bbaumbach/samba-autobuild/.git
4 weeks agosamba-tool: fetch "no such subcommand" error and print error message master
Björn Baumbach [Tue, 28 Apr 2020 15:09:56 +0000 (17:09 +0200)]
samba-tool: fetch "no such subcommand" error and print error message

This patch especially improves the case where extra arguments are used.

Without this patch just the attributes are mentioned as invalid, if
samba-tool is called with an invalid/unknown subcommand.

Example without this patch:
  # samba-tool sites list --all
  Usage: samba-tool sites <subcommand>

  samba-tool sites: error: no such option: --all

This can be deceptive for users. Is looks like the "list" command
does not provide a "--all" option.

Example with this patch:
  # samba-tool sites list --all
  samba-tool sites: no such subcommand: list

  Usage: samba-tool sites <subcommand>
  (...)

Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
4 weeks agos3: pass DCE RPC handle type to create_policy_hnd
Alexander Bokovoy [Tue, 28 Apr 2020 18:59:46 +0000 (21:59 +0300)]
s3: pass DCE RPC handle type to create_policy_hnd

Various RPC services expect policy handles of a specific type.

s3 RPC server did not allow to create policy handles with a specific
type while actually requiring that policy handle type itself in some
places.

Make sure we are able to specify the policy on-wire handle type when
creating the policy handle. The changes follow s4 DCE RPC server
implementation.

The original logic to always set on-wire handle type to 0 can be tracked
down to commit fdeea341ed1bae670382e45eb731db1b5838ad21 when we didn't
really know about differences in on-wire handle types.

All but LSA trusted domain RPC calls do not check the on-wire handle
type in s3 RPC server.

Fixes trusted domain operations when Samba RPC client attempts to call
s3 RPC server to perform lsa_lsaRSetForestTrustInformation in FreeIPA.
This fix is a pre-requisite for FreeIPA-FreeIPA forest trust.

Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Apr 28 22:55:29 UTC 2020 on sn-devel-184

4 weeks agos4:torture: Convert samba3.raw.mkdir test to smb2
David Mulder [Thu, 23 Jan 2020 14:26:53 +0000 (07:26 -0700)]
s4:torture: Convert samba3.raw.mkdir test to smb2

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 888abcaf8ffbec45fc47520bd3f544e3aa6f58f2)

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Apr 28 19:46:32 UTC 2020 on sn-devel-184

4 weeks agos4:torture: Convert samba4.base.tcon test to smb2
David Mulder [Mon, 6 Jan 2020 16:43:19 +0000 (09:43 -0700)]
s4:torture: Convert samba4.base.tcon test to smb2

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit eb167bc43dbe196ef5b3bfd24160c72c74113dea)

4 weeks agoConvert samba4.base.mangle test to smb2
David Mulder [Mon, 23 Dec 2019 20:58:47 +0000 (13:58 -0700)]
Convert samba4.base.mangle test to smb2

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 9437b44668c9f7742d6d4fe0891ac4d9fda7c804)

4 weeks agoImplement alt name query for smb2
David Mulder [Mon, 13 Jan 2020 16:19:51 +0000 (09:19 -0700)]
Implement alt name query for smb2

Implements smb2_qpathinfo_alt_name() and
RAW_FILEINFO_SMB2_ALT_NAME_INFORMATION.

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 097df343ce21c8340aee7f42f233fe74b92b47e2)

4 weeks agoConvert samba4.base.maximum_allowed to smb2
David Mulder [Fri, 20 Dec 2019 21:06:13 +0000 (14:06 -0700)]
Convert samba4.base.maximum_allowed to smb2

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit d9edfeea668362269d812f82b1957ed16ff56dd4)

4 weeks agoAdd SMB2 lsa helper routines
David Mulder [Fri, 20 Dec 2019 21:10:49 +0000 (14:10 -0700)]
Add SMB2 lsa helper routines

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 3763052c2a95ac9bd60f00458389a5245cf5d58d)

4 weeks agosmbd: add missing done check from unix_convert_step_stat() refactoring
Ralph Boehme [Tue, 28 Apr 2020 06:04:41 +0000 (08:04 +0200)]
smbd: add missing done check from unix_convert_step_stat() refactoring

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 weeks agolib: Remove unused elements from ctdbd_connection
Volker Lendecke [Tue, 24 Mar 2020 13:35:51 +0000 (14:35 +0100)]
lib: Remove unused elements from ctdbd_connection

Nobody set them, only the destructor referenced them

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Apr 28 10:46:22 UTC 2020 on sn-devel-184

4 weeks agolib: Nobody sets ctdbd_connection->fde anymore, remove it
Volker Lendecke [Tue, 24 Mar 2020 13:33:28 +0000 (14:33 +0100)]
lib: Nobody sets ctdbd_connection->fde anymore, remove it

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
4 weeks agolib: Remove unused ctdbd_setup_fde() and callees
Volker Lendecke [Tue, 24 Mar 2020 13:32:06 +0000 (14:32 +0100)]
lib: Remove unused ctdbd_setup_fde() and callees

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
4 weeks agolib: Use ctdbd_req_send/recv in ctdb_parse_send/recv
Volker Lendecke [Wed, 11 Mar 2020 10:03:06 +0000 (11:03 +0100)]
lib: Use ctdbd_req_send/recv in ctdb_parse_send/recv

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
4 weeks agotorture3: Test ctdb_req_send/recv
Volker Lendecke [Thu, 12 Mar 2020 15:20:50 +0000 (16:20 +0100)]
torture3: Test ctdb_req_send/recv

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
4 weeks agolib: Add ctdbd_req_send/recv
Volker Lendecke [Fri, 20 Mar 2020 12:58:21 +0000 (13:58 +0100)]
lib: Add ctdbd_req_send/recv

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
4 weeks agolib: Add ctdbd_prep_hdr_next_reqid()
Volker Lendecke [Fri, 20 Mar 2020 12:46:13 +0000 (13:46 +0100)]
lib: Add ctdbd_prep_hdr_next_reqid()

Preparation for generic ctdb_req_send/recv: No need to expose
ctdbd_next_reqid(), do basic preparations of a ctdb_req_header

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
4 weeks agolib: Add ctdbd_init_async_connection()
Volker Lendecke [Thu, 12 Mar 2020 15:05:58 +0000 (16:05 +0100)]
lib: Add ctdbd_init_async_connection()

Prepare for ctdb_req_send/recv doing tevent_req based async ctdb
requests

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
4 weeks agoselftest: Run local-dbwrap-ctdb1 test
Volker Lendecke [Mon, 23 Mar 2020 12:03:35 +0000 (13:03 +0100)]
selftest: Run local-dbwrap-ctdb1 test

