Noel Power [Thu, 8 Apr 2021 11:47:33 +0000 (12:47 +0100)]
s3/modules: VFS: fake_acls: Remove fake_acls_chmod() function
Also remove fake_acls_sys_acl_set_file() which is no longer called
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Noel Power [Thu, 8 Apr 2021 11:46:27 +0000 (12:46 +0100)]
s3/modules: VFS: extd_audit: Remove audit_chmod() function
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Noel Power [Thu, 8 Apr 2021 11:42:56 +0000 (12:42 +0100)]
s3/modules: VFS: cep_snapshots: remove ceph_snap_gmt_chmod() function
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Noel Power [Thu, 8 Apr 2021 11:42:01 +0000 (12:42 +0100)]
s3/modules: VFS: ceph: Remove cephwrap_chmod() function
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Noel Power [Thu, 8 Apr 2021 11:41:15 +0000 (12:41 +0100)]
s3/modules: VFS: catia: Remove catia_chmod() function
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Noel Power [Thu, 8 Apr 2021 11:39:48 +0000 (12:39 +0100)]
s3/modules: VFS: cap: remove cap_chmod
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Noel Power [Thu, 8 Apr 2021 11:35:56 +0000 (12:35 +0100)]
s3/modules: VFS: audit: Remove audit_chmod
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Noel Power [Thu, 8 Apr 2021 11:34:39 +0000 (12:34 +0100)]
s3/modules: VFS: acl_common: Remove chmod_acl_module_common() function
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Noel Power [Thu, 8 Apr 2021 11:34:02 +0000 (12:34 +0100)]
s3/modules: VFS: acl_xattr: Remove call to chmod_acl_module_common()
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Noel Power [Thu, 8 Apr 2021 11:32:14 +0000 (12:32 +0100)]
s3/modules: VFS: acl_tdb: Remove call to chmod_acl_module_common()
Signed-off-by: Noel Power <noel.power@suse.com>
Noel Power [Thu, 8 Apr 2021 12:02:09 +0000 (13:02 +0100)]
s3/torture: Make cmd_chmod now use SMB_VFS_FCHMOD
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Noel Power [Thu, 8 Apr 2021 10:24:04 +0000 (11:24 +0100)]
s3/modules: linux_xfs_sgid_mkdirat() SMB_VFS_NEXT_FCHMOD => SMB_VFS_NEXT_CHMOD
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Noel Power [Thu, 8 Apr 2021 10:10:54 +0000 (11:10 +0100)]
s3/modules: nfs4acl_xattr_fset_nt_acl VFS_SMB_NEXT_CHMOD => VFS_SMB_NEXT_FCHMOD
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Noel Power [Thu, 8 Apr 2021 09:20:37 +0000 (10:20 +0100)]
s3/smbd: file_set_dosmode SMB_VFS_CHMOD => SMB_VFS_FCHMOD
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Noel Power [Tue, 6 Apr 2021 16:11:48 +0000 (17:11 +0100)]
s3/smbd: SMB_VFS_CHMOD -> SMB_VFS_FCHMOD
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Noel Power [Fri, 9 Apr 2021 13:57:08 +0000 (15:57 +0200)]
s3/modules: VFS: snapper: Add new fchmod_fn implementation
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Noel Power [Fri, 9 Apr 2021 13:54:44 +0000 (15:54 +0200)]
s3/modules: VFS: shadow_copy2: Add new fchmod_fn implementation
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Noel Power [Fri, 9 Apr 2021 13:53:20 +0000 (15:53 +0200)]
s3/modules: VFS: fruit: Add new fchmod_fn implementation
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Noel Power [Fri, 9 Apr 2021 13:49:15 +0000 (15:49 +0200)]
s3/modules: VFS: ceph_snapshots: Add new fchmod_fn implementation
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Noel Power [Wed, 7 Apr 2021 15:02:15 +0000 (16:02 +0100)]
s3/modules: make chmod_acl_module_common less strict so fchmod can run
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Noel Power [Tue, 6 Apr 2021 16:10:35 +0000 (17:10 +0100)]
VFS: ceph: Allow cephwrap_fchmod() to cope with pathref fsps.
