1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-25 23:21:54 +03:00
Commit Graph

9256 Commits

Author SHA1 Message Date
Stefan Metzmacher
0e7456d286 smbd: call set_current_case_sensitive() before chdir_current_service()
I guess we better setup conn->case_sensitive before doing the
vfs_ChDir() calls, so we have a consistent result everytime.
Otherwise vfs_Chdir() would get conn->case_sensitive from
last request.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2018-06-18 08:59:16 +02:00
Stefan Metzmacher
8e81090789 smbd: split out set_current_case_sensitive() and chdir_current_service() functions
We'll soon use them independend from set_current_service().

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2018-06-18 08:59:16 +02:00
Stefan Metzmacher
71d5809188 smbd: remove xconn->client->last_session_id based set_current_user_info() caching
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2018-06-18 08:59:16 +02:00
Stefan Metzmacher
5ef6775919 smbd: don't call change_to_root_user() before change_to_guest()
This is just an optimization and it makes it clearer
that calling change_to_root_user() just before change_to_guest()
is useless and confusing.

We call change_to_guest() before set_current_service() now,
but that has no impact as we pass 'do_chdir=false'
as AS_GUEST is never mixed with AS_USER or DO_CHDIR.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Jun 14 23:38:55 CEST 2018 on sn-devel-144
2018-06-14 23:38:55 +02:00
Stefan Metzmacher
9393d95f22 smbd: remove useless allow_access() check for AS_GUEST
We already call allow_access() when we accept the connection
in smbd_add_connection().

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-06-14 20:52:23 +02:00
Stefan Metzmacher
51407b90d9 smbd: split out a fsp_flush_write_time_update() function from update_write_time_handler()
It's confusing to call update_write_time_handler() from anywhere,
it should only be called from within the event loop when the
timer expires.

This makes it more obvious that fsp_flush_write_time_update()
doesn't really need an tevent context argument.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-06-14 20:52:23 +02:00
Stefan Metzmacher
553df61946 smbd: make smbd_setup_sig_{term,hup}_handler() static
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-06-14 20:52:23 +02:00
Stefan Metzmacher
efce558797 smbd: call samba_tevent_context_init() within create_conn_struct_as_root()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-06-14 20:52:23 +02:00
Stefan Metzmacher
ee8ea5ce01 smbd: use pconn = talloc_move(ctx, &conn) in create_conn_struct_as_root()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-06-14 20:52:23 +02:00
Stefan Metzmacher
d156483d64 smbd: remove unused create_conn_struct() function
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-06-14 20:52:23 +02:00
Stefan Metzmacher
b5302c6bc4 smbd: let create_conn_struct_tos() use create_conn_struct_as_root() directly
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-06-14 20:52:23 +02:00
Stefan Metzmacher
cdb875f5f7 smbd: remove unused create_conn_struct_cwd() function
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-06-14 20:52:23 +02:00
Stefan Metzmacher
36d3de023f smbd: convert form_junctions() to use create_conn_struct_tos_cwd()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-06-14 20:52:22 +02:00
Stefan Metzmacher
bcb4d421b2 smbd: convert count_dfs_links() to use create_conn_struct_tos_cwd()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-06-14 20:52:22 +02:00
Stefan Metzmacher
73e5d47d32 smbd: convert get_referred_path() to use create_conn_struct_tos_cwd()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-06-14 20:52:21 +02:00
Stefan Metzmacher
42610e0ca7 smbd: convert junction_to_local_path() to use create_conn_struct_tos_cwd()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-06-14 20:52:21 +02:00
Stefan Metzmacher
2401e257bb smbd: add an explicit talloc_stackframe() to form_junctions()
This makes further changes simpler.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-06-14 20:52:21 +02:00
Stefan Metzmacher
15ea2c1b6a smbd: add an explicit talloc_stackframe() to count_dfs_links()
This makes further changes simpler.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-06-14 20:52:21 +02:00
Stefan Metzmacher
e3837d36e7 smbd: add an explicit talloc_stackframe() to get_referred_path()
This makes further changes simpler.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-06-14 20:52:21 +02:00
Stefan Metzmacher
a9f5dcdc62 smbd: add an explicit talloc_stackframe() to {create,remove}_msdfs_link()
This makes further changes simpler.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-06-14 20:52:21 +02:00
Stefan Metzmacher
96ac5a80cb smbd: make use of create_conn_struct_tos() in get_nt_acl_no_snum()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-06-14 20:52:21 +02:00
Stefan Metzmacher
1566766f38 pysmbd: make use of create_conn_struct_tos()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-06-14 20:52:21 +02:00
Stefan Metzmacher
67ea594843 pysmbd: remove explicit talloc_stackframe() from get_conn() and name it get_conn_tos()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-06-14 20:52:21 +02:00
Stefan Metzmacher
539f51f0df pysmbd: fix some talloc_stackframe() memory leaks and clean up the frame hierarchy in make_simple_acl().
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-06-14 20:52:21 +02:00
Stefan Metzmacher
7ef67df3f3 pysmbd: consitently use talloc_stackframe() for temporary memory
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-06-14 20:52:20 +02:00
Stefan Metzmacher
cbde2e348b pysmbd: remove useless explicit conn_free() from set_nt_acl_conn()
The following TALLOC_FREE(frame); will do the same via
conn_free_wrapper().

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-06-14 20:52:20 +02:00
Stefan Metzmacher
66bc2c4332 smbd: add create_conn_struct_tos[_cwd]() helper functions
This makes it more obvious that the returned connection_struct
is only temporary (and allocated on talloc_tos()!)
It will never allow async requests on a long term
tevent context! So we create a short term event context.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-06-14 20:52:20 +02:00
Stefan Metzmacher
ebae5e055c printing: remove unused arguments from delete_and_reload_printers()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-06-14 20:52:20 +02:00
Stefan Metzmacher
72bd6885ab printing: remove unused arguments from load_printers()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-06-14 20:52:20 +02:00
Ralph Boehme
465b7d07e5 s3:smbd: don't allow renaming basefile if streams are open
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13451

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-05-30 19:10:26 +02:00
Ralph Boehme
37e7ff05ab s3:smbd: add private option NTCREATEX_OPTIONS_PRIVATE_STREAM_BASEOPEN
This will be used to mark basefile opens of streams opens. This is
needed to later implement a function that can determine if a file has
stream opens.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13451

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-05-30 19:10:26 +02:00
Christof Schmitt
9a79a61abb smbd: Move dfree_info struct
As the struct is no longer used as part of connection_struct, move it to
dfree.c.

This is not backported, as it would change the VFS ABI.

