1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00
Commit Graph

135130 Commits

Author SHA1 Message Date
Andrew Bartlett
07d2b28fb3 CVE-2023-4154 dsdb/tests: Use self.addCleanup() and delete_force()
Thie helps ensure this test is reliable even in spite of errors while
running.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2023-10-10 14:49:39 +00:00
Andrew Bartlett
6578a65ed7 CVE-2023-4154 dsdb/tests: Do not run SimpleDirsyncTests twice
To re-use setup code, the super-class must have no test_*() methods
otherwise these will be run as well as the class-local tests.

We rename tests that would otherwise have duplicate names

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2023-10-10 14:49:39 +00:00
Ralph Boehme
b70f4f8681 CVE-2023-4091: smbd: use open_access_mask for access check in open_file()
If the client requested FILE_OVERWRITE[_IF], we're implicitly adding
FILE_WRITE_DATA to the open_access_mask in open_file_ntcreate(), but for the
access check we're using access_mask which doesn't contain the additional
right, which means we can end up truncating a file for which the user has
only read-only access via an SD.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15439

Signed-off-by: Ralph Boehme <slow@samba.org>
2023-10-10 14:49:39 +00:00
Ralph Boehme
b1fd656941 CVE-2023-4091: smbtorture: test overwrite dispositions on read-only file
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15439

Signed-off-by: Ralph Boehme <slow@samba.org>
2023-10-10 14:49:39 +00:00
Jeremy Allison
5ed25efb07 CVE-2023-3961:s3: smbd: Remove the SMB_ASSERT() that crashes on bad pipenames.
We correctly handle this and just return ENOENT (NT_STATUS_OBJECT_NAME_NOT_FOUND).

Remove knowfail.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15422

Signed-off-by: Jeremy Allison <jra@samba.org>
2023-10-10 14:49:39 +00:00
Jeremy Allison
c39f90a124 CVE-2023-3961:s3:torture: Add test SMB2-INVALID-PIPENAME to show we allow bad pipenames with unix separators through to the UNIX domain socket code.
The raw SMB2-INVALID-PIPENAME test passes against Windows 2022,
as it just returns NT_STATUS_OBJECT_NAME_NOT_FOUND.

Add the knownfail.

BUG:https://bugzilla.samba.org/show_bug.cgi?id=15422

Signed-off-by: Jeremy Allison <jra@samba.org>
2023-10-10 14:49:39 +00:00
Jeremy Allison
ae476e1c28 CVE-2023-3961:s3:smbd: Catch any incoming pipe path that could exit socket_dir.
For now, SMB_ASSERT() to exit the server. We will remove
this once the test code is in place.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15422

Signed-off-by: Jeremy Allison <jra@samba.org>
2023-10-10 14:49:39 +00:00
Volker Lendecke
a6b66661c7 ctdb: Add "home_nodes" file to deterministic IP allocation
With a file "home_nodes" next to "public_addresses" you can assign
public IPs to specific nodes when using the deterministic allocation
algorithm. Whenever the "home node" is up, the IP address will be
assigned to that node, independent of any other deterministic
calculation. The line

192.168.21.254 2

in the file "home_nodes" assigns the IP address to node 2. Only when
node 2 is not able to host IP addresses, 192.168.21.254 undergoes the
normal deterministic IP allocation algorithm.

Signed-off-by: Volker Lendecke <vl@samba.org>

add home_nodes
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Oct 10 14:17:19 UTC 2023 on atb-devel-224
2023-10-10 14:17:19 +00:00
Volker Lendecke
ea9cbbd830 ctdb: setup $CTDB_BASE for deterministic ip alloc tests
ipalloc_deterministic() will require it in the next patch

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2023-10-10 13:14:31 +00:00
Volker Lendecke
23ccb1c0ca ctdb: Align variable signedness
ipalloc_state->num_nodes is uint32_t
Reviewed-by: Ralph Boehme <slow@samba.org>
2023-10-10 13:14:31 +00:00
Volker Lendecke
ce3243d7b2 ctdb: Reduce indentation in get_tunable_values()
Use an early return tvals; review with "git sh -b".

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2023-10-10 13:14:31 +00:00
Volker Lendecke
58ec800928 ctdb: Fix whitespace
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2023-10-10 13:14:31 +00:00
Ralph Boehme
633a3ee689 s3: smbd: Ignore fstat() error on deleted stream in fd_close().
In the fd_close() fsp->fsp_flags.fstat_before_close code path.

