sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-26 10:04:02 +03:00
Code
130,602 Commits 60 Branches 1,146 Tags
Commit Graph

130602 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Pavel Filipenský
60ce54c36d s3:passdb: Remove upgrade support of samba-2.2 style ldap password 
It was introduced in 2002. Probably we no longer need to support
password upgrade from samba-2.2.

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2022-08-11 05:39:30 +00:00
Ralph Boehme
fc45fcfde5 vfs_default: assert all passed in fsp's and names are non-stream type 
Enforce fsp is a non-stream one in as many VFS operations as possible in
vfs_default. We really need an assert here instead of returning an error, as
otherwise he can have very hard to diagnose bugs.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Aug 10 16:32:35 UTC 2022 on sn-devel-184
 2022-08-10 16:32:35 +00:00
Ralph Boehme
51243e3849 vfs_streams_xattr: restrict which fcntl's are allowed on streams 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
 2022-08-10 15:32:35 +00:00
Ralph Boehme
f0299abf1b smbd: skip access checks for stat-opens on streams in open_file() 
For streams, access is already checked in create_file_unixpath() by
check_base_file_access().

We already skip the access check in this function when doing an IO open of a
file, see above in open_file(), also skip it for "stat opens".

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
 2022-08-10 15:32:35 +00:00
Ralph Boehme
06555c6bcb smbd: use metadata_fsp() in get_acl_group_bits() 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
 2022-08-10 15:32:35 +00:00
Ralph Boehme
3af8f8e874 smbd: ignore request to set the SPARSE attribute on streams 
As per MS-FSA 2.1.1.5 this is a per stream attribute, but our backends don't
support it in a consistent way, therefor just pretend success and ignore the
request.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
 2022-08-10 15:32:35 +00:00
Ralph Boehme
55e55804bb smbd: use metadata_fsp() with SMB_VFS_FSET_DOS_ATTRIBUTES() 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
 2022-08-10 15:32:35 +00:00
Ralph Boehme
03b9ce8473 smbd: use metadata_fsp() with SMB_VFS_FGET_DOS_ATTRIBUTES() 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
 2022-08-10 15:32:35 +00:00
Ralph Boehme
4ab29e2a34 smbd: use metadata_fsp() with SMB_VFS_FSET_NT_ACL() 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
 2022-08-10 15:32:35 +00:00
Ralph Boehme
c949e4b2a4 smbd: use metadata_fsp() with SMB_VFS_FGET_NT_ACL() 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
 2022-08-10 15:32:35 +00:00
Ralph Boehme
23bc760ec5 CI: add a test trying to delete a stream on a pathref ("stat open") handle 
When using vfs_streams_xattr, for a pathref handle of a stream the system fd
will be a fake fd created by pipe() in vfs_fake_fd().

For the following callchain we wrongly pass a stream fsp to
SMB_VFS_FGET_NT_ACL():

SMB_VFS_CREATE_FILE(..., "file:stream", ...)
=> open_file():
   if (open_fd):
   -> taking the else branch:
   -> smbd_check_access_rights_fsp(stream_fsp)
      -> SMB_VFS_FGET_NT_ACL(stream_fsp)

This is obviously wrong and can lead to strange permission errors when using
vfs_acl_xattr:

in vfs_acl_xattr we will try to read the stored ACL by calling
fgetxattr(fake-fd) which of course faild with EBADF. Now unfortunately the
vfs_acl_xattr code ignores the specific error and handles this as if there was
no ACL stored and subsequently runs the code to synthesize a default ACL
according to the setting of "acl:default acl style".

As the correct access check for streams has already been carried out by calling
check_base_file_access() from create_file_unixpath(), the above problem is not
a security issue: it can only lead to "decreased" permissions resulting in
unexpected ACCESS_DENIED errors.

The fix is obviously going to be calling
smbd_check_access_rights_fsp(stream_fsp->base_fsp).

This test verifies that deleting a file works when the stored NT ACL grants
DELETE_FILE while the basic POSIX permissions (used in the acl_xattr fallback
code) do not.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
 2022-08-10 15:32:35 +00:00
Ralph Boehme
92e0045d7c vfs_xattr_tdb: add "xattr_tdb:ignore_user_xattr" option 
Allows passing on "user." xattr to the backend. This can be useful for testing
specific aspects of operation on streams when "streams_xattr" is configured as
stream filesystem backend.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
 2022-08-10 15:32:35 +00:00
Ralph Boehme
451ad315a9 vfs_xattr_tdb: add a module config 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
 2022-08-10 15:32:35 +00:00
Ralph Boehme
b26dc252aa vfs_xattr_tdb: move close_xattr_db() 
This just makes the diff of the next commit smaller and easier to digest.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
 2022-08-10 15:32:35 +00:00
Ralph Boehme
0d3995cec1 smdb: use fsp_is_alternate_stream() in open_file() 
No change in behaviour.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
 2022-08-10 15:32:35 +00:00
Andreas Schneider
042141efdb third_party: Reformat shell scripts 
shfmt -w -p -i 0 -fn third_party/update.sh
shfmt -w -p -i 0 -fn third_party/waf/update.sh

