Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found

Target

Select target project
  • lts-team/packages/samba
  • thctlo/samba-lintianfix
  • arnaudr/samba
  • jrwren/samba
  • paride/samba
  • athos/samba
  • henrich/samba
  • cnotin/samba
  • mimi89999/samba
  • samba-team/samba
  • ahasenack/samba
  • jrtc27/samba
  • noel/samba
13 results
Show changes
Commits on Source (99)
Showing
with 535 additions and 97 deletions
......@@ -47,7 +47,7 @@ variables:
# Set this to the contents of bootstrap/sha1sum.txt
# which is generated by bootstrap/template.py --render
#
SAMBA_CI_CONTAINER_TAG: 190a74ee9628f298961d890ba37fcc7d213daae2
SAMBA_CI_CONTAINER_TAG: bbc2e41b217a3318c654a45b79d4b5a5af4abeb3
#
# We use the ubuntu2204 image as default as
# it matches what we have on atb-devel-224
......@@ -146,7 +146,7 @@ include:
- ccache -z -M 500M
- ccache -s
# We are already running .gitlab-ci directives from this repo, remove additional checks that break our CI
- git config --global --add safe.directory `pwd`
- git config --global --add safe.directory '*'
after_script:
- mount
- df -h
......@@ -415,41 +415,77 @@ samba-shellcheck:
# settings -> CI/CD -> Environment variables
- if: $SUPPORT_PRIVATE_TEST == "yes"
.needs_samba-def-build-private:
.needs_ext4_support:
# All runners provide an ext4 filesystem
#
# Note: we don't use
# extends: .shared_template_test_only
# as that somehow resets the needs section
# and generates problems for something
# like this (which is used below)
#
# .needs_samba-SOME-build-ext4:
# extends:
# - .needs_samba-SOME-build
# - .needs_ext4_support
#
# So we only set stage again instead...
stage: test_only
.needs_5_15_kernel:
# Our private runners are based on
# ubuntu2204 with a 5.15 kernel.
#
# And they also provide an ext4 filesystem
extends: .private_test_only
.needs_samba-def-build-ext4:
extends:
- .needs_samba-def-build
- .private_test_only
- .needs_ext4_support
.needs_samba-mit-build-private:
.needs_samba-mit-build-ext4:
extends:
- .needs_samba-mit-build
- .private_test_only
- .needs_ext4_support
.needs_samba-h5l-build-private:
.needs_samba-h5l-build-ext4:
extends:
- .needs_samba-h5l-build
- .private_test_only
- .needs_ext4_support
.needs_samba-without-smb1-build-private:
.needs_samba-without-smb1-build-5_15:
# Currently this doesn't strictly
# require a kernel >= 5.15, but only
# ext4 support.
#
# But we want to make sure that
# our private runners keep working
# and at least do a single job.
#
# In future we'll be able to run
# tests with io_uring in this
# setup, which will requires a
# 5.15 kernel in order to be useful.
extends:
- .needs_samba-without-smb1-build
- .private_test_only
- .needs_5_15_kernel
.needs_samba-nt4-build-private:
.needs_samba-nt4-build-ext4:
extends:
- .needs_samba-nt4-build
- .private_test_only
- .needs_ext4_support
.needs_samba-no-opath-build-private:
.needs_samba-no-opath-build-ext4:
extends:
- .needs_samba-no-opath-build
- .private_test_only
- .needs_ext4_support
samba-fileserver:
extends: .needs_samba-h5l-build-private
extends: .needs_samba-h5l-build-ext4
samba-fileserver-without-smb1:
extends: .needs_samba-without-smb1-build-private
extends: .needs_samba-without-smb1-build-5_15
# This is a full build without the AD DC so we test the build with MIT
# Kerberos from the default system (Ubuntu 22.04 at this stage).
......@@ -459,19 +495,19 @@ samba-ktest-mit:
extends: .shared_template
samba-ad-dc-1:
extends: .needs_samba-def-build-private
extends: .needs_samba-def-build-ext4
samba-nt4:
extends: .needs_samba-nt4-build-private
extends: .needs_samba-nt4-build-ext4
samba-addc-mit-1:
extends: .needs_samba-mit-build-private
extends: .needs_samba-mit-build-ext4
samba-no-opath1:
extends: .needs_samba-no-opath-build-private
extends: .needs_samba-no-opath-build-ext4
samba-no-opath2:
extends: .needs_samba-no-opath-build-private
extends: .needs_samba-no-opath-build-ext4
# 'pages' is a special job which can publish artifacts in `public` dir to gitlab pages
pages:
......
