Ralph Boehme [Fri, 8 May 2020 13:24:04 +0000 (15:24 +0200)]
smbd: realign fd_open_atomic() args
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 7 May 2020 18:52:18 +0000 (20:52 +0200)]
smbd: realign args to fd_open_atomic() in open_file()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 7 May 2020 18:46:06 +0000 (20:46 +0200)]
smbd: realign args to open_file() in open_file_ntcreate()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Fri, 10 Apr 2020 14:52:07 +0000 (16:52 +0200)]
smbd: remove redundant conn arg from open_file()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Mon, 18 May 2020 10:24:30 +0000 (12:24 +0200)]
smbd: assert (fsp->dirfsp == conn->cwd_fsp) in open_file_ntcreate()
There's a bunch of stuff that needs updating to work with atnames.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Sat, 16 May 2020 06:23:24 +0000 (08:23 +0200)]
smbd: set dirfsp in the SMB2 DH reconnect
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 7 May 2020 14:52:20 +0000 (16:52 +0200)]
smbd: set fsp->dirfsp in create_file_unixpath()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Fri, 10 Apr 2020 13:38:55 +0000 (15:38 +0200)]
smbd: use dirfsp in mkdir_internal()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Mon, 18 May 2020 10:09:32 +0000 (12:09 +0200)]
smbd: fix check_parent_access() args alignment in mkdir_internal()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 7 May 2020 15:51:42 +0000 (17:51 +0200)]
smbd: fix SMB_VFS_MKDIRAT() arg alignment in mkdir_internal()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Fri, 10 Apr 2020 13:36:34 +0000 (15:36 +0200)]
smbd: pass dirfsp to mkdir_internal()
Not really used for now and marked with
SMB_ASSERT(dirfsp == conn->cwd_fsp)
because it needs to be updated later to work with real dirfsp.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Mon, 18 May 2020 12:30:56 +0000 (14:30 +0200)]
smbd: set fsp->dirfsp in open_directory()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Mon, 18 May 2020 15:07:53 +0000 (17:07 +0200)]
smbd: use dirfsp in open_directory()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 7 May 2020 14:51:35 +0000 (16:51 +0200)]
smbd: pass dirfsp to open_directory()
As the calls to
* SMB_VFS_LSTAT()
* get_share_mode_lock()
and maybe others still have to be updated to work with atnames, we
assert (dirfsp == conn->cwd_fsp).
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 7 May 2020 14:50:20 +0000 (16:50 +0200)]
smbd: realign args in calls to open_directory()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 7 May 2020 14:32:10 +0000 (16:32 +0200)]
smbd: pass dirfsp to create_file_unixpath()
As the calls to
* lease_match()
* open_streams_for_delete()
* check_base_file_access
* SMB_VFS_STAT
and others needs to be updated to work with atnames in the
future, we assert (dirfsp == conn->cwd_fsp).
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 7 May 2020 14:24:16 +0000 (16:24 +0200)]
smbd: realign create_file_unixpath() args
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 14 May 2020 12:00:22 +0000 (14:00 +0200)]
smbd: add dirfsp arg to SMB_VFS_CREATE_FILE()
As create_file_default() still need to be updated in the future to replace the
SMB_VFS_STAT() calls with AT-based versions, it asserts (dirfsp ==
dirfsp->conn->cwd_fsp).
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Mon, 18 May 2020 12:37:18 +0000 (14:37 +0200)]
smbd: handling of fsp->dirfsps in close_file()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Mon, 6 Apr 2020 13:41:41 +0000 (15:41 +0200)]
smbd: add flag "is_dirfsp" to the fsp_flags
This denotes pure VFS layer dirfsps that are used in *AT varients of VFS
interface functions and which bypass the FSA layer, requiring special handling
in codepaths closing/freeing the fsp.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Fri, 15 May 2020 14:18:13 +0000 (16:18 +0200)]
vfs: add dirfsp to struct files_struct
As fsp->fsp_name will be a AT-name in the future, we need something to retrieve
the full path for an fsp from for stuff like fsp_str_dbg().
