1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

350 Commits

Author SHA1 Message Date
Ralph Boehme
3ece2cb807 smbd: remove oplock paranoia check from file_find_dif()
Since 4.16 stat opens will have a real fd, the only case where currently the fd
can still be -1 is a POSIX request on a symlink.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-12-09 23:11:38 +00:00
Ralph Boehme
0226e0c31e smbd: add fsp_search_ask_sharemode() and fsp_getinfo_ask_sharemode()
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-12-09 23:11:37 +00:00
Ralph Boehme
d1dd3f3d73 smbd: factor out reference_smb_fname_fsp_link() from parent_pathref()
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-12-09 23:11:37 +00:00
Volker Lendecke
f31fb6e1ad smbd: Simplify readlink_talloc()
SMB_VFS_READLINKAT() just looks at the basename, we can avoid the
relname being talloc'ed

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2022-12-05 15:06:32 +00:00
Jeremy Allison
f0ca954610 s3: smbd: In synthetic_pathref() change DBG_ERR -> DBG_NOTICE to avoid spamming the logs.
Can easily be seen by doing make test TESTS=fruit
and looking in st/nt4_dc/smbd_test.log.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15210

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Nov 16 06:00:56 UTC 2022 on sn-devel-184
2022-11-16 06:00:56 +00:00
Volker Lendecke
dc650bde6f CVE-2022-3592 smbd: No empty path components in openat_pathref_dirfsp_nosymlink()
Upper layers must have filtered this, everything else is a bug

Bug: https://bugzilla.samba.org/show_bug.cgi?id=15207
Signed-off-by: Volker Lendecke <vl@samba.org>
2022-10-25 10:31:34 +00:00
Volker Lendecke
46f4d64596 smbd: Use PATH_MAX as symlink target buffer
We use that instead of the arbitrary 4k in open.c as well

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-09-19 17:23:31 +00:00
Volker Lendecke
1bf0289b23 smbd: Make readlink_talloc() public
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-09-17 04:15:35 +00:00
Volker Lendecke
d74a5a7c74 smbd: Shorten long lines
This code is young enough to justify a README.Coding patch, at least
IMO.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-09-07 18:40:28 +00:00
Volker Lendecke
3a37e4155c smbd: Catch streams on non-stream shares
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15161

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Sep  2 15:56:56 UTC 2022 on sn-devel-184
2022-09-02 15:56:56 +00:00
Ralph Boehme
169d8fe4a9 smbd: cache DOS attributes in struct smb_filename.cached_dos_attributes
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14215

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-08-29 17:22:32 +00:00
Jeremy Allison
cf5f7b1489 s3: smbd: Plumb close_type parameter through close_file_in_loop(), file_close_conn()
Allows close_file_in_loop() to differentiate between SHUTDOWN_CLOSE
(previously it only used this close type) and ERROR_CLOSE - called
on error from smbXsrv_tcon_disconnect() in the error path. In that
case we want to close the fd, but not run any delete-on-close actions.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15128

Signed-off-by: Jeremy Allison <jra@samba.org>
Reivewed-by: Noel Power <npower@samba.org>

Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Thu Aug 18 14:10:18 UTC 2022 on sn-devel-184
2022-08-18 14:10:18 +00:00
Jeremy Allison
7005a6354d s3: smbd: Add "enum file_close_type close_type" parameter to file_close_conn().
Not yet used.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15128

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
2022-08-18 13:07:34 +00:00
Jeremy Allison
1c29306020 s3: smbd: Add IS_VETO_PATH check to openat_pathref_dirfsp_nosymlink().
Returns NT_STATUS_OBJECT_PATH_NOT_FOUND for directory component.
Note IS_VETO_PATH only looks at the last component, so we must
do it during the directory walk on each component.

Note, we also have to check after a call to get_real_filename_at()
as it may have demangled the client sent name into a filesystem
name that matches the "veto files" parameter.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15143

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2022-08-16 07:33:36 +00:00
Volker Lendecke
d6653067b2 s3:smbd: let openat_pathref_dirfsp_nosymlink() try VFS_OPEN_HOW_RESOLVE_NO_SYMLINKS first
This will reduce the amount of syscalls and the related cost drastically
for long path names.

