Stefan Metzmacher [Fri, 15 Oct 2021 01:34:11 +0000 (03:34 +0200)]
s3:libads: avoid changing ADS->server.workgroup
ads_find_dc() uses c_domain = ads->server.workgroup and
don't expect it to get out of scope deep in resolve_and_ping_dns().
The result are corrupted domain values in the debug output.
Valgrind shows this:
Invalid read of size 1
at 0x483EF46: strlen (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
by 0x608BE94: __vfprintf_internal (vfprintf-internal.c:1688)
by 0x609ED49: __vasprintf_internal (vasprintf.c:57)
by 0x5D2EC0F: __dbgtext_va (debug.c:1860)
by 0x5D2ED3F: dbgtext (debug.c:1881)
by 0x4BFFB50: ads_find_dc (ldap.c:570)
by 0x4C001F4: ads_connect (ldap.c:704)
by 0x4C1DC12: ads_dc_name (namequery_dc.c:84)
Address 0xb69f6f0 is 0 bytes inside a block of size 11 free'd
at 0x483CA3F: free (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
by 0x4BFF0AF: ads_try_connect (ldap.c:299)
by 0x4BFF40E: cldap_ping_list (ldap.c:367)
by 0x4BFF75F: resolve_and_ping_dns (ldap.c:468)
by 0x4BFFA91: ads_find_dc (ldap.c:556)
by 0x4C001F4: ads_connect (ldap.c:704)
by 0x4C1DC12: ads_dc_name (namequery_dc.c:84)
Block was alloc'd at
at 0x483B7F3: malloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
by 0x60B250E: strdup (strdup.c:42)
by 0x4FF1492: smb_xstrdup (util.c:743)
by 0x4C10E62: ads_init (ads_struct.c:148)
by 0x4C1DB68: ads_dc_name (namequery_dc.c:73)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14981
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
ca859e55d28f421196bc2660cfa84595ec5b57c6)
Stefan Metzmacher [Tue, 7 May 2024 14:53:24 +0000 (14:53 +0000)]
s3:libsmb: allow store_cldap_reply() to work with a ipv6 response
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15642
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri May 10 01:35:18 UTC 2024 on atb-devel-224
(cherry picked from commit
712ffbffc03c7dcd551c1e22815ebe7c0b9b45d2)
Stefan Metzmacher [Tue, 6 Feb 2024 20:09:58 +0000 (21:09 +0100)]
s4:dsdb/repl: let drepl_out_helpers.c always go via dreplsrv_out_drsuapi_send()
I have customer backtraces showing that 'drsuapi' is NULL in
dreplsrv_op_pull_source_get_changes_trigger() called from the
WERR_DS_DRA_SCHEMA_MISMATCH retry case of
dreplsrv_op_pull_source_apply_changes_trigger(), while 'drsuapi' was
a valid pointer there.
From reading the code I don't understand how this can happen,
but it does very often on RODCs. And this fix prevents the problem.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15573
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
83030780285290ecf64b57c1744634379b68ea01)
Stefan Metzmacher [Mon, 3 Jul 2023 13:14:38 +0000 (15:14 +0200)]
s3:utils: let smbstatus report anonymous signing/encryption explicitly
We should mark sessions/tcons with anonymous encryption or signing
in a special way, as the value of it is void, all based on a
session key with 16 zero bytes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15412
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu May 23 13:37:09 UTC 2024 on atb-devel-224
(cherry picked from commit
5a54c9b28abb1464c84cb4be15a49718d8ae6795)
Stefan Metzmacher [Fri, 30 Jun 2023 16:05:51 +0000 (18:05 +0200)]
s3:smbd: allow anonymous encryption after one authenticated session setup
I have captures where a client tries smb3 encryption on an anonymous session,
we used to allow that before commit
da7dcc443f45d07d9963df9daae458fbdd991a47
was released with samba-4.15.0rc1.
