Andrew Bartlett [Thu, 28 Nov 2019 23:07:34 +0000 (12:07 +1300)]
lib/fuzzing: Link only the required NDR_ subsystems into ndr_fuzz_X binaries
This reduces the binary size and shows that we are linked against the correct
ndr_table_ global variable. This might help the fuzzing engine know there
is not much more of the binary to find if unreachable code is not included.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Thu, 28 Nov 2019 23:06:01 +0000 (12:06 +1300)]
librpc: Fill in full deps for NDR_* subsystems
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Douglas Bagnall [Tue, 3 Dec 2019 22:57:02 +0000 (11:57 +1300)]
fuzzing/decode_ndr_X: read crashes from a HONGGFUZZ report
In theory, you should be able to run honggfuzz and go
$ lib/fuzzing/decode_ndr_X_crash -H HONGGFUZZ-REPORT.txt > crash-crash-crash.sh
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Tue, 3 Dec 2019 22:35:40 +0000 (11:35 +1300)]
lib/fuzzing/decode_ndr_X: print less by default, avoid pipe
ndrdump can now take base64 input directly.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Tue, 5 Nov 2019 01:26:56 +0000 (14:26 +1300)]
fuzzing: Add script decode_ndr_X_crash to decode crash results
This interprets a file that crashes an fuzz_ndr_X binary
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 6 Nov 2019 04:27:08 +0000 (17:27 +1300)]
dcerpc: developer option to save ndr_fuzz_X seeds
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 31 Oct 2019 03:28:28 +0000 (16:28 +1300)]
lib/fuzzing: add fuzz_ndr_X
This NDR fuzzer links with each "interface" in the IDL files to
create avsingle binary. This tries to matches what the fuzzing
engines desire.
It started as a copy of ndrdump but very little of that remains
in place.
The fancy build rules try to avoid needing a lof of boilerplate
in the wscript_build files and ensure new fuzzers are generated
and run when new IDL is added automatically.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Sat, 30 Nov 2019 11:44:52 +0000 (00:44 +1300)]
pidl/tests/samba-ndr.pl: remove duplicate import
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Dec 10 04:16:31 UTC 2019 on sn-devel-184
Douglas Bagnall [Sat, 30 Nov 2019 11:43:52 +0000 (00:43 +1300)]
pidl s4::Python: silence warnings
- do not redeclare variables in the same scope.
- use $1 instead of \1, which perl just prefers.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Sat, 30 Nov 2019 11:43:02 +0000 (00:43 +1300)]
pidl Parse::Pidl::NDR: silence two warnings about undefined strings
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Sat, 30 Nov 2019 11:42:22 +0000 (00:42 +1300)]
pidl Parse::Pidl::NDR: add HRESULT alignment
this is a guess
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Sat, 30 Nov 2019 11:41:42 +0000 (00:41 +1300)]
pidl Parse::Pidl::NDR: warn of unknown scalar alignments
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Sat, 30 Nov 2019 10:05:56 +0000 (23:05 +1300)]
pidl s4::NDR::Parser: silence a warning
At level 0 there is no previous level so $pl is undefined thus so is ->{TYPE}
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Sat, 30 Nov 2019 09:52:23 +0000 (22:52 +1300)]
pidl s4::NDR::Parser: correct has_fast_array logic
Here we fix two bugs that cancelled each other out completely, so this
patch leaves us with exactly the same functionally as before.
Bug 1: In perl, return is *syntactically* a function.
That means 'return X or Y' is read as 'return(X) or Y', as in the
'open(X) or die "..."' construct -- Y is only evaluated if return
returns false. But return never returns, so Y is dead code. If in
doubt, try these:
perl -e "sub x {return 0 or die;} x"
perl -e "sub x {return (0 or die);} x"
What we *meant* here is 'return (X or Y)', BUT it turns out we were
confused -- the Y case was bogus.
Bug 2: string arrays never had "fast array logic" in the first place.
The fast array logic is for arrays of bytes, and can be fast (i.e.
memcpy) because there is no endianness to worry about. A string array
is an array of pointers not bytes.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Sat, 30 Nov 2019 10:37:08 +0000 (23:37 +1300)]
pidl s4::NDR::Parser: read hex numbers as numbers for ranges
Hex numbers in IDL are not parsed as numbers, resulting in warnings
like
Argument 0x2000 isn't numeric in numeric lt (<) at /home/douglas/src/samba/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm line 981
not to mention problematic code. We add a utility function to convert
these numbers to numbers.
