IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
This commit should be removed once wb_queryuser() is fixed.
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
If samlogon cache has no entry for the 'Guest' user, the group sid
should default to 'Guests' group.
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This is needed for GETGRENT to show also e.g. BUILTIN/users.
Otherwise the test_membership_user (local.nss.membership) would fail.
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
wb_alias_members.c is very similar to wb_lookupusergroups.c
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jun 8 18:34:44 UTC 2023 on atb-devel-224
reply_search() is the only place in the code where we have to deal
with [MS-CIFS] 2.2.4.59.1 ResumeKey structures. This concentrates the
formatting of this to pure SMB1 code in reply_search(), moving away
knowledge about the format from smbd/dir.c's dptr_fill() and
dptr_fetch_fsp().
With this code we just count up the FileIndex from behaviour note
110. If the client is sane and sends us the last FileIndex we returned
to it in a subsequent search, we can completely avoid any
telldir/seekdir. If it skips back, with the new code we rewind and
re-readdir the directory. This will be slower for a very special
corner case, but it's a lot simpler to understand (at least to
me). Also, it avoids calling telldir/seekdir for every entry.
Tested both cases (sane and insane clients) manually with a modified
cli_list_old_done(). Not doing automated tests. If this breaks real
users, we'll fix it and write tests then.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Don't wait for the main loop to free file names no longer used.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
name_str can pile up when reading directories, we don't talloc_free()
our stackframe before we have filled the whole readdir response packet.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Return how many name entries have been returned from this dptr.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15391
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jun 8 16:55:14 UTC 2023 on atb-devel-224
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
we used to strip the first two characters of the path and used that.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=2312
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Jun 6 09:33:47 UTC 2023 on atb-devel-224
This never took off outside of a special OEM setup.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Jun 5 18:13:05 UTC 2023 on atb-devel-224
Looks larger than it is, "git clang-format" added a few lines
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
since 5cc3c1b5f6 if we don't have
a realm specified either on cmdline or in conf file we try to
copy (talloc_strdup) a NULL variable which triggers a NO_MEMORY
error when we check the result of the copy
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15384
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Sun Jun 4 12:42:16 UTC 2023 on atb-devel-224
cli_list_trans_recv() can be called multiple times. When it's done, it
return NT_STATUS_OK and set *finfo to NULL. cli_list_old_recv() did
not do the NULL part, so smbclient would endlessly loop.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15382
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jun 1 21:54:42 UTC 2023 on atb-devel-224
This allows us to support starting smbd under callgrind and only start
the overhead and instrumentation after the SMB2 negprot, this allows us
to profile only useful stuff and not all the smbd startup, forking and
multichannel handling.
This will do the trick:
valgrind --tool=callgrind --instr-atstart=no smbd
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
It means we can make the fd blocking, which will help
with io_uring support.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
This is not strictly needed, but it helps profiling
the core smb2_server.c code with the 'smb2.bench.echo'
test.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
This will allow us to require that the target DC has FL 2008,
2012, 2012R2 or 2016.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
https://bugzilla.samba.org/show_bug.cgi?id=15378
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri May 26 00:52:29 UTC 2023 on atb-devel-224
Not specifying FILE_SHARE_DELETE wasn't done intentionally. Not setting the flag
triggers the following problem:
* client sends a CREATE with delete access
* this triggers a call to open_streams_for_delete() where we check for
conflicting opens on any of the streams of the file or directory
* if the file (or directory) has a stream like ":com.apple.quarantine" the
stream is opened with DELETE_ACCESS and kept open when the next step might:
* if the file (or directory) has a Mac specific :AFP_AfpInfo stream, the
ad_convert() routine in fruit_create_file() is triggered
* ad_convert() checks if the file (or ...) has a sidecar ._ AppleDouble file, if
it has:
* in ad_convert_xattr() we unpack any set of xattrs encoded in the AppleDouble
file and recreate them as streams with the VFS. Now, if any of these xattrs
happens to be converted to a stream that we still have open in
open_streams_for_delete() (see above) we get a NT_STATUS_SHARING_VIOLATION
This error gets passed up the stack back to open_streams_for_delete() so the
client CREATE request fails and the client is unhappy.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15378
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
The macOS client creates ._ AppleDouble files for directories that do contain
an (empty) resource fork AppleDouble entry. So when going from a Samba server
config without streams module (or when migrating data from another server
without streams support), to a Samba config with a streams module and vfs_fruit,
fruit_streaminfo() will wrongly return the AFP_Resource from the AppleDouble
file as stream to the client.
To address this, just never return an AFP_Resource stream for directories when
listing streams in fruit_streaminfo(). ad_convert(), when configured with
fruit:delete_empty_adfiles = true
fruit:wipe_intentionally_left_blank_rfork = true
will happily discard the AFP_Resource from the AppleDouble file.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15378
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Translates to NT_STATUS_OBJECT_NAME_NOT_FOUND which is the same error macOS
returns in this case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15378
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15375
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed May 24 21:42:50 UTC 2023 on atb-devel-224
Avoid returning an uninitialized st.cached_dos_attributes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15375
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
GNU libiconv and its iconv(1) do NOT define 'utf16le' as
an alias of 'UTF-16LE' encoding.