......@@ -27,7 +27,7 @@ SAMBA_COPYRIGHT_STRING="Copyright Andrew Tridgell and the Samba Team 1992-2023"
########################################################
SAMBA_VERSION_MAJOR=4
SAMBA_VERSION_MINOR=19
SAMBA_VERSION_RELEASE=7
SAMBA_VERSION_RELEASE=8
########################################################
# If a official release has a serious bug #
......
==============================
Release Notes for Samba 4.19.8
August 15, 2024
==============================
This is the latest stable release of the Samba 4.19 release series.
Changes since 4.19.7
--------------------
o Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* BUG 15671: Invalid client warning about command line passwords.
* BUG 15672: Version string is truncated in manpages.
* BUG 15673: --version-* options are still not ergonomic, and they reject
tilde characters.
* BUG 15674: cmdline_burn does not always burn secrets.
* BUG 15685: Samba doesn't parse SDDL found in defaultSecurityDescriptor in
AD_DS_Classes_Windows_Server_v1903.ldf.
o Andrew Bartlett <abartlet@samba.org>
* BUG 15654: We have added new options --vendor-name and --vendor-patch-
revision arguments to ./configure to allow distributions and packagers to
put their name in the Samba version string so that when debugging Samba the
source of the binary is obvious.
* BUG 15655: When claims enabled with heimdal kerberos, unable to log on to a
Windows computer when user account need to change their own
password.
o Ralph Boehme <slow@samba.org>
* BUG 15676: Fix clock skew error message and memory cache clock skew
recovery.
o Günther Deschner <gd@samba.org>
* BUG 15665: CTDB RADOS mutex helper misses namespace support.
o Pavel Filipenský <pfilipensky@samba.org>
* BUG 15660: The images don't build after the git security release and CentOS
8 Stream is EOL.
o Xavi Hernandez <xhernandez@redhat.com>
* BUG 15678: Fix unnecessary delays in CTDB while processing requests under
high load.
o Stefan Metzmacher <metze@samba.org>
* BUG 13019: Dynamic DNS updates with the internal DNS are not working.
* BUG 15620: s4:nbt_server: does not provide unexpected handling, so winbindd
can't use nmb requests instead cldap.
* BUG 15660: The images don't build after the git security release and CentOS
8 Stream is EOL.
* BUG 15664: Panic in vfs_offload_token_db_fetch_fsp().
* BUG 15666: "client use kerberos" and --use-kerberos is ignored for the
machine account.
o Noel Power <noel.power@suse.com>
* BUG 15435: Regression DFS not working with widelinks = true.
o Andreas Schneider <asn@samba.org>
* BUG 15660: The images don't build after the git security release and CentOS
8 Stream is EOL.
* BUG 15673: --version-* options are still not ergonomic, and they reject
tilde characters.
o Jo Sutton <josutton@catalyst.net.nz>
* BUG 15655: When claims enabled with heimdal kerberos, unable to log on to a
Windows computer when user account need to change their own
password.
o Joseph Sutton <josephsutton@catalyst.net.nz>
* BUG 15655: When claims enabled with heimdal kerberos, unable to log on to a
Windows computer when user account need to change their own
password.
o Jones Syue <jonessyue@qnap.com>
* BUG 15677: ntlm_auth make logs more consistent with length check.
#######################################
Reporting bugs & Development Discussion
#######################################
Please discuss this release on the samba-technical mailing list or by
joining the #samba-technical:matrix.org matrix room, or
#samba-technical IRC channel on irc.libera.chat.
If you do report problems then please try to send high quality
feedback. If you don't provide vital information to help us track down
the problem then you will probably be ignored. All bug reports should
be filed under the Samba 4.1 and newer product in the project's Bugzilla
database (https://bugzilla.samba.org/).
======================================================================
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team
======================================================================
Release notes for older releases follow:
----------------------------------------
==============================
Release Notes for Samba 4.19.7
June 10, 2024
......@@ -59,8 +160,7 @@ database (https://bugzilla.samba.org/).
======================================================================
Release notes for older releases follow:
----------------------------------------
----------------------------------------------------------------------
==============================
Release Notes for Samba 4.19.6
April 08, 2024
......
......@@ -146,6 +146,11 @@ _PUBLIC_ enum credentials_use_kerberos cli_credentials_get_kerberos_state(struct
return creds->kerberos_state;
}
_PUBLIC_ enum credentials_obtained cli_credentials_get_kerberos_state_obtained(struct cli_credentials *creds)
{
return creds->kerberos_state_obtained;
}
_PUBLIC_ const char *cli_credentials_get_forced_sasl_mech(struct cli_credentials *creds)
{
return creds->forced_sasl_mech;
......
