samba.git
2 months agos3: smbd: Reformat users of can_write_to_file().
Jeremy Allison [Thu, 30 Apr 2020 22:35:36 +0000 (15:35 -0700)]
s3: smbd: Reformat users of can_write_to_file().

Make new parameter addition clearer.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 months agos3: smbd: Add dirfsp parameter to user_can_write_file().
Jeremy Allison [Thu, 30 Apr 2020 22:31:43 +0000 (15:31 -0700)]
s3: smbd: Add dirfsp parameter to user_can_write_file().

Not yet used. Currently always conn->cwd_fsp.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 months agos3: smbd: Reformat caller of user_can_write_file().
Jeremy Allison [Thu, 30 Apr 2020 22:30:40 +0000 (15:30 -0700)]
s3: smbd: Reformat caller of user_can_write_file().

Make new parameter addition clearer.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 months agos3: smbd: Add dirfsp parameter to can_delete_file_in_directory().
Jeremy Allison [Thu, 30 Apr 2020 22:28:32 +0000 (15:28 -0700)]
s3: smbd: Add dirfsp parameter to can_delete_file_in_directory().

Not yet used. Currently always conn->cwd_fsp.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 months agos3: smbd: Reformat definition and callers of can_delete_file_in_directory().
Jeremy Allison [Thu, 30 Apr 2020 22:20:34 +0000 (15:20 -0700)]
s3: smbd: Reformat definition and callers of can_delete_file_in_directory().

Makes future addition of parameter easier to see.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 months agoCVE-2020-10700: dsdb: Do not permit the ASQ control for the GUID search in paged_results
Andrew Bartlett [Wed, 11 Mar 2020 03:43:31 +0000 (16:43 +1300)]
CVE-2020-10700: dsdb: Do not permit the ASQ control for the GUID search in paged_results

ASQ is a very strange control and a BASE search can return multiple results
that are NOT the requested DN, but the DNs pointed to by it!

Thanks to Andrei Popa <andrei.popa@next-gen.ro> for finding,
reporting and working with us to diagnose this issue!

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14331

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(master): Mon May  4 10:14:28 UTC 2020 on sn-devel-184

2 months agoCVE-2020-10700: ldb: Always use ldb_next_request() in ASQ module
Andrew Bartlett [Wed, 11 Mar 2020 03:41:34 +0000 (16:41 +1300)]
CVE-2020-10700: ldb: Always use ldb_next_request() in ASQ module

We want to keep going down the module stack, and not start from the top again.

ASQ is above the ACL modules, but below paged_results and we do not wish to
re-trigger that work.

Thanks to Andrei Popa <andrei.popa@next-gen.ro> for finding,
reporting and working with us to diagnose this issue!

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14331

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2 months agoCVE-2020-10700: dsdb: Add test for ASQ and ASQ in combination with paged_results
Andrew Bartlett [Mon, 30 Mar 2020 09:44:20 +0000 (09:44 +0000)]
CVE-2020-10700: dsdb: Add test for ASQ and ASQ in combination with paged_results

Thanks to Andrei Popa <andrei.popa@next-gen.ro> for finding,
reporting and working with us to diagnose this issue!

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14331

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2 months agoCVE-2020-10704 libcli ldap: Check search request lengths.
Gary Lockyer [Tue, 7 Apr 2020 22:46:44 +0000 (10:46 +1200)]
CVE-2020-10704 libcli ldap: Check search request lengths.

Check the search request lengths against the limits passed to
ldap_decode.

Credit to OSS-Fuzz

REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20454
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14334

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Gary Lockyer <gary@samba.org>
Autobuild-Date(master): Mon May  4 04:40:10 UTC 2020 on sn-devel-184

2 months agoCVE-2020-10704: libcli ldap_message: Add search size limits to ldap_decode
Gary Lockyer [Tue, 7 Apr 2020 20:49:23 +0000 (08:49 +1200)]
CVE-2020-10704: libcli ldap_message: Add search size limits to ldap_decode

Add search request size limits to ldap_decode calls.

The ldap server uses the smb.conf variable
"ldap max search request size" which defaults to 250Kb.
For cldap the limit is hard coded as 4096.

