1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

58423 Commits

Author SHA1 Message Date
Jeremy Allison
d1bc0d0b51 s3/smbd: Use after free when iterating smbd_server_connection->connections
Change conn_free() to just use a destructor. We now
catch any other places where we may have forgetten to
call conn_free() - it's implicit on talloc_free(conn).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15128

Based on code from Noel Power <noel.power@suse.com>.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>

Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Wed Aug 17 09:54:06 UTC 2022 on sn-devel-184

(cherry picked from commit f92bacbe21)
2022-08-23 07:45:16 +00:00
Jeremy Allison
56e1a9fc62 s3/smbd: Use after free when iterating smbd_server_connection->connections
In SMB2 smbd_smb2_tree_connect() we create a new conn struct
inside make_connection_smb2() then move the ownership to tcon using:

        tcon->compat = talloc_move(tcon, &compat_conn);

so the lifetime of tcon->compat is tied directly to tcon.

Inside smbXsrv_tcon_disconnect() we have:

 908                 ok = chdir_current_service(tcon->compat);
 909                 if (!ok) {
 910                         status = NT_STATUS_INTERNAL_ERROR;
 911                         DEBUG(0, ("smbXsrv_tcon_disconnect(0x%08x, '%s'): "
 912                                   "chdir_current_service() failed: %s\n",
 913                                   tcon->global->tcon_global_id,
 914                                   tcon->global->share_name,
 915                                   nt_errstr(status)));
 916                         tcon->compat = NULL;
 917                         return status;
 918                 }
 919
 920                 close_cnum(tcon->compat, vuid);
 921                 tcon->compat = NULL;

If chdir_current_service(tcon->compat) fails, we return status without ever having
called close_cnum(tcon->compat, vuid), leaving the conn pointer left in the linked
list sconn->connections.

The caller frees tcon and (by ownership) tcon->compat, still leaving the
freed tcon->compat pointer on the sconn->connections linked list.

When deadtime_fn() fires and walks the sconn->connections list it
indirects this freed pointer. We must call close_cnum() on error also.

Valgrind trace from Noel Power <noel.power@suse.com> is:

==6432== Invalid read of size 8
==6432==    at 0x52CED3A: conn_lastused_update (conn_idle.c:38)
==6432==    by 0x52CEDB1: conn_idle_all (conn_idle.c:54)
==6432==    by 0x5329971: deadtime_fn (smb2_process.c:1566)
==6432==    by 0x5DA2339: smbd_idle_event_handler (util_event.c:45)
==6432==    by 0x685F2F8: tevent_common_invoke_timer_handler (tevent_timed.c:376)

==6432==  Address 0x19074b88 is 232 bytes inside a block of size 328 free'd
==6432==    at 0x4C3451B: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==6432==    by 0x5B38521: _tc_free_internal (talloc.c:1222)
==6432==    by 0x5B39463: _tc_free_children_internal (talloc.c:1669)
==6432==    by 0x5B38404: _tc_free_internal (talloc.c:1184)
==6432==    by 0x5B39463: _tc_free_children_internal (talloc.c:1669)
==6432==    by 0x5B38404: _tc_free_internal (talloc.c:1184)
==6432==    by 0x5B39463: _tc_free_children_internal (talloc.c:1669)
==6432==    by 0x5B38404: _tc_free_internal (talloc.c:1184)
==6432==    by 0x5B39463: _tc_free_children_internal (talloc.c:1669)
==6432==    by 0x5B38404: _tc_free_internal (talloc.c:1184)
==6432==    by 0x5B385C5: _talloc_free_internal (talloc.c:1248)
==6432==    by 0x5B3988D: _talloc_free (talloc.c:1792)
==6432==    by 0x5349B22: smbd_smb2_flush_send_queue (smb2_server.c:4828)

==6432==  Block was alloc'd at
==6432==    at 0x4C332EF: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==6432==    by 0x5B378D9: __talloc_with_prefix (talloc.c:783)
==6432==    by 0x5B37A73: __talloc (talloc.c:825)
==6432==    by 0x5B37E0C: _talloc_named_const (talloc.c:982)
==6432==    by 0x5B3A8ED: _talloc_zero (talloc.c:2421)
==6432==    by 0x539873A: conn_new (conn.c:70)
==6432==    by 0x532D692: make_connection_smb2 (smb2_service.c:909)
==6432==    by 0x5352B5E: smbd_smb2_tree_connect (smb2_tcon.c:344)

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15128

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
(cherry picked from commit 0bdfb5a5e6)
2022-08-23 07:45:16 +00:00
Stefan Metzmacher
9cb4043727 s3:smbd: only clear LEASE_READ if there's no read lease is left
If contend_level2_oplocks_begin_default() skips break it's
own lease, we should not clear SHARE_MODE_LEASE_READ
in share_mode_data->flags.

