samba.git
2 months agoCVE-2021-20277 ldb tests: ldb_match tests with extra spaces
Douglas Bagnall [Fri, 5 Mar 2021 07:13:01 +0000 (20:13 +1300)]
CVE-2021-20277 ldb tests: ldb_match tests with extra spaces

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14655

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 months agoauth:creds: Free the uname pointer in cli_credentials_parse_string()
Andreas Schneider [Mon, 22 Mar 2021 17:11:33 +0000 (18:11 +0100)]
auth:creds: Free the uname pointer in cli_credentials_parse_string()

The data is duplicated and we don't need it anymore.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Mar 24 03:13:05 UTC 2021 on sn-devel-184

2 months agoauth:creds: Don't include credentials_internal.h twice
Andreas Schneider [Thu, 3 Dec 2020 16:10:22 +0000 (17:10 +0100)]
auth:creds: Don't include credentials_internal.h twice

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 months agonetcmd: Fix opening SamDB database for offline backup
Joseph Sutton [Sun, 21 Mar 2021 22:06:30 +0000 (11:06 +1300)]
netcmd: Fix opening SamDB database for offline backup

When opening the backed-up SamDB database, open the top-level database
without loading any modules so the backend database files aren't
unnecessarily opened. The domain SID is now fetched from the original
database rather than from the backup.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14676

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
2 months agonetcmd: Workaround issue backing up offline domain with lmdb >= 0.9.26
Samuel Cabrero [Thu, 18 Mar 2021 16:54:33 +0000 (17:54 +0100)]
netcmd: Workaround issue backing up offline domain with lmdb >= 0.9.26

The LMDB change "ITS#9278 fix robust mutex cleanup for FreeBSD" released
in version 0.9.26 makes samba-tool domain backup offline to fail with
the following error:

Failed to connect to 'mdb:///tmp/foo/private/sam.ldb.d/CN=CONFIGURATION,DC=FOO,DC=EXAMPLE,DC=COM.ldb' with backend 'mdb': Unable to load ltdb cache records for backend 'ldb_mdb backend'
module samba_dsdb initialization failed : Operations error
Unable to load modules for /tmp/foo/private/sam.ldb.bak-offline: Unable to load ltdb cache records for backend 'ldb_mdb backend'
ERROR(ldb): uncaught exception - Unable to load ltdb cache records for backend 'ldb_mdb backend'
  File "/usr/local/samba/lib64/python3.6/site-packages/samba/netcmd/__init__.py", line 186, in _run
    return self.run(*args, **kwargs)
  File "/usr/local/samba/lib64/python3.6/site-packages/samba/netcmd/domain_backup.py", line 1147, in run
    session_info=system_session(), lp=lp)
  File "/usr/local/samba/lib64/python3.6/site-packages/samba/samdb.py", line 72, in __init__
    options=options)
  File "/usr/local/samba/lib64/python3.6/site-packages/samba/__init__.py", line 114, in __init__
    self.connect(url, flags, options)
  File "/usr/local/samba/lib64/python3.6/site-packages/samba/samdb.py", line 87, in connect
    options=options)

The error occurs opening the backed ldb to write the backup date and the
next SID, a call to pthread_mutex_lock in mdb_txn_renew0 (frame 8) returns
EINVAL:

  #0  0x00007ff63c2f1bea in wait4 () from /lib64/libc.so.6
  #1  0x00007ff63c26f3a3 in do_system () from /lib64/libc.so.6
  #2  0x00007ff63bc71e94 in smb_panic_default (why=0x7ffed481b7d0 "Signal 6: Aborted") at ../../lib/util/fault.c:153
  #3  0x00007ff63bc72168 in smb_panic (why=0x7ffed481b7d0 "Signal 6: Aborted") at ../../lib/util/fault.c:200
  #4  0x00007ff63bc71c82 in fault_report (sig=6) at ../../lib/util/fault.c:81
  #5  0x00007ff63bc71c97 in sig_fault (sig=6) at ../../lib/util/fault.c:92
  #6  <signal handler called>
  #7  0x00007ff63c2178b5 in raise () from /lib64/libpthread.so.0
  #8  0x00007ff637602e65 in mdb_txn_renew0 (txn=txn@entry=0x55d6f97fb800) at mdb.c:2710
  #9  0x00007ff637603ae8 in mdb_txn_begin (env=0x55d6f85dfa80, parent=0x0, flags=131072, ret=0x55d6f89c0928)
      at mdb.c:2912
  #10 0x00007ff6376236cc in lmdb_lock_read (module=0x55d6f8c5f4b0) at ../../lib/ldb/ldb_mdb/ldb_mdb.c:585
  #11 0x00007ff637641de6 in ldb_kv_cache_load (module=0x55d6f8c5f4b0) at ../../lib/ldb/ldb_key_value/ldb_kv_cache.c:450
  #12 0x00007ff637638792 in ldb_kv_init_store (ldb_kv=0x55d6f8af2a80, name=0x7ff637625675 "ldb_mdb backend",
      ldb=0x55d6f8cd22b0, options=0x0, _module=0x7ffed481c248) at ../../lib/ldb/ldb_key_value/ldb_kv.c:2166
  #13 0x00007ff6376247ba in lmdb_connect (ldb=0x55d6f8cd22b0,
      url=0x55d6f85d41f0 "mdb:///tmp/foo/private/sam.ldb.d/CN=CONFIGURATION,DC=FOO,DC=EXAMPLE,DC=COM.ldb", flags=64,
      options=0x0, _module=0x7ffed481c248) at ../../lib/ldb/ldb_mdb/ldb_mdb.c:1143
  #14 0x00007ff63bd94d2f in ldb_module_connect_backend (ldb=0x55d6f8cd22b0,
      url=0x55d6f85d41f0 "mdb:///tmp/foo/private/sam.ldb.d/CN=CONFIGURATION,DC=FOO,DC=EXAMPLE,DC=COM.ldb",
      options=0x0, backend_module=0x7ffed481c248) at ../../lib/ldb/common/ldb_modules.c:221
  #15 0x00007ff6375a4baf in new_partition_from_dn (ldb=0x55d6f8cd22b0, data=0x55d6f858bed0, mem_ctx=0x55d6f8a03cd0,
      dn=0x55d6f9865450, filename=0x55d6f860b6da "sam.ldb.d/CN=CONFIGURATION,DC=FOO,DC=EXAMPLE,DC=COM.ldb",
      backend_db_store=0x55d6f9d378e0 "mdb", partition=0x7ffed481c308)
      at ../../source4/dsdb/samdb/ldb_modules/partition_init.c:257
  #16 0x00007ff6375a57b9 in partition_reload_if_required (module=0x55d6f8972d10, data=0x55d6f858bed0, parent=0x0)
      at ../../source4/dsdb/samdb/ldb_modules/partition_init.c:513
  #17 0x00007ff6375a3b04 in partition_read_lock (module=0x55d6f8972d10)
      at ../../source4/dsdb/samdb/ldb_modules/partition.c:1492
  #18 0x00007ff63bd9631e in ldb_next_read_lock (module=0x55d6f8972d10) at ../../lib/ldb/common/ldb_modules.c:662
  #19 0x00007ff637484857 in schema_read_lock (module=0x55d6f9377e40)
      at ../../source4/dsdb/samdb/ldb_modules/schema_load.c:614
  #20 0x00007ff63bd9631e in ldb_next_read_lock (module=0x55d6f9377e40) at ../../lib/ldb/common/ldb_modules.c:662
  #21 0x00007ff6374b5402 in samba_dsdb_init (module=0x55d6f91c3cd0)
      at ../../source4/dsdb/samdb/ldb_modules/samba_dsdb.c:483
  #22 0x00007ff63bd95283 in ldb_module_init_chain (ldb=0x55d6f8cd22b0, module=0x55d6f91c3cd0)
      at ../../lib/ldb/common/ldb_modules.c:363
  #23 0x00007ff63bd95645 in ldb_load_modules (ldb=0x55d6f8cd22b0, options=0x0)
      at ../../lib/ldb/common/ldb_modules.c:445
  #24 0x00007ff63bd90663 in ldb_connect (ldb=0x55d6f8cd22b0,
      url=0x7ff6377d98f8 "/tmp/foo/private/sam.ldb.bak-offline", flags=64, options=0x0)
      at ../../lib/ldb/common/ldb.c:274
  #25 0x00007ff63bddb32f in py_ldb_connect (self=0x7ff63778afc0, args=(), Python Exception <class 'gdb.error'> There is no member named ma_keys.:
  kwargs=) at ../../lib/ldb/pyldb.c:1235

Deleting the previous samdb instance by setting it to None before opening the
backed ldb workaround the problem until we find the real problem here.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14676

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 months agos3:netapi: Add libnetapi_set_creds()
Andreas Schneider [Thu, 18 Mar 2021 12:34:15 +0000 (13:34 +0100)]
s3:netapi: Add libnetapi_set_creds()

This will be used by the 'net' command in future!

