]> git.ipfire.org Git - thirdparty/samba.git/log
thirdparty/samba.git
4 years agobuiltools: Make abi_gen.sh less prone to errors
Andreas Schneider [Mon, 14 Feb 2022 06:59:52 +0000 (07:59 +0100)] 
builtools: Make abi_gen.sh less prone to errors

The mold linker has more hidden symbols and we would need to filter them out
with nm, where objdump tells us which symbols are actually hidden. So we just
need to filter out whatever is hidden.

The use of awk makes it also easier to get what we want.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
4 years agoctdb-tests: Iterate protocol tests internally
Martin Schwenke [Tue, 4 Jan 2022 01:19:49 +0000 (12:19 +1100)] 
ctdb-tests: Iterate protocol tests internally

Instead of repeatedly running a test binary.

Run time for these tests reduces from ~90s to ~75s.

When run under valgrind, the run time for protocol_test_001.sh reduces
from ~390s to <1s.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Mon Feb 14 04:32:29 UTC 2022 on sn-devel-184

4 years agoctdb-tests: Add iteration support for protocol tests
Martin Schwenke [Tue, 4 Jan 2022 01:18:33 +0000 (12:18 +1100)] 
ctdb-tests: Add iteration support for protocol tests

The current method of repeatedly running a binary has huge overhead,
especially with valgrind.

protocol_test_iterate_tag() allows output that is usually used for
hinting where a test failure occurred to be replaced with a tag
stored in a buffer, which is printed on test failure.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
4 years agoctdb-tests: Add a test for stalled node triggering election
Martin Schwenke [Sat, 22 Jan 2022 20:08:02 +0000 (07:08 +1100)] 
ctdb-tests: Add a test for stalled node triggering election

A stalled node probably continues to hold the cluster lock, so confirm
elections work in this case.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14958

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Mon Feb 14 02:46:01 UTC 2022 on sn-devel-184

4 years agoctdb-tests: Factor out functions to detect when generation changes
Martin Schwenke [Sat, 22 Jan 2022 19:42:52 +0000 (06:42 +1100)] 
ctdb-tests: Factor out functions to detect when generation changes

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14958

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
4 years agoctdb-recoverd: Consistently log start of election
Martin Schwenke [Sat, 22 Jan 2022 19:21:51 +0000 (06:21 +1100)] 
ctdb-recoverd: Consistently log start of election

Elections should now be quite rare, so always log when one begins.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14958

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
4 years agoctdb-recoverd: Always send unknown leader broadcast when starting election
Martin Schwenke [Sat, 22 Jan 2022 19:18:51 +0000 (06:18 +1100)] 
ctdb-recoverd: Always send unknown leader broadcast when starting election

This is currently missed when the cluster lock is lost.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14958

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
4 years agoctdb-recoverd: Consistently have caller set election-in-progress
Martin Schwenke [Sat, 22 Jan 2022 18:49:18 +0000 (05:49 +1100)] 
ctdb-recoverd: Consistently have caller set election-in-progress

The problem here is that election-in-progress must be set to
potentially avoid restarting the election broadcast timeout in
main_loop(), so this is already done by leader_handler().

Have force_election() set election-in-progress for all election types
and do not bother setting it in cluster_lock_election().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14958

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
4 years agoctdb-recoverd: Always cancel election in progress
Martin Schwenke [Fri, 21 Jan 2022 07:09:47 +0000 (18:09 +1100)] 
ctdb-recoverd: Always cancel election in progress

Election-in-progress is set by unknown leader broadcast, so needs to
be cleared in all cases when election completes.

This was seen in a case where the leader node stalled, so didn't send
leader broadcasts for some time.  The node continued to hold the
cluster lock, so another node could not become leader.  However, after
the node returned to normal it still did not send leader broadcasts
because election-in-progress was never cleared.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14958

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
4 years agosmbd: Simplify smbd_dirptr_lanman2_mode_fn()
Volker Lendecke [Sun, 2 Jan 2022 18:26:06 +0000 (19:26 +0100)] 
smbd: Simplify smbd_dirptr_lanman2_mode_fn()

Avoid an else, we return in the "true" branch

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Feb 11 21:53:22 UTC 2022 on sn-devel-184

4 years agotorture: Align integer types
Volker Lendecke [Mon, 7 Feb 2022 14:19:35 +0000 (15:19 +0100)] 
torture: Align integer types

finfo.stream_info.out.num_streams is declared as "unsigned int"

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 years agondrdump: Small simplification
Volker Lendecke [Mon, 7 Feb 2022 09:11:36 +0000 (10:11 +0100)] 
ndrdump: Small simplification

Remove the talloc_steal(), we can allocate on mem_ctx directly

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 years agolibsmb: Use fstrcpy where possible
Volker Lendecke [Sun, 6 Feb 2022 20:59:05 +0000 (21:59 +0100)] 
libsmb: Use fstrcpy where possible

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 years agosmbd: Safeguards for getpwuid
Volker Lendecke [Thu, 3 Feb 2022 12:20:11 +0000 (13:20 +0100)] 
smbd: Safeguards for getpwuid

Attempt to fix

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14900

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 years agovfstest: Align two integer types
Volker Lendecke [Thu, 3 Feb 2022 14:23:45 +0000 (15:23 +0100)] 
vfstest: Align two integer types

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 years agovfs: Simplify streams_xattr_unlinkat()
Volker Lendecke [Fri, 11 Feb 2022 09:20:54 +0000 (10:20 +0100)] 
vfs: Simplify streams_xattr_unlinkat()

It would be a logic error to call rmdir on a stream. This simplifies
the logic a bit.