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-05-25 22:52:12 +02:00
Christof Schmitt
e30d0c0e0d smbd: Flush dfree memcache on service reload
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13446

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-05-25 22:52:12 +02:00
Christof Schmitt
8f121747b0 smbd: Cache dfree information based on query path
Sub directories in a SMB share can have different free space information
(e.g. when a different file system is mounted there). Caching the dfree
information per SMB share will return invalid data. Address this by
switching to memcache and store the cached data based on the query path.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13446

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-05-25 22:52:12 +02:00
Jeremy Allison
e85a662eea s3: smbd: Make map_acl_perms_to_permset() extern.
The vfs_fake_acl module will need it to implement chown/fchown.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2018-05-25 18:39:25 +02:00
Jeremy Allison
109d94d15e s3: smbd: Make unix_perms_to_acl_perms() extern.
The vfs_fake_acl module will need it to implement chown/fchown.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2018-05-25 18:39:25 +02:00
Jeremy Allison
a41155b005 s3: posix_acls: Remove unused 'connection_struct *conn' parameter to map_acl_perms_to_permset().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2018-05-25 18:39:25 +02:00
Jeremy Allison
cfbe3048af s3: posix_acls: Remove dead functions fchmod_acl()/chmod_acl().
No longer used.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2018-05-25 18:39:25 +02:00
Jeremy Allison
5bbb831041 s3: VFS: Remove SMB_VFS_FCHMOD_ACL().
No longer used.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2018-05-25 18:39:25 +02:00
Jeremy Allison
7b8fa17f06 s3: VFS: Remove SMB_VFS_CHMOD_ACL().
No longer used.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2018-05-25 18:39:24 +02:00
Jeremy Allison
aaed6b4e99 s3: smbd: Use FCHMOD call, not FCHMOD_ACL call if mode bits reset needed.
This is a behavior change, it will modify the POSIX ACL mask
from a value of rwx instead of modifying the existing ACE
entries to be ANDed with the passed in mode. However it
will have no effect on the underlying permissions, and
better reflects the proper use of POSIX ACLs (i.e. I
didn't understand the use of the mask entry in the
ACL when I first wrote the POSIX ACL code).

In addition, the vfs_acl_common.c module already
filters these calls for all but POSIX opens, which
means the only place this change is exposed to the
client would be a cifsfs unix extensions client doing
posix acl calls (and they would expect the mask to
be set like this on chmod).

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2018-05-25 18:39:24 +02:00
Jeremy Allison
2f4e581c3d s3: smbd: Optimization. Only do the FCHMOD_ACL call if mode bits not equal.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2018-05-25 18:39:24 +02:00
Jeremy Allison
4f6c71ae88 s3: smbd: optimization. Only do the FCHMOD call if needed.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2018-05-25 18:39:24 +02:00
Jeremy Allison
d03e9a861e s3: smbd: Remove use of SMB_VFS_FCHMOD_ACL() in overwrite case.
We have potentially called SMB_VFS_FCHMOD() here in
the file_set_dosmode() call associated with the comment
/* Overwritten files should be initially set as archive */
at line 3755 above, so there is no need to do any POSIX ACL
mask protection.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2018-05-25 18:39:24 +02:00
Jeremy Allison
41ee89b2ec s3: smbd: Add clarifying comment on mode change on overwritten files.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2018-05-25 18:39:24 +02:00
Jeremy Allison
a6c03f2a9b s3: smbd: Remove existing_unx_mode, an unused parameter to open_match_attributes().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2018-05-25 18:39:24 +02:00
Volker Lendecke
33d1ac8546 smbd: Call smbXsrv_client_global_init in the parent smbd
Otherwise we're missing the clear-if-first optimization for
smbXsrv_client_global.tdb.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri May 25 16:00:08 CEST 2018 on sn-devel-144
2018-05-25 16:00:08 +02:00
Ralph Boehme
ec2a408313 s3:smbd: make psbuf arg to make_default_acl_posix() const
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13175

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-05-18 19:03:25 +02:00
Jeremy Allison
42aadf42f2 s3: smbd: Fix SMB2-FLUSH against directories.
Directories opened with either FILE_ADD_FILE or
FILE_ADD_SUBDIRECTORY can be flushed even if
they're not writable in the conventional sense.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13428

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2018-05-17 23:41:10 +02:00
Andreas Schneider
76d5f78bb8 s3:smbd: Fix converity warning with _smb_setlen_large()
result_independent_of_operands: "(outsize - 4 & 0xffffff) >> 16 >> 8" is
0 regardless of the values of its operands. This occurs as the bitwise
first operand of "&".

So we should just pass a variable to silence the warning. However for
this, we should calculate it correctly and use size_t for it.

Found by Coverity.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-05-16 21:30:23 +02:00
Timur I. Bakeyev
010cddae6c Convert affected by previous commit lines from DEBUG(10,..) to DBG_DEBUG().
Signed-off-by: Timur I. Bakeyev <timur@iXsystems.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed May 16 21:29:24 CEST 2018 on sn-devel-144
2018-05-16 21:29:24 +02:00
Timur I. Bakeyev
d3cbcbd5c0 Remove extra 0x prefix for the "%p" format specifiers, avoiding 0x0x0 strings in the output.
Signed-off-by: Timur I. Bakeyev <timur@iXsystems.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2018-05-16 18:06:23 +02:00
Volker Lendecke
31cba34a8f smbd: Fix "reset on zero vc"
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13340
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Sun May 13 23:43:56 CEST 2018 on sn-devel-144
2018-05-13 23:43:56 +02:00
Mathieu Parent
15d2f4f817 Fix spelling s/unsuported/unsupported/
Signed-off-by: Mathieu Parent <math.parent@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2018-05-12 02:09:27 +02:00
Mathieu Parent
66a9b53457 Fix spelling s/succesfully/successfully/
Signed-off-by: Mathieu Parent <math.parent@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2018-05-12 02:09:27 +02:00
Mathieu Parent
fab4fe9cb4 Fix spelling s/missmatch/mismatch/
Signed-off-by: Mathieu Parent <math.parent@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2018-05-12 02:09:26 +02:00
Mathieu Parent
3a7b12950f Fix spelling s/desriptor/descriptor/
Signed-off-by: Mathieu Parent <math.parent@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2018-05-12 02:09:26 +02:00
Jeremy Allison
52dc959bb2 s3: smbd: Remove unused counters for outstanding aio calls.
Only a debug message used this.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed May  9 22:24:38 CEST 2018 on sn-devel-144
2018-05-09 22:24:38 +02:00
Jeremy Allison
30e6b5999b s3: VFS: Remove SMB_VFS_WRITE() function and all implementations.
All code in Samba now uses SMB_VFS_PWRITE or SMB_VFS_PWRITE_SEND.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Sat May  5 01:38:07 CEST 2018 on sn-devel-144
2018-05-05 01:38:07 +02:00
Jeremy Allison
25bad32993 s3: VFS: Remove vfs_write_data(). No longer used.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2018-05-04 22:34:25 +02:00
Jeremy Allison
394ac908c1 s3: smbd: Remove the handling of offset == -1 in real_write_file().
All SMB1/2/3 offsets over the wire are absolute.

