Jule Anger [Thu, 31 Mar 2022 08:30:30 +0000 (10:30 +0200)]
smbstatus: add a basic byte-range locks dictionary
Adds an empty json dictionary under the key "byte_range_locks"
and adds foreach locked file a dictionary with information
(path and filename) to the byte-range locks dictionary.
Only print to stdout, if json_output is not set.
Signed-off-by: Jule Anger <janger@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Jule Anger [Mon, 1 Aug 2022 10:02:15 +0000 (12:02 +0200)]
smbstatus: add general caching information about open files to json output
Adds a dictionary named "caching" to a opens dictionary.
Represents both oplock and leases caching. The dictionary contains a
boolean for each type (READE, WRITE and HANDLE), the hex value and a string
representation.
If no oplocks are used, the dictionary is left empty.
Signed-off-by: Jule Anger <janger@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Jule Anger [Wed, 30 Mar 2022 15:05:02 +0000 (17:05 +0200)]
smbstatus: add lease information about open files to json output
Adds a dictionary named "lease" to a opens dictionary.
If leases are used, the dictionary contains a boolean for each type
(READE, WRITE and HANDLE or UNKNOWN) and a string representation of
the lease. Otherwise the dict is left empty.
Signed-off-by: Jule Anger <janger@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Jule Anger [Wed, 30 Mar 2022 13:40:56 +0000 (15:40 +0200)]
smbstatus: add oplock information about open files to json output
Adds a dictionary named "oplock" to a opens dictionary.
Contains a string representation and booleans for each oplock type
(EXCLUSIVE, BATCH, LEVEL_II, LEASE).
Signed-off-by: Jule Anger <janger@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Jule Anger [Wed, 30 Mar 2022 13:36:13 +0000 (15:36 +0200)]
smbstatus: add opens to files in json output
At the moment, there is only information about the open files.
Adds a list of its opens for each file. An open is represented as
a dictionary. Contains only the basic information (pid, uid and
time) about the open.
Signed-off-by: Jule Anger <janger@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Jule Anger [Wed, 30 Mar 2022 13:11:11 +0000 (15:11 +0200)]
smbstatus: add a basic dictionary with open files
Adds an empty json dictionary under the key "open_files" and adds foreach
locked file a dictionary with information (path, filename and pending
deletes) to the locked files dictionary. Uses path and filename as key.
Only print to stdout, if json_output is not set.
Signed-off-by: Jule Anger <janger@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Jule Anger [Thu, 24 Mar 2022 13:09:35 +0000 (14:09 +0100)]
smbstatus: add a sessions dictionary
Adds an empty json dictionary under the key "sessions" and adds foreach
session a dictionary with information to the session dictionary. Uses the
session_id as key.
uid_str and gid_str are needed because both receive their own JSON field.
Only print to stdout, if json_output is not set.
Signed-off-by: Jule Anger <janger@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
conn_tdb: change type of connections_data.start to NTTIME
connections_data.start previously had the type time_t, but time_t
only had a precision for seconds. NTTIME has a higer precision,
which is useful for debugging.
Signed-off-by: Jule Anger <janger@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Jule Anger [Mon, 9 May 2022 10:09:18 +0000 (12:09 +0200)]
smbstatus: delete wrong EXCLUSIVE+BATCH oplock
It is not possible to have an EXCLUSIVE+BATCH oplock, because a BATCH
oplock includes an EXCLUSIVE oplock. Therefore, an EXCLUSIVE+BATCH-Oplock
and a BATCH-Oplock are the same thing.
Signed-off-by: Jule Anger <janger@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Fri, 3 Jun 2022 14:45:41 +0000 (16:45 +0200)]
vfs: Add struct vfs_open_how.resolve
This prepares the later introduction of VFS_OPEN_HOW_RESOLVE_NO_SYMLINKS,
which will be used to make use of RESOLVE_NO_SYMLINKS on linux with openat2().
Right now all terminal VFS objects reject any resolve bits with ENOSYS.
So we only prepare the vfs layer for now without any real change.
But this will make backports to 4.17 much easier.
Pair-programmed-with: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Volker Lendecke <vl@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Aug 6 02:39:11 UTC 2022 on sn-devel-184
where "struct open_how" is defined in "linux/openat2.h". It is
designed to be extensible with further flags.
The "size" parameter is required because there is no type checking
between userland and kernelspace, so the way for Linux to find which
version of open_how is being passed in is looking at the size:
"open_how" is expected to only every grow with additional fields,
should a change be necessary in the future.
Samba does not have this problem, we can typecheck the struct and
pointers, we expect all VFS modules to be compiled against the current
vfs.h.
For now this adds no functionality, but it will make further patches
much smaller.
Pair-programmed-with: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Volker Lendecke <vl@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: David Mulder <dmulder@suse.com>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Sat Aug 6 01:42:09 UTC 2022 on sn-devel-184
Jeremy Allison [Thu, 4 Aug 2022 18:32:05 +0000 (11:32 -0700)]
s3: smbd: Remove ugly SMB1-specific hack to filename_convert_dirfsp()
This was added due to the error code check in test_symlink_traversal_smb1_posix.sh.