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>

Autobuild-User(master): Pavel Filipensky <pfilipensky@samba.org>
Autobuild-Date(master): Wed Aug 10 14:14:04 UTC 2022 on sn-devel-184
 2022-08-10 14:14:04 +00:00
Andreas Schneider
bb2e0622f0 testsuite: Reformat shell scripts 
shfmt -f testsuite/ | xargs shfmt -w -p -i 0 -fn

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
 2022-08-10 13:17:31 +00:00
Andreas Schneider
db8849ea05 testprogs: Reformat upgradeprovision-oldrelease.sh 
shfmt -w -p -i 0 -fn testprogs/blackbox/upgradeprovision-oldrelease.sh

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
 2022-08-10 13:17:31 +00:00
Andreas Schneider
c1325fc1fd testprogs: Reformat tombstones-expunge.sh 
shfmt -w -p -i 0 -fn testprogs/blackbox/tombstones-expunge.sh

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
 2022-08-10 13:17:31 +00:00
Andreas Schneider
022f5aa77b testprogs: Reformat test_wintest.sh 
shfmt -w -p -i 0 -fn testprogs/blackbox/test_wintest.sh

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
 2022-08-10 13:17:31 +00:00
Andreas Schneider
1c89bdb6a9 testprogs: Reformat test_weak_disable_ntlmssp_ldap.sh 
shfmt -w -p -i 0 -fn testprogs/blackbox/test_weak_disable_ntlmssp_ldap.sh

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
 2022-08-10 13:17:31 +00:00
Andreas Schneider
4973baf665 testprogs: Reformat test_weak_crypto_server.sh 
shfmt -w -p -i 0 -fn testprogs/blackbox/test_weak_crypto_server.sh

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
 2022-08-10 13:17:31 +00:00
Andreas Schneider
34322c499e testprogs: Reformat test_weak_crypto.sh 
shfmt -w -p -i 0 -fn testprogs/blackbox/test_weak_crypto.sh

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
 2022-08-10 13:17:31 +00:00
Andreas Schneider
138e7f0505 testprogs: Reformat test_trust_utils.sh 
shfmt -w -p -i 0 -fn testprogs/blackbox/test_trust_utils.sh

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
 2022-08-10 13:17:31 +00:00
Andreas Schneider
8c65813c4a testprogs: Reformat test_trust_user_account.sh 
shfmt -w -p -i 0 -fn testprogs/blackbox/test_trust_user_account.sh

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
 2022-08-10 13:17:31 +00:00
Andreas Schneider
eced093915 testprogs: Reformat test_trust_token.sh 
shfmt -w -p -i 0 -fn testprogs/blackbox/test_trust_token.sh

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
 2022-08-10 13:17:31 +00:00
Andreas Schneider
12d67003ce testprogs: Reformat test_trust_ntlm.sh 
shfmt -w -p -i 0 -fn testprogs/blackbox/test_trust_ntlm.sh

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
 2022-08-10 13:17:31 +00:00
Andreas Schneider
854a45ca24 testprogs: Reformat test_special_group.sh 
shfmt -w -p -i 0 -fn testprogs/blackbox/test_special_group.sh

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>

Autobuild-User(master): Pavel Filipensky <pfilipensky@samba.org>
Autobuild-Date(master): Wed Aug 10 10:21:48 UTC 2022 on sn-devel-184
 2022-08-10 10:21:48 +00:00
Andreas Schneider
2d64eafa8b testprogs: Reformat test_smbtorture_test_names.sh 
shfmt -w -p -i 0 -fn testprogs/blackbox/test_smbtorture_test_names.sh

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
 2022-08-10 09:22:30 +00:00
Andreas Schneider
dae369f483 testprogs: Reformat test_samba_upgradedns.sh 
shfmt -w -p -i 0 -fn testprogs/blackbox/test_samba_upgradedns.sh

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
 2022-08-10 09:22:30 +00:00
Andreas Schneider
eff28db8d6 testprogs: Reformat test_samba-tool_ntacl.sh 
shfmt -w -p -i 0 -fn testprogs/blackbox/test_samba-tool_ntacl.sh

