sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00
Code
139,751 Commits 60 Branches 1,144 Tags 452 MiB
8b84282008
Commit Graph

139751 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Douglas Bagnall
8b84282008 util:datablob: data_blob_pad checks its alignment assumption 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15756

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Dec 20 07:59:51 UTC 2024 on atb-devel-224
 2024-12-20 07:59:51 +00:00
Douglas Bagnall
929f4d0ca5 bootstrap: we don't need python-crypt-r anymore 
Recent commits made pyglue wrap the same crypt[_r] that dsdb modules
use, which removes an extenal dependency.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15756

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2024-12-20 07:04:31 +00:00
Douglas Bagnall
552053b644 pytest: password_hash uses internal _glue.crypt 
This will remove an external dependency.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15756

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2024-12-20 07:04:31 +00:00
Douglas Bagnall
4af4dd8135 samba-tool user: hashlib.sha1 is always present 
We maybe thought we were checking that sha1 was in hashlib, but we were
only checking that hashlib is in the Python library (`hashlib.sha1()`
would not raise ImportError).

The documentation says hashlib always contains sha1 -- if that
changes, it is better we know by failing noisily with the import error
at the top of the file.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15756

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2024-12-20 07:04:31 +00:00
Douglas Bagnall
405187d2ef samba-tool user: use _glue.crypt, not crypt.crypt 
Because we know we have _glue.crypt, and we know it raises exceptions
rather than returning None, we can simplify the checks.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15756

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2024-12-20 07:04:31 +00:00
Douglas Bagnall
5636d30c09 pytest: test that _glue.crypt works 
The test vectors were generated via Python 3.10 crypt module, which
directly wraps crypt(3), which in this case is from glibc 2.39-0ubuntu8.3.

We mainly test the sha256 and sha512 vectors, which seems to be all we
use, and which are said to be widely supported.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15756

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2024-12-20 07:04:31 +00:00
Douglas Bagnall
88e3c82d88 pyglue: add crypt() function 
This wraps talloc_crypt_blob() from lib/util/util_crypt.c which in
turn wraps the system crypt[_r[n]].

We want this because the Python standard library crypt module is going
away. That one also wrapped the system crypt or crypt_r, so there
should be no change.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15756

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2024-12-20 07:04:31 +00:00
Douglas Bagnall
5f365e71c1 util: add a crypt strerror helper 
This will be used by Python also.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15756

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2024-12-20 07:04:31 +00:00
Douglas Bagnall
c7597380b4 dsdb:password_hash: use talloc_crypt_blob() 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15756

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2024-12-20 07:04:31 +00:00
Douglas Bagnall
1edb12f795 dsdb:password_hash: move hash_blob allocation up 
This will make the next patch simpler.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15756

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2024-12-20 07:04:31 +00:00
Douglas Bagnall
833455c7f9 util: add a crypt wrapper, derived from dsdb:password_hash 
This is going to be used by the dsdb password_hash module, and exposed
to Python via pyglue.

We're doing this because Python 3.13 has dropped crypt from the Python
standard library.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15756

Reviewed-by: Andreas Schneider <asn@samba.org>
 2024-12-20 07:04:31 +00:00
Douglas Bagnall
5ad1a93107 samba-tool: no traceback for unauthenticated rootdse access 
Under some circumstances rootdse returns an operations error with
"Operation unavailable without authentication" instead of insufficient
access rights.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Fri Dec 20 00:00:02 UTC 2024 on atb-devel-224
 2024-12-20 00:00:02 +00:00
Douglas Bagnall
d8b7712c53 ldb:dn_compare_base: avoid unlikely int overflow 
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2024-12-19 23:00:32 +00:00
Douglas Bagnall
4fa67dee9a ldb:dn_compare: be a bit more transitive 
If neither dn can casefold, they should be considered equal. Otherwise
cmp(dn1, dn2) will be inconsistent with cmp(dn2, dn1).

These will still sort to the end of the list, relative to any valid
DNs.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2024-12-19 23:00:32 +00:00
Douglas Bagnall
2a7e74898a ldb:kv_cache: s/ltdb/ldb_kv/ in comments and messages 
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2024-12-19 23:00:32 +00:00
Douglas Bagnall
781057b3ca ldb:kv: s/ltdb/ldb_kv/ in comments and messages 
with some subsequent tidy-ups for style.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2024-12-19 23:00:32 +00:00
Douglas Bagnall
77ad9096d0 ldb:ldb_pack: filter avoids looping over msg when attrs contain "*" 
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2024-12-19 23:00:32 +00:00
Douglas Bagnall
df3f7be326 ldb:dn_casefold_internal: TALLOC_FREE only what we talloced 
If the failure is not on the last component, we would have
TALLOC_FREE()ed some components that we hadn't set.