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
4 weeks agotorture3: Rename LOCAL-DBWRAP-CTDB->LOCAL-DBWRAP-CTDB1
Volker Lendecke [Mon, 23 Mar 2020 12:02:55 +0000 (13:02 +0100)]
torture3: Rename LOCAL-DBWRAP-CTDB->LOCAL-DBWRAP-CTDB1

There will be more

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
4 weeks agotorture3: Fix the local-dbwrap-ctdb test
Volker Lendecke [Mon, 23 Mar 2020 12:01:29 +0000 (13:01 +0100)]
torture3: Fix the local-dbwrap-ctdb test

We need to O_CREAT the database when connecting

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
4 weeks agotorture3: test readdir timestamp
Volker Lendecke [Wed, 25 Mar 2020 11:20:39 +0000 (12:20 +0100)]
torture3: test readdir timestamp

Create -o files per -N client connections, set a specific timestamp, then write
a bit. This leads to the locking.tdb dmasters to be spread across all nodes.
Then list from one node. This makes sure that the async share mode fetch works
right.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
4 weeks agolibsmb: Add cli_setfileinfo_ext()
Volker Lendecke [Mon, 30 Mar 2020 15:54:28 +0000 (17:54 +0200)]
libsmb: Add cli_setfileinfo_ext()

Analogue to cli_setpathinfo_ext()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
4 weeks agolibsmb: Factor out prep_basic_information_buf()
Volker Lendecke [Mon, 30 Mar 2020 14:47:52 +0000 (16:47 +0200)]
libsmb: Factor out prep_basic_information_buf()

Will be used in cli_setfileinfo_ext next

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
4 weeks agoctdb: Implement CTDB_CONTROL_ECHO_DATA
Volker Lendecke [Wed, 18 Mar 2020 10:31:14 +0000 (11:31 +0100)]
ctdb: Implement CTDB_CONTROL_ECHO_DATA

Testing control: 4 bytes msec delay plus a blob, return the request after the
delay. This is an enhanced "ping" which can be used to test asynchronous
clients.

Doesn't have the full protocol implementation yet

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
4 weeks agoctdb-protocol: Add marshalling for control ECHO_DATA
Volker Lendecke [Tue, 7 Apr 2020 15:26:26 +0000 (17:26 +0200)]
ctdb-protocol: Add marshalling for control ECHO_DATA

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
4 weeks agoctdb-protocol: Add marshalling for struct ctdb_echo_data
Volker Lendecke [Tue, 7 Apr 2020 14:44:58 +0000 (16:44 +0200)]
ctdb-protocol: Add marshalling for struct ctdb_echo_data

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
4 weeks agoctdb-protocol: Add new control CTDB_CONTROL_ECHO_DATA
Volker Lendecke [Tue, 7 Apr 2020 13:17:42 +0000 (15:17 +0200)]
ctdb-protocol: Add new control CTDB_CONTROL_ECHO_DATA

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
4 weeks agoctdb: Fix duplicate ;;
Volker Lendecke [Tue, 7 Apr 2020 19:48:24 +0000 (21:48 +0200)]
ctdb: Fix duplicate ;;

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
4 weeks agotraffic_packets: fix SyntaxWarning: "is" with a literal
David Disseldorp [Tue, 21 Apr 2020 12:43:14 +0000 (14:43 +0200)]
traffic_packets: fix SyntaxWarning: "is" with a literal

Python 3.8 adds this warning via https://bugs.python.org/issue34850:
  the "is" and "is not" operator sometimes is used with string and
  numerical literals. This code "works" on CPython by accident, because
  of caching on different levels (small integers and strings caches,
  interned strings, deduplicating constants at compile time). But it
  shouldn't work on other implementations, and can not work even on
  early or future CPython versions.

Reported-by: L. van Belle <belle@samba.org>
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Mon Apr 27 12:19:59 UTC 2020 on sn-devel-184

5 weeks agosmbd: unix_convert_step(). Fix use of state->end as a boolean, always compare with...
Jeremy Allison [Fri, 24 Apr 2020 20:55:49 +0000 (13:55 -0700)]
smbd: unix_convert_step(). Fix use of state->end as a boolean, always compare with NULL.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Apr 24 23:21:16 UTC 2020 on sn-devel-184

5 weeks agosmbd: add some logging to unix_convert()
Ralph Boehme [Thu, 23 Apr 2020 14:09:28 +0000 (16:09 +0200)]
smbd: add some logging to unix_convert()

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
5 weeks agosmbd: factor out unix_convert_step_search_fail()
Ralph Boehme [Thu, 23 Apr 2020 10:35:12 +0000 (12:35 +0200)]
smbd: factor out unix_convert_step_search_fail()

Again, just moving code from unix_convert_step_stat() without any logic changes.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
5 weeks agosmbd: use an early exit if stat succeeds in unix_convert_step_stat()
Ralph Boehme [Thu, 23 Apr 2020 09:46:19 +0000 (11:46 +0200)]
smbd: use an early exit if stat succeeds in unix_convert_step_stat()

Allows decreasing the indentation level of the bulk of the code that handles
stat failure. Best viewed with `git show -w`.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
5 weeks agosmbd: factor out unix_convert_step_stat() from unix_convert_step()
Ralph Boehme [Thu, 23 Apr 2020 09:40:25 +0000 (11:40 +0200)]
smbd: factor out unix_convert_step_stat() from unix_convert_step()

The diff looks more complicated that it is: everything in the new
unix_convert_step_stat() is moved *as is* from unix_convert_step() without
further changes.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
5 weeks agosmbd: remove goto from unix_convert_step()
Ralph Boehme [Thu, 23 Apr 2020 10:18:29 +0000 (12:18 +0200)]
smbd: remove goto from unix_convert_step()

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
5 weeks agosmbd: factor out path loop in unix_convert()
Ralph Boehme [Thu, 23 Apr 2020 09:16:36 +0000 (11:16 +0200)]
smbd: factor out path loop in unix_convert()

Just a copy&paste of everything in the for loop without any changes other then
removing one indentation level. Even keeping the gotos, removing them comes in
the next commit.