......@@ -267,6 +267,7 @@ const char *cli_credentials_get_impersonate_principal(struct cli_credentials *cr
const char *cli_credentials_get_self_service(struct cli_credentials *cred);
const char *cli_credentials_get_target_service(struct cli_credentials *cred);
enum credentials_use_kerberos cli_credentials_get_kerberos_state(struct cli_credentials *creds);
enum credentials_obtained cli_credentials_get_kerberos_state_obtained(struct cli_credentials *creds);
const char *cli_credentials_get_forced_sasl_mech(struct cli_credentials *cred);
enum credentials_krb_forwardable cli_credentials_get_krb_forwardable(struct cli_credentials *creds);
NTSTATUS cli_credentials_set_secrets(struct cli_credentials *cred,
......
......@@ -370,13 +370,17 @@ _PUBLIC_ NTSTATUS cli_credentials_set_machine_account_db_ctx(struct cli_credenti
}
if (secrets_tdb_password_more_recent) {
enum credentials_use_kerberos use_kerberos =
CRED_USE_KERBEROS_DISABLED;
char *machine_account = talloc_asprintf(tmp_ctx, "%s$", lpcfg_netbios_name(lp_ctx));
cli_credentials_set_password(cred, secrets_tdb_password, CRED_SPECIFIED);
cli_credentials_set_old_password(cred, secrets_tdb_old_password, CRED_SPECIFIED);
cli_credentials_set_domain(cred, domain, CRED_SPECIFIED);
if (strequal(domain, lpcfg_workgroup(lp_ctx))) {
enum credentials_use_kerberos use_kerberos =
cli_credentials_get_kerberos_state(cred);
enum credentials_obtained use_kerberos_obtained =
cli_credentials_get_kerberos_state_obtained(cred);
bool is_ad = false;
cli_credentials_set_realm(cred, lpcfg_realm(lp_ctx), CRED_SPECIFIED);
switch (server_role) {
......@@ -388,13 +392,28 @@ _PUBLIC_ NTSTATUS cli_credentials_set_machine_account_db_ctx(struct cli_credenti
FALL_THROUGH;
case ROLE_ACTIVE_DIRECTORY_DC:
case ROLE_IPA_DC:
use_kerberos = CRED_USE_KERBEROS_DESIRED;
is_ad = true;
break;
}
if (use_kerberos != CRED_USE_KERBEROS_DESIRED || is_ad) {
/*
* Keep an explicit selection
*
* For AD domains we also keep
* CRED_USE_KERBEROS_DESIRED
*/
} else if (use_kerberos_obtained <= CRED_SMB_CONF) {
/*
* Disable kerberos by default within
* an NT4 domain.
*/
cli_credentials_set_kerberos_state(cred,
CRED_USE_KERBEROS_DISABLED,
CRED_SMB_CONF);
}
}
cli_credentials_set_kerberos_state(cred,
use_kerberos,
CRED_SPECIFIED);
cli_credentials_set_username(cred, machine_account, CRED_SPECIFIED);
cli_credentials_set_password_last_changed_time(cred, secrets_tdb_lct);
cli_credentials_set_secure_channel_type(cred, secrets_tdb_secure_channel_type);
......
......@@ -227,6 +227,8 @@ static void torture_creds_krb5_state(void **state)
TALLOC_CTX *mem_ctx = *state;
struct cli_credentials *creds = NULL;
struct loadparm_context *lp_ctx = NULL;
enum credentials_obtained kerberos_state_obtained;
enum credentials_use_kerberos kerberos_state;
bool ok;
lp_ctx = loadparm_init_global(true);
......@@ -234,18 +236,27 @@ static void torture_creds_krb5_state(void **state)
creds = cli_credentials_init(mem_ctx);
assert_non_null(creds);
assert_int_equal(creds->kerberos_state_obtained, CRED_UNINITIALISED);
assert_int_equal(creds->kerberos_state, CRED_USE_KERBEROS_DESIRED);
kerberos_state_obtained =
cli_credentials_get_kerberos_state_obtained(creds);
kerberos_state = cli_credentials_get_kerberos_state(creds);
assert_int_equal(kerberos_state_obtained, CRED_UNINITIALISED);
assert_int_equal(kerberos_state, CRED_USE_KERBEROS_DESIRED);
ok = cli_credentials_set_conf(creds, lp_ctx);
assert_true(ok);
assert_int_equal(creds->kerberos_state_obtained, CRED_SMB_CONF);
assert_int_equal(creds->kerberos_state, CRED_USE_KERBEROS_DESIRED);
kerberos_state_obtained =
cli_credentials_get_kerberos_state_obtained(creds);
