1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

8664 Commits

Author SHA1 Message Date
Michael Adam
1c76746b63 notifyd: prevent NULL deref segfault in notifyd_peer_destructor
It seems it could happen that p->db == NULL in the list
from notifyd_clean_peers_next(). This has been seen in
a ctdb cluster when an node-internal ctdb interface is
brought down.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11930

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri May 20 17:32:55 CEST 2016 on sn-devel-144
2016-05-20 17:32:54 +02:00
Michael Adam
6b232b2720 smbd:close: only remove kernel share modes if they had been taken at open
This avoids errors due to 'not implemented' for SMB_VFS_KERNEL_FLOCK
on some file systems like glusterfs (with the vfs module). The only
other code path where SMB_VFS_KERNEL_FLOCK is called, is already protected.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11919

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Christian Ambach <ambi@samba.org>

Autobuild-User(master): Christian Ambach <ambi@samba.org>
Autobuild-Date(master): Thu May 19 02:34:36 CEST 2016 on sn-devel-144
2016-05-19 02:34:36 +02:00
Stefan Metzmacher
aa5760433b s3:smbd: fix anonymous authentication if signing is mandatory
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11910

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed May 18 15:49:46 CEST 2016 on sn-devel-144
2016-05-18 15:49:46 +02:00
Volker Lendecke
a5d49b7ce1 smbd: Fix an assert
This might stumble over stale entries

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11844
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-05-16 19:52:21 +02:00
Uri Simchoni
b51add1f3b smbd: remove "only user" and "username" parameters
These have long been superseded by "valid users"

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-05-06 01:32:24 +02:00
Christian Ambach
f85b30ae78 s3:smbd remove todo comments
as the service is set to be case insensitive for SMB2 now,
there is no need to set FLAG_CASELESS_PATHNAMES as flag

Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed May  4 05:00:36 CEST 2016 on sn-devel-144
2016-05-04 05:00:36 +02:00
Christian Ambach
a9ccd50b63 s3:smbd/filename remove smelly code
not sure how this chunk ended up there, but I agree with
the statement in the comment that behavior should not depend
on developer mode

make test does not seem to depend on it anymore.

This piece had some bad influence on the tests I wrote
for case insensitivite behavior of SMB2/3, so let us
remove this technical debt.

Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-05-04 01:28:23 +02:00
Christian Ambach
3242776861 s3:smbd/service apply some code formatting
reduce indentation in switch statement, obey 80 char line limit, use C99 bool

Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-05-04 01:28:23 +02:00
Christian Ambach
bb9f5ceeb3 s3:smbd/service disable case-sensitivity for SMB2/3 connections
in SMB2, there is no flag to let us know if the client wants to have case-sensitive behavior,
so in Auto mode, disable case-sensitivity

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11438
Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-05-04 01:28:23 +02:00
Ralph Boehme
a2c59d3e45 smbd: use remote arch caching
We're using the client guid as gencache db key, so this can only be used
with SMB 2_10 or higher.

The idea is that whenever we get a direct SMB2 negprot, we can then try
to see if a value is cached for the client's guid.

When a user logs off the cache entry is deleted.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-05-04 01:28:22 +02:00
Uri Simchoni
2c03d004f8 nt-quotas: fixup failure case for TRANSACT_GET_USER_QUOTA_FOR_SID
Fixup commit 0e01ed06a4
Add a missing return statement after generating error response to
the request.

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-04-29 02:15:23 +02:00
Stefan Metzmacher
79a71545bf s3:smbd: only mark real guest sessions with the GUEST flag
Real anonymous sessions don't get it.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11847

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-04-28 16:51:17 +02:00
Stefan Metzmacher
25ce97892a s3:smbd: make use SMB_SETUP_GUEST constant
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11847

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-04-28 16:51:17 +02:00
Volker Lendecke
10b0a8baa2 smbd: Avoid large reads beyond EOF
With unix extensions and oplocks=no mount.cifs from jessie reads beyond the
file end forever, and we are happy to return zeros....