Signed-off-by: SATOH Fumiyasu <fumiyas@osstech.co.jp>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Using Py_CLEAR() ensures that these structures are observed in a
consistent state by any Python code that may run during deconstruction.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Currently, we rely on ‘stored_nt’ being NULL to give an
NT_STATUS_WRONG_PASSWORD error.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This allows the new unsupported functional levels to be unlocked, but with an smb.conf
option that is easily seen.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Winbind can ask rpcd_lsad for LookupNames etc. This can recurse back
into winbind for getpwnam. We have the "_NO_WINBINDD" environment
variable set in winbind itself for this case, but this is lost on the
way into rpcd_lsad. Use a flag in global_sid_Samba_NPA_Flags to pass
this information to dcerpc_core, where it sets the variable on every
call if requested.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15361
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue May 16 11:54:32 UTC 2023 on atb-devel-224
More code, but will be more flexible in the future.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15361
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This will be used as a flexible way to pass per-RPC-connection flags
over ncalrpc to the RPC server without having to modify
named_pipe_auth_req_info6 every time something new needs to be
passed. It's modeled after global_sid_Samba_SMB3.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15361
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15366
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue May 9 02:58:45 UTC 2023 on atb-devel-224
The loop above would only exit once ‘c’ was equal to −1, and thus this
code could never be reached.
Also set ‘ok’ to false to indicate failure.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu May 4 01:29:10 UTC 2023 on atb-devel-224
Previously we were handing the addresses of bool parameters to popt for
POPT_ARG_NONE parameters. This is not supported, and popt was returning
POPT_ERROR_BADOPERATION for these parameters (not bundled popt, though,
nor on Debian or Ubuntu). Using integers instead ensures that these
addresses are aligned and sized as popt expects.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Volker Lendecke <vl@samba.org>
This avoids any loss of precision from performing an integer division.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Volker Lendecke <vl@samba.org>
prior to this patch rights matching "FA", "FR", "FW", "FX" were
outputted as the hex string representing the bit value.
While outputting the hex string is perfectly fine, it makes it harder
to compare icacls output (which always uses the special string values)
Additionally adjust various tests to deal with use of shortcut access masks
as sddl format now uses FA, FR, FW & FX strings (like icalcs does) instead
of hex representation of the bit mask.
adjust
samba4.blackbox.samba-tool_ntacl
samba3.blackbox.large_acl
samba.tests.samba_tool.ntacl
samba.tests.ntacls
samba.tests.posixacl
so various string comparisons of the sddl format now pass
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
[abartlet@samba.org Adapted to new stricter SDDL behaviour around leading zeros in hex
numbers, eg 0x001]
The short version is:
Running LOCAL-IDMAP-TDB-COMMON
test_getnewid1: PASSED!
test_setmap1: PASSED!
test_unixid2sid1: PASSED!
test_sid2unixid1: could not create uid map!
TEST LOCAL-IDMAP-TDB-COMMON FAILED!
LOCAL-IDMAP-TDB-COMMON took 0.029819 secs
Freed frame ../../source3/torture/torture.c:15748, expected ../../source3/torture/test_idmap_tdb_common.c:986.
===============================================================
INTERNAL ERROR: Frame not freed in order. in pid 3692106 (4.19.0pre1-DEVELOPERBUILD)
If you are running a recent Samba version, and if you think this problem is not yet fixed in the latest versions, please consider reporting this bug, see https://wiki.samba.org/index.php/Bug_Reporting
===============================================================
PANIC (pid 3692106): Frame not freed in order. in 4.19.0pre1-DEVELOPERBUILD
BACKTRACE: 11 stack frames:
#0 bin/shared/private/libgenrand-samba4.so(log_stack_trace+0x32) [0x7f2f39b430ba]
#1 bin/shared/private/libgenrand-samba4.so(smb_panic_log+0x1dd) [0x7f2f39b43037]
#2 bin/shared/private/libgenrand-samba4.so(smb_panic+0x1c) [0x7f2f39b43056]
#3 bin/shared/libsamba-util.so.0(+0x75309) [0x7f2f3a659309]
#4 bin/shared/private/libtalloc-samba4.so(+0x5cc6) [0x7f2f3a758cc6]
#5 bin/shared/private/libtalloc-samba4.so(+0x6173) [0x7f2f3a759173]
#6 bin/shared/private/libtalloc-samba4.so(_talloc_free+0x10c) [0x7f2f3a75a54b]
#7 /data/samba/samba-review/bin/smbtorture3(main+0xa97) [0x55cb3dc8cedc]
#8 /lib/x86_64-linux-gnu/libc.so.6(+0x29d90) [0x7f2f396d4d90]
#9 /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0x80) [0x7f2f396d4e40]
#10 /data/samba/samba-review/bin/smbtorture3(_start+0x25) [0x55cb3dc59895]
smb_panic(): calling panic action [/data/samba/samba-review/selftest/gdb_backtrace 3692106]
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Apr 27 09:25:50 UTC 2023 on atb-devel-224
We should give a good warning message one level above.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
In function ‘test_one’,
inlined from ‘retest’ at source3/torture/locktest2.c:401:8:
source3/torture/locktest2.c:331:37: error: array subscript 2 is above array bounds of ‘int[2][2][2]’ [-Werror=array-bounds=]
