Jeremy Allison [Fri, 1 May 2020 17:09:53 +0000 (10:09 -0700)]
s3: smbd: Reformat users of smbd_calculate_access_mask().
Make new parameter addition clearer.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Fri, 1 May 2020 01:20:29 +0000 (18:20 -0700)]
s3: smbd: Add a dirfsp parameter to check_parent_access().
Not yet used. Currently always conn->cwd_fsp.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Fri, 1 May 2020 01:16:51 +0000 (18:16 -0700)]
s3: smbd: Reformat users of check_parent_access().
Make new parameter addition clearer.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Thu, 30 Apr 2020 23:05:34 +0000 (16:05 -0700)]
s3: smbd: Add a dirfsp parameter to user_can_read_file().
Not yet used. Currently always conn->cwd_fsp.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Thu, 30 Apr 2020 23:04:31 +0000 (16:04 -0700)]
s3: smbd: Reformat users of user_can_read_file().
Make new parameter addition clearer.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Thu, 30 Apr 2020 23:02:43 +0000 (16:02 -0700)]
s3: smbd: Add a dirfsp parameter to smbd_check_access_rights().
Not yet used. Currently always conn->cwd_fsp.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Thu, 30 Apr 2020 22:48:12 +0000 (15:48 -0700)]
s3: smbd: Reformat users of smbd_check_access_rights().
Make new parameter addition clearer.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Thu, 30 Apr 2020 22:44:37 +0000 (15:44 -0700)]
s3: smbd: Add dirfsp parameter to can_write_to_file().
Not yet used. Currently always conn->cwd_fsp.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Thu, 30 Apr 2020 22:35:36 +0000 (15:35 -0700)]
s3: smbd: Reformat users of can_write_to_file().
Make new parameter addition clearer.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Thu, 30 Apr 2020 22:31:43 +0000 (15:31 -0700)]
s3: smbd: Add dirfsp parameter to user_can_write_file().
Not yet used. Currently always conn->cwd_fsp.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Thu, 30 Apr 2020 22:30:40 +0000 (15:30 -0700)]
s3: smbd: Reformat caller of user_can_write_file().
Make new parameter addition clearer.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Thu, 30 Apr 2020 22:28:32 +0000 (15:28 -0700)]
s3: smbd: Add dirfsp parameter to can_delete_file_in_directory().
Not yet used. Currently always conn->cwd_fsp.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Thu, 30 Apr 2020 22:20:34 +0000 (15:20 -0700)]
s3: smbd: Reformat definition and callers of can_delete_file_in_directory().
Makes future addition of parameter easier to see.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Andrew Bartlett [Wed, 11 Mar 2020 03:43:31 +0000 (16:43 +1300)]
CVE-2020-10700: dsdb: Do not permit the ASQ control for the GUID search in paged_results
ASQ is a very strange control and a BASE search can return multiple results
that are NOT the requested DN, but the DNs pointed to by it!
Thanks to Andrei Popa <andrei.popa@next-gen.ro> for finding,
reporting and working with us to diagnose this issue!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14331
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(master): Mon May 4 10:14:28 UTC 2020 on sn-devel-184
Andrew Bartlett [Wed, 11 Mar 2020 03:41:34 +0000 (16:41 +1300)]
CVE-2020-10700: ldb: Always use ldb_next_request() in ASQ module
We want to keep going down the module stack, and not start from the top again.
ASQ is above the ACL modules, but below paged_results and we do not wish to
re-trigger that work.
Thanks to Andrei Popa <andrei.popa@next-gen.ro> for finding,
reporting and working with us to diagnose this issue!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14331
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Andrew Bartlett [Mon, 30 Mar 2020 09:44:20 +0000 (09:44 +0000)]
CVE-2020-10700: dsdb: Add test for ASQ and ASQ in combination with paged_results
Thanks to Andrei Popa <andrei.popa@next-gen.ro> for finding,
reporting and working with us to diagnose this issue!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14331
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Gary Lockyer [Tue, 7 Apr 2020 22:46:44 +0000 (10:46 +1200)]
CVE-2020-10704 libcli ldap: Check search request lengths.