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Wed Mar 24 02:07:20 UTC 2021 on sn-devel-184

2 months agos3:netapi: Get rid of set_cmdline_auth_info_*()
Andreas Schneider [Thu, 18 Mar 2021 12:49:27 +0000 (13:49 +0100)]
s3:netapi: Get rid of set_cmdline_auth_info_*()

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2 months agoauth:creds: Use our own cli_credentials_set_cmdline_callbacks()
Andreas Schneider [Thu, 3 Dec 2020 16:07:53 +0000 (17:07 +0100)]
auth:creds: Use our own cli_credentials_set_cmdline_callbacks()

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2 months agoauth:creds: Add command line function for standard password callback
Andreas Schneider [Wed, 7 Aug 2019 09:36:28 +0000 (11:36 +0200)]
auth:creds: Add command line function for standard password callback

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2 months agos4:lib:cmdline: Rename cli_credentials_set_cmdline_callbacks()
Andreas Schneider [Tue, 23 Mar 2021 15:27:38 +0000 (16:27 +0100)]
s4:lib:cmdline: Rename cli_credentials_set_cmdline_callbacks()

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2 months agos3:netapi: Remove use_ccache from 'struct libnetapi_ctx'
Andreas Schneider [Thu, 18 Mar 2021 12:39:54 +0000 (13:39 +0100)]
s3:netapi: Remove use_ccache from 'struct libnetapi_ctx'

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2 months agos3:netapi: Remove use_kerberos from struct libnetapi_ctx
Andreas Schneider [Thu, 18 Mar 2021 12:39:54 +0000 (13:39 +0100)]
s3:netapi: Remove use_kerberos from struct libnetapi_ctx

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2 months agos3:netapi: Remove workgroup from 'struct libnetapi_ctx'
Andreas Schneider [Thu, 18 Mar 2021 10:37:50 +0000 (11:37 +0100)]
s3:netapi: Remove workgroup from 'struct libnetapi_ctx'

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2 months agos3:netapi: Remove password from 'struct libnetapi_ctx'
Andreas Schneider [Thu, 18 Mar 2021 10:37:03 +0000 (11:37 +0100)]
s3:netapi: Remove password from 'struct libnetapi_ctx'

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2 months agos3:netapi: Remove username from 'struct libnetapi_ctx'
Andreas Schneider [Thu, 18 Mar 2021 10:36:37 +0000 (11:36 +0100)]
s3:netapi: Remove username from 'struct libnetapi_ctx'

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2 months agos3:netapi: Use public functions for username/password
Andreas Schneider [Thu, 18 Mar 2021 10:14:39 +0000 (11:14 +0100)]
s3:netapi: Use public functions for username/password

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2 months agos3:netapi: Get username/password from cli_credentials in joindomain.c
Andreas Schneider [Thu, 18 Mar 2021 10:08:57 +0000 (11:08 +0100)]
s3:netapi: Get username/password from cli_credentials in joindomain.c

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2 months agos3:netapi: Get username/password from cli_credentials in netapi.c
Andreas Schneider [Thu, 18 Mar 2021 10:12:09 +0000 (11:12 +0100)]
s3:netapi: Get username/password from cli_credentials in netapi.c

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2 months agos3:netapi: Fill also cli_credentials with netapi setters
Andreas Schneider [Thu, 18 Mar 2021 09:57:10 +0000 (10:57 +0100)]
s3:netapi: Fill also cli_credentials with netapi setters

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2 months agos3:netapi: Add a cli_credentials pointer to struct libnetapi_ctx
Andreas Schneider [Thu, 18 Mar 2021 09:43:26 +0000 (10:43 +0100)]
s3:netapi: Add a cli_credentials pointer to struct libnetapi_ctx

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2 months agos3:netapi: Remove unused ctx->krb5_cc_env
Andreas Schneider [Thu, 18 Mar 2021 10:00:05 +0000 (11:00 +0100)]
s3:netapi: Remove unused ctx->krb5_cc_env

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2 months agos3:netapi: Make 'struct libnetapi_ctx' opaque
Andreas Schneider [Thu, 18 Mar 2021 09:06:53 +0000 (10:06 +0100)]
s3:netapi: Make 'struct libnetapi_ctx' opaque

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2 months agos3:netapi: Use public getters in getjoinableous example
Andreas Schneider [Thu, 18 Mar 2021 09:05:26 +0000 (10:05 +0100)]
s3:netapi: Use public getters in getjoinableous example

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2 months agos3:netapi: Use public getters in remote_machine example
Andreas Schneider [Thu, 18 Mar 2021 09:04:23 +0000 (10:04 +0100)]
s3:netapi: Use public getters in remote_machine example

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2 months agos3:netapi: Implement public libnetapi_get_(username|password) functions
Andreas Schneider [Thu, 18 Mar 2021 08:59:08 +0000 (09:59 +0100)]
s3:netapi: Implement public libnetapi_get_(username|password) functions

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2 months agonetcmd: Fix typos in offline domain backup test
Joseph Sutton [Tue, 16 Mar 2021 09:46:02 +0000 (22:46 +1300)]
netcmd: Fix typos in offline domain backup test

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Mar 24 00:46:31 UTC 2021 on sn-devel-184

2 months agonetcmd: Avoid database corruption by opting not to create database files during an...
Joseph Sutton [Tue, 16 Mar 2021 09:20:21 +0000 (22:20 +1300)]
netcmd: Avoid database corruption by opting not to create database files during an offline domain backup

If backup dirs contain hardlinks, the backup process could previously
attempt to open an LMDB database already opened during the backup,
causing it to be recreated as a new TDB database. This commit ensures
that new database files are not created during this operation, and that
the main SamDB database is not modified.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14027

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz
2 months agonetcmd: Determine which files are to be copied for an offline domain backup
Joseph Sutton [Tue, 16 Mar 2021 03:22:40 +0000 (16:22 +1300)]
netcmd: Determine which files are to be copied for an offline domain backup

The old behaviour attempted to check for and remove files with duplicate
names, but did not do so due to a bug, and would have left undetermined
which files were given priority when duplicate filenames were present.
Now when hardlinks are present, only one instance of each file is
chosen, with files in the private directory having priority. If one
backup dir is nested inside another, the files contained in the nested
directory are only added once. Additionally, the BIND DNS database is
omitted from the backup.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14027

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz
2 months agonetcmd: Add test for an offline backup of nested directories
Joseph Sutton [Wed, 17 Mar 2021 21:52:52 +0000 (10:52 +1300)]
netcmd: Add test for an offline backup of nested directories

This test verifies that when performing an offline backup of a domain
where one of the directories to be backed up is nested inside another,
the contained files are only included once in the backup.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14027

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz
2 months agonetcmd: Add test for an offline backup of a directory containing hardlinks
Joseph Sutton [Tue, 16 Mar 2021 03:13:05 +0000 (16:13 +1300)]
netcmd: Add test for an offline backup of a directory containing hardlinks

This test verifies that when performing an offline backup of a domain
where the directories to be backed up contain hardlinks, only one
instance of each file is backed up, and that files in the private
directory take precedence.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14027

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz
2 months agoman winbind: Remove untrue statement, you can run winbind without running nmbd.
Rowland Penny [Tue, 23 Mar 2021 13:16:02 +0000 (13:16 +0000)]
man winbind: Remove untrue statement, you can run winbind without running nmbd.