kerberos_state = cli_credentials_get_kerberos_state(creds);
assert_int_equal(kerberos_state_obtained, CRED_SMB_CONF);
assert_int_equal(kerberos_state, CRED_USE_KERBEROS_DESIRED);
ok = cli_credentials_guess(creds, lp_ctx);
assert_true(ok);
assert_int_equal(creds->kerberos_state_obtained, CRED_SMB_CONF);
assert_int_equal(creds->kerberos_state, CRED_USE_KERBEROS_DESIRED);
kerberos_state_obtained =
cli_credentials_get_kerberos_state_obtained(creds);
kerberos_state = cli_credentials_get_kerberos_state(creds);
assert_int_equal(kerberos_state_obtained, CRED_SMB_CONF);
assert_int_equal(kerberos_state, CRED_USE_KERBEROS_DESIRED);
assert_int_equal(creds->ccache_obtained, CRED_GUESS_FILE);
assert_non_null(creds->ccache);
......@@ -253,15 +264,21 @@ static void torture_creds_krb5_state(void **state)
CRED_USE_KERBEROS_REQUIRED,
CRED_SPECIFIED);
assert_true(ok);
assert_int_equal(creds->kerberos_state_obtained, CRED_SPECIFIED);
assert_int_equal(creds->kerberos_state, CRED_USE_KERBEROS_REQUIRED);
kerberos_state_obtained =
cli_credentials_get_kerberos_state_obtained(creds);
kerberos_state = cli_credentials_get_kerberos_state(creds);
assert_int_equal(kerberos_state_obtained, CRED_SPECIFIED);
assert_int_equal(kerberos_state, CRED_USE_KERBEROS_REQUIRED);
ok = cli_credentials_set_kerberos_state(creds,
CRED_USE_KERBEROS_DISABLED,
CRED_SMB_CONF);
assert_false(ok);
assert_int_equal(creds->kerberos_state_obtained, CRED_SPECIFIED);
assert_int_equal(creds->kerberos_state, CRED_USE_KERBEROS_REQUIRED);
kerberos_state_obtained =
cli_credentials_get_kerberos_state_obtained(creds);
kerberos_state = cli_credentials_get_kerberos_state(creds);
assert_int_equal(kerberos_state_obtained, CRED_SPECIFIED);
assert_int_equal(kerberos_state, CRED_USE_KERBEROS_REQUIRED);
}
......
......@@ -6,9 +6,7 @@
# We need to make sure we only use gitlab.com
# runners and not our own runners, as our current runners
# don't allow 'docker build ...' to run.
- docker
- gce
- shared
- saas-linux-small-amd64
variables:
SAMBA_CI_IS_BROKEN_IMAGE: "no"
SAMBA_CI_TEST_JOB: "samba-o3"
......@@ -47,7 +45,7 @@
diff -u bootstrap/sha1sum.txt /tmp/sha1sum-template.txt
# run smoke test with samba-o3 or samba-fuzz
podman run --volume $(pwd):/src:ro ${ci_image_name} \
/bin/bash -c "git clone /src samba && cd samba && export PKG_CONFIG_PATH=/usr/lib64/compat-gnutls34/pkgconfig:/usr/lib64/compat-nettle32/pkgconfig && script/autobuild.py ${SAMBA_CI_TEST_JOB} --verbose --nocleanup --keeplogs --tail --testbase /tmp/samba-testbase"
/bin/bash -c "git config --global --add safe.directory /src/.git && git clone /src samba && cd samba && export PKG_CONFIG_PATH=/usr/lib64/compat-gnutls34/pkgconfig:/usr/lib64/compat-nettle32/pkgconfig && script/autobuild.py ${SAMBA_CI_TEST_JOB} --verbose --nocleanup --keeplogs --tail --testbase /tmp/samba-testbase"
podman tag ${ci_image_name} ${ci_image_path}:${SAMBA_CI_CONTAINER_TAG}
podman tag ${ci_image_name} ${ci_image_path}:${timestamp_tag}
# We build all images, but only upload is it's not marked as broken
......
......@@ -242,6 +242,9 @@ CENTOS8S_YUM_BOOTSTRAP = r"""
{GENERATED_MARKER}
set -xueo pipefail
sed -i 's/mirrorlist/#mirrorlist/g' /etc/yum.repos.d/CentOS-*
sed -i 's|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g' /etc/yum.repos.d/CentOS-*
yum update -y
yum install -y dnf-plugins-core
yum install -y epel-release
......
......@@ -7,6 +7,9 @@
set -xueo pipefail
sed -i 's/mirrorlist/#mirrorlist/g' /etc/yum.repos.d/CentOS-*
sed -i 's|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g' /etc/yum.repos.d/CentOS-*
yum update -y
yum install -y dnf-plugins-core
yum install -y epel-release
......