No change in behaviuour.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
5 weeks agosmbd: use a different error out in one place in unix_convert()
Ralph Boehme [Thu, 23 Apr 2020 10:00:38 +0000 (12:00 +0200)]
smbd: use a different error out in one place in unix_convert()

The error label is only used for OOM conditions no smb_fname of dirpath.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
5 weeks agosmbd: in unix_convert() replace all local variable with a state struct
Ralph Boehme [Thu, 23 Apr 2020 08:06:56 +0000 (10:06 +0200)]
smbd: in unix_convert() replace all local variable with a state struct

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
5 weeks agosmbd: rename ctx variable to mem_ctx in unix_convert()
Ralph Boehme [Thu, 23 Apr 2020 07:39:22 +0000 (09:39 +0200)]
smbd: rename ctx variable to mem_ctx in unix_convert()

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
5 weeks agosmbd: change variable name start to name in unix_convert()
Ralph Boehme [Thu, 23 Apr 2020 07:32:53 +0000 (09:32 +0200)]
smbd: change variable name start to name in unix_convert()

start always points at the current single component name in the path traversal
loop.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
5 weeks agolib: Fix a valgrind error
Volker Lendecke [Tue, 7 Apr 2020 11:46:32 +0000 (13:46 +0200)]
lib: Fix a valgrind error

I just came across this failure with a new test:

==16654== Invalid read of size 4
==16654==    at 0x4950947: tevent_req_is_in_progress (tevent_req.c:270)
==16654==    by 0x5AEEE8F: writev_trigger (async_sock.c:375)
==16654==    by 0x494F9E7: tevent_queue_immediate_trigger (tevent_queue.c:149)
==16654==    by 0x494F53C: tevent_common_invoke_immediate_handler (tevent_immediate.c:166)
==16654==    by 0x494F642: tevent_common_loop_immediate (tevent_immediate.c:203)
==16654==    by 0x4959E5E: epoll_event_loop_once (tevent_epoll.c:918)
==16654==    by 0x495665A: std_event_loop_once (tevent_standard.c:110)
==16654==    by 0x494DFCE: _tevent_loop_once (tevent.c:772)
==16654==    by 0x4950A6A: tevent_req_poll (tevent_req.c:300)
==16654==    by 0x4D166C9: tevent_req_poll_ntstatus (tevent_ntstatus.c:109)
==16654==    by 0x18C98B: run_readdir_timestamp (test_readdir_timestamp.c:489)
==16654==    by 0x161BC5: run_test (torture.c:14896)
==16654==    by 0x162726: main (torture.c:15136)
==16654==  Address 0x91bb878 is 216 bytes inside a block of size 853 free'd
==16654==    at 0x48369AB: free (vg_replace_malloc.c:530)
==16654==    by 0x49B405E: _tc_free_internal (talloc.c:1221)
==16654==    by 0x49B4116: _talloc_free_internal (talloc.c:1247)
==16654==    by 0x49B547C: _talloc_free (talloc.c:1789)
==16654==    by 0x50ECE3B: smb2cli_req_writev_done (smbXcli_base.c:3468)
==16654==    by 0x4950648: _tevent_req_notify_callback (tevent_req.c:141)
==16654==    by 0x49507A9: tevent_req_finish (tevent_req.c:193)
==16654==    by 0x49507D6: _tevent_req_done (tevent_req.c:199)
==16654==    by 0x5AEEE28: writev_do (async_sock.c:363)
==16654==    by 0x5AEEE83: writev_trigger (async_sock.c:374)
==16654==    by 0x494F9E7: tevent_queue_immediate_trigger (tevent_queue.c:149)
==16654==    by 0x494F53C: tevent_common_invoke_immediate_handler (tevent_immediate.c:166)
==16654==    by 0x494F642: tevent_common_loop_immediate (tevent_immediate.c:203)
==16654==    by 0x4959E5E: epoll_event_loop_once (tevent_epoll.c:918)
==16654==    by 0x495665A: std_event_loop_once (tevent_standard.c:110)
==16654==    by 0x494DFCE: _tevent_loop_once (tevent.c:772)
==16654==    by 0x4950A6A: tevent_req_poll (tevent_req.c:300)
==16654==    by 0x4D166C9: tevent_req_poll_ntstatus (tevent_ntstatus.c:109)
==16654==    by 0x18C98B: run_readdir_timestamp (test_readdir_timestamp.c:489)
==16654==    by 0x161BC5: run_test (torture.c:14896)
==16654==    by 0x162726: main (torture.c:15136)
==16654==  Block was alloc'd at
==16654==    at 0x483577F: malloc (vg_replace_malloc.c:299)
==16654==    by 0x49B300F: __talloc_with_prefix (talloc.c:782)
==16654==    by 0x49B31E6: _talloc_pool (talloc.c:837)
==16654==    by 0x49B3394: _talloc_pooled_object (talloc.c:905)
==16654==    by 0x49501A6: _tevent_req_create (tevent_req.c:79)
==16654==    by 0x5AEE956: writev_send (async_sock.c:266)
==16654==    by 0x50ECBCA: smb2cli_req_compound_submit (smbXcli_base.c:3396)
==16654==    by 0x50ECD49: smb2cli_req_send (smbXcli_base.c:3447)
==16654==    by 0x50FE34F: smb2cli_create_send (smb2cli_create.c:153)
==16654==    by 0x490325E: cli_smb2_create_fnum_send (cli_smb2_fnum.c:273)
==16654==    by 0x48D0146: cli_ntcreate_send (clifile.c:2504)
==16654==    by 0x18B737: create_ts_send (test_readdir_timestamp.c:59)
==16654==    by 0x18BF77: create_ts_files_send (test_readdir_timestamp.c:253)
==16654==    by 0x18C35C: create_files_send (test_readdir_timestamp.c:336)
==16654==    by 0x18C953: run_readdir_timestamp (test_readdir_timestamp.c:482)
==16654==    by 0x161BC5: run_test (torture.c:14896)
==16654==    by 0x162726: main (torture.c:15136)

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Apr 23 21:53:38 UTC 2020 on sn-devel-184

5 weeks agosmbd: remove initial stat() EACCES handling from unix_convert()
Ralph Boehme [Thu, 23 Apr 2020 08:48:51 +0000 (10:48 +0200)]
smbd: remove initial stat() EACCES handling from unix_convert()

This was added by bd90ca6f00b (my bad) but it breaks filesystems with NFS4
permissions.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Apr 23 19:50:38 UTC 2020 on sn-devel-184

5 weeks agoctdb-scripts: Update nfs-ganesha-callout
Renaud Fortier [Tue, 21 Apr 2020 11:47:01 +0000 (11:47 +0000)]
ctdb-scripts: Update nfs-ganesha-callout

On debian buster, this variable doesn't exist anymore. Look at this PR
as a reference:

  https://github.com/gluster/storhaug/pull/30

Signed-off-by: Renaud Fortier <renaud.fortier@fsaa.ulaval.ca>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Thu Apr 23 08:07:51 UTC 2020 on sn-devel-184

5 weeks agoprovision: Remove final code for the LDAP backend
Andrew Bartlett [Mon, 20 Apr 2020 05:09:52 +0000 (17:09 +1200)]
provision: Remove final code for the LDAP backend

The LDAP backend for the Samba AD DC, aiming to store the AD DC in
an existing LDAP server was largely removed many years aga, but the
other parts were removed in 2b0fc74a0916a6ab0d5ac007cc5e100d4682b2ea.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Apr 23 06:12:20 UTC 2020 on sn-devel-184

5 weeks agosource4/setup: Remove files unused since the LDAP backend was removed
Andrew Bartlett [Mon, 20 Apr 2020 05:04:05 +0000 (17:04 +1200)]
source4/setup: Remove files unused since the LDAP backend was removed

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
5 weeks agosmbd: let unix_convert() fail early if initial stat fails with EACCES
Ralph Boehme [Wed, 22 Apr 2020 13:13:04 +0000 (15:13 +0200)]
smbd: let unix_convert() fail early if initial stat fails with EACCES

Doing directory scans on the path components is not going to change this, so
give up early. No change in behaviour, as we would just fail later in
get_real_filename() otherwise.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Apr 22 21:08:39 UTC 2020 on sn-devel-184

5 weeks agos3: VFS: widelinks. Change call to resolve_realpath_name() -> canonicalize_absolute_p...
Jeremy Allison [Tue, 21 Apr 2020 20:39:10 +0000 (13:39 -0700)]
s3: VFS: widelinks. Change call to resolve_realpath_name() -> canonicalize_absolute_path().