Check the search request lengths against the limits passed to
ldap_decode.
Credit to OSS-Fuzz
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20454
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14334
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Gary Lockyer <gary@samba.org>
Autobuild-Date(master): Mon May 4 04:40:10 UTC 2020 on sn-devel-184
Gary Lockyer [Tue, 7 Apr 2020 20:49:23 +0000 (08:49 +1200)]
CVE-2020-10704: libcli ldap_message: Add search size limits to ldap_decode
Add search request size limits to ldap_decode calls.
The ldap server uses the smb.conf variable
"ldap max search request size" which defaults to 250Kb.
For cldap the limit is hard coded as 4096.
Credit to OSS-Fuzz
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20454
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14334
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Wed, 8 Apr 2020 03:32:22 +0000 (15:32 +1200)]
CVE-2020-10704: S4 ldap server: Limit request sizes
Check the size of authenticated and anonymous ldap requests and reject
them if they exceed the limits in smb.conf
Credit to OSS-Fuzz
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20454
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14334
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Mon, 6 Apr 2020 21:09:01 +0000 (09:09 +1200)]
CVE-2020-10704: smb.conf: Add max ldap request sizes
Add two new smb.conf parameters to control the maximum permitted ldap
request size.
Adds:
ldap max anonymous request size default 250Kb
ldap max authenticated request size default 16Mb
Credit to OSS-Fuzz
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20454
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14334
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Tue, 14 Apr 2020 01:32:32 +0000 (13:32 +1200)]
CVE-2020-10704: ldapserver tests: Limit search request sizes
Add tests to ensure that overly long (> 256000 bytes) LDAP search
requests are rejected.
Credit to OSS-Fuzz
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20454
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14334
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Wed, 8 Apr 2020 03:30:52 +0000 (15:30 +1200)]
CVE-2020-10704: lib util asn1: Check parse tree depth
Check the current depth of the parse tree and reject the input if the
depth exceeds that passed to asn1_init
Credit to OSS-Fuzz
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20454
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14334
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Thu, 2 Apr 2020 02:25:53 +0000 (15:25 +1300)]
CVE-2020-10704: libcli ldap: test recursion depth in ldap_decode_filter_tree
Add tests to check that ASN.1 ldap requests with deeply nested elements
are rejected. Previously there was no check on the on the depth of
nesting and excessive nesting could cause a stack overflow.
Credit to OSS-Fuzz
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20454
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14334
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Thu, 2 Apr 2020 23:18:03 +0000 (12:18 +1300)]
CVE-2020-10704: lib util asn1: Add ASN.1 max tree depth
Add maximum parse tree depth to the call to asn1_init, which will be
used to limit the depth of the ASN.1 parse tree.
Credit to OSS-Fuzz
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20454
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14334
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Ralph Boehme [Thu, 5 Mar 2020 14:16:07 +0000 (15:16 +0100)]
smbd: use is_lease_stat_open() in delay_for_oplock()
This allows READ_CONTROL_ACCESS in the access mask as stat open if a file has
only leases.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14357
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Apr 30 21:10:43 UTC 2020 on sn-devel-184
Ralph Boehme [Thu, 5 Mar 2020 14:14:21 +0000 (15:14 +0100)]
smbd: add is_lease_stat_open()
This adds a leases specific stat opens access mask check function.
See also:
https://lists.samba.org/archive/cifs-protocol/2020-March/003409.html
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14357
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 5 Mar 2020 14:12:20 +0000 (15:12 +0100)]
smbd: rename is_stat_open() to is_oplock_stat_open()
Testing stat opens with with leases reveals that that the access mask
SYNCHRONIZE_ACCESS | FILE_READ_ATTRIBUTES | FILE_WRITE_ATTRIBUTES
is specific to oplocks.
See also:
https://lists.samba.org/archive/cifs-protocol/2020-March/003409.html
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14357
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Tue, 3 Mar 2020 11:09:09 +0000 (12:09 +0100)]
s4/torture: add a comprehensive "non-lease-break-trigger" access mask test case
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14357
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Tue, 3 Mar 2020 11:09:09 +0000 (12:09 +0100)]
s4/torture: add a comprehensive "non-oplock-break-trigger" access mask test case
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14357
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Jeremy Allison [Wed, 29 Apr 2020 22:32:21 +0000 (15:32 -0700)]
s3: smbd: Add dirfsp parameter to check_access().
