IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
This had been missing in the initial async dosmode implementation. It's the
responsibility of the sync and async dosmode functions to call
vfswrap_is_offline() since the offline functionality has been converted from a
first class VFS function to be a part of the DOS attributes VFS functions.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14293
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Must use tevent_req_data() to get our tevent_req state, talloc_get_type_abort()
will just crash as struct tevent_req != struct vfswrap_getxattrat_state.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14293
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
vfswrap_is_offline() has been converted to a "helper" function some time ago, it
had been a VFS interface function before. To make this change more obvious let
it take a struct connection_struct instead of a struct vfs_handle_struct which
is the canonical first parameter to VFS functions.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14293
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
According to Posix and the Linux open(2) manpage, the open-syscall can
return EINTR. If that happens, core smbd saw this as an indication
that aio_pthread's open function was doing its job. With a real EINTR
without aio_pthread this meant we ended up in a server_exit after 20
seconds, because there was nobody to do the retry.
EINTR is mapped to NT_STATUS_RETRY. Handle this by just retrying after
a second.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14285
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Feb 20 22:14:25 UTC 2020 on sn-devel-184
All DFS links are now read through the VFS and not via
symlink calls.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Feb 18 22:34:16 UTC 2020 on sn-devel-184
Remove external parse of returned link targetpath, expose
the parsing previously added to dfs_path_lookup().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Currently unused, but this will ease the transition to
using SMB_VFS_READ_DFS_PATHAT().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
This will need an extra dirfsp parameter in future, but this
is the easiest change for now.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Ensure on error or clean return we don't leave memory on mem_ctx.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Feb 18 21:07:44 UTC 2020 on sn-devel-184
This is a bit confusing now, sorry for that:
register_msg_pool_usage() in the ctdb case uses
messaging_ctdb_register_tevent_context(), which talloc_reference()s
the central struct messaging_ctdb_fde_ev of the
messaging_ctdb_context. In messaging_reinit(), we talloc_free only one
of those references and allocate a new messaging_ctdb_fde_ev. The
remaining messaging_ctdb_fde_ev should have been deleted as well, but
due to the second reference this does not happen. When doing the
shutdown messaging_ctdb_fde_ev_destructor() is called twice, once on
the properly reinitialized fde_ev, and once much later on the leftover
one which references invalid data structures.
By the way, this is not a problem with talloc_reference(), this would
have happened with explicit refcounting too.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14281
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Björn Baumbach <bb@sernet.de>
Autobuild-Date(master): Tue Feb 18 13:05:53 UTC 2020 on sn-devel-184
Consolidate "msg_dgm_ref" and "msg_ctdb_ref": The only purpose of
those pointers was to TALLOC_FREE() them in messaging_reinit(). We'll
have a third entity to talloc_free() in the next commit, make that
simpler.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14281
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Add a simple way to deactivate the registration
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14281
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
We can do as much as we want in the filter. This gives us automatic
retry, we don't have to do the messaging_filtered_read_send() over and
over again
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14281
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
The module makes use of the new io_uring infrastructure
(intruduced in linux 5.1), see https://lwn.net/Articles/778411/ and
http://git.kernel.dk/cgit/liburing/
Currently this only implements SMB_VFS_{PREAD,PWRITE,FSYNC}_SEND/RECV
and avoids the overhead of our userspace threadpool.
In future we'll hopefully make more use of more advanced io_uring
features.