That code was moved into source3/lib/util_path.c.

We now have *one* canonicalize_absolute_path() funtion,
tested more completely.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Apr 22 09:51:08 UTC 2020 on sn-devel-184

5 weeks agos3: selftest: Remove test_vfs_widelinks.
Jeremy Allison [Tue, 21 Apr 2020 20:34:52 +0000 (13:34 -0700)]
s3: selftest: Remove test_vfs_widelinks.

All of the tests that were in there
are now tested in samba3.smbtorture_s3.LOCAL-CANONICALIZE-PATH
along with other paths.

Clean revert of f7fe3474298 not possible due to
changes in source3/selftest/tests.py

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
5 weeks agos3: lib: Remove the old canonicalize_absolute_path().
Jeremy Allison [Tue, 21 Apr 2020 20:30:38 +0000 (13:30 -0700)]
s3: lib: Remove the old canonicalize_absolute_path().

This code was really hard to understand.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
5 weeks agos3: util: Replace the old (hard to understand) canonicalize_absolute_path() with...
Jeremy Allison [Tue, 21 Apr 2020 20:24:44 +0000 (13:24 -0700)]
s3: util: Replace the old (hard to understand) canonicalize_absolute_path() with a version created from resolve_realpath_name() in vfs_widelinks.c

This code is *much* more comprehensible and passes the
stricter test set than the original (unfixed) canonicalize_absolute_path()
out of the gate.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
5 weeks agos3: lib: Fix canonicalize_absolute_path() to pass the tests from resolve_realpath_name()
Jeremy Allison [Tue, 21 Apr 2020 19:58:02 +0000 (12:58 -0700)]
s3: lib: Fix canonicalize_absolute_path() to pass the tests from resolve_realpath_name()

Remove the knownfail.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
5 weeks agos3: torture: Add the tests from resolve_realpath_name() to canonicalize_absolute_path().
Jeremy Allison [Tue, 21 Apr 2020 18:49:44 +0000 (11:49 -0700)]
s3: torture: Add the tests from resolve_realpath_name() to canonicalize_absolute_path().

canonicalize_absolute_path() has a bug.

In canonicalize_absolute_path()

///a/./././///component/../////path/ -> /a//path

It should go to /a/path. Mark as knownfail.

Adding these tests so I can ultimately remove
resolve_realpath_name() and re-use the existing
canonicalize_absolute_path() code in vfs_widelinks.c

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
5 weeks agoutil: Fix signed/unsigned integer comparison
Martin Schwenke [Tue, 17 Mar 2020 05:05:20 +0000 (16:05 +1100)]
util: Fix signed/unsigned integer comparison

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Wed Apr 22 01:48:03 UTC 2020 on sn-devel-184

5 weeks agos3: smbd: Refuse open in create_file_unixpath() with only SEC_FLAG_SYSTEM_SECURITY...
Jeremy Allison [Fri, 17 Apr 2020 21:23:07 +0000 (14:23 -0700)]
s3: smbd: Refuse open in create_file_unixpath() with only SEC_FLAG_SYSTEM_SECURITY set.

We now pass smbtorture3 SMB2-SACL like Windows 10 does.
Note this is an SMB2-only behavior. SMB1 allows an open
with only SEC_FLAG_SYSTEM_SECURITY set as tested in
smbtorture3 SMB1-SYSTEM-SECURITY.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Apr 21 20:17:10 UTC 2020 on sn-devel-184

5 weeks agos3: smbd: Reformat code in SEC_FLAG_SYSTEM_SECURITY check in create_file_unixpath().
Jeremy Allison [Fri, 17 Apr 2020 21:20:13 +0000 (14:20 -0700)]
s3: smbd: Reformat code in SEC_FLAG_SYSTEM_SECURITY check in create_file_unixpath().

No logic change but uses modern formatting and will
make it easier to add another clause in the next commit.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
5 weeks agosmbd: Ensure SEC_FLAG_SYSTEM_SECURITY also opens the underlying fd.
Jeremy Allison [Fri, 17 Apr 2020 21:16:36 +0000 (14:16 -0700)]
smbd: Ensure SEC_FLAG_SYSTEM_SECURITY also opens the underlying fd.

smbtorture3 SMB2-SAL test shows this is needed as we store the SACL in the same
data store as the DACL.

Without this, opening a file with SEC_FLAG_SYSTEM_SECURITY | READ_ATTRIBUTES
would do a stat open, meaning when we call SMB_VFS_FGET_NT_ACL()
on the fsp we have no open fd to work on.

Pair-Programmed-With: Jeremy Allison <jra@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
5 weeks agosmbd: use helper variables in open_file()
Ralph Boehme [Wed, 4 Mar 2020 09:54:18 +0000 (10:54 +0100)]
smbd: use helper variables in open_file()

Simplify an if expression by using helper variables, no change in behaviour.

Signed-off-by: Ralph Boehme <slow@samba.org>
5 weeks agos3: smbd: When writing a security descriptor SACL, ensure both SEC_FLAG_SYSTEM_SECURI...
Jeremy Allison [Fri, 17 Apr 2020 21:14:38 +0000 (14:14 -0700)]
s3: smbd: When writing a security descriptor SACL, ensure both SEC_FLAG_SYSTEM_SECURITY|SEC_STD_WRITE_DAC are set.

smbtorture3 SMB2-SACL tests this against Windows10 (and Samba).

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
5 weeks agos3: torture: Call the smbtorture3 SMB2-SACL test.
Jeremy Allison [Sat, 18 Apr 2020 00:39:22 +0000 (17:39 -0700)]
s3: torture: Call the smbtorture3 SMB2-SACL test.

Calls the test in the previous commit by adding
SeSecurityPrivilege first, running the SMB2-SACL test
then removing SeSecurityPrivilege.

Demonstrates the difference between server behavior
with SEC_FLAG_SYSTEM_SECURITY against SMB1 and SMB2 servers.