As there are functions like vfs_stat_fsp() that have internal fallbacks to
path-based VFS functions if fsp->fh->fh == -1, having the original dirfsp as
part of the fsp helps in converting the internal VFS functions to AT versions.
In the future when all such internal fallbacks are eliminated we can remove
fsp->dirfsp to avoid the additional fd per fsp and use a fsp->path or similar.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Fri, 15 May 2020 13:25:07 +0000 (15:25 +0200)]
smbd: move fstat from create_internal_dirfsp() to open_internal_dirfsp()
The original idea of doing the fstat in create_internal_dirfsp() was to return
from the function with a valid file_id and that requires valid stat info.
However, as dirfsp->fh->fd will still be -1 at this point vfs_stat_fsp() will
fallback to path-based stat() which must be avoided.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Fri, 15 May 2020 13:14:26 +0000 (15:14 +0200)]
smbd: rename create_internal_dirfsp_at() to create_internal_dirfsp()
Having removed the unused dirfsp parameter this is not an AT function.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Fri, 15 May 2020 13:14:26 +0000 (15:14 +0200)]
smbd: rename open_internal_dirfsp_at() to open_internal_dirfsp()
Having removed the unused dirfsp parameter this is not an AT function. Security
is provided by symlink safe fd_open().
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 14 May 2020 15:08:15 +0000 (17:08 +0200)]
vfs_aio_pthread: avoid parent_smb_fname()
opd->dname was only needed for debug messages, use opd->fsp_name for that. And
opd->fname can be just made a copy of smb_fname. This avoids calling
parent_smb_fname().
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 14 May 2020 15:00:57 +0000 (17:00 +0200)]
vfs_aio_pthread: SMB_VFS_OPEN() is called with cwd=parent directory of the file
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 14 May 2020 14:52:16 +0000 (16:52 +0200)]
vfs_aio_pthread: pass smb_fname to create_private_open_data()
Not yet used.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 14 May 2020 14:50:40 +0000 (16:50 +0200)]
vfs_aio_pthread: pass smb_fname to open_async()
Not yet used.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 14 May 2020 16:38:51 +0000 (18:38 +0200)]
smbd: remove dirfsp arg from [create|open]_internal_dirfsp_at()
These are the functions that *create* dirfsps, they can't *take* dirfsps as that
would be recursive...
Both functions just take a pathname and the internal opening of the underlying
fd is secured from symlink races by our chdir("p/a/t/h") ; open(".", O_RDONLY);
logic in non_widelink_open().
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Tue, 14 Apr 2020 19:07:24 +0000 (21:07 +0200)]
smbd: set fsp_name of conn->cwd_fsp
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Tue, 7 Apr 2020 16:41:15 +0000 (18:41 +0200)]
smbd: move conn_rootdir_fname to non_widelink_open()
No change in behaviour. This just simplifies fd_open() a bit which will make it
easier to add an fd_openat() later.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 9 Apr 2020 13:42:59 +0000 (15:42 +0200)]
smbd: prepare for replacing SMB_VFS_READLINKAT() with SMB_VFS_STATX() in the future
Add a large comment inside process_symlink_open() explaining why we need to call
SMB_VFS_READLINKAT().