A typical difference this makes is:
--- old/default/librpc/gen_ndr/ndr_dcerpc.c 2019-11-30 23:40:32.
915816967 +1300
+++ new/default/librpc/gen_ndr/ndr_dcerpc.c 2019-11-30 17:00:09.
055733660 +1300
@@ -1893,7 +1893,7 @@
if (ndr_flags & NDR_SCALARS) {
NDR_CHECK(ndr_pull_align(ndr, 4));
NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->ReceiveWindowSize));
- if (r->ReceiveWindowSize > 0x40000) {
+ if (r->ReceiveWindowSize < 8192 || r->ReceiveWindowSize > 262144) {
return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range");
}
NDR_CHECK(ndr_pull_trailer_align(ndr, 4));
Where the minimum ("0x2000" == 8192) was read as a string, thus
treated as zero.
The treatment as zero was introduced in
142b2a61f8a77b3065ce4c78b459ab714d6d190a
accidentially, which shows why warnings are important.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Sat, 30 Nov 2019 09:34:54 +0000 (22:34 +1300)]
pidl: use perl warnings
Warnings are good. If we turn on warnings with 'use warnings', we will
see bugs that have lain latent for years.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Wed, 4 Dec 2019 20:56:44 +0000 (09:56 +1300)]
librpc/ndr: Do not follow a client-supplied NULL pointer in _print_drsuapi_DsAttributeValue_attid()
This is not a security issue as it only happens when printing the structure
during debugging, not normal production.
Found by Michael Hanselmann using an NDR fuzzer and Hongfuzz.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Wed, 4 Dec 2019 22:10:14 +0000 (11:10 +1300)]
selftest: Add ndrdump tests for malformed drsuapi traffic
Thanks to Douglas Bagnall for the samples, produced from seeds
generated by Samba's make test traffic, fuzzed by ndr_fuzz_X
and Hongfuzz.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andreas Schneider [Thu, 5 Dec 2019 12:48:52 +0000 (13:48 +0100)]
pidl: Remove Parse/Yapp/Driver.pm
This file is provided by Parse::Yapp and on install we overwrite the
orignal file.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Dec 10 01:54:02 UTC 2019 on sn-devel-184
Isaac Boukris [Mon, 21 Oct 2019 17:03:04 +0000 (20:03 +0300)]
smbdes: remove old unused DES builtin-crypto
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Isaac Boukris [Thu, 21 Nov 2019 14:13:19 +0000 (15:13 +0100)]
sess_crypt_blob can only crypt blobs whose size divides by 8
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Isaac Boukris [Thu, 21 Nov 2019 13:02:03 +0000 (14:02 +0100)]
session: convert sess_crypt_blob to use gnutls
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Isaac Boukris [Wed, 20 Nov 2019 15:02:16 +0000 (16:02 +0100)]
smbdes: convert des_crypt112_16 to use gnutls
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Isaac Boukris [Wed, 20 Nov 2019 14:41:02 +0000 (15:41 +0100)]
smbdes: convert des_crypt112 to use gnutls
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Isaac Boukris [Wed, 20 Nov 2019 14:28:39 +0000 (15:28 +0100)]
smbdes: convert E_old_pw_hash to use gnutls
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Isaac Boukris [Fri, 8 Nov 2019 16:49:48 +0000 (17:49 +0100)]
smbdes: convert des_crypt128() to use gnutls
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Isaac Boukris [Fri, 8 Nov 2019 14:40:01 +0000 (15:40 +0100)]
smbdes: convert E_P24() and SMBOWFencrypt to use gnutls
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Isaac Boukris [Fri, 8 Nov 2019 11:04:48 +0000 (12:04 +0100)]
smbdes: remove D_P16() (not used)
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Isaac Boukris [Thu, 7 Nov 2019 15:16:26 +0000 (16:16 +0100)]