Mark as knownfail for now.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
5 weeks agos3: torture: Add a basic SMB2 SACL test.
Jeremy Allison [Fri, 17 Apr 2020 18:46:49 +0000 (11:46 -0700)]
s3: torture: Add a basic SMB2 SACL test.

Shows bits needed to set/get a SACL.  We need a script within Samba to run this
as it depends on a user with SeSecurityPrivilege to work.

Test does the following:

1). Create a test file.
2). Open with SEC_FLAG_SYSTEM_SECURITY *only*. ACCESS_DENIED.
    NB. SMB2-only behavior. SMB1 allows this as tested in SMB1-SYSTEM-SECURITY.
3). Open with SEC_FLAG_SYSTEM_SECURITY|FILE_WRITE_ATTRIBUTES.
4). Write SACL. Should fail with ACCESS_DENIED (seems to need WRITE_DAC).
5). Close (3).
6). Open with SEC_FLAG_SYSTEM_SECURITY|SEC_STD_WRITE_DAC.
7). Write SACL. Success.
8). Close (4).
9). Open with SEC_FLAG_SYSTEM_SECURITY|READ_ATTRIBUTES.
10). Read SACL. Success.
11). Read DACL. Should fail with ACCESS_DENIED (no READ_CONTROL).
12). Close (9).
13 - and on error). Delete test file.

Passes against Windows 10.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
5 weeks agos3: torture: Run the SMB1-SYSTEM-SECURITY test.
Jeremy Allison [Sat, 18 Apr 2020 00:36:10 +0000 (17:36 -0700)]
s3: torture: Run the SMB1-SYSTEM-SECURITY test.

Calls the test in the previous commit by adding
SeSecurityPrivilege first, running the SMB1-SYSTEM-SECURITY
test then removing SeSecurityPrivilege.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
5 weeks agos3: torture: Add an SMB1-specific test SMB1-SYSTEM-SECURITY.
Jeremy Allison [Fri, 17 Apr 2020 22:48:09 +0000 (15:48 -0700)]
s3: torture: Add an SMB1-specific test SMB1-SYSTEM-SECURITY.

NB. This is also tested in samba3.base.createx_access
but this makes it very explicit what we're looking for.

Shows SMB1 allows explicit open of a file with only
he SEC_FLAG_SYSTEM_SECURITY access mask requested.
SMB2 doesn't.

Requires a Windows 10 system with a user with
SeSecurityPrivilege set. Passes against Windows 10
with SMB1 enabled.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
5 weeks agodbwrap_watch: Set rec->value_valid while returning nested share_mode_do_locked()
Anoop C S [Mon, 20 Apr 2020 09:11:18 +0000 (14:41 +0530)]
dbwrap_watch: Set rec->value_valid while returning nested share_mode_do_locked()

As reported on samba-technical by Rouven WEILER <Rouven_Weiler@gmx.net>:
https://lists.samba.org/archive/samba-technical/2020-April/135116.html

Following backtrace was observed with vfs_fruit for time machine backup:

[2020/04/10 08:00:38.107917,  0] ../../lib/dbwrap/dbwrap.c:82(dbwrap_record_get_value)
  PANIC: assert failed at ../../lib/dbwrap/dbwrap.c(82): rec->value_valid
[2020/04/10 08:00:38.108499,  0] ../../source3/lib/util.c:830(smb_panic_s3)
  PANIC (pid 3427): assert failed: rec->value_valid
[2020/04/10 08:00:38.109541,  0] ../../lib/util/fault.c:265(log_stack_trace)
  BACKTRACE: 37 stack frames:
   #0 /usr/lib/samba/amd64/libsamba-util.so.0.0.1'log_stack_trace+0x26 [0xfffffd7fee51de66]
   #1 /usr/lib/samba/amd64/libsmbconf.so.0'smb_panic_s3+0x26 [0xfffffd7fedf5a596]
   #2 /usr/lib/samba/amd64/libsamba-util.so.0.0.1'smb_panic+0x1f [0xfffffd7fee51df3f]
   #3 /usr/lib/samba/private/amd64/libdbwrap-samba4.so'dbwrap_record_get_value+0x2a [0xfffffd7feccb627a]
   #4 /usr/lib/samba/private/amd64/libsmbd-base-samba4.so'get_share_mode_lock+0x109 [0xfffffd7fee7195c9]
   #5 /usr/lib/samba/private/amd64/libsmbd-base-samba4.so'smbd_contend_level2_oplocks_begin+0xa1 [0xfffffd7fee7f7761]
   #6 /usr/lib/samba/private/amd64/libsmbd-base-samba4.so'brl_lock+0x635 [0xfffffd7fee710f45]
   #7 /usr/lib/samba/private/amd64/libsmbd-base-samba4.so'do_lock_fn+0xa4 [0xfffffd7fee70d534]
   #8 /usr/lib/samba/private/amd64/libsmbd-base-samba4.so'share_mode_do_locked_fn+0x86 [0xfffffd7fee7174b6]
   #9 /usr/lib/samba/amd64/libsmbconf.so.0'dbwrap_watched_do_locked_fn+0xfa [0xfffffd7fedf622ca]
   #10 /usr/lib/samba/private/amd64/libdbwrap-samba4.so'db_tdb_do_locked+0x12f [0xfffffd7feccb95cf]
   #11 /usr/lib/samba/private/amd64/libdbwrap-samba4.so'dbwrap_do_locked+0x48 [0xfffffd7feccb69a8]
   #12 /usr/lib/samba/amd64/libsmbconf.so.0'dbwrap_watched_do_locked+0x6f [0xfffffd7fedf60d7f]
   #13 /usr/lib/samba/private/amd64/libdbwrap-samba4.so'dbwrap_do_locked+0x48 [0xfffffd7feccb69a8]
   #14 /usr/lib/samba/private/amd64/libsmbd-base-samba4.so'share_mode_do_locked+0xd2 [0xfffffd7fee719b82]
   #15 /usr/lib/samba/private/amd64/libsmbd-base-samba4.so'do_lock+0xf0 [0xfffffd7fee70dfe0]
   #16 /usr/lib/samba/amd64/vfs/fruit.so'fruit_create_file+0x7ba [0xfffffd7fe88855aa]
   #17 /usr/lib/samba/private/amd64/libsmbd-base-samba4.so'smbd_smb2_request_process_create+0xa07 [0xfffffd7fee7d3237]
   #18 /usr/lib/samba/private/amd64/libsmbd-base-samba4.so'smbd_smb2_request_dispatch+0xc8f [0xfffffd7fee7c985f]
   #19 /usr/lib/samba/private/amd64/libsmbd-base-samba4.so'smbd_smb2_connection_handler+0x621 [0xfffffd7fee7ca7e1]
   #20 /usr/lib/samba/private/amd64/libtevent.so.0.10.2'tevent_common_invoke_fd_handler+0x80 [0xfffffd7fecd3a580]
   #21 /usr/lib/samba/private/amd64/libtevent.so.0.10.2'epoll_event_loop_once+0x22c [0xfffffd7fecd4180c]
   #22 /usr/lib/samba/private/amd64/libtevent.so.0.10.2'std_event_loop_once+0x40 [0xfffffd7fecd3f8f0]
   #23 /usr/lib/samba/private/amd64/libtevent.so.0.10.2'_tevent_loop_once+0x95 [0xfffffd7fecd39bd5]
   #24 /usr/lib/samba/private/amd64/libtevent.so.0.10.2'tevent_common_loop_wait+0x23 [0xfffffd7fecd39e43]
   #25 /usr/lib/samba/private/amd64/libtevent.so.0.10.2'std_event_loop_wait+0x40 [0xfffffd7fecd3f870]
   #26 /usr/lib/samba/private/amd64/libsmbd-base-samba4.so'smbd_process+0x777 [0xfffffd7fee7b8677]
   #27 /usr/lib/samba/sbin/amd64/smbd'smbd_accept_connection+0x189 [0x40d5b9]
   #28 /usr/lib/samba/private/amd64/libtevent.so.0.10.2'tevent_common_invoke_fd_handler+0x80 [0xfffffd7fecd3a580]
   #29 /usr/lib/samba/private/amd64/libtevent.so.0.10.2'epoll_event_loop_once+0x22c [0xfffffd7fecd4180c]
   #30 /usr/lib/samba/private/amd64/libtevent.so.0.10.2'std_event_loop_once+0x40 [0xfffffd7fecd3f8f0]
   #31 /usr/lib/samba/private/amd64/libtevent.so.0.10.2'_tevent_loop_once+0x95 [0xfffffd7fecd39bd5]
   #32 /usr/lib/samba/private/amd64/libtevent.so.0.10.2'tevent_common_loop_wait+0x23 [0xfffffd7fecd39e43]
   #33 /usr/lib/samba/private/amd64/libtevent.so.0.10.2'std_event_loop_wait+0x40 [0xfffffd7fecd3f870]
   #34 /usr/lib/samba/sbin/amd64/smbd'main+0x1a0f [0x40f9ff]
   #35 /usr/lib/samba/sbin/amd64/smbd'_start_crt+0x83 [0x408e73]
   #36 /usr/lib/samba/sbin/amd64/smbd'_start+0x18 [0x408dd8]

