1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00
Commit Graph

61240 Commits

Author SHA1 Message Date
Andreas Schneider
8a873f8977 s3:utils: Call gfree_all() before exit in smbfilter
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-25 22:23:37 +00:00
Andreas Schneider
f849efebb8 s3:utils: Remove trailing white spaces in smbfilter.c
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-25 22:23:37 +00:00
Andreas Schneider
2eee959fab s3:utils: Call gfree_all() before exit in smbcquotas
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-25 22:23:37 +00:00
Andreas Schneider
6d482485ca s3:utils: Call gfree_all() before exit in smbcontrol
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-25 22:23:37 +00:00
Andreas Schneider
9428fa3599 s3:utils: Call gfree_all() before exit in smbcacls
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-25 22:23:37 +00:00
Andreas Schneider
d7a8e63f1d s3:utils: Call gfree_all() before exit in sharesec
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-25 22:23:37 +00:00
Andreas Schneider
72add41e2a s3:utils: Call gfree_all() before exit in regedit
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-25 22:23:37 +00:00
Andreas Schneider
66c7697615 s3:utils: Call gfree_all() before exit in pdbedit
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-25 22:23:37 +00:00
Andreas Schneider
8482d46fab s3:utils: Call gfree_all() before exit in ntlm_auth
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-25 22:23:37 +00:00
Andreas Schneider
0653f78bcc s3:utils: Call gfree_all() before exit in net
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-25 22:23:37 +00:00
Joseph Sutton
3c4714bc83 s3:rpc_server: Correctly reset DEVMODE bit
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Oct 25 21:40:33 UTC 2023 on atb-devel-224
2023-10-25 21:40:33 +00:00
Ralph Boehme
7c8dea14da smbtorture: add test for fruit:validate_afpinfo option
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Oct 24 22:30:06 UTC 2023 on atb-devel-224
2023-10-24 22:30:06 +00:00
Ralph Boehme
825a992a62 vfs_fruit: add option fruit:validate_afpinfo = yes|no (default: yes)
Allows disabling validation of AfpInfo stream data. It seems in data migration
scenarios from other SMB servers to Samba with fruit, somehow such invalid
streams are present on the source SMB server and can't be copied to Samba.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-10-24 21:31:38 +00:00
Noel Power
6830b796ac s3:/winbindd: remove parse_domain_user_fstr
Last caller of parse_domain_user_fstr has been removed so
we can safely remove the function

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Tue Oct 24 13:47:16 UTC 2023 on atb-devel-224
2023-10-24 13:47:16 +00:00
Noel Power
5640d7ab6c s3/winbindd: use parse_domain_user instead of parse_domain_user_fstr
In canonicalize_username replace use of parse_domain_user_fstr
with parse_domain_user

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-10-24 12:43:37 +00:00
Noel Power
b4bdd341a7 s3/winbindd: replace use of parse_domain_user_fstr with parse_domain_user
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-10-24 12:43:37 +00:00
Noel Power
89fb5eee53 s3/winbindd: replace parse_domain_user_fn with parse_domain_user
In winbindd_getgrnam_send use parse_domain_user instead of
parse_domain_user_fstr

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-10-24 12:43:37 +00:00
Noel Power
b5427ef86b s3/winbindd: use parse_domain_user instead of parse_domain_user_fstr
In winbindd_ccache_ntlm_auth replace use of parse_domain_user_fstr
with parse_domain_user

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-10-24 12:43:37 +00:00
Noel Power
9d5652ec02 s3/winbindd: use parse_domain_user instead of parse_domain_user_fstr
in winbindd_getpwnam_send replace parse_domain_user_fstr with
parse_domain_user

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-10-24 12:43:37 +00:00
Noel Power
f734b1b2fc s3/winbindd: use parse_domain_user_fstr instead of parse_domain_user
in winbindd_getgroups_send replace parse_domain_user_fstr
with parse_domain_user

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-10-24 12:43:37 +00:00
Noel Power
d4341d4884 s3/winbindd: Add new parse_domain_user function
Adds a new parse_domain_user function which doesn't use fstrings
but instead uses talloc allocated out strings (created from passed in
ctx)

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-10-24 12:43:37 +00:00
Noel Power
87a919082b s3/winbindd: rename parse_domain_user to parse_domain_user_fstr
prepare to port parse_domain_user function to not use fstrings.
rename function parse_domain_user (and all callers) to use
parse_domain_user_fstr

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-10-24 12:43:37 +00:00
Noel Power
c6fe21e138 s3/winbindd: remove canonicalize_username_fstr
not longer any callers to canonicalize_username_fstr so it
can be removed

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-10-24 12:43:37 +00:00
Noel Power
d1beafe7cc s3/winbindd: in winbindd_pam_chauthtok_send use canonicalize_username
replace use of canonicalize_username_fstr with canonicalize_username

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-10-24 12:43:37 +00:00
Noel Power
be6ed28f02 s3/winbindd: in winbindd_pam_auth_send use canonicalize_username
replace use of canonicalize_username_fstr with canonicalize_username

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-10-24 12:43:37 +00:00
Noel Power
85e8d33a33 s3/winbindd: in winbindd_pam_logoff_send use canonicalize_username
replace use of canonicalize_username_fstr with canonicalize_username

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-10-24 12:43:37 +00:00
Noel Power
aa3febfddc s3/winbindd: in winbindd_ccache_save use canonicalize_username
replace use of canonicalize_username_fstr with canonicalize_username

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-10-24 12:43:37 +00:00
Noel Power
2e06bf9feb s3/winbindd: Add new canonicalize_username function
Add a mew canonicalize_username replacement function for
canonicalize_username_fstr which doesn't use fstrings but instead
uses talloc allocated strings

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-10-24 12:43:37 +00:00
Noel Power
7e1f210b9a s3/winbindd: rename canonicalize_username to canonicalize_username_fstr
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-10-24 12:43:37 +00:00
Noel Power
9267d9b268 s3/winbind: Ensure parse_domain_user() can't write beyond the end of domain[]
fail if we try to write beyond the fstring boundry

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15467
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-10-24 12:43:37 +00:00
Stefan Metzmacher
3f4f80edba smb2_server: monitor connections with TEVENT_FD_ERROR
By asking for TEVENT_FD_ERROR we're able to fail early
when a connection to a client is broken.

