Amitay Isaacs [Tue, 20 Oct 2020 06:27:14 +0000 (17:27 +1100)]
libndr: Avoid assigning duplicate versions to symbols
Symbols _ndr_push_error and _ndr_pull_error keep getting redefined as
they are included without wildcard in abi_match. Apparently on linux ld
does not complain about duplicate symbols, but on freebsd ld fails to
link with following error:
[ 918/3912] Linking bin/default/librpc/libndr.so
ld: error: duplicate symbol '_ndr_pull_error' in version script
ld: error: duplicate symbol '_ndr_push_error' in version script
clang: error: linker command failed with exit code 1 (use -v to see invocation)
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Douglas Bagnall [Sat, 17 Oct 2020 22:59:40 +0000 (11:59 +1300)]
fuzz_dcerpc_parse_binding: don't leak
Also, by not tallocing at all in the too-long case, we can short
circuit quicker.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Oct 20 02:26:40 UTC 2020 on sn-devel-184
Andreas Schneider [Wed, 2 Sep 2020 07:25:43 +0000 (09:25 +0200)]
s3:tests: Improve test_force_close_share test
This fixes the test with fast disks where 20MB transfers are done in
less than a second.
This also cleans up the code to have less sleeping time!
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Oct 19 21:14:21 UTC 2020 on sn-devel-184
Björn Jacke [Wed, 7 Oct 2020 17:23:33 +0000 (19:23 +0200)]
spoolss.idl: remove obviously bogous PROCESSOR_ARM 0 define
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Sat Oct 17 10:46:12 UTC 2020 on sn-devel-184
Björn Jacke [Wed, 7 Oct 2020 16:00:25 +0000 (18:00 +0200)]
printing/spoolss: add ARM64 support
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Björn Jacke [Wed, 7 Oct 2020 15:54:19 +0000 (17:54 +0200)]
printing: move archi_table declarations into nt_printing.h
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Björn Jacke [Wed, 7 Oct 2020 15:24:45 +0000 (17:24 +0200)]
spoolss.idl: add spoolss architecture defines, that we require
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Björn Jacke [Wed, 7 Oct 2020 14:07:24 +0000 (16:07 +0200)]
spoolss.idl: add some missing processor defines
information from wine's winnt.h
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Björn Jacke [Tue, 6 Oct 2020 22:12:11 +0000 (00:12 +0200)]
spoolss.idl: add some missing PROCESSOR_ARCHITECTURE defines
information from wine's winnt.h and MSDN
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 16 Oct 2020 14:09:33 +0000 (16:09 +0200)]
test: Get the clusteredmember environment out of its smb1 corner
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Oct 16 18:30:18 UTC 2020 on sn-devel-184
Volker Lendecke [Fri, 16 Oct 2020 14:08:03 +0000 (16:08 +0200)]
test: Lift clusteredmember_smb1 to use smb2
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Fri, 16 Oct 2020 14:06:36 +0000 (16:06 +0200)]
test: Use the smb2-based deny2 test in clusteredmember_smb1
There is no reason to use the SMB1-based ntdeny2 test. It was just
an arbitrary test that depends on clustering to work.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Gary Lockyer [Sun, 27 Sep 2020 21:02:16 +0000 (10:02 +1300)]
CVE-2020-1472(ZeroLogon): torture: ServerSetPassword2 zero password
Ensure that a password of all zeros shorter than the maximum length is
rejected.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Oct 16 06:09:06 UTC 2020 on sn-devel-184
Gary Lockyer [Sun, 27 Sep 2020 21:01:34 +0000 (10:01 +1300)]
CVE-2020-1472(ZeroLogon): torture: ServerSetPassword2 max len password
Ensure that a maximum length password (512) is still accepted
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Sun, 27 Sep 2020 21:00:54 +0000 (10:00 +1300)]
CVE-2020-1472(ZeroLogon): torture: ServerSetPassword2 all zero password
