1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Commit Graph

60706 Commits

Author SHA1 Message Date
Volker Lendecke
162787cddb lib: Fix whitespace
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-06-13 23:33:39 +00:00
Pavel Filipenský
4cf5abb8b3 s3:selftest: Pass environ to local.nss
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-06-13 12:15:32 +00:00
Pavel Filipenský
c0b819e3e3 s3:selftest: Add environ parameter to plansmbtorture4testsuite
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-06-13 12:15:32 +00:00
Pavel Filipenský
09e853af7f s4:torture: Skip test_membership_user for users that get incorrectly assigned group sid
This commit should be removed once wb_queryuser() is fixed.

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-06-13 12:15:32 +00:00
Pavel Filipenský
a1e611a8c7 s3:winbind: Fix the default group for the 'Guest' user
If samlogon cache has no entry for the 'Guest' user, the group sid
should default to 'Guests' group.

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-06-13 12:15:32 +00:00
Pavel Filipenský
783c9d2237 s3:winbind: Include local groups in _wbint_QueryGroupList
This is needed for GETGRENT to show also e.g. BUILTIN/users.
Otherwise the test_membership_user (local.nss.membership) would fail.

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-06-13 12:15:32 +00:00
Pavel Filipenský
f116cda34f s3:winbind: Remove SID_NAME_ALIAS code from rpc_lookup_groupmem()
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-06-13 12:15:32 +00:00
Pavel Filipenský
47b3a5d0de s3:winbind: s/wb_group_members_send/wb_alias_members_send/ for SID_NAME_ALIAS in wb_getgrsid_sid2gid_done()
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-06-13 12:15:32 +00:00
Pavel Filipenský
fa7d9c13c3 s3:winbind: Convert wb_group_members_send() to resolve array of groups
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-06-13 12:15:32 +00:00
Pavel Filipenský
6b321cb17e s3:winbind: Add wb_alias_members_{send/recv}
wb_alias_members.c is very similar to wb_lookupusergroups.c

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-06-13 12:15:32 +00:00
Pavel Filipenský
38565ff2df s3:winbind: Add wbint_LookupAliasMembers to winbind interface
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-06-13 12:15:32 +00:00
Pavel Filipenský
92b2eb9c3f s3:winbind: Add lookup_aliasmem to winbindd_methods and implement it in all backends
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-06-13 12:15:32 +00:00
Pavel Filipenský
b67dc2586f s3:winbind: Fix trailing whitespace in winbindd_cache.c
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-06-13 12:15:32 +00:00
Pavel Filipenský
d58872053c s3:winbind: Fix trailing whitespace in winbindd_reconnect.c
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-06-13 12:15:32 +00:00
Pavel Filipenský
f91c8bf8d0 s3:winbind: Fix trailing whitespace in winbindd_msrpc.c
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-06-13 12:15:32 +00:00
Volker Lendecke
23ca540abf smbd: Remove unused dptr_fill() and dptr_fetch_fsp()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jun  8 18:34:44 UTC 2023 on atb-devel-224
2023-06-08 18:34:44 +00:00
Volker Lendecke
6578dc9a51 smbd: Make reply_search() easier to understand
reply_search() is the only place in the code where we have to deal
with [MS-CIFS] 2.2.4.59.1 ResumeKey structures. This concentrates the
formatting of this to pure SMB1 code in reply_search(), moving away
knowledge about the format from smbd/dir.c's dptr_fill() and
dptr_fetch_fsp().

With this code we just count up the FileIndex from behaviour note
110. If the client is sane and sends us the last FileIndex we returned
to it in a subsequent search, we can completely avoid any
telldir/seekdir. If it skips back, with the new code we rewind and
re-readdir the directory. This will be slower for a very special
corner case, but it's a lot simpler to understand (at least to
me). Also, it avoids calling telldir/seekdir for every entry.

Tested both cases (sane and insane clients) manually with a modified
cli_list_old_done(). Not doing automated tests. If this breaks real
users, we'll fix it and write tests then.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-06-08 17:39:39 +00:00
Volker Lendecke
73ebbb7244 smbd: Do an early talloc_free() in reply_search()
Don't wait for the main loop to free file names no longer used.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-06-08 17:39:39 +00:00
Volker Lendecke
5aef4bb6be smbd: Do an early talloc_free() in fsp_attach_smb_fname()
name_str can pile up when reading directories, we don't talloc_free()
our stackframe before we have filled the whole readdir response packet.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-06-08 17:39:39 +00:00
Volker Lendecke
e4631270b7 smbd: Add dptr_RewindDir()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-06-08 17:39:39 +00:00
Volker Lendecke
d14b1e2d66 smbd: Add dptr_FileNumber()
Return how many name entries have been returned from this dptr.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-06-08 17:39:39 +00:00
Volker Lendecke
4e2de3a0cd smbd: Simplify make_dir_struct()
We don't need the talloc_strdup and thus we can return void.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-06-08 17:39:39 +00:00
Volker Lendecke
288e591bfd smbd: Make SeekDir()/TellDir() static to dir.c
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-06-08 17:39:39 +00:00
Volker Lendecke
4945b134d9 smbd: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-06-08 17:39:39 +00:00
Volker Lendecke
5c52f71c0d smbclient: Fix fd leak with "showacls;ls"
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15391

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jun  8 16:55:14 UTC 2023 on atb-devel-224
2023-06-08 16:55:14 +00:00
Pavel Filipenský
c9fa3dff8c s3:script: Add samba-log-parser
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
2023-06-07 14:12:33 +00:00
Björn Jacke
fcedf5514b smbcacls/smbcquotas: check for valid UNC path
we used to strip the first two characters of the path and used that.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=2312

Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Jun  6 09:33:47 UTC 2023 on atb-devel-224
2023-06-06 09:33:47 +00:00
Volker Lendecke
1e79335790 smbd: Remove smb1-only perfcount subsystem
This never took off outside of a special OEM setup.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Jun  5 18:13:05 UTC 2023 on atb-devel-224
2023-06-05 18:13:05 +00:00
Volker Lendecke
1a5ac20a23 smbd: Remove unused "pcd" from struct pending_message_list
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-06-05 17:17:36 +00:00
Volker Lendecke
d2dcc0fdf5 smbd: Remove unused "deferred_pcd" from process_smb()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-06-05 17:17:36 +00:00
Volker Lendecke
5adbc366de smbd: Remove unused "deferred_pcd" from process_smb1()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-06-05 17:17:35 +00:00
Volker Lendecke
1550356679 smbd: Remove unused "deferred_pcd" from construct_reply()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-06-05 17:17:35 +00:00
Volker Lendecke
43f64955dc smbd: Remove unused "pcd" from struct smb_request
After the macros went away, nobody read this anymore

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-06-05 17:17:35 +00:00
Volker Lendecke
625056af0b smbd: Remove unused "deferred_pcd" from construct_reply_chain()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-06-05 17:17:35 +00:00
Volker Lendecke
f13b8b1036 smbd: Remove unused "deferred_pcd" from process_smb2()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-06-05 17:17:35 +00:00
Volker Lendecke
12f1d94a4e smbd: Remove unused "pcd" arg from smb1_srv_send()
Looks larger than it is, "git clang-format" added a few lines

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-06-05 17:17:35 +00:00
Volker Lendecke
d342be5b09 modules: Remove perfcount_test module
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-06-05 17:17:35 +00:00
Volker Lendecke
5fa8a1e166 smbd: Remove SMB_PERFCOUNT_ macros
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-06-05 17:17:35 +00:00
Volker Lendecke
c7704d2dac smbd: Remove unused smb2_srv_send()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-06-05 17:17:35 +00:00
Noel Power
22ab42c100 s3/utils: avoid erronous NO MEMORY detection
since 5cc3c1b5f6 if we don't have
a realm specified either on cmdline or in conf file we try to
copy (talloc_strdup) a NULL variable which triggers a NO_MEMORY
error when we check the result of the copy

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15384

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Sun Jun  4 12:42:16 UTC 2023 on atb-devel-224
2023-06-04 12:42:16 +00:00
Jones Syue
9c24f853a8 smbd: remove comments about deprecated 'write cache size'
The option 'write cache size' was removed since samba-4.12 version:
https://wiki.samba.org/index.php/Samba_4.12_Features_added/changed
https://git.samba.org/?p=samba.git;a=commit;h=3fea05e0
https://git.samba.org/?p=samba.git;a=commit;h=728fabea

It is supposed to remove comments about deprecated 'write cache size',
in order to avoid confusion when reading source code and documents.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15383

Signed-off-by: Jones Syue <jonessyue@qnap.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Jun  2 09:48:17 UTC 2023 on atb-devel-224
2023-06-02 09:48:17 +00:00
Volker Lendecke
f30f5793ad libsmb: Fix directory listing against old servers
cli_list_trans_recv() can be called multiple times. When it's done, it
return NT_STATUS_OK and set *finfo to NULL. cli_list_old_recv() did
not do the NULL part, so smbclient would endlessly loop.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=15382

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jun  1 21:54:42 UTC 2023 on atb-devel-224
2023-06-01 21:54:41 +00:00
Volker Lendecke
e86234f3d6 tests: Show that we 100% loop in cli_list_old_recv()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15382

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-06-01 21:00:36 +00:00
Stefan Metzmacher
e03ccb5b12 smb2_negprot: add CALLGRIND_START_INSTRUMENTATION after SMB2 negprot
This allows us to support starting smbd under callgrind and only start
the overhead and instrumentation after the SMB2 negprot, this allows us
to profile only useful stuff and not all the smbd startup, forking and
multichannel handling.

