Karolin Seeger [Wed, 1 Sep 2021 06:15:11 +0000 (08:15 +0200)]
WHATSNEW: Fix formatting.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Ralph Boehme [Mon, 9 Aug 2021 13:12:31 +0000 (15:12 +0200)]
s3/rpc_server: track the number of policy handles with a talloc destructor
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14783
RN: smbd "deadtime" parameter doesn't work anymore
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Aug 10 18:41:43 UTC 2021 on sn-devel-184
(cherry picked from commit
45a33b25c4e6b1db5d2dfa6297ccb390220a7c80)
Autobuild-User(v4-15-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-15-test): Thu Aug 26 14:30:56 UTC 2021 on sn-devel-184
Ralph Boehme [Mon, 9 Aug 2021 10:31:07 +0000 (12:31 +0200)]
selftest: add a test for the "deadtime" parameter
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14783
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
39db53a1391769fc6476fa55b02add08f1b8cd75)
Jule Anger [Thu, 26 Aug 2021 08:50:00 +0000 (10:50 +0200)]
VERSION: Bump version up to Samba 4.15.0rc4...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Jule Anger <janger@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Jule Anger [Thu, 26 Aug 2021 08:47:44 +0000 (10:47 +0200)]
VERSION: Disable GIT_SNAPSHOT for the 4.15.0rc3 release.
Signed-off-by: Jule Anger <janger@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Jule Anger [Thu, 26 Aug 2021 08:45:53 +0000 (10:45 +0200)]
WHATSNEW: Add release notes for Samba 4.15.0rc3.
Signed-off-by: Jule Anger <janger@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Douglas Bagnall [Fri, 9 Jul 2021 03:55:58 +0000 (15:55 +1200)]
WHATSNEW: add matrix.org and libera
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(v4-15-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-15-test): Thu Aug 26 08:30:58 UTC 2021 on sn-devel-184
Douglas Bagnall [Fri, 9 Jul 2021 03:55:19 +0000 (15:55 +1200)]
WHATSNEW: Add various DNS changes
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Douglas Bagnall [Fri, 9 Jul 2021 03:53:40 +0000 (15:53 +1200)]
WHATSNEW: reformat for style (mostly Bind9 DLZ allow/deny)
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andreas Schneider [Wed, 11 Aug 2021 12:58:39 +0000 (14:58 +0200)]
s3:winbindd: Pass the right variable to the debug message
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14779
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
25941a1f97229ef27ee5ac7cc6bc9e7a300fcca0)
Autobuild-User(v4-15-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-15-test): Wed Aug 25 14:57:17 UTC 2021 on sn-devel-184
Jeremy Allison [Mon, 19 Jul 2021 22:10:41 +0000 (15:10 -0700)]
s3: VFS: streams_depot: Allow "streams directory" outside of share path to work again.
As we're dealing with absolute paths here, we just need
to temporarily replace the connectpath whilst enumerating
streams.
Remove knownfail file.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14760
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Aug 19 17:04:44 UTC 2021 on sn-devel-184
(cherry picked from commit
649f544ab2cf564cdecf545c549ca9703cb5cda4)
Autobuild-User(v4-15-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-15-test): Wed Aug 25 13:49:32 UTC 2021 on sn-devel-184
Jeremy Allison [Mon, 19 Jul 2021 21:52:32 +0000 (14:52 -0700)]
s3: VFS: vfs_streams_depot: Factor out the code that gets the absolute stream rootdir into a function.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14760
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
(cherry picked from commit
1e3232006d688fa999fb8314ce948ffb45a50e71)
Jeremy Allison [Wed, 21 Jul 2021 00:50:49 +0000 (17:50 -0700)]
s3: selftest: Add a test for vfs_streams_depot with the target path outside of the share.
Mark as knownfail.d/simpleserver_streams
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14760
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
(cherry picked from commit
5fdf4219c6db6d81ebe608c4313c9c9aea6dbc7c)
Noel Power [Thu, 19 Aug 2021 11:13:27 +0000 (12:13 +0100)]
s4: torture: CHECK ret value and fail if false
If we reach 'done' with ret == false without setting
the torture result we get unexpected results e.g.
Exception: Exception: Unknown error/failure. Missing torture_fail() or torture_assert_*() call?