Check that an all zero password is rejected, Note this test user ARC4
encryption so that it passes the self encryption test.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Sun, 27 Sep 2020 21:00:00 +0000 (10:00 +1300)]
CVE-2020-1472(ZeroLogon): torture: ServerSetPassword2 confounder
Test that a confounder that encrypts to itself is rejected
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Sun, 27 Sep 2020 20:54:41 +0000 (09:54 +1300)]
CVE-2020-1472(ZeroLogon): torture: ServerSetPassword2 all zero password
Check that a password buffer containing all zeros is rejected.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Sun, 27 Sep 2020 20:45:28 +0000 (09:45 +1300)]
CVE-2020-1472(ZeroLogon): torture: ServerSetPassword2 all zero enc req
Check that a request that encrypts to all zeros, is rejected if the length
encrypts to itself.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Sun, 27 Sep 2020 20:33:35 +0000 (09:33 +1300)]
CVE-2020-1472(ZeroLogon): torture: Move existing tests
Move the existing ZeroLogon tests into the ZeroLogon testsuite.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Sun, 27 Sep 2020 20:29:25 +0000 (09:29 +1300)]
CVE-2020-1472(ZeroLogon): Add zerologon test suite
Add a ZeroLogon test suite, to allow the ZeroLogon tests to be run against
the s3 and s4 netlogon servers.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Thu, 24 Sep 2020 01:35:47 +0000 (13:35 +1200)]
CVE-2020-1472(ZeroLogon): rpc_server/netlogon: Fix confounder check
Add check for zero length confounder, to allow setting of passwords 512
bytes long. This does not need to be backported, as it is extremely
unlikely that anyone is using 512 byte passwords.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Björn Jacke [Thu, 8 Oct 2020 10:21:31 +0000 (12:21 +0200)]
tevent: also use portable __has_attribute macro to check for "deprecated" attribute
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14526
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Björn Jacke [Thu, 8 Oct 2020 10:10:35 +0000 (12:10 +0200)]
replace: also use portable __has_attribute macro to check for "deprecated" attribute
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14526
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Björn Jacke [Thu, 8 Oct 2020 10:05:41 +0000 (12:05 +0200)]
talloc: also use portable __has_attribute macro to check for "deprecated" attribute
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14526
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 8 Oct 2020 03:22:44 +0000 (16:22 +1300)]
fuzz: add fuzz_cli_credentials_parse_string
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 30 Sep 2020 02:34:37 +0000 (15:34 +1300)]
fuzz: add fuzz_dcerpc_parse_binding
We parse a binding and do a few tricks with it, including turning it
into a tower and back.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Walker [Thu, 24 Sep 2020 20:57:59 +0000 (16:57 -0400)]
vfs_zfsacl: add zfs configuration guidance to manpage
Provide minimal background information on recommended ZFS settings
for a samba share.
Signed-off-by: Andrew Walker <awalker@ixsystems.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Oct 15 20:27:34 UTC 2020 on sn-devel-184
Andrew Walker [Thu, 24 Sep 2020 20:04:12 +0000 (16:04 -0400)]
vfs_zfsacl: only grant DELETE_CHILD if ACL tag is special
When ZFS aclmode is set to "passthrough" chmod(2)/fchmod(2) will result
in special entries being modified in a way such that delete, delete_child,
write_named_attr, write_attribute are stripped from the returned ACL entry,
and the kernel / ZFS treats this as having rights equivalent to the desired
POSIX mode. Historically, samba has added delete_child to the NFSv4 ACL, but
this is only really called for in the case of special entries in this
particular circumstance.