This will do the trick:

  valgrind --tool=callgrind --instr-atstart=no smbd

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2023-06-01 07:20:31 +00:00
Stefan Metzmacher
be5e4d164d smb2_server: use MSG_DONTWAIT to get non-blocking send/recvmsg
It means we can make the fd blocking, which will help
with io_uring support.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2023-06-01 07:20:31 +00:00
Stefan Metzmacher
6e848f9d22 s3:smbd: only do profiling overhead in smbd_tevent_trace_callback() when needed
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2023-06-01 07:20:31 +00:00
Stefan Metzmacher
ff259bd1b7 smbprofile: add smbprofile_active() helper
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2023-06-01 07:20:31 +00:00
Stefan Metzmacher
a08f8b2a2c smb2_server: optimize SMB2_OP_KEEPALIVE (SMB2 Echo)
This is not strictly needed, but it helps profiling
the core smb2_server.c code with the 'smb2.bench.echo'
test.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2023-06-01 07:20:31 +00:00
Andrew Bartlett
0f3abb291f s3-libads: Also handle the DS_WEB_SERVICE_REQUIRED flag in check_cldap_reply_required_flags()
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2023-05-31 04:02:36 +00:00
Andrew Bartlett
63e2db8206 s4-libads: Confirm newer functional levels in check_cldap_reply_required_flags()
This will allow us to require that the target DC has FL 2008,
2012, 2012R2 or 2016.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2023-05-31 04:02:36 +00:00
Joseph Sutton
e14b5974c6 net_ads: Handle new NBT_SERVER_* flags
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-05-29 22:32:28 +00:00
Ralph Boehme
035f6d914d vfs_fruit: add fruit:convert_adouble parameter
https://bugzilla.samba.org/show_bug.cgi?id=15378

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri May 26 00:52:29 UTC 2023 on atb-devel-224
2023-05-26 00:52:29 +00:00
Ralph Boehme
3bf97f19c3 vfs_fruit: just log failing AppleDouble conversion
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15378

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-05-25 23:59:33 +00:00
Ralph Boehme
55bd104564 libadouble: allow FILE_SHARE_DELETE in ad_convert_xattr()
Not specifying FILE_SHARE_DELETE wasn't done intentionally. Not setting the flag
triggers the following problem:

* client sends a CREATE with delete access

* this triggers a call to open_streams_for_delete() where we check for
conflicting opens on any of the streams of the file or directory

* if the file (or directory) has a stream like ":com.apple.quarantine" the
stream is opened with DELETE_ACCESS and kept open when the next step might:

* if the file (or directory) has a Mac specific :AFP_AfpInfo stream, the
ad_convert() routine in fruit_create_file() is triggered

* ad_convert() checks if the file (or ...) has a sidecar ._ AppleDouble file, if
it has:

* in ad_convert_xattr() we unpack any set of xattrs encoded in the AppleDouble
file and recreate them as streams with the VFS. Now, if any of these xattrs
happens to be converted to a stream that we still have open in
open_streams_for_delete() (see above) we get a NT_STATUS_SHARING_VIOLATION

This error gets passed up the stack back to open_streams_for_delete() so the
client CREATE request fails and the client is unhappy.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15378

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-05-25 23:59:33 +00:00
Ralph Boehme
06f0c070a0 vfs_fruit: never return AFP_Resource stream for directories
The macOS client creates ._ AppleDouble files for directories that do contain
an (empty) resource fork AppleDouble entry. So when going from a Samba server
config without streams module (or when migrating data from another server
without streams support), to a Samba config with a streams module and vfs_fruit,
fruit_streaminfo() will wrongly return the AFP_Resource from the AppleDouble
file as stream to the client.

To address this, just never return an AFP_Resource stream for directories when
listing streams in fruit_streaminfo(). ad_convert(), when configured with

  fruit:delete_empty_adfiles = true
  fruit:wipe_intentionally_left_blank_rfork = true

will happily discard the AFP_Resource from the AppleDouble file.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15378

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-05-25 23:59:33 +00:00
Ralph Boehme
9b91a8bad2 vfs_fruit: return ENOENT instead of EISDIR when trying to open AFP_Resource for a directory
Translates to NT_STATUS_OBJECT_NAME_NOT_FOUND which is the same error macOS
returns in this case.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15378

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-05-25 23:59:33 +00:00
Ralph Boehme
412373984d smbd: also reset struct stat_ex.cached_dos_attributes in SET_STAT_INVALID()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15375

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed May 24 21:42:50 UTC 2023 on atb-devel-224
2023-05-24 21:42:50 +00:00
Ralph Boehme
0391120079 smbd: zero intialize SMB_STRUCT_STAT in vfswrap_readdir()
Avoid returning an uninitialized st.cached_dos_attributes.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15375

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-05-24 20:41:38 +00:00
Ralph Boehme
b4af281b2d CI: add a test that checks the dosmode of symlinks
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15375

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-05-24 20:41:38 +00:00
Joseph Sutton
80b3752052 s3:utils: Check return value of json_new_object()
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-05-24 00:50:31 +00:00
SATOH Fumiyasu
de009c194c tests: Replace iconv(1) UTF-16LE conversion with a python3 call
GNU libiconv and its iconv(1) do NOT define 'utf16le' as
an alias of 'UTF-16LE' encoding.

Signed-off-by: SATOH Fumiyasu <fumiyas@osstech.co.jp>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2023-05-19 00:29:33 +00:00
Joseph Sutton
f948f9cb66 s3:utils: Fix typo
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-05-18 01:03:37 +00:00
Joseph Sutton
f573177c35 python: Safely clear structure members
Using Py_CLEAR() ensures that these structures are observed in a
consistent state by any Python code that may run during deconstruction.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-05-16 23:29:32 +00:00
Joseph Sutton
2a8db07293 auth: Return status code if configuration prohibits NTLM
Currently, we rely on ‘stored_nt’ being NULL to give an
NT_STATUS_WRONG_PASSWORD error.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-05-16 23:29:32 +00:00
Andrew Bartlett
e5c3e076c8 param: Add new parameter "ad dc functional level"
This allows the new unsupported functional levels to be unlocked, but with an smb.conf
option that is easily seen.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2023-05-16 23:29:32 +00:00
Volker Lendecke
59694ad0a4 rpc_server3: Pass winbind_env_set() state through to rpcd_*
Winbind can ask rpcd_lsad for LookupNames etc. This can recurse back
into winbind for getpwnam. We have the "_NO_WINBINDD" environment
variable set in winbind itself for this case, but this is lost on the
way into rpcd_lsad. Use a flag in global_sid_Samba_NPA_Flags to pass
this information to dcerpc_core, where it sets the variable on every
call if requested.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=15361
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue May 16 11:54:32 UTC 2023 on atb-devel-224
2023-05-16 11:54:32 +00:00
Volker Lendecke
bb3ea36e10 lib: Add security_token_del_npa_flags() helper function
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15361
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-05-16 10:53:40 +00:00
Volker Lendecke
bdba027a33 rpc: Remove named_pipe_auth_req_info6->need_idle_server
Involves bumping up the version number

Bug: https://bugzilla.samba.org/show_bug.cgi?id=15361
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-05-16 10:53:40 +00:00
Volker Lendecke
31180e0e6d rpc_server3: Use global_sid_Samba_NPA_Flags to pass "need_idle"
More code, but will be more flexible in the future.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=15361
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-05-16 10:53:40 +00:00
Volker Lendecke
ebbb93cc7a rpc: Add global_sid_Samba_NPA_Flags SID
This will be used as a flexible way to pass per-RPC-connection flags
over ncalrpc to the RPC server without having to modify
named_pipe_auth_req_info6 every time something new needs to be
passed. It's modeled after global_sid_Samba_SMB3.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=15361
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-05-16 10:53:40 +00:00
Volker Lendecke
244ee8ad75 smbd: Use security_token_count_flag_sids() in open_np_file()
Simpler logic in the caller

Bug: https://bugzilla.samba.org/show_bug.cgi?id=15361
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-05-16 10:53:40 +00:00
Volker Lendecke
6206e15b4d winbind: Fix "wbinfo -u" on a Samba AD DC with >1000 users
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15366

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue May  9 02:58:45 UTC 2023 on atb-devel-224
2023-05-09 02:58:45 +00:00
Volker Lendecke
f633389f36 winbind: Test wbinfo -u with more than 1000 users
winbind asks dcerpc_samr_LookupRids in one batch, where samr.idl has

	NTSTATUS samr_LookupRids(
		[in,ref]      policy_handle *domain_handle,
		[in,range(0,1000)] uint32 num_rids,
		[in,size_is(1000),length_is(num_rids)] uint32 rids[],
		[out,ref]     lsa_Strings *names,
		[out,ref]     samr_Ids *types
		);

limiting num_rids to 1000 entries. Test this.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15366

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-05-09 01:59:32 +00:00
Joseph Sutton
506c2d1b8a s3:lib: Fix typos
These typos were also spotted by a mailing list user:

https://lists.samba.org/archive/samba-technical/2023-April/138190.html

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-05-05 02:54:31 +00:00
Joseph Sutton
6752bcaf4d s3:utils: Move error-handling code into more suitable spot (CID 1524680)
The loop above would only exit once ‘c’ was equal to −1, and thus this
code could never be reached.

Also set ‘ok’ to false to indicate failure.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu May  4 01:29:10 UTC 2023 on atb-devel-224
2023-05-04 01:29:10 +00:00
Joseph Sutton
11f3680462 s3:utils: Use ‘int’ for popt parameters
Previously we were handing the addresses of bool parameters to popt for
POPT_ARG_NONE parameters. This is not supported, and popt was returning
POPT_ERROR_BADOPERATION for these parameters (not bundled popt, though,
nor on Debian or Ubuntu). Using integers instead ensures that these
addresses are aligned and sized as popt expects.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Volker Lendecke <vl@samba.org>
2023-05-04 00:34:32 +00:00
Joseph Sutton
d2720a9e78 s3:utils: Use floating-point arithmetic when result is assigned to a double
This avoids any loss of precision from performing an integer division.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Volker Lendecke <vl@samba.org>
2023-05-04 00:34:32 +00:00
Noel Power
d36bab52d0 s3/utils: when encoding ace string use "FA", "FR", "FW", "FX" string rights
prior to this patch rights matching "FA", "FR", "FW", "FX" were
outputted as the hex string representing the bit value.

While outputting the hex string is perfectly fine, it makes it harder
to compare icacls output (which always uses the special string values)

Additionally adjust various tests to deal with use of shortcut access masks
as sddl format now uses FA, FR, FW & FX strings (like icalcs does) instead
of hex representation of the bit mask.

adjust
  samba4.blackbox.samba-tool_ntacl
  samba3.blackbox.large_acl
  samba.tests.samba_tool.ntacl
  samba.tests.ntacls
  samba.tests.posixacl

so various string comparisons of the sddl format now pass

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

[abartlet@samba.org Adapted to new stricter SDDL behaviour around leading zeros in hex
 numbers, eg 0x001]
2023-04-28 02:15:36 +00:00
Douglas Bagnall
96fe7ebe3f s3:torture: sid2unixid2: DEBUG blames the right function
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
Douglas Bagnall
396d280546 s3:torture:LOCAL-IDMAP-TDB-COMMON: avoid talloc stacktrace
The short version is:

Running LOCAL-IDMAP-TDB-COMMON
test_getnewid1: PASSED!
test_setmap1: PASSED!
test_unixid2sid1: PASSED!
test_sid2unixid1: could not create uid map!
TEST LOCAL-IDMAP-TDB-COMMON FAILED!
LOCAL-IDMAP-TDB-COMMON took 0.029819 secs

Freed frame ../../source3/torture/torture.c:15748, expected ../../source3/torture/test_idmap_tdb_common.c:986.
===============================================================
INTERNAL ERROR: Frame not freed in order. in pid 3692106 (4.19.0pre1-DEVELOPERBUILD)
If you are running a recent Samba version, and if you think this problem is not yet fixed in the latest versions, please consider reporting this bug, see https://wiki.samba.org/index.php/Bug_Reporting
===============================================================
PANIC (pid 3692106): Frame not freed in order. in 4.19.0pre1-DEVELOPERBUILD
BACKTRACE: 11 stack frames:
 #0 bin/shared/private/libgenrand-samba4.so(log_stack_trace+0x32) [0x7f2f39b430ba]
 #1 bin/shared/private/libgenrand-samba4.so(smb_panic_log+0x1dd) [0x7f2f39b43037]
 #2 bin/shared/private/libgenrand-samba4.so(smb_panic+0x1c) [0x7f2f39b43056]
 #3 bin/shared/libsamba-util.so.0(+0x75309) [0x7f2f3a659309]
 #4 bin/shared/private/libtalloc-samba4.so(+0x5cc6) [0x7f2f3a758cc6]
 #5 bin/shared/private/libtalloc-samba4.so(+0x6173) [0x7f2f3a759173]
 #6 bin/shared/private/libtalloc-samba4.so(_talloc_free+0x10c) [0x7f2f3a75a54b]
 #7 /data/samba/samba-review/bin/smbtorture3(main+0xa97) [0x55cb3dc8cedc]
 #8 /lib/x86_64-linux-gnu/libc.so.6(+0x29d90) [0x7f2f396d4d90]
 #9 /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0x80) [0x7f2f396d4e40]
 #10 /data/samba/samba-review/bin/smbtorture3(_start+0x25) [0x55cb3dc59895]
smb_panic(): calling panic action [/data/samba/samba-review/selftest/gdb_backtrace 3692106]