Otherwise that lease won't see any lease break notifications
for writes from other clients (file handles not using the same lease
key).

So we need to count the number existing read leases (including
the one with the same lease key) in order to know it's
safe to clear SMB2_LEASE_READ/SHARE_MODE_LEASE_READ.

Otherwise the next run (likely from another client)
will get the wrong result from file_has_read_lease().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15148

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Aug 18 19:41:33 UTC 2022 on sn-devel-184

(cherry picked from commit 96e2a82760)
2022-08-23 07:45:16 +00:00
Stefan Metzmacher
19f285e080 s3:smbd: share_mode_flags_set() takes SMB2_LEASE_* values
We currently only ever pass SMB2_LEASE_READ and both
have the same value of 0x1, so for now it's only cosmetic,
but that will change soon.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15148

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 7592aad4d7)
2022-08-23 07:45:16 +00:00
Michael Tokarev
b75b5f60ba s3/util/py_net.c: fix samba-tool domain join&leave segfault
We process python args using PyArg_ParseTupleAndKeywords(), and use "p"
type modifier there.  According to documentation, this type modifier,
while works for a boolean type, expects an argument of type int. But in
py_net_join_member() and  py_net_leave() we use argument of type uint8_t
(no_dns_update, keep_account, r->in.debug). So when PyArg_ParseTupleAndKeywords()
tries to assign a value to &no_dns_update, it updates subsequent, unrelated bytes
too, - which ones depends on the stack and structure layout used by the compiler.

Fix this by using int type for all relevant variables, and by introducing proxy
variable "debug" (of the same type) for r->in.debug.

While at it, also ensure all variables have sensible default values.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15078

Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed May 25 06:19:32 UTC 2022 on sn-devel-184

(backported from commit 976326fa2b,
 cherry-pick -x with BUG: line added)

Autobuild-User(v4-16-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-16-test): Mon Aug  8 10:32:22 UTC 2022 on sn-devel-184
2022-08-08 10:32:22 +00:00
Andreas Schneider
529e86163a s3:rpcclient: Goto done in cmd_samr_setuserinfo_int()
We need to free the frame or we will run into:
    smb_panic (why=0x7fa8c511aa88 "Frame not freed in order.")

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15124

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 2b32d93222)

Autobuild-User(v4-16-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-16-test): Sun Jul 31 19:14:59 UTC 2022 on sn-devel-184
2022-07-31 19:14:59 +00:00
Ralph Boehme
e10ce26dcb mdssvc: return all-zero policy handle if spotlight is disabled
A Mac SMB server returns an all zero handle and an empty path if Spotlight is
disabled on a share. We must return the exact same error return in order to
trigger client-side searching.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=15086
pcap: https://www.samba.org/~slow/pcaps/mac-bigsur-smbserver-spotlight-disabled.pcapng.gz

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Noel Power <npower@samba.org>

Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Tue Jul 12 15:42:52 UTC 2022 on sn-devel-184

(cherry picked from commit 23e6e50c0f)
2022-07-31 18:09:11 +00:00
Ralph Boehme
5598ddaaf4 CI: fix check for correct mdsvc resonse when connecting to a share with Spotlight disabled
A Mac SMB server returns an all zero handle and an empty path if Spotlight is
disabled on a share. We must return the exact same error return in order to
trigger client-side searching.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=15086
pcap: https://www.samba.org/~slow/pcaps/mac-bigsur-smbserver-spotlight-disabled.pcapng.gz

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
(backported from commit 8e997bd6e9)
[slow@samba.org: conflicts in tests.py caused by unrelated tests]
2022-07-31 18:09:11 +00:00
Ralph Boehme
5fd138ad80 mdssvc: convert mds_init_ctx() to return NTSTATUS
No change in behavour. In preperation for returning a special error to signal
the caller that spotlight is disabled for a share.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=15086

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
(cherry picked from commit 72468166b2)
2022-07-31 18:09:11 +00:00
Jeremy Allison
74946420dd CVE-2022-32742: s3: smbd: Harden the smbreq_bufrem() macro.
Fixes the raw.write.bad-write test.