Not yet used.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Apr 30 09:11:56 UTC 2020 on sn-devel-184
Jeremy Allison [Wed, 29 Apr 2020 22:28:27 +0000 (15:28 -0700)]
s3: smbd: Reformat callers of check_access().
Makes it easier to see when we add the dirfsp
parameter.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Wed, 29 Apr 2020 22:26:08 +0000 (15:26 -0700)]
s3: smbd: Make check_access() a simple wrapper around smbd_check_access_rights().
Now we call check_access_fsp() separately in the callers we don't need the fsp
parameter anymore.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Wed, 29 Apr 2020 22:23:30 +0000 (15:23 -0700)]
s3: smbd: Reformat spacing for parameters of check_access().
Makes it easier to see the removal of the parameter next.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Wed, 29 Apr 2020 22:22:31 +0000 (15:22 -0700)]
s3: smbd: Move the fsp check up one level from check_access().
This allows us to call check_access_fsp() directly when
we have an fsp, and to add in the dirfsp for relative
name access to check_access() in the next commit, making
it clear what it's for (and not confusing it with the
file fsp).
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Wed, 29 Apr 2020 22:18:57 +0000 (15:18 -0700)]
s3: smbd: Cleanup - move the function get_nt_acl_no_snum() to it's user module.
Make static. It was only called from one place.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Wed, 29 Apr 2020 22:14:41 +0000 (15:14 -0700)]
s3: smbd: Add a dirfsp parameter to directory_has_default_acl().
Not yet used, but will make it easier to move to SMB_VFS_GET_NT_ACL_AT()
later.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Wed, 29 Apr 2020 22:11:33 +0000 (15:11 -0700)]
s3: smbd: Reformat uses of directory_has_default_acl().
Makes it easier to add a dirfsp parameter.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Wed, 29 Apr 2020 21:43:50 +0000 (14:43 -0700)]
s3: smbd: Change is_visible_file() to take a directory handle not a name.
No change in functionality as the name is
easily retrieved from the directory handle
(it's always the name we opened the directory with)
and this will allow us to use the directory handle
fsp later.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Wed, 29 Apr 2020 21:37:02 +0000 (14:37 -0700)]
s3: smbd: Reformat calls to is_visible_file() to one arg per line.
Will make it easier to see parameter change in a later commit.
No logic changes.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Tue, 14 Apr 2020 21:41:09 +0000 (14:41 -0700)]
s3: VFS: snapper. Remove snapper_gmt_fget_nt_acl().
This fallback was only used for directories. Now we always
have a valid fd for directories it is no longer needed.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Tue, 14 Apr 2020 21:38:22 +0000 (14:38 -0700)]
s3: VFS: ceph_snapshots. Remove duplicate definition of get_nt_acl_fn.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Tue, 14 Apr 2020 21:37:17 +0000 (14:37 -0700)]
s3: VFS: ceph_snapshots. Remove ceph_snap_gmt_fget_nt_acl().
This fallback was only used for directories. Now we always
have a valid fd for directories it is no longer needed.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Tue, 14 Apr 2020 21:10:35 +0000 (14:10 -0700)]
s3: VFS: shadow_copy2. SMB_VFS_FGET_NT_ACL() makes no sense in this module.
Once we have an open fsp we know we've gone through the pathname
translation.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Tue, 14 Apr 2020 21:07:23 +0000 (14:07 -0700)]
s3: smbd: In posix_fget_nt_acl() remove the fall-back to path based operations.
Previously we'd do this for directory opens, but directory opens
now always have an open fd. stat opens don't have permissions
to read a security descriptor anyway.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Alexander Bokovoy [Wed, 29 Apr 2020 08:54:07 +0000 (11:54 +0300)]
s3 rpc server: set on-wire handle type explicitly
Since wire_handle.handle_type is uint32_t, we can simply assign uint8_t
handle type to it without using SIVAL() macros. Further unify with s4
RPC server code flow.