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
Douglas Bagnall
82b3281fff s3:test_larg_acl: adapt for the canonical ACE flags format
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
Andreas Schneider
6490ff6355 s3:lib: Give better warnings about corrupted AppleDobule files
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Apr 27 09:25:50 UTC 2023 on atb-devel-224
2023-04-27 09:25:50 +00:00
Andreas Schneider
a269ab4a9b s3:lib: Move ad_unpack() debug message to notice level
We should give a good warning message one level above.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-27 08:32:37 +00:00
Andreas Schneider
b5e9c2bc0e s3:torture: Fix possible array out of bounds access
In function ‘test_one’,
    inlined from ‘retest’ at source3/torture/locktest2.c:401:8:
source3/torture/locktest2.c:331:37: error: array subscript 2 is above array bounds of ‘int[2][2][2]’ [-Werror=array-bounds=]
  331 |                         fnum[server][fstype][conn][f] = try_open(cli[server][conn], nfs[server], fstype, FILENAME,
      |                         ~~~~~~~~~~~~^~~~~~~~
source3/torture/locktest2.c: In function ‘retest’:
source3/torture/locktest2.c:390:23: note: while referencing ‘fnum’
  390 |                   int fnum[NSERVERS][NUMFSTYPES][NCONNECTIONS][NFILES],
      |                   ~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In function ‘test_one’,
    inlined from ‘retest’ at source3/torture/locktest2.c:401:8:
source3/torture/locktest2.c:316:62: error: array subscript 2 is above array bounds of ‘int[2][2][2]’ [-Werror=array-bounds=]
  316 |                                                  fnum[server][fstype][conn][f],
      |                                                  ~~~~~~~~~~~~^~~~~~~~
source3/torture/locktest2.c: In function ‘retest’:
source3/torture/locktest2.c:390:23: note: while referencing ‘fnum’
  390 |                   int fnum[NSERVERS][NUMFSTYPES][NCONNECTIONS][NFILES],
      |                   ~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In function ‘test_one’,
    inlined from ‘retest’ at source3/torture/locktest2.c:401:8:
source3/torture/locktest2.c:300:60: error: array subscript 2 is above array bounds of ‘int[2][2][2]’ [-Werror=array-bounds=]
  300 |                                                fnum[server][fstype][conn][f],
      |                                                ~~~~~~~~~~~~^~~~~~~~
source3/torture/locktest2.c: In function ‘retest’:
source3/torture/locktest2.c:390:23: note: while referencing ‘fnum’
  390 |                   int fnum[NSERVERS][NUMFSTYPES][NCONNECTIONS][NFILES],
      |                   ~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-27 07:21:33 +00:00
Andreas Schneider
732efb3d96 s3:torture: Remove trailing white spaces in locktest2.c
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-27 07:21:33 +00:00
Stefan Metzmacher
eafcef1858 s3:locking: fix debug level for NT_STATUS_NOT_FOUND messanges in get_static_share_mode_data
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15362

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Björn Jacke <bjacke@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Apr 24 14:13:35 UTC 2023 on atb-devel-224
2023-04-24 14:13:35 +00:00
Andreas Schneider
3c50a921ae s3:client: Remove unused tree.c
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Apr 20 12:56:53 UTC 2023 on atb-devel-224
2023-04-20 12:56:53 +00:00
Andreas Schneider
ba4c322ac7 s3:libsmb: Also deprecate smbc_init()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
2023-04-20 11:59:32 +00:00
Andreas Schneider
092a6a62e1 s3:utils: Use smbc_set_credentials_with_fallback() for smbget
smbc_set_credentials() is deprecated.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
2023-04-20 11:59:31 +00:00
Andreas Schneider
c44109142a s3:libsmb: Mark smbc_set_credentials() as deprecated
This will issue a compiler warning!

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
2023-04-20 11:59:31 +00:00
Andreas Schneider
9eb4430662 s3:lib: Do not try to match '.' and '..' directories in is_in_path()
This fixes setting veto files to '.*' to not list hidden files and
directories starting with a dot.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15360

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Apr 19 22:30:19 UTC 2023 on atb-devel-224
2023-04-19 22:30:19 +00:00
Andreas Schneider
a2acbd3f3c s3:tests: Add test that veto files works for hidden files
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15360

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-04-19 21:29:33 +00:00
Andreas Schneider
b5a66840e3 s3:tests: Create a temporary directory for test_veto_files.sh
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15360

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-04-19 21:29:33 +00:00
Volker Lendecke
af91bcb359 pylibsmb: Return "flags" in create_returns
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Apr 18 15:58:42 UTC 2023 on atb-devel-224
2023-04-18 15:58:42 +00:00
Volker Lendecke
86868cb045 smbd: Save 488 bytes RSS
With this ld.so does not have to relocate the string pointers

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-04-18 14:58:36 +00:00
Volker Lendecke
33194ad234 libsmb: Adapt cli_echo_send() to modern conventions
Nowadays we rather do protocol-specific _done() functions, and overall
this cuts a few lines.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-04-18 14:58:36 +00:00
Volker Lendecke
efdae5d2fa smbd: Fix a DBG statement
This is not smbd_smb2_create_send() anymore.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-04-18 14:58:36 +00:00
Volker Lendecke
76497f705f libsmb: Make setting errno safer in SMBC_add_cached_server()
DEBUG should preserve errno, but make this more obvious.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-04-18 14:58:36 +00:00
Volker Lendecke
13187d1f6e libsmb: Simplify SMBC_add_cached_server()
ENOMEM is the only error condition we have

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-04-18 14:58:36 +00:00
Volker Lendecke
64ea002960 libsmb: Avoid an explicit ZERO_STRUCTP with calloc
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-04-18 14:58:36 +00:00
Volker Lendecke
061aaf8622 libsmb: Slightly simplify smbc_init()
Reduce indentation with an early return, review with git show -w

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-04-18 14:58:36 +00:00
Volker Lendecke
e0f9407155 libsmb: Make cli_smb2_qpathinfo2() asynchronous
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-04-18 14:58:36 +00:00
Volker Lendecke
2446ea916d libsmb: Make cli_qpathinfo2_done() parse the results
Make it easier to do an async SMB2 version

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-04-18 14:58:36 +00:00
Volker Lendecke
1e738cb061 libsmb: Introduce type-safe struct cli_smb2_create_flags
This makes it clearer what to pass into the create_flags argument to
cli_smb2_create_fnum(). There was already confusion in
source3/torture/test_smb2.c: It passed in
SMB2_OPLOCK_LEVEL_NONE (which was okay because it #defines to 0), but
it should have been a straight 0, for example
SMB2_OPLOCK_LEVEL_EXCLUSIVE would have been wrong.

This way adding other flags (.nofollow comes to mind) will be much
easier to handle.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-04-18 14:58:36 +00:00
Volker Lendecke
526f381f41 shadow_copy2: Fix stream open for streams_depot paths
streams_depot hands us absolute paths with : filename components
instead of having set smb_fname_in->stream_name.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15358

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Apr 17 18:11:07 UTC 2023 on atb-devel-224
2023-04-17 18:11:07 +00:00
Volker Lendecke
081e808ab4 streams_depot: Create files when requested
If you set "create mask = 0600" no streams will be created....

Tested manually. Not creating an automated test for this, there are so
many places where this can go wrong that testing this individual
glitch does not gain us much confidence.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15357

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-04-17 17:14:37 +00:00
Joseph Sutton
62893486c6 selftest: Fix samba3.clustered.smb2.deny.deny2 test
This test failed to start, emitting the following error:
Unknown torture operation 'clustered.smb2.deny.deny2'

To fix this, remove the 'clustered.' prefix from the test name.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-04-12 13:52:32 +00:00
Joseph Sutton
839ca0cd35 selftest: Only run clusteredmember tests if ctdb is built
Trying to run any of these tests without having built ctdb results in a
failure, as the environment cannot be started.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-04-12 13:52:32 +00:00
Joseph Sutton
aa05498b1e s3:tests: Correct condition
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-04-12 13:52:32 +00:00
Joseph Sutton
4726541a78 s3:script: Always return a non-zero status code on failure
If $expected didn't match $received, these functions would still return
zero.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-04-12 13:52:32 +00:00
Joseph Sutton
833cefe8ee testprogs: Make testit_expect_failure() return 0 on success
This is the behaviour that most existing callers expect, but the
function actually returns a non-zero status code in that case.

Adjust all callers expecting the opposite behaviour to match.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-04-12 13:52:32 +00:00
Joseph Sutton
e0db10cfc3 s3:net_usershare: Correctly escape newline in error message
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-04-12 13:52:32 +00:00
Joseph Sutton
2de0e1dccd s3:net_usershare: Handle allocation failure
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-04-12 13:52:31 +00:00
Joseph Sutton
78ca3e16da smbd/notify: Handle allocation failure
If a talloc function returns NULL, indicating failure, the failure could
be masked by the next talloc call allocating on the NULL context.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-04-12 13:52:31 +00:00
Joseph Sutton
5b7ee73c0d pysmbd: Fix typo in error message
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-04-12 13:52:31 +00:00
Joseph Sutton
b5b611d90f posix_acls: Don't skip ACEs in merge_default_aces()
If we remove the i'th element, we should decrement i so that we don't
skip over the succeeding element.

If we remove the j'th element, we should decrement j and continue around
the loop, so as not to skip subsequent elements.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-04-12 13:52:31 +00:00
Stefan Metzmacher
52c78466bd vfs_fruit: avoid using 'conn->tcon->compat', we can just use 'conn'!
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Apr 12 13:51:50 UTC 2023 on atb-devel-224
2023-04-12 13:51:50 +00:00
Stefan Metzmacher
e0e58ed0e2 smbXsrv_tcon: avoid storing temporary (invalid!) records.
We used to store smbXsrv_tcon_global.tdb records in two steps,
first we created a record in order to allocate the tcon id.
The temporary record had a NULL share_name, which translated
into 0 bytes for the string during ndr_push_smbXsrv_tcon_global0.

The problem is that ndr_pull_smbXsrv_tcon_global0 fails on
this with something like:

Invalid record in smbXsrv_tcon_global.tdb:key '2CA0ED4A' ndr_pull_struct_blob(length=85) - Buffer Size Error

The blob looks like this:

[0000] 00 00 00 00 01 00 00 00   00 00 00 00 00 00 02 00   ........  ........
[0010] 00 00 00 00 4A ED A0 2C   4A ED A0 2C 00 00 00 00   ....J.., J..,....
[0020] F8 4B 00 00 00 00 00 00   00 00 00 00 FF FF FF FF   .K......  ........
[0030] 4D 59 9B 9F 83 F4 35 20   36 D2 B0 82 62 68 D9 01   MY....5 6...bh..
[0040] 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00   ........  ........
[0050] 00 00 00 00 00                                      .....