190a74ee9628f298961d890ba37fcc7d213daae2
bbc2e41b217a3318c654a45b79d4b5a5af4abeb3
......@@ -286,7 +286,7 @@ def abi_build_vscript(task):
f.close()
def VSCRIPT_MAP_PRIVATE(bld, libname, orig_vscript, version, private_vscript):
version = version.replace("-", "_").replace("+","_").upper()
version = re.sub(r'[^.\w]', '_', version).upper()
t = bld.SAMBA_GENERATOR(private_vscript,
rule=abi_build_vscript,
source=orig_vscript,
......@@ -314,8 +314,8 @@ def ABI_VSCRIPT(bld, libname, abi_directory, version, vscript, abi_match=None, p
libname = os.path.basename(libname)
version = os.path.basename(version)
libname = libname.replace("-", "_").replace("+","_").upper()
version = version.replace("-", "_").replace("+","_").upper()
libname = re.sub(r'[^.\w]', '_', libname).upper()
version = re.sub(r'[^.\w]', '_', version).upper()
t = bld.SAMBA_GENERATOR(vscript,
rule=abi_build_vscript,
......
......@@ -24,7 +24,7 @@ Build.BuildContext.CHECK_CMOCKA = CHECK_CMOCKA
@conf
def CHECK_SOCKET_WRAPPER(conf):
return conf.CHECK_BUNDLED_SYSTEM_PKG('socket_wrapper', minversion='1.4.2')
return conf.CHECK_BUNDLED_SYSTEM_PKG('socket_wrapper', minversion='1.4.3')
Build.BuildContext.CHECK_SOCKET_WRAPPER = CHECK_SOCKET_WRAPPER
@conf
......@@ -39,7 +39,7 @@ Build.BuildContext.CHECK_RESOLV_WRAPPER = CHECK_RESOLV_WRAPPER
@conf
def CHECK_UID_WRAPPER(conf):
return conf.CHECK_BUNDLED_SYSTEM_PKG('uid_wrapper', minversion='1.3.0')
return conf.CHECK_BUNDLED_SYSTEM_PKG('uid_wrapper', minversion='1.3.1')
Build.BuildContext.CHECK_UID_WRAPPER = CHECK_UID_WRAPPER
@conf
......
......@@ -253,6 +253,11 @@ def samba_version_file(version_file, path, env=None, is_install=True):
print("Failed to parse line %s from %s" % (line, version_file))
raise
if "SAMBA_VERSION_VENDOR_SUFFIX" in env:
version_dict["SAMBA_VERSION_VENDOR_SUFFIX"] = env.SAMBA_VERSION_VENDOR_SUFFIX
if "SAMBA_VERSION_VENDOR_PATCH" in env:
version_dict["SAMBA_VERSION_VENDOR_PATCH"] = str(env.SAMBA_VERSION_VENDOR_PATCH)
return SambaVersion(version_dict, path, env=env, is_install=is_install)
......
......@@ -272,7 +272,7 @@ static void queue_dead(struct tevent_context *ev, struct tevent_immediate *im,
/*
called when an incoming connection is writeable
*/
static void queue_io_write(struct ctdb_queue *queue)
static bool queue_io_write(struct ctdb_queue *queue)
{
while (queue->out_queue) {
struct ctdb_queue_pkt *pkt = queue->out_queue;
......@@ -294,14 +294,14 @@ static void queue_io_write(struct ctdb_queue *queue)
queue->fd = -1;
tevent_schedule_immediate(queue->im, queue->ctdb->ev,
queue_dead, queue);
return;
return false;
}
if (n <= 0) return;
if (n <= 0) return true;
if (n != pkt->length) {
pkt->length -= n;
pkt->data += n;
return;
return true;
}
DLIST_REMOVE(queue->out_queue, pkt);
......@@ -310,6 +310,8 @@ static void queue_io_write(struct ctdb_queue *queue)
}
TEVENT_FD_NOT_WRITEABLE(queue->fde);
return true;
}
/*
......@@ -320,10 +322,13 @@ static void queue_io_handler(struct tevent_context *ev, struct tevent_fd *fde,
{
struct ctdb_queue *queue = talloc_get_type(private_data, struct ctdb_queue);
if (flags & TEVENT_FD_WRITE) {
if (!queue_io_write(queue)) {
return;
}
}
if (flags & TEVENT_FD_READ) {
queue_io_read(queue);
} else {
queue_io_write(queue);
}
}
......