331 | fnum[server][fstype][conn][f] = try_open(cli[server][conn], nfs[server], fstype, FILENAME,
| ~~~~~~~~~~~~^~~~~~~~
source3/torture/locktest2.c: In function ‘retest’:
source3/torture/locktest2.c:390:23: note: while referencing ‘fnum’
390 | int fnum[NSERVERS][NUMFSTYPES][NCONNECTIONS][NFILES],
| ~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In function ‘test_one’,
inlined from ‘retest’ at source3/torture/locktest2.c:401:8:
source3/torture/locktest2.c:316:62: error: array subscript 2 is above array bounds of ‘int[2][2][2]’ [-Werror=array-bounds=]
316 | fnum[server][fstype][conn][f],
| ~~~~~~~~~~~~^~~~~~~~
source3/torture/locktest2.c: In function ‘retest’:
source3/torture/locktest2.c:390:23: note: while referencing ‘fnum’
390 | int fnum[NSERVERS][NUMFSTYPES][NCONNECTIONS][NFILES],
| ~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In function ‘test_one’,
inlined from ‘retest’ at source3/torture/locktest2.c:401:8:
source3/torture/locktest2.c:300:60: error: array subscript 2 is above array bounds of ‘int[2][2][2]’ [-Werror=array-bounds=]
300 | fnum[server][fstype][conn][f],
| ~~~~~~~~~~~~^~~~~~~~
source3/torture/locktest2.c: In function ‘retest’:
source3/torture/locktest2.c:390:23: note: while referencing ‘fnum’
390 | int fnum[NSERVERS][NUMFSTYPES][NCONNECTIONS][NFILES],
| ~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15362
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Björn Jacke <bjacke@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Apr 24 14:13:35 UTC 2023 on atb-devel-224
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Apr 20 12:56:53 UTC 2023 on atb-devel-224
This fixes setting veto files to '.*' to not list hidden files and
directories starting with a dot.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15360
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Apr 19 22:30:19 UTC 2023 on atb-devel-224
With this ld.so does not have to relocate the string pointers
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Nowadays we rather do protocol-specific _done() functions, and overall
this cuts a few lines.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reduce indentation with an early return, review with git show -w
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This makes it clearer what to pass into the create_flags argument to
cli_smb2_create_fnum(). There was already confusion in
source3/torture/test_smb2.c: It passed in
SMB2_OPLOCK_LEVEL_NONE (which was okay because it #defines to 0), but
it should have been a straight 0, for example
SMB2_OPLOCK_LEVEL_EXCLUSIVE would have been wrong.
This way adding other flags (.nofollow comes to mind) will be much
easier to handle.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
streams_depot hands us absolute paths with : filename components
instead of having set smb_fname_in->stream_name.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15358
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Apr 17 18:11:07 UTC 2023 on atb-devel-224
If you set "create mask = 0600" no streams will be created....
Tested manually. Not creating an automated test for this, there are so
many places where this can go wrong that testing this individual
glitch does not gain us much confidence.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15357
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This test failed to start, emitting the following error:
Unknown torture operation 'clustered.smb2.deny.deny2'
To fix this, remove the 'clustered.' prefix from the test name.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Trying to run any of these tests without having built ctdb results in a
failure, as the environment cannot be started.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
If $expected didn't match $received, these functions would still return
zero.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
This is the behaviour that most existing callers expect, but the
function actually returns a non-zero status code in that case.
Adjust all callers expecting the opposite behaviour to match.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
If a talloc function returns NULL, indicating failure, the failure could
be masked by the next talloc call allocating on the NULL context.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
If we remove the i'th element, we should decrement i so that we don't
skip over the succeeding element.
If we remove the j'th element, we should decrement j and continue around
the loop, so as not to skip subsequent elements.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Apr 12 13:51:50 UTC 2023 on atb-devel-224
We used to store smbXsrv_tcon_global.tdb records in two steps,
first we created a record in order to allocate the tcon id.
The temporary record had a NULL share_name, which translated
into 0 bytes for the string during ndr_push_smbXsrv_tcon_global0.
The problem is that ndr_pull_smbXsrv_tcon_global0 fails on
this with something like:
Invalid record in smbXsrv_tcon_global.tdb:key '2CA0ED4A' ndr_pull_struct_blob(length=85) - Buffer Size Error
The blob looks like this:
[0000] 00 00 00 00 01 00 00 00 00 00 00 00 00 00 02 00 ........ ........
[0010] 00 00 00 00 4A ED A0 2C 4A ED A0 2C 00 00 00 00 ....J.., J..,....
[0020] F8 4B 00 00 00 00 00 00 00 00 00 00 FF FF FF FF .K...... ........
[0030] 4D 59 9B 9F 83 F4 35 20 36 D2 B0 82 62 68 D9 01 MY....5 6...bh..
[0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
[0050] 00 00 00 00 00 .....
The reason for having a temporary entry was just based on
the fact, that it was easier to keep the logic in
make_connection_snum() untouched.
