nsswitch/wb_common.c: fix socket fd and memory leaks of global state
When we are called in wb_atfork_child() or winbind_destructor(),
wb_thread_ctx_destructor() is not called for the global state
of the current nor any other thread, which means we would
leak the related memory and socket fds.
Now we maintain a global list protected by a global mutex.
We traverse the list and close all socket fds, which are no
longer used (winbind_destructor) or no longer valid in the
current process (wb_atfork_child), in addition we 'autofree'
the ones, which are only visible internally as global (per thread)
context.
Tested-by: Krzysztof Piotr Oledzki <ole@ans.pl> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Sep 14 18:53:07 UTC 2023 on atb-devel-224
nsswitch/wb_common.c: don't operate on a stale wb_global_ctx.key
If nss_winbind is loaded into a process that uses fork multiple times
without any further calls into nss_winbind, wb_atfork_child handler
was using a wb_global_ctx.key that was no longer registered in the
pthread library, so we operated on a slot that was potentially
reused by other libraries or the main application. Which is likely
to cause memory corruption.
So we better don't call pthread_key_delete() in wb_atfork_child().
Reported-by: Krzysztof Piotr Oledzki <ole@ans.pl> Tested-by: Krzysztof Piotr Oledzki <ole@ans.pl> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Fri, 4 Aug 2023 15:19:00 +0000 (17:19 +0200)]
smbd: make vfs_stat_fsp() a no-op on fake file-handles
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Sep 12 17:08:17 UTC 2023 on atb-devel-224
Samuel Cabrero [Thu, 7 Sep 2023 12:51:15 +0000 (14:51 +0200)]
auth:credentials: Check if password_obtained > obtained
Fixes reading the password from STDIN or environment vars if it was already
given in the command line:
$ export PASSWD_FD=0
$ ./bin/net offlinejoin composeodj <...> --password=FOO
<Waiting to read password from STDIN>
Signed-off-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Sep 11 03:36:28 UTC 2023 on atb-devel-224
Samuel Cabrero [Thu, 7 Sep 2023 12:53:22 +0000 (14:53 +0200)]
netapi: Pass net's cmdline credentials to libnetapi_net_init()
Avoid unnecessary credentials allocation and initialization by passing the
net's cmdline creds to libnetapi_net_init() directly.
Fixes the problem of running cli_credentials_guess() (which runs password
callbacks) twice, one for the net's cmdline creds and a second time for the
creds initialized in libnetapi_net_init(), just to override them immediately
after.
Example:
$ export PASSWD_FD=0
$ ./bin/net offlinejoin composeodj <...>
foo
bar
Password is read from STDIN twice.
Signed-off-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Wed, 30 Aug 2023 02:45:49 +0000 (14:45 +1200)]
.gitlab-ci.yml: Move coverity build to internal Heimdal
The opensuse155 image has MIT 1.20, not the required MIT 1.21, so build
with intenral Heimdal instead.
The opensuse155 image was chosen deliberatly in commit f2eb411646bbc3cbedd4aecaba98bd363a6cd3df so this changes
the KDC choice rather than the image. Eventually we will
need to do both.
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Volker Lendecke [Wed, 30 Aug 2023 07:22:13 +0000 (09:22 +0200)]
libsmb: Fix parsing symlink reparse points
Untested code is broken code. For symlinks we need to hand over the
full reparse buffer into symlink_reparse_buffer_parse(), as this is
also used for the smb2 error response handling. For that, the
"reserved" field in [MS-FSCC] 2.1.2.4 Symbolic Link Reparse Data
Buffer is used for the "unparsed" field.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Sep 8 17:24:19 UTC 2023 on atb-devel-224
This way we can run the tests and more easily put them into knownfail
individually. Before this, everything went into the error category,
which was not so easy to catch in something like knownfail.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Douglas Bagnall [Wed, 23 Aug 2023 00:04:29 +0000 (12:04 +1200)]
security.idl: extend security token for claims
A security token contains the context needed to make access decisions
for a particular client, which has until now been a number of SIDs and
flags. Claims are arbitrary attributes that can be tacked onto the
security token. Typically they will arrive via a Kerberos PAC, but we
don't need to worry about that now -- only that they are stored on the
token.