As we don't make use of the returned name and just rely on SMB_VFS_REALPATH()
doing its job, remove target_fname
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 7 May 2020 09:50:58 +0000 (11:50 +0200)]
smbd: remove unused variable twrp_name from filename_convert_internal()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Tue, 31 Mar 2020 16:57:55 +0000 (18:57 +0200)]
smbd: update function documentation header to match actual function argument names
Leaving p_cont_wcard unchanges as updating that would break the nice
indentation... :)
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 9 Apr 2020 16:24:26 +0000 (18:24 +0200)]
smbd: add open_flags arg to in open_internal_dirfsp_at()
The only caller passes in what was used internally, so no change in
behaviour. Prepares for calling open_internal_dirfsp_at() from
filename_convert() with additional flags.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Wed, 4 Mar 2020 09:32:43 +0000 (10:32 +0100)]
smbd: exit early in the error case in fd_open()
No change in behaviour.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Wed, 4 Mar 2020 09:56:56 +0000 (10:56 +0100)]
smbd: refactor flags computation for fd_open() in open_directory() a bit
No change in behaviour. A subsequent commit will optionally add an additional
flag, this change allows for a smaller diff of that commit.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Björn Jacke [Wed, 6 May 2020 15:45:29 +0000 (17:45 +0200)]
add some missing FSCTL defines
as dodumented in
https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/
a64e55aa-1152-48e4-8206-
edd96444e7f7
FSCTL_SET_OBJECT_ID_EXTENDED
FSCTL_READ_FILE_USN_DATA
FSCTL_WRITE_USN_CLOSE_RECORD
FSCTL_QUERY_ON_DISK_VOLUME_INFO
FSCTL_QUERY_SPARING_INFO
FSCTL_DUPLICATE_EXTENTS_TO_FILE_EX
FSCTL_STORAGE_QOS_CONTROL
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Björn Jacke <bjacke@samba.org>
Autobuild-Date(master): Tue May 19 15:57:08 UTC 2020 on sn-devel-184
Björn Jacke [Tue, 19 May 2020 10:42:31 +0000 (12:42 +0200)]
docs-xml: update list of posible VFS operations for vfs_full_audit
the list of valid operations can be generated by
grep "{ SMB_VFS_OP_" source3/modules/vfs_full_audit.c |sed 's/.*,[ \t]*"//;s/".*//'|grep -v NULL | sort
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14386
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Björn Jacke [Thu, 7 May 2020 14:00:14 +0000 (16:00 +0200)]
docs: improve desription of map acl inherit
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Mon, 18 May 2020 08:38:41 +0000 (10:38 +0200)]
tevent: Fix a tevent tutorial error
We don't pass a tevent_req but a tevent_context to the _send function
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue May 19 12:07:42 UTC 2020 on sn-devel-184
Volker Lendecke [Fri, 15 May 2020 13:19:45 +0000 (15:19 +0200)]
winbindd: Fix a use-after-free when winbind clients exit
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14382
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Volker Lendecke <vl@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue May 19 10:45:06 UTC 2020 on sn-devel-184
Jeremy Allison [Fri, 15 May 2020 19:18:02 +0000 (12:18 -0700)]
s3: lib: Paranoia around use of snprintf copying into a fixed-size buffer from a getenv() pointer.
Post checks for overflow/error.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon May 18 23:42:57 UTC 2020 on sn-devel-184
Andreas Schneider [Fri, 15 May 2020 10:08:27 +0000 (12:08 +0200)]
gitlab-ci: Add new runner for samba-admem-fips
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon May 18 16:06:06 UTC 2020 on sn-devel-184
Andreas Schneider [Fri, 15 May 2020 14:09:47 +0000 (16:09 +0200)]
autobuild: Use sane random sleep values for samba-admem-mit
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Andreas Schneider [Fri, 15 May 2020 10:07:04 +0000 (12:07 +0200)]
autobuild: Add ad_member_fips target
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Andreas Schneider [Fri, 15 May 2020 09:41:55 +0000 (11:41 +0200)]
selftest: Run some tests against ad_member_fips
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Andreas Schneider [Fri, 15 May 2020 09:30:35 +0000 (11:30 +0200)]
selftest: Add ad_member_fips target
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Andreas Schneider [Fri, 15 May 2020 09:30:02 +0000 (11:30 +0200)]
selftest: Add force_fips_mode support to provision_ad_member()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Andreas Schneider [Wed, 13 May 2020 14:54:39 +0000 (16:54 +0200)]
selftest: Split out a provision_ad_member() function
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Andreas Schneider [Wed, 13 May 2020 14:43:06 +0000 (16:43 +0200)]
selftest: Use Kerberos to join an ad_member
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Michael Adam [Wed, 13 May 2020 08:15:11 +0000 (13:45 +0530)]
s4/torture: Unlink test file at the beginning of smb2.read.position
Pair-Programmed-With: Anoop C S <anoopcs@redhat.com>
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Fri May 15 16:02:47 UTC 2020 on sn-devel-184
Andreas Schneider [Wed, 6 May 2020 15:10:51 +0000 (17:10 +0200)]
s3:gencache: Allow to open gencache as read-only
This allows client tools to access the cache for ready-only operations
as a normal user.