But we have all information available in order to store
the final record directly. We only need to do the
"max connections" check first.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15353
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
In particular, this may help track down REASON: Exception: Exception: protocol negotiation failed: NT_STATUS_IO_TIMEOUT
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Apr 11 13:47:01 UTC 2023 on atb-devel-224
Otherwise the posix_pending_close_db is NULL and we crash when trying to close a
file descriptor:
#4 /usr/lib64/samba/libdbwrap-samba4.so(dbwrap_parse_record+0xe) [0x7fbc5d05c8ae]
#5 /usr/lib64/samba/libdbwrap-samba4.so(dbwrap_fetch_int32+0x38) [0x7fbc5d05d438]
#6 /usr/lib64/samba/libsmbd-base-samba4.so(fd_close_posix+0x7b) [0x7fbc5e276f8b]
#7 /usr/lib64/samba/libsmbd-base-samba4.so(+0x57900) [0x7fbc5e28a900]
#8 /usr/lib64/samba/libsmbd-base-samba4.so(fd_close+0x68) [0x7fbc5e2b7ea8]
#9 /usr/lib64/samba/libsmbd-base-samba4.so(+0x62608) [0x7fbc5e295608]
#10 /usr/lib64/samba/libtalloc-samba4.so(_talloc_free+0x51b) [0x7fbc5d9f439b]
#11 /usr/lib64/samba/vfs/fruit.so(+0xcac2) [0x7fbc45fcdac2]
#12 /usr/lib64/samba/vfs/fruit.so(+0xcbdd) [0x7fbc45fcdbdd]
#13 /usr/lib64/samba/vfs/fruit.so(+0xf603) [0x7fbc45fd0603]
#14 /usr/lib64/samba/libsmbd-base-samba4.so(+0x56375) [0x7fbc5e289375]
#15 /usr/lib64/samba/vfs/nothingtoseeherereally.so(+0x196c) [0x7fbc467f996c]
#16 /usr/lib64/samba/vfs/streams_xattr.so(+0x51fc) [0x7fbc461e71fc]
#17 /usr/lib64/samba/libsmbd-base-samba4.so(+0xade3a) [0x7fbc5e2e0e3a]
#18 /usr/lib64/samba/libsmbd-base-samba4.so(create_conn_struct_cwd+0x44) [0x7fbc5e2e1cf4]
#19 /usr/libexec/samba/rpcd_mdssvc(mds_init_ctx+0x2c3) [0x563fdac08f03]
#20 /usr/libexec/samba/rpcd_mdssvc(_mdssvc_open+0x141) [0x563fdac0b4d1]
The corresponding open is done as part of initializing a connection_struct
object, where we chdir() and stat() the root path of the share. The stat() in
vfs_fruit causes an expensive metadata request on the path which triggers an
internal open of a pathref handle. Note that this only affects servers that have
fruit:metadata = netatalk set, which is the default unfortunately.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15354
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Apr 7 21:12:21 UTC 2023 on atb-devel-224
The problem is when checking for vetoed names on the last path component in
openat_pathref_fsp_case_insensitive() we return
NT_STATUS_OBJECT_NAME_NOT_FOUND. The in the caller
filename_convert_dirfsp_nosymlink() this is treated as the "file creation case"
causing filename_convert_dirfsp_nosymlink() to return NT_STATUS_OK.
In order to correctly distinguish between the cases
1) file doesn't exist, we may be creating it, return
2) a vetoed a file
we need 2) to return a more specific error to
filename_convert_dirfsp_nosymlink(). I've chosen NT_STATUS_OBJECT_NAME_INVALID
which gets mapped to the appropriate errror NT_STATUS_OBJECT_PATH_NOT_FOUND or
NT_STATUS_OBJECT_NAME_NOT_FOUND depending on which path component was vetoed.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15143
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Apr 6 23:03:50 UTC 2023 on atb-devel-224
There is no need to run it against this environment and saves resources.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
We get the realm we use for authentication needs to
the realm belonging to the username we use.
We derive the username from c->creds, so we need to
do the same for the realm.
Otherwise we try to authenticate as the wrong user.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15323
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This avoids sending new or reset passwords in the clear
(integrity protected only) from samba-tool in particular.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15315
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Apr 5 03:08:51 UTC 2023 on atb-devel-224
This is more descriptive and will help with the next commit.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
The smbget utility doesn't use the common command line parser, so it
doesn't support paring of DOMAIN/user or user@realm.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15345
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This will not leak any memory. Also rename the bool to 'ok' for better
readability.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Avoid making smb311 posix extensions a global thing. Posix clients
could request non-posix behaviour on individual create calls.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Apr 4 07:04:13 UTC 2023 on atb-devel-224
rpcgen may be missing, so wrap all of the vfs_nfs4acl_xattr associated
calls in an appropriate if bld.SAMBA3_IS_ENABLED_MODULE() check.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
We should not overwrite the "rc=1" initialization with the tdb_check
retval. This will lead to tdb_validate_child() returning 0 even when
validate_fn() found invalid entries.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14789
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Mar 31 21:21:57 UTC 2023 on atb-devel-224
Remove knownfail for posix path handling of case/reserved char
Signed-off-by: David Mulder <dmulder@samba.org>
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
We must always do SMB3+POSIX operations on fsp's opened with a posix create context.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
The call to mode_fn (smbd_dirptr_lanman2_mode_fn)
was filling the cleared attributes back in to the
stat. Ensure the clear happens after this call.