NB. We need the two (==0) changes in source3/smbd/reply.c
as the gcc optimizer now knows that the return from
smbreq_bufrem() can never be less than zero.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15085

Remove knownfail.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
2022-07-24 09:29:26 +02:00
Joseph Sutton
18b73e01ca CVE-2022-32746 ldb: Make use of functions for appending to an ldb_message
This aims to minimise usage of the error-prone pattern of searching for
a just-added message element in order to make modifications to it (and
potentially finding the wrong element).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15009

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2022-07-24 09:20:21 +02:00
Samuel Cabrero
89b914b3c5 s3:winbind: Use the canonical realm name to renew the credentials
Consider the following AD topology where all trusts are parent-child
trusts:

                   ADOM.AFOREST.AD
		   	|
            ACHILD.ADOM.AFOREST.AD
			|
AGRANDCHILD.ACHILD.ADOM.AFOREST.AD <-- Samba joined

When logging into the Samba machine using pam_winbind with kerberos enabled
with user ACHILD\user1, the ccache content is:

	Default principal: user1@ACHILD.ADOM.AFOREST.AD

	Valid starting       Expires              Service principal
	07/06/2022 16:09:23  07/06/2022 16:14:23  krbtgt/ACHILD.ADOM.AFOREST.AD@ACHILD.ADOM.AFOREST.AD
	        renew until 07/13/2022 16:09:23
-->	07/06/2022 16:09:23  07/06/2022 16:14:23  krbtgt/AGRANDCHILD.ACHILD.ADOM.AFOREST.AD@ACHILD.ADOM.AFOREST.AD <-- NOTE this TGT ticket
	        renew until 07/13/2022 16:09:23
	07/06/2022 16:09:23  07/06/2022 16:14:23  SAMBA$@AGRANDCHILD.ACHILD.ADOM.AFOREST.AD
	        renew until 07/13/2022 16:09:23

But when logging in with user ADOM\user1, the ccache content is:

	Default principal: user1@ADOM.AFOREST.AD

	Valid starting       Expires              Service principal
	07/06/2022 16:04:37  07/06/2022 16:09:37  krbtgt/ADOM.AFOREST.AD@ADOM.AFOREST.AD
	        renew until 07/13/2022 16:04:37
	07/06/2022 16:04:37  07/06/2022 16:09:37  SAMBA$@AGRANDCHILD.ACHILD.ADOM.AFOREST.AD
	        renew until 07/13/2022 16:04:37

MIT does not store the intermediate TGTs when there is more than one hop:

	ads_krb5_cli_get_ticket: Getting ticket for service [SAMBA$@AGRANDCHILD.ACHILD.ADOM.AFOREST.AD] using creds from [FILE:/tmp/krb5cc_11105] and impersonating [(null)]

	Getting credentials user1@ADOM.AFOREST.AD -> SAMBA$@AGRANDCHILD.ACHILD.ADOM.AFOREST.AD using ccache FILE:/tmp/krb5cc_11105
	Starting with TGT for client realm: user1@ADOM.AFOREST.AD -> krbtgt/ADOM.AFOREST.AD@ADOM.AFOREST.AD

	Requesting TGT krbtgt/AGRANDCHILD.ACHILD.ADOM.AFOREST.AD@ADOM.AFOREST.AD using TGT krbtgt/ADOM.AFOREST.AD@ADOM.AFOREST.AD
	Sending request to ADOM.AFOREST.AD
	Received answer from stream 192.168.101.32:88
	TGS reply is for user1@ADOM.AFOREST.AD -> krbtgt/ACHILD.ADOM.AFOREST.AD@ADOM.AFOREST.AD with session key rc4-hmac/D88B
-->	Received TGT for offpath realm ACHILD.ADOM.AFOREST.AD <-- NOTE this TGT ticket is not stored

	Requesting TGT krbtgt/AGRANDCHILD.ACHILD.ADOM.AFOREST.AD@ACHILD.ADOM.AFOREST.AD using TGT krbtgt/ACHILD.ADOM.AFOREST.AD@ADOM.AFOREST.AD
	Sending request (1748 bytes) to ACHILD.ADOM.AFOREST.AD
	Received answer (1628 bytes) from stream 192.168.101.33:88
	TGS reply is for user1@ADOM.AFOREST.AD -> krbtgt/AGRANDCHILD.ACHILD.ADOM.AFOREST.AD@ACHILD.ADOM.AFOREST.AD with session key rc4-hmac/D015
-->	Received TGT for service realm: krbtgt/AGRANDCHILD.ACHILD.ADOM.AFOREST.AD@ACHILD.ADOM.AFOREST.AD <-- NOTE this TGT is not stored

	Requesting tickets for SAMBA$@AGRANDCHILD.ACHILD.ADOM.AFOREST.AD, referrals on
	Sending request (1721 bytes) to AGRANDCHILD.ACHILD.ADOM.AFOREST.AD
	Received answer (1647 bytes) from stream 192.168.101.34:88
	TGS reply is for user1@ADOM.AFOREST.AD -> SAMBA$@AGRANDCHILD.ACHILD.ADOM.AFOREST.AD with session key aes256-cts/345A
	Received creds for desired service SAMBA$@AGRANDCHILD.ACHILD.ADOM.AFOREST.AD
	Storing user1@ADOM.AFOREST.AD -> SAMBA$@AGRANDCHILD.ACHILD.ADOM.AFOREST.AD in FILE:/tmp/krb5cc_11105