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
 2022-08-10 09:22:30 +00:00
Andreas Schneider
f1ebc2d78f testprogs: Reformat test_s4u_heimdal.sh 
shfmt -w -p -i 0 -fn testprogs/blackbox/test_s4u_heimdal.sh

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
 2022-08-10 09:22:30 +00:00
Andreas Schneider
4627320e94 testprogs: Reformat test_rpcclient_schannel.sh 
shfmt -w -p -i 0 -fn testprogs/blackbox/test_rpcclient_schannel.sh

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
 2022-08-10 09:22:30 +00:00
Andreas Schneider
ef9dc7277e testprogs: Reformat test_primary_group.sh 
shfmt -w -p -i 0 -fn testprogs/blackbox/test_primary_group.sh

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
 2022-08-10 09:22:30 +00:00
Andreas Schneider
6e300ccd19 testprogs: Reformat test_pkinit_simple.sh 
shfmt -w -p -i 0 -fn testprogs/blackbox/test_pkinit_simple.sh

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
 2022-08-10 09:22:30 +00:00
Andreas Schneider
c253c99d52 testprogs: Reformat test_pkinit_pac.sh 
shfmt -w -p -i 0 -fn testprogs/blackbox/test_pkinit_pac.sh

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
 2022-08-10 09:22:30 +00:00
Andreas Schneider
9d1a255232 testprogs: Reformat test_pdbtest.sh 
shfmt -w -p -i 0 -fn testprogs/blackbox/test_pdbtest.sh

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
 2022-08-10 09:22:30 +00:00
Andreas Schneider
8490449f60 testprogs: Reformat test_password_settings.sh 
shfmt -w -p -i 0 -fn testprogs/blackbox/test_password_settings.sh

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
 2022-08-10 09:22:30 +00:00
Andreas Schneider
c7d0134204 testprogs: Reformat test_old_enctypes.sh 
shfmt -w -p -i 0 -fn testprogs/blackbox/test_old_enctypes.sh

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
 2022-08-10 09:22:30 +00:00
Andreas Schneider
0a4eb5d892 testprogs: Reformat test_offline_logon.sh 
shfmt -w -p -i 0 -fn testprogs/blackbox/test_offline_logon.sh

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
 2022-08-10 09:22:30 +00:00
Andreas Schneider
7403de7eaf testprogs: Reformat test_net_rpc_user.sh 
shfmt -w -p -i 0 -fn testprogs/blackbox/test_net_rpc_user.sh

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
 2022-08-10 09:22:30 +00:00
Andreas Schneider
a43a7e78f9 testprogs: Reformat test_net_offline.sh 
shfmt -w -p -i 0 -fn testprogs/blackbox/test_net_offline.sh

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
 2022-08-10 09:22:30 +00:00
Andreas Schneider
8a4a8b7a3a testprogs: Reformat test_net_ads_fips.sh 
shfmt -w -p -i 0 -fn testprogs/blackbox/test_net_ads_fips.sh

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
 2022-08-10 09:22:30 +00:00
Andreas Schneider
865531f9c6 testprogs: Reformat test_net_ads_dns.sh 
shfmt -w -p -i 0 -fn testprogs/blackbox/test_net_ads_dns.sh

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
 2022-08-10 09:22:30 +00:00
Andreas Schneider
81f1694995 testprogs: Reformat test_net_ads.sh 
shfmt -w -p -i 0 -fn testprogs/blackbox/test_net_ads.sh

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
 2022-08-10 09:22:30 +00:00
Andreas Schneider
c44289ce1c testprogs: Reformat test_ldb_simple.sh 
shfmt -w -p -i 0 -fn testprogs/blackbox/test_ldb_simple.sh

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
 2022-08-10 09:22:30 +00:00
Andreas Schneider
19f73f19f4 testprogs: Reformat test_ldb.sh 
shfmt -w -p -i 0 -fn testprogs/blackbox/test_ldb.sh

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
 2022-08-10 09:22:30 +00:00
Volker Lendecke
4d015b4b6d smbstatus: Fix the 32-bit build on FreeBSD 
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Aug  9 20:04:26 UTC 2022 on sn-devel-184
 2022-08-09 20:04:26 +00:00
Volker Lendecke
b1b513eebb smbd: Use dirfsp where we have it 
One reference to conn->cwd_fsp less, makes "mkdir" look less ugly in
strace.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2022-08-09 19:07:29 +00:00
Pavel Filipenský
d6490bdc0f s3:passdb: Remove unused function secrets_fetch_trust_account_password() 
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Aug  8 19:03:08 UTC 2022 on sn-devel-184
 2022-08-08 19:03:08 +00:00