smbdes: convert E_P16() to use gnutls
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Isaac Boukris [Thu, 7 Nov 2019 17:40:03 +0000 (18:40 +0100)]
smbdes: convert sam_rid_crypt() to use gnutls
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Isaac Boukris [Thu, 7 Nov 2019 12:39:20 +0000 (13:39 +0100)]
SMBsesskeygen_lm_sess_key: use gnutls and return NTSTATUS
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Isaac Boukris [Thu, 7 Nov 2019 11:53:52 +0000 (12:53 +0100)]
netlogon_creds_des_encrypt/decrypt_LMKey: use gnutls and return NTSTATUS
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Isaac Boukris [Sat, 19 Oct 2019 20:48:19 +0000 (23:48 +0300)]
smbdes: add des_crypt56_gnutls() using DES-CBC with zeroed IV
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Isaac Boukris [Wed, 20 Nov 2019 22:44:10 +0000 (23:44 +0100)]
selftest: test sess_crypt_blob
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Isaac Boukris [Tue, 19 Nov 2019 23:14:31 +0000 (00:14 +0100)]
selftest: test SMBsesskeygen_lm_sess_key
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Isaac Boukris [Tue, 19 Nov 2019 19:02:49 +0000 (20:02 +0100)]
selftest: test des_crypt112_16
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Isaac Boukris [Tue, 19 Nov 2019 18:49:09 +0000 (19:49 +0100)]
selftest: test des_crypt112 and fix (unused) decryption
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Isaac Boukris [Tue, 19 Nov 2019 18:10:18 +0000 (19:10 +0100)]
selftest: test des_crypt128
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Isaac Boukris [Tue, 19 Nov 2019 17:49:58 +0000 (18:49 +0100)]
selftest: test E_old_pw_hash
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Isaac Boukris [Tue, 19 Nov 2019 17:26:13 +0000 (18:26 +0100)]
selftest: test E_P24 and SMBOWFencrypt
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Isaac Boukris [Tue, 19 Nov 2019 15:08:49 +0000 (16:08 +0100)]
selftest: test sam_rid_crypt
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Isaac Boukris [Tue, 19 Nov 2019 08:46:18 +0000 (09:46 +0100)]
selftest: test E_P16
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Isaac Boukris [Sat, 9 Nov 2019 16:47:33 +0000 (17:47 +0100)]
libcli/auth: test des_crypt56() and add test_gnutls to selftest
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Fri, 6 Dec 2019 07:49:54 +0000 (08:49 +0100)]
auth:tests: Only enable torture_gnutls_aes_128_cfb() on GnuTLS >= 3.6.11
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Fri, 6 Dec 2019 07:12:34 +0000 (08:12 +0100)]
auth:tests: Improve debug output of test_gnutls
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Mon, 9 Dec 2019 09:47:46 +0000 (10:47 +0100)]
s3:lib: Move NULL check before messaging_dgm_out_rearm_idle_timer()
We dereference out in messaging_dgm_out_rearm_idle_timer().
Found by covscan.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Mon, 9 Dec 2019 09:45:31 +0000 (10:45 +0100)]
s3:smbd: Fix possible NULL deref in smbd_do_qfilepathinfo()
Found by covscan.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Mon, 9 Dec 2019 09:35:55 +0000 (10:35 +0100)]
s3:torture: Do not segfault if cli is NULL
This can happen if we fail early and cli hasn't been initialized yet.
Found by covscan.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Mon, 9 Dec 2019 09:22:52 +0000 (10:22 +0100)]
s3:rpc_server: Fix string compare for utmp entries
The members of struct utmp are marked as nonstring. This means they
might not be nil-terminated.
