1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

123905 Commits

Author SHA1 Message Date
Volker Lendecke
d33cec8d44 pylibsmb: Merge remove_dir() into its only caller
Now that delete_tree is in python code, align py_smb_rmdir() with the
other functions.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-11-16 19:53:44 +00:00
Volker Lendecke
5ee42dd0e9 pylibsmb: Merge unlink_file() into its only caller
Now that delete_tree is in python code, align py_smb_unlink() with the
other functions.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-11-16 19:53:44 +00:00
Volker Lendecke
13aecb22f7 pylibsmb: Move deltree to python code
This is much shorter. There's also another aspect: I'm working on
improving cli_list() to not collect all files before starting to call
the callback function. This means that the cli_list cb will be called
from within tevent_loop_once(). In pylibsmb.c's deltree code this
would create a nested event loop. By moving the deltree code into the
python world this nested event loop is avoided. Now the python code
will first collect everything and then start to delete, avoiding the
nesting. A future development should make listing directories a
generator or something like that.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-11-16 19:53:44 +00:00
Volker Lendecke
2cff5990da pylibsmb: Add a compatible python-level wrapper
Right now this is empty, but it is the basis for moving complexity out
or pylibsmb.c into python code.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-11-16 19:53:44 +00:00
Jeremy Allison
26ba04a4d1 libcli: smb2: Never print length if smb2_signing_key_valid() fails for crypto blob.
Blob could be NULL.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14210

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Nov 16 09:47:38 UTC 2020 on sn-devel-184
2020-11-16 09:47:38 +00:00
Günther Deschner
a8ec830491 s4-torture: test file_line_parse as well
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Fri Nov 13 17:47:33 UTC 2020 on sn-devel-184
2020-11-13 17:47:33 +00:00
Jeremy Allison
ae4dd2ab82 lib: Fix file_lines_parse() to do what people expect. Much safer to use.
Take an incoming const char * pointer and return an allocated
array that must be freed. Don't expose the internal optimization
of file_lines_parse_internal() breaking the passed in string
into lines.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2020-11-13 16:22:32 +00:00
Jeremy Allison
61f6672d8b lib: create a wrapper for file_lines_parse().
Make the internal function file_lines_parse_internal().

Currently file_lines_parse() just wraps file_lines_parse_internal(),
but this allows me to change file_lines_parse() to take
a const char * to make it safe for callers (no talloc tricks).

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2020-11-13 16:22:32 +00:00
Gary Lockyer
2ba6d596ff tests python krb5: add arcfour salt tests
MIT kerberos returns a salt when ARCFOUR_HMAC_MD5 encryption selected,
Heimdal does not.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Nov 12 22:54:22 UTC 2020 on sn-devel-184
2020-11-12 22:54:22 +00:00
Gary Lockyer
d492355f29 tests python krb5: refactor compatability tests
Refactor to aid the adding of tests for the inclusion of a salt when
ARCFOUR_HMAC_MD5 encryption selected

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-11-12 21:30:32 +00:00
Gary Lockyer
a00a1c9745 tests python krb5: Convert kdc-heimdal to python
Implement the tests in source4/torture/krb5/kdc-heimdal.c in python.
The following tests were not re-implemented as they are client side
tests for the "Orpheus Lyre" attack:
       TORTURE_KRB5_TEST_CHANGE_SERVER_OUT
       TORTURE_KRB5_TEST_CHANGE_SERVER_IN
       TORTURE_KRB5_TEST_CHANGE_SERVER_BOTH

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-11-12 21:30:32 +00:00
Gary Lockyer
1bab87c50b tests python krb5: raw_testcase permit RC4 salts
MIT kerberos returns a salt when ARCFOUR_HMAC_MD5, this commit removes
the check that a salt is not returned.  A test for the difference
between MIT and Heimdal will be added in the subsequent commits.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-11-12 21:30:32 +00:00
Gary Lockyer
82a413f48b tests python krb5: Refactor compatability test constants
Modify tests to use the constants defined in rfc4120_constants.py

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-11-12 21:30:32 +00:00
Gary Lockyer
97b830cbca tests python krb5: Refactor canonicalization test constants
Modify tests to use the constants defined in rfc4120_constants.py

