Jeremy Allison [Fri, 5 Aug 2022 19:16:44 +0000 (12:16 -0700)]
s3: smbd: Add new function check_path_syntax_smb2_msdfs() for SMB2 MSDFS paths.
#ifdef'ed out as static and not yet used.
We can't just call check_path_syntax() on these as
they are of the form hostname\share[\extrapath]
(where [\extrapath] is optional).
hostname here can be an IPv6 ':' separated address,
which check_path_syntax() fails on due to the streamname
processing.
NB. This also has to cope with out existing (broken)
libsmbclient libraries that sometimes set the DFS
flag and then send a local pathname. Cope by just
calling the normal check_path_syntax() on the
whole pathname in that case.
Jeremy Allison [Sat, 6 Aug 2022 02:27:33 +0000 (19:27 -0700)]
s3: smbd: Fix cosmetic bug logging pathnames from Linux kernel clients using SMB1 DFS calls.
The Linux kernel SMB1 client has a bug - it sends
DFS pathnames as:
\\server\share\path
instead of:
\server\share\path
Causing us to mis-parse server,share,remaining_path here
and jump into 'goto local_path' at 'share\path' instead
of 'path'.
This doesn't cause an error as the limits on share names
are similar to those on pathnames.
parse_dfs_path() which we call before filename parsing
copes with this by calling trim_char on the leading '\'
characters before processing.
Do the same here so logging of pathnames looks better.
How did I find this ? Lots and lots of manual
testing with the Linux kernel client to make
sure all the recent changes haven't broken Linux
SMB1/2/3 DFS :-).
Sometimes the bottleneck is the smbtorture process.
In order to bring the smbd process to 100% cpu, you can use
'--option="libsmb:client_guid=6112f7d3-9528-4a2a-8861-0ca129aae6c4"'
and run multiple instances of the test at the same time,
which both talk to the same smbd process.
This is a very useful test to show how many requests are possible
at the raw SMB2 layer.
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Aug 11 19:23:37 UTC 2022 on sn-devel-184
This improves 'time smbtorture3 //foo/bar -U% local-g-lock-ping-pong -o 50000000'
from ~1.400.000 to ~3.400.000 operations per second any a testsystem.
As we also use TDB_VOLATILE for locking.tdb, this is a much more
realistic test now.
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
s3:passdb: Consolidate error checking in fetch_ldap_pw()
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Aug 11 06:34:56 UTC 2022 on sn-devel-184
Ralph Boehme [Wed, 27 Jul 2022 16:40:21 +0000 (18:40 +0200)]
vfs_default: assert all passed in fsp's and names are non-stream type
Enforce fsp is a non-stream one in as many VFS operations as possible in
vfs_default. We really need an assert here instead of returning an error, as
otherwise he can have very hard to diagnose bugs.
Ralph Boehme [Fri, 29 Jul 2022 12:56:41 +0000 (14:56 +0200)]
smbd: ignore request to set the SPARSE attribute on streams
As per MS-FSA 2.1.1.5 this is a per stream attribute, but our backends don't
support it in a consistent way, therefor just pretend success and ignore the
request.
Ralph Boehme [Wed, 27 Jul 2022 11:37:32 +0000 (13:37 +0200)]
CI: add a test trying to delete a stream on a pathref ("stat open") handle
When using vfs_streams_xattr, for a pathref handle of a stream the system fd
will be a fake fd created by pipe() in vfs_fake_fd().
For the following callchain we wrongly pass a stream fsp to
SMB_VFS_FGET_NT_ACL():
SMB_VFS_CREATE_FILE(..., "file:stream", ...)
=> open_file():
if (open_fd):
-> taking the else branch:
-> smbd_check_access_rights_fsp(stream_fsp)
-> SMB_VFS_FGET_NT_ACL(stream_fsp)
This is obviously wrong and can lead to strange permission errors when using
vfs_acl_xattr:
in vfs_acl_xattr we will try to read the stored ACL by calling
fgetxattr(fake-fd) which of course faild with EBADF. Now unfortunately the
vfs_acl_xattr code ignores the specific error and handles this as if there was
no ACL stored and subsequently runs the code to synthesize a default ACL
according to the setting of "acl:default acl style".
As the correct access check for streams has already been carried out by calling
check_base_file_access() from create_file_unixpath(), the above problem is not
a security issue: it can only lead to "decreased" permissions resulting in
unexpected ACCESS_DENIED errors.
The fix is obviously going to be calling
smbd_check_access_rights_fsp(stream_fsp->base_fsp).
This test verifies that deleting a file works when the stored NT ACL grants
DELETE_FILE while the basic POSIX permissions (used in the acl_xattr fallback
code) do not.
Allows passing on "user." xattr to the backend. This can be useful for testing
specific aspects of operation on streams when "streams_xattr" is configured as
stream filesystem backend.
