sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-21 18:04:06 +03:00
Code
130,542 Commits 60 Branches 1,145 Tags
Commit Graph

130542 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ralph Boehme
23bc760ec5 CI: add a test trying to delete a stream on a pathref ("stat open") handle 
When using vfs_streams_xattr, for a pathref handle of a stream the system fd
will be a fake fd created by pipe() in vfs_fake_fd().

For the following callchain we wrongly pass a stream fsp to
SMB_VFS_FGET_NT_ACL():

SMB_VFS_CREATE_FILE(..., "file:stream", ...)
=> open_file():
   if (open_fd):
   -> taking the else branch:
   -> smbd_check_access_rights_fsp(stream_fsp)
      -> SMB_VFS_FGET_NT_ACL(stream_fsp)

This is obviously wrong and can lead to strange permission errors when using
vfs_acl_xattr:

in vfs_acl_xattr we will try to read the stored ACL by calling
fgetxattr(fake-fd) which of course faild with EBADF. Now unfortunately the
vfs_acl_xattr code ignores the specific error and handles this as if there was
no ACL stored and subsequently runs the code to synthesize a default ACL
according to the setting of "acl:default acl style".

As the correct access check for streams has already been carried out by calling
check_base_file_access() from create_file_unixpath(), the above problem is not
a security issue: it can only lead to "decreased" permissions resulting in
unexpected ACCESS_DENIED errors.

The fix is obviously going to be calling
smbd_check_access_rights_fsp(stream_fsp->base_fsp).

This test verifies that deleting a file works when the stored NT ACL grants
DELETE_FILE while the basic POSIX permissions (used in the acl_xattr fallback
code) do not.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
 2022-08-10 15:32:35 +00:00
Ralph Boehme
92e0045d7c vfs_xattr_tdb: add "xattr_tdb:ignore_user_xattr" option 
Allows passing on "user." xattr to the backend. This can be useful for testing
specific aspects of operation on streams when "streams_xattr" is configured as
stream filesystem backend.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
 2022-08-10 15:32:35 +00:00
Ralph Boehme
451ad315a9 vfs_xattr_tdb: add a module config 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
 2022-08-10 15:32:35 +00:00
Ralph Boehme
b26dc252aa vfs_xattr_tdb: move close_xattr_db() 
This just makes the diff of the next commit smaller and easier to digest.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
 2022-08-10 15:32:35 +00:00
Ralph Boehme
0d3995cec1 smdb: use fsp_is_alternate_stream() in open_file() 
No change in behaviour.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
 2022-08-10 15:32:35 +00:00
Andreas Schneider
042141efdb third_party: Reformat shell scripts 
shfmt -w -p -i 0 -fn third_party/update.sh
shfmt -w -p -i 0 -fn third_party/waf/update.sh

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>

Autobuild-User(master): Pavel Filipensky <pfilipensky@samba.org>
Autobuild-Date(master): Wed Aug 10 14:14:04 UTC 2022 on sn-devel-184
 2022-08-10 14:14:04 +00:00
Andreas Schneider
bb2e0622f0 testsuite: Reformat shell scripts 
shfmt -f testsuite/ | xargs shfmt -w -p -i 0 -fn

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
 2022-08-10 13:17:31 +00:00
Andreas Schneider
db8849ea05 testprogs: Reformat upgradeprovision-oldrelease.sh 
shfmt -w -p -i 0 -fn testprogs/blackbox/upgradeprovision-oldrelease.sh

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
 2022-08-10 13:17:31 +00:00
Andreas Schneider
c1325fc1fd testprogs: Reformat tombstones-expunge.sh 
shfmt -w -p -i 0 -fn testprogs/blackbox/tombstones-expunge.sh

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
 2022-08-10 13:17:31 +00:00
Andreas Schneider
022f5aa77b testprogs: Reformat test_wintest.sh 
shfmt -w -p -i 0 -fn testprogs/blackbox/test_wintest.sh

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
 2022-08-10 13:17:31 +00:00
Andreas Schneider
1c89bdb6a9 testprogs: Reformat test_weak_disable_ntlmssp_ldap.sh 
shfmt -w -p -i 0 -fn testprogs/blackbox/test_weak_disable_ntlmssp_ldap.sh

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
 2022-08-10 13:17:31 +00:00
Andreas Schneider
4973baf665 testprogs: Reformat test_weak_crypto_server.sh 
shfmt -w -p -i 0 -fn testprogs/blackbox/test_weak_crypto_server.sh

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
 2022-08-10 13:17:31 +00:00
Andreas Schneider
34322c499e testprogs: Reformat test_weak_crypto.sh 
shfmt -w -p -i 0 -fn testprogs/blackbox/test_weak_crypto.sh

