awalker [Fri, 30 Aug 2019 19:30:57 +0000 (15:30 -0400)]
vfs_zfsacl: fix issue with ACL inheritance in zfsacl
Add parameter zfsacl:map_dacl_protected to address issue preventing Windows Clients
from disabling inheritance on ACLs. FreeBSD does not currently expose the ACL_PROTECTED
NFS4.1 flag, but it does expose ACE4_INHERITED_ACE. When the parameter is enabled,
map the absence of ACE4_INHERITED_ACE to SEC_DESC_DACL_PROTECTED.
See also the discussion at
https://gitlab.com/samba-team/samba/merge_requests/719
Signed-off-by: Andrew Walker <awalker@ixsystems.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Dec 20 23:24:54 UTC 2019 on sn-devel-184
Ralph Boehme [Sat, 19 Oct 2019 13:37:45 +0000 (15:37 +0200)]
vfs_zfsacl: pass config to zfs_get_nt_acl_common()
Not used for now, that comes next.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Walker <awalker@ixsystems.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Sat, 19 Oct 2019 13:36:15 +0000 (15:36 +0200)]
vfs_zfsacl: pass nfs4_params to smb_set_nt_acl_nfs4()
Now that we parse nfs4_params in the VFS connect in this module, we can pass it
to smb_set_nt_acl_nfs4() which avoids having smb_set_nt_acl_nfs4() parse
it *every time* it's called.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Walker <awalker@ixsystems.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
awalker [Fri, 30 Aug 2019 19:17:26 +0000 (15:17 -0400)]
vfs_zfsacl: add manpage entry for zfsacl:denymissingspecial
Signed-off-by: Andrew Walker <awalker@ixsystems.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
awalker [Fri, 30 Aug 2019 19:15:37 +0000 (15:15 -0400)]
vfs_zfsacl: load parameters on connect
Convert zfsacl:denymissingspecial so that the parameter loads on connect.
Signed-off-by: Andrew Walker <awalker@ixsystems.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Mulder [Tue, 10 Dec 2019 20:49:28 +0000 (13:49 -0700)]
Convert samba4.base.rw1 test to smb2
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Ralph Böhme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Mulder [Tue, 10 Dec 2019 14:47:12 +0000 (07:47 -0700)]
Convert samba4.base.*attr tests to smb2
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Ralph Böhme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Mon, 25 Nov 2019 09:17:38 +0000 (10:17 +0100)]
s3: remove unused session_keystr from struct user_struct
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Dec 20 13:06:20 UTC 2019 on sn-devel-184
Ralph Boehme [Fri, 22 Nov 2019 17:08:56 +0000 (18:08 +0100)]
s3: remove unused macro FSP_BELONGS_CONN()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Mon, 16 Dec 2019 14:24:23 +0000 (15:24 +0100)]
s3: simplify create_conn_struct_as_root()
Now that all callers pass in a valid session_info, we can remove handling of
session_info=NULL. Add an assert(session_info != NULL) just in case... :)
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Tue, 17 Dec 2019 13:58:57 +0000 (14:58 +0100)]
pysmbd: add "session_info" arg tp py_smbd_create_file()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Tue, 17 Dec 2019 13:57:53 +0000 (14:57 +0100)]
pysmbd: add "session_info" arg to py_smbd_mkdir()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Tue, 17 Dec 2019 13:56:18 +0000 (14:56 +0100)]
pysmbd: add "session_info" arg to py_smbd_get_sys_acl()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Tue, 17 Dec 2019 13:54:40 +0000 (14:54 +0100)]
pysmbd: add "session_info" arg to py_smbd_set_sys_acl()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Tue, 17 Dec 2019 13:52:49 +0000 (14:52 +0100)]
pysmbd: make "session_info" arg to py_smbd_get_nt_acl() mandatory
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Tue, 17 Dec 2019 13:49:42 +0000 (14:49 +0100)]
pysmbd: make "session_info" arg to py_smbd_set_nt_acl() mandatory
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Tue, 17 Dec 2019 13:14:45 +0000 (14:14 +0100)]
pysmbd: add "session_info" arg to py_smbd_unlink()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Tue, 17 Dec 2019 13:14:07 +0000 (14:14 +0100)]
pysmbd: add "session_info" arg to py_smbd_chown()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Tue, 17 Dec 2019 13:13:30 +0000 (14:13 +0100)]
pysmbd: add "session_info" arg to py_smbd_set_simple_acl()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Tue, 17 Dec 2019 14:32:17 +0000 (15:32 +0100)]
python/tests: use a system session_info in posixacl.py
Previously posixacl.py passed None as session_info object from
get_session_info().