Testing against Windows Server 2022 revealed that anonymous signing is always
allowed (with the session key derived from 16 zero bytes) and
anonymous encryption is allowed after one authenticated session setup on
the tcp connection.
https://bugzilla.samba.org/show_bug.cgi?id=15412
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
f3ddfb828e66738ca461c3284c423defb774547c)
Stefan Metzmacher [Mon, 3 Jul 2023 13:12:38 +0000 (15:12 +0200)]
s3:utils: let smbstatus also report partial tcon signing/encryption
We already do that for sessions and also for the json output,
but it was missing in the non-json output for tcons.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15412
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
551756abd2c9e4922075bc3037db645355542363)
Stefan Metzmacher [Mon, 3 Jul 2023 13:12:38 +0000 (15:12 +0200)]
s3:utils: let smbstatus also report AES-256 encryption types for tcons
We already do that for sessions.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15412
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
8119fd6d6a49b869bd9e8ff653b500e194b070de)
Stefan Metzmacher [Mon, 3 Jul 2023 13:10:08 +0000 (15:10 +0200)]
s3:utils: let connections_forall_read() report if the session was authenticated
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15412
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
5089d8550640f72b1e0373f8ac321378ccaa8bd5)
Stefan Metzmacher [Mon, 3 Jul 2023 13:08:31 +0000 (15:08 +0200)]
s3:lib: let sessionid_traverse_read() report if the session was authenticated
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15412
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
596a10d1079f5c4a954108c81efc862c22a11f28)
Stefan Metzmacher [Mon, 3 Jul 2023 13:05:59 +0000 (15:05 +0200)]
s3:utils: remove unused signing_flags in connections_forall()
We never use the signing flags from the session, as the tcon
has its own signing flags.
https://bugzilla.samba.org/show_bug.cgi?id=15412
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
a9f84593f44f15a19c4cdde1e7ad53cd5e03b4d9)
Stefan Metzmacher [Wed, 15 May 2024 08:02:00 +0000 (10:02 +0200)]
s4:torture/smb2: add smb2.session.anon-{encryption{1,2,},signing{1,2}}
These demonstrate how anonymous encryption and signing work.
They pass against Windows 2022 as ad dc.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15412
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
6c5781b5f154857f1454f41133687fba8c4c9df9)
Stefan Metzmacher [Wed, 15 May 2024 08:51:42 +0000 (10:51 +0200)]
s4:libcli/smb2: add hack to test anonymous signing and encryption
This will be used in torture tests.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15412
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
6a89615d78119c0bff2fb07bd0c62e4c31ea8441)
Stefan Metzmacher [Tue, 14 May 2024 16:21:33 +0000 (18:21 +0200)]
smbXcli_base: add hacks to test anonymous signing and encryption
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15412
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
14d6e2672126adee85997dc3d3c64607c987e8b9)
Stefan Metzmacher [Wed, 8 May 2024 16:03:54 +0000 (18:03 +0200)]
tests/ntacls: unblock failing gitlab pipelines because test_setntacl_forcenative
This expects PermissionError: [Errno 1] Operation not permitted,
but it seems that setxattr() for security.NTACL works on gitlab
runners without being root.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
237d9d0228cfed6d2e08b41b888d30aac5ab89e3)
Stefan Metzmacher [Wed, 8 May 2024 14:12:06 +0000 (16:12 +0200)]
.gitlab-ci-main.yml: debug kernel details of the current runner
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
380d9c5a7392741ff2134ef1e83df45a29293db3)
Andrew Bartlett [Tue, 7 May 2024 10:32:08 +0000 (22:32 +1200)]
.gitlab-ci: Remove tags no longer provided by gitlab.com
GitLab.com removed a number of tags from their hosted
runners and this meant our CI was being redirected to
our private runners at a larger cost to the Samba Team.