Signed-off-by: Rowland Penny <rpenny@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Mar 23 15:15:02 UTC 2021 on sn-devel-184

2 months agos3: vxfs: Remove unused vxfs_setxattr_path().
Jeremy Allison [Fri, 19 Mar 2021 20:59:58 +0000 (13:59 -0700)]
s3: vxfs: Remove unused vxfs_setxattr_path().

Missed when SMB_VFS_SETXATTR() was removed.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>
Autobuild-User(master): David Mulder <dmulder@samba.org>
Autobuild-Date(master): Mon Mar 22 22:36:05 UTC 2021 on sn-devel-184

2 months agos3: vxfs: Remove unused vxfs_listxattr_path().
Jeremy Allison [Fri, 19 Mar 2021 20:55:26 +0000 (13:55 -0700)]
s3: vxfs: Remove unused vxfs_listxattr_path().

Missed when SMB_VFS_LISTXATTR() was removed.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>
2 months agos3:modules:vfs_virusfilter: Recent New_VFS changes break vfs_virusfilter_openat.
Trever L. Adams [Sat, 13 Mar 2021 19:47:21 +0000 (12:47 -0700)]
s3:modules:vfs_virusfilter: Recent New_VFS changes break vfs_virusfilter_openat.

The_New_VFS introduces several changes that broke vfs_virusfilter_openat. The assert to make sure certain checks would work broke.

This patch fixes those breaks and converts to the SMB_VFS_FSTAT_NEXT instead of SMB_VFS_STAT_NEXT.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14671
RN: vfs_virusfilter_openat support New_VFS FSTAT, avoid SMB_ASSERT(fsp_get_pathref_fd(dirfsp) == AT_FDCWD); problem.

Signed-off-by: Trever L. Adams" <trever.adams@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Mon Mar 22 19:44:30 UTC 2021 on sn-devel-184

2 months agos3: VFS: default: vfswrap_create_dfs_pathat() isn't restricted to dirfsp->conn->cwd_f...
Jeremy Allison [Wed, 17 Mar 2021 01:26:43 +0000 (18:26 -0700)]
s3: VFS: default: vfswrap_create_dfs_pathat() isn't restricted to dirfsp->conn->cwd_fsp anymore.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power<npower@samba.org>
2 months agos3: VFS: time_audit: Log full pathname as smb_time_audit_create_dfs_pathat() isn...
Jeremy Allison [Wed, 17 Mar 2021 04:50:08 +0000 (21:50 -0700)]
s3: VFS: time_audit: Log full pathname as smb_time_audit_create_dfs_pathat() isn't restricted to dirfsp->conn->cwd_fsp anymore.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power<npower@samba.org>
2 months agos3: VFS: full_audit: Log full pathname as smb_full_audit_create_dfs_pathat() isn...
Jeremy Allison [Wed, 17 Mar 2021 04:49:14 +0000 (21:49 -0700)]
s3: VFS: full_audit: Log full pathname as smb_full_audit_create_dfs_pathat() isn't restricted to dirfsp->conn->cwd_fsp anymore.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power<npower@samba.org>
2 months agos3: VFS: gluster: vfs_gluster_create_dfs_pathat() isn't restricted to dirfsp->conn...
Jeremy Allison [Wed, 17 Mar 2021 04:48:42 +0000 (21:48 -0700)]
s3: VFS: gluster: vfs_gluster_create_dfs_pathat() isn't restricted to dirfsp->conn->cwd_fsp anymore.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
2 months agos3: VFS: ceph: cephwrap_create_dfs_pathat() isn't restricted to dirfsp->conn->cwd_fsp...
Jeremy Allison [Wed, 17 Mar 2021 04:48:07 +0000 (21:48 -0700)]
s3: VFS: ceph: cephwrap_create_dfs_pathat() isn't restricted to dirfsp->conn->cwd_fsp anymore.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power<npower@samba.org>
3 months agos3:param: Fix segfault trying to add pcap printer without a [printers] share
Andreas Schneider [Fri, 19 Mar 2021 12:40:37 +0000 (13:40 +0100)]
s3:param: Fix segfault trying to add pcap printer without a [printers] share