In that case it does not make any sense to process
pending requests in the recv queue as it's not
possible to deliver the response to the client anyway.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Oct 24 10:32:56 UTC 2023 on atb-devel-224
2023-10-24 10:32:56 +00:00
Stefan Metzmacher
c5201cd0b5 s3:rpc_server: make use of tstream_bsd_fail_readv_first_error(true)
This avoids doing useless work in case the client connection
is already broken.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-24 09:36:38 +00:00
Stefan Metzmacher
d9c416baa9 s3:libsmb: the unexpected handler use tstream_bsd_fail_readv_first_error(true)
This avoids doing useless work in case the client connection
is already broken.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-24 09:36:37 +00:00
Ralph Boehme
52fd0d79ab smbd: put back code to fill in user and group SID
This is accidentally removed by 6874ed6a9d.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Oct 18 16:46:00 UTC 2023 on atb-devel-224
2023-10-18 16:46:00 +00:00
Pavel Filipenský
14600a3128 s3:libads: Improve logging for failover scenarios
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Pavel Filipensky <pfilipensky@samba.org>
Autobuild-Date(master): Wed Oct 18 15:47:09 UTC 2023 on atb-devel-224
2023-10-18 15:47:09 +00:00
Pavel Filipenský
5f7a834eff s3:libsmb: Improve logging for failover scenarios
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-10-18 14:43:37 +00:00
Pavel Filipenský
6063f3ee73 s3:winbindd: Improve logging for failover scenarios in winbindd_pam.c
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-10-18 14:43:37 +00:00
Pavel Filipenský
21bb84ed1c s3:winbindd: Improve logging for failover scenarios in winbindd_cm.c
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-10-18 14:43:37 +00:00
MikeLiu
f392fdfd47 shadow_copy2: Add missing TALLOC_FREE
Signed-off-by: MikeLiu <mikeliu@qnap.com>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Oct 17 20:22:18 UTC 2023 on atb-devel-224
2023-10-17 20:22:18 +00:00
Stefan Metzmacher
7a7a38b870 librpc/rpc: also get the 2nd half of the ndr_syntax_id from a floor
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-17 19:20:38 +00:00
Stefan Metzmacher
ac392c35e4 s3:rpc_server: let create_policy_hnd() return a pointer
This allows a TALLOC_FREE() on it to unregister and destroy the
handle easily.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-17 19:20:38 +00:00
Stefan Metzmacher
f8b76235fe s3:rpc_server: distribute clients based on available association group slots
The important factor to distribute connection to workers
should be the number of used association group slots instead
of the raw number of connections. If one worker has a lot of
association groups with just one connection each, but another
with few association groups, but multiple connections per
association group. The one with less association groups should
get the connection. Note each worker is only able to allocate
UINT16_MAX allocation groups, but the number of connections
is only limited by RAM.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-17 19:20:38 +00:00
Stefan Metzmacher
40e780ad16 dcesrv_core: maintain the number of allocated association groups per dce_ctx
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-17 19:20:38 +00:00
Stefan Metzmacher
2c2c2f4368 s3:rpc_server: improve debugging in rpc_host_distribute_clients()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-17 19:20:38 +00:00
Stefan Metzmacher
cd2cb49179 s3:rpc_server: simplify rpc_host_find_worker()
This will help me in the next commits.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-17 19:20:38 +00:00
Stefan Metzmacher
eb8cf371b8 s3:rpc_server: correctly allow up to 65536 workers processes
We already limit the per worker portion of the association
group id to UINT16_MAX, so we can also use 16-bit instead
of just 8-bit to encode the worker index.

While there we should actually ensure that the max worker
index is UINT16_MAX.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-17 19:20:38 +00:00
Stefan Metzmacher
e4bdab659b rpc_host.idl: change server_index from uint8 to uint32
This reflects what we're using in the C code already...

Note this is an incompatible change, but we also changed
from named_pipe_auth_req_info7 to named_pipe_auth_req_info8
in master...

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-17 19:20:38 +00:00
Stefan Metzmacher
94723b6732 s3:rpc_server: call reopen_logs before we print the copyright notice
This matches what we do in smbd, winbindd and nmbd.

For the workers it's important to call it at all, otherwise
things like 'debug pid = yes' or 'debug class = yes' have no effect
in the workers.

We could argue if we want the copyright notice on the start
of each worker at all, but that's a different discussion...

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-17 19:20:38 +00:00
Stefan Metzmacher
f35baa4eb2 s3:rpc_server: make use of dcesrv_register_default_auth_types[_machine_principal]()
This mostly matches windows now...

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-17 19:20:38 +00:00
Stefan Metzmacher
ae38cfe6da s3:rpc_server: let get_servers() callback of rpc_worker_main() return NTSTATUS
This means the rpc_worker_main() logic is the only layer that
needs to call exit() and its able to do some cleanup before.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-17 19:20:38 +00:00
Stefan Metzmacher
2d73b1e061 s3:rpc_server: let register_ep_server() errors result in DBG_ERR()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-17 19:20:38 +00:00
Stefan Metzmacher
2a290dcb94 s3:selftest: also run rpc.mgmt against the nt4_dc (and ad_dc)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-17 19:20:38 +00:00
Pavel Filipenský
237b6fc3ad s3:tests: Plan test_smbspool_krb.sh for environment ad_member_fips
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Pavel Filipensky <pfilipensky@samba.org>
Autobuild-Date(master): Tue Oct 17 19:19:32 UTC 2023 on atb-devel-224
2023-10-17 19:19:32 +00:00
Pavel Filipenský
0f107f2f4c s3:tests: Add smbspool test using kerberos authentication: test_smbspool_krb.sh
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-10-17 18:23:32 +00:00
Pavel Filipenský
8a97538c19 s3:tests: The correct name of shell variable is 'samba_smbspool_krb5'
There is no shell variable named 'smbspool_krb5'.

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-10-17 18:23:32 +00:00
Joseph Sutton
39a4d27a83 s3:script: Remove semicolons
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-13 03:50:31 +00:00
Günther Deschner
e05c83408f s3-iremotewinspool: check for correct object_uuid in dispatch fn.
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-13 02:18:31 +00:00
Günther Deschner
e7a4c86878 s3-iremotewinspool: properly map incoming PAR to RPRN requests.
Map the incoming iremotewinspool opnum to match the appropriate call in
the spoolss server in the pull path.

There is no 1:1 mapping in the opnums between the procols, only in the
corresponding functions.

Without doing the mapping we currently forward
e.g. winspool_AsyncOpenPrinter() to spoolss_EnumPrinters() leading to
all sorts of errors.

A correct mapping was in place earlier with an handsorted server call
table but it got removed with the rpc server rewrite.

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-13 02:18:31 +00:00
Günther Deschner
7f3f6530d4 s3-iremotewinspool: add PAR->RPRN mapping table
There is no 1:1 mapping between the opcodes but between the functions
(including _Ex and _2 naming extensions):

e.g.
winspool_AsyncOpenPrinter  (0x00) -> spoolss_OpenPrinterEx (0x45)
winspool_AsyncClosePrinter (0x14) -> spoolss_ClosePrinter  (0x1d)

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-13 02:18:31 +00:00
Joseph Sutton
ac00851fc9 s3:utils: Check return value of cli_RNetServiceEnum() (CID 1273313)
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-13 02:18:31 +00:00
Joseph Sutton
59e1687321 s3:utils: Avoid integer overflow (CID 1035488)
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-13 02:18:31 +00:00
Joseph Sutton
7eaad46f8c smb2_server: Check status codes (CID 1474441)
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-13 02:18:31 +00:00
Joseph Sutton
7774ca87e7 smb2_server: Remove unreachable code (CID 1444981)
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-13 02:18:31 +00:00
Joseph Sutton
68fb12cb79 Revert "smbd: Fix CID 1504457 Resource leak"
We cannot free ‘enc’ — it may be a copy of ‘buffer’, in which parameter
both construct_reply_chain() and smb_request_done() pass arrays of
automatic storage duration!

