1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Commit Graph

7334 Commits

Author SHA1 Message Date
Volker Lendecke
7a1e69ebb7 eventlog: Fix CID 1363194 Resource leak
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Apr  5 19:11:57 CEST 2018 on sn-devel-144
2018-04-05 19:11:57 +02:00
Volker Lendecke
d5ef8dbeef eventlog: Fix CID 242105 Unchecked return value
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2018-04-05 16:17:13 +02:00
Lutz Justen
e895b6cf4a s3: lib: messages: Don't use the result of sec_init() before calling sec_init().
Commit ad8c7171ba accidently
moved sec_init() to the point after sec_initial_uid() is
called in the call to directory_create_or_exist_strict().
I missed this in the review (sorry). This works as root
as initial_uid/initial_gid are static (and so initialized
as zero) but doesn't work on ChromeOS as this code isn't
running as root.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13368

Signed-off-by: Lutz Justen <ljusten@google.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Apr  4 23:52:02 CEST 2018 on sn-devel-144
2018-04-04 23:52:02 +02:00
Andreas Schneider
35ca6161f1 s3:lib: Fix probably a copy&paste error in namemap_cache_set_sid2name()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13350

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Mar 23 01:59:08 CET 2018 on sn-devel-144
2018-03-23 01:59:07 +01:00
Andreas Schneider
b70bb81a19 s3:lib: Fix size types in tldap_find_first_star()
This fixes compilation with -Wstrict-overflow=2

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-03-21 20:43:19 +01:00
Andreas Schneider
e64738b606 s3:lib: Fix size types in ms_fnmatch()
This fixes compilation with -Wstrict-overflow=2

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-03-21 20:43:19 +01:00
Andreas Schneider
3b9aa1c625 s3:lib: Add FALL_THROUGH statements in util_sd.c
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-03-01 04:37:42 +01:00
Andreas Schneider
feeb49f4cf s3:lib: Add FALL_THROUGH statements in sysacls.c
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-03-01 04:37:42 +01:00
Andreas Schneider
3f1a4b749d s3:lib: Add FALL_THROUGH statements in cbuf.c 2018-03-01 04:37:42 +01:00
Andreas Schneider
16d14fa863 s3:lib: Add FALL_THROUGH statements in util_str.c
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-03-01 04:37:41 +01:00
Andreas Schneider
9fed4562ca s3:lib: Add FALL_THROUGH statements in util_path.c
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-03-01 04:37:41 +01:00
Andreas Schneider
d78d1a71ff s3:lib: Add FALL_THROUGH statements in substitute_generic.c
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-03-01 04:37:41 +01:00
Volker Lendecke
9abe97285b tldap: Dump unnecessary includes
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-02-20 21:55:13 +01:00
Andreas Schneider
7573b2a960 tests: Add tests for parsing LDAPv3 and LDAPv2 filter strings
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Feb 19 23:47:08 CET 2018 on sn-devel-144
2018-02-19 23:47:08 +01:00
Andreas Schneider
654b76739a s3:tldap: Comment code for to LDAP escaping version
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-02-19 19:17:12 +01:00
Andreas Schneider
c96dc78aa6 s3:tldap: Fix parsing LDAPv2 escaped strings
Yes, this is outdated, but the missing 'break' produces a compiler
warning.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Simo Sorce <idra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-02-19 19:17:12 +01:00
Volker Lendecke
be3c8d08ec lib: Make g_lock_locks use TDB_DATA
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Feb  8 14:50:49 CET 2018 on sn-devel-144
2018-02-08 14:50:49 +01:00
Volker Lendecke
67fcc7dbb9 lib: Make g_lock_dump use TDB_DATA
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2018-02-08 10:01:50 +01:00
Volker Lendecke
a6c749e76c lib: Make g_lock_do use TDB_DATA
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2018-02-08 10:01:50 +01:00
Volker Lendecke
ed3521d172 lib: Make g_lock_write_data use TDB_DATA
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2018-02-08 10:01:50 +01:00
Volker Lendecke
a104e08171 lib: Make g_lock_unlock use TDB_DATA
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2018-02-08 10:01:50 +01:00
Volker Lendecke
bdeb7e7d81 lib: Make g_lock_lock use TDB_DATA
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2018-02-08 10:01:50 +01:00
Volker Lendecke
3bc87a20e9 lib: Make g_lock_lock_send use TDB_DATA
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2018-02-08 10:01:50 +01:00
Andreas Schneider
39a6ea766d waf: Fix NFS quota support with libtirpc
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13238