I think in all pathways we initialise the unset components to zero,
but we should be careful just in case.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2024-12-19 23:00:32 +00:00
Douglas Bagnall
9754980b03 ldb:tests: add tests ensuring indexes don't change search results 
The index code (lib/ldb_key_value/ldb_kv_index.c) recapitulates LDB
expression logic, and it seemed less than completely obvious that it
would never make a mistake and return a different result than an
unindexed search.

Here we run the same search on an unindexed database and on some that
have been indexed with a variety of options. We assert that the
results are identical over a number of searches.

By default, when run from the command line, that number is 495161,
which takes a couple of minutes. But if the SKIP_SLOW_TESTS
environment variable is set, the number is 33569, which takes 20
seconds or so. In selftest we set the variable and run the smaller
number.

The tests will print the cumulative search time for each database for
each testsuite, like this:

$ python3 lib/ldb/tests/python/index_transparency.py
..........................................................[...]
<class '__main__.SearchTest'>
25.78186821937561 <ldb connection tdb:///tmp/tmpf1x72x7l/tdb-indexed-dn.ldb>
17.73349642753601 <ldb connection tdb:///tmp/tmpf1x72x7l/tdb-half-indexed.ldb>
15.14864206314087 <ldb connection tdb:///tmp/tmpf1x72x7l/tdb-indexed-guid.ldb>
13.107165575027466 <ldb connection mdb:///tmp/tmpf1x72x7l/mdb-indexed.ldb>

Like all benchmarks it is interesting but misleading. One caveat here
is that you have (probably) compiled tdb in developer mode without
optimisation, while lmdb is probably a system package compiled with -O2,
though perhaps not tuned to your exact architecture.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2024-12-19 23:00:32 +00:00
Douglas Bagnall
9aefaa9dc9 lib:ldb-samba: use 'ldb' debug class more widely 
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2024-12-19 23:00:32 +00:00
Douglas Bagnall
0031a82478 selftest:S4: use PY_DEV_PROVISION for python dev-mode 
Maybe we could look also at other -X options and -v.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>

 2024-12-19 23:00:32 +00:00
Douglas Bagnall
4f57365a1e selftest:S4: use RR_PROVISION for rr recording 
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2024-12-19 23:00:32 +00:00
Douglas Bagnall
9a332b4feb selftest:S4: do not add 'env python' multiple times' 
While we have no sane reason to use

VALGRIND_PROVISION=1 GDB_PROVISION=1 make test...

we will soon gain PY_DEV_PROVISION, which could be useful in tandem
with valgrind, rr, or gdb, and this will allow that.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2024-12-19 23:00:32 +00:00
Stefan Metzmacher
4fcdb01808 libcli/util: let nt_errstr() fallback to hresult_errstr() 
Sometimes NTSTATUS fields return things like
HRES_SEC_E_WRONG_PRINCIPAL.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>

Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Wed Dec 18 18:30:08 UTC 2024 on atb-devel-224
 2024-12-18 18:30:08 +00:00
Stefan Metzmacher
6e0e9c4efc s4:scripting: fix gen_hresult.py 
Commit 6877e4849e reversed the
return values of hresult_errstr() and hresult_errstr_const().

hresult_errstr() should return "HRES_SEC_E_WRONG_PRINCIPAL",
while hresult_errstr_const() should return
"The target principal name is incorrect.".

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15769

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
 2024-12-18 17:29:37 +00:00
Volker Lendecke
ff4c70e03a lib: Fix error path memleaks in read_ea_list_entry() 
Don't leak the result on error

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Dec 18 09:30:33 UTC 2024 on atb-devel-224
 2024-12-18 09:30:33 +00:00
Volker Lendecke
dc84e98ed5 lib: Fix a comment 
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2024-12-18 08:25:35 +00:00
Volker Lendecke
df219ed818 smbd: Simplify smbd_do_qfsinfo() 
Do early returns, avoid else statements

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2024-12-18 08:25:34 +00:00
Volker Lendecke
70b3699f8b Fix whitespace 
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2024-12-18 08:25:34 +00:00
Volker Lendecke
ff63874306 vfs: Slightly speed up stream_dir() 
lp_parm_bool() is a relatively expensive string-based operation. Do it
only when needed.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2024-12-18 08:25:34 +00:00
Volker Lendecke
0dfaa08ce3 vfs: Simplify stream_dir() 
We know in advance how large "id_hex" is.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2024-12-18 08:25:34 +00:00
Volker Lendecke
fca8887900 Modernize DEBUGs 
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2024-12-18 08:25:34 +00:00
Volker Lendecke
7e8bfe738a pam_winbind: Fix Bug 15771 
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15771

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2024-12-18 08:25:34 +00:00
Pavel Filipenský
e0aab377bd s3:winbindd: Remove unused set_routing_domain() 
Commit 9a613f4 winbindd: add routing_domain as parameter to add_trusted_domain
deleted all calls of set_routing_domain().

