1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

123812 Commits

Author SHA1 Message Date
Jeremy Allison
e5e1759057 s3: spoolss: Make parameters in call to user_ok_token() match all other uses.
We already have p->session_info->unix_info->unix_name, we don't
need to go through a legacy call to uidtoname(p->session_info->unix_token->uid).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14568

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Nov  9 04:10:45 UTC 2020 on sn-devel-184
2020-11-09 04:10:45 +00:00
Gary Lockyer
1e1d8b9c83 tests python krb5: Add python kerberos compatability tests
Add new python test to document the differences between the MIT and
Heimdal Kerberos implementations.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-11-09 02:46:50 +00:00
Gary Lockyer
5cb5134377 selftest: add heimdal kdc specific known fail
Add a heimdal kerberos specific known fail, will be needed by subsequent
commits.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-11-09 02:46:50 +00:00
Arran Cudbard-Bell
a5052c73c3 lib: talloc: More tests for realloc when used with memlimited pools
This requires the previous patch.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14540

Signed-off-by: Arran Cudbard-Bell <a.cudbardb@freeradius.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-11-09 02:46:50 +00:00
Jeremy Allison
4566ee91b8 lib: talloc: Fix memlimit on pool realloc.
We only have to do the memlimit check before any
real malloc or realloc. Allocations out of a
memory pool have already been counted in the
memory limit, so don't check in those cases.

This is an application-visible change (although
fixing a bug) so bump the ABI to 2.3.1 -> 2.3.2.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14540

Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Arran Cudbard-Bell <a.cudbardb@freeradius.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-11-09 02:46:50 +00:00
Arran Cudbard-Bell
30a8bea8a3 lib: talloc: Add more debugging text for existing memlimit + pool tests
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14540

Signed-off-by: Arran Cudbard-Bell <a.cudbardb@freeradius.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-11-09 02:46:49 +00:00
Jeremy Allison
6e0aab0b40 lib: talloc: Fix pool object accounting when doing talloc_realloc() in the ALWAYS_REALLOC compiled case.
tc_alloc_pool() or the fallback malloc can return NULL.

Wait until we know we are returning a valid pointer
before decrementing pool_hdr->object_count due to
reallocing out of the talloc_pool.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14540

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-11-09 02:46:49 +00:00
Jeremy Allison
86eb6423bd lib: talloc: Cleanup. Use consistent preprocessor logic macros.
Match other use of ALWAYS_REALLOC.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14540

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-11-09 02:46:49 +00:00
David Disseldorp
710196f0cc doc: improve --with-shared-modules documentation
Remove statement about lack of support. Add description and example for
how to explicitly disable modules via a '!' prefix.

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Nov  6 20:19:22 UTC 2020 on sn-devel-184
2020-11-06 20:19:22 +00:00
David Disseldorp
7b479c3198 build: put quotes around '!vfs_snapper' module instructions
Otherwise the exclamation may get swallowed by shell, leading to further
confusion.

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-11-06 18:56:29 +00:00
Isaac Boukris
604153525a Remove source4/scripting/devel/createtrust script
We now have the 'samba-tool domain trust' command.

Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>

Autobuild-User(master): Isaac Boukris <iboukris@samba.org>
Autobuild-Date(master): Fri Nov  6 11:25:02 UTC 2020 on sn-devel-184
2020-11-06 11:25:02 +00:00
Isaac Boukris
cfaad16ff6 selftest: add a test for the CreateTrustedDomainRelax wrapper
Originally copied from 'source4/scripting/devel/createtrust'
(had to drop the TRUST_AUTH_TYPE_VERSION part though, as it
fails against samba DC).

Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2020-11-06 10:02:35 +00:00
Isaac Boukris
baf4e2930e Use the new CreateTrustedDomainRelax()
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2020-11-06 10:02:35 +00:00
Isaac Boukris
c2644032b4 Add CreateTrustedDomainRelax wrapper for fips mode
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2020-11-06 10:02:35 +00:00
Isaac Boukris
a77551bea9 selftest: add a test for py dce transport_encrypted
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2020-11-06 10:02:35 +00:00
Isaac Boukris
eba91f0dfa Add py binding for dcerpc_transport_encrypted
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2020-11-06 10:02:35 +00:00
Isaac Boukris
339bfcd67a Add dcerpc_transport_encrypted()
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2020-11-06 10:02:35 +00:00
Isaac Boukris
f0f8de9d4a Add smb2cli_session_get_encryption_cipher()
When 'session->smb2->should_encrypt' is true, the client MUST encrypt
all transport messages (see also MS-SMB2 3.2.4.1.8).

Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2020-11-06 10:02:35 +00:00
Andrew Walker
c2fcd83ed7 s4:libnet:py_net - free event context in dealloc fn
Creation of a new Net() object initializes an event context under
a NULL talloc context and then creates a new talloc context as a
child of the event context. The deallocation function for the
net object only frees the child and not the parent. This leaks an
fd for the tevent context and associated memory.

Signed-off-by: Andrew Walker <awalker@ixsystems.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Nov  6 04:58:31 UTC 2020 on sn-devel-184
2020-11-06 04:58:31 +00:00
Alexander Bokovoy
ca07dc775c Revert "lookup_name: allow lookup for own realm"
This reverts commit f901691209.

Autobuild-User(master): Alexander Bokovoy <ab@samba.org>
Autobuild-Date(master): Thu Nov  5 07:53:03 UTC 2020 on sn-devel-184
2020-11-05 07:53:02 +00:00
Alexander Bokovoy
5d80b179a1 Revert "cli_credentials: add a helper to parse user or group names"
This reverts commit 00f4262ed0.
2020-11-05 06:30:31 +00:00
Alexander Bokovoy
49efe0ca0b Revert "cli_credentials_parse_string: fix parsing of principals"
This reverts commit eb0474d27b.
2020-11-05 06:30:31 +00:00
Andreas Schneider
8aebd48698 bootstrap: Add Fedora 33
This removes Fedora 31 support.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Nov  5 00:17:55 UTC 2020 on sn-devel-184
2020-11-05 00:17:54 +00:00
Gary Lockyer
005435dc4d tests python krb5: Add python kerberos canonicalization tests
Add python canonicalization tests, loosely based on the code in
source4/torture/krb5/kdc-canon-heimdal.c.  The long term goal is to move
the integration level tests out of kdc-canon-heimdal, leaving it as a
heimdal library unit test.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-11-04 22:54:41 +00:00
Gary Lockyer
41c8aa4b99 tests python krb5: Add canonicalize flag to ASN1
Add the canonicalize flag to KerberosFlags, so that it can be used in
python based canonicalization tests.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-11-04 22:54:41 +00:00
Gary Lockyer
b14dca7c1c tests python krb5: Make PrincipalName_create a class method
Make PrincipalName_create a class method, so it can be used in helper
classes.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-11-04 22:54:41 +00:00
Gary Lockyer
04248f5e86 selftest: add mit kdc specific known fail
Add a MIT kerberos specific known fail, will be needed by subsequent
commits.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-11-04 22:54:41 +00:00
Günther Deschner
a51cda69ec s3-vfs_glusterfs: always disable write-behind translator
The "pass-through" option has now been merged upstream as of:
https://github.com/gluster/glusterfs/pull/1640

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14486

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Pair-Programmed-With: Anoop C S <anoopcs@samba.org>
Pair-Programmed-With: Sachin Prabhu <sprabhu@redhat.com>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Nov  4 22:53:49 UTC 2020 on sn-devel-184
2020-11-04 22:53:49 +00:00
Bradley M. Kuhn
80ff5a37c7 VFS-License-clarification: minor improvements aligning w/ GPLv3 text
The phrase "derived work" and word "derived" don't appear in GPLv3;
instead, GPLv3 uses the phrases "modified version" and "based on" to
implement the strong copyleft clause.  Herein, align the VFS
statement with the phrases as they appear in the GPLv3 since Samba's
license is GPLv3-or-later.

