1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00
Commit Graph

62048 Commits

Author SHA1 Message Date
Volker Lendecke
1cdb9605b5 libsmb: Simplify pdb_sethexpwd with hex_byte()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jennifer Sutton <jsutton@samba.org>
2024-08-27 07:19:32 +00:00
Volker Lendecke
1602b0120b lib: Add libcli/util/ntstatus.h in a few headers where it's needed
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jennifer Sutton <jsutton@samba.org>
2024-08-27 07:19:32 +00:00
Volker Lendecke
25370c79af smbd: Inline set_sticky_write_time_path into set_sticky_write_time_fsp
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jennifer Sutton <jsutton@samba.org>
2024-08-27 07:19:32 +00:00
Volker Lendecke
6d356dcbaf smbd: Modernize a few DEBUGs
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jennifer Sutton <jsutton@samba.org>
2024-08-27 07:19:32 +00:00
Volker Lendecke
367bea1ca5 smbd: Introduce "ace" helper variable
Use "psd->dacl->aces[0]" once instead of 3 times

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jennifer Sutton <jsutton@samba.org>
2024-08-27 07:19:32 +00:00
Volker Lendecke
56ec6fe5ed lib: Add a few explicit includes
Required to trim down includes from gen_ndr/*security*

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jennifer Sutton <jsutton@samba.org>
2024-08-27 07:19:32 +00:00
Volker Lendecke
93b2651896 smbd: Modernize a few DEBUGs
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jennifer Sutton <jsutton@samba.org>
2024-08-27 07:19:32 +00:00
Anoop C S
232ab02faf source3/wscript: Introduce auto mode to build ceph vfs modules
Use 'auto' mode as the default for building ceph vfs modules so that an
explicit --enable-cephfs can reliably fail in the absence of required
dependencies.

ref: https://lists.samba.org/archive/samba/2024-August/249569.html

Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>

Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Tue Aug 27 06:18:51 UTC 2024 on atb-devel-224
2024-08-27 06:18:51 +00:00
Shachar Sharon
168966a053 s3:smbd: fix NULL dereference in case of readlink failure
When VFS readlinkat hook returns with error the following sequence
yields NULL-pointer dereference (SIGSEGV):

  symlink_target_below_conn (source3/smbd/open.c)
    char *target = NULL;
    ...
    readlink_talloc (source3/smbd/files.c)
      SMB_VFS_READLINKAT
        smb_vfs_call_readlinkat (source3/smbd/vfs.c)
          handle->fns->readlinkat_fn --> returns error

  status = safe_symlink_target_path(.., target /* NULL */ ..)
    safe_symlink_target_path (source3/smbd/filename.c)
      if (target[0] == '/') { /* NULL pointer dereference */

A failure in VFS module's readlinkat hook may happen due to run-time
error (e.g., network failure which cases libcephfs to disconnect from
MDS).

Bug: https://bugzilla.samba.org/show_bug.cgi?id=15700
Signed-off-by: Shachar Sharon <ssharon@redhat.com>
Reviewed-by: John Mulligan <jmulligan@redhat.com>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Aug 23 09:27:06 UTC 2024 on atb-devel-224
2024-08-23 09:27:06 +00:00
Martin Schwenke
b0996ed589 s3:tests: Fix spelling error
Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Anoop C S <anoopcs@samba.org>

Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Thu Aug 22 10:38:09 UTC 2024 on atb-devel-224
2024-08-22 10:38:09 +00:00
Shachar Sharon
cbba4008a7 vfs_ceph_new: add missing newline in debug-logging
Commit d00f20f3 ("vfs_ceph_new: debug-log upon libcephfs low-level
calls") introduced debug-logging before each call to libcephfs low-level
APIs. Unfortunately, one of the logging messages missed the terminating
newline ('\n') character.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686

Signed-off-by: Shachar Sharon <ssharon@redhat.com>
Reviewed-by: John Mulligan <jmulligan@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Wed Aug 21 14:18:07 UTC 2024 on atb-devel-224
2024-08-21 14:18:07 +00:00
Volker Lendecke
dd03cf8b4c libsmb: Remove cli_state->rap_error
I could not find any caller which uses rap_error outside of the
routine implementing the rap client call itself.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>

Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Wed Aug 21 12:49:45 UTC 2024 on atb-devel-224
2024-08-21 12:49:45 +00:00
Volker Lendecke
c3f73a905d libsmb: Remove unused cli_NetWkstaUserLogoff()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2024-08-21 11:33:31 +00:00
Volker Lendecke
c831e21d88 libsmb: Remove unused cli_ns_check_server_type()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2024-08-21 11:33:31 +00:00
Stefan Metzmacher
1bacaae526 s3:smbd: let mkdir_internal() try VFS_RENAME_HOW_NO_REPLACE first
With renameat2(RENAME_NOREPLACE) being available
it's even better, as we don't even have the short
window where the incomplete directory is visible
to others.