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11878

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Apr 27 23:57:56 CEST 2016 on sn-devel-144
2016-04-27 23:57:56 +02:00
Partha Sarathi
07e2f4731e Fix the smb2_setinfo to handle FS info types and FSQUOTA infolevel
Signed-off-by: Partha Sarathi  <partha@exablox.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>

Autobuild-User(master): Uri Simchoni <uri@samba.org>
Autobuild-Date(master): Wed Apr 27 05:39:01 CEST 2016 on sn-devel-144
2016-04-27 05:39:01 +02:00
Ralph Boehme
052b855551 cleanupd: restart as needed
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11855

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Apr 19 20:35:33 CEST 2016 on sn-devel-144
2016-04-19 20:35:33 +02:00
David Disseldorp
b27c976e2e printing: use housekeeping period that matches cache time
The printcap housekeeping callback is scheduled to run every 60 seconds,
and invokes pcap_cache_reload() to reload of the printcap cache *if* the
"printcap cache time" period has expired.

Given that pcap_cache_reload() invocation is the only job of the
housekeeping callback, it makes much more sense to schedule it every
"printcap cache time" seconds, rather than every 60 seconds.

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2016-04-19 09:37:14 +02:00
Hemanth Thummala
cade673f5f Mask general purpose signals for notifyd.
Currently there is no signal handling available for notify daemon.
Signals like SIGHUP and SIGUSR1 can lead to terminate the notify
daemon. Masking these signals for notifyd as we are not handling them.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11840

Signed-off-by: Hemanth Thummala <hemanth.thummala@nutanix.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Apr 15 15:31:19 CEST 2016 on sn-devel-144
2016-04-15 15:31:19 +02:00
Ralph Boehme
99f2bbccbd CVE-2016-2114: s3:smbd: enforce "server signing = mandatory"
This fixes a regression that was introduced by commit
abb24bf8e8
("s3:smbd: make use of better SMB signing negotiation").

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11687

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-04-12 19:25:26 +02:00
Stefan Metzmacher
5cb4ee27f8 CVE-2016-2114: s3:smbd: use the correct default values for "smb signing"
This means an ad_dc will now require signing by default.
This matches the default behavior of Windows dc and avoids
man in the middle attacks.

The main logic for this hides in lpcfg_server_signing_allowed().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11687

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-04-12 19:25:25 +02:00
Christof Schmitt
d18a0ff9cb vfs: Add helper to check for missing VFS functions
Some VFS modules want to ensure that they implement all VFS functions.
This helper can be used to detect missing functions in the developer
build.

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-04-06 00:15:17 +02:00
Uri Simchoni
0e01ed06a4 smbd: do not cover up VFS failures to get quota
Now that the VFS follows the convention that get-quota
returns error only on error condition, and success
with zero quota if there is no quota assigned,
reply with an error if failing to obtain a user's
quota.

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-03-31 20:30:11 +02:00
Uri Simchoni
20a0d59d8c ntquotas - skip entry if the quota is zero
When listing user quotas, do not list the user
if the driver returned success with zero quota -
this signals that no quota is assigned for that
user.

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-03-31 20:30:10 +02:00
Uri Simchoni
78ae852dd7 nt-quotas: return 0 as indication of no quota
When getting user quota, the correct value to indicate "no quota"
is 0, not -1.

In [MS-FSCC] section 2.4.33 it is written that -1 designates no-quota.
However, careful read of that section shows that this designation is only
true when setting the quota, and this section says nothing about getting
the quota.

In [MS-FSA] section 2.1.5.20, it is written that "If SidList includes a SID
that does not map to an existing SID in the Open.File.Volume.QuotaInformation
list, the object store MUST return a FILE_QUOTA_INFORMATION structure
(as specified in [MS-FSCC] section 2.4.33) that is filled with zeros.

