Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Oct 21 08:48:02 UTC 2020 on sn-devel-184
This tests a sorts of combinations in order to
demonstrate the visibility of objects depending on:
- with or without fDoListObject
- with or without explicit DENY ACEs
- A hierachy of objects with 4 levels from the base dn
- SEC_ADS_LIST (List Children)
- SEC_ADS_LIST_LIST_OBJECT (List Object)
- SEC_ADS_READ_PROP
- all possible scopes and basedns
This demonstrates that NO_SUCH_OBJECT doesn't depend purely
on the visibility of the base dn, it's still possible to
get children returned und an invisible base dn.
It also demonstrates the additional behavior with "List Object" mode.
See [MS-ADTS] 5.1.3.3.6 Checking Object Visibility
ctdb-common: Avoid aliasing errors during code optimization
When compiling with GCC 10.x and -O3 optimization, the IP checksum
calculation code generates wrong checksum. The function uint16_checksum
gets inlined during optimization and ip4pkt->tcp data gets wrongly
aliased.
Signed-off-by: Amitay Isaacs <amitay@gmail.com> Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Wed Oct 21 05:52:28 UTC 2020 on sn-devel-184
Douglas Bagnall [Thu, 15 Oct 2020 01:34:04 +0000 (14:34 +1300)]
fuzz/oss-fuzz/build_samba: fetch fuzz seeds
There is a git repository at
https://gitlab.com/samba-team/samba-fuzz-seeds that contains the
seeds. When the master branch of that repository is updated, a CI job
runs that creates a zip file of all the seeds as an artifact. That zip
file is downloaded and unpacked by oss_fuzz/build_samba. The contents
of that zip are further zips that contain the seeds for each fuzzing
binary; these are placed next to the binaries in the manner that
oss-fuzz expects.
That is, beside 'fuzz_foo', we put 'fuzz_foo_seed_corpus.zip' which
contains a pile of fuzz_foo seeds.
There may be times when a new fuzz target does not have a seed corpus,
and times when a removed fuzz target leaves behind a seed corpus.
This is OK, so we don't insist on an exact match between the target
names and the zip names, only that there is some overlap.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Oct 21 03:47:35 UTC 2020 on sn-devel-184
Extending testsuite for option 'valid/invalid users' from smb.conf.
Signed-off-by: Denis Karpelevich <dkarpele@redhat.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Oct 21 01:17:05 UTC 2020 on sn-devel-184
Bradley M. Kuhn [Thu, 15 Oct 2020 14:52:21 +0000 (07:52 -0700)]
Rename Samba's DCO to Samba Developer's Declaration
In an effort to reduce any confusion about the differences
between the Samba DCO and the Linux DCO, and as a favor to the
Linux community, rename the Samba DCO to the Samba Developer's
Declaration.
Signed-off-by: Bradley M. Kuhn <bkuhn@sfconservancy.org> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Simo Sorce <idra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Oct 20 22:54:01 UTC 2020 on sn-devel-184
Bradley M. Kuhn [Thu, 15 Oct 2020 18:55:13 +0000 (11:55 -0700)]
Update Samba's DCO license in compliance with CC-BY-SA 4.0
The text of "Samba's Developer Certificate of Origin" is copyrighted
and licensed CC-BY-SA. Add notice for compliance with CC-BY-SA 4.0.
Signed-off-by: Bradley M. Kuhn <bkuhn@sfconservancy.org> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Simo Sorce <idra@samba.org> Reviewed-by: Ralph Böhme <slow@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Oct 20 18:10:50 UTC 2020 on sn-devel-184
smb.conf.5: add clarification how configuration changes reflected by Samba
Users of Linux distributions know to read smb.conf(5) manual page but
apparently not many of them read smbd(8) and winbindd(8) to understand
how changes to smb.conf file are reflected in the running processes.
Add a small section that makes it clear where to find relevant
information. Also correct the information in smbd, nmbd, and winbindd
manual pages.
The interval at which smbd does check for smb.conf changes was increased
from 60 seconds to 180 seconds in 1999 with commit 3db52feb1f3b.
Signed-off-by: Alexander Bokovoy <ab@samba.org> Reviewed-by: Isaac Boukris <iboukris@samba.org>
Autobuild-User(master): Alexander Bokovoy <ab@samba.org>
Autobuild-Date(master): Tue Oct 20 08:50:13 UTC 2020 on sn-devel-184
[2321/3909] Compiling source3/smbd/process.c
../../source3/smbd/process.c:2797:10: error: use of undeclared identifier 'EREMOTEIO'
return EREMOTEIO;
^
../../source3/smbd/process.c:2833:14: error: use of undeclared identifier 'EREMOTEIO'
if (ret == EREMOTEIO) {
^
2 errors generated.
