From: Volker Lendecke Date: Mon, 18 Sep 2023 23:54:05 +0000 (-0700) Subject: conf: Remove "smb3 unix extensions" parameter X-Git-Tag: tevent-0.16.0~530 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b3cae8dcf192f65031f143e5bb9135c895611d98;p=thirdparty%2Fsamba.git conf: Remove "smb3 unix extensions" parameter Always offer it, it's a client thing to ask for it or not. Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme Reviewed-by: Jeremy Allison Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Thu Sep 21 17:43:23 UTC 2023 on atb-devel-224 --- diff --git a/WHATSNEW.txt b/WHATSNEW.txt index a4ddbb2f361..0f20c4779df 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -48,6 +48,7 @@ smb.conf changes Parameter Name Description Default -------------- ----------- ------- + smb3 unix extensions removed always offered KNOWN ISSUES diff --git a/docs-xml/smbdotconf/protocol/smb3unixextensions.xml b/docs-xml/smbdotconf/protocol/smb3unixextensions.xml deleted file mode 100644 index 2dc3d614c4f..00000000000 --- a/docs-xml/smbdotconf/protocol/smb3unixextensions.xml +++ /dev/null @@ -1,11 +0,0 @@ - - - Incomplete SMB 3.11 Unix Extensions. This is only available - if Samba is compiled in DEVELOPER mode. - - no - diff --git a/python/samba/tests/smb3unix.py b/python/samba/tests/smb3unix.py index d8f9b7d5c33..7b25c4bcd68 100644 --- a/python/samba/tests/smb3unix.py +++ b/python/samba/tests/smb3unix.py @@ -26,129 +26,67 @@ def posix_context(mode): class Smb3UnixTests(samba.tests.libsmb.LibsmbTests): - def enable_smb3unix(self): - with open(self.global_inject, 'w') as f: - f.write("smb3 unix extensions = yes\n") - - def disable_smb3unix(self): - with open(self.global_inject, 'w') as f: - f.truncate() - def test_negotiate_context_posix(self): - try: - self.enable_smb3unix() + c = libsmb.Conn( + self.server_ip, + "tmp", + self.lp, + self.creds, + posix=True) + self.assertTrue(c.have_posix()) + def test_negotiate_context_posix_invalid_length(self): + with self.assertRaises(NTSTATUSError) as cm: c = libsmb.Conn( self.server_ip, "tmp", self.lp, self.creds, - posix=True) - self.assertTrue(c.have_posix()) + negotiate_contexts=[(0x100, b'01234')]) - finally: - self.disable_smb3unix() + e = cm.exception + self.assertEqual(e.args[0], ntstatus.NT_STATUS_INVALID_PARAMETER) - def test_negotiate_context_noposix(self): + def test_negotiate_context_posix_invalid_blob(self): c = libsmb.Conn( - self.server_ip, - "tmp", - self.lp, - self.creds, - posix=True) + self.server_ip, + "tmp", + self.lp, + self.creds, + negotiate_contexts=[(0x100, b'0123456789012345')]) self.assertFalse(c.have_posix()) - def test_negotiate_context_posix_invalid_length(self): - try: - self.enable_smb3unix() - - with self.assertRaises(NTSTATUSError) as cm: - c = libsmb.Conn( - self.server_ip, - "tmp", - self.lp, - self.creds, - negotiate_contexts=[(0x100, b'01234')]) - - e = cm.exception - self.assertEqual(e.args[0], ntstatus.NT_STATUS_INVALID_PARAMETER) - - finally: - self.disable_smb3unix() - - def test_negotiate_context_posix_invalid_blob(self): - try: - self.enable_smb3unix() - - c = libsmb.Conn( - self.server_ip, - "tmp", - self.lp, - self.creds, - negotiate_contexts=[(0x100, b'0123456789012345')]) - self.assertFalse(c.have_posix()) - - finally: - self.disable_smb3unix() - def test_posix_create_context(self): - try: - self.enable_smb3unix() - - c = libsmb.Conn( - self.server_ip, - "tmp", - self.lp, - self.creds, - posix=True) - self.assertTrue(c.have_posix()) - - cc_in=[(libsmb.SMB2_CREATE_TAG_POSIX,b'0000')] - fnum,_,cc_out = c.create_ex("",CreateContexts=cc_in) - self.assertEqual(cc_in[0][0],cc_out[0][0]) - - c.close(fnum) - - finally: - self.disable_smb3unix() - - def test_posix_create_context_noposix(self): c = libsmb.Conn( self.server_ip, "tmp", self.lp, self.creds, posix=True) - self.assertFalse(c.have_posix()) + self.assertTrue(c.have_posix()) cc_in=[(libsmb.SMB2_CREATE_TAG_POSIX,b'0000')] fnum,_,cc_out = c.create_ex("",CreateContexts=cc_in) - self.assertEqual(len(cc_out), 0) + self.assertEqual(cc_in[0][0],cc_out[0][0]) c.close(fnum) def test_posix_create_invalid_context_length(self): - try: - self.enable_smb3unix() - - c = libsmb.Conn( - self.server_ip, - "tmp", - self.lp, - self.creds, - posix=True) - self.assertTrue(c.have_posix()) - - cc_in=[(libsmb.SMB2_CREATE_TAG_POSIX,b'00000')] + c = libsmb.Conn( + self.server_ip, + "tmp", + self.lp, + self.creds, + posix=True) + self.assertTrue(c.have_posix()) - with self.assertRaises(NTSTATUSError) as cm: - fnum,_,cc_out = c.create_ex("",CreateContexts=cc_in) + cc_in=[(libsmb.SMB2_CREATE_TAG_POSIX,b'00000')] - e = cm.exception - self.assertEqual(e.args[0], ntstatus.NT_STATUS_INVALID_PARAMETER) + with self.assertRaises(NTSTATUSError) as cm: + fnum,_,cc_out = c.create_ex("",CreateContexts=cc_in) - finally: - self.disable_smb3unix() + e = cm.exception + self.assertEqual(e.args[0], ntstatus.NT_STATUS_INVALID_PARAMETER) def delete_test_file(self, c, fname, mode=0): f,_,cc_out = c.create_ex(fname, @@ -161,8 +99,6 @@ class Smb3UnixTests(samba.tests.libsmb.LibsmbTests): def test_posix_query_dir(self): test_files = [] try: - self.enable_smb3unix() - c = libsmb.Conn( self.server_ip, "smb3_posix_share", @@ -193,63 +129,47 @@ class Smb3UnixTests(samba.tests.libsmb.LibsmbTests): for fname in test_files: self.delete_test_file(c, fname) - self.disable_smb3unix() - def test_posix_reserved_char(self): - try: - self.enable_smb3unix() - - c = libsmb.Conn( - self.server_ip, - "smb3_posix_share", - self.lp, - self.creds, - posix=True) - self.assertTrue(c.have_posix()) - - test_files = ['a ', 'a ', '. ', '. ', 'a.', - '.a', ' \\ ', '>', '<' '?'] - - for fname in test_files: - try: - f,_,cc_out = c.create_ex('\\%s' % fname, - CreateDisposition=libsmb.FILE_CREATE, - DesiredAccess=security.SEC_STD_DELETE, - CreateContexts=[posix_context(0o744)]) - except NTSTATUSError as e: - self.fail(e) - c.delete_on_close(f, True) - c.close(f) - - finally: - self.disable_smb3unix() - - def test_posix_delete_on_close(self): - try: - self.enable_smb3unix() + c = libsmb.Conn( + self.server_ip, + "smb3_posix_share", + self.lp, + self.creds, + posix=True) + self.assertTrue(c.have_posix()) - c = libsmb.Conn( - self.server_ip, - "smb3_posix_share", - self.lp, - self.creds, - posix=True) - self.assertTrue(c.have_posix()) + test_files = ['a ', 'a ', '. ', '. ', 'a.', + '.a', ' \\ ', '>', '<' '?'] - f,_,cc_out = c.create_ex('\\TESTING999', - DesiredAccess=security.SEC_STD_ALL, - CreateDisposition=libsmb.FILE_CREATE, - CreateContexts=[posix_context(0o744)]) + for fname in test_files: + try: + f,_,cc_out = c.create_ex('\\%s' % fname, + CreateDisposition=libsmb.FILE_CREATE, + DesiredAccess=security.SEC_STD_DELETE, + CreateContexts=[posix_context(0o744)]) + except NTSTATUSError as e: + self.fail(e) c.delete_on_close(f, True) c.close(f) - finally: - self.disable_smb3unix() + def test_posix_delete_on_close(self): + c = libsmb.Conn( + self.server_ip, + "smb3_posix_share", + self.lp, + self.creds, + posix=True) + self.assertTrue(c.have_posix()) + + f,_,cc_out = c.create_ex('\\TESTING999', + DesiredAccess=security.SEC_STD_ALL, + CreateDisposition=libsmb.FILE_CREATE, + CreateContexts=[posix_context(0o744)]) + c.delete_on_close(f, True) + c.close(f) def test_posix_case_sensitive(self): try: - self.enable_smb3unix() - c = libsmb.Conn( self.server_ip, "smb3_posix_share", @@ -281,13 +201,9 @@ class Smb3UnixTests(samba.tests.libsmb.LibsmbTests): finally: self.delete_test_file(c, '\\xx') - self.disable_smb3unix() - def test_posix_perm_files(self): test_files = {} try: - self.enable_smb3unix() - c = libsmb.Conn( self.server_ip, "smb3_posix_share", @@ -337,28 +253,21 @@ class Smb3UnixTests(samba.tests.libsmb.LibsmbTests): for fname in test_files.keys(): self.delete_test_file(c, '\\%s' % fname) - self.disable_smb3unix() - def test_share_root_null_sids_fid(self): - try: - self.enable_smb3unix() - - c = libsmb.Conn( - self.server_ip, - "smb3_posix_share", - self.lp, - self.creds, - posix=True) - self.assertTrue(c.have_posix()) - - res = c.list("", info_level=100, posix=True) - found_files = {get_string(i['name']): i for i in res} - dotdot = found_files['..'] - self.assertEqual('S-1-0-0', dotdot['owner_sid'], - 'The owner sid for .. was not NULL') - self.assertEqual('S-1-0-0', dotdot['group_sid'], - 'The group sid for .. was not NULL') - self.assertEqual(0, dotdot['ino'], 'The ino for .. was not 0') - self.assertEqual(0, dotdot['dev'], 'The dev for .. was not 0') - finally: - self.disable_smb3unix() + c = libsmb.Conn( + self.server_ip, + "smb3_posix_share", + self.lp, + self.creds, + posix=True) + self.assertTrue(c.have_posix()) + + res = c.list("", info_level=100, posix=True) + found_files = {get_string(i['name']): i for i in res} + dotdot = found_files['..'] + self.assertEqual('S-1-0-0', dotdot['owner_sid'], + 'The owner sid for .. was not NULL') + self.assertEqual('S-1-0-0', dotdot['group_sid'], + 'The group sid for .. was not NULL') + self.assertEqual(0, dotdot['ino'], 'The ino for .. was not 0') + self.assertEqual(0, dotdot['dev'], 'The dev for .. was not 0') diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index 8e91a4441c5..238b725e278 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -4677,12 +4677,6 @@ void widelinks_warning(int snum) "These parameters are incompatible. " "Wide links will be disabled for this share.\n", lp_const_servicename(snum)); - } else if (lp_smb3_unix_extensions()) { - DBG_ERR("Share '%s' has wide links and SMB3 unix " - "extensions enabled. " - "These parameters are incompatible. " - "Wide links will be disabled for this share.\n", - lp_const_servicename(snum)); } } } @@ -4690,7 +4684,7 @@ void widelinks_warning(int snum) bool lp_widelinks(int snum) { /* wide links is always incompatible with unix extensions */ - if (lp_smb1_unix_extensions() || lp_smb3_unix_extensions()) { + if (lp_smb1_unix_extensions()) { /* * Unless we have "allow insecure widelinks" * turned on. @@ -4830,16 +4824,3 @@ uint32_t lp_get_async_dns_timeout(void) */ return MAX(Globals.async_dns_timeout, 1); } - -bool lp_smb3_unix_extensions(void) -{ - /* - * FIXME: If this gets always enabled, check source3/selftest/tests.py - * and source3/wscript for HAVE_SMB3_UNIX_EXTENSIONS. - */ -#if defined(DEVELOPER) - return lp__smb3_unix_extensions(); -#else - return false; -#endif -} diff --git a/source3/param/loadparm.h b/source3/param/loadparm.h index c51d6b85d64..55e1e36289a 100644 --- a/source3/param/loadparm.h +++ b/source3/param/loadparm.h @@ -182,7 +182,6 @@ void widelinks_warning(int snum); const char *lp_ncalrpc_dir(void); void _lp_set_server_role(int server_role); uint32_t lp_get_async_dns_timeout(void); -bool lp_smb3_unix_extensions(void); /* The following definitions come from param/loadparm_ctx.c */ diff --git a/source3/smbd/smb2_negprot.c b/source3/smbd/smb2_negprot.c index 94aad4eb72b..f9d5ae58b58 100644 --- a/source3/smbd/smb2_negprot.c +++ b/source3/smbd/smb2_negprot.c @@ -276,41 +276,41 @@ NTSTATUS smbd_smb2_request_process_negprot(struct smbd_smb2_request *req) return smbd_smb2_request_error(req, status); } - if (lp_smb3_unix_extensions()) { - in_posix = smb2_negotiate_context_find(&in_c, - SMB2_POSIX_EXTENSIONS_AVAILABLE); - - if (in_posix != NULL) { - const uint8_t *inbuf = in_posix->data.data; - size_t inbuflen = in_posix->data.length; - bool posix_found = false; - /* - * For now the server only supports one variant. - * Check it's the right one. - */ - if ((inbuflen % 16) != 0) { - return smbd_smb2_request_error(req, - NT_STATUS_INVALID_PARAMETER); - } - SMB_ASSERT(strlen(SMB2_CREATE_TAG_POSIX) == 16); - for (ofs=0; ofsdata.data; + size_t inbuflen = in_posix->data.length; + bool posix_found = false; + /* + * For now the server only supports one variant. + * Check it's the right one. + */ + if ((inbuflen % 16) != 0) { + return smbd_smb2_request_error( + req, + NT_STATUS_INVALID_PARAMETER); + } + SMB_ASSERT(strlen(SMB2_CREATE_TAG_POSIX) == 16); + for (ofs = 0; ofs < inbuflen; ofs += 16) { + if (memcmp(inbuf + ofs, + SMB2_CREATE_TAG_POSIX, + 16) == 0) { + posix_found = true; + break; } } + if (posix_found) { + DBG_DEBUG("Client requested SMB2 unix " + "extensions\n"); + } else { + DBG_DEBUG("Client requested unknown " + "SMB2 unix extensions:\n"); + dump_data(10, inbuf, inbuflen); + in_posix = NULL; + } } } diff --git a/source3/smbd/smb2_trans2.c b/source3/smbd/smb2_trans2.c index 4b0c43f9341..ffd966f5614 100644 --- a/source3/smbd/smb2_trans2.c +++ b/source3/smbd/smb2_trans2.c @@ -1712,9 +1712,6 @@ static NTSTATUS smbd_marshall_dir_entry(TALLOC_CTX *ctx, if (!(conn->sconn->using_smb2)) { return NT_STATUS_INVALID_LEVEL; } - if (!lp_smb3_unix_extensions()) { - return NT_STATUS_INVALID_LEVEL; - } /* Determine the size of the posix info context */ plen = store_smb2_posix_info(conn, @@ -1976,8 +1973,7 @@ static bool fsinfo_unix_valid_level(connection_struct *conn, uint16_t info_level) { if (conn->sconn->using_smb2 && - lp_smb3_unix_extensions() && - info_level == SMB2_FS_POSIX_INFORMATION_INTERNAL) { + info_level == SMB2_FS_POSIX_INFORMATION_INTERNAL) { return true; } #if defined(SMB1SERVER) @@ -3019,8 +3015,7 @@ NTSTATUS smbd_do_qfilepathinfo(connection_struct *conn, ok = true; } - if (lp_smb3_unix_extensions() && - (fsp != NULL) && + if ((fsp != NULL) && (fsp->posix_flags & FSP_POSIX_FLAGS_OPEN)) { DBG_DEBUG("SMB2 posix open\n"); ok = true; @@ -3670,9 +3665,6 @@ NTSTATUS smbd_do_qfilepathinfo(connection_struct *conn, if (!(conn->sconn->using_smb2)) { return NT_STATUS_INVALID_LEVEL; } - if (!lp_smb3_unix_extensions()) { - return NT_STATUS_INVALID_LEVEL; - } if (fsp == NULL) { return NT_STATUS_INVALID_HANDLE; }