Fixes CID 1505354.

This reverts commit a395f752f0.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-13 02:18:31 +00:00
Joseph Sutton
dbf96126cb s3:smbd: Avoid integer overflow (CID 1035487)
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-13 02:18:31 +00:00
Joseph Sutton
1e4d4e6abd s3:rpcclient: Do not pass uninitialized pointer to printf() (CID 1476170)
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-13 02:18:31 +00:00
Joseph Sutton
67b2dc725d s3:nmbd: Remove redundant code (CID 1414756)
‘buf’ is reassigned a few lines down.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-13 02:18:31 +00:00
Joseph Sutton
c30aa741ee s3:modules: Initialize mask_permset (CID 1435850)
If this code had ever run, sys_acl_clear_perms() would have attempted to
write to some random address in memory. ‘mask_permset’ must be a valid
non‐NULL pointer.

Commit 9b79d5f2a2 seems to have been a
previous attempt to fix this issue.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-13 02:18:31 +00:00
Joseph Sutton
86b0755a4b s3:modules: Remove unreachable code (CID 1508998)
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-13 02:18:31 +00:00
Joseph Sutton
d53483a540 s3:libsmb: Fix array traversal (CID 1034683)
Commit 033185e2a1 changed the sentinel
value to an empty character array, but failed to update the traversal
code to match.

Commit 48a453996a then tried to fix the
situation, but did not do so correctly.

Fix this code by forgetting about sentinel values altogether.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-13 02:18:31 +00:00
Joseph Sutton
0c2d2f833e s3:libnet: Remove always‐false comparison (CID 241309)
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-13 02:18:31 +00:00
Joseph Sutton
728177088c Revert "s3:libads: Don’t do first loop iteration if ‘attr’ is NULL"
Fixes CID 1547073: Control flow issues (DEADCODE).

This reverts commit 184a48d657.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-13 02:18:31 +00:00
Joseph Sutton
7eb47179b5 s3:lib: Rearrange preprocessor directives to avoid structurally dead code (CID 242032)
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-13 02:18:31 +00:00
Joseph Sutton
3179fc2a70 s3:client: Correctly call setgroups() (CID 1449449)
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-13 02:18:31 +00:00
Volker Lendecke
4b9b7f70f2 libsmb: Use cli_smb2_qpathinfo_send() for SMB_QUERY_FILE_ALT_NAME_INFO
Remove one sync-only wrapper

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Oct 12 17:51:44 UTC 2023 on atb-devel-224
2023-10-12 17:51:44 +00:00
Volker Lendecke
6a4413c65c libsmbclient: Read the file type from the server with posix enabled
This does not really request posix extensions, but it depends on them
being activated because it changes behaviour.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-10-12 16:55:34 +00:00
Volker Lendecke
feb7803555 libsmbclient: Add smbc_[gs]etOptionPosixExtensions()
This is an obvious part of MR2888, not used anywhere yet. It will
eventually result in us requesting SMB311 posix semantics, but for now
it will just allow to change behaviour of libsmbclient that could
break unsuspecting applications.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-10-12 16:55:34 +00:00
Volker Lendecke
9e3856ecf8 libsmb: Parse reparse tag in query_directory response
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-10-12 16:55:34 +00:00
Volker Lendecke
4c44b6e199 libsmb: Query reparse tag in cli_qpathinfo2
Convert what we find to a file type

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-10-12 16:55:34 +00:00
Volker Lendecke
30f4129e86 libsmb: Add placeholder "mode" parameter to cli_qpathinfo2()
Unused so far: Patch stripped out to not clutter the real patches that
follow.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-10-12 16:55:34 +00:00
Volker Lendecke
77001b258f libsmb: Ask for posix semantics if requested
This is so far only for the getattr-style smb311 calls to request
case-sensitive semantics when "posix" was requested over smb311.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-10-12 16:55:34 +00:00
Volker Lendecke
8de01c31f3 smbclient: Always ask for SMB311 posix in negprot
This does not mean that we're actually using it (yet). We just probe
whether the server is willing to do it.

Enable the posix cli command for smb311 posix extensions.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-10-12 16:55:34 +00:00
Pavel Filipenský
027332cee5 s3:winbindd: Call winbind_add_failed_connection_entry() for the correct dc name
We were calling winbind_add_failed_connection_entry() for saf_servername
which is NULL.  domain->dcname should be used instead.

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Pavel Filipensky <pfilipensky@samba.org>
Autobuild-Date(master): Wed Oct 11 16:42:15 UTC 2023 on atb-devel-224
2023-10-11 16:42:15 +00:00
Pavel Filipenský
928ce91eb7 s3:winbindd: Skip check_negative_conn_cache() if saf_servername == NULL
saf_servername can be NULL even after calling saf_fetch().  Avoid
calling check_negative_conn_cache() like it was before commit 0fcf0012

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2023-10-11 15:37:28 +00:00
Volker Lendecke
6071220fcb libcli: Make debug_unix_user_token() use just one DEBUG statement
This avoids messing up the debug logs when multiple processes are
writing into the same file.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Oct 11 00:24:58 UTC 2023 on atb-devel-224
2023-10-11 00:24:58 +00:00
Volker Lendecke
a77c6b5939 smbd: is_in_path() deals with a NULL namelist
Don't need to check in the callers

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-10-10 23:23:40 +00:00
Volker Lendecke
a8dd943c11 smbd: Remove a pointless NULL check
boolean short-circuiting already gives us this condition.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-10-10 23:23:40 +00:00
Volker Lendecke
5130ade688 smbd: Use SMB_VFS_FSTATAT() instead of SMB_LSTAT()
Use the dirfsp when we have it available

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-10-10 23:23:40 +00:00
Volker Lendecke
d4a05fc145 smbd: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-10-10 23:23:40 +00:00
Volker Lendecke
9978953786 vfs: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-10-10 23:23:40 +00:00
Volker Lendecke
94dcbed38d smbd: Modernize two DBG statements
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-10-10 23:23:40 +00:00
Volker Lendecke
e8570f73ac smbd: Reduce indentation, remove a nested if-statement
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-10-10 23:23:40 +00:00
Volker Lendecke
0b38cd8ea7 smbd: Avoid casts in a DBG statement
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-10-10 23:23:40 +00:00
Volker Lendecke
446ae3f8e7 rpc_server3: Avoid a pointless DEBUGADD
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-10-10 23:23:40 +00:00
Volker Lendecke
be1cf356ad rpc_server3: Remove a duplicate comment
Review with "git sh -U20"

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-10-10 23:23:40 +00:00
Volker Lendecke
770f279ab7 pdb: Slightly simplify pdb_samba_dsdb_set_trusteddom_pw()
This is easier to read to me.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-10-10 23:23:40 +00:00
Volker Lendecke
8cd296e42d Remove IS_DOS_*() macros
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-10-10 23:23:40 +00:00
Volker Lendecke
b48d7a8e34 libsmb: Expand IS_DOS_DIR() macro
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-10-10 23:23:40 +00:00
Volker Lendecke
29895176d2 smbd: Expand IS_DOS_READONLY() macros
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-10-10 23:23:40 +00:00
Volker Lendecke
2829577594 smbd: Expand IS_DOS_ARCHIVE() macros
Together with the "dosmode | FILE_ATTRIBUTE_ARCHIVE" a line below this
is more obvious to me.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-10-10 23:23:40 +00:00
Volker Lendecke
226a7c7bc3 libsmb: Expand IS_DOS_* macros
To me these macros hide more than they clarify.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-10-10 23:23:40 +00:00
Volker Lendecke
817f68e4a1 smbd: Expand IS_DOS_* macros
To me these macros hide more than they clarify. In a lot of places we
already directly check for these flags without those macros. Unify
that.