In the case of ACHILD\user1:

	ads_krb5_cli_get_ticket: Getting ticket for service [SAMBA$@AGRANDCHILD.ACHILD.ADOM.AFOREST.AD] using creds from [FILE:/tmp/krb5cc_2000] and impersonating [(null)]

	Getting credentials user1@ACHILD.ADOM.AFOREST.AD -> SAMBA$@AGRANDCHILD.ACHILD.ADOM.AFOREST.AD using ccache FILE:/tmp/krb5cc_2000
	Starting with TGT for client realm: user1@ACHILD.ADOM.AFOREST.AD -> krbtgt/ACHILD.ADOM.AFOREST.AD@ACHILD.ADOM.AFOREST.AD

	Requesting TGT krbtgt/AGRANDCHILD.ACHILD.ADOM.AFOREST.AD@ACHILD.ADOM.AFOREST.AD using TGT krbtgt/ACHILD.ADOM.AFOREST.AD@ACHILD.ADOM.AFOREST.AD
	Sending request to ACHILD.ADOM.AFOREST.AD
	Received answer from stream 192.168.101.33:88
	TGS reply is for user1@ACHILD.ADOM.AFOREST.AD -> krbtgt/AGRANDCHILD.ACHILD.ADOM.AFOREST.AD@ACHILD.ADOM.AFOREST.AD with session key rc4-hmac/0F60
-->	Storing user1@ACHILD.ADOM.AFOREST.AD -> krbtgt/AGRANDCHILD.ACHILD.ADOM.AFOREST.AD@ACHILD.ADOM.AFOREST.AD in FILE:/tmp/krb5cc_2000 <-- NOTE this TGT is stored
	Received TGT for service realm: krbtgt/AGRANDCHILD.ACHILD.ADOM.AFOREST.AD@ACHILD.ADOM.AFOREST.AD

	Requesting tickets for SAMBA$@AGRANDCHILD.ACHILD.ADOM.AFOREST.AD, referrals on
	Sending request (1745 bytes) to AGRANDCHILD.ACHILD.ADOM.AFOREST.AD
	Received answer (1675 bytes) from stream 192.168.101.34:88
	TGS reply is for user1@ACHILD.ADOM.AFOREST.AD -> SAMBA$@AGRANDCHILD.ACHILD.ADOM.AFOREST.AD with session key aes256-cts/3576
	Received creds for desired service SAMBA$@AGRANDCHILD.ACHILD.ADOM.AFOREST.AD
	Storing user1@ACHILD.ADOM.AFOREST.AD -> SAMBA$@AGRANDCHILD.ACHILD.ADOM.AFOREST.AD in FILE:/tmp/krb5cc_2000

The result is that winbindd can't refresh the tickets for ADOM\user1
because the local realm is used to build the TGT service name.

	smb_krb5_renew_ticket: Using FILE:/tmp/krb5cc_11105 as ccache for client 'user1@ADOM.AFOREST.AD' and service 'krbtgt/AGRANDCHILD.ACHILD.ADOM.AFOREST.AD@AGRANDCHILD.ACHILD.ADOM.AFOREST.AD'

	Retrieving user1@ADOM.AFOREST.AD -> krbtgt/AGRANDCHILD.ACHILD.ADOM.AFOREST.AD@ADOM.AFOREST.AD from FILE:/tmp/krb5cc_11105 with result: -1765328243/Matching credential not found (filename: /tmp/krb5cc_11105)

The canonical realm name must be used instead:

	smb_krb5_renew_ticket: Using FILE:/tmp/krb5cc_11105 as ccache for client 'user1@ADOM.AFOREST.AD' and service 'krbtgt/ADOM.AFOREST.AD@ADOM.AFOREST.AD'

	Retrieving user1@ADOM.AFOREST.AD -> krbtgt/ADOM.AFOREST.AD@ADOM.AFOREST.AD from FILE:/tmp/krb5cc_11105 with result: 0/Success
	Get cred via TGT krbtgt/ADOM.AFOREST.AD@ADOM.AFOREST.AD after requesting krbtgt/ADOM.AFOREST.AD@ADOM.AFOREST.AD (canonicalize off)
	Sending request to ADOM.AFOREST.AD
	Received answer from stream 192.168.101.32:88
	TGS reply is for user1@ADOM.AFOREST.AD -> krbtgt/ADOM.AFOREST.AD@ADOM.AFOREST.AD with session key aes256-cts/8C7B
	Storing user1@ADOM.AFOREST.AD -> krbtgt/ADOM.AFOREST.AD@ADOM.AFOREST.AD in FILE:/tmp/krb5cc_11105