For now we don't have automated tests as our test infrastructure
doesn't use a recent kernel. At least we're able to do compile tests
on fedora31.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Sat Feb 15 11:37:45 UTC 2020 on sn-devel-184
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Feb 14 20:16:04 UTC 2020 on sn-devel-184
Include the path where db_open() tried to find the ctdb socket
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
These error codes are soon propagated in addition to
INVALID_ACOUNT_NAME through the gensec/spnego layers.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This makes it more obvious if the later change the array.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This is currently not critical as we only use keytabs
only as acceptor, but in future we'll also use them
for kinit() and there we should prefer the newest type.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This adds a generic way to get to the raw (verified) PAC
and will be used in multiple places in future.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Internally to open.c this is still used, but that can go away next.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Feb 7 22:27:48 UTC 2020 on sn-devel-184
We will use this internally and can only expose this once SMB3.11 unix
extensions are activated for the client.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Feb 7 18:26:15 UTC 2020 on sn-devel-184
If *offset is length - 1, we would read ubuf[(*offset)+1] as the lower
bits of the new *offset. This value is undefined, but because it is
checked against the valid range, there is no way to read further
beyond that one byte.
Credit to oss-fuzz.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14242
OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20193
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Feb 7 10:19:39 UTC 2020 on sn-devel-184
This avoids a few function calls inside the kernel
in order to reach sock_sendmsg() quicker:
entry_SYSCALL_64_after_hwframe
do_syscall_64
__x64_sys_writev
do_writev
vfs_writev
do_iter_write
do_iter_readv_writev
sock_write_iter
sock_sendmsg
entry_SYSCALL_64_after_hwframe
do_syscall_64
__x64_sys_sendmsg
__sys_sendmsg
___sys_sendmsg
sock_sendmsg
As a side effect it will be useful for SMB-Direct invalidation
messages via msg->msg_control and CMSG_*.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
We always now how many bytes our caller requires,
so there's no need to use tstream_pending_bytes().
This makes it possible to read socket_wrapper generated
captures again, as wireshark requires the fixed (16 bytes) DCERPC
header to be in one TCP packet.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Since 8e81090789 we're doing chdir() twice, first
into conn->connectpath, then into conn->origpath.
Before commit 8e81090789 if
chdir(conn->connectpath) succeeded, we wouldn't do the second chdir().
While at it, simplify the logging logic: if chdir() fails in this core function,
just always log is as error including the unix token.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14256
RN: smbd does a chdir() twice per request
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Feb 6 11:44:07 UTC 2020 on sn-devel-184
This has been replaced in previous commits by consistently using
current_user_info.smb_name.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This delays reloading config slightly, but I don't see how could affect
observable behaviour other then log messages coming from the functions in
between the different locations for lp_load_with_shares() like
make_user_info_map() are sent to a different logfile if "log file" uses %U.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This delays reloading config slightly, but I don't see how could affect
observable behaviour other then log messages coming from the functions in
between the different locations for lp_load_with_shares() like
make_session_info_krb5() are sent to a different logfile if "log file" uses %U.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Note that we're now sanitizing the username we got from the client, as we do
everywhere else.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This means switching auth backend based on %U include, ie
passdb backend = tdbsam
include = smb.conf.%U
and smb.conf.SOMEUSER contains
passdb backend = smbpasswd
won't work anymore.
We're still calling set_current_user_info() and reload_services() later on
in this function, so everything else still works as before.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This is already handled by set_sec_ctx() below, we just have to pass in the
values instead of setting it here in this function before calling set_sec_ctx().
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
A similar hunk was added via commit
89f753c1fc ("winbind: Use xids2sids in getpwuid"),
but it was missing in commit
e2dda192e7 ("winbind: Use xids2sids in getgrgid")
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14265
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Feb 5 17:56:58 UTC 2020 on sn-devel-184
When a domain member gets an empty domain name or '.', it should
not forward the authentication to domain controllers of
the primary domain.