Also, check for the dosmode bits first, lp_map_* is a bit more effort
to evaluate.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-10-10 23:23:40 +00:00
Andrew Bartlett
1fbf08e812 CVE-2023-42670 s3-rpc_server: Remove cross-check with "samba" EPM lookup
We now have ensured that no conflicting services attempt to start
so we do not need the runtime lookup and so avoid the risk that
the lookup may fail.

This means that any duplicates will be noticed early not just
in a race condition.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15473

Signed-off-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Jule Anger <janger@samba.org>
Autobuild-Date(master): Tue Oct 10 15:47:04 UTC 2023 on atb-devel-224
2023-10-10 15:47:04 +00:00
Andrew Bartlett
11ece30afa CVE-2023-42670 s3-rpc_server: Strictly refuse to start RPC servers in conflict with AD DC
Just as we refuse to start NETLOGON except on the DC, we must refuse
to start all of the RPC services that are provided by the AD DC.

Most critically of course this applies to netlogon, lsa and samr.

This avoids the supression of these services being the result of a
runtime epmapper lookup, as if that fails these services can disrupt
service to end users by listening on the same socket as the AD DC
servers.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15473

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2023-10-10 14:49:40 +00:00
Andrew Bartlett
a9c32f929b CVE-2023-42669 s3-rpc_server: Disable rpcecho for consistency with the AD DC
The rpcecho server in source3 does have samba the sleep() feature that
the s4 version has, but the task architecture is different, so there
is not the same impact.  Hoever equally this is not something that
should be enabled on production builds of Samba, so restrict to
selftest builds.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15474

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2023-10-10 14:49:40 +00:00
Andrew Bartlett
3cf1beed5d CVE-2023-42669 s4-rpc_server: Disable rpcecho server by default
The rpcecho server is useful in development and testing, but should never
have been allowed into production, as it includes the facility to
do a blocking sleep() in the single-threaded rpc worker.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15474

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2023-10-10 14:49:39 +00:00
Ralph Boehme
b70f4f8681 CVE-2023-4091: smbd: use open_access_mask for access check in open_file()
If the client requested FILE_OVERWRITE[_IF], we're implicitly adding
FILE_WRITE_DATA to the open_access_mask in open_file_ntcreate(), but for the
access check we're using access_mask which doesn't contain the additional
right, which means we can end up truncating a file for which the user has
only read-only access via an SD.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15439

Signed-off-by: Ralph Boehme <slow@samba.org>
2023-10-10 14:49:39 +00:00
Jeremy Allison
5ed25efb07 CVE-2023-3961:s3: smbd: Remove the SMB_ASSERT() that crashes on bad pipenames.
We correctly handle this and just return ENOENT (NT_STATUS_OBJECT_NAME_NOT_FOUND).

Remove knowfail.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15422

Signed-off-by: Jeremy Allison <jra@samba.org>
2023-10-10 14:49:39 +00:00
Jeremy Allison
c39f90a124 CVE-2023-3961:s3:torture: Add test SMB2-INVALID-PIPENAME to show we allow bad pipenames with unix separators through to the UNIX domain socket code.
The raw SMB2-INVALID-PIPENAME test passes against Windows 2022,
as it just returns NT_STATUS_OBJECT_NAME_NOT_FOUND.

Add the knownfail.

BUG:https://bugzilla.samba.org/show_bug.cgi?id=15422

Signed-off-by: Jeremy Allison <jra@samba.org>
2023-10-10 14:49:39 +00:00
Jeremy Allison
ae476e1c28 CVE-2023-3961:s3:smbd: Catch any incoming pipe path that could exit socket_dir.
For now, SMB_ASSERT() to exit the server. We will remove
this once the test code is in place.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15422

Signed-off-by: Jeremy Allison <jra@samba.org>
2023-10-10 14:49:39 +00:00
Ralph Boehme
633a3ee689 s3: smbd: Ignore fstat() error on deleted stream in fd_close().
In the fd_close() fsp->fsp_flags.fstat_before_close code path.

If this is a stream and delete-on-close was set, the
backing object (an xattr from streams_xattr) might
already be deleted so fstat() fails with
NT_STATUS_NOT_FOUND. So if fsp refers to a stream we
ignore the error and only bail for normal files where
an fstat() should still work. NB. We cannot use
fsp_is_alternate_stream(fsp) for this as the base_fsp
has already been closed at this point and so the value
fsp_is_alternate_stream() checks for is already NULL.

Remove knownfail.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=15487

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Oct 10 09:39:27 UTC 2023 on atb-devel-224
2023-10-10 09:39:27 +00:00
Volker Lendecke
340f0420bd pylibsmb: Add SMB2_CLOSE_FLAGS_FULL_INFORMATION constant
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15487

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-10-10 08:19:29 +00:00
Volker Lendecke
c4047443a5 libsmb: Pass "flags" through cli_close_send() and pylibsmb
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15487

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-10-10 08:19:29 +00:00
Volker Lendecke
f72ef19cf5 libsmb: Add "flags" to cli_smb2_close_fnum_send()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15487

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-10-10 08:19:29 +00:00
Volker Lendecke
d1846452e9 vfs: Add VFS_OPEN_HOW_WITH_BACKUP_INTENT
Indicate BACKUP_INTENT to vfs_openat(). Why? I have a customer request
who wants to add O_NOATIME in this case to avoid metadata updates when
a backup or virus-checking application comes along.

This does not fully handle BACKUP_INTENT correctly, this would require
become_root() appropriately. We might want to do that later after a
lot of careful security audit, but this patch independently might
already provide some infrastructure for it.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Oct  5 14:00:33 UTC 2023 on atb-devel-224
2023-10-05 14:00:33 +00:00
Volker Lendecke
f701faf667 smbd: Remove "flags2" from open_file_ntcreate()
"flags" carried just the O_ACCMODE bits, "flags2" everything
else. Unify them.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2023-10-05 12:58:33 +00:00
Volker Lendecke
02d9321ce0 smbd: Pass struct vfs_open_how to open_file()
We want to pass BACKUP_INTENT down into reopen_from_fsp, and the
elegant way is to do this via vfs_open_how.resolve.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2023-10-05 12:58:33 +00:00
Volker Lendecke
7c35676987 smbd: Remove "local_flags" from open_file()
This needs close review. I could not see where we were actually
referencing the original flags in a way that would not be available in
local_flags. The reason for this patch is that I want to pass in
vfs_open_how into open_file(), and the distinction between flags and
local_flags made this significantly harder to understand for me.

