1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-25 23:21:54 +03:00
Commit Graph

123812 Commits

Author SHA1 Message Date
Ralph Boehme
6da16727e1 smb: rename NTCREATEX_OPTIONS_PRIVATE_DENY_DOS to NTCREATEX_FLAG_DENY_DOS
Just a shorter name, no change in behaviour.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-10-23 17:44:33 +00:00
Stefan Metzmacher
d08a6b4200 librpc/dcesrv_core: let dcesrv_call_dispatch_local() call context->iface->reply()
This is needed in order to get NDR_PRINT_FUNCTION_DEBUG(..., NDR_OUT) called.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14551

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>

Autobuild-User(master): Samuel Cabrero <scabrero@samba.org>
Autobuild-Date(master): Fri Oct 23 17:24:37 UTC 2020 on sn-devel-184
2020-10-23 17:24:37 +00:00
Stefan Metzmacher
7bd321e71b librpc/dcesrv_core: assert that dcesrv_call_dispatch_local() never gets async.
This is just not supported for now...

We would need a dcesrv_call_dispatch_local_send/recv in order to
support async calls.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14551

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
2020-10-23 16:02:37 +00:00
Stefan Metzmacher
42e79cee3d librpc/dcesrv_core: make use of dcerpc_fault_to_nt_status() in dcesrv_call_dispatch_local()
The caller wants to get a useful NTSTATUS instead of a generic
NT_STATUS_NET_WRITE_FAULT.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14551

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
2020-10-23 16:02:37 +00:00
Stefan Metzmacher
7c8a7e8a15 librpc/dcesrv_core: move two rpcint_dispatch() copies into dcesrv_call_dispatch_local()
We only need this function once, so that we need to fix bugs only once...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14551

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
2020-10-23 16:02:37 +00:00
Andreas Schneider
3b5b23ea84 examples:auth: Do not install example plugin
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14550

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Oct 23 15:32:08 UTC 2020 on sn-devel-184
2020-10-23 15:32:08 +00:00
Andreas Schneider
6e25613a31 s3:modules: Do not install vfs modules only used for testing
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14550

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2020-10-23 14:09:43 +00:00
Andreas Schneider
2d89ddb012 unittests: Mark test binaries for selftest
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14550

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2020-10-23 14:09:43 +00:00
Andreas Schneider
8fa0d3331b buildtools: Do not install binaries which are for selftest
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14550

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2020-10-23 14:09:43 +00:00
Andreas Schneider
9bc9f8ce66 s3:script: Fix test_dfree_quota.sh
source3/script/tests/test_dfree_quota.sh: line 200: [: missing `]'

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14550

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2020-10-23 14:09:42 +00:00
Ralph Boehme
63a4e88358 smbd: split out POSIX info_levels from smbd_do_setfilepathinfo() into own function
smbd_do_setfilepathinfo() can be made fully handle based for all non-POSIX
infolevels with pathref fsps, but for a POSIX create we may not have a fsp if
the path points at a symlink.

Splitting the POSIX from the non-POSIX logic allows for cleaner handling of this
in the future with pathref fsps.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Oct 23 09:19:12 UTC 2020 on sn-devel-184
2020-10-23 09:19:12 +00:00
Ralph Boehme
537069b6e0 smbd: mark UCF_UNIX_NAME_LOOKUP as unused
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-10-23 07:56:33 +00:00
Ralph Boehme
df92b06f5b smbd: remove use of UCF_UNIX_NAME_LOOKUP
This is now handled by SMB_FILENAME_POSIX_PATH.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-10-23 07:56:33 +00:00
Ralph Boehme
29e212dd6a smbd: use UCF_POSIX_PATHNAMES flag for path validation logic in filename_convert_internal()
This change means that if a client path is a symlink, we *always* only call
check_veto_path() for POSIX clients using a POSIX pathname, not just when a
POSIX info-level was used in an SMB request.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-10-23 07:56:33 +00:00
Ralph Boehme
71a5759623 smbd: base POSIX semantics of call_trans2findfirst() on SMB_FILENAME_POSIX_PATH flag
We really want to apply POSIX semantics in this place whenever the client has
enabled UNIX extensions, not only when using UNIX find info-levels.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-10-23 07:56:33 +00:00
Ralph Boehme
2e5e49e41d smbd: let directory entries inherit the smb_fname->flags from the directory
If the listed directory has SMB_FILENAME_POSIX_PATH set, this change causes the
smb_fname of directory entries to inherit the flag so subsequent operations on
the directory entry can correctly implement POSIX semantics.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-10-23 07:56:33 +00:00
Ralph Boehme
42b8a431f0 smbd: base POSIX semantics in call_trans2findfirst() on req->posix_pathnames
This will require a SMB1 client to enable SMB1 POSIX extensions, just sending
POSIX info-level requests without first enabling them won't cut it.