In this particular nested share_mode_do_locked() invocation, callback
comes through dbwrap_watched_do_locked_fn() where it fails to update
rec->value_valid which further gets assigned to static_share_mode_record
within share_mode_do_locked_fn().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14352

Signed-off-by: Anoop C S <anoopcs@redhat.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Apr 21 17:37:43 UTC 2020 on sn-devel-184

6 weeks agolibsmb: Move clirap2.c to utils/
Volker Lendecke [Mon, 13 Apr 2020 18:04:21 +0000 (20:04 +0200)]
libsmb: Move clirap2.c to utils/

It's only used in net_rap.c, expansion to other users is
unlikely. Don't link it into libsmbclient anymore. It saves roughly
50k from the everywhere-linked libsmb.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Apr 18 04:12:48 UTC 2020 on sn-devel-184

6 weeks agoutils: Convert smbtree to use libsmbclient
Volker Lendecke [Sat, 11 Apr 2020 17:54:11 +0000 (19:54 +0200)]
utils: Convert smbtree to use libsmbclient

We have the domain browsing functionality in libsmbclient, don't
duplicate it in smbtree with special code. Not too much gain in lines
of code, but the new code is much more regular and reuses
functionality provided elsewhere.

This removes the "-b" option from smbtree, libsmbclient always does
that.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
6 weeks agosmbtree: Add "fail:" target, more failure paths with follow
Volker Lendecke [Sat, 11 Apr 2020 17:03:39 +0000 (19:03 +0200)]
smbtree: Add "fail:" target, more failure paths with follow

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
6 weeks agolibsmb: Slightly simplify get_ipc_connect()
Volker Lendecke [Mon, 13 Apr 2020 07:23:45 +0000 (09:23 +0200)]
libsmb: Slightly simplify get_ipc_connect()

No else required with an early return

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
6 weeks agopidl: Align integer types in scompat files
Volker Lendecke [Sat, 11 Apr 2020 16:13:52 +0000 (18:13 +0200)]
pidl: Align integer types in scompat files

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
6 weeks agoctdb: Fix a memleak
Volker Lendecke [Thu, 16 Apr 2020 12:38:34 +0000 (14:38 +0200)]
ctdb: Fix a memleak

Bug: https://bugzilla.samba.org/show_bug.cgi?id=14348
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Fri Apr 17 08:32:35 UTC 2020 on sn-devel-184

6 weeks agos4: torture: SMB2. Fix smb2.winattr to actually read the SD from the server and check it.
Jeremy Allison [Wed, 15 Apr 2020 19:07:57 +0000 (12:07 -0700)]
s4: torture: SMB2. Fix smb2.winattr to actually read the SD from the server and check it.

We need READ_CONTROL, and actually have to ask for
the OWNER|GROUP|DACL bits if we're going to properly
check the SD.

Tested against Windows 10.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Apr 16 20:42:58 UTC 2020 on sn-devel-184

6 weeks agos3: smbd: Ensure we don't try and read the on-disk security descriptor if no bits...
Jeremy Allison [Wed, 15 Apr 2020 20:33:43 +0000 (13:33 -0700)]
s3: smbd: Ensure we don't try and read the on-disk security descriptor if no bits are requested.

The sdread test just added shows that a client
can open with READ_ATTRIBUTES and still issue
a query security descriptor. smbd passed that
test as it read the on-disk sd, but then threw
the information away and returned the NULL sd
the client expects.

Make sure that we don't try and read the on-disk
sd if the client doesn't request any bits.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
6 weeks agos4: torture: SMB2. Add a new test that exposes interesting SD query behavior.
Jeremy Allison [Wed, 15 Apr 2020 18:59:17 +0000 (11:59 -0700)]
s4: torture: SMB2. Add a new test that exposes interesting SD query behavior.

If we open a file without READ_CONTROL, requesting a security
descriptor fails with ACCESS_DENIED if any of the requested
bits OWNER|GROUP|DACL are set.

However, if we send zero as the requested bits then a
security descriptor is returned containing no data,
even though reading an SD should fail based on the
access permissions we have on the handle.

This has been tested against Windows 10, and also
passes on Samba - although in smbd we actually
read the SD off disk first, before nulling out
all the data we read. We shouldn't (we have
no rights to do so) and a subsequent commit
will fix this.

This was discovered when investigating the
smb2.winattr test, which currently relies
on exactly this behavior. It shouldn't
and the next commit will fix that.