The reason for having a temporary entry was just based on
the fact, that it was easier to keep the logic in
make_connection_snum() untouched.

But we have all information available in order to store
the final record directly. We only need to do the
"max connections" check first.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15353

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2023-04-12 12:48:35 +00:00
Andrew Bartlett
d788d3d974 s3-client: Provide more information on protocol negotiation failures
In particular, this may help track down REASON: Exception: Exception: protocol negotiation failed: NT_STATUS_IO_TIMEOUT

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Apr 11 13:47:01 UTC 2023 on atb-devel-224
2023-04-11 13:47:01 +00:00
Remi Collet
4fc166628f libsmb: fix regression on smbc_getxattr and fix doc
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14808
Signed-off-by: Remi Collet <rcollet@redhat.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2023-04-09 09:49:30 +00:00
Andreas Schneider
a1231c15ff s3:libads: Remove executable bit from ldap.c
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2023-04-09 09:49:30 +00:00
Ralph Boehme
3633027e49 rpcd_mdssvc: initialize POSIX locking
Otherwise the posix_pending_close_db is NULL and we crash when trying to close a
file descriptor:

   #4 /usr/lib64/samba/libdbwrap-samba4.so(dbwrap_parse_record+0xe) [0x7fbc5d05c8ae]
   #5 /usr/lib64/samba/libdbwrap-samba4.so(dbwrap_fetch_int32+0x38) [0x7fbc5d05d438]
   #6 /usr/lib64/samba/libsmbd-base-samba4.so(fd_close_posix+0x7b) [0x7fbc5e276f8b]
   #7 /usr/lib64/samba/libsmbd-base-samba4.so(+0x57900) [0x7fbc5e28a900]
   #8 /usr/lib64/samba/libsmbd-base-samba4.so(fd_close+0x68) [0x7fbc5e2b7ea8]
   #9 /usr/lib64/samba/libsmbd-base-samba4.so(+0x62608) [0x7fbc5e295608]
   #10 /usr/lib64/samba/libtalloc-samba4.so(_talloc_free+0x51b) [0x7fbc5d9f439b]
   #11 /usr/lib64/samba/vfs/fruit.so(+0xcac2) [0x7fbc45fcdac2]
   #12 /usr/lib64/samba/vfs/fruit.so(+0xcbdd) [0x7fbc45fcdbdd]
   #13 /usr/lib64/samba/vfs/fruit.so(+0xf603) [0x7fbc45fd0603]
   #14 /usr/lib64/samba/libsmbd-base-samba4.so(+0x56375) [0x7fbc5e289375]
   #15 /usr/lib64/samba/vfs/nothingtoseeherereally.so(+0x196c) [0x7fbc467f996c]
   #16 /usr/lib64/samba/vfs/streams_xattr.so(+0x51fc) [0x7fbc461e71fc]
   #17 /usr/lib64/samba/libsmbd-base-samba4.so(+0xade3a) [0x7fbc5e2e0e3a]
   #18 /usr/lib64/samba/libsmbd-base-samba4.so(create_conn_struct_cwd+0x44) [0x7fbc5e2e1cf4]
   #19 /usr/libexec/samba/rpcd_mdssvc(mds_init_ctx+0x2c3) [0x563fdac08f03]
   #20 /usr/libexec/samba/rpcd_mdssvc(_mdssvc_open+0x141) [0x563fdac0b4d1]

The corresponding open is done as part of initializing a connection_struct
object, where we chdir() and stat() the root path of the share. The stat() in
vfs_fruit causes an expensive metadata request on the path which triggers an
internal open of a pathref handle. Note that this only affects servers that have
fruit:metadata = netatalk set, which is the default unfortunately.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15354

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Apr  7 21:12:21 UTC 2023 on atb-devel-224
2023-04-07 21:12:21 +00:00
Ralph Boehme
8b23a4a7ec smbd: Prevent creation of vetoed files
The problem is when checking for vetoed names on the last path component in
openat_pathref_fsp_case_insensitive() we return
NT_STATUS_OBJECT_NAME_NOT_FOUND. The in the caller
filename_convert_dirfsp_nosymlink() this is treated as the "file creation case"
causing filename_convert_dirfsp_nosymlink() to return NT_STATUS_OK.

In order to correctly distinguish between the cases

1) file doesn't exist, we may be creating it, return
2) a vetoed a file

we need 2) to return a more specific error to
filename_convert_dirfsp_nosymlink(). I've chosen NT_STATUS_OBJECT_NAME_INVALID
which gets mapped to the appropriate errror NT_STATUS_OBJECT_PATH_NOT_FOUND or
NT_STATUS_OBJECT_NAME_NOT_FOUND depending on which path component was vetoed.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15143

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Apr  6 23:03:50 UTC 2023 on atb-devel-224
2023-04-06 23:03:50 +00:00
Ralph Boehme
2e8954d5be CI: add a test creating a vetoed file
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15143

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-04-06 22:01:29 +00:00
Andreas Schneider
938cbe07db s3:tests: Add exit code with failed tests
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-04-06 12:51:30 +00:00
Andreas Schneider
d163d1ba7a s3:tests: Use CONFIGURATION passed down to the test
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-04-06 12:51:30 +00:00
Andreas Schneider
fa591f5223 s3:tests: Correctly implement tests for forceuser/forcegroup
They used the tmp share ...

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-04-06 12:51:30 +00:00
Andreas Schneider
bfae426203 s3:tests: Use the CONFIGURATION passed down to the test
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-04-06 12:51:30 +00:00
Andreas Schneider
d8acec0caf s3:selftest: Remove ad_dc_ntvfs for smbclient_machine_auth.plain
There is no need to run it against this environment and saves resources.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-04-06 12:51:30 +00:00
Stefan Metzmacher
0ef53b948e net_ads: fill ads->auth.realm from c->creds
We get the realm we use for authentication needs to
the realm belonging to the username we use.

We derive the username from c->creds, so we need to
do the same for the realm.

Otherwise we try to authenticate as the wrong user.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15323

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-04-06 12:51:30 +00:00
Rob van der Linde
b74b9f4b06 CVE-2023-0922 set default ldap client sasl wrapping to seal
This avoids sending new or reset passwords in the clear
(integrity protected only) from samba-tool in particular.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15315

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Apr  5 03:08:51 UTC 2023 on atb-devel-224
2023-04-05 03:08:51 +00:00
Andreas Schneider
960fe1ca27 s3:utils: s3:utils: Correctly wire winbind ccache support for smbget
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-05 01:06:29 +00:00
Andreas Schneider
e22eccbe88 s3:utils: Correctly wire NT hash support for smbget
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-05 01:06:29 +00:00
Andreas Schneider
de702cb5b1 s3:tests: Add test with testdenied_upn@REALM.upn
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-05 01:06:29 +00:00
Andreas Schneider
3fa25a77ca s3:tests: Add a kerberos trust test for smbget
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-05 01:06:29 +00:00
Andreas Schneider
9392a581db s3:tests: Add kerberos test for smbget
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-05 01:06:29 +00:00
Andreas Schneider
267ea54712 s3:utils: Correctly wire Kerberos support for smbget
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-05 01:06:29 +00:00
Andreas Schneider
a2ba787780 s3:tests: Add encryption test for smbget
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-05 01:06:29 +00:00
Andreas Schneider
ada8cd6a62 s3:utils: Correctly wire encryption for smbget
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-05 01:06:29 +00:00
Andreas Schneider
20b5d98ce5 s3:utils: Use common command line parser for smbget
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-05 01:06:29 +00:00
Andreas Schneider
42b47e20e7 s3:tests: Use long options for smbget in test_smbget.sh
This is more descriptive and will help with the next commit.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-05 01:06:29 +00:00
Andreas Schneider
0e07d0ac22 s3:utils: Add support for parsing domain/UPN in username for smbget
The smbget utility doesn't use the common command line parser, so it
doesn't support paring of DOMAIN/user or user@realm.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15345

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-05 01:06:29 +00:00
Andreas Schneider
34d4ac9907 s3:utils: Always cleanup when leaving smbget main()
This will not leak any memory. Also rename the bool to 'ok' for better
readability.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-05 01:06:29 +00:00
Andreas Schneider
1f3f88603a s3:tests: Add smbget msdfs link test with domain and UPN
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15345

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-05 01:06:29 +00:00
Andreas Schneider
d81acef392 s3:tests: Add domain and UPN test for smbget
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15345

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-05 01:06:29 +00:00
Andreas Schneider
1104916d22 s3:tests: Also clear the download area in smbget msdfs_link test
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15345

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-05 01:06:29 +00:00
Andreas Schneider
9c76563ba2 s3:selftest: Pass REALM to samba.blackbox.smbget
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15345

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-05 01:06:29 +00:00
Andreas Schneider
badbbceb76 s3:selftest: Move samba3.blackbox.smbget to ad_member
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15345

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-05 01:06:29 +00:00
Volker Lendecke
38d2ca0a67 smbd: Indicate posix pathnames if SMB311 POSX cc requested
Avoid making smb311 posix extensions a global thing. Posix clients
could request non-posix behaviour on individual create calls.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Apr  4 07:04:13 UTC 2023 on atb-devel-224
2023-04-04 07:04:13 +00:00
David Disseldorp
9b6f49d4b9 s3:modules: call rpcgen only if vfs_nfs4acl_xattr is enabled
rpcgen may be missing, so wrap all of the vfs_nfs4acl_xattr associated
calls in an appropriate if bld.SAMBA3_IS_ENABLED_MODULE() check.

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-03 03:56:35 +00:00
Volker Lendecke
bea154c9c1 lib: Fix tdb_validate() for incorrect tdb entries
We should not overwrite the "rc=1" initialization with the tdb_check
retval. This will lead to tdb_validate_child() returning 0 even when
validate_fn() found invalid entries.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=14789
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-04-01 05:25:28 +00:00
Volker Lendecke
12c8b67ef6 torture3: Add tdb-validate test
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14789
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-04-01 05:25:28 +00:00
Ralph Boehme
47f401095e smbd: squash check_path_syntax() variants
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Mar 31 21:21:57 UTC 2023 on atb-devel-224
2023-03-31 21:21:57 +00:00
Jeremy Allison
1d220e3170 s3: smbd: Correctly process SMB3 POSIX paths in create.
Remove knownfail for  posix path handling of case/reserved char

Signed-off-by: David Mulder <dmulder@samba.org>
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2023-03-31 20:22:38 +00:00
Jeremy Allison
09221cea5a s3: smbd: Correctly set smb2req->smb1req->posix_pathnames from the calling fsp on SMB2 calls.
We must always do SMB3+POSIX operations on fsp's opened with a posix create context.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2023-03-31 20:22:38 +00:00
David Mulder
3f33ea95eb smbd: Ensure share root POSIX attrs are cleared after mode_fn
The call to mode_fn (smbd_dirptr_lanman2_mode_fn)
was filling the cleared attributes back in to the
stat. Ensure the clear happens after this call.