Credit to OSS-Fuzz

REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20454
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14334

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 months agoCVE-2020-10704: S4 ldap server: Limit request sizes
Gary Lockyer [Wed, 8 Apr 2020 03:32:22 +0000 (15:32 +1200)]
CVE-2020-10704: S4 ldap server: Limit request sizes

Check the size of authenticated and anonymous ldap requests and reject
them if they exceed the limits in smb.conf

Credit to OSS-Fuzz

REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20454
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14334

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 months agoCVE-2020-10704: smb.conf: Add max ldap request sizes
Gary Lockyer [Mon, 6 Apr 2020 21:09:01 +0000 (09:09 +1200)]
CVE-2020-10704: smb.conf: Add max ldap request sizes

Add two new smb.conf parameters to control the maximum permitted ldap
request size.

Adds:
   ldap max anonymous request size       default 250Kb
   ldap max authenticated request size   default 16Mb

Credit to OSS-Fuzz

REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20454
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14334

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 months agoCVE-2020-10704: ldapserver tests: Limit search request sizes
Gary Lockyer [Tue, 14 Apr 2020 01:32:32 +0000 (13:32 +1200)]
CVE-2020-10704: ldapserver tests: Limit search request sizes

Add tests to ensure that overly long (> 256000 bytes) LDAP search
requests are rejected.

Credit to OSS-Fuzz

REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20454
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14334

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 months agoCVE-2020-10704: lib util asn1: Check parse tree depth
Gary Lockyer [Wed, 8 Apr 2020 03:30:52 +0000 (15:30 +1200)]
CVE-2020-10704: lib util asn1: Check parse tree depth

Check the current depth of the parse tree and reject the input if the
depth exceeds that passed to asn1_init

Credit to OSS-Fuzz

REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20454
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14334

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 months agoCVE-2020-10704: libcli ldap: test recursion depth in ldap_decode_filter_tree
Gary Lockyer [Thu, 2 Apr 2020 02:25:53 +0000 (15:25 +1300)]
CVE-2020-10704: libcli ldap: test recursion depth in ldap_decode_filter_tree

Add tests to check that ASN.1 ldap requests with deeply nested elements
are rejected.  Previously there was no check on the on the depth of
nesting and excessive nesting could cause a stack overflow.

Credit to OSS-Fuzz

REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20454
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14334

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 months agoCVE-2020-10704: lib util asn1: Add ASN.1 max tree depth
Gary Lockyer [Thu, 2 Apr 2020 23:18:03 +0000 (12:18 +1300)]
CVE-2020-10704: lib util asn1: Add ASN.1 max tree depth

Add maximum parse tree depth to the call to asn1_init, which will be
used to limit the depth of the ASN.1 parse tree.

Credit to OSS-Fuzz

REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20454
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14334

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 months agosmbd: use is_lease_stat_open() in delay_for_oplock()
Ralph Boehme [Thu, 5 Mar 2020 14:16:07 +0000 (15:16 +0100)]
smbd: use is_lease_stat_open() in delay_for_oplock()

This allows READ_CONTROL_ACCESS in the access mask as stat open if a file has
only leases.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14357

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Apr 30 21:10:43 UTC 2020 on sn-devel-184

2 months agosmbd: add is_lease_stat_open()
Ralph Boehme [Thu, 5 Mar 2020 14:14:21 +0000 (15:14 +0100)]
smbd: add is_lease_stat_open()

This adds a leases specific stat opens access mask check function.

See also:

https://lists.samba.org/archive/cifs-protocol/2020-March/003409.html

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14357

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 months agosmbd: rename is_stat_open() to is_oplock_stat_open()
Ralph Boehme [Thu, 5 Mar 2020 14:12:20 +0000 (15:12 +0100)]
smbd: rename is_stat_open() to is_oplock_stat_open()

Testing stat opens with with leases reveals that that the access mask

  SYNCHRONIZE_ACCESS | FILE_READ_ATTRIBUTES | FILE_WRITE_ATTRIBUTES

is specific to oplocks.