Signed-off-by: Volker Lendecke <vl@samba.org>
4 years agosmbd: Use fsp_is_alternate_stream() where an fsp is available
Volker Lendecke [Fri, 11 Feb 2022 08:59:16 +0000 (09:59 +0100)] 
smbd: Use fsp_is_alternate_stream() where an fsp is available

Make it clear that being an alternate data stream handle is much more
a fsp property than a file name property.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 years agosmbd: Introduce metadata_fsp()
Volker Lendecke [Fri, 11 Feb 2022 08:45:30 +0000 (09:45 +0100)] 
smbd: Introduce metadata_fsp()

Centralize the pattern

if (fsp->base_fsp != NULL) {
fsp = fsp->base_fsp;
}

with a descriptive name.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 years agosmbd: Introduce fsp_is_alternate_stream()
Volker Lendecke [Fri, 11 Feb 2022 08:37:35 +0000 (09:37 +0100)] 
smbd: Introduce fsp_is_alternate_stream()

To me this is more descriptive than "fsp->base_fsp != NULL". If this
turns out to be a performance problem, I would go and make this a
static inline in smbd/proto.h.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 years agowafsamba: replace 'echo -n' with printf
Sergey V. Lobanov [Wed, 9 Feb 2022 21:02:17 +0000 (00:02 +0300)] 
wafsamba: replace 'echo -n' with printf

This patch makes samba_cross.py compatible with old bash (e.g. 3.2)

Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
Reviewed-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Feb 11 07:58:57 UTC 2022 on sn-devel-184

4 years agos3:modules: Fix virusfilter_vfs_openat
Pavel Filipenský [Mon, 7 Feb 2022 22:06:10 +0000 (23:06 +0100)] 
s3:modules: Fix virusfilter_vfs_openat

Bug: https://bugzilla.samba.org/show_bug.cgi?id=14971

Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Feb 10 22:09:06 UTC 2022 on sn-devel-184

4 years agos3:selftest: Add test for virus scanner
Pavel Filipenský [Tue, 8 Feb 2022 14:35:48 +0000 (15:35 +0100)] 
s3:selftest: Add test for virus scanner

Bug: https://bugzilla.samba.org/show_bug.cgi?id=14971

Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
4 years agoselftest: Fix trailing whitespace in Samba3.pm
Pavel Filipenský [Tue, 8 Feb 2022 14:34:56 +0000 (15:34 +0100)] 
selftest: Fix trailing whitespace in Samba3.pm

Bug: https://bugzilla.samba.org/show_bug.cgi?id=14971

Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
4 years agodocs-xml:manpages: Document 'dummy' virusfilter and 'virusfilter:infected files'
Pavel Filipenský [Tue, 8 Feb 2022 21:35:29 +0000 (22:35 +0100)] 
docs-xml:manpages: Document 'dummy' virusfilter and 'virusfilter:infected files'

Bug: https://bugzilla.samba.org/show_bug.cgi?id=14971

Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
4 years agos3:modules: Implement dummy virus scanner that uses filename matching
Pavel Filipenský [Tue, 8 Feb 2022 11:07:03 +0000 (12:07 +0100)] 
s3:modules: Implement dummy virus scanner that uses filename matching

Bug: https://bugzilla.samba.org/show_bug.cgi?id=14971

Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
4 years agoselftest: Do not force -d0 for smbd/nmbd/winbindd
Andreas Schneider [Wed, 9 Feb 2022 15:33:10 +0000 (16:33 +0100)] 
selftest: Do not force -d0 for smbd/nmbd/winbindd

We have the env variable SERVER_LOG_LEVEL which allows you to change
the log level on the command line. If we force -d0 this will not work.

make test TESTS="samba" SERVER_LOG_LEVEL=10

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 years agosmbd: Only file_free() a self-created fsp in create_file_unixpath()
Volker Lendecke [Thu, 3 Feb 2022 16:17:07 +0000 (17:17 +0100)] 
smbd: Only file_free() a self-created fsp in create_file_unixpath()

This fixes a use-after-free in smb_full_audit_create_file() when
calling SMB_VFS_CREATE_FILE with fsp->fsp_name as smb_fname.

create_file_unixpath() has this comment:

 * This is really subtle. If someone passes in an smb_fname
 * where smb_fname actually is taken from fsp->fsp_name, then
 * the lifetime of these objects is meant to be the same.

so it seems legitimate to call CREATE_FILE this way.

When CREATE_FILE runs into an error, create_file_unixpath() does a
file_free, which also takes fsp->fsp_name with
it. smb_full_audit_create_file() wants to log the failure including
the smb_fname after NEXT_CREATE_FILE has exited, but this will then
use the already free'ed data.