The new infrastructure is much larger than when we last
selected runners so we can just use the default, even for
the code coverage build.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15638
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue May 7 13:40:55 UTC 2024 on atb-devel-224
(cherry picked from commit
d58a72c572f63619111f43f6ea39ff84ae0df16e)
Anna Popova [Fri, 12 Apr 2024 14:32:37 +0000 (17:32 +0300)]
s3:utils: Fix Inherit-Only flag being automatically propagated to children
Inherit-only flag applies only to the container it was set to and it
shouldn't be automatically propagated to children.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15636
Signed-off-by: Anna Popova <popova.anna235@gmail.com>
Reviewed-by: Noel Power <noel.power@suse.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Mon Apr 29 10:56:48 UTC 2024 on atb-devel-224
(cherry picked from commit
80159018e411c643fbfe7ef82bd33e30b6147901)
Autobuild-User(v4-19-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-19-test): Tue May 7 09:31:32 UTC 2024 on atb-devel-224
yuzu367 [Thu, 11 Apr 2024 08:31:07 +0000 (11:31 +0300)]
python/samba/tests/blackbox: Add tests for Inherit-only flag propagation
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15636
Signed-off-by: Anna Popova <popova.anna235@gmail.com>
Reviewed-by: Noel Power <noel.power@suse.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
eba2bfde347041a395f0fbd3c57235be63b1890d)
Noel Power [Thu, 28 Mar 2024 10:48:58 +0000 (10:48 +0000)]
libcli/http: Detect unsupported Transfer-encoding type
Also removes knownfail for test that now passes
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15611
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
a18c53a9b98e2e8dea08cf0ef08efc59e58ec137)
Autobuild-User(v4-19-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-19-test): Thu Apr 11 10:50:52 UTC 2024 on atb-devel-224
Noel Power [Thu, 28 Mar 2024 09:16:33 +0000 (09:16 +0000)]
selftest: Add new test for testing non-chunk transfer encoding
And add a known fail because there is a bug :-(
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15611
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
93709d31590d4ca25fbac813b9e499755b81ddb5)
Noel Power [Thu, 28 Mar 2024 09:09:02 +0000 (09:09 +0000)]
selftest: fix potential reference before assigned error
This would only happen if the test failed (but the message would be
incorrect as 'e' the exception to be stringified doesn't exist.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15611
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
efdbf0511e0a89f865210170001fbebf17a45278)
Noel Power [Mon, 25 Mar 2024 19:44:10 +0000 (19:44 +0000)]
libcli/http: Handle http chunked transfer encoding
Also removes the knownfail for the chunked transfer test
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15611
(cherry picked from commit
03240c91fb6ffcf5afe47c14a1ba7a8bc12f2348)
Noel Power [Thu, 23 Sep 2021 11:18:22 +0000 (12:18 +0100)]
tests: add test for chunked encoding with http cli library
Adds http test client to excercise the http client library
and a blackbox test to run the client. This client is built
only with selftest
also adds a knownfail for the test
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15611
(cherry picked from commit
30acd609f560352d3edb0c931b9a864110025b2c)
Noel Power [Fri, 22 Mar 2024 08:55:49 +0000 (08:55 +0000)]
libcli/http: Optimise reading for content-length
Instead of reading byte-by-byte we know the content length we
want to read so lets use it.
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15611
(cherry picked from commit
5f03d84e3b52bf5a31a0f885cb83bdcb48ec96f7)
Noel Power [Mon, 25 Mar 2024 16:25:55 +0000 (16:25 +0000)]
selftest: Add basic content-lenght http tests
very simple test of basic http request/response plus some checks to
ensure http response doesn't exceed the response max length set by
the client call.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15611
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
74cdebeae3d1bc35eea96b51b9491f6c52844b10)
Noel Power [Mon, 25 Mar 2024 19:21:54 +0000 (19:21 +0000)]
Add simple http_client for use in black box tests (in following commits)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15611
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
cd6c075476c820b4fe8bdc10a24d8fc8ac74e9c9)
Jule Anger [Mon, 8 Apr 2024 07:25:07 +0000 (09:25 +0200)]
VERSION: Bump version up to Samba 4.19.7...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Jule Anger <janger@samba.org>
Jule Anger [Mon, 8 Apr 2024 07:24:50 +0000 (09:24 +0200)]
VERSION: Disable GIT_SNAPSHOT for the 4.19.6 release.