I wanted to preserve the current smb2.winattr
behavior in a test though.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
6 weeks agodocs: Update smbclient manpage that four digit years are also allowed
Christof Schmitt [Wed, 15 Apr 2020 21:56:03 +0000 (14:56 -0700)]
docs: Update smbclient manpage that four digit years are also allowed

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Christof Schmitt <cs@samba.org>
Autobuild-Date(master): Thu Apr 16 19:06:32 UTC 2020 on sn-devel-184

6 weeks agotest_smbclient_s3: Test four-digit year in smbclient utimes
Christof Schmitt [Wed, 15 Apr 2020 21:53:08 +0000 (14:53 -0700)]
test_smbclient_s3: Test four-digit year in smbclient utimes

Modify the test to also set the create_time, and specify the year with
using four digits to test the new codepath.

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
6 weeks agosmbclient: Also allow four digit years in utimes command
Christof Schmitt [Tue, 14 Apr 2020 23:40:55 +0000 (16:40 -0700)]
smbclient: Also allow four digit years in utimes command

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
6 weeks agosmbclient: Remove one level of indentation for the utimes command
Christof Schmitt [Tue, 14 Apr 2020 23:38:03 +0000 (16:38 -0700)]
smbclient: Remove one level of indentation for the utimes command

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
6 weeks agos3/librpc/crypto: Fix double free with unresolved credential cache
Noel Power [Tue, 14 Apr 2020 10:21:22 +0000 (11:21 +0100)]
s3/librpc/crypto: Fix double free with unresolved credential cache

We free gse_ctx->k5ctx but then free it again in the
talloc dtor. This patch just lets the talloc dtor handle
things and removes the extra krb5_free_context

Failed to resolve credential cache 'DIR:/run/user/1000/krb5cc'! (No credentials cache found)
==30762== Invalid read of size 8
==30762==    at 0x108100F4: k5_os_free_context (in /usr/lib64/libkrb5.so.3.3)
==30762==    by 0x107EA661: krb5_free_context (in /usr/lib64/libkrb5.so.3.3)
==30762==    by 0x7945D2E: gse_context_destructor (gse.c:84)
==30762==    by 0x645FB49: _tc_free_internal (talloc.c:1157)
==30762==    by 0x645FEC5: _talloc_free_internal (talloc.c:1247)
==30762==    by 0x646118D: _talloc_free (talloc.c:1789)
==30762==    by 0x79462E4: gse_context_init (gse.c:241)
==30762==    by 0x794636E: gse_init_client (gse.c:268)
==30762==    by 0x7947602: gensec_gse_client_start (gse.c:786)
==30762==    by 0xBC87A3A: gensec_start_mech (gensec_start.c:743)
==30762==    by 0xBC87BC6: gensec_start_mech_by_ops (gensec_start.c:774)
==30762==    by 0xBC8167F: gensec_spnego_client_negTokenInit_step (spnego.c:633)
==30762==  Address 0x17259928 is 40 bytes inside a block of size 496 free'd
==30762==    at 0x4C2F50B: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==30762==    by 0x79462CA: gse_context_init (gse.c:238)
==30762==    by 0x794636E: gse_init_client (gse.c:268)
==30762==    by 0x7947602: gensec_gse_client_start (gse.c:786)
==30762==    by 0xBC87A3A: gensec_start_mech (gensec_start.c:743)
==30762==    by 0xBC87BC6: gensec_start_mech_by_ops (gensec_start.c:774)
==30762==    by 0xBC8167F: gensec_spnego_client_negTokenInit_step (spnego.c:633)
==30762==    by 0xBC813E2: gensec_spnego_client_negTokenInit_start (spnego.c:537)
==30762==    by 0xBC84084: gensec_spnego_update_pre (spnego.c:1943)
==30762==    by 0xBC83AE5: gensec_spnego_update_send (spnego.c:1741)
==30762==    by 0xBC85622: gensec_update_send (gensec.c:449)
==30762==    by 0x551BFD0: cli_session_setup_gensec_local_next (cliconnect.c:997)
==30762==  Block was alloc'd at
==30762==    at 0x4C306B5: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==30762==    by 0x107EA7AE: krb5_init_context_profile (in /usr/lib64/libkrb5.so.3.3)
==30762==    by 0xB853215: smb_krb5_init_context_common (krb5_samba.c:3597)
==30762==    by 0x794615B: gse_context_init (gse.c:209)
==30762==    by 0x794636E: gse_init_client (gse.c:268)
==30762==    by 0x7947602: gensec_gse_client_start (gse.c:786)
==30762==    by 0xBC87A3A: gensec_start_mech (gensec_start.c:743)
==30762==    by 0xBC87BC6: gensec_start_mech_by_ops (gensec_start.c:774)
==30762==    by 0xBC8167F: gensec_spnego_client_negTokenInit_step (spnego.c:633)
==30762==    by 0xBC813E2: gensec_spnego_client_negTokenInit_start (spnego.c:537)
==30762==    by 0xBC84084: gensec_spnego_update_pre (spnego.c:1943)
==30762==    by 0xBC83AE5: gensec_spnego_update_send (spnego.c:1741)
==30762==

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14344
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Tue Apr 14 22:55:51 UTC 2020 on sn-devel-184

6 weeks agos3: VFS: Add cmocka test for vfs_full_audit to make sure all arrays are correct.
Jeremy Allison [Fri, 10 Apr 2020 21:14:25 +0000 (14:14 -0700)]
s3: VFS: Add cmocka test for vfs_full_audit to make sure all arrays are correct.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14343

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Apr 14 17:58:40 UTC 2020 on sn-devel-184

6 weeks agos3: VFS: full_audit. Add missing fcntl entry in vfs_op_names[] array.
Jeremy Allison [Fri, 10 Apr 2020 20:27:18 +0000 (13:27 -0700)]
s3: VFS: full_audit. Add missing fcntl entry in vfs_op_names[] array.