Fixes CID
1462616
>>> CID
1462616: (CONSTANT_EXPRESSION_RESULT)
>>> "(uint32_t)handle_type >> 16" is 0 regardless of the values of its operands. This occurs as a value.
284 SIVAL(&rpc_hnd->wire_handle.handle_type, 0 , handle_type);
Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Alexander Bokovoy <ab@samba.org>
Autobuild-Date(master): Thu Apr 30 07:09:55 UTC 2020 on sn-devel-184
Ralph Boehme [Wed, 29 Apr 2020 09:06:26 +0000 (11:06 +0200)]
smbd: remove unneeded parent_dir variable from mkdir_internal()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Apr 29 18:16:02 UTC 2020 on sn-devel-184
Ralph Boehme [Wed, 29 Apr 2020 09:05:25 +0000 (11:05 +0200)]
smbd: convert inherit_from_dir arg of change_dir_owner_to_parent() to struct smb_filename
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Wed, 29 Apr 2020 09:03:11 +0000 (11:03 +0200)]
smbd: convert inherit_from_dir arg of change_file_owner_to_parent() to struct smb_filename
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Wed, 29 Apr 2020 08:56:23 +0000 (10:56 +0200)]
smbd: convert inherit_access_posix_acl() arg parent_dir to struct smb_filename
This also fixes a bug introduced by
cea8e57eac2ed7b90a5c5d207bf392ff0546398e
where inherit_access_posix_acl() used the smb_fname->base_name instead of
inherit_from_dir in synthetic_smb_fname() to get an struct smb_filename of the
parent directory.
Nobody complained so far, fix it silently.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Wed, 29 Apr 2020 08:43:05 +0000 (10:43 +0200)]
smbd: convert parent_dir arg of open_file() to struct smb_filename
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Wed, 29 Apr 2020 08:09:16 +0000 (10:09 +0200)]
smbd: pass dirname as struct smb_filename to is_visible_file()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Wed, 29 Apr 2020 07:51:13 +0000 (09:51 +0200)]
smbd: realign is_visible_file() args one per line
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Tue, 28 Apr 2020 16:24:59 +0000 (18:24 +0200)]
smbd: copy twrp in cp_smb_filename()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Tue, 28 Apr 2020 16:23:37 +0000 (18:23 +0200)]
smbd: add previous version timestamp to struct smb_filename
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Tue, 28 Apr 2020 16:18:08 +0000 (18:18 +0200)]
smbd: pass struct smb_filename smb_fname_parent to unix_mode()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Tue, 28 Apr 2020 16:09:18 +0000 (18:09 +0200)]
smbd: pass struct smb_filename parent_dir to file_set_dosmode()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Tue, 28 Apr 2020 16:06:21 +0000 (18:06 +0200)]
smbd: align file_set_dosmode() args one per line
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Tue, 28 Apr 2020 16:03:41 +0000 (18:03 +0200)]
smbd: pass struct smb_filename to directory_has_default_acl()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Tue, 28 Apr 2020 15:58:07 +0000 (17:58 +0200)]
smbd: use parent_smb_fname() in check_reduced_name()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Tue, 28 Apr 2020 15:50:01 +0000 (17:50 +0200)]
smbd: use parent_smb_fname() in check_reduced_name_with_privilege()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Tue, 28 Apr 2020 15:08:53 +0000 (17:08 +0200)]
smbd: use parent_smb_fname() in smb_unix_mknod()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Tue, 28 Apr 2020 14:55:30 +0000 (16:55 +0200)]
smbd: use parent_smb_fname() in parent_dirname_compatible_open()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Tue, 28 Apr 2020 14:52:09 +0000 (16:52 +0200)]
smbd: use parent_smb_fname() in inherit_new_acl()
Note: has to rename the variable parent_smb_fname otherwise it conflicts with
the function name.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Tue, 28 Apr 2020 14:47:44 +0000 (16:47 +0200)]
smbd: use parent_smb_fname() in mkdir_internal()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Tue, 28 Apr 2020 14:44:00 +0000 (16:44 +0200)]
smbd: use parent_smb_fname() in open_file_ntcreate()