But we need to keep passing UPN account names with
an empty domain to the DCs as a domain member.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14247
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
There's no real logic change here, but is makes it easier to
understand.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14247
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Ralph Wuerthner <ralph.wuerthner@de.ibm.com>
Reviewed-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Christof Schmitt <cs@samba.org>
Autobuild-Date(master): Mon Feb 3 21:53:05 UTC 2020 on sn-devel-184
Now we use this instead of symlinks to create
DFS links, it's needed in cap.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Jan 30 18:21:47 UTC 2020 on sn-devel-184
Now we use this instead of symlinks to create
DFS links, it's needed in catia.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
TEST FOR: https://bugzilla.samba.org/show_bug.cgi?id=14124
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Jan 24 17:18:38 UTC 2020 on sn-devel-184
CAP_LEASE is not used in the file oplock_linux.c, so remove it there.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This function is no longer used. In case this capability would be
required, set_effective_capability(LEASE_CAPABILITY) could also be
called directly.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Shorten the function a bit by directly returning the mapped value.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
The set_gpfs_lease function first maps the lease argument to the GPFS
version and then issues the API call. Change this to only do the mapping
in the helper function.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Follow the current coding guidelines to first issue the function call
and then check the return code.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Remove trailing whitespace and put each argument on a seperate line.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
The API call is already done as root user (become_root), so that the
lease contains the root user. The lease capability is already implied by
the root user, so the explicit call to linux_set_lease_capability is not
required.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This reverts commit c9adf47ac5.
The fake fd is no longer necessary, as vfs_glusterfs now provides a
fcntl_fn hook.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14241
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
This hook is currently called via vfs_set_blocking(), so can safely be
ignored.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14241
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
This hook is currently called via vfs_set_blocking(), so can safely be
ignored.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14241
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
We now have to do an explicit DOWNGRADE when we want to change from
G_LOCK_WRITE to G_LOCK_READ.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sun Jan 19 19:58:01 UTC 2020 on sn-devel-184
When we're about to create a file, the stat info will be all zero, so
vfs_file_id_from_sbuf() would return a bogus file_id. This is normally not a
problem, as open_file() itself also calls vfs_file_id_from_sbuf() after having
created the file.
This is however a problem when using the VFS module fileid, as that is doing
caching of /etc/mtab and failing to find smb_fname->st.st_ex_dev (all zero in
this case when creating a new file) in the mtab cache will trigger a mtab reload
which can be *very* expensive.
Copying many small files to a Samba server in this situation will result in
abysimal performance.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14237
Pair-Programmed-With: Jeremy Allison <jra@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Jan 17 22:38:14 UTC 2020 on sn-devel-184
GlusterFS currently doesn't have an API implementation to set flags on
open file descriptor. Thus we use pipe() to provide valid file descriptor
from the system.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14241
Signed-off-by: Anoop C S <anoopcs@redhat.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Fri Jan 17 17:14:43 UTC 2020 on sn-devel-184
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jan 15 22:51:14 UTC 2020 on sn-devel-184
This is like close-share, but kicks out only active users where share
access controls are changed such that now access would be denied
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Wait for additional replies until timeout when '*' is given to nmblookup
as name.
Introduced by 8da8c36b53.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=8927
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jan 14 20:42:10 UTC 2020 on sn-devel-184
A verbose mode got lost with the introduction of libarchive support.
The verbose mode is optional, default is quiet mode.
The output format is close to the verbose output format of POSIX tar
implementations and should be good parsable.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11642
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
I think the dump_gpo() calls do enough, and this code has done nothing
for a decade.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Gary Lockyer <gary@samba.org>
Autobuild-Date(master): Mon Jan 13 23:52:26 UTC 2020 on sn-devel-184
At last, the nail in the coffin. :)
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Jan 13 21:09:01 UTC 2020 on sn-devel-184
In memory of get_valid_user_struct() and functionally equivalent it only returns
the session if session setup was successfully completed and
session->global->auth_session_info is valid.
This function is similar to smbXsrv_session_local_lookup() and it's wrappers,
but it doesn't implement the state checks of those. get_valid_smbXsrv_session()
is NOT meant to be called to validate the session wire-id of incoming SMB
requests, it MUST only be used in later internal processing where the session
wire-id has already been validated.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This is not needed anymore because a previous commit changes this to use
session->global->session_wire_id insteaf of session->compat->vuid, so we're not
depending on session->compat anymore.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
The previous commit removed all users of struct user_struct.vuid.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
session->compat->vuid is set to session->global->session_wire_id after a
successful session setup, so both variables will always carry the same value. Cf
the next commit which removes vuid from user_struct.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Found by "Christopher O Cowan - Christopher.O.Cowan@ibm.com" <Christopher.O.Cowan@ibm.com>
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Harmonize _netr_DsRGetForestTrustInformation with source4/ logic which
didn't change since DCE RPC channel refactoring.