Ensure it only uses an io fd for a handle based call.
Otherwise fall back to pathname based.
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Noel Power [Tue, 6 Apr 2021 16:08:50 +0000 (17:08 +0100)]
VFS: gluster: Allow vfs_gluster_fchmod() to cope with pathref fsps.
Ensure it only uses an io fd for a handle based call.
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Ralph Boehme [Fri, 9 Apr 2021 12:58:34 +0000 (14:58 +0200)]
s3/modules: fchmod: fallback to path based chmod if pathref
Signed-off-by: Noel Power <noel.power@suse.com>
Signed-off-by: Ralph Boehme <slow@samba.org>
Ralph Boehme [Fri, 9 Apr 2021 12:55:06 +0000 (14:55 +0200)]
vfs_default: require fchmod()
This has been part of POSIX for long enough in 2021.
Signed-off-by: Ralph Boehme <slow@samba.org>
Noel Power [Fri, 9 Apr 2021 11:08:35 +0000 (12:08 +0100)]
VFS: Fix version SMB_VFS_GET_DOS_ATTRIBUTES was removed in
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Fri, 9 Apr 2021 16:54:13 +0000 (09:54 -0700)]
s3: VFS: streams_xattr: Now we know we will never be doing ACL operations on streams, delete the now unneeded code.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Apr 9 20:48:17 UTC 2021 on sn-devel-184
Samuel Cabrero [Thu, 8 Apr 2021 16:45:38 +0000 (18:45 +0200)]
s3-iremotewinspool: set the per-request memory context
The iremotewinspool service is not using the pidl autogenerated code.
Set the per-request memory context following the changes made is commit
5a7e9ade9a4cdfa68900c6a64b639f53c0da47ad.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14675
CI: https://gitlab.com/samba-team/samba/-/merge_requests/1890
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Apr 9 15:20:02 UTC 2021 on sn-devel-184
Andreas Schneider [Tue, 6 Apr 2021 13:22:20 +0000 (15:22 +0200)]
s4:torture: Use cli_credentials_init_server()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Apr 9 11:48:00 UTC 2021 on sn-devel-184
Andreas Schneider [Tue, 6 Apr 2021 13:22:03 +0000 (15:22 +0200)]
s4:rpc_server: Use cli_credentials_init_server()
This also removes dcerpc_remote:domain option for the machine account case.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Tue, 6 Apr 2021 13:21:38 +0000 (15:21 +0200)]
s4:ntvfs: Use cli_credentials_init_server()
This also removes cifs:domain option for the machine account case.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Tue, 6 Apr 2021 13:21:38 +0000 (15:21 +0200)]
s4:ntvfs: Use cli_credentials_init_server()
This also removes cifs:domain option for the machine account case.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Tue, 6 Apr 2021 13:21:00 +0000 (15:21 +0200)]
s4:ldap_server: Use cli_credentials_init_server()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Tue, 6 Apr 2021 13:19:43 +0000 (15:19 +0200)]
s3:auth: Use cli_credentials_init_server()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 7 Apr 2021 03:34:52 +0000 (15:34 +1200)]
pytests/dns_forwarder: remove unused import
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Thu Apr 8 23:03:52 UTC 2021 on sn-devel-184
Douglas Bagnall [Fri, 26 Mar 2021 07:52:20 +0000 (20:52 +1300)]
samba-tool dns: use dnsserver.flag_from_string()
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Douglas Bagnall [Fri, 26 Mar 2021 07:41:29 +0000 (20:41 +1300)]
samba-tool dns: use dnsserver.record_from_string
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Douglas Bagnall [Wed, 7 Apr 2021 03:28:11 +0000 (15:28 +1200)]
pytests/dns: use dnsserver.record_from_string
not netcmd.dns.data_to_dns_record, which is a UI function.