Signed-off-by: Jule Anger <janger@samba.org>
Jule Anger [Mon, 8 Apr 2024 07:20:40 +0000 (09:20 +0200)]
WHATSNEW: Add release notes for Samba 4.19.6.
Signed-off-by: Jule Anger <janger@samba.org>
Noel Power [Tue, 20 Feb 2024 09:26:29 +0000 (09:26 +0000)]
s3/smbd: If we fail to close file_handle ensure we should reset the fd
if fsp_flags.fstat_before_close == true then close_file_smb will call
vfs_stat which can fail. If it does fail then the fd associated
with the file handle will still be set (and we will hit an assert
is the file handle destructor) when calling file_free.
We need to set fd to -1 to avoid that. To achieve that we capture and
return the vfs_stat_fsp failure status while still processing the rest
of the fd_close logic.
[2024/02/20 09:23:48.454671, 0, pid=9744] ../../source3/smbd/smb2_close.c:226(smbd_smb2_close)
smbd_smb2_close: close_file[]: NT_STATUS_ACCESS_DENIED
[2024/02/20 09:23:48.454757, 0, pid=9744] ../../source3/smbd/fd_handle.c:40(fd_handle_destructor)
PANIC: assert failed at ../../source3/smbd/fd_handle.c(40): (fh->fd == -1) || (fh->fd == AT_FDCWD)
[2024/02/20 09:23:48.454781, 0, pid=9744] ../../lib/util/fault.c:178(smb_panic_log)
===============================================================
[2024/02/20 09:23:48.454804, 0, pid=9744] ../../lib/util/fault.c:185(smb_panic_log)
INTERNAL ERROR: assert failed: (fh->fd == -1) || (fh->fd == AT_FDCWD) in smbd (smbd[192.168.10) (client [192.168.100.15]) pid 9744 (4.21.0pre1-DEVELOPERBUILD)
[2024/02/20 09:23:48.454844, 0, pid=9744] ../../lib/util/fault.c:190(smb_panic_log)
If you are running a recent Samba version, and if you think this problem is not yet fixed in the latest versions, please consider reporting this bug, see https://wiki.samba.org/index.php/Bug_Reporting
[2024/02/20 09:23:48.454869, 0, pid=9744] ../../lib/util/fault.c:191(smb_panic_log)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15527
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Wed Mar 13 10:34:45 UTC 2024 on atb-devel-224
(cherry picked from commit
6ee3f809a54d7b833ff798e68a93ada00a215d4d)
Autobuild-User(v4-19-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-19-test): Wed Mar 27 15:53:39 UTC 2024 on atb-devel-224
Ralph Boehme [Mon, 5 Feb 2024 14:03:48 +0000 (15:03 +0100)]
smbd: simplify handling of failing fstat() after unlinking file
close_remove_share_mode() already called vfs_stat_fsp(), so we can skip the
fstat() triggered in fd_close() by fsp->fsp_flags.fstat_before_close being true.
This avoids getting an EACCESS error when doing an fstat() on the removed file
which seems to happen with some FUSE filesystems.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15527
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
6e6324cff29089a636823786183222a73fe7cb28)
Andreas Schneider [Tue, 5 Mar 2024 12:17:19 +0000 (13:17 +0100)]
libgpo: Do not segfault if we don't have a valid security descriptor
Program received signal SIGSEGV, Segmentation fault.