With the current code we return RPC faul as can be seen in the logs:
2019/12/11 17:12:55.463081, 1, pid=20939, effective(1284200000, 1284200000), real(1284200000, 0), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug)
netr_DsRGetForestTrustInformation: struct netr_DsRGetForestTrustInformation
in: struct netr_DsRGetForestTrustInformation
server_name : *
server_name : '\\some-dc.example.com'
trusted_domain_name : NULL
flags : 0x00000000 (0)
[2019/12/11 17:12:55.463122, 4, pid=20939, effective(1284200000, 1284200000), real(1284200000, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1561(api_rpcTNP)
api_rpcTNP: fault(5) return.
This is due to this check in processing a request:
if (!(p->pipe_bound && (p->auth.auth_type != DCERPC_AUTH_TYPE_NONE)
&& (p->auth.auth_level != DCERPC_AUTH_LEVEL_NONE))) {
p->fault_state = DCERPC_FAULT_ACCESS_DENIED;
return WERR_ACCESS_DENIED;
}
and since we get AuthZ response,
Successful AuthZ: [netlogon,ncacn_np] user [EXAMPLE]\[admin] [S-1-5-21-1234567-890123456-500] at [Wed, 11 Dec 2019 17:12:55.461164 UTC]
Remote host [ipv4:Y.Y.Y.Y:59017] local host [ipv4:X.X.X.X:445]
[2019/12/11 17:12:55.461584, 4, pid=20939, effective(0, 0), real(0, 0)] ../lib/audit_logging/audit_logging.c:141(audit_log_json)
JSON Authorization: {"timestamp": "2019-12-11T17:12:55.461491+0000",
"type": "Authorization", "Authorization": {"version": {"major": 1, "minor": 1},
"localAddress": "ipv4:X.X.X.X:445", "remoteAddress": "ipv4:Y.Y.Y.Y:59017",
"serviceDescription": "netlogon", "authType": "ncacn_np",
"domain": "EXAMPLE", "account": "admin", "sid": "S-1-5-21-1234567-890123456-500",
"sessionId": "c5a2386f-f2cc-4241-9a9e-d104cf5859d5", "logonServer": "SOME-DC",
"transportProtection": "SMB", "accountFlags": "0x00000010"}}
this means we are actually getting anonymous DCE/RPC access to netlogon
on top of authenticated SMB connection. In such case we have exactly
auth_type set to DCERPC_AUTH_TYPE_NONE and auth_level set to
DCERPC_AUTH_LEVEL_NONE in the pipe->auth. Thus, returning an error.
Update the code to follow the same security level check as in s4 variant
of the call.
Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Mon Jan 13 15:05:28 UTC 2020 on sn-devel-184
The last Ceph Hammer release (0.94.10) came in Feb 2017, as is no longer
supported upstream. Drop support for building Samba vfs_ceph against
version prior to 0.94.0.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Sat Jan 11 14:59:36 UTC 2020 on sn-devel-184
libcephfs statx became available with the Kraken (11.2.0) release of
Ceph in Jan 2017. Versions prior to this are no longer supported
upstream, so we can drop support within Samba vfs_ceph.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
No change in the (rather strange) logic.
First step in abstracting MSDFS storage from direct symlink calls.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Jan 10 21:05:25 UTC 2020 on sn-devel-184
As discussed with Jeremy in bug 14232, the vfs_ceph.renameat_fn
implementation currently ignores srcfsp and dstfsp. As a result,
relative smb_fname_src/smb_fname_dest paths will be processed as
relative to cwd.