Signed-off-by: David Mulder <dmulder@samba.org>
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2023-03-31 20:22:38 +00:00
Jeremy Allison
adfa3a428b s3: smbd: Add check_path_syntax_smb2_posix().
Not yet used. Simple wrapper, identical to check_path_syntax_posix().
I want to keep SMB1/SMB2 code as separate as possible so
we can remove any SMB1 code path later.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2023-03-31 20:22:38 +00:00
Jeremy Allison
a8329d2536 s3: smbd: Flatten the check_path_syntax_smb2() wrapper.
Keep it, rather and move all SMB2 code to check_path_syntax()
as I want to keep SMB1/SMB2 code as separate as possible so
we can remove any SMB1 code path later.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2023-03-31 20:22:38 +00:00
Jeremy Allison
360b739464 s3: smbd: Fix dumb typos that meant smb1.SMB1-DFS-* tests were running against an SMB2-only fileserver.
Remove knownfail on SMB1-DFS-SEARCH-PATHS, as we now
pass it with the new SMB1 remove DFS paths before pathname processing
changes.

Note, we still fail:

smb1.SMB1-DFS-PATHS.smbtorture\(fileserver_smb1\)
smb1.SMB1-DFS-OPERATIONS.smbtorture\(fileserver_smb1\)

even with the new SMB1 remove DFS paths before pathname
processing as those tests test *very* specific Windows behaviors. We now
pass many more of the individual internal tests, but
in order to pass them all completely I need to add
specific --with-sambaserver checks to avoid some
of the Windows DFS SMB1 insanity (error messages).

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Mar 31 06:07:01 UTC 2023 on atb-devel-224
2023-03-31 06:07:01 +00:00
Jeremy Allison
c3f48b0581 s3: smbd: Remove now unused dfs_filename_convert().
And all the static functions it called.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2023-03-31 05:12:32 +00:00
Ralph Boehme
e0ac0a2562 smbd: RIP DFS pathname processing in filename_convert_dirfsp_nosymlink()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-03-31 05:12:32 +00:00
Jeremy Allison
777e324efb s3: smbd: In smb_file_link_information() and smb_file_rename_information() the target path is never DFS.
Ensure we strip from ucs_flags before calling filename_convert_dirfsp().

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2023-03-31 05:12:32 +00:00
Ralph Boehme
f32215dbac smbd: use smb1_strip_dfs_path() in call_trans2findfirst()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-03-31 05:12:32 +00:00
Ralph Boehme
f539e632bb smbd: use smb1_strip_dfs_path() in reply_search()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-03-31 05:12:32 +00:00
Ralph Boehme
fc3df8f596 smbd: use smb1_strip_dfs_path() in call_trans2mkdir()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-03-31 05:12:32 +00:00
Ralph Boehme
6187aaaa38 smbd: use smb1_strip_dfs_path() in call_trans2setpathinfo()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-03-31 05:12:32 +00:00
Ralph Boehme
32a1f38113 smbd: use smb1_strip_dfs_path() in smb_set_file_unix_hlink()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-03-31 05:12:32 +00:00
Ralph Boehme
adb34770fc smbd: use smb1_strip_dfs_path() in call_trans2qpathinfo()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-03-31 05:12:32 +00:00
Ralph Boehme
96765e535d smbd: use smb1_strip_dfs_path() in call_trans2open()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-03-31 05:12:32 +00:00
Ralph Boehme
2c4e4c22ea smbd: use smb1_strip_dfs_path() in reply_mv()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-03-31 05:12:32 +00:00
Ralph Boehme
c3a87ffb63 smbd: use smb1_strip_dfs_path() in reply_mv()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-03-31 05:12:32 +00:00
Ralph Boehme
c44491676e smbd: use smb1_strip_dfs_path() in reply_rmdir()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-03-31 05:12:32 +00:00
Ralph Boehme
9c151af313 smbd: use smb1_strip_dfs_path() in reply_mkdir()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-03-31 05:12:32 +00:00
Ralph Boehme
7ff2473bed smbd: use smb1_strip_dfs_path() in reply_unlink()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-03-31 05:12:32 +00:00
Ralph Boehme
0d298ff757 smbd: use smb1_strip_dfs_path() in reply_ctemp()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-03-31 05:12:32 +00:00
Ralph Boehme
574b1369b7 smbd: use smb1_strip_dfs_path() in reply_mknew()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-03-31 05:12:32 +00:00
Ralph Boehme
e4fbaae22b smbd: use smb1_strip_dfs_path() in reply_open_and_X()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-03-31 05:12:32 +00:00
Ralph Boehme
ba325ca2d2 smbd: use smb1_strip_dfs_path() in reply_open()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-03-31 05:12:32 +00:00
Ralph Boehme
0cb37f78c1 smbd: use smb1_strip_dfs_path() in reply_setatr()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-03-31 05:12:32 +00:00
Ralph Boehme
00c836436e smbd: use smb1_strip_dfs_path() in reply_getatr
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-03-31 05:12:32 +00:00
Ralph Boehme
004d14a024 smbd: use smb1_strip_dfs_path() in reply_checkpath()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-03-31 05:12:32 +00:00
Ralph Boehme
d5b5589d01 smbd: use smb1_strip_dfs_path() in reply_ntrename()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-03-31 05:12:32 +00:00
Ralph Boehme
0089ea2a31 smbd: use smb1_strip_dfs_path() in reply_ntrename()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-03-31 05:12:32 +00:00
Ralph Boehme
666e42ef5b smbd: use smb1_strip_dfs_path() in call_nt_transact_create()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-03-31 05:12:32 +00:00
Ralph Boehme
8ad023c199 smbd: use smb1_strip_dfs_path() in reply_ntcreate_and_X()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-03-31 05:12:32 +00:00
Ralph Boehme
66d7996dbc s3: smbd: Add utility function smb1_strip_dfs_path().
Signed-off-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Jeremy Allison <jra@samba.org>
2023-03-31 05:12:32 +00:00
Jeremy Allison
06c738738e s3: smbd: Remove unused and commented out check_path_syntax_smb2_msdfs().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2023-03-31 05:12:32 +00:00
Jeremy Allison
34fabc26f1 s3: smbd: Remove 'is_dfs' parameter to check_path_syntax_smb2().
check_path_syntax_smb2() is now a simple wrapper around check_path_syntax().
Leave it alone for now to keep things separate when we add SMB3+POSIX parsing.

check_path_syntax_smb2_msdfs() is now no longer used.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2023-03-31 05:12:32 +00:00
Jeremy Allison
31f5c714c6 s3: smbd: Add assertion to filename_convert_dirfsp_nosymlink() that shows SMB2 is *never* dealing with a DFS path here.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2023-03-31 05:12:32 +00:00
Jeremy Allison
2c40e28908 s3: smbd: Remove all DFS path prefixes before passing to check_path_syntax_smb2().
In smb2, smb1req->flags2 now never uses FLAGS2_DFS_PATHNAMES,
ucf_flags never has UCF_DFS_PATHNAME, and all calls to check_path_syntax_smb2()
pass "false" in this is_dfs parameter.

Remove all knownfails for smb2.SMB2-DFS* tests.

Now I can clean up check_path_syntax_smb2() and add
an assertion into filename_convert_dirfsp_nosymlink() that
UCF_DFS_PATHNAME is *NEVER* set in the ucf_flags for an
SMB2 connection.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2023-03-31 05:12:32 +00:00
Jeremy Allison
39ad689eea s3: smbd: Add utility function smb2_strip_dfs_path().
Removes any DFS prefix from an SMB2 name. This will
enable me to clean up the mess around SMB2 DFS path
processing, remove some knownfails and eventually
make it much easier to add SMB3+POSIX path processing
now it can ignore DFS prefixes. Original idea from
Volker.

Not yet used.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2023-03-31 05:12:32 +00:00
Jeremy Allison
1b510ca2d9 s3: smbd: Change smb2_file_link_information() to use srvstr_pull_talloc()/check_path_syntax_smb2().
It now looks like all other SMB2 path processing and
we can proceed to strip the DFS prefixes from SMB2 pathnames
before further processing.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2023-03-31 05:12:32 +00:00
Jeremy Allison
b3fdc892b4 s3: smbd: In smb2_file_link_information(), don't ever expect @GMT tokens in the pathname.
They're an SMB1 thing, not an SMB2 thing. It will always be (and always was) zero.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2023-03-31 05:12:32 +00:00
Jeremy Allison
377c50abe9 s3: smbd: Duplicate smb_file_link_information() hardlink handling as smb2_file_link_information().
We're going to change the SMB2 path handling for DFS and I
really don't want to try and mix these changes into the
existing smb_file_link_information() code.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2023-03-31 05:12:32 +00:00
Jeremy Allison
4c5a07ed4e s3: smbd: Cleanup. smb2_file_rename_information() can never have a @GMT path in the destination.
That's an SMB1 thing. It will always be (and always was) zero.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2023-03-31 05:12:32 +00:00
Jeremy Allison
bb92df7c9e s3: smbd: Cleanup - don't set the FLAGS2_DFS_PATHNAMES in flags2 in the glue struct if it's not a DFS server or share.
Even if the client claims it's a DFS pathname. Matches what Windows does if it gets
a DFS pathname on a non-DFS share.

Remove samba3.smbtorture_s3.smb2.SMB2-NON-DFS-SHARE.smbtorture\(fileserver\)
test knownfail.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2023-03-31 05:12:32 +00:00
Andrew Bartlett
937bf4b836 librpc/ndr: Unimplement DRSUAPI_COMPRESSION_TYPE_XPRESS and rename
DRSUAPI_COMPRESSION_TYPE_XPRESS is not MS-XCA nor is it implemented by
lzexpress_compress(), so disconnect from that algorithm.

This avoids someone fixing lzxpress_compress() to work for DRSUAPI
and breaking claims support.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2023-03-31 01:48:30 +00:00
Jeremy Allison
006fe80678 tests: Add samba3.blackbox.zero_readsize test.
smbclient crashes when smbd has "smb2 max read = 0"
in the [global] section of smb.conf.

We should fail the protocol negotiation with
NT_STATUS_INVALID_NETWORK_RESPONSE in this case.

Adds knownfail.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15306

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2023-03-29 17:55:51 +00:00
Volker Lendecke
3fdf8d15c0 idmap_ad: Add "deny ous" and "allow ous" options
With these options, certain OUs can be denied or a list of OUs can be
explicitly permitted for idmapping.