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14760
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
161cee6f36b1642e2096a64a4eec22a1ebf82aa2)
Jeremy Allison [Thu, 19 Aug 2021 22:43:52 +0000 (15:43 -0700)]
s3: smbd: Ensure all returns from OpenDir() correctly set errno.
Complex code paths inside open_internal_dirfsp() can return an
NTSTATUS, but trample on the matching errno. We need to make
sure if open_internal_dirfsp() fails, errno matches the NTSTATUS
return.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14805
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Fri Aug 20 09:56:49 UTC 2021 on sn-devel-184
(cherry picked from commit
72b4fe93f15e414ca3e7d7f0e77a5f0aae90556a)
Jeremy Allison [Sat, 17 Jul 2021 01:53:24 +0000 (18:53 -0700)]
s3: VFS: ceph. Fix enumerating directories. dirfsp->fh->fd != AT_FDCWD in this case.
Same as the fix for glusterfs.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14766
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Aug 5 06:15:14 UTC 2021 on sn-devel-184
(cherry picked from commit
4f093ae6c9ee5b3e0f98b47fbacb0e37fad62052)
Autobuild-User(v4-15-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-15-test): Wed Aug 25 12:54:29 UTC 2021 on sn-devel-184
Jeremy Allison [Sat, 7 Aug 2021 06:33:06 +0000 (23:33 -0700)]
s3: smbd: For FSCTL calls that go async, add the outstanding tevent_reqs to the aio list on the file handle.
Remove knownfails.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14769
RN: smbd panic on force-close share during offload write
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Aug 11 20:02:57 UTC 2021 on sn-devel-184
(cherry picked from commit
c013509680742ff45b2f5965a5564015da7d466b)
Autobuild-User(v4-15-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-15-test): Tue Aug 17 08:49:48 UTC 2021 on sn-devel-184
Jeremy Allison [Fri, 6 Aug 2021 17:54:31 +0000 (10:54 -0700)]
s4: torture: Add test for smb2.ioctl.bug14769.
Add knownfails.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14769
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
7e7ea761a37f46f758582981bc40404ffd815513)
Jeremy Allison [Thu, 5 Aug 2021 23:07:09 +0000 (16:07 -0700)]
s3: smbd: Call smbd_fsctl_torture_async_sleep() when we get FSCTL_SMBTORTURE_FSP_ASYNC_SLEEP.
Now all we need is the client-side test.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14769
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
c551d33c6bd2e74ea3a36bec5575a70d6833b98a)
Jeremy Allison [Thu, 5 Aug 2021 23:04:38 +0000 (16:04 -0700)]
s3: smbd: Add smbd_fsctl_torture_async_sleep() server-side code.
Commented out as not yet called.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14769
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
0f4a8d26888ec156979a00480ed9886dcac7d426)
Jeremy Allison [Thu, 5 Aug 2021 18:01:44 +0000 (11:01 -0700)]
s3: libcli: Add FSCTL_SMBTORTURE_FSP_ASYNC_SLEEP.
Prepare for async FSCTL tests on an fsp.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14769
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
62cd95096a76d5064b105c1b4971fa3eabd5f85d)
Jeremy Allison [Thu, 5 Aug 2021 20:14:16 +0000 (13:14 -0700)]
s3: smbd: Split out smb2_ioctl_smbtorture() into a separate file.
We will be adding async supporting code to this, and we don't want to
clutter up smb2_ioctl.c.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14769
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
6b6770c2ba83bf25da31623443c19a8de34e5ba4)
Ralph Boehme [Thu, 12 Aug 2021 16:31:40 +0000 (18:31 +0200)]
libreplace: remove now unused USE_COPY_FILE_RANGE define
The only user was removed in the previous commit. We still need the preceeding
checks however, based on that replace.c provides a copy_file_range() fallback.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14795
RN: copy_file_range() may fail with EOPNOTSUPP
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Aug 13 11:45:17 UTC 2021 on sn-devel-184
(cherry picked from commit
1641e6c528e027dbfff96a834b94a8654a03a168)
Autobuild-User(v4-15-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-15-test): Mon Aug 16 07:39:08 UTC 2021 on sn-devel-184
Ralph Boehme [Thu, 12 Aug 2021 16:23:21 +0000 (18:23 +0200)]
vfs_default: detect EOPNOTSUPP and ENOSYS errors from copy_file_range()
When building in a RHEL 7 container on a RHEL 8 host, the current configure
check will detect a working SYS_copy_file_range() syscall.
