Looks more complex, but this avoids calling openat_pathref_fsp, which
eventually calls into non_widelink_open(). We need to open the pretty paranoid
SMB_ASSERT in openat_pathref_fsp_lcomp() a little bit.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Fri, 11 Oct 2024 12:56:21 +0000 (14:56 +0200)]
smbd: Add open_rootdir_pathref_fsp()
Get a pathref handle on the file system root. This will serve as
"basedir" for filename_convert_dirfsp_rel() to turn an absolute path
into one relative to the handle created here.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Thu, 10 Oct 2024 15:16:02 +0000 (17:16 +0200)]
smbd: Simplify OpenDir_from_pathref()
Use the /proc/self/fd trick to make get_real_filename_fullscan_at look
a bit nicer and faster in strace. Direct SMB_VFS_OPENAT also is
cheaper in user space, we don't need the full fd_openat and
non_widelink_open magic here.
Also avoid opening ".", which can fail where a full path open would
succeed: If the directory in question does not give "x" perms to the
user, we get a handle on the dir as such but can't cd into it.
I haven't seen real-world cases of this, but one of our tests creates
such a scenario. I have further refactoring in my local tree that make
this patch necessary.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
So far fd_openat needed to be called with cwd_fsp and "." if you
wanted to open the share root, this enables using the absolute share
path. The next patch will remove sending the "." with cwd_fsp as a
simplification. Enable that with this little change.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Sat, 19 Oct 2024 15:29:01 +0000 (17:29 +0200)]
smbd: Tighten non_wide_link_open() for absolute root share open
Make it clear that non_widelink_open being called for absolute paths
is not done during regular operations, i.e. when we have passed our
pathnames through filename_convert_dirfsp and we work on a real
dirfsp.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Sun, 20 Oct 2024 12:41:55 +0000 (14:41 +0200)]
smbd: Ignore twrp in chdir_below_conn()
We can't deal with snapdir paths in non_widelink_open fully with
snapdirseverywhere active: There is no way for
shadow_copy2_parent_pathname() to work when a snapshot directory is
below the directory that we want to calculate the parent for. What is
the parent directory supposed to point at? I don't know.
For me the only way out is to accept that we should ignore what
happens behind shadow_copy2's path manipulation in core
smbd. This *might* open symlink races, but the whole point of
snapshots is that they are r/o copies of the real active file system
and as such they should be immune to those races.
Found while trying to refactor code around fd_openat()
P.S: This code will go away pretty soon
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Mon, 21 Oct 2024 10:12:27 +0000 (12:12 +0200)]
vfs: Don't ever call openat(-1, ...) for relative paths
This is always a bug, we should never do this. In one iteration of my
code I was doing this, which led to an invalid fallback code, which
itself lead to an infinite recursion. Make this more obvious with an
assert.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Nov 12 15:13:03 UTC 2024 on atb-devel-224
Volker Lendecke [Mon, 11 Nov 2024 16:50:03 +0000 (17:50 +0100)]
vfs: Only call openat for valid params in fake_acls_stat
openat(-1, "relative path", ..) is invalid. I've tried to also tighten
this down to just relative paths (i.e. base_name[0] != '/'), but
non_widelink_open makes modifications further down that make this more
difficult.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Thu, 10 Oct 2024 15:14:10 +0000 (17:14 +0200)]
smbd: Fix an error resource leak in OpenDir_from_pathref()
We have to undo the fsp allocation and open we've done. Not noticed,
it's probably highly unlikely OpenDir_fsp() fails.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Nov 12 13:26:10 UTC 2024 on atb-devel-224
Thomas Klausner [Sun, 10 Nov 2024 07:37:17 +0000 (08:37 +0100)]
lib/replace: memset_explicit() only takes three arguments
Signed-off-by: Thomas Klausner <wiz@gatalith.at> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Nov 11 16:47:46 UTC 2024 on atb-devel-224
Volker Lendecke [Thu, 31 Oct 2024 17:05:00 +0000 (18:05 +0100)]
torture4: Use netlogon_pings_send/recv in bench-cldap
This slightly changes behaviour: It uses separate client sockets per
ping instead of just one, but it allows to compare CLDAP with LDAP and
LDAPS (spoiler: LDAPS is *much* slower...)
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Volker Lendecke [Mon, 28 Oct 2024 12:20:56 +0000 (13:20 +0100)]
libads: Simplify ads_fill_cldap_reply()
Both callers now guarantee via the filter in netlogon_pings() that the
reply contains DCs that have the required flags set. Remove those
checks from ads_fill_cldap_reply()
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Volker Lendecke [Fri, 25 Oct 2024 15:25:13 +0000 (17:25 +0200)]
ldap: Use netlogon_pings
This already requests the flags that ads_fill_cldap_reply() will later
check for, so netlogon_pings will only feed sufficient DCs into
ads_fill_cldap_reply.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Volker Lendecke [Thu, 24 Oct 2024 11:55:35 +0000 (13:55 +0200)]
libads: Add netlogon_pings()
This encapsulates our logic that we send CLDAP requests on UDP/389,
sending them with 100msec timeouts until someone replies. It also
contains the code to do this over LDAP/389 or LDAPS/636.
It also contains code to filter for domain controller flags like
DS_ONLY_LDAP_NEEDED, this logic exists in several places right now.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Volker Lendecke [Thu, 7 Nov 2024 10:17:12 +0000 (11:17 +0100)]
tldap_tls: Remove tldap_[gs]et_starttls_needed()
The caller setting up a tldap connection is aware of whether to use
starttls, which is one single ldap extended operation before the tls
crypto starts. There is no complex logic behind this that is
worthwhile to be hidden behind a flag and an API. If there was more to
it than just a simple call to tldap_extended(), I would all be for
passing down that flag, but for this case I would argue the logic
after this patch is simpler.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Volker Lendecke [Thu, 7 Nov 2024 09:53:48 +0000 (10:53 +0100)]
tldap_tls: Move creation of tls_params out of tldap_tls_connect()
Soon we will have a tldap user which does not want to verify the
certs. Instead of passing another boolean down, hand in pre-created
tstream_tls_params.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Sat, 2 Nov 2024 14:49:41 +0000 (16:49 +0200)]
smbtorture: use torture_assert_ntstatus_equal_goto() in CHECK_STATUS() in unlink.c
fixup
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Anoop C S <anoopcs@samba.org>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Mon Nov 11 14:01:18 UTC 2024 on atb-devel-224
projects / thirdparty / samba.git / log