Fix by only doing the file_free() on an fsp that
create_file_unixpath() created itself.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Feb 10 19:11:33 UTC 2022 on sn-devel-184

4 years agosmbd: Introduce close_file_smb()
Volker Lendecke [Wed, 9 Feb 2022 17:03:33 +0000 (18:03 +0100)] 
smbd: Introduce close_file_smb()

This does almost everything that close_file_free() does, but it leaves
the fsp around.

A normal close_file() now calls fsp_unbind_smb() twice. Functionally
this is not a problem, fsp_unbind_smb() is idempotent. The only
potential performance penalty might come from the loops in
remove_smb2_chained_fsp(), but those only are potentially large with
deeply queued smb2 requests. If that turns out to be a problem, we'll
cope with it later. The alternative would be to split up file_free()
into even more routines and make it more difficult to figure out which
of the "rundown/unbind/free" routines to call in any particular
situation.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 years agosmbd: Factor out fsp_unbind_smb() from file_free()
Volker Lendecke [Wed, 9 Feb 2022 16:23:03 +0000 (17:23 +0100)] 
smbd: Factor out fsp_unbind_smb() from file_free()

For example, remove our entry from smbXsrv_open_global.tdb

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 years agotorture: Add a test to show that full_audit uses a ptr after free
Volker Lendecke [Thu, 3 Feb 2022 14:25:11 +0000 (15:25 +0100)] 
torture: Add a test to show that full_audit uses a ptr after free

Run vfstest with this vfstest.cmd under valgrind and you'll see what
happens. Exact explanation a few patches further down...

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 years agosmbd: Simplify the flow in close_file_free()
Volker Lendecke [Wed, 2 Feb 2022 11:42:08 +0000 (12:42 +0100)] 
smbd: Simplify the flow in close_file_free()

We are no longer called on base_fsp's in SHUTDOWN_CLOSE. That
simplifies the logic in the common case, we now have a linear flow for
the very often-called close_file()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 years agosmbd: No base fsps to close_file_free() from file_close_user()
Volker Lendecke [Wed, 2 Feb 2022 07:58:15 +0000 (08:58 +0100)] 
smbd: No base fsps to close_file_free() from file_close_user()

Same logic as the change for file_close_conn()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 years agosmbd: Factor out close_file_in_loop() from file_close_conn_fn()
Volker Lendecke [Wed, 2 Feb 2022 11:27:50 +0000 (12:27 +0100)] 
smbd: Factor out close_file_in_loop() from file_close_conn_fn()

To be reused in file_close_user(). Deliberately a separate commit to
make the previous commit easier to understand.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 years agosmbd: No base fsps to close_file_free() from file_close_conn()
Volker Lendecke [Wed, 2 Feb 2022 07:58:15 +0000 (08:58 +0100)] 
smbd: No base fsps to close_file_free() from file_close_conn()

close_file_free() needs to handle base fsps specially. This can be
simplified a lot if we pass the the open files a second time in case
we encountered base_fsps that we could not immediately delete.

file_close_conn() is not our hot code path, and also we don't expect
many thousand open files that we need to walk a second time.

A subsequent patch will simplify close_file_free(), the complicated
logic is now in files.c, where it IMHO belongs because
file_set_base_fsp() are here as well.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 years agosmbd: NULL out "fsp" in close_file()
Volker Lendecke [Tue, 1 Feb 2022 16:47:29 +0000 (17:47 +0100)] 
smbd: NULL out "fsp" in close_file()

Quite a few places already had this in the caller, but not all. Rename
close_file() to close_file_free() appropriately. We'll factor out
close_file_smb() doing only parts of close_file_free() later.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 years agosmbd: Call file_free() just once in close_file()
Volker Lendecke [Tue, 1 Feb 2022 16:21:24 +0000 (17:21 +0100)] 
smbd: Call file_free() just once in close_file()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 years agosmbd: Move the call to file_free() out of close_fake_file()
Volker Lendecke [Tue, 1 Feb 2022 16:19:54 +0000 (17:19 +0100)] 
smbd: Move the call to file_free() out of close_fake_file()

Centralize calling file_free(), but leave close_fake_file() in for API
symmetry reasons.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 years agosmbd: Move the call to file_free() out of close_normal_file()
Volker Lendecke [Tue, 1 Feb 2022 16:17:36 +0000 (17:17 +0100)] 
smbd: Move the call to file_free() out of close_normal_file()

Call file_free() just once

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 years agosmbd: Move the call to file_free() out of close_directory()
Volker Lendecke [Tue, 1 Feb 2022 16:14:34 +0000 (17:14 +0100)] 
smbd: Move the call to file_free() out of close_directory()

Call file_free() just once

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 years agosmbd: Slightly simplify create_file_unixpath()
Volker Lendecke [Wed, 9 Feb 2022 09:02:46 +0000 (10:02 +0100)] 
smbd: Slightly simplify create_file_unixpath()

Avoid the "needs_fsp_unlink" variable, describe the talloc hierarchy a
bit differently in the comments.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 years agos3:winbind: Reduce the level and improve a couple of debug messages
Samuel Cabrero [Tue, 8 Feb 2022 09:06:18 +0000 (10:06 +0100)] 
s3:winbind: Reduce the level and improve a couple of debug messages

The commit 1d5c546 changed the debug message printed when setting
winbind to offline state and offline logons are disabled from
level 10 to level 0. This message isn't really an error and might
scare some users, e.g. https://bugzilla.suse.com/show_bug.cgi?id=1195573

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Feb  9 20:20:36 UTC 2022 on sn-devel-184

4 years agos3/libads: ensure a sockaddr variable is correctly zero initialized
Ralph Boehme [Fri, 28 Jan 2022 16:51:10 +0000 (17:51 +0100)] 
s3/libads: ensure a sockaddr variable is correctly zero initialized

is_zero_addr() doesn't work with addresses that have been zero-initialized.