Signed-off-by: David Mulder <dmulder@samba.org>
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Not yet used. Simple wrapper, identical to check_path_syntax_posix().
I want to keep SMB1/SMB2 code as separate as possible so
we can remove any SMB1 code path later.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Keep it, rather and move all SMB2 code to check_path_syntax()
as I want to keep SMB1/SMB2 code as separate as possible so
we can remove any SMB1 code path later.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Remove knownfail on SMB1-DFS-SEARCH-PATHS, as we now
pass it with the new SMB1 remove DFS paths before pathname processing
changes.
Note, we still fail:
smb1.SMB1-DFS-PATHS.smbtorture\(fileserver_smb1\)
smb1.SMB1-DFS-OPERATIONS.smbtorture\(fileserver_smb1\)
even with the new SMB1 remove DFS paths before pathname
processing as those tests test *very* specific Windows behaviors. We now
pass many more of the individual internal tests, but
in order to pass them all completely I need to add
specific --with-sambaserver checks to avoid some
of the Windows DFS SMB1 insanity (error messages).
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Mar 31 06:07:01 UTC 2023 on atb-devel-224
Ensure we strip from ucs_flags before calling filename_convert_dirfsp().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
check_path_syntax_smb2() is now a simple wrapper around check_path_syntax().
Leave it alone for now to keep things separate when we add SMB3+POSIX parsing.
check_path_syntax_smb2_msdfs() is now no longer used.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
In smb2, smb1req->flags2 now never uses FLAGS2_DFS_PATHNAMES,
ucf_flags never has UCF_DFS_PATHNAME, and all calls to check_path_syntax_smb2()
pass "false" in this is_dfs parameter.
Remove all knownfails for smb2.SMB2-DFS* tests.
Now I can clean up check_path_syntax_smb2() and add
an assertion into filename_convert_dirfsp_nosymlink() that
UCF_DFS_PATHNAME is *NEVER* set in the ucf_flags for an
SMB2 connection.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Removes any DFS prefix from an SMB2 name. This will
enable me to clean up the mess around SMB2 DFS path
processing, remove some knownfails and eventually
make it much easier to add SMB3+POSIX path processing
now it can ignore DFS prefixes. Original idea from
Volker.
Not yet used.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
It now looks like all other SMB2 path processing and
we can proceed to strip the DFS prefixes from SMB2 pathnames
before further processing.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
They're an SMB1 thing, not an SMB2 thing. It will always be (and always was) zero.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
We're going to change the SMB2 path handling for DFS and I
really don't want to try and mix these changes into the
existing smb_file_link_information() code.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
That's an SMB1 thing. It will always be (and always was) zero.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Even if the client claims it's a DFS pathname. Matches what Windows does if it gets
a DFS pathname on a non-DFS share.
Remove samba3.smbtorture_s3.smb2.SMB2-NON-DFS-SHARE.smbtorture\(fileserver\)
test knownfail.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
DRSUAPI_COMPRESSION_TYPE_XPRESS is not MS-XCA nor is it implemented by
lzexpress_compress(), so disconnect from that algorithm.
This avoids someone fixing lzxpress_compress() to work for DRSUAPI
and breaking claims support.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
smbclient crashes when smbd has "smb2 max read = 0"
in the [global] section of smb.conf.
We should fail the protocol negotiation with
NT_STATUS_INVALID_NETWORK_RESPONSE in this case.
Adds knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15306
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
With these options, certain OUs can be denied or a list of OUs can be
explicitly permitted for idmapping.
Use case: Administration of OUs in AD has been delegated to people not
100% trusted by the unix server team, this can prevent arbitrary unix
IDs to be assigned by these delegated admins.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
We'll add another pointer next that should be initialized to NULL
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Pavel Filipensky <pfilipensky@samba.org>
Autobuild-Date(master): Tue Mar 28 08:36:50 UTC 2023 on atb-devel-224
Some of these conditions could never be hit.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This change means that idmap_hash_id_to_sid() can return mappings
for new domains learned in idmap_hash_sid_to_id().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15319
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Mar 10 11:35:06 UTC 2023 on atb-devel-224
If we are going to return ID_UNMAPPED later anyway, there's no need to
defer that decision by returning ID_REQUIRE_TYPE first.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15319
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
It's always the first function that's called from idmap_methods.
This also demonstrates that we currently always return NT_STATUS_OK,
even if we haven't mapped all map entries.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15319
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
id_map_ptrs_init() is used in the callers in order to
set everything up as expected.
Other backends also just trust the caller.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15319
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
While sids_to_unixids returns ID_TYPE_BOTH mappings,
unixids_to_sids() returns the callers asked for, which
fills gencache with the non ID_TYPE_BOTH mappings.
As a result also the sids_to_unixids fast path via
gencache won't return ID_TYPE_BOTH mappings.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15319
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
When we see a trusted domain SID for the first time,
idmap_autorid returns ID_REQUIRE_TYPE only for the first sid
and leaves the others with ID_TYPE_NOT_SPECIFIED.