Example:
net ads status
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14370
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri May 15 14:40:32 UTC 2020 on sn-devel-184
Andreas Schneider [Mon, 11 May 2020 10:50:11 +0000 (12:50 +0200)]
lib:util: Add test for path_expand_tilde()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14370
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andreas Schneider [Thu, 7 May 2020 10:25:24 +0000 (12:25 +0200)]
lib:util: Add path_expand_tilde()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14370
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Isaac Boukris [Mon, 4 May 2020 16:09:53 +0000 (18:09 +0200)]
selftest: add python S4U2Self tests including unkeyed checksums
To test the CRC32 I reverted the unkeyed-checksum fix (
43958af1)
and the weak-crypto fix (
389d1b97). Note that the unkeyed-md5
still worked even with weak-crypto disabled, and that the
unkeyed-sha1 never worked but I left it anyway.
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri May 15 12:25:40 UTC 2020 on sn-devel-184
Isaac Boukris [Thu, 7 May 2020 15:17:12 +0000 (17:17 +0200)]
Revert "CVE-2018-16860 selftest: Add test for S4U2Self with unkeyed checksum"
This reverts commit
5639e973c1f6f1b28b122741763f1d05b47bc2d8.
This is no longer needed as the next commit includes a Python
test for this, without the complexity of being inside krb5.kdc.canon.
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Isaac Boukris [Thu, 7 May 2020 15:17:00 +0000 (17:17 +0200)]
Revert "selftest: mitm-s4u2self: use zlib for CRC32_checksum calc"
This reverts commit
151f8c0f31d3d17b9418db3793ec14ba7dbf2143.
This allows a clean revert (and so removal) of the test.
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Isaac Boukris [Thu, 7 May 2020 15:16:53 +0000 (17:16 +0200)]
Revert "selftest: allow any kdc error in mitm-s4u2self test"
This reverts commit
a53fa8ffe3e36f7921baf5d31a1052747f90aa7d.
This allows a clean revert (and so removal) of the test.
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 4 Oct 2019 12:55:52 +0000 (14:55 +0200)]
smb2_server: do async shutdown for pending multi-channel requests
We have wait until all pending requests are done before we can
TALLOC_FREE() the connection structure.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Fri May 15 10:26:29 UTC 2020 on sn-devel-184
Stefan Metzmacher [Fri, 4 Oct 2019 10:11:00 +0000 (12:11 +0200)]
smbXsrv_session: add a smbXsrv_session_disconnect_xconn() helper
This removes the connection references from the session channel
array for each session that's used on the connection.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Fri, 4 Oct 2019 12:56:40 +0000 (14:56 +0200)]
smb2_server: call smbXsrv_connection_disconnect_transport() early on network errors
It's good to remember the first error we got and makes sure we don't try
any further io on the connection.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Fri, 4 Oct 2019 12:49:59 +0000 (14:49 +0200)]
smb2_server: add and use a function that calculated the remaining channels
This is useful for debugging, but also simplies the following changes,
where client->connections may hold disconnected connections until
all pending requests are finished.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Fri, 4 Oct 2019 12:30:17 +0000 (14:30 +0200)]
smb2_server: let smbd_server_connection_terminate_ex() call smbXsrv_connection_disconnect_transport()
If the connection is broken mark it as invalid and close
the socket.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Fri, 4 Oct 2019 12:26:20 +0000 (14:26 +0200)]
s3:smbd: split out smbXsrv_connection_disconnect_transport()
It's good to have an isolated function that just disconnects the
lower layer transport and remembers the first error status.