This is currently a valid assumption, as srcfsp and dstfsp should
always match conn->cwd_fsp. Add an assert to clarify this.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jan 9 20:20:05 UTC 2020 on sn-devel-184
TALLOC_FREE the fde before closing the fd. Otherwise the fde
destructor tries to remove a nonexisting fd from the epoll set.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jan 9 01:15:34 UTC 2020 on sn-devel-184
Following backtrace is observed on executing `smbstatus` with at least
one SMB client connection established:
PANIC: assert failed at ../../lib/dbwrap/dbwrap.c(82): rec->value_valid
PANIC (pid 350270): assert failed: rec->value_valid
BACKTRACE: 15 stack frames:
#0 /usr/local/lib/libsamba-util.so.0(log_stack_trace+0x1f)
[0x7fbbd9b32047]
#1 /usr/local/lib/libsmbconf.so.0(smb_panic_s3+0x74) [0x7fbbd9c1e6ff]
#2 /usr/local/lib/libsamba-util.so.0(smb_panic+0x28) [0x7fbbd9b32012]
#3 /usr/local/lib/samba/libdbwrap-
samba4.so(dbwrap_record_get_value+0x86) [0x7fbbd95800ac]
#4 /usr/local/lib/samba/libsmbd-base-samba4.so(+0x28f563)
[0x7fbbd999e563]
#5 /usr/local/lib/samba/libsamba-cluster-support-samba4.so(+0x7851)
[0x7fbbd92c7851]
#6 /usr/local/lib/samba/libsamba-cluster-support-
samba4.so(ctdbd_traverse+0x4ca) [0x7fbbd92cc641]
#7 /usr/local/lib/samba/libsamba-cluster-support-samba4.so(+0x73eb)
[0x7fbbd92c73eb]
#8 /usr/local/lib/samba/libsamba-cluster-support-samba4.so(+0x7a52)
[0x7fbbd92c7a52]
#9 /usr/local/lib/samba/libdbwrap-samba4.so(dbwrap_traverse_read+0x35)
[0x7fbbd9580de5]
#10 /usr/local/lib/samba/libsmbd-base-
samba4.so(smbXsrv_tcon_global_traverse+0xc5) [0x7fbbd999e7d9]
#11 smbstatus(connections_forall_read+0x114) [0x55d17872b8ee]
#12 smbstatus(main+0x7b2) [0x55d17872a2f3]
#13 /lib64/libc.so.6(__libc_start_main+0xf3) [0x7fbbd93a21a3]
#14 smbstatus(_start+0x2e) [0x55d17872894e]
Can not dump core: corepath not set up
Assertion on rec->value_valid fails as it is uninitialized in the
following functions:
traverse_read_callback
traverse_persistent_callback_read
Signed-off-by: Anoop C S <anoopcs@redhat.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jan 8 23:24:58 UTC 2020 on sn-devel-184
User newer debug macro and print full path to affected file.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jan 8 01:26:46 UTC 2020 on sn-devel-184
Any other error code from gpfs_set_share should never happen. Print a
error message in case this is ever encountered.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
GPFS file systems can be configured without support for share modes. As
this results in an unique error code, print a message explaining this
situation and the required config changes.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
As this denies access to a file, provide a better error message for
easier troubleshooting.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Follow the convention to return 0 on success and -1 when hitting an
error.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
The gpfs_set_share API call has been around for a long time and
definitely all supported GPFS versions have it. Remove the check and
fallback for old versions without this API.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This avoids a redundant error message in case the call to acquire the
sharemode had failed before.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
The fsp has a valid file descriptor when this function is called. No
need for the additional check.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
The VFS flock function is called with a zero access_mask to indicate
that the share mode should be cleared. Adjust the check to directly
check the access_mask and provide a better message to indicate this
case.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
The calling code already ensures that the file is open with a valid file
descriptor.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
MS-SMB2 and the smbd code refer to this field as share_access. Use the
same name in the function argument.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
MS-SMB2 and the smbd code refer to this field as share_access. Use the
same name in the function argument.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
MS-SMB2 and the smbd code refer to this field as share_access. Use the
same name in the function argument.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
MS-SMB2 and the smbd code refer to this field as share_access. Use the
same name in the function argument.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
MS-SMB2 and the smbd code refer to this field as share_access. Use the
same name in the function argument.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
MS-SMB2 and the smbd code refer to this field as share_access. Use the