 #0  0x00007fb264e75bea in __GI___wait4 (pid=21966, stat_loc=stat_loc@entry=0x7ffdf83a9bc8, options=options@entry=0, usage=usage@entry=0x0) at ../sysdeps/unix/sysv/linux/wait4.c:30
         sc_ret = -512
         sc_ret = <optimized out>
 #1  0x00007fb264e75bab in __GI___waitpid (pid=<optimized out>, stat_loc=stat_loc@entry=0x7ffdf83a9bc8, options=options@entry=0) at waitpid.c:38
 No locals.
 #2  0x00007fb264df33a3 in do_system (line=<optimized out>) at ../sysdeps/posix/system.c:172
         __result = <optimized out>
         _buffer = {
           __routine = 0x7fb264df35d0 <cancel_handler>,
           __arg = 0x7ffdf83a9bd0,
           __canceltype = 0,
           __prev = 0x0
         }
         _avail = 1
         cancel_args = {
           quit = 0x7fb264f6f200 <quit>,
           intr = 0x7fb264f6f2a0 <intr>,
           pid = 21966
         }
         status = -1
         ret = 0
         pid = 21966
         sa = {
           __sigaction_handler = {
             sa_handler = 0x1,
             sa_sigaction = 0x1
           },
           sa_mask = {
             __val = {[0] = 65536, [1] = 94088581545700, [2] = 0, [3] = 0, [4] = 0, [5] = 0, [6] = 0, [7] = 1703897678, [8] = 140404174928432, [9] = 140404179009536, [10] = 0, [11] = 140728768044480, [12] = 140404185491504, [13] = 18446744073709551615, [14] = 100, [15] = 140404180125856}
           },
           sa_flags = 0,
           sa_restorer = 0x7ffdf83a9df0
         }
         omask = {
           __val = {[0] = 7296, [1] = 140404179695051, [2] = 94088578316976, [3] = 140404180018176, [4] = 140404180017664, [5] = 140404185449449, [6] = 140728768044176, [7] = 140404185448599, [8] = 140404185458050, [9] = 100, [10] = 140404180125856, [11] = 7322926704, [12] = 140728768044432, [13] = 140404185491192, [14] = 112, [15] = 100}
         }
         reset = {
           __val = {[0] = 6, [1] = 5372865792, [2] = 94088581545600, [3] = 140728768044624, [4] = 100, [5] = 100, [6] = 101, [7] = 94088581545600, [8] = 140728768044288, [9] = 140404173470464, [10] = 140406703357952, [11] = 94088581545600, [12] = 94088581545600, [13] = 94088581545600, [14] = 94088581545600, [15] = 94088581545700}
         }
         spawn_attr = {
           __flags = 12,
           __pgrp = 0,
           __sd = {
             __val = {[0] = 6, [1] = 5372865792, [2] = 94088581545600, [3] = 140728768044624, [4] = 100, [5] = 100, [6] = 101, [7] = 94088581545600, [8] = 140728768044288, [9] = 140404173470464, [10] = 140406703357952, [11] = 94088581545600, [12] = 94088581545600, [13] = 94088581545600, [14] = 94088581545600, [15] = 94088581545700}
           },
           __ss = {
             __val = {[0] = 7296, [1] = 140404179695051, [2] = 94088578316976, [3] = 140404180018176, [4] = 140404180017664, [5] = 140404185449449, [6] = 140728768044176, [7] = 140404185448599, [8] = 140404185458050, [9] = 100, [10] = 140404180125856, [11] = 7322926704, [12] = 140728768044432, [13] = 140404185491192, [14] = 112, [15] = 100}
           },
           __sp = {
             sched_priority = 0
           },
           __policy = 0,
           __pad = {[0] = 0 <repeats 16 times>}
         }
 #3  0x00007fb2654289f6 in smb_panic_s3 (why=0x7ffdf83a9fd0 "Signal 11: Segmentation fault") at ../../source3/lib/util.c:839
         lp_sub = 0x7fb265461a60 <s3_global_substitution>
         cmd = 0x5592b47afe30 "/home/asn/workspace/projects/samba/selftest/gdb_backtrace 21964"
         result = 32690
         __FUNCTION__ = "smb_panic_s3"
 #4  0x00007fb2658f6f09 in smb_panic (why=0x7ffdf83a9fd0 "Signal 11: Segmentation fault") at ../../lib/util/fault.c:197
 No locals.
 #5  0x00007fb2658f6a39 in fault_report (sig=11) at ../../lib/util/fault.c:81
         counter = 1
         signal_string = "Signal 11: Segmentation fault\000\000\000\000\240:\370\375\177\000\000\000m?@/\214؊\377\245:\370\375\177\000\000\000m?@/\214؊\000\242:\370\375\177", '\000' <repeats 11 times>, "\242:\370\375\177\000\000\351C\231e\262\177\000\000`\240:\370\375\177\000\000\002:\231e\262\177\000\000Р:\370\375\177\000\000\a\000\000\000\061\000\000"
 #6  0x00007fb2658f6a4e in sig_fault (sig=11) at ../../lib/util/fault.c:92
 No locals.
 #7  <signal handler called>
 No locals.
 #8  0x00007fb2653762b4 in copy_service (pserviceDest=0x5592b4657940, pserviceSource=0x0, pcopymapDest=0x0) at ../../lib/param/loadparm.c:896
         src_ptr = 0x1
         dest_ptr = 0x5592b4657941
         i = 1
         bcopyall = true
         data = 0x5592b44a9020
 #9  0x00007fb2653e1e16 in add_a_service (pservice=0x0, name=0x5592b4476130 "laserjet1102w") at ../../source3/param/loadparm.c:1486
         i = 13
         tsp = 0x5592b44a9020
         __FUNCTION__ = "add_a_service"
 #10 0x00007fb2653e2846 in lp_add_printer (pszPrintername=0x5592b4476130 "laserjet1102w", iDefaultService=-1) at ../../source3/param/loadparm.c:1666
         comment = 0x7fb2654339ec "From Printcap"
         i = 21906
         __FUNCTION__ = "lp_add_printer"
 #11 0x00007fb2653e59b8 in lp_add_one_printer (name=0x5592b4476130 "laserjet1102w", comment=0x5592b512d5a0 "HP LaserJet Professional p 1102w, hpcups 3.19.6, requires proprietary plugin", location=0x5592b4476200 "", pdata=0x0) at ../../source3/param/loadparm.c:2988
         printers = -1
         i = 1700139171
 #12 0x00007fb26556112f in printer_list_exec_fn (rec=0x7ffdf83aa7e0, private_data=0x7ffdf83aa9f0) at ../../source3/printing/printer_list.c:446
         state = 0x7ffdf83aa9f0
         time_h = 0
         time_l = 17286
         name = 0x5592b4476130 "laserjet1102w"
         comment = 0x5592b512d5a0 "HP LaserJet Professional p 1102w, hpcups 3.19.6, requires proprietary plugin"
         location = 0x5592b4476200 ""
         ret = 100
         key = {
           dptr = 0x5592b456fdd0 "PRINTERLIST/PRN/LASERJET1102W",
           dsize = 30
         }
         value = {
           dptr = 0x5592b456fdee "",
           dsize = 100
         }
         __FUNCTION__ = "printer_list_exec_fn"
 #13 0x00007fb2646fc747 in db_tdb_traverse_read_func (tdb=0x5592b5377090, kbuf=..., dbuf=..., private_data=0x7ffdf83aa920) at ../../lib/dbwrap/dbwrap_tdb.c:399
         ctx = 0x7ffdf83aa920
         rec = {
           db = 0x5592b4957500,
           key = {
             dptr = 0x5592b456fdd0 "PRINTERLIST/PRN/LASERJET1102W",
             dsize = 30
           },
           value = {
             dptr = 0x5592b456fdee "",
             dsize = 100
           },
           value_valid = true,
           storev = 0x7fb2646fc672 <db_tdb_storev_deny>,
           delete_rec = 0x7fb2646fc68b <db_tdb_delete_deny>,
           private_data = 0x5592b5249b50
         }
 #14 0x00007fb26372c08d in ?? () from /usr/lib64/libtdb.so.1
 No symbol table info available.
 #15 0x00007fb26372c21d in tdb_traverse_read () from /usr/lib64/libtdb.so.1
 No symbol table info available.
 #16 0x00007fb2646fc7b7 in db_tdb_traverse_read (db=0x5592b4957500, f=0x7fb265561001 <printer_list_exec_fn>, private_data=0x7ffdf83aa9f0) at ../../lib/dbwrap/dbwrap_tdb.c:413
         db_ctx = 0x5592b5249b50
         ctx = {
           db = 0x5592b4957500,
           f = 0x7fb265561001 <printer_list_exec_fn>,
           private_data = 0x7ffdf83aa9f0
         }
 #17 0x00007fb2646f83ad in dbwrap_traverse_read (db=0x5592b4957500, f=0x7fb265561001 <printer_list_exec_fn>, private_data=0x7ffdf83aa9f0, count=0x0) at ../../lib/dbwrap/dbwrap.c:412
         ret = 0
 #18 0x00007fb265560d9b in printer_list_traverse (fn=0x7fb265561001 <printer_list_exec_fn>, private_data=0x7ffdf83aa9f0, read_only=true) at ../../source3/printing/printer_list.c:328
         db = 0x5592b4957500
         status = {
           v = 0
         }
 #19 0x00007fb2655611cc in printer_list_read_run_fn (fn=0x7fb2653e5970 <lp_add_one_printer>, private_data=0x0) at ../../source3/printing/printer_list.c:464
         state = {
           fn = 0x7fb2653e5970 <lp_add_one_printer>,
           private_data = 0x0,
           status = {
             v = 0
           }
         }
         status = {
           v = 0
         }
 #20 0x00007fb26555c9e6 in load_printers () at ../../source3/printing/load.c:86
         status = {
           v = 0
         }
         __func__ = "load_printers"
 #21 0x00007fb265599457 in delete_and_reload_printers () at ../../source3/smbd/server_reload.c:80
         n_services = -130372992
         pnum = 12
         snum = 12
         pname = 0x5592b55626f0 "\340=\277\264\222U"
         ok = true
         pcap_last_update = 17286
         frame = 0x5592b4797d70
         lp_sub = 0x7fb265461a60 <s3_global_substitution>
         __FUNCTION__ = "delete_and_reload_printers"
 #22 0x00007fb2655404d7 in delete_and_reload_printers_full (ev=0x5592b44a6940, msg_ctx=0x5592b44a92c0) at ../../source3/printing/queue_process.c:131
         session_info = 0x5592b55626f0
         pinfo2 = 0x0
         lp_sub = 0x7fb265461a60 <s3_global_substitution>
         n_services = 13
         pnum = -1
         snum = 13
         pname = 0x5592b45003d0 "\240\247F\264\222U"
         sname = 0x7ffdf83aab00 "\200\253:\370\375\177"
         status = {