That meant that the if/else branch referring to session_info:
if nwrap_winbind_active or session_info:
self.assertEquals(posix_acl.acl[1].a_perm, 7)
else:
self.assertEquals(posix_acl.acl[1].a_perm, 6)
must be tweaked to take into account that session info is now either
* a system session_info in which case we must continue to use the if branch in
the code, or
* a user session_info in which case we must continue to go through the else
branch
Using
is_user_session = not session_info.security_token.is_system()
in place of just "session_info" does the trick.
Cf the classes SessionedPosixAclMappingTests and
UnixSessionedPosixAclMappingTests in posixacl.py, those are the ones that
trigger test execution with a user session.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Tue, 17 Dec 2019 13:58:32 +0000 (14:58 +0100)]
pysmbd: reformat py_smbd_create_file() kwnames
No change in behaviour.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Tue, 17 Dec 2019 13:57:20 +0000 (14:57 +0100)]
pysmbd: reformat py_smbd_mkdir() kwnames
No change in behaviour.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Tue, 17 Dec 2019 13:55:54 +0000 (14:55 +0100)]
pysmbd: reformat py_smbd_get_sys_acl() kwnames and PyArg_ParseTupleAndKeywords() call
No change in behaviour.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Tue, 17 Dec 2019 13:54:04 +0000 (14:54 +0100)]
pysmbd: reformat py_smbd_set_sys_acl() kwnames and PyArg_ParseTupleAndKeywords() call
No change in behaviour.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Tue, 17 Dec 2019 13:21:03 +0000 (14:21 +0100)]
pysmbd: reformat py_smbd_get_nt_acl() kwnames
No change in behaviour.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Tue, 17 Dec 2019 13:16:52 +0000 (14:16 +0100)]
pysmbd: reformat py_smbd_have_posix_acls() kwnames and PyArg_ParseTupleAndKeywords() call
No change in behaviour.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Tue, 17 Dec 2019 11:59:32 +0000 (12:59 +0100)]
pysmbd: reformat py_smbd_unlink() kwnames and PyArg_ParseTupleAndKeywords() call
No change in behaviour.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Tue, 17 Dec 2019 11:58:08 +0000 (12:58 +0100)]
pysmbd: reformat py_smbd_chown() kwnames and PyArg_ParseTupleAndKeywords() call
No change in behaviour.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Tue, 17 Dec 2019 11:54:11 +0000 (12:54 +0100)]
pysmbd: reformat py_smbd_set_simple_acl() kwnames and PyArg_ParseTupleAndKeywords() call
No change in behaviour.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Mon, 16 Dec 2019 17:00:26 +0000 (18:00 +0100)]
python: move system_session_unix to new auth_util.py
system_session_unix() will be used by many more callers soon.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Mon, 16 Dec 2019 13:42:04 +0000 (14:42 +0100)]
smbd: pass session_info to create_conn_struct_tos()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Mon, 16 Dec 2019 13:41:03 +0000 (14:41 +0100)]
s3:rpc_server: pass session_info to get_nt_acl_no_snum()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Mon, 16 Dec 2019 13:40:21 +0000 (14:40 +0100)]
s3:rpc_server: pass session_info to elog_check_access()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Fri, 13 Dec 2019 15:19:37 +0000 (16:19 +0100)]
smbd: pass session info to create_conn_struct_tos_cwd()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Fri, 13 Dec 2019 15:53:36 +0000 (16:53 +0100)]
smbd: pass session_info to form_junctions()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Fri, 13 Dec 2019 15:51:16 +0000 (16:51 +0100)]
smbd: pass session info to count_dfs_links()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Fri, 13 Dec 2019 15:31:04 +0000 (16:31 +0100)]
s3: pass session_info to enum_msdfs_links()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Fri, 13 Dec 2019 15:27:51 +0000 (16:27 +0100)]
smbd: pass session_info to junction_to_local_path_tos()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Fri, 13 Dec 2019 15:25:44 +0000 (16:25 +0100)]
s3: pass session_info to remove_msdfs_link()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Fri, 13 Dec 2019 15:23:38 +0000 (16:23 +0100)]
s3: pass session_info to create_msdfs_link()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Fri, 13 Dec 2019 15:19:03 +0000 (16:19 +0100)]
s3: pass session info to get_referred_path()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Thu, 19 Dec 2019 21:50:09 +0000 (10:50 +1300)]
librpc: Do not access name[-1] trying to push "" into a dnsp_name
This simply matches the behaviour from before
e7b1acaddf2ccc7de0301cc67f72187ab450e7b5
when the logic for a trailing . was added. This matches what is added in
the dnsRecord attribute for a name of "." over the dnsserver RPC
management interface and is based on what Windows does for that name
in (eg) an MX record.