Alter circumstances in which delete_child is granted so that it only
is added to special entries. This preserves the intend post-chmod behavior,
but avoids unnecessarily increasing permissions in cases where it's not
intended. Further modification of this behavior may be required so that
we grant a general read or general write permissions set in case of
POSIX read / POSIX write on special entries.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14471
Signed-off-by: Andrew Walker <awalker@ixsystems.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 20 Aug 2020 14:41:36 +0000 (16:41 +0200)]
vfs_zfsacl: use a helper variable in zfs_get_nt_acl_common()
No change in behaviour.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14471
Pair-Programmed-With: Andrew Walker <awalker@ixsystems.com>
Signed-off-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Andrew Walker <awalker@ixsystems.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 20 Aug 2020 14:42:17 +0000 (16:42 +0200)]
vfs_zfsacl: README.Coding fix
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14471
Pair-Programmed-With: Andrew Walker <awalker@ixsystems.com>
Signed-off-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Andrew Walker <awalker@ixsystems.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andrew Walker [Thu, 24 Sep 2020 15:42:16 +0000 (11:42 -0400)]
vfs_zfsacl: Add new parameter to stop automatic addition of special entries
Prevent ZFS from automatically adding NFSv4 special entries (owner@, group@,
everyone@). ZFS will automatically add these these entries when calculating the
inherited ACL of new files if the ACL of the parent directory lacks an
inheriting special entry. This may result in user confusion and unexpected
change in permissions of files and directories as the inherited ACL is
generated. Blocking this behavior is achieved by setting an inheriting
everyone@ that grants no permissions and not adding the entry to the file's
Security Descriptor.
This change also updates behavior so that the fd-based syscall facl() is
used where possible.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14470
Signed-off-by: Andrew Walker <awalker@ixsystems.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 20 Aug 2020 14:18:35 +0000 (16:18 +0200)]
vfs_zfsacl: use handle based facl() call to query ZFS filesytem ACL
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14470
Pair-Programmed-With: Andrew Walker <awalker@ixsystems.com>
Signed-off-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Andrew Walker <awalker@ixsystems.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Disseldorp [Sun, 6 Sep 2020 22:17:11 +0000 (00:17 +0200)]
s3:ctdbd_conn: simplify get_public_ips() / find_in_public_ips() API
These calls are used to check whether an IP address is static to the
host, or whether it could be migrated by ctdb.
Combine the calls into a simple ctdbd_public_ip_foreach(cb) function,
which avoids the need to expose struct ctdb_public_ip_list_old.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Oct 14 12:29:56 UTC 2020 on sn-devel-184
David Disseldorp [Sun, 6 Sep 2020 20:59:20 +0000 (22:59 +0200)]
s3:smbd: rename has_ctdb_public_ip to has_cluster_movable_ip
This provides a little more detail to what's actually being tracked
with this boolean.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
David Disseldorp [Sun, 6 Sep 2020 21:59:04 +0000 (23:59 +0200)]
smb2_ioctl_network_fs: fix minor leak in error path
The struct fsctl_net_iface_info array needs to be cleaned up.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Jones Syue [Mon, 28 Sep 2020 01:10:03 +0000 (09:10 +0800)]
interface: fix if_index is not parsed correctly
Replace probed_ifaces[i] with ifs.
In SDC 2020 SMB3 Virtual IO Lab,
run Windows Protocol Test Suite to test FileServer multichannel test cases.
Samba server has 2 virtual interfaces for VPN connection:
> name=tun2001, ip/mask=192.168.144.9/22
> name=tun2002, ip/mask=192.168.144.10/22
test suite client can ping these 2 ip addresses and browse shares.
Then client try to use IOCTL FSCTL_QUERY_NETWORK_INTERFACE_INFO to get the
virtual ip addresses of samba server, but samba server responded it
without the virtual ip addresses. My VPN setup is point-to-point and the
virtual interfaces 'tun2001' & 'tun2002' are without flag IFF_BROADCAST.
So edit smb.conf and add
"interfaces = ${virtual_ip}/${mask_length};if_index=${id}", like this:
> interfaces = eth4 eth8 eth11 eth10 qvs0 "192.168.144.9/22;if_index=50" "192.168.144.10/22;if_index=51"
then samba server IOCTL response could return the virtual ip addresses,
but found a issue:
the interface index of virtual ip addresses is always
4294967295
(0xFFFFFFFF, -1).
Quote Metze: https://gitlab.com/samba-team/devel/samba/-/commit/
6cadb55d975a6348a417caed8b3258f5be2acba4#note_419181789
This looks good, I think that also explains
the possible memory corruption/crash I mentioned in the bug report.