Found by covscan.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Mon, 9 Dec 2019 08:58:42 +0000 (09:58 +0100)]
s4:lib: Make sure we close fd's in error path
Found by covscan.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Volker Lendecke [Mon, 9 Dec 2019 12:49:47 +0000 (13:49 +0100)]
build: Fix the build without system gssapi headers
source4/heimdal/lib/gssapi/gssapi/gssapi_krb5.h and gssapi_spnego.h
have an #include <gssapi.h> which they need to find via the -I paths
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Tue Dec 10 00:29:55 UTC 2019 on sn-devel-184
Ralph Boehme [Mon, 9 Dec 2019 17:56:59 +0000 (18:56 +0100)]
lib: spelling fix
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Mon Dec 9 19:23:10 UTC 2019 on sn-devel-184
Volker Lendecke [Tue, 3 Dec 2019 20:26:24 +0000 (21:26 +0100)]
smbd: Give a better error message for non-existing share modes
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Mon Dec 9 17:33:42 UTC 2019 on sn-devel-184
Volker Lendecke [Fri, 29 Nov 2019 14:45:56 +0000 (15:45 +0100)]
net: Extend some debug information
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Tue, 3 Dec 2019 12:23:06 +0000 (13:23 +0100)]
smbd: Call reopen_logs() in the notifyd
If you have per-process logfiles with %d, the notifyd will get its
own logfile
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Tue, 3 Dec 2019 12:22:06 +0000 (13:22 +0100)]
smbd: Call reopen_logs() in the smbd scavenger
If you have per-process logfiles with %d, the scavenger will get its
own logfile
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Tue, 3 Dec 2019 11:52:09 +0000 (12:52 +0100)]
torture: Use sizeof() where appropriate
One magic number less that needs to be verified manually
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Wed, 4 Dec 2019 13:43:02 +0000 (14:43 +0100)]
smbd: Use NULL instead of 0 for a pointer type
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Ralph Boehme [Fri, 6 Dec 2019 16:48:19 +0000 (16:48 +0000)]
lib: add a comment to nt_time_to_full_timespec()
Add a hint explaining why and how -1 should be treated differently in the
future. Also make use of the helper function make_omit_timespec().
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Fri, 6 Dec 2019 16:45:04 +0000 (16:45 +0000)]
lib: harden full_timespec_to_nt_time()
This protects against overflows when tv_sec is less then
TIME_FIXUP_CONSTANT_INT.
It also correctly limits the range of returned values to be
[NTTIME_MIN, NTTIME_MAX].
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Fri, 6 Dec 2019 16:44:37 +0000 (16:44 +0000)]
lib: add NTTIME_MAX, NTTIME_MIN, NTTIME_OMIT and NTTIME_FREEZE definitions
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andreas Schneider [Fri, 29 Nov 2019 07:28:28 +0000 (08:28 +0100)]
s3:smbspool: Leave early if we print as root
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Mon Dec 9 14:18:11 UTC 2019 on sn-devel-184
Mikhail Novosyolov [Sat, 2 Nov 2019 22:47:51 +0000 (01:47 +0300)]
s3:smbspool: print a hint about smbspool_krb5_wrapper
When I first met with the situation that Kerberos kredentials cache of root
user was looked for instead of the one of the printing task creator,
it took a lot of time to understand that smbspool_krb5_wrapper will resolve this.
Signed-off-by: Mikhail Novosyolov <m.novosyolov@rosalinux.ru>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Mikhail Novosyolov [Sat, 2 Nov 2019 22:28:13 +0000 (01:28 +0300)]
s3:smbspool_krb5_wrapper: ignore unknown values of AUTH_INFO_REQUIRED
To make smbspool_krb5_wrapper usable as a default destination for symlink
/usr/lib/cups/backend/smb in Linux ditros, it has to be well-prepared
for any possible values of AUTH_INFO_REQUIRED set by cupsd and correctly
pass printing tasks to smbspool if it sees that Kerberos authentication
is not needed.
Discussed here: https://lists.samba.org/archive/samba-technical/2019-October/134470.html
Signed-off-by: Mikhail Novosyolov <m.novosyolov@rosalinux.ru>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Andreas Schneider [Mon, 28 Oct 2019 08:38:08 +0000 (09:38 +0100)]
s3:smbspool_krb5_wrapper: Map AUTH_INFO_REQUIRED=none to anonymous
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Andreas Schneider [Mon, 28 Oct 2019 08:35:34 +0000 (09:35 +0100)]
s3:smbspool: Map AUTH_INFO_REQUIRED=none to anonymous connection
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Andreas Schneider [Fri, 8 Nov 2019 13:32:44 +0000 (14:32 +0100)]
s3:selfest: Do not print the env twice
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Gary Lockyer <gary@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Dec 9 11:57:52 UTC 2019 on sn-devel-184
Andreas Schneider [Wed, 6 Nov 2019 14:54:45 +0000 (14:54 +0000)]
s3:tests: Remove the -I SERVER_IP so that Kerberos auth works
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Gary Lockyer <gary@samba.org>
Richard Sharpe [Fri, 6 Dec 2019 05:07:11 +0000 (00:07 -0500)]
docs-xml/Samba-Developers-Guide/vfs.xml: Fix incorrect VFS func names.
