Ralph Boehme [Thu, 1 Sep 2022 16:55:23 +0000 (18:55 +0200)]
smbtorture: add a test trying to create a stream on share without streams support
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15161
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Volker Lendecke [Wed, 31 Aug 2022 10:38:23 +0000 (12:38 +0200)]
tests: Test basic handling of SMB2_CREATE_TAG_POSIX
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Sep 2 14:31:25 UTC 2022 on sn-devel-184
Volker Lendecke [Thu, 1 Sep 2022 10:17:44 +0000 (12:17 +0200)]
smbd: Handle SMB2_CREATE_TAG_POSIX at the smb2 layer
We're not doing anything with this yet, this is just to provide a test
counterpart. Protected by -DDEVELOPER and "smb3 unix extensions = yes"
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Wed, 31 Aug 2022 13:37:03 +0000 (15:37 +0200)]
smbd: Introduce helper var in smbd_smb2_create_fetch_create_ctx()
xconn will be used in another place soon
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Mon, 29 Aug 2022 15:02:25 +0000 (17:02 +0200)]
pylibsmb: Add create_ex()
This is an extension of the create() function allowing smb2 create
contexts to be passed back and forth and also returning the
smb_create_returns. A new function seemed necessary for me because we
need to return not just the fnum. So I chose a 3-tuple, see the test
for an example how to use this.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Wed, 31 Aug 2022 09:37:54 +0000 (11:37 +0200)]
pylibsmb: Add smb2 create tag strings
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Fri, 26 Aug 2022 14:29:32 +0000 (16:29 +0200)]
tests: Test invalid smb3 unix negotiate contexts
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Fri, 26 Aug 2022 13:38:04 +0000 (15:38 +0200)]
pylibsmb: Allow passing negotiate contexts
Pass in a list of tuples with (type, bytes)
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Fri, 26 Aug 2022 12:17:26 +0000 (14:17 +0200)]
libsmb: Allow smb2 neg ctx in cli_full_connection_creds_send()
Will be used to test smb3 posix contexts
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Fri, 26 Aug 2022 12:00:28 +0000 (14:00 +0200)]
tests: Add smb3 posix negotiate tests
Make sure we do and don't announce posix depending on "smb3 unix
extensions" parameter
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Thu, 25 Aug 2022 14:42:37 +0000 (16:42 +0200)]
param: Add "smb3 unix extensions"
Only available in DEVELOPER builds. Adding now to get some testing
step by step done.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Thu, 25 Aug 2022 14:28:04 +0000 (16:28 +0200)]
pylibsmb: Add "have_posix" function
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Thu, 25 Aug 2022 14:27:42 +0000 (16:27 +0200)]
pylibsmb: Allow requesting Posix extensions
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Thu, 25 Aug 2022 10:20:26 +0000 (12:20 +0200)]
libsmb: Allow to request SMB311 posix in source3/libsmb
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Thu, 25 Aug 2022 13:16:10 +0000 (15:16 +0200)]
smbXcli: Detect the SMB311 posix negotiate context
The server will only return this if the client requested in via
smbXcli_negprot_send()'s in_ctx parameter. This adds knowledge about
SMB2_CREATE_TAG_POSIX to smbXcli_base.c with a function to query
it. The alternative would have been to detect this in the caller, but
this would have meant that we also would need a
smbXcli_conn_set_have_posix() function or something similar.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Thu, 1 Sep 2022 12:49:33 +0000 (14:49 +0200)]
smbd: Convert store_smb2_posix_info() to use an existing blob
Less malloc
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Thu, 1 Sep 2022 12:49:33 +0000 (14:49 +0200)]
smbd: Convert smb2_posix_cc_info() to use an existing blob
Less malloc
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Thu, 1 Sep 2022 12:46:39 +0000 (14:46 +0200)]
smbd: Introduce "conn" helper var in smbd_smb2_create_after_exec()
Will be used more in the future
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Noel Power [Wed, 31 Aug 2022 11:27:53 +0000 (12:27 +0100)]
s3/winbindd: Fix bad access to sid array (with debug level >= info)
==6436== at 0xA85F95B: dom_sid_string_buf (dom_sid.c:444)
==6436== by 0xA85FBF2: dom_sid_str_buf (dom_sid.c:515)
==6436== by 0x17EDF8: wb_lookupusergroups_recv (wb_lookupusergroups.c:115)
==6436== by 0x17F964: wb_gettoken_gotgroups (wb_gettoken.c:123)
==6436== by 0x56AD332: _tevent_req_notify_callback (tevent_req.c:141)
==6436== by 0x56AD493: tevent_req_finish (tevent_req.c:193)
==6436== by 0x56AD5C0: tevent_req_trigger (tevent_req.c:250)
==6436== by 0x56AC119: tevent_common_invoke_immediate_handler (tevent_immediate.c:190)
==6436== by 0x56AC268: tevent_common_loop_immediate (tevent_immediate.c:236)
==6436== by 0x56B678A: epoll_event_loop_once (tevent_epoll.c:919)
==6436== by 0x56B31C3: std_event_loop_once (tevent_standard.c:110)
==6436== by 0x56AA621: _tevent_loop_once (tevent.c:825)
==6436==
==6436== Invalid read of size 1
==6436== at 0xA85F95B: dom_sid_string_buf (dom_sid.c:444)
==6436== by 0xA85FBF2: dom_sid_str_buf (dom_sid.c:515)
==6436== by 0x17EDF8: wb_lookupusergroups_recv (wb_lookupusergroups.c:115)
==6436== by 0x17F964: wb_gettoken_gotgroups (wb_gettoken.c:123)
==6436== by 0x56AD332: _tevent_req_notify_callback (tevent_req.c:141)
==6436== by 0x56AD493: tevent_req_finish (tevent_req.c:193)
==6436== by 0x56AD5C0: tevent_req_trigger (tevent_req.c:250)
==6436== by 0x56AC119: tevent_common_invoke_immediate_handler (tevent_immediate.c:190)
==6436== by 0x56AC268: tevent_common_loop_immediate (tevent_immediate.c:236)
==6436== by 0x56B678A: epoll_event_loop_once (tevent_epoll.c:919)
==6436== by 0x56B31C3: std_event_loop_once (tevent_standard.c:110)
==6436== by 0x56AA621: _tevent_loop_once (tevent.c:825)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15160
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Aug 31 15:07:31 UTC 2022 on sn-devel-184
Jeremy Allison [Mon, 29 Aug 2022 21:37:35 +0000 (14:37 -0700)]
s3: torture: Add a comprehensive SMB2 DFS path torture tester.
Passes fully against Windows.
This shows that DFS paths on Windows on SMB2 must
be of the form:
SERVER\SHARE\PATH
but the actual contents of the strings SERVER and
SHARE don't need to match the given server or share.
The algorithm the Windows server uses is the following:
Look for a '\\' character, and assign anything before
that to the SERVER component. The characters in this
component are not checked for validity.
Look for a second '\\' character and assign anything
between the first and second '\\' characters to the
SHARE component. The characters in the share component
are checked for validity, but only ':' is flagged as
an illegal sharename character despite what:
[MS-FSCC] https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-fscc/
dc9978d7-6299-4c5a-a22d-
a039cdc716ea
says.
Anything after the second '\\' character is assigned
to the PATH component and becomes the share-relative
path.
If there aren't two '\\' characters it removes
everything and ends up with the empty string as
the share relative path.
To give some examples, the following pathnames all map
to the directory at the root of the DFS share:
SERVER\SHARE
SERVER
""
ANY\NAME
ANY
::::\NAME
the name:
SERVER\:
is illegal (sharename contains ':') and the name:
ANY\NAME\file
maps to a share-relative pathname of "file",
despite "ANY" not being the server name, and
"NAME" not being the DFS share name we are
connected to.
Adds a knownfail for smbd as our current code
in parse_dfs_path() is completely incorrect
here and tries to map "incorrect" DFS names
into local paths. I will work on fixing this
later, but we should be able to remove parse_dfs_path()
entirely and move the DFS pathname logic before
the call to filename_convert_dirfsp() in the
same way Volker suggested and was able to achieve
for extract_snapshot_token() and the @GMT pathname
processing.
Also proves the "target" paths for SMB2_SETINFO
rename and hardlink must *not* be DFS-paths.
Next I will work on a torture tester for SMB1
DFS paths.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reivewed-by: Noel Power <npower@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Aug 30 17:10:33 UTC 2022 on sn-devel-184
Ralph Boehme [Fri, 19 Aug 2022 10:02:43 +0000 (12:02 +0200)]
smbd: fix opening a READ-ONLY file with SEC_FLAG_MAXIMUM_ALLOWED
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14215
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Aug 29 18:20:20 UTC 2022 on sn-devel-184
Ralph Boehme [Wed, 24 Aug 2022 09:40:41 +0000 (11:40 +0200)]
smbd: cache DOS attributes in struct smb_filename.cached_dos_attributes
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14215
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Sun, 21 Aug 2022 11:39:02 +0000 (13:39 +0200)]
smbd: update smb_fname->st btime with the rounded value with NTTIME granularity
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14215
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Sun, 21 Aug 2022 11:38:16 +0000 (13:38 +0200)]
smbd: remove const from smb_fname arg of set_ea_dos_attribute()
We need to update the btime of fsp->fsp_name->st.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14215
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Fri, 19 Aug 2022 09:01:31 +0000 (11:01 +0200)]
smbtorture: add a test opening a READ-ONLY file with SEC_FLAG_MAXIMUM_ALLOWED
Passes against Windows, currently fails against Samba.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14215
RN: Requesting maximum allowed permission of file with DOS read-only attribute results in access denied error
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Fri, 19 Aug 2022 08:45:10 +0000 (10:45 +0200)]
smbtorture: turn maximum_allowed test into a test suite
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14215
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Sun, 21 Aug 2022 16:55:29 +0000 (18:55 +0200)]
smbtorture: close handle and delete file in tree_base()
Otherwise the session might still be around with the open handle when the next
test starts and then fails to delete the testfile.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14215
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Jeremy Allison [Thu, 18 Aug 2022 05:51:26 +0000 (22:51 -0700)]
s3: smbd: parse_dfs_path() - Fix comment explaining where this is called from and with what kind of path.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sun Aug 28 20:58:57 UTC 2022 on sn-devel-184
Jeremy Allison [Thu, 11 Aug 2022 04:52:34 +0000 (21:52 -0700)]
s3: smbd: Remove allow_broken_path parameter from parse_dfs_path().
Nothing now looks at it.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Thu, 11 Aug 2022 04:49:51 +0000 (21:49 -0700)]
s3: smbd: Now parse_dfs_path() is only called from dfs_filename_convert() replace allow_broken_path with an SMB1 check.
dfs_filename_convert() always sets allow_broken_path = !smb2,
so just move this bool inside of parse_dfs_path().
We can now remove allow_broken_path.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Thu, 11 Aug 2022 04:42:31 +0000 (21:42 -0700)]
s3: smbd: Remove allow_broken_path from create_junction().
We no longer look at it, we know we must have a canonicalized
DFS path here.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Thu, 11 Aug 2022 04:40:47 +0000 (21:40 -0700)]
s3: smbd: Remove allow_broken_path from get_referred_path() and it's callers.
It no longer looks at this bool, we must already have a
canonicalized path here.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Thu, 11 Aug 2022 04:37:41 +0000 (21:37 -0700)]
s3: smbd: Remove unneeded NULL check inside msdfs_servicename_matches_connection().
This is now only called from is from parse_dfs_path(),
and for that we know conn is non-NULL.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Thu, 18 Aug 2022 04:50:19 +0000 (21:50 -0700)]
s3: smbd: In create_junction() don't read hostname from parse_dfs_path_strict().
It isn't used anymore inside create_junction().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Thu, 11 Aug 2022 18:06:05 +0000 (11:06 -0700)]
s3: smbd: In create_junction() remove hostname check. parse_dfs_path_strict() already does this.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Thu, 11 Aug 2022 04:34:29 +0000 (21:34 -0700)]
s3: smbd: Change create_junction() to use parse_dfs_path_strict().
Note we no longer use allow_broken_path.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Thu, 11 Aug 2022 04:33:32 +0000 (21:33 -0700)]
s3: smbd: Change get_referred_path() to use parse_dfs_path_strict().
Remove #ifdef's around parse_dfs_path_strict() as we're
now using it.
Note we no longer use allow_broken_path.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Wed, 17 Aug 2022 21:23:45 +0000 (14:23 -0700)]
s3: smbd: Add a comment explaing why dfs_filename_convert() must continue to use parse_dfs_path().
libsmbclient libraries will always set the FLAGS2_DFS_PATHNAMES
bit when talking to a DFS share, but don't always canonicalize
the incoming pathname to a DFS one (see the code for cli_list()
that puts a non-DFS pathname into SMB2trans2_FindFirst for
example). This is a problem in our client libraries for both
SMB1 and SMB2+
As we still must cope with these older clients we must
keep the lenient parsing for DFS filenames sent over SMB1/2/3.
A future task - change the use of parse_dfs_path() in
dfs_filename_convert() to parse_dfs_path_strict() for SMB2
only and then try and get all our torture tests to pass.
This is not an easy fix (and would still break old clients
out there as well :-( ).
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Wed, 17 Aug 2022 21:21:59 +0000 (14:21 -0700)]
s3: smbd: In dfs_filename_convert(), don't ask for hostname, sharename and then just free them.
Wastes a talloc/free.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Wed, 17 Aug 2022 21:17:23 +0000 (14:17 -0700)]
s3: smbd: Add a new function parse_dfs_path_strict().
#ifdef'ed out as not yet used. This will replace
parse_dfs_path() for all client sent names via
DFS RPC calls and for SMB_VFS_GET_DFS_REFERRALS().
The paths sent in these calls are guaranteed
to be of canonical form:
\SERVER\share\pathname.
Both for SMB1 and SMB2+ so we can be more strict
when parsing them.
Checks DFS path starts with separator.
Checks hostname is ours.
Ensures servicename (share) is sent, and
if so, terminates the name or is followed by
\pathname.
Errors out if any checks fail.
Reserve parse_dfs_path() for DFS names sent
via "ordinary" SMB 1/2/3 calls where we must
be more lenient in parsing.
Note parse_dfs_path_strict() does not have
bool allow_broken_path or 'struct connection_struct'
as it will not be called from places that use
these.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Ralph Boehme [Sun, 28 Aug 2022 09:12:52 +0000 (11:12 +0200)]
smbd: add missing check for IPC share for TRANS2_GET_DFS_REFERRAL
Cf MS-CIFS 3.3.5.58.11.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 25 Aug 2022 07:54:52 +0000 (09:54 +0200)]
smbXcli: Pass negotiate contexts through smbXcli_negprot_send/recv
We already don't allow setting max_credits in the sync wrapper, so
omit the contexts there as well.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Aug 26 19:54:03 UTC 2022 on sn-devel-184
Volker Lendecke [Thu, 25 Aug 2022 08:43:54 +0000 (10:43 +0200)]
libsmb: Introduce helper var to cli_tree_connect_*_done()
README.Coding, makes it easier to debug
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 25 Aug 2022 08:31:42 +0000 (10:31 +0200)]
libsmb: Remove cli_full_connection_creds_sess_start()
This contained very simple tevent_req logic, hiding that confused the
code for me when reading. Also, this change saves 3 lines...
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 23 Aug 2022 11:13:48 +0000 (13:13 +0200)]
libsmb: Remove unused code
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 23 Aug 2022 10:59:50 +0000 (12:59 +0200)]
libsmb: Remove map_fnum_to_smb2_handle() from cli_smb2_qpathinfo2()
Not used
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 23 Aug 2022 10:59:29 +0000 (12:59 +0200)]
libsmb: Remove map_fnum_to_smb2_handle() from cli_smb2_getatr()
Not used
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sun, 14 Aug 2022 14:13:32 +0000 (16:13 +0200)]
libsmb: Correctly return ioctl error from cli_readlink()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sat, 13 Aug 2022 13:43:47 +0000 (15:43 +0200)]
libsmb: Save a few lines in cli_unix_extensions_version()
This is more recent style for sync wrappers
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sat, 13 Aug 2022 13:42:50 +0000 (15:42 +0200)]
libsmb: Add tevent_req_received() to cli_posix_readlink_recv()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sat, 13 Aug 2022 11:30:26 +0000 (13:30 +0200)]
lib: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 12 Aug 2022 10:49:07 +0000 (12:49 +0200)]
smbd: Modernize DBG statements in open_fake_file()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 17 Aug 2022 05:56:18 +0000 (07:56 +0200)]
libsmb: Move static strings to the .text segment
We don't need to copy these to the stack, this saves 200 bytes of .text
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 17 Aug 2022 09:40:11 +0000 (11:40 +0200)]
examples: A tiny bit of README.Coding for teststat.c
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 17 Aug 2022 10:08:44 +0000 (12:08 +0200)]
libsmb: Tab-indent SMBC_module_[init|terminate]()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 17 Aug 2022 10:07:38 +0000 (12:07 +0200)]
libsmb: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 17 Aug 2022 10:03:35 +0000 (12:03 +0200)]
libsmb: Slightly simplify SMBC_parse_path()
Don't manually duplicate the talloc_strndup() functionality
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 10 Aug 2022 06:39:12 +0000 (08:39 +0200)]
smbd: Adapt np_[read|write]_send() to more recent tevent_req conventions
We usually don't do "goto post_status;" anymore
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 17 Aug 2022 08:51:06 +0000 (10:51 +0200)]
examples: Make libsmbclient samples look a *bit* less ugly
Remove trailing whitespace, indent to tabs. Yes, this introduces long
lines, but makes review with "git show -w" trivial.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 29 Jul 2022 12:57:54 +0000 (14:57 +0200)]
smbd: Save a line with tevent_req_nomem()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 1 Aug 2022 10:30:51 +0000 (12:30 +0200)]
lib: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 10 Aug 2022 06:13:26 +0000 (08:13 +0200)]
dfs_server: Fix typos
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 9 Aug 2022 14:26:13 +0000 (16:26 +0200)]
vfs: Fix a copy&paste error
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 9 Aug 2022 12:51:10 +0000 (14:51 +0200)]
smbd: Adapt a call to setup_dfs_referral() to README.Coding
Makes it easier to handle in a debugger
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 25 Aug 2022 08:34:51 +0000 (10:34 +0200)]
libsmbclient: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Anoop C S [Wed, 24 Aug 2022 09:31:31 +0000 (15:01 +0530)]
vfs_glusterfs: Implement SMB_VFS_FSTATAT
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15157
Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Aug 26 17:33:15 UTC 2022 on sn-devel-184
Anoop C S [Fri, 19 Aug 2022 06:46:08 +0000 (12:16 +0530)]
vfs_glusterfs: Use glfs_fgetxattr() for SMB_VFS_GET_REAL_FILENAME_AT
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15157
Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Anoop C S [Fri, 19 Aug 2022 07:38:42 +0000 (13:08 +0530)]
vfs_glusterfs: Use glfs_readlinkat() for SMB_VFS_READ_DFS_PATHAT
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15157
Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Anoop C S [Fri, 19 Aug 2022 07:21:16 +0000 (12:51 +0530)]
vfs_glusterfs: Use glfs_symlinkat() for SMB_VFS_CREATE_DFS_PATHAT
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15157
Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Anoop C S [Fri, 19 Aug 2022 06:45:10 +0000 (12:15 +0530)]
vfs_glusterfs: Use glfs_mknodat() for SMB_VFS_MKNODAT
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15157
Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Anoop C S [Fri, 19 Aug 2022 06:44:29 +0000 (12:14 +0530)]
vfs_glusterfs: Use glfs_linkat() for SMB_VFS_LINKAT
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15157
Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Anoop C S [Fri, 19 Aug 2022 06:43:33 +0000 (12:13 +0530)]
vfs_glusterfs: Use glfs_readlinkat() for SMB_VFS_READLINKAT
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15157
Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Anoop C S [Fri, 19 Aug 2022 06:42:43 +0000 (12:12 +0530)]
vfs_glusterfs: Use glfs_symlinkat() for SMB_VFS_SYMLINKAT
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15157
Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Anoop C S [Fri, 19 Aug 2022 06:41:54 +0000 (12:11 +0530)]
vfs_glusterfs: Use glfs_unlinkat() for SMB_VFS_UNLINKAT
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15157
Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Anoop C S [Fri, 19 Aug 2022 06:41:02 +0000 (12:11 +0530)]
vfs_glusterfs: Use glfs_renameat() for SMB_VFS_RENAMEAT
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15157
Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Anoop C S [Fri, 19 Aug 2022 06:40:16 +0000 (12:10 +0530)]
vfs_glusterfs: Use glfs_mkdirat() for SMB_VFS_MKDIRAT
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15157
Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Anoop C S [Fri, 19 Aug 2022 06:37:08 +0000 (12:07 +0530)]
vfs_glusterfs: Use glfs_openat() for SMB_VFS_OPENAT
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15157
Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Anoop C S [Fri, 19 Aug 2022 06:47:33 +0000 (12:17 +0530)]
source3/wscript: Detect glusterfs-api with *at() calls support
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15157
Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Anoop C S [Fri, 19 Aug 2022 06:28:34 +0000 (11:58 +0530)]
vfs_glusterfs: Accept fsp with const qualifier
This is in preparation to avoid any `const` qualifier being discarded
warning with future changes to various *_at() calls which has `const
file_struct` arguments.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15157
Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Douglas Bagnall [Wed, 22 Jun 2022 03:21:31 +0000 (15:21 +1200)]
pyglue:generate_random_[machine]_password: ValueError for bad values
The actual range is 14 to 255 for machine passwords, and there is a
min <= max check for both.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Aug 26 08:59:28 UTC 2022 on sn-devel-184
Douglas Bagnall [Tue, 21 Jun 2022 23:12:30 +0000 (11:12 +1200)]
pyglue: generate_random_[machine]_password: reject negative numbers
Other range errors (e.g. min > max) are caught in the wrapped
functions which returns EINVAL, so we don't recapitulate that logic
(see next commit though).
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Douglas Bagnall [Sun, 4 Aug 2019 12:41:49 +0000 (00:41 +1200)]
pyglue: generate_random_bytes/str accept positive numbers only
We aren't yet able to generate negative numbers of random bytes.
Instead a request for -n bytes is implicitly converted into one for
SIZE_MAX - n bytes, which is typically very large. Memory exhaustion
seems a likely outcome.
With this patch callers will see a ValueError.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Douglas Bagnall [Sun, 4 Aug 2019 12:28:31 +0000 (00:28 +1200)]
pyglue: check talloc buffer for random bytes
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Douglas Bagnall [Fri, 5 Aug 2022 00:39:24 +0000 (12:39 +1200)]
pytest/segfault: abort for generate_random_bytes(-1)
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Pavel Filipenský [Sat, 20 Aug 2022 13:37:26 +0000 (15:37 +0200)]
s3:passdb: Zero sensitive memory in lsa_secret_{set/get}_common()
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Pavel Filipenský [Sat, 20 Aug 2022 07:38:55 +0000 (09:38 +0200)]
s3:passdb: Zero secrets_domain_info1_password created via secrets_domain_info_password_create()
Zero out these members of struct secrets_domain_info1_password:
DATA_BLOB cleartext_blob;
struct samr_Password nt_hash;
struct secrets_domain_info1_kerberos_key *keys;
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Pavel Filipenský [Sat, 20 Aug 2022 07:34:30 +0000 (09:34 +0200)]
s3:passdb: Zero secrets_domain_info1_password created via secrets_fetch()
Zero out these members of struct secrets_domain_info1_password:
DATA_BLOB cleartext_blob;
struct samr_Password nt_hash;
struct secrets_domain_info1_kerberos_key *keys;
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Pavel Filipenský [Fri, 19 Aug 2022 13:25:28 +0000 (15:25 +0200)]
s3:passdb: Zero local memory in secrets_domain_info_kerberos_keys()
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Pavel Filipenský [Thu, 11 Aug 2022 08:09:00 +0000 (10:09 +0200)]
s3:passdb: Zero local memory in secrets_fetch()
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Pavel Filipenský [Wed, 17 Aug 2022 15:33:42 +0000 (17:33 +0200)]
lib:krb5: Change memset() to BURN_PTR_SIZE()
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Pavel Filipenský [Wed, 10 Aug 2022 07:07:07 +0000 (09:07 +0200)]
s3:afs: Zero memory for afs_keyfile
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Pavel Filipenský [Tue, 9 Aug 2022 13:37:15 +0000 (15:37 +0200)]
s3:net: Zero password in secrets_fetch_ipc_userpass() callers
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Pavel Filipenský [Thu, 11 Aug 2022 08:39:37 +0000 (10:39 +0200)]
s3:passdb: Fix possible memory leak in secrets_fetch_ipc_userpass()
If domain or username are empty strings (""), we need to free them.
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Pavel Filipenský [Tue, 9 Aug 2022 13:36:34 +0000 (15:36 +0200)]
s3:passdb: Zero password in secrets_fetch_ipc_userpass()
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Pavel Filipenský [Wed, 10 Aug 2022 12:48:14 +0000 (14:48 +0200)]
s3:net: Fix trailing whitespace in net.c
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Pavel Filipenský [Tue, 9 Aug 2022 07:09:49 +0000 (09:09 +0200)]
s3:passdb: Zero memory in pdb_set_pw_history()
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Pavel Filipenský [Mon, 8 Aug 2022 16:23:40 +0000 (18:23 +0200)]
s3:passdb: Zero memory in pdb_set_plaintext_passwd()
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Pavel Filipenský [Mon, 8 Aug 2022 15:49:11 +0000 (17:49 +0200)]
s3:passdb: s/BURN_PTR_SIZE/BURN_STR/ in samu_destroy()
This makes sure that strlen(user->plaintext_pw) is not called twice.
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Pavel Filipenský [Mon, 8 Aug 2022 13:23:05 +0000 (15:23 +0200)]
s3:auth: Zero memory in sam_password_ok()
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Pavel Filipenský [Mon, 8 Aug 2022 12:30:24 +0000 (14:30 +0200)]
s3:passdb: Zero memory for plaintext_pw from 'struct samu'
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>