Use case: Administration of OUs in AD has been delegated to people not
100% trusted by the unix server team, this can prevent arbitrary unix
IDs to be assigned by these delegated admins.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2023-03-29 17:55:50 +00:00
Volker Lendecke
c9c709e39d idmap: Initialize struct idmap_ad_context
We'll add another pointer next that should be initialized to NULL

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2023-03-29 17:55:50 +00:00
Volker Lendecke
6499a2dcb3 winbind: Add idmap_config_string_list()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2023-03-29 17:55:50 +00:00
Volker Lendecke
443572ce42 winbind: Factor out idmap_config_name()
3 times is enough, next patch will add a 4th one.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2023-03-29 17:55:50 +00:00
Andreas Schneider
553948ba28 s3:waf: Fix One Definition Rule (ODR) violation of libsecrets3
==7109==ERROR: AddressSanitizer: odr-violation (0x7f7d682b4f00):
  [1] size=88 'ndr_table_secrets' source3/librpc/gen_ndr/ndr_secrets.c:1002:34
  [2] size=88 'ndr_table_secrets' source3/librpc/gen_ndr/ndr_secrets.c:1002:34
These globals were registered at these points:
  [1]:
    #0 0x7f7d6843eda8  (/lib64/libasan.so.8+0x3eda8)
    #1 0x7f7d682970ed in _sub_I_00099_1 (bin/shared/private/libsecrets3-samba4.so+0x1a0ed)
    #2 0x7f7d68af72fd in call_init /usr/src/debug/glibc-2.37/elf/dl-init.c:70
    #3 0x7f7d68af72fd in call_init /usr/src/debug/glibc-2.37/elf/dl-init.c:26

  [2]:
    #0 0x7f7d6843eda8  (/lib64/libasan.so.8+0x3eda8)
    #1 0x7f7d65d423fb in _sub_I_00099_1 (bin/shared/private/libndr-samba4.so+0x3423fb)
    #2 0x7f7d68af72fd in call_init /usr/src/debug/glibc-2.37/elf/dl-init.c:70
    #3 0x7f7d68af72fd in call_init /usr/src/debug/glibc-2.37/elf/dl-init.c:26

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-03-29 16:57:33 +00:00
Andreas Schneider
cfc31bfe11 s3:libsmb: Fix conflicting declaration/implementation
../../source3/libsmb/clientgen.c:61:19: error: conflicting types for
‘cli_state_create’ due to enum/integer mismatch; have
‘struct cli_state *(TALLOC_CTX *, int,  const char *, int
,  int)’ {aka ‘struct cli_state *(void *, int,  const char *, int,
int)’} [-Werror=enum-int-mismatch]
   61 | struct cli_state *cli_state_create(TALLOC_CTX *mem_ctx,
      |                   ^~~~~~~~~~~~~~~~
In file included from ../../source3/libsmb/libsmb.h:28,
                 from ../../source3/libsmb/clientgen.c:22:
../../source3/libsmb/proto.h:180:19: note: previous declaration of
‘cli_state_create’ with type
‘struct cli_state *(TALLOC_CTX *, int,  const char *,
enum smb_signing_setting,  int)’ {aka ‘struct cli_state *(void *, int,
const char *, enum smb_signing_setting,  int)’}
  180 | struct cli_state *cli_state_create(TALLOC_CTX *mem_ctx,
      |                   ^~~~~~~~~~~~~~~~

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Mar 28 10:27:19 UTC 2023 on atb-devel-224
2023-03-28 10:27:19 +00:00
Andreas Schneider
ec3229ed5c s3:libsmb: Remove trailing whitespaces in clientgen.c
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-03-28 09:33:31 +00:00
Andreas Schneider
71eb85bc25 s3:utils: Fix grammar in testparm
Best reviewed with: `git show --word-diff`

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Rowland Penny <rpenny@samba.org>
2023-03-28 09:33:31 +00:00
Pavel Filipenský
a11d6fe590 s3:winbind: Fix wrong string zero termination for empty groups
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Pavel Filipensky <pfilipensky@samba.org>
Autobuild-Date(master): Tue Mar 28 08:36:50 UTC 2023 on atb-devel-224
2023-03-28 08:36:50 +00:00
Joseph Sutton
3c5296d9ae winbindd: Show warning message on tc connection errors too
Some of these conditions could never be hit.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-03-20 00:22:32 +00:00
Stefan Metzmacher
7ee725f286 idmap_hash: remember new domain sids in idmap_hash_sid_to_id()
This change means that idmap_hash_id_to_sid() can return mappings
for new domains learned in idmap_hash_sid_to_id().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15319

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Mar 10 11:35:06 UTC 2023 on atb-devel-224
2023-03-10 11:35:06 +00:00
Stefan Metzmacher
ee820553fd idmap_hash: don't return ID_REQUIRE_TYPE if the domain is known in the netsamlogon cache
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15319

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-03-10 10:38:37 +00:00
Stefan Metzmacher
ede88d9f83 idmap_hash: only return ID_REQUIRE_TYPE if we don't know about the domain yet
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15319

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-03-10 10:38:37 +00:00
Stefan Metzmacher
42dcb3db05 idmap_hash: return ID_REQUIRE_TYPE only if there's a chance to get a mapping later
If we are going to return ID_UNMAPPED later anyway, there's no need to
defer that decision by returning ID_REQUIRE_TYPE first.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15319

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-03-10 10:38:37 +00:00
Stefan Metzmacher
c158b075b0 idmap_hash: split out a idmap_hash_sid_to_id() helper function
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15319

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-03-10 10:38:37 +00:00
Stefan Metzmacher
57150b463f idmap_hash: split out a idmap_hash_id_to_sid() helper function
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15319

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-03-10 10:38:37 +00:00
Stefan Metzmacher
14102b05f3 idmap_hash: mirror the NT_STATUS_NONE_MAPPED/STATUS_SOME_UNMAPPED logic from idmap_autorid
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15319

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-03-10 10:38:37 +00:00
Stefan Metzmacher
0da13ab3ad idmap_hash: we don't need to call idmap_hash_initialize() over an over again
It's always the first function that's called from idmap_methods.

This also demonstrates that we currently always return NT_STATUS_OK,
even if we haven't mapped all map entries.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15319

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-03-10 10:38:37 +00:00
Stefan Metzmacher
2cfcff3101 idmap_hash: remove unused error checks
id_map_ptrs_init() is used in the callers in order to
set everything up as expected.

Other backends also just trust the caller.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15319

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-03-10 10:38:37 +00:00
Stefan Metzmacher
0f96c4b419 idmap_hash: fix comments about the algorithm
Only support ~ 50k users per domain.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15319

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2023-03-10 10:38:37 +00:00
Stefan Metzmacher
9a24570d3d idmap_hash: provide ID_TYPE_BOTH mappings also for unixids_to_sids
While sids_to_unixids returns ID_TYPE_BOTH mappings,
unixids_to_sids() returns the callers asked for, which
fills gencache with the non ID_TYPE_BOTH mappings.
As a result also the sids_to_unixids fast path via
gencache won't return ID_TYPE_BOTH mappings.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15319

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-03-10 10:38:37 +00:00
Stefan Metzmacher
a9583b5f96 idmap_autorid: fix ID_REQUIRE_TYPE for more than one SID for an unknown domain
When we see a trusted domain SID for the first time,
idmap_autorid returns ID_REQUIRE_TYPE only for the first sid
and leaves the others with ID_TYPE_NOT_SPECIFIED.
It means the winbindd parent only retries the first sid.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15318

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-03-10 10:38:37 +00:00
Stefan Metzmacher
ad242a2064 winbindd: don't call set_domain_online_request() in the idmap child
Most idmap backends don't need access to the domain controllers.
And the related code is not needed for the backends.

Commit 17c86a2c5a changed
the logic of set_domain_online_request() completely!
Instead of triggering a dc probe in the background,
it is now doing a blocking connection.
And doing this in the idmap child is completely useless.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15317

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-03-10 10:38:37 +00:00
Dmitry Antipov
b3146763a4 lib:util: prefer mallinfo2() over mallinfo() if available
Prefer mallinfo2() with 'size_t' fields over deprecated
mallinfo() (with 'int' fields which may wrap around zero
and so be inaccurate on a 64-bit system) and move relevant
checks to lib/util/wscript_configure because mallinfo()
is not used beyond 'samba-util'.

Suggested-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Dmitry Antipov <dantipov@cloudlinux.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-03-09 20:38:31 +00:00
Nathaniel W. Turner
f55a357c6b dsgetdcname: do not assume local system uses IPv4
Return the first IPv4 and the first IPv6 address found for each DC.
This is slightly inelegant, but resolves an issue where IPv6-only
systems were unable to run "net ads join" against domain controllers
that have both A and AAAA records in DNS.

While this impacts performance due to the additional LDAP ping attempts,
in practice an attempt to connect to an IPv6 address on an IPv4-only
system (or vice versa) will fail immediately with
NT_STATUS_NETWORK_UNREACHABLE, and thus the performance impact should be
negligible.

The alternative approach, using an smb.conf setting to control whether
the logic prefers a single address of one family or the other ends up
being a bit awkward, as it pushes the problem onto admins and tools such
as "realm join" that want to dynamically synthesize an smb.conf on the
fly.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15325

Signed-off-by: Nathaniel W. Turner <nturner@exagrid.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Mar  9 19:12:15 UTC 2023 on atb-devel-224
2023-03-09 19:12:15 +00:00
Volker Lendecke
9bb8795aeb libsmb: Convert cli_posix_stat_send/recv() to modern conventions
It's unusual these days to pass output arguments in the _send
function, instead save the result in the _state struct

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-03-09 18:10:33 +00:00
Volker Lendecke
dec4d5aa9d rpcd: Use size_t for walking an array
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-03-09 18:10:33 +00:00
Volker Lendecke
4814b95dbc smbd: Directly initialize a "fsp1"
Don't leave it dangling

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-03-09 18:10:33 +00:00
Volker Lendecke
62651ace1c smbd: DBG_DEBUG raw create contexts received from the client
Got

smbd_smb2_request_process_create: Got 2 create blobs
[0]
[0000] 93 AD 25 50 9C B4 11 E7   B4 23 83 DE 96 8B CD 7C   ..%P.... .#.....|
[0000] 05 00 00 00                                         ....
[1]
[0000] 51 46 69 64                                         QFid

from cifs.ko, trying to find out where the "05 00 00 00" comes from..

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-03-09 18:10:33 +00:00
Volker Lendecke
4d8a396c4c smbd: Remove a variable only ever set to NULL
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-03-09 18:10:33 +00:00
Volker Lendecke
8926770ae9 smbd: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-03-09 18:10:33 +00:00
Volker Lendecke
1a52b30d92 vfs: Replace a "== false" with a "!"
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-03-09 18:10:33 +00:00
Volker Lendecke
efbfa9fc44 libsmb: Avoid a duplicate memset(.., 0, ..);
tevent_req_create() does a talloc_zero() on "state" already

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-03-09 18:10:33 +00:00
Volker Lendecke
a1780ed8d1 rpcd: With npa->need_idle_server we can have more than 256 servers
Before this patch the worker-status cut the worker index such that
samba-dcerpcd could not properly update status of the surplus rpc
daemons. This could lead to those daemons to stay around forever,
samba-dcerpcd will never notice they are idle and can exit.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15310

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Mar  6 22:35:00 UTC 2023 on atb-devel-224
2023-03-06 22:35:00 +00:00
Volker Lendecke
0ab7b84ccb rpcd: Do blocking connects to local pipes
We don't have real async callers yet, and this is the simplest way to
fix our missing light-weight deterministic async fallback mechanism.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15310

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-03-06 21:32:35 +00:00
Volker Lendecke
f23eb1b3b7 rpcd: Increase listening queue
Allow more waiters under load.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15310

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-03-06 21:32:35 +00:00
Volker Lendecke
86e95b57d6 torture3: test rpc scalability
With

smbtorture3 //127.0.0.1/ipc\$ rpc-scale -N 50 -o 1000

I am able to immediately trigger bug 15130.