If this is a stream and delete-on-close was set, the
backing object (an xattr from streams_xattr) might
already be deleted so fstat() fails with
NT_STATUS_NOT_FOUND. So if fsp refers to a stream we
ignore the error and only bail for normal files where
an fstat() should still work. NB. We cannot use
fsp_is_alternate_stream(fsp) for this as the base_fsp
has already been closed at this point and so the value
fsp_is_alternate_stream() checks for is already NULL.

Remove knownfail.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=15487

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Oct 10 09:39:27 UTC 2023 on atb-devel-224
2023-10-10 09:39:27 +00:00
Volker Lendecke
23deb79a28 tests: Add reproducer for bug 15487
Show that smbd crashes if asked to return full information on close of a
stream handle with delete on close disposition set.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=15487

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-10-10 08:19:29 +00:00
Volker Lendecke
340f0420bd pylibsmb: Add SMB2_CLOSE_FLAGS_FULL_INFORMATION constant
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15487

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-10-10 08:19:29 +00:00
Volker Lendecke
c4047443a5 libsmb: Pass "flags" through cli_close_send() and pylibsmb
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15487

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-10-10 08:19:29 +00:00
Volker Lendecke
f72ef19cf5 libsmb: Add "flags" to cli_smb2_close_fnum_send()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15487

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-10-10 08:19:29 +00:00
Volker Lendecke
d1846452e9 vfs: Add VFS_OPEN_HOW_WITH_BACKUP_INTENT
Indicate BACKUP_INTENT to vfs_openat(). Why? I have a customer request
who wants to add O_NOATIME in this case to avoid metadata updates when
a backup or virus-checking application comes along.

This does not fully handle BACKUP_INTENT correctly, this would require
become_root() appropriately. We might want to do that later after a
lot of careful security audit, but this patch independently might
already provide some infrastructure for it.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Oct  5 14:00:33 UTC 2023 on atb-devel-224
2023-10-05 14:00:33 +00:00
Volker Lendecke
f701faf667 smbd: Remove "flags2" from open_file_ntcreate()
"flags" carried just the O_ACCMODE bits, "flags2" everything
else. Unify them.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2023-10-05 12:58:33 +00:00
Volker Lendecke
02d9321ce0 smbd: Pass struct vfs_open_how to open_file()
We want to pass BACKUP_INTENT down into reopen_from_fsp, and the
elegant way is to do this via vfs_open_how.resolve.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2023-10-05 12:58:33 +00:00
Volker Lendecke
7c35676987 smbd: Remove "local_flags" from open_file()
This needs close review. I could not see where we were actually
referencing the original flags in a way that would not be available in
local_flags. The reason for this patch is that I want to pass in
vfs_open_how into open_file(), and the distinction between flags and
local_flags made this significantly harder to understand for me.

The only place where we really used both versions is the DBG_NOTICE in
the last hunk, and this will come back in the next patch.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2023-10-05 12:58:33 +00:00
Volker Lendecke
6ec031b2d1 smbd: Make open_file() a bit safer
Move adding O_RDWR before the check for read only shares. I haven't
been able to pass this condition through SMB, but in any case we
should not accidentially open with O_RDWR in the !CAN_WRITE(conn)
case.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2023-10-05 12:58:33 +00:00
Volker Lendecke
884b9926b9 smbd: Simplify open_file()
Simplify an if-condition:

We have to return NT_STATUS_OBJECT_NAME_INVALID even if we're not
creating. In fact, we probably should not end up in open_file() if
we're open a Windows file with a wildcard.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2023-10-05 12:58:33 +00:00
Volker Lendecke
814b37bdcf smbd: Simplify open_file()
We have extracted FSP_POSIX_FLAGS_PATHNAMES above.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2023-10-05 12:58:33 +00:00
Volker Lendecke
f8645c7a10 smbd: Simplify open_file()
We handle O_TRUNC further down anyway by passing local_flags&~O_TRUNC to
reopen_from_fsp(). No need for this FIFO special case.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2023-10-05 12:58:33 +00:00
Volker Lendecke
df78af9893 smbd: Simplify an if-condition in open_file()
We use the plain (flags&O_TRUNC) a few lines above, make the
if-condition a bit more readable.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2023-10-05 12:58:33 +00:00
Volker Lendecke
45005d4b71 smbd: Simplify open_file()
We can unconditionally just and-out O_CREAT from local_flags, so
remove an if-condition.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2023-10-05 12:58:33 +00:00
Volker Lendecke
ad7b119b8b smbd: Don't change incoming flags in open_file()
This will be part of a const struct vfs_open_how soon. Further down in
this function we don't look at O_CREAT or O_EXCL of "flags" anymore
anyway.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2023-10-05 12:58:33 +00:00
Volker Lendecke
3f4c937dcf smbd: Remove variable "accmode" from open_file()
We directly look at the flags in many other places in this function,
so do this also for O_ACCMODE for clarity.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2023-10-05 12:58:33 +00:00
Volker Lendecke
236df26a1f smbd: Slightly simplify open_file()
Replace "truncating" variable reference with what it was defined
as. We use "(flags & O_TRUNC)" a few lines above, so it can't be that
bad.