As discussed with Jeremy, SMB1 POSIX extensions is a global thing and the client
that wants to use it is expected to enable them explicitly before making use of
POSIX info-levels.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-10-23 07:56:33 +00:00
Ralph Boehme
0d6d53a920 vfs_default: allow dirfsps in the link VFS functions
The functions work just fine with real dirfsps.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-10-23 07:56:32 +00:00
Ralph Boehme
5161edbdb2 selftest: remove POSIX test from planned tests for ad_dc_ntvfs environ
Just don't run the tests instead of retrofitting them to the skiplist.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-10-23 07:56:32 +00:00
Ralph Boehme
219a44ee5f vfs_streams_depot: only assert AT_FDCWD for streams
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-10-23 07:56:32 +00:00
Ralph Boehme
ac45ce0227 vfs_streams_xattr: only assert AT_FDCWD for streams
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-10-23 07:56:32 +00:00
Ralph Boehme
3caf53a054 smbd: fix order of smb_fname flags and twrp args in call_trans2findfirst()
Also not creating a BUG for this one as I've not seen any reports from the field
that this is causing issues.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-10-23 07:56:32 +00:00
Ralph Boehme
3df5f851c6 smbd: fix order of smb_fname flags and twrp args in unlink_internals()
As snapshots are read-only by design, this bug was likely not a real issue so
I'm not creating a BUG for this.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-10-23 07:56:32 +00:00
Ralph Boehme
c4cbe0610c vfs: make dirfsp arg to SMB_VFS_READLINKAT() const
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-10-23 07:56:32 +00:00
Stefan Metzmacher
54b4d2d3cb wb_sids2xids: defer/skip wb_lookupsids* unless we get ID_TYPE_WB_REQUIRE_TYPE
We try to give a valid hint for predefined sids and
pass ID_TYPE_BOTH as a hint that the domain part of the sid is valid.

In most cases the idmap child/backend does not require a type_hint
as mappings already exist.

This is a speed up as we no longer need to contact a domain controller.

It's also possible to accept kerberos authentication without reaching
out to a domain controller at all (if the idmap backend doesn't need a
hint).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Oct 23 04:47:26 UTC 2020 on sn-devel-184
2020-10-23 04:47:26 +00:00
Stefan Metzmacher
493f5d6b07 winbindd: allow idmap backends to mark entries with ID_[TYPE_WB_]REQUIRE_TYPE
This must only be used between winbindd parent and child!
It must not leak into outside world.

Some backends require ID_TYPE_UID or ID_TYPE_GID as type_hint,
while others may only need ID_TYPE_BOTH in order to validate that
the domain exists.

This will allow us to skip the wb_lookupsids_send/recv in the winbindd parent
in future and only do that on demand.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2020-10-23 03:25:37 +00:00
Stefan Metzmacher
c55f4f3758 wb_sids2xids: build state->idmap_doms based on wb_parent_idmap_config
In future we'll try to avoid wb_lookupsids_send() and only call
it if needed.

The domain name passed should be only relevant to find the correct
idmap backend, and these should all be available in
wb_parent_idmap_config as it was created before the idmap child was forked.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2020-10-23 03:25:37 +00:00
Stefan Metzmacher
3f4626ea6d wb_sids2xids: fill cache as soon as possible
After adding entries to the cache we can mark them
as filled from the cache by setting its domain_index
to UINT32_MAX.

This will allow further changes to fill the results
into state->all_ids in steps.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2020-10-23 03:25:37 +00:00
Stefan Metzmacher
374acc2e5f wb_sids2xids: directly use state->all_ids to collect results
In order to translate the indexes from state->lookup_sids[]
for wb_lookupsids_send/recv() and state->map_ids.ids[]
for dcerpc_wbint_Sids2UnixIDs_send/recv() back to
state->all_ids.ids[] or state->sids[] we have state->tmp_idx[].

This simplifies wb_sids2xids_recv() a lot and make further
restructuring much easier.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2020-10-23 03:25:37 +00:00
Stefan Metzmacher
19c8b6a8b1 wb_sids2xids: change 'i' to 'li' in wb_sids2xids_lookupsids_done()
With all the indexes we have into various array, this makes clear
'li' is the index into the state->lookup_sids array.

This makes the following changes easier to review.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2020-10-23 03:25:37 +00:00
Stefan Metzmacher
cda61f592a wb_sids2xids: refactor wb_sids2xids_done() a bit
Here we don't change the logic.

It will make the following changes easier.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2020-10-23 03:25:36 +00:00
Stefan Metzmacher
f6bb0ed21f wb_sids2xids: inline wb_sids2xids_extract_for_domain_index() into wb_sids2xids_next_sids2unix()
Instead of re-creating the dom_ids element,
we just use a pre-allocated map_ids_in array.