It means the winbindd parent only retries the first sid.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15318
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Most idmap backends don't need access to the domain controllers.
And the related code is not needed for the backends.
Commit 17c86a2c5a changed
the logic of set_domain_online_request() completely!
Instead of triggering a dc probe in the background,
it is now doing a blocking connection.
And doing this in the idmap child is completely useless.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15317
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Prefer mallinfo2() with 'size_t' fields over deprecated
mallinfo() (with 'int' fields which may wrap around zero
and so be inaccurate on a 64-bit system) and move relevant
checks to lib/util/wscript_configure because mallinfo()
is not used beyond 'samba-util'.
Suggested-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Dmitry Antipov <dantipov@cloudlinux.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Return the first IPv4 and the first IPv6 address found for each DC.
This is slightly inelegant, but resolves an issue where IPv6-only
systems were unable to run "net ads join" against domain controllers
that have both A and AAAA records in DNS.
While this impacts performance due to the additional LDAP ping attempts,
in practice an attempt to connect to an IPv6 address on an IPv4-only
system (or vice versa) will fail immediately with
NT_STATUS_NETWORK_UNREACHABLE, and thus the performance impact should be
negligible.
The alternative approach, using an smb.conf setting to control whether
the logic prefers a single address of one family or the other ends up
being a bit awkward, as it pushes the problem onto admins and tools such
as "realm join" that want to dynamically synthesize an smb.conf on the
fly.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15325
Signed-off-by: Nathaniel W. Turner <nturner@exagrid.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Mar 9 19:12:15 UTC 2023 on atb-devel-224
It's unusual these days to pass output arguments in the _send
function, instead save the result in the _state struct
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Before this patch the worker-status cut the worker index such that
samba-dcerpcd could not properly update status of the surplus rpc
daemons. This could lead to those daemons to stay around forever,
samba-dcerpcd will never notice they are idle and can exit.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15310
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Mar 6 22:35:00 UTC 2023 on atb-devel-224
We don't have real async callers yet, and this is the simplest way to
fix our missing light-weight deterministic async fallback mechanism.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15310
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
With
smbtorture3 //127.0.0.1/ipc\$ rpc-scale -N 50 -o 1000
I am able to immediately trigger bug 15130.
Not running by default, this is a pure load test.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15310
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
When open_stream_pathref_fsp() returns
NT_STATUS_OBJECT_NAME_NOT_FOUND, smb_fname_rel->fsp
has been set to NULL, so we must free base_fsp separately
to prevent fd-leaks when opening a stream that doesn't
exist.
Remove knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15314
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Mar 3 16:37:27 UTC 2023 on atb-devel-224
Shows we are leaking an fsp/fd if we request a non-existent stream on a file.
This then causes rename of a directory containing the file to be denied, as
it thinks we have an existing open file below it.
Add knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15314
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Björn Baumbach <bb@sernet.de>
Autobuild-Date(master): Fri Mar 3 12:52:00 UTC 2023 on atb-devel-224
Fix this compile error:
[753/756] Processing source3/librpc/idl/libnet_join.idl
source3/librpc/idl/ads.idl:2:10: fatal error: config.h: No such file or directory
#include "config.h"
^~~~~~~~~~
compilation terminated.
source3/librpc/idl/libnet_join.idl:3: error: Failed to parse source3/librpc/idl/ads.idl
source3/librpc/idl/libnet_join.idl:50: warning: [out] argument `account_name' not a pointer
libnet_join.idl imports ads.idl which includes config.h. The build rule
for ads.idl provides the include directory for config.h, so add a new
rule to also specify that include directory for libnet_join.idl.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Compilers are getting strict about this C89 behaviour and this
kind of thing is already causing some configure checks to fail with
modern compilers like clang.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15281
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
The message should help our users to understand what's the problem. The
message was rather cryptic before.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Tue Feb 28 14:18:32 UTC 2023 on atb-devel-224
Add a config parameter `ceph:filesystem` that will be passed to
ceph_select_filesystem when provided. This allows shares on a single
smbd to access multiple different cephfs file systems.
The ceph_select_filesystem call was added as part of ceph 'nautilus'
(v14), released on 2019-03-19 and EOLed on 2021-06-30.
Since ceph 'pacific' (v16) multiple file system support is stable
and ready to use. At the time of this commit, 'pacific' is the oldest
actively supported version of ceph upstream.
Since samba tests building on ubntu 18.04, which has ceph packages
older than v14, a waf check for the function is added to test for
the presence of ceph_select_filesystem and disable its use on
these very old platforms.
Signed-off-by: John Mulligan <jmulligan@redhat.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>
Previously, the vfs_ceph module kept one global cached mount.
This makes it impossible to support multiple ceph clusters or
file systems. Add a mount cache in a similar fashion to the connection
cache found in the vfs_glusterfs module. The vfs_ceph cache uses
a single "cookie" value, a unique string based on config params, to
ID the cache entry. Shares that produce the same cookie will share
cephfs mount objects and increment a counter when multiple shares
are using the same cache entry.
