1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

121 Commits

Author SHA1 Message Date
Ralph Boehme
ae3e9dde4c smbd: add option "smb3 directory leases"
By default enabled on non-clustered Samba, disabled on clustered Samba, the
reason being the expected additional load caused by forcing strict rename to be
enabled.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-11-05 14:39:30 +00:00
Ralph Boehme
ee5d3c63f6 smbd: smbd_server_connection_terminate() may return
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15608

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-11-05 14:39:30 +00:00
Volker Lendecke
fba4e66df5 smbd: Save a few bytes of .text
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2024-04-30 22:44:32 +00:00
Volker Lendecke
80cd127b20 smbd: Remove sconn->using_smb2
We have the same information available via conn_using_smb2()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <mschwenke@ddn.com>
2024-04-17 07:57:36 +00:00
Volker Lendecke
ddf47e7fe3 smbd: Remove callback for release_ip when "state" is free'ed
If a client connects to a non-public address first followed by a connect
to public address with the same client_guid and a connection to
the non-public address gets disconnected first, we hit by a use-after-free
talloc_get_type_abort() called from release_ip() as
"xconn" is already gone, taking smbd_release_ip_state with it.

We need to decide between calling ctdbd_unregister_ips() by default, as
it means the tcp connection is really gone and ctdb needs to remove the
'tickle' information.  But when a connection was passed to a different
smbd process, we need to use ctdbd_passed_ips() as the tcp connection is
still alive and the 'tickle' information should not be removed within
ctdb.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15523

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Volker Lendecke <vl@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2023-12-15 11:06:34 +00:00
Ralph Boehme
631e6aa0d0 smbd: bring back "smb3 unix extensions" option
This basically reverts commit b3cae8dcf1
with a few important differences:

* SMB3 UNIX extensions are always built, but disabled by default at runtime.

* They are globally enabled in the fileserver test environment.

* It's now a per-share option, so admins can selectively disable them
  on a per-share basis. This allows clients to detect early that a share
  doesn't support user mount requested POSIX and fail appropiately, passing
  the failure to the requesting application (mount command).

Signed-off-by: Ralph Boehme <slow@samba.org>
2023-11-27 18:31:35 +00:00
Ralph Boehme
b124c2e182 smbd: factor out smb2_negotiate_context_process_posix()
No change in behaviour.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-11-27 18:31:35 +00:00
Volker Lendecke
b3cae8dcf1 conf: Remove "smb3 unix extensions" parameter
Always offer it, it's a client thing to ask for it or not.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Sep 21 17:43:23 UTC 2023 on atb-devel-224
2023-09-21 17:43:23 +00:00
Joseph Sutton
b60f86a0b8 s3:smbd: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-09-11 02:42:41 +00:00
Ralph Boehme
5a222ac371 CVE-2023-3347: smbd: remove comment in smbd_smb2_request_process_negprot()
This is just going to bitrot. Anyone who's interested can just grep for
"signing_mandatory" and look up what it does.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15397

Signed-off-by: Ralph Boehme <slow@samba.org>
2023-07-21 12:05:35 +00:00
Andreas Schneider
7077ae4042 s3:smbd: Fix code spelling
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2023-07-19 09:58:37 +00:00
Volker Lendecke
12f1d94a4e smbd: Remove unused "pcd" arg from smb1_srv_send()
Looks larger than it is, "git clang-format" added a few lines

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-06-05 17:17:35 +00:00
Stefan Metzmacher
e03ccb5b12 smb2_negprot: add CALLGRIND_START_INSTRUMENTATION after SMB2 negprot
This allows us to support starting smbd under callgrind and only start
the overhead and instrumentation after the SMB2 negprot, this allows us
to profile only useful stuff and not all the smbd startup, forking and
multichannel handling.

This will do the trick:

  valgrind --tool=callgrind --instr-atstart=no smbd

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2023-06-01 07:20:31 +00:00
Volker Lendecke
46ce8a4710 lib: Make substitute.c's "remote_proto" static
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-12-12 21:16:33 +00:00
Volker Lendecke
0f75963cf4 param: Add "smb3 unix extensions"
Only available in DEVELOPER builds. Adding now to get some testing
step by step done.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2022-09-02 13:31:38 +00:00
Volker Lendecke
972dd999b8 smbd: Fix a "set but not used" warning
This is copy&paste from reply_negprot() where this variable was used
to set the remote architecture. This isn't used anymore in the
stripped down smb2 version of this.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Aug  4 21:46:23 UTC 2022 on sn-devel-184
2022-08-04 21:46:23 +00:00
Jeremy Allison
1574443b46 s3: smbd: Rename reply_outbuf() -> reply_smb1_outbuf().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Mulder <dmulder@suse.com>
2022-04-07 17:37:30 +00:00
David Mulder
a48bf2431e smbd: Remove uses of srv_send_smb
Replace them with direct calls to smb1_srv_send
and smb2_srv_send.

