summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* lib/fuzzing/README.md: don't use waf directlyStefan Metzmacher2022-03-291-6/+6
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* buildtools: remove unused testwaf.shStefan Metzmacher2022-03-291-70/+0
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* smbd: Don't NULL out "::$DATA"Volker Lendecke2022-03-291-1/+0
| | | | | | | | | | | Slight simplification now possible after introducing and using fsp_is_alternate_stream() almost everywhere. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Tue Mar 29 22:24:38 UTC 2022 on sn-devel-184
* smbd: Don't NULL out the "::$DATA" in openat_pathref_fsp()Volker Lendecke2022-03-291-4/+0
| | | | | | | | Slight simplification now possible after introducing and using fsp_is_alternate_stream() almost everywhere. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* smbd: Simplify reply_rmdir()Volker Lendecke2022-03-291-5/+0
| | | | | | | | We don't need to check this here, create_file_default and callees take care of this. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* smbd: Add a DEBUG to create_file_unixpath()Volker Lendecke2022-03-291-0/+1
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* smbd: Fix create_file_unixpath()'s stream handlingVolker Lendecke2022-03-291-1/+1
| | | | | | | | | Make create_file_unixpath() robust against callers explicitly passing in ":$DATA" as a stream name indicating the default stream. Right now we NULL this out in callers, but this might change in the future. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* lib: GENCACHE_RAM isn't used anymoreVolker Lendecke2022-03-291-1/+0
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* smbd: Fix a typoVolker Lendecke2022-03-291-1/+1
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4-auth: Remove last traces of LanMan authentiation support in the AD DC.Andrew Bartlett2022-03-293-2/+11
| | | | | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Tue Mar 29 03:32:57 UTC 2022 on sn-devel-184
* s4-auth: Only build auth_developer module in developer modeAndrew Bartlett2022-03-291-1/+2
| | | | | | | | | This is a silly module for provoking NTSTATUS replies for testing and was useful many moons ago for determining the NTSTATUS -> DOS table that windows uses. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s4-auth: Do not trigger RODC replication unless missing all passwordsAndrew Bartlett2022-03-291-1/+4
| | | | | | | | | | With the NT hash becoming optional we cannot make blind assumptions that a missing value means we are on an RODC needing the password replicated. Instead, check for supplementalCredentials as well. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s4-auth: Remove unused acct_flags parameterAndrew Bartlett2022-03-291-5/+1
| | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* waf: Document the confusing --nonshared-binary, --builtin-libraries, ↵Andrew Bartlett2022-03-281-7/+60
| | | | | | | | | | | | | | --private-libraries and --bundled-libraries These options are confusing to all who encounter them. BUG: https://bugzilla.samba.org/show_bug.cgi?id=8731 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Mon Mar 28 10:06:01 UTC 2022 on sn-devel-184
* vfs_gpfs: Initialize litemask to 0Christof Schmitt2022-03-281-2/+2
| | | | | | | | | | | | | | The change from commit fb13c7c94f to query exact values for atime, mtime, ctime and size is not necessary, as none of these are used in this codepath. Initiale litemask to 0 instead. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15027 Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Autobuild-User(master): Ralph Böhme <slow@samba.org> Autobuild-Date(master): Mon Mar 28 09:10:58 UTC 2022 on sn-devel-184
* samba-tool: Check specified domain and realm against our ownJoseph Sutton2022-03-283-17/+40
| | | | | | | | Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Mon Mar 28 03:11:51 UTC 2022 on sn-devel-184
* samba-tool: Return correct result for _get_user_realm_domain()Joseph Sutton2022-03-281-2/+2
| | | | | | | We were returning the realm and the domain in the wrong order. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* samba-tool delegation: Clarify msDS-AllowedToDelegateTo delegation command ↵Joseph Sutton2022-03-281-2/+2