The only caller with offset == -1 is on a print-spool file
in reply_printwrite(), and write_file() redirects this
to print_spool_write(), which correctly handles the -1.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2018-05-04 22:34:25 +02:00
Jeremy Allison
c1bcf1e7fd s3: VFS: Remove SMB_VFS_READ() function and all implementations.
All code in Samba now uses SMB_VFS_PREAD or SMB_VFS_PREAD_SEND.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2018-05-04 22:34:25 +02:00
Ralph Boehme
53ff08a2cf s3:cleanupd: sends MSG_SMB_UNLOCK twice to interested peers
MSG_SMB_UNLOCK should be send to smbd that are waiting on blocked
byte-range-locks when a lock holder died.

In smbd_cleanupd_unlock() we do this twice: once via a broadcast and
then again via brl_revalidate() to processes that are actually recorded
in brlock.tdb.

As brl_revalidate() should already take care of signaling anyone who
would be interested in the message, there's no need to broadcast.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13416

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri May  4 03:02:28 CEST 2018 on sn-devel-144
2018-05-04 03:02:27 +02:00
Ralph Boehme
d3b9d11bad s3:cleanupd: use MSG_SMB_BRL_VALIDATE to signal cleanupd unclean process shutdown
Since 6423ca4bf2 messaging_send_all()
broadcasts messages in a cluster, so cleanupd receives those broadcasts
and acts upon it by re-broadcasting the message. Result: message
storm.

By reactivating the currently unused MSG_SMB_BRL_VALIDATE for the
trigger message to cleanupd we avoid the storm.

Note that MSG_SMB_BRL_VALIDATE was unused only in the sense that noone
*listened* to it, but we were still *sending* the message in
smbd_parent_ctdb_reconfigured(). de6fe2a1dd
removed listening for MSG_SMB_BRL_VALIDATE from cleanupd. This commits
brings it back.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13414

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-05-04 00:11:24 +02:00
Jeremy Allison
0c78aa1f3a s3: VFS: Default. Move vfs_read_data() out of source3/smbd/vfs.c to the printing code, which is the only caller.
Make static.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed May  2 22:20:23 CEST 2018 on sn-devel-144
2018-05-02 22:20:23 +02:00
Jeremy Allison
bc71cd035c s3: VFS: Remove fsync_fn() from the VFS and all modules. VFS ABI change.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed May  2 01:06:28 CEST 2018 on sn-devel-144
2018-05-02 01:06:27 +02:00
Jeremy Allison
cf4442090e s3: vfs: Use the new smb_vfs_fsync_sync() call in place of SMB_VFS_FSYNC().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2018-05-01 22:15:21 +02:00
Jeremy Allison
a0482b9d8d s3: VFS: Add a synchronous smb_vfs_fsync_sync() call, built from async primitives.
Will be used in the next commit.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2018-05-01 22:15:21 +02:00
Christof Schmitt
a6fade4e10 rpc_server: Fix NetSessEnum with stale sessions
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13407

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Apr 25 22:49:07 CEST 2018 on sn-devel-144
2018-04-25 22:49:07 +02:00
Volker Lendecke
d7cfb12bf3 lib: #include "util_event.h" only where needed
One dependency of includes.h less

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Apr 24 22:26:22 CEST 2018 on sn-devel-144
2018-04-24 22:26:22 +02:00
Stefan Metzmacher
74590c6795 s3:smbd: call pthreadpool_tevent_init() already in smbd_process()
pthreadpool_tevent_init() doesn't start any thread yet, it only
allocates a bit of memory.

It's easier to start this in a central place, so that it's
available to all VFS modules.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2018-04-23 10:30:18 +02:00
Stefan Metzmacher
87e25cd1e4 s3:smb2_server: correctly maintain request counters for compound requests
If a session expires during a compound request chain,
we exit smbd_smb2_request_dispatch() with
'return smbd_smb2_request_error(req, ...)' before
calling smbd_smb2_request_dispatch_update_counts().

As req->request_counters_updated was only reset
within smbd_smb2_request_dispatch_update_counts(),
smbd_smb2_request_reply_update_counts() was called
twice on the same request, which triggers
SMB_ASSERT(op->request_count > 0);

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13215

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2018-04-12 11:28:17 +02:00
Jeremy Allison
118e77d86a s3: smbd. Generic fix for incorrect reporting of stream dos attributes on a directory
According to MS-FSA a stream name does not have
separate DOS attribute metadata, so we must return
the DOS attribute from the base filename. With one caveat,
a non-default stream name can never be a directory.

As this is common to all streams data stores, we handle
it here instead of inside all stream VFS modules.

Otherwise identical logic would have to be added to
all streams modules in their [f]get_dos_attribute_fn()
VFS calls.

Found in real-world use case by Andrew Walker <awalker@ixsystems.com>.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13380

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
2018-04-11 23:09:12 +02:00
Volker Lendecke
d40891a146 smbd: Fix CID 1414783 Double unlock
The loop is unnecessary, both susv4 as well as the Linux manpage
explicitly say:

> These functions shall not return an error code of [EINTR].

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-04-11 19:07:24 +02:00
Volker Lendecke
39bdd175e9 libsmb: Give namequery.c its own header
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-04-11 01:06:39 +02:00
Jeremy Allison
3227b110d0 s3: smbd: Unix extensions attempts to change wrong field in fchown call.
Cut and paste error.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13375

Reported-by: Rungta, Vandana <vrungta@amazon.com>
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>

Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Tue Apr 10 00:45:56 CEST 2018 on sn-devel-144
2018-04-10 00:45:56 +02:00
Ralph Wuerthner
5bba8c393d s3:smb2_tcon: Add check to prevent non-DFS clients from connecting to an msdfs proxy.
Signed-off-by: Ralph Wuerthner <ralph.wuerthner@de.ibm.com>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Apr  7 05:05:22 CEST 2018 on sn-devel-144
2018-04-07 05:05:22 +02:00
Gary Lockyer
428c0a81ae source3: initilize_password_db after a fork.
This is required because we need a new pointer for LDB after the fork,
and with LMDB we can not longer rely on tdb_reopen_all() to do that
for us.