ndr_push_security_descriptor (ndr=ndr@entry=0x555555bf41b0, ndr_flags=ndr_flags@entry=768, r=r@entry=0x0) at librpc/gen_ndr/ndr_security.c:713
713 NDR_CHECK(ndr_push_security_descriptor_revision(ndr, NDR_SCALARS, r->revision));
Thread 1 (Thread 0x7ffff7ece740 (LWP 21460) "python3"):
#0 ndr_push_security_descriptor (ndr=ndr@entry=0x555555bf41b0, ndr_flags=ndr_flags@entry=768, r=r@entry=0x0) at librpc/gen_ndr/ndr_security.c:713
_flags_save_STRUCT = 0
_status = <optimized out>
_status = <optimized out>
_status = <optimized out>
_status = <optimized out>
_status = <optimized out>
_status = <optimized out>
_status = <optimized out>
_status = <optimized out>
_status = <optimized out>
_status = <optimized out>
_status = <optimized out>
_status = <optimized out>
_status = <optimized out>
_status = <optimized out>
_status = <optimized out>
_status = <optimized out>
_status = <optimized out>
_status = <optimized out>
_status = <optimized out>
_status = <optimized out>
__FUNCTION__ = "ndr_push_security_descriptor"
#1 0x00007ffff617237f in ndr_push_struct_blob (blob=blob@entry=0x7fffffffdb20, mem_ctx=0x555555aa3bd0, p=0x0, fn=0x7ffff6074ad0 <ndr_push_security_descriptor>, fn@entry=0x7ffff60706c8 <ndr_push_security_descriptor@plt>) at ../../librpc/ndr/ndr.c:1438
_status = <optimized out>
ndr = 0x555555bf41b0
#2 0x00007ffff607cccf in marshall_sec_desc (mem_ctx=<optimized out>, secdesc=<optimized out>, data=data@entry=0x7fffffffdb80, len=len@entry=0x7fffffffdb78) at ../../libcli/security/secdesc.c:241
blob = {data = 0x7fffffffdb40 "`\333\377\377\377\177", length =
140737352374299}
ndr_err = <optimized out>
__FUNCTION__ = "marshall_sec_desc"
#3 0x00007ffff29edd94 in GPO_marshall_get_sec_desc_buf (self=<optimized out>, args=<optimized out>, kwds=<optimized out>) at ../../libgpo/pygpo.c:119
gpo_ptr = <optimized out>
status = <optimized out>
data = 0x0
len = 0
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15599
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>
(cherry picked from commit
b13d4359f2f16e391763d1dc6a5718def973fabb)
Autobuild-User(v4-19-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-19-test): Fri Mar 15 11:20:39 UTC 2024 on atb-devel-224
Andreas Schneider [Mon, 4 Mar 2024 15:42:38 +0000 (16:42 +0100)]
libgpo: Fix trailing spaces in pygpo.c
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>
(cherry picked from commit
6fb86a0fa62d93c1c84c2000f01c381a9e8217e1)
Andreas Schneider [Wed, 21 Feb 2024 08:10:47 +0000 (09:10 +0100)]
python:gp: Implement client site lookup in site_dn_for_machine()
This is [MS-GPOL] 3.2.5.1.4 Site Search.
The netr_DsRGetSiteName() needs to run over local rpc, however we do not
have the call implemented in our rpc_server. What netr_DsRGetSiteName()
actually does is an ldap query to get the sitename, we can just do the
same.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15588
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
e4c3c61302b12419f041867b58350f11dc800318)
Autobuild-User(v4-19-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-19-test): Fri Mar 1 08:52:55 UTC 2024 on atb-devel-224
Andreas Schneider [Wed, 21 Feb 2024 07:56:06 +0000 (08:56 +0100)]
librpc:idl: Make netlogon_samlogon_response public
This is required that we can use it with ndrdump or in python to decode
a NETLOGON_SAM_LOGON_RESPONSE_EX ldap response.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15588
Signed-off-by: Andreas Schneider <asn@samba.org>
Pair-Programmed-With: Guenther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
e758425869729a43136ae51e6baecb2061d1525b)
Martin Schwenke [Fri, 9 Feb 2024 06:29:46 +0000 (17:29 +1100)]
ctdb-protocol: Add missing push support for new controls
CTDB_CONTROL_TCP_CLIENT_DISCONNECTED and
CTDB_CONTROL_TCP_CLIENT_PASSED were added in commits
c6602b686b4e50d93272667ef86d3904181fb1ab and
037e8e449deb136ad5ed5e4de05439411b545b6d. They were missing test
support for the packet push/pull. While adding the testing (for
completeness, before adding another new control) I noticed that the
push functionality was absent. This adds that, along with the test
support.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15580
Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Feb 19 10:21:48 UTC 2024 on atb-devel-224
(cherry picked from commit
dd9b11acbc4fbde1941719968aeb463b853b0ffb)
Autobuild-User(v4-19-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-19-test): Mon Feb 26 09:59:42 UTC 2024 on atb-devel-224
Jule Anger [Mon, 19 Feb 2024 10:35:15 +0000 (11:35 +0100)]
VERSION: Bump version up to Samba 4.19.6...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Jule Anger <janger@samba.org>
Jule Anger [Mon, 19 Feb 2024 10:33:51 +0000 (11:33 +0100)]
VERSION: Disable GIT_SNAPSHOT for the 4.19.5 release.
