[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 47f401095ea smbd: squash check_path_syntax() variants via 1d220e3170b s3: smbd: Correctly process SMB3 POSIX paths in create. via 09221cea5a1 s3: smbd: Correctly set smb2req->smb1req->posix_pathnames from the calling fsp on SMB2 calls. via 3f33ea95eb6 smbd: Ensure share root POSIX attrs are cleared after mode_fn via adfa3a428bd s3: smbd: Add check_path_syntax_smb2_posix(). via a8329d2536a s3: smbd: Flatten the check_path_syntax_smb2() wrapper. from 874e10ef79a s4:kdc: Add support for AD device claims https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 47f401095ea723cbca6a8fc1a841465a32852cdc Author: Ralph Boehme Date: Fri Mar 31 11:44:00 2023 +0200 smbd: squash check_path_syntax() variants Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Fri Mar 31 21:21:57 UTC 2023 on atb-devel-224 commit 1d220e3170b1eb2afbff48d0148e30f8cec9fba0 Author: Jeremy Allison Date: Tue Mar 28 13:55:49 2023 -0700 s3: smbd: Correctly process SMB3 POSIX paths in create. Remove knownfail for posix path handling of case/reserved char Signed-off-by: David Mulder Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme commit 09221cea5a19034fd19394134cd2d9c3181966ca Author: Jeremy Allison Date: Tue Mar 28 13:53:20 2023 -0700 s3: smbd: Correctly set smb2req->smb1req->posix_pathnames from the calling fsp on SMB2 calls. We must always do SMB3+POSIX operations on fsp's opened with a posix create context. Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme commit 3f33ea95eb654ab41636f2216002d7916fc56521 Author: David Mulder Date: Thu Dec 1 10:53:44 2022 -0700 smbd: Ensure share root POSIX attrs are cleared after mode_fn The call to mode_fn (smbd_dirptr_lanman2_mode_fn) was filling the cleared attributes back in to the stat. Ensure the clear happens after this call. Signed-off-by: David Mulder Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme commit adfa3a428bda14a19ef506203d82d055ee98f1be Author: Jeremy Allison Date: Tue Mar 28 11:06:36 2023 -0700 s3: smbd: Add check_path_syntax_smb2_posix(). Not yet used. Simple wrapper, identical to check_path_syntax_posix(). I want to keep SMB1/SMB2 code as separate as possible so we can remove any SMB1 code path later. Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme commit a8329d2536a9333d63a7b2fd5106377364fde42a Author: Jeremy Allison Date: Tue Mar 28 11:03:59 2023 -0700 s3: smbd: Flatten the check_path_syntax_smb2() wrapper. Keep it, rather and move all SMB2 code to check_path_syntax() as I want to keep SMB1/SMB2 code as separate as possible so we can remove any SMB1 code path later. Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme --- Summary of changes: selftest/knownfail.d/smb3unix | 2 -- source3/smbd/dir.c | 21 --- source3/smbd/globals.h | 3 ++- source3/smbd/msdfs.c| 6 +++--- source3/smbd/proto.h| 4 +--- source3/smbd/smb1_reply.c | 2 +- source3/smbd/smb2_break.c | 2 +- source3/smbd/smb2_close.c | 2 +- source3/smbd/smb2_create.c | 40 ++- source3/smbd/smb2_flush.c | 2 +- source3/smbd/smb2_getinfo.c | 2 +- source3/smbd/smb2_glue.c| 7 ++- source3/smbd/smb2_ioctl.c | 2 +- source3/smbd/smb2_lock.c| 2 +- source3/smbd/smb2_notify.c | 2 +- source3/smbd/smb2_query_directory.c | 2 +- source3/smbd/smb2_read.c| 2 +- source3/smbd/smb2_reply.c | 42 +++-- source3/smbd/smb2_setinfo.c | 2 +- source3/smbd/smb2_trans2.c | 6 -- source3/smbd/smb2_write.c | 2 +- 21 files changed, 71 insertions(+), 84 deletions(-) delete mode 100644 