IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
The previous commit removed all users of struct user_struct.vuid.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
session->compat->vuid is set to session->global->session_wire_id after a
successful session setup, so both variables will always carry the same value. Cf
the next commit which removes vuid from user_struct.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Found by "Christopher O Cowan - Christopher.O.Cowan@ibm.com" <Christopher.O.Cowan@ibm.com>
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Harmonize _netr_DsRGetForestTrustInformation with source4/ logic which
didn't change since DCE RPC channel refactoring.
With the current code we return RPC faul as can be seen in the logs:
2019/12/11 17:12:55.463081, 1, pid=20939, effective(1284200000, 1284200000), real(1284200000, 0), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug)
netr_DsRGetForestTrustInformation: struct netr_DsRGetForestTrustInformation
in: struct netr_DsRGetForestTrustInformation
server_name : *
server_name : '\\some-dc.example.com'
trusted_domain_name : NULL
flags : 0x00000000 (0)
[2019/12/11 17:12:55.463122, 4, pid=20939, effective(1284200000, 1284200000), real(1284200000, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1561(api_rpcTNP)
api_rpcTNP: fault(5) return.
This is due to this check in processing a request:
if (!(p->pipe_bound && (p->auth.auth_type != DCERPC_AUTH_TYPE_NONE)
&& (p->auth.auth_level != DCERPC_AUTH_LEVEL_NONE))) {
p->fault_state = DCERPC_FAULT_ACCESS_DENIED;
return WERR_ACCESS_DENIED;
}
and since we get AuthZ response,
Successful AuthZ: [netlogon,ncacn_np] user [EXAMPLE]\[admin] [S-1-5-21-1234567-890123456-500] at [Wed, 11 Dec 2019 17:12:55.461164 UTC]
Remote host [ipv4:Y.Y.Y.Y:59017] local host [ipv4:X.X.X.X:445]
[2019/12/11 17:12:55.461584, 4, pid=20939, effective(0, 0), real(0, 0)] ../lib/audit_logging/audit_logging.c:141(audit_log_json)
JSON Authorization: {"timestamp": "2019-12-11T17:12:55.461491+0000",
"type": "Authorization", "Authorization": {"version": {"major": 1, "minor": 1},
"localAddress": "ipv4:X.X.X.X:445", "remoteAddress": "ipv4:Y.Y.Y.Y:59017",
"serviceDescription": "netlogon", "authType": "ncacn_np",
"domain": "EXAMPLE", "account": "admin", "sid": "S-1-5-21-1234567-890123456-500",
"sessionId": "c5a2386f-f2cc-4241-9a9e-d104cf5859d5", "logonServer": "SOME-DC",
"transportProtection": "SMB", "accountFlags": "0x00000010"}}
this means we are actually getting anonymous DCE/RPC access to netlogon
on top of authenticated SMB connection. In such case we have exactly
auth_type set to DCERPC_AUTH_TYPE_NONE and auth_level set to
DCERPC_AUTH_LEVEL_NONE in the pipe->auth. Thus, returning an error.
Update the code to follow the same security level check as in s4 variant
of the call.
Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Mon Jan 13 15:05:28 UTC 2020 on sn-devel-184
The last Ceph Hammer release (0.94.10) came in Feb 2017, as is no longer
supported upstream. Drop support for building Samba vfs_ceph against
version prior to 0.94.0.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Sat Jan 11 14:59:36 UTC 2020 on sn-devel-184
libcephfs statx became available with the Kraken (11.2.0) release of
Ceph in Jan 2017. Versions prior to this are no longer supported
upstream, so we can drop support within Samba vfs_ceph.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
No change in the (rather strange) logic.
First step in abstracting MSDFS storage from direct symlink calls.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Jan 10 21:05:25 UTC 2020 on sn-devel-184
As discussed with Jeremy in bug 14232, the vfs_ceph.renameat_fn
implementation currently ignores srcfsp and dstfsp. As a result,
relative smb_fname_src/smb_fname_dest paths will be processed as
relative to cwd.
This is currently a valid assumption, as srcfsp and dstfsp should
always match conn->cwd_fsp. Add an assert to clarify this.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jan 9 20:20:05 UTC 2020 on sn-devel-184
TALLOC_FREE the fde before closing the fd. Otherwise the fde
destructor tries to remove a nonexisting fd from the epoll set.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jan 9 01:15:34 UTC 2020 on sn-devel-184
Following backtrace is observed on executing `smbstatus` with at least
one SMB client connection established:
PANIC: assert failed at ../../lib/dbwrap/dbwrap.c(82): rec->value_valid
PANIC (pid 350270): assert failed: rec->value_valid
BACKTRACE: 15 stack frames:
#0 /usr/local/lib/libsamba-util.so.0(log_stack_trace+0x1f)
[0x7fbbd9b32047]
#1 /usr/local/lib/libsmbconf.so.0(smb_panic_s3+0x74) [0x7fbbd9c1e6ff]
#2 /usr/local/lib/libsamba-util.so.0(smb_panic+0x28) [0x7fbbd9b32012]
#3 /usr/local/lib/samba/libdbwrap-
samba4.so(dbwrap_record_get_value+0x86) [0x7fbbd95800ac]
#4 /usr/local/lib/samba/libsmbd-base-samba4.so(+0x28f563)
[0x7fbbd999e563]
#5 /usr/local/lib/samba/libsamba-cluster-support-samba4.so(+0x7851)
[0x7fbbd92c7851]
#6 /usr/local/lib/samba/libsamba-cluster-support-
samba4.so(ctdbd_traverse+0x4ca) [0x7fbbd92cc641]
#7 /usr/local/lib/samba/libsamba-cluster-support-samba4.so(+0x73eb)
[0x7fbbd92c73eb]
#8 /usr/local/lib/samba/libsamba-cluster-support-samba4.so(+0x7a52)
[0x7fbbd92c7a52]
#9 /usr/local/lib/samba/libdbwrap-samba4.so(dbwrap_traverse_read+0x35)
[0x7fbbd9580de5]
#10 /usr/local/lib/samba/libsmbd-base-
samba4.so(smbXsrv_tcon_global_traverse+0xc5) [0x7fbbd999e7d9]
#11 smbstatus(connections_forall_read+0x114) [0x55d17872b8ee]
#12 smbstatus(main+0x7b2) [0x55d17872a2f3]
#13 /lib64/libc.so.6(__libc_start_main+0xf3) [0x7fbbd93a21a3]
#14 smbstatus(_start+0x2e) [0x55d17872894e]
Can not dump core: corepath not set up
Assertion on rec->value_valid fails as it is uninitialized in the
following functions:
traverse_read_callback
traverse_persistent_callback_read
Signed-off-by: Anoop C S <anoopcs@redhat.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jan 8 23:24:58 UTC 2020 on sn-devel-184
User newer debug macro and print full path to affected file.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jan 8 01:26:46 UTC 2020 on sn-devel-184
Any other error code from gpfs_set_share should never happen. Print a
error message in case this is ever encountered.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
GPFS file systems can be configured without support for share modes. As
this results in an unique error code, print a message explaining this
situation and the required config changes.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
As this denies access to a file, provide a better error message for
easier troubleshooting.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Follow the convention to return 0 on success and -1 when hitting an
error.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
The gpfs_set_share API call has been around for a long time and
definitely all supported GPFS versions have it. Remove the check and
fallback for old versions without this API.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This avoids a redundant error message in case the call to acquire the
sharemode had failed before.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
The fsp has a valid file descriptor when this function is called. No
need for the additional check.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