Later when the resulting smbd binary is run in a RHEL 7 container on a RHEL
7 (vs 8 on the build host) host, SYS_copy_file_range() will fail with
EOPNOTSUPP.
Since the kernel support for copy_file_range() included a fallback in case
filesystems didn't implement it, the caching of copy_file_range() support can be
made a global via the static try_copy_file_range bool, there's no need to deal
with per-fileystem behaviour differences. For the curious: SYS_copy_file_range()
appeared in Linux 4.5, fallback code being vfs_copy_file_range() ->
do_splice_direct().
On current kernels the fallback function is generic_copy_file_range() (which
still calls do_splice_direct()) called from the filesystem backends directly or
from vfs_copy_file_range() -> do_copy_file_range().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14795
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
c25f72f401842a18cab1db2bab89deec78274d93)
Stefan Metzmacher [Wed, 11 Aug 2021 13:30:12 +0000 (15:30 +0200)]
s3:libsmb: close the temporary IPC$ connection in cli_full_connection()
We don't need the temporary IPC$ connection used for the
SMB1 UNIX CIFS extensions encryption setup anymore,
so we can also let the server close it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14793
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Aug 11 23:03:11 UTC 2021 on sn-devel-184
(cherry picked from commit
289b7a1595ab13a200cfb327604e4b9296fa81e0)
Autobuild-User(v4-15-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-15-test): Fri Aug 13 08:16:45 UTC 2021 on sn-devel-184
Stefan Metzmacher [Wed, 11 Aug 2021 12:33:24 +0000 (14:33 +0200)]
s3:libsmb: start encryption as soon as possible after the session setup
For the SMB1 UNIX CIFS extensions we create a temporary IPC$ tcon,
if there's no tcon yet.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14793
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
21302649c46441ea325c66457294225ddb1d6235)
Stefan Metzmacher [Wed, 11 Aug 2021 11:26:41 +0000 (13:26 +0200)]
wscript: fix installing pre-commit with 'git worktree'
.git is not always a directory, with 'git worktree' it's a file.
'git rev-parse --git-path hooks' is the generic way to find the
patch for the githooks.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Aug 12 08:56:13 UTC 2021 on sn-devel-184
(cherry picked from commit
8858cf72af1cc15784749e58f184559a839dd4ef)
Autobuild-User(v4-15-test): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(v4-15-test): Thu Aug 12 12:03:18 UTC 2021 on sn-devel-184
Stefan Metzmacher [Wed, 11 Aug 2021 11:26:41 +0000 (13:26 +0200)]
script/bisect-test.py: add support git worktree
.git is not always a directory, with 'git worktree' it's a file.
Note we could also use 'git rev-parse --show-toplevel', but that's
a patch for another day.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
c7f85146cb50795afcbb1c607e87d163d241c79a)
Stefan Metzmacher [Wed, 11 Aug 2021 11:26:41 +0000 (13:26 +0200)]
wafsamba: add support git worktree to vcs_dir_contents()
.git is not always a directory, with 'git worktree' it's a file.
Note we could also use 'git rev-parse --show-toplevel', but that's
a patch for another day.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
2e2d2eaa10499537c9af07dd866ac8e613c3da02)
Jule Anger [Mon, 9 Aug 2021 13:20:37 +0000 (15:20 +0200)]
VERSION: Bump version up to Samba 4.15.0rc3...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Jule Anger <janger@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Jule Anger [Mon, 9 Aug 2021 13:15:54 +0000 (15:15 +0200)]
VERSION: Disable GIT_SNAPSHOT for the 4.15.0rc2 release.
Signed-off-by: Jule Anger <janger@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Jule Anger [Mon, 9 Aug 2021 13:14:28 +0000 (15:14 +0200)]
WHATSNEW: Add release notes for Samba 4.15.0rc2.