The only place where we really used both versions is the DBG_NOTICE in
the last hunk, and this will come back in the next patch.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2023-10-05 12:58:33 +00:00
Volker Lendecke
6ec031b2d1 smbd: Make open_file() a bit safer
Move adding O_RDWR before the check for read only shares. I haven't
been able to pass this condition through SMB, but in any case we
should not accidentially open with O_RDWR in the !CAN_WRITE(conn)
case.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2023-10-05 12:58:33 +00:00
Volker Lendecke
884b9926b9 smbd: Simplify open_file()
Simplify an if-condition:

We have to return NT_STATUS_OBJECT_NAME_INVALID even if we're not
creating. In fact, we probably should not end up in open_file() if
we're open a Windows file with a wildcard.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2023-10-05 12:58:33 +00:00
Volker Lendecke
814b37bdcf smbd: Simplify open_file()
We have extracted FSP_POSIX_FLAGS_PATHNAMES above.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2023-10-05 12:58:33 +00:00
Volker Lendecke
f8645c7a10 smbd: Simplify open_file()
We handle O_TRUNC further down anyway by passing local_flags&~O_TRUNC to
reopen_from_fsp(). No need for this FIFO special case.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2023-10-05 12:58:33 +00:00
Volker Lendecke
df78af9893 smbd: Simplify an if-condition in open_file()
We use the plain (flags&O_TRUNC) a few lines above, make the
if-condition a bit more readable.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2023-10-05 12:58:33 +00:00
Volker Lendecke
45005d4b71 smbd: Simplify open_file()
We can unconditionally just and-out O_CREAT from local_flags, so
remove an if-condition.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2023-10-05 12:58:33 +00:00
Volker Lendecke
ad7b119b8b smbd: Don't change incoming flags in open_file()
This will be part of a const struct vfs_open_how soon. Further down in
this function we don't look at O_CREAT or O_EXCL of "flags" anymore
anyway.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2023-10-05 12:58:33 +00:00
Volker Lendecke
3f4c937dcf smbd: Remove variable "accmode" from open_file()
We directly look at the flags in many other places in this function,
so do this also for O_ACCMODE for clarity.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2023-10-05 12:58:33 +00:00
Volker Lendecke
236df26a1f smbd: Slightly simplify open_file()
Replace "truncating" variable reference with what it was defined
as. We use "(flags & O_TRUNC)" a few lines above, so it can't be that
bad.

After we set it to "false" further down, it was never used again.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2023-10-05 12:58:33 +00:00
Volker Lendecke
2a53fdeb44 smbd: Pass "struct vfs_open_how" to reopen_from_fsp()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2023-10-05 12:58:33 +00:00
Volker Lendecke
7996c07bd8 smbd: Pass "struct vfs_open_how" to fd_open_atomic()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2023-10-05 12:58:33 +00:00
Volker Lendecke
4b376fff03 smbd: Pass "struct vfs_open_how" to reopen_from_procfd()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2023-10-05 12:58:33 +00:00
Volker Lendecke
cb89ea70b1 libsmb: Use pidl generated parsing for posix file info
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Oct  4 21:26:20 UTC 2023 on atb-devel-224
2023-10-04 21:26:20 +00:00
Volker Lendecke
cb166028c4 libsmb: Pass NTTIME to interpret_long_date()
Separate concerns of conversion and pulling off the wire. Needed soon
for smb311 pidl generated parsing.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-10-04 20:31:36 +00:00
Volker Lendecke
7b86570216 smbd: Remove unused marshalling of smb3posix file information
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-10-04 20:31:36 +00:00
Volker Lendecke
2d6c643ebd smbd: Use Use smb3posix marshalling in in smbd_do_qfilepathinfo()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-10-04 20:31:36 +00:00
Volker Lendecke
b573e1da92 smbd: Use Use smb3posix marshalling in in smbd_marshall_dir_entry()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-10-04 20:31:36 +00:00
Volker Lendecke
a8593ad376 smbd: Modernize a DEBUG statement
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-10-04 20:31:36 +00:00
Volker Lendecke
36fd98a5ef smbd: Add smb3_file_posix_information_init()
Copy the logic from store_smb2_posix_info() to allow use of
ndr_push_smb3_file_posix_information().

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-10-04 20:31:36 +00:00
Volker Lendecke
6874ed6a9d smbd: Use smb3posix marshalling in smbd_smb2_create_after_exec()
Signed-off-by: Volker Lendecke <vl@samba.org>
2023-10-04 20:31:36 +00:00
Volker Lendecke
7f1ee32a1b pylibsmb: Py_BuildValue can build tuples directly
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-10-04 20:31:36 +00:00
Volker Lendecke
078db302a6 tests: Run smb3unix tests with SMB1
We want to create native FIFOs with smb1 extensions

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-10-04 20:31:36 +00:00
Volker Lendecke
52c3edb282 tests: We always do smb3 unix extensions
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-10-04 20:31:36 +00:00
Joseph Sutton
c3eaa285d8 s3:smbd: Fix building with FORTIFY_SOURCE=2
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-01 22:45:38 +00:00
Joseph Sutton
b33a486e65 s3:rpc_server: Fix building with FORTIFY_SOURCE=2
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-01 22:45:38 +00:00
Joseph Sutton
10726fb347 s3:libads: Fix building with FORTIFY_SOURCE=2
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-01 22:45:38 +00:00
Joseph Sutton
184a48d657 s3:libads: Don’t do first loop iteration if ‘attr’ is NULL
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-01 22:45:38 +00:00
MikeLiu
ad76bb2e0c streams_depot: Goto done if FSETXATTR SAMBA_XATTR_MARKER failed
Goto done if FSETXATTR SAMBA_XATTR_MARKER failed

Signed-off-by: MikeLiu <mikeliu@qnap.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Sep 27 08:42:25 UTC 2023 on atb-devel-224
2023-09-27 08:42:25 +00:00
Joseph Sutton
8ce4e3729f s3:smbd: Initialize ‘tm’ structure
‘tm’ must be initialized prior to calling strptime().

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-09-27 02:43:28 +00:00
Joseph Sutton
c278a1d3e1 s3:rpc_server: Initialize ‘tm’ structure
‘tm’ must be initialized prior to calling strptime().

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-09-27 02:43:28 +00:00
Joseph Sutton
67f3fead5f s3:passdb: Initialize ‘tm’ structure
‘tm’ must be initialized prior to calling strptime().

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-09-27 02:43:28 +00:00
Joseph Sutton
955fd83253 s3:modules: Initialize ‘tm’ structure
‘tm’ must be initialized prior to calling strptime().

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-09-27 02:43:28 +00:00
Joseph Sutton
31c7d7cfb3 s3:lib: Initialize ‘tm’ structure
‘tm’ must be initialized prior to calling strptime().