           v = 0
         }
         __FUNCTION__ = "delete_and_reload_printers_full"
 #23 0x00007fb265540523 in reload_pcap_change_notify (ev=0x5592b44a6940, msg_ctx=0x5592b44a92c0) at ../../source3/printing/queue_process.c:150
 No locals.
 #24 0x00007fb265555855 in cups_async_callback (event_ctx=0x5592b44a6940, event=0x5592b5562570, flags=1, p=0x5592b4a9b160) at ../../source3/printing/print_cups.c:571
         frame = 0x5592b4e26960
         cb_args = 0x5592b4a9b160
         tmp_pcap_cache = 0x5592b45003d0
         ret_ok = true
         pcap_data = {
           status = {
             v = 0
           },
           count = 1,
           printers = 0x5592b5393800
         }
         pcap_blob = {
           data = 0x5592b47a48e0 "\001",
           length = 157
         }
         ndr_ret = NDR_ERR_SUCCESS
         i = 1
         __FUNCTION__ = "cups_async_callback"
 #25 0x00007fb26548b88c in tevent_common_invoke_fd_handler (fde=0x5592b5562570, flags=1, removed=0x0) at ../../lib/tevent/tevent_fd.c:138
         handler_ev = 0x5592b44a6940
 #26 0x00007fb265496148 in epoll_event_loop (epoll_ev=0x5592b4a30eb0, tvalp=0x7ffdf83aac50) at ../../lib/tevent/tevent_epoll.c:736
         fde = 0x5592b5562570
         flags = 1
         mpx_fde = 0x0
         ret = 1
         i = 0
         events = {[0] = {
             events = 17,
             data = {
               ptr = 0x5592b5562570,
               fd = -1252645520,
               u32 = 3042321776,
               u64 = 94088595907952
             }
           }}
         timeout = 750000
         wait_errno = 0
 #27 0x00007fb26549678f in epoll_event_loop_once (ev=0x5592b44a6940, location=0x7fb2657c54e0 "../../source3/printing/queue_process.c:424") at ../../lib/tevent/tevent_epoll.c:937
         epoll_ev = 0x5592b4a30eb0
         tval = {
           tv_sec = 749,
           tv_usec = 999054
         }
         panic_triggered = false
 #28 0x00007fb2654930fa in std_event_loop_once (ev=0x5592b44a6940, location=0x7fb2657c54e0 "../../source3/printing/queue_process.c:424") at ../../lib/tevent/tevent_standard.c:110
         glue_ptr = 0x5592b44aa700
         glue = 0x5592b44aa700
         ret = 21906
 #29 0x00007fb26548aaf7 in _tevent_loop_once (ev=0x5592b44a6940, location=0x7fb2657c54e0 "../../source3/printing/queue_process.c:424") at ../../lib/tevent/tevent.c:772
         ret = 21906
         nesting_stack_ptr = 0x0
 #30 0x00007fb26548ae1e in tevent_common_loop_wait (ev=0x5592b44a6940, location=0x7fb2657c54e0 "../../source3/printing/queue_process.c:424") at ../../lib/tevent/tevent.c:895
         ret = 32690
 #31 0x00007fb26549319c in std_event_loop_wait (ev=0x5592b44a6940, location=0x7fb2657c54e0 "../../source3/printing/queue_process.c:424") at ../../lib/tevent/tevent_standard.c:141
         glue_ptr = 0x5592b44aa700
         glue = 0x5592b44aa700
         ret = 32690
 #32 0x00007fb26548aec1 in _tevent_loop_wait (ev=0x5592b44a6940, location=0x7fb2657c54e0 "../../source3/printing/queue_process.c:424") at ../../lib/tevent/tevent.c:914
 No locals.
 #33 0x00007fb265541028 in start_background_queue (ev=0x5592b44a6940, msg_ctx=0x5592b44a92c0, logfile=0x0) at ../../source3/printing/queue_process.c:424
         fde = 0x5592b53bcee0
         ret = 21906
         status = {
           v = 0
         }
         pid = 0
         state = 0x5592b4bf3d50
         pause_pipe = {[0] = -1, [1] = 48}
         __FUNCTION__ = "start_background_queue"
 #34 0x00007fb265541154 in printing_subsystem_init (ev_ctx=0x5592b44a6940, msg_ctx=0x5592b44a92c0, dce_ctx=0x5592b44ae3e0, start_daemons=true, background_queue=true) at ../../source3/printing/queue_process.c:457
         pid = -1
 #35 0x00005592b436b820 in main (argc=5, argv=0x7ffdf83ab2e8) at ../../source3/smbd/server.c:2131
         bgq = true
         ok = false
         is_daemon = true
         interactive = false
         Fork = false
         no_process_group = false
         log_stdout = true
         ports = 0x0
         profile_level = 0x0
         opt = -1
         pc = 0x5592b4496df0
         print_build_options = false
         main_server_id = {
           pid = 21931,
           task_id = 0,
           vnn = 4294967295,
           unique_id = 7715839874465799134
         }
         OPT_DAEMON = OPT_DAEMON
         OPT_INTERACTIVE = OPT_INTERACTIVE
         OPT_FORK = OPT_FORK
         OPT_NO_PROCESS_GROUP = OPT_NO_PROCESS_GROUP
         OPT_LOG_STDOUT = OPT_LOG_STDOUT
         long_options = {[0] = {
             longName = 0x0,
             shortName = 0 '\000',
             argInfo = 4,
             arg = 0x7fb2650d9400 <poptHelpOptions>,
             val = 0,
             descrip = 0x5592b43732e1 "Help options:",
             argDescrip = 0x0
           }, [1] = {
             longName = 0x5592b43732ef "daemon",
             shortName = 68 'D',
             argInfo = 0,
             arg = 0x0,
             val = 1000,
             descrip = 0x5592b43732f6 "Become a daemon (default)",
             argDescrip = 0x0
           }, [2] = {
             longName = 0x5592b4373310 "interactive",
             shortName = 105 'i',
             argInfo = 0,
             arg = 0x0,
             val = 1001,
             descrip = 0x5592b4373320 "Run interactive (not a daemon) and log to stdout",
             argDescrip = 0x0
           }, [3] = {
             longName = 0x5592b4373351 "foreground",
             shortName = 70 'F',
             argInfo = 0,
             arg = 0x0,
             val = 1002,
             descrip = 0x5592b4373360 "Run daemon in foreground (for daemontools, etc.)",
             argDescrip = 0x0
           }, [4] = {
             longName = 0x5592b4373391 "no-process-group",
             shortName = 0 '\000',
             argInfo = 0,
             arg = 0x0,
             val = 1003,
             descrip = 0x5592b43733a8 "Don't create a new process group",
             argDescrip = 0x0
           }, [5] = {
             longName = 0x5592b43733c9 "log-stdout",
             shortName = 83 'S',
             argInfo = 0,
             arg = 0x0,
             val = 1004,
             descrip = 0x5592b43733d4 "Log to stdout",
             argDescrip = 0x0
           }, [6] = {
             longName = 0x5592b43733e2 "build-options",
             shortName = 98 'b',
             argInfo = 0,
             arg = 0x0,
             val = 98,
             descrip = 0x5592b43733f0 "Print build options",
             argDescrip = 0x0
           }, [7] = {
             longName = 0x5592b4373404 "port",
             shortName = 112 'p',
             argInfo = 1,
             arg = 0x7ffdf83ab158,
             val = 0,
             descrip = 0x5592b4373409 "Listen on the specified ports",
             argDescrip = 0x0
           }, [8] = {
             longName = 0x5592b4373427 "profiling-level",
             shortName = 80 'P',
             argInfo = 1,
             arg = 0x7ffdf83ab150,
             val = 0,
             descrip = 0x5592b4373437 "Set profiling level",
             argDescrip = 0x5592b437344b "PROFILE_LEVEL"
           }, [9] = {
             longName = 0x0,
             shortName = 0 '\000',
             argInfo = 4,
             arg = 0x7fb2654a8140 <popt_common_samba>,
             val = 0,
             descrip = 0x5592b4373459 "Common samba options:",
             argDescrip = 0x0
           }, [10] = {
             longName = 0x0,
             shortName = 0 '\000',
             argInfo = 0,
             arg = 0x0,
             val = 0,
             descrip = 0x0,
             argDescrip = 0x0
           }}
         parent = 0x5592b44addf0
         frame = 0x5592b448d6b0
         status = {
           v = 0
         }
         ev_ctx = 0x5592b44a6940
         msg_ctx = 0x5592b44a92c0
         dce_ctx = 0x5592b44ae3e0
         server_id = {
           pid = 21931,
           task_id = 0,
           vnn = 4294967295,
           unique_id = 5659117256920205400
         }
         se = 0x5592b44c0f90
         profiling_level = 0
         np_dir = 0x5592b4f2bdc0 "/home/asn/workspace/projects/samba/st/fl2003dc/ncalrpc/np"
         lp_sub = 0x7fb265461a60 <s3_global_substitution>
         smbd_shim_fns = {
           send_stat_cache_delete_message = 0x7fb26563ba6e <smbd_send_stat_cache_delete_message>,
           change_to_root_user = 0x7fb265613e99 <smbd_change_to_root_user>,
           become_authenticated_pipe_user = 0x7fb265613f4b <smbd_become_authenticated_pipe_user>,
           unbecome_authenticated_pipe_user = 0x7fb265614067 <smbd_unbecome_authenticated_pipe_user>,
           contend_level2_oplocks_begin = 0x7fb2656bb8df <smbd_contend_level2_oplocks_begin>,
           contend_level2_oplocks_end = 0x7fb2656bb902 <smbd_contend_level2_oplocks_end>,
           become_root = 0x7fb2656142cc <smbd_become_root>,
           unbecome_root = 0x7fb2656142f5 <smbd_unbecome_root>,
           exit_server = 0x7fb2656add55 <smbd_exit_server>,
           exit_server_cleanly = 0x7fb2656add72 <smbd_exit_server_cleanly>
         }
         __FUNCTION__ = "main"
         __func__ = "main"