......@@ -29,12 +29,14 @@
<manvolnum>5</manvolnum></citerefentry>:
</para>
<screen format="linespecific">
cluster lock = !ctdb_mutex_ceph_rados_helper [Cluster] [User] [Pool] [Object]
cluster lock = !ctdb_mutex_ceph_rados_helper [Cluster] [User] [Pool] [Object] [Timeout] [-n Namespace]
Cluster: Ceph cluster name (e.g. ceph)
User: Ceph cluster user name (e.g. client.admin)
Pool: Ceph RADOS pool name
Object: Ceph RADOS object name
Timeout: Ceph RADOS lock duration in seconds (optional)
Namespace: Ceph RADOS pool namespace (optional)
</screen>
<para>
The Ceph cluster <parameter>Cluster</parameter> must be up and running,
......
......@@ -42,9 +42,18 @@
static char *progname = NULL;
static void usage(void)
{
fprintf(stderr, "Usage: %s <Ceph Cluster> <Ceph user> "
"<RADOS pool> <RADOS object> "
"[lock duration secs] [-n RADOS namespace]\n",
progname);
}
static int ctdb_mutex_rados_ctx_create(const char *ceph_cluster_name,
const char *ceph_auth_name,
const char *pool_name,
const char *namespace,
rados_t *_ceph_cluster,
rados_ioctx_t *_ioctx)
{
......@@ -87,6 +96,10 @@ static int ctdb_mutex_rados_ctx_create(const char *ceph_cluster_name,
return ret;
}
if (namespace != NULL) {
rados_ioctx_set_namespace(ioctx, namespace);
}
*_ceph_cluster = ceph_cluster;
*_ioctx = ioctx;
......@@ -145,6 +158,7 @@ struct ctdb_mutex_rados_state {
const char *ceph_cluster_name;
const char *ceph_auth_name;
const char *pool_name;
const char *namespace;
const char *object;
uint64_t lock_duration_s;
int ppid;
......@@ -295,15 +309,13 @@ static int ctdb_mutex_rados_mgr_reg(rados_t ceph_cluster)
int main(int argc, char *argv[])
{
int ret;
int opt;
struct ctdb_mutex_rados_state *cmr_state;
progname = argv[0];
if ((argc != 5) && (argc != 6)) {
fprintf(stderr, "Usage: %s <Ceph Cluster> <Ceph user> "
"<RADOS pool> <RADOS object> "
"[lock duration secs]\n",
progname);
if (argc < 5) {
usage();
ret = -EINVAL;
goto err_out;
}
......@@ -325,15 +337,36 @@ int main(int argc, char *argv[])
cmr_state->ceph_auth_name = argv[2];
cmr_state->pool_name = argv[3];
cmr_state->object = argv[4];
if (argc == 6) {
optind = 5;
while ((opt = getopt(argc, argv, "n:")) != -1) {
switch(opt) {
case 'n':
cmr_state->namespace = optarg;
break;
default:
usage();
ret = -EINVAL;
goto err_ctx_cleanup;
}
}
if (argv[optind] != NULL) {
/* optional lock duration provided */
char *endptr = NULL;
cmr_state->lock_duration_s = strtoull(argv[5], &endptr, 0);
if ((endptr == argv[5]) || (*endptr != '\0')) {
cmr_state->lock_duration_s = strtoull(argv[optind], &endptr, 0);
if ((endptr == argv[optind]) || (*endptr != '\0')) {
fprintf(stdout, CTDB_MUTEX_STATUS_ERROR);
ret = -EINVAL;
goto err_ctx_cleanup;
}
if (argv[++optind] != NULL) {
/* incorrect count or format for optional arguments */
usage();
ret = -EINVAL;
goto err_ctx_cleanup;
}
} else {
cmr_state->lock_duration_s
= CTDB_MUTEX_CEPH_LOCK_DURATION_SECS_DEFAULT;
......@@ -398,6 +431,7 @@ int main(int argc, char *argv[])
ret = ctdb_mutex_rados_ctx_create(cmr_state->ceph_cluster_name,
cmr_state->ceph_auth_name,
cmr_state->pool_name,
cmr_state->namespace,
&cmr_state->ceph_cluster,
&cmr_state->ioctx);
if (ret < 0) {
......
......@@ -11,6 +11,9 @@
<xsl:param name="use.id.as.filename" select="1"/>
<xsl:param name="man.endnotes.are.numbered" select="0"/>
<!-- make room for long version numbers -->
<xsl:param name="man.th.extra2.max.length">40</xsl:param>
<!--
Our ulink stylesheet omits @url part if content was specified
-->
......
......@@ -135,63 +135,230 @@ void samba_cmdline_set_machine_account_fn(
cli_credentials_set_machine_account_fn = fn;
}
/*
* Are the strings p and option equal from the point of view of option
* parsing, meaning is the next character '\0' or '='.
