IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
This allows to add expections for individual workstations, when using "server schannel = yes".
"server schannel = auto" is very insecure and will be removed soon.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Günther Deschner <gd@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
We should debug more details about the failing request.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Günther Deschner <gd@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
This is not strictly needed, but makes things more clear.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Rather than have safe_string.h #include string_wrappers.h, make users of
string_wrappers.h include it explicitly.
includes.h now no longer includes string_wrappers.h transitively. Still
allow includes.h to #include safe_string.h for now so that as many
modules as possible get the safety checks in it.
Signed-off-by: Matthew DeVore <matvore@google.com>
Reviewed-by: David Mulder <dmulder@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This reverts commit 3e072b3fb7.
This is no longer required now that --noline is set globally
and that is a much nicer solution.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Swen Schillig <swen@linux.ibm.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Aug 3 22:21:04 UTC 2020 on sn-devel-184
The srv_fssa_start() / _cleanup() functions are called via the
DCESRV_INTERFACE_FILESERVERVSSAGENT_INIT / SHUTDOWN_SERVER hooks,
so needn't be public.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Reviewed-by: Samuel Cabrero <scabrero@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Jun 3 03:57:12 UTC 2020 on sn-devel-184
The generic function already checks the handle type.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Now that the type associated to the handle is the same for all handle
types we can wrap the access check.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Now that we pass the handle type to the generic handle creation and find
functions we can drop the specific SAMR ones.
The policy_handle_create() function labeled the talloc chunk used to
allocate the handle's associated data, and the policy_handle_find() is
checking the name matches with the expected data. The check is performed
now by the generic functions based on the handle type so we can drop
these SAMR specific functions.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Following changes in commit c7a4578d06
pass the handle type to the handle search functions. The handle type will
be verified unless passing DCESRV_HANDLE_ANY to find functions.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
The handle based security model is a SAMR specific feature. The access
granted is stored in the handle's associated data after creating it and
the access is verified after searching the handle.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
As create_file_default() still need to be updated in the future to replace the
SMB_VFS_STAT() calls with AT-based versions, it asserts (dirfsp ==
dirfsp->conn->cwd_fsp).
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
With share_infos.tdb this is a locking order violation:
share_infos.tdb is level 4, brlock.tdb is level 2. Avoid this by first
walking the share_infos.tdb and then fetching all the brlock entries.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14355
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu May 14 22:06:32 UTC 2020 on sn-devel-184
To me this was not very transparent, and now that we have "ctr3" a
single indirect looks okay
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14355
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu May 14 19:43:27 UTC 2020 on sn-devel-184
Assign output from smb_iconv_open_ex() to a temporary
handle. Only assign to mds_ctx->[handles] if correctly
opened otherwise we end up trying to call smb_iconv_close(-1).
MacOSX Catalina triggers this.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14372
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu May 7 18:03:16 UTC 2020 on sn-devel-184
Most places take twrp from a local struct smb_filename variable that the
function is working on. Some don't for various reasons:
o synthetic_smb_fname_split() is only called in very few places where we don't
expect twrp paths
o implementations of SMB_VFS_GETWD(), SMB_VFS_FS_CAPABILITIES() and
SMB_VFS_REALPATH() return the systems view of cwd and realpath without twrp info
o VFS modules implementing previous-versions support (vfs_ceph_snapshots,
vfs_shadow_copy2, vfs_snapper) synthesize raw paths that are passed to VFS NEXT
functions and therefor do not use twrp
o vfs_fruit: macOS doesn't support VSS
o vfs_recycle: in recycle_create_dir() we need a raw OS path to create a directory
o vfs_virusfilter: a few places where we need raw OS paths
o vfs_xattr_tdb: needs a raw OS path for SMB_VFS_NEXT_STAT()
o printing and rpc server: don't support VSS
o vfs_default_durable_reconnect: no Durable Handles on VSS handles, this might
be enhances in the future. No idea if Windows supports this.
o get_real_filename_full_scan: hm.... FIXME??
o get_original_lcomp: working on a raw path
o msdfs: doesn't support VSS
o vfs_get_ntquota: synthesizes an smb_filename from ".", so doesn't support VSS
even though VFS modules implement it
o fd_open: conn_rootdir_fname is a raw path
o msg_file_was_renamed: obvious
o open_np_file: pipes don't support VSS
o Python bindings: get's a raw path from the caller
o set_conn_connectpath: raw path
o set_conn_connectpath: raw path
o torture: gets raw paths from the caller
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Since wire_handle.handle_type is uint32_t, we can simply assign uint8_t
handle type to it without using SIVAL() macros. Further unify with s4
RPC server code flow.
Fixes CID 1462616
>>> CID 1462616: (CONSTANT_EXPRESSION_RESULT)
>>> "(uint32_t)handle_type >> 16" is 0 regardless of the values of its operands. This occurs as a value.
284 SIVAL(&rpc_hnd->wire_handle.handle_type, 0 , handle_type);
Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Alexander Bokovoy <ab@samba.org>
Autobuild-Date(master): Thu Apr 30 07:09:55 UTC 2020 on sn-devel-184
Various RPC services expect policy handles of a specific type.
s3 RPC server did not allow to create policy handles with a specific
type while actually requiring that policy handle type itself in some
places.
Make sure we are able to specify the policy on-wire handle type when
creating the policy handle. The changes follow s4 DCE RPC server
implementation.
The original logic to always set on-wire handle type to 0 can be tracked
down to commit fdeea341ed when we didn't
really know about differences in on-wire handle types.
All but LSA trusted domain RPC calls do not check the on-wire handle
type in s3 RPC server.
Fixes trusted domain operations when Samba RPC client attempts to call
s3 RPC server to perform lsa_lsaRSetForestTrustInformation in FreeIPA.
This fix is a pre-requisite for FreeIPA-FreeIPA forest trust.
Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Apr 28 22:55:29 UTC 2020 on sn-devel-184
Craft core structures to dispatch local calls in the same way as remote
ones, removing the special handling in the autogenerated code.
This is also necessary to drop s3 rpc handles implementation.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Apr 8 22:23:05 UTC 2020 on sn-devel-184
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Samuel Cabrero <scabrero@samba.org>
Autobuild-Date(master): Fri Mar 20 17:11:28 UTC 2020 on sn-devel-184
The setup function registers the endpoint server and RPC core routines
initialize and shutdown it.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Prototype is generated by the server compat parser.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