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
 2022-08-10 13:17:31 +00:00
Andreas Schneider
138e7f0505 testprogs: Reformat test_trust_utils.sh 
shfmt -w -p -i 0 -fn testprogs/blackbox/test_trust_utils.sh

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
 2022-08-10 13:17:31 +00:00
Andreas Schneider
8c65813c4a testprogs: Reformat test_trust_user_account.sh 
shfmt -w -p -i 0 -fn testprogs/blackbox/test_trust_user_account.sh

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
 2022-08-10 13:17:31 +00:00
Andreas Schneider
eced093915 testprogs: Reformat test_trust_token.sh 
shfmt -w -p -i 0 -fn testprogs/blackbox/test_trust_token.sh

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
 2022-08-10 13:17:31 +00:00
Andreas Schneider
12d67003ce testprogs: Reformat test_trust_ntlm.sh 
shfmt -w -p -i 0 -fn testprogs/blackbox/test_trust_ntlm.sh

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
 2022-08-10 13:17:31 +00:00
Andreas Schneider
854a45ca24 testprogs: Reformat test_special_group.sh 
shfmt -w -p -i 0 -fn testprogs/blackbox/test_special_group.sh

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>

Autobuild-User(master): Pavel Filipensky <pfilipensky@samba.org>
Autobuild-Date(master): Wed Aug 10 10:21:48 UTC 2022 on sn-devel-184
 2022-08-10 10:21:48 +00:00
Andreas Schneider
2d64eafa8b testprogs: Reformat test_smbtorture_test_names.sh 
shfmt -w -p -i 0 -fn testprogs/blackbox/test_smbtorture_test_names.sh

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
 2022-08-10 09:22:30 +00:00
Andreas Schneider
dae369f483 testprogs: Reformat test_samba_upgradedns.sh 
shfmt -w -p -i 0 -fn testprogs/blackbox/test_samba_upgradedns.sh

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
 2022-08-10 09:22:30 +00:00
Andreas Schneider
eff28db8d6 testprogs: Reformat test_samba-tool_ntacl.sh 
shfmt -w -p -i 0 -fn testprogs/blackbox/test_samba-tool_ntacl.sh

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
 2022-08-10 09:22:30 +00:00
Andreas Schneider
f1ebc2d78f testprogs: Reformat test_s4u_heimdal.sh 
shfmt -w -p -i 0 -fn testprogs/blackbox/test_s4u_heimdal.sh

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
 2022-08-10 09:22:30 +00:00
Andreas Schneider
4627320e94 testprogs: Reformat test_rpcclient_schannel.sh 
shfmt -w -p -i 0 -fn testprogs/blackbox/test_rpcclient_schannel.sh

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
 2022-08-10 09:22:30 +00:00
Andreas Schneider
ef9dc7277e testprogs: Reformat test_primary_group.sh 
shfmt -w -p -i 0 -fn testprogs/blackbox/test_primary_group.sh

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
 2022-08-10 09:22:30 +00:00
Andreas Schneider
6e300ccd19 testprogs: Reformat test_pkinit_simple.sh 
shfmt -w -p -i 0 -fn testprogs/blackbox/test_pkinit_simple.sh

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
 2022-08-10 09:22:30 +00:00
Andreas Schneider
c253c99d52 testprogs: Reformat test_pkinit_pac.sh 
shfmt -w -p -i 0 -fn testprogs/blackbox/test_pkinit_pac.sh

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
 2022-08-10 09:22:30 +00:00
Andreas Schneider
9d1a255232 testprogs: Reformat test_pdbtest.sh 
shfmt -w -p -i 0 -fn testprogs/blackbox/test_pdbtest.sh

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
 2022-08-10 09:22:30 +00:00
Andreas Schneider
8490449f60 testprogs: Reformat test_password_settings.sh 
shfmt -w -p -i 0 -fn testprogs/blackbox/test_password_settings.sh

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
 2022-08-10 09:22:30 +00:00
Andreas Schneider
c7d0134204 testprogs: Reformat test_old_enctypes.sh 
shfmt -w -p -i 0 -fn testprogs/blackbox/test_old_enctypes.sh

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
 2022-08-10 09:22:30 +00:00
Andreas Schneider
0a4eb5d892 testprogs: Reformat test_offline_logon.sh 
shfmt -w -p -i 0 -fn testprogs/blackbox/test_offline_logon.sh

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
 2022-08-10 09:22:30 +00:00
Andreas Schneider
7403de7eaf testprogs: Reformat test_net_rpc_user.sh 
shfmt -w -p -i 0 -fn testprogs/blackbox/test_net_rpc_user.sh