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-09-27 02:43:28 +00:00
Andrew Bartlett
c8c86b8103 s3-lib: Modify merge_nt_token() into a GPO-specifc merge with SYSTEM
By making this specific to the only use case, merging with the SYSTEM
token for GPOs, we avoid having to merge the claims, as there are none
for SYSTEM.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2023-09-26 23:45:36 +00:00
Andrew Bartlett
dc7dc6f549 libcli/security: Rename dup_nt_token() -> security_token_duplicate()
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2023-09-26 23:45:36 +00:00
Andrew Bartlett
13d3c6156f libcli/security: Move dup_nt_token() to libcli/security
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2023-09-26 23:45:36 +00:00
Andrew Bartlett
4e8e35de7f s3-winbind: Use token as parent for token->sids in check_info3_in_group()
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2023-09-26 23:45:36 +00:00
Andrew Bartlett
934b033550 s3-net_rpc: Make the struct user_token array the parent talloc context
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2023-09-26 23:45:36 +00:00
Andrew Bartlett
a8210ab1ae s3-net_rpc: Use security_token_initialise() to create struct security_token
This ensures that the full structure is initialised now and in the
future.

Because this is now a talloc based structure, we can now use
add_sid_to_array_unique() rather than a reimplementation in this file.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2023-09-26 23:45:35 +00:00
Andrew Bartlett
e2cc29d132 libcli/security: Pass in claims evaluation state when building any security token
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2023-09-26 23:45:35 +00:00
Andrew Bartlett
1223b89d81 docs-xml: Add new parameter "acl claims evaluation"
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2023-09-26 23:45:35 +00:00
Andrew Bartlett
c9cf90aee8 s3-lib/util_nttoken: Reimplement dup_nt_token() with NDR pull/push
The struct security_token can now contain complex claims as well as SIDs
so we can no longer just duplicate it by hand.  Instead let PIDL and libndr
do the hard work for us.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2023-09-26 23:45:35 +00:00
Samuel Cabrero
d7394a90f5 testparm: Allow idmap ranges overlap for idmap_nss
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Sep 26 19:28:08 UTC 2023 on atb-devel-224
2023-09-26 19:28:08 +00:00
Volker Lendecke
fab08854af libsmb: Pass neg contexts through sync smbXcli_negprot_recv()
Looks much larger than it is, there's a lot of callers too feed NULL to.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Sep 25 19:59:17 UTC 2023 on atb-devel-224
2023-09-25 19:59:17 +00:00
Volker Lendecke
b693b6accc libsmb: Make libsmb/clispnego.c static to libads/
It's only called there. The "+" part of this patch might not conform
to README.Coding because it's a literal cut&paste.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-09-25 19:01:34 +00:00
Volker Lendecke
aef98c6356 libsmb: Remove two #defines just used once
To me these two did not create clarity.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-09-25 19:01:34 +00:00
Volker Lendecke
446a3b3e8a smbd: Modernize a few DBG statements
Changes on level from 4 to 3 in store_file_unix_basic().

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-09-25 19:01:34 +00:00
Volker Lendecke
e6136139be libsmb: Remove unused cli_is_dos_error()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-09-25 19:01:34 +00:00
Volker Lendecke
b0b1fc1974 libsmb: Remove unused cli_dos_error()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-09-25 19:01:34 +00:00
Volker Lendecke
05828c3e38 libsmb: Eliminate a reader of cli->raw_status
At some point we should get rid of cli->raw_status.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-09-25 19:01:34 +00:00
Volker Lendecke
3cfe1683dd libsmb: Remove SMBC_errno()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-09-25 19:01:34 +00:00
Volker Lendecke
15ff9c1819 libsmb: Remove a call to SMBC_errno()
This involves converting cli_printjob_del() to NTSTATUS and thus
touches a few callers.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-09-25 19:01:34 +00:00
Volker Lendecke
bb8ec33340 libsmb: Remove a call to SMBC_errno()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-09-25 19:01:34 +00:00
Volker Lendecke
9ec7245b1b libsmb: Remove a call to SMBC_errno()
All returns from cacl_get() now explicitly set the errno.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-09-25 19:01:34 +00:00
Volker Lendecke
2399b105fe libsmb: Remove unused cli_is_nt_error()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-09-25 19:01:34 +00:00
Volker Lendecke
aaf5821dac smbclient: Save lines with talloc_asprintf_addbuf()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-09-25 19:01:34 +00:00
Volker Lendecke
9c316623e5 libsmb: Extend cli_mknod to create NFS reparse points
Tested smbclient mkfifo manually against W2k22, the Windows NFS server
reports this as FIFO.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Sep 25 18:08:01 UTC 2023 on atb-devel-224
2023-09-25 18:08:01 +00:00
Volker Lendecke
af5756df6c libsmb: Remove reparse_symlink.c
Makes reparse_buffer_marshall static to reparse.c

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-09-25 17:09:37 +00:00
Volker Lendecke
1f21be8286 libsmb: Use reparse_data_buffer_marshall() in cli_symlink_send()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-09-25 17:09:37 +00:00
Volker Lendecke
d19a28fdb4 libsmb: Factor out cli_create_reparse_point() from cli_symlink()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-09-25 17:09:37 +00:00
Volker Lendecke
815ff26db2 smbclient: Add mkfifo command
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-09-25 17:09:37 +00:00
Volker Lendecke
88258e1773 libsmb: Add sync cli_mknod() for smbclient3's use
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-09-25 17:09:37 +00:00
Pavel Filipenský
e58805fe7f s3:tests: Check if test_smbclient_kerberos.sh was successful
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Pavel Filipensky <pfilipensky@samba.org>
Autobuild-Date(master): Mon Sep 25 00:14:47 UTC 2023 on atb-devel-224
2023-09-25 00:14:47 +00:00
Pavel Filipenský
3d7d37ad76 s3:tests: Fix syntax error in test_smbclient_kerberos.sh
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-09-24 23:13:33 +00:00
Pavel Filipenský
efa7f6a107 s3:tests: Fix init of samba_kdestroy in test_smbclient_kerberos.sh
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-09-24 23:13:33 +00:00
Pavel Filipenský
d8f1298a9c s3:tests: test_smbspool.sh should be calling smbspool_argv_wrapper
There is no variable named 'smbspool_argv_wrapper', the correct name is
'samba_argv_wrapper'. The smbspool_argv_wrapper was not called from this
test till now.

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Pavel Filipensky <pfilipensky@samba.org>
Autobuild-Date(master): Sun Sep 24 22:33:07 UTC 2023 on atb-devel-224
2023-09-24 22:33:07 +00:00
Pavel Filipenský
6a7d404def s3:tests: Fix smbspool_argv_wrapper.c
smbspool_argv_wrapper must copy also the last argument

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-09-24 21:37:38 +00:00
Volker Lendecke
b3cae8dcf1 conf: Remove "smb3 unix extensions" parameter
Always offer it, it's a client thing to ask for it or not.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Sep 21 17:43:23 UTC 2023 on atb-devel-224
2023-09-21 17:43:23 +00:00
Volker Lendecke
3481bbfede smbd: Fix BZ15481
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15481

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Sep 20 22:42:48 UTC 2023 on atb-devel-224
2023-09-20 22:42:48 +00:00
Jeremy Allison
11280f1705 s3: smbd: Ensure we remove any pending aio values for named pipes on forced shutdown.
Matches file and directory closes.