Signed-off-by: Jule Anger <janger@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Tue, 29 Jun 2021 10:47:34 +0000 (12:47 +0200)]
smbd: only open full fd for directories if needed
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14700
RN: File owner not available when file unreadable
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Aug 2 18:05:04 UTC 2021 on sn-devel-184
(cherry picked from commit
6d928eb1e8ea44f0d0aea4ec9b1b7c385a281193)
Autobuild-User(v4-15-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-15-test): Mon Aug 9 12:05:34 UTC 2021 on sn-devel-184
Ralph Boehme [Sat, 8 May 2021 19:45:25 +0000 (21:45 +0200)]
smbd: drop requirement for full open for READ_CONTROL_ACCESS, WRITE_DAC_ACCESS and WRITE_OWNER_ACCESS
This was needed before we had pathref fsps, with pathref fsps we can do
operation requiring WRITE_OWNER_ACCESS, WRITE_DAC_ACCESS and READ_CONTROL_ACCESS
on the pathref fsp.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14700
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
e71e373a07e467ff2d2328f39bd2bc285e2ba840)
Jeremy Allison [Thu, 15 Jul 2021 02:11:05 +0000 (19:11 -0700)]
s3: smbd: Don't leak meta-data about the containing directory of the share root.
This is a subtle one. In smbd_dirptr_get_entry() we now
open a pathref fsp on all entries - including "..".
If we're at the root of the share we don't want
a handle to the directory above it, so silently
close the smb_fname->fsp for ".." names to prevent
it from being used to return meta-data to the client
(more than we already have done historically by
calling pathname functions on "..").
The marshalling returned entries and async DOS
code copes with smb_fname->fsp == NULL perfectly
well.
Only in master, but will need fixing for 4.15.rc1
or 2.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14759
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Jul 28 15:07:54 UTC 2021 on sn-devel-184
(cherry picked from commit
2acad27686074029ac83c66b42bb37eea380f449)
Jeremy Allison [Thu, 15 Jul 2021 04:30:09 +0000 (21:30 -0700)]
s3: smbd: Allow async dosmode to cope with ".." pathnames where we close smb_fname->fsp to prevent meta-data leakage.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14759
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
b004ebb1c62742346b84ecb9d52c783173528fac)
Andreas Schneider [Mon, 2 Aug 2021 15:43:01 +0000 (17:43 +0200)]
configure: Do not put arguments into double quotes
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14777
This could create an issue that arguments don't get split by python and then the
following could happen:
./configure --libdir=/usr/lib64 --enable-clangdb
LIBDIR='/usr/lib64 --enable-clangdb'
This ends then up in parameters.all.xml:
<!ENTITY pathconfig.LIBDIR '/usr/lib64 --enable-clangdb'>
The python parser then errors out:
xml.etree.ElementTree.ParseError: not well-formed (invalid token)
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Aug 3 18:36:37 UTC 2021 on sn-devel-184
(cherry picked from commit
e2962b4262fc4a7197a3fcbd010fcfaca781baea)
Volker Lendecke [Fri, 30 Jul 2021 09:43:08 +0000 (11:43 +0200)]
samba-bgqd: Fix samba-bgqd with "clustering=yes"/"include=registry"
With the above combination, some flavor of lp_load() already
initializes global_event_ctx, for which the closeall_except() later on
will happily close the epoll fd for. If we want to close all file
descriptors at startup, this must be the very first thing overall.
Can't really write a proper test for this with knownfail that is
removed with the fix, because if we have clustering+include=registry,
the whole clusteredmember environment does not even start up.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14768
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Sat Jul 31 16:58:41 UTC 2021 on sn-devel-184
(cherry picked from commit
7818513053aabda046645583fa5bb79a03e2b5ac)
Autobuild-User(v4-15-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-15-test): Fri Aug 6 15:39:29 UTC 2021 on sn-devel-184
Andreas Schneider [Wed, 21 Jul 2021 14:06:15 +0000 (16:06 +0200)]
lib:cmdline: Use lp_load_global() for servers
As for client we need to enable support for 'config backend = registry'.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14768
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit
7b796b5bb735295bde252cd52283591b720d8d6e)
Stefan Metzmacher [Thu, 15 Jul 2021 11:20:22 +0000 (13:20 +0200)]
s3:smbd: really support AES-256* in the server
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14764
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jul 20 16:13:28 UTC 2021 on sn-devel-184
(cherry picked from commit
0ac71061044e2ee47f4de3a319ad2386128066fc)
Stefan Metzmacher [Mon, 19 Jul 2021 16:38:06 +0000 (18:38 +0200)]
s4:torture/smb2: add tests to check all signing and encryption algorithms
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14764
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
407b458242cd11bdb3ab219dc58b3ffb070b0e7c)
Stefan Metzmacher [Tue, 9 Mar 2021 09:40:04 +0000 (10:40 +0100)]
gnutls: allow gnutls_aead_cipher_encryptv2 with gcm before 3.6.15
The memory leak bug up to 3.6.14 was only related to ccm, but gcm was
fine.