As 'i' is most likely the same as 'total_probed' and
probed_ifaces[i] is not valid, so we overwrite unrelated memory.
Later I see 'realloc(): invalid pointer' and this backtrace:
BACKTRACE:
#0 log_stack_trace + 0x29 [ip=0x7f2f1b6fffa9] [sp=0x7ffcd0ab53e0]
#1 smb_panic + 0x11 [ip=0x7f2f1b700301] [sp=0x7ffcd0ab5d10]
#2 sig_fault + 0x54 [ip=0x7f2f1b7004f4] [sp=0x7ffcd0ab5e20]
#3 funlockfile + 0x50 [ip=0x7f2f17ce6dd0] [sp=0x7ffcd0ab5ec0]
#4 gsignal + 0x10f [ip=0x7f2f1794970f] [sp=0x7ffcd0ab6b90]
#5 abort + 0x127 [ip=0x7f2f17933b25] [sp=0x7ffcd0ab6cb0]
#6 __libc_message + 0x297 [ip=0x7f2f1798c897] [sp=0x7ffcd0ab6de0]
#7 malloc_printerr + 0x1c [ip=0x7f2f17992fdc] [sp=0x7ffcd0ab6ef0]
#8 realloc + 0x23a [ip=0x7f2f17997f6a] [sp=0x7ffcd0ab6f00]
#9 _talloc_realloc + 0xee [ip=0x7f2f1a365d2e] [sp=0x7ffcd0ab6f50]
#10 messaging_filtered_read_send + 0x18c [ip=0x7f2f1a10f54c] [sp=0x7ffcd0ab6fb0]
#11 messaging_read_send + 0x55 [ip=0x7f2f1a10f705] [sp=0x7ffcd0ab7000]
#12 smb2srv_session_table_init + 0x83 [ip=0x7f2f1b3a6cd3] [sp=0x7ffcd0ab7040]
#13 smbXsrv_connection_init_tables + 0x2d [ip=0x7f2f1b373f4d] [sp=0x7ffcd0ab7060]
#14 smbd_smb2_request_process_negprot + 0x827 [ip=0x7f2f1b38cb47] [sp=0x7ffcd0ab7080]
#15 smbd_smb2_request_dispatch + 0x19db [ip=0x7f2f1b38921b] [sp=0x7ffcd0ab71d0]
#16 smbd_smb2_process_negprot + 0x298 [ip=0x7f2f1b38bb38] [sp=0x7ffcd0ab7260]
#17 process_smb + 0x2ca [ip=0x7f2f1b37537a] [sp=0x7ffcd0ab72b0]
#18 smbd_server_connection_read_handler + 0xd0 [ip=0x7f2f1b376420] [sp=0x7ffcd0ab7350]
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14514
Signed-off-by: Jones Syue <jonessyue@qnap.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Anoop C S [Mon, 12 Oct 2020 11:25:40 +0000 (16:55 +0530)]
vfs_shadow_copy2: Avoid closing snapsdir twice
As per man page for closedir(3):
. . .
The closedir() function closes the directory stream associated with
dirp. A successful call to closedir() also closes the underlying file
descriptor associated with dirp.
. . .
Therefore we don't have to attempt an additional close of file
descriptor after closedir().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14530
Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Oct 14 10:08:24 UTC 2020 on sn-devel-184
Andreas Schneider [Tue, 11 Aug 2020 08:41:07 +0000 (10:41 +0200)]
s3:lib: Move interface prototypes to own header file
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Oct 9 20:36:13 UTC 2020 on sn-devel-184
Andreas Schneider [Mon, 10 Aug 2020 13:47:35 +0000 (15:47 +0200)]
s3:include: Move loadparm prototypes to own header file
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Thu, 27 Aug 2020 14:46:29 +0000 (16:46 +0200)]
s3:libsmb: Remove max_protocol from clidfs do_connect()
The if check for max_protocol == 0 is part of lp_client_max_protocol().
