1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

49586 Commits

Author SHA1 Message Date
Volker Lendecke
21b27105e8 ctdbd_conn: Fix ctdbd_connection_destructor
clang had complained with

../source3/lib/ctdbd_conn.c:1784:34: warning: variable 'send_state' used in loop condition
      not modified in loop body [-Wfor-loop-analysis]
        for (send_state = c->send_list; send_state != NULL;) {
                                        ^~~~~~~~~~
../source3/lib/ctdbd_conn.c:1791:34: warning: variable 'recv_state' used in loop condition
      not modified in loop body [-Wfor-loop-analysis]
        for (recv_state = c->recv_list; recv_state != NULL;) {
                                        ^~~~~~~~~~

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Sat Jun 10 03:33:13 CEST 2017 on sn-devel-144
2017-06-10 03:33:13 +02:00
Volker Lendecke
500df7a3ca ctdbd_conn: Fix a copy&paste error
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2017-06-09 23:25:16 +02:00
Stefan Metzmacher
9b28f3af87 s3:winbindd: Send flags=0 in netr_LogonSamLogon{WithFlags,Ex}()
These extra flags are an [in,out] argument, so we have to initialize
them to 0. If we pass NETLOGON_SAMLOGON_FLAG_PASS_TO_FOREST_ROOT
or NETLOGON_SAMLOGON_FLAG_PASS_CROSS_FOREST_HOP, a Windows Server
will just return NT_STATUS_NO_SUCH_USER with authoritative=1
(at least if it is itself a DC of the forest root and the requested
 domain is the local domain of the DC).

Pair-Programmed-With: Andreas Schneider <asn@samba.org>

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
2017-06-09 13:00:12 +02:00
Stefan Metzmacher
e0069bd2a4 s3:libsmb: add cli_state_update_after_sesssetup() helper function
This function updates cli->server_{os,type,domain} to valid values
after a session setup.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12779

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-06-09 13:00:12 +02:00
Andreas Schneider
d18379fa00 Revert "s3:libsmb: Fix printing the session setup information"
This reverts commit b6f87af427.

A different fix will follow.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12824

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2017-06-09 13:00:11 +02:00
David Mulder via samba-technical
08a21f3539 messaging: fix net command failure due to unhandled return code
messaging_init_internal() blanket returned NT_STATUS_INTERNAL_ERROR
instead of correctly changing the return code to an NTSTATUS code. Also
return more appropriate mem error.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12828

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>

Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Thu Jun  8 08:04:05 CEST 2017 on sn-devel-144
2017-06-08 08:04:05 +02:00
Andreas Schneider
d3c4c1e263 s3:tests: Add a test which checks that the smbclient session setup works
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12824

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-06-07 05:15:16 +02:00
Andreas Schneider
b6f87af427 s3:libsmb: Fix printing the session setup information
This fixes a regression and prints the session setup on connect again:

Domain=[SAMBA-TEST] OS=[Windows 6.1] Server=[Samba 4.7.0pre1-DEVELOPERBUILD]
smb: \>

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12824

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-06-07 05:15:16 +02:00
Noel Power
df3844f4df s3/utils: Add warning to testparm for "client ipc signing" param values
We should warn about security sensitive settings where we can,
client ipc signing has 2 values that can allow connections to proceed
without SMB signing. This may be unavoidable (e.g. connecting to legacy
systems) but nevertheless it is worthwhile to warn.

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jun  6 22:40:12 CEST 2017 on sn-devel-144
2017-06-06 22:40:12 +02:00
Andreas Schneider
91ef234a0a lib:util: Make probing of modules more secure
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12780

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-06-06 18:36:07 +02:00
Andreas Schneider
da9de19cf9 lib:util: Rename smb_load_modules()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12780

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-06-06 18:36:06 +02:00
Christof Schmitt
b6201407a3 vfs_gpfs: Fix compile error in gpfsacl_sys_acl_set_fd
../source3/modules/vfs_gpfs.c: In function ‘gpfsacl_sys_acl_set_fd’:
../source3/modules/vfs_gpfs.c:1280:6: error: passing argument 2 of ‘gpfsacl_sys_acl_set_file’ from incompatible pointer type [-Werror]
      SMB_ACL_TYPE_ACCESS, theacl);
      ^
../source3/modules/vfs_gpfs.c:1235:12: note: expected ‘const struct smb_filename *’ but argument is of type ‘char *’
 static int gpfsacl_sys_acl_set_file(vfs_handle_struct *handle,

