Jeremy Allison [Thu, 1 Apr 2021 20:16:34 +0000 (13:16 -0700)]
VFS: nfs4acl_xattr: Ensure nfs4acl_get_blob() always gets a valid fsp pointer.
This means adding a synthetic_pathref() call into the
nfs4acl_xattr version of SMB_VFS_GET_NT_ACL_AT() which
is the pathname-based ACL fetch call.
One place where this (smb_fname->fsp == NULL)
can happen is from open when checking parent
directory ACL - check_parent_access() currently
isn't always passed a smb_fname with a valid
fsp and check_parent_access() currently doesn't
open a pathref smb_fname->fsp itself (eventually
it should be passed in a pathref from the caller).
There are also a few other places inside smbd
that call smbd_check_access_rights() also without
a pathref fsp.
This check should be moved into the
callers inside smbd to ensure that smb_fname->fsp
is always valid here, and in a later patchset (not
part of this set) I will do just that.
Ultimately it may be possible to remove
pathname based SMB_VFS_GET_NT_ACL_AT(), this
requires further investigation.
But until then, we need this change.
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Tue, 6 Apr 2021 18:53:40 +0000 (11:53 -0700)]
s3: smbd: Fix parent_pathref() to cope with symlink parents.
We know that the parent name must
exist, and the name has been canonicalized
even if this was a POSIX pathname.
Ensure that we follow symlinks for
the parent. See the torture test
POSIX-SYMLINK-PARENT for details.
Remove knownfail entry.
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Apr 7 15:39:45 UTC 2021 on sn-devel-184
Jeremy Allison [Tue, 6 Apr 2021 18:46:23 +0000 (11:46 -0700)]
s3: torture: Add an SMB1 POSIX specific test POSIX-SYMLINK-PARENT.
This creates a directory, then a symlink to a directory,
and then checks we can POSIX create and delete file, directory,
symlink and hardlink filesystem objects under the symlink
parent directory.
Mark as knownfail until next commit.
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Apr 7 10:24:17 UTC 2021 on sn-devel-184
Bernd Kuhls [Sat, 27 Mar 2021 16:17:34 +0000 (17:17 +0100)]
dcesrv_core: fix build
Move include of system/network.h to avoid a build error:
In file included from ../../lib/replace/system/network.h:35,
from ../../librpc/rpc/dcesrv_core.c:2658:
usr/include/unistd.h: At top level:
usr/include/unistd.h:675:16: error: conflicting types for ‘geteuid’
675 | extern __uid_t geteuid (void) __THROW;
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Samuel Cabrero [Fri, 26 Jun 2020 15:20:32 +0000 (17:20 +0200)]
s3: rpc_server: Store new association groups in the id tree
Right now a new association group is created for each connection
assigning the legacy 0x53F0 id, but it is not stored anywhere. When a
second client request to join an association group by its id it is not
found and a new one is created with the same ID.
In practise, it means the association groups are not working even in the
same server process.
This commit stores the created association group in the idtree, but to
make use of it assigns a random id instead of the historical 0x53F0.
The test assoc_group_ok2 was wrongly passing before this change because
the same id 0x53F0 was assigned to all association groups.
Signed-off-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Samuel Cabrero [Fri, 19 Jun 2020 14:31:39 +0000 (16:31 +0200)]
selftest: Test RPC handles and association groups from different connection
Add a test to check if a RPC handle can be used from a different connection
than the one where it was created, when the same association group is
requested in the bind operation of the second connection.
The association group handling is one of the differences between the S3
and S4 RPC server implementations provided by the implementation
callbacks after the merge.
Association groups work fine in the S4 implementation as the RPC server
runs in one process, except for the 'smbd' embedded services provided
by the S3 implementation like winreg (see lp_enforce_ad_dc_settings()).
In the S3 implementation, association groups should work in the same
process, but the merge introduced a bug where a new association group is
always created even when it already exists in the same process.