This is also verified experimentally and cleared with dochelp.

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-03-31 20:30:10 +02:00
Uri Simchoni
fcf6527202 nt-quotas: vfs_get_ntquota() return NTSTATUS
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-03-31 20:30:10 +02:00
Uri Simchoni
f1c84e49db s3-profile: reduce dependencies of smbprofile.h
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-03-28 20:45:16 +02:00
Jeremy Allison
82801f9ec8 s3: vfs: Use the new VFS functions for setting and getting DOS attributes.
This will make it easier to support those systems and file systems that
can store DOS attributes.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <rsharpe@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sun Mar 27 09:23:42 CEST 2016 on sn-devel-144
2016-03-27 09:23:42 +02:00
Richard Sharpe
a4e6250442 s3: vfs: Add VFS functions for setting and getting DOS attributes.
This will make it easier to support those systems and file systems that
can store DOS attributes. It should retain the original functionality if
VFS functions providing these things are not provided.

Signed-off-by: Richard Sharpe <rsharpe@samba.org>
Signed-off-by: Jeremy Allison <jra@samba.org>
2016-03-27 05:57:17 +02:00
Jeremy Allison
9377f3bce0 s3: smbd: DFS: Pass uint32_t ucf_flags through into unix_convert().
This allows vendors to ensure that flags such as UCF_PREP_CREATEFILE
are always passed to their VFS modules whilst smbd is doing pathname
lookup - even before the create VFS call is done.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Mar 26 00:08:40 CET 2016 on sn-devel-144
2016-03-26 00:08:40 +01:00
Jeremy Allison
6156c825bb s3: smbd: DFS: Pass uint32_t ucf_flags through into dfs_redirect().
Eventually move this down to the call to unix_convert()
inside the DFS code.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
2016-03-25 20:40:10 +01:00
Jeremy Allison
b96ae7c69e s3: smbd: DFS: Pass uint32_t ucf_flags through into resolve_dfspath_wcard().
Eventually move this down to the call to unix_convert()
inside the DFS code.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
2016-03-25 20:40:10 +01:00
Jeremy Allison
fca78dddb4 s3: smbd: DFS - Remove the last lp_posix_pathnames() from the SMB2/3 code paths.
lp_posix_pathnames() is only used in one place in SMB1 DFS
processing - in dealing with buggy clients, and not at all in SMB2/3.

Note that the removal of lp_posix_pathnames() in the initial detection
of path separator is a change in behavior - but the case where an
incoming DFS name *doesn't* begin with the correct separator is a client bug,
so I'm comfortable with making this change.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>

Autobuild-User(master): Uri Simchoni <uri@samba.org>
Autobuild-Date(master): Fri Mar 25 13:23:48 CET 2016 on sn-devel-144
2016-03-25 13:23:48 +01:00
Jeremy Allison
6ae59eb6d1 s3: smbd: Modify vfs_stat_smb_basename() to take a const struct smb_filename * instead of const char *.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2016-03-24 22:57:17 +01:00
Jeremy Allison
ce75fbf4e3 s3: smbd: Remove many common uses of lp_posix_pathnames().
Check the smb_filename->flags field, or req->posix_pathnames
instead, depending on what is available.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2016-03-24 22:57:16 +01:00
Jeremy Allison
be56fffe4b s3: smbd: Remove unneeded lp_posix_pathnames() check in SMB2 create.
Add a comment reminding me to re-add the check when SMB2
unix extensions are re-added.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2016-03-24 22:57:16 +01:00
Jeremy Allison
0f245c5ff4 s3: posix_acls. Always use STAT, not LSTAT here.
We have already refused acls on a symlink.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2016-03-24 22:57:16 +01:00
Jeremy Allison
dc5dad4813 s3: Filenames: Add uint32_t flags parameter to synthetic_smb_fname().
Get it from parent/deriving smb_filename if present.
Use 0 (as usually this a Windows-style lookup) if
not.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2016-03-24 22:57:16 +01:00
Jeremy Allison
2e302d7007 s3: smbd: Add uint32_t flags field to struct smb_filename.
Only one defined flag for now, SMB_FILENAME_POSIX_PATH.
Define as the same as FSP_POSIX_FLAGS_PATHNAMES to keep
the value consistent.