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-11-12 21:30:32 +00:00
Gary Lockyer
532c941fbb tests python krb5: Add constants module
Extract the constants used in the tests into a separate module.
To reduce code duplication

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-11-12 21:30:32 +00:00
Anoop C S
e9e06a11da vfs_shadow_copy2: Preserve all open flags assuming ROFS
Instead of replacing open flags with just O_RDONLY, filter out all those
flags unrelated to a Read Only File System

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14573

Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Nov 12 17:23:19 UTC 2020 on sn-devel-184
2020-11-12 17:23:19 +00:00
Andreas Schneider
8036bf9717 s3:smbd: Fix possible null pointer dereference in token_contains_name()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14572

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>

Autobuild-User(master): Alexander Bokovoy <ab@samba.org>
Autobuild-Date(master): Thu Nov 12 15:13:47 UTC 2020 on sn-devel-184
2020-11-12 15:13:47 +00:00
Alexander Bokovoy
2a8b672652 auth_sam: use pdb_get_domain_info to look up DNS forest information
When Samba is used as a part of FreeIPA domain controller, Windows
clients for a trusted AD forest may try to authenticate (perform logon
operation) as a REALM\name user account.

Fix auth_sam plugins to accept DNS forest name if we are running on a DC
with PASSDB module providing domain information (e.g. pdb_get_domain_info()
returning non-NULL structure). Right now, only FreeIPA or Samba AD DC
PASSDB backends return this information but Samba AD DC configuration is
explicitly ignored by the two auth_sam (strict and netlogon3) modules.

Detailed logs below:

[2020/11/11 09:23:53.281296,  1, pid=42677, effective(65534, 65534), real(65534, 0), class=rpc_parse] ../../librpc/ndr/ndr.c:482(ndr_print_function_debug)
       netr_LogonSamLogonWithFlags: struct netr_LogonSamLogonWithFlags
          in: struct netr_LogonSamLogonWithFlags
              server_name              : *
                  server_name              : '\\master.ipa.test'
              computer_name            : *
                  computer_name            : 'AD1'
              credential               : *
                  credential: struct netr_Authenticator
                      cred: struct netr_Credential
                          data                     : 529f4b087c5f6546
                      timestamp                : Wed Nov 11 09:23:55 AM 2020 UTC
              return_authenticator     : *
                  return_authenticator: struct netr_Authenticator
                      cred: struct netr_Credential
                          data                     : 204f28f622010000
                      timestamp                : Fri May  2 06:37:50 AM 1986 UTC
              logon_level              : NetlogonNetworkTransitiveInformation (6)
              logon                    : *
                  logon                    : union netr_LogonLevel(case 6)
                  network                  : *
                      network: struct netr_NetworkInfo
                          identity_info: struct netr_IdentityInfo
                              domain_name: struct lsa_String
                                  length                   : 0x0010 (16)
                                  size                     : 0x01fe (510)
                                  string                   : *
                                      string                   : 'IPA.TEST'
                              parameter_control        : 0x00002ae0 (10976)
                                     0: MSV1_0_CLEARTEXT_PASSWORD_ALLOWED
                                     0: MSV1_0_UPDATE_LOGON_STATISTICS
                                     0: MSV1_0_RETURN_USER_PARAMETERS
                                     0: MSV1_0_DONT_TRY_GUEST_ACCOUNT
                                     1: MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT
                                     1: MSV1_0_RETURN_PASSWORD_EXPIRY
                                     1: MSV1_0_USE_CLIENT_CHALLENGE
                                     0: MSV1_0_TRY_GUEST_ACCOUNT_ONLY
                                     1: MSV1_0_RETURN_PROFILE_PATH
                                     0: MSV1_0_TRY_SPECIFIED_DOMAIN_ONLY
                                     1: MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT
                                     0: MSV1_0_DISABLE_PERSONAL_FALLBACK
                                     1: MSV1_0_ALLOW_FORCE_GUEST
                                     0: MSV1_0_CLEARTEXT_PASSWORD_SUPPLIED
                                     0: MSV1_0_USE_DOMAIN_FOR_ROUTING_ONLY
                                     0: MSV1_0_ALLOW_MSVCHAPV2
                                     0: MSV1_0_S4U2SELF
                                     0: MSV1_0_CHECK_LOGONHOURS_FOR_S4U
                                     0: MSV1_0_SUBAUTHENTICATION_DLL_EX
                              logon_id                 : 0x0000000000884ef2 (8933106)
                              account_name: struct lsa_String
                                  length                   : 0x000e (14)
                                  size                     : 0x000e (14)
                                  string                   : *
                                      string                   : 'idmuser'
                              workstation: struct lsa_String
                                  length                   : 0x0000 (0)
                                  size                     : 0x0000 (0)
                                  string                   : *
                                      string                   : ''
                         challenge                : 417207867bd33c74
                          nt: struct netr_ChallengeResponse
                              length                   : 0x00c0 (192)
                              size                     : 0x00c0 (192)
                              data                     : *
                                  data: ARRAY(192)
  [0000] A5 24 62 6E 31 DF 69 66   9E DC 54 D6 63 4C D6 2F   .$bn1.if ..T.cL./
  [0010] 01 01 00 00 00 00 00 00   50 37 D7 60 0C B8 D6 01   ........ P7.`....
  [0020] 15 1B 38 4F 47 95 4D 62   00 00 00 00 02 00 0E 00   ..8OG.Mb ........
  [0030] 57 00 49 00 4E 00 32 00   30 00 31 00 36 00 01 00   W.I.N.2. 0.1.6...
  [0040] 06 00 41 00 44 00 31 00   04 00 18 00 77 00 69 00   ..A.D.1. ....w.i.
  [0050] 6E 00 32 00 30 00 31 00   36 00 2E 00 74 00 65 00   n.2.0.1. 6...t.e.
  [0060] 73 00 74 00 03 00 20 00   61 00 64 00 31 00 2E 00   s.t... . a.d.1...
  [0070] 77 00 69 00 6E 00 32 00   30 00 31 00 36 00 2E 00   w.i.n.2. 0.1.6...
  [0080] 74 00 65 00 73 00 74 00   05 00 18 00 77 00 69 00   t.e.s.t. ....w.i.
  [0090] 6E 00 32 00 30 00 31 00   36 00 2E 00 74 00 65 00   n.2.0.1. 6...t.e.
  [00A0] 73 00 74 00 07 00 08 00   50 37 D7 60 0C B8 D6 01   s.t..... P7.`....
  [00B0] 06 00 04 00 02 00 00 00   00 00 00 00 00 00 00 00   ........ ........
                          lm: struct netr_ChallengeResponse
                              length                   : 0x0018 (24)
                              size                     : 0x0018 (24)
                              data                     : *
                                  data                     : 000000000000000000000000000000000000000000000000
              validation_level         : 0x0006 (6)
              flags                    : *
                  flags                    : 0x00000000 (0)
                         0: NETLOGON_SAMLOGON_FLAG_PASS_TO_FOREST_ROOT
                         0: NETLOGON_SAMLOGON_FLAG_PASS_CROSS_FOREST_HOP
                         0: NETLOGON_SAMLOGON_FLAG_RODC_TO_OTHER_DOMAIN
                         0: NETLOGON_SAMLOGON_FLAG_RODC_NTLM_REQUEST

In such case checks for a workgroup name will not match the DNS forest
name used in the username specification:

[2020/11/11 09:23:53.283055,  3, pid=42677, effective(65534, 65534), real(65534, 0), class=auth] ../../source3/auth/auth.c:200(auth_check_ntlm_password)
  check_ntlm_password:  Checking password for unmapped user [IPA.TEST]\[idmuser]@[] with the new password interface
[2020/11/11 09:23:53.283073,  3, pid=42677, effective(65534, 65534), real(65534, 0), class=auth] ../../source3/auth/auth.c:203(auth_check_ntlm_password)
  check_ntlm_password:  mapped user is: [IPA.TEST]\[idmuser]@[]
[2020/11/11 09:23:53.283082, 10, pid=42677, effective(65534, 65534), real(65534, 0), class=auth] ../../source3/auth/auth.c:213(auth_check_ntlm_password)
  check_ntlm_password: auth_context challenge created by fixed
[2020/11/11 09:23:53.283091, 10, pid=42677, effective(65534, 65534), real(65534, 0), class=auth] ../../source3/auth/auth.c:216(auth_check_ntlm_password)
  challenge is:
[2020/11/11 09:23:53.283099,  5, pid=42677, effective(65534, 65534), real(65534, 0)] ../../lib/util/util.c:678(dump_data)
  [0000] 41 72 07 86 7B D3 3C 74                             Ar..{.<t
[2020/11/11 09:23:53.283113, 10, pid=42677, effective(65534, 65534), real(65534, 0), class=auth] ../../source3/auth/auth_sam.c:209(auth_sam_netlogon3_auth)
  auth_sam_netlogon3_auth: Check auth for: [IPA.TEST]\[idmuser]
[2020/11/11 09:23:53.283123,  5, pid=42677, effective(65534, 65534), real(65534, 0), class=auth] ../../source3/auth/auth_sam.c:234(auth_sam_netlogon3_auth)
  auth_sam_netlogon3_auth: IPA.TEST is not our domain name (DC for IPA)
[2020/11/11 09:23:53.283131, 10, pid=42677, effective(65534, 65534), real(65534, 0), class=auth] ../../source3/auth/auth.c:249(auth_check_ntlm_password)
  auth_check_ntlm_password: sam_netlogon3 had nothing to say

and overall authentication attempt will fail: auth_winbind will complain
that this domain is not a trusted one and refuse operating on it:

[2020/11/11 09:23:53.283784, 10, pid=42663, effective(0, 0), real(0, 0), class=winbind] ../../source3/winbindd/winbindd.c:742(process_request_send)
  process_request_send: process_request: Handling async request smbd(42677):PAM_AUTH_CRAP
[2020/11/11 09:23:53.283796,  3, pid=42663, effective(0, 0), real(0, 0), class=winbind] ../../source3/winbindd/winbindd_pam_auth_crap.c:110(winbindd_pam_auth_crap_send)
  [42677]: pam auth crap domain: [IPA.TEST] user: idmuser
[2020/11/11 09:23:53.283810,  3, pid=42663, effective(0, 0), real(0, 0), class=winbind] ../../source3/winbindd/winbindd_pam.c:409(find_auth_domain)
  Authentication for domain [IPA.TEST] refused as it is not a trusted domain
[2020/11/11 09:23:53.283825, 10, pid=42663, effective(0, 0), real(0, 0), class=winbind] ../../source3/winbindd/winbindd.c:810(process_request_done)
  process_request_done: [smbd(42677):PAM_AUTH_CRAP]: NT_STATUS_NO_SUCH_USER
[2020/11/11 09:23:53.283844, 10, pid=42663, effective(0, 0), real(0, 0), class=winbind] ../../source3/winbindd/winbindd.c:855(process_request_written)
  process_request_written: [smbd(42677):PAM_AUTH_CRAP]: delivered response to client

Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2020-11-12 13:49:34 +00:00
Stefan Metzmacher
dcd5a64ca7 selftest/subunithelper: also output as much of unterminated DETAILS
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Wed Nov 11 22:43:46 UTC 2020 on sn-devel-184
2020-11-11 22:43:46 +00:00
Stefan Metzmacher
3f556d9770 selftest/subunithelper: only let ']\n' lines to terminate
It should not be enough that a line ends with ']\n' is accident,
subunit DETAILS are terminated with '\n]\n'!

This gives a much higher chance to see the actual problem
without having them filtered by various 'filter-subunit' invocations.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-11-11 21:14:32 +00:00
Stefan Metzmacher
b3ffc61e2f SambaToolCmdTest: let assertCmdSuccess() escape ']\n' lines
This gives a much higher chance to see the actual problem
without having them filtered by various 'filter-subunit' invocations.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-11-11 21:14:32 +00:00
Stefan Metzmacher
40079975f7 testprogs/blackbox: make sure subunit.sh always terminates DETAILS with '\n]\n'
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-11-11 21:14:32 +00:00
Jeremy Allison
457b49c678 s3: modules: gluster. Fix the error I made in preventing talloc leaks from a function.
file_lines_parse() plays horrible tricks with
the passed-in talloc pointers and the hierarcy
which makes freeing hard to get right.

