Noel Power [Thu, 18 Feb 2021 18:56:56 +0000 (18:56 +0000)]
s3/modules: streams_xattr_ftruncate SMB_VFS_SETXATTR -> SMB_VFS_FSETXATTR
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Noel Power [Thu, 18 Feb 2021 18:14:16 +0000 (18:14 +0000)]
s3/modules: streams_xattr_pwrite SMB_VFS_SETXATTR -> SMB_VFS_FSETXATTR
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Noel Power [Thu, 18 Feb 2021 17:04:24 +0000 (17:04 +0000)]
streams_xattr_openat SMB_VFS_SETXATTR -> SMB_VFS_FSETXATTR
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Noel Power [Thu, 18 Feb 2021 14:46:54 +0000 (14:46 +0000)]
s3/modules: vfs_acl_xattr SMB_VFS_SETXATTR -> SMB_VFS_FSETXATTR
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Noel Power [Wed, 10 Mar 2021 09:12:37 +0000 (09:12 +0000)]
s3/smbd: Detect and fail attempt to set_ea_dos_attribute on link
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Noel Power [Wed, 17 Feb 2021 09:27:40 +0000 (09:27 +0000)]
s3/smbd: SMB_VFS_SETXATTR => SMB_VFS_FSETXATTR
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Noel Power [Thu, 18 Feb 2021 10:54:23 +0000 (10:54 +0000)]
s3/smbd: set_create_timespec_ea should create smb_fname with valid fsp
we need to call file_set_dosmode (which ends up calling
SMB_VFS_FSETXATTR via set_ea_dos_attribute) has smb_fname set up
with a valid smb_fname->fsp
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Noel Power [Thu, 18 Feb 2021 11:05:34 +0000 (11:05 +0000)]
s3/smb3: ensure file_set_dosmode is passed valid smb_fname->fsp
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Noel Power [Thu, 18 Feb 2021 11:04:55 +0000 (11:04 +0000)]
s3/smb3: ensure file_set_dosmode is passed valid smb_fname->fsp
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Noel Power [Thu, 18 Feb 2021 11:01:10 +0000 (11:01 +0000)]
s3/smb3: ensure file_set_dosmode is passed valid smb_fname->fsp
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Noel Power [Wed, 17 Feb 2021 09:34:40 +0000 (09:34 +0000)]
s3/modules: ensure catia_set_dos_attributes passes on pathref
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Noel Power [Tue, 16 Feb 2021 20:25:31 +0000 (20:25 +0000)]
s3/smbd: posix_acls SMB_VFS_SETXATTR -> SMB_VFS_FSETXATTR
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Noel Power [Tue, 16 Feb 2021 19:55:23 +0000 (19:55 +0000)]
s3/modules: posixacl convert from SMB_VFS_SETXATTR -> SMB_VFS_FSETXATTR
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Noel Power [Tue, 16 Feb 2021 19:25:59 +0000 (19:25 +0000)]
s3/lib: adouble SMB_VFS_SETXATTR => SMB_VFS_FSETXATTR
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Noel Power [Tue, 16 Feb 2021 18:49:19 +0000 (18:49 +0000)]
s3/smbd: set_ea SMB_VFS_FSETXATTR => SMB_VFS_FSETXATTR
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Christof Schmitt [Fri, 5 Mar 2021 23:07:54 +0000 (16:07 -0700)]
idmap_nss: Do not return SID from unixids_to_sids on type mismatch
The call to winbind_lookup_name already wrote the result in the id_map
array. The later check for the type detected a mismatch, but that did
not remove the SID from the result struct.
Change this by first assigning the SID to a temporary variable and only
write it to the id_map array after the type checks.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14663
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Mar 11 08:38:41 UTC 2021 on sn-devel-184
Christof Schmitt [Fri, 5 Mar 2021 23:01:13 +0000 (16:01 -0700)]
idmap_rfc2307: Do not return SID from unixids_to_sids on type mismatch
The call to winbind_lookup_name already wrote the result in the id_map
array. The later check for the type detected a mismatch, but that did
not remove the SID from the result struct.
Change this by first assigning the SID to a temporary variable and only
write it to the id_map array after the type checks.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14663
Signed-off-by: Christof Schmitt <cs@samba.org>
Christof Schmitt [Fri, 5 Mar 2021 22:48:29 +0000 (15:48 -0700)]
winbind: Only use unixid2sid mapping when module reports ID_MAPPED
Only consider a mapping to be valid when the idmap module reports
ID_MAPPED. Otherwise return the null SID.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14663
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Sachin Prabhu [Wed, 10 Mar 2021 12:22:07 +0000 (12:22 +0000)]
smbd: Ensure errno is preserved across fsp destructor
The errno can be overwritten by the calls made by the fsp destructor.
