add 'net ads keytab delete' tests to test_net_ads.sh
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Oct 27 22:14:53 UTC 2022 on sn-devel-184
2022-10-27 22:14:53 +00:00
Stefan Metzmacher
797b38f5f9 testprogs/blackbox: fix prinicple => principal in test_net_ads.sh
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-10-27 21:14:43 +00:00
Stefan Metzmacher
dd0984c719 testprogs/blackbox: let test_net_ads.sh consistently use the tmp WORKDIR
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-10-27 21:14:43 +00:00
Stefan Metzmacher
17779a6833 s3:util: add 'net ads keytab delete'
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-10-27 21:14:43 +00:00
Stefan Metzmacher
3dd26cb4d0 s3:libads: add ads_keytab_delete_entry()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-10-27 21:14:43 +00:00
Stefan Metzmacher
956c6562eb lib/krb5_wrap: add explicit keep_old_kvno/enctype_only args to smb_krb5_kt_seek_and_delete_old_entries()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-10-27 21:14:43 +00:00
Stefan Metzmacher
3881a440ee s3:libads: ads_keytab_flush() doesn't need a valid kvno
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-10-27 21:14:43 +00:00
Stefan Metzmacher
173b6f6e60 lib/krb5_wrap: document the enctype argument of smb_krb5_kt_seek_and_delete_old_entries()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-10-27 21:14:43 +00:00
Stefan Metzmacher
7958e18b8a lib/krb5_wrap: remove unused keep_old_entries argument from smb_krb5_kt_seek_and_delete_old_entries()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-10-27 21:14:43 +00:00
Stefan Metzmacher
b7ea69bdff lib/krb5_wrap: remove unused keep_old_entries argument from smb_krb5_kt_add_entry()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-10-27 21:14:43 +00:00
Samuel Cabrero
39cf93c79e bootstrap: Update to openSUSE 15.4
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-10-27 21:14:43 +00:00
Andreas Schneider
6f1a9ef207 lib:replace: Require bool from C99
https://fedoraproject.org/wiki/Changes/PortingToModernC

We define True to true from stdbool.h and the same for false. So we
don't have to do a cleanup now.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Oct 27 19:11:30 UTC 2022 on sn-devel-184
2022-10-27 19:11:30 +00:00
Andreas Schneider
ae86c620aa lib:replace: Fix trailing whitespace in wscript
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-10-27 18:18:36 +00:00
Andreas Schneider
3de61dc677 wafsamba: Add -Werror=implicit-int
https://fedoraproject.org/wiki/Changes/PortingToModernC

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-10-27 18:18:36 +00:00
Andreas Schneider
0e8949bde0 wafsamba: Add -Werror=old-style-definition
See https://fedoraproject.org/wiki/Changes/PortingToModernC

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-10-27 18:18:36 +00:00
Andreas Schneider
b787692b5e s3:utils: Fix old-style function definition
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-10-27 18:18:36 +00:00