See also:

https://lists.samba.org/archive/cifs-protocol/2020-March/003409.html

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14357

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 months agos4/torture: add a comprehensive "non-lease-break-trigger" access mask test case
Ralph Boehme [Tue, 3 Mar 2020 11:09:09 +0000 (12:09 +0100)]
s4/torture: add a comprehensive "non-lease-break-trigger" access mask test case

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14357

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 months agos4/torture: add a comprehensive "non-oplock-break-trigger" access mask test case
Ralph Boehme [Tue, 3 Mar 2020 11:09:09 +0000 (12:09 +0100)]
s4/torture: add a comprehensive "non-oplock-break-trigger" access mask test case

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14357

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 months agos3: smbd: Add dirfsp parameter to check_access().
Jeremy Allison [Wed, 29 Apr 2020 22:32:21 +0000 (15:32 -0700)]
s3: smbd: Add dirfsp parameter to check_access().

Not yet used.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Apr 30 09:11:56 UTC 2020 on sn-devel-184

2 months agos3: smbd: Reformat callers of check_access().
Jeremy Allison [Wed, 29 Apr 2020 22:28:27 +0000 (15:28 -0700)]
s3: smbd: Reformat callers of check_access().

Makes it easier to see when we add the dirfsp
parameter.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 months agos3: smbd: Make check_access() a simple wrapper around smbd_check_access_rights().
Jeremy Allison [Wed, 29 Apr 2020 22:26:08 +0000 (15:26 -0700)]
s3: smbd: Make check_access() a simple wrapper around smbd_check_access_rights().

Now we call check_access_fsp() separately in the callers we don't need the fsp
parameter anymore.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 months agos3: smbd: Reformat spacing for parameters of check_access().
Jeremy Allison [Wed, 29 Apr 2020 22:23:30 +0000 (15:23 -0700)]
s3: smbd: Reformat spacing for parameters of check_access().

Makes it easier to see the removal of the parameter next.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 months agos3: smbd: Move the fsp check up one level from check_access().
Jeremy Allison [Wed, 29 Apr 2020 22:22:31 +0000 (15:22 -0700)]
s3: smbd: Move the fsp check up one level from check_access().

This allows us to call check_access_fsp() directly when
we have an fsp, and to add in the dirfsp for relative
name access to check_access() in the next commit, making
it clear what it's for (and not confusing it with the
file fsp).

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 months agos3: smbd: Cleanup - move the function get_nt_acl_no_snum() to it's user module.
Jeremy Allison [Wed, 29 Apr 2020 22:18:57 +0000 (15:18 -0700)]
s3: smbd: Cleanup - move the function get_nt_acl_no_snum() to it's user module.

Make static. It was only called from one place.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 months agos3: smbd: Add a dirfsp parameter to directory_has_default_acl().
Jeremy Allison [Wed, 29 Apr 2020 22:14:41 +0000 (15:14 -0700)]
s3: smbd: Add a dirfsp parameter to directory_has_default_acl().

Not yet used, but will make it easier to move to SMB_VFS_GET_NT_ACL_AT()
later.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 months agos3: smbd: Reformat uses of directory_has_default_acl().
Jeremy Allison [Wed, 29 Apr 2020 22:11:33 +0000 (15:11 -0700)]
s3: smbd: Reformat uses of directory_has_default_acl().

Makes it easier to add a dirfsp parameter.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 months agos3: smbd: Change is_visible_file() to take a directory handle not a name.
Jeremy Allison [Wed, 29 Apr 2020 21:43:50 +0000 (14:43 -0700)]
s3: smbd: Change is_visible_file() to take a directory handle not a name.

No change in functionality as the name is
easily retrieved from the directory handle
(it's always the name we opened the directory with)
and this will allow us to use the directory handle
fsp later.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 months agos3: smbd: Reformat calls to is_visible_file() to one arg per line.
Jeremy Allison [Wed, 29 Apr 2020 21:37:02 +0000 (14:37 -0700)]
s3: smbd: Reformat calls to is_visible_file() to one arg per line.

Will make it easier to see parameter change in a later commit.

No logic changes.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 months agos3: VFS: snapper. Remove snapper_gmt_fget_nt_acl().
Jeremy Allison [Tue, 14 Apr 2020 21:41:09 +0000 (14:41 -0700)]
s3: VFS: snapper. Remove snapper_gmt_fget_nt_acl().