same name in the function argument.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
MS-SMB2 and the smbd code refer to this field as share_access. Use the
same name in the function argument.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
MS-SMB2 and the smbd code refer to this field as share_access. Use the
same name in the function argument.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
MS-SMB2 and the smbd code refer to this field as share_access. Use the
same name in the function argument.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
MS-SMB2 and the smbd code refer to this field as share_access. Use the
same name in the function argument.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
The fake async code has been pushed down into the 3 users, remove the sync
callback. Overall it's more lines of code, but the central interface is
simplified.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Jan 6 23:34:00 UTC 2020 on sn-devel-184
This is just fake async, but it avoids one use of a sync function
pointer in auth4_context
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This is just fake async, but it avoids one use of a sync function
pointer in auth4_context
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This is just fake async, but it avoids one use of a sync function
pointer in auth4_context
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Jan 6 20:33:55 UTC 2020 on sn-devel-184
Coverity does not get that for (rc!=0) gnutls_error_to_ntstatus()
never returns NT_STATUS_OK
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Use generate_random_buffer() directly on the talloc'ed buffer
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
When Samba is running as a domain controller and the "vfs objects"
parameter is not set, then the dfs_samba4 and acl_xattr modules are
automatically enabled.
However, if the "vfs objects" is defined, then the setting is left
as-is. This means that attempts to us other VFS modules have the side
effect of disabling the dfs_samba4 and acl_xattr modules, causing
unexpected behaviour, which is then blamed on the VFS modules that were
explicitly defined.
This change ensures that when running as a domain controller, Samba logs
an error if the required VFS modules are not enabled by an explicit
"vfs objects" definition.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10560
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Björn Jacke <bjacke@samba.org>
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Fri Jan 3 01:30:24 UTC 2020 on sn-devel-184
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Jan 1 12:04:52 UTC 2020 on sn-devel-184
When contending a WRITE with an existing READ, the contender puts
himself into the exclusive slot, waiting for the READers to go
away. If the async lock request is canceled before we got the lock, we
need to remove ourselves again. This is done in the destructor of the
g_lock_lock_state. In the successful case, the destructor needs to go
away.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sun Dec 22 18:57:17 UTC 2019 on sn-devel-184
This walks different code paths in the subsequent locker. And the one
that we did not test so far is in fact buggy
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Add parameter zfsacl:map_dacl_protected to address issue preventing Windows Clients
from disabling inheritance on ACLs. FreeBSD does not currently expose the ACL_PROTECTED
NFS4.1 flag, but it does expose ACE4_INHERITED_ACE. When the parameter is enabled,
map the absence of ACE4_INHERITED_ACE to SEC_DESC_DACL_PROTECTED.
See also the discussion at
https://gitlab.com/samba-team/samba/merge_requests/719
Signed-off-by: Andrew Walker <awalker@ixsystems.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Dec 20 23:24:54 UTC 2019 on sn-devel-184
Not used for now, that comes next.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Walker <awalker@ixsystems.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Now that we parse nfs4_params in the VFS connect in this module, we can pass it
to smb_set_nt_acl_nfs4() which avoids having smb_set_nt_acl_nfs4() parse
it *every time* it's called.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Walker <awalker@ixsystems.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Convert zfsacl:denymissingspecial so that the parameter loads on connect.
Signed-off-by: Andrew Walker <awalker@ixsystems.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Dec 20 13:06:20 UTC 2019 on sn-devel-184
Now that all callers pass in a valid session_info, we can remove handling of
session_info=NULL. Add an assert(session_info != NULL) just in case... :)
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