Signed-off-by: Jule Anger <janger@samba.org>
Jule Anger [Mon, 19 Feb 2024 10:33:12 +0000 (11:33 +0100)]
WHATSNEW: Add release notes for Samba 4.19.5.
Signed-off-by: Jule Anger <janger@samba.org>
Andreas Schneider [Mon, 29 Jan 2024 16:46:30 +0000 (17:46 +0100)]
python:gp: Fix logging with gp
This allows enable INFO level logging with: `samba-gpupdate -d3`
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15558
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
145194071b10c4c1857f28fe79c57fd63ffab889)
Autobuild-User(v4-19-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-19-test): Mon Feb 5 12:34:12 UTC 2024 on atb-devel-224
Gabriel Nagy [Fri, 19 Jan 2024 09:36:19 +0000 (11:36 +0200)]
gpo: Do not get templates list on first run
This is a visual fix and has no impact on functionality apart from
cleaner log messages.
The point of this is to get the list of supported templates in order to
compute a diff between the current applied templates and the updated
list, so we are able to unapply and reapply the policy in case there are
differences.
However this code path is executed on first applies as well, at which
point the root CA is not yet set up. This causes the
`get_supported_templates` call to fail, which is not a hard failure but
still pollutes the logs. In this case it's safe to avoid executing the
command as the policy will be applied regardless.
Signed-off-by: Gabriel Nagy <gabriel.nagy@canonical.com>
Reviewed-by: David Mulder <dmulder@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Jan 22 16:48:57 UTC 2024 on atb-devel-224
(cherry picked from commit
8579340fc540633c13c017d896034904a8dbd55c)
Gabriel Nagy [Thu, 18 Jan 2024 18:23:24 +0000 (20:23 +0200)]
gpo: Decode base64 root cert before importing
The reasoning behind this is described in the previous commit message,
but essentially this should either be wrapped in certificate blocks and
imported as PEM, or converted back to binary and imported as DER.
I've opted for the latter since it's how it used to work before it
regressed in
157335ee93e.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15557
Signed-off-by: Gabriel Nagy <gabriel.nagy@canonical.com>
Reviewed-by: David Mulder <dmulder@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
3f3ddfa699a33c2c8a59f7fb9ee044bb2a6e0e06)
Gabriel Nagy [Mon, 8 Jan 2024 16:05:08 +0000 (18:05 +0200)]
gpo: Test certificate policy without NDES
As of
8231eaf856b, the NDES feature is no longer required on Windows, as
cert auto-enroll can use the certificate from the LDAP request.
However,
157335ee93e changed the implementation to convert the LDAP
certificate to base64 due to it failing to cleanly convert to a string.
Because of insufficient test coverage I missed handling the part where
NDES is disabled or not reachable and the LDAP certificate was imported.
The call to load_der_x509_certificate now fails with an error because it
expects binary data, yet it receives a base64 encoded string.