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Mar 19 18:56:33 UTC 2021 on sn-devel-184

3 months agos3: Remove last vestiges of Tru64 ACL support (missed in earlier patch).
Jeremy Allison [Wed, 17 Mar 2021 06:10:58 +0000 (23:10 -0700)]
s3: Remove last vestiges of Tru64 ACL support (missed in earlier patch).

Added WHATSNEW.txt note.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Mar 19 14:15:02 UTC 2021 on sn-devel-184

3 months agomessaging: Fix receiving file descriptors
Volker Lendecke [Thu, 21 Jan 2021 17:33:58 +0000 (18:33 +0100)]
messaging: Fix receiving file descriptors

Don't close unconsumed file descriptors in messaging_recv_cb(). Via
multiple registrations on different tevent contexts we might call
messaging_recv_cb() multiple times: All but the first tevent context
handled in the loop in msg_dgm_ref_recv() will not see file
descriptors anymore, it will just get a -1, even if the first
reference had no receiver interested in the fds.

Change the API such that consumers can set the file descriptor to -1
if it's consumed. If nobody wanted them, do the close where they were
created via recvmsg, in messages_dgm.c.

If you want multiple handlers to consume the file descriptors, you
should dup() them in the filter function handed to
messaging_filtered_read_send and save the duplicate in your private
data for later consumption.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Mar 19 08:18:26 UTC 2021 on sn-devel-184

3 months agolib: Properly return errno from open_socket_in()
Volker Lendecke [Fri, 12 Feb 2021 20:27:19 +0000 (21:27 +0100)]
lib: Properly return errno from open_socket_in()

Before this patch, open_socket_in() relied on quite a bit of code to
not touch errno after for example socket() returned -1. Change this to
explicitly save errno in "ret", such that a later DEBUG() with all its
formatting code can mess it up.

While there, remove the debuglevel parameter. I don't think this
actually useful.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
3 months agorpcclient: Enable ncalrpc: transport
Volker Lendecke [Tue, 16 Mar 2021 07:29:33 +0000 (08:29 +0100)]
rpcclient: Enable ncalrpc: transport

Best reviewed with "git show -b". Right now lsarpc in the nt4_dc
environment is not available over ncalrpc, so instead of getusername
we need to use epmlookup for the rpcclient tests

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
3 months agolibrpc: Simplify dcerpc_binding_dup() with common nomem handling
Volker Lendecke [Mon, 15 Mar 2021 16:45:32 +0000 (17:45 +0100)]
librpc: Simplify dcerpc_binding_dup() with common nomem handling

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
3 months agomdfind: Use cli_rpc_pipe_open_noauth() in mdfind util
Volker Lendecke [Mon, 15 Mar 2021 16:27:21 +0000 (17:27 +0100)]
mdfind: Use cli_rpc_pipe_open_noauth() in mdfind util

For the better or worse, we have a wrapper for NCACN_NP

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
3 months agorpcclient: Let rpc_pipe_open_ncalrpc() figure out the dst sock itself
Volker Lendecke [Mon, 8 Feb 2021 15:21:03 +0000 (16:21 +0100)]
rpcclient: Let rpc_pipe_open_ncalrpc() figure out the dst sock itself

Let the epmapper take care of this, with "EPMAPPER" being the default
socket that is connected for registration from ep_register()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
3 months agorpc_client: Factor out rpccli_epm_map_interface() from rpc_pipe_get_tcp_port()
Volker Lendecke [Mon, 8 Feb 2021 14:47:41 +0000 (15:47 +0100)]
rpc_client: Factor out rpccli_epm_map_interface() from rpc_pipe_get_tcp_port()

Make it usable for ncalrpc as well

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
3 months agorpcclient: No need to use an object id in epm_map
Volker Lendecke [Tue, 26 Jan 2021 15:23:10 +0000 (16:23 +0100)]
rpcclient: No need to use an object id in epm_map

The interface id we're looking for is listed as floor 0 in the
map_tower argument.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
3 months agorpcclient: Don't put a port into the epm_map request
Volker Lendecke [Tue, 26 Jan 2021 15:22:35 +0000 (16:22 +0100)]
rpcclient: Don't put a port into the epm_map request

That's what the server is supposed to fill in for us

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
3 months agorpcclient: Remove pipe_default_auth globals
Volker Lendecke [Mon, 15 Mar 2021 13:51:30 +0000 (14:51 +0100)]
rpcclient: Remove pipe_default_auth globals

We have all information in the binding, we don't need those globals.

In case you're looking for tests: We have the combinations in our
blackbox.rpcclient test. They don't actually check whether we really
do the transport wrapping that is announced, some manual wireshark
inspection showed that this does what it's supposed to do. And it took
a quite bit of tweaking in binding_get_auth_info() to make this
survive "make test TESTS=blackbox.rpcclient".

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
3 months agosamba-tool: Add a gpo command for removing VGP Host Access Group Policy
David Mulder [Wed, 3 Mar 2021 21:19:01 +0000 (14:19 -0700)]
samba-tool: Add a gpo command for removing VGP Host Access Group Policy

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Mar 18 20:02:50 UTC 2021 on sn-devel-184

3 months agosamba-tool: Test gpo manage access remove command
David Mulder [Wed, 3 Mar 2021 19:28:07 +0000 (12:28 -0700)]
samba-tool: Test gpo manage access remove command

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
3 months agosamba-tool: Add a gpo command for adding VGP Host Access Group Policy
David Mulder [Tue, 2 Mar 2021 22:05:46 +0000 (15:05 -0700)]
samba-tool: Add a gpo command for adding VGP Host Access Group Policy

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
3 months agosamba-tool: Test gpo manage access add command
David Mulder [Mon, 1 Mar 2021 17:31:54 +0000 (10:31 -0700)]
samba-tool: Test gpo manage access add command

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
3 months agosamba-tool: Add a gpo command for listing VGP Host Access Group Policy
David Mulder [Wed, 24 Feb 2021 13:36:45 +0000 (06:36 -0700)]
samba-tool: Add a gpo command for listing VGP Host Access Group Policy