Found by yannick@in2ip.nl.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14343

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
7 weeks agos4/torture: fix timeval wrap in torture_libsmbclient_utimes() test
Ralph Boehme [Fri, 10 Apr 2020 11:51:39 +0000 (13:51 +0200)]
s4/torture: fix timeval wrap in torture_libsmbclient_utimes() test

Fixes the following flapping test:

UNEXPECTED(failure): samba4.libsmbclient.utimes.SMB3.utimes(nt4_dc)
REASON: Exception: Exception: ../../source4/torture/libsmbclient/libsmbclient.c:1249:
    st.st_mtim.tv_nsec / 1000 was 98181 (0x17F85),
    expected 1098181 (0x10C1C5): smbc_utimes did not update msec

https://gitlab.com/samba-team/devel/samba/-/jobs/506361470

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Sat Apr 11 12:24:00 UTC 2020 on sn-devel-184

7 weeks agoUpdate WHATSNEW.txt to explain the vfs_widelinks module addition.
Jeremy Allison [Tue, 7 Apr 2020 16:58:08 +0000 (09:58 -0700)]
Update WHATSNEW.txt to explain the vfs_widelinks module addition.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Apr  9 21:21:46 UTC 2020 on sn-devel-184

7 weeks agodocs-xml: Add a vfs_widelinks manpage.
Jeremy Allison [Tue, 7 Apr 2020 16:47:46 +0000 (09:47 -0700)]
docs-xml: Add a vfs_widelinks manpage.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
7 weeks agos3: smbd: Reformatting - fix indentation in fd_open().
Jeremy Allison [Tue, 7 Apr 2020 00:44:56 +0000 (17:44 -0700)]
s3: smbd: Reformatting - fix indentation in fd_open().

Now we removed the lp_widelinks() clause we
left an extra {..} level of indirection. Just
reformat to remove it. No logic changes.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
7 weeks agos3: smbd: Reformatting - fix indentation in check_reduced_name().
Jeremy Allison [Tue, 7 Apr 2020 00:41:42 +0000 (17:41 -0700)]
s3: smbd: Reformatting - fix indentation in check_reduced_name().

Now we removed the lp_widelinks() clause we
left an extra {..} level of indirection. Just
reformat to remove it and update to modern
DBG_ macros. No logic changes

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
7 weeks agos3: smbd: Always call canonicalize_connect_path() for a share.
Jeremy Allison [Tue, 7 Apr 2020 00:36:44 +0000 (17:36 -0700)]
s3: smbd: Always call canonicalize_connect_path() for a share.

Share path definitions don't need to be aware of symlinks.

This is strictly a change in behavior, but the vfs_widelinks
module (if loaded) copes with symlinks in the share definition.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
7 weeks agos3: smbd: Always call canonicalize_connect_path() for a (synthesized) msdfs-share.
Jeremy Allison [Tue, 7 Apr 2020 00:34:22 +0000 (17:34 -0700)]
s3: smbd: Always call canonicalize_connect_path() for a (synthesized) msdfs-share.

Share path definitions don't need to be aware of symlinks.

This is strictly a change in behavior, but the vfs_widelinks
module (if loaded) copes with symlinks in the share definition.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
7 weeks agos3: smbd: Remove allowing widelinks in fd_open path.
Jeremy Allison [Tue, 7 Apr 2020 00:33:17 +0000 (17:33 -0700)]
s3: smbd: Remove allowing widelinks in fd_open path.

Widelinks are now always denied, unless the vfs_widelinks
VFS module is loaded.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
7 weeks agos3: VFS: Remove the lp_widelinks() check from check_reduced_name().
Jeremy Allison [Tue, 7 Apr 2020 00:31:16 +0000 (17:31 -0700)]
s3: VFS: Remove the lp_widelinks() check from check_reduced_name().

Widelinks are now always denied, unless the vfs_widelinks
VFS module is loaded.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
7 weeks agos3: smbd: VFS: Add custom initialization for vfs_widelinks.
Jeremy Allison [Tue, 7 Apr 2020 00:24:10 +0000 (17:24 -0700)]
s3: smbd: VFS: Add custom initialization for vfs_widelinks.

As the widelinks logic is now moving into a
vfs_widelinks module, we need to custom load
it after the default module is initialized.
That way no changes to smb.conf files are
needed.

We may revisit this for Samba 5.0 and force
people to change their smb.conf files and
explicitly load this as a vfs module if they
want the insecure widelinks behavior.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
7 weeks agos3: VFS: Add cmocka tests for pathname parsing in vfs_widelinks.
Jeremy Allison [Mon, 6 Apr 2020 19:18:50 +0000 (12:18 -0700)]
s3: VFS: Add cmocka tests for pathname parsing in vfs_widelinks.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
7 weeks agoVFS: Add vfs_widelinks module.
Jeremy Allison [Sat, 4 Apr 2020 01:24:42 +0000 (18:24 -0700)]
VFS: Add vfs_widelinks module.

Hides symlinks from smbd. Will be used to replace
the lp_widelinks() code inside smbd.

Long description of how this module works
with notes is included.

The man page and WHATSNEW.txt update is done
in a later patch in this series.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
7 weeks agos3:rpc_server: Improve local dispatching
Samuel Cabrero [Mon, 18 Nov 2019 13:01:52 +0000 (14:01 +0100)]
s3:rpc_server: Improve local dispatching

Craft core structures to dispatch local calls in the same way as remote
ones, removing the special handling in the autogenerated code.

This is also necessary to drop s3 rpc handles implementation.

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Apr  8 22:23:05 UTC 2020 on sn-devel-184

7 weeks agospoolss: Add NCALRPC endpoint
Samuel Cabrero [Mon, 18 Nov 2019 15:55:39 +0000 (16:55 +0100)]
spoolss: Add NCALRPC endpoint

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
7 weeks agolibrpc:core: Make find_interface_by_uuid public
Samuel Cabrero [Thu, 31 Oct 2019 13:31:37 +0000 (14:31 +0100)]
librpc:core: Make find_interface_by_uuid public

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
7 weeks agosmbtree: Align integer types
Volker Lendecke [Sun, 5 Apr 2020 11:02:12 +0000 (13:02 +0200)]
smbtree: Align integer types

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Apr  8 16:22:17 UTC 2020 on sn-devel-184

7 weeks agolibsmb: Move get_ipc_connect_master_ip_bcast() to smbtree.c
Volker Lendecke [Sun, 5 Apr 2020 11:01:07 +0000 (13:01 +0200)]
libsmb: Move get_ipc_connect_master_ip_bcast() to smbtree.c

... the only user

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
7 weeks agolibsmb: Remove unused cli_NetWkstaUserLogon()
Volker Lendecke [Sun, 5 Apr 2020 10:38:01 +0000 (12:38 +0200)]
libsmb: Remove unused cli_NetWkstaUserLogon()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
7 weeks agosmbclient: Simplify browse_host()
Volker Lendecke [Sun, 5 Apr 2020 10:31:24 +0000 (12:31 +0200)]
smbclient: Simplify browse_host()

We now have the check of the real connection's prootocol, so the
smb.conf's "client min protocol" does not really matter here

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
7 weeks agolibsmb: Respect the full timeval for smbc_utimes()
Volker Lendecke [Mon, 30 Mar 2020 19:43:51 +0000 (21:43 +0200)]
libsmb: Respect the full timeval for smbc_utimes()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
7 weeks agotorture: Test smbc_utimes()
Volker Lendecke [Mon, 30 Mar 2020 20:08:40 +0000 (22:08 +0200)]
torture: Test smbc_utimes()

Prove that smbc_utimes throws away the tv_nsec field

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>