This will be used in more placed in the following commits.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Fri, 4 Oct 2019 08:02:56 +0000 (10:02 +0200)]
smb2_server: make sure we detect stale smbXsrv_connection pointers in smbXsrv_channel_global
Pointer values can be reused (yes, I hit that during my testing!).
Introduce a channel_id to identify connections and also add
some timestamps to make debugging easier.
This makes smbXsrv_session_find_channel() much more robust.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Günther Deschner [Wed, 24 Jan 2018 16:14:59 +0000 (17:14 +0100)]
smb2_server: update inline comment for max channels
All Windows versions have the limit of 32 channels.
Signed-off-by: Guenther Deschner <gd@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Thu, 7 May 2020 13:49:24 +0000 (06:49 -0700)]
smbXsrv_client: make sure that we store a valid blob
This fixes a regression introduced by
14182350f8397d27d7642dae595dc52691f0acfe
("librpc ndr: ndr_pull_advance check for unsigned overflow.")
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14236
ndr_push_smbXsrv_client_global0() is happy with
pushing NULL pointers for r->{local_address,remote_address,remote_name},
while the IDL doesn't allow it.
In turn ndr_pull_smbXsrv_client_global0() no longer ignores the error.
This means multi-channel connections were broken,
and we paniced on a NULL pointer.
It's really sad that we still don't have automated tests for it.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Thu, 7 May 2020 13:54:37 +0000 (06:54 -0700)]
smbXsrv_client: fix debug message in smbXsrv_client_create()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Andrew Bartlett [Wed, 13 May 2020 00:01:05 +0000 (12:01 +1200)]
s4/rpc_server/dnsserver: Allow parsing of dnsProperty to fail gracefully
On (eg) the
DC=_msdcs.X.Y,CN=MicrosoftDNS,DC=ForestDnsZones,DC=X,DC=Y
record, in domains that have had a Microsoft Windows DC an attribute:
dNSProperty:: AAAAAAAAAAAAAAAAAQAAAJIAAAAAAAAA
000000 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 >................<
000010 92 00 00 00 00 00 00 00 >........<
000018
We, until samba 4.12, would parse this as:
pull returned Success
dnsp_DnsProperty: struct dnsp_DnsProperty
wDataLength : 0x00000000 (0)
namelength : 0x00000000 (0)
flag : 0x00000000 (0)
version : 0x00000001 (1)
id : DSPROPERTY_ZONE_NS_SERVERS_DA (146)
data : union dnsPropertyData(case 0)
name : 0x00000000 (0)
dump OK
However, the wDataLength is 0. There is not anything in
[MS-DNSP] 2.3.2.1 dnsProperty to describe any special behaviour
for when the id suggests that there is a value, but wDataLength is 0.
https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-dnsp/
445c7843-e4a1-4222-8c0f-
630c230a4c80
We now fail to parse it, because we expect an entry with id DSPROPERTY_ZONE_NS_SERVERS_DA
to therefore have a valid DNS_ADDR_ARRAY (section 2.2.3.2.3).
As context we changed it in our commit
fee5c6a4247aeac71318186bbff7708d25de5912
because of bug https://bugzilla.samba.org/show_bug.cgi?id=14206
which was due to the artificial environment of the fuzzer.
Microsoft advises that Windows also fails to parse this, but
instead of failing the operation, the value is ignored.
Reported by Alex MacCuish. Many thanks for your assistance in
tracking down the issue.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14310
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri May 15 07:29:17 UTC 2020 on sn-devel-184
Andrew Bartlett [Wed, 13 May 2020 22:19:45 +0000 (10:19 +1200)]
selftest: Add test for handling of "short" dnsProperty records
These have been known to be given by Windows DCs that share the same domain
as while invalid, they are not format-checked inbound when set by the DNS
Manager MMC applet over the dnsserver pipe to Windows.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14310
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Wed, 13 May 2020 22:21:19 +0000 (10:21 +1200)]
librpc/idl: Add dnsp_DnsProperty_short
This will be used by a test and the DNS server code to parse short dnsProperty
records which come from Windows servers.