*/
static bool strneq_cmdline_exact(const char *p, const char *option, size_t len)
{
if (strncmp(p, option, len) == 0) {
if (p[len] == 0 || p[len] == '=') {
return true;
}
}
return false;
}
/*
* Return true if the argument to the option should be redacted.
*
* The option name is presumed to contain the substring "pass". It is checked
* against a list of options that specify secrets. If it is there, the value
* should be redacted and we return early.
*
* Otherwise, it is checked against a list of known safe options. If it is
* there, we return false.
*
* If the option is not in either list, we assume it might be secret and
* redact the argument, but warn loadly about it. The hope is that developers
* will see what they're doing and add the option to the appropriate list.
*
* If true is returned, *ulen will be set to the apparent length of the
* option. It is set to zero if false is returned (we don't need it in that
* case).
*/
static bool is_password_option(const char *p, size_t *ulen)
{
size_t i, len;
static const char *must_burn[] = {
"--password",
"--newpassword",
"--password2",
"--adminpass",
"--dnspass",
"--machinepass",
"--krbtgtpass",
"--fixed-password",
};
static const char *allowed[] = {
"--bad-password-count-reset",
"--badpassword-frequency",
"--change-user-password",
"--force-initialized-passwords",
"--machine-pass", /* distinct from --machinepass */
"--managed-password-interval",
"--no-pass",
"--no-pass2",
"--no-passthrough",
"--no-password",
"--passcmd",
"--passwd",
"--passwd_path",
"--password-file",
"--password-from-stdin",
"--random-password",
"--smbpasswd-style",
"--strip-passed-output",
"--with-smbpasswd-file",
};
char *equals = NULL;
*ulen = 0;
for (i = 0; i < ARRAY_SIZE(must_burn); i++) {
bool secret;
len = strlen(must_burn[i]);
secret = strneq_cmdline_exact(p, must_burn[i], len);
if (secret) {
*ulen = len;
return true;
}
}
for (i = 0; i < ARRAY_SIZE(allowed); i++) {
bool safe;
len = strlen(allowed[i]);
safe = strneq_cmdline_exact(p, allowed[i], len);
if (safe) {
return false;
}
}
/*
* We have found a suspicious option, and we need to work out where to
* burn it from. It could be
*
* --secret-password=cow -> password after '='
* --secret-password -> password is in next argument.
*
* but we also have the possibility of
*
* --cow=secret-password
*
* that is, the 'pass' in this option string is not in the option but
* the argument to it, which should not be burnt.
*/
equals = strchr(p, '=');
if (equals == NULL) {
*ulen = strlen(p);
} else {
char *pass = (strstr(p, "pass"));
if (pass > equals) {
/* this is --foo=pass, not --pass=foo */
return false;
}
*ulen = equals - p;
}
/*
* This message will be seen with Python tools when an option
* is misspelt, but not with C tools, because in C burning
* happens after the command line is parsed, while in Python
* it happens before (on a copy of argv).
*
* In either case it will appear for a newly added option, and
* we hope developers will notice it before pushing.
*/
DBG_ERR("\nNote for developers: if '%*s' is not misspelt, it should be "
"added to the appropriate list in is_password_option().\n\n",
(int)(*ulen), p);
return true;
}
bool samba_cmdline_burn(int argc, char *argv[])
{
bool burnt = false;
bool found = false;
bool is_user = false;
char *p = NULL;
int i;
size_t ulen = 0;
for (i = 0; i < argc; i++) {
bool found = false;
bool is_user = false;
size_t ulen = 0;
char *p = NULL;
p = argv[i];
if (p == NULL) {
return false;
return burnt;
}
/*
* Take care that this list must be in longest-match
* first order
*/
if (strncmp(p, "-U", 2) == 0) {
/*
* Note: this won't catch combinations of
* short options like
* `samba-tool -NUAdministrator%...`, which is
* not possible in general outside of the
* actual parser (consider for example
* `-NHUroot%password`, which parses as
* `-N -H 'Uroot%password'`). We don't know
* here which short options might take
* arguments.
*
* This is an argument for embedding redaction
* inside the parser (e.g. by adding a flag to
* the option definitions), but we decided not
* to do that in order to share cmdline_burn().
