IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
The main reason is the preparation of io_uring support,
as it can't be on the stack for async operations.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Sep 6 20:31:04 UTC 2023 on atb-devel-224
In future we may use vectors with more elements, so we convert to
a single element array now...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This makes the code a little bit faster, but the main reason
is the preparation of io_uring support, as it can't be on the
stack for async operations.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
I don't think this is an effective optimization at all anymore. It was
intended to speed up non-wildcard readdirs after we found the correct
entry. Nowadays we do the non-wildcard readdirs by a direct fstatat,
and after we successfully found the entry dptr_ReadDirName()
immediately returns without any further action. So my very strong
guess is that this never really kicked in anymore. Not using this flag
can't be *that* bad, smb2 never used it.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This saves the result of smbd_dirptr_get_entry() for later retrieval
in case we could not marshall it to the output buffer. Return this
entry when calling smbd_dirptr_get_entry() again.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
We used to store smbXsrv_tcon_global.tdb records in two steps,
first we created a record in order to allocate the tcon id.
The temporary record had a NULL share_name, which translated
into 0 bytes for the string during ndr_push_smbXsrv_tcon_global0.
The problem is that ndr_pull_smbXsrv_tcon_global0 fails on
this with something like:
Invalid record in smbXsrv_tcon_global.tdb:key '2CA0ED4A' ndr_pull_struct_blob(length=85) - Buffer Size Error
The blob looks like this:
[0000] 00 00 00 00 01 00 00 00 00 00 00 00 00 00 02 00 ........ ........
[0010] 00 00 00 00 4A ED A0 2C 4A ED A0 2C 00 00 00 00 ....J.., J..,....
[0020] F8 4B 00 00 00 00 00 00 00 00 00 00 FF FF FF FF .K...... ........
[0030] 4D 59 9B 9F 83 F4 35 20 36 D2 B0 82 62 68 D9 01 MY....5 6...bh..
[0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
[0050] 00 00 00 00 00 .....
The reason for having a temporary entry was just based on
the fact, that it was easier to keep the logic in
make_connection_snum() untouched.
But we have all information available in order to store
the final record directly. We only need to do the
"max connections" check first.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15353
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
We must always do SMB3+POSIX operations on fsp's opened with a posix create context.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Remove a global cache of calculating case sensivity. The calculation
is really simple: It only references a bool per-share parameter and a
global variable. I really doubt there is any measurable benefit from
this cache, and if there was, I don't care if SMB1 gets a tiny bit
slower in response to reduced global state.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
See [MS-SMB2] 2.2.2: This field MUST be set to 0 for SMB dialects
other than 3.1.1. For the SMB dialect 3.1.1, if this field is nonzero,
the ErrorData field MUST be formatted as a variable-length array of
SMB2 ERROR Context structures containing ErrorContextCount entries.
Not used right now yet, but once we start to return STOPPED_ON_SYMLINK properly
this is required.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Not yet used. Returns true if we're processing the last SMB2 request in a
compound.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15172
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
This enables the multi-protocol negotiate when
the SMB1 build is disabled. It requires enabling
parts of the SMB1 negotiation.
Signed-off-by: David Mulder <dmulder@suse.com>
Signed-off-by: Jeremy Allison <jra@samba.org>
This adds the definition WITH_SMB1SERVER, enabled
by default for now meant for removing smb1 server
code. This will be removed and replaced with a
configure option later.
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
This is only used by the SMB1 signing code, except for one
bool for SMB2 which we will replace next.
Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: David Mulder <dmulder@samba.org>
This allows the server to only enable smb2 unix open handles if
the smb.conf parameter is set and the client client correctly
negotiated smb2 unix on the connection.
Currently there is no "smb2 unix extensions" parameter so
this can never be set to true.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
We already stored this in struct smbd_lock_element.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Thu Jan 6 16:03:28 UTC 2022 on sn-devel-184
This turns the 'smb2.read.bug14607' test from 'skip' into 'xfailure',
as the 2nd smb2cli_read() function will now return
NT_STATUS_INVALID_NETWORK_RESPONSE.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14607
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Pass this down into smbd_calculate_maximum_allowed_access_fsp().
Currently pass fsp->conn->cwd_fsp everywhere.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Comment out smbd_calculate_maximum_allowed_access() as it is
a static function and we just removed the only caller.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Not yet used but this now uses smbd_calculate_maximum_allowed_access_fsp(),
so uncomment it.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Issue:
We have a scenario where an application sends a Compound Related chain
consisting of:
SMB2_CREATE
SMB2_IOCTL
SMB2_SET_INFO
SMB2_CLOSE
SMB2_CREATE failed with NT_STATUS_ACCESS_DENIED and subsequent
requests all fail. In Samba they return NT_STATUS_FILE_CLOSED.
When I tried the same against a Win2k12 server, I noticed that all the
failed requests of the chain would return NT_STATUS_ACCESS_DENIED.
I believe this behaviour is also mentioned in the [MS-SMB2] Specs
3.3.5.2.7.2: Handling Compounded Related Requests
"When the current operation requires a FileId and the previous
operation either contains or generates a FileId, if the previous
operation fails with an error, the server SHOULD<223> fail the current
operation with the same error code returned by the previous
operation."
Fix:
Save NTATUS of a failed Create request. When we process subsequent
requests of the chain we check if the previous Create has failed. In
case of a Create failure we returned the saved NTSTATUS.
Signed-off-by: Anubhav Rakshit <anubhav.rakshit@gmail.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Apr 8 17:30:50 UTC 2021 on sn-devel-184
In order to allow replays of requests on a channel failure, we should
not cancel pending requests, the strategie that seems to make windows
clients happy is to let the requests running and return
NT_STATUS_FILE_NOT_AVAILABLE as long as the original request is still
pending.