The only practical difference is it will raise DNSParseError, not CommandError.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Douglas Bagnall [Wed, 7 Apr 2021 03:16:58 +0000 (15:16 +1200)]
pytests/dns: import dnsserver.TXTRecord directly
Not through samba-tool, which should not be used as a library.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Douglas Bagnall [Fri, 26 Mar 2021 08:04:20 +0000 (21:04 +1300)]
pytest/dcerpc/dnsserver.py: use dnsserver.flag_from_string
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Douglas Bagnall [Sat, 27 Mar 2021 02:41:10 +0000 (15:41 +1300)]
pytest/dcerpcdnsserver: use record_from_string helper
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Douglas Bagnall [Thu, 1 Apr 2021 02:29:32 +0000 (15:29 +1300)]
py/dnsserver add flag from string function
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Douglas Bagnall [Thu, 1 Apr 2021 02:28:49 +0000 (15:28 +1300)]
py/dnsserver: add record_from_string helper function
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Douglas Bagnall [Wed, 7 Apr 2021 01:34:50 +0000 (13:34 +1200)]
py/dnsserver: add .from_string() methods
The logic to parse DNS value strings (e.g. "example.com 10" for an MX,
which needs to be split on the space) is repeated at least in
samba-tool dns and tests/dcerpc/dnsserver.py. Here we bring it
together so we can do it once.
The sep= keyword allows callers to separate on all runs of
whitespace (the default, as samba-tool dns does) or, using sep='', to
separate on true spaces only.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Douglas Bagnall [Thu, 1 Apr 2021 02:26:01 +0000 (15:26 +1300)]
py/dnsserver: remove workaround of fixed bug
We used to do something wrong with the refcounts, but we don't anymore,
so we don't need this confusing nonsense.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Douglas Bagnall [Thu, 1 Apr 2021 02:23:48 +0000 (15:23 +1300)]
py/provision/sambadns: Add a comment about DNS types
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Douglas Bagnall [Sat, 27 Mar 2021 02:55:03 +0000 (15:55 +1300)]
py/provision/sambadns: rename CNameRecord -> CNAMERecord
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Douglas Bagnall [Fri, 26 Mar 2021 07:42:49 +0000 (20:42 +1300)]
py/dnsserver: replace obsolete comments with useful ones
The replaced comment was about a long fixed Python reference counting bug.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Douglas Bagnall [Fri, 26 Mar 2021 05:22:17 +0000 (18:22 +1300)]
pydns: rename s/CNameRecord/CNAMERecord/ for consistency
Everything else is TXTRecord, SRVRrcord, SOARecord.
Making CNAME the same allows easier lookups.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Noel Power [Wed, 3 Mar 2021 10:26:39 +0000 (10:26 +0000)]
VFS: Remove SMB_VFS_SET_DOS_ATTRIBUTE, no longer used
-------------------
/ \
/ REST \
/ IN \
/ PEACE \
/ \
| |
| SMB_VFS_SET_DOS_ATTRIBUTE |
| |
| |
| 3 March |
| 2021 |
| |
| |
*| * * * * * | *
_________)/\\_//(\/(/\)/\//\/\////\\/|_)_______
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Apr 8 18:38:40 UTC 2021 on sn-devel-184
Noel Power [Tue, 2 Mar 2021 10:30:40 +0000 (10:30 +0000)]
s3/smbd: SMB_VFS_SET_DOS_ATTRIBUTES -> SMB_VFS_FSET_DOS_ATTRIBUTES
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Noel Power [Wed, 3 Mar 2021 11:29:43 +0000 (11:29 +0000)]
s3/smbd: VFS Fix incorrect VFS_FIND
smb_vfs_call_fset_dos_attributes is looking for the wrong function
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 8 Apr 2021 10:17:22 +0000 (12:17 +0200)]
smbd: SMB2 Compound related chain handling when generation of FileId has failed
Issue:
We have a scenario where an application sends a Compound Related chain
consisting of:
SMB2_CREATE
SMB2_IOCTL
SMB2_SET_INFO
SMB2_CLOSE
SMB2_CREATE failed with NT_STATUS_ACCESS_DENIED and subsequent
requests all fail. In Samba they return NT_STATUS_FILE_CLOSED.