The security token in [MS-DTYP] 2.5.2 is described in abstract terms
(it is not transmitted on the wire) as behaving *as if* it held claims
in three arrays of CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1 structures. We
take that suggestion literally. This is *almost* the same as storing
the [MS-ADTS] 2.2.18 claims wire structures that the claims are
presumably derived from, and doing that might seem like a small
optimisation. But we don't do that because of subtle differences and
we already need CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1 in security.idl
for resource attribute ACEs.
The three stored claim types are user claims, device claims, and local
claims. Local claims relate to local Windows accounts and are unlikely
to occur in Samba. Nevertheless we have the array there just in case.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Sep 7 05:50:24 UTC 2023 on atb-devel-224
Joseph Sutton [Thu, 1 Dec 2022 23:43:21 +0000 (12:43 +1300)]
libcli/security: make sddl_decode_sid an external function
We are going to need it in for parsing SDDL for conditional ACEs and
resource ACEs, which will go in a separate file because it's huge.
This means changing the interface for `sddl_decode_sid` to that from
before 7d466a913f2c0038b30424403a7355db849fee7a which introduced
sddl_transition_state to deal ease the shift to disambiguated machine/
domain/forest SIDs. Internal callers use `sddl_transition_decode_sid()`
which is the old function; external callers use the same shim pattern as
the other externally available functions.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Direct leak of 96 byte(s) in 1 object(s) allocated from:
#0 0x7f4c5dedc03f in malloc (/lib64/libasan.so.8+0xdc03f) (BuildId: b10bafa0ba3304197db35cc24e0024cb0492168a)
#1 0x7f4c5d252b3e in __talloc_with_prefix ../../lib/talloc/talloc.c:783
#2 0x7f4c5d2543cc in __talloc ../../lib/talloc/talloc.c:825
#3 0x7f4c5d2543cc in _talloc_named_const ../../lib/talloc/talloc.c:982
#4 0x7f4c5d2543cc in talloc_named_const ../../lib/talloc/talloc.c:1751
#5 0x7f4c504acc53 in partition_metadata_get_uint64 ../../source4/dsdb/samdb/ldb_modules/partition_metadata.c:50
#6 0x7f4c504add29 in partition_metadata_sequence_number_increment ../../source4/dsdb/samdb/ldb_modules/partition_metadata.c:398
#7 0x7f4c504a66aa in partition_sequence_number ../../source4/dsdb/samdb/ldb_modules/partition.c:1401
#8 0x7f4c504a66aa in partition_extended ../../source4/dsdb/samdb/ldb_modules/partition.c:1680
#9 0x7f4c5c498c44 in ldb_next_request ../../lib/ldb/common/ldb_modules.c:559
#10 0x7f4c503980c8 in replmd_extended ../../source4/dsdb/samdb/ldb_modules/repl_meta_data.c:8455
#11 0x7f4c5c498c44 in ldb_next_request ../../lib/ldb/common/ldb_modules.c:559
#12 0x7f4c502fae5c in samldb_extended ../../source4/dsdb/samdb/ldb_modules/samldb.c:5718
#13 0x7f4c5c498c44 in ldb_next_request ../../lib/ldb/common/ldb_modules.c:559
#14 0x7f4c52f0b94c in acl_extended ../../source4/dsdb/samdb/ldb_modules/acl.c:2854
#15 0x7f4c5c498c44 in ldb_next_request ../../lib/ldb/common/ldb_modules.c:559
#16 0x7f4c52eb019c in descriptor_extended ../../source4/dsdb/samdb/ldb_modules/descriptor.c:1450
#17 0x7f4c5c498c44 in ldb_next_request ../../lib/ldb/common/ldb_modules.c:559
#18 0x7f4c52ed8687 in log_extended ../../source4/dsdb/samdb/ldb_modules/audit_log.c:1824
#19 0x7f4c5c498c44 in ldb_next_request ../../lib/ldb/common/ldb_modules.c:559
#20 0x7f4c505aa337 in unlazy_op ../../source4/dsdb/samdb/ldb_modules/lazy_commit.c:40
#21 0x7f4c5c498c44 in ldb_next_request ../../lib/ldb/common/ldb_modules.c:559
#22 0x7f4c502d0f82 in schema_load_extended ../../source4/dsdb/samdb/ldb_modules/schema_load.c:593
#23 0x7f4c5c498c44 in ldb_next_request ../../lib/ldb/common/ldb_modules.c:559
#24 0x7f4c5035a010 in rootdse_extended ../../source4/dsdb/samdb/ldb_modules/rootdse.c:1780
#25 0x7f4c5c4914ef in ldb_request ../../lib/ldb/common/ldb.c:1244
#26 0x7f4c5c492a2d in ldb_extended ../../lib/ldb/common/ldb.c:1714
#27 0x7f4c5c492bdf in ldb_sequence_number ../../lib/ldb/common/ldb.c:1943
#28 0x7f4c503a9abd in replmd_add ../../source4/dsdb/samdb/ldb_modules/repl_meta_data.c:1316
#29 0x7f4c5c4989f4 in ldb_next_request ../../lib/ldb/common/ldb_modules.c:543
#30 0x7f4c50458783 in rdn_name_add ../../lib/ldb/modules/rdn_name.c:206
#31 0x7f4c5c4989f4 in ldb_next_request ../../lib/ldb/common/ldb_modules.c:543
#32 0x7f4c504f4852 in attr_handler ../../source4/dsdb/samdb/ldb_modules/objectclass_attrs.c:334
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
smb2_server: move struct msghdr to smbd_smb2_send_queue
The main reason is the preparation of io_uring support,
as it can't be on the stack for async operations.