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14979

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Jul 12 12:38:55 UTC 2022 on sn-devel-184

(cherry picked from commit 116af0df4f)

Autobuild-User(v4-16-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-16-test): Mon Jul 18 09:40:12 UTC 2022 on sn-devel-184
2022-07-18 09:40:12 +00:00
Samuel Cabrero
e388fe2b70 s3:winbind: Create service principal inside add_ccache_to_list()
The function can build the service principal itself, there is no
need to do it in the caller. This removes code duplication.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14979

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 8bef8e3de9)
2022-07-18 08:47:13 +00:00
Volker Lendecke
c5569b4f7a rpc_server3: Initialize mangle_fns in classic and spoolss
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15118
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>

Autobuild-User(master): Pavel Filipensky <pfilipensky@samba.org>
Autobuild-Date(master): Tue Jul 12 13:33:14 UTC 2022 on sn-devel-184

(cherry picked from commit 11d3d2aeac)
2022-07-18 08:47:13 +00:00
Christof Schmitt
52ac4ce232 nfs4_acls: Correctly skip chown when gid did not change
Commit 86f7af84 introduced a problem that a chown is always attempted,
even when the owning gid did not change. Then the ACL is set in the file
system as root. Fix the check by correctly comparing with gid, not uid.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15120

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Christof Schmitt <cs@samba.org>
Autobuild-Date(master): Wed Jul 13 17:30:30 UTC 2022 on sn-devel-184

(cherry picked from commit a6ccceb97e)
2022-07-18 08:47:13 +00:00
Andreas Schneider
a708af3665 s3:libads: Check if we have a valid sockaddr
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15106

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit fbf134c8d9)

Autobuild-User(v4-16-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-16-test): Mon Jul 11 11:33:49 UTC 2022 on sn-devel-184
2022-07-11 11:33:49 +00:00
Andreas Schneider
42edafd3ed s4:libads: Fix trailing whitespaces in ldap.c
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15106

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit d96a6cafe5)
2022-07-11 10:27:17 +00:00
Volker Lendecke
54ad51cd3c smbd: Make non_widelink_open() robust for non-cwd dirfsp
If you pass in dirfsp!=conn->cwd_fsp and a stream fsp, we don't chdir
to the parent pathname, and thus we also don't overwrite
fsp->base_fsp.

fsp->base_fsp!=NULL is thus the wrong condition to restore the
original base fsp name: If we open a stream with a non-cwd_fsp dirfsp,
we would overwrite fsp->base_fsp->fsp_name with NULL.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15105

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 280e9191cb)
2022-07-11 10:27:17 +00:00
Andreas Schneider
cce25171f7 s3:printing: Do not clear the printer-list.tdb
With the new dcerpc architecture we need to keep printer-list.tdb
around. A spoolss dcerpc call will start rpc-spoolssd which will then
start the background queue process. However in order to enum the
printers we need have a printer-list.tdb. Depending on the number of
printers this task can take several seconds. It is unlinkly that
the printer-list will change all the time, so we might provide outdated
data till it gets refreshed, but this is better than providing no
printer list at all.

If there are a lot of printers, the idle_seconds for the rpc-spoolssd
should be increased so that the background task can finish.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15082

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 9080cd30d5)
2022-07-11 10:27:17 +00:00
Andreas Schneider
becccbae32 s3:waf: Fix version number of public libsmbconf
Error: ldconfig: /lib64/libsmbconf.so.0 is not a symbolic link

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15108

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 8458449ddf)

Autobuild-User(v4-16-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-16-test): Mon Jun 27 08:25:10 UTC 2022 on sn-devel-184
2022-06-27 08:25:10 +00:00
Jeremy Allison
58bdf100b2 s3: VFS: streams_xattr: Add the same accommodation to streams_xattr_unlinkat() as used in streams_xattr_renameat().
vfs_fruit passes a synthetic filename here where smb_fname->fsp==NULL
when configured to use "fruit:resource = stream" so we need to use
synthetic_pathref() to get an fsp on the smb_fname->base_name
in order to call SMB_VFS_FREMOVEXATTR().

This is the same change we already use in streams_xattr_renameat()
and streams_xattr_stat(), the other pathname operations we implement
here.