When I tried the same against a Win2k12 server, I noticed that all the
failed requests of the chain would return NT_STATUS_ACCESS_DENIED.
I believe this behaviour is also mentioned in the [MS-SMB2] Specs
3.3.5.2.7.2: Handling Compounded Related Requests
"When the current operation requires a FileId and the previous
operation either contains or generates a FileId, if the previous
operation fails with an error, the server SHOULD<223> fail the current
operation with the same error code returned by the previous
operation."
Fix:
Save NTATUS of a failed Create request. When we process subsequent
requests of the chain we check if the previous Create has failed. In
case of a Create failure we returned the saved NTSTATUS.
Signed-off-by: Anubhav Rakshit <anubhav.rakshit@gmail.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Apr 8 17:30:50 UTC 2021 on sn-devel-184
Ralph Boehme [Thu, 8 Apr 2021 10:25:22 +0000 (12:25 +0200)]
torture: add another smbtorture compound SMB2 requests test "related9"
This test verifies that if a compound related request is not preceeded by a
request that generates or contains a File-ID, the request fails with
NT_STATUS_INVALID_PARAMETER.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 8 Apr 2021 10:14:19 +0000 (12:14 +0200)]
torture: add smbtorture compound SMB2 requests test "related8"
This verifies that if the initial create fails with
NT_STATUS_OBJECT_NAME_NOT_FOUND, compount related operations fail with the same
error.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Anubhav Rakshit [Wed, 15 Jul 2020 04:44:52 +0000 (10:14 +0530)]
torture: add smbtorture testcase "related7" for failure in compound related chain
We want to verify what Windows does when the first request of the
chain has failed and an async request is part of the chain. We see
Windows fails the async request with the same error. Also the async
request is immediately failed.
Signed-off-by: Anubhav Rakshit <anubhav.rakshit@gmail.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Anubhav Rakshit [Mon, 18 May 2020 14:50:05 +0000 (20:20 +0530)]
torture: smbtorture test case to verify Compound related handling
This test case checks what happens when we have an intermediate request
failure and how it impacts rest of the chain.
Signed-off-by: Anubhav Rakshit <anubhav.rakshit@gmail.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Anubhav Rakshit [Fri, 15 May 2020 18:32:18 +0000 (00:02 +0530)]
torture: Add couple of compound related test cases to verify that server should return NTSTATUS of the failed Create for succeeding requests.
We already pass samba3.smb2.compound.related5, but mark related4 as knownfail.