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
 2022-08-10 09:22:30 +00:00
Andreas Schneider
a43a7e78f9 testprogs: Reformat test_net_offline.sh 
shfmt -w -p -i 0 -fn testprogs/blackbox/test_net_offline.sh

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
 2022-08-10 09:22:30 +00:00
Andreas Schneider
8a4a8b7a3a testprogs: Reformat test_net_ads_fips.sh 
shfmt -w -p -i 0 -fn testprogs/blackbox/test_net_ads_fips.sh

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
 2022-08-10 09:22:30 +00:00
Andreas Schneider
865531f9c6 testprogs: Reformat test_net_ads_dns.sh 
shfmt -w -p -i 0 -fn testprogs/blackbox/test_net_ads_dns.sh

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
 2022-08-10 09:22:30 +00:00
Andreas Schneider
81f1694995 testprogs: Reformat test_net_ads.sh 
shfmt -w -p -i 0 -fn testprogs/blackbox/test_net_ads.sh

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
 2022-08-10 09:22:30 +00:00
Andreas Schneider
c44289ce1c testprogs: Reformat test_ldb_simple.sh 
shfmt -w -p -i 0 -fn testprogs/blackbox/test_ldb_simple.sh

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
 2022-08-10 09:22:30 +00:00
Andreas Schneider
19f73f19f4 testprogs: Reformat test_ldb.sh 
shfmt -w -p -i 0 -fn testprogs/blackbox/test_ldb.sh

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
 2022-08-10 09:22:30 +00:00
Volker Lendecke
4d015b4b6d smbstatus: Fix the 32-bit build on FreeBSD 
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Aug  9 20:04:26 UTC 2022 on sn-devel-184
 2022-08-09 20:04:26 +00:00
Volker Lendecke
b1b513eebb smbd: Use dirfsp where we have it 
One reference to conn->cwd_fsp less, makes "mkdir" look less ugly in
strace.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2022-08-09 19:07:29 +00:00
Pavel Filipenský
d6490bdc0f s3:passdb: Remove unused function secrets_fetch_trust_account_password() 
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Aug  8 19:03:08 UTC 2022 on sn-devel-184
 2022-08-08 19:03:08 +00:00
Pavel Filipenský
cb8518e193 s3:include: Fix trailing whitespaces in secrets.h 
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2022-08-08 18:06:37 +00:00
Jule Anger
751b2b853b ldb: change the version to 2.7.0 for Samba 4.18 
Signed-off-by: Jule Anger <janger@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Jule Anger <janger@samba.org>
Autobuild-Date(master): Mon Aug  8 15:51:44 UTC 2022 on sn-devel-184
 2022-08-08 15:51:44 +00:00
Jule Anger
4292cfa4c8 WHATSNEW: Start release notes for Samba 4.18.0pre1. 
Signed-off-by: Jule Anger <janger@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2022-08-08 16:24:21 +02:00
Jule Anger
f5faafb559 VERSION: Bump version up to 4.18.0pre1... 
and re-enable GIT_SNAPSHOT.

Signed-off-by: Jule Anger <janger@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2022-08-08 16:22:13 +02:00
Jule Anger
abc2296a67 VERSION: Disable GIT_SNAPSHOT for the Samba 4.17.0rc1 release. 
Signed-off-by: Jule Anger <janger@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
samba-4.17.0rc1 		2022-08-08 16:22:13 +02:00
Jule Anger
459107e6ef WHATSNEW: Up to Samba 4.17.0rc1. 
Signed-off-by: Jule Anger <janger@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2022-08-08 16:21:26 +02:00
Jule Anger
80d069a72c s3:tests: Add a test to check json output of smbstatus profile 
Signed-off-by: Jule Anger <janger@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Jule Anger <janger@samba.org>
Autobuild-Date(master): Mon Aug  8 14:01:45 UTC 2022 on sn-devel-184
 2022-08-08 14:01:45 +00:00
Jule Anger
803899fdc3 smbstatus: add JSON support for smbstatus --profile 
Signed-off-by: Jule Anger <janger@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
 2022-08-08 12:56:29 +00:00
Ralph Boehme
0ed54cc607 smbstatus: fix indentation in profile_separator() 
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jule Anger <janger@samba.org>
 2022-08-08 12:56:29 +00:00
Jule Anger
03ed8d3a07 smbstatus: add a method to add profile items to json 
The method changes the json item of a given traverse_state.
The root dictionary contains for each section a dictionary, which has
a dictionary for each subsection.

Signed-off-by: Jule Anger <janger@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
 2022-08-08 12:56:29 +00:00