1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Commit Graph

129232 Commits

Author SHA1 Message Date
Joseph Sutton
3dccf63e82 samba-tool: Return correct result for _get_user_realm_domain()
We were returning the realm and the domain in the wrong order.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-03-28 02:17:37 +00:00
Joseph Sutton
52f9629408 samba-tool delegation: Clarify msDS-AllowedToDelegateTo delegation command documentation
This makes the difference between msDS-AllowedToDelegateTo and
msDS-AllowedToActOnBehalfOfOtherIdentity more clear.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14954

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-03-28 02:17:37 +00:00
Joseph Sutton
9a480f274b samba-tool delegation: Add commands to add/remove principals for RBCD
These commands allow updating the
msDS-AllowedToActOnBehalfOfOtherIdentity attribute with principals
allowed to delegate to an account.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14954

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-03-28 02:17:37 +00:00
Joseph Sutton
572f90bdef samba-tool delegation show: Display information for RBCD
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14954

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-03-28 02:17:37 +00:00
Joseph Sutton
e4ea06ec24 samba-tool delegation: Add function to display security descriptor for RBCD
We also check some features of the security descriptor, and display
warnings if they are not as expected.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14954

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-03-28 02:17:37 +00:00
Andreas Schneider
bd1fd3de5c s4:selftest: Remove ad_dc_ntvfs env from several tests
It doesn't make sense to run tests against ad_dc and ad_dc_ntvfs in
those cases.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-03-28 02:17:37 +00:00
Andreas Schneider
67294a23b9 testprogs: A PKINIT PAC test which runs against Heimdal and MIT Kerberos
There is no need to specify the enctype and it isn't supported by MIT Kerberos
anyway.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Mar 25 21:54:11 UTC 2022 on sn-devel-184
2022-03-25 21:54:11 +00:00
Andreas Schneider
06da77a365 testprogs: Manually reformat test_pkinit_pac.sh
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-03-25 20:58:33 +00:00
Andreas Schneider
970f110086 testprogs: Reformat test_pkinit_pac.sh with shfmt
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-03-25 20:58:33 +00:00
Andreas Schneider
f0f47eedf7 testprogs: Rename test_pkinit_pac_heimdal.sh
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-03-25 20:58:33 +00:00
Andreas Schneider
6a125b0ac9 testprogs: A PKINIT test which runs against Heimdal and MIT Kerberos
There is no need to specify the enctype and it isn't supported with MIT
Kerberos.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-03-25 20:58:33 +00:00
Andreas Schneider
c27f17df37 testprogs: Remove the usage of enctype in test_pkinit_simple.sh
This is not needed anymore and the default is AES in the meantime.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-03-25 20:58:33 +00:00
Andrew Bartlett
3aa7df568b testprogs: Change from $foo to "${foo}" variable style
This is selected from and to improve the understanding of:

    testprogs: A PKINIT test which runs against Heimdal and MIT Kerberos

    There is no need to specify the enctype and it isn't supported with MIT
    Kerberos.

    Signed-off-by: Andreas Schneider <asn@samba.org>

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2022-03-25 20:58:33 +00:00
Andreas Schneider
e172885857 testprogs: Manually reformat testit commands in test_pkinit_simple.sh
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-03-25 20:58:33 +00:00
Andreas Schneider
a0deaed629 testprogs: Fix calculating failed in test_pkinit_simple.sh
We only want to increase it if a test is failing. If something is expected to
fail, we should not count that as failed.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-03-25 20:58:33 +00:00
Andreas Schneider
ff0b3a9ee6 testprogs: Format test_pkinit_simple.sh with shfmt
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-03-25 20:58:33 +00:00
Andreas Schneider
9baac4a817 testprogs: Rename test_pkinit_heimdal.sh
We want one common test which works against Heimdal and MIT Kerberos.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-03-25 20:58:33 +00:00
Andreas Schneider
4d0ea9e3b0 testprogs: Fix kerberos_kinit with additional options
The additional options need to come before we specify the principal

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-03-25 20:58:33 +00:00
Andreas Schneider
b39176f795 selftest: Setup PKINIT for MIT Kerberos
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-03-25 20:58:33 +00:00
Andreas Schneider
28f57a757b s4:kdc: Add Smart Card and file based PKINIT support
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-03-25 20:58:33 +00:00
Andreas Schneider
e2b9df1cbc s4:tests: Run Heimdal PKINIT tests only against ad_dc env
There is not difference kerberos-wise between those two envs.