Signed-off-by: John Mulligan <jmulligan@redhat.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>
This new function is entirely dedicated to just setting up a libcephfs
mount. Handling the cmount global and samba connection params remains
in cephwrap_connect. This change will later be used to avoid a single
global cached connection and add improved connection handling.
Signed-off-by: John Mulligan <jmulligan@redhat.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Although "lpq cache time" is 0 in the test environment the
"print_queue_length()" function can still return cached results. This is
because the print_queue_length() function calls print_queue_update(),
which just sends MSG_PRINTER_UPDATE to the samba-bgqd daemon and returns
without waiting for the daemon to update it.
This behavior causes problems in the selftests between
samba3.blackbox.printing_var_exp and samba3.rpc.spoolss.printserver
because when the later enumerates the printers at different levels and
compares the results the number of jobs can differ depending if samba-bgqd
updates the cache in between print_queue_update() and
get_queue_status() in the print_queue_length() function:
test: samba3.rpc.spoolss.printserver.printserver.enum_printers(nt4_dc)
time: 2023-02-17 13:07:34.043842Z
Testing EnumPrinters level 0
Testing EnumPrinters level 1
Testing EnumPrinters level 2
Checking EnumPrinters level 0 printer print_var_exp (ref print_var_exp)
time: 2023-02-17 13:07:34.285992Z
failure: samba3.rpc.spoolss.printserver.printserver.enum_printers(nt4_dc) [
Exception: Exception: ../../source4/torture/rpc/spoolss.c:1132: cur->info0.cjobs was 1 (0x1), expected 0 (0x0): invalid value
To fix it, make sure the queue is empty before printing_var_exp test
ends.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Feb 20 22:58:44 UTC 2023 on atb-devel-224
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Feb 13 21:23:43 UTC 2023 on atb-devel-224
Replace fsp_get_io_fd with fsp_get_pathref_fd as these calls do use
pathref fsps. fsp_get_io_fd asserts that the fsp is not pathref and
asserts (on a debug build) or returns -1 (non debug build).
Prior to these changes running ls on the root of the share failed.
Logging from the failure case:
```
openat_pathref_fsp: smb_fname [.]
openat_pathref_fullname: smb_fname [.]
fsp_new: allocated files structure (1 used)
file_name_hash: //. hash 0x3dfcc1c2
check_reduced_name: check_reduced_name [.] [/]
cephwrap_realpath: [CEPH] realpath(0x55604da9a030, .) = //.
check_reduced_name realpath [.] -> [//.]
check_reduced_name: . reduced to //.
cephwrap_openat: [CEPH] openat(0x55604da9a030, ., 0x55604da81f00, 133120, 0)
cephwrap_openat: [CEPH] open(...) = 10
cephwrap_fstat: fsp_get_io_fd: fsp [.] is a path referencing fsp
[CEPH] fstat(0x55604da9a030, -1)
fsp_get_io_fd: fsp [.] is a path referencing fsp
cephwrap_fstat: [CEPH] fstat(...) = -9
fd_openat: name ., flags = 04000 mode = 00, fd = 10. NT_STATUS_INVALID_HANDLE
openat_pathref_fullname: Opening pathref for [.] failed: NT_STATUS_INVALID_HANDLE
```
This change also seems to match the recommendations in the `When to use
fsp_get_io_fd() or fsp_get_pathref_fd()` section of The_New_VFS.txt
document.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15307
Signed-off-by: John Mulligan <jmulligan@redhat.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Gunther Deschner <gdeschne@redhat.com>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Feb 13 20:04:38 UTC 2023 on atb-devel-224
The only user by now was net serverid wipedbs, and there it was easy to replace
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Feb 13 10:49:43 UTC 2023 on atb-devel-224
Avoid the dependency on global->db_rec. This makes the callers more
verbose, but it makes the data dependencies much more obvious. This
will enable removing smbXsrv_open_global0->db_rec at some point.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
We don't need anything cryptographic for persistent file handle ids
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15302
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Sat Feb 11 08:48:05 UTC 2023 on atb-devel-224
Heretofore we have treated the primary group SID specially, storing it
in a fixed position as the second element of the user_info_dc->sids
array, and filtering out other copies in the PAC_LOGON_INFO base
structure. This filtering has made it difficult to distinguish between
the case where the primary group is a universal or global group, located
in the base RIDs, and the case where it is a domain-local group, missing
from the base RIDs; especially since the attributes of a domain-local
primary group are lost by being stored in the PAC. Domain-local primary
groups are normally disallowed by Windows, but are allowed by Samba, and
so it is reasonable to support them with at least some measure of
consistency.
The second element of user_info_dc->sids is still reserved for the
primary group's SID, but we no longer filter out any other copies in the
array. The first two elements are no more than the SIDs of the user and
the primary group respectively; and the remaining SIDs are as if taken
without modification from arrays of SIDs in the PAC. user_info_dc->sids
should therefore become a more faithful representation of the SIDs in
the PAC. After adding resource SIDs to it with
dsdb_expand_resource_groups(), we should have a result that more closely
and in more cases matches that of Windows.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
These constants allow one to tell at a glance what search operation is
being performed.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Constant strings can be inserted directly into format strings, reducing
the amount of string substitution to be performed.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
The combination MANDATORY | ENABLED_BY_DEFAULT | ENABLED is very
commonly used, and introducing a shorter alias for it makes the code
clearer.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
The domain-local groups that are added to the PAC of a service ticket
are now, if the service doesn't disclaim support for SID compression,
placed into the resource groups structure in PAC_LOGON_INFO.