This fixes the logic added in c863cc2ba34025731a18ac735f714b5b888504da.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14674
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2354

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Feb  8 20:24:12 UTC 2022 on sn-devel-184

4 years agos3/libads: simplify storing existing ads->ldap.ss
Ralph Boehme [Mon, 31 Jan 2022 11:54:12 +0000 (12:54 +0100)] 
s3/libads: simplify storing existing ads->ldap.ss

We just need temporal storage for ads->ldap.ss, no need to store it as a struct
samba_sockaddr.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14674
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2354

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 years agolib: Simplify pm_process()
Volker Lendecke [Fri, 4 Feb 2022 11:57:52 +0000 (12:57 +0100)] 
lib: Simplify pm_process()

No need to duplicate the fopen/fclose

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Feb  7 19:58:57 UTC 2022 on sn-devel-184

4 years agovfs: Fix a typo
Volker Lendecke [Sun, 23 Jan 2022 12:15:32 +0000 (13:15 +0100)] 
vfs: Fix a typo

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 years agosmbd: Pass "dirfsp" and "smb_fname" to fd_open_atomic()
Volker Lendecke [Tue, 18 Jan 2022 20:14:13 +0000 (21:14 +0100)] 
smbd: Pass "dirfsp" and "smb_fname" to fd_open_atomic()

Dereference fsp once instead of four times

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 years agosmbd: Avoid an "else" in file_set_dosmode()
Volker Lendecke [Tue, 18 Jan 2022 19:07:30 +0000 (20:07 +0100)] 
smbd: Avoid an "else" in file_set_dosmode()

Review with git show -b

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 years agosmbd: Fix open_pathref_base_fsp()'s implicit conn_cwd assumption
Volker Lendecke [Thu, 30 Dec 2021 17:06:18 +0000 (18:06 +0100)] 
smbd: Fix open_pathref_base_fsp()'s implicit conn_cwd assumption

Opening a stream base file only worked if "dirfsp == conn->cwd_fsp":
We have replaced fsp->fsp_name with the full dirfsp->relative pathname
at the point where open_pathref_base_fsp() is called. In case dirfsp
is already a subdirectory in a share, this breaks because the
open_pathref_base_fsp() uses fsp->fsp_name, not the original
dirfsp-relative one.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 years agolibsmb: Convert SMBC_getatr() to NTSTATUS
Volker Lendecke [Fri, 21 Jan 2022 20:15:06 +0000 (21:15 +0100)] 
libsmb: Convert SMBC_getatr() to NTSTATUS

This avoids a few calls to SMBC_errno()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 years agolibsmb: Avoid a call to SMBC_errno()
Volker Lendecke [Sat, 22 Jan 2022 08:25:34 +0000 (09:25 +0100)] 
libsmb: Avoid a call to SMBC_errno()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 years agolibsmb: Avoid a call to SMBC_errno()
Volker Lendecke [Fri, 21 Jan 2022 19:21:17 +0000 (20:21 +0100)] 
libsmb: Avoid a call to SMBC_errno()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 years agolibsmb: Avoid a call to SMBC_errno()
Volker Lendecke [Fri, 21 Jan 2022 19:29:34 +0000 (20:29 +0100)] 
libsmb: Avoid a call to SMBC_errno()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 years agolibsmb: Avoid two calls to SMBC_errno()
Volker Lendecke [Fri, 21 Jan 2022 19:38:04 +0000 (20:38 +0100)] 
libsmb: Avoid two calls to SMBC_errno()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 years agolibsmb: Avoid a call to SMBC_errno()
Volker Lendecke [Fri, 21 Jan 2022 19:40:17 +0000 (20:40 +0100)] 
libsmb: Avoid a call to SMBC_errno()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 years agolibsmb: Avoid a call to SMBC_errno()
Volker Lendecke [Fri, 21 Jan 2022 19:43:04 +0000 (20:43 +0100)] 
libsmb: Avoid a call to SMBC_errno()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 years agosmbd: Fix CID 1497981: Null pointer dereferences (REVERSE_INULL)
Volker Lendecke [Sun, 6 Feb 2022 10:59:52 +0000 (11:59 +0100)] 
smbd: Fix CID 1497981: Null pointer dereferences (REVERSE_INULL)

brown paper bag quality, sorry...

