Joseph Sutton [Fri, 6 May 2022 02:58:52 +0000 (14:58 +1200)]
tests/krb5: Make use of client_opts for TGS-REQs
Previously we would ignore 'client_opts' and always use the same user
and machine accounts for TGS-REQs. Use 'client_opts' and add a new
'armor_opts' parameter for specifying options of the armoring account.
Furthermore, our test-specific ticket caching is no longer of use, for
get_tgt() and get_service_ticket() now implement ticket caching. Remove
it and eliminate the possibility of mistakenly using stale tickets.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Fri, 23 Sep 2022 00:32:25 +0000 (12:32 +1200)]
CVE-2007-4559 python: ensure sanity in our tarfiles
Python's tarfile module is not very careful about paths that step out
of the target directory. We can be a bit better at little cost.
This was reported in 2007[1], and has recently been publicised [2, for
example].
We were informed of this bug in December 2021 by Luis Alberto López
Alvar, but decided then that there were no circumstances under which
this was a security concern. That is, if you can alter the backup
files, you can already do worse things. But there is a case to guard
against an administrator being tricked into trying to restore a file
that isn't based on a real backup.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Oct 4 03:48:43 UTC 2022 on sn-devel-184
samba-tool: Use authentication file to pass credentials
In order not to pass credentials in clear-text directly over command line, this is a patch to store username/password/domain in a file and use it during domain join for example.
Signed-off-by: Nikola Radovanovic <radovanovic.extern@univention.de> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Andrew Bartlett [Thu, 15 Sep 2022 05:10:24 +0000 (17:10 +1200)]
python-drs: Add client-side debug and fallback for GET_ANC
Samba 4.5 and earlier will fail to do GET_ANC correctly and will not
replicate non-critical parents of objects with isCriticalSystemObject=TRUE
when DRSUAPI_DRS_CRITICAL_ONLY is set.
The chgdcpass server now emulates older verions of Samba that
fail to implement DRSUAPI_DRS_GET_ANC correctly and totally fails to support
DRSUAPI_DRS_GET_TGT.
We now show this is in effect by the fact that tests now fail.
This emulates older verions of Samba that fail to implement
DRSUAPI_DRS_GET_ANC correctly and totally fails to support
DRSUAPI_DRS_GET_TGT.
This will allow testing of a client-side fallback, allowing migration
from sites that run very old Samba versions over DRSUAPI (currently
the only option is to attempt an in-place upgrade).
Andrew Bartlett [Thu, 29 Sep 2022 03:05:03 +0000 (03:05 +0000)]
selftest: Add tests for GetNCChanges GET_ANC using samba-tool drs clone-dc-database
This test, compared with the direct to RPC tests, will succeed, then fail once the
server is changed to emulate Samba 4.5 and and again succeed once the python code
changes to allow skipping the DRSUAPI_DRS_CRITICAL_ONLY step
Andrew Bartlett [Wed, 14 Sep 2022 21:36:45 +0000 (09:36 +1200)]
selftest: Prepare for "old Samba" mode regarding getncchanges GET_ANC/GET_TGT
The chgdcpass environment will emulate older verions of Samba
that fail to implement DRSUAPI_DRS_GET_ANC correctly and
totally fails to support DRSUAPI_DRS_GET_TGT.
This will allow testing of a client-side fallback, allowing migration
from sites that run very old Samba versions over DRSUAPI (currently
the only option is to attempt an in-place upgrade).
Joseph Sutton [Fri, 29 Apr 2022 00:20:06 +0000 (12:20 +1200)]
tevent: Fix flag clearing
We presumably meant to clear this bit, rather than clearing all bits
other than it.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Oct 3 21:05:31 UTC 2022 on sn-devel-184
We use cli_smb2_qpathinfo_basic() for cli_resolve_path() before
calling cli_readlink(). This fails as it never tries with
FILE_OPEN_REPARSE_POINT, so we never get to the point where we
actually can issue the FSCTL_GET_REPARSE_POINT.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Instead of checking protocol correctness in every highlevel routine,
we should rely on the lowerlevel one in smbXcli_base.c to give the
INVALID_PARAMETER error return when running on SMB1
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
smbXcli: Align smb2cli_req_create() with tevent_req conventions
We don't return NULL if tevent_req_create() succeeded, and elsewhere
in this function we already pass tevent_req_nterror or
tevent_req_nomem (via set_endtime).