This can not be done in reinit_after_fork() due to the dependency loop
this would create.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-04-06 02:08:45 +02:00
Noel Power
53e76ed2ff python3 port for smbd module
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2018-04-05 08:59:09 +02:00
Volker Lendecke
c31e5371bf smbd: Fix CID 240676 Dereference after null check
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2018-04-04 00:44:22 +02:00
Andreas Schneider
06940155f3 s3:smbd: Fix size types in reply_negprot()
This fixes compilation with -Wstrict-overflow=2.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-04-03 20:20:10 +02:00
Ralph Boehme
66052fdccd s3:smbd: don't use the directory cache for SMB2/3
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13363

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Mar 30 03:51:48 CEST 2018 on sn-devel-144
2018-03-30 03:51:48 +02:00
Jeremy Allison
2514bee0a3 s3: smbd: Files or directories can't be opened DELETE_ON_CLOSE without delete access.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13358

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <Volker.Lendecke@SerNet.DE>
2018-03-29 20:31:34 +02:00
Ralph Boehme
42d6dd2f30 s3: smbd: always set vuid in check_user_ok()
A SMB session reauth will have invalidated conn->vuid via
conn_clear_vuid_caches().

Ensure conn->vuid always has the vuid of the current user in
check_user_ok().

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13351

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Mar 22 18:26:04 CET 2018 on sn-devel-144
2018-03-22 18:26:03 +01:00
Jeremy Allison
ad973fddef s3: smbd: SMB2: Add DBGC_SMB2_CREDITS class to specifically debug credit issues.
https://bugzilla.samba.org/show_bug.cgi?id=13347

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
2018-03-22 02:15:13 +01:00
Jeremy Allison
8dabcf8948 s3: debug: smb2: Create a new DBGC_SMB2 debug class and mark all smbd/smb2_*.c files with it.
Will allow easier smb2-specific debugging.

https://bugzilla.samba.org/show_bug.cgi?id=13347

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
2018-03-22 02:15:13 +01:00
Andreas Schneider
eb0bdefd2d s3:avahi: Fix size types
This fixes compilation with -Wstrict-overflow=2

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-03-20 23:16:15 +01:00
Swen Schillig
62c3a7a6bd s3: Fix possible mem leak
The call to full_path_tos() might allocate memory which needs to be free'd
once processign is done.

Signed-off-by: Swen Schillig <swen@vnet.ibm.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-03-20 23:16:14 +01:00
Anton Nefedov via samba-technical
9862312944 s3:smbd: map nterror on smb2_flush errorpath
smbd_smb2_flush_recv() expects nterror in tevent_req, and otherwise
aborts in tevent_req_is_nterror()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13338

Signed-off-by: Anton Nefedov <anton.nefedov@virtuozzo.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-03-16 03:04:58 +01:00
Swen Schillig
b97d18f0fe s3: Fix max indentation and max column
Minor cleanup reducing the max indentation level and max column length.

Signed-off-by: Swen Schillig <swen@vnet.ibm.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
2018-03-12 20:39:16 +01:00
Andreas Schneider
a89a714656 s3:smbd: Do not crash if we fail to init the session table
This should the following segfault with SMB1:

  #6  sig_fault (sig=<optimized out>) at ../lib/util/fault.c:94
  #7  <signal handler called>
  #8  smbXsrv_session_create (conn=conn@entry=0x5654d3512af0, now=now@entry=131594481900356690, _session=_session@entry=0x7ffc93a778e8)
      at ../source3/smbd/smbXsrv_session.c:1212
  #9  0x00007f7618aa21ef in reply_sesssetup_and_X (req=req@entry=0x5654d35174b0) at ../source3/smbd/sesssetup.c:961
  #10 0x00007f7618ae17b0 in switch_message (type=<optimized out>, req=req@entry=0x5654d35174b0) at ../source3/smbd/process.c:1726
  #11 0x00007f7618ae3550 in construct_reply (deferred_pcd=0x0, encrypted=false, seqnum=0, unread_bytes=0, size=140, inbuf=0x0, xconn=0x5654d35146d0)
      at ../source3/smbd/process.c:1762
  #12 process_smb (xconn=xconn@entry=0x5654d3512af0, inbuf=<optimized out>, nread=140, unread_bytes=0, seqnum=0, encrypted=<optimized out>,
      deferred_pcd=deferred_pcd@entry=0x0) at ../source3/smbd/process.c:2008
  #13 0x00007f7618ae4c41 in smbd_server_connection_read_handler (xconn=0x5654d3512af0, fd=40) at ../source3/smbd/process.c:2608
  #14 0x00007f761587eedb in epoll_event_loop_once () from /lib64/libtevent.so.0

Inspection the core shows that:
  conn->client-session_table is NULL
  conn->protocol is PROTOCOL_NONE

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13315

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-03-02 00:39:59 +01:00
Andreas Schneider
29b5de26df s3:smbd: Add FALL_THROUGH statements in reply.c
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-03-01 04:37:43 +01:00
Andreas Schneider
964b2d4aae s3:smbd: Add FALL_THROUGH statements in trans2.c
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-03-01 04:37:42 +01:00
Andreas Schneider
a4623fac64 s3:smbd: Add FALL_THROUGH statements in nttrans.c
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-03-01 04:37:42 +01:00
Jeremy Allison
5ad5e7966f s3: smbd: Fix possible directory fd leak if the underlying OS doesn't support fdopendir()
HPUX has this problem.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13270

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Feb 23 22:56:35 CET 2018 on sn-devel-144
2018-02-23 22:56:35 +01:00
Björn Jacke
29aa5c93d7 wscript: drop checks for setnetgrent/endnetgrent/getnetgrent
we don't use setnetgrent/endnetgrent/getnetgrent since security share passed
away.

Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2018-02-21 14:19:17 +01:00
Björn Jacke
14f798cbcc s3: remove dead already commented code
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2018-02-21 14:19:17 +01:00
Andreas Schneider
6f9c6d369f s3:auth: Pass mem_ctx to init_system_session_info()
We have a stackframe we can use for the lifetime of the session.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Feb 21 02:46:40 CET 2018 on sn-devel-144
2018-02-21 02:46:40 +01:00
Andreas Schneider
7f47cec234 s3:auth: Pass mem_ctx to init_guest_session_info()
Use a mem_ctx which gets freed if possible.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-02-20 21:55:13 +01:00
Volker Lendecke
f7e65719a4 smbd: Pass "file_id" explicitly to send_break_to_none
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-02-13 00:26:43 +01:00
Volker Lendecke
1e2659e96d smbd: Pass "file_id" explicitly to send_break_message()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-02-13 00:26:43 +01:00
Volker Lendecke
d9e5148470 smbd: Avoid a dependency on share_mode_entry->id
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-02-13 00:26:43 +01:00
Volker Lendecke
ddb1524669 smbd: Avoid a dependency on share_mode_entry->id
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-02-13 00:26:43 +01:00
Volker Lendecke
b7e29d04c6 smbd: Pass "file_id" explicitly to message_to_share_mode_entry()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-02-13 00:26:43 +01:00
Volker Lendecke
fc424b28cd smbd: Pass "file_id" explicitly into share_mode_entry_to_message()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-02-13 00:26:43 +01:00
Volker Lendecke
3434b32b88 smbd: Pass in "file_id" into validate_my_share_entries
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-02-13 00:26:43 +01:00
Volker Lendecke
9487510e9e smbd: Pass in "file_id" into share_mode_str()
This used to directly access share_entry->id, which will go

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-02-13 00:26:43 +01:00
Volker Lendecke
67fcc7dbb9 lib: Make g_lock_dump use TDB_DATA
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2018-02-08 10:01:50 +01:00
Volker Lendecke
ed3521d172 lib: Make g_lock_write_data use TDB_DATA
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2018-02-08 10:01:50 +01:00
Volker Lendecke
a104e08171 lib: Make g_lock_unlock use TDB_DATA
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2018-02-08 10:01:50 +01:00
Volker Lendecke
bdeb7e7d81 lib: Make g_lock_lock use TDB_DATA
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2018-02-08 10:01:50 +01:00
Ralph Boehme
84f07a8dcb s3/smbd: fix handling of delete-on-close on directories
This implements a check to test the delete-on-close flag of a directory
for requests to create files in this directory.

