1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

106337 Commits

Author SHA1 Message Date
Jeremy Allison
a51363309a s3: smbtorture: Add new local test LOCAL-CANONICALIZE-PATH
Tests new canonicalize_absolute_path() function.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12531

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2017-01-30 18:39:18 +01:00
Jeremy Allison
82979afc46 s3: lib: Fix two old, old bugs in set_conn_connectpath(), now in canonicalize_absolute_path().
Canonicalizing a path of /foo/bar/../baz would return /foo/barbaz
as moving forward 3 characters would delete the / character.

Canonicalizing /foo/.. would end up as '\0'.

Test to follow.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12531

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2017-01-30 18:39:18 +01:00
Jeremy Allison
02599c3933 s3: lib: Add canonicalize_absolute_path().
Resolves any invalid path components (.) (..)
in an absolute POSIX path.

We will be re-using this in several places.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12531

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2017-01-30 18:39:18 +01:00
Jeremy Allison
39678ed6af s3: smbd: Correctly canonicalize any incoming shadow copy path.
Converts to:

@GMT-token/path/last_component

from all incoming path types. Allows shadow_copy modules
to work when current directory is changed after removing
last component.

Ultimately when the VFS ABI is changed to add a timestamp
to struct smb_filename, this is where the parsing will be
done.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12531

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2017-01-30 18:39:18 +01:00
Andrew Bartlett
26ffc20cef build: vfs_posix_eadb is only built with the AD DC enabled
This was found building a static smbd without the AD DC

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>

Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Mon Jan 30 17:24:26 CET 2017 on sn-devel-144
2017-01-30 17:24:26 +01:00
David Mulder
73deaecbd5 s3:winbindd: document "winbind:ignore domains"
The "winbind:ignore domains" smb.conf option is undocumented but used frequently.

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Mon Jan 30 12:24:47 CET 2017 on sn-devel-144
2017-01-30 12:24:47 +01:00
Noel Power
1820209b9e s3/rpc_server/mdssvc: Generate flex/bison files in build
Build the generated files at build time instead of using a committed version
generated at some point in the past.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12528

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Sat Jan 28 13:26:01 CET 2017 on sn-devel-144
2017-01-28 13:26:01 +01:00
Ralph Boehme
9a3b64a24c vfs_fruit: checks wrong AAPL config state and so always uses readdirattr
readdirattr should only be enabled if the client enables it via AAPL
negotitiation, not for all clients when vfs_fruit is loaded.

Unfortunately the check in fruit_readdir_attr() is

  if (!config->use_aapl) {
    return SMB_VFS_NEXT_READDIR_ATTR(handle, fname, mem_ctx, pattr_data);
  }

This uses the wrong config state "use_aapl" which is always true by
default (config option "fruit:aapl").

We must use "nego_aapl" instead which is only true if the client
really negotiated this feature.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12541

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Jan 28 01:49:11 CET 2017 on sn-devel-144
2017-01-28 01:49:09 +01:00
Ralph Boehme
21d030e5bd selftest: add test for global "smb encrypt=off"
Test various combinations of having encryption globally turned off and
enabled (desired/required) on a share, with SMB1 UNIX Extensions and SMB3.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12520

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-01-27 22:00:17 +01:00
Ralph Boehme
573e8e15b3 selftest: disable SMB encryption in simpleserver environment
Encryption is currently not tested in this env so we can safely turn it
off. The next commit will add a blackbox tests that test combinations of
having encryption globally turned off and enabled (desired/required) on
a share.

This also adds a new share "enc_desired" with "smb encrypt = desired"
which will be used by the test in the next commit.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12520

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-01-27 22:00:17 +01:00
Ralph Boehme
f8d937b331 docs: impact of a global "smb encrypt=off" on a share with "smb encrypt=required"
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12520

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-01-27 22:00:17 +01:00
Ralph Boehme
b0b418c225 s3/smbd: ensure global "smb encrypt = off" is effective for share with "smb encrypt = desired"
If encryption is disabled globally, per definition we shouldn't allow
enabling encryption on individual shares.

The behaviour of specifying

[Global]
  smb encrypt = off

[share]
  smb encrypt = desired

must be an unecrypted tree connect to the share "share".

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12520

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-01-27 22:00:17 +01:00
Ralph Boehme
6ae63d42f5 s3/smbd: ensure global "smb encrypt = off" is effective for SMB 3.1.1 clients
If encryption is disabled globally, per definition we shouldn't allow
enabling encryption on individual shares.