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Volker Lendecke <vl@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2022-08-15 15:03:37 +00:00
Stefan Metzmacher
35b99c87ef s3:smbd: let openat_pathref_dirfsp_nosymlink() handle ELOOP similar to ENOTDIR
This is no likely to happen as we use O_NOFOLLOW with O_DIRECTORY,
but it's better to be prepared...

This will be more important in the upcoming openat2(RESOLVE_NO_SYMLINK)
case, but we should be consitent...

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2022-08-15 15:03:37 +00:00
Stefan Metzmacher
17484d069b s3:smbd: let openat_pathref_dirfsp_nosymlink() do a verification loop against . and .. first
I guess we should catch NT_STATUS_OBJECT_NAME_INVALID first,
currently the check is already done in check_path_syntax*,
but we may remove it in future.

But the most important reason for this is the
openat2(RESOLVE_NO_SYMLINK) optimization, which will
be introduced in the following commits.

Review with: git show -w

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2022-08-15 15:03:37 +00:00
Jeremy Allison
b5f6809593 s3: smbd: Allow openat_pathref_dirfsp_nosymlink() to return NT_STATUS_PATH_NOT_COVERED for a DFS link on a DFS share.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15144

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2022-08-12 18:19:31 +00:00
Volker Lendecke
8693a0416b smbd: Hand vfs_open_how to openat_pathref_fullname
Pair-programmed-with: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Volker Lendecke <vl@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-08-06 01:43:50 +00:00
Volker Lendecke
c3c5e6c3dd smbd: Pass vfs_open_how through fd_openat
Pair-programmed-with: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Volker Lendecke <vl@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-08-06 01:43:50 +00:00
Volker Lendecke
5fc016f268 vfs: change openat propotype to match linux openat2
The Linux prototype for openat2 looks like this:

       long openat2(int dirfd, const char *pathname,
                   struct open_how *how, size_t size);

where "struct open_how" is defined in "linux/openat2.h". It is
designed to be extensible with further flags.

The "size" parameter is required because there is no type checking
between userland and kernelspace, so the way for Linux to find which
version of open_how is being passed in is looking at the size:
"open_how" is expected to only every grow with additional fields,
should a change be necessary in the future.

Samba does not have this problem, we can typecheck the struct and
pointers, we expect all VFS modules to be compiled against the current
vfs.h.

For now this adds no functionality, but it will make further patches
much smaller.

Pair-programmed-with: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Volker Lendecke <vl@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-08-06 01:43:50 +00:00
Volker Lendecke
99020ffef2 smbd: Security fix for systems without O_PATH
Further up we add O_PATH manually. Initial development versions of
this code did set the is_pathref, but then I found this potential
problem. I forgot to remove this incarnation of is_pathref=true, doing
it now.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-08-04 20:44:32 +00:00
Jeremy Allison
1a653fdc44 s3: smbd: Ensure we set fsp->file_id in openat_pathref_dirfsp_nosymlink().
This is a subtle one. The dirfsp returned by openat_pathref_dirfsp_nosymlink()
can be used inside open.c and passed to check_parent_access_fsp() to
check if a delete_on_close flag has been set on an existing "real"
open fsp. So the file_id must be correctly set in order for this
to work. Without it, samba3.base.delete fails in deltest20 when
we convert reply_open_and_X() to use filename_convert_dirfsp().

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2022-07-28 15:38:38 +00:00
Jeremy Allison
31479d7781 s3: smbd: In openat_pathref_dirfsp_nosymlink() ensure we call fsp_smb_fname_link() to set smb_fname->fsp in the returned smb_fname.
Instead of just assigning smb_fname->fsp = fsp.