Signed-off-by: David Mulder <dmulder@suse.com>
Signed-off-by: Jeremy Allison <jra@samba.org>
2022-04-07 17:37:30 +00:00
David Mulder
085b16e0c2 smbd: Process error reply if SMB1 negprot parsing fails
Signed-off-by: David Mulder <dmulder@suse.com>
Signed-off-by: Jeremy Allison <jra@samba.org>
2022-04-07 17:37:30 +00:00
David Mulder
aa61db2d0b smbd: Enable multi-protocol negotiate w/out SMB1
This enables the multi-protocol negotiate when
the SMB1 build is disabled. It requires enabling
parts of the SMB1 negotiation.

Signed-off-by: David Mulder <dmulder@suse.com>
Signed-off-by: Jeremy Allison <jra@samba.org>
2022-04-07 17:37:30 +00:00
David Mulder
dd633d561b smbd: negprot_spnego allow disabling smb1 spnego set
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-04-07 17:37:29 +00:00
David Mulder
23615a27a5 smbd: Move negprot_spnego to smb2_negprot.c
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-04-07 17:37:29 +00:00
Jeremy Allison
1f3f6e20dc s3: smbd: Split srv_init_signing() into 2 static functions smb1_srv_init_signing() and smb2_srv_init_signing().
Correctly initialize and look at xconn->smb2.signing_mandatory
for the SMB2 signing state (this gets set correctly for the AD-DC
case etc. inside smb2_srv_init_signing()).

Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: David Mulder <dmulder@samba.org>
2022-03-08 22:12:37 +00:00
Jeremy Allison
85c6711104 s3: smbd: smbd_smb2_request_process_negprot() - Allow SMB2 unix extensions to be negotiated. Currently not allowed.
As lp_smb2_unix_extensions() currently always returns false,
this code path cannot be executed. This will change once the
whole client and server fixes are in place and tests are passing.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2022-02-01 16:30:37 +00:00
Stefan Metzmacher
982bdcf427 libcli/smb: actually make use of "client/server smb3 signing algorithms"
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-07-15 00:06:31 +00:00
Stefan Metzmacher
4a61410f60 s3:smbd: prepare support for SMB2_SIGNING_CAPABILITIES
But notice that srv_sign_algos->num_algos is always 0 for now,
but that'll change in the next commits.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-07-15 00:06:31 +00:00
Stefan Metzmacher
9b123bc97a s3:smbd: let 'server smb3 encryption algorithms' disable aes-128-ccm for SMB3_0*
SMB 3.0 and 3.0.2 require aes-128-ccm, so we need to reject them unless
'client smb3 encryption algorithms' allows them.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-07-15 00:06:31 +00:00
Stefan Metzmacher
71b06682b6 s3:smbd: make use of 'server smb3 encryption algorithms'
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-07-15 00:06:31 +00:00
Stefan Metzmacher
a702d78186 smb2_negprot: make use of struct smb311_capabilities.encryption
This makes the code more generic and allow the supported ciphers
to be easily added or depend on the configuration later.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-07-15 00:06:31 +00:00
Stefan Metzmacher
7f8507332e s3:smbd: replace PROTOCOL_SMB3_10 with PROTOCOL_SMB3_11
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-07-15 00:06:31 +00:00
Stefan Metzmacher
880d2e18e1 s3:smbd: replace PROTOCOL_SMB2_24 with PROTOCOL_SMB3_00
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-07-15 00:06:31 +00:00
Stefan Metzmacher
1cd3394d70 s3:smbd: replace PROTOCOL_SMB2_22 with PROTOCOL_SMB3_00
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-07-15 00:06:31 +00:00
Stefan Metzmacher
2a16bb716b smb2_negprot: no longer use experimental dialects 2.2.2, 2.2.4, 3.1.0 on the wire
These were only used in Windows development versions but not in
production.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-07-15 00:06:31 +00:00
Stefan Metzmacher
147dd9d58a libcli/smb: let smb2_negotiate_context_parse() only parse the expected number of contexts
Any garbage at the end needs to be ignored.

This fixes the Negotiate_SMB311_ContextID_NetName test from:
https://github.com/microsoft/WindowsProtocolTestSuites/blob/main/TestSuites/FileServer/src/SMB2/TestSuite/Negotiate/Negotiation.cs#L730

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Jul 12 21:25:21 UTC 2021 on sn-devel-184
2021-07-12 21:25:21 +00:00
Stefan Metzmacher
9da2f6727f smb2_negotiate: maintain xconn->smb2.server.sign_algo
This prepares the negotiation of signing algorithms in future.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-03-17 00:49:32 +00:00
Stefan Metzmacher
b145434f24 smbXsrv_client: move the connection passing to smb2srv_client_mc_negprot_send/recv
We need a full request/response pair in order to avoid races in
the multichannel connection passing.

smb2srv_client_mc_negprot_send/recv locks the
db record for the given client_guid.

If there's no entry found, we add ourself and
return NT_STATUS_OK.