This can cause problems if the original errno was required by subsequent
calls.
Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Sachin Prabhu <sprabhu@redhat.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Mar 10 22:55:17 UTC 2021 on sn-devel-184
David Mulder [Thu, 3 Dec 2020 17:32:09 +0000 (17:32 +0000)]
python: Disable calls to _dsdb_garbage_collect_tombstones without addc
dsdb._dsdb_garbage_collect_tombstones isn't
built without the addc, so ignore calls to it
in samdb.
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
David Mulder [Thu, 17 Sep 2020 19:27:41 +0000 (13:27 -0600)]
samba-tool: Enable pydns without ad dc
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
David Mulder [Thu, 17 Sep 2020 19:27:14 +0000 (13:27 -0600)]
samba-tool: Enable pydsdb without ad dc
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
David Mulder [Mon, 7 Dec 2020 14:39:00 +0000 (07:39 -0700)]
python: Test samdb import
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Fri, 5 Mar 2021 02:49:56 +0000 (15:49 +1300)]
ldb: dn tests use cmocka print functions
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14044
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Björn Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Mar 10 09:51:25 UTC 2021 on sn-devel-184
Douglas Bagnall [Wed, 3 Mar 2021 06:54:37 +0000 (19:54 +1300)]
ldb_match: remove redundant check
We already ensure the no-trailing-asterisk case ends at the end of the
string.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14044
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Björn Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Fri, 5 Mar 2021 02:47:56 +0000 (15:47 +1300)]
ldb: add tests for ldb_wildcard_compare
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14044
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Björn Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 3 Mar 2021 06:17:36 +0000 (19:17 +1300)]
ldb_match: trailing chunk must match end of string
A wildcard search is divided into chunks by the asterisks. While most
chunks match the first suitable string, the last chunk matches the
last possible string (unless there is a trailing asterisk, in which
case this distinction is moot).
We always knew this in our hearts, but we tried to do it in a funny
complicated way that stepped through the string, comparing here and
there, leading to CVE-2019-3824 and missed matches (bug 14044).
With this patch, we just jump to the end of the string and compare it.
As well as being correct, this should also improve performance, as the
previous algorithm involved a quadratic loop of erroneous memmem()s.
See https://tools.ietf.org/html/rfc4517
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14044
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Björn Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Wed, 10 Mar 2021 03:16:42 +0000 (16:16 +1300)]
lib/util: Replace buggy string_sub_talloc() with talloc_string_sub() in lib/util
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14658
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Mar 10 08:06:25 UTC 2021 on sn-devel-184
Andrew Bartlett [Wed, 10 Mar 2021 02:59:10 +0000 (15:59 +1300)]
lib/param: Remove lpcfg_volume_label() and only caller in NTVFS file server
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Andrew Bartlett [Wed, 10 Mar 2021 02:31:05 +0000 (15:31 +1300)]
lib/param: Remove unused functions in lib/param/loadparm.c
The lib/param code does not service smbd, no home directories nor printers are handled
in this codebase and these functions are uncalled.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14658
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Volker Lendecke [Tue, 23 Feb 2021 15:27:44 +0000 (16:27 +0100)]
winbindd: Apply some const to normalize_name_map()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Mar 9 23:45:51 UTC 2021 on sn-devel-184
Volker Lendecke [Fri, 5 Mar 2021 10:36:20 +0000 (11:36 +0100)]
smbd: Fix a DEBUG message
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 9 Mar 2021 07:50:26 +0000 (08:50 +0100)]
srvsrvc: Reload conf after changing a share
The call to messaging_send_all() skips ourselves. This is tested in
source3/script/tests/test_rpcclientsrvsvc.sh, which right now we only
survive because the rpcclient call spawns a new smbd, which reloads
smb.conf. Once you start running srvsvcd in a long-running daemon,
this fails.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sat, 13 Feb 2021 10:40:34 +0000 (11:40 +0100)]
lib: Fix file_ploadv_send/recv cleanup
We have to first TALLOC_FREE() the waiting event before closing the
pipe. Otherwise EPOLL_CTL_DEL is unhappy and might remove an unrelated
file descriptor.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 4 Feb 2021 17:46:59 +0000 (18:46 +0100)]