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Thu, 27 Aug 2020 14:45:12 +0000 (16:45 +0200)]
s3:libcmb: Remove max_protocol from cli_cm_connect()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Thu, 27 Aug 2020 14:43:46 +0000 (16:43 +0200)]
s3:libsmb: Remove max_protocol from cli_cm_open()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Thu, 27 Aug 2020 14:40:49 +0000 (16:40 +0200)]
s3:client: Remove global max_protocol
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Tue, 18 Aug 2020 15:42:25 +0000 (17:42 +0200)]
s3:libsmb: Pass cli_credentials to cli_resolve_path(), using helper variables.
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Tue, 18 Aug 2020 15:26:54 +0000 (17:26 +0200)]
s3:libsmb: Pass cli_credentials to cli_cm_open()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Tue, 18 Aug 2020 15:18:16 +0000 (17:18 +0200)]
s3:libsmb: Pass cli_credentials to cli_cm_connect()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Tue, 18 Aug 2020 15:15:09 +0000 (17:15 +0200)]
s3:libsmb: Pass cli_credentials to clidfs do_connect()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Thu, 27 Aug 2020 13:52:11 +0000 (15:52 +0200)]
s3:libsmb: Remove force_encrypt from cli_check_msdfs_proxy()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Thu, 27 Aug 2020 13:28:28 +0000 (15:28 +0200)]
s3:libsmb: Remove force_encrypt from clidfs do_connect()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Thu, 27 Aug 2020 13:26:39 +0000 (15:26 +0200)]
s3:libsmb: Remove force_encrypt from cli_cm_connect()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Thu, 27 Aug 2020 13:24:27 +0000 (15:24 +0200)]
s3:libsmb: Remove force_encrypt from cli_cm_open()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Thu, 27 Aug 2020 13:19:27 +0000 (15:19 +0200)]
s3:client: Remove global smb_encrypt
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Tue, 8 Sep 2020 08:15:20 +0000 (10:15 +0200)]
s3:tests: Add smbclient tests for 'client smb encrypt'
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Tue, 8 Sep 2020 10:30:08 +0000 (12:30 +0200)]
selftest: Move enc_desired to provision to have it in 'fileserver' too
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Tue, 8 Sep 2020 08:15:22 +0000 (10:15 +0200)]
selftest: Rename 'smb encrypt' to 'server smb encrypt'
This makes it more clear what we want. 'smb encrypt' is a synonym for
'server smb encrypt'.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Björn Jacke [Thu, 1 Oct 2020 19:22:28 +0000 (21:22 +0200)]
nt_printing_ads: support more attributes for AD published printers
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9578
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Oct 8 17:52:46 UTC 2020 on sn-devel-184
Jeremy Allison [Mon, 5 Oct 2020 19:16:32 +0000 (12:16 -0700)]
s3: smbd: Fix SMB1 reply_mv() to handle wildcards.
Pass in the original source last component to rename_internals()
from reply_mv().
Change the wildcard detection in rename_internals() to
look at the correct thing for the source path.
This is now correctly set only from the unmangled last component
of the source path sent to reply_mv().
We now pass:
Samba3.smbtorture_s3.crypt_client.SMB1-WILD-MANGLE-RENAME(nt4_dc_smb1)
samba3.smbtorture_s3.plain.SMB1-WILD-MANGLE-RENAME(fileserver_smb1)
so remove the knownfail.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Oct 8 16:29:27 UTC 2020 on sn-devel-184
Jeremy Allison [Mon, 5 Oct 2020 19:07:18 +0000 (12:07 -0700)]
s3: smbd: Add a 'const char *src_orginal_lcomp' (last component) parameter to rename_internals().
Not yet used. Passing as NULL means explicitly no wildcards
in the source name. There's only one place where we have to handle
wildcards here and that is from SMB1 reply_mv().
Could have used a bool here as in unlink_internals() but
using a string here makes the parameters more symmetrical
around src and destination values.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Mon, 5 Oct 2020 18:40:41 +0000 (11:40 -0700)]
s3: smbd: Fix SMB1 reply_unlink() to handle wildcards.
Add a 'bool have_wcard' to unlink_internals().