After careful consideration I've realized the error code expected here
is incorrect, and not providing any security benefit.
We already check that trying to fetch a file/traverse through a
symlink that points outside of a share returns NT_STATUS_OBJECT_PATH_NOT_FOUND,
and this is enforced in the symlink checks already inside filename_convert_dirfsp().
If a symlink points to a directory within the share for which
the user has no permissions (as is tested here), then there's no
benefit in mapping the error code from NT_STATUS_ACCESS_DENIED
to NT_STATUS_OBJECT_PATH_NOT_FOUND, as we are not providing any
extra information about the filesystem state the user cannot already
obtain by normal SMB1+POSIX calls.
Change the error code expected in this single test from NT_STATUS_OBJECT_PATH_NOT_FOUND
to NT_STATUS_ACCESS_DENIED.
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Aug 5 10:24:23 UTC 2022 on sn-devel-184
Jeremy Allison [Thu, 4 Aug 2022 16:52:17 +0000 (09:52 -0700)]
s3: smbd: Change srvstr_get_path_internal() to always call check_path_syntaxXXX(), even on DFS pathnames.
The original design decision to just copy a DFS path and let
parse_dfs_path() take care of it was a horrible mistake.
Fix srvstr_get_path_internal() to always return a
/server/share/path (i.e. a path separated with '/', not '\').
This is a more complex change than I like to allow
DFS path procesing in srvstr_get_path_internal() but
needed as clients (including Samba smbclient) have a
rather "fuzzy" idea of what constitutes a valid DFS path.
If we detect the DFS path isn't valid here we have to
fall back to treating it as a local path.
I also need to modify the DFS parsing in
filename_convert_smb1_search_path() to cope with only '/'
separators.
This also means parse_dfs_path() needs changing to
cope.
The changes here are best reviewed by just applying
the fix and looking at the modified functions:
srvstr_get_path_internal()
parse_dfs_path()
For parse_dfs_path() it's mostly removing bad code
and makes parse_dfs_path() much easier to read.
These changes will enable me to remove some ugly mistakes made
adding ucf_flags to extract_snapshot_token(), as
we can now always assume canonicalized paths.
This is a little messy, but has to be done in
one chunk as the change to srvstr_get_path_internal()
depends on the change to parse_dfs_path().
Thanks to Volker for the insight that made this
cleanup possible.
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
Volker Lendecke [Tue, 2 Aug 2022 11:08:43 +0000 (13:08 +0200)]
smbd: Fix a "set but not used" warning
This is copy&paste from reply_negprot() where this variable was used
to set the remote architecture. This isn't used anymore in the
stripped down smb2 version of this.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Aug 4 21:46:23 UTC 2022 on sn-devel-184
Volker Lendecke [Thu, 4 Aug 2022 14:44:44 +0000 (16:44 +0200)]
smbd: Security fix for systems without O_PATH
Further up we add O_PATH manually. Initial development versions of
this code did set the is_pathref, but then I found this potential
problem. I forgot to remove this incarnation of is_pathref=true, doing
it now.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Jeremy Allison [Tue, 2 Aug 2022 21:06:44 +0000 (14:06 -0700)]
s3: smbd: Convert driver_unix_convert() to use filename_convert_dirfsp().
There is now only one user left of unix_convert(), inside
the MSDFS code. I have plans to get rid of this soon.
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Aug 4 18:10:43 UTC 2022 on sn-devel-184
Jeremy Allison [Tue, 2 Aug 2022 21:16:15 +0000 (14:16 -0700)]
s3: smbd: In reply_ntrename(), move the call to get_original_lcomp(..newname..) after the call to extract_snapshot_token(..newname..).
This was the last case where the snapshot TWRP token could be
passed into get_original_lcomp(). get_original_lcomp() can now
be changed to ignore TWRP tokens.
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
Jeremy Allison [Wed, 3 Aug 2022 16:20:36 +0000 (09:20 -0700)]
s3: smbd: Allow extract_snapshot_token() to cope with MSDFS paths.
"raw" MSDFS paths are passed here as \server\share\path.
find_snapshot_token() only looks for a '/' as a separator
in SMB1 shapshot paths.
Allow extract_snapshot_token() to cope with SMB1 MSDFS paths by
converting in place, looking for the @GMT token with a '/'
separator via find_snapshot_token(), and then converting back.
Note, this a temporary measure until we handle DFS paths better
and will be removed in the next patchset.
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Reviewed-by: Volker Lendecke <vl@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Aug 4 13:49:54 UTC 2022 on sn-devel-184
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
Autobuild-User(master): Pavel Filipensky <pfilipensky@samba.org>
Autobuild-Date(master): Thu Aug 4 10:11:30 UTC 2022 on sn-devel-184
projects / thirdparty / samba.git / log