No a security bug because we use talloc and so name will be just the
end of the talloc header.
Credit to OSS-Fuzz
Found using the fuzz_ndr_X fuzzer
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Dec 20 11:33:52 UTC 2019 on sn-devel-184
Andrew Bartlett [Thu, 19 Dec 2019 22:34:38 +0000 (11:34 +1300)]
selftest: Confirm parse of dnsProperty records
This confirms a name of "." will round-trip correctly.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Andrew Bartlett [Fri, 20 Dec 2019 03:33:54 +0000 (16:33 +1300)]
WHATSNEW: Celebrate the end of smbdes and the almost-end of in-tree AES
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Andrew Bartlett [Wed, 18 Dec 2019 22:20:30 +0000 (11:20 +1300)]
s4-smbd: Also restart prefork children lost to SIGKILL (-9)
Samba 4.10 and later versions have a process restart capability to greatly
reduce the impact of crashes due to a NULL pointer de-reference or abort().
However SIGKILL was deliberatly omitted.
Sadly this is the most likely case, due to the OOM killer, as raised here:
https://lists.samba.org/archive/samba-technical/2019-November/134529.html
Subsequent discussion (offline) has been to agree that we should restart in
this case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14221
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Andreas Schneider [Mon, 16 Dec 2019 15:45:38 +0000 (16:45 +0100)]
librpc: Add test for ndr_string_length()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Dec 20 09:01:30 UTC 2019 on sn-devel-184
Andreas Schneider [Mon, 16 Dec 2019 14:50:17 +0000 (15:50 +0100)]
librpc: Fix string length checking in ndr_pull_charset_to_null()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14219
Pair-Programmed-With: Guenther Deschner <gd@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Thu, 19 Dec 2019 03:31:46 +0000 (16:31 +1300)]
upgradedns: ensure lmdb lock files linked
Ensure that the '-lock' files for the dns partitions as well as the data
files are linked when running
samba_dnsupgrade --dns-backend=BIND9_DLZ
failure to create these links can cause corruption of the corresponding
data file.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14199
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Thu, 19 Dec 2019 03:31:24 +0000 (16:31 +1300)]
test upgradedns: ensure lmdb lock files linked
Add tests to check that the '-lock' files for the dns partitions as well as
the data files are linked when running
samba_dnsupgrade --dns-backend=BIND9_DLZ
failure to create these links can cause corruption of the corresponding
data file.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14199
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Ralph Boehme [Tue, 26 Nov 2019 08:50:48 +0000 (09:50 +0100)]
selftest: don't use NTVFS fileserver in chgdcpass
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Dec 20 07:34:42 UTC 2019 on sn-devel-184
Ralph Boehme [Tue, 26 Nov 2019 08:50:48 +0000 (09:50 +0100)]
selftest: don't use NTVFS fileserver in rodc
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Ralph Boehme [Tue, 26 Nov 2019 08:50:48 +0000 (09:50 +0100)]
selftest: don't use NTVFS fileserver in fl2008r2dc
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Ralph Boehme [Tue, 26 Nov 2019 08:50:48 +0000 (09:50 +0100)]
selftest: don't use NTVFS fileserver in fl2003dc
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Ralph Boehme [Tue, 26 Nov 2019 08:50:48 +0000 (09:50 +0100)]
selftest: don't use NTVFS fileserver in fl2000dc
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Ralph Boehme [Tue, 26 Nov 2019 08:50:48 +0000 (09:50 +0100)]
selftest: don't use NTVFS fileserver in vampire_dc
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Ralph Boehme [Tue, 26 Nov 2019 08:50:48 +0000 (09:50 +0100)]
