Ralph Boehme [Wed, 20 Jan 2021 14:01:00 +0000 (15:01 +0100)]
vfs_default: support real dirfsps in vfswrap_unlinkat()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Wed, 20 Jan 2021 14:00:43 +0000 (15:00 +0100)]
vfs_ceph: support real dirfsps in cephwrap_unlinkat()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Wed, 20 Jan 2021 14:00:20 +0000 (15:00 +0100)]
vfs_catia: support real dirfsps in catia_unlinkat()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Wed, 20 Jan 2021 13:59:36 +0000 (14:59 +0100)]
vfs_catia: forward pathref fsp in catia_unlinkat()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Wed, 20 Jan 2021 13:57:39 +0000 (14:57 +0100)]
vfs_cap: support real dirfsps in cap_unlinkat()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Wed, 20 Jan 2021 13:56:50 +0000 (14:56 +0100)]
vfs_audit: support real dirfsps in audit_unlinkat()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Wed, 20 Jan 2021 13:47:19 +0000 (14:47 +0100)]
vfs: make fsp arg of vfs_[memctx|fetch]_fsp_extension const
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Jeremy Allison [Mon, 25 Jan 2021 21:29:57 +0000 (13:29 -0800)]
VFS: unityed_media: Fixup um_symlinkat() to correctly use the dirfsp path.
Missed in my original fixes.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Jan 28 08:10:18 UTC 2021 on sn-devel-184
Jeremy Allison [Mon, 25 Jan 2021 20:48:28 +0000 (12:48 -0800)]
VFS: time_audit: Fixup smb_time_audit_symlinkat() to log the dirfsp path.
Missed in my original fixes.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Mon, 25 Jan 2021 20:46:16 +0000 (12:46 -0800)]
VFS: syncops: SMB_VFS_SYMLINKAT only changes one directory so we can use the SYNCOPS_NEXT_SMB_FNAME macro directly.
Missed in my original fixes.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Mon, 25 Jan 2021 20:30:17 +0000 (12:30 -0800)]
VFS: shadow_copy2: Fixup shadow_copy2_symlinkat() to correctly use the dirfsp path.
Missed in my original fixes.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Mon, 25 Jan 2021 20:26:14 +0000 (12:26 -0800)]
VFS: media_harmony: Fixup mh_symlinkat() to correctly use the dirfsp path.
Missed in my original fixes.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Mon, 25 Jan 2021 20:02:48 +0000 (12:02 -0800)]
VFS: full_audit: Fixup smb_full_audit_symlinkat() to log the dirfsp path.
Missed in my original fixes.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Mon, 25 Jan 2021 19:17:57 +0000 (11:17 -0800)]
VFS: cap: Fixup cap_symlinkat() to cope with translating dirfsp path.
Missed in my original fixes.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Wed, 27 Jan 2021 05:29:58 +0000 (21:29 -0800)]
smbd: In conn_force_tdis_done() when forcing a connection closed force a full reload of services.
Prevents reload_services() caching the fact it might be
called multiple times in a row.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14604
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Steven Price [Sat, 24 Oct 2020 10:56:09 +0000 (11:56 +0100)]
clitar: restore mtime on files
The documentation for smbclient states that when extracting a tar
archive:
Restored files have their creation times (mtime) set to the
date saved in the tar file.
However this behaviour was lost in commit
2945596011cc ("clitar.c: fresh
new compilable file.").
Add a call to cli_setatr() to set both the mtime and the mode of files
after they have been extracted.
Signed-off-by: Steven Price <steven@ecrips.co.uk>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Jan 27 19:26:03 UTC 2021 on sn-devel-184
Stefan Metzmacher [Fri, 20 Nov 2020 09:20:14 +0000 (09:20 +0000)]
script/autobuild.py: let cleanup() ignore errors from rmdir_force() by default
It's not useful to generate a python backtrace from within the cleanup code.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Jan 27 18:17:17 UTC 2021 on sn-devel-184
Stefan Metzmacher [Fri, 20 Nov 2020 09:20:14 +0000 (09:20 +0000)]
script/autobuild.py: split out a rmdir_force() helper function
That also tries to re-add write permissions before removing.