Remove knownfail.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15099

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>

Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Mon Jun 20 14:24:20 UTC 2022 on sn-devel-184

(backported from commit 808a7b8b76)

Autobuild-User(v4-16-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-16-test): Thu Jun 23 08:43:30 UTC 2022 on sn-devel-184
2022-06-23 08:43:30 +00:00
Jeremy Allison
81dc0832ee s3: tests: Add test that shows smbd crashes using vfs_fruit with fruit:resource = stream on deleting a file.
Add knownfail.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15099

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
(backported from commit 238b2cbb8f)
2022-06-23 07:35:08 +00:00
Noel Power
94a94383bb s3/client: fix dfs deltree, resolve dfs path
since 4cc4938a28 do_list seems
to deal with non dfs root path, hence we need to resolve the
path before calling cli_unlink.

Also remove the knownfail

We additionally have to also remove the fallback to remove 'file3'
int the smbcacls_dfs_propagate_inherit.teardown as the deltree
that happens in the baseclass now succeeds.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15100

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Jun 17 17:12:07 UTC 2022 on sn-devel-184

(cherry picked from commit 81fdcf95ae)

Autobuild-User(v4-16-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-16-test): Mon Jun 20 10:56:52 UTC 2022 on sn-devel-184
2022-06-20 10:56:52 +00:00
Noel Power
659d6140f1 Add test smbclient 'delree' of dir (on DFS share)
deltree of a file on a DFS share results in NT_STATUS_OBJECT_PATH_NOT_FOUND
Addionally add a knownfail for this (to be removed in subsequent patch
to fix bug)
We also need to add a knownfail (which will not be removed) for the
new test which will fail in smb1 envs

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15100

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 23a5a05db0)
2022-06-20 10:00:16 +00:00
Noel Power
8bac5eedc7 s3/client: fix dfs delete, resolve dfs path
since 4cc4938a28 do_list seems
to deal with non dfs root path, hence we need to resolve the
path before calling cli_unlink.

Also remove the knownfail

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15100

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 7c4cb49823)
2022-06-20 10:00:16 +00:00
Noel Power
2f105c9f54 Add test smbclient 'del' of file (on DFS share)
del of a file on a DFS share results in NT_STATUS_OBJECT_PATH_NOT_FOUND

Addionally add a knownfail (will be removed in following patch to
fix the bug)
We also need to add a knownfail (which will not be removed) for the
new test which will fail in smb1 envs

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15100

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
(back-ported from commit db1b4df0ab)
2022-06-20 10:00:16 +00:00
Andreas Schneider
a9f87b9278 s3:utils: Fix missing space in testparm output
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15097

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit 7009fb1a10)

Autobuild-User(v4-16-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-16-test): Sat Jun 18 09:55:28 UTC 2022 on sn-devel-184
2022-06-18 09:55:28 +00:00
Samuel Cabrero
87f5949434 Revert "s3:smbd: Remove NIS support"
This partly reverts commit edda7a329e.

Revert the chunks related to netgroups and skip NIS support related ones.
Use getdomainname() from glibc instead of yp_get_default_domain() from
libnsl to get the NIS domain name.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15087

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 21796ef8f8)
2022-06-12 09:19:16 +00:00
Samuel Cabrero
16df1ed429 Revert "s3:auth: Fix user_in_list() for UNIX groups"
This partly reverts commit 6dc463d3e2.

Reverted to allow next revert commits to apply cleanly. Do not recreate
selftest/knownfail.d/usernamemap file.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15087

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit dbf3d217e3)
2022-06-12 09:19:16 +00:00
Robert Sprowson
bb60c85153 s3:smbd: Out-by-4 error in smbd read reply max_send clamp
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14443

Signed-off-by: Robert Sprowson <webpages@sprow.co.uk>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jun  8 19:50:08 UTC 2022 on sn-devel-184

(cherry picked from commit 174a76cc27)

Autobuild-User(v4-16-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-16-test): Thu Jun  9 11:14:52 UTC 2022 on sn-devel-184
2022-06-09 11:14:52 +00:00
Andreas Schneider
1397656ceb s3:printing: Start samba-bgqd as soon as possible
We need some time to fill the printcap cache.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15081

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit ac16351ff5)

Autobuild-User(v4-16-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-16-test): Thu Jun  9 10:03:29 UTC 2022 on sn-devel-184
2022-06-09 10:03:29 +00:00
Andreas Schneider
8507fa6fc7 s3:printing: Initialize the printcap cache as soon as the bgqd starts
As soon as the background daemon starts, we need to initialize the
printcap cache so that rpcd-spoolssd can serve printers.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15081

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 3b5b80e996)
2022-06-09 08:54:17 +00:00
Ralph Boehme
b8cc300d22 vfs_gpfs: use handle based gpfswrap_get_winattrs()
Fixes detecting offline flag for files in snapshot – no idea if this is
actually expected.