Signed-off-by: Anubhav Rakshit <anubhav.rakshit@gmail.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Jeremy Allison [Mon, 22 Mar 2021 19:36:39 +0000 (12:36 -0700)]
Update status of SMB_VFS_REMOVEXATTR
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Apr 7 17:32:07 UTC 2021 on sn-devel-184
Jeremy Allison [Mon, 22 Mar 2021 19:33:46 +0000 (12:33 -0700)]
VFS: Remove SMB_VFS_REMOVEXATTR, no longer used
---------------
/ \
/ REST \
/ IN \
/ PEACE \
/ \
| |
| SMB_VFS_REMOVEXATTR |
| |
| |
| 22 March |
| 2021 |
| |
| |
*| * * * | *
_________)/\\_//(\/(/\)/\//\/\////|_)_______
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Mon, 22 Mar 2021 19:21:00 +0000 (12:21 -0700)]
s3: VFS: unityed_media: Remove um_removexattr(). No longer called.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Mon, 22 Mar 2021 19:14:25 +0000 (12:14 -0700)]
s3: VFS: time_audit: Remove smb_time_audit_removexattr(). No longer called.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Mon, 22 Mar 2021 19:13:15 +0000 (12:13 -0700)]
s3: VFS: snapper: Remove snapper_gmt_removexattr(). No longer called.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Mon, 22 Mar 2021 19:05:02 +0000 (12:05 -0700)]
s3: VFS: shadow_copy2: Remove shadow_copy2_removexattr(). No longer called.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Mon, 22 Mar 2021 19:02:08 +0000 (12:02 -0700)]
s3: VFS: posix_eadb: Remove posix_eadb_removexattr(). No longer called.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Mon, 22 Mar 2021 18:54:14 +0000 (11:54 -0700)]
s3: VFS: media_harmony: Remove mh_removexattr(). No longer called.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Mon, 22 Mar 2021 18:46:11 +0000 (11:46 -0700)]
s3: VFS: glusterfs: Remove vfs_gluster_removexattr(). No longer called.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Mon, 22 Mar 2021 18:34:02 +0000 (11:34 -0700)]
s3: VFS: full_audit: Remove smb_full_audit_removexattr(). No longer called.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Mon, 22 Mar 2021 18:20:07 +0000 (11:20 -0700)]
s3: VFS: ceph_snapshots: Remove ceph_snap_gmt_removexattr(). No longer called.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Mon, 22 Mar 2021 18:14:16 +0000 (11:14 -0700)]
s3: VFS: ceph: Remove cephwrap_removexattr(). No longer called.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Mon, 22 Mar 2021 18:13:14 +0000 (11:13 -0700)]
s3: VFS: catia: Remove catia_removexattr(). No longer called.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Fri, 19 Mar 2021 21:22:24 +0000 (14:22 -0700)]
s3: VFS: cap: Remove cap_removexattr(). No longer called.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Fri, 19 Mar 2021 21:04:22 +0000 (14:04 -0700)]
s3: VFS: xattr_tdb: Remove xattr_tdb_removexattr(). No longer called.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Fri, 19 Mar 2021 21:02:17 +0000 (14:02 -0700)]
s3: VFS: vxfs: Remove vxfs_remove_xattr() - no longer called.
Also remove supporting function from lib_vxfs.c.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Fri, 19 Mar 2021 20:12:12 +0000 (13:12 -0700)]
s3: torture: Change cmd_removexattr to use SMB_VFS_FREMOVEXATTR().
The last user of SMB_VFS_REMOVEXATTR() is gone, I can now
remove the internal VFS functions implementing it.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Thu, 11 Mar 2021 21:42:31 +0000 (13:42 -0800)]
s3: smbd: Change SMB_VFS_REMOVEXATTR -> SMB_VFS_FREMOVEXATTR.
We no longer need pathname based xattr remove.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Fri, 12 Mar 2021 22:47:37 +0000 (14:47 -0800)]
VFS: posixacl_xattr: In posixacl_xattr_acl_delete_def_file() change SMB_VFS_REMOVEXATTR() -> SMB_VFS_FREMOVEXATTR().
We know this is safe as SMB_VFS_SYS_ACL_DELETE_DEF_FILE() is only
ever called on an fsp->fsp_name.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Fri, 12 Mar 2021 22:36:49 +0000 (14:36 -0800)]
VFS: streams_xattr: In streams_xattr_renameat(), change SMB_VFS_REMOVEXATTR() -> SMB_VFS_FREMOVEXATTR().
Note that now we're doing this by handle
not by pathname we must do it on the base_fsp,
as we have to remove the actual xattr on the base file.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Fri, 12 Mar 2021 22:33:14 +0000 (14:33 -0800)]
lib: adouble: Use FREMOVEXATTR in preference to REMOVEXATTR.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Fri, 12 Mar 2021 00:36:09 +0000 (16:36 -0800)]
VFS: fake_acls: Clean up fake_acls_sys_acl_delete_def_file().