Here we introduce xconn->transport.shutdown_wait_queue, this is used
to keep the xconn alive for the lifetime of pending requests.
Now we only cancel pending requests if the disconnected connection
is the last channel for a session.
In that case smbXsrv_session_remove_channel() and
smb2srv_session_shutdown_send() will take care of it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14449
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Before processing an open we need to reserve the replay cache entry
in order to signal that we're still in progress.
If a reserved record is already present we need to return
FILE_NOT_AVAILABLE in order to let the client retry again.
[MS-SMB2] contains this:
<152> Section 3.2.5.1: For the following error codes, Windows-based clients
will retry the operation up to three times and then retry the operation every 5
seconds until the count of milliseconds specified by Open.ResilientTimeout is
exceeded:
- STATUS_SERVER_UNAVAILABLE
- STATUS_FILE_NOT_AVAILABLE
- STATUS_SHARE_UNAVAILABLE
This works fine for windows clients, but current windows servers seems to
return ACCESS_DENIED instead of FILE_NOT_AVAILABLE.
A Windows server doesn't do any replay detection on pending opens,
which wait for a HANDLE lease to be broken (because of a
SHARING_VIOLATION), at all.
As this is not really documented for the server part of the current [MS-SMB2],
I found the key hint in "SMB 2.2: Bigger. Faster. Scalier - (Parts 1 and 2)"
on page 24. There's a picture showing that a replay gets FILE_NOT_AVAILABLE
as long as the original request is still in progress. See:
https://www.snia.org/educational-library/smb-22-bigger-faster-scalier-parts-1-and-2-2011
A Windows client is unhappy with the current windows server behavior if it
such a situation happens. There's also a very strange interaction with oplock
where the replay gets SHARING_VIOLATION after 35 seconds because it conflicts with
the original open.
I think it's good to follow the intial design from the 2011 presentation and
make the clients happy by using FILE_NOT_AVAILABLE (and differ from Windows).
I'll report that to dochelp@microsoft.com in order to get this hopefully fixed in
their server too).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14449
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
The key is that we need to have the signing key in order to pass the
signing checks and give the correct session bind error status.
This should fix the MultipleChannel_Negative_SMB2002 testcase
of the Windows Protocol Test Suite (FileServer).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reported-by: Jones Syue <jonessyue@qnap.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
This prepares the negotiation of signing algorithms in future.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
We need a full request/response pair in order to avoid races in
the multichannel connection passing.
smb2srv_client_mc_negprot_send/recv locks the
db record for the given client_guid.
If there's no entry found, we add ourself and
return NT_STATUS_OK.
If there's an existing process for that client guid
we start messaging_filtered_read_send()
dbwrap_watched_watch_send() before calling
smb2srv_client_connection_pass().
Then we release the lock and wait for either
MSG_SMBXSRV_CONNECTION_PASSED to arrive or
retry if dbwrap_watched_watch_recv signaled
a change in the database.
If we got MSG_SMBXSRV_CONNECTION_PASSED we'll
return NT_STATUS_MESSAGE_RETRIEVED in order to
signal that the other process will take care of
the connection and we terminate the current process.
All that is done completely async, which means that
the IDLE_CLOSED_TIMEOUT (60 seconds) may trigger
deadtime_fn(), which will send itself a MSG_SHUTDOWN.
So the process that accepted the tcp connection
exists if there was no MSG_SMBXSRV_CONNECTION_PASSED
within 60 seconds.
However the fd may still exists in the kernel (and
the new connection may still be handed to the other
process. If that process somehow exists before
there's no way to prevent a connection termination
for the client.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14433
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Mar 6 03:30:06 UTC 2021 on sn-devel-184
This provides a little more detail to what's actually being tracked
with this boolean.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
For now we keep it simple and any disconnect on a connection that
used a ctdb public address, will disconnect all other remaining
connections.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11898
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
This will be used by smbtorture in order to simulate channel failures
without relying on iptables.
'smbd:FSCTL_SMBTORTURE = yes' is required in order to active this.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11897
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
For now it's safer to disable multi-channel without having support
for TIOCOUTQ/FIONWRITE on tcp sockets.
Using a fixed retransmission timeout (rto) of 1 second would be ok,
but we better require kernel support for requesting for unacked bytes
in the kernel send queue.
"force:server multi channel support = yes" can be used to overwrite
the compile time restriction (mainly for testing).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11897
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
This will be the core of the logic that allows
us to retry break notifications.
When we start the "pending break cycle" we ask for
the current retransmission timemout (rto) on the TCP connection
and remember how many unacked bytes are in the kernel's
send queue. Each time we send bytes into the kernel
we add them to the unacked bytes.
We use a timer using the rto interval in order
to check the amount of unacked bytes again.
The provides send_queu_entry.ack.req will be completed
with tevent_req_done() when everything is completely acked,
tevent_req_nterror(NT_STATUS_IO_TIMEOUT) when
send_queu_entry.ack.timeout is expired or
tevent_req_nterror(connection_error) when the connection
gets disconnected.
It works with support from the FreeBSD and Linux kernels.
For other platforms we just have a fixed rto of 1 second.
And pretend all bytes are acked when we recheck after 1 second.
So only a connection error could trigger tevent_req_nterror(),
but there's no timeout. A follow up commit will most likely
disable support for multi-channel if we don't have kernel support.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11897
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
The following patches require the size of the full sendfile() pdu.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11897
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Which connection is actually used should not matter to the main logic.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11897
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
With multichannel things may not happen only on one connection.
We may need to disconnect all connections of a client, when something
bad happens.
The first users of this will be the lease/oplock break code,
if they are not able allocate memory or something similar
we need to bail out.
Having a special smbXsrv_client based function is better than
calling exit_server*() directly.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11897
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