*/
ulen = 2;
found = true;
is_user = true;
} else if (strncmp(p, "--user", 6) == 0) {
} else if (strneq_cmdline_exact(p, "--user", 6)) {
ulen = 6;
found = true;
is_user = true;
} else if (strncmp(p, "--password2", 11) == 0) {
ulen = 11;
found = true;
} else if (strncmp(p, "--password", 10) == 0) {
} else if (strneq_cmdline_exact(p, "--username", 10)) {
ulen = 10;
found = true;
} else if (strncmp(p, "--newpassword", 13) == 0) {
ulen = 13;
found = true;
is_user = true;
} else if (strncmp(p, "--", 2) == 0 && strstr(p, "pass")) {
/*
* We have many secret options like --password,
* --adminpass, --newpassword, and we could easily
* add more, so we will use an allowlist to let the
* safe ones through (of which there are also many).
*/
found = is_password_option(p, &ulen);
}
if (found) {
char *q = NULL;
if (strlen(p) == ulen) {
continue;
/*
* The option string has no '=', so
* its argument will come in the NEXT
* argv member. If there is one, we
* can just step forward and take it,
* setting ulen to 0.
*
* {"--password=secret"} --> {"--password"}
* {"--password", "secret"} --> {"--password", ""}
* {"-Uadmin%secret"} --> {"-Uadmin"}
* {"-U", "admin%secret"} --> {"-U", "admin"}
*/
i++;
if (i == argc) {
/*
* this looks like an invalid
* command line, but that's
* for the caller to decide.
*/
return burnt;
}
p = argv[i];
if (p == NULL) {
return burnt;
}
ulen = 0;
}
if (is_user) {
q = strchr_m(p, '%');
if (q != NULL) {
p = q;
char *q = strchr_m(p, '%');
if (q == NULL) {
/* -U without '%' has no secret */
continue;
}
p = q;
} else {
p += ulen;
}
memset_s(p, strlen(p), '\0', strlen(p));
found = false;
is_user = false;
burnt = true;
}
}
......
......@@ -24,6 +24,7 @@
#include <cmocka.h>
#include <time.h>
#include <sys/time.h>
#include "replace.h"
#include "lib/cmdline/cmdline.h"
......@@ -61,20 +62,59 @@ static void torture_cmdline_sanity_check_bad(void **state)
static void torture_cmdline_burn(void **state)
{
/* arg1 would require -U' Administrator%secret' */
char arg1[] = "-U Administrator%secret";
char arg2[] = "--user=Administrator%secret";
char arg3[] = "--user=Administrator%super%secret";
char arg4[] = "--password=super%secret";
char arg2[] = "--no-no-no-not-secret=not%secret";
char arg3[] = "--user=Administrator%secret";
char arg4[] = "--user=Administrator%super%secret";
char arg5[] = "--password=super%secret";
char arg6[] = "--no-no-no-not-secret=not%secret";
char arg7[] = "-U";
char arg8[] = "fish%chips";
char arg9[] = "--password";
char arg10[] = "fish%chips";
char arg11[] = "--password2";
char arg12[] = "fish%chips";
char arg13[] = "--username=Admonisher % secretest";
/*
* The next two are not used in samba (--client-password
* appears in a Heimdal script that won't use lib/cmdline even
* if built) and are burnt by virtue of not being in the allow
* list.
*/
char arg14[] = "--client-password=bean stew";
char arg15[] = "--enpassant="; /* like --enpassant='', no effect on affect next arg */
char arg16[] = "bean";
char arg17[] = "--bean=password";
char arg18[] = "--name";
char arg19[] = "Compass Alompass";
char *argv[] = { arg1, arg2, arg3, arg4, NULL };
int argc = 4;
char *argv[] = { arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8,
arg9, arg10, arg11, arg12, arg13, arg14, arg15, arg16, arg17,
arg18, arg19, NULL };
int argc = ARRAY_SIZE(argv) - 1;
samba_cmdline_burn(argc, argv);
assert_string_equal(arg1, "-U Administrator");
assert_string_equal(arg2, "--user=Administrator");
assert_string_equal(arg2, "--no-no-no-not-secret=not%secret");
assert_string_equal(arg3, "--user=Administrator");
assert_string_equal(arg4, "--password");
assert_string_equal(arg4, "--user=Administrator");
assert_string_equal(arg5, "--password");
assert_string_equal(arg6, "--no-no-no-not-secret=not%secret");
assert_string_equal(arg7, "-U");
assert_string_equal(arg8, "fish");
assert_string_equal(arg9, "--password");
assert_string_equal(arg10, "");
assert_string_equal(arg11, "--password2");
assert_string_equal(arg12, "");
assert_string_equal(arg13, "--username=Admonisher ");
assert_string_equal(arg14, "--client-password");
assert_string_equal(arg15, "--enpassant");
assert_string_equal(arg16, "bean");
assert_string_equal(arg17, "--bean=password");
assert_string_equal(arg18, "--name");
assert_string_equal(arg19, "Compass Alompass");
}
int main(int argc, char *argv[])
......