g_lock: Add extensive debug information
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 27 Jan 2021 13:59:16 +0000 (14:59 +0100)]
librpc: Simplify struct dcesrv_handle
This saves a tiny bit of memory: dom_sid_dup() allocates a full struct
dom_sid, although it might not have to. Save the additional talloc
object and the pointer, be more cache-friendly
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 16 Feb 2021 16:21:57 +0000 (17:21 +0100)]
libcli: Simplify tstream_npa_connect_readv_done()
tevent_req_error takes care of the ==0 case
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 16 Feb 2021 16:21:33 +0000 (17:21 +0100)]
libcli: Add a NULL check to tstream_npa
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sat, 13 Feb 2021 10:16:17 +0000 (11:16 +0100)]
lib: Fix samba_sockaddr_[get|set]_port
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sat, 6 Mar 2021 14:49:46 +0000 (15:49 +0100)]
lib: Protect "messaging_dgm_init()" from NULL dirs
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 24 Feb 2021 15:01:27 +0000 (16:01 +0100)]
rpc_server: Use any_nt_status_not_ok() in srv_netlog_nt.c
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 24 Feb 2021 14:49:49 +0000 (15:49 +0100)]
rpc_server: Use direct struct initialization instead of ZERO_STRUCT
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 26 Jan 2021 13:17:02 +0000 (14:17 +0100)]
epmapper: talloc_stackframe() panics on failure
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 5 Feb 2021 07:06:57 +0000 (08:06 +0100)]
rpc_server: talloc_stackframe() panics on failure
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sat, 6 Feb 2021 07:32:36 +0000 (08:32 +0100)]
rpc_client: Save a few lines with direct struct initialization
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sat, 6 Feb 2021 14:56:52 +0000 (15:56 +0100)]
rpcclient: talloc_stackframe() panics on failure
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 12 Feb 2021 18:17:34 +0000 (19:17 +0100)]
lib: Align integer types
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sun, 14 Feb 2021 08:15:15 +0000 (09:15 +0100)]
lib: Avoid a cast in messages_dgm
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sat, 13 Feb 2021 21:19:42 +0000 (22:19 +0100)]
lib: Avoid a memleak in pidfile_unlink()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sat, 13 Feb 2021 21:19:12 +0000 (22:19 +0100)]
lib: Avoid ZERO_STRUCT in pidfile_pid()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sat, 13 Feb 2021 11:49:57 +0000 (12:49 +0100)]
lib: Make socket options output less chatty
All the socket options were a large block in debug output. Put them on
one line.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 11 Feb 2021 07:03:38 +0000 (08:03 +0100)]
lib: Fix an uninitialized variable read
If cli_rpc_pipe_open_noauth() fails, we end up in TALLOC_FREE() of
"p", which is uninitialized.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 29 Jan 2021 09:13:13 +0000 (10:13 +0100)]
librpc: Fix typos
While there, wrap the long comment lines
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 12 Feb 2021 11:49:22 +0000 (12:49 +0100)]
smbd: Fix a typo (recieve->receive), reformat comment
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 27 Jan 2021 13:53:15 +0000 (14:53 +0100)]
librpc: Fix a typo, while there linewrap the comment
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 24 Feb 2021 12:33:58 +0000 (13:33 +0100)]
rpc_server: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 22 Feb 2021 18:32:00 +0000 (19:32 +0100)]
winbindd: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 24 Feb 2021 20:30:59 +0000 (21:30 +0100)]
lib: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 26 Feb 2021 20:38:19 +0000 (21:38 +0100)]
rpc_client: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 1 Mar 2021 12:36:45 +0000 (13:36 +0100)]
lib: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 3 Mar 2021 08:58:50 +0000 (09:58 +0100)]
ctdb: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 24 Feb 2021 12:33:44 +0000 (13:33 +0100)]
rpc_server: Align integer types
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sun, 7 Mar 2021 08:57:05 +0000 (09:57 +0100)]
rpc_server: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sun, 7 Mar 2021 09:11:09 +0000 (10:11 +0100)]
samba: Fix indentation
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Mulder [Fri, 19 Feb 2021 19:36:50 +0000 (12:36 -0700)]
samba-tool: Add a gpo command for setting VGP Issue Group Policy
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Mar 8 20:57:50 UTC 2021 on sn-devel-184
David Mulder [Fri, 19 Feb 2021 19:33:42 +0000 (12:33 -0700)]
samba-tool: Test gpo manage issue set command
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Mulder [Fri, 19 Feb 2021 19:25:00 +0000 (12:25 -0700)]