This example is from the value that caused Samba to fail as it
can not be parsed as a normal dnsp_DnsProperty
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14310
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Fri, 8 May 2020 11:28:52 +0000 (23:28 +1200)]
selftest: Avoid running the slowest of the "none" tests in samba-o3
This job is already quite long and these tests are unlikely
to vary between hosts or under the -O3 compile
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Volker Lendecke [Tue, 14 Apr 2020 14:51:15 +0000 (16:51 +0200)]
smbd: Store share_entries in locking.tdb again
The "base on g_lock" patch is a slowdown because we do more tdb
operations. Getting share_entries.tdb back into locking.tdb tries to
speed things up again.
Now that we're based on g_lock we'll most likely use a different
method in order to spread the entries across multiple records.
It still maintains the sorted array of share modes within locking.tdb,
but not as part of the expensive ndr marshalling of the complete
array.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri May 15 02:27:49 UTC 2020 on sn-devel-184
Volker Lendecke [Thu, 26 Mar 2020 18:45:10 +0000 (19:45 +0100)]
smbd: Move share mode entry parsing up in the file
Will be used by parsing code soon
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 5 Nov 2019 11:01:52 +0000 (12:01 +0100)]
smbd: Base locking.tdb on g_lock.c
This means we don't hold locking.tdb mutexes anymore while we do
filesystem-level operations. This has hurt ctdb quite a bit: A smbd hanging in
an unlink() syscall prevents ctdb from recovering locking.tdb.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 24 Mar 2020 08:54:26 +0000 (09:54 +0100)]
lib: Add g_lock_dump_send/recv
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 21 Nov 2019 14:20:07 +0000 (15:20 +0100)]
lib: Add g_lock_set_lock_order()
Optionally allow a database with g_lock format to participate in the dbwarp
lock order check. Will be used once locking.tdb is based upon g_lock.c
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 29 Apr 2020 13:35:39 +0000 (15:35 +0200)]
lib: Add g_lock_writev_data
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 29 Apr 2020 13:28:03 +0000 (15:28 +0200)]
lib: Allow additional dbufs in g_lock_store()
Preparation for g_lock_writev_data()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 5 Nov 2019 15:36:59 +0000 (16:36 +0100)]
lib: Add g_lock_seqnum()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 4 Nov 2019 15:03:52 +0000 (16:03 +0100)]
lib: Add g_lock_wake_watchers()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 31 Oct 2019 10:45:36 +0000 (11:45 +0100)]
torture: Test g_lock_watch_data_send()/recv()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 30 Oct 2019 15:12:11 +0000 (16:12 +0100)]
lib: Add g_lock_watch_data_send/recv()
Same concept as dbwrap_watched_watch_send/recv: Get informed if the
underlying data of a record changes. This utilizes the watched
database that g_lock is based upon anyway. To avoid spurious wakeups
by pure g_lock operations this patch adds a sequence number for the
data that is stored in the g_lock data field.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 21 Nov 2019 14:20:33 +0000 (15:20 +0100)]
lib: Allow DBWRAP_LOCK_ORDER_NONE in db_open()
locking.tdb will not have a LOCK_ORDER anymore, this will be done by
the code in g_lock.c. We need to allow opening a database with dbwrap
without having a lock order.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 21 Nov 2019 14:19:16 +0000 (15:19 +0100)]
dbwrap: Make dbwrap_lock_order_[un]lock() public
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 21 Nov 2019 12:23:39 +0000 (13:23 +0100)]
dbwrap: Simplify dbwrap_lock_order_[un]lock()
Directly pass the database name and lock order to the core functions,
avoid passing struct db_context.