Not running by default, this is a pure load test.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15310

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-03-06 21:32:35 +00:00
Volker Lendecke
f3ce997000 librpc: Remove unused sync rpc_transport_np_init()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-03-06 21:32:35 +00:00
Volker Lendecke
07ebf97a74 librpc: Make rpc_pipe_open_np() public and async
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-03-06 21:32:35 +00:00
Jeremy Allison
3f84a6df45 s3: smbd: Fix fsp/fd leak when looking up a non-existent stream name on a file.
When open_stream_pathref_fsp() returns
NT_STATUS_OBJECT_NAME_NOT_FOUND, smb_fname_rel->fsp
has been set to NULL, so we must free base_fsp separately
to prevent fd-leaks when opening a stream that doesn't
exist.

Remove knownfail.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15314

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Mar  3 16:37:27 UTC 2023 on atb-devel-224
2023-03-03 16:37:27 +00:00
Jeremy Allison
c54bec26ad s3: tests: Add new test_stream_dir_rename.sh test.
Shows we are leaking an fsp/fd if we request a non-existent stream on a file.
This then causes rename of a directory containing the file to be denied, as
it thinks we have an existing open file below it.

Add knownfail.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15314

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2023-03-03 15:44:33 +00:00
Björn Baumbach
e3cfb99d28 net: add hint which options can be used with net ads dns register command
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Björn Baumbach <bb@sernet.de>
Autobuild-Date(master): Fri Mar  3 12:52:00 UTC 2023 on atb-devel-224
2023-03-03 12:52:00 +00:00
Björn Baumbach
36ed126f4c net: add new --dns-ttl option to specify the ttl of dns records
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-03-03 11:58:34 +00:00
Christof Schmitt
1fa162a13b librpc: Fix compile error for libnet_join.idl
Fix this compile error:

   [753/756] Processing source3/librpc/idl/libnet_join.idl
    source3/librpc/idl/ads.idl:2:10: fatal error: config.h: No such file or directory
    #include "config.h"
          ^~~~~~~~~~
    compilation terminated.
    source3/librpc/idl/libnet_join.idl:3: error: Failed to parse source3/librpc/idl/ads.idl
    source3/librpc/idl/libnet_join.idl:50: warning: [out] argument `account_name' not a pointer

libnet_join.idl imports ads.idl which includes config.h. The build rule
for ads.idl provides the include directory for config.h, so add a new
rule to also specify that include directory for libnet_join.idl.

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-03-03 01:07:37 +00:00
Joseph Sutton
d128d401f0 s3:rpc_server/netlogon: Fix typo
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-03-03 01:07:37 +00:00
Joseph Sutton
433247a792 s3:modules: Fix invalid escape sequences
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-03-03 01:07:36 +00:00
Joseph Sutton
b73622bf53 source3/wscript: Fix configure-time checks
Compilers are getting strict about this C89 behaviour and this
kind of thing is already causing some configure checks to fail with
modern compilers like clang.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15281

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-03-03 01:07:36 +00:00
Andreas Schneider
460fd441d7 s3:winbind: Improve warning message if we are out of autorid ranges
The message should help our users to understand what's the problem. The
message was rather cryptic before.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>

Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Tue Feb 28 14:18:32 UTC 2023 on atb-devel-224
2023-02-28 14:18:32 +00:00
Andreas Schneider
a273ed89db s3:utils: Check if the autorid rangesize is a multiple of the range
We also have this in our documentation.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2023-02-28 13:24:33 +00:00
Volker Lendecke
bf9130d375 smbd: Fix case normalization in for directories
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15313
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Feb 24 08:46:14 UTC 2023 on atb-devel-224
2023-02-24 08:46:14 +00:00
John Mulligan
98388e2bf0 vfs_ceph: add support to select ceph file system
Add a config parameter `ceph:filesystem` that will be passed to
ceph_select_filesystem when provided. This allows shares on a single
smbd to access multiple different cephfs file systems.

The ceph_select_filesystem call was added as part of ceph 'nautilus'
(v14), released on 2019-03-19 and EOLed on 2021-06-30.
Since ceph 'pacific' (v16) multiple file system support is stable
and ready to use. At the time of this commit, 'pacific' is the oldest
actively supported version of ceph upstream.

Since samba tests building on ubntu 18.04, which has ceph packages
older than v14, a waf check for the function is added to test for
the presence of ceph_select_filesystem and disable its use on
these very old platforms.

Signed-off-by: John Mulligan <jmulligan@redhat.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>
2023-02-24 04:43:32 +00:00
John Mulligan
e936e4d786 vfs_ceph: cache ceph mounts based on share configuration params
Previously, the vfs_ceph module kept one global cached mount.
This makes it impossible to support multiple ceph clusters or
file systems. Add a mount cache in a similar fashion to the connection
cache found in the vfs_glusterfs module. The vfs_ceph cache uses
a single "cookie" value, a unique string based on config params, to
ID the cache entry. Shares that produce the same cookie will share
cephfs mount objects and increment a counter when multiple shares
are using the same cache entry.

Signed-off-by: John Mulligan <jmulligan@redhat.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>
2023-02-24 04:43:32 +00:00
John Mulligan
df073c7eed vfs_ceph: split ceph mount logic into a new function
This new function is entirely dedicated to just setting up a libcephfs
mount. Handling the cmount global and samba connection params remains
in cephwrap_connect. This change will later be used to avoid a single
global cached connection and add improved connection handling.

Signed-off-by: John Mulligan <jmulligan@redhat.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>
2023-02-24 04:43:32 +00:00
Rob van der Linde
e7c87b1d9b selftest: source3: fix mutable default arguments
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2023-02-23 22:32:33 +00:00
Rob van der Linde
8a7a779df5 selftest: fix invalid loop variables uid and gid
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2023-02-23 22:32:32 +00:00
Samuel Cabrero
5c051eacd4 selftests: Make sure print queue is empty before printing_var_exp test ends
Although "lpq cache time" is 0 in the test environment the
"print_queue_length()" function can still return cached results. This is
because the print_queue_length() function calls print_queue_update(),
which just sends MSG_PRINTER_UPDATE to the samba-bgqd daemon and returns
without waiting for the daemon to update it.

This behavior causes problems in the selftests between
samba3.blackbox.printing_var_exp and samba3.rpc.spoolss.printserver
because when the later enumerates the printers at different levels and
compares the results the number of jobs can differ depending if samba-bgqd
updates the cache in between print_queue_update() and
get_queue_status() in the print_queue_length() function:

  test: samba3.rpc.spoolss.printserver.printserver.enum_printers(nt4_dc)
  time: 2023-02-17 13:07:34.043842Z
  Testing EnumPrinters level 0
  Testing EnumPrinters level 1
  Testing EnumPrinters level 2
  Checking EnumPrinters level 0 printer print_var_exp (ref print_var_exp)
  time: 2023-02-17 13:07:34.285992Z
  failure: samba3.rpc.spoolss.printserver.printserver.enum_printers(nt4_dc) [
  Exception: Exception: ../../source4/torture/rpc/spoolss.c:1132: cur->info0.cjobs was 1 (0x1), expected 0 (0x0): invalid value

To fix it, make sure the queue is empty before printing_var_exp test
ends.

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Feb 20 22:58:44 UTC 2023 on atb-devel-224
2023-02-20 22:58:44 +00:00
Volker Lendecke
5d8647376f vfs: Fix whitespace in vfs_aixacl_util.c
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Feb 13 21:23:43 UTC 2023 on atb-devel-224
2023-02-13 21:23:43 +00:00
Volker Lendecke
1a040c7f7e smbd: Remove dptr_struct->expect_close
This was only set but never read

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-02-13 20:28:33 +00:00
Volker Lendecke
a49edcd0d2 smbd: Remove dptr_struct->spid
This was only set but never read

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-02-13 20:28:33 +00:00
Volker Lendecke
5c19e6ca75 smbd: Simplify SeekDir() with an early return
Review with git show -w

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-02-13 20:28:33 +00:00
Volker Lendecke
a1d348fd5e smbd: Simplify struct dptr_struct
We can access the file name via "dir_hnd"

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-02-13 20:28:33 +00:00
Volker Lendecke
8846b09007 lib: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-02-13 20:28:33 +00:00
Volker Lendecke
4bbf2b1127 lib: Simplify ms_has_wild() with strpbrk()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-02-13 20:28:33 +00:00
Volker Lendecke
6e856074b1 smbd: Use ISDOT() in dptr_create()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-02-13 20:28:33 +00:00
John Mulligan
54a8da8640 vfs_ceph: use fsp_get_pathref_fd in ceph fstatat and close vfs calls
Replace fsp_get_io_fd with fsp_get_pathref_fd as these calls do use
pathref fsps. fsp_get_io_fd asserts that the fsp is not pathref and
asserts (on a debug build) or returns -1 (non debug build).

Prior to these changes running ls on the root of the share failed.
Logging from the failure case:
```
openat_pathref_fsp: smb_fname [.]
openat_pathref_fullname: smb_fname [.]
fsp_new: allocated files structure (1 used)
file_name_hash: //. hash 0x3dfcc1c2
check_reduced_name: check_reduced_name [.] [/]
cephwrap_realpath: [CEPH] realpath(0x55604da9a030, .) = //.
check_reduced_name realpath [.] -> [//.]
check_reduced_name: . reduced to //.
cephwrap_openat: [CEPH] openat(0x55604da9a030, ., 0x55604da81f00, 133120, 0)
cephwrap_openat: [CEPH] open(...) = 10
cephwrap_fstat: fsp_get_io_fd: fsp [.] is a path referencing fsp
[CEPH] fstat(0x55604da9a030, -1)
fsp_get_io_fd: fsp [.] is a path referencing fsp
cephwrap_fstat: [CEPH] fstat(...) = -9
fd_openat: name ., flags = 04000 mode = 00, fd = 10.  NT_STATUS_INVALID_HANDLE
openat_pathref_fullname: Opening pathref for [.] failed: NT_STATUS_INVALID_HANDLE
```

This change also seems to match the recommendations in the `When to use
fsp_get_io_fd() or fsp_get_pathref_fd()` section of The_New_VFS.txt
document.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15307

Signed-off-by: John Mulligan <jmulligan@redhat.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Gunther Deschner <gdeschne@redhat.com>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Feb 13 20:04:38 UTC 2023 on atb-devel-224
2023-02-13 20:04:38 +00:00
Volker Lendecke
cc4e11d028 smbd: Remove smbXsrv_open_global0->db_rec
The only user by now was net serverid wipedbs, and there it was easy to replace

