Jeremy Allison [Fri, 6 Sep 2019 21:51:29 +0000 (14:51 -0700)]
s3: pysmbd: Ensure conn->cwd_fsp member of created connections is initialized.
This is needed to correctly call the XXXAT() vfs calls.
We should probably just use create_conn_struct_tos_cwd() here
and pass $cwd instead of using create_conn_struct_tos() and
passing "/" as the share root. We wouldn't change the current
working directory and the created share root would be set to $cwd
but I'm not sure what effects this may have on users of pysmbd
in case any of them pass paths above the $cwd to these functions.
Less changes to just call vfs_ChDir(conn, &cwd) which doesn't
change the current directory and leaves the share root as "/".
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Fri, 6 Sep 2019 21:05:43 +0000 (14:05 -0700)]
s3: torture: vfstest: Change from create_conn_struct_tos() -> create_conn_struct_tos_cwd().
This does a vfs_ChDir() to the share root (not changing the
directory) which correctly sets up the conn->cwd_fsp member
so any XXXAT() calls correctly work inside vfstest.
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Ralph Boehme [Mon, 2 Sep 2019 10:21:56 +0000 (12:21 +0200)]
s3:smbd: skip write-time fetching for directories.
The whole logic only applies to files.
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Sep 11 00:33:26 UTC 2019 on sn-devel-184
&= does bitwise AND, and does not do boolean short-circuiting if the
variable is already 0. As has_other_nonposix_opens() might have its
cost, this speeds up closing a handle.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Mon, 9 Sep 2019 06:08:06 +0000 (08:08 +0200)]
vfs: restore stat fields in vfs_stat_fsp()
This ensures we preserve btime, itime and File-ID.
As the Durable Handles code calls vfs_stat_fsp() in the DH disconnect function,
previously the btime was lost and NOT stored in the cookie. With this change the
cookie will store the correct btime (and iflags), which requires us to call
dos_mode() in the reconnect function to ensure we pass
vfs_default_durable_reconnect_check_stat().
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Sep 10 20:22:21 UTC 2019 on sn-devel-184
Ralph Boehme [Fri, 30 Aug 2019 12:48:40 +0000 (14:48 +0200)]
s3:smbd: ensure to update the File-ID in struct smb_filename
Initialize the File-ID in fsp->fsp_name->st, any subsequent metadata fetch on
this file-handle needs this, eg QFID SMB2 Create-Context or GETINFO SMB
requests.
It would be nice if SMB_VFS_SET_DOS_ATTRIBUTE() would do this, unfortunately it
gets a const struct smb_filename.
Ralph Boehme [Mon, 9 Sep 2019 09:12:08 +0000 (11:12 +0200)]
s3:lib: round itime to NTTIME resolution in make_file_id_from_itime()
The rounding is needed because when a file is created via eg an SMB2 CREATE
request, we need to calculate the correct File-ID for the QFID Create-Context or
for a subsequent GETINFO SMB request on the same file-handle.
Any later metadata request that received the File-ID will do so by going through
dos_mode() -> ... -> parse_dos_attribute_blob(), where the File-ID will be
calculated from the on-disk itime which has NTTIME resolution.
As long as that is the only available itime backend, I'm rounding itime inside
make_file_id_from_itime(), not in the callers.
s4:torture/smb2: try to fix a RESOURCE_LEAK in smb2.samba3misc.localposixlock1
CID 1453656: (RESOURCE_LEAK)
Handle variable "fd" going out of scope leaks the handle.
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Sep 10 18:56:45 UTC 2019 on sn-devel-184
Andrew Bartlett [Thu, 5 Sep 2019 03:48:53 +0000 (15:48 +1200)]
Create SECURITY.md
This file location is shown under "Security -> Policy" on GitHub
and helps ensure people with a need to report a security issue
find us the right way.
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Sep 9 21:13:35 UTC 2019 on sn-devel-184
vfs_delay_inject: add support for brl_[un]lock_windows()
This demonstrates the two ways to handle the retry:
- smb layer retry => plock->context.smblctx = UINT64_MAX
- vfs backend retry => plock->context.smblctx = 0
s3:blocking: split out smbd_smb1_do_locks_setup_timeout()
This function can be called multiple times, but only
the first time will setup the endtime. And the
endtime is relative to the request time and not
the current time.