In the next steps these functions will become public: locking.tdb will
be based on g_lock.c to avoid holding a tdb-level locking.tdb mutex
while doing complex file system operations like unlink() which can
take ages on FAT for example.
This means that g_lock.c will participate in the dbwrap lock order
protection and needs access to dbwrap_lock_order_[un]lock() without
providing a direct db_context.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 21 Apr 2020 12:54:25 +0000 (14:54 +0200)]
srvsvc: Move brl_get_locks() out of enum_file_fn()
With share_infos.tdb this is a locking order violation:
share_infos.tdb is level 4, brlock.tdb is level 2. Avoid this by first
walking the share_infos.tdb and then fetching all the brlock entries.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14355
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu May 14 22:06:32 UTC 2020 on sn-devel-184
Volker Lendecke [Mon, 11 May 2020 09:08:54 +0000 (11:08 +0200)]
test: Show that netfileenum is broken
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14355
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Volker Lendecke [Mon, 11 May 2020 09:09:02 +0000 (11:09 +0200)]
rpcclient: Make netfileenum cmd print the path names
Needed for the next commit testing netfileenum
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14355
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Volker Lendecke [Wed, 22 Apr 2020 11:21:40 +0000 (13:21 +0200)]
rpcclient: Use struct initializers in cmd_srvsvc_net_file_enum()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14355
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Volker Lendecke [Tue, 21 Apr 2020 12:32:16 +0000 (14:32 +0200)]
srvsvc: Collect file ids in enum_file_fn()
Will be used a few patches down
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14355
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Volker Lendecke [Tue, 21 Apr 2020 12:42:50 +0000 (14:42 +0200)]
srvsvc: Use a struct initializer in net_enum_files()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14355
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Volker Lendecke [Tue, 21 Apr 2020 12:24:48 +0000 (14:24 +0200)]
srvsvc: Directly use "ctr3->count" instead of "i"
To me this was not very transparent, and now that we have "ctr3" a
single indirect looks okay
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14355
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Volker Lendecke [Tue, 21 Apr 2020 12:21:49 +0000 (14:21 +0200)]
srvsvc: Use a struct assignment in enum_file_fn()
Looks nicer than 5 complex array references...
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14355
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Volker Lendecke [Tue, 21 Apr 2020 12:16:41 +0000 (14:16 +0200)]
srvsvc: Introduce ctx3 helper var in enum_file_fn()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14355
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Thu, 14 May 2020 13:59:33 +0000 (15:59 +0200)]
vfs: remove root_dir_fid arg from SMB_VFS_CREATE_FILE()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu May 14 19:43:27 UTC 2020 on sn-devel-184
Ralph Boehme [Thu, 14 May 2020 11:42:05 +0000 (13:42 +0200)]
smbd: move processing of root_dir_fid outside of SMB_VFS_CREATE_FILE()
The only two callers that pass a root_dir_fid != 0 are reply_ntcreate_and_X()
and call_nt_transact_create(). By moving root_dir_fid processing outside of
SMB_VFS_CREATE_FILE() we can avoid rewriting get_relative_fid_filename() to work
with *AT semantics and dirfsps.
Bonus points: the previous code in both functions passed fname to
filename_convert() which can't really have worked as it is relative to
root_dir_fid so filename_convert() will not be able to stat() the relative path
and it's components.
The only test I can find that uses a root dir_fid is raw.samba3rootdirfid and
that uses a handle on the share root which will work.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14380
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 14 May 2020 12:22:16 +0000 (14:22 +0200)]
s4/torture: add a *real* root_dir_fid test
raw.samba3rootdirfid tests with the share root directory as root_dir_fid handle,
that doesn't cover the case where the relative name has more then one path
component. It only works because in unix_convert() we run into the creating file
optimasation.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14380
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Wed, 13 May 2020 14:33:14 +0000 (16:33 +0200)]
testprogs: Add 'net ads join' test for fips
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Thu May 14 14:27:26 UTC 2020 on sn-devel-184