Use SMB_VFS_P{READ,WRITE} since the others have been retired.
Also, fix up the definitions.
Signed-off-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sun Dec 8 21:50:52 UTC 2019 on sn-devel-184
Ralph Boehme [Fri, 6 Dec 2019 10:27:22 +0000 (10:27 +0000)]
s4:smbtorture: also test for date >> UINT32_MAX in timestamps test
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 3 Dec 2019 20:27:09 +0000 (21:27 +0100)]
smbd: Fix a share_entries.tdb record leak
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 3 Dec 2019 20:33:28 +0000 (21:33 +0100)]
smbd: Test cleanup of disconnected durable handle records
Right now this panics the scavenger daemon, preventing it from doing
its work. The reopen we expect to fail with
NT_STATUS_OBJECT_NAME_NOT_FOUND thus succeeds. I know that we should
more precisely detect the scavenger crash and with Jeremy's pattern in
46899ecf836 this would be possible. However, this is C code right now,
and scanning the logfile for the panic is more I have time for right
now. The test successfully indicates failure, as the next commit will
show.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 6 Dec 2019 14:34:25 +0000 (15:34 +0100)]
selftest: Make durable_v2_delay more specific
It will grow another subtest soon
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 3 Dec 2019 11:44:18 +0000 (12:44 +0100)]
smbd: Panic if there's a leak in share_entries.tdb
Hopefully dbwrap_tdb's dbwrap_exists is cheap enough for this to not
impact performance too much. I could not measure any difference in an
open/close benchmark, but at some point things might pile up and we
might have to make this a #ifdef DEVELOPER
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 6 Dec 2019 12:30:05 +0000 (13:30 +0100)]
build: Trim the deps of 'smbconf'
This does not pull in gensec anymore
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 6 Dec 2019 12:49:55 +0000 (13:49 +0100)]
build: util_cmdline depends on cli_credentials
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 6 Dec 2019 12:48:20 +0000 (13:48 +0100)]
build: secrets3 need E_md4hash and kerberos functions
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 6 Dec 2019 12:25:21 +0000 (13:25 +0100)]
smbd: Make lp_use_sendfile() static to reply.c
This is the only place where it's used. Also, via
smb_signing_is_active it pulls in the dependency on
'cli_smb_common' (which pulls in all of gensec) into the 'smbconf'
library. Without this, 'smbconf' is happy with just 'samba-hostconfig'
instead of 'cli_smb_common'
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 6 Dec 2019 12:20:36 +0000 (13:20 +0100)]
build: Explicitly depend on samba-modules where needed
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 6 Dec 2019 12:18:07 +0000 (13:18 +0100)]
build: gencache.c in 'samba3core' needs crc32()
This comes from zlib, make the dependency explicit
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 6 Dec 2019 12:16:44 +0000 (13:16 +0100)]
build: libcli/http does not need samba3core, only gensec
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 6 Dec 2019 12:40:00 +0000 (13:40 +0100)]
build: messaging.c uses talloc_report_printf()
This used to be talloc_report_str()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 6 Dec 2019 12:39:18 +0000 (13:39 +0100)]
build: Multi-line a long list of deps
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Thu, 5 Dec 2019 16:17:42 +0000 (17:17 +0100)]
ldb:tests: Add missing null check for ldb_kv_private
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Gary Lockyer <gary@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Dec 6 11:13:24 UTC 2019 on sn-devel-184
Andreas Schneider [Thu, 5 Dec 2019 16:15:01 +0000 (17:15 +0100)]
ldb:tests: Add missing size check for tdb
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Gary Lockyer <gary@samba.org>
Andreas Schneider [Thu, 5 Dec 2019 16:14:31 +0000 (17:14 +0100)]
ldb:tests: Use assert_in_range() in test_get_size()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Gary Lockyer <gary@samba.org>
Andreas Schneider [Thu, 5 Dec 2019 16:02:39 +0000 (17:02 +0100)]
ldb: Avoid a possible NULL pointer dereference
Found by cppcheck.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Gary Lockyer <gary@samba.org>
Ralph Boehme [Tue, 3 Dec 2019 17:46:25 +0000 (18:46 +0100)]
WHATSNEW: document SMB_VFS_NTIMES() interface change
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7771
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Dec 6 01:45:21 UTC 2019 on sn-devel-184
Ralph Boehme [Mon, 2 Dec 2019 15:30:50 +0000 (16:30 +0100)]
smbd: fix handling of sentinel timestamp values
This implements two core changes:
* use NTTIME instead of struct timespec at the database layer
* use struct timespec { .tv_nsec = SAMBA_UTIME_OMIT } as special sentinel
value in smbd when processing timestamps
Using NTTIME at the database layer is only done to avoid storing the special
struct timespec sentinel values on disk. Instead, with NTTIME the sentinel value
for an "unset" timestamp is just 0 on-disk.
