1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00
Commit Graph

126795 Commits

Author SHA1 Message Date
Volker Lendecke
7818513053 samba-bgqd: Fix samba-bgqd with "clustering=yes"/"include=registry"
With the above combination, some flavor of lp_load() already
initializes global_event_ctx, for which the closeall_except() later on
will happily close the epoll fd for. If we want to close all file
descriptors at startup, this must be the very first thing overall.

Can't really write a proper test for this with knownfail that is
removed with the fix, because if we have clustering+include=registry,
the whole clusteredmember environment does not even start up.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Sat Jul 31 16:58:41 UTC 2021 on sn-devel-184
2021-07-31 16:58:41 +00:00
Jeremy Allison
2acad27686 s3: smbd: Don't leak meta-data about the containing directory of the share root.
This is a subtle one. In smbd_dirptr_get_entry() we now
open a pathref fsp on all entries - including "..".

If we're at the root of the share we don't want
a handle to the directory above it, so silently
close the smb_fname->fsp for ".." names to prevent
it from being used to return meta-data to the client
(more than we already have done historically by
calling pathname functions on "..").

The marshalling returned entries and async DOS
code copes with smb_fname->fsp == NULL perfectly
well.

Only in master, but will need fixing for 4.15.rc1
or 2.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14759

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Jul 28 15:07:54 UTC 2021 on sn-devel-184
2021-07-28 15:07:54 +00:00
Jeremy Allison
b004ebb1c6 s3: smbd: Allow async dosmode to cope with ".." pathnames where we close smb_fname->fsp to prevent meta-data leakage.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14759

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2021-07-28 14:16:31 +00:00
Andreas Schneider
696972c832 selftest: Remove fips env variables from client env
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Jul 28 07:12:55 UTC 2021 on sn-devel-184
2021-07-28 07:12:55 +00:00
Andreas Schneider
ebd00fbdd0 selftest: Pass env variables to fips tests
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2021-07-28 06:23:37 +00:00
Andreas Schneider
a324fc01b4 s4:selftests: Pass env variables to fips tests
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2021-07-28 06:23:37 +00:00
Andreas Schneider
eabf9803ec s3:selftests: Pass env variables to fips tests
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2021-07-28 06:23:37 +00:00
Andreas Schneider
48289b6964 selftest: Add support for setting ENV variables in plantestsuite()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2021-07-28 06:23:37 +00:00
Andreas Schneider
3db299e586 selftest: Add support for setting ENV variables in plansmbtorture4testsuite()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2021-07-28 06:23:37 +00:00
Andreas Schneider
18976a9568 selftest: Re-format long lines in selftesthelpers.py
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2021-07-28 06:23:37 +00:00
Pavel Filipenský
7fb741b3b1 krb5_wrap: remove unused code
Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Jul 27 10:09:03 UTC 2021 on sn-devel-184
2021-07-27 10:09:03 +00:00
Andreas Schneider
7b796b5bb7 lib:cmdline: Use lp_load_global() for servers
As for client we need to enable support for 'config backend = registry'.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Jul 22 14:47:09 UTC 2021 on sn-devel-184
2021-07-22 14:47:09 +00:00
Günther Deschner
11c9eb0ccc s3-torture: Only install vfstest manpage when vfstest binary gets installed.
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Wed Jul 21 13:41:26 UTC 2021 on sn-devel-184
2021-07-21 13:41:26 +00:00
Günther Deschner
bb7b957e2c s3-torture: give torture test binaries their own wscript_build
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2021-07-21 12:52:34 +00:00
Andreas Schneider
ee9dfff617 bootstrap: Install python3-dateutil instead of python3-iso8601 on RPM distros
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Jul 21 12:18:30 UTC 2021 on sn-devel-184
2021-07-21 12:18:30 +00:00
Andreas Schneider
e51e9d0145 python:waf: Correctly check for python-dateutil
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2021-07-21 11:27:36 +00:00
Andreas Schneider
84b9f58616 s3:tests: Add smbclient kerberos tests for ad_dc and ad_dc_fips
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Jul 21 07:19:00 UTC 2021 on sn-devel-184
2021-07-21 07:19:00 +00:00
Andreas Schneider
42e3fda5be autobuild: Exclude fips envs from samba and samba-mitkrb5
The FIPS envs only work on Fedora. Ubuntu doesn't have FIPS support!