Set this inside unix_convert() when a posix path parse
is selected.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2016-03-24 22:57:16 +01:00
Jeremy Allison
09325a0ea6 s3:smbd: Move lp_posix_pathnames() out of ea_list_has_invalid_name().
External uses will be replaced by checks on struct smb_filename flags.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2016-03-24 22:57:16 +01:00
Richard Sharpe
8c9079991d Fix an obvious error where we were converting a UNIX error to an NT STATUS but not returning it.
Signed-off-by: Richard Sharpe <rsharpe@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-03-24 22:57:16 +01:00
Michael Adam
f81f3a2d78 smbd:smb2: add some asserts before decrementing the counters
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-03-22 00:23:21 +01:00
Michael Adam
7dbb1707d9 smbd:smb2: update outstanding request counters before sending a reply
This is part of the channel sequence number treatment of multi-channel.

Pair-Programmed-With: Guenther Deschner <gd@samba.org>

Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-03-22 00:23:21 +01:00
Michael Adam
71d2b19064 smbd:smb2: implement channel sequence checks and request counters in dispatch
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Pair-Programmed-With: Guenther Deschner <gd@samba.org>

Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-03-22 00:23:21 +01:00
Michael Adam
ae6967ea3e smbd:smb2: add request_counters_updated to the smbd_smb2_request struct
This will be used to keep track of whether the outstanding request
counters have been updated in the dispatch, so that the reply
code can act accordingly.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-03-22 00:23:21 +01:00
Michael Adam
088468195b smbd:smb2: add a modify flag to dispatch table
This indicates that an operation is a modifying operation.
Some parts of the upcoming channel sequence number logic
only applies to modify operations.

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-03-22 00:23:21 +01:00
Michael Adam
44f3dde857 smbd: fix use after free via conn->fsp_fi_cache
Some instrumentation of the the durable reconnect
code uncovered a problem in the fsp_new, fsp_free pair:

vfs_default_durable_reconnect():
  fsp_new() ==> this does DLIST_ADD(fsp->conn->sconn->files, fsp)
  if (fsp->oplock_type == LEASE_OPLOCK) {
    find_fsp_lease(fsp, &key, l) ==> this fills conn->fsp_fi_cache
    if (client guids not equal) {
      fsp_free(fsp) ==> this does DLIST_REMOVE(fsp->conn->sconn->files, fsp)
  }

so after this code we have the fsp_fi_cache still pointing to the
free'd memory. The next call to find_fsp_lease will use the cache
and hence access the freed memory.

The fix consists in invalidating the cache in fsp_free() instead
of just in its wrapper file_free().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11799

Pair-Programmed-With: Guenther Deschner <gd@samba.org>

Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Mar 17 04:31:10 CET 2016 on sn-devel-144
2016-03-17 04:31:10 +01:00
Uri Simchoni
67a29a8661 smbd: remove quota support for some ancient OSs
Remove quota support for SunOS4 and VxFS on Solaris 2

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-03-17 01:08:32 +01:00
Michael Adam
e85e4055b9 smbd: enable multi-channel if 'server multi channel support = yes' in the config
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Tue Mar 15 20:58:19 CET 2016 on sn-devel-144
2016-03-15 20:58:19 +01:00
Jeremy Allison
13dae2b46e s3:smbd: Change refuse_symlink() to take a const smb_filename * parameter from const char *.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2016-03-15 08:29:31 +01:00
Jeremy Allison
e7898c6d6c s3:smbd: Change get_ea_names_from_file() to take a const smb_filename * parameter from const char *.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2016-03-15 08:29:30 +01:00