selftest/knownfail.d/smb3unix Changeset truncated at 500 lines: diff --git a/selftest/knownfail.d/smb3unix b/selftest/knownfail.d/smb3unix deleted file mode 100644 index 2ab886ae75e..000 --- a/selftest/knownfail.d/smb3unix +++ /dev/null @@ -1,2 +0,0 @@ -^samba.tests.smb3unix.samba.tests.smb3unix.Smb3UnixTests.test_posix_reserved_char\(fileserver\) -^samba.tests.smb3unix.samba.tests.smb3unix.Smb3UnixTests.test_posix_case_sensitive\(fileserver\) diff --git a/source3/smbd/dir.c b/source3/smbd/dir.c index 859c8f0dc83..09029ee0c23 100644 --- a/source3/smbd/dir.c +++ b/source3/smbd/dir.c @@ -979,13 +979,6 @@ bool smbd_dirptr_get_entry(TALLOC_CTX *ctx,
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 874e10ef79a s4:kdc: Add support for AD device claims via e446e5816bd s4:kdc: Add support for AD client claims via c9ff6542006 selftest: Account for have_fast_support in determining whether FAST is supported via 2f53dd59a2c s4-dsdb: Account for Claims Valid SID in tokenGroups via 149a515f054 s4:torture: Make use of torture_assert_sid_equal() via e17892b7eb4 s4:torture: Assert that SID parsing succeeds via 58f93271906 tests/krb5: Don't expect client claims to be missing via a205568e98a libcli/security: Add dom_sid_has_account_domain() to confirm a S-1-5-21 prefix via 3afac3f8f75 s4:kdc: Add utility functions for AD claims via 652c10a5a3e s4:dsdb/schema: Add dsdb_attribute_by_cn_ldb_val() via f41f9880389 ldb: Add ldb_val -> bool,uint64,int64 parsing functions via 570a3ac866d ldb: Split out ldb_val_as_dn() helper function from 619caa1ba40 docs: update manpage for samba-tool https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 874e10ef79a592933ba097bf78ad3e3446b82e24 Author: Joseph Sutton Date: Wed Mar 29 10:56:22 2023 +1300 s4:kdc: Add support for AD device claims Signed-off-by: Joseph Sutton Reviewed-by: Andrew Bartlett Autobuild-User(master): Andrew Bartlett Autobuild-Date(master): Fri Mar 31 09:30:17 UTC 2023 on atb-devel-224 commit e446e5816bdaa3a9ef9d7d78e4b09728c740615f Author: Joseph Sutton Date: Mon Mar 20 16:58:47 2023 +1300 s4:kdc: Add support for AD client claims We now create a client claims blob and add it to the PAC. Signed-off-by: Joseph Sutton Reviewed-by: Andrew Bartlett commit c9ff6542006fa999201a90694bff3b0aaff79089 Author: Joseph Sutton Date: Fri Mar 31 08:38:09 2023 +1300 selftest: Account for have_fast_support in determining whether FAST is supported have_fast_support is unconditionally set to 1, so this doesn't change any behaviour. Signed-off-by: Joseph Sutton Reviewed-by: Andrew Bartlett commit 2f53dd59a2c2774b3c26cb06a924504727a09df9 Author: Joseph Sutton Date: Wed Mar 29 15:54:26 2023 +1300 s4-dsdb: Account for Claims Valid SID in tokenGroups More of these tests now pass against Windows. They still don't quite all pass, but that's something to fix for another day. Signed-off-by: Joseph Sutton Reviewed-by: Andrew Bartlett commit 149a515f0541dbebb7321d91d86f5a6974720376 Author: Joseph Sutton Date: Wed Mar 29 14:34:57 2023 +1300 s4:torture: Make use of torture_assert_sid_equal() This gives a more helpful diagnostic message. Signed-off-by: Joseph Sutton Reviewed-by: Andrew Bartlett commit e17892b7eb4dd0ba149cadcef74685fc5891896f Author: Joseph Sutton Date: Wed Mar 29 14:24:11 2023 +1300 s4:torture: Assert that SID parsing succeeds Signed-off-by: Joseph Sutton Reviewed-by: Andrew Bartlett commit 58f93271906c98695043a2bd3afa84b7799226a7 Author: Joseph Sutton Date: Wed Mar 29 11:27:33 2023 +1300 tests/krb5: Don't expect client claims to be missing For this particular test, we don't care whether they're present or not. Signed-off-by: Joseph Sutton Reviewed-by: Andrew Bartlett commit a205568e98ae4eb8a76a94b4a6a4bf0c7190c1e9 Author: Joseph Sutton Date: Thu Mar 16 11:25:57 2023 +1300 libcli/security: Add dom_sid_has_account_domain() to confirm a S-1-5-21 prefix Signed-off-by: Joseph Sutton Reviewed-by: Andrew Bartlett commit 3afac3f8f75bfae68ffa230fbbc67565717f7e48 Author: Joseph Sutton Date: Fri Mar 3 09:17:39 2023 +1300 s4:kdc: Add utility functions for AD claims get_claims_for_principal() is a new function that creates a claims blob for a principal based on attributes in the database. It's not hooked into the KDC yet, so this entails no change in behaviour. Constructed claims and certificate claims are not supported yet. Signed-off-by: Joseph Sutton Reviewed-by: Andrew Bartlett commit 652c10a5a3e2e8ac707df7ca4bf474b5ad3be158 Author: Joseph Sutton Date: Thu Mar 30 16:00:59 2023 +1300 s4:dsdb/schema: Add dsdb_attribute_by_cn_ldb_val() This looks up a schema attribute by its CN, similar to dsdb_class_by_cn_ldb_val(). Signed-off-by: Joseph Sutton Reviewed-by: Andrew Bartlett commit f41f988038920bc19e8d9f2502ff0d3f2aaa2196 Author: Joseph Sutton Date: Thu Mar 16 11:42:04 2023 +1300 ldb: Add ldb_val -> bool,uint64,int64 parsing functions These functions allow us to parse any value of a message element, not only the first. They also unambiguously indicate whether an error has occurred. Signed-off-by: Joseph Sutton Reviewed-by: Andrew Bartlett commit
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 619caa1ba40 docs: update manpage for samba-tool via d5a0d7aa8be netcmd: tests for claims client tool via cf0a3a8c60b netcmd: add claim sub-commands to samba-tool domain via 5a4f4b39486 sd_utils: fix typo in get_sd_as_sddl docstring via 01c6bc55c7e netcmd: simplify boolean check via 44f881fd349 netcmd: domain: move trust command to domain/trust.py via 2a71bade849 netcmd: domain: move tombstones command to domain/tombstones.py via 75e7935b503 netcmd: domain: move schemaupgrade command to domain/schemaupgrade.py via dff87f051f1 netcmd: domain: move samba3upgrade command to domain/samba3upgrade.py via 5986937d12c netcmd: domain: move provision command to domain/provision.py via 49bc6a478b6 netcmd: domain: move paswordsettings command to domain/passwordsettings.py via 8d4f6761b26 netcmd: domain: move level command to domain/level.py via e7ad2364a5e netcmd: domain: move leave command to domain/leave.py via 12d5ea7f588 netcmd: domain: move keytab command to domain/keytab.py via 8001e07746d netcmd: domain: move join command to domain/join.py via fefa5e74d19 netcmd: domain: move info command to domain/info.py via 908f7ff5537 netcmd: domain: move functional_prep command to domain/functional_prep.py via c22b8dc1c58 netcmd: domain: move demote command to domain/demote.py via 72f6f7a79cf netcmd: domain: move dcpromo command to domain/dcpromo.py via d26054d7da7 netcmd: domain: move classicupgrade command to domain/classicupgrade.py via 6cecd7d08b1 netcmd: domain: move domain_backup.py to domain/backup.py via 4d6a2b01674 netcmd: domain: fix unused imports via 2534aba94d2 netcmd: domain: turn domain.py into a module from 360b7394644 s3: smbd: Fix dumb typos that meant smb1.SMB1-DFS-* tests were running against an SMB2-only fileserver. https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 