Replaces path based gpfswrap_get_winattrs_path() with handle based version
gpfswrap_get_winattrs(). When dealing with files in snapshots fsp->fsp_name
points to the active dataset, which will cause ENOENT failures if files are
deleted there any only present in the snapshot.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15069

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
(cherry picked from commit 8ae672f955)
2022-06-09 08:54:16 +00:00
Ralph Boehme
bdb2714671 vfs_gpfs: finally: use gpfswrap_fgetacl() instead of gpfswrap_getacl()
Replaces path based gpfswrap_getacl() with handle based version
gpfswrap_fgetacl(). When dealing with files in snapshots fsp->fsp_name points to
the active dataset, which will cause ENOENT failures if files are deleted there
any only present in the snapshot:

[2022/05/06 11:32:55.233435,  4, pid=12962, effective(1460548, 273710), real(1460548, 0)]
   calling open_file with flags=0x0 flags2=0x800 mode=0644, access_mask = 0x80, open_access_mask = 0x80
[2022/05/06 11:32:55.233460, 10, pid=12962, effective(1460548, 273710), real(1460548, 0), class=vfs]
   gpfs_get_nfs4_acl invoked for dir/subdir/file.txt
[2022/05/06 11:32:55.233495,  5, pid=12962, effective(1460548, 273710), real(1460548, 0), class=vfs]
   smbd_gpfs_getacl failed with No such file or directory
[2022/05/06 11:32:55.233521,  9, pid=12962, effective(1460548, 273710), real(1460548, 0), class=vfs]
   gpfs_getacl failed for dir/subdir/file.txt with No such file or directory
[2022/05/06 11:32:55.233546, 10, pid=12962, effective(1460548, 273710), real(1460548, 0)]
   smbd_check_access_rights_fsp: Could not get acl on dir/subdir/file.txt {@GMT-2022.05.04-11.58.53}: NT_STATUS_OBJECT_NAME_NOT_FOUND

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15069

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
(cherry picked from commit a0dc4c9026)
2022-06-09 08:54:16 +00:00
Ralph Boehme
069354e748 vfs_gpfs: pass fsp to gpfs_getacl_with_capability()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15069

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
(cherry picked from commit 1b2c70f4d1)
2022-06-09 08:54:16 +00:00
Ralph Boehme
bce1de5580 vfs_gpfs: pass fsp to vfs_gpfs_getacl()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15069

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
(cherry picked from commit ac458648aa)
2022-06-09 08:54:16 +00:00
Ralph Boehme
a039780c01 vfs_gpfs: use fsp in gpfsacl_get_posix_acl()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15069

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
(cherry picked from commit 3764be7031)
2022-06-09 08:54:16 +00:00
Ralph Boehme
d922218819 vfs_gpfs: pass fsp to gpfsacl_get_posix_acl()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15069

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
(cherry picked from commit c26efe0c23)
2022-06-09 08:54:16 +00:00
Ralph Boehme
f752c38974 vfs_gpfs: pass fsp to gpfs_get_nfs4_acl()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15069

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
(cherry picked from commit 5f4625a285)
2022-06-09 08:54:16 +00:00
Ralph Boehme
2a50ba5ae1 vfs_gpfs: pass fsp to gpfsacl_emu_chmod()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15069

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
(cherry picked from commit ad06d80683)
2022-06-09 08:54:16 +00:00
Ralph Boehme
ea39a8894a vfs_gpfs: indentation and README.Coding fixes
Best viewed with git show -w.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15069

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
(cherry picked from commit a0f7ced610)
2022-06-09 08:54:16 +00:00
Noel Power
e3de2bdb85 s3/client: Restore '-E' handling
Sometimes we really do need to redirect output to stderr
e.g. when using the tar command to output the archive to stdout
we don't want debug or cmdline status messages straying into stdout.

was removed with commit: e4474ac0a5

remove known fail for the test

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15075
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Tue May 24 10:29:27 UTC 2022 on sn-devel-184

(cherry picked from commit 56e1798171)

Autobuild-User(v4-16-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-16-test): Mon May 30 09:10:47 UTC 2022 on sn-devel-184
2022-05-30 09:10:47 +00:00
Noel Power
239e0759db s3/script/tests: Test smbclient -E redirects output to stderr
Add new test to ensure smbclient is writing to stderr (with '-E')
Add knownfail for this test (will be removed when issue is fixed in
later commit)

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15075
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 5b6493043f)
2022-05-30 08:15:10 +00:00
Samuel Cabrero
53ac81eef2 s3:libads: Clear previous CLDAP ping flags when reusing the ADS_STRUCT
Before commit 1d066f37b9, when the LDAP
connection wasn't established yet (ads->ldap.ld == NULL), the
ads_current_time() function always allocated and initialized a new
ADS_STRUCT even when ads->ldap.ss had a good address after having called
ads_find_dc().