We should evaluate the timeout condition after the very last
retry and not before.
Otherwise we'd fail to retry when waiting for posix locks.
The problem happens if the client provided timeout is smaller
than the 1 sec (for testing temporary 15 secs) retry.
s3:blocking: split smbd_smb1_do_locks_retry() into _try() and _retry()
This will make it possible to have just one caller to
smbd_do_locks_try() later and use smbd_smb1_do_locks_try()
from within smbd_smb1_do_locks_send().
s3:smb2_lock: call change_to_user_by_fsp() when dbwrap_watched_watch* finishes
This is not strictly required as fd-based calls are used,
but it's more consistent to call SMB_VFS_BRL_LOCK_WINDOWS()
in the same environment on retry.
s3:blocking: call change_to_user_by_fsp() when dbwrap_watched_watch* finishes
This is not strictly required as fd-based calls are used,
but it's more consistent to call SMB_VFS_BRL_LOCK_WINDOWS()
in the same environment on retry.
s4:torture: make rpc.handles.random-assoc test more robust
We've seen failures like this:
RPC-HANDLE-RANDOM-ASSOC
connect samr pipe1
pipe1 uses assoc_group_id[0x00000001]
connect samr pipe2 with assoc_group_id[0xFFFFFFFF]- should fail
Failed to bind to uuid 12345778-1234-abcd-ef00-0123456789ac for
ncacn_np:localdc[\pipe\samr,bigendian,assoc_group_id=0xffffffff,
abstract_syntax=12345778-1234-abcd-ef00-0123456789ac/0x00000001] NT_STATUS_UNSUCCESSFUL
connect samr pipe3 with assoc_group_id[0x00000000]- should fail
UNEXPECTED(failure): samba4.rpc.handles on ncacn_np with bigendian.random-assoc(ad_dc_default)
REASON: Exception: Exception: ../../source4/torture/rpc/handles.c:546:
status was NT_STATUS_OK, expected NT_STATUS_UNSUCCESSFUL: opening samr pipe3
Prevent that it wraps to 0x00000000
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
Some smbcontrol commands leave the .help pointer NULL, resulting in the
following usage text:
disconnect-dc (null)
notify-cleanup (null)
...
msg-cleanup (null)
Improve this by printing an empty string instead.
Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Mon Sep 9 10:32:53 UTC 2019 on sn-devel-184
ctdb-eventscripts: Fix the regression in 01.reclock.script
Commit ea7708d8c7fa674111ccea58b3cd0757765c702a simplified
01.reclock.script and removed include of functions file which is
required for setting CTDB_HELPER_BINDIR and for die() function.
Signed-off-by: Amitay Isaacs <amitay@gmail.com> Reviewed-by: Martin Schwenke <martin@meltin.net>
Andrew Bartlett [Wed, 4 Sep 2019 23:23:22 +0000 (11:23 +1200)]
docs: Deprecate "lanman auth = yes"
This feature is only available for SMB1 and we need to warn users that this
is going away soon, and allow the removal in a future release under our rules
for parameter deprecation.
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Sep 5 04:04:18 UTC 2019 on sn-devel-184
Andrew Bartlett [Wed, 4 Sep 2019 23:19:10 +0000 (11:19 +1200)]
docs: Deprecate "encrypt passwords = no"
This feature is only available for SMB1 and we need to warn users that this
is going away soon, and allow the removal in a future release under our rules
for parameter deprecation.
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
s3:ldap: Fix join with don't exists machine account
Add check for requested replies of existing machine object during join
machine to domain. This solves regression fail during join with error:
"None of the information to be translated has been translated."
https://bugzilla.samba.org/show_bug.cgi?id=14007
Reviewed-by: Guenther Deschner <gd@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Wed Sep 4 17:02:37 UTC 2019 on sn-devel-184
ctdb_pkt_recv_recv() and ctdb_read_packet() give us a non-null hdr on
success, so drop the error path check in favour of an assert.
This fixes a regression in 3913b9a4088b83d6ed7f94d136a26ecfa7e16b35,
where tevent_req_error() may be skipped in the ctdbd_parse_done()
ctdb_pkt_recv_recv() error path.
Reported-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Noel Power <npower@samba.org>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Wed Sep 4 14:20:16 UTC 2019 on sn-devel-184
projects / thirdparty / samba.git / log