This makes the logic match that of openat_pathref_fullname() and parent_pathref()
when returning smb_fnames with associated pathref fsp's.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2022-07-27 16:51:34 +00:00
Volker Lendecke
d6fcae23f4 smbd: Add openat_pathref_dirfsp_nosymlink()
This does a step-by-step path resolution for a directory by splitting
up the path into individual components and does a loop like that

for component in components:
    fd = openat(dirfd, component, O_NOFOLLOW);
    close(dirfd);
    dirfd = fd

and it will report any symlink it finds in a way that will be
indirectly consumable for the smb2 symlink error response.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2022-07-25 12:04:33 +00:00
Volker Lendecke
f292b1ae00 smbd: Simplify open_stream_pathref_fsp()
The main point of this function was to avoid fd_openat() and thus the
expensive non_widelink_open(). Now that fd_openat() has the direct
SMB_VFS_OPENAT() fast-path for streams, we can avoid duplicating the
logic in open_stream_pathref_fsp() again.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2022-07-25 12:04:33 +00:00
Volker Lendecke
348f19d35b smbd: open_stream_pathref_fsp() does not need a dirfsp
It opens relative to fsp->base_fsp

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2022-07-25 12:04:33 +00:00
Volker Lendecke
52ecf98688 smbd: Simplify openat_pathref_fullname()
Don't set O_RDONLY|O_NONBLOCK in two steps into a variable

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2022-07-25 12:04:33 +00:00
Volker Lendecke
afe1b94b23 smbd: Open openat_pathref_fullname() for streams
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2022-07-25 12:04:33 +00:00
Volker Lendecke
45168bffe0 smbd: Hand full_fname from openat_pathref_nostream()
Rename it to openat_pathref_fullname(), it will be used for stream
open next

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2022-07-25 12:04:33 +00:00
Volker Lendecke
37fd029e6f smbd: A stream open does not need O_NOFOLLOW
Would not have hurt either, but this makes the next patch easier to
verify properly

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2022-07-25 12:04:33 +00:00
Volker Lendecke
8420f62c01 smbd: Simplify openat_pathref_fsp()
Remove the implicit recursion

openat_pathref_fsp->openat_pathref_base_fsp->openat_pathref_fsp

by introducing openat_pathref_nostream() and use
open_stream_pathref_fsp() where possible. openat_pathref_nostream()
will change its name in further refactoring patches, but for
understanding this patch I think this name is good :-)

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2022-07-25 12:04:33 +00:00
Volker Lendecke
c267c9839e VFS: NULL dirfsp for openat on stream opens
The main optimization is to avoid non_widelink_open() for streams
opens based on the fact that all streams opens are relative to
fsp->base_fsp, which is a pathref fsp already.

Neither streams_xattr nor streams_depot referenced dirfsp for the
streams case. Make this more obvious in the callers by passing NULL
and asserting this: non-streams opens and streams opens are just
different things, streams-opens can and do reference a base fsp and
don't need the non_widelink_open logic.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2022-07-25 12:04:33 +00:00
Volker Lendecke
dd5e10d601 smbd: Make fsp_attach_smb_fname() talloc_move() the name to the fsp
For the current callers this does not make a difference, they have
already allocated *_smb_fname as a talloc child of fsp, but the next
patches will add one where it does.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2022-07-25 12:04:33 +00:00
Volker Lendecke
53f9b32a95 smbd: Don't create a fsp->base_fsp for a "::$DATA" stream
"::$DATA" is the main file, we don't need the overhead of base_fsp here.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2022-07-25 12:04:33 +00:00
Volker Lendecke
58d7b76a0a smbd: Open up openat_internal_dir_from_pathref() for general dirs
We open "." fixed here, and fd_openat (or rather SMB_VFS_OPENAT) will
tell us if "dirfsp" does not point at a proper directory

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2022-07-25 12:04:33 +00:00
Ralph Boehme
2ec93ac6f3 smbd: follow-up fix for "if close fails just log it, don't crash"
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Björn Baumbach <bb@sernet.de>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Sat Jul  9 09:04:46 UTC 2022 on sn-devel-184
2022-07-09 09:04:46 +00:00
Ralph Boehme
b8f3d8d052 smbd: if close fails just log it, don't crash
Originally I added the assert here as we can't return the error being in a
talloc destructor. But OEMs prefer error log messages over crashes.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Jul  8 09:04:28 UTC 2022 on sn-devel-184
2022-07-08 09:04:28 +00:00
Michael Tokarev
17c733d946 spelling: connnect encrytion exisit expection explicit invalide missmatch paramater paramter partion privilige relase reponse seperate unkown verson authencication progagated
Tree-wide spellcheck for some common misspellings.

source3/utils/status.c has misspelled local variable (unkown_dialect).