This reverts 661e1a229e.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-03-25 20:58:33 +00:00
Andreas Schneider
5636c59a6d s4:kdc: If we set the kerberos debug level to 10 write a trace file
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-03-25 20:58:33 +00:00
Andreas Schneider
7b226a66ac s4:kdc: Remove trailing white spaces in kdc-service-mit.c
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-03-25 20:58:33 +00:00
Andreas Schneider
bd590c0396 s4:kdc: Improve debug message of samba_kdc_fetch_server()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-03-25 20:58:33 +00:00
Thomas Debesse
206909d52b s4: dns: Add customizable dns port option
Signed-off-by: Thomas Debesse <dev@illwieckz.net>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Mar 25 20:25:28 UTC 2022 on sn-devel-184
2022-03-25 20:25:28 +00:00
Ralph Boehme
f74472675c smbd: expand DEBUG statement in smbd_dirptr_get_entry() to include the dir and direntry name
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Mar 25 19:05:06 UTC 2022 on sn-devel-184
2022-03-25 19:05:06 +00:00
Samuel Cabrero
41c72ae9f9 examples: Update winbindd.stp and its generator script
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Mar 25 17:57:18 UTC 2022 on sn-devel-184
2022-03-25 17:57:18 +00:00
Samuel Cabrero
3e747891a0 s3:winbind: Convert Ping parent/child call to NDR
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2022-03-25 17:03:29 +00:00
Samuel Cabrero
0d668dfb75 s3:winbind: Return NTSTATUS from wbint_Ping() RPC function
There are no users of this function but the next commit will convert the
struct-based WINBINDD_PING call to a local RPC wbint_Ping() call.

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2022-03-25 17:03:29 +00:00
Samuel Cabrero
00ea654961 s3:winbind: Convert wcache_opnum_cacheable() to a whitelist
It avoids having to explicitly blacklist new DCE/RPC calls.

This is the current list of non cacheable calls:

NDR_WBINT_PING
NDR_WBINT_QUERYSEQUENCENUMBER
NDR_WBINT_ALLOCATEUID
NDR_WBINT_ALLOCATEGID
NDR_WBINT_CHECKMACHINEACCOUNT
NDR_WBINT_CHANGEMACHINEACCOUNT
NDR_WBINT_PINGDC
NDR_WBINT_LISTTRUSTEDDOMAINS

It includes the ListTrustedDomains call recently converted to a local
RPC call.

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2022-03-25 17:03:29 +00:00
David Mulder
c788ed7b8b samba-gpupdate: Implement enhanced logging
This ports the enhanced logging capabilities from
AltLinux gpupdate. It generates log messages such
as:
2022-03-02 11:28:54.872|[E40104]| Failed to set interfaces for zone | {'val': 'work'}
2022-03-02 11:28:55.017|[E40104]| Failed to set interfaces for zone | {'val': 'home'}

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Mar 24 23:40:47 UTC 2022 on sn-devel-184
2022-03-24 23:40:47 +00:00
Jeremy Allison
c4f9c37240 s3: smbd: smbd_smb2_setinfo_send(). All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
If doing an SMB_VFS_FSTAT() returning onto the stat struct stored in the fsp,
we must call vfs_stat_fsp() as this preserves the iflags.

This is the last SMB_VFS_FSTAT that uses fsp->fsp_name->st, so
remove knownfail.d/durable-v2-setinfo

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15022

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Mar 24 17:21:29 UTC 2022 on sn-devel-184
2022-03-24 17:21:29 +00:00
Jeremy Allison
7fb2038fac s3: smbd: smbd_smb2_getinfo_send(). All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
If doing an SMB_VFS_FSTAT() returning onto the stat struct stored in the fsp,
we must call vfs_stat_fsp() as this preserves the iflags.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15022

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2022-03-24 16:28:37 +00:00
Jeremy Allison
23d5c90928 s3: cmd_vfs: cmd_set_nt_acl(). All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
If doing an SMB_VFS_FSTAT() returning onto the stat struct stored in the fsp,
we must call vfs_stat_fsp() as this preserves the iflags.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15022

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2022-03-24 16:28:37 +00:00
Jeremy Allison
fbc6cdfbed s3: cmd_vfs: cmd_open(). All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
If doing an SMB_VFS_FSTAT() returning onto the stat struct stored in the fsp,
we must call vfs_stat_fsp() as this preserves the iflags.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15022