| | | | | | | | | | | | documentation This makes the difference between msDS-AllowedToDelegateTo and msDS-AllowedToActOnBehalfOfOtherIdentity more clear. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14954 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* samba-tool delegation: Add commands to add/remove principals for RBCDJoseph Sutton2022-03-281-1/+275
| | | | | | | | | | | These commands allow updating the msDS-AllowedToActOnBehalfOfOtherIdentity attribute with principals allowed to delegate to an account. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14954 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* samba-tool delegation show: Display information for RBCDJoseph Sutton2022-03-281-2/+22
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14954 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* samba-tool delegation: Add function to display security descriptor for RBCDJoseph Sutton2022-03-281-0/+77
| | | | | | | | | | We also check some features of the security descriptor, and display warnings if they are not as expected. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14954 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:selftest: Remove ad_dc_ntvfs env from several testsAndreas Schneider2022-03-281-3/+3
| | | | | | | | It doesn't make sense to run tests against ad_dc and ad_dc_ntvfs in those cases. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* testprogs: A PKINIT PAC test which runs against Heimdal and MIT KerberosAndreas Schneider2022-03-254-43/+45
| | | | | | | | | | | There is no need to specify the enctype and it isn't supported by MIT Kerberos anyway. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Fri Mar 25 21:54:11 UTC 2022 on sn-devel-184
* testprogs: Manually reformat test_pkinit_pac.shAndreas Schneider2022-03-251-2/+6
| | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* testprogs: Reformat test_pkinit_pac.sh with shfmtAndreas Schneider2022-03-251-7/+7
| | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* testprogs: Rename test_pkinit_pac_heimdal.shAndreas Schneider2022-03-252-2/+2
| | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* testprogs: A PKINIT test which runs against Heimdal and MIT KerberosAndreas Schneider2022-03-254-112/+147
| | | | | | | There is no need to specify the enctype and it isn't supported with MIT Kerberos. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* testprogs: Remove the usage of enctype in test_pkinit_simple.shAndreas Schneider2022-03-251-26/+24
| | | | | | This is not needed anymore and the default is AES in the meantime. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* testprogs: Change from $foo to "${foo}" variable styleAndrew Bartlett2022-03-251-26/+26
| | | | | | | | | | | | | | This is selected from and to improve the understanding of: testprogs: A PKINIT test which runs against Heimdal and MIT Kerberos There is no need to specify the enctype and it isn't supported with MIT Kerberos. Signed-off-by: Andreas Schneider <asn@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* testprogs: Manually reformat testit commands in test_pkinit_simple.shAndreas Schneider2022-03-251-87/+217
| | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* testprogs: Fix calculating failed in test_pkinit_simple.shAndreas Schneider2022-03-251-14/+14
| | | | | | | We only want to increase it if a test is failing. If something is expected to fail, we should not count that as failed. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* testprogs: Format test_pkinit_simple.sh with shfmtAndreas Schneider2022-03-251-71/+71
| | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* testprogs: Rename test_pkinit_heimdal.shAndreas Schneider2022-03-252-2/+2
| | | | | | We want one common test which works against Heimdal and MIT Kerberos. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* testprogs: Fix kerberos_kinit with additional optionsAndreas Schneider2022-03-251-2/+2
| | | | | | The additional options need to come before we specify the principal Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* selftest: Setup PKINIT for MIT KerberosAndreas Schneider2022-03-251-1/+24
| | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:kdc: Add Smart Card and file based PKINIT supportAndreas Schneider2022-03-251-1/+12
| | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:tests: Run Heimdal PKINIT tests only against ad_dc envAndreas Schneider2022-03-251-3/+22