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
3 months agosamba-tool: Test gpo manage access list command
David Mulder [Tue, 23 Feb 2021 20:12:09 +0000 (13:12 -0700)]
samba-tool: Test gpo manage access list command

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
3 months agogpo: Apply Group Policy Host Access configuration from VGP
David Mulder [Tue, 23 Feb 2021 18:12:05 +0000 (11:12 -0700)]
gpo: Apply Group Policy Host Access configuration from VGP

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
3 months agogpo: Test Group Policy Host Access Configuration for VGP
David Mulder [Mon, 22 Feb 2021 22:01:04 +0000 (15:01 -0700)]
gpo: Test Group Policy Host Access Configuration for VGP

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
3 months agosmbd: free open_rec state in remove_deferred_open_message_smb2_internal()
Ralph Boehme [Tue, 16 Mar 2021 17:18:46 +0000 (18:18 +0100)]
smbd: free open_rec state in remove_deferred_open_message_smb2_internal()

The lifetime of open_rec (struct deferred_open_record) ojects is the time
processing the SMB open request every time the request is scheduled, ie once we
reschedule we must wipe the slate clean. In case the request gets deferred
again, a new open_rec will be created by the schedule functions.

This ensures any timer-event tied to the open_rec gets cancelled and doesn't
fire unexpectedly.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14672
CI: https://gitlab.com/samba-team/samba/-/merge_requests/1843
RN: smbd panic when two clients open same file

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Mar 18 18:04:09 UTC 2021 on sn-devel-184

3 months agosmbd: cancel pending poll open timer in poll_open_done()
Ralph Boehme [Wed, 17 Mar 2021 15:24:28 +0000 (16:24 +0100)]
smbd: cancel pending poll open timer in poll_open_done()

The retry of the open is scheduled below, avoid rescheduling it a second time in
the open retry timeout function.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14672
CI: https://gitlab.com/samba-team/samba/-/merge_requests/1843

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
3 months agosmbd: reset dangling watch_req pointer in poll_open_done
Ralph Boehme [Wed, 17 Mar 2021 15:22:37 +0000 (16:22 +0100)]
smbd: reset dangling watch_req pointer in poll_open_done

We just freed subreq and a pointer to subreq is stored in open_rec->watch_req,
so we must invalidate the pointer.

Otherwise if the poll open timer fires it will do a

  TALLOC_FREE(open_rec->watch_req);

on the dangling pointer which may crash or do something worse like freeing some
other random talloc memory.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14672
CI: https://gitlab.com/samba-team/samba/-/merge_requests/1843

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
3 months agos3: tests: Change logfile for printing expansion tests.
Jeremy Allison [Wed, 17 Mar 2021 22:44:37 +0000 (15:44 -0700)]
s3: tests: Change logfile for printing expansion tests.

logfile=/tmp/$USER_printing_var_exp.log -> logfile="${SELFTEST_TMPDIR}/${USER}_printing_var_exp.log"

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Mar 18 02:57:08 UTC 2021 on sn-devel-184

3 months agothird_party: Update socket_wrapper to version 1.3.3
Stefan Metzmacher [Wed, 17 Feb 2021 11:57:01 +0000 (12:57 +0100)]
third_party: Update socket_wrapper to version 1.3.3

This fixes a deadlock abort() when SOCKET_WRAPPER_KEEP_PCAP=1
is used.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14640

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Mar 17 23:53:04 UTC 2021 on sn-devel-184

3 months agopy.join: remove unused untested get_naming_master
Douglas Bagnall [Tue, 16 Feb 2021 23:47:42 +0000 (12:47 +1300)]
py.join: remove unused untested get_naming_master

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Mar 17 18:23:04 UTC 2021 on sn-devel-184

3 months agosamba-tool: domain tombstones expunge reminds on semi-noop
Douglas Bagnall [Thu, 7 Jan 2021 03:14:45 +0000 (16:14 +1300)]
samba-tool: domain tombstones expunge reminds on semi-noop

Sometimes people assume `samba-tool domain tombstones expunge` will
expunge tombstones, but in the general case it won't because it only
affects those that have reached the tombstone lifetime, but these are
likely to have already been deleted by the regularly scheduled task.
You need to set the tombstone lifetime to have much effect.

This patch doesn't change the behaviour, but it does warn the user
that they are probably doing nothing of significance.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
3 months agopytests: dns_base: remove a py2 compat thing
Douglas Bagnall [Wed, 2 Dec 2020 22:57:48 +0000 (22:57 +0000)]
pytests: dns_base: remove a py2 compat thing

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
3 months agokcc: use py3 compatible sort in rarely visited branch
Douglas Bagnall [Wed, 2 Dec 2020 00:47:14 +0000 (13:47 +1300)]
kcc: use py3 compatible sort in rarely visited branch

This won't have worked for some time, but nobody has complained,
because nobody uses DS_NTDSSETTINGS_OPT_IS_RAND_BH_SELECTION_DISABLED

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
3 months agopy3compat: remove obsolete comments
Douglas Bagnall [Tue, 1 Dec 2020 23:51:44 +0000 (12:51 +1300)]
py3compat: remove obsolete comments

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
3 months agopy bindings: write 'bytes', not 'PY_DESC_PY3_BYTES'
Douglas Bagnall [Tue, 1 Dec 2020 23:27:35 +0000 (12:27 +1300)]
py bindings: write 'bytes', not 'PY_DESC_PY3_BYTES'

Because it is shorter, clearer, and reduces py3compat.h

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
3 months agopy/provision: provision_become_dc(): remove unused arguments
Douglas Bagnall [Tue, 1 Dec 2020 23:11:04 +0000 (12:11 +1300)]
py/provision: provision_become_dc(): remove unused arguments

The only caller is source4/param/provision.c, which doesn't supply these arguments,
and they aren't used inside the function.

This makes it just slightly less overwhelming

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
3 months agopy/provision: remove unused variable, thence import
Douglas Bagnall [Tue, 1 Dec 2020 23:09:05 +0000 (12:09 +1300)]
py/provision: remove unused variable, thence import

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
3 months agoselftest/flapping: remove python[23] lines
Douglas Bagnall [Wed, 3 Mar 2021 01:11:57 +0000 (14:11 +1300)]
selftest/flapping: remove python[23] lines

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Mar 17 07:03:27 UTC 2021 on sn-devel-184

3 months agoknownfail: remove python[23] lines
Douglas Bagnall [Tue, 2 Mar 2021 23:37:45 +0000 (12:37 +1300)]
knownfail: remove python[23] lines

We no longer run any *python2* or *python3* specific tests, so
these knownfail lines are just clutter.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
3 months agoldb: improve comments for ldb_module_connect_backend()
Douglas Bagnall [Fri, 29 Jan 2021 00:49:02 +0000 (13:49 +1300)]
ldb: improve comments for ldb_module_connect_backend()

There is no flags argument.
There are more URI forms.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
3 months agoldb/test/ldb_tdb: correct introductory comments
Douglas Bagnall [Thu, 28 Jan 2021 21:15:18 +0000 (10:15 +1300)]
ldb/test/ldb_tdb: correct introductory comments

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
3 months agopdb_samba_dsdb: remove #if 0 block
Douglas Bagnall [Sun, 20 Dec 2020 07:34:16 +0000 (20:34 +1300)]
pdb_samba_dsdb: remove #if 0 block

Doing nothng since 2011

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
3 months agoldb.h: remove undefined async_ctx function signatures
Douglas Bagnall [Fri, 18 Dec 2020 22:43:56 +0000 (11:43 +1300)]
ldb.h: remove undefined async_ctx function signatures

These functions do not exist.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
3 months agosmb2_sesssetup: validate that sign_algo and encryption_cipher match on a session...
Stefan Metzmacher [Tue, 9 Mar 2021 22:54:04 +0000 (23:54 +0100)]
smb2_sesssetup: validate that sign_algo and encryption_cipher match on a session bind