This fallback was only used for directories. Now we always
have a valid fd for directories it is no longer needed.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 months agos3: VFS: ceph_snapshots. Remove duplicate definition of get_nt_acl_fn.
Jeremy Allison [Tue, 14 Apr 2020 21:38:22 +0000 (14:38 -0700)]
s3: VFS: ceph_snapshots. Remove duplicate definition of get_nt_acl_fn.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 months agos3: VFS: ceph_snapshots. Remove ceph_snap_gmt_fget_nt_acl().
Jeremy Allison [Tue, 14 Apr 2020 21:37:17 +0000 (14:37 -0700)]
s3: VFS: ceph_snapshots. Remove ceph_snap_gmt_fget_nt_acl().

This fallback was only used for directories. Now we always
have a valid fd for directories it is no longer needed.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 months agos3: VFS: shadow_copy2. SMB_VFS_FGET_NT_ACL() makes no sense in this module.
Jeremy Allison [Tue, 14 Apr 2020 21:10:35 +0000 (14:10 -0700)]
s3: VFS: shadow_copy2. SMB_VFS_FGET_NT_ACL() makes no sense in this module.

Once we have an open fsp we know we've gone through the pathname
translation.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 months agos3: smbd: In posix_fget_nt_acl() remove the fall-back to path based operations.
Jeremy Allison [Tue, 14 Apr 2020 21:07:23 +0000 (14:07 -0700)]
s3: smbd: In posix_fget_nt_acl() remove the fall-back to path based operations.

Previously we'd do this for directory opens, but directory opens
now always have an open fd. stat opens don't have permissions
to read a security descriptor anyway.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 months agos3 rpc server: set on-wire handle type explicitly
Alexander Bokovoy [Wed, 29 Apr 2020 08:54:07 +0000 (11:54 +0300)]
s3 rpc server: set on-wire handle type explicitly

Since wire_handle.handle_type is uint32_t, we can simply assign uint8_t
handle type to it without using SIVAL() macros. Further unify with s4
RPC server code flow.

Fixes CID 1462616
>>> CID 1462616:    (CONSTANT_EXPRESSION_RESULT)
>>> "(uint32_t)handle_type >> 16" is 0 regardless of the values of its operands. This occurs as a value.
284             SIVAL(&rpc_hnd->wire_handle.handle_type, 0 , handle_type);

Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Alexander Bokovoy <ab@samba.org>
Autobuild-Date(master): Thu Apr 30 07:09:55 UTC 2020 on sn-devel-184

2 months agosmbd: remove unneeded parent_dir variable from mkdir_internal()
Ralph Boehme [Wed, 29 Apr 2020 09:06:26 +0000 (11:06 +0200)]
smbd: remove unneeded parent_dir variable from mkdir_internal()

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Apr 29 18:16:02 UTC 2020 on sn-devel-184

2 months agosmbd: convert inherit_from_dir arg of change_dir_owner_to_parent() to struct smb_filename
Ralph Boehme [Wed, 29 Apr 2020 09:05:25 +0000 (11:05 +0200)]
smbd: convert inherit_from_dir arg of change_dir_owner_to_parent() to struct smb_filename

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 months agosmbd: convert inherit_from_dir arg of change_file_owner_to_parent() to struct smb_fil...
Ralph Boehme [Wed, 29 Apr 2020 09:03:11 +0000 (11:03 +0200)]
smbd: convert inherit_from_dir arg of change_file_owner_to_parent() to struct smb_filename

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 months agosmbd: convert inherit_access_posix_acl() arg parent_dir to struct smb_filename
Ralph Boehme [Wed, 29 Apr 2020 08:56:23 +0000 (10:56 +0200)]
smbd: convert inherit_access_posix_acl() arg parent_dir to struct smb_filename

This also fixes a bug introduced by cea8e57eac2ed7b90a5c5d207bf392ff0546398e
where inherit_access_posix_acl() used the smb_fname->base_name instead of
inherit_from_dir in synthetic_smb_fname() to get an struct smb_filename of the
parent directory.