In future we'll have jobs changing there directory to read-only.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Sun, 22 Nov 2020 22:28:31 +0000 (23:28 +0100)]
selftest: make/use a copy of GNUPGHOME
That makes it possible to run tests from a read only source tree.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Sun, 22 Nov 2020 21:43:36 +0000 (22:43 +0100)]
s4:selftest: use plansmbtorture4testsuite() for 'rpc.echo'
This makes sure "--basedir=$SELFTEST_TMPDIR" is passed to smbtorture.
Tests should not create files in the build nor the source directory!
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Jan 27 11:01:32 UTC 2021 on sn-devel-184
Stefan Metzmacher [Thu, 17 Dec 2020 05:38:14 +0000 (06:38 +0100)]
s3:selftest: run test_smbclient_tarmode.pl with a fixed subdirectory name
$PREFIX is the the value from --with-selftest-prefix.
The result of the test should not depend on --with-selftest-prefix,
the 'long_path' test in particular.
If the path is to long smbclient (via libarchive) will only
put the full path into a PAX HEADER as 'path' keyword,
that's fine in general, modern tools handle it just fine.
But Perl's Archive::Tar don't handle it and only seems
truncated file names.
I have a fix for Archive::Tar, see:
https://git.samba.org/?p=metze/samba/wip.git;a=shortlog;h=
c75037d0a06a96cdaca3f3b20a6d237e768b075b
But finishing that is a task for another day, for now I just want to remove
the dependency to --with-selftest-prefix.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Mon, 23 Nov 2020 10:35:33 +0000 (11:35 +0100)]
selftest/Samba4: allow get_cmd_env_vars() to take an overwrite dictionary
This way we can use it on even in some special cases, where we combine
variables from multiple environments.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Mon, 23 Nov 2020 10:35:33 +0000 (11:35 +0100)]
selftest/Samba4: correctly pass KRB5CCNAME to provision
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Mon, 23 Nov 2020 10:35:33 +0000 (11:35 +0100)]
selftest/Samba4: make more use of get_cmd_env_vars()
This simplifies the code a lot and makes it much easier to
add new environment variables in future.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 17 Dec 2020 09:42:03 +0000 (10:42 +0100)]
selftest:Samba4: avoid File::Path 'make_path' in setup_dns_hub_internal()
While spliting the build and test stages I hit strange permission
problems, when a parent directory is missing,
which can be avoided by using plain mkdir() on each level.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 19 Nov 2020 16:19:53 +0000 (16:19 +0000)]
selftest: allow a prefix under /m/username/
We only want to match/replace only a '.' pathname component
not any single character pathname compoment!
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Mon, 23 Nov 2020 09:38:49 +0000 (10:38 +0100)]
Makefile: add support for 'make testonly'
That skips any attempt to recompile before running the tests.
Some times that's useful for debugging and we'll
use it to split the build and test stages in autobuild and gitlab-ci
later.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
David Mulder [Thu, 21 Jan 2021 19:39:42 +0000 (12:39 -0700)]
samba-tool: Add a gpo command for removing VGP Symbolic Link Group Policy
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jan 27 07:32:03 UTC 2021 on sn-devel-184
David Mulder [Thu, 21 Jan 2021 19:11:09 +0000 (12:11 -0700)]
samba-tool: Test gpo manage symlink remove command
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Mulder [Thu, 21 Jan 2021 17:57:46 +0000 (10:57 -0700)]
samba-tool: Add a gpo command for adding VGP Symbolic Link Group Policy
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Mulder [Thu, 21 Jan 2021 17:26:57 +0000 (10:26 -0700)]
samba-tool: Test gpo manage symlink add command
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Mulder [Thu, 21 Jan 2021 17:08:15 +0000 (10:08 -0700)]
samba-tool: Add a gpo command for listing VGP Symbolic Link Group Policy
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Mulder [Thu, 21 Jan 2021 16:49:48 +0000 (09:49 -0700)]
samba-tool: Test gpo manage symlink list command
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Mulder [Thu, 21 Jan 2021 13:54:05 +0000 (06:54 -0700)]
gpo: Apply Group Policy Symlink Policy from VGP
This adds a Group Policy extension which applies
symlink policies set by Vintela Group Policy in the
SYSVOL.
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Mulder [Thu, 21 Jan 2021 13:51:43 +0000 (06:51 -0700)]
gpo: Test Group Policy VGP Symlink Policy
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Tue, 26 Jan 2021 09:55:42 +0000 (10:55 +0100)]
vfs_aixacl: fix regression from
f4c2f867f035fcbe3d547d5635d058b0aec7636a
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14620
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Björn Jacke <bjacke@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Jan 26 20:05:39 UTC 2021 on sn-devel-184
Ralph Boehme [Sat, 23 Jan 2021 17:36:23 +0000 (18:36 +0100)]
smbd: use fsp->conn->session_info for the initial delete-on-close token
There's a correctly set up session_info at fsp->conn->session_info, we can just
use that.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14617
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jan 26 04:04:14 UTC 2021 on sn-devel-184
Ralph Boehme [Mon, 25 Jan 2021 10:48:32 +0000 (11:48 +0100)]
selftest: add a test that verifies unlink works when "force user" is set
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14617
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Mon, 25 Jan 2021 10:47:45 +0000 (11:47 +0100)]
selftest: add force_user_error_inject share in maptoguest env
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14617
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Mon, 25 Jan 2021 10:46:30 +0000 (11:46 +0100)]
vfs_error_inject: add unlinkat hook
Note that a failure is only injected if the owner of the parent directory is not
the same as the current user.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14617
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 22 Jan 2021 10:15:41 +0000 (11:15 +0100)]
rpc_server: Add CLOEXEC to the listening sockets
We don't want to leak them into exec'ed processes.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jan 26 01:13:53 UTC 2021 on sn-devel-184
Volker Lendecke [Fri, 22 Jan 2021 10:13:53 +0000 (11:13 +0100)]
lib: Provide a meaningful errno if FD_CLOEXEC is missing
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sat, 16 Jan 2021 21:40:37 +0000 (22:40 +0100)]
rpc_server: Consolidate transport-specific socket creation
We had the transport switch in two places, put them together into
dcesrv_create_binding_sockets(). This makes the transport-specific
socket creation functions static to rpc_sock_helper.c.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sat, 16 Jan 2021 21:24:05 +0000 (22:24 +0100)]
rpc_server: Move socket creation to rpc_sock_helper.[ch]
dcesrv_create_ncacn_ip_tcp_sockets() already was there, move the rest
as well. This makes dcesrv_create_ncacn_np_socket() static to
rpc_sock_helper.c.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sat, 16 Jan 2021 20:32:19 +0000 (21:32 +0100)]
rpc_server: Factor out e->ep_description in dcesrv_create_endpoint_sockets()
e->ep_description is used a lot in this function.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sat, 16 Jan 2021 20:22:06 +0000 (21:22 +0100)]
rpc_server: Pass dcerpc_binding to dcesrv_create_ncacn_np_socket()
It does not need a dcesrv_endpoint.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sat, 16 Jan 2021 19:32:38 +0000 (20:32 +0100)]
rpc_server: Pass dcerpc_binding to dcesrv_create_ncacn_ip_tcp_sockets()
It does not need a dcesrv_endpoint.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sat, 16 Jan 2021 19:28:42 +0000 (20:28 +0100)]
rpc_server: Pass dcerpc_binding to dcesrv_create_ncalrpc_socket()
It does not need a dcesrv_endpoint.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sat, 16 Jan 2021 16:32:53 +0000 (17:32 +0100)]
rpc_server: Remove an unused function parameter
dcesrv_create_endpoint_sockets() doesn't need dce_ctx.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 25 Jan 2021 08:55:40 +0000 (09:55 +0100)]
vfs: Fix the FreeBSD build
fd_handle is private now
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Jan 25 12:16:11 UTC 2021 on sn-devel-184
Volker Lendecke [Mon, 25 Jan 2021 08:55:08 +0000 (09:55 +0100)]
vfs: Remove an unused variable from zfs_get_nt_acl_common()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Martin Schwenke [Sat, 23 Jan 2021 03:10:11 +0000 (14:10 +1100)]
lib: Fix the build on FreeBSD
Commit
7d0981f5e78bc881ca6521932379c69604c33a38 broke the build on
FreeBSD:
[1589/3917] Compiling lib/util/util_runcmd.c
../../lib/util/util_runcmd.c:310:7: warning: implicit declaration of function 'WIFEXITED' is invalid in C99 [-Wimplicit-function-declaration]
if (WIFEXITED(status)) {
^
../../lib/util/util_runcmd.c:311:13: warning: implicit declaration of function 'WEXITSTATUS' is invalid in C99 [-Wimplicit-function-declaration]
status = WEXITSTATUS(status);
^
../../lib/util/util_runcmd.c:312:14: warning: implicit declaration of function 'WIFSIGNALED' is invalid in C99 [-Wimplicit-function-declaration]
} else if (WIFSIGNALED(status)) {
^
../../lib/util/util_runcmd.c:313:13: warning: implicit declaration of function 'WTERMSIG' is invalid in C99 [-Wimplicit-function-declaration]
status = WTERMSIG(status);
^
4 warnings generated.
[1590/3917] Linking bin/default/source4/dsdb/libsamdb-common-samba4.so
ld: error: undefined symbol: WIFEXITED
>>> referenced by util_runcmd.c
>>> lib/util/util_runcmd.c.94.o:(samba_runcmd_io_handler)
ld: error: undefined symbol: WEXITSTATUS
>>> referenced by util_runcmd.c
>>> lib/util/util_runcmd.c.94.o:(samba_runcmd_io_handler)
ld: error: undefined symbol: WIFSIGNALED
>>> referenced by util_runcmd.c
>>> lib/util/util_runcmd.c.94.o:(samba_runcmd_io_handler)
ld: error: undefined symbol: WTERMSIG
>>> referenced by util_runcmd.c
>>> lib/util/util_runcmd.c.94.o:(samba_runcmd_io_handler)
clang: error: linker command failed with exit code 1 (use -v to see invocation)
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Jan 25 09:48:09 UTC 2021 on sn-devel-184
Volker Lendecke [Wed, 20 Jan 2021 20:10:06 +0000 (21:10 +0100)]
torture: Fix a gcc qualifier ordering warning
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Jan 22 21:07:57 UTC 2021 on sn-devel-184
Volker Lendecke [Sun, 17 Jan 2021 10:04:47 +0000 (11:04 +0100)]
lib: Make accept_recv() return the listening socket
This is helpful if you are in a listening loop with the same receiver
for many sockets doing the same thing.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 20 Jan 2021 13:53:56 +0000 (14:53 +0100)]
rpc_server: Fix a "bool==true" condition
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 20 Jan 2021 14:00:08 +0000 (15:00 +0100)]
rpc_server: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 20 Jan 2021 20:10:35 +0000 (21:10 +0100)]
torture: Align integer types
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 15 Jan 2021 15:02:52 +0000 (16:02 +0100)]
lib: Align integer types
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 15 Jan 2021 14:16:55 +0000 (15:16 +0100)]
librpc: Fix a small memleak in epm_floor_string()
Use GUID_buf_string(), don't leak the output of GUID_string()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 14 Jan 2021 20:57:16 +0000 (21:57 +0100)]
smbd: Simplify sendfile_short_send()
Allocate 1024 bytes on the stack instead of using calloc
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 14 Jan 2021 20:52:51 +0000 (21:52 +0100)]
sharesec: Simplify add_ace()
Use ADD_TO_ARRAY
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 14 Jan 2021 20:51:01 +0000 (21:51 +0100)]
libcli: make_sec_acl() copies the ace_list, make that const
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 14 Jan 2021 20:45:36 +0000 (21:45 +0100)]
smbcacls: Simplify add_ace_with_ctx()
Use ADD_TO_ARRAY()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 14 Jan 2021 20:33:13 +0000 (21:33 +0100)]
libsmb: Simplify add_ace()
Use ADD_TO_ARRAY()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 14 Jan 2021 20:32:21 +0000 (21:32 +0100)]
libsmb: Simplify sec_desc_parse()
Avoid CALLOC for just one struct dom_sids
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 14 Jan 2021 19:49:00 +0000 (20:49 +0100)]
smbcacls: Simplify sec_desc_parse()
Don't use SMB_CALLOC_ARRAY for just one element.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 11 Jan 2021 14:58:58 +0000 (15:58 +0100)]
lib: Make accept_recv() return struct samba_sockaddr
Avoid casting problems by using the samba_sockaddr union
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 14 Jan 2021 11:20:43 +0000 (12:20 +0100)]
rpc_server: Slightly simplify dcesrv_bind()
Factor out dereferencing conn->dce_ctx
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 14 Jan 2021 11:17:53 +0000 (12:17 +0100)]
rpc_server: Slightly simplify dcesrv_bind()
We have already dereferenced call->conn in a variable, use that.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 14 Jan 2021 09:25:41 +0000 (10:25 +0100)]
vfs: Simplify vfs_gluster_getwd()
Avoid a malloc, we allocate PATH_MAX chars on the stack elsewhere too
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 14 Jan 2021 09:21:19 +0000 (10:21 +0100)]
lib: Use hex_byte() in strhex_to_str()
I had completely missed that one in the last round...
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 14 Jan 2021 09:10:04 +0000 (10:10 +0100)]
lib: Avoid an "includes.h"
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 13 Jan 2021 15:03:08 +0000 (16:03 +0100)]
rpc_server: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Fri, 23 Oct 2020 10:21:57 +0000 (12:21 +0200)]
s3:idmap_hash: reliable return ID_TYPE_BOTH
idmap_hash used to bounce back the requested type,
which was ID_TYPE_UID, ID_TYPE_GID or ID_TYPE_NOT_SPECIFIED
before as the winbindd parent always used a lookupsids.
When the lookupsids failed because of an unknown domain,
the idmap child weren't requested at all and the caller
sees ID_TYPE_NOT_SPECIFIED.
This module should have supported ID_TYPE_BOTH since
samba-4.1.0, similar to idmap_rid and idmap_autorid.
Now that the winbindd parent will pass ID_TYPE_BOTH in order to
indicate that the domain exists, it's better to always return
ID_TYPE_BOTH instead of a random mix of ID_TYPE_UID, ID_TYPE_GID
or ID_TYPE_BOTH. In order to request a type_hint it will return
ID_REQUIRE_TYPE for ID_TYPE_NOT_SPECIFIED, which means that
the parent at least assures that the domain sid exists.
And the caller still gets ID_TYPE_NOT_SPECIFIED if the
domain doesn't exist.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Jan 22 11:32:46 UTC 2021 on sn-devel-184
Ralph Boehme [Mon, 11 Jan 2021 13:59:46 +0000 (14:59 +0100)]
winbind: remove legacy flags fallback
Some very old NT4 DCs might have not returned the account flags filled in. This
shouldn't be a problem anymore. Additionally, on a typical domain member server,
this request is (and can only be) send to the primary domain, so this will not
work with accounts from trusted domains.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jan 21 22:56:20 UTC 2021 on sn-devel-184
Ralph Boehme [Fri, 15 Jan 2021 11:56:25 +0000 (12:56 +0100)]
s3/auth: implement "winbind:ignore domains"
Under the following conditions a user from an ignored domain might be able to
authenticate:
- using Kerberos
- successfully previous authentication so the idmap and name caches are filled
- winbind not running (fwiw, winbindd is mandatory on a domain member)
- nscd running with a cached getpwnam for the ignored user (otherwise auth fails
because getpwnam fails)
- lookup_name() function being modified to look into the name cache before
contacting winbindd. Currently it talks directly to winbindd and that will
check the cache.
Currently, authentication will only fail because creating the local token for
the user fails because an LSA lookupname RPC call fails (because winbindd is not
running).
All of this makes a successfull authentication unlikelly, but that is more by
accident then by design.
To ensures that if winbindd is not running and as such winbindd itself can not
enforce the restriction, also implement the ignored domains check in the auth
system as a last line of defense.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14602
RN: "winbind:ignore domains" doesn't prevent user login from trusted domain
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 14 Jan 2021 09:42:53 +0000 (10:42 +0100)]
winbind: check for allowed domains in winbindd_pam_auth_pac_verify()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14602
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Mon, 11 Jan 2021 16:59:48 +0000 (17:59 +0100)]
winbind: check for allowed domains in winbindd_dual_pam_chauthtok()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14602
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Mon, 11 Jan 2021 16:19:05 +0000 (17:19 +0100)]
winbind: check for allowed domains in winbindd_dual_pam_chng_pswd_auth_crap()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14602
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Mon, 11 Jan 2021 16:10:19 +0000 (17:10 +0100)]
winbind: check for allowed domains in winbindd_dual_pam_auth_crap()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14602
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Mon, 11 Jan 2021 15:50:31 +0000 (16:50 +0100)]
winbind: check for allowed domains in winbindd_dual_pam_auth()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14602
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Mon, 11 Jan 2021 15:15:15 +0000 (16:15 +0100)]
winbind: move "winbind:ignore domain" logic to a seperate function
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14602
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Wed, 13 Jan 2021 10:54:40 +0000 (11:54 +0100)]
selftest: add a test for "winbind:ignore domains"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14602
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Wed, 20 Jan 2021 11:00:16 +0000 (12:00 +0100)]
winbind: handle MSG_SMB_CONF_UPDATED in the winbinds children
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14602
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Wed, 20 Jan 2021 11:27:23 +0000 (12:27 +0100)]
winbind: set logfile after reloading config
lp_load_global() will overwrite whatever we've set with lp_set_logfile().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14602
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Wed, 20 Jan 2021 10:17:22 +0000 (11:17 +0100)]
winbind: move config-reloading code to winbindd_dual.c
In preperation of forwarding MSG_SMB_CONF_UPDATED to all childs.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14602
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 14 Jan 2021 07:14:46 +0000 (08:14 +0100)]
selftest: use correct DNS domain name for wrapper hosts file
For some reason the join fails to register the DNS records when provisioning the
member env:
Using short domain name -- SAMBA2008R2
Joined 'IDMAPADMEMBER' to dns domain 'samba2008r2.example.com'
DNS Update for idmapadmember.samba.example.com failed: ERROR_DNS_UPDATE_FAILED
At the same time the hosts file used by the wrappers contains the wrong fqdn. As
a result the test that the next commit is going do add fails due do the broken
DNS resolution:
...
UNEXPECTED(failure): samba3.blackbox.winbind_ignore_domain.test_winbind_ignore_domains_ok_krb5(ad_member_idmap_ad:local)
REASON: Exception: Exception: do_connect: Connection to idmapadmember.samba2008r2.example.com failed (Error NT_STATUS_UNSUCCESSFUL)
...
Checking DNS in the testenv, first the working record for the main DC:
testenv$ dig @10.53.57.64 dc7.samba2008r2.example.com +short
10.53.57.27
testenv$ bin/samba-tool dns query dc7 samba2008r2.example.com dc7 A -U Administrator%locDCpass7
Name=, Records=1, Children=0
A: 10.53.57.27 (flags=f0, serial=1, ttl=900)
Now the failing idmapadmember:
testenv$ dig @10.53.57.64 idmapadmember.samba2008r2.example.com +short
testenv$ bin/samba-tool dns query dc7 samba2008r2.example.com idmapadmember A -U Administrator%locDCpass7
ERROR: Record or zone does not exist.
Fixing the hosts file lets the tests work, fixing the broken DNS record
registration is a task for another day.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14602
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Jeremy Allison [Wed, 20 Jan 2021 20:30:10 +0000 (12:30 -0800)]
VFS: unityed_media: Fixup um_mknodat() to correctly use the dirfsp path.
Missed in my original fixes.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Jeremy Allison [Wed, 20 Jan 2021 20:27:16 +0000 (12:27 -0800)]
VFS: unityed_media: Fix um_mkdirat() to correctly look at the full pathname.
Missed in the original mkdirat fixes.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Jeremy Allison [Wed, 20 Jan 2021 20:22:29 +0000 (12:22 -0800)]
VFS: time_audit: Fixup smb_time_audit_mknodat() to log the dirfsp path.
Missed in my original fixes.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Jeremy Allison [Wed, 20 Jan 2021 20:11:01 +0000 (12:11 -0800)]
VFS: syncops: Fixup all uses of the SYNCOPS_NEXT_SMB_FNAME macro to correctly use the dirfsp path.
Remove the temp solution added to syncops_mkdirat()
as we now have a generic fix.
Missed in my original fixes.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Jeremy Allison [Wed, 20 Jan 2021 19:59:16 +0000 (11:59 -0800)]
VFS: shadow_copy2: Fixup shadow_copy2_mknodat() to correctly use the dirfsp path.
Missed in my original fixes.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Jeremy Allison [Wed, 20 Jan 2021 19:56:36 +0000 (11:56 -0800)]
VFS: media_harmony: Fixup mh_mknodat() to correctly use the dirfsp path.
Missed in my original fixes.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Jeremy Allison [Wed, 20 Jan 2021 19:51:16 +0000 (11:51 -0800)]
VFS: full_audit: Fixup smb_full_audit_mknodat() to log the dirfsp path.
Missed in my original fixes.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Jeremy Allison [Wed, 20 Jan 2021 19:33:03 +0000 (11:33 -0800)]
VFS: cap: Fixup cap_mknodat() to cope with translating dirfsp path.
Missed in my original fixes.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Stefan Metzmacher [Tue, 8 Dec 2020 15:29:10 +0000 (16:29 +0100)]
vfs_fruit: make use of adouble_open_from_base_fsp(ADOUBLE_RSRC) in fruit_open_rsrc_adouble()
The key is that we return a fake_fd to the caller and only open
the '._' file in the background.
The next vfs backend should only see the fsp from
adouble_open_from_base_fsp, while the vfs backends above
should only see the fake_fd.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Jan 21 14:47:53 UTC 2021 on sn-devel-184
Stefan Metzmacher [Thu, 10 Dec 2020 12:11:06 +0000 (13:11 +0100)]
vfs_fruit: add fruit_get_complete_fio() helper
This will make it easier to hide some fsp extension later.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Wed, 30 Dec 2020 12:49:37 +0000 (13:49 +0100)]
vfs_fruit: let fruit_open_rsrc_adouble() return errno = EISDIR
That hopefully makes the check that ':AFP_Resource' can't
be created on directories.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Wed, 23 Dec 2020 10:58:08 +0000 (11:58 +0100)]
s3:adouble: add adouble_open_from_base_fsp()
For now we only support ADOUBLE_RSRC, but that might change in future.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Wed, 23 Dec 2020 10:58:08 +0000 (11:58 +0100)]
s3:adouble: allow ad_fget/ad_get_internal to be used with a backend fsp
Up to now we only passed in stream fsp, but that will change shortly.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>