619caa1ba40f28be77b4f068fc18fada9d4b3597 Author: Rob van der Linde Date: Thu Mar 23 16:13:55 2023 +1300 docs: update manpage for samba-tool Signed-off-by: Rob van der Linde Reviewed-by: Douglas Bagnall Reviewed-by: Andrew Bartlett Autobuild-User(master): Andrew Bartlett Autobuild-Date(master): Fri Mar 31 08:25:11 UTC 2023 on atb-devel-224 commit d5a0d7aa8be2ed953658faba21c1c53990b83e6c Author: Rob van der Linde Date: Thu Mar 23 13:51:51 2023 +1300 netcmd: tests for claims client tool Added delete protected test to known fail as Samba doesn't seem to enforce this yet. Signed-off-by: Rob van der Linde Reviewed-by: Douglas Bagnall Reviewed-by: Andrew Bartlett commit cf0a3a8c60b24a0d311b116a24727d9b7293cb48 Author: Rob van der Linde Date: Mon Mar 20 13:48:56 2023 +1300 netcmd: add claim sub-commands to samba-tool domain Claim Type: * samba-tool domain claim claim-type list * samba-tool domain claim claim-type create * samba-tool domain claim claim-type delete * samba-tool domain claim claim-type modify * samba-tool domain claim claim-type view Claim Value Type: * samba-tool domain claim value-type list * samba-tool domain claim value-type view To add a claim type use the attribute name, it will look up the attribute in the attribute schema and use that data type and description. Claim types can be protected from accidental deletion just like Windows, use --protect To delete protected claim types use --force. Signed-off-by: Rob van der Linde Reviewed-by: Douglas Bagnall Reviewed-by: Andrew Bartlett commit 5a4f4b39486facd1323fd7d5c22ea90d5d32ad30 Author: Rob van der Linde Date: Mon Mar 20 13:35:24 2023 +1300 sd_utils: fix typo in get_sd_as_sddl docstring Signed-off-by: Rob van der Linde Reviewed-by: Douglas Bagnall Reviewed-by: Andrew Bartlett commit 01c6bc55c7ea285608a4056782afb415ed5a66ed Author: Rob van der Linde Date: Wed Mar 1 14:19:15 2023 +1300 netcmd: simplify boolean check Should use "is" for checking booleans rather than "==" in Python, however these can also be simplified. Signed-off-by: Rob van der Linde Reviewed-by: Douglas Bagnall Reviewed-by: Andrew Bartlett commit 44f881fd3493be93a7d956119d572a946fafd95b Author: Rob van der Linde Date: Fri Mar 31 13:41:49 2023 +1300 netcmd: domain: move trust command to domain/trust.py Signed-off-by: Rob van der Linde Reviewed-by: Douglas Bagnall Reviewed-by: Andrew Bartlett commit 2a71bade8492a9a6c39ab98662eae7e18897349a Author: Rob van der Linde Date: Fri Mar 31 13:37:01 2023 +1300 netcmd: domain: move tombstones command to domain/tombstones.py Signed-off-by: Rob
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 360b7394644 s3: smbd: Fix dumb typos that meant smb1.SMB1-DFS-* tests were running against an SMB2-only fileserver. via c3f48b0581e s3: smbd: Remove now unused dfs_filename_convert(). via e0ac0a2562c smbd: RIP DFS pathname processing in filename_convert_dirfsp_nosymlink() via 777e324efbb s3: smbd: In smb_file_link_information() and smb_file_rename_information() the target path is never DFS. via f32215dbac2 smbd: use smb1_strip_dfs_path() in call_trans2findfirst() via f539e632bb6 smbd: use smb1_strip_dfs_path() in reply_search() via fc3df8f5968 smbd: use smb1_strip_dfs_path() in call_trans2mkdir() via 6187381 smbd: use smb1_strip_dfs_path() in call_trans2setpathinfo() via 32a1f381137 smbd: use smb1_strip_dfs_path() in smb_set_file_unix_hlink() via adb34770fc2 smbd: use smb1_strip_dfs_path() in call_trans2qpathinfo() via 96765e535d7 smbd: use smb1_strip_dfs_path() in