1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-11 05:18:09 +03:00
Commit Graph

136318 Commits

Author SHA1 Message Date
Joseph Sutton
eb727331a3 python: Remove unused parameter ‘samdb’
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-14 03:31:37 +00:00
Joseph Sutton
d9a665a0e4 python: Remove unused parameter ‘lp’
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-14 03:31:37 +00:00
Joseph Sutton
246666e722 python: Remove unused parameter ‘message’
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-14 03:31:37 +00:00
Joseph Sutton
5132771fb7 python: Remove unused parameter ‘targetdir’
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-14 03:31:37 +00:00
Joseph Sutton
8439dcb484 python: Remove unused parameter ‘backend_store’
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-14 03:31:37 +00:00
Joseph Sutton
e37dfc2967 python: Remove unused parameter ‘lp’
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-14 03:31:37 +00:00
Joseph Sutton
58814bfd39 python: Remove unused parameter ‘lp’
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-14 03:31:37 +00:00
Joseph Sutton
c692653459 python: Remove unused parameter ‘targetdir’
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-14 03:31:37 +00:00
Joseph Sutton
49801372c6 python: Remove unused parameter ‘targetdir’
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-14 03:31:37 +00:00
Joseph Sutton
a84c521265 python: Remove unused parameter ‘backend_store’
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-14 03:31:37 +00:00
Joseph Sutton
95e0df789c python: Remove unused parameter ‘lp’
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-14 03:31:37 +00:00
Joseph Sutton
7064e39fae python: Remove unused parameter ‘logger’
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-14 03:31:37 +00:00
Joseph Sutton
a341aca14c python: Make use of ‘prefix’ parameter
This method is now consistent with the other ‘add_*_record()’ methods.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-14 03:31:37 +00:00
Joseph Sutton
d8b5cb103b python: Remove unused parameter ‘lp’
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-14 03:31:37 +00:00
Joseph Sutton
7e65a368d6 python: Remove unused parameter ‘targetdir’
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-14 03:31:37 +00:00
Joseph Sutton
f9b22c6d5e python: Make use of ‘serverdn’ parameter
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-14 03:31:37 +00:00
Joseph Sutton
dddaed61ea python: Remove unused variable ‘machinesid’
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-14 03:31:37 +00:00
Joseph Sutton
dd9dfb0e66 python: Remove unfinished join method
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-14 03:31:37 +00:00
Douglas Bagnall
25f8e50793 libcli/security: allow SDDL conditional ACE round-trip for -00 and -0x0
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-14 03:31:37 +00:00
Douglas Bagnall
66f341e5c3 libcli/security: allow round-trip for conditional ACE hex integers
As with the previous commit, though not addressing the particular fuzz
case, zero hex numbers need to be explicitly written as "0x0", or the
round-trip will fail.

Credit to OSS-Fuzz.

REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62929

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-14 03:31:37 +00:00
Douglas Bagnall
d33ed63147 libcli/security: allow round-trip for conditional ACE octal integers
The string "00" will decode into an integer tagged as octal, but
`snprintf("%#oll")` will write the string "0", which would decode as
decimal, so the in the SDDL1->SD1->SDDL2->SD2 round trip, SD1 would
not be the same as SD2.

The effect is really only relevant to SDDL, which wants to remember
what base the numbers were presented in, though the fuzzers and tests
don't directly compare SDDL, which can have extra spaces and so forth.

Credit to OSS-Fuzz.

REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62929

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-14 03:31:37 +00:00
Douglas Bagnall
bbe217604b libcli/security: tests for conditional ACE integer base persistence
Credit to OSS-Fuzz.

REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62929

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-14 03:31:37 +00:00
Douglas Bagnall
b247a11e62 libcli/security: fix tests for SDDL conditional ACE round-trip
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-14 03:31:37 +00:00
Douglas Bagnall
db6b06578b libcli/security: clarify tests for SDDL round trips
The `failed = failed || ok` did the same thing, obscurely.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-14 03:31:37 +00:00
Douglas Bagnall
a016ce7068 libcli/security: don't allow conditional ACE SIDs to have trailing bytes
They should be tightly packed, allowing conditional ACEs to
round-trip.

Credit to OSS-Fuzz.

REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=64197

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-14 03:31:37 +00:00
Douglas Bagnall
e004a5a444 libcli/security: SDDL decode stops earlier with too many ACEs
For this purpose, "too many" means we know for sure that it won't fit
in packet format, even if all the ACEs are minimum size. This would
fail anyway.

Credit to OSS-Fuzz, who found that 50 thousand ACEs that took more
than 60 seconds to decode. This will now fail after 4096 ACEs which
should be about 150 times faster than 50k (because the realloc loop in
quadratic), so ~0.5 seconds in the fuzz context with sanitisers
enabled. That is still slowish, but SDDL parsing is not a critical
path and without address sanitisers it will be many times faster.

REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62511

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-14 03:31:36 +00:00
Samuel Cabrero
3a01ef710d tests: Add a test for the idmap_nss : use_upn setting
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>

Autobuild-User(master): Samuel Cabrero <scabrero@samba.org>
Autobuild-Date(master): Wed Dec 13 16:05:19 UTC 2023 on atb-devel-224
2023-12-13 16:05:19 +00:00
Samuel Cabrero
086a90d52b idmap_nss: Install a messaging filter to reload the configuration
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2023-12-13 15:07:38 +00:00
Samuel Cabrero
a7a4d8e533 idmap_nss: Add a parameter to use UPNs instead of plain names
idmap config <DOMAIN> : backend = nss
idmap config <DOMAIN> : use_upn = yes|no

When translating a Unix ID to a SID the module calls get[pwu|grg]id() but the
name returned by some NSS modules might be a UPN instead of a plain name. If
the new parameter is enabled the returned name will be parsed and correctly
handled.

On the other hand, when translating a SID to a Unix ID the module first
resolves the SID to a domain + name, and then calls get[pw|gr]name() with the
plain name, or the UPN if the new parameter is enabled.

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2023-12-13 15:07:38 +00:00
Samuel Cabrero
c8e4777a92 idmap_nss: Increase debug on failures
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2023-12-13 15:07:38 +00:00
Samuel Cabrero
de2f59c61a docs: Document idmap_nss "range" option
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2023-12-13 15:07:38 +00:00
Samuel Cabrero
8e1f2ee5f7 s3:winbind: Register a messaging filter foreach domain child
Instead of registering the "classic" callback for MSG_SMB_CONF_UPDATED,
install a message filter to allow other parts of the code to also
listen for this message because classic callbacks are delivered only
once (see commit a2436b67e5).

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2023-12-13 15:07:38 +00:00
Samuel Cabrero
c35937054c s3:winbind: talloc the static locator child
Next commits will use talloc_get_type_abort() to get the reference.

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2023-12-13 15:07:38 +00:00
Samuel Cabrero
e3d0574d79 s3:winbind: talloc the static idmap child
Next commits will use talloc_get_type_abort() to get the reference.

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2023-12-13 15:07:38 +00:00
Joseph Sutton
f642aff554 buildtools: Remove ‘keep_underscore’ parameter
Nothing now passes this in.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Dec 11 02:13:39 UTC 2023 on atb-devel-224
2023-12-11 02:13:39 +00:00
Joseph Sutton
623645963e buildtools: Remove useless ‘keep_underscore’ parameter
SAMBA_LIBARY()’s ‘keep_underscore’ parameter has an effect only if None
is passed in for ‘bundled_name’. However, SAMBA_PLUGIN() always passes
in a string for ‘bundled_name’. Therefore ‘keep_underscore’ will never
have any effect — remove it.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-11 01:08:37 +00:00
Joseph Sutton
e3ad675303 buildtools: Pass through parameter ‘keep_underscore’
This parameter has gone unused until now.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-11 01:08:37 +00:00
Joseph Sutton
45b7a0c13e s4:librpc: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-11 01:08:37 +00:00
Joseph Sutton
2e5d75141d buildtools: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-11 01:08:37 +00:00
Joseph Sutton
cdff2b767e buildtools: Remove unused parameter ‘env’
This parameter goes unused, and nothing passes it in.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-11 01:08:36 +00:00
Andreas Schneider
f2f7ed419e s3:utils: Fix auth callback with smburl
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15532

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sun Dec 10 22:22:51 UTC 2023 on atb-devel-224
2023-12-10 22:22:51 +00:00
Andreas Schneider
5b38f3be8c s3:tests: Add interactive smbget test for password entry
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15532

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-10 21:24:38 +00:00
Andreas Schneider
a7622bc7db auth:creds: Add cli_credentials_get_domain_and_obtained()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15532

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-10 21:24:38 +00:00
Andreas Schneider
1041dae03f auth:creds: Fix cli_credentials_get_password_and_obtained() with callback
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15532

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-10 21:24:38 +00:00
Andreas Schneider
ab4b25964a auth:creds:tests: Add test for password callback
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15532

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-10 21:24:38 +00:00
Andreas Schneider
c46769f3f1 s3:tests: Fix smbget test
Time to fix the smget share to not have `guest ok = yes` set. A new
[smbget_guest] will be used for guest only tests. This way we can
correctly test different authentication mechanisms.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15532

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-10 21:24:38 +00:00
Andreas Schneider
1a04fd255c s3:tests: Remove the non-working test_kerberos_upn_denied of smbget
See TODO code comment for details.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15532

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-10 21:24:38 +00:00
Andreas Schneider
468fb05d63 s3:tests: Fix the test_kerberos_trust in smbget testsuite
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15532

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-10 21:24:38 +00:00
Andreas Schneider
62b0b79ce0 s3:tests: Fix test_kerberos in smbget tests
We switched to a temporary directory, so $PREFIX doesn't exist.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15532

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-10 21:24:38 +00:00
Andreas Schneider
337034e675 s3:tests: Pass down a normal domain user for test_smbget.sh
It is better to test with a normal user than administrator.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15532

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-10 21:24:38 +00:00