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2022-03-24 16:28:37 +00:00
Jeremy Allison
c4193f11d1 s3: pysmbd.c: init_files_struct(). All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
If doing an SMB_VFS_FSTAT() returning onto the stat struct stored in the fsp,
we must call vfs_stat_fsp() as this preserves the iflags.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15022

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2022-03-24 16:28:37 +00:00
Jeremy Allison
6a25b6997f s3: smbd: call_trans2setfilepathinfo(). All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
If doing an SMB_VFS_FSTAT() returning onto the stat struct stored in the fsp,
we must call vfs_stat_fsp() as this preserves the iflags.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15022

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2022-03-24 16:28:37 +00:00
Jeremy Allison
8d3812daa5 s3: smbd: call_trans2qfilepathinfo(). All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
If doing an SMB_VFS_FSTAT() returning onto the stat struct stored in the fsp,
we must call vfs_stat_fsp() as this preserves the iflags.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15022

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2022-03-24 16:28:37 +00:00
Jeremy Allison
b53a69f4ff s3: smbd: rename_internals_fsp(). All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
If doing an SMB_VFS_FSTAT() returning onto the stat struct stored in the fsp,
we must call vfs_stat_fsp() as this preserves the iflags.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15022

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2022-03-24 16:28:37 +00:00
Jeremy Allison
7f5c484804 s3: smbd: mkdir_internal(). 2 of 2. All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
If doing an SMB_VFS_FSTAT() returning onto the stat struct stored in the fsp,
we must call vfs_stat_fsp() as this preserves the iflags.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15022

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2022-03-24 16:28:37 +00:00
Jeremy Allison
064c5770de s3: smbd: mkdir_internal(). 1 of 2. All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
If doing an SMB_VFS_FSTAT() returning onto the stat struct stored in the fsp,
we must call vfs_stat_fsp() as this preserves the iflags.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15022

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2022-03-24 16:28:37 +00:00
Jeremy Allison
cfadecca80 s3: smbd: open_file(). All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
If doing an SMB_VFS_FSTAT() returning onto the stat struct stored in the fsp,
we must call vfs_stat_fsp() as this preserves the iflags.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15022

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2022-03-24 16:28:37 +00:00
Jeremy Allison
18694c81cc s3: smbd: non_widelink_open(). All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
If doing an SMB_VFS_FSTAT() returning onto the stat struct stored in the fsp,
we must call vfs_stat_fsp() as this preserves the iflags.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15022

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2022-03-24 16:28:37 +00:00
Jeremy Allison
a604dd02ff s3: smbd: open_internal_dirfsp(). All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
If doing an SMB_VFS_FSTAT() returning onto the stat struct stored in the fsp,
we must call vfs_stat_fsp() as this preserves the iflags.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15022

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2022-03-24 16:28:37 +00:00
Jeremy Allison
ec2fb9d228 s3: smbd: open_internal_dirfsp() add missing file_free() in error path.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15022

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2022-03-24 16:28:37 +00:00
Jeremy Allison
2b246dbf68 s3: smbd: mdssvc: All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
If doing an SMB_VFS_FSTAT() returning onto the stat struct stored in the fsp,
we must call vfs_stat_fsp() as this preserves the iflags.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15022

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2022-03-24 16:28:37 +00:00
Jeremy Allison
d460118be3 s3: VFS: vxfs: All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
If doing an SMB_VFS_FSTAT() returning onto the stat struct stored in the fsp,
we must call vfs_stat_fsp() as this preserves the iflags.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15022

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2022-03-24 16:28:37 +00:00
Jeremy Allison
2fc0820afc s3: smbd: In set_ea_dos_attribute(), if we've stored btime and set XATTR_DOSINFO_CREATE_TIME successfully, we need to clear ST_EX_IFLAG_CALCULATED_BTIME.
This is no longer a calculated field, every call to fdos_mode() will
set it as non-calculated.

https://bugzilla.samba.org/show_bug.cgi?id=15022

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2022-03-24 16:28:37 +00:00
Jeremy Allison
9f62a149f1 s3: smbd: In set_ea_dos_attribute() cause root fallback code to exit via the same place.
We're going to add another action on success next.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15022

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2022-03-24 16:28:37 +00:00
Jeremy Allison
0036617a5c s4: torture: Add regression test for re-opening a durable handle after calling SMB2 setinfo (end of file).
This is an implementation of a test written by Apple for their
client. Currently fails to reconnect due to btime being overwritten
incorrectly in the SMB2 setinfo path.

Add knownfail.d/durable-v2-setinfo

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15022

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2022-03-24 16:28:37 +00:00