This avoids talloc+memcpy on more systems, e.g. ubuntu 20.04,
and brings ~ 20% less cpu overhead, see:
https://hackmd.io/@asn/samba_crypto_benchmarks
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14764
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
5512416a8fbe00a7a5343afe0d50846e0a8f342b)
Andreas Schneider [Tue, 3 Aug 2021 11:20:40 +0000 (13:20 +0200)]
gitlab: Use shorter names for Samba AD DC env with MIT KRB5
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14779
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Aug 3 20:35:49 UTC 2021 on sn-devel-184
(cherry picked from commit
000f389d09ec9e9906d5e2a0aa317c471c5f5b96)
Andreas Schneider [Tue, 3 Aug 2021 09:04:37 +0000 (11:04 +0200)]
s3:winbindd: Add a check for the path length of 'winbindd socket directory'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14779
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
aab5cc95e224fef0efafeb1c37a4eb414aee65a0)
Günther Deschner [Tue, 20 Jul 2021 12:21:34 +0000 (14:21 +0200)]
WHATSNEW: mention the offline domain join feature
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Karolin Seeger <kseeger@samba.org>
Autobuild-User(v4-15-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-15-test): Wed Jul 21 10:27:55 UTC 2021 on sn-devel-184
Stefan Metzmacher [Tue, 29 Jun 2021 13:42:56 +0000 (15:42 +0200)]
libcli/smb: allow unexpected padding in SMB2 READ responses
Make use of smb2cli_parse_dyn_buffer() in smb2cli_read_done()
as it was exactly introduced for a similar problem see:
commit
4c6c71e1378401d66bf2ed230544a75f7b04376f
Author: Stefan Metzmacher <metze@samba.org>
AuthorDate: Thu Jan 14 17:32:15 2021 +0100
Commit: Volker Lendecke <vl@samba.org>
CommitDate: Fri Jan 15 08:36:34 2021 +0000
libcli/smb: allow unexpected padding in SMB2 IOCTL responses
A NetApp Ontap 7.3.7 SMB server add 8 padding bytes to an
offset that's already 8 byte aligned.
RN: Work around special SMB2 IOCTL response behavior of NetApp Ontap 7.3.7
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14607
Pair-Programmed-With: Volker Lendecke <vl@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Jan 15 08:36:34 UTC 2021 on sn-devel-184
RN: Work around special SMB2 READ response behavior of NetApp Ontap 7.3.7
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14607
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jul 15 23:53:55 UTC 2021 on sn-devel-184
(cherry picked from commit
155348cda65b441a6c4db1ed84dbf1682d02973c)
Stefan Metzmacher [Tue, 29 Jun 2021 13:24:13 +0000 (15:24 +0200)]
libcli/smb: make smb2cli_ioctl_parse_buffer() available as smb2cli_parse_dyn_buffer()
It will be used in smb2cli_read.c soon...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14607
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
1faf15b3d0f41fa8a94b76d1616a4460ce0c6fa4)
Stefan Metzmacher [Mon, 5 Jul 2021 15:49:00 +0000 (17:49 +0200)]
s3:smbd: implement FSCTL_SMBTORTURE_GLOBAL_READ_RESPONSE_BODY_PADDING8
This turns the 'smb2.read.bug14607' test from 'skip' into 'xfailure',
as the 2nd smb2cli_read() function will now return
NT_STATUS_INVALID_NETWORK_RESPONSE.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14607
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
ef57fba5dbf359b204ba952451e1e33ed68f1c91)
Stefan Metzmacher [Mon, 5 Jul 2021 15:49:00 +0000 (17:49 +0200)]
s3:smbd: introduce a body_size variable in smbd_smb2_request_read_done
This will simplify the following changes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14607
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
5ecac656fde4e81aa6e51e7b3134ea3fb75f564a)
Stefan Metzmacher [Tue, 6 Jul 2021 14:24:59 +0000 (16:24 +0200)]
s4:torture/smb2: add smb2.read.bug14607 test
This test will use a FSCTL_SMBTORTURE_GLOBAL_READ_RESPONSE_BODY_PADDING8
in order to change the server behavior of READ responses regarding
the data offset.