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Dec 17 13:30:25 UTC 2024 on atb-devel-224
 2024-12-17 13:30:25 +00:00
Pavel Filipenský
890724f8a5 nsswitch:winbind: Remove WINBINDD_SHOW_SEQUENCE 
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2024-12-17 12:30:31 +00:00
Pavel Filipenský
bf20ec9642 s3:winbindd: Remove implementation of WINBINDD_SHOW_SEQUENCE 
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2024-12-17 12:30:31 +00:00
Pavel Filipenský
e97fbcc4b1 s4:torture: Remove test for deprecated WINBINDD_SHOW_SEQUENCE 
torture_winbind_struct_show_sequence() is failing if run as:

make -j8 test TESTS="samba4.rpc.lsa.trusted.*ad_dc samba4.winbind.struct.ad_dc"

The reason is that the test constructs two lists of domains and assumes
that the list contain same domains in the same order.

However:

- the list based on DO_STRUCT_REQ_REP(WINBINDD_SHOW_SEQUENCE, &req, &rep) contains 51 domains
- the list based on DO_STRUCT_REQ_REP(WINBINDD_LIST_TRUSTDOM, &req, &rep) contains 39 domains

and we got:

failure: show_sequence [ ../../source4/torture/winbind/struct_based.c:824: domlist[i].netbios_name was TORTURE201, expected TORTURE200: inconsistent order of domain lists
]

Both list are based on full domain list, however the smaller one filters
out domain without trust_type in winbindd_list_trusted_domains():

trust_type = get_trust_type_string(talloc_tos(), d, domain);
if (trust_type == NULL) {
continue;
}

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2024-12-17 12:30:31 +00:00
Pavel Filipenský
2e8009b4ca nsswitch:wbinfo: Remove implementation of deprecated '--sequence' 
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2024-12-17 12:30:31 +00:00
Pavel Filipenský
e52873766e docs-xml:manpages: Remove deprecated 'wbinfo --sequence' 
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2024-12-17 12:30:31 +00:00
Pavel Filipenský
a7d8d80179 nsswitch:tests: Remove test for deprecated wbinfo --sequence 
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2024-12-17 12:30:31 +00:00
Volker Lendecke
04977dbb67 smbd: Simplify rmdir_internals() 
Remove another "copy" of recursive_rmdir()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
 2024-12-17 12:30:31 +00:00
Volker Lendecke
83f7129e58 smbd: Streamline recursive_rmdir() 
By factoring out recursive_rmdir_fsp() we can do the recursion using
openat_pathref_fsp_lcomp(). This makes strace for a recursive
directory removal look a *lot* cleaner.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
 2024-12-17 12:30:31 +00:00
Volker Lendecke
663f03996c smbd: Simplify rmdir_internals() 
Remove a "copy" of can_delete_directory_hnd()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
 2024-12-17 12:30:31 +00:00
Volker Lendecke
cf69a9ef14 smbd: Factor out can_delete_directory_hnd() 
To be used in close.c next

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
 2024-12-17 12:30:31 +00:00
Volker Lendecke
671186d8f6 smbd: Make can_delete_directory_fsp() look cleaner in strace 
I'm not sure, but it might be that we don't have a full fd coming into
can_delete_directory_fsp() without O_PATH. We open a real fd for
readdir() in all cases, which we can use for sure in openat &
friends. Use that as dirfsp for openat.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
 2024-12-17 12:30:31 +00:00
Volker Lendecke
f29b06760a smbd: Fix can_delete_directory_fsp() 
We should only ignore veto files if they are about to deleted anyway

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
 2024-12-17 12:30:31 +00:00
Volker Lendecke
9afd9fc7da smbd: simplify can_delete_directory_fsp() 
openat_pathref_fsp_lcomp does all of what we do here manually
anyway. Use it.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
 2024-12-17 12:30:31 +00:00
Volker Lendecke
6262f9a66e smbd: Remove a pointless and partially wrong comment 
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
 2024-12-17 12:30:31 +00:00
Volker Lendecke
719d4f98c4 smbd: Fix typos 
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
 2024-12-17 12:30:31 +00:00
Volker Lendecke
6098724e8b smbd: Simplify ReadDirName() 
"fp" is only used for DBG messages where I don't think we need the
full accuracy of full_path_from_dirfsp_at_basename(). Save a talloc.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
 2024-12-17 12:30:31 +00:00