The NTTIME value of 0 gets translated by nt_time_to_full_timespec() to the
struct timespec sentinel value { .tv_nsec = SAMBA_UTIME_OMIT }.
The function is_omit_timespec() can be used to check this.
Beside nt_time_to_full_timespec(), there are various other new time conversion
functions with *full* in their name that can be used to safely convert between
different types with the changed sentinel value.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7771
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Mon, 2 Dec 2019 15:21:42 +0000 (16:21 +0100)]
s3: add init_smb_file_time()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7771
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Sun, 1 Dec 2019 08:01:20 +0000 (09:01 +0100)]
smbclient: use cli_setpathinfo_ext() in utimes command
This allows correct processing of sentinel date values.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7771
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Sun, 1 Dec 2019 08:01:13 +0000 (09:01 +0100)]
libsmb: add cli_setpathinfo_ext()
This takes a struct timespec instead of just time_t as cli_setpathinfo_basic()
does. This is needed to pass sentinel values -1 in the smbclient utime command.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7771
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Tue, 3 Dec 2019 17:36:38 +0000 (18:36 +0100)]
smbclient: use full_timespec_to_nt_time()
Needed to support dates corresponding to (time_t)0 and (time_t)-1.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7771
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Fri, 29 Nov 2019 16:17:08 +0000 (16:17 +0000)]
s3:lib: use nt_time_to_full_timespec() in interpret_long_date()
interpret_long_date() is now only used in the client. To enable correct
processing of dates before the UNIX epoch, call nt_time_to_full_timespec().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7771
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Tue, 3 Dec 2019 08:55:47 +0000 (09:55 +0100)]
smbd: use pull_long_date_full_timespec()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7771
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 5 Dec 2019 14:26:07 +0000 (15:26 +0100)]
s3:lib: add pull_long_date_full_timespec()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7771
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Sat, 30 Nov 2019 20:29:07 +0000 (21:29 +0100)]
smbd: use put_long_date_full_timespec()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7771
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Fri, 29 Nov 2019 15:28:54 +0000 (15:28 +0000)]
s3:lib: add put_long_date_full_timespec()
put_long_date_full_timespec() will be used in the fileserver to marshall struct
timespec timestamps that are sent to the client. By using
full_timespec_to_nt_time() which supports tv_sec=0 and negative values, we can
return timestamps to clients with a date before the UNIX epoch.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7771
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 28 Nov 2019 15:46:27 +0000 (15:46 +0000)]
s3:lib: let round_timespec() handle SAMBA_UTIME_OMIT
This ensures callers are not required to do the check themselves and we don't
clobber omit-timespecs in this function.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7771
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Fri, 29 Nov 2019 08:43:21 +0000 (08:43 +0000)]
lib: canonicalize pull_dos_date3()
Returns 0xFFFFFFFF as (time_t)-1. This avoids misenterpreting 0xFFFFFFFF as a
valid time_t value (0xFFFFFFFF = Sun 07 Feb 2106 06:28:15 AM GMT) on 64-bit
platforms where time_t is 64-bit.
Currently direct and indirect callers of pull_dos_date3() rely on the fact that
the resulting time_t is checked with null_time() which also checks for
0xFFFFFFFF as sentinel value amongst 0 and -1:
return t == 0 ||
t == (time_t)0xFFFFFFFF ||
t == (time_t)-1;
By returning -1 instead of 0xFFFFFFFF, callers can safely pass the result to
unix_to_nt_time() which *doesn't* check for 0xFFFFFFFF, only -1.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7771
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>