The behaviour of setting

[Global]
  smb encrypt = off

[share]
  smb encrypt = required

must be to completely deny access to the share "share".

This was working correctly for clients when using SMB 3 dialects <
3.1.1, but not for 3.1.1 with a negprot encryption context.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12520

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-01-27 22:00:17 +01:00
Ralph Boehme
43a90cee46 s3/smbd: ensure global "smb encrypt = off" is effective for SMB 1 clients
If encryption is disabled globally, per definition we shouldn't allow
enabling encryption on individual shares.

The behaviour of setting

[Global]
  smb encrypt = off

[share_required]
  smb encrypt = required

[share_desired]
  smb encrypt = desired

must be to completely deny access to the share "share_required" and an
unencrypted connection to "share_desired".

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12520

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-01-27 22:00:17 +01:00
John Mulligan
f605332e1b docs: Improve description of "unix_primary_group" parameter in idmap_ad manpage
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12542

Signed-off-by: John Mulligan <jmulligan@nasuni.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Jan 27 20:58:18 CET 2017 on sn-devel-144
2017-01-27 20:58:18 +01:00
Stefan Metzmacher
348bcca768 selftest/Samba3: use "server min protocol = SMB3_00" for "ktest"
This verifies that clients can still connect with that setting.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12540

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Jan 27 12:03:39 CET 2017 on sn-devel-144
2017-01-27 12:03:39 +01:00
Stefan Metzmacher
c207f2a989 s3:smbd: allow "server min protocol = SMB3_00" to go via "SMB 2.???" negprot
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12540

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2017-01-27 08:09:15 +01:00
Stefan Metzmacher
5c7523890d s3:libsmb: use a local got_kerberos_mechanism variable in cli_session_creds_prepare_krb5()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-01-27 08:09:15 +01:00
Stefan Metzmacher
022fb7ea14 s3:client: don't use cli->use_kerberos && cli->got_kerberos_mechanism in smbspool.c
We already know if we want to use kerberos and there's no point
in altering the error message if we tried but failed to use kerberos.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-01-27 08:09:15 +01:00
Andreas Schneider
9d60ad53b8 rpc_server: Allow to configure the port range for RPC services
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12521

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2017-01-27 08:09:15 +01:00
Andreas Schneider
35dfa5c6e2 rpc_server: Use the RPC TCPIP ports of Windows
Since Windows Server 2008 Microsoft uses a different port range for RPC
services. Before it was 1024-65535 and they changed it to 49152-65535.

We should use the same range as these are the ports the firewall in AD
networks normally allow.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12521

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2017-01-27 08:09:15 +01:00
Uri Simchoni
2cf141ed45 waf: backport finding of pkg-config
Allow the builder to customize the location of pkg-config
utility by setting PKGCONFIG environment variable.

This is backported from upstream waf.

Thanks to Zentaro Kavanagh <zentaro@google.com> for
pointing that out and proposing the fix.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12529

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jan 25 04:23:00 CET 2017 on sn-devel-144
2017-01-25 04:23:00 +01:00
Günther Deschner
17a6e57fcc s4-torture: add more NDR tests for GetCorePrinterDrivers
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Tue Jan 24 14:42:34 CET 2017 on sn-devel-144
2017-01-24 14:42:34 +01:00
Günther Deschner
db7b812149 librpc/ndr: add [to_null] keyword to szPackageId in spoolss_CorePrinterDriver.
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2017-01-24 10:53:17 +01:00
Günther Deschner
56255c1c60 s4-torture: add some NDR tests for validating ndr_push_charset behavior.
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2017-01-24 10:53:17 +01:00
Günther Deschner
d30b008a64 pidl: use ndr_push_charset_to_null() when [to_null] keyword is used in IDL
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2017-01-24 10:53:17 +01:00
Günther Deschner
303ae2a023 librpc/ndr: add ndr_push_charset_to_null and increase library version (abi change)
We were crashing earlier when calculating the length of NULL strings in
fixed size arrays (noticed while replying with an empty
spoolss_CorePrinterDriver struct within the spoolss_GetCorePrinterDrivers
call).

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2017-01-24 10:53:17 +01:00
Volker Lendecke
9b0fc295ef winbind: Don't add duplicate IDs in wbinfo -r
We look at the netsamlogon_cache entry twice: Once in queryuser and
once in lookupusergroups_cached. This can add the group SID twice.