In a TGS exchange directed to a KDC, rather than to a service, the
resource groups structure is simply copied into the updated PAC without
any processing being done.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Besides the NETLOGON_GUEST bit indicating whether the user has been
authenticated, we now carry all of the other bits as well. This lets us
match Windows' behaviour of simply passing these bits through to an
updated PAC when processing a TGS-REQ.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
In the next commit, we shall replace the 'authenticated' field of
named_pipe_auth_req_info.info5.session_info.session_info.info with a
more general 'user_flags' field.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Resource group SIDs should only be placed into a service ticket, but we
were including them in all tickets. Now that we have access to the group
attributes, we'll filter out any groups with SE_GROUP_RESOURCE set if
we're creating a TGT.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Group expansion, performed in dsdb_expand_nested_groups(), now
incorporates a check of the type of each group. Those that are resource
groups receive the SE_GROUP_RESOURCE bit in the attributes which are now
carried alongside each group SID.
Whereas before, in auth_convert_user_info_dc_sambaseinfo() and
auth_convert_user_info_dc_saminfo6(), we invariantly used the flag
combination SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT |
SE_GROUP_ENABLED to set attributes in the PAC, we now take the correct
attributes from user_info_dc.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
source3/torture/test_smb1_dfs.c:3264:11: error: variable 'accessmode' set but
not used [-Werror,-Wunused-but-set-variable]
uint16_t accessmode = 0;
^
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
source3/utils/log2pcaphex.c:138:13: error: variable 'i' set but not used
[-Werror,-Wunused-but-set-variable]
static int i = 0;
^
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
source3/lib/netapi/tests/netfile.c:40:22: error: variable 'i2' set but not used
[-Werror,-Wunused-but-set-variable]
struct FILE_INFO_2 *i2 = NULL;
^
source3/lib/netapi/tests/netfile.c:41:22: error: variable 'i3' set but not used
[-Werror,-Wunused-but-set-variable]
struct FILE_INFO_3 *i3 = NULL;
^
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
source3/modules/vfs_glusterfs.c:827:6: error: variable 'glfd' is used
uninitialized whenever 'if' condition is false
[-Werror,-Wsometimes-uninitialized]
if (pglfd == NULL) {
^~~~~~~~~~~~~
source3/modules/vfs_glusterfs.c:853:6: note: uninitialized use occurs here
if (glfd == NULL) {
^~~~
source3/modules/vfs_glusterfs.c:827:2: note: remove the 'if' if its condition is
always true
if (pglfd == NULL) {
^~~~~~~~~~~~~~~~~~~
source3/modules/vfs_glusterfs.c:763:17: note: initialize the variable 'glfd' to
silence this warning
glfs_fd_t *glfd;
^
= NULL
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
source3/modules/vfs_io_uring.c:70:22: error: field 'cqe' with variable sized
type 'struct io_uring_cqe' not at the end of a struct or class is a GNU
extension [-Werror,-Wgnu-variable-sized-type-not-at-end]
struct io_uring_cqe cqe;
^
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
source3/modules/getdate.c:1192:9: error: variable 'yynerrs' set but not used
[-Werror,-Wunused-but-set-variable]
int yynerrs;
^
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
source3/printing/tests/vlp.c:144:19: error: variable 'job_count' set but not
used [-Werror,-Wunused-but-set-variable]
int i, num_jobs, job_count = 0;
^
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
source3/winbindd/winbindd_ads.c:1399:6: error: variable 'ret_count' set but not
used [-Werror,-Wunused-but-set-variable]
int ret_count;
^
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
source3/rpc_server/eventlog/srv_eventlog_nt.c:634:11: error: variable
'num_records_read' set but not used [-Werror,-Wunused-but-set-variable]
uint32_t num_records_read = 0;
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
source3/smbd/msdfs.c:367:14: error: explicitly assigning value of variable of
type 'char *' to itself [-Werror,-Wself-assign]
servicename = servicename;
~~~~~~~~~~~ ^ ~~~~~~~~~~~
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
namecache.c:129:9: error: variable 'i' set but not used
[-Werror,-Wunused-but-set-variable]
size_t i, count;
^
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
In macOS Ventura marshalling of kMDScopeArray in the "openQueryWithParams"
request has changed from
string: kMDScopeArray
sl_array_t(#1): {
string: /foo/bar
}
to:
string: kMDScopeArray
sl_array_t(#1): {
sl_array_t(#1): {
string: /foo/bar
}
}
With this patch we check both encodings. Bug fixed according to user feedback.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15299
RN: Spotlight doesn't work with latest macOS Ventura
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reported by RedHat internal Covscan
Since cb8a0d9 we no longer stop traversing the list if encryption_flag
or signing_flags are unknown.
Assignment "result = -1;" is always overwritten by
"result = traverse_connections_*()" and is a dead code.
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Feb 2 15:46:52 UTC 2023 on atb-devel-224