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Jun  3 05:52:32 CEST 2017 on sn-devel-144
2017-06-03 05:52:32 +02:00
Jeremy Allison
854ea4eba8 s3: VFS: Change SMB_VFS_GETXATTR to use const struct smb_filename * instead of const char *.
We need to migrate all pathname based VFS calls to use a struct
to finish modernising the VFS with extra timestamp and flags parameters.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jun  1 02:58:53 CEST 2017 on sn-devel-144
2017-06-01 02:58:53 +02:00
Jeremy Allison
48956fa4d3 s3: VFS: Change SMB_VFS_SETXATTR to use const struct smb_filename * instead of const char *.
We need to migrate all pathname based VFS calls to use a struct
to finish modernising the VFS with extra timestamp and flags parameters.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2017-05-31 22:50:22 +02:00
Jeremy Allison
12b801d9d7 s3: VFS: Change SMB_VFS_REMOVEXATTR to use const struct smb_filename * instead of const char *.
We need to migrate all pathname based VFS calls to use a struct
to finish modernising the VFS with extra timestamp and flags parameters.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2017-05-31 22:50:22 +02:00
Jeremy Allison
892476b555 s3: VFS: Change SMB_VFS_LISTXATTR to use const struct smb_filename * instead of const char *.
We need to migrate all pathname based VFS calls to use a struct
to finish modernising the VFS with extra timestamp and flags parameters.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2017-05-31 22:50:22 +02:00
Jeremy Allison
aada94885d s3: VFS: Change SMB_VFS_SYS_ACL_SET_FILE to use const struct smb_filename * instead of const char *.
We need to migrate all pathname based VFS calls to use a struct
to finish modernising the VFS with extra timestamp and flags parameters.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2017-05-31 22:50:22 +02:00
Jeremy Allison
f5dd864606 s3: VFS: Change SMB_VFS_SYS_ACL_BLOB_GET_FILE to use const struct smb_filename * instead of const char *.
We need to migrate all pathname based VFS calls to use a struct
to finish modernising the VFS with extra timestamp and flags parameters.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2017-05-31 22:50:22 +02:00
Jeremy Allison
cea8e57eac s3: VFS: Change SMB_VFS_SYS_ACL_GET_FILE to use const struct smb_filename * instead of const char *.
We need to migrate all pathname based VFS calls to use a struct
to finish modernising the VFS with extra timestamp and flags parameters.

Requires a few extra cleanups in calling code.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2017-05-31 22:50:22 +02:00
Jeremy Allison
85c8780581 s3: VFS: Change SMB_VFS_SYS_ACL_DELETE_DEF_FILE to use const struct smb_filename * instead of const char *.
We need to migrate all pathname based VFS calls to use a struct
to finish modernising the VFS with extra timestamp and flags parameters.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2017-05-31 22:50:22 +02:00
Jeremy Allison
63d2003ecd s3: lib: Add new utility function cp_smb_filename_nostream().
Will be needed when we migrate lower-level VFS functions to
take an struct smb_filename *, especially the SYS_ACL and
XATTR modification modules, as these must ignore a passed-in
stream name.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2017-05-31 22:50:21 +02:00
Andreas Schneider
e530e43d67 s3:smbd: Set up local and remote address for fake connection
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12687

Pair-Programmed-With: Ralph Boehme <slow@samba.org>

Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed May 31 06:33:00 CEST 2017 on sn-devel-144
2017-05-31 06:33:00 +02:00
Andreas Schneider
cbf67123e0 s3:smbd: Pass down remote and local address to get_referred_path()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12687

Pair-Programmed-With: Ralph Boehme <slow@samba.org>

Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-05-31 02:24:18 +02:00
Volker Lendecke
ccd4f81488 lib: Remove use of MSG_NOSIGNAL
According to susv4 sendmsg, NOSIGAL is effective for stream-oriented sockets.
Datagram sockets won't send SIGPIPE anyway. Looking at Linux kernel sources,
this is only looked at in stream functions. I guess this is a left-over from my
tmsgd attempts, which was based on stream sockets. messaging_dgm still only
uses datagram sockets, so MSG_NOSIGNAL is not needed here.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12502

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue May 30 16:39:12 CEST 2017 on sn-devel-144
2017-05-30 16:39:12 +02:00
Garming Sam
fd29e28d52 netlogon: Implement SendToSam along with its winbind forwarding
This allows you to forward bad password count resets to 0. Currently,
there is a missing access check for the RODC to ensure it only applies
to cached users (msDS-Allowed-Password-Replication-Group).

(further patches still need to address forcing a RWDC contact)

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-05-30 08:06:07 +02:00
Garming Sam
2368f57b4d winbindd: Do not run SAM auth stack in winbind SamLogon
pdbtest.s4winbind no longer is applicable without a live NETLOGON
connection.

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-05-30 08:06:06 +02:00
Garming Sam
deec2af7d2 libads: Decide to have no fallback option
Before this change, it would always possibly choose another server at
random despite later using the original principal when it got back to
the connection initialization in the the winbind connection manager.
This caused bizarre authentication failures.

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-05-30 08:06:06 +02:00
Garming Sam
52a37c697a winbindd_cm: Pass cm_open_connection the need_rw_dc flag
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-05-30 08:06:06 +02:00
Garming Sam
ac847898c8 winbindd_cm: Call dcip_check_name even when fetching from cache
This is so that we can ensure that the DC is RWDC if required.

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-05-30 08:06:06 +02:00
Garming Sam
9d8a373523 winbindd_cm: Rename dcip_to_name to the more accurate dcip_check_name
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-05-30 08:06:06 +02:00
Garming Sam
2ff09f6df0 winbindd_cm: Add new parameter to getdc and find_new_dc calls
This is to enforce the requirements on the remote DC.