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 years agolib: Fix CID 1465285 Double close
Volker Lendecke [Wed, 19 Jan 2022 13:12:23 +0000 (14:12 +0100)] 
lib: Fix CID 1465285 Double close

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 years agoscript/autobuild.py: let nm_grep_symbols ignore __gcov_ symbols
Stefan Metzmacher [Sat, 5 Feb 2022 23:16:55 +0000 (00:16 +0100)] 
script/autobuild.py: let nm_grep_symbols ignore __gcov_ symbols

Currently the gcov build currently fails with the following error:

samba-libs: [allshared-no-public-nss_winbind] Running nm ./bin/plugins/libnss_winbind.so.2 | egrep -v ' (__bss_start|_edata|_init|_fini|_end)' | egrep -v ' T _nss_winbind_' |egrep ' [BDGTRVWS] ' && exit 1; exit 0; in '/tmp/samba-testbase/samba-libs/.'
0000000000232458 B __gcov_error_file
0000000000226340 D __gcov_master
000000000001c080 T __gcov_sort_n_vals
00000000002324a0 B __gcov_var
samba-libs: [allshared-no-public-nss_winbind] failed 'nm ./bin/plugins/libnss_winbind.so.2 | egrep -v ' (__bss_start|_edata|_init|_fini|_end)' | egrep -v ' T _nss_winbind_' |egrep ' [BDGTRVWS] ' && exit 1; exit 0;' with status 1

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Sun Feb  6 13:39:09 UTC 2022 on sn-devel-184

4 years agobootstrap: Migrate to CentOS8 Stream
Andreas Schneider [Thu, 3 Feb 2022 14:43:54 +0000 (15:43 +0100)] 
bootstrap: Migrate to CentOS8 Stream

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Feb  4 21:11:40 UTC 2022 on sn-devel-184

4 years agosharesec: Add SEC_DIR_DELETE_CHILD to CHANGE permissions
Volker Lendecke [Wed, 2 Feb 2022 09:02:37 +0000 (10:02 +0100)] 
sharesec: Add SEC_DIR_DELETE_CHILD to CHANGE permissions

Otherwise you can't rename or delete files using CHANGE permissions using
the sharesec or shareacls utility

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Feb  4 19:36:53 UTC 2022 on sn-devel-184

4 years agos3: libsmb: Call cli_dfs_target_check() from cli_smb2_rename_send().
Jeremy Allison [Thu, 3 Feb 2022 23:59:51 +0000 (15:59 -0800)] 
s3: libsmb: Call cli_dfs_target_check() from cli_smb2_rename_send().

Strips off any DFS prefix from the target if passed in.

Remove knownfail selftest/knownfail.d/msdfs-rename.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14169

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Fri Feb  4 12:02:36 UTC 2022 on sn-devel-184

4 years agos3: libsmb: Call cli_dfs_target_check() from cli_cifs_rename_send().
Jeremy Allison [Thu, 3 Feb 2022 23:56:51 +0000 (15:56 -0800)] 
s3: libsmb: Call cli_dfs_target_check() from cli_cifs_rename_send().

Strips off any DFS prefix from the target if passed in.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14169

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
4 years agos3: libsmb: Call cli_dfs_target_check() from cli_smb1_rename_send().
Jeremy Allison [Thu, 3 Feb 2022 23:54:55 +0000 (15:54 -0800)] 
s3: libsmb: Call cli_dfs_target_check() from cli_smb1_rename_send().

Strips off any DFS prefix from the target if passed in.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14169

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
4 years agos3: libsmb: Call cli_dfs_target_check() from cli_ntrename_internal_send().
Jeremy Allison [Thu, 3 Feb 2022 22:54:26 +0000 (14:54 -0800)] 
s3: libsmb: Call cli_dfs_target_check() from cli_ntrename_internal_send().

Currently we don't pass MSDFS names as targets here, but a caller
may erroneously do this later, and for non-DFS names this is a no-op.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14169

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
4 years agos3: libsmb: Call cli_dfs_target_check() from cli_smb2_hardlink_send().
Jeremy Allison [Thu, 3 Feb 2022 22:51:13 +0000 (14:51 -0800)] 
s3: libsmb: Call cli_dfs_target_check() from cli_smb2_hardlink_send().

Currently we don't pass MSDFS names as targets here, but a caller
may erroneously do this later, and for non-DFS names this is a no-op.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14169

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
4 years agos3: libsmb: Add cli_dfs_target_check() function.
Jeremy Allison [Thu, 3 Feb 2022 19:15:30 +0000 (11:15 -0800)] 
s3: libsmb: Add cli_dfs_target_check() function.

Strips any DFS prefix from a target name that will be passed
to an SMB1/2/3 rename or hardlink call. Returns a pointer
into the original target name after the prefix. Not yet used.

If the incoming filename is *NOT* a DFS prefix, the
original filename is returned unchanged.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14169

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
4 years agos3: tests: Add a new test test_msdfs_rename() that does simple renames on MSDFS root...
Jeremy Allison [Thu, 3 Feb 2022 22:21:26 +0000 (14:21 -0800)] 
s3: tests: Add a new test test_msdfs_rename() that does simple renames on MSDFS root shares.

We fail this on SMB2 for a subtle reason.

Our client code called from smbclient only sets the SMB2_HDR_FLAG_DFS flag
in the outgoing packet on the SMB2_CREATE call, and SMB2 rename does the
following operations:

SMB2_CREATE(src_path) // We set SMB2_HDR_FLAG_DFS here for a MSDFS share.
SMB2_SETINFO: SMB2_FILE_RENAME_INFO(dst_path). // We don't set SMB2_HDR_FLAG_DFS

However, from smbclient, dst_path is a MSDFS path but we don't set the flag,
so even though the rename code inside smbd will cope with a MSDFS path
(as used in the SMB1 SMBmv call) it fails as the correct flag isn't set.