It will demonstrate the problem in smb2cli_read*() triggered
by NetApp Ontap servers.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14607
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
b3c9823d907b91632679e6f0ffce1b7192e4b9b6)
Karolin Seeger [Thu, 15 Jul 2021 07:58:05 +0000 (09:58 +0200)]
VERSION: Bump version up to 4.15.0rc2...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Jule Anger <janger@samba.org>
Karolin Seeger [Thu, 15 Jul 2021 07:09:37 +0000 (09:09 +0200)]
VERSION: Disable GIT_SNAPSHOT for the Samba 4.15.0rc1 release.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Jule Anger <janger@samba.org>
Karolin Seeger [Thu, 15 Jul 2021 07:06:20 +0000 (09:06 +0200)]
WHATSNEW: Up to Samba 4.15.0rc1.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Jule Anger <janger@samba.org>
Karolin Seeger [Thu, 15 Jul 2021 07:04:18 +0000 (09:04 +0200)]
WHATSNEW: Fix typos.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Jule Anger <janger@samba.org>
Jeremy Allison [Wed, 14 Jul 2021 18:23:54 +0000 (11:23 -0700)]
s3: VFS: default. In vfswrap_getxattrat_do_async() always use the pathref fsp.
This is always called via a path that mandates
smb_fname->fsp is valid.
https://bugzilla.samba.org/show_bug.cgi?id=14758
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Jul 15 05:48:05 UTC 2021 on sn-devel-184
Jeremy Allison [Wed, 14 Jul 2021 18:23:03 +0000 (11:23 -0700)]
s3: VFS: default. In vfswrap_getxattrat_do_sync() always use the pathref fsp.
This is always called via a path that mandates
smb_fname->fsp is valid.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14758
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Wed, 14 Jul 2021 18:35:06 +0000 (11:35 -0700)]
s3: VFS: default: Add 'handle' member to struct vfswrap_getxattrat_state
Not yet used.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14758
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Wed, 14 Jul 2021 18:17:49 +0000 (11:17 -0700)]
s3: VFS: default: Move vfswrap_fgetxattr() before the async versions.
We want to re-use this and don't want to have to add forward
declarations.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14758
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Wed, 14 Jul 2021 22:00:13 +0000 (15:00 -0700)]
s3: smbd: Allow "smbd async dosmode = yes" to return valid DOS attributes again.
We already have a valid smb_fname->fsp, don't drop
it when returning from smbd_dirptr_lanman2_entry()
to allow it to be reused inside dos_mode_at_send().
Remove knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14758
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Wed, 14 Jul 2021 22:29:01 +0000 (15:29 -0700)]
s3: tests: Add "SMB2-LIST-DIR-ASYNC" test.
Add as knownfail.
Shows our "smbd async dosmode" code wasn't working.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14758
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Wed, 14 Jul 2021 22:26:42 +0000 (15:26 -0700)]
s3: tests: Our tests for "smbd async dosmode = yes" haven't been working correctly as the parameter has been set incorrectly.