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-05-30 08:06:06 +02:00
Garming Sam
bbf2414927 winbindd_cm: Add new parameter for dcip_to_name
This is used to check the appropriateness of the DC given.

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-05-30 08:06:06 +02:00
Garming Sam
eaf2c3e21d libads: Check cldap flags in libads/ldap
Pass down request flags and check they are respected with the response
flags. Otherwise, error out and pretend the connection never happened.

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-05-30 08:06:06 +02:00
Ralph Boehme
19b938e1fa s3/smbd: fix exclusive lease optimisation
We need to expect any amount of "stat" opens on the file without
triggering an assert.

This is the correct fix for bug #11844. I guess we haven't seens this
very often before bug #12766 got fixed, because most clients were using
LEASES instead of OPLOCKS.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12798

See also:
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11844
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12766

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-05-28 14:50:18 +02:00
Ralph Boehme
9d7739e819 s3/locking: make find_share_mode_entry public
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12798

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-05-28 14:50:18 +02:00
Jeremy Allison
5aa06145c6 s3: VFS: Fruit. Move to using struct smb_filename instead of char * paths.
Cleans up and removes some code.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri May 26 20:53:02 CEST 2017 on sn-devel-144
2017-05-26 20:53:02 +02:00
Jeremy Allison
fda1e701af s3: VFS: Catia: Ensure path name is also converted.
https://bugzilla.samba.org/show_bug.cgi?id=12804

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2017-05-26 16:46:12 +02:00
Volker Lendecke
02a76d86db CVE-2017-7494: rpc_server3: Refuse to open pipe names with / inside
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12780

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(master): Wed May 24 14:34:30 CEST 2017 on sn-devel-144
2017-05-24 14:34:30 +02:00
Jeremy Allison
4c234a90a9 s3: smbd: Correctly identify a snapshot path using UCF_GMT_PATHNAME.
All our client code already does this correctly for @GMT names.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon May 22 22:49:17 CEST 2017 on sn-devel-144
2017-05-22 22:49:17 +02:00
Jeremy Allison
aa72d09b31 s3: smbd: Add UCF_GMT_PATHNAME, which represents FLAGS2_REPARSE_PATH.
This must be set by a client to use shadow copy (@GMT) paths.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2017-05-22 18:41:16 +02:00
Jeremy Allison
1c9183bb38 s3: smbd: Fix up the ucf_flags correctly in smb_file_rename_information().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2017-05-22 18:41:16 +02:00
Jeremy Allison
f2f936a961 s3: smbd: We can now remove the 'bool dfs_path' parameter from filename_convert().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2017-05-22 18:41:16 +02:00
Jeremy Allison
0fbf5b644d s3: smbd: Add UCF_DFS_PATHNAME which tracks the flags2 FLAGS2_DFS_PATHNAMES bit.
Set inside ucf_flags_from_smb_request(). This will allow us to
remove the req->flags2 & FLAGS2_DFS_PATHNAMES parameter from
filename_convert().

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2017-05-22 18:41:15 +02:00
Jeremy Allison
29ec474454 s3: smbd: In ntrename OR in ucf_flags, don't overwrite.
This isn't worth a bug backport as right now the only flag that
could be overwritten is the UCF_POSIX_PATHNAMES flag, and for
a POSIX connection the client will use posix rename, not an
ntrename.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2017-05-22 18:41:15 +02:00
Jeremy Allison
4910febdac s3: smbd: Always use ucf_flags_from_smb_request() in place of checking by hand (in most cases).
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2017-05-22 18:41:15 +02:00
Jeremy Allison
f5866c66a4 s3: smbd: Split out ucf_flags_from_smb_request() from filename_create_ucf_flags().
We will use this elsewhere in later commits.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2017-05-22 18:41:15 +02:00
Jeremy Allison
8a2aa27f74 s3: smbd: Make it clear we only overwrite *ppath_contains_wcard if resolve_dfspath_wcard() detected a wildcard.
The API for this function specifies that *ppath_contains_wcard
must already have been initialized on entry to filename_convert()
(not a great design, but that's the way it is currently).

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2017-05-22 18:41:15 +02:00
Jeremy Allison
0e1c0684c2 s3: smbd: Remove ugly use of discard_const that previously was hidden in resolve_dfspath_wcard().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2017-05-22 18:41:15 +02:00
Jeremy Allison
2647eedb61 s3: smbd: Remove bool dfs_pathnames paramter from resolve_dfspath_wcard().
Start cleaning up the pathname parsing to move flags2 checks into UCF_FLAGS
function.

NB. This now only sets *ppath_contains_wcard inside resolve_dfspath_wcard()
if dfs_redirect() sets path_contains_wcard to true, which is a change
from the previous code which could potentially set *ppath_contains_wcard
to an uninitialized value if dfs_redirect() returned without setting
path_contains_wcard.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2017-05-22 18:41:15 +02:00
Stefan Metzmacher
1e997d7a66 s3:gse: add simple gensec_gse_update_send/recv() wrapper functions
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-05-21 21:05:10 +02:00