As we know mem_ctx is freed by the caller, after
calling file_lines_parse don't free on exit and let the caller
handle it. This violates good Samba coding practice
but we know we're not leaking here.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14486

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>

Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Wed Nov 11 15:02:27 UTC 2020 on sn-devel-184
2020-11-11 15:02:27 +00:00
Alexander Bokovoy
31c703766f lookup_name: allow lookup names prefixed with DNS forest root for FreeIPA DC
In FreeIPA deployment with active Global Catalog service, when a two-way
trust to Active Directory forest is established, Windows systems can
look up FreeIPA users and groups. When using a security tab in Windows
Explorer on AD side, a lookup over a trusted forest might come as
realm\name instead of NetBIOS domain name:

--------------------------------------------------------------------
[2020/01/13 11:12:39.859134,  1, pid=33253, effective(1732401004, 1732401004), real(1732401004, 0), class=rpc_parse] ../../librpc/ndr/ndr.c:471(ndr_print_function_debug)
       lsa_LookupNames3: struct lsa_LookupNames3
          in: struct lsa_LookupNames3
              handle                   : *
                  handle: struct policy_handle
                      handle_type              : 0x00000000 (0)
                      uuid                     : 0000000e-0000-0000-1c5e-a750e5810000
              num_names                : 0x00000001 (1)
              names: ARRAY(1)
                  names: struct lsa_String
                      length                   : 0x001e (30)
                      size                     : 0x0020 (32)
                      string                   : *
                          string                   : 'ipa.test\admins'
              sids                     : *
                  sids: struct lsa_TransSidArray3
                      count                    : 0x00000000 (0)
                      sids                     : NULL
              level                    : LSA_LOOKUP_NAMES_UPLEVEL_TRUSTS_ONLY2 (6)
              count                    : *
                  count                    : 0x00000000 (0)
              lookup_options           : LSA_LOOKUP_OPTION_SEARCH_ISOLATED_NAMES (0)
              client_revision          : LSA_CLIENT_REVISION_2 (2)
--------------------------------------------------------------------

If we are running as a DC and PASSDB supports returning domain info
(pdb_get_domain_info() returns a valid structure), check domain of the
name in lookup_name() against DNS forest name and allow the request to
be done against the primary domain. This corresponds to FreeIPA's use of
Samba as a DC. For normal domain members a realm-based lookup falls back
to a lookup over to its own domain controller with the help of winbindd.

Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Alexander Bokovoy <ab@samba.org>
Autobuild-Date(master): Wed Nov 11 10:59:01 UTC 2020 on sn-devel-184
2020-11-11 10:59:01 +00:00
Andrew Bartlett
f214a3ba5a selftest: Windows 2019 implements the RemoveDollar behaviour for Enterprise principals
This is documented in MS-KILE.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

Autobuild-User(master): Gary Lockyer <gary@samba.org>
Autobuild-Date(master): Wed Nov 11 02:38:46 UTC 2020 on sn-devel-184
2020-11-11 02:38:46 +00:00
Andrew Bartlett
fc77ece0e2 selftest: Add in encrypted-pa-data from RFC 6806
This comes from Windows 2019 which supports FAST.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2020-11-11 01:15:39 +00:00
Andrew Bartlett
ab8c0a181b selftest: Fix formatting of failure (traceback and options swapped in format string)
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2020-11-11 01:15:39 +00:00
Andrew Bartlett
2693f12fbe selftest: Make as_canonicalization_tests.py auto-detect the NT4 domain name
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2020-11-11 01:15:39 +00:00
Andrew Bartlett
d79218dbba samdb: Add samdb.domain_netbios_name()
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2020-11-11 01:15:39 +00:00
Andrew Bartlett
d85e71f449 selftest: Make as_canonicalization_tests.py easier to run outside "make test"
This takes the realm from the LDAP base DN and so avoids one
easy mistake to make.  So far the NT4 domain name is not
auto-detected, so much be read from the smb.conf.

By using .guess() the smb.conf is read for the unspecified
parts (eg workstation for an NTLM login to the LDAP server if
the target server is an IP address).