"missmatch" is a known historical misspelling, only the incorrect
misspellings are fixed.

source3/locale/net/de.po has the spelling error (unkown) in two msgids -
it probably should be updated with current source.

Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-06-10 18:12:33 +00:00
Pavel Filipenský
d3c678233c s3:smbd: Covscan: remove dead code
Covscan:
source3/smbd/files.c:575: check_after_deref: Null-checking "fsp" suggests that it
may be null, but it has already been dereferenced on all paths leading to the check.

Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat May 14 04:41:57 UTC 2022 on sn-devel-184
2022-05-14 04:41:57 +00:00
Pavel Filipenský
2628859490 s3:smbd Fix trailing whitespace in files.c
Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2022-05-14 03:49:32 +00:00
Volker Lendecke
fde4363f58 smbd: Add filename_convert_dirfsp()
As part of the filename_convert() process, keep a pathref dirfsp of
the containing directory for later use. This avoids having to do
another non_widelink_open() on every SMB2_CREATE and ntcreate&x in
later patches.

Future work will be to go through other filename_convert() calls and
make them use filename_convert_dirfsp(). If we manage to convert all
of them except the one in filename_convert_dirfsp() itself, we can
simplify filename_convert() and unix_convert() significantly.

Too large a patch, but I don't know how to split this up into smaller
logic pieces.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2022-04-28 13:12:33 +00:00
Volker Lendecke
df29512b72 smbd: Add openat_internal_dir_from_pathref()
If we have a directory pathref fsp, do an openat(dirfd, ".", O_RDONLY)
to cheaply get a real directory handle.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2022-04-28 13:12:33 +00:00
Volker Lendecke
804a19ca5d smbd: Pass up stat-info from openat_pathref_fsp() on error
If openat_pathref_fsp() fails, callers might want to inspect the stat
info. If we really failed on STOPPED_ON_SYMLINK, the caller might need
to know this, although openat_pathref_fsp() masked this error.

As there is no smb_fname->fsp returned from openat_pathref_fsp() on
error, we need to pass this up in smb_fname itself.

This essentially reverts de439cd030, which does basically the same
thing but is too specific. We need to cover the general !O_PATH case
more broadly.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2022-04-28 13:12:33 +00:00
Volker Lendecke
f2eee5c5b3 smbd: Remove unused arguments from dup_file_fsp()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-04-26 21:41:29 +00:00
Volker Lendecke
e41f8001f1 smbd: Don't NULL out the "::$DATA" in openat_pathref_fsp()
Slight simplification now possible after introducing and using
fsp_is_alternate_stream() almost everywhere.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-03-29 21:32:34 +00:00
Jeremy Allison
a604dd02ff s3: smbd: open_internal_dirfsp(). All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
If doing an SMB_VFS_FSTAT() returning onto the stat struct stored in the fsp,
we must call vfs_stat_fsp() as this preserves the iflags.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15022

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2022-03-24 16:28:37 +00:00
Jeremy Allison
ec2fb9d228 s3: smbd: open_internal_dirfsp() add missing file_free() in error path.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15022

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2022-03-24 16:28:37 +00:00
Volker Lendecke
d8e966da1c smbd: Remove a few vfs_stat() calls
openat_pathref_fsp() does not need them anymore

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Mar 11 19:19:21 UTC 2022 on sn-devel-184
2022-03-11 19:19:21 +00:00
Volker Lendecke
e7b933100e smbd: Don't require a valid stat for openat_pathref_fsp()
With the simplifications in non_widelink_open() (don't depend on the
is_directory fsp flag) the main reason for requiring a valid stat
struct in openat_pathref_fsp() is gone. With this change
openat_pathref_fsp() is now capable of being the very first (and
authoritative) name-referencing operation with openat(O_PATH) for a
name.

Without having the stat information around before calling
openat_pathref_fsp(), the call to check_same_dev_ino() becomes
obsolete here.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2022-03-11 18:22:28 +00:00