Add knownfail selftest/knownfail.d/msdfs-rename.

Note we need to add the new test to "selftest/knownfail.d/smb1-tests"
as test_smbclient_s3.sh is run against the (ad_member|nt4_member)
environments first using NT1 (SMB1) protocol and then using SMB3,
but the (ad_member|nt4_member) environments don't support SMB1.
Seems a bit strange to me, but all the other SMB1 tests inside
test_smbclient_s3.sh have already been added to "selftest/knownfail.d/smb1-tests"
so just go with the test environment.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14169

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
4 years agos3: tests: Add a new test test_msdfs_hardlink() that does simple hardlinks on MSDFS...
Jeremy Allison [Thu, 3 Feb 2022 21:58:28 +0000 (13:58 -0800)] 
s3: tests: Add a new test test_msdfs_hardlink() that does simple hardlinks on MSDFS root shares.

We pass this already as the cmd_hardlink in smbclient doesn't
do the DFS path conversion on the hardlink target. But it's
good to have the test.

Note we need to add the new test to "selftest/knownfail.d/smb1-tests"
as test_smbclient_s3.sh is run against the (ad_member|nt4_member)
environments first using NT1 (SMB1) protocol and then using SMB3,
but the (ad_member|nt4_member) environments don't support SMB1.
Seems a bit strange to me, but all the other SMB1 tests inside
test_smbclient_s3.sh have already been added to "selftest/knownfail.d/smb1-tests"
so just go with the test environment.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14169

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
4 years agobootstrap: Fix CentOS8 runner
Andreas Schneider [Thu, 3 Feb 2022 06:53:33 +0000 (07:53 +0100)] 
bootstrap: Fix CentOS8 runner

CentOS8 is EOL since December 31, 2021. The packages move to vault.centos.org.
We should migrate to CentOS8 Stream soon.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Feb  3 14:31:01 UTC 2022 on sn-devel-184

4 years agotevent: add missing `#include <sys/types.h>`
David Seifert [Sun, 23 Jan 2022 14:34:57 +0000 (15:34 +0100)] 
tevent: add missing `#include <sys/types.h>`

The following functions use `pid_t` in their interface:
* `tevent_req_profile_get_status`
* `tevent_req_profile_set_status`

BUG: https://bugs.gentoo.org/828720

Signed-off-by: David Seifert <soap@gentoo.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Feb  3 13:18:29 UTC 2022 on sn-devel-184

4 years agolib: libsmbclient: Ensure cli_rename() always sets cli->raw_status.
Jeremy Allison [Wed, 2 Feb 2022 18:52:09 +0000 (10:52 -0800)] 
lib: libsmbclient: Ensure cli_rename() always sets cli->raw_status.

Identical change as used in cli_unlink(), cli_mkdir(), cli_rmdir()
cli_chkpath() to ensure SMB2 calls correctly set raw_status for
libsmbclient uses.

Remove knownfail.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14938

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Feb  2 21:50:31 UTC 2022 on sn-devel-184

4 years agos4: test: Add samba4.libsmbclient.rename test. Currently fails for SMB3.
Jeremy Allison [Wed, 2 Feb 2022 18:49:17 +0000 (10:49 -0800)] 
s4: test: Add samba4.libsmbclient.rename test. Currently fails for SMB3.

Add knownfail.d/libsmbclient_rename

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14938

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
4 years agolibcli/smb: let smb2_signing_decrypt_pdu() cope with gnutls_aead_cipher_decrypt(...
Stefan Metzmacher [Mon, 31 Jan 2022 19:33:43 +0000 (20:33 +0100)] 
libcli/smb: let smb2_signing_decrypt_pdu() cope with gnutls_aead_cipher_decrypt() ptext_len bug

The initial implementation of gnutls_aead_cipher_decrypt() had a bug and
used:
    *ptext_len = ctext_len;
instead of:
    *ptext_len = ctext_len - tag_size;

This got fixed with gnutls 3.5.2.

As we only require gnutls 3.4.7 we need to cope with this...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14968

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Feb  2 18:29:08 UTC 2022 on sn-devel-184

4 years agolibcli/smb: fix error checking in smb2_signing_decrypt_pdu() invalid ptext_len
Stefan Metzmacher [Mon, 31 Jan 2022 19:33:43 +0000 (20:33 +0100)] 
libcli/smb: fix error checking in smb2_signing_decrypt_pdu() invalid ptext_len

When the ptext_size != m_total check fails, we call this:

   status = gnutls_error_to_ntstatus(rc, NT_STATUS_INTERNAL_ERROR);
   goto out;

As rc is 0 at that point we'll exit smb2_signing_decrypt_pdu()
with NT_STATUS_OK, but without copying the decrypted data
back into the callers buffer. Which leads to strange errors
in the caller.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14968

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
4 years agoselftest/quick: add smb2.session
Stefan Metzmacher [Tue, 1 Feb 2022 09:52:27 +0000 (10:52 +0100)] 
selftest/quick: add smb2.session

We run the quicktest on each linux distro as part of samba-o3 builds.