Use one of the POSIX error codes instead.
Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Tue Oct 20 07:22:08 UTC 2020 on sn-devel-184
Douglas Bagnall [Sat, 17 Oct 2020 22:59:40 +0000 (11:59 +1300)]
fuzz_dcerpc_parse_binding: don't leak
Also, by not tallocing at all in the too-long case, we can short
circuit quicker.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Oct 20 02:26:40 UTC 2020 on sn-devel-184
This fixes the test with fast disks where 20MB transfers are done in
less than a second.
This also cleans up the code to have less sleeping time!
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Oct 19 21:14:21 UTC 2020 on sn-devel-184
Signed-off-by: Bjoern Jacke <bjacke@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Sat Oct 17 10:46:12 UTC 2020 on sn-devel-184
Volker Lendecke [Fri, 16 Oct 2020 14:09:33 +0000 (16:09 +0200)]
test: Get the clusteredmember environment out of its smb1 corner
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Oct 16 18:30:18 UTC 2020 on sn-devel-184
Gary Lockyer [Sun, 27 Sep 2020 21:02:16 +0000 (10:02 +1300)]
CVE-2020-1472(ZeroLogon): torture: ServerSetPassword2 zero password
Ensure that a password of all zeros shorter than the maximum length is
rejected.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Oct 16 06:09:06 UTC 2020 on sn-devel-184
Add check for zero length confounder, to allow setting of passwords 512
bytes long. This does not need to be backported, as it is extremely
unlikely that anyone is using 512 byte passwords.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Walker [Thu, 24 Sep 2020 20:57:59 +0000 (16:57 -0400)]
vfs_zfsacl: add zfs configuration guidance to manpage
Provide minimal background information on recommended ZFS settings
for a samba share.
Signed-off-by: Andrew Walker <awalker@ixsystems.com> Reviewed-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Oct 15 20:27:34 UTC 2020 on sn-devel-184
Andrew Walker [Thu, 24 Sep 2020 20:04:12 +0000 (16:04 -0400)]
vfs_zfsacl: only grant DELETE_CHILD if ACL tag is special
When ZFS aclmode is set to "passthrough" chmod(2)/fchmod(2) will result
in special entries being modified in a way such that delete, delete_child,
write_named_attr, write_attribute are stripped from the returned ACL entry,
and the kernel / ZFS treats this as having rights equivalent to the desired
POSIX mode. Historically, samba has added delete_child to the NFSv4 ACL, but
this is only really called for in the case of special entries in this
particular circumstance.
Alter circumstances in which delete_child is granted so that it only
is added to special entries. This preserves the intend post-chmod behavior,
but avoids unnecessarily increasing permissions in cases where it's not
intended. Further modification of this behavior may be required so that
we grant a general read or general write permissions set in case of
POSIX read / POSIX write on special entries.
Pair-Programmed-With: Andrew Walker <awalker@ixsystems.com> Signed-off-by: Ralph Boehme <slow@samba.org> Signed-off-by: Andrew Walker <awalker@ixsystems.com> Reviewed-by: Jeremy Allison <jra@samba.org>
Pair-Programmed-With: Andrew Walker <awalker@ixsystems.com> Signed-off-by: Ralph Boehme <slow@samba.org> Signed-off-by: Andrew Walker <awalker@ixsystems.com> Reviewed-by: Jeremy Allison <jra@samba.org>
Andrew Walker [Thu, 24 Sep 2020 15:42:16 +0000 (11:42 -0400)]
vfs_zfsacl: Add new parameter to stop automatic addition of special entries
Prevent ZFS from automatically adding NFSv4 special entries (owner@, group@,
everyone@). ZFS will automatically add these these entries when calculating the
inherited ACL of new files if the ACL of the parent directory lacks an
inheriting special entry. This may result in user confusion and unexpected
change in permissions of files and directories as the inherited ACL is
generated. Blocking this behavior is achieved by setting an inheriting
everyone@ that grants no permissions and not adding the entry to the file's
Security Descriptor.
This change also updates behavior so that the fd-based syscall facl() is
used where possible.