Prepares for converting a bunch of functions to struct smb_filename later.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Tue, 28 Apr 2020 14:40:25 +0000 (16:40 +0200)]
smbd: use parent_smb_fname() in non_widelink_open()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Tue, 28 Apr 2020 14:23:07 +0000 (16:23 +0200)]
smbd: use parent_smb_fname() in check_parent_access()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Tue, 28 Apr 2020 14:11:38 +0000 (16:11 +0200)]
smbd: use parent_smb_fname() in copy_internals()
Prepares for converting file_set_dosmode() to struct smb_filename.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Tue, 28 Apr 2020 14:00:42 +0000 (16:00 +0200)]
smbd: use parent_smb_fname() in unix_convert()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Wed, 29 Apr 2020 13:43:30 +0000 (15:43 +0200)]
smbd: use synthetic_smb_fname() in check_parent_exists()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Tue, 28 Apr 2020 13:21:37 +0000 (15:21 +0200)]
smbd: use parent_smb_fname() in can_delete_file_in_directory()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Tue, 28 Apr 2020 13:01:59 +0000 (15:01 +0200)]
vfs_linux_xfs_sgid: use parent_smb_fname()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Tue, 28 Apr 2020 12:47:40 +0000 (14:47 +0200)]
vfs_gpfs: use parent_smb_fname()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Tue, 28 Apr 2020 12:43:20 +0000 (14:43 +0200)]
vfs_default: use parent_smb_fname()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Tue, 28 Apr 2020 12:41:21 +0000 (14:41 +0200)]
vfs_ceph: use parent_smb_fname()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Tue, 28 Apr 2020 12:28:32 +0000 (14:28 +0200)]
vfs_aio_pthread: use parent_smb_fname()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Tue, 28 Apr 2020 12:15:38 +0000 (14:15 +0200)]
vfs_acl_common: use parent_smb_fname()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Tue, 28 Apr 2020 10:55:26 +0000 (12:55 +0200)]
s3/lib: add parent_smb_fname()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Fri, 19 Jul 2019 10:35:57 +0000 (12:35 +0200)]
testprogs: Add client kerberos test
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Apr 29 11:53:41 UTC 2020 on sn-devel-184
Andreas Schneider [Thu, 18 Jul 2019 12:18:57 +0000 (14:18 +0200)]
s4:torture: Print account and authority name
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Andreas Schneider [Tue, 28 Apr 2020 15:25:35 +0000 (17:25 +0200)]
docs-xml: Fix usernames in pam_winbind manpages
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14358
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Apr 29 09:44:55 UTC 2020 on sn-devel-184
Björn Baumbach [Tue, 28 Apr 2020 15:09:56 +0000 (17:09 +0200)]
samba-tool: fetch "no such subcommand" error and print error message
This patch especially improves the case where extra arguments are used.
Without this patch just the attributes are mentioned as invalid, if
samba-tool is called with an invalid/unknown subcommand.
Example without this patch:
# samba-tool sites list --all
Usage: samba-tool sites <subcommand>
samba-tool sites: error: no such option: --all
This can be deceptive for users. Is looks like the "list" command
does not provide a "--all" option.
Example with this patch:
# samba-tool sites list --all
samba-tool sites: no such subcommand: list
Usage: samba-tool sites <subcommand>
(...)
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Apr 29 08:08:21 UTC 2020 on sn-devel-184
Andrew Bartlett [Thu, 23 Apr 2020 23:04:00 +0000 (11:04 +1200)]
librpc: Provide clearer debug messages for malformed DCE/RPC bind
REF: https://lists.samba.org/archive/samba/2020-April/229334.html
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Alexander Bokovoy [Tue, 28 Apr 2020 18:59:46 +0000 (21:59 +0300)]
s3: pass DCE RPC handle type to create_policy_hnd
Various RPC services expect policy handles of a specific type.
s3 RPC server did not allow to create policy handles with a specific
type while actually requiring that policy handle type itself in some
places.