Move the wildcard detection out of unlink_internals() as it
was looking at the wrong thing.
This is now correctly set only from the unmangled last component
of the path sent to reply_unlink().
We now pass:
Samba3.smbtorture_s3.crypt_client.SMB1-WILD-MANGLE-UNLINK(nt4_dc_smb1)
samba3.smbtorture_s3.plain.SMB1-WILD-MANGLE-UNLINK(fileserver_smb1)
so remove the knownfail.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Mon, 5 Oct 2020 18:31:16 +0000 (11:31 -0700)]
s3: smbd: Pure reformatting of unlink_internals() to make it obvious when I add a parameter.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Mon, 5 Oct 2020 18:27:30 +0000 (11:27 -0700)]
s3: smbd: SMB1 reply_copy. Check untouched last component for wildcards in src and dst.
Not doing a test for this as wildcard SMB1copy() is evil and
should be removed. It's the same fix I'm doing for unlink
and rename, so this shouldn't be an issue.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Mon, 5 Oct 2020 17:52:46 +0000 (10:52 -0700)]
s3: selftest: Add new SMB1-only wildcard rename regression test.
samba3.smbtorture_s3.crypt_client.SMB1-WILD-MANGLE-RENAME(nt4_dc_smb1)
samba3.smbtorture_s3.plain.SMB1-WILD-MANGLE-RENAME(fileserver_smb1)
knownfail for now.
The recent wildcard changes broke something that used to work.
Consider a directory with 2 files:
dir/
foo
fo*
The 'fo*' file has a mangled name of FSHCRD~2.
SMB1rename("dir/FSHCRD~2", "dir/ba*") will rename *both* files
as the new 'rename has wildcard' check is done after
the name unmangle.
SMB2 doesn't allow wildcard renames so doesn't have this problem.
Fix to follow.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Mon, 5 Oct 2020 17:29:16 +0000 (10:29 -0700)]
s3: selftest: Add new SMB1-only wildcard unlink regression test.
samba3.smbtorture_s3.crypt_client.SMB1-WILD-MANGLE-UNLINK(nt4_dc_smb1)
samba3.smbtorture_s3.plain.SMB1-WILD-MANGLE-UNLINK(fileserver_smb1)
knownfail for now.
The recent wildcard changes broke something that used to work.
Consider a directory with 2 files:
dir/
a
*
The '*' file has a mangled name of _2X68P~X.
SMB1unlink("_2X68P~X") will delete *both* files
as the new 'unlink has wildcard' check is done after
the name unmangle.
SMB2 doesn't suffer from this problem, as it doesn't
allow wildcard unlinks.
Fix to follow.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Fri, 25 Sep 2020 20:42:46 +0000 (13:42 -0700)]
nsswitch: Add an async DNS kerberos locator plugin.
Used in production on a large customer site.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Björn Jacke [Tue, 6 Oct 2020 21:05:24 +0000 (23:05 +0200)]
docs: fix default value of spoolss:architecture
"Windows x64" is the default here since a couple of years already.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14522
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Oct 6 23:06:50 UTC 2020 on sn-devel-184
Martin Schwenke [Wed, 30 Sep 2020 00:48:38 +0000 (10:48 +1000)]
ctdb-tests: Strengthen node state checking in ctdb disable/enable test
Check that the desired state is set on all nodes instead of just the
test node. This ensures that node flags have correctly propagated
across the cluster.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14513
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Tue Oct 6 04:32:06 UTC 2020 on sn-devel-184
Martin Schwenke [Tue, 16 Jan 2018 04:15:51 +0000 (15:15 +1100)]
ctdb-recoverd: Drop unnecessary and broken code
update_flags() has already updated the recovery master's canonical
node map, based on the flags from each remote node, and pushed out
these flags to all nodes.
If i == j then the node map has already been updated from this remote
node's flags, so simply drop this case.
Although update_flags() has updated flags for all nodes, it did not
update each node map in remote_nodemaps[] to reflect this. This means
that remote_nodemaps[] may contain inconsistent flags for some nodes
so it should not be used to check consistency when i != j.