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2021-07-21 06:30:31 +00:00
Andreas Schneider
e0fa3e359f bootstrap: Install krb5-workstation on Fedora based distros
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2021-07-21 06:30:31 +00:00
Stefan Metzmacher
0ac7106104 s3:smbd: really support AES-256* in the server
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14764

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jul 20 16:13:28 UTC 2021 on sn-devel-184
2021-07-20 16:13:28 +00:00
Stefan Metzmacher
407b458242 s4:torture/smb2: add tests to check all signing and encryption algorithms
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14764

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-07-20 15:25:37 +00:00
Stefan Metzmacher
5512416a8f gnutls: allow gnutls_aead_cipher_encryptv2 with gcm before 3.6.15
The memory leak bug up to 3.6.14 was only related to ccm, but gcm was
fine.

This avoids talloc+memcpy on more systems, e.g. ubuntu 20.04,
and brings ~ 20% less cpu overhead, see:
https://hackmd.io/@asn/samba_crypto_benchmarks

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14764

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2021-07-20 15:25:37 +00:00
David Mulder
f97f94e93b gpo: Improve debug when extension fails to apply
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-07-20 15:25:37 +00:00
David Mulder
4a5f6d88ff gpo: Warn when fetching the supported templates fails
When Certificate Auto Enrollment fails to fetch
the list of supported templates, display a
warning.

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-07-20 15:25:37 +00:00
David Mulder
a92b05ec7b gpo: Ensure Network Device Enrollment Service if sscep fails
Prompt the user to check that Network Device
Enrollment Service is installed and configured
if sscep fails to download the certificate root
chain.

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-07-20 15:25:37 +00:00
Stefan Metzmacher
bedeeb0b59 tdb: version 1.4.5
* fix standalone usage of tdb.h

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Jul 20 11:48:38 UTC 2021 on sn-devel-184
2021-07-20 11:48:37 +00:00
Günther Deschner
aacd3ecb45 tdb: Fix invalid syntax in tdb.h
Defining _PUBLIC_ in the same way as in talloc.h resolves an issue with
a previous fix for Solaris Studio compiler 12.4 that prefixed all calls
in tdb.h with _PUBLIC_.  Thanks to Lukas Slebodnik
<lslebodn@redhat.com>.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=14762

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2021-07-20 10:57:35 +00:00
Martin Schwenke
b724c1e6a6 utils: Avoid pylint warning
pylint warns:

  Use lazy % formatting in logging functions

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jose A. Rivera <jarrpa@samba.org>

Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Tue Jul 20 05:29:18 UTC 2021 on sn-devel-184
2021-07-20 05:29:18 +00:00
Martin Schwenke
319e27343d utils: Reformat lines that are longer than 80 columns
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jose A. Rivera <jarrpa@samba.org>
2021-07-20 04:43:37 +00:00
Martin Schwenke
98c7a38b71 utils: Tweak exception handling to stop flake8 complaining
Don't bother with "as e" to avoid warning about unused variable.
Don't use bare "except:" (though pylint still complains about this
version).

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jose A. Rivera <jarrpa@samba.org>
2021-07-20 04:43:37 +00:00
Martin Schwenke
12d3e215a6 utils: Simplify log level logic, drop global variable
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jose A. Rivera <jarrpa@samba.org>
2021-07-20 04:43:37 +00:00
Martin Schwenke
e323d16a9d utils: Inline defaults and help strings
Removes an unnecessary level of indirection: defaults and help strings
are now where they are expected.  Also removes some global variables.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jose A. Rivera <jarrpa@samba.org>
2021-07-20 04:43:37 +00:00
Martin Schwenke
af5aecced1 utils: Move argument processing into function and call from main()
Removes the need for the global variables currently associated with
this processing.  Also removes unnecessarily double-handling the
defaults, which are assigned to the global variables and set via
add_argument().

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jose A. Rivera <jarrpa@samba.org>
2021-07-20 04:43:37 +00:00
Martin Schwenke
e66637a079 utils: Reorder imports so that standard imports are first
Avoids numerous pylint warnings.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jose A. Rivera <jarrpa@samba.org>
2021-07-20 04:43:37 +00:00
Martin Schwenke
bd0b2bb6ee utils: Clean up ctdb_etcd_lock using autopep8
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jose A. Rivera <jarrpa@samba.org>
2021-07-20 04:43:37 +00:00
Martin Schwenke
939aed0498 utils: Use Python 3
Due to the number of flake8 and pylint warnings it is unclear if the
source has Python 3 incompatibilities.  These will be cleaned up in
subsequent commits.