Signed-off-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 23 Feb 2021 13:46:38 +0000 (02:46 +1300)]
s4:dsdb/password_hash: Add additional check for crypt() and crypt_r() failure
While crypt_rn() always returns a null pointer in the event of
failure, crypt() and crypt_r() may instead return a string starting
with the character '*'. This commit adds a check to detect failure in
this case.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 23 Feb 2021 13:03:25 +0000 (02:03 +1300)]
provision: Decrease the length of random machine passwords
The current length of 128-255 UTF-16 characters currently causes
generation of crypt() passwords to typically fail. This commit
decreases the length to 120 UTF-16 characters, which is the same as
that used by Windows.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 23 Feb 2021 12:13:41 +0000 (01:13 +1300)]
s4:dsdb/password_hash: Don't generate crypt() password for krbtgt account
Since the length of the krbtgt password after conversion to UTF-8 form is
typically greater than the maximum accepted by crypt(), the call usually
fails. This commit disables generation of crypt() passwords for this specific
account, as it's not necessary.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Apr 7 03:16:39 UTC 2021 on sn-devel-184
Martin Schwenke [Mon, 29 Mar 2021 05:30:37 +0000 (16:30 +1100)]
build: Only add -Wl,--as-needed when supported
If -Wl,--as-needed is added to EXTRA_LDFLAGS (via ADD_LDFLAGS, as per
commit 996560191ac6bd603901dcd6c0de5d239e019ef4) then on some
platforms (at least CentOS 8 and Fedora 33), any indirect/recursive
dependencies (i.e. private libraries) are added to both the
binary (reqid_test in the CTDB case) and to samba-util.so. However,
only samba-util.so has rpath set to find private libraries.
When ld.so tries to resolve these dependencies for the binary it
fails. This may be a bug on those platforms, but it occurs reliably
and our users will also hit the bug. For binaries that have other
private library dependencies (e.g. bundled talloc) rpath will contain
the private library directory so the duplicate private library
dependencies are then found... that is, when it works, it works by
accident!
For some reason (deep in waf or wafsamba) if -Wl,--as-needed is added to
LINKFLAGS (as is done in conf.add_as_needed()) then it works: the direct
dependencies are only added to samba-util.so and the same depenencies
(indirect dependencies for binaries) are not added incorrectly to the
binaries.
So, without changing 1/2 of waf/wafsamba the simplest fix is to revert
to adding -Wl,--as-needed to LINKFLAGS, which was the case before
commit 996560191ac6bd603901dcd6c0de5d239e019ef4.
librpc: Remove the gensec dependency from library dcerpc-binding
This means yet another library, but having to depend on gensec just
for dcerpc_parse_binding() and basic packet parsing seems like a bit
overkill to me.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Apr 6 23:33:14 UTC 2021 on sn-devel-184
Volker Lendecke [Tue, 23 Feb 2021 09:38:16 +0000 (10:38 +0100)]
winbindd: Use samr instead of lsa in sam_name_to_sid()
After the "Unix Users/Groups" and wkn names have been taken care of,
all that remains here is our domain (BUILTIN or workgroup). We don't
need any of the fancy routing in lsa_lookupnames, and samr_LookupNames
is a lot less prone to deadlocks back into winbind.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 23 Feb 2021 07:27:07 +0000 (08:27 +0100)]
winbindd: Avoid deadlock in sam_name_to_sid()
"Unix Users" and "Unix Groups" can recurse into nsswitch and thus into
winbind. In the binding process, we have winbindd_off(), but if we
pass the lookupNames request to a forked lsad, lsad does not
necessarily have that setting. So lsad might turn back to winbind,
which could lead to a deadlock. Handle the nsswitch lookups in
winbind.
While there, also do the simple wellknown names and the "DOMAIN\" type
3 lookups directly in winbind.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Samuel Cabrero [Tue, 30 Mar 2021 14:17:31 +0000 (16:17 +0200)]
oss-fuzz: Update build script to be compatible with rpm distros
The /etc/default/locale file does not exists in the rpm family distros
so the do_build.sh script failed with:
./lib/fuzzing/oss-fuzz/do_build.sh: line 31: /etc/default/locale: No
such file or directory
Signed-off-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: David Mulder <dmulder@samba.org>
Autobuild-User(master): Samuel Cabrero <scabrero@samba.org>
Autobuild-Date(master): Tue Apr 6 15:54:54 UTC 2021 on sn-devel-184
Ralph Boehme [Tue, 6 Apr 2021 12:47:39 +0000 (14:47 +0200)]
smbd: reduce loglevel for failed openat_pathref_fsp() calls
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14685
CI: https://gitlab.com/samba-team/samba/-/merge_requests/1884
RN: Log clutter from filename_convert_internal()
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Apr 6 14:39:46 UTC 2021 on sn-devel-184
Volker Lendecke [Tue, 30 Mar 2021 15:18:10 +0000 (17:18 +0200)]
lib: Fix rundown of jobs sent with background_job_send()
When using this with a trigger message in smbd it will crash at
rundown in messaging_deregister because the global messaging context
can be TALLOC_FREE'ed before the background job is freed.