Windows server implement this check, Samba doesn't as it has performance
implications.

This commit implements the check and a new option to control it. By
default the check is skipped, setting "check parent directory delete on
close = yes" enables it.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Sat Feb  3 23:42:16 CET 2018 on sn-devel-144
2018-02-03 23:42:16 +01:00
Christof Schmitt
e77f8e4628 Remove file system sharemode before calling unlink
GPFS implements the DENY_DELETE sharemode, which prevents unlink() from
deleting the file.. This causes the problem that deleting a file through
"delete on close" fails, as the code in close.c first calls unlink() and
only later removes the file system sharemode.

Fix this by removing the file system sharemode before calling unlink().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13217

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Christof Schmitt <cs@samba.org>
Autobuild-Date(master): Wed Jan 17 01:31:53 CET 2018 on sn-devel-144
2018-01-17 01:31:53 +01:00
Volker Lendecke
0b57434151 smbd: Fix channel sequence number checks for long-running requests
When the client's supplied csn overflows and hits a pending, long-running
request's csn, we panic. Fix this by counting the overflows in
smbXsrv_open_global0->channel_generation

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13215

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Volker Lendecke <vl@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2018-01-14 10:26:05 +01:00
Volker Lendecke
03f65a7cdc smbd: Remove a "!" from an if-condition for easier readability
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13215

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2018-01-14 10:26:05 +01:00
Volker Lendecke
e8636e7ab7 smbd: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2018-01-14 10:26:05 +01:00
Justin Maggard via samba-technical
f1befc5d53 s3/smbd: Fix error code for unsupported SET_INFO requests
FileValidDataLengthInformation and FileShortNameInformation are both
valid FileInfoClasses that we don't support.  According to [MS-SMB2]
3.3.5.21.1, we should be returning STATUS_NOT_SUPPORTED instead of
NT_STATUS_INVALID_LEVEL for these.

Signed-off-by: Justin Maggard <jmaggard@netgear.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Jan 13 07:25:42 CET 2018 on sn-devel-144
2018-01-13 07:25:42 +01:00
Stefan Metzmacher
502aa78704 s3:smbd: remove deprecated 'use spnego = no" handling
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2018-01-10 01:01:24 +01:00
Jeremy Allison
114f5da2fa s3: smbd: Use identical logic to test for kernel oplocks on a share.
Due to inconsistent use of lp_kernel_oplocks() we could miss kernel
oplocks being on/off in some of our oplock handling code, and thus
use the wrong logic.

Ensure all logic around koplocks and lp_kernel_oplocks() is consistent.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13193

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Jan  4 16:03:38 CET 2018 on sn-devel-144
2018-01-04 16:03:38 +01:00
Stefan Metzmacher
c4919d4d5f s3:smb2_server: allow logoff, close, unlock, cancel and echo on expired sessions
Windows client at least doesn't have code to replay
a SMB2 Close after getting NETWORK_SESSION_EXPIRED,
which locks out a the client and generates an endless
loop around NT_STATUS_SHARING_VIOLATION.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13197

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Dec 21 23:28:42 CET 2017 on sn-devel-144
2017-12-21 23:28:41 +01:00
Stefan Metzmacher
cfaba68478 s3:smbd: return the correct error for cancelled SMB2 notifies on expired sessions
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13197

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-12-21 19:12:09 +01:00
Uri Simchoni
d6f5ee6707 pysmbd: fix use of sysacl API
Fix pysmbd to use the sysacl (POSIX ACL support) as intended, and
not assume too much about the inner structure and implementation
of the permissions in the sysacl API.

This will allow the inner structure to change in a following commit.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13176

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-12-21 19:12:07 +01:00
Gary Lockyer
92e801aad5 source3/smbd/server.c set socket close on exec
Set SOCKET_CLOEXEC on the sockets returned by accept.  This ensures that
the socket is unavailable to any child process created by system().
Making it harder for malicious code to set up a command channel,
as seen in the exploit for CVE-2015-0240

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-12-18 04:38:20 +01:00
Christof Schmitt
7fa91fc479 smbd: Fix coredump on failing chdir during logoff
server_exit does an internal tree disconnect which requires a chdir to
the share directory. In case the file system encountered a problem and
the chdir call returns an error, this triggers a SERVER_EXIT_ABNORMAL
which in turn results in a panic and a coredump. As the log already
indicates the problem (chdir returned an error), avoid the
SERVER_EXIT_ABNORMAL in this case and not trigger a coredump.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13189

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Dec 16 01:56:06 CET 2017 on sn-devel-144
2017-12-16 01:56:06 +01:00
Stefan Metzmacher
5dd307928a s3:smbd: remove deprecated handling of "profile acls = yes"
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-12-13 20:34:24 +01:00
Volker Lendecke
3190cd15b6 smbd: Fix async large read
We also do the 128k reads asynchronously, just not the huge 24MB
ones. smb_setlen does not work well for >64k.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-12-12 20:37:08 +01:00
Kevin Anderson
18307f8711 Add mdns name configuration option
Add the mdns name configuration variable to control the mdns hostname.
The default is to use the NETBIOS name of the system to match previous
versions which is typically the hostname in all capitals. A value of mdns
can be provided to defer the hostname to the mdns library.

With the recent patch to support time machine being merged this patch
allows for a user to configure the server name that is advertised to
be lower cased through Avahi advertisements.