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Jan 22 17:26:52 CET 2018 on sn-devel-144
2018-01-22 17:26:52 +01:00
Andreas Schneider
c29d087e1e include: Create system/nis.h in libreplace
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13238

Pair-Programmed-With: Guenther Deschner <gd@samba.org>

Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2018-01-22 12:26:20 +01:00
Stefan Metzmacher
22e309e541 s3:g_lock: keep old mylock on error and don't store new mylock on error
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2018-01-10 01:01:23 +01:00
Dr. Thomas Orgis
ca66efc241 Add substitutions %t, %j, and %J as path-safe variants of %T, %i, and %I.
Rationale: Using the existing substitutions in construction of paths
(dynamic shares, created on client connect) results in directory names with
colons and dots in them. Those can be hard to use when accessed from a
different share, as Windows does not allow : in paths and has some ideas about
dots.

Signed-off-by: Dr. Thomas Orgis <thomas.orgis@uni-hamburg.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2018-01-08 03:34:17 +01:00
Bjoern Jacke
7277590f6d smbldap: don't try start tls on ldaps:// connections
BUG: https://bugzilla.samba.org/show_bug.cgi?id=6079

Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Björn Jacke <bj@sernet.de>
Autobuild-Date(master): Tue Jan  2 18:01:17 CET 2018 on sn-devel-144
2018-01-02 18:01:17 +01:00
Stefan Metzmacher
576fb4fb5d g_lock: fix cleanup of stale entries in g_lock_trylock()
g_lock_trylock() always incremented the counter 'i', even after cleaning a stale
entry at position 'i', which means it skipped checking for a conflict against
the new entry at position 'i'.

As result a process could get a write lock, while there're still
some read lock holders. Once we get into that problem, also more than
one write lock are possible.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13195

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Dec 20 20:31:48 CET 2017 on sn-devel-144
2017-12-20 20:31:48 +01:00
Gary Lockyer
215d6089c3 source3/lib/server_prefork.c set socket close on exec
Set SOCKET_CLOEXEC on the sockets returned by accept.  This ensures that
the socket is unavailable to any child process created by system().
Making it harder for malicious code to set up a command channel,
as seen in the exploit for CVE-2015-0240

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-12-18 04:38:20 +01:00
Volker Lendecke
5f31c911d1 messaging: Ignore messages from ourselves
For non-clustered messaging this should have never gone through the socket, we
should have caught it before in messaging_send_iov_from.

It can come in on a socket from ctdb when broadcasting in clustered mode. There
ctdb does the broadcasting.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-12-12 20:37:08 +01:00
Volker Lendecke
a3a4d9ccc0 messaging: Don't do self-sends in messaging_send_all
This leads to cleanupd doing endless MSG_SMB_UNLOCK calls, as it triggers
itself in the send_all. This worked correctly before the serverid.tdb removal
because cleanupd did not register in serverid.tdb (which was a bug, but it
helped us there).

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-12-12 20:37:08 +01:00
Andreas Schneider
b3d50723b0 s3:glock: Move sanity check in g_lock_parse()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Sun Dec 10 00:46:26 CET 2017 on sn-devel-144
2017-12-10 00:46:26 +01:00
Volker Lendecke
41cfc737df lib: Remove unused serverid.tdb
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Dec  5 04:58:26 CET 2017 on sn-devel-144
2017-12-05 04:58:26 +01:00
Volker Lendecke
77cccbc6f4 lib: Add messaging_send_all
This will replace message_send_all. With messaging_dgm_forall we have
a local broadcast mechanism, and ctdb can also broadcast
everywhere. So there's no need for a separate traverse/send mechanism.

There's no good error reporting mechanism for broadcasting, so make
this function void.