Remove knownfail.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15423

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Sep 20 02:43:18 UTC 2023 on atb-devel-224
2023-09-20 02:43:18 +00:00
Jeremy Allison
66398dd03c s3: torture: Add a new SMB2 test: SMB2-PIPE-READ-ASYNC-DISCONNECT
Shows the server crashes if we open a named pipe, do an async read
and then disconnect.

Adds knownfail:

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15423

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2023-09-20 01:49:35 +00:00
Jeremy Allison
ea062c3b0d s3: smbd: named pipe writes are async. Use the same logic as for named pipe transacts to avoid crashes on shutdown.
Noticed by Metze.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15423

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2023-09-20 01:49:34 +00:00
Jeremy Allison
3f32bf887d s3: smbd: named pipe reads are async. Use the same logic as for named pipe transacts to avoid crashes on shutdown.
Noticed by Metze.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15423

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2023-09-20 01:49:34 +00:00
Jeremy Allison
82e88f70f1 s3: smbd: Add some DEVELOPER-only code to panic if the destructor for an aio_lnk is called and the associated fsp doesn't exist.
Make this DEVELOPER-only as it walks the entire open
file list on every file close (with associated aio).

This helps catch really subtle problems with orphaned
aio lnk structs.

Reproducer test case to follow.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15423

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2023-09-20 01:49:34 +00:00
Jeremy Allison
05291d2bd4 s3: smbd: Now we have proved hardlink_internals() doesn't use src_dirfsp and dst_dirfsp, remove the parameters.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Sep 19 19:51:47 UTC 2023 on atb-devel-224
2023-09-19 19:51:47 +00:00
Jeremy Allison
3fba7872b2 s3: smbd: hardlink_internals() never looks at src_dirfsp or dst_dirfsp.
Show this by sending NULL in all cases.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2023-09-19 18:59:34 +00:00
Jeremy Allison
e94796e7c4 s3: smbd: Now we have shown dst_dirfsp is always NULL, remove the parameter from rename_internals().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2023-09-19 18:59:34 +00:00
Jeremy Allison
c38815b4fc s3: smbd: As rename_internals() calls rename_internals_fsp(), show we can pass dst_dirfsp as NULL here too.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2023-09-19 18:59:34 +00:00
Jeremy Allison
33845e09b6 s3: smbd: Now we've proved dst_dirfsp parameter is always NULL, remove the parameter from rename_internals_fsp().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2023-09-19 18:59:34 +00:00
Jeremy Allison
e61a956b93 s3: smbd: rename_internals_fsp() has to reopen the parent directory of the target as a pathref to check permissions.
So it never looks at any passed in dst_dirfsp.

Prove this by passing NULL.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2023-09-19 18:59:34 +00:00
Stefan Metzmacher
5b7f9840f7 selftest: add some basic testing for the io_uring vfs module
We're now able to build it on all linux systems and
the ci runners have at least a 5.4 kernel. That's
all the current vfs_io_uring requires.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Sun Sep 17 18:04:18 UTC 2023 on atb-devel-224
2023-09-17 18:04:18 +00:00
Andreas Schneider
96e18e1774 s3:param: Remove unused lp_set_cmdline()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Kalugin <pkalugin@inno.tech>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Sep 14 22:30:06 UTC 2023 on atb-devel-224
2023-09-14 22:30:06 +00:00
Andreas Schneider
c839a25d2c s3:client: Use lpcfg_set_cmdline()
This lp_set_cmdline() leaks memory and we want to get rid of it.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Kalugin <pkalugin@inno.tech>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-09-14 21:35:29 +00:00
Pavel Kalugin
f7a06f3a5d s3:libsmb: Use lpcfg_set_cmdline()
Signed-off-by: Pavel Kalugin <pkalugin@inno.tech>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-09-14 21:35:29 +00:00
Pavel Kalugin
04d20c3aeb s3:netapi: Fix a leak in libnetapi_net_init()
Allow libnetapi_net_init() to be called more than once without
leaking libnetapi_ctx allocated on a previous call, which is
currently the case in the `net rpc` code.

Signed-off-by: Pavel Kalugin <pkalugin@inno.tech>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-09-14 21:35:29 +00:00
Pavel Kalugin
9b6246737b libnetapi: Use lpcfg_set_cmdline()
Replace lp_set_cmdline() with lpcfg_set_cmdline() in netapi.c.
For this purpose:
1. Add loadparm_context to the libnetapi_ctx because we need it
   in libnetapi_set_debuglevel() and libnetapi_set_logfile().
2. Move loadparm_context creation from libnetapi_net_init()
   to libnetapi_init() and add the lp_ctx parameter to the former.

Signed-off-by: Pavel Kalugin <pkalugin@inno.tech>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-09-14 21:35:29 +00:00
Pavel Kalugin
ea59632b3a s3:utils: Use lpcfg_set_cmdline() in smbpasswd
Signed-off-by: Pavel Kalugin <pkalugin@inno.tech>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-09-14 21:35:29 +00:00
Pavel Kalugin
6f00a08826 s3:torture: Use lpcfg_set_cmdline()
Signed-off-by: Pavel Kalugin <pkalugin@inno.tech>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-09-14 21:35:29 +00:00
Pavel Kalugin
b6e4643274 s3:notifyd: Use lpcfg_set_cmdline()
Signed-off-by: Pavel Kalugin <pkalugin@inno.tech>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-09-14 21:35:29 +00:00
Joseph Sutton
41df712d18 s3:winbindd: Add zero digit to literal
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-09-14 21:35:29 +00:00
Joseph Sutton
9a9861b5f7 dsgetdcname: Remove excess zero digits from literals
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-09-14 21:35:29 +00:00
Joseph Sutton
253ca78614 s3:net: Check return value of data_blob_talloc()
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-09-14 21:35:29 +00:00
Joseph Sutton
74624bd98d s3:script: Fix script usage lines
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-09-14 21:35:29 +00:00
Joseph Sutton
0669af3099 s3:rpc_server: Fix inverted error messages
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-09-14 21:35:29 +00:00
Stefan Metzmacher
62af25d44e nsswitch: add test for pthread_key_delete missuse (bug 15464)
This is based on https://bugzilla.samba.org/attachment.cgi?id=18081
written by Krzysztof Piotr Oledzki <ole@ans.pl>

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15464

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-09-14 17:56:30 +00:00
Ralph Boehme
0f1443d968 smbd: make vfs_stat_fsp() a no-op on fake file-handles
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Sep 12 17:08:17 UTC 2023 on atb-devel-224
2023-09-12 17:08:17 +00:00
Samuel Cabrero
8cdb4f2985 netapi: Pass net's cmdline credentials to libnetapi_net_init()
Avoid unnecessary credentials allocation and initialization by passing the
net's cmdline creds to libnetapi_net_init() directly.

Fixes the problem of running cli_credentials_guess() (which runs password
callbacks) twice, one for the net's cmdline creds and a second time for the
creds initialized in libnetapi_net_init(), just to override them immediately
after.