Change SMB_VFS_NEXT_REMOVEXATTR() -> SMB_VFS_NEXT_FREMOVEXATTR().
It doesn't need to do STAT calls, it's always called
with an fsp->fsp_name smb_filename. This will change
later to a handle-based call.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Fri, 12 Mar 2021 22:19:28 +0000 (14:19 -0800)]
VFS: gluster: Allow vfs_gluster_fremovexattr() to cope with pathref fsps.
Ensure it only uses an io fd for a handle based call.
Otherwise fall back to pathname based. This is the same as the
fallback used in vfs_default.c
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Fri, 12 Mar 2021 22:16:05 +0000 (14:16 -0800)]
VFS: ceph: Allow cephwrap_fremovexattr() to cope with pathref fsps.
Ensure it only uses an io fd for a handle based call.
Otherwise fall back to pathname based. This is the same as the
fallback used in vfs_default.c
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Thu, 1 Apr 2021 20:33:35 +0000 (13:33 -0700)]
VFS: nfs4acl_xattr: Change nfs4acl_validate_blob() to use the fsp instead of the name.
Changes use of SMB_VFS_REMOVEXATTR() -> SMB_VFS_FREMOVEXATTR().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Thu, 1 Apr 2021 20:22:15 +0000 (13:22 -0700)]
VFS: nfs4acl_xattr: Ensure remove smb_fname argument from nfs4acl_get_blob().
Now we know we always have a valid fsp, use it.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Thu, 1 Apr 2021 20:16:34 +0000 (13:16 -0700)]
VFS: nfs4acl_xattr: Ensure nfs4acl_get_blob() always gets a valid fsp pointer.
This means adding a synthetic_pathref() call into the
nfs4acl_xattr version of SMB_VFS_GET_NT_ACL_AT() which
is the pathname-based ACL fetch call.
One place where this (smb_fname->fsp == NULL)
can happen is from open when checking parent
directory ACL - check_parent_access() currently
isn't always passed a smb_fname with a valid
fsp and check_parent_access() currently doesn't
open a pathref smb_fname->fsp itself (eventually
it should be passed in a pathref from the caller).
There are also a few other places inside smbd
that call smbd_check_access_rights() also without
a pathref fsp.
This check should be moved into the
callers inside smbd to ensure that smb_fname->fsp
is always valid here, and in a later patchset (not
part of this set) I will do just that.
Ultimately it may be possible to remove
pathname based SMB_VFS_GET_NT_ACL_AT(), this
requires further investigation.
But until then, we need this change.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Tue, 6 Apr 2021 18:53:40 +0000 (11:53 -0700)]
s3: smbd: Fix parent_pathref() to cope with symlink parents.
We know that the parent name must
exist, and the name has been canonicalized
even if this was a POSIX pathname.
Ensure that we follow symlinks for
the parent. See the torture test
POSIX-SYMLINK-PARENT for details.
Remove knownfail entry.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Apr 7 15:39:45 UTC 2021 on sn-devel-184
Jeremy Allison [Tue, 6 Apr 2021 18:46:23 +0000 (11:46 -0700)]
s3: torture: Add an SMB1 POSIX specific test POSIX-SYMLINK-PARENT.
This creates a directory, then a symlink to a directory,
and then checks we can POSIX create and delete file, directory,
symlink and hardlink filesystem objects under the symlink
parent directory.