Pair-Programmed-With: Andrew Walker <awalker@ixsystems.com> Signed-off-by: Ralph Boehme <slow@samba.org> Signed-off-by: Andrew Walker <awalker@ixsystems.com> Reviewed-by: Jeremy Allison <jra@samba.org>
s3:ctdbd_conn: simplify get_public_ips() / find_in_public_ips() API
These calls are used to check whether an IP address is static to the
host, or whether it could be migrated by ctdb.
Combine the calls into a simple ctdbd_public_ip_foreach(cb) function,
which avoids the need to expose struct ctdb_public_ip_list_old.
Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Oct 14 12:29:56 UTC 2020 on sn-devel-184
Jones Syue [Mon, 28 Sep 2020 01:10:03 +0000 (09:10 +0800)]
interface: fix if_index is not parsed correctly
Replace probed_ifaces[i] with ifs.
In SDC 2020 SMB3 Virtual IO Lab,
run Windows Protocol Test Suite to test FileServer multichannel test cases.
Samba server has 2 virtual interfaces for VPN connection:
> name=tun2001, ip/mask=192.168.144.9/22
> name=tun2002, ip/mask=192.168.144.10/22
test suite client can ping these 2 ip addresses and browse shares.
Then client try to use IOCTL FSCTL_QUERY_NETWORK_INTERFACE_INFO to get the
virtual ip addresses of samba server, but samba server responded it
without the virtual ip addresses. My VPN setup is point-to-point and the
virtual interfaces 'tun2001' & 'tun2002' are without flag IFF_BROADCAST.
So edit smb.conf and add
"interfaces = ${virtual_ip}/${mask_length};if_index=${id}", like this:
> interfaces = eth4 eth8 eth11 eth10 qvs0 "192.168.144.9/22;if_index=50" "192.168.144.10/22;if_index=51"
then samba server IOCTL response could return the virtual ip addresses,
but found a issue:
the interface index of virtual ip addresses is always 4294967295
(0xFFFFFFFF, -1).
Quote Metze: https://gitlab.com/samba-team/devel/samba/-/commit/6cadb55d975a6348a417caed8b3258f5be2acba4#note_419181789
This looks good, I think that also explains
the possible memory corruption/crash I mentioned in the bug report.
As 'i' is most likely the same as 'total_probed' and
probed_ifaces[i] is not valid, so we overwrite unrelated memory.
Later I see 'realloc(): invalid pointer' and this backtrace:
BACKTRACE:
#0 log_stack_trace + 0x29 [ip=0x7f2f1b6fffa9] [sp=0x7ffcd0ab53e0]
#1 smb_panic + 0x11 [ip=0x7f2f1b700301] [sp=0x7ffcd0ab5d10]
#2 sig_fault + 0x54 [ip=0x7f2f1b7004f4] [sp=0x7ffcd0ab5e20]
#3 funlockfile + 0x50 [ip=0x7f2f17ce6dd0] [sp=0x7ffcd0ab5ec0]
#4 gsignal + 0x10f [ip=0x7f2f1794970f] [sp=0x7ffcd0ab6b90]
#5 abort + 0x127 [ip=0x7f2f17933b25] [sp=0x7ffcd0ab6cb0]
#6 __libc_message + 0x297 [ip=0x7f2f1798c897] [sp=0x7ffcd0ab6de0]
#7 malloc_printerr + 0x1c [ip=0x7f2f17992fdc] [sp=0x7ffcd0ab6ef0]
#8 realloc + 0x23a [ip=0x7f2f17997f6a] [sp=0x7ffcd0ab6f00]
#9 _talloc_realloc + 0xee [ip=0x7f2f1a365d2e] [sp=0x7ffcd0ab6f50]
#10 messaging_filtered_read_send + 0x18c [ip=0x7f2f1a10f54c] [sp=0x7ffcd0ab6fb0]
#11 messaging_read_send + 0x55 [ip=0x7f2f1a10f705] [sp=0x7ffcd0ab7000]
#12 smb2srv_session_table_init + 0x83 [ip=0x7f2f1b3a6cd3] [sp=0x7ffcd0ab7040]
#13 smbXsrv_connection_init_tables + 0x2d [ip=0x7f2f1b373f4d] [sp=0x7ffcd0ab7060]
#14 smbd_smb2_request_process_negprot + 0x827 [ip=0x7f2f1b38cb47] [sp=0x7ffcd0ab7080]
#15 smbd_smb2_request_dispatch + 0x19db [ip=0x7f2f1b38921b] [sp=0x7ffcd0ab71d0]
#16 smbd_smb2_process_negprot + 0x298 [ip=0x7f2f1b38bb38] [sp=0x7ffcd0ab7260]
#17 process_smb + 0x2ca [ip=0x7f2f1b37537a] [sp=0x7ffcd0ab72b0]
#18 smbd_server_connection_read_handler + 0xd0 [ip=0x7f2f1b376420] [sp=0x7ffcd0ab7350]
Anoop C S [Mon, 12 Oct 2020 11:25:40 +0000 (16:55 +0530)]
vfs_shadow_copy2: Avoid closing snapsdir twice
As per man page for closedir(3):
. . .