We should make sure smb2 signing/enctyption works on all of them
and all different system libraries.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14968

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
4 years agolib:replace: Fix NULL issue reported by covscan
Pavel Filipenský [Thu, 27 Jan 2022 08:40:28 +0000 (09:40 +0100)] 
lib:replace: Fix NULL issue reported by covscan

Found by covscan. Coding style kept as in the rest of the file.

Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Feb  1 21:09:21 UTC 2022 on sn-devel-184

4 years agolib:replace: Fix trailing whitespace in os2_delete.c
Pavel Filipenský [Thu, 27 Jan 2022 08:39:29 +0000 (09:39 +0100)] 
lib:replace: Fix trailing whitespace in os2_delete.c

Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 years agovfs: Simplify fake_acls_stat() with an early return
Volker Lendecke [Tue, 18 Jan 2022 16:55:04 +0000 (17:55 +0100)] 
vfs: Simplify fake_acls_stat() with an early return

Review with "git di -b"

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Feb  1 20:04:44 UTC 2022 on sn-devel-184

4 years agosmbd: Simplify reopen_from_fsp() with an early return
Volker Lendecke [Thu, 30 Dec 2021 14:59:33 +0000 (15:59 +0100)] 
smbd: Simplify reopen_from_fsp() with an early return

Review with git show -b

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 years agosmbd: copy_access_posix_acl() just needs fsps these days
Volker Lendecke [Mon, 24 Jan 2022 16:37:37 +0000 (17:37 +0100)] 
smbd: copy_access_posix_acl() just needs fsps these days

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 years agosmbd: chmod_acl_internals() does not need connection_struct anymore
Volker Lendecke [Mon, 24 Jan 2022 16:34:23 +0000 (17:34 +0100)] 
smbd: chmod_acl_internals() does not need connection_struct anymore

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 years agosmbd: Make directory_has_default_posix_acl() just take "dirfsp"
Volker Lendecke [Mon, 24 Jan 2022 16:32:08 +0000 (17:32 +0100)] 
smbd: Make directory_has_default_posix_acl() just take "dirfsp"

conn is not referenced anymore, and we only need the files_struct

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 years agosmbd: Modernize a debug statement
Volker Lendecke [Thu, 27 Jan 2022 19:34:28 +0000 (20:34 +0100)] 
smbd: Modernize a debug statement

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 years agotorture: Align an integer type
Volker Lendecke [Thu, 27 Jan 2022 20:52:31 +0000 (21:52 +0100)] 
torture: Align an integer type

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 years agomdssvc: Align an integer type
Volker Lendecke [Mon, 31 Jan 2022 07:57:41 +0000 (08:57 +0100)] 
mdssvc: Align an integer type

In libjansson 2.13.1 json_array_size() returns a size_t

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 years agos3: smbd: Add two new functions in a new file, smb2_posix.c: smb2_posix_cc_info(...
Jeremy Allison [Thu, 27 Jan 2022 22:17:36 +0000 (14:17 -0800)] 
s3: smbd: Add two new functions in a new file, smb2_posix.c: smb2_posix_cc_info(), store_smb2_posix_info()

Not yet used.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Feb  1 17:25:45 UTC 2022 on sn-devel-184

4 years agos3: smbd: smbd_smb2_request_process_negprot() - Allow SMB2 unix extensions to be...
Jeremy Allison [Thu, 27 Jan 2022 19:36:19 +0000 (11:36 -0800)] 
s3: smbd: smbd_smb2_request_process_negprot() - Allow SMB2 unix extensions to be negotiated. Currently not allowed.

As lp_smb2_unix_extensions() currently always returns false,
this code path cannot be executed. This will change once the
whole client and server fixes are in place and tests are passing.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
4 years agos3: smbd: Plumb in POSIX lock requests through SMB2 lock calls if done on a POSIX...
Jeremy Allison [Thu, 27 Jan 2022 17:49:45 +0000 (09:49 -0800)] 
s3: smbd: Plumb in POSIX lock requests through SMB2 lock calls if done on a POSIX handle. Currently not allowed.

Note there is currently no way to create a POSIX file
handle in SMB2 so this code can't be accessed.

This will remain so until client and server code are ready to
turn on SMB2 POSIX extensions and the tests are in place.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
4 years agos3: smbd: Update widelinks_warning() to cope with SMB1 and SMB2 unix extensions.
Jeremy Allison [Thu, 27 Jan 2022 18:11:58 +0000 (10:11 -0800)] 
s3: smbd: Update widelinks_warning() to cope with SMB1 and SMB2 unix extensions.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
4 years agos3: smbd: lp_widelinks(). Turn off widelinks if either SMB1 or SMB2 unix extensions...
Jeremy Allison [Thu, 27 Jan 2022 18:07:07 +0000 (10:07 -0800)] 
s3: smbd: lp_widelinks(). Turn off widelinks if either SMB1 or SMB2 unix extensions are turned on.

NB. Currently it's impossible to turn on SMB2 unix extensions.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
4 years agos3: smbd: Add lp_smb2_unix_extensions() function. Always returns false for now.
Jeremy Allison [Thu, 27 Jan 2022 18:03:36 +0000 (10:03 -0800)] 
s3: smbd: Add lp_smb2_unix_extensions() function. Always returns false for now.