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Feb 13 10:49:43 UTC 2023 on atb-devel-224
2023-02-13 10:49:43 +00:00
Volker Lendecke
1bd16bc6d4 smbd: Use dbwrap_do_locked() in smb2srv_open_recreate()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-02-13 09:53:38 +00:00
Stefan Metzmacher
fede6b9f46 smbd: rename 'op' into 'global' in smbXsrv_open_cleanup_fn()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2023-02-13 09:53:38 +00:00
Volker Lendecke
ca872ad6ba smbd: let smbXsrv_open_cleanup() delete broken records
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Volker Lendecke <vl@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2023-02-13 09:53:38 +00:00
Volker Lendecke
a69950db4a smbd: Use dbwrap_do_locked() in smbXsrv_open_cleanup()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-02-13 09:53:38 +00:00
Volker Lendecke
62a6633193 smbd: Use dbwrap_do_locked() in smbXsrv_open_close()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-02-13 09:53:38 +00:00
Volker Lendecke
26b29ecbb9 smbd: Use dbwrap_do_locked() in smbXsrv_open_update()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-02-13 09:53:38 +00:00
Volker Lendecke
bfede670bd smbd: Use dbwrap_do_locked() in smbXsrv_open_global_allocate()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-02-13 09:53:38 +00:00
Volker Lendecke
84d22dc5f5 smbd: Make smbXsrv_open_global_allocate() store the record
Micro-step towards using dbwrap_do_locked()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-02-13 09:53:38 +00:00
Volker Lendecke
95e3ad7e43 smbd: Simplify smbXsrv_open_global_store()
Avoid the dependency on global->db_rec. This makes the callers more
verbose, but it makes the data dependencies much more obvious. This
will enable removing smbXsrv_open_global0->db_rec at some point.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-02-13 09:53:38 +00:00
Volker Lendecke
fafebc46c8 smbd: Move smbXsrv_open_global_verify_record() down in smbXsrv_open.c
Avoid prototypes

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-02-13 09:53:38 +00:00
Volker Lendecke
a93d93a97d smbd: Use generate_nonce_buffer() in smbXsrv_open_global_allocate()
We don't need anything cryptographic for persistent file handle ids

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-02-13 09:53:38 +00:00
Jeremy Allison
e8abe52df2 s3: smbd: Fix log spam. Change a normal error message from DBG_ERR (level 0) to DBG_INFO (level 5).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15302

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Sat Feb 11 08:48:05 UTC 2023 on atb-devel-224
2023-02-11 08:48:05 +00:00
Joseph Sutton
1c3a8fa20c auth: Correct primary group handling
Heretofore we have treated the primary group SID specially, storing it
in a fixed position as the second element of the user_info_dc->sids
array, and filtering out other copies in the PAC_LOGON_INFO base
structure. This filtering has made it difficult to distinguish between
the case where the primary group is a universal or global group, located
in the base RIDs, and the case where it is a domain-local group, missing
from the base RIDs; especially since the attributes of a domain-local
primary group are lost by being stored in the PAC. Domain-local primary
groups are normally disallowed by Windows, but are allowed by Samba, and
so it is reasonable to support them with at least some measure of
consistency.

The second element of user_info_dc->sids is still reserved for the
primary group's SID, but we no longer filter out any other copies in the
array. The first two elements are no more than the SIDs of the user and
the primary group respectively; and the remaining SIDs are as if taken
without modification from arrays of SIDs in the PAC. user_info_dc->sids
should therefore become a more faithful representation of the SIDs in
the PAC. After adding resource SIDs to it with
dsdb_expand_resource_groups(), we should have a result that more closely
and in more cases matches that of Windows.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-02-08 00:03:40 +00:00
Joseph Sutton
e00eeed9d2 auth: Align integer types
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-02-08 00:03:40 +00:00
Joseph Sutton
c17e46a231 ldap: Make use of LDB_OID_COMPARATOR constants
These constants allow one to tell at a glance what search operation is
being performed.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-02-08 00:03:40 +00:00
Joseph Sutton
618d95822e ldap: Cut down on string substitution
Constant strings can be inserted directly into format strings, reducing
the amount of string substitution to be performed.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-02-08 00:03:40 +00:00
Joseph Sutton
5147f011d9 auth: Shorten long SID flags combinations
The combination MANDATORY | ENABLED_BY_DEFAULT | ENABLED is very
commonly used, and introducing a shorter alias for it makes the code
clearer.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-02-08 00:03:39 +00:00
Joseph Sutton
e3fdb2d001 s4:kdc: Add resource SID compression
The domain-local groups that are added to the PAC of a service ticket
are now, if the service doesn't disclaim support for SID compression,
placed into the resource groups structure in PAC_LOGON_INFO.

In a TGS exchange directed to a KDC, rather than to a service, the
resource groups structure is simply copied into the updated PAC without
any processing being done.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-02-08 00:03:39 +00:00
Joseph Sutton
14d94460ca auth: Pass through entire PAC flags value in auth_user_info
Besides the NETLOGON_GUEST bit indicating whether the user has been
authenticated, we now carry all of the other bits as well. This lets us
match Windows' behaviour of simply passing these bits through to an
updated PAC when processing a TGS-REQ.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-02-08 00:03:39 +00:00
Joseph Sutton
8aef16bbbc named_pipe_auth: Bump info5 to info6
In the next commit, we shall replace the 'authenticated' field of
named_pipe_auth_req_info.info5.session_info.session_info.info with a
more general 'user_flags' field.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-02-08 00:03:39 +00:00
Joseph Sutton
94cda2dfd5 auth: Exclude resource groups from a TGT
Resource group SIDs should only be placed into a service ticket, but we
were including them in all tickets. Now that we have access to the group
attributes, we'll filter out any groups with SE_GROUP_RESOURCE set if
we're creating a TGT.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-02-08 00:03:39 +00:00
Joseph Sutton
7050e05742 auth: Store group attributes in auth_user_info_dc
Group expansion, performed in dsdb_expand_nested_groups(), now
incorporates a check of the type of each group. Those that are resource
groups receive the SE_GROUP_RESOURCE bit in the attributes which are now
carried alongside each group SID.

Whereas before, in auth_convert_user_info_dc_sambaseinfo() and
auth_convert_user_info_dc_saminfo6(), we invariantly used the flag
combination SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT |
SE_GROUP_ENABLED to set attributes in the PAC, we now take the correct
attributes from user_info_dc.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-02-08 00:03:39 +00:00
Andreas Schneider
b3d7df58a0 s3:torture: Remove unused variable
source3/torture/test_smb1_dfs.c:3264:11: error: variable 'accessmode' set but
not used [-Werror,-Wunused-but-set-variable]
        uint16_t accessmode = 0;
                 ^

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-02-06 22:51:32 +00:00
Andreas Schneider
e57fa88119 s3:utils: Remove unused variable
source3/utils/log2pcaphex.c:138:13: error: variable 'i' set but not used
[-Werror,-Wunused-but-set-variable]
        static int i = 0;
                   ^

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-02-06 22:51:32 +00:00
Andreas Schneider
a94adedd0e s3:netapi: Remove unused variables
source3/lib/netapi/tests/netfile.c:40:22: error: variable 'i2' set but not used
[-Werror,-Wunused-but-set-variable]
  struct FILE_INFO_2 *i2 = NULL;
                      ^
source3/lib/netapi/tests/netfile.c:41:22: error: variable 'i3' set but not used
[-Werror,-Wunused-but-set-variable]
  struct FILE_INFO_3 *i3 = NULL;
                      ^

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-02-06 22:51:32 +00:00
Andreas Schneider
5447d7fb75 s3:modules: Initialize pointer with NULL
source3/modules/vfs_glusterfs.c:827:6: error: variable 'glfd' is used
uninitialized whenever 'if' condition is false
[-Werror,-Wsometimes-uninitialized]
  if (pglfd == NULL) {
      ^~~~~~~~~~~~~
source3/modules/vfs_glusterfs.c:853:6: note: uninitialized use occurs here
  if (glfd == NULL) {
      ^~~~
source3/modules/vfs_glusterfs.c:827:2: note: remove the 'if' if its condition is
always true
  if (pglfd == NULL) {
  ^~~~~~~~~~~~~~~~~~~
source3/modules/vfs_glusterfs.c:763:17: note: initialize the variable 'glfd' to
silence this warning
  glfs_fd_t *glfd;
                 ^
                  = NULL

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-02-06 22:51:31 +00:00
Andreas Schneider
c462a0b78d s4:modules: Move structs with dynamic arrays to end of struct
source3/modules/vfs_io_uring.c:70:22: error: field 'cqe' with variable sized
    type 'struct io_uring_cqe' not at the end of a struct or class is a GNU
    extension [-Werror,-Wgnu-variable-sized-type-not-at-end]
        struct io_uring_cqe cqe;
                            ^

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-02-06 22:51:31 +00:00
Andreas Schneider
ea723fb709 s3:modules: Ignore -Wunused-but-set-variable for autogenerated code
source3/modules/getdate.c:1192:9: error: variable 'yynerrs' set but not used
    [-Werror,-Wunused-but-set-variable]
    int yynerrs;
        ^

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-02-06 22:51:31 +00:00
Andreas Schneider
54413a49f5 s3:printing: Remove unused variable
source3/printing/tests/vlp.c:144:19: error: variable 'job_count' set but not
    used [-Werror,-Wunused-but-set-variable]
        int i, num_jobs, job_count = 0;
                         ^

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-02-06 22:51:31 +00:00
Andreas Schneider
a77c56e4ed s3:printing: Remove trailing whitespaces in vlp.c
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-02-06 22:51:31 +00:00
Andreas Schneider
8b7fcfa577 s3:winbind: Remove unused variable
source3/winbindd/winbindd_ads.c:1399:6: error: variable 'ret_count' set but not
    used [-Werror,-Wunused-but-set-variable]
        int ret_count;
            ^

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-02-06 22:51:31 +00:00
Andreas Schneider
f266e9e2dc s3:rpcsrv:eventlog: Remove unused variable
source3/rpc_server/eventlog/srv_eventlog_nt.c:634:11: error: variable
  'num_records_read' set but not used [-Werror,-Wunused-but-set-variable]
        uint32_t num_records_read = 0;

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-02-06 22:51:31 +00:00
Andreas Schneider
91e7351db3 s3:smbd: Don't assign variable to itself
source3/smbd/msdfs.c:367:14: error: explicitly assigning value of variable of
    type 'char *' to itself [-Werror,-Wself-assign]
        servicename = servicename;
        ~~~~~~~~~~~ ^ ~~~~~~~~~~~

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-02-06 22:51:31 +00:00
Andreas Schneider
bd5b093cc0 s3:libsmb: Remove unused variable 'i'
namecache.c:129:9: error: variable 'i' set but not used
  [-Werror,-Wunused-but-set-variable]
        size_t i, count;
               ^

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-02-06 22:51:31 +00:00
Ralph Boehme
1dd0cd2f4e mdssvc: fix kMDScopeArray parsing
In macOS Ventura marshalling of kMDScopeArray in the "openQueryWithParams"
request has changed from

  string: kMDScopeArray
  sl_array_t(#1): {
    string: /foo/bar
  }

to:

  string: kMDScopeArray
  sl_array_t(#1): {
    sl_array_t(#1): {
      string: /foo/bar
    }
  }

With this patch we check both encodings. Bug fixed according to user feedback.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15299
RN: Spotlight doesn't work with latest macOS Ventura

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-02-02 20:14:36 +00:00
Pavel Filipenský
65e9b409a6 s3:utils: Fix UNUSED_VALUE
Reported by RedHat internal Covscan

Since cb8a0d9 we no longer stop traversing the list if encryption_flag
or signing_flags are unknown.

Assignment "result = -1;" is always overwritten by
"result = traverse_connections_*()" and is a dead code.

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Feb  2 15:46:52 UTC 2023 on atb-devel-224
2023-02-02 15:46:52 +00:00