After we set it to "false" further down, it was never used again.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2023-10-05 12:58:33 +00:00
Volker Lendecke
2a53fdeb44 smbd: Pass "struct vfs_open_how" to reopen_from_fsp()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2023-10-05 12:58:33 +00:00
Volker Lendecke
7996c07bd8 smbd: Pass "struct vfs_open_how" to fd_open_atomic()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2023-10-05 12:58:33 +00:00
Volker Lendecke
4b376fff03 smbd: Pass "struct vfs_open_how" to reopen_from_procfd()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2023-10-05 12:58:33 +00:00
Volker Lendecke
cb89ea70b1 libsmb: Use pidl generated parsing for posix file info
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Oct  4 21:26:20 UTC 2023 on atb-devel-224
2023-10-04 21:26:20 +00:00
Volker Lendecke
cb166028c4 libsmb: Pass NTTIME to interpret_long_date()
Separate concerns of conversion and pulling off the wire. Needed soon
for smb311 pidl generated parsing.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-10-04 20:31:36 +00:00
Volker Lendecke
82a12f7a9a libndr: Factor out ndr_pull_struct_blob_noalloc()
smb3_file_posix_information is variable length with something behind.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-10-04 20:31:36 +00:00
Volker Lendecke
7b86570216 smbd: Remove unused marshalling of smb3posix file information
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-10-04 20:31:36 +00:00
Volker Lendecke
2d6c643ebd smbd: Use Use smb3posix marshalling in in smbd_do_qfilepathinfo()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-10-04 20:31:36 +00:00
Volker Lendecke
b573e1da92 smbd: Use Use smb3posix marshalling in in smbd_marshall_dir_entry()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-10-04 20:31:36 +00:00
Volker Lendecke
a8593ad376 smbd: Modernize a DEBUG statement
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-10-04 20:31:36 +00:00
Volker Lendecke
36fd98a5ef smbd: Add smb3_file_posix_information_init()
Copy the logic from store_smb2_posix_info() to allow use of
ndr_push_smb3_file_posix_information().

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-10-04 20:31:36 +00:00
Volker Lendecke
6874ed6a9d smbd: Use smb3posix marshalling in smbd_smb2_create_after_exec()
Signed-off-by: Volker Lendecke <vl@samba.org>
2023-10-04 20:31:36 +00:00
Volker Lendecke
8107aafb40 idl: Add smb3posix.idl
Let PIDL take care of encoding SMB2_FILE_POSIX_INFORMATION. This way
we also get parsing.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-10-04 20:31:36 +00:00
Volker Lendecke
6f91cce14e libsmb: Allow NULL print_name in reparse_data_buffer_marshall()
read_symlink_reparse() does this.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-10-04 20:31:36 +00:00
Volker Lendecke
7f1ee32a1b pylibsmb: Py_BuildValue can build tuples directly
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-10-04 20:31:36 +00:00
Volker Lendecke
078db302a6 tests: Run smb3unix tests with SMB1
We want to create native FIFOs with smb1 extensions

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-10-04 20:31:36 +00:00
Volker Lendecke
52c3edb282 tests: We always do smb3 unix extensions
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-10-04 20:31:36 +00:00
Martin Schwenke
3ee348a966 ctdb-scripts: Convert 40.vsftpd to use threshold-based fail counting
This effectively provides simple testing for the threshold-based
approach.

Add new script option CTDB_VSFTPD_MONITOR_THRESHOLDS.

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Tue Oct  3 04:53:38 UTC 2023 on atb-devel-224
2023-10-03 04:53:38 +00:00
Martin Schwenke
8303c3a534 ctdb-scripts: Implement failcount handling with thresholds
This can be used for simple failure counting, without restarts, as
used in the 40.vsftpd event script.  That case will subsequently be
converted and this functionality can also be used elsewhere.

Add documentation to ctdb-script.options(5) to allow parameters that
use this to be more easily described.

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2023-10-03 03:53:35 +00:00
Martin Schwenke
4981984dd4 ctdb-scripts: Avoid errors for uninitialised counters
Uninitialised counters are treated as 0, but still produce an error.

The redirect to stderr needs to come before the redirect for a missing
counter file.

The seemingly saner alternative of moving it outside the subshell
works when dash is /bin/sh (e.g. on Debian) but does not work when
bash is /bin/sh (e.g. on Fedora).

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2023-10-03 03:53:35 +00:00