Nobody complained so far, fix it silently.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 months agosmbd: convert parent_dir arg of open_file() to struct smb_filename
Ralph Boehme [Wed, 29 Apr 2020 08:43:05 +0000 (10:43 +0200)]
smbd: convert parent_dir arg of open_file() to struct smb_filename

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 months agosmbd: pass dirname as struct smb_filename to is_visible_file()
Ralph Boehme [Wed, 29 Apr 2020 08:09:16 +0000 (10:09 +0200)]
smbd: pass dirname as struct smb_filename to is_visible_file()

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 months agosmbd: realign is_visible_file() args one per line
Ralph Boehme [Wed, 29 Apr 2020 07:51:13 +0000 (09:51 +0200)]
smbd: realign is_visible_file() args one per line

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 months agosmbd: copy twrp in cp_smb_filename()
Ralph Boehme [Tue, 28 Apr 2020 16:24:59 +0000 (18:24 +0200)]
smbd: copy twrp in cp_smb_filename()

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 months agosmbd: add previous version timestamp to struct smb_filename
Ralph Boehme [Tue, 28 Apr 2020 16:23:37 +0000 (18:23 +0200)]
smbd: add previous version timestamp to struct smb_filename

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 months agosmbd: pass struct smb_filename smb_fname_parent to unix_mode()
Ralph Boehme [Tue, 28 Apr 2020 16:18:08 +0000 (18:18 +0200)]
smbd: pass struct smb_filename smb_fname_parent to unix_mode()

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 months agosmbd: pass struct smb_filename parent_dir to file_set_dosmode()
Ralph Boehme [Tue, 28 Apr 2020 16:09:18 +0000 (18:09 +0200)]
smbd: pass struct smb_filename parent_dir to file_set_dosmode()

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 months agosmbd: align file_set_dosmode() args one per line
Ralph Boehme [Tue, 28 Apr 2020 16:06:21 +0000 (18:06 +0200)]
smbd: align file_set_dosmode() args one per line

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 months agosmbd: pass struct smb_filename to directory_has_default_acl()
Ralph Boehme [Tue, 28 Apr 2020 16:03:41 +0000 (18:03 +0200)]
smbd: pass struct smb_filename to directory_has_default_acl()

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 months agosmbd: use parent_smb_fname() in check_reduced_name()
Ralph Boehme [Tue, 28 Apr 2020 15:58:07 +0000 (17:58 +0200)]
smbd: use parent_smb_fname() in check_reduced_name()

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 months agosmbd: use parent_smb_fname() in check_reduced_name_with_privilege()
Ralph Boehme [Tue, 28 Apr 2020 15:50:01 +0000 (17:50 +0200)]
smbd: use parent_smb_fname() in check_reduced_name_with_privilege()

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 months agosmbd: use parent_smb_fname() in smb_unix_mknod()
Ralph Boehme [Tue, 28 Apr 2020 15:08:53 +0000 (17:08 +0200)]
smbd: use parent_smb_fname() in smb_unix_mknod()

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 months agosmbd: use parent_smb_fname() in parent_dirname_compatible_open()
Ralph Boehme [Tue, 28 Apr 2020 14:55:30 +0000 (16:55 +0200)]
smbd: use parent_smb_fname() in parent_dirname_compatible_open()

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 months agosmbd: use parent_smb_fname() in inherit_new_acl()
Ralph Boehme [Tue, 28 Apr 2020 14:52:09 +0000 (16:52 +0200)]
smbd: use parent_smb_fname() in inherit_new_acl()

Note: has to rename the variable parent_smb_fname otherwise it conflicts with
the function name.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 months agosmbd: use parent_smb_fname() in mkdir_internal()
Ralph Boehme [Tue, 28 Apr 2020 14:47:44 +0000 (16:47 +0200)]
smbd: use parent_smb_fname() in mkdir_internal()

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 months agosmbd: use parent_smb_fname() in open_file_ntcreate()
Ralph Boehme [Tue, 28 Apr 2020 14:44:00 +0000 (16:44 +0200)]
smbd: use parent_smb_fname() in open_file_ntcreate()

Prepares for converting a bunch of functions to struct smb_filename later.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 months agosmbd: use parent_smb_fname() in non_widelink_open()
Ralph Boehme [Tue, 28 Apr 2020 14:40:25 +0000 (16:40 +0200)]
smbd: use parent_smb_fname() in non_widelink_open()

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 months agosmbd: use parent_smb_fname() in check_parent_access()
Ralph Boehme [Tue, 28 Apr 2020 14:23:07 +0000 (16:23 +0200)]
smbd: use parent_smb_fname() in check_parent_access()