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2020-11-11 01:15:39 +00:00
Andrew Bartlett
579a3c641c selftest: Fix flipped machine and user constants
This naturally does not change the test, but reduces developer
confusion.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2020-11-11 01:15:39 +00:00
Andrew Bartlett
d7f731ed35 selftest: Send enterprise principals tagged as such
This test passed against Samba but failed against Windows when
an enterprise principal (user@domain.com@REALM) was encoded as
NT_PRINCIPAL.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2020-11-11 01:15:39 +00:00
Volker Lendecke
d762ab558a locking: hide share_mode_lock definition
This makes "struct share_mode_lock" an opaque data structure opened up
only to the code in locking/. This makes it much safer to modify the
data structure with defined accessor functions in share_mode_lock.c.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Nov 10 21:12:48 UTC 2020 on sn-devel-184
2020-11-10 21:12:48 +00:00
Volker Lendecke
df2ffaaa20 locking: move share_mode_flags_[gs]et to share_mode_lock.c
These routines parse and marshall the uint16 summary flag in
share_mode_data. open_file_ntcreate() and open_directory() are the
only real users of this. The user in oplock.c is just the lazy reset
of the "read lease exists somewhere" after asynchronously breaking
read oplocks after a write request.

This moves handling the flags into locking/ to consolidate data
structure handling of "share_mode_data" there.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-11-10 19:49:35 +00:00
Volker Lendecke
4b6f4ee43e smbd: Avoid references to share_mode_data->id
When calling open_mode_check() we know the file id. We can pass it to
the lower levels without dereferencing struct share_mode_lock.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-11-10 19:49:35 +00:00
Volker Lendecke
d220bae5a9 smbd: Remove a variable used just once
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-11-10 19:49:35 +00:00
Volker Lendecke
271a369fb9 smbd: Don't set share_mode_lock modified in grant_new_fsp_lease()
A new lease never triggers a retry. Setting d->modified to true just
triggered the watchers needlessly.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-11-10 19:49:35 +00:00
Volker Lendecke
f6abe33dd1 net_tdb: Use share_mode_data_dump()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-11-10 19:49:35 +00:00
Volker Lendecke
5c3a18e514 locking: Add share_mode_data_dump() accessor function
This is a special case for net tdb dump. The alternative would be to
change the net tdb dump behaviour.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-11-10 19:49:35 +00:00
Volker Lendecke
ce64b3caf3 net_tdb: Use share_mode_filename()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-11-10 19:49:35 +00:00
Volker Lendecke
affce737dc net_tdb: Use share_mode_servicepath()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-11-10 19:49:35 +00:00
Volker Lendecke
2337c1e3f8 net_tdb: Slightly restructure net_tdb_locking()
Remove the net_tdb_locking_fetch() subroutine. All of net_tdb_locking() is
still very simple, and net_tdb_locking_fetch() did the fetch as such plus
parsing the hex key. With this restructuring it was possible to avoid a direct
reference to lck->data->id.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-11-10 19:49:35 +00:00
Volker Lendecke
ee41ec8afe smbd: Use share_mode_servicepath() in scavenger.c
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-11-10 19:49:35 +00:00
Volker Lendecke
5aab299dff locking: Add share_mode_servicepath() accessor function
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-11-10 19:49:34 +00:00
Volker Lendecke
3d33eee536 smbd: Avoid share_mode_lock dereference in scavenger
Pass "struct file_id" to callees without accessing share_mode_lock
internals

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-11-10 19:49:34 +00:00
Volker Lendecke
53059dc6cb smbd: Use share_mode_filename() in scavenger.c
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-11-10 19:49:34 +00:00
Volker Lendecke
d2662dff7e smbstatus: Use share_mode_filename()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-11-10 19:49:34 +00:00
Volker Lendecke
701da78cc8 locking: Add share_mode_filename() accessor function
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-11-10 19:49:34 +00:00
Volker Lendecke
ec387d0481 smbd: Use share_mode_changed_write_time() in smbd/close.c
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-11-10 19:49:34 +00:00
Volker Lendecke
60f24079a9 smbd: Use share_mode_changed_write_time() in durable_disconnect()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-11-10 19:49:34 +00:00