If there's an existing process for that client guid
we start messaging_filtered_read_send()
dbwrap_watched_watch_send() before calling
smb2srv_client_connection_pass().

Then we release the lock and wait for either
MSG_SMBXSRV_CONNECTION_PASSED to arrive or
retry if dbwrap_watched_watch_recv signaled
a change in the database.

If we got MSG_SMBXSRV_CONNECTION_PASSED we'll
return NT_STATUS_MESSAGE_RETRIEVED in order to
signal that the other process will take care of
the connection and we terminate the current process.

All that is done completely async, which means that
the IDLE_CLOSED_TIMEOUT (60 seconds) may trigger
deadtime_fn(), which will send itself a MSG_SHUTDOWN.
So the process that accepted the tcp connection
exists if there was no MSG_SMBXSRV_CONNECTION_PASSED
within 60 seconds.

However the fd may still exists in the kernel (and
the new connection may still be handed to the other
process. If that process somehow exists before
there's no way to prevent a connection termination
for the client.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14433

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Mar  6 03:30:06 UTC 2021 on sn-devel-184
2021-03-06 03:30:06 +00:00
Andreas Schneider
58e31f7874 s3:smbd: Use 'enum smb_encryption_setting' values
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2020-08-19 16:22:40 +00:00
Andreas Schneider
bd5a888746 param: Add 'server smb encrypt' parameter
And this also makes 'smb encrypt' a synonym of that.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2020-08-19 16:22:40 +00:00
Stefan Metzmacher
c66110cf33 s3:smbd: setup client->global->client_guid even without multichannel support
It's too confusing if client->global->client_guid and
client->connections->smb2.client.guid don't have the same value.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11897

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2020-07-08 15:54:40 +00:00
Jeremy Allison
f4caa4159b s3: smbd: Change (*proto_reply_fn()) to return an NTSTATUS.
That way the caller can know if the negprot really
succeeded or not.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14205

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2019-12-04 20:02:40 +00:00
Jeremy Allison
836219c479 s3: smbd: Change reply_smb20xx() to return NTSTATUS.
Not yet used.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14205

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2019-12-04 20:02:40 +00:00
Andreas Schneider
2ee1764ca8 s3:smbd: Prefer AES-GCM over AES-CCM with GnuTLS
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Adapted to remove Samba AES support

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2019-08-27 04:44:41 +00:00
Volker Lendecke
e8e9677154 libcli: Pass buf/len to smb2_negotiate_context_add
Every caller did a data_blob_const() right before calling
smb2_negotiate_context_add(). Avoid that.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Feb 25 21:07:22 CET 2019 on sn-devel-144
2019-02-25 21:07:22 +01:00
Volker Lendecke
2bd6f57c65 smbd: Align integer types
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-02-25 19:36:19 +01:00
Jeremy Allison
8dabcf8948 s3: debug: smb2: Create a new DBGC_SMB2 debug class and mark all smbd/smb2_*.c files with it.
Will allow easier smb2-specific debugging.

https://bugzilla.samba.org/show_bug.cgi?id=13347

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
2018-03-22 02:15:13 +01:00
Volker Lendecke
dea1881fc5 smbd: Remove an indentation level in smb2_negprot
Do an early return. Best viewed with "git show -b"

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-10-27 20:33:25 +02:00
Ralph Boehme
6ae63d42f5 s3/smbd: ensure global "smb encrypt = off" is effective for SMB 3.1.1 clients
If encryption is disabled globally, per definition we shouldn't allow
enabling encryption on individual shares.

The behaviour of setting

[Global]
  smb encrypt = off

[share]
  smb encrypt = required

must be to completely deny access to the share "share".

This was working correctly for clients when using SMB 3 dialects <
3.1.1, but not for 3.1.1 with a negprot encryption context.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12520

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-01-27 22:00:17 +01:00
Ralph Boehme
a2c59d3e45 smbd: use remote arch caching
We're using the client guid as gencache db key, so this can only be used
with SMB 2_10 or higher.

The idea is that whenever we get a direct SMB2 negprot, we can then try
to see if a value is cached for the client's guid.

When a user logs off the cache entry is deleted.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-05-04 01:28:22 +02:00
Stefan Metzmacher
5cb4ee27f8 CVE-2016-2114: s3:smbd: use the correct default values for "smb signing"
This means an ad_dc will now require signing by default.
This matches the default behavior of Windows dc and avoids
man in the middle attacks.

The main logic for this hides in lpcfg_server_signing_allowed().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11687

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-04-12 19:25:25 +02:00
Justin Maggard
b69b96fc14 s3:smbd: rework negprot remote arch detection
Negprot remote arch detection is very cryptic.  Rework it so it's easier
to understand, and therefore more extensible, following the protocol table
in inline comments.  This also allows us to remove some hacks.

Signed-off-by: Justin Maggard <jmaggard10@gmail.com>
Reviewed-by: Ralph Boehme <rb@sernet.de>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-03-03 05:50:17 +01:00