samba-tool: Add a gpo command for listing VGP Issue Group Policy
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Mulder [Fri, 19 Feb 2021 18:01:08 +0000 (11:01 -0700)]
samba-tool: Test gpo manage issue list command
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Mulder [Fri, 19 Feb 2021 17:22:04 +0000 (10:22 -0700)]
gpo: Apply Group Policy Issue setting from VGP
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Mulder [Fri, 19 Feb 2021 16:45:38 +0000 (09:45 -0700)]
gpo: Test Group Policy VGP Issue Policy
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Mulder [Thu, 18 Feb 2021 16:42:49 +0000 (09:42 -0700)]
samba-tool: Add a gpo command for setting VGP MOTD Group Policy
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Mulder [Thu, 18 Feb 2021 15:50:25 +0000 (08:50 -0700)]
samba-tool: Test gpo manage motd set command
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Mulder [Thu, 18 Feb 2021 14:50:08 +0000 (07:50 -0700)]
samba-tool: Add a gpo command for listing VGP MOTD Group Policy
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Mulder [Wed, 17 Feb 2021 21:58:51 +0000 (14:58 -0700)]
samba-tool: Test gpo manage motd list command
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Mulder [Wed, 17 Feb 2021 21:43:50 +0000 (14:43 -0700)]
gpo: Apply Group Policy MOTD setting from VGP
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Mulder [Wed, 17 Feb 2021 20:24:55 +0000 (13:24 -0700)]
gpo: Test Group Policy VGP MOTD Policy
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Mulder [Fri, 26 Feb 2021 22:02:02 +0000 (15:02 -0700)]
gpo: Don't free talloc pointer held elsewhere
Freeing this pointer produces the following error:
ERROR: talloc_free with references at ../../libgpo/pygpo.c:481
reference at ../../pytalloc_util.c:164
reference at ../../pytalloc_util.c:164
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Mar 8 19:08:07 UTC 2021 on sn-devel-184
David Mulder [Fri, 26 Feb 2021 16:46:49 +0000 (09:46 -0700)]
gpo: vgp_sudoers_ext handle missing and dispersed principal names
If we don't anticipate a missing principal name,
the extension crashes. Also, principal names could
be in dispersed listelements.
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Mulder [Fri, 26 Feb 2021 21:01:48 +0000 (14:01 -0700)]
gpo: Ensure that vgp_sudoers_ext handles missing/dispersed principal names
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Mulder [Fri, 26 Feb 2021 16:46:15 +0000 (09:46 -0700)]
gpo: Add rsop output for vgp_openssh_ext
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Mulder [Fri, 26 Feb 2021 16:45:03 +0000 (09:45 -0700)]
gpo: vgp_openssh_ext create the config dir
We should create the /etc/ssh/sshd_config.d dir
if it doesn't exist.
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Mulder [Fri, 26 Feb 2021 16:43:30 +0000 (09:43 -0700)]
gpo: Improve the samba-gpupdate --rsop output
Use the CSE name based on the class name, not the
module name. Also ignore the Local Policy gpo.
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Mulder [Wed, 24 Feb 2021 19:43:55 +0000 (12:43 -0700)]
gpo: Add admxload warning about Windows templates
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Mulder [Wed, 24 Feb 2021 19:35:10 +0000 (12:35 -0700)]
gpo: Ensure that samba-gpupdate doesn't require ad-dc
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Mulder [Wed, 24 Feb 2021 17:53:17 +0000 (10:53 -0700)]
gpo: Test to ensure that samba-gpupdate doesn't require ad-dc
Running samba-gpupdate on a client is causing an
error in gp_access_ext, due to it attempting to
access sam.ldb before detecting whether we are on
an ad-dc.
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Mon, 6 Jul 2020 15:27:05 +0000 (17:27 +0200)]
smbXsrv_client: move the connection passing to smb2srv_client_mc_negprot_send/recv
We need a full request/response pair in order to avoid races in
the multichannel connection passing.
smb2srv_client_mc_negprot_send/recv locks the
db record for the given client_guid.
If there's no entry found, we add ourself and
return NT_STATUS_OK.
If there's an existing process for that client guid
we start messaging_filtered_read_send()
dbwrap_watched_watch_send() before calling
smb2srv_client_connection_pass().
Then we release the lock and wait for either
MSG_SMBXSRV_CONNECTION_PASSED to arrive or
retry if dbwrap_watched_watch_recv signaled
a change in the database.
If we got MSG_SMBXSRV_CONNECTION_PASSED we'll
return NT_STATUS_MESSAGE_RETRIEVED in order to
signal that the other process will take care of
the connection and we terminate the current process.
All that is done completely async, which means that
the IDLE_CLOSED_TIMEOUT (60 seconds) may trigger
deadtime_fn(), which will send itself a MSG_SHUTDOWN.