This is a bit tricky as we need to use map_ids_out as a copy of
map_ids_in, because the _ids argument of dcerpc_wbint_Sids2UnixIDs_send()
in [in,out], which means that _ids->ids is changed between
dcerpc_wbint_Sids2UnixIDs_send() and dcerpc_wbint_Sids2UnixIDs_recv()!

If the domain doesn't need any mappings, we'll move to the next domain
early, for now this can't happend but it will in future.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2020-10-23 03:25:36 +00:00
Stefan Metzmacher
231c8d04b1 wb_sids2xids: move more checks to wb_sids2xids_next_sids2unix()
For the first run this is a no-op, but it simplified the caller.

We'll call wb_sids2xids_next_sids2unix() in a few more places in future
and it's easier to have this all within wb_sids2xids_next_sids2unix().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2020-10-23 03:25:36 +00:00
Stefan Metzmacher
797b11f198 wb_sids2xids: rename 'non_cached' to 'lookup_sids'
This array is used to pass to wb_lookupsids_send()
and that will be the only reason to have this in future.

For now it's used for all non cached sids, but that will
also change in the next commits.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2020-10-23 03:25:36 +00:00
Stefan Metzmacher
04956350a5 wb_sids2xids: maintain struct wbint_TransIDArray all_ids as cache
Entries with domain_index == UINT32_MAX are valid cache entries.

In the following commits we'll fill in missing entries step by step
until all entries are marked as filled.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2020-10-23 03:25:36 +00:00
Ralph Boehme
79c1d3aaf6 wb_sids2xids: split out wb_sids2xids_next_sids2unix()
Put the code that calls the per-domain idmap backend
in its own function.

This makes further reconstruction easier.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2020-10-23 03:25:36 +00:00
Stefan Metzmacher
28e020c0a8 winbindd: defer the setup_child() from init_idmap_child()
At startup we trigger a wb_parent_idmap_setup_send() and make
sure setup_child() is called just before wb_parent_idmap_setup_recv()
finished.

This makes sure our view of the idmap config in the parent matches
what we have in the child.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2020-10-23 03:25:36 +00:00
Stefan Metzmacher
b8c74b7b46 winbindd: assert wb_parent_idmap_setup_send/recv() was called before idmap_child_handle()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2020-10-23 03:25:36 +00:00
Stefan Metzmacher
82fd07793f wb_queryuser: explain why wb_parent_idmap_setup_send/recv is not needed
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2020-10-23 03:25:36 +00:00
Stefan Metzmacher
d42aaeba6e wb_sids2xids: call wb_parent_idmap_setup_send/recv as the first step
This isn't really used yet, but it will in the next commits.

Also idmap_child_handle() will soon assert that
wb_parent_idmap_setup_send/recv() was called before it's used.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2020-10-23 03:25:36 +00:00
Stefan Metzmacher
a8f57c94fc wb_xids2sids: make use of the new wb_parent_idmap_setup_send/recv() helpers
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2020-10-23 03:25:36 +00:00
Stefan Metzmacher
209e81a2ea winbindd: add generic wb_parent_idmap_setup_send/recv() helpers
This is more or less a copy of wb_xids2sids_init_dom_maps_send/recv,
but it's more generic and doesn't imply global state.

It also closes a initialization race by using a tevent_queue to
serialize the calls.

In the next commits we'll replace wb_xids2sids_init_dom_maps_send/recv.

We'll also use the new function in the wb_sids2xids code.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2020-10-23 03:25:36 +00:00
Stefan Metzmacher
cd9a9702c1 winbindd: add and use is_idmap_child()
We should avoid calling idmap_child() as much as possible.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2020-10-23 03:25:35 +00:00
Stefan Metzmacher
2103543629 winbindd: add and use idmap_child_pid()
We should avoid calling idmap_child() as much as possible.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2020-10-23 03:25:35 +00:00
Stefan Metzmacher
1694de1ae6 wb_sids2xids: avoid idmap_child() and use idmap_child_handle() instead
This is the only aspect we need here.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2020-10-23 03:25:35 +00:00
Stefan Metzmacher
5cc21a9d31 wb_xids2sids: avoid idmap_child() and use idmap_child_handle() instead
This is the only aspect we need here.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2020-10-23 03:25:35 +00:00
Stefan Metzmacher
7dbe5b4897 wb_queryuser: avoid idmap_child() and use idmap_child_handle() instead
This is the only aspect we need here.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2020-10-23 03:25:35 +00:00
Stefan Metzmacher
7518a0ca32 winbindd/idmap: apply const to struct nss_info_methods pointers
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2020-10-23 03:25:35 +00:00
Stefan Metzmacher
95b0dac0af winbindd/idmap: apply const to struct idmap_methods pointers
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2020-10-23 03:25:35 +00:00
Stefan Metzmacher
f5eec89011 test_idmap_tdb_common: correctly initialize the idmap domain with an init function
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2020-10-23 03:25:35 +00:00