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Jeremy Allison [Tue, 27 Sep 2022 17:37:41 +0000 (10:37 -0700)]
s3: smbtorture3: Add new SMB2-DFS-SHARE-NON-DFS-PATH test.
Uses non-DFS names and DFS-names against a DFS share, shows that Windows
looks correctly at the DFS flag when SMB2 requests are
made on a DFS share. Passes against Windows 2022.
Mark as knownfail for smbd.
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Noel Power <npower@samba.org>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Wed Sep 28 19:34:29 UTC 2022 on sn-devel-184
Jeremy Allison [Tue, 27 Sep 2022 01:05:49 +0000 (18:05 -0700)]
s3: torture: Fix test SMB2-DFS-PATHS to pass against Windows server 2022.
There is only one difference between Windows 2022 and Windows 2008.
Opening an empty ("") DFS path succeeds in opening the share
root on Windows 2008 but fails with NT_STATUS_INVALID_PARAMETER
on Windows 2022. Allow the test to cope with both.
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Noel Power <npower@samba.org>
Christian Merten [Mon, 19 Sep 2022 21:28:07 +0000 (23:28 +0200)]
samba-tool dsacl: Add additional unit test for delete subcommand
Added one more unit test to the delete subcommand. This test adds
two ACEs, deletes one of them and checks if the right one was deleted
and the other one stayed the same.
Signed-off-by: Christian Merten <christian@merten.dev> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Sep 27 17:46:22 UTC 2022 on sn-devel-184
Christian Merten [Mon, 19 Sep 2022 21:22:04 +0000 (23:22 +0200)]
python security: Add unit tests for comparing ACEs and exporting as SDDL
Added two unit tests for the python functions to compare ACEs and to
export an ACE as SDDL.
Signed-off-by: Christian Merten <christian@merten.dev> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jeremy Allison <jra@samba.org>
Christian Merten [Thu, 15 Sep 2022 08:38:22 +0000 (10:38 +0200)]
samba-tool dsacl: Add get and delete subcommand to samba-tool dsacl man section
Added get and delete subcommands to the man section of samba-tool dsacl.
Signed-off-by: Christian Merten <christian@merten.dev> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jeremy Allison <jra@samba.org>
Christian Merten [Thu, 15 Sep 2022 08:20:04 +0000 (10:20 +0200)]
samba-tool dsacl: Create common superclass for dsacl commands
Created a base class for dsacl commands providing print_acl and some fixed command line options to
reduce code duplication.
Signed-off-by: Christian Merten <christian@merten.dev> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jeremy Allison <jra@samba.org>
Christian Merten [Thu, 15 Sep 2022 08:08:47 +0000 (10:08 +0200)]
samba-tool dsacl: Create helper functions to remove code duplication
Make multiple methods of dsacl command classes separate helper functions to avoid code duplication.
Signed-off-by: Christian Merten <christian@merten.dev> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jeremy Allison <jra@samba.org>
Christian Merten [Tue, 13 Sep 2022 23:33:18 +0000 (01:33 +0200)]
samba-tool dsacl: Add unit tests for delete subcommand
Two unit tests for the new samba-tool dsacl delete command have been added.
Signed-off-by: Christian Merten <christian@merten.dev> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jeremy Allison <jra@samba.org>
Christian Merten [Tue, 13 Sep 2022 23:29:34 +0000 (01:29 +0200)]
samba-tool dsacl: Add subcommand to delete ACEs
A new subcommand has been added to samba-tool dsacl to delete one or multiple ACEs from the security
descriptor of an object.
Signed-off-by: Christian Merten <christian@merten.dev> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jeremy Allison <jra@samba.org>
Christian Merten [Mon, 19 Sep 2022 21:12:59 +0000 (23:12 +0200)]
librpc ndr/py_security: Export sddl_encode_ace to python
Added sddl_encode_ace as new method as_sddl to security_ace class in python.
Signed-off-by: Christian Merten <christian@merten.dev> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jeremy Allison <jra@samba.org>
Christian Merten [Mon, 19 Sep 2022 21:11:37 +0000 (23:11 +0200)]
librpc ndr/py_security: Export security_ace_equal as richcmp to python
Patched security_ace with a richcmp function given by
security_ace_equal.