Signed-off-by: Kevin Anderson <andersonkw2@gmail.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-12-08 22:58:17 +01:00
Volker Lendecke
41cfc737df lib: Remove unused serverid.tdb
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Dec  5 04:58:26 CET 2017 on sn-devel-144
2017-12-05 04:58:26 +01:00
Volker Lendecke
6423ca4bf2 lib: Use messaging_send_all instead of message_send_all
Just a global search&replace

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-12-05 00:56:13 +01:00
Volker Lendecke
fc2f0023a0 messaging: Remove the "n_sent" arg from message_send_all
The only user of this is an informative message in smbcontrol. I don't think
that's worth the effort.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-12-05 00:56:12 +01:00
Volker Lendecke
2f8055f676 dbwrap_watch: Remove the "prec" parameter from watch_recv
The initial idea was to have some "atomicity" in this API. Every
caller interested in a record would have to do something with
it once it changes. However, only one caller really used this
feature, and that is easily changed to not use it. So
remove the complexity.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2017-11-29 16:59:15 +01:00
Volker Lendecke
4e86c32214 smbd: Avoid using dbwrap_watched_watch_recv's prec argument
This is the only user of the "prec" argument of
dbwrap_watched_watch_recv. The next patch will remove this
functionality, as it's easily replaced here.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2017-11-29 16:59:15 +01:00
Andreas Schneider
8736013dc4 s4:samba: Allow samba daemon to run in foreground
We are passing the no_process_group to become_daemon() that setsid() is
not called. In case we are double forking, we run in SysV daemon mode,
setsid() should be called!

See:
https://www.freedesktop.org/software/systemd/man/daemon.html

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13129

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-11-28 11:37:06 +01:00
Jeremy Allison
33f88abe6b s3: smbd: Chain code can return uninitialized memory when talloc buffer is grown.
Ensure we zero out unused grown area.

CVE-2017-15275

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13077

Signed-off-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(master): Tue Nov 21 19:42:22 CET 2017 on sn-devel-144
2017-11-21 19:42:22 +01:00
Jeremy Allison
deda04389a s3: smbd: Fix SMB1 use-after-free crash bug. CVE-2017-14746
When setting up the chain, always use 'next->' variables
not the 'req->' one.

Bug discovered by 连一汉 <lianyihan@360.cn>

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13041

Signed-off-by: Jeremy Allison <jra@samba.org>
2017-11-21 15:46:12 +01:00
Volker Lendecke
1f071b1a25 smbd: Avoid an "else"
We always return in the if-branch before. The else is redundant

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-11-13 23:54:46 +01:00
Jeremy Allison
47c13fc10a s3: smbd: kernel oplocks. Replace retry_open() with setup_kernel_oplock_poll_open().
If a O_NONBLOCK open fails with EWOULDBLOCK, this code changes smbd to
do a retry open every second, until either the timeout or we get a successful
open. If we're opening a file that has a kernel lease set by a non-smbd
process, this is the best we can do.

Prior to this, smbd would block on the second open on such a leased file
(not using O_NONBLOCK) which freezes active clients.

Regression test to follow.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13121

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2017-11-11 16:09:17 +01:00
Uri Simchoni
37ac8ad4bf vfs: remove SMB_VFS_INIT_SEARCH_OP
This VFS is no longer being called, hence removed.

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-11-11 04:49:27 +01:00
Uri Simchoni
1d9e8ff87b smbd: remove dptr_init_search_op()
This function is now not being used.

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-11-11 04:49:27 +01:00
Uri Simchoni
b8aa599f06 smbd: remove calls to dptr_init_search_op() from TRANS2 search code
dptr_init_search_op() invokes VFS operations which are no-op in all
in-tree VFS modules. Furthermore, it's not being called by the SMB2
search code, so probably it's not being used by any out-of-tree VFS
module either.

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-11-11 04:49:27 +01:00
Uri Simchoni
f53ee1284f smbd: remove calls to dptr_init_search_op()
dptr_init_search_op() invokes a VFS operation which is
a no-op in all in-tree VFS modules. Furthermore,
dptr_init_search_op() is not being called from SMB2 search
code, which hints that no out-of-tree VFS module needs it.

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-11-11 04:49:27 +01:00
Jeremy Allison
62a556d5c8 Revert "s3/smbd: fix deferred open with streams and kernel oplocks"
This reverts commit b35a296a27.

This was the cause of

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13058

1. client of smbd-1 opens the file and sets the oplock.
2. client of smbd-2 tries to open the file. open() fails(EAGAIN) and open is deferred.
3. client of smbd-1 sends oplock break request to the client.
4. client of smbd-1 closes the file.
5. client of smbd-1 opens the file and sets the oplock.
6. client of smbd-2 calls defer_open_done(), sees that the file lease was not changed
			and does not reschedule open.

and is no longer needed now vfs_streams_xattr.c no longer opens
the base file internally.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
2017-11-10 23:27:10 +01:00
Ralph Boehme
dd3660631b s3/posix_acls: add default ACL style "everyone"
This synthesizes an ACL with a single ACE with full permissions for
everyone. Not used for now, this comes later.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-11-08 00:20:07 +01:00
Ralph Boehme
33c0b0df01 s3/smbd: make make_default_filesystem_acl public
This will be used by another VFS module in a subsequent commit.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-11-08 00:20:07 +01:00
Ralph Wuerthner
c9e996d78d s3: smbd: Fix delete-on-close after smb2_find
Both dptr_create() and can_delete_directory_fsp() are calling OpenDir_fsp()
to get a directory handle. This causes an issue when delete-on-close is
set after smb2_find because both directory handle instances share the same
underlying file descriptor. In addition the SMB_ASSERT() in destructor
smb_Dir_destructor() gets triggered.

To avoid this use OpenDir() instead of OpenDir_fsp().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13118

Signed-off-by: Ralph Wuerthner <ralph.wuerthner@de.ibm.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2017-11-05 08:30:19 +01:00
Volker Lendecke
dea1881fc5 smbd: Remove an indentation level in smb2_negprot
Do an early return. Best viewed with "git show -b"

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-10-27 20:33:25 +02:00
Ralph Boehme
e6f3631eba s3/smbd: update some more DEBUG macros in smbd_smb2_create_send
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Sat Oct 21 18:08:46 CEST 2017 on sn-devel-144
2017-10-21 18:08:46 +02:00
Ralph Boehme
18a7ea8c0f s3/smbd: use early returns in smbd_smb2_create_send
Now that we have the nice smbd_smb2_create_after_exec() and
smbd_smb2_create_finish() functions, use early returns for the create
replay and durable handle reconnect case.

No change in behaviour, best viewed with

$ git show -w COMMIT

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2017-10-21 14:00:11 +02:00
Ralph Boehme
e55949c415 s3/smbd: factor out smbd_smb2_create_after_exec from smbd_smb2_create_send
No change in behaviour.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2017-10-21 14:00:11 +02:00
Ralph Boehme
6478a2b1fd s3/smbd: factor out smbd_smb2_create_before_exec from smbd_smb2_create_send
No change in behaviour, best viewed with:

$ git show --diff-algorithm=histogram COMMIT

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2017-10-21 14:00:11 +02:00
Ralph Boehme
403f024de1 s3/smbd: remove all stack variables of smbd_smb2_create_send into smbd_smb2_create_state
This allows factoring out smbd_smb2_create_after|before_exec() in the
next steps.