Using messaging_filtered_send already takes care of this situation
properly.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: David Mulder <dmulder@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Apr 1 17:50:49 UTC 2021 on sn-devel-184
selftest: Allow to set the 'log level' for clients
This allows to set the 'log level' for clients on the command line:
make test TESTS=wurst CLIENT_LOG_LEVEL=10
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Mar 31 21:20:23 UTC 2021 on sn-devel-184
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Mar 31 12:14:01 UTC 2021 on sn-devel-184
Ralph Boehme [Tue, 23 Mar 2021 10:40:21 +0000 (11:40 +0100)]
pidl: set the per-request memory context in the pidl generator
The talloc memory context referenced by the pipe_struct mem_ctx member is used
as talloc parent for RPC response data by the RPC service implementations.
In Samba versions up to 4.10 all talloc children of p->mem_ctx were freed after
a RPC response was delivered by calling talloc_free_children(p->mem_ctx). Commit 60fa8e255254d38e9443bf96f2c0f31430be6ab8 removed this call which resulted in all
memory allocations on this context not getting released, which can consume
significant memory in long running RPC connections.
Instead of putting the talloc_free_children(p->mem_ctx) back, just use the
mem_ctx argument of the ${pipename}_op_dispatch_internal() function which is a
dcesrv_call_state object created by dcesrv_process_ncacn_packet() and released
by the RPC server when the RPC request processing is finished.
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@amba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Mar 31 06:13:39 UTC 2021 on sn-devel-184
Jeremy Allison [Thu, 25 Mar 2021 22:46:45 +0000 (15:46 -0700)]
s3: smbd: Fix SMB_VFS_FGET_NT_ACL/SMB_VFS_FSET_NT_ACL on stream handles.
As this is done on existing files, we know that
fsp->base_fsp != NULL and fsp->base_fsp->fh->fd != -1
(i.e. it's a pathref fd) for stream handles.
When getting and setting ACLs on stream handles,
use the fsp->base_fsp instead (as Windows does).
This not only fixes streams_xattr, but will
allow us to later analyze and remove all
special casing code for get/set ACLs on streams
handles.
Remove the knownfail.d/stream-acl file.
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Mar 30 20:14:35 UTC 2021 on sn-devel-184
Douglas Bagnall [Sun, 21 Mar 2021 07:49:32 +0000 (20:49 +1300)]
ldb-samba: remove redundant negative check
smb_strtoull() already checks for negative numbers, but does
it properly, catching " -2" as well as "-2".
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Mar 30 18:55:28 UTC 2021 on sn-devel-184
s3:utils: The 'net ads keytab' commands should use machine credentials
If the user doesn't specify a username/password on the command line, we
should use the machine credentials to connect to AD. This is how it is
used by default and we should be able to retrieve SPNs.
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Mar 30 06:48:18 UTC 2021 on sn-devel-184
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Mar 30 00:20:53 UTC 2021 on sn-devel-184
Douglas Bagnall [Tue, 23 Mar 2021 23:49:22 +0000 (12:49 +1300)]
librpc/idl: dnsp tombstone timestamp name matches MS-DNSP
MS-DNSP uses the term "EntombedTime" in e.g. "2.2.2.2.4.23 DNS_RPC_RECORD_TS"
which is more descriptive than the generic "timestamp", and less likely to be
confused with dwTimestamp, which has been our curse. Let's make it grep-able,
google-able, and evocative.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jeremy Allison <jra@samba.org>
Douglas Bagnall [Wed, 24 Mar 2021 01:57:32 +0000 (14:57 +1300)]
pytest/dns: remove redundant argument
We are always setting zone to the same thing which we already know,
and we can reduce cognative stress by mentioning it less and not doing
that weird pop thing.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jeremy Allison <jra@samba.org>
Douglas Bagnall [Sat, 27 Mar 2021 22:20:48 +0000 (11:20 +1300)]
dsdb/scavange dns: reserve NTTIME type for NTTIME values
We know it "really" just means uint64_t, but we also know it means
100-nanosecond intervals since 1601, and that makes any other use very
confusing (and not just to me, or there wouldn't be these bugs we're
chasing).