selftest: don't use NTVFS fileserver in promoted_dc
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Ralph Boehme [Mon, 25 Nov 2019 12:03:28 +0000 (13:03 +0100)]
selftest: make fl2008dc an alias for ad_dc, not ad_dc_ntvfs
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Ralph Boehme [Mon, 25 Nov 2019 12:03:28 +0000 (13:03 +0100)]
selftest: make ad_dc_slowtests an alias for ad_dc, not ad_dc_ntvfs
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Ralph Boehme [Tue, 26 Nov 2019 12:32:04 +0000 (13:32 +0100)]
selftest: make ad_dc_default an alias for ad_dc, not ad_dc_ntvfs
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Ralph Boehme [Mon, 25 Nov 2019 16:43:37 +0000 (17:43 +0100)]
selftest: run samba.tests.samba_tool.user against ad_dc_ntvfs:local explicitly
No change in behaviour.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Ralph Boehme [Mon, 25 Nov 2019 15:52:41 +0000 (16:52 +0100)]
selftest: run samba.ldap.referrals against ad_dc_ntvfs explicitly
No change in behaviour.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Ralph Boehme [Mon, 25 Nov 2019 15:52:29 +0000 (16:52 +0100)]
selftest: run samba4.ldap.dipython against ad_dc_ntvfs explicitly
No change in behaviour.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Ralph Boehme [Mon, 25 Nov 2019 15:49:34 +0000 (16:49 +0100)]
selftest: run samba.tests.dcerpc.srvsvc against ad_dc_ntvfs explicitly
No change in behaviour.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Ralph Boehme [Mon, 25 Nov 2019 15:14:49 +0000 (16:14 +0100)]
selftest: run rpc.srvsvc and rpc.mgmt against ad_dc_ntvfs explicitly
No change in behaviour.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Ralph Boehme [Tue, 26 Nov 2019 12:39:31 +0000 (13:39 +0100)]
selftest: hardcode ad_dc_ntvfs for the rpc.netlogon testsuite
The rpc.netlogon testsuite has a test that verifies LSA over netlogon which is
only enabled in the ad_dc_ntvfs env.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Ralph Boehme [Tue, 26 Nov 2019 12:35:29 +0000 (13:35 +0100)]
selftest: make testenv name logic more flexible for the rpc testcases
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Ralph Boehme [Mon, 25 Nov 2019 13:17:50 +0000 (14:17 +0100)]
selftest: use ad_dc_ntvfs env instead of ad_dc_default for samba4.ldb.ldaps
ad_dc_default is currently an alias for ad_dc_ntvfs, so this is currently no
change in behaviour, but this is going to change.
As the ad_dc_ntvfs env specifies "ldap server require strong auth =
allow_sasl_over_tls" and this is needed for the test, we have to let the test
use the ad_dc_ntvfs env explicitly.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Andreas Schneider [Mon, 25 Nov 2019 10:11:13 +0000 (11:11 +0100)]
libsmbclient: If over SMB1 first try to do a posix stat on the file.
Disable in future, if server doesn't support this.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14101
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Dec 19 15:44:25 UTC 2019 on sn-devel-184
Andreas Schneider [Mon, 25 Nov 2019 10:10:49 +0000 (11:10 +0100)]
s3:libsmb: Add a setup_stat_from_stat_ex() function
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14101
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Mon, 25 Nov 2019 10:09:52 +0000 (11:09 +0100)]
s3:libsmb: Return a 'struct stat' buffer for SMBC_getatr()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14101
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Mon, 25 Nov 2019 10:06:57 +0000 (11:06 +0100)]
s3:libsmb: Add try_posixinfo to SMBSRV struct. Only enable for SMB1 with UNIX for now.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14101
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Wed, 18 Dec 2019 12:27:26 +0000 (13:27 +0100)]
s3:libsmb: Generate the inode only based on the path component