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Sep 6 20:31:04 UTC 2023 on atb-devel-224
Signed-off-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Sep 5 22:11:46 UTC 2023 on atb-devel-224
Andrew Bartlett [Tue, 5 Sep 2023 08:28:02 +0000 (20:28 +1200)]
.gitlab-ci: Do builds under /builds as this is never an overlayfs
On the GitLab shared runners / is overlayfs, which /builds being ext,
so we want this real filesystem, which should be faster in any case.
This may allow us to use GitLab shared runners for more jobs.
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Sep 5 14:20:48 UTC 2023 on atb-devel-224
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Sep 5 07:30:12 UTC 2023 on atb-devel-224
Pavel Filipenský [Mon, 28 Aug 2023 07:44:39 +0000 (09:44 +0200)]
docs:smbdotconf: Inform that changing 'winbind max domain connections' needs a restart
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Pavel Filipensky <pfilipensky@samba.org>
Autobuild-Date(master): Wed Aug 30 13:37:37 UTC 2023 on atb-devel-224
Pavel Filipenský [Fri, 25 Aug 2023 07:50:56 +0000 (09:50 +0200)]
s3:winbindd: Use a correct value for the length of domain children
We often loop over the array of domain children. However, the size of
the array is calculated as lp_winbind_max_domain_connections() which can
change (it is based on smb.conf). The fix is the talloc_array_length().
Reproducer:
winbind max domain connections = 100
smbcontrol all reload-config
smbcontrol all debug 10
/var/log/samba/log.winbindd shows many lines with random garbage pid:
[2023/08/25 10:03:49.898994, 10, pid=158296, effective(0, 0), real(0, 0), class=winbind] ../../source3/winbindd/winbindd_dual.c:885(winbind_msg_relay_fn)
winbind_msg_relay_fn: sending message to pid 1037686087.
[2023/08/25 10:03:49.899010, 3, pid=158296, effective(0, 0), real(0, 0)] ../../source3/lib/util_procid.c:53(pid_to_procid)
pid_to_procid: messaging_dgm_get_unique failed: No such file or directory
In this scenario we dereference only a garbage PID, but if we would
dereference some garbage pointer we would segfault.
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Ralph Boehme [Tue, 29 Aug 2023 14:14:38 +0000 (16:14 +0200)]
mdssvc: better support for search with mdfind from Macs
When searching Samba via Spotlight from a Mac with mdfind, only 50 results are
returned.
It seems the changes for bug #15342 where one step in the right
direction. There, a status indicator meaning "search is still being processed"
was implemented, returning a special status indicator (0x23) in a response, when
the query was still running in the backend, eg Elasticsearch, and we haven't got
any result when when the Mac already comes along asking for results of a query.
Turns out, we should also return 0x23, ie "search is still being processed" when
we have some initial search results from the backend. Otherwise mdfind will stop
querying for more results. It works in Finder, as the Finder by default employs
a "live" search where it just keeps polling for more results even after the
server returned an empty result set. The Finder just keeps on querying in some
interval, typically 4 seconds, and a Mac server Spotlight server might return
new results if new files where created that match the query, hence "live"
search.
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Noel Power <noel.power@suse.com>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Aug 30 10:51:40 UTC 2023 on atb-devel-224
projects / thirdparty / samba.git / log