If must be "smbd async dosmode", not "smbd:async dosmode"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14758
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Wed, 14 Jul 2021 16:40:34 +0000 (18:40 +0200)]
WHATSNEW: add client/server smb3 signing/encryption algorithms
We can add more about this in the final 4.15.0 release notes later.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Jul 15 00:57:24 UTC 2021 on sn-devel-184
Stefan Metzmacher [Mon, 8 Mar 2021 01:05:55 +0000 (02:05 +0100)]
s3:smbd: improve the error returns for invalid session binding requests
This brings us closer to what a Windows Server with GMAC signing
returns.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Wed, 14 Jul 2021 14:12:41 +0000 (16:12 +0200)]
s4:torture: more smb2.session.bind_negative_smb3* combinations
This tests all kind of signing/encryption algorithm mismatches
and passes against Windows with GMAC signing support.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Tue, 13 Jul 2021 21:28:04 +0000 (23:28 +0200)]
docs-xml: offer aes-128-gmac by default
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Wed, 11 Nov 2020 13:10:01 +0000 (14:10 +0100)]
libcli/smb: add support for SMB2_SIGNING_AES128_GMAC
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Wed, 14 Jul 2021 13:04:22 +0000 (15:04 +0200)]
s4:torture: force AES_CMAC or HMAC_SHA256 for some SMB 3.1.1 tests
Allowing GMAC in future will generate different results, so
make sure the tests keep working as is.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Tue, 13 Jul 2021 19:26:19 +0000 (21:26 +0200)]
libcli/smb: actually make use of "client/server smb3 signing algorithms"
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Tue, 13 Jul 2021 19:26:19 +0000 (21:26 +0200)]
docs-xml: add "client/server smb3 signing algorithms" options
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Wed, 11 Nov 2020 13:27:30 +0000 (14:27 +0100)]
s3:smbd: prepare support for SMB2_SIGNING_CAPABILITIES
But notice that srv_sign_algos->num_algos is always 0 for now,
but that'll change in the next commits.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Thu, 11 Mar 2021 10:04:14 +0000 (11:04 +0100)]
libcli/smb: prepare support for SMB2_SIGNING_CAPABILITIES negotiation
For now client_sign_algos->num_algos will always be 0,
but that'll change in the next commits.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Wed, 11 Nov 2020 13:10:01 +0000 (14:10 +0100)]
libcli/smb: make sure smb2_signing_calc_signature() never generates a signature without a valid MID
This is important as AES-128-GMAC signing will derive the NONCE from the MID.
It also means a STATUS_PENDING response must never be signed.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Thu, 6 May 2021 21:07:13 +0000 (23:07 +0200)]
libcli/smb: make sure we always send a valid MID in cancel PDUs
This is important as with AES-128-GMAC signing, the nonce will be
derived from the MID.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Mon, 8 Mar 2021 01:03:30 +0000 (02:03 +0100)]
libcli/smb: skip session setup signing for REQUEST_OUT_OF_SEQUENCE, NOT_SUPPORTED and ACCESS_DENIED
We should propagate these errors to the caller instead of masking them
with ACCESS_DENIED. And for ACCESS_DENIED we should not disconnect the
connection.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Wed, 14 Jul 2021 14:23:54 +0000 (16:23 +0200)]
libcli/smb: add smb2cli_conn_server_{signing,encryption}_algo()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Tue, 13 Jul 2021 20:37:36 +0000 (22:37 +0200)]
s3:smbd: make sure we don't try to sign CANCEL response PDUs
Normally these are never generated, but it can happen when the
signing check fails.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Fri, 11 Jun 2021 13:33:46 +0000 (13:33 +0000)]
s3:smbd: make sure STATUS_PENDING responses are never signed
It's important to match Windows here in order to avoid reusing
a NONCE for AES-128-GMAC signing.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Thu, 6 May 2021 21:55:49 +0000 (23:55 +0200)]
s3:smbstatus: pretty print the use of new signing/encryption algorithms
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Tue, 13 Jul 2021 19:50:27 +0000 (21:50 +0200)]
s3:smbd: only allow cancel with the same session
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Wed, 11 Nov 2020 12:47:11 +0000 (13:47 +0100)]
libcli/smb: add SMB2_SIGNING_CAPABILITIES related defines to smb2_constants.h
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Wed, 11 Nov 2020 12:47:11 +0000 (13:47 +0100)]
libcli/smb: add SMB2_RDMA_TRANSFORM_CAPABILITIES related defines to smb2_constants.h