Signed-off-by: Christian Merten <christian@merten.dev> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jeremy Allison <jra@samba.org>
Christian Merten [Mon, 19 Sep 2022 21:01:34 +0000 (23:01 +0200)]
librpc ndr/py_security: Export ACE deletion functions to python
Exported security_descriptor_sacl_del and security_descriptor_dacl_del as new methods of the
security descriptor class to python.
Signed-off-by: Christian Merten <christian@merten.dev> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jeremy Allison <jra@samba.org>
Christian Merten [Mon, 19 Sep 2022 20:53:45 +0000 (22:53 +0200)]
libcli security/sddl: Make sddl_encode_ace visible
Removed static flag from sddl_encode_ace and added to headers.
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jeremy Allison <jra@samba.org> Signed-off-by: Christian Merten <christian@merten.dev>
Christian Merten [Mon, 19 Sep 2022 20:50:58 +0000 (22:50 +0200)]
libcli security_descriptor: Compare object type and inherited object type when comparing ACEs
Fixed security_ace_equal returning true, despite differing object type, by checking (inherited) object type
of both ACEs is equal.
Signed-off-by: Christian Merten <christian@merten.dev> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jeremy Allison <jra@samba.org>
Christian Merten [Mon, 19 Sep 2022 20:47:10 +0000 (22:47 +0200)]
libcli security_descriptor: Add function to delete a given ace from a security descriptor
Two functions have been added to delete a given ace from the SACL or the DACL of a security descriptor.
Signed-off-by: Christian Merten <christian@merten.dev> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jeremy Allison <jra@samba.org>
Jeremy Allison [Thu, 15 Sep 2022 00:05:05 +0000 (17:05 -0700)]
s3: smbd: Fix memory leak in smbd_server_connection_terminate_done().
The function smbd_server_connection_terminate_done() does not free subreq
which is allocated in smbXsrv_connection_shutdown_send, this can be a
memory leakage if multi-channel is enabled.
Suggested fix by haihua yang <hhyangdev@gmail.com>
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Noel Power <noel.power@suse.com>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Fri Sep 23 09:51:20 UTC 2022 on sn-devel-184
The header type needs to be checked to ensure the protocol
type (i.e. ether type, for the protocols we might be interested in) is
meaningful. The size of the header needs to be known so it can be
skipped, allowing the IP header to be found and parsed.
It would be possible to define support for DLT_LINUX_SLL2 if it is
missing. However, if a platform is missing support in the header file
then it is almost certainly missing in the run-time library too.
Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Sun, 14 Aug 2022 23:43:58 +0000 (09:43 +1000)]
ctdb-common: Add packet type detection to pcap-based capture
The current code will almost certainly generate ENOMSG for
non-ethernet packets, even for ethernet packets when the "any"
interface is used.
pcap_datalink(3PCAP) says:
Do NOT assume that the packets for a given capture or ``savefile``
will have any given link-layer header type, such as DLT_EN10MB for
Ethernet. For example, the "any" device on Linux will have a
link-layer header type of DLT_LINUX_SLL or DLT_LINUX_SLL2 even if
all devices on the sys‐ tem at the time the "any" device is opened
have some other data link type, such as DLT_EN10MB for Ethernet.
So, pcap_datalink() must be used.
Detect pcap packet types that are supported (currently only ethernet)
in the open code. There is no use continuing if the read code can't
parse packets. The pattern of using switch statements supports future
addition of other packet types.
Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Mon, 8 Aug 2022 01:26:54 +0000 (11:26 +1000)]
ctdb-build: Add --enable-pcap configure option
This forces the use pcap for packet capture on Linux.
It appears that using a raw socket for capture does not work with
infiniband - pcap support for that to come.
Don't (yet?) change the default capture method to pcap. On some
platforms (e.g. my personal Intel NUC, running Debian testing), pcap
is much less reliable than the raw socket. However, pcap seems fine
on most other platforms.
Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Fri, 23 Jul 2021 04:39:05 +0000 (14:39 +1000)]
ctdb-build: Use pcap-config when available
The build currently fails on AIX, which can't find the pcap headers
because they're installed in a non-standard place. However, there is
a pcap-config script available.
Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Sep 20 01:34:55 UTC 2022 on sn-devel-184
to:
open[num/s=13225,avslat=0.010504,minlat=0.000042,maxlat=0.054023]
close[num/s=13223,avslat=0.008971,minlat=0.000022,maxlat=0.053838]
But this is only half of the solution, the next commits will
add a similar optimization to the open code, at the end we'll
perform like we did in Samba 4.12:
s3:smbd: make use of close_share_mode_lock_{prepare,cleanup}() in close_directory()
It's good to have this in common as close_remove_share_mode()
and in the end we'll avoid get_existing_share_mode_lock()
and call them via share_mode_entry_prepare_{lock,unlock}(),
so that they can run under a tdb chainlock.
s3:smbd: split out some generic code from close_remove_share_mode()
close_share_mode_lock_prepare() will operates on share_mode_lock
in order to check if the object needs to be deleted or if
we can remove the share_mode_entry directly.
close_share_mode_lock_cleanup() will finish after the object
has been deleted.
We can reuse these function in close_directory() soon and
in the end we'll avoid get_existing_share_mode_lock()
and call them via share_mode_entry_prepare_{lock,unlock}(),
so that they can run under a tdb chainlock.
s3:smbd: also call handle_share_mode_lease for directories
It means we call open_mode_check() now only via handle_share_mode_lease()
and the fact that we never grant any directory leases (yet), means
that delay_for_oplocks() avoids the share_mode_forall_entries() loop.
This is a way into supporting directory leases, but that's not
the point for this commit, the point is that.
s3:smbd: call set_file_oplock() after set_share_mode()
The important part is the call to get a kernel oplock is deferred
until after set_share_mode(). The goal is to get the code
between get_share_mode_lock() and set_share_mode() free of any
blocking operation.
As we were optimistic to get the oplock that was asked for,
we need to remove_share_oplock() in order to set NO_OPLOCK
also in the share_mode entry.
When adding or deleting share mode entries elements, we typically
have a pattern like this:
1. get the g_lock via get_[existing_]share_mode_lock()
2. do some checking of the existing record
3. add/delete a share_mode_entry to the record
4. do some vfs operations still protected by the g_lock
5. (optional) cleanup of the record on failure
6. release the g_lock
We can optimize this to:
- Run 1-3. under a tdb chainlock
- Only protect vfs operations with the g_lock
if a new file was created/will be deleted
- Regrab the g_lock for a cleanup.
The new share_mode_entry_prepare_lock()
allows the caller to run a function within a tdb chainlock
similar to share_mode_do_locked_vfs_denied() where vfs calls are denied
and the execution is done within a tdb chainlock.
But the callback function is allowed to decide if it wants to
keep the lock at the g_lock layer on return.
The decision is kept in struct share_mode_entry_prepare_state,
which is then passed to share_mode_entry_prepare_unlock()
with an optional callback to do some cleanup under the
still existing g_lock or a regrabed g_lock.
In the ideal case the callback function passed to
share_mode_entry_prepare_lock() is able to decide that
it can drop the g_lock and the share_mode_entry_prepare_unlock().
gets a NULL callback as there's nothing to cleanup.
In this case share_mode_entry_prepare_unlock() is a noop.
This will allow us to avoid fallbacks to the dbwrap_watch based
waiting for the g_lock in the SMB2 Create and Close code paths.
s3:locking: optimize share_mode_do_locked_vfs_denied() with g_lock_lock callback
It means that in callers function will run under a single tdb chainlock,
which means callers from the outside will never see the record being
locked at g_lock level, as the g_lock is only held in memory.
within the single tdb chainlock. As a result we'll very unlikely hit
the case where we need to wait for a g_lock using the dbwrap_watch
logic.
We'll soon make use of callback functions passed to g_lock_lock(),
during these callback function we'll only be allowed to
call 'g_lock_lock_cb_state' based functions.
Given that nesting of share_mode call, we need to
make it transparent to the callers and the detail
that we optimize using g_lock_lock() callbacks.
s3:g_lock: add g_lock_ctx->busy and assert it to false
This prepares some helper functions in order to
allow callers of g_lock_lock() to pass in a callback function
that will run under the tdb chainlock when G_LOCK_WRITE was granted.
The idea is that the callers callback function would run with
g_lock_ctx->busy == true and all key based function are not be allowed
during the execution of the callback function. Only the
g_lock_lock_cb_state based helper function are allowed to be used.
This prepares some helper functions in order to
allow callers of g_lock_lock() to pass in a callback function
that will run under the tdb chainlock when G_LOCK_WRITE was granted.
The idea is that the callers callback function would only be allowed
to run these new helper functions, while all key based function are
not to be allowed.
projects / thirdparty / samba.git / log