Example:

$ export PASSWD_FD=0
$ ./bin/net offlinejoin composeodj <...>
foo
bar

Password is read from STDIN twice.

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-09-11 02:42:41 +00:00
Samuel Cabrero
5cad827810 netapi: Pass loadparm_context to libnetapi_net_init()
The net's tool cmdline lp_ctx can be reused, no need to init a new one except
for external library users.

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-09-11 02:42:41 +00:00
Douglas Bagnall
da841a80e3 s3:rpc: bump named_pipe_auth_req_info version number
This is because commit f893cf85cc
changed the security token in secuirty.idl, and bumping the version
was missed.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-09-11 02:42:41 +00:00
Joseph Sutton
4e74350fbb s3:winbindd: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-09-11 02:42:41 +00:00
Joseph Sutton
c6c1b55ac4 s3:utils: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-09-11 02:42:41 +00:00
Joseph Sutton
b60f86a0b8 s3:smbd: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-09-11 02:42:41 +00:00
Joseph Sutton
72e79e1309 s3:rpc_server: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-09-11 02:42:41 +00:00
Joseph Sutton
32a1e7428c s3:rpc_client: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-09-11 02:42:41 +00:00
Joseph Sutton
c4a02d8ee1 s3:registry: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-09-11 02:42:41 +00:00
Joseph Sutton
47dcdb3126 s3:nmbd: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-09-11 02:42:41 +00:00
Joseph Sutton
bbd9fabf5f s3:librpc: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-09-11 02:42:41 +00:00
Joseph Sutton
d7331a6821 s3:libnet: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-09-11 02:42:41 +00:00
Joseph Sutton
06816117ef s3:libads: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-09-11 02:42:41 +00:00
Joseph Sutton
2a4d35edee s3:lib: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-09-11 02:42:41 +00:00
Joseph Sutton
9e2a93d54b s3:auth: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-09-11 02:42:41 +00:00
Stefan Metzmacher
3fc3582756 smb2_server: move struct msghdr to smbd_smb2_send_queue
The main reason is the preparation of io_uring support,
as it can't be on the stack for async operations.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Sep  6 20:31:04 UTC 2023 on atb-devel-224
2023-09-06 20:31:04 +00:00
Stefan Metzmacher
02df6bda49 smb2_server: split out smbd_smb2_flush_with_sendmsg() out of smbd_smb2_flush_send_queue()
We'll have an smbd_smb2_flush_with_io_uring() later...

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-09-06 19:30:35 +00:00
Stefan Metzmacher
0ca825c4bc smb2_server: split out smbd_smb2_advance_send_queue() out of smbd_smb2_flush_send_queue()
The logic in smbd_smb2_advance_send_queue() will be reused for io_uring.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-09-06 19:30:35 +00:00
Stefan Metzmacher
153323efc5 smb2_server: simplify smbd_smb2_advance_incoming() recvfile logic
This will make further changes easier...

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-09-06 19:30:35 +00:00
Stefan Metzmacher
72d86d4989 smb2_server: change smbd_smb2_advance_incoming() to use iov_advance()
In future we may use vectors with more elements, so we convert to
a single element array now...

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-09-06 19:30:35 +00:00
Stefan Metzmacher
76f9a41fa6 smb2_server: split smbd_smb2_advance_incoming() out of smbd_smb2_io_handler()
The logic in smbd_smb2_advance_incoming() will be reused for io_uring.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-09-06 19:30:35 +00:00
Stefan Metzmacher
02e0ba710d smb2_server: remove state->hdr.done and always set state->vector first
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-09-06 19:30:35 +00:00
Stefan Metzmacher
948d19b09a smb2_server: move struct msghdr to smbd_smb2_request_read_state
This makes the code a little bit faster, but the main reason
is the preparation of io_uring support, as it can't be on the
stack for async operations.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-09-06 19:30:35 +00:00
Stefan Metzmacher
16f46601b8 smb2_server: avoid ZERO_STRUCT*() in the core code
We should avoid calling memset_s() in the core smbd processing,
we can use struct initializers instead.

This reduces the overhead...

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-09-06 19:30:35 +00:00
Samuel Cabrero
c14a4f5144 s3:net: Allow to load ODJ blob from stdin
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13577

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-09-05 21:18:32 +00:00
Samuel Cabrero
b2399b6994 s3:net: Load ODJ blob from file only if "loadfile" parameter is present
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13577

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-09-05 21:18:32 +00:00
Samuel Cabrero
4a1f2071a6 s3:net: Add "net offlinejoin composeodj" command
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13577

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-09-05 21:18:32 +00:00
Samuel Cabrero
a8bd8f22aa s3:libnetapi: Implement NetComposeOfflineDomainJoin_l()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13577

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-09-05 21:18:32 +00:00
Samuel Cabrero
7cabbec2ea s3:libnetapi: Add NetComposeOfflineDomainJoin() to API.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13577

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-09-05 21:18:32 +00:00
Samuel Cabrero
532701e3cc s3:libnetapi: Add NetComposeOfflineDomainJoin() boilerplate
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13577

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-09-05 21:18:32 +00:00
Samuel Cabrero
740e704bd6 s3:libnetapi: Add NetComposeOfflineDomainJoin() to IDL
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13577

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-09-05 21:18:32 +00:00
Samuel Cabrero
bdab834dfa s3:libnetapi: Add some comments to document ODJ blob charset conversions
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13577

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-09-05 21:18:32 +00:00
Samuel Cabrero
e4afb211fe s3:libnetapi: Return error from RequestOfflineJoin
The error code must be returned to caller even if the error string is not set.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13577

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-09-05 21:18:32 +00:00
Andreas Schneider
0e244ff79b s3:torture: Remove masktest.c
The file is not built.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Sep  5 07:30:12 UTC 2023 on atb-devel-224
2023-09-05 07:30:12 +00:00
Pavel Filipenský
8abac09763 s3:winbindd: Use a correct value for the length of domain children
We often loop over the array of domain children. However, the size of
the array is calculated as lp_winbind_max_domain_connections() which can
change (it is based on smb.conf). The fix is the talloc_array_length().

Reproducer:

winbind max domain connections = 100

smbcontrol all reload-config
smbcontrol all debug 10

/var/log/samba/log.winbindd shows many lines with random garbage pid:

[2023/08/25 10:03:49.898994, 10, pid=158296, effective(0, 0), real(0, 0), class=winbind] ../../source3/winbindd/winbindd_dual.c:885(winbind_msg_relay_fn)
  winbind_msg_relay_fn: sending message to pid 1037686087.
[2023/08/25 10:03:49.899010,  3, pid=158296, effective(0, 0), real(0, 0)] ../../source3/lib/util_procid.c:53(pid_to_procid)
  pid_to_procid: messaging_dgm_get_unique failed: No such file or directory

In this scenario we dereference only a garbage PID, but if we would
dereference some garbage pointer we would segfault.

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-08-30 12:42:29 +00:00
Pavel Filipenský
b13d4370d2 s3:winbindd: Avoid doing the same assignment twice
Done already in setup_child(): child->domain = domain

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-08-30 12:42:29 +00:00