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Wed, 11 Nov 2020 12:47:11 +0000 (13:47 +0100)]
libcli/smb: add SMB2_TRANSPORT_CAPABILITIES related defines to smb2_constants.h
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Tue, 10 Nov 2020 00:28:03 +0000 (01:28 +0100)]
lib/param: offer aes-256-{gcm,ccm} encryption by default
We match Windows and keep aes-128-{gcm,ccm} first...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Tue, 10 Nov 2020 00:25:19 +0000 (01:25 +0100)]
libcli/smb: add aes-256-{gcm,ccm} support to smb2_signing_[en|de]crypt_pdu()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Wed, 14 Jul 2021 10:13:49 +0000 (12:13 +0200)]
s3:smbd: let 'server smb3 encryption algorithms' disable aes-128-ccm for SMB3_0*
SMB 3.0 and 3.0.2 require aes-128-ccm, so we need to reject them unless
'client smb3 encryption algorithms' allows them.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Wed, 14 Jul 2021 10:13:49 +0000 (12:13 +0200)]
libcli/smb: add smb311_capabilities_check() helper
It checks that the resulting algorithms (most likely for
dialects < 3.1.1) are actually allowed.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Wed, 14 Jul 2021 10:13:49 +0000 (12:13 +0200)]
libcli/smb: let 'client smb3 encryption algorithms' disable aes-128-ccm for SMB3_0*
SMB 3.0 and 3.0.2 require aes-128-ccm, so we need to reject them unless
'client smb3 encryption algorithms' allows them.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Tue, 13 Jul 2021 16:16:10 +0000 (18:16 +0200)]
s3:smbd: make use of 'server smb3 encryption algorithms'
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Tue, 13 Jul 2021 16:16:10 +0000 (18:16 +0200)]
s4:param: make use of 'client smb3 encryption algorithms'
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Tue, 13 Jul 2021 16:16:10 +0000 (18:16 +0200)]
s3:libsmb: make use of 'client smb3 encryption algorithms'
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Tue, 13 Jul 2021 16:00:59 +0000 (18:00 +0200)]
libcli/smb: add helpers to parse client/server smb3 encryption algorithms into struct smb311_capabilities
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Tue, 13 Jul 2021 16:00:59 +0000 (18:00 +0200)]
docs-xml: add "client/server smb3 encryption algorithms" options
This gives administrators more control over the used algorithms.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Wed, 10 Mar 2021 15:34:54 +0000 (16:34 +0100)]
smb2_negprot: make use of struct smb311_capabilities.encryption
This makes the code more generic and allow the supported ciphers
to be easily added or depend on the configuration later.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Tue, 13 Jul 2021 22:16:06 +0000 (00:16 +0200)]
WHATNEW: document "server multi channel support" change
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Tue, 13 Jul 2021 22:14:24 +0000 (00:14 +0200)]
lib/param: enable "server multi channel support" by default on Linux and FreeBSD
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Tue, 13 Jul 2021 22:06:52 +0000 (00:06 +0200)]
lib/param: add lpcfg_parm_is_unspecified() helper
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Fri, 9 Jul 2021 13:36:12 +0000 (15:36 +0200)]
s3:smbd: fallback to smb2srv_session_lookup_global() for session setups with failed signing
The motivation is to get the same error responses as a windows server.
We already fallback to smb2srv_session_lookup_global() in other places
where we don't have a valid session in the current smbd process.
If signing is failing while verifying a session setup request,
we should do the same if we don't have a valid channel binding
for the connection yet.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Tue, 13 Jul 2021 14:37:42 +0000 (16:37 +0200)]
s3:smbd: remove dead code from smbd_smb2_request_dispatch()
We have '} else if (signing_required || (flags & SMB2_HDR_FLAG_SIGNED)) {'
before...
Use 'git show -U52' to see the whole story...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Wed, 14 Jul 2021 15:15:52 +0000 (17:15 +0200)]
s3:smbd: make sure smbXsrv_session_update() doesn't segfault with table == NULL
There might be other places than smb2srv_update_crypto_flags(), which
may call smbXsrv_session_update() with a fake session, they should
return in error instead of segfaulting.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Thu, 10 Jun 2021 16:03:15 +0000 (16:03 +0000)]
s3:smbd: fix a NULL pointer deference caused by smb2srv_update_crypto_flags()
When we used a fake session structure from
smb2srv_session_lookup_global() there's no point in updating
any database.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>