This drops the message_type filtering. I believe that this does not matter in
practice, since messaging is a lot cheaper with dgm instead of the old tdb
based messaging. If someone presents a use case where this matters, nowadays
I'd much rather extend the messaging_dgm lock file format (where the unique id
lives right now) with the filter bits.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-12-05 00:56:13 +01:00
Volker Lendecke
2fdde4a07a messaging: Always register CTDB_SRVID_SAMBA_PROCESS
This will be used to broadcast to all processes, avoiding the costly
traverse of serverid.tdb.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-12-05 00:56:12 +01:00
Volker Lendecke
05647d4723 messaging_dgm: Use messaging_dgm_forall in dgm_wipe
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-12-05 00:56:12 +01:00
Volker Lendecke
6b5b999d2f messaging: Add messaging_dgm_forall
This factors out the traversal function from _wipe. It will be used to
replace message_send_all soon.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-12-05 00:56:12 +01:00
Volker Lendecke
fc2f0023a0 messaging: Remove the "n_sent" arg from message_send_all
The only user of this is an informative message in smbcontrol. I don't think
that's worth the effort.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-12-05 00:56:12 +01:00
Volker Lendecke
2dac8eb277 messaging_dgm: Protect against fork without reinit
In the wake of bug 13150 we've discussed that this could happen even
without clustering. This adds code to make sure that whenever messaging
is used the pid and the files used match.

It's pretty heavy-weight, thus I made it DEVELOPER only. My gut feeling
is that the getsockname is cheap, but the stat call might be a bit too
expensive.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-12-05 00:56:12 +01:00
Volker Lendecke
3e556bf370 lib: Add namemap_cache
A few functions to maintain lookupname and lookupsid cache in gencache.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2017-11-29 16:59:16 +01:00
Volker Lendecke
089cb9e24c lib: Pass blob instead of &blob to gencache_set_data_blob
Passing a whole DATA_BLOB is cheap enough to simplify the callers: A caller
does not have to create a separate variable.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2017-11-29 16:59:16 +01:00
Volker Lendecke
2f8055f676 dbwrap_watch: Remove the "prec" parameter from watch_recv
The initial idea was to have some "atomicity" in this API. Every
caller interested in a record would have to do something with
it once it changes. However, only one caller really used this
feature, and that is easily changed to not use it. So
remove the complexity.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2017-11-29 16:59:15 +01:00
Volker Lendecke
aace1f8345 lib: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>

Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Mon Nov 27 04:51:59 CET 2017 on sn-devel-144
2017-11-27 04:51:59 +01:00
Gary Lockyer
d11473b15d source3: remove sock_exec
Remove the sock_exec code which is no longer needed and additionally has been
used by exploit code.

This was originally test support code, the tests relying on the sock_exec
code have been removed.

Past exploits have used sock_exec as a proxy for system() matching a talloc
destructor prototype.

See for example:
Exploit for Samba vulnerabilty (CVE-2015-0240) at
    https://gist.github.com/worawit/051e881fc94fe4a49295
    and the Red Hat post at
    https://access.redhat.com/blogs/766093/posts/1976553

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Nov 20 07:20:13 CET 2017 on sn-devel-144
2017-11-20 07:20:13 +01:00
Volker Lendecke
629fc06686 lib: Remove fncall.c
This was meant as a nice wrapper around pthreadpool_add_job.

pthreadpool_tevent_job_send does the same thing. The
getaddrinfo_send/recv was the only example and can easily be re-added on
top of pthreadpool_tevent_job_send.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Oct 21 00:04:59 CEST 2017 on sn-devel-144
2017-10-21 00:04:58 +02:00
Volker Lendecke
4b84d7cb54 lib: Remove unused getaddinfo_send/recv
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-10-20 20:03:13 +02:00
Volker Lendecke
a15f58a628 smbd: Simplify cleanupdb a bit
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-10-20 20:03:12 +02:00
Jeremy Allison
4800ed3595 s3: VFS: Protect errno if sys_getwd() fails across free() call.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13069

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2017-10-04 10:06:15 +02:00
Jeremy Allison
fb9ce0685e s3: VFS: Ensure sys_getwd() doesn't leak memory on error on really old systems.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13069

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2017-10-04 10:06:15 +02:00