Further, a meaningful difference in flags can only really occur if
update_flags() failed. In that case this code is never reached.
These observations combine to imply that this whole loop should be
dropped.
This leaves potential sub-second inconsistencies due to out-of-band
healthy/unhealthy flag changes pushed via CTDB_SRVID_PUSH_NODE_FLAGS.
These updates could be dropped (takeover run asks each node for
available IPs rather than making centralised decisions based on node
flags) but for now they will be fixed in the next iteration of
main_loop().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14513
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Fri, 19 Jan 2018 03:55:21 +0000 (14:55 +1100)]
ctdb-recoverd: Drop unnecessary code
This has already been done in update_flags().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14513
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Christof Schmitt [Fri, 2 Oct 2020 20:07:37 +0000 (13:07 -0700)]
third_party: Update gpfs.h to 5.0.5.3 version
4.2.3 went out of support, so update the header file to the oldest
currently supported GPFS version. Going forward, this will allow usage
of newer API calls.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Christof Schmitt <cs@samba.org>
Autobuild-Date(master): Mon Oct 5 20:06:04 UTC 2020 on sn-devel-184
David Disseldorp [Mon, 5 Oct 2020 10:28:27 +0000 (12:28 +0200)]
Revert "vfs_ceph: drop fdopendir handler"
This reverts commit
76d7d05b1da6c0703b1c2bade0c4467c7cc1adec.
OpenDir_fsp() no longer falls back to regular open, so this hook is
required.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14519
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Mon Oct 5 12:38:34 UTC 2020 on sn-devel-184
Volker Lendecke [Tue, 29 Sep 2020 08:55:07 +0000 (10:55 +0200)]
libcli: Use GUID_to_ndr_buf() in smb2cli_validate_negotiate_info_send()
Avoid a talloc/free
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Oct 2 22:50:43 UTC 2020 on sn-devel-184
Volker Lendecke [Tue, 29 Sep 2020 08:53:42 +0000 (10:53 +0200)]
libcli: Use GUID_to_ndr_buf() in smbXcli_negprot_smb2_subreq()
Avoid a talloc/free
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 29 Sep 2020 08:45:52 +0000 (10:45 +0200)]
libcli: Use GUID_to_ndr_buf() in smb2_create_send()
Avoid talloc/free
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 29 Sep 2020 08:43:29 +0000 (10:43 +0200)]
libcli: Use GUID_to_ndr_buf() in smbcli_push_guid()
Avoid two talloc/free
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 29 Sep 2020 08:20:41 +0000 (10:20 +0200)]
smbd: Use GUID_to_ndr_buf() in fsctl_validate_neg_info()
Avoid a talloc/free
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 29 Sep 2020 08:17:29 +0000 (10:17 +0200)]
smbd: Use GUID_to_ndr_buf() in smbXsrv_client_global_id_to_key()
Avoid a talloc/free
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 29 Sep 2020 08:13:20 +0000 (10:13 +0200)]
libcli: Use GUID_to_ndr_buf() in ldap_encode_ndr_GUID()
Avoid a talloc/free
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 29 Sep 2020 08:09:48 +0000 (10:09 +0200)]
librpc: Use GUID_to_ndr_buf() in GUID_to_ndr_blob()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 29 Sep 2020 07:59:29 +0000 (09:59 +0200)]
librpc: Add GUID_to_ndr_buf()
Avoids talloc
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 29 Sep 2020 10:06:34 +0000 (12:06 +0200)]
mdssvc: Slightly simplify dalloc_size()
talloc_get_size() and thus talloc_array_length() deals fine with a
NULL pointer
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 29 Sep 2020 07:55:22 +0000 (09:55 +0200)]
libcli: Align some integer types
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 29 Sep 2020 07:51:48 +0000 (09:51 +0200)]
lib: Avoid a use of includes.h
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 29 Sep 2020 15:35:19 +0000 (17:35 +0200)]
vfs_fruit: Fix typos
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 29 Sep 2020 11:04:28 +0000 (13:04 +0200)]
smbd: Use ISDOT/ISDOTDOT instead of strcmp
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 29 Sep 2020 10:56:26 +0000 (12:56 +0200)]