In these cases we are talking about 32 bit hours-since-1601 timestamps.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jeremy Allison <jra@samba.org>
Douglas Bagnall [Thu, 11 Mar 2021 02:17:28 +0000 (15:17 +1300)]
dns: add common dns_timestamp util functions
The dns structs have an unsigned 32 bit timestamp in hours since the
beginning of 1601. In a number of places we need to convert from unix
time to this timestamp, or from the timestamp to NTTIME.
You'll see subsequent patches that make use of these functions.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jeremy Allison <jra@samba.org>
Gary Lockyer [Thu, 25 Mar 2021 01:36:50 +0000 (14:36 +1300)]
libcli smb smb2: Use correct enumeration type
Clang gives the following error:
../../libcli/smb/smb2_signing.c:547:48: error:
implicit conversion from enumeration type 'gnutls_mac_algorithm_t'
to different enumeration type 'gnutls_digest_algorithm_t'
[-Werror,-Wenum-conversion]
const size_t digest_len = gnutls_hash_get_len(GNUTLS_MAC_SHA256);
~~~~~~~~~~~~~~~~~~~ ^~~~~~~~~~~~~~~~~
Should be using GNUTLS_DIG_SHA256, which is set to GNUTLS_MAC_SHA256.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Gary Lockyer <gary@samba.org>
Autobuild-Date(master): Mon Mar 29 23:19:24 UTC 2021 on sn-devel-184
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Mar 29 20:43:28 UTC 2021 on sn-devel-184
smb2_server: don't cancel pending request if at least one channel is still alive
In order to allow replays of requests on a channel failure, we should
not cancel pending requests, the strategie that seems to make windows
clients happy is to let the requests running and return
NT_STATUS_FILE_NOT_AVAILABLE as long as the original request is still
pending.
Here we introduce xconn->transport.shutdown_wait_queue, this is used
to keep the xconn alive for the lifetime of pending requests.
Now we only cancel pending requests if the disconnected connection
is the last channel for a session.
In that case smbXsrv_session_remove_channel() and
smb2srv_session_shutdown_send() will take care of it.
smb2_server: let smbd_smb2_flush_send_queue() destroy pending elements on dead connection
Otherwise we'll keep the state of already finished requests arround.
This becomes critical as the next commit will cause us to
let pending requests running and keep the xconn alive for
the lifetime of pending requests, so we would not ever
make progress and deadlock.
smbXsrv_open: intruduce smbXsrv_open_replay_cache to support FILE_NOT_AVAILABLE
Before processing an open we need to reserve the replay cache entry
in order to signal that we're still in progress.
If a reserved record is already present we need to return
FILE_NOT_AVAILABLE in order to let the client retry again.
[MS-SMB2] contains this:
<152> Section 3.2.5.1: For the following error codes, Windows-based clients
will retry the operation up to three times and then retry the operation every 5
seconds until the count of milliseconds specified by Open.ResilientTimeout is
exceeded:
- STATUS_SERVER_UNAVAILABLE
- STATUS_FILE_NOT_AVAILABLE
- STATUS_SHARE_UNAVAILABLE
This works fine for windows clients, but current windows servers seems to
return ACCESS_DENIED instead of FILE_NOT_AVAILABLE.
A Windows server doesn't do any replay detection on pending opens,
which wait for a HANDLE lease to be broken (because of a
SHARING_VIOLATION), at all.
As this is not really documented for the server part of the current [MS-SMB2],
I found the key hint in "SMB 2.2: Bigger. Faster. Scalier - (Parts 1 and 2)"
on page 24. There's a picture showing that a replay gets FILE_NOT_AVAILABLE
as long as the original request is still in progress. See:
https://www.snia.org/educational-library/smb-22-bigger-faster-scalier-parts-1-and-2-2011
A Windows client is unhappy with the current windows server behavior if it
such a situation happens. There's also a very strange interaction with oplock
where the replay gets SHARING_VIOLATION after 35 seconds because it conflicts with
the original open.
I think it's good to follow the intial design from the 2011 presentation and
make the clients happy by using FILE_NOT_AVAILABLE (and differ from Windows).
I'll report that to dochelp@microsoft.com in order to get this hopefully fixed in
their server too).
projects / thirdparty / samba.git / log