| | | | | | | | There is not difference kerberos-wise between those two envs. This reverts 661e1a229e85f566c5fc5d43ea03fbb29847439a. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:kdc: If we set the kerberos debug level to 10 write a trace fileAndreas Schneider2022-03-251-0/+16
| | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:kdc: Remove trailing white spaces in kdc-service-mit.cAndreas Schneider2022-03-251-1/+1
| | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:kdc: Improve debug message of samba_kdc_fetch_server()Andreas Schneider2022-03-251-1/+15
| | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4: dns: Add customizable dns port optionThomas Debesse2022-03-255-2/+42
| | | | | | | | | Signed-off-by: Thomas Debesse <dev@illwieckz.net> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Fri Mar 25 20:25:28 UTC 2022 on sn-devel-184
* smbd: expand DEBUG statement in smbd_dirptr_get_entry() to include the dir ↵Ralph Boehme2022-03-251-2/+3
| | | | | | | | | | and direntry name Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Fri Mar 25 19:05:06 UTC 2022 on sn-devel-184
* examples: Update winbindd.stp and its generator scriptSamuel Cabrero2022-03-252-23/+23
| | | | | | | | Signed-off-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Fri Mar 25 17:57:18 UTC 2022 on sn-devel-184
* s3:winbind: Convert Ping parent/child call to NDRSamuel Cabrero2022-03-257-64/+24
| | | | | Signed-off-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s3:winbind: Return NTSTATUS from wbint_Ping() RPC functionSamuel Cabrero2022-03-252-2/+3
| | | | | | | | There are no users of this function but the next commit will convert the struct-based WINBINDD_PING call to a local RPC wbint_Ping() call. Signed-off-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s3:winbind: Convert wcache_opnum_cacheable() to a whitelistSamuel Cabrero2022-03-251-9/+15
| | | | | | | | | | | | | | | | | | | | | It avoids having to explicitly blacklist new DCE/RPC calls. This is the current list of non cacheable calls: NDR_WBINT_PING NDR_WBINT_QUERYSEQUENCENUMBER NDR_WBINT_ALLOCATEUID NDR_WBINT_ALLOCATEGID NDR_WBINT_CHECKMACHINEACCOUNT NDR_WBINT_CHANGEMACHINEACCOUNT NDR_WBINT_PINGDC NDR_WBINT_LISTTRUSTEDDOMAINS It includes the ListTrustedDomains call recently converted to a local RPC call. Signed-off-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* samba-gpupdate: Implement enhanced loggingDavid Mulder2022-03-2417-180/+229
| | | | | | | | | | | | | | This ports the enhanced logging capabilities from AltLinux gpupdate. It generates log messages such as: 2022-03-02 11:28:54.872|[E40104]| Failed to set interfaces for zone | {'val': 'work'} 2022-03-02 11:28:55.017|[E40104]| Failed to set interfaces for zone | {'val': 'home'} Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Mar 24 23:40:47 UTC 2022 on sn-devel-184
* s3: smbd: smbd_smb2_setinfo_send(). All calls to SMB_VFS_FSTAT(fsp, ↵Jeremy Allison2022-03-242-4/+3
| | | | | | | | | | | | | | | | | | &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags. If doing an SMB_VFS_FSTAT() returning onto the stat struct stored in the fsp, we must call vfs_stat_fsp() as this preserves the iflags. This is the last SMB_VFS_FSTAT that uses fsp->fsp_name->st, so remove knownfail.d/durable-v2-setinfo BUG: https://bugzilla.samba.org/show_bug.cgi?id=15022 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Mar 24 17:21:29 UTC 2022 on sn-devel-184
* s3: smbd: smbd_smb2_getinfo_send(). All calls to SMB_VFS_FSTAT(fsp, ↵Jeremy Allison2022-03-241-3/+3
| | | | | | | | | | | | &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags. If doing an SMB_VFS_FSTAT() returning onto the stat struct stored in the fsp, we must call vfs_stat_fsp() as this preserves the iflags. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15022 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* s3: cmd_vfs: cmd_set_nt_acl(). All calls to SMB_VFS_FSTAT(fsp, ↵Jeremy Allison2022-03-241-9/+3
| | | | | | | | | | | | &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags. If doing an SMB_VFS_FSTAT() returning onto the stat struct stored in the fsp, we must call vfs_stat_fsp() as this preserves the iflags. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15022 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
View Lorry Controller Status