Currently we use the full smb url which includes also username and
password.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14101
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Tue, 26 Nov 2019 07:21:27 +0000 (08:21 +0100)]
s3:script: Try to fix a Perl warning
Scalar value @ENV{"BASH_ENV"} better written as $ENV{"BASH_ENV"} at
/tmp/samba-testbase/b23/samba-ad-dc-1/source3/script/tests/printing/modprinter.pl
line 134.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Fabrice Fontaine [Mon, 16 Dec 2019 09:28:53 +0000 (10:28 +0100)]
source4/utils/oLschema2ldif: include stdint.h before cmocka.h
This fix the following build failure:
In file included from /home/fabrice/buildroot/output/host/opt/ext-toolchain/lib/gcc/mips64el-buildroot-linux-uclibc/5.5.0/include/stdint.h:9:0,
from /home/fabrice/buildroot/output/host/mips64el-buildroot-linux-uclibc/sysroot/usr/include/inttypes.h:27,
from ../../lib/replace/../replace/replace.h:64,
from ../../source4/include/includes.h:23,
from ../../source4/utils/oLschema2ldif/test.c:25:
/home/fabrice/buildroot/output/host/mips64el-buildroot-linux-uclibc/sysroot/usr/include/stdint.h:122:27: error: conflicting types for ‘uintptr_t’
typedef unsigned long int uintptr_t;
^
In file included from ../../source4/utils/oLschema2ldif/test.c:23:0:
/home/fabrice/buildroot/output/host/mips64el-buildroot-linux-uclibc/sysroot/usr/include/cmocka.h:132:28: note: previous declaration of ‘uintptr_t’ was here
typedef unsigned int uintptr_t;
Fixes:
- http://autobuild.buildroot.org/results/
9507739b3d5d51024ee9c60b74c2f85d5004e7e2
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14218
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Dec 18 16:57:52 UTC 2019 on sn-devel-184
Fabrice Fontaine [Sun, 15 Dec 2019 16:08:24 +0000 (17:08 +0100)]
lib/ldb/tests: include stdint.h before cmocka.h
This fix the following build failures:
[2466/3864] Linking bin/default/lib/ldb/ldbmodify
In file included from /home/buildroot/autobuild/instance-0/output-1/host/opt/ext-toolchain/lib/gcc/mips64el-buildroot-linux-uclibc/5.5.0/include/stdint.h:9:0,
from ../../lib/tevent/tevent.h:31,
from ../../lib/ldb/include/ldb.h:51,
from ../../lib/ldb/tests/test_ldb_dn.c:25:
/home/buildroot/autobuild/instance-0/output-1/host/mips64el-buildroot-linux-uclibc/sysroot/usr/include/stdint.h:122:27: error: conflicting types for 'uintptr_t'
typedef unsigned long int uintptr_t;
^
In file included from ../../lib/ldb/tests/test_ldb_dn.c:23:0:
/home/buildroot/autobuild/instance-0/output-1/host/mips64el-buildroot-linux-uclibc/sysroot/usr/include/cmocka.h:132:28: note: previous declaration of 'uintptr_t' was here
typedef unsigned int uintptr_t;
^
In file included from /home/buildroot/autobuild/instance-0/output-1/host/opt/ext-toolchain/lib/gcc/mips64el-buildroot-linux-uclibc/5.5.0/include/stdint.h:9:0,
from ../../lib/tevent/tevent.h:31,
from ../../lib/ldb/tests/ldb_key_value_test.c:48:
/home/buildroot/autobuild/instance-0/output-1/host/mips64el-buildroot-linux-uclibc/sysroot/usr/include/stdint.h:122:27: error: conflicting types for 'uintptr_t'
typedef unsigned long int uintptr_t;
^
In file included from ../../lib/ldb/tests/ldb_key_value_test.c:43:0:
/home/buildroot/autobuild/instance-0/output-1/host/mips64el-buildroot-linux-uclibc/sysroot/usr/include/cmocka.h:132:28: note: previous declaration of 'uintptr_t' was here
typedef unsigned int uintptr_t;
^
Fixes:
- http://autobuild.buildroot.org/results/
9507739b3d5d51024ee9c60b74c2f85d5004e7e2
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14218
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Torsten Fohrer [Sun, 15 Dec 2019 15:58:40 +0000 (16:58 +0100)]
Avoiding bad call flags with python 3.8, using METH_NOARGS instead of zero.
(C) SBE network solutions GmbH
Signed-off-by: Torsten Fohrer <torsten.fohrer@sbe.de>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Dec 18 14:33:58 UTC 2019 on sn-devel-184
Björn Baumbach [Tue, 13 Aug 2019 11:15:58 +0000 (13:15 +0200)]
samba_kcc: avoid ValueError when local connections are less than 2
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Björn Baumbach <bb@sernet.de>
Autobuild-Date(master): Wed Dec 18 11:37:53 UTC 2019 on sn-devel-184
Ralph Boehme [Sat, 14 Dec 2019 17:35:51 +0000 (18:35 +0100)]
lib/replace: prefer <sys/xattr.h> over <attr/xattr.h>
This prevents the following compile error that may happens if "system/filesys.h"
is included before "system/capability.h" on Ubuntu 16.04:
[1802/4407] Compiling source3/lib/system.c
In file included from ../../lib/replace/system/filesys.h:112:0,
from ../../source3/include/vfs.h:29,
from ../../source3/include/smb.h:150,
from ../../source3/include/includes.h:284,
from ../../source3/lib/system.c:23:
/usr/include/x86_64-linux-gnu/sys/xattr.h:32:3: error: expected identifier before numeric constant
XATTR_CREATE = 1, /* set value, fail if attr already exists. */
^
The above error is from compiling a source tree which includes a change that
adds an include "system/filesys.h" to the top of "source3/include/vfs.h".
"source3/lib/system.c" has the following includes:
#include "includes.h"
#include "system/syslog.h"
#include "system/capability.h"
#include "system/passwd.h"
#include "system/filesys.h"
#include "../lib/util/setid.h"
The first include of "includes.h" pulls in "vfs.h" which will pull in
"system/filesys.h" with the mentioned change. "system/filesys.h" pulls in
<attr/xattr.h> which has this define
#define XATTR_CREATE 0x1
Later in "source3/lib/system.c" "system/capability.h" is included which includes
<sys/xattr.h> on Ubuntu 16.04 (not in later versions of glibc). This defines the
XATTR_* values as an enum:
enum {
XATTR_CREATE = 1, /* set value, fail if attr already exists. */
XATTR_REPLACE = 2 /* set value, fail if attr does not exist. */
};
The previous define of XATTR_CREATE as 1 makes this
enum {
1 = 1, /* set value, fail if attr already exists. */
2 = 2 /* set value, fail if attr does not exist. */
};
which is invalid C. The compiler error diagnostic is a bit confusing, as it
prints the original enum from the include file.
See also:
<https://bugs.freedesktop.org/show_bug.cgi?id=78741>
<https://bugs.launchpad.net/ubuntu/+source/attr/+bug/
1288091>
<https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756097>
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Björn Baumbach <bb@samba.org>
Andrew Bartlett [Fri, 13 Dec 2019 02:56:55 +0000 (15:56 +1300)]
librpc: Move winstation.idl to the top level and exclude from fuzzing
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Dec 18 08:05:05 UTC 2019 on sn-devel-184
Andrew Bartlett [Fri, 13 Dec 2019 02:34:34 +0000 (15:34 +1300)]
lib/fuzzing and librpc: Do not generate fuzzers for pointless targets
We need to focus the fuzzing effort on reachable code, and these IDL
are just historical artifacts, many are entirely [todo] and have
no samba client nor server.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Andrew Bartlett [Fri, 13 Dec 2019 01:48:38 +0000 (14:48 +1300)]
lib/fuzzer: Allow coverage build for oss-fuzz
This still does not seem to be enough but it is one step towards a working
coverage build.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Gary Lockyer [Tue, 17 Dec 2019 22:17:51 +0000 (11:17 +1300)]
lib ldb: fix use after free
Fix ASAN detected use after free. No security implications as the
talloc_free is followed immediately by the print statement and the value
printed is an integer
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Thu, 12 Dec 2019 23:19:37 +0000 (12:19 +1300)]
librpc: Fix manually written printer for drsuapi_DsAttributeValue
Credit to OSS-Fuzz
Found using the ndr_fuzz_X target.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Andrew Bartlett [Thu, 12 Dec 2019 23:20:35 +0000 (12:20 +1300)]
sefltest: Demonstrate crash in manually written printer for drsuapi_DsAttributeValue
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Andrew Bartlett [Thu, 12 Dec 2019 23:01:01 +0000 (12:01 +1300)]
lib/fuzzing: Allow load of fuzz inputs as files on the command line
This is easier to put under gdb.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Andrew Bartlett [Fri, 13 Dec 2019 09:41:10 +0000 (22:41 +1300)]
lib/fuzzing: Initialise st buffer in fuzz_ndr_X
An NDR pull of a function will fill in either the in. or out.
elements of this structure, but never both.
However, some structures have size_is() in the out. that reference
the in. elements. This is the reason for the --context-file option
in ndrdump.
We have a special handler in the fuzzing case embedded in the
pidl-generated output to cope with this, by filling in pointers
for elements declared [ref,in] but it relies on the in-side
(at least) of the buffer being zeroed.
So zero the buffer before we start. Sadly this means things
like valgrind can not find a use of uninitialised data, but that
is a price we have to pay.
Credit to OSS-Fuzz
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Volker Lendecke [Wed, 11 Dec 2019 15:19:59 +0000 (16:19 +0100)]
smbd: Convert share_mode_data->num_share_modes into a boolean8
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Dec 18 00:05:13 UTC 2019 on sn-devel-184
Volker Lendecke [Wed, 11 Dec 2019 09:02:54 +0000 (10:02 +0100)]
smbd: Don't store "num_share_modes" in locking.tdb
With the last commit we don't store the share mode entry count
anymore. With this commit we go one step further and avoid storing
it. If there's valid record in locking.tdb, there is a corresponding
record in share_entries.tdb, so there's no point storing that once
more explicitly.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 10 Dec 2019 17:15:40 +0000 (18:15 +0100)]
smbd: Use share_mode_data->num_share_modes as a boolean
This is a micro-commit showing that we don't actually need
share_mode_data->num_share_modes as a number *counting* the share mode
entries in share_entries.tdb anymore. Instead, we are only using it as
an indication for share_mode_lock_destructor() to see whether share
entries are around or not, i.e. whether it's worth keeping or deleting
the record in locking.tdb.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 17 Dec 2019 13:23:16 +0000 (14:23 +0100)]
smbd: Avoid a direct access to share_mode_data->num_share_modes
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 17 Dec 2019 13:20:48 +0000 (14:20 +0100)]
smbd: Introduce share_mode_have_entries()
This hides a use of share_mode_data->num_share_modes in
share_mode_lock.c
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 10 Dec 2019 13:41:57 +0000 (14:41 +0100)]
smbd: Avoid a reference to share_mode_data->num_share_modes
share_mode_data->num_share_modes will go away soon, count the values
directly while walking the array.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 3 Dec 2019 09:39:12 +0000 (10:39 +0100)]
smbd: Avoid a reference to share_mode_data->num_share_modes
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 3 Dec 2019 09:36:21 +0000 (10:36 +0100)]
smbd: Pass num_share_modes to share_mode_entry_do() callback
mark_share_mode_disconnected_fn() will need this, the information is
easily available and should not hurt the other callers.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 29 Nov 2019 14:46:20 +0000 (15:46 +0100)]
net: Use share_mode_count_entries()
Avoid a reference to share_mode_data->num_share_modes
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 29 Nov 2019 14:45:22 +0000 (15:45 +0100)]
smbd: Add share_mode_count_entries()
In order to not write the share mode on every open/close, we need to get rid of
share_mode_data->num_share_modes. "net tdb" needs this information precisely
though, and it's pretty cheap to calculate.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Disseldorp [Thu, 12 Dec 2019 21:14:50 +0000 (22:14 +0100)]
vfs_ceph_snapshots: fix root relative path handling
For file paths relative to root, ceph_snap_get_parent_path() may return
an empty parent dir string, in which case the CephFS snashot path should
be ".snap".
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14216
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Anoop C S [Tue, 12 Nov 2019 14:28:43 +0000 (19:58 +0530)]
s3: VFS: glusterfs: Reset nlinks for symlink entries during readdir
On receiving an already initialized stat_ex buffer for readdir() call we
invoke readdirplus() GlusterFS API, an optimized variant of readdir(),
which then returns stat information along with dir entry result. But for
symlink entries we don't know if link or target info is needed. In that
case it is better to leave this decision back to caller by resetting
nlinks value inside stat information to make it invalid.
This was also preventing us from displaying msdfs link as directories
inside the share.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14182
Signed-off-by: Anoop C S <anoopcs@redhat.com>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Dec 17 21:53:07 UTC 2019 on sn-devel-184
Simo Sorce [Mon, 16 Dec 2019 21:23:41 +0000 (16:23 -0500)]
mit-kdb: Fix license on header file
Signed-off-by: Simo Sorce <idra@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Dec 17 09:24:56 UTC 2019 on sn-devel-184
Günther Deschner [Fri, 26 Aug 2016 13:39:56 +0000 (15:39 +0200)]
s3-rpc_server: always print the full PDU.
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>