Make sure we are able to specify the policy on-wire handle type when
creating the policy handle. The changes follow s4 DCE RPC server
implementation.
The original logic to always set on-wire handle type to 0 can be tracked
down to commit
fdeea341ed1bae670382e45eb731db1b5838ad21 when we didn't
really know about differences in on-wire handle types.
All but LSA trusted domain RPC calls do not check the on-wire handle
type in s3 RPC server.
Fixes trusted domain operations when Samba RPC client attempts to call
s3 RPC server to perform lsa_lsaRSetForestTrustInformation in FreeIPA.
This fix is a pre-requisite for FreeIPA-FreeIPA forest trust.
Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Apr 28 22:55:29 UTC 2020 on sn-devel-184
David Mulder [Thu, 23 Jan 2020 14:26:53 +0000 (07:26 -0700)]
s4:torture: Convert samba3.raw.mkdir test to smb2
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
888abcaf8ffbec45fc47520bd3f544e3aa6f58f2)
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Apr 28 19:46:32 UTC 2020 on sn-devel-184
David Mulder [Mon, 6 Jan 2020 16:43:19 +0000 (09:43 -0700)]
s4:torture: Convert samba4.base.tcon test to smb2
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
eb167bc43dbe196ef5b3bfd24160c72c74113dea)
David Mulder [Mon, 23 Dec 2019 20:58:47 +0000 (13:58 -0700)]
Convert samba4.base.mangle test to smb2
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
9437b44668c9f7742d6d4fe0891ac4d9fda7c804)
David Mulder [Mon, 13 Jan 2020 16:19:51 +0000 (09:19 -0700)]
Implement alt name query for smb2
Implements smb2_qpathinfo_alt_name() and
RAW_FILEINFO_SMB2_ALT_NAME_INFORMATION.
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
097df343ce21c8340aee7f42f233fe74b92b47e2)
David Mulder [Fri, 20 Dec 2019 21:06:13 +0000 (14:06 -0700)]
Convert samba4.base.maximum_allowed to smb2
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
d9edfeea668362269d812f82b1957ed16ff56dd4)
David Mulder [Fri, 20 Dec 2019 21:10:49 +0000 (14:10 -0700)]
Add SMB2 lsa helper routines
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
3763052c2a95ac9bd60f00458389a5245cf5d58d)
Ralph Boehme [Tue, 28 Apr 2020 06:04:41 +0000 (08:04 +0200)]
smbd: add missing done check from unix_convert_step_stat() refactoring
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 24 Mar 2020 13:35:51 +0000 (14:35 +0100)]
lib: Remove unused elements from ctdbd_connection
Nobody set them, only the destructor referenced them
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Apr 28 10:46:22 UTC 2020 on sn-devel-184
Volker Lendecke [Tue, 24 Mar 2020 13:33:28 +0000 (14:33 +0100)]
lib: Nobody sets ctdbd_connection->fde anymore, remove it
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Tue, 24 Mar 2020 13:32:06 +0000 (14:32 +0100)]
lib: Remove unused ctdbd_setup_fde() and callees
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Wed, 11 Mar 2020 10:03:06 +0000 (11:03 +0100)]
lib: Use ctdbd_req_send/recv in ctdb_parse_send/recv
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Thu, 12 Mar 2020 15:20:50 +0000 (16:20 +0100)]
torture3: Test ctdb_req_send/recv
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Fri, 20 Mar 2020 12:58:21 +0000 (13:58 +0100)]
lib: Add ctdbd_req_send/recv
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Fri, 20 Mar 2020 12:46:13 +0000 (13:46 +0100)]
lib: Add ctdbd_prep_hdr_next_reqid()
Preparation for generic ctdb_req_send/recv: No need to expose
ctdbd_next_reqid(), do basic preparations of a ctdb_req_header
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Thu, 12 Mar 2020 15:05:58 +0000 (16:05 +0100)]
lib: Add ctdbd_init_async_connection()
Prepare for ctdb_req_send/recv doing tevent_req based async ctdb
requests
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Mon, 23 Mar 2020 12:03:35 +0000 (13:03 +0100)]
selftest: Run local-dbwrap-ctdb1 test
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>