Use add_sid_to_array_unique to avoid this.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jan 24 02:36:19 CET 2017 on sn-devel-144
2017-01-24 02:36:19 +01:00
Volker Lendecke
a4733c7fde libcli: Add an overflow check
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-01-23 22:46:13 +01:00
Volker Lendecke
a3737ef6bc libcli: Do not overwrite pointer on realloc failure
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-01-23 22:46:13 +01:00
Volker Lendecke
18332a1743 winbind: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-01-23 22:46:13 +01:00
Ralph Boehme
326765923f s3/smbd: check for invalid access_mask smbd_calculate_access_mask()
This makes us pass "base.createx_access".

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12536

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-01-23 22:46:13 +01:00
Ralph Boehme
a3781d1cfe selftest: also run test base.createx_access against ad_dc
Fails currently, will be made to work in the next commit.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12536

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-01-23 22:46:13 +01:00
Zentaro Kavanagh
8ec6d8a6f2 Add explicit dependency on samba-debug from libinterfaces and libserverrole.
Currently these dependencies are indirect via a SAMBA_SUBSYSTEM
which does not propagate private library information. This results
in these 2 libraries getting generated with no RPATH information
in the ELF header.

Additional discussion [1].

[1] -
https://lists.samba.org/archive/samba-technical/2017-January/118078.html

Signed-off-by: Zentaro Kavanagh <zentaro@google.com>
Reviewed-by: Ralph Böhme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Jan 23 08:26:43 CET 2017 on sn-devel-144
2017-01-23 08:26:43 +01:00
Andrew Bartlett
0272986377 selftest: Remove unsued variables WINBINDD_PRIV_PIPE_DIR and wbsockprivdir
I can not find anything that uses these in the testsuite

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Sun Jan 22 22:15:01 CET 2017 on sn-devel-144
2017-01-22 22:15:01 +01:00
Andrew Bartlett
bd8d9559bf param: Remove winbindd privileged socket directory option
This option is unused and has not been used since before Samba 4.3
when the source4/ winbindd code went away.

The associated dynconfig parameters used for the default are also removed.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=10066

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2017-01-22 18:30:12 +01:00
Volker Lendecke
a551d3826d lib/util: Avoid a talloc in ms_fnmatch_protocol
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2017-01-22 18:30:12 +01:00
Volker Lendecke
b4ed72a2d3 s3/lib: Use ms_fnmatch_protocol in mask_match
This avoids the talloc/free through push_ucs2_talloc

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2017-01-22 18:30:12 +01:00
Volker Lendecke
f969be5441 lib: Add "is_case_sensitive" to ms_fnmatch_protocol
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2017-01-22 18:30:12 +01:00
Volker Lendecke
07d9a909ba lib/util/charset: Optimize next_codepoint for the ascii case
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2017-01-22 18:30:11 +01:00
Volker Lendecke
66cba9939b s3/locking: Avoid a talloc for nonexisting fetch_share_mode_unlocked
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2017-01-22 18:30:11 +01:00
Volker Lendecke
27daed8fcf smbd: Streamline get_ea_names_from_file
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2017-01-22 18:30:11 +01:00
Volker Lendecke
f827650c65 smbd: Fix an indentation
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2017-01-22 18:30:11 +01:00
Volker Lendecke
c687924eed smbd: Fix a few signed/unsigned hickups
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2017-01-22 18:30:11 +01:00
Volker Lendecke
13958236a9 lib: Avoid a "includes.h"
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2017-01-22 18:30:11 +01:00
Volker Lendecke
6faf30b31c smbd: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2017-01-22 18:30:11 +01:00
Volker Lendecke
9bed3e3043 lib: Avoid an includes.h
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2017-01-22 18:30:11 +01:00
Volker Lendecke
9af73f62ce lib: Add lib/util/server_id.h
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2017-01-22 18:30:11 +01:00
Björn Jacke
5059c8e2e3 vfs_default: unlock the right file in copy chunk
Signed-off-by: Bjoern Jacke <bj@sernet.de>
Reviewed-by: David Disseldorp <ddiss@samba.org>

Autobuild-User(master): Björn Jacke <bj@sernet.de>
Autobuild-Date(master): Sat Jan 21 17:00:54 CET 2017 on sn-devel-144
2017-01-21 17:00:54 +01:00
Björn Jacke
a5c2396173 replace: fix some trailing whitespaces
Signed-off-by: Bjoern Jacke <bj@sernet.de>
Reviewed-by: David Disseldorp <ddiss@samba.org>
2017-01-21 13:15:19 +01:00