vfs: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 15 Sep 2020 08:30:37 +0000 (10:30 +0200)]
torture3: Fix a cut&paste error in a printf message
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 26 Aug 2020 06:55:30 +0000 (08:55 +0200)]
vfs: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 24 Aug 2020 20:31:01 +0000 (22:31 +0200)]
libcli: Don't leave a pointer uninitialized
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 24 Aug 2020 20:29:19 +0000 (22:29 +0200)]
libcli: Remove a pointless if-expression
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 18 Aug 2020 07:16:22 +0000 (09:16 +0200)]
libads: Improve a debug message
"kdc_ip_string" is a multi-line string starting with a tab. It looks
better in the debug message when starting in a new line.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 18 Aug 2020 07:16:22 +0000 (09:16 +0200)]
libads: Improve a debug message
"kdc_str" is a multi-line string starting with a tab. It looks
better in the debug message when starting in a new line.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Fri, 2 Oct 2020 15:29:58 +0000 (17:29 +0200)]
vfs: remove dirfsp arg from SMB_VFS_CREATE_FILE()
This was supposed to be a shortcut to avoid passing dirfsp around as an explicit
function argument throughout the whole codebase when the new VFS design idea was
based on using *AT functions throughout the VFS.
Now that we've opted for basing the VFS on handles and *AT functions will only
be used in a much more limitted extent, it makes sense to remove this internal
dirfsp reference, otherwise the combination of internal fsp->dirfsp and
smb_fname->fsp is going to be a tough to wrap your head around.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Oct 2 21:00:05 UTC 2020 on sn-devel-184
Ralph Boehme [Fri, 2 Oct 2020 14:51:16 +0000 (16:51 +0200)]
smbd: remove fsp->dirfsp
This was supposed to be a shortcut to avoid passing dirfsp around as an explicit
function argument throughout the whole codebase when the new VFS design idea was
based on using *AT functions throughout the VFS.
Now that we've opted for basing the VFS on handles and *AT functions will only
be used in a much more limitted extent, it makes sense to remove this internal
dirfsp reference, otherwise the combination of internal fsp->dirfsp and
smb_fname->fsp is going to be a tough to wrap your head around.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Fri, 2 Oct 2020 15:25:33 +0000 (17:25 +0200)]
smbd: avoid using dirfsp arg in create_file_default()
This is not used anymore in the callees.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Mon, 22 Jun 2020 13:04:18 +0000 (15:04 +0200)]
vfs_fruit: avoid using fsp->dirsp
fsp->dirfsp will eventually go away again.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Fri, 2 Oct 2020 14:41:27 +0000 (16:41 +0200)]
smbd: remove dirfsp arg from create_file_unixpath()
Prepares for removing the dirfsp arg from SMB_VFS_CREATE_FILE() again. In the
future dirfsp has to opened as needed within create_file_unixpath() and below.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Fri, 2 Oct 2020 14:30:03 +0000 (16:30 +0200)]
smbd: remove dirsp arg from open_directory()
Prepares for removing the dirfsp arg from SMB_VFS_CREATE_FILE() again. In the
future open_directory() will open the dirfsp itself.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Tue, 23 Jun 2020 12:10:21 +0000 (14:10 +0200)]
smbd: remove dirfsp arg from mkdir_internal()
Prepares for removing the dirfsp arg from SMB_VFS_CREATE_FILE() again. In the
future mkdir_internal() will open the dirfsp itself as needed.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Tue, 29 Sep 2020 09:15:10 +0000 (11:15 +0200)]
vfs_fruit: use VFS ftruncate function in fruit_ftruncate_rsrc_adouble()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Wed, 30 Sep 2020 14:26:29 +0000 (16:26 +0200)]
smbd: switch caller of fd_openat() to fd_open()
fd_openat() was added to be used with real dirfsp, but after adding pathref fd
support we will never use this.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>