This adds a test to confirm the issue.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15557
Signed-off-by: Gabriel Nagy <gabriel.nagy@canonical.com>
Reviewed-by: David Mulder <dmulder@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
0d1ff69936f18ea729fc11fbbb1569a833302572)
Joseph Sutton [Fri, 25 Aug 2023 01:56:21 +0000 (13:56 +1200)]
python: Fix invalid escape sequences
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
b068592dd0dccce634cb17b66f0659ba60523908)
Ralph Boehme [Mon, 18 Dec 2023 11:35:58 +0000 (12:35 +0100)]
smbd: use dirfsp and atname in open_directory()
On systems without /proc/fd support this avoid the expensive chdir()
logic in non_widelink_open(). open_file_ntcreate() already passes
dirfsp and atname to reopen_from_fsp(), it was just missed in the
conversion.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15549
Reviewed-by: Volker Lendecke <vl@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Jan 22 12:00:56 UTC 2024 on atb-devel-224
(cherry picked from commit
2713023250f15cf9971d88620cab9dd4afd0dc73)
Autobuild-User(v4-19-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-19-test): Mon Jan 29 11:59:41 UTC 2024 on atb-devel-224
Ralph Boehme [Tue, 2 Jan 2024 13:34:26 +0000 (14:34 +0100)]
smbd: use safe_symlink_target_path() in symlink_target_below_conn()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15549
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
1965fc77b3852a0593e13897af08f5304a1ce3a2)
Ralph Boehme [Tue, 2 Jan 2024 12:25:25 +0000 (13:25 +0100)]
smbd: add a directory argument to safe_symlink_target_path()
Existing caller passes NULL, no change in behaviour. Prepares for
replacing symlink_target_below_conn() in open.c.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15549
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
fc80c72d658a41fe4d93b24b793b52c91b350175)
Ralph Boehme [Tue, 2 Jan 2024 11:49:14 +0000 (12:49 +0100)]
smbd: pass symlink target path to safe_symlink_target_path()
Moves processing the symlink error response to the caller
filename_convert_dirfsp(). Prepares for using this in
non_widelink_open(), where it will replace symlink_target_below_conn()
with the same functionality.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15549
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(back-ported from commit
0515dded4ddb49e5570ae7df51126af1a2d643de)
Ralph Boehme [Tue, 19 Dec 2023 10:12:49 +0000 (11:12 +0100)]
CI: disable /proc/fds and RESOLVE_NO_SYMLINK in samba-no-opath-build runner
This is a more sensible combination of missing Linux specific features:
- O_PATH
- openat2() with RESOLVE_NO_SYMLINKS
- somehow safely reopen an O_PATH file handle
Currently only O_PATH is disabled for these jobs, but that doesn't really match
and know OS.
The following list shows which features are available and used by Samba on a few
OSes:
| O_PATH | RESOLVE_NO_SYMLINKS | Safe reopen | CI covered
--------|----------------|---------------------|----------------------------
| Supported Used | Supported Used | Supported Used |
============================================================================
Linux | + + | + + | + + | +
FreeBSD | + + | + [1] - | + [2] - | -
AIX | - - | - - | - - | +
So by also disabling RESOLVE_NO_SYMLINKS and Safe Reopen, we cover classic UNIX
systems like AIX.
[1] via open() flag O_RESOLVE_BENEATH
[2] via open() flag O_EMPTY_PATH
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15549
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
62cbe145c7e500c4759ed2005c78bd5056c87f43)
Ralph Boehme [Tue, 19 Dec 2023 10:11:55 +0000 (11:11 +0100)]
vfs_default: allow disabling /proc/fds and RESOLVE_NO_SYMLINK at compile time
This will be used in CI to have a gitlab runner without all modern Linux
features we make use of as part of path processing:
- O_PATH
- openat2() with RESOLVE_NO_SYMLINKS
- somehow safely reopen an O_PATH file handle
That gives what a classix UNIX like AIX or Solaris offers feature wise.
Other OSes support other combinations of those features, but we leave the
exersize of possibly adding more runners supporting those combinations to the
reader.
The following list shows which features are available and used by Samba on a few
OSes:
| O_PATH | RESOLVE_NO_SYMLINKS | Safe reopen | CI covered
--------|----------------|---------------------|----------------------------
| Supported Used | Supported Used | Supported Used |
============================================================================
Linux | + + | + + | + + | +
FreeBSD | + + | + [1] - | + [2] - | -
AIX | - - | - - | - - | +
[1] via open() flag O_RESOLVE_BENