Ralph Boehme [Tue, 28 Apr 2020 14:55:30 +0000 (16:55 +0200)]
smbd: use parent_smb_fname() in parent_dirname_compatible_open()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Tue, 28 Apr 2020 14:52:09 +0000 (16:52 +0200)]
smbd: use parent_smb_fname() in inherit_new_acl()
Note: has to rename the variable parent_smb_fname otherwise it conflicts with
the function name.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Tue, 28 Apr 2020 14:47:44 +0000 (16:47 +0200)]
smbd: use parent_smb_fname() in mkdir_internal()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Tue, 28 Apr 2020 14:44:00 +0000 (16:44 +0200)]
smbd: use parent_smb_fname() in open_file_ntcreate()
Prepares for converting a bunch of functions to struct smb_filename later.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Tue, 28 Apr 2020 14:40:25 +0000 (16:40 +0200)]
smbd: use parent_smb_fname() in non_widelink_open()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Tue, 28 Apr 2020 14:23:07 +0000 (16:23 +0200)]
smbd: use parent_smb_fname() in check_parent_access()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Tue, 28 Apr 2020 14:11:38 +0000 (16:11 +0200)]
smbd: use parent_smb_fname() in copy_internals()
Prepares for converting file_set_dosmode() to struct smb_filename.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Tue, 28 Apr 2020 14:00:42 +0000 (16:00 +0200)]
smbd: use parent_smb_fname() in unix_convert()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Wed, 29 Apr 2020 13:43:30 +0000 (15:43 +0200)]
smbd: use synthetic_smb_fname() in check_parent_exists()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Tue, 28 Apr 2020 13:21:37 +0000 (15:21 +0200)]
smbd: use parent_smb_fname() in can_delete_file_in_directory()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Tue, 28 Apr 2020 13:01:59 +0000 (15:01 +0200)]
vfs_linux_xfs_sgid: use parent_smb_fname()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Tue, 28 Apr 2020 12:47:40 +0000 (14:47 +0200)]
vfs_gpfs: use parent_smb_fname()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Tue, 28 Apr 2020 12:43:20 +0000 (14:43 +0200)]
vfs_default: use parent_smb_fname()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Tue, 28 Apr 2020 12:41:21 +0000 (14:41 +0200)]
vfs_ceph: use parent_smb_fname()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Tue, 28 Apr 2020 12:28:32 +0000 (14:28 +0200)]
vfs_aio_pthread: use parent_smb_fname()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Tue, 28 Apr 2020 12:15:38 +0000 (14:15 +0200)]
vfs_acl_common: use parent_smb_fname()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Tue, 28 Apr 2020 10:55:26 +0000 (12:55 +0200)]
s3/lib: add parent_smb_fname()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Fri, 19 Jul 2019 10:35:57 +0000 (12:35 +0200)]
testprogs: Add client kerberos test
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Apr 29 11:53:41 UTC 2020 on sn-devel-184
Andreas Schneider [Thu, 18 Jul 2019 12:18:57 +0000 (14:18 +0200)]
s4:torture: Print account and authority name
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Andreas Schneider [Tue, 28 Apr 2020 15:25:35 +0000 (17:25 +0200)]
docs-xml: Fix usernames in pam_winbind manpages
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14358
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Apr 29 09:44:55 UTC 2020 on sn-devel-184
Björn Baumbach [Tue, 28 Apr 2020 15:09:56 +0000 (17:09 +0200)]
samba-tool: fetch "no such subcommand" error and print error message
This patch especially improves the case where extra arguments are used.
Without this patch just the attributes are mentioned as invalid, if
samba-tool is called with an invalid/unknown subcommand.
Example without this patch:
# samba-tool sites list --all
Usage: samba-tool sites <subcommand>
samba-tool sites: error: no such option: --all
This can be deceptive for users. Is looks like the "list" command
does not provide a "--all" option.
Example with this patch:
# samba-tool sites list --all
samba-tool sites: no such subcommand: list
Usage: samba-tool sites <subcommand>
(...)
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Apr 29 08:08:21 UTC 2020 on sn-devel-184
Andrew Bartlett [Thu, 23 Apr 2020 23:04:00 +0000 (11:04 +1200)]
librpc: Provide clearer debug messages for malformed DCE/RPC bind
REF: https://lists.samba.org/archive/samba/2020-April/229334.html
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Alexander Bokovoy [Tue, 28 Apr 2020 18:59:46 +0000 (21:59 +0300)]
s3: pass DCE RPC handle type to create_policy_hnd
Various RPC services expect policy handles of a specific type.
s3 RPC server did not allow to create policy handles with a specific
type while actually requiring that policy handle type itself in some
places.
Make sure we are able to specify the policy on-wire handle type when
creating the policy handle. The changes follow s4 DCE RPC server
implementation.
The original logic to always set on-wire handle type to 0 can be tracked
down to commit
fdeea341ed1bae670382e45eb731db1b5838ad21 when we didn't
really know about differences in on-wire handle types.
All but LSA trusted domain RPC calls do not check the on-wire handle
type in s3 RPC server.
Fixes trusted domain operations when Samba RPC client attempts to call
s3 RPC server to perform lsa_lsaRSetForestTrustInformation in FreeIPA.
This fix is a pre-requisite for FreeIPA-FreeIPA forest trust.
Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Apr 28 22:55:29 UTC 2020 on sn-devel-184
David Mulder [Thu, 23 Jan 2020 14:26:53 +0000 (07:26 -0700)]
s4:torture: Convert samba3.raw.mkdir test to smb2
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
888abcaf8ffbec45fc47520bd3f544e3aa6f58f2)
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Apr 28 19:46:32 UTC 2020 on sn-devel-184
David Mulder [Mon, 6 Jan 2020 16:43:19 +0000 (09:43 -0700)]
s4:torture: Convert samba4.base.tcon test to smb2
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
eb167bc43dbe196ef5b3bfd24160c72c74113dea)
David Mulder [Mon, 23 Dec 2019 20:58:47 +0000 (13:58 -0700)]
Convert samba4.base.mangle test to smb2
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
9437b44668c9f7742d6d4fe0891ac4d9fda7c804)
David Mulder [Mon, 13 Jan 2020 16:19:51 +0000 (09:19 -0700)]
Implement alt name query for smb2
Implements smb2_qpathinfo_alt_name() and
RAW_FILEINFO_SMB2_ALT_NAME_INFORMATION.
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
097df343ce21c8340aee7f42f233fe74b92b47e2)
David Mulder [Fri, 20 Dec 2019 21:06:13 +0000 (14:06 -0700)]
Convert samba4.base.maximum_allowed to smb2
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
d9edfeea668362269d812f82b1957ed16ff56dd4)
David Mulder [Fri, 20 Dec 2019 21:10:49 +0000 (14:10 -0700)]
Add SMB2 lsa helper routines
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
3763052c2a95ac9bd60f00458389a5245cf5d58d)
Ralph Boehme [Tue, 28 Apr 2020 06:04:41 +0000 (08:04 +0200)]
smbd: add missing done check from unix_convert_step_stat() refactoring
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 24 Mar 2020 13:35:51 +0000 (14:35 +0100)]
lib: Remove unused elements from ctdbd_connection
Nobody set them, only the destructor referenced them
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Apr 28 10:46:22 UTC 2020 on sn-devel-184
Volker Lendecke [Tue, 24 Mar 2020 13:33:28 +0000 (14:33 +0100)]
lib: Nobody sets ctdbd_connection->fde anymore, remove it
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Tue, 24 Mar 2020 13:32:06 +0000 (14:32 +0100)]
lib: Remove unused ctdbd_setup_fde() and callees
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Wed, 11 Mar 2020 10:03:06 +0000 (11:03 +0100)]
lib: Use ctdbd_req_send/recv in ctdb_parse_send/recv
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Thu, 12 Mar 2020 15:20:50 +0000 (16:20 +0100)]
torture3: Test ctdb_req_send/recv
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Fri, 20 Mar 2020 12:58:21 +0000 (13:58 +0100)]
lib: Add ctdbd_req_send/recv
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Fri, 20 Mar 2020 12:46:13 +0000 (13:46 +0100)]
lib: Add ctdbd_prep_hdr_next_reqid()
Preparation for generic ctdb_req_send/recv: No need to expose
ctdbd_next_reqid(), do basic preparations of a ctdb_req_header
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Thu, 12 Mar 2020 15:05:58 +0000 (16:05 +0100)]
lib: Add ctdbd_init_async_connection()
Prepare for ctdb_req_send/recv doing tevent_req based async ctdb
requests
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Mon, 23 Mar 2020 12:03:35 +0000 (13:03 +0100)]
selftest: Run local-dbwrap-ctdb1 test
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Mon, 23 Mar 2020 12:02:55 +0000 (13:02 +0100)]
torture3: Rename LOCAL-DBWRAP-CTDB->LOCAL-DBWRAP-CTDB1
There will be more
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Mon, 23 Mar 2020 12:01:29 +0000 (13:01 +0100)]
torture3: Fix the local-dbwrap-ctdb test
We need to O_CREAT the database when connecting
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Wed, 25 Mar 2020 11:20:39 +0000 (12:20 +0100)]
torture3: test readdir timestamp
Create -o files per -N client connections, set a specific timestamp, then write
a bit. This leads to the locking.tdb dmasters to be spread across all nodes.
Then list from one node. This makes sure that the async share mode fetch works
right.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Mon, 30 Mar 2020 15:54:28 +0000 (17:54 +0200)]
libsmb: Add cli_setfileinfo_ext()
Analogue to cli_setpathinfo_ext()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Mon, 30 Mar 2020 14:47:52 +0000 (16:47 +0200)]
libsmb: Factor out prep_basic_information_buf()
Will be used in cli_setfileinfo_ext next
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Wed, 18 Mar 2020 10:31:14 +0000 (11:31 +0100)]
ctdb: Implement CTDB_CONTROL_ECHO_DATA
Testing control: 4 bytes msec delay plus a blob, return the request after the
delay. This is an enhanced "ping" which can be used to test asynchronous
clients.
Doesn't have the full protocol implementation yet
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Volker Lendecke [Tue, 7 Apr 2020 15:26:26 +0000 (17:26 +0200)]
ctdb-protocol: Add marshalling for control ECHO_DATA
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Volker Lendecke [Tue, 7 Apr 2020 14:44:58 +0000 (16:44 +0200)]
ctdb-protocol: Add marshalling for struct ctdb_echo_data
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Volker Lendecke [Tue, 7 Apr 2020 13:17:42 +0000 (15:17 +0200)]
ctdb-protocol: Add new control CTDB_CONTROL_ECHO_DATA
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Volker Lendecke [Tue, 7 Apr 2020 19:48:24 +0000 (21:48 +0200)]
ctdb: Fix duplicate ;;
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
David Disseldorp [Tue, 21 Apr 2020 12:43:14 +0000 (14:43 +0200)]
traffic_packets: fix SyntaxWarning: "is" with a literal
Python 3.8 adds this warning via https://bugs.python.org/issue34850:
the "is" and "is not" operator sometimes is used with string and
numerical literals. This code "works" on CPython by accident, because
of caching on different levels (small integers and strings caches,
interned strings, deduplicating constants at compile time). But it
shouldn't work on other implementations, and can not work even on
early or future CPython versions.
Reported-by: L. van Belle <belle@samba.org>
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Mon Apr 27 12:19:59 UTC 2020 on sn-devel-184
Jeremy Allison [Fri, 24 Apr 2020 20:55:49 +0000 (13:55 -0700)]
smbd: unix_convert_step(). Fix use of state->end as a boolean, always compare with NULL.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Apr 24 23:21:16 UTC 2020 on sn-devel-184
Ralph Boehme [Thu, 23 Apr 2020 14:09:28 +0000 (16:09 +0200)]
smbd: add some logging to unix_convert()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 23 Apr 2020 10:35:12 +0000 (12:35 +0200)]
smbd: factor out unix_convert_step_search_fail()
Again, just moving code from unix_convert_step_stat() without any logic changes.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 23 Apr 2020 09:46:19 +0000 (11:46 +0200)]
smbd: use an early exit if stat succeeds in unix_convert_step_stat()
Allows decreasing the indentation level of the bulk of the code that handles
stat failure. Best viewed with `git show -w`.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 23 Apr 2020 09:40:25 +0000 (11:40 +0200)]
smbd: factor out unix_convert_step_stat() from unix_convert_step()
The diff looks more complicated that it is: everything in the new
unix_convert_step_stat() is moved *as is* from unix_convert_step() without
further changes.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 23 Apr 2020 10:18:29 +0000 (12:18 +0200)]
smbd: remove goto from unix_convert_step()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 23 Apr 2020 09:16:36 +0000 (11:16 +0200)]
smbd: factor out path loop in unix_convert()
Just a copy&paste of everything in the for loop without any changes other then
removing one indentation level. Even keeping the gotos, removing them comes in
the next commit.
No change in behaviuour.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 23 Apr 2020 10:00:38 +0000 (12:00 +0200)]
smbd: use a different error out in one place in unix_convert()
The error label is only used for OOM conditions no smb_fname of dirpath.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 23 Apr 2020 08:06:56 +0000 (10:06 +0200)]
smbd: in unix_convert() replace all local variable with a state struct
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 23 Apr 2020 07:39:22 +0000 (09:39 +0200)]
smbd: rename ctx variable to mem_ctx in unix_convert()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 23 Apr 2020 07:32:53 +0000 (09:32 +0200)]
smbd: change variable name start to name in unix_convert()
start always points at the current single component name in the path traversal
loop.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 7 Apr 2020 11:46:32 +0000 (13:46 +0200)]
lib: Fix a valgrind error
I just came across this failure with a new test:
==16654== Invalid read of size 4
==16654== at 0x4950947: tevent_req_is_in_progress (tevent_req.c:270)
==16654== by 0x5AEEE8F: writev_trigger (async_sock.c:375)
==16654== by 0x494F9E7: tevent_queue_immediate_trigger (tevent_queue.c:149)
==16654== by 0x494F53C: tevent_common_invoke_immediate_handler (tevent_immediate.c:166)
==16654== by 0x494F642: tevent_common_loop_immediate (tevent_immediate.c:203)
==16654== by 0x4959E5E: epoll_event_loop_once (tevent_epoll.c:918)
==16654== by 0x495665A: std_event_loop_once (tevent_standard.c:110)
==16654== by 0x494DFCE: _tevent_loop_once (tevent.c:772)
==16654== by 0x4950A6A: tevent_req_poll (tevent_req.c:300)
==16654== by 0x4D166C9: tevent_req_poll_ntstatus (tevent_ntstatus.c:109)
==16654== by 0x18C98B: run_readdir_timestamp (test_readdir_timestamp.c:489)
==16654== by 0x161BC5: run_test (torture.c:14896)
==16654== by 0x162726: main (torture.c:15136)
==16654== Address 0x91bb878 is 216 bytes inside a block of size 853 free'd
==16654== at 0x48369AB: free (vg_replace_malloc.c:530)
==16654== by 0x49B405E: _tc_free_internal (talloc.c:1221)
==16654== by 0x49B4116: _talloc_free_internal (talloc.c:1247)
==16654== by 0x49B547C: _talloc_free (talloc.c:1789)
==16654== by 0x50ECE3B: smb2cli_req_writev_done (smbXcli_base.c:3468)
==16654== by 0x4950648: _tevent_req_notify_callback (tevent_req.c:141)
==16654== by 0x49507A9: tevent_req_finish (tevent_req.c:193)
==16654== by 0x49507D6: _tevent_req_done (tevent_req.c:199)
==16654== by 0x5AEEE28: writev_do (async_sock.c:363)
==16654== by 0x5AEEE83: writev_trigger (async_sock.c:374)
==16654== by 0x494F9E7: tevent_queue_immediate_trigger (tevent_queue.c:149)
==16654== by 0x494F53C: tevent_common_invoke_immediate_handler (tevent_immediate.c:166)
==16654== by 0x494F642: tevent_common_loop_immediate (tevent_immediate.c:203)
==16654== by 0x4959E5E: epoll_event_loop_once (tevent_epoll.c:918)
==16654== by 0x495665A: std_event_loop_once (tevent_standard.c:110)
==16654== by 0x494DFCE: _tevent_loop_once (tevent.c:772)
==16654== by 0x4950A6A: tevent_req_poll (tevent_req.c:300)
==16654== by 0x4D166C9: tevent_req_poll_ntstatus (tevent_ntstatus.c:109)
==16654== by 0x18C98B: run_readdir_timestamp (test_readdir_timestamp.c:489)
==16654== by 0x161BC5: run_test (torture.c:14896)
==16654== by 0x162726: main (torture.c:15136)
==16654== Block was alloc'd at
==16654== at 0x483577F: malloc (vg_replace_malloc.c:299)
==16654== by 0x49B300F: __talloc_with_prefix (talloc.c:782)
==16654== by 0x49B31E6: _talloc_pool (talloc.c:837)
==16654== by 0x49B3394: _talloc_pooled_object (talloc.c:905)
==16654== by 0x49501A6: _tevent_req_create (tevent_req.c:79)
==16654== by 0x5AEE956: writev_send (async_sock.c:266)
==16654== by 0x50ECBCA: smb2cli_req_compound_submit (smbXcli_base.c:3396)
==16654== by 0x50ECD49: smb2cli_req_send (smbXcli_base.c:3447)
==16654== by 0x50FE34F: smb2cli_create_send (smb2cli_create.c:153)
==16654== by 0x490325E: cli_smb2_create_fnum_send (cli_smb2_fnum.c:273)
==16654== by 0x48D0146: cli_ntcreate_send (clifile.c:2504)
==16654== by 0x18B737: create_ts_send (test_readdir_timestamp.c:59)
==16654== by 0x18BF77: create_ts_files_send (test_readdir_timestamp.c:253)
==16654== by 0x18C35C: create_files_send (test_readdir_timestamp.c:336)
==16654== by 0x18C953: run_readdir_timestamp (test_readdir_timestamp.c:482)
==16654== by 0x161BC5: run_test (torture.c:14896)
==16654== by 0x162726: main (torture.c:15136)
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Apr 23 21:53:38 UTC 2020 on sn-devel-184
Ralph Boehme [Thu, 23 Apr 2020 08:48:51 +0000 (10:48 +0200)]
smbd: remove initial stat() EACCES handling from unix_convert()
This was added by
bd90ca6f00b (my bad) but it breaks filesystems with NFS4
permissions.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Apr 23 19:50:38 UTC 2020 on sn-devel-184
Renaud Fortier [Tue, 21 Apr 2020 11:47:01 +0000 (11:47 +0000)]
ctdb-scripts: Update nfs-ganesha-callout
On debian buster, this variable doesn't exist anymore. Look at this PR
as a reference:
https://github.com/gluster/storhaug/pull/30
Signed-off-by: Renaud Fortier <renaud.fortier@fsaa.ulaval.ca>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Thu Apr 23 08:07:51 UTC 2020 on sn-devel-184
Andrew Bartlett [Mon, 20 Apr 2020 05:09:52 +0000 (17:09 +1200)]
provision: Remove final code for the LDAP backend
The LDAP backend for the Samba AD DC, aiming to store the AD DC in
an existing LDAP server was largely removed many years aga, but the
other parts were removed in
2b0fc74a0916a6ab0d5ac007cc5e100d4682b2ea.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Apr 23 06:12:20 UTC 2020 on sn-devel-184
Andrew Bartlett [Mon, 20 Apr 2020 05:04:05 +0000 (17:04 +1200)]
source4/setup: Remove files unused since the LDAP backend was removed
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Ralph Boehme [Wed, 22 Apr 2020 13:13:04 +0000 (15:13 +0200)]
smbd: let unix_convert() fail early if initial stat fails with EACCES
Doing directory scans on the path components is not going to change this, so
give up early. No change in behaviour, as we would just fail later in
get_real_filename() otherwise.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Apr 22 21:08:39 UTC 2020 on sn-devel-184
Jeremy Allison [Tue, 21 Apr 2020 20:39:10 +0000 (13:39 -0700)]
s3: VFS: widelinks. Change call to resolve_realpath_name() -> canonicalize_absolute_path().
That code was moved into source3/lib/util_path.c.
We now have *one* canonicalize_absolute_path() funtion,
tested more completely.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Apr 22 09:51:08 UTC 2020 on sn-devel-184
Jeremy Allison [Tue, 21 Apr 2020 20:34:52 +0000 (13:34 -0700)]
s3: selftest: Remove test_vfs_widelinks.
All of the tests that were in there
are now tested in samba3.smbtorture_s3.LOCAL-CANONICALIZE-PATH
along with other paths.
Clean revert of
f7fe3474298 not possible due to
changes in source3/selftest/tests.py
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Tue, 21 Apr 2020 20:30:38 +0000 (13:30 -0700)]
s3: lib: Remove the old canonicalize_absolute_path().
This code was really hard to understand.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Tue, 21 Apr 2020 20:24:44 +0000 (13:24 -0700)]
s3: util: Replace the old (hard to understand) canonicalize_absolute_path() with a version created from resolve_realpath_name() in vfs_widelinks.c
This code is *much* more comprehensible and passes the
stricter test set than the original (unfixed) canonicalize_absolute_path()
out of the gate.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Tue, 21 Apr 2020 19:58:02 +0000 (12:58 -0700)]
s3: lib: Fix canonicalize_absolute_path() to pass the tests from resolve_realpath_name()
Remove the knownfail.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Tue, 21 Apr 2020 18:49:44 +0000 (11:49 -0700)]
s3: torture: Add the tests from resolve_realpath_name() to canonicalize_absolute_path().
canonicalize_absolute_path() has a bug.
In canonicalize_absolute_path()
///a/./././///component/../////path/ -> /a//path
It should go to /a/path. Mark as knownfail.
Adding these tests so I can ultimately remove
resolve_realpath_name() and re-use the existing
canonicalize_absolute_path() code in vfs_widelinks.c
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Martin Schwenke [Tue, 17 Mar 2020 05:05:20 +0000 (16:05 +1100)]
util: Fix signed/unsigned integer comparison
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Wed Apr 22 01:48:03 UTC 2020 on sn-devel-184
Jeremy Allison [Fri, 17 Apr 2020 21:23:07 +0000 (14:23 -0700)]
s3: smbd: Refuse open in create_file_unixpath() with only SEC_FLAG_SYSTEM_SECURITY set.
We now pass smbtorture3 SMB2-SACL like Windows 10 does.
Note this is an SMB2-only behavior. SMB1 allows an open
with only SEC_FLAG_SYSTEM_SECURITY set as tested in
smbtorture3 SMB1-SYSTEM-SECURITY.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Apr 21 20:17:10 UTC 2020 on sn-devel-184
Jeremy Allison [Fri, 17 Apr 2020 21:20:13 +0000 (14:20 -0700)]
s3: smbd: Reformat code in SEC_FLAG_SYSTEM_SECURITY check in create_file_unixpath().
No logic change but uses modern formatting and will
make it easier to add another clause in the next commit.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Fri, 17 Apr 2020 21:16:36 +0000 (14:16 -0700)]
smbd: Ensure SEC_FLAG_SYSTEM_SECURITY also opens the underlying fd.
smbtorture3 SMB2-SAL test shows this is needed as we store the SACL in the same
data store as the DACL.
Without this, opening a file with SEC_FLAG_SYSTEM_SECURITY | READ_ATTRIBUTES
would do a stat open, meaning when we call SMB_VFS_FGET_NT_ACL()
on the fsp we have no open fd to work on.
Pair-Programmed-With: Jeremy Allison <jra@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Ralph Boehme [Wed, 4 Mar 2020 09:54:18 +0000 (10:54 +0100)]
smbd: use helper variables in open_file()
Simplify an if expression by using helper variables, no change in behaviour.
Signed-off-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Fri, 17 Apr 2020 21:14:38 +0000 (14:14 -0700)]
s3: smbd: When writing a security descriptor SACL, ensure both SEC_FLAG_SYSTEM_SECURITY|SEC_STD_WRITE_DAC are set.
smbtorture3 SMB2-SACL tests this against Windows10 (and Samba).
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Sat, 18 Apr 2020 00:39:22 +0000 (17:39 -0700)]
s3: torture: Call the smbtorture3 SMB2-SACL test.
Calls the test in the previous commit by adding
SeSecurityPrivilege first, running the SMB2-SACL test
then removing SeSecurityPrivilege.
Demonstrates the difference between server behavior
with SEC_FLAG_SYSTEM_SECURITY against SMB1 and SMB2 servers.
Mark as knownfail for now.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Fri, 17 Apr 2020 18:46:49 +0000 (11:46 -0700)]
s3: torture: Add a basic SMB2 SACL test.
Shows bits needed to set/get a SACL. We need a script within Samba to run this
as it depends on a user with SeSecurityPrivilege to work.
Test does the following:
1). Create a test file.
2). Open with SEC_FLAG_SYSTEM_SECURITY *only*. ACCESS_DENIED.
NB. SMB2-only behavior. SMB1 allows this as tested in SMB1-SYSTEM-SECURITY.
3). Open with SEC_FLAG_SYSTEM_SECURITY|FILE_WRITE_ATTRIBUTES.
4). Write SACL. Should fail with ACCESS_DENIED (seems to need WRITE_DAC).
5). Close (3).
6). Open with SEC_FLAG_SYSTEM_SECURITY|SEC_STD_WRITE_DAC.
7). Write SACL. Success.
8). Close (4).
9). Open with SEC_FLAG_SYSTEM_SECURITY|READ_ATTRIBUTES.
10). Read SACL. Success.
11). Read DACL. Should fail with ACCESS_DENIED (no READ_CONTROL).
12). Close (9).
13 - and on error). Delete test file.
Passes against Windows 10.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Sat, 18 Apr 2020 00:36:10 +0000 (17:36 -0700)]
s3: torture: Run the SMB1-SYSTEM-SECURITY test.
Calls the test in the previous commit by adding
SeSecurityPrivilege first, running the SMB1-SYSTEM-SECURITY
test then removing SeSecurityPrivilege.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Fri, 17 Apr 2020 22:48:09 +0000 (15:48 -0700)]
s3: torture: Add an SMB1-specific test SMB1-SYSTEM-SECURITY.
NB. This is also tested in samba3.base.createx_access
but this makes it very explicit what we're looking for.
Shows SMB1 allows explicit open of a file with only
he SEC_FLAG_SYSTEM_SECURITY access mask requested.
SMB2 doesn't.
Requires a Windows 10 system with a user with
SeSecurityPrivilege set. Passes against Windows 10
with SMB1 enabled.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Anoop C S [Mon, 20 Apr 2020 09:11:18 +0000 (14:41 +0530)]
dbwrap_watch: Set rec->value_valid while returning nested share_mode_do_locked()
As reported on samba-technical by Rouven WEILER <Rouven_Weiler@gmx.net>:
https://lists.samba.org/archive/samba-technical/2020-April/135116.html
Following backtrace was observed with vfs_fruit for time machine backup:
[2020/04/10 08:00:38.107917, 0] ../../lib/dbwrap/dbwrap.c:82(dbwrap_record_get_value)
PANIC: assert failed at ../../lib/dbwrap/dbwrap.c(82): rec->value_valid
[2020/04/10 08:00:38.108499, 0] ../../source3/lib/util.c:830(smb_panic_s3)
PANIC (pid 3427): assert failed: rec->value_valid
[2020/04/10 08:00:38.109541, 0] ../../lib/util/fault.c:265(log_stack_trace)
BACKTRACE: 37 stack frames:
#0 /usr/lib/samba/amd64/libsamba-util.so.0.0.1'log_stack_trace+0x26 [0xfffffd7fee51de66]
#1 /usr/lib/samba/amd64/libsmbconf.so.0'smb_panic_s3+0x26 [0xfffffd7fedf5a596]
#2 /usr/lib/samba/amd64/libsamba-util.so.0.0.1'smb_panic+0x1f [0xfffffd7fee51df3f]
#3 /usr/lib/samba/private/amd64/libdbwrap-samba4.so'dbwrap_record_get_value+0x2a [0xfffffd7feccb627a]
#4 /usr/lib/samba/private/amd64/libsmbd-base-samba4.so'get_share_mode_lock+0x109 [0xfffffd7fee7195c9]
#5 /usr/lib/samba/private/amd64/libsmbd-base-samba4.so'smbd_contend_level2_oplocks_begin+0xa1 [0xfffffd7fee7f7761]
#6 /usr/lib/samba/private/amd64/libsmbd-base-samba4.so'brl_lock+0x635 [0xfffffd7fee710f45]
#7 /usr/lib/samba/private/amd64/libsmbd-base-samba4.so'do_lock_fn+0xa4 [0xfffffd7fee70d534]
#8 /usr/lib/samba/private/amd64/libsmbd-base-samba4.so'share_mode_do_locked_fn+0x86 [0xfffffd7fee7174b6]
#9 /usr/lib/samba/amd64/libsmbconf.so.0'dbwrap_watched_do_locked_fn+0xfa [0xfffffd7fedf622ca]
#10 /usr/lib/samba/private/amd64/libdbwrap-samba4.so'db_tdb_do_locked+0x12f [0xfffffd7feccb95cf]
#11 /usr/lib/samba/private/amd64/libdbwrap-samba4.so'dbwrap_do_locked+0x48 [0xfffffd7feccb69a8]
#12 /usr/lib/samba/amd64/libsmbconf.so.0'dbwrap_watched_do_locked+0x6f [0xfffffd7fedf60d7f]
#13 /usr/lib/samba/private/amd64/libdbwrap-samba4.so'dbwrap_do_locked+0x48 [0xfffffd7feccb69a8]
#14 /usr/lib/samba/private/amd64/libsmbd-base-samba4.so'share_mode_do_locked+0xd2 [0xfffffd7fee719b82]
#15 /usr/lib/samba/private/amd64/libsmbd-base-samba4.so'do_lock+0xf0 [0xfffffd7fee70dfe0]
#16 /usr/lib/samba/amd64/vfs/fruit.so'fruit_create_file+0x7ba [0xfffffd7fe88855aa]
#17 /usr/lib/samba/private/amd64/libsmbd-base-samba4.so'smbd_smb2_request_process_create+0xa07 [0xfffffd7fee7d3237]
#18 /usr/lib/samba/private/amd64/libsmbd-base-samba4.so'smbd_smb2_request_dispatch+0xc8f [0xfffffd7fee7c985f]
#19 /usr/lib/samba/private/amd64/libsmbd-base-samba4.so'smbd_smb2_connection_handler+0x621 [0xfffffd7fee7ca7e1]
#20 /usr/lib/samba/private/amd64/libtevent.so.0.10.2'tevent_common_invoke_fd_handler+0x80 [0xfffffd7fecd3a580]
#21 /usr/lib/samba/private/amd64/libtevent.so.0.10.2'epoll_event_loop_once+0x22c [0xfffffd7fecd4180c]
#22 /usr/lib/samba/private/amd64/libtevent.so.0.10.2'std_event_loop_once+0x40 [0xfffffd7fecd3f8f0]
#23 /usr/lib/samba/private/amd64/libtevent.so.0.10.2'_tevent_loop_once+0x95 [0xfffffd7fecd39bd5]
#24 /usr/lib/samba/private/amd64/libtevent.so.0.10.2'tevent_common_loop_wait+0x23 [0xfffffd7fecd39e43]
#25 /usr/lib/samba/private/amd64/libtevent.so.0.10.2'std_event_loop_wait+0x40 [0xfffffd7fecd3f870]
#26 /usr/lib/samba/private/amd64/libsmbd-base-samba4.so'smbd_process+0x777 [0xfffffd7fee7b8677]
#27 /usr/lib/samba/sbin/amd64/smbd'smbd_accept_connection+0x189 [0x40d5b9]
#28 /usr/lib/samba/private/amd64/libtevent.so.0.10.2'tevent_common_invoke_fd_handler+0x80 [0xfffffd7fecd3a580]
#29 /usr/lib/samba/private/amd64/libtevent.so.0.10.2'epoll_event_loop_once+0x22c [0xfffffd7fecd4180c]
#30 /usr/lib/samba/private/amd64/libtevent.so.0.10.2'std_event_loop_once+0x40 [0xfffffd7fecd3f8f0]
#31 /usr/lib/samba/private/amd64/libtevent.so.0.10.2'_tevent_loop_once+0x95 [0xfffffd7fecd39bd5]
#32 /usr/lib/samba/private/amd64/libtevent.so.0.10.2'tevent_common_loop_wait+0x23 [0xfffffd7fecd39e43]
#33 /usr/lib/samba/private/amd64/libtevent.so.0.10.2'std_event_loop_wait+0x40 [0xfffffd7fecd3f870]
#34 /usr/lib/samba/sbin/amd64/smbd'main+0x1a0f [0x40f9ff]
#35 /usr/lib/samba/sbin/amd64/smbd'_start_crt+0x83 [0x408e73]
#36 /usr/lib/samba/sbin/amd64/smbd'_start+0x18 [0x408dd8]
In this particular nested share_mode_do_locked() invocation, callback
comes through dbwrap_watched_do_locked_fn() where it fails to update
rec->value_valid which further gets assigned to static_share_mode_record
within share_mode_do_locked_fn().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14352
Signed-off-by: Anoop C S <anoopcs@redhat.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Apr 21 17:37:43 UTC 2020 on sn-devel-184
Volker Lendecke [Mon, 13 Apr 2020 18:04:21 +0000 (20:04 +0200)]
libsmb: Move clirap2.c to utils/
It's only used in net_rap.c, expansion to other users is
unlikely. Don't link it into libsmbclient anymore. It saves roughly
50k from the everywhere-linked libsmb.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Apr 18 04:12:48 UTC 2020 on sn-devel-184
Volker Lendecke [Sat, 11 Apr 2020 17:54:11 +0000 (19:54 +0200)]
utils: Convert smbtree to use libsmbclient
We have the domain browsing functionality in libsmbclient, don't
duplicate it in smbtree with special code. Not too much gain in lines
of code, but the new code is much more regular and reuses
functionality provided elsewhere.
This removes the "-b" option from smbtree, libsmbclient always does
that.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sat, 11 Apr 2020 17:03:39 +0000 (19:03 +0200)]
smbtree: Add "fail:" target, more failure paths with follow
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 13 Apr 2020 07:23:45 +0000 (09:23 +0200)]
libsmb: Slightly simplify get_ipc_connect()
No else required with an early return
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sat, 11 Apr 2020 16:13:52 +0000 (18:13 +0200)]
pidl: Align integer types in scompat files
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 16 Apr 2020 12:38:34 +0000 (14:38 +0200)]
ctdb: Fix a memleak
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14348
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Fri Apr 17 08:32:35 UTC 2020 on sn-devel-184
Jeremy Allison [Wed, 15 Apr 2020 19:07:57 +0000 (12:07 -0700)]
s4: torture: SMB2. Fix smb2.winattr to actually read the SD from the server and check it.
We need READ_CONTROL, and actually have to ask for
the OWNER|GROUP|DACL bits if we're going to properly
check the SD.
Tested against Windows 10.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Apr 16 20:42:58 UTC 2020 on sn-devel-184
Jeremy Allison [Wed, 15 Apr 2020 20:33:43 +0000 (13:33 -0700)]
s3: smbd: Ensure we don't try and read the on-disk security descriptor if no bits are requested.
The sdread test just added shows that a client
can open with READ_ATTRIBUTES and still issue
a query security descriptor. smbd passed that
test as it read the on-disk sd, but then threw
the information away and returned the NULL sd
the client expects.
Make sure that we don't try and read the on-disk
sd if the client doesn't request any bits.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Wed, 15 Apr 2020 18:59:17 +0000 (11:59 -0700)]
s4: torture: SMB2. Add a new test that exposes interesting SD query behavior.
If we open a file without READ_CONTROL, requesting a security
descriptor fails with ACCESS_DENIED if any of the requested
bits OWNER|GROUP|DACL are set.
However, if we send zero as the requested bits then a
security descriptor is returned containing no data,
even though reading an SD should fail based on the
access permissions we have on the handle.
This has been tested against Windows 10, and also
passes on Samba - although in smbd we actually
read the SD off disk first, before nulling out
all the data we read. We shouldn't (we have
no rights to do so) and a subsequent commit
will fix this.
This was discovered when investigating the
smb2.winattr test, which currently relies
on exactly this behavior. It shouldn't
and the next commit will fix that.
I wanted to preserve the current smb2.winattr
behavior in a test though.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Christof Schmitt [Wed, 15 Apr 2020 21:56:03 +0000 (14:56 -0700)]
docs: Update smbclient manpage that four digit years are also allowed
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Christof Schmitt <cs@samba.org>
Autobuild-Date(master): Thu Apr 16 19:06:32 UTC 2020 on sn-devel-184
Christof Schmitt [Wed, 15 Apr 2020 21:53:08 +0000 (14:53 -0700)]
test_smbclient_s3: Test four-digit year in smbclient utimes
Modify the test to also set the create_time, and specify the year with
using four digits to test the new codepath.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Christof Schmitt [Tue, 14 Apr 2020 23:40:55 +0000 (16:40 -0700)]
smbclient: Also allow four digit years in utimes command
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Christof Schmitt [Tue, 14 Apr 2020 23:38:03 +0000 (16:38 -0700)]
smbclient: Remove one level of indentation for the utimes command
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Noel Power [Tue, 14 Apr 2020 10:21:22 +0000 (11:21 +0100)]
s3/librpc/crypto: Fix double free with unresolved credential cache
We free gse_ctx->k5ctx but then free it again in the
talloc dtor. This patch just lets the talloc dtor handle
things and removes the extra krb5_free_context
Failed to resolve credential cache 'DIR:/run/user/1000/krb5cc'! (No credentials cache found)
==30762== Invalid read of size 8
==30762== at 0x108100F4: k5_os_free_context (in /usr/lib64/libkrb5.so.3.3)
==30762== by 0x107EA661: krb5_free_context (in /usr/lib64/libkrb5.so.3.3)
==30762== by 0x7945D2E: gse_context_destructor (gse.c:84)
==30762== by 0x645FB49: _tc_free_internal (talloc.c:1157)
==30762== by 0x645FEC5: _talloc_free_internal (talloc.c:1247)
==30762== by 0x646118D: _talloc_free (talloc.c:1789)
==30762== by 0x79462E4: gse_context_init (gse.c:241)
==30762== by 0x794636E: gse_init_client (gse.c:268)
==30762== by 0x7947602: gensec_gse_client_start (gse.c:786)
==30762== by 0xBC87A3A: gensec_start_mech (gensec_start.c:743)
==30762== by 0xBC87BC6: gensec_start_mech_by_ops (gensec_start.c:774)
==30762== by 0xBC8167F: gensec_spnego_client_negTokenInit_step (spnego.c:633)
==30762== Address 0x17259928 is 40 bytes inside a block of size 496 free'd
==30762== at 0x4C2F50B: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==30762== by 0x79462CA: gse_context_init (gse.c:238)
==30762== by 0x794636E: gse_init_client (gse.c:268)
==30762== by 0x7947602: gensec_gse_client_start (gse.c:786)
==30762== by 0xBC87A3A: gensec_start_mech (gensec_start.c:743)
==30762== by 0xBC87BC6: gensec_start_mech_by_ops (gensec_start.c:774)
==30762== by 0xBC8167F: gensec_spnego_client_negTokenInit_step (spnego.c:633)
==30762== by 0xBC813E2: gensec_spnego_client_negTokenInit_start (spnego.c:537)
==30762== by 0xBC84084: gensec_spnego_update_pre (spnego.c:1943)
==30762== by 0xBC83AE5: gensec_spnego_update_send (spnego.c:1741)
==30762== by 0xBC85622: gensec_update_send (gensec.c:449)
==30762== by 0x551BFD0: cli_session_setup_gensec_local_next (cliconnect.c:997)
==30762== Block was alloc'd at
==30762== at 0x4C306B5: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==30762== by 0x107EA7AE: krb5_init_context_profile (in /usr/lib64/libkrb5.so.3.3)
==30762== by 0xB853215: smb_krb5_init_context_common (krb5_samba.c:3597)
==30762== by 0x794615B: gse_context_init (gse.c:209)
==30762== by 0x794636E: gse_init_client (gse.c:268)
==30762== by 0x7947602: gensec_gse_client_start (gse.c:786)
==30762== by 0xBC87A3A: gensec_start_mech (gensec_start.c:743)
==30762== by 0xBC87BC6: gensec_start_mech_by_ops (gensec_start.c:774)
==30762== by 0xBC8167F: gensec_spnego_client_negTokenInit_step (spnego.c:633)
==30762== by 0xBC813E2: gensec_spnego_client_negTokenInit_start (spnego.c:537)
==30762== by 0xBC84084: gensec_spnego_update_pre (spnego.c:1943)
==30762== by 0xBC83AE5: gensec_spnego_update_send (spnego.c:1741)
==30762==
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14344
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Tue Apr 14 22:55:51 UTC 2020 on sn-devel-184
Jeremy Allison [Fri, 10 Apr 2020 21:14:25 +0000 (14:14 -0700)]
s3: VFS: Add cmocka test for vfs_full_audit to make sure all arrays are correct.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14343
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Apr 14 17:58:40 UTC 2020 on sn-devel-184
Jeremy Allison [Fri, 10 Apr 2020 20:27:18 +0000 (13:27 -0700)]
s3: VFS: full_audit. Add missing fcntl entry in vfs_op_names[] array.
Found by yannick@in2ip.nl.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14343
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>