The flow will be this:

tmp_name = ".::TMPNAME:D:$PID:client_name"
mkdirat(tmp_name, mode=client_mode);
prepare_acls(tmp_name);
renameat2(tmp_name, client_name, NOREPLACE);
if (EEXIST) {
   unlinkat(tmp_name);
   return EEXIST;
}
if (EINVAL) {
   /* fallback if NOREPLACE is not supported */
   mkdirat(client_name, mode=0);
   if (EEXIST) {
      unlinkat(tmp_name);
      return EEXIST;
   }
   renameat(tmp_name, client_name);
}

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15693

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2024-08-21 08:02:30 +00:00
Stefan Metzmacher
fe8b4617dd s3:vfs_default: implement VFS_RENAME_HOW_NO_REPLACE in vfswrap_renameat()
We can use renameat2() without ifdef as libreplace always provides it.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15693

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2024-08-21 08:02:30 +00:00
Stefan Metzmacher
adc8dea944 s3:vfs: add VFS_RENAME_HOW_NO_REPLACE
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15693

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2024-08-21 08:02:30 +00:00
Stefan Metzmacher
5b305d1fbb s3:vfs: add vfs_rename_how to SMB_VFS_RENAMEAT()
This will support renameat2-like operations in future.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15693

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2024-08-21 08:02:30 +00:00
Stefan Metzmacher
7baeeece2d s3:smbd: let mkdir_internal() work more atomically using a temporary name
Currently we do this in mkdir_internal():

mkdirat(client_name);
if (EEXIST) {
   return EEXIST;
}
prepare_acls(client_name);

Note 'prepare_acls()' is a placeholder for the complex steps
it is doing to prepare the directory. During these steps
we have the problem that other clients already see
the directory and are able to create files or subdirectories
in it and these may not inherit the correct acls as
the their parent directory is not created completely.

I think I found a good strategie even without relying on
renameat2(RENAME_NOREPLACE).

We would do this instead:

tmp_name = ".::TMPNAME:D:$PID:client_name"
mkdirat(tmp_name, mode=client_mode);
prepare_acls(tmp_name);
mkdirat(client_name, mode=0);
if (EEXIST) {
   unlinkat(tmp_name);
   return EEXIST;
}
renameat(tmp_name, client_name);

So instead of having a long windows during prepare_acls,
we just have a short window between mkdirat(client_name, mode=0)
and renameat(tmp_name, client_name);
And in that short window the directory with the client_name
has a mode of 0, so it's not possible for other clients
to create files or subdirs in it.

As the mkdirat(client_name, mode=0) still catches
EEXIST the race where two clients try to create
the same client_name is closed as before,
so we don't need any other protection.

Following patches will make use of renameat2(RENAME_NOREPLACE),
but this already a very good improvement.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15693

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2024-08-21 08:02:30 +00:00
Stefan Metzmacher
460e280d3a docs-xml: add 'vfs mkdir use tmp name' option
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15693

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2024-08-21 08:02:30 +00:00
Stefan Metzmacher
f8be83a0a3 s3:smbd: improve DEBUG messages in mkdir_internal()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15693

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2024-08-21 08:02:30 +00:00
Stefan Metzmacher
5d077cd442 s3:smbd: let mkdir_internal() use a talloc_stackframe()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15693

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2024-08-21 08:02:30 +00:00
Stefan Metzmacher
23f85e60ec s3:smbd: call apply_new_nt_acl() already in mkdir_internals()
We should have preparation steps as close as possible together.