Mark as knownfail until next commit.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Joseph Sutton [Tue, 30 Mar 2021 03:08:40 +0000 (16:08 +1300)]
auth/credentials: Remove unneeded try/except syntax
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Apr 7 10:24:17 UTC 2021 on sn-devel-184
Joseph Sutton [Tue, 30 Mar 2021 03:02:27 +0000 (16:02 +1300)]
cracknames: Allow auto-conversion from an extended canonical name
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Joseph Sutton [Tue, 30 Mar 2021 03:01:44 +0000 (16:01 +1300)]
auth/credentials: Add test for binding with an extended canonical name
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Joseph Sutton [Tue, 30 Mar 2021 03:00:56 +0000 (16:00 +1300)]
auth/credentials: Add test for binding with a canonical name
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Joseph Sutton [Tue, 30 Mar 2021 03:00:04 +0000 (16:00 +1300)]
cracknames: Add support for SID string format
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10319
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Joseph Sutton [Tue, 30 Mar 2021 00:28:32 +0000 (13:28 +1300)]
auth/credentials: Add test for binding with a domain SID
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10319
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Bernd Kuhls [Sat, 27 Mar 2021 16:17:34 +0000 (17:17 +0100)]
dcesrv_core: fix build
Move include of system/network.h to avoid a build error:
In file included from ../../lib/replace/system/network.h:35,
from ../../librpc/rpc/dcesrv_core.c:2658:
usr/include/unistd.h: At top level:
usr/include/unistd.h:675:16: error: conflicting types for ‘geteuid’
675 | extern __uid_t geteuid (void) __THROW;
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Samuel Cabrero [Fri, 26 Jun 2020 15:20:32 +0000 (17:20 +0200)]
s3: rpc_server: Store new association groups in the id tree
Right now a new association group is created for each connection
assigning the legacy 0x53F0 id, but it is not stored anywhere. When a
second client request to join an association group by its id it is not
found and a new one is created with the same ID.
In practise, it means the association groups are not working even in the
same server process.
This commit stores the created association group in the idtree, but to
make use of it assigns a random id instead of the historical 0x53F0.
The test assoc_group_ok2 was wrongly passing before this change because
the same id 0x53F0 was assigned to all association groups.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Samuel Cabrero [Thu, 18 Jun 2020 16:40:16 +0000 (18:40 +0200)]
s3: rpc_server: Search for already created association groups
If the client requests to join to an association group in the bind operation
try to find it and do not create a new one.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Samuel Cabrero [Fri, 19 Jun 2020 14:31:39 +0000 (16:31 +0200)]
selftest: Test RPC handles and association groups from different connection
Add a test to check if a RPC handle can be used from a different connection
than the one where it was created, when the same association group is
requested in the bind operation of the second connection.
The association group handling is one of the differences between the S3
and S4 RPC server implementations provided by the implementation
callbacks after the merge.
Association groups work fine in the S4 implementation as the RPC server
runs in one process, except for the 'smbd' embedded services provided
by the S3 implementation like winreg (see lp_enforce_ad_dc_settings()).
In the S3 implementation, association groups should work in the same
process, but the merge introduced a bug where a new association group is
always created even when it already exists in the same process.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Joseph Sutton [Fri, 12 Mar 2021 01:41:13 +0000 (14:41 +1300)]
s4:dsdb/password_hash: Add a more useful error message for passwords too long to be hashed
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14621
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 23 Feb 2021 13:52:06 +0000 (02:52 +1300)]
provision tests: Add a test for hashing overly long passwords
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14621
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 23 Feb 2021 13:46:38 +0000 (02:46 +1300)]
s4:dsdb/password_hash: Add additional check for crypt() and crypt_r() failure
While crypt_rn() always returns a null pointer in the event of
failure, crypt() and crypt_r() may instead return a string starting
with the character '*'. This commit adds a check to detect failure in
this case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14621
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 23 Feb 2021 13:03:25 +0000 (02:03 +1300)]
provision: Decrease the length of random machine passwords
The current length of 128-255 UTF-16 characters currently causes
generation of crypt() passwords to typically fail. This commit
decreases the length to 120 UTF-16 characters, which is the same as
that used by Windows.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14621
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>