Moving all variable in one big fell swoop instead of one per commit,
because if I'd miss to adjust a variable access the commit wouldn't
compile.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2017-10-21 14:00:11 +02:00
Ralph Boehme
cadf4d56ee s3/smbd: move create ctx extraction and validation to a helper func
No change in behaviour.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2017-10-21 14:00:11 +02:00
Ralph Boehme
8229473347 s3/smbd: move create contexts into smbd_smb2_create_state
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2017-10-21 14:00:11 +02:00
Ralph Boehme
4cbd2f13ba s3/smbd: remove unneeded args from smbd_smb2_create_finish
The previous commits moved all arguments into smbd_smb2_create_state.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2017-10-21 14:00:11 +02:00
Ralph Boehme
4bb7acfe65 s3/smbd: move info into smbd_smb2_create_state
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2017-10-21 14:00:11 +02:00
Ralph Boehme
b0ee889a0a s3/smbd: add in_create_disposition to smbd_smb2_create_state
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2017-10-21 14:00:11 +02:00
Ralph Boehme
127715c665 s3/smbd: add in_oplock_level to smbd_smb2_create_state
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2017-10-21 14:00:10 +02:00
Ralph Boehme
dafb1ad4b6 s3/smbd: move requested_oplock_level into smbd_smb2_create_state
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2017-10-21 14:00:10 +02:00
Ralph Boehme
0a8263a9d6 s3/smbd: move replay_operation into smbd_smb2_create_state
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2017-10-21 14:00:10 +02:00
Ralph Boehme
29d654a19e s3/smbd: move result into smbd_smb2_create_state
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2017-10-21 14:00:10 +02:00
Ralph Boehme
bb072ba474 s3/smbd: leverage early return added in the previous commit
Now that the other cases handled in the if/else blocks do early returns,
we can move the logic handling file opens out of the final else block.

No change in behaviour, best viewed with

$ git show -w COMMIT

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2017-10-21 14:00:10 +02:00
Ralph Boehme
b11ce87857 s3/smbd: factor out smbd_smb2_create_finish from smbd_smb2_create_send
No change in behaviour.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2017-10-21 14:00:10 +02:00
Ralph Boehme
ef7cabb418 s3/smbd: modernize a DEBUG statement
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2017-10-21 14:00:10 +02:00
Ralph Boehme
4179a3e67d s3/smbd: move some setup code in smbd_smb2_create_send a few lines up
This is just one of the last steps before splitting out large code parts
into _before() and _after() functions. No change in behaviour.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2017-10-21 14:00:10 +02:00
Ralph Boehme
7c5d996e71 s3/smbd: add tevent context to smbd_smb2_create_state
...and use it in everywhere in smbd_smb2_create_send().

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2017-10-21 14:00:10 +02:00
Ralph Boehme
718fa0e6e5 s3/smbd: use struct initializer for smbd_smb2_create_state
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2017-10-21 14:00:10 +02:00
Ralph Boehme
a3cc2fedab s3/smbd: use correct access in get_file_handle_for_metadata
All we want here is FILE_WRITE_ATTRIBUTES, not FILE_WRITE_DATA.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12995

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Oct 17 11:48:09 CEST 2017 on sn-devel-144
2017-10-17 11:48:07 +02:00
Ralph Boehme
143d26283d s3/smbd: fix access checks in set_ea_dos_attribute()
We wanted to set the DOS attributes and failed with permission denied
from the VFS/kernel/filesystem. Next thing we wanna do here is override
this if either

- "dos filemode = true" is set and the security descriptor gives the
  user write access or if

- the stored security descriptor has FILE_WRITE_ATTRIBUTES

The former was working, but the latter was not implemented at all.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12995

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-10-17 07:46:20 +02:00
Ralph Boehme
fbad64200e s3/smbd: README.Coding fixes in set_ea_dos_attribute
While I'm at it, some README.Coding fixes in set_ea_dos_attribute.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12995

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-10-17 07:46:20 +02:00
Ralph Boehme
cc555be4d0 s3/smbd/posix_acls: return correct status in try_chown
Bug: https://bugzilla.samba.org/show_bug.cgi?id=7933

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-10-09 23:01:18 +02:00
Jeremy Allison
272f1c9feb s3: smbd: Currently if getwd() fails after a chdir(), we panic.
Change this to return to the previous $cwd, and return -1 for the chdir().

If the return to the previous $cwd fails, still panic as we
can't return an unknown state.

Also do early return from failing SMB_VFS_CHDIR, reducing indentation level

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13027

Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Ralph Böhme <slow@samba.org>
2017-10-09 23:01:17 +02:00
Omri Mor
127b18eb96 s3/smbd: register Time Machine shares with Avahi
Adds support for automatically registering the required _adisk._tcp
mDNS record based on the setting of "fruit:time machine".

Signed-off-by: Omri Mor <omri50@gmail.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-10-04 10:06:15 +02:00
Amitay Isaacs
7e728c86c7 notifyd: Broadcast to all connected nodes
CTDB_BROADCAST_VNNMAP includes only the nodes with lmaster roles.
CTDB_BROADCAST_CONNECTED includes all the running nodes.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Fri Sep 29 08:38:10 CEST 2017 on sn-devel-144
2017-09-29 08:38:10 +02:00
Christof Schmitt
a2b081e159 smbd/aio: Do not go async for SMB2 compound requests
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13047

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-09-22 05:45:21 +02:00
Christof Schmitt
cfa2c30830 smbd: Move check for SMB2 compound request to new function
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13047

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-09-22 05:45:21 +02:00
Jeremy Allison
b092ed3842 CVE-2017-12163: s3:smbd: Prevent client short SMB1 write from writing server memory to file.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13020

Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(master): Wed Sep 20 17:06:23 CEST 2017 on sn-devel-144
2017-09-20 17:06:23 +02:00
Volker Lendecke
aea214fce6 notifyd: Clarify a comment
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-09-16 08:36:18 +02:00
Ralph Boehme
7e0b2af4c0 s3/smbd: sticky write time offset miscalculation causes broken timestamps
The offset calculation for the offset that got passed to
fetch_write_time_send() in the enumeration loop was wrong as it passed
the offset before smbd_dirptr_lanman2_entry() added required padding.

This resulted in broken timestamps in the find response.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13024

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Sep 12 02:45:46 CEST 2017 on sn-devel-144
2017-09-12 02:45:46 +02:00
Ralph Boehme
c54fcb7cbd s3/smbd: handle EACCES when fetching DOS attributes from xattr
When trying to fetch the DOS attributes xattr via SMB_VFS_GETXATTR() if
the filesystem doesn't grant read access to the file the xattr read
request fails with EACCESS.

But according to MS-FSA 2.1.5.1.2.1 "Algorithm to Check Access to an
Existing File" FILE_LIST_DIRECTORY on a directory implies
FILE_READ_ATTRIBUTES for directory entries.