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Mar 17 01:56:37 UTC 2021 on sn-devel-184

3 months agosmb2_sesssetup: a session bind with a different user results in ACCESS_DENIED
Stefan Metzmacher [Wed, 10 Mar 2021 09:58:10 +0000 (10:58 +0100)]
smb2_sesssetup: a session bind with a different user results in ACCESS_DENIED

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
3 months agosmb2_sesssetup: a bind dialect mismatch should always result in INVALID_PARAMETER
Stefan Metzmacher [Tue, 9 Mar 2021 16:03:27 +0000 (17:03 +0100)]
smb2_sesssetup: a bind dialect mismatch should always result in INVALID_PARAMETER

The ACCESS_DENIED errors happened as we didn't expected to signing
algo is attached to the session key. So our client calculated the
wrong signature.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
3 months agosmb2_sesssetup: only set NT_STATUS_MORE_PROCESSING_REQUIRED if a reauth can start
Stefan Metzmacher [Tue, 9 Mar 2021 16:11:04 +0000 (17:11 +0100)]
smb2_sesssetup: only set NT_STATUS_MORE_PROCESSING_REQUIRED if a reauth can start

When the session is not valid on the current connection it should not be
possible to start a reauth.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
3 months agosmb2_sesssetup: don't shutdown a session on failure when it's not valid yet on the...
Stefan Metzmacher [Tue, 9 Mar 2021 15:15:49 +0000 (16:15 +0100)]
smb2_sesssetup: don't shutdown a session on failure when it's not valid yet on the connection

If someone tries to operate on a session that is not yet valid on the
current connection and the current session setup fails, then we should
not shutdown the session.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
3 months agosmb2_server: fallback global session lookup if the session belongs to a different...
Stefan Metzmacher [Thu, 25 Feb 2021 16:58:48 +0000 (17:58 +0100)]
smb2_server: fallback global session lookup if the session belongs to a different client

The key is that we need to have the signing key in order to pass the
signing checks and give the correct session bind error status.

This should fix the MultipleChannel_Negative_SMB2002 testcase
of the Windows Protocol Test Suite (FileServer).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reported-by: Jones Syue <jonessyue@qnap.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
3 months agosmbXsrv_session: split out smbXsrv_session_remove_channel()
Stefan Metzmacher [Tue, 9 Mar 2021 15:00:55 +0000 (16:00 +0100)]
smbXsrv_session: split out smbXsrv_session_remove_channel()

It will be needed in other places and makes the logic in
smbXsrv_session_disconnect_xconn_callback() much simpler.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14532
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
3 months agos3:selftest: pass alice credentials to the smb2.session tests for ad_dc
Stefan Metzmacher [Wed, 10 Mar 2021 12:06:00 +0000 (13:06 +0100)]
s3:selftest: pass alice credentials to the smb2.session tests for ad_dc

This allows us to test session binds with different users.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
3 months agos4:torture/smb2: add smb2.session.bind_{invalid_auth,different_user}
Stefan Metzmacher [Tue, 9 Mar 2021 13:26:46 +0000 (14:26 +0100)]
s4:torture/smb2: add smb2.session.bind_{invalid_auth,different_user}

These demonstrate that a failing bind does not destroy
the existing session and binding with a different user results
in ACCESS_DENIED.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
3 months agos4:torture: add a torture_user2_credentials() helper to pass additional credentials
Stefan Metzmacher [Wed, 10 Mar 2021 11:55:14 +0000 (12:55 +0100)]
s4:torture: add a torture_user2_credentials() helper to pass additional credentials

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
3 months agos4:torture/smb2: add smb2.session.bind_negative_{smb202,smb210,smb2to3,smb3to2,smb3to3}
Stefan Metzmacher [Wed, 24 Feb 2021 16:43:40 +0000 (17:43 +0100)]
s4:torture/smb2: add smb2.session.bind_negative_{smb202,smb210,smb2to3,smb3to2,smb3to3}

'smb2.session.bind_negative_smb202' is similar to the MultipleChannel_Negative_SMB2002 test
from the Windows Protocol Test Suite.

It demonstrates that the server needs to do lookup
in the global session table in order to get the signing
and error code of invalid session setups correct.

In order to work out the details I've added more similar tests.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
3 months agos4:torture/smb2: improve smb2.notify.invalid-reauth
Stefan Metzmacher [Tue, 9 Mar 2021 12:53:36 +0000 (13:53 +0100)]
s4:torture/smb2: improve smb2.notify.invalid-reauth

This demonstrates that the session is gone after a failed reauth.
This is different compared to a failing session bind.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
3 months agolibcli/smb: make use of smb3_capabilities.encryption
Stefan Metzmacher [Tue, 9 Mar 2021 22:38:51 +0000 (23:38 +0100)]
libcli/smb: make use of smb3_capabilities.encryption

This avoids a hardcoded list of possible ciphers.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
3 months agos4:param: let lpcfg_smbcli_options() fill smb3_capabilities.ciphers
Stefan Metzmacher [Thu, 11 Mar 2021 13:39:32 +0000 (14:39 +0100)]
s4:param: let lpcfg_smbcli_options() fill smb3_capabilities.ciphers

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
3 months agos3:libsmb: fill in smb3_capabilities.ciphers
Stefan Metzmacher [Thu, 11 Mar 2021 13:38:33 +0000 (14:38 +0100)]
s3:libsmb: fill in smb3_capabilities.ciphers

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
3 months agolibcli/smb: introduce struct smb3_encryption_capabilities
Stefan Metzmacher [Tue, 9 Mar 2021 22:38:51 +0000 (23:38 +0100)]
libcli/smb: introduce struct smb3_encryption_capabilities

This will allow us to control the offered ciphers from the callers
later.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
3 months agolibcli/smb: pass smb3_capabilities to smbXcli_conn_create()
Stefan Metzmacher [Tue, 9 Mar 2021 22:49:19 +0000 (23:49 +0100)]
libcli/smb: pass smb3_capabilities to smbXcli_conn_create()

Passing NULL means use none.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
3 months agos4:libcli/raw: add smb3_capabilities to struct smbcli_options
Stefan Metzmacher [Tue, 9 Mar 2021 22:40:40 +0000 (23:40 +0100)]
s4:libcli/raw: add smb3_capabilities to struct smbcli_options

Currently this will be zeroed in lpcfg_smbcli_options(),
but will later allow advanced callers to pass values to
smbXcli_conn_create().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
3 months agolibcli/smb: introduce struct struct smb311_capabilities
Stefan Metzmacher [Tue, 9 Mar 2021 22:38:51 +0000 (23:38 +0100)]
libcli/smb: introduce struct struct smb311_capabilities

This will be filled later with supported ciphers and other
things that can be negotiated in SMB >= 3.1.1.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
3 months agolibcli/smb: don't copy the key to a stack variable in smb2_signing_{encrypt,decrypt...
Stefan Metzmacher [Wed, 10 Mar 2021 15:12:12 +0000 (16:12 +0100)]
libcli/smb: don't copy the key to a stack variable in smb2_signing_{encrypt,decrypt}_pdu()

The key size should always match now.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
3 months agolibcli/smb: no longer pass protocol to smb2_signing_{encrypt,decrypt}_pdu()
Stefan Metzmacher [Wed, 10 Mar 2021 13:03:50 +0000 (14:03 +0100)]
libcli/smb: no longer pass protocol to smb2_signing_{encrypt,decrypt}_pdu()

The cipher algorithm is already passed via
smb2_signing_key->chipher_algo_id.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
3 months agolibcli/smb: no longer pass protocol to smb2_signing_{sign,check}_pdu()
Stefan Metzmacher [Wed, 11 Nov 2020 12:18:24 +0000 (13:18 +0100)]
libcli/smb: no longer pass protocol to smb2_signing_{sign,check}_pdu()

The signing algorithm is already passed via
smb2_signing_key->sign_algo_id.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>