call_trans2open() via 2c4e4c22eac smbd: use smb1_strip_dfs_path() in reply_mv() via c3a87ffb632 smbd: use smb1_strip_dfs_path() in reply_mv() via c44491676ea smbd: use smb1_strip_dfs_path() in reply_rmdir() via 9c151af3135 smbd: use smb1_strip_dfs_path() in reply_mkdir() via 7ff2473bedc smbd: use smb1_strip_dfs_path() in reply_unlink() via 0d298ff757e smbd: use smb1_strip_dfs_path() in reply_ctemp() via 574b1369b7a smbd: use smb1_strip_dfs_path() in reply_mknew() via e4fbaae22bf smbd: use smb1_strip_dfs_path() in reply_open_and_X() via ba325ca2d26 smbd: use smb1_strip_dfs_path() in reply_open() via 0cb37f78c1c smbd: use smb1_strip_dfs_path() in reply_setatr() via 00c836436e0 smbd: use smb1_strip_dfs_path() in reply_getatr via 004d14a0244 smbd: use smb1_strip_dfs_path() in reply_checkpath() via d5b5589d012 smbd: use smb1_strip_dfs_path() in reply_ntrename() via 0089ea2a31e smbd: use smb1_strip_dfs_path() in reply_ntrename() via 666e42ef5b3 smbd: use smb1_strip_dfs_path() in call_nt_transact_create() via 8ad023c1990 smbd: use smb1_strip_dfs_path() in reply_ntcreate_and_X() via 66d7996dbcf s3: smbd: Add utility function smb1_strip_dfs_path(). via 06c738738ea s3: smbd: Remove unused and commented out check_path_syntax_smb2_msdfs(). via 34fabc26f1d s3: smbd: Remove 'is_dfs' parameter to check_path_syntax_smb2(). via 31f5c714c60 s3: smbd: Add assertion to filename_convert_dirfsp_nosymlink() that shows SMB2 is *never* dealing with a DFS path here. via 2c40e28908e s3: smbd: Remove all DFS path prefixes before passing to check_path_syntax_smb2(). via 39ad689eeac s3: smbd: Add utility function smb2_strip_dfs_path(). via 1b510ca2d98 s3: smbd: Change smb2_file_link_information() to use srvstr_pull_talloc()/check_path_syntax_smb2(). via b3fdc892b4f s3: smbd: In smb2_file_link_information(), don't ever expect @GMT tokens in the pathname. via 377c50abe91 s3: smbd: Duplicate smb_file_link_information() hardlink handling as smb2_file_link_information(). via 4c5a07ed4e0 s3: smbd: Cleanup. smb2_file_rename_information() can never have a @GMT path in the destination. via bb92df7c9e5 s3: smbd: Cleanup - don't set the FLAGS2_DFS_PATHNAMES in flags2 in the glue struct if it's not a DFS server or share. from ea4be00361e selftest: Add test parsing krb5 PAC claims via ndrdump https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 360b739464461acece91c04b8a29da30a022ac23 Author: Jeremy Allison Date: Thu Mar 30 13:19:22 2023 -0700 s3: smbd: Fix dumb typos that meant smb1.SMB1-DFS-* tests were running against an SMB2-only fileserver. Remove knownfail on SMB1-DFS-SEARCH-PATHS, as we now pass it with the new SMB1 remove DFS paths before pathname processing changes. Note, we still fail: smb1.SMB1-DFS-PATHS.smbtorture\(fileserver_smb1\) smb1.SMB1-DFS-OPERATIONS.smbtorture\(fileserver_smb1\) even with the new SMB1 remove DFS paths before pathname processing as those tests test *very* specific Windows behaviors. We now pass many more of the individual internal tests, but in order to pass them all completely I need to add specific --with-sambaserver checks to avoid some of the Windows DFS SMB1 insanity (error messages). Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Fri Mar 31 06:07:01 UTC 2023 on atb-devel-224 commit c3f48b0581e5a948d1f31c8a65e8294aa6c92591 Author: Jeremy Allison Date: Thu Mar 30 13:01:08 2023 -0700 s3: smbd: Remove now unused dfs_filename_convert(). And all the static functions it called. Signed-off-by: Jeremy