After that commit, when the ADS_STRUCT is reused and passed to the
ads_connect() call, ads_try_connect() may fail depending on the
contacted DC because ads->config.flags field can contain the flags
returned by the previous CLDAP call. For example, when having 5 DCs:

* 192.168.101.31 has PDC FSMO role
* 192.168.101.32
* 192.168.101.33
* 192.168.101.34
* 192.168.101.35

$> net ads info -S 192.168.101.35

net_ads_info()
  ads_startup_nobind()
    ads_startup_int()
      ads_init()
      ads_connect()
        ads_try_connect(192.168.101.35)
          check_cldap_reply_required_flags(returned=0xF1FC, required=0x0)
  ads_current_time()
    ads_connect()
      ads_try_connect(192.168.101.35)
        check_cldap_reply_required_flags(returned=0xF1FC, required=0xF1FC)

The check_cldap_reply_required_flags() call fails because
ads->config.flags contain the flags returned by the previous CLDAP call,
even when the returned and required values match because they have
different semantics:

  if (req_flags & DS_PDC_REQUIRED)
        RETURN_ON_FALSE(ret_flags & NBT_SERVER_PDC);

  translates to:

  if (0xF1FC & 0x80)
        RETURN_ON_FALSE(0xF1FC & 0x01);

  which returns false because 192.168.101.35 has no PDC FSMO role.

The easiest fix for now is to reset ads->config.flags in
ads_current_time() when reusing an ADS_STRUCT before calling
ads_connect(), but we should consider storing the required and returned
flags in different fields or at least use the same bitmap for them
because check_cldap_reply_required_flags() is checking a
netr_DsRGetDCName_flags value using the nbt_server_type bitmap.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14674

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon May 23 19:18:38 UTC 2022 on sn-devel-184

(cherry picked from commit a26f535ded)
2022-05-30 08:15:10 +00:00
Volker Lendecke
f23f9132f7 srvsvc: Announce [username] in NetShareEnum
This patch has two flaws: First, it does not cover api_RNetShareEnum()
for SMB1, and the second one is: To make this elegant, we would have
to restructure our share handling. It is really only listing shares
for which we have to pull in everything from smb.conf, registry,
usershares and potentially printers. What we should do is modify our
loadparm handling to only load share definitions on demand and for
listing shares handle all the potential sources specially. Add code
that walks the registry shares without adding them to our services
list and so on.

This patch is the quick&dirty way to fix the bug, the alternative
would be weeks or more. And hopefully nobody notices the SMB1
problem...

Bug: https://bugzilla.samba.org/show_bug.cgi?id=15062

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed May 18 17:42:20 UTC 2022 on sn-devel-184

(cherry picked from commit 04e0e02c69)

Autobuild-User(v4-16-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-16-test): Fri May 20 09:10:43 UTC 2022 on sn-devel-184
2022-05-20 09:10:43 +00:00
Volker Lendecke
344ff937f2 srvsvc: Add a central return point to init_srv_share_info_ctr()
Soon there will be cleanup work to do.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=15062

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 20cbade5b1)
2022-05-20 08:17:17 +00:00
Volker Lendecke
807ce67629 selftest: Test for bug 15062 -- list "username" in netshareenum
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15062

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 3145131809)
2022-05-20 08:17:17 +00:00
Jeremy Allison
25b7144283 s3: smbd: Allow a durable handle on a leased stat-open.
Remove knownfail.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15042

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

(back-ported from commit fe7daae8c4)

Autobuild-User(v4-16-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-16-test): Mon May  9 08:18:05 UTC 2022 on sn-devel-184
2022-05-09 08:18:05 +00:00
Christof Schmitt
09b07aec70 vfs_gpfs: Ignore pathref fds for gpfs:recalls check
Setting gpfs:recalls=no should prevent data access to offline files.
Since Samba 4.14, the VFS openat function is also called with O_PATH to
get a reference to the path. These accesses should not be blocked,
otherwise this would prevent offline files from being included in
directory listings.

Fix this by skipping the check for pathref fds.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15055

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Apr 28 07:59:47 UTC 2022 on sn-devel-184

(cherry picked from commit 03d0dd2651)

Autobuild-User(v4-16-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-16-test): Mon May  2 08:23:01 UTC 2022 on sn-devel-184
2022-05-02 08:23:01 +00:00
Andreas Schneider
6cbaa31fe0 s3:passdb: Also allow to handle UPNs in lookup_name_smbconf()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15054

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 28fc44f285)

Autobuild-User(v4-16-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-16-test): Thu Apr 28 09:03:34 UTC 2022 on sn-devel-184
2022-04-28 09:03:34 +00:00