For now *always* returns false. This allows me to
add code into smbd contingent on lp_smb2_unix_extensions()
which I know will not be executed until all the parts
are in place. Then the real parameter can be added
(default to off) and testing added.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
4 years agos3: smbd: Add the definition for SMB2_FIND_POSIX_INFORMATION info level.
Jeremy Allison [Thu, 27 Jan 2022 22:46:01 +0000 (14:46 -0800)] 
s3: smbd: Add the definition for SMB2_FIND_POSIX_INFORMATION info level.

Will be used by smb2_query_directory. Not yet used or available.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
4 years agos3: smbd: Add the definition for SMB2_FILE_POSIX_INFORMATION info level.
Jeremy Allison [Thu, 27 Jan 2022 22:43:27 +0000 (14:43 -0800)] 
s3: smbd: Add the definition for SMB2_FILE_POSIX_INFORMATION info level.

Will be used by smb2_getinfo. Not yet used or available.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
4 years agolibcli: Add SMB2 posix negotiate context flag.
Jeremy Allison [Thu, 27 Jan 2022 18:18:32 +0000 (10:18 -0800)] 
libcli: Add SMB2 posix negotiate context flag.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
4 years agos3: smbd: Add an SMB2 server flag posix_extensions_negotiated.
Jeremy Allison [Thu, 27 Jan 2022 18:55:18 +0000 (10:55 -0800)] 
s3: smbd: Add an SMB2 server flag posix_extensions_negotiated.

This allows the server to only enable smb2 unix open handles if
the smb.conf parameter is set and the client client correctly
negotiated smb2 unix on the connection.

Currently there is no "smb2 unix extensions" parameter so
this can never be set to true.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
4 years agoCVE-2021-44141: s3: smbd: Inside rename_internals_fsp(), we must use vfs_stat() for...
Jeremy Allison [Wed, 8 Dec 2021 06:19:29 +0000 (22:19 -0800)] 
CVE-2021-44141: s3: smbd: Inside rename_internals_fsp(), we must use vfs_stat() for existence, not SMB_VFS_STAT().

We need to take SMB1+POSIX into account here and do an LSTAT if it's
a POSIX name.

Remove knownfail.d/posix_sylink_rename

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14911

Signed-off-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Jan 31 16:26:26 UTC 2022 on sn-devel-184

4 years agoCVE-2021-44141: s3: torture: Add a test samba3.blackbox.test_symlink_rename.SMB1...
Jeremy Allison [Wed, 8 Dec 2021 06:15:46 +0000 (22:15 -0800)] 
CVE-2021-44141: s3: torture: Add a test samba3.blackbox.test_symlink_rename.SMB1.posix that shows we still leak target info across a SMB1+POSIX rename.

Add a knownfail.d/posix_sylink_rename

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14911

Signed-off-by: Jeremy Allison <jra@samba.org>
4 years agoCVE-2021-44141: s3: smbd: Fix a subtle bug in the error returns from filename_convert().
Jeremy Allison [Tue, 7 Dec 2021 22:39:42 +0000 (14:39 -0800)] 
CVE-2021-44141: s3: smbd: Fix a subtle bug in the error returns from filename_convert().

If filename_convert() fails to convert the path, we never call
check_name(). This means we can return an incorrect error code
(NT_STATUS_ACCESS_DENIED) if we ran into a symlink that points
outside the share to a non-readable directory. We need to make
sure in this case we always call check_name().

Remove knownfail.d/symlink_traversal.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14911

Signed-off-by: Jeremy Allison <jra@samba.org>
4 years agoCVE-2021-44141: s3: smbd: Inside check_reduced_name() ensure we return the correct...
Jeremy Allison [Tue, 7 Dec 2021 22:33:17 +0000 (14:33 -0800)] 
CVE-2021-44141: s3: smbd: Inside check_reduced_name() ensure we return the correct error codes when failing symlinks.

NT_STATUS_OBJECT_PATH_NOT_FOUND for a path component failure.
NT_STATUS_OBJECT_NAME_NOT_FOUND for a terminal component failure.

Remove:

samba3.blackbox.test_symlink_traversal.SMB1.posix
samba3.blackbox.smbclient_s3.*.Ensure\ widelinks\ are\ restricted\(.*\)
samba3.blackbox.smbclient_s3.*.follow\ symlinks\ \=\ no\(.*\)

in knownfail.d/symlink_traversal as we now pass these. Only one more fix
remaining to get rid of knownfail.d/symlink_traversal completely.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14911

Signed-off-by: Jeremy Allison <jra@samba.org>
4 years agoCVE-2021-44141: s3: smbd: For SMB1+POSIX clients trying to open a symlink, always...
Jeremy Allison [Tue, 7 Dec 2021 19:44:09 +0000 (11:44 -0800)] 
CVE-2021-44141: s3: smbd: For SMB1+POSIX clients trying to open a symlink, always return NT_STATUS_OBJECT_NAME_NOT_FOUND.

Matches the error return from openat_pathref_fsp().

NT_STATUS_OBJECT_PATH_NOT_FOUND is for a bad component in a path, not
a bad terminal symlink.

Remove knownfail.d/simple_posix_open, we now pass.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14911

Signed-off-by: Jeremy Allison <jra@samba.org>