So if the user can open the parent directory for reading this implies
FILE_LIST_DIRECTORY and we can safely call SMB_VFS_GETXATTR() as root,
ensuring we can read the DOS attributes xattr.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12944

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
2017-08-08 21:23:10 +02:00
Ralph Boehme
9de1411d9e s3/smbd: handling of failed DOS attributes reading
Only fall back to using UNIX modes if we get NOT_IMPLEMENTED. This is
exactly what we already do when setting DOS attributes.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12944

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
2017-08-08 21:23:10 +02:00
Omri Mor
5445b2b8b0 s3: smbd: Modernize Avahi DEBUG macros and long if statements
DEBUG(10, (...))	=>	DBG_DEBUG(...)
if (long... < 0)	=>	ret = long; if (ret < 0)

Signed-off-by: Omri Mor <omri50@gmail.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Jul 27 17:12:28 CEST 2017 on sn-devel-144
2017-07-27 17:12:28 +02:00
Jeremy Allison
dbd3293246 s3: clients: Use netlogon_creds_cli_close_global_db() in all normal exit paths.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12932

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-07-26 21:35:22 +02:00
Volker Lendecke
af63c0b32d ctdb_conn: Use messaging_ctdb_connection
Replace messaging_ctdbd_connection

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2017-07-25 17:43:18 +02:00
Volker Lendecke
267645545f ctdbd_conn: Pass "ev" through ctdb connection callbacks
This prepares the same logic we've implemented in messages_dgm for clustering
that is used in 6d3c064f1a: We need to reply for messages from ctdb in nested
event contexts properly.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2017-07-25 17:43:18 +02:00
Jeremy Allison
5fe76a5474 s3: smbd: Fix a read after free if a chained SMB1 call goes async.
Reported to the Samba Team by Yihan Lian <lianyihan@360.cn>, a security
researcher of Qihoo 360 GearTeam. Thanks a lot!

smb1_parse_chain() incorrectly used talloc_tos() for the memory
context of the chained smb1 requests. This gets freed between
requests so if a chained request goes async, the saved request
array also is freed, which causes a crash on resume.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12836

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2017-07-15 02:16:18 +02:00
Ralph Boehme
7f4e7cfd1b s3/notifyd: ensure notifyd doesn't return from smbd_notifyd_init
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12910

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-07-15 02:16:18 +02:00
Ralph Boehme
67466271c2 s3/vfs: rename SMB_VFS_STRICT_LOCK to SMB_VFS_STRICT_LOCK_CHECK
As per MS-SMB2 and MS-FSA and our SMB_VFS_STRICT_LOCK implementation,
we're merely testing for locks, not setting any.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12887

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jul 11 03:37:44 CEST 2017 on sn-devel-144
2017-07-11 03:37:44 +02:00
Ralph Boehme
c9172c5a45 s3/vfs: remove SMB_VFS_STRICT_UNLOCK
It's just a noop, so let's remove it. SMB_VFS_STRICT_LOCK doesn't set
logs, it just checks for the presence of incompatible locks.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12887

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-07-10 23:22:10 +02:00
Stefan Metzmacher
77cbced5d2 s3:smbd: consistently use talloc_tos() memory for rpc_pipe_open_interface()
The result is only used temporary and should not be leaked on a long term
memory context as 'conn'.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12890

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-07-10 23:22:10 +02:00
Ralph Boehme
b886a9443d s3/smbd: let non_widelink_open() chdir() to directories directly
If the caller passes O_DIRECTORY we just try to chdir() to smb_fname
directly, not to the parent directory.

The security check in check_reduced_name() will continue to work, but
this fixes the case of an open() for a previous version of a
subdirectory that contains snapshopt.

Eg:

[share]
    path = /shares/test
    vfs objects = shadow_copy2
    shadow:snapdir = .snapshots
    shadow:snapdirseverywhere = yes

Directory tree with fake snapshots:

$ tree -a /shares/test/
/shares/test/
├── dir
│   ├── file
│   └── .snapshots
│       └── @GMT-2017.07.04-04.30.12
│           └── file
├── dir2
│   └── file
├── file
├── .snapshots
│   └── @GMT-2001.01.01-00.00.00
│       ├── dir2
│       │   └── file
│       └── file
└── testfsctl.dat

./bin/smbclient -U slow%x //localhost/share -c 'ls @GMT-2017.07.04-04.30.12/dir/*'
NT_STATUS_OBJECT_NAME_NOT_FOUND listing \@GMT-2017.07.04-04.30.12\dir\*

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12885

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-07-07 20:11:22 +02:00
Volker Lendecke
197186a1fc notifyd: Remove notifyd_handler_done
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-07-07 00:52:24 +02:00
Volker Lendecke
9430fab61c notifyd: Use messaging_register for MSG_SMB_NOTIFY_DB
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-07-07 00:52:24 +02:00
Volker Lendecke
dc39bb4562 notifyd: Use messaging_register for MSG_SMB_NOTIFY_GET_DB
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-07-07 00:52:24 +02:00
Volker Lendecke
db15feb162 notifyd: Use messaging_register for MSG_SMB_NOTIFY_TRIGGER
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-07-07 00:52:24 +02:00
Volker Lendecke
b6079af1c4 notifyd: Use messaging_register for MSG_SMB_NOTIFY_REC_CHANGE
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-07-07 00:52:24 +02:00
Volker Lendecke
b8dccd11ea notifyd: Avoid an if-expression
Best reviewed with "git show -b -U10"

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-07-07 00:52:24 +02:00
Volker Lendecke
d0a7bccae9 notifyd: Consolidate two #ifdef CLUSTER into one
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-07-07 00:52:24 +02:00
Volker Lendecke
939576d968 notifyd: Only ask for messaging_ctdb_conn when clustering
Without clustering, messaging_ctdb_conn will fail anyway.

Review with "git show -b".

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-07-07 00:52:24 +02:00
Ralph Boehme
2d01558ad3 s3/smbd: remove unneeded flags argument from SMB_VFS_OFFLOAD_WRITE_SEND
...and instead use the fsctl to infer required behaviour in the VFS
backends.

Note that this removes the check from vfs_default because there we only
handle FSCTL_SRV_COPYCHUNK(_WRITE) and must always perform the lock
checks.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2017-07-03 19:59:08 +02:00
Ralph Boehme
3645f83a3c s3/vfs: make SMB_VFS_OFFLOAD_WRITE_SEND offload token based
Remove the source fsp argument and instead pass the offload token
generated with SMB_VFS_OFFLOAD_READ_SEND/RECV.

An actual offload fsctl is not implemented yet, neither in the VFS nor
at the SMB ioctl layer, and returns NT_STATUS_NOT_IMPLEMENTED

With these changes we now pass the copy-chunk-across-shares test.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2017-07-03 19:59:08 +02:00