Included are also a few other very minor wording changes as suggested
by legal counsel who is experienced with presenting these sorts of
licensing statements to company lawyers and suggests these changes
will comfort that constituency.

Finally, update both occurrences of the statement in the codebase in
two different files.

Signed-off-by: Bradley M. Kuhn <bkuhn@sfconservancy.org>
Reviewed-by: Jim McDonough <jmcd@samba.org>
Reviewed-by: Karolin Seeger <kseeger@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-11-04 21:29:40 +00:00
Volker Lendecke
3e8ce497f3 libsmb: Remove cli_state->dfs_mountpoint
Not used anymore

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Nov  4 20:17:47 UTC 2020 on sn-devel-184
2020-11-04 20:17:47 +00:00
Volker Lendecke
a7d39ed143 libsmb: Remove "mntpoint" argument from cli_list_trans() callback
This was unused in the callers, also do this for symmetry.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-11-04 18:55:40 +00:00
Volker Lendecke
4ebe72b942 libsmb: Remove "mntpoint" argument from cli_list() callback
do_list()/do_list_helper() in source3/client/client.c was the only user of this
argument. And that use was wrong.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-11-04 18:55:40 +00:00
Volker Lendecke
4cc4938a28 smbclient: Fix recursive "ls" across DFS links
This is an a bit subtle patch: The main trick is that the previous
code a DFS-style \\server\share\dir1\dir2 path ended up in the list of
directories to enumerate. This was then processed by do_list again,
passing it to cli_resolve_path. However, cli_resolve_path always
expects non-DFS style paths as input. This patch passes the original,
non-DFS path to do_list_helper(), so that it ends up without the DFS
style \\server\share prefix in the directory queue.

From general failure it just fails on the SMB1-based environments,
like the other smbclient_s3 ones in knownfail.d/smb1-tests

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-11-04 18:55:40 +00:00
Volker Lendecke
886665644c smbclient: Add "mask" to do_list_helper_state
To me this is simpler to understand than to rely on the cli_list
callback which goes through some function call layers. Also, this
gives more obvious control over what we pass in the next patch.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-11-04 18:55:40 +00:00
Volker Lendecke
623bc39bb8 smbclient: Introduce struct do_list_helper_state
We'll pass more information to do_list_helper() soon

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-11-04 18:55:40 +00:00
Volker Lendecke
fd4308640f smbclient: Wrap a few long lines
Make the next patch simpler

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-11-04 18:55:40 +00:00
Volker Lendecke
f879c83342 smbclient: Move variable declarations closer to their use
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-11-04 18:55:40 +00:00
Volker Lendecke
95e235172a torture: Show that recursive ls across dfs is broken
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-11-04 18:55:40 +00:00
Volker Lendecke
7ea5c1f05d libsmb: Fix a signed/unsigned warning
"num_bytes" is uint32_t, "received" is uint16_t. The multiplication
seems to implicitly widen "received" to int, leading to a
signed/unsigned warning. This cast makes that warning go away.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-11-04 18:55:39 +00:00
Volker Lendecke
40cec27636 smbd: Align two integer types
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-11-04 18:55:39 +00:00
Volker Lendecke
af49efcde2 libreplace: Compare a pointer against NULL, not 0
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-11-04 18:55:39 +00:00
Volker Lendecke
669414efac libsmb: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-11-04 18:55:39 +00:00
Volker Lendecke
0851afdffd libsmb: Improve wording of a comment in cli_smb2_list
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-11-04 18:55:39 +00:00
Alexander Bokovoy
f901691209 lookup_name: allow lookup for own realm
When using a security tab in Windows Explorer, a lookup over a trusted
forest might come as realm\name instead of NetBIOS domain name:

--------------------------------------------------------------------
[2020/01/13 11:12:39.859134,  1, pid=33253, effective(1732401004, 1732401004), real(1732401004, 0), class=rpc_parse] ../../librpc/ndr/ndr.c:471(ndr_print_function_debug)
       lsa_LookupNames3: struct lsa_LookupNames3
          in: struct lsa_LookupNames3
              handle                   : *
                  handle: struct policy_handle
                      handle_type              : 0x00000000 (0)
                      uuid                     : 0000000e-0000-0000-1c5e-a750e5810000
              num_names                : 0x00000001 (1)
              names: ARRAY(1)
                  names: struct lsa_String
                      length                   : 0x001e (30)
                      size                     : 0x0020 (32)
                      string                   : *
                          string                   : 'ipa.test\admins'
              sids                     : *
                  sids: struct lsa_TransSidArray3
                      count                    : 0x00000000 (0)
                      sids                     : NULL
              level                    : LSA_LOOKUP_NAMES_UPLEVEL_TRUSTS_ONLY2 (6)
              count                    : *
                  count                    : 0x00000000 (0)
              lookup_options           : LSA_LOOKUP_OPTION_SEARCH_ISOLATED_NAMES (0)
              client_revision          : LSA_CLIENT_REVISION_2 (2)
--------------------------------------------------------------------

Allow this lookup using realm to be done against primary domain when we
are a domain controller. This corresponds to FreeIPA use of Samba as a
DC. For normal domain members a realm-based lookup falls back to a
lookup over to its own domain controller with the help of winbindd.

Refactor user name parsing code to reuse cli_credentials_* API to be
consistent with other places. cli_credentials_parse_name() handles
both domain and realm-based user name variants.

Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Alexander Bokovoy <ab@samba.org>
Autobuild-Date(master): Wed Nov  4 16:23:40 UTC 2020 on sn-devel-184
2020-11-04 16:23:40 +00:00
Alexander Bokovoy
00f4262ed0 cli_credentials: add a helper to parse user or group names
cli_credentials_parse_string() parses a string specified for -U option
in command line tools. It has a side-effect that '%' character is always
considered to be a separator after which a password is specified.

Active Directory does allow to create user or group objects with '%' in
the name. It means cli_credentials_parse_string() will not be able to
properly parse such name.

Introduce cli_credentials_parse_name() for the cases when a password is
not expected in the name and call to cli_credentials_parse_name() from
cli_credentials_parse_string().

Test cli_credentials_parse_name() with its intended use in lookup_name()
refactoring.

Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2020-11-04 14:59:34 +00:00
Alexander Bokovoy
eb0474d27b cli_credentials_parse_string: fix parsing of principals
When parsing a principal-like name, user name was left with full
principal instead of taking only the left part before '@' sign.

>>> from samba import credentials
>>> t = credentials.Credentials()
>>> t.parse_string('admin@realm.test', credentials.SPECIFIED)
>>> t.get_username()
'admin@realm.test'

The issue is that cli_credentials_set_username() does a talloc_strdup()
of the argument, so we need to change order of assignment to allow
talloc_strdup() to copy the right part of the string.

Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2020-11-04 14:59:34 +00:00
Björn Baumbach
a1b021200e selftest: add test for new "samba-tool user unlock" command
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Wed Nov  4 00:19:25 UTC 2020 on sn-devel-184
2020-11-04 00:19:25 +00:00
Björn Baumbach
0bc93500a8 samba-tool: add new "user unlock" command
Can be used to unlock a user when the badPwdCount has been reached.

Introduces SamDB error classes, as suggested by
Douglas Bagnall <douglas.bagnall@catalyst.net.nz> - thanks!
This helps to handle expected failures.
Tracebacks of really unexpected failures will not be hidden.

Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-11-03 22:55:37 +00:00
Andreas Schneider
27480333fd s3:vfs: Document the encryption_required flag in vfs.h
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Nov  3 16:47:57 UTC 2020 on sn-devel-184
2020-11-03 16:47:57 +00:00
Andreas Schneider
1a92994a95 auth:creds:tests: Migrate test to a cmocka unit test
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2020-11-03 15:25:37 +00:00