The closedir() function closes the directory stream associated with
dirp. A successful call to closedir() also closes the underlying file
descriptor associated with dirp.
. . .
Therefore we don't have to attempt an additional close of file
descriptor after closedir().
Signed-off-by: Jeremy Allison <jra@samba.org> Signed-off-by: Anoop C S <anoopcs@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Oct 14 10:08:24 UTC 2020 on sn-devel-184
s3:lib: Move interface prototypes to own header file
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Oct 9 20:36:13 UTC 2020 on sn-devel-184
Signed-off-by: Bjoern Jacke <bjacke@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Oct 8 17:52:46 UTC 2020 on sn-devel-184
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Oct 8 16:29:27 UTC 2020 on sn-devel-184
Jeremy Allison [Mon, 5 Oct 2020 19:07:18 +0000 (12:07 -0700)]
s3: smbd: Add a 'const char *src_orginal_lcomp' (last component) parameter to rename_internals().
Not yet used. Passing as NULL means explicitly no wildcards
in the source name. There's only one place where we have to handle
wildcards here and that is from SMB1 reply_mv().
Could have used a bool here as in unlink_internals() but
using a string here makes the parameters more symmetrical
around src and destination values.
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Mon, 5 Oct 2020 18:27:30 +0000 (11:27 -0700)]
s3: smbd: SMB1 reply_copy. Check untouched last component for wildcards in src and dst.
Not doing a test for this as wildcard SMB1copy() is evil and
should be removed. It's the same fix I'm doing for unlink
and rename, so this shouldn't be an issue.
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Bjoern Jacke <bjacke@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Oct 6 23:06:50 UTC 2020 on sn-devel-184
Martin Schwenke [Wed, 30 Sep 2020 00:48:38 +0000 (10:48 +1000)]
ctdb-tests: Strengthen node state checking in ctdb disable/enable test
Check that the desired state is set on all nodes instead of just the
test node. This ensures that node flags have correctly propagated
across the cluster.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14513 Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Tue Oct 6 04:32:06 UTC 2020 on sn-devel-184
Martin Schwenke [Tue, 16 Jan 2018 04:15:51 +0000 (15:15 +1100)]
ctdb-recoverd: Drop unnecessary and broken code
update_flags() has already updated the recovery master's canonical
node map, based on the flags from each remote node, and pushed out
these flags to all nodes.
If i == j then the node map has already been updated from this remote
node's flags, so simply drop this case.
Although update_flags() has updated flags for all nodes, it did not
update each node map in remote_nodemaps[] to reflect this. This means
that remote_nodemaps[] may contain inconsistent flags for some nodes
so it should not be used to check consistency when i != j.
Further, a meaningful difference in flags can only really occur if
update_flags() failed. In that case this code is never reached.
These observations combine to imply that this whole loop should be
dropped.
This leaves potential sub-second inconsistencies due to out-of-band
healthy/unhealthy flag changes pushed via CTDB_SRVID_PUSH_NODE_FLAGS.
These updates could be dropped (takeover run asks each node for
available IPs rather than making centralised decisions based on node
flags) but for now they will be fixed in the next iteration of
main_loop().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14513 Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Amitay Isaacs <amitay@gmail.com>
4.2.3 went out of support, so update the header file to the oldest
currently supported GPFS version. Going forward, this will allow usage
of newer API calls.
Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Christof Schmitt <cs@samba.org>
Autobuild-Date(master): Mon Oct 5 20:06:04 UTC 2020 on sn-devel-184
Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Samuel Cabrero <scabrero@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Mon Oct 5 12:38:34 UTC 2020 on sn-devel-184
libcli: Use GUID_to_ndr_buf() in smb2cli_validate_negotiate_info_send()
Avoid a talloc/free
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Oct 2 22:50:43 UTC 2020 on sn-devel-184
projects / thirdparty / samba.git / log