We could move it for files as well, but that's a task for another
day...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15693

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2024-08-21 08:02:30 +00:00
Stefan Metzmacher
75fe450f98 s3:smbd: split out apply_new_nt_acl() helper
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15693

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2024-08-21 08:02:30 +00:00
Volker Lendecke
a18c45046d libsmb: Remove cli_state->raw_status
All callers which looked at this are gone

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Aug 20 10:57:12 UTC 2024 on atb-devel-224
2024-08-20 10:57:12 +00:00
Volker Lendecke
bdedf5d0ee libsmb: Remove unused cli_is_error()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2024-08-20 09:34:40 +00:00
Volker Lendecke
8171a1ccd3 libsmb: Remove a call to cli_is_error()
We are already in the !NT_STATUS_IS_OK if-branch, so this call was
redundant

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2024-08-20 09:34:40 +00:00
Volker Lendecke
e071ec1ffe libsmb: Remove unused cli_errno()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2024-08-20 09:34:40 +00:00
Volker Lendecke
e43a05ee3b libsmb: Don't set errno in cli_NetServerEnum()
No caller looks at it, and if someone should ever want to return a
more informative error, we now have NTSTATUS

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2024-08-20 09:34:40 +00:00
Volker Lendecke
2d361cc103 libsmb: Convert cli_NetServerEnum() to return NTSTATUS
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2024-08-20 09:34:40 +00:00
Volker Lendecke
b9c018d17e libsmb: Remove a reference to cli_errno()
If I see it correctly, this case was already covered by checking the
return code of cli_trans() a few lines above.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2024-08-20 09:34:40 +00:00
Volker Lendecke
16c31fe804 libsmb: Remove unused cli_nt_error()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2024-08-20 09:34:40 +00:00
Volker Lendecke
ac5713f3b2 libsmb: Make cli_api() static to clirap2.c
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2024-08-20 09:34:40 +00:00
Volker Lendecke
e02e6f28a9 torture3: Convert run_randomipc() away from cli_api()
Not that it matters much, but I want to make cli_api() static in
clirap2.c.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2024-08-20 09:34:40 +00:00
Volker Lendecke
ee174fb050 libsmb: Convert cli_NetServerEnum() away from cli_api()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2024-08-20 09:34:40 +00:00
Volker Lendecke
c58ff4367a libsmb: Convert cli_RNetShareEnum() to NTSTATUS
Avoid a call to cli_nt_error()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2024-08-20 09:34:40 +00:00
Volker Lendecke
9812f87268 libsmb: Convert cli_RNetShareEnum() away from cli_api()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2024-08-20 09:34:40 +00:00
Volker Lendecke
7681007738 libsmb: Reduce indentation in cli_RNetShareEnum()
Use a "goto done", review with "git show -b"

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2024-08-20 09:34:40 +00:00
Volker Lendecke
b1d5b8ef23 libsmb: Convert cli_oem_change_password() to NTSTATUS
Remove a few calls to cli_nt_error()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2024-08-20 09:34:40 +00:00
Volker Lendecke
fd9a0dc9a9 libsmb: Remove a pointless variable
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2024-08-20 09:34:40 +00:00
Volker Lendecke
cf61617198 utils: Fix "net rap password" return code
cli_oem_change_password() returns a bool, net_rap_password must return
0 for success

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2024-08-20 09:34:40 +00:00
Volker Lendecke
78a1e2817d libsmb: Fix cli_oem_change_password()
"(rdrcnt < 2)" was wrong, we don't look at rdata but at rparam. Use
"min_rparam" to cli_trans and the fact that if that succeeds "rparam"
is not NULL.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2024-08-20 09:34:40 +00:00
Volker Lendecke
86cc6f59cf libsmb: Convert cli_oem_change_password() away from cli_api()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2024-08-20 09:34:39 +00:00
Volker Lendecke
4f3a6dc8b0 samr: Avoid a "ret == false" for a bool
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2024-08-20 09:34:39 +00:00
Volker Lendecke
c6d9cb9b11 build: Fix LIBCLI_SAMR dependencies
cli_samr.c calls init_Lsa_String

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2024-08-20 09:34:39 +00:00
Volker Lendecke
b0e91608f2 libsmb: Remove a pointless variable assignment
We right away overwrite this

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2024-08-20 09:34:39 +00:00
Volker Lendecke
565f20d281 libsmb: Avoid an "else", we return in the "true" branch
Reduce indentation

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2024-08-20 09:34:39 +00:00
Volker Lendecke
6d33f9935f libsmb: Swap if/else branches in remote_password_change
bail out with an early return next

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2024-08-20 09:34:39 +00:00
Volker Lendecke
bdabd9fff7 libsmb: Avoid an "else", we return in the "true" branch.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2024-08-20 09:34:39 +00:00
Volker Lendecke
18d506f521 libsmb: Modernize two DEBUGs
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2024-08-20 09:34:39 +00:00