So the process that accepted the tcp connection
exists if there was no MSG_SMBXSRV_CONNECTION_PASSED
within 60 seconds.
However the fd may still exists in the kernel (and
the new connection may still be handed to the other
process. If that process somehow exists before
there's no way to prevent a connection termination
for the client.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14433
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Mar 6 03:30:06 UTC 2021 on sn-devel-184
Stefan Metzmacher [Wed, 23 Sep 2020 11:07:20 +0000 (13:07 +0200)]
smbd: make sure that xconn is alive for the lifetime of smbXsrv_connection_shutdown_send/recv
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14533
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Wed, 23 Sep 2020 02:58:22 +0000 (04:58 +0200)]
s4:torture/smb2: add smb2.lease.timeout-disconnect test
This reproduces a problem that is triggered when
smbd_server_connection_terminate() is called recursively.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14533
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Wed, 23 Sep 2020 04:00:28 +0000 (06:00 +0200)]
smbXsrv_session: set session->db_rec = NULL after session->db_rec = local_rec
This actually fixes crashes due to stale pointers.
With multi-channel and with 2 (or more) connections,
we'll call smbXsrv_session_disconnect_xconn() when a connection
gets disconnected, but we'll leave smbXsrv_client and all other
connections in place.
However smbXsrv_session_disconnect_xconn_callback() left
a stale session->db_rec pointer in place, which means
a following smbXsrv_session_logoff() will call
dbwrap_record_delete(local_rec) on a stale pointer.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14532
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Wed, 23 Sep 2020 09:24:46 +0000 (11:24 +0200)]
smbXsrv_tcon: explicitly set tcon->db_rec = NULL after tcon->db_rec = local_rec
There's no know problem that we fix for the
smbXsrv_tcon_disconnect_all_callback() case,
but it might prevent future problems.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14532
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Wed, 23 Sep 2020 11:49:27 +0000 (13:49 +0200)]
s4:torture/smb2: add a smb2.session.two_logoff test
This reproduces a bug where two SMB2_LOGOFF messages kill the whole
client smbd when multi-channel is used, instead of just removing the
logical session.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14532
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Wed, 23 Sep 2020 11:13:22 +0000 (13:13 +0200)]
smbd: introduce a smbXsrv_connection_destructor()
For now it only prints a debug message, but that's already very
useful for multi-channel debugging.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14534
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Wed, 23 Sep 2020 11:13:01 +0000 (13:13 +0200)]
smbd: improve smbXsrv_connection_dbg() for debugging multi-channel problems
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14534
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Fri, 19 Jun 2020 10:32:59 +0000 (12:32 +0200)]
selftest: enable 'server multi channel support = yes'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14534
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Tue, 9 Feb 2021 15:54:18 +0000 (16:54 +0100)]
s4:torture/smb2: use %t (timestamp) instead of %R for lease.dynamic_share test
This test should be independent of the protocol in order to be
independent of multi-channel support of the server.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14534
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Tue, 28 Jul 2020 10:11:38 +0000 (12:11 +0200)]
smbd: let smbd_request_guid() use smb1req->xconn->channel_id
The unique identifier of a channel/connection is the channel_id,
the pointer of 'xconn' can be reused.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14534
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Thu, 27 Aug 2020 02:50:15 +0000 (04:50 +0200)]
docs-xml: clarify "smb2 disable lock sequence checking" section
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14534
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 2 Mar 2021 10:30:44 +0000 (11:30 +0100)]
dsdb: Fix CID
1473454: Null pointer dereferences
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 2 Mar 2021 10:27:07 +0000 (11:27 +0100)]
dsdb: Fix CID
1473453: Null pointer dereferences
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Samuel Cabrero [Mon, 1 Mar 2021 16:26:24 +0000 (17:26 +0100)]
librpc: Lower dcesrv_call_dispatch_local() errors from DBG_ERR to DBG_INFO
Before merging the s3 and s4 RPC servers the rpcint_dispatch function
was not logging any error.
This commit lowers from DBG_ERR to DBG_INFO the importance of error
messages when dispatching local RPC calls. There are some situations
where RPC functions return RPC faults and this is not a fatal condition.
One example is _lsa_QueryInfoPolicy2.
This change prevents a noisy error logged when winbindd tries to connect to
its primary domain in the nt4_member and ad_member test environments:
[2021/03/01 16:49:38.486111, 0, pid=12456] ../../librpc/rpc/dcesrv_core.c:2990(dcesrv_call_dispatch_local)
dcesrv_call_dispatch_local: DCE/RPC fault in call lsarpc:2E - DCERPC_NCA_S_OP_RNG_ERROR
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>