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 months agosmbd: use parent_smb_fname() in copy_internals()
Ralph Boehme [Tue, 28 Apr 2020 14:11:38 +0000 (16:11 +0200)]
smbd: use parent_smb_fname() in copy_internals()

Prepares for converting file_set_dosmode() to struct smb_filename.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 months agosmbd: use parent_smb_fname() in unix_convert()
Ralph Boehme [Tue, 28 Apr 2020 14:00:42 +0000 (16:00 +0200)]
smbd: use parent_smb_fname() in unix_convert()

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 months agosmbd: use synthetic_smb_fname() in check_parent_exists()
Ralph Boehme [Wed, 29 Apr 2020 13:43:30 +0000 (15:43 +0200)]
smbd: use synthetic_smb_fname() in check_parent_exists()

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 months agosmbd: use parent_smb_fname() in can_delete_file_in_directory()
Ralph Boehme [Tue, 28 Apr 2020 13:21:37 +0000 (15:21 +0200)]
smbd: use parent_smb_fname() in can_delete_file_in_directory()

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 months agovfs_linux_xfs_sgid: use parent_smb_fname()
Ralph Boehme [Tue, 28 Apr 2020 13:01:59 +0000 (15:01 +0200)]
vfs_linux_xfs_sgid: use parent_smb_fname()

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 months agovfs_gpfs: use parent_smb_fname()
Ralph Boehme [Tue, 28 Apr 2020 12:47:40 +0000 (14:47 +0200)]
vfs_gpfs: use parent_smb_fname()

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 months agovfs_default: use parent_smb_fname()
Ralph Boehme [Tue, 28 Apr 2020 12:43:20 +0000 (14:43 +0200)]
vfs_default: use parent_smb_fname()

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 months agovfs_ceph: use parent_smb_fname()
Ralph Boehme [Tue, 28 Apr 2020 12:41:21 +0000 (14:41 +0200)]
vfs_ceph: use parent_smb_fname()

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 months agovfs_aio_pthread: use parent_smb_fname()
Ralph Boehme [Tue, 28 Apr 2020 12:28:32 +0000 (14:28 +0200)]
vfs_aio_pthread: use parent_smb_fname()

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 months agovfs_acl_common: use parent_smb_fname()
Ralph Boehme [Tue, 28 Apr 2020 12:15:38 +0000 (14:15 +0200)]
vfs_acl_common: use parent_smb_fname()

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 months agos3/lib: add parent_smb_fname()
Ralph Boehme [Tue, 28 Apr 2020 10:55:26 +0000 (12:55 +0200)]
s3/lib: add parent_smb_fname()

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 months agotestprogs: Add client kerberos test
Andreas Schneider [Fri, 19 Jul 2019 10:35:57 +0000 (12:35 +0200)]
testprogs: Add client kerberos test

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Apr 29 11:53:41 UTC 2020 on sn-devel-184

2 months agos4:torture: Print account and authority name
Andreas Schneider [Thu, 18 Jul 2019 12:18:57 +0000 (14:18 +0200)]
s4:torture: Print account and authority name

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2 months agodocs-xml: Fix usernames in pam_winbind manpages
Andreas Schneider [Tue, 28 Apr 2020 15:25:35 +0000 (17:25 +0200)]
docs-xml: Fix usernames in pam_winbind manpages

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14358

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Apr 29 09:44:55 UTC 2020 on sn-devel-184

2 months agosamba-tool: fetch "no such subcommand" error and print error message
Björn Baumbach [Tue, 28 Apr 2020 15:09:56 +0000 (17:09 +0200)]
samba-tool: fetch "no such subcommand" error and print error message

This patch especially improves the case where extra arguments are used.

Without this patch just the attributes are mentioned as invalid, if
samba-tool is called with an invalid/unknown subcommand.

Example without this patch:
  # samba-tool sites list --all
  Usage: samba-tool sites <subcommand>

  samba-tool sites: error: no such option: --all

This can be deceptive for users. Is looks like the "list" command
does not provide a "--all" option.

Example with this patch:
  # samba-tool sites list --all
  samba-tool sites: no such subcommand: list

  Usage: samba-tool sites <subcommand>
  (...)

Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Apr 29 08:08:21 UTC 2020 on sn-devel-184

2 months agolibrpc: Provide clearer debug messages for malformed DCE/RPC bind
Andrew Bartlett [Thu, 23 Apr 2020 23:04:00 +0000 (11:04 +1200)]
librpc: Provide clearer debug messages for malformed DCE/RPC bind

REF: https://lists.samba.org/archive/samba/2020-April/229334.html

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2 months agos3: pass DCE RPC handle type to create_policy_hnd
Alexander Bokovoy [Tue, 28 Apr 2020 18:59:46 +0000 (21:59 +0300)]
s3: pass DCE RPC handle type to create_policy_hnd

Various RPC services expect policy handles of a specific type.

s3 RPC server did not allow to create policy handles with a specific
type while actually requiring that policy handle type itself in some
places.

Make sure we are able to specify the policy on-wire handle type when
creating the policy handle. The changes follow s4 DCE RPC server
implementation.

The original logic to always set on-wire handle type to 0 can be tracked
down to commit fdeea341ed1bae670382e45eb731db1b5838ad21 when we didn't
really know about differences in on-wire handle types.

All but LSA trusted domain RPC calls do not check the on-wire handle
type in s3 RPC server.

Fixes trusted domain operations when Samba RPC client attempts to call
s3 RPC server to perform lsa_lsaRSetForestTrustInformation in FreeIPA.
This fix is a pre-requisite for FreeIPA-FreeIPA forest trust.

Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Apr 28 22:55:29 UTC 2020 on sn-devel-184

2 months agos4:torture: Convert samba3.raw.mkdir test to smb2
David Mulder [Thu, 23 Jan 2020 14:26:53 +0000 (07:26 -0700)]
s4:torture: Convert samba3.raw.mkdir test to smb2

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 888abcaf8ffbec45fc47520bd3f544e3aa6f58f2)

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Apr 28 19:46:32 UTC 2020 on sn-devel-184

2 months agos4:torture: Convert samba4.base.tcon test to smb2
David Mulder [Mon, 6 Jan 2020 16:43:19 +0000 (09:43 -0700)]
s4:torture: Convert samba4.base.tcon test to smb2

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit eb167bc43dbe196ef5b3bfd24160c72c74113dea)

2 months agoConvert samba4.base.mangle test to smb2
David Mulder [Mon, 23 Dec 2019 20:58:47 +0000 (13:58 -0700)]
Convert samba4.base.mangle test to smb2

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 9437b44668c9f7742d6d4fe0891ac4d9fda7c804)

2 months agoImplement alt name query for smb2
David Mulder [Mon, 13 Jan 2020 16:19:51 +0000 (09:19 -0700)]
Implement alt name query for smb2

Implements smb2_qpathinfo_alt_name() and
RAW_FILEINFO_SMB2_ALT_NAME_INFORMATION.

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 097df343ce21c8340aee7f42f233fe74b92b47e2)

2 months agoConvert samba4.base.maximum_allowed to smb2
David Mulder [Fri, 20 Dec 2019 21:06:13 +0000 (14:06 -0700)]
Convert samba4.base.maximum_allowed to smb2

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit d9edfeea668362269d812f82b1957ed16ff56dd4)

2 months agoAdd SMB2 lsa helper routines
David Mulder [Fri, 20 Dec 2019 21:10:49 +0000 (14:10 -0700)]
Add SMB2 lsa helper routines

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 3763052c2a95ac9bd60f00458389a5245cf5d58d)

2 months agosmbd: add missing done check from unix_convert_step_stat() refactoring
Ralph Boehme [Tue, 28 Apr 2020 06:04:41 +0000 (08:04 +0200)]
smbd: add missing done check from unix_convert_step_stat() refactoring

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 months agolib: Remove unused elements from ctdbd_connection
Volker Lendecke [Tue, 24 Mar 2020 13:35:51 +0000 (14:35 +0100)]
lib: Remove unused elements from ctdbd_connection

Nobody set them, only the destructor referenced them

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Apr 28 10:46:22 UTC 2020 on sn-devel-184

2 months agolib: Nobody sets ctdbd_connection->fde anymore, remove it
Volker Lendecke [Tue, 24 Mar 2020 13:33:28 +0000 (14:33 +0100)]
lib: Nobody sets ctdbd_connection->fde anymore, remove it

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 months agolib: Remove unused ctdbd_setup_fde() and callees
Volker Lendecke [Tue, 24 Mar 2020 13:32:06 +0000 (14:32 +0100)]
lib: Remove unused ctdbd_setup_fde() and callees