Signed-off-by: "L.P.H. van Belle" <belle@bazuin.nl>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jose A. Rivera <jarrpa@samba.org>
2021-07-20 04:43:37 +00:00
Volker Lendecke
d961830cb5 examples: Make winreg.py sample work with python3 in current master
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Jul 19 17:44:08 UTC 2021 on sn-devel-184
2021-07-19 17:44:08 +00:00
Andreas Schneider
63cc92501e gitignore: Add .cache directory
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Jul 19 15:27:14 UTC 2021 on sn-devel-184
2021-07-19 15:27:14 +00:00
Andreas Schneider
b4a301a6b7 selftest: Add PYTHONPATH for lsp servers to devel_env.sh
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2021-07-19 14:38:34 +00:00
Andreas Schneider
1f047831c1 s3:utils: Use better error message for smbtree
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Jul 16 03:45:19 UTC 2021 on sn-devel-184
2021-07-16 03:45:19 +00:00
Stefan Metzmacher
155348cda6 libcli/smb: allow unexpected padding in SMB2 READ responses
Make use of smb2cli_parse_dyn_buffer() in smb2cli_read_done()
as it was exactly introduced for a similar problem see:

    commit 4c6c71e137
    Author:     Stefan Metzmacher <metze@samba.org>
    AuthorDate: Thu Jan 14 17:32:15 2021 +0100
    Commit:     Volker Lendecke <vl@samba.org>
    CommitDate: Fri Jan 15 08:36:34 2021 +0000

        libcli/smb: allow unexpected padding in SMB2 IOCTL responses

        A NetApp Ontap 7.3.7 SMB server add 8 padding bytes to an
        offset that's already 8 byte aligned.

        RN: Work around special SMB2 IOCTL response behavior of NetApp Ontap 7.3.7
        BUG: https://bugzilla.samba.org/show_bug.cgi?id=14607

        Pair-Programmed-With: Volker Lendecke <vl@samba.org>

        Signed-off-by: Stefan Metzmacher <metze@samba.org>
        Signed-off-by: Volker Lendecke <vl@samba.org>

        Autobuild-User(master): Volker Lendecke <vl@samba.org>
        Autobuild-Date(master): Fri Jan 15 08:36:34 UTC 2021 on sn-devel-184

RN: Work around special SMB2 READ response behavior of NetApp Ontap 7.3.7
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14607

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jul 15 23:53:55 UTC 2021 on sn-devel-184
2021-07-15 23:53:55 +00:00
Stefan Metzmacher
1faf15b3d0 libcli/smb: make smb2cli_ioctl_parse_buffer() available as smb2cli_parse_dyn_buffer()
It will be used in smb2cli_read.c soon...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14607

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-07-15 23:04:34 +00:00
Stefan Metzmacher
ef57fba5db s3:smbd: implement FSCTL_SMBTORTURE_GLOBAL_READ_RESPONSE_BODY_PADDING8
This turns the 'smb2.read.bug14607' test from 'skip' into 'xfailure',
as the 2nd smb2cli_read() function will now return
NT_STATUS_INVALID_NETWORK_RESPONSE.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14607

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-07-15 23:04:34 +00:00
Stefan Metzmacher
5ecac656fd s3:smbd: introduce a body_size variable in smbd_smb2_request_read_done
This will simplify the following changes.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14607

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-07-15 23:04:34 +00:00
Stefan Metzmacher
b3c9823d90 s4:torture/smb2: add smb2.read.bug14607 test
This test will use a FSCTL_SMBTORTURE_GLOBAL_READ_RESPONSE_BODY_PADDING8
in order to change the server behavior of READ responses regarding
the data offset.

It will demonstrate the problem in smb2cli_read*() triggered
by NetApp Ontap servers.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14607

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-07-15 23:04:34 +00:00
David Mulder
f813f8a54a Update WHATSNEW for Certificate Auto Enrollment
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jul 15 20:03:45 UTC 2021 on sn-devel-184
2021-07-15 20:03:45 +00:00
David Mulder
fd6df5356b gpo: Test Certificate Auto Enrollment Policy
Signed-off-by: David Mulder <dmulder@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-07-15 19:13:29 +00:00
David Mulder
9f0e6f3c06 gpo: Fix up rsop output of ca certificate
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-07-15 19:13:29 +00:00
David Mulder
9c0a174af2 gpo: Add Certificate Auto Enrollment Policy
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-07-15 19:13:29 +00:00
Karolin Seeger
cca9ce5977 WHATSNEW: Start release notes for Samba 4.16.0pre1.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Jule Anger <janger@samba.org>
2021-07-15 09:43:05 +02:00