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
Autobuild-User(master): Pavel Filipensky <pfilipensky@samba.org>
Autobuild-Date(master): Wed Aug 10 14:14:04 UTC 2022 on sn-devel-184
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
Autobuild-User(master): Pavel Filipensky <pfilipensky@samba.org>
Autobuild-Date(master): Wed Aug 10 10:21:48 UTC 2022 on sn-devel-184
Volker Lendecke [Tue, 9 Aug 2022 10:42:05 +0000 (12:42 +0200)]
smbstatus: Fix the 32-bit build on FreeBSD
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Aug 9 20:04:26 UTC 2022 on sn-devel-184
s3:passdb: Remove unused function secrets_fetch_trust_account_password()
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Aug 8 19:03:08 UTC 2022 on sn-devel-184
Jule Anger [Fri, 5 Aug 2022 11:05:26 +0000 (13:05 +0200)]
smbstatus: add a method to add profile items to json
The method changes the json item of a given traverse_state.
The root dictionary contains for each section a dictionary, which has
a dictionary for each subsection.
Signed-off-by: Jule Anger <janger@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Jule Anger [Thu, 24 Mar 2022 14:46:50 +0000 (15:46 +0100)]
smbstatus: add JSON support for smbstatus
Adds the option --json for all informations except the profiling.
With --json sets the json_output variable to true, so that the json dictionary
can be created and printed.
Signed-off-by: Jule Anger <janger@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Jule Anger [Mon, 1 Aug 2022 09:19:37 +0000 (11:19 +0200)]
smbstatus: add a notifies dictionary
Adds an empty json dictionary under the key "notifies" and adds foreach
notify a dictionary with information to the notify dictionary. Uses the
pid as key.
Only print to stdout, if json_output is not set.
Signed-off-by: Jule Anger <janger@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Jule Anger [Thu, 31 Mar 2022 08:31:31 +0000 (10:31 +0200)]
smbstatus: add locks to byte-range locked files in json output
At the moment, there is only information about the byte-range locked files.
Adds a list of its locks for each file. An open is represented as
a dictionary. Contains all information (pid, dev_inode, read_write, start
and size) about the lock.
Signed-off-by: Jule Anger <janger@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Jule Anger [Thu, 31 Mar 2022 08:30:30 +0000 (10:30 +0200)]
smbstatus: add a basic byte-range locks dictionary
Adds an empty json dictionary under the key "byte_range_locks"
and adds foreach locked file a dictionary with information
(path and filename) to the byte-range locks dictionary.
Only print to stdout, if json_output is not set.
Signed-off-by: Jule Anger <janger@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Jule Anger [Mon, 1 Aug 2022 10:02:15 +0000 (12:02 +0200)]
smbstatus: add general caching information about open files to json output
Adds a dictionary named "caching" to a opens dictionary.
Represents both oplock and leases caching. The dictionary contains a
boolean for each type (READE, WRITE and HANDLE), the hex value and a string
representation.
If no oplocks are used, the dictionary is left empty.
Signed-off-by: Jule Anger <janger@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Jule Anger [Wed, 30 Mar 2022 15:05:02 +0000 (17:05 +0200)]
smbstatus: add lease information about open files to json output
Adds a dictionary named "lease" to a opens dictionary.
If leases are used, the dictionary contains a boolean for each type
(READE, WRITE and HANDLE or UNKNOWN) and a string representation of
the lease. Otherwise the dict is left empty.
Signed-off-by: Jule Anger <janger@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Jule Anger [Wed, 30 Mar 2022 13:40:56 +0000 (15:40 +0200)]
smbstatus: add oplock information about open files to json output
Adds a dictionary named "oplock" to a opens dictionary.
Contains a string representation and booleans for each oplock type
(EXCLUSIVE, BATCH, LEVEL_II, LEASE).
Signed-off-by: Jule Anger <janger@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Jule Anger [Wed, 30 Mar 2022 13:36:13 +0000 (15:36 +0200)]
smbstatus: add opens to files in json output
At the moment, there is only information about the open files.
Adds a list of its opens for each file. An open is represented as
a dictionary. Contains only the basic information (pid, uid and
time) about the open.
Signed-off-by: Jule Anger <janger@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Jule Anger [Wed, 30 Mar 2022 13:11:11 +0000 (15:11 +0200)]
smbstatus: add a basic dictionary with open files
Adds an empty json dictionary under the key "open_files" and adds foreach
locked file a dictionary with information (path, filename and pending
deletes) to the locked files dictionary. Uses path and filename as key.
Only print to stdout, if json_output is not set.
Signed-off-by: Jule Anger <janger@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Jule Anger [Thu, 24 Mar 2022 13:09:35 +0000 (14:09 +0100)]
smbstatus: add a sessions dictionary
Adds an empty json dictionary under the key "sessions" and adds foreach
session a dictionary with information to the session dictionary. Uses the
session_id as key.
uid_str and gid_str are needed because both receive their own JSON field.
Only print to stdout, if json_output is not set.
Signed-off-by: Jule Anger <janger@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
conn_tdb: change type of connections_data.start to NTTIME
connections_data.start previously had the type time_t, but time_t
only had a precision for seconds. NTTIME has a higer precision,
which is useful for debugging.
Signed-off-by: Jule Anger <janger@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
projects / thirdparty / samba.git / log