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 months agolib: Use ctdbd_req_send/recv in ctdb_parse_send/recv
Volker Lendecke [Wed, 11 Mar 2020 10:03:06 +0000 (11:03 +0100)]
lib: Use ctdbd_req_send/recv in ctdb_parse_send/recv

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 months agotorture3: Test ctdb_req_send/recv
Volker Lendecke [Thu, 12 Mar 2020 15:20:50 +0000 (16:20 +0100)]
torture3: Test ctdb_req_send/recv

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 months agolib: Add ctdbd_req_send/recv
Volker Lendecke [Fri, 20 Mar 2020 12:58:21 +0000 (13:58 +0100)]
lib: Add ctdbd_req_send/recv

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 months agolib: Add ctdbd_prep_hdr_next_reqid()
Volker Lendecke [Fri, 20 Mar 2020 12:46:13 +0000 (13:46 +0100)]
lib: Add ctdbd_prep_hdr_next_reqid()

Preparation for generic ctdb_req_send/recv: No need to expose
ctdbd_next_reqid(), do basic preparations of a ctdb_req_header

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 months agolib: Add ctdbd_init_async_connection()
Volker Lendecke [Thu, 12 Mar 2020 15:05:58 +0000 (16:05 +0100)]
lib: Add ctdbd_init_async_connection()

Prepare for ctdb_req_send/recv doing tevent_req based async ctdb
requests

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 months agoselftest: Run local-dbwrap-ctdb1 test
Volker Lendecke [Mon, 23 Mar 2020 12:03:35 +0000 (13:03 +0100)]
selftest: Run local-dbwrap-ctdb1 test

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 months agotorture3: Rename LOCAL-DBWRAP-CTDB->LOCAL-DBWRAP-CTDB1
Volker Lendecke [Mon, 23 Mar 2020 12:02:55 +0000 (13:02 +0100)]
torture3: Rename LOCAL-DBWRAP-CTDB->LOCAL-DBWRAP-CTDB1

There will be more

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 months agotorture3: Fix the local-dbwrap-ctdb test
Volker Lendecke [Mon, 23 Mar 2020 12:01:29 +0000 (13:01 +0100)]
torture3: Fix the local-dbwrap-ctdb test

We need to O_CREAT the database when connecting

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 months agotorture3: test readdir timestamp
Volker Lendecke [Wed, 25 Mar 2020 11:20:39 +0000 (12:20 +0100)]
torture3: test readdir timestamp

Create -o files per -N client connections, set a specific timestamp, then write
a bit. This leads to the locking.tdb dmasters to be spread across all nodes.
Then list from one node. This makes sure that the async share mode fetch works
right.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 months agolibsmb: Add cli_setfileinfo_ext()
Volker Lendecke [Mon, 30 Mar 2020 15:54:28 +0000 (17:54 +0200)]
libsmb: Add cli_setfileinfo_ext()

Analogue to cli_setpathinfo_ext()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 months agolibsmb: Factor out prep_basic_information_buf()
Volker Lendecke [Mon, 30 Mar 2020 14:47:52 +0000 (16:47 +0200)]
libsmb: Factor out prep_basic_information_buf()

Will be used in cli_setfileinfo_ext next

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 months agoctdb: Implement CTDB_CONTROL_ECHO_DATA
Volker Lendecke [Wed, 18 Mar 2020 10:31:14 +0000 (11:31 +0100)]
ctdb: Implement CTDB_CONTROL_ECHO_DATA

Testing control: 4 bytes msec delay plus a blob, return the request after the
delay. This is an enhanced "ping" which can be used to test asynchronous
clients.

Doesn't have the full protocol implementation yet

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2 months agoctdb-protocol: Add marshalling for control ECHO_DATA
Volker Lendecke [Tue, 7 Apr 2020 15:26:26 +0000 (17:26 +0200)]
ctdb-protocol: Add marshalling for control ECHO_DATA

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2 months agoctdb-protocol: Add marshalling for struct ctdb_echo_data
Volker Lendecke [Tue, 7 Apr 2020 14:44:58 +0000 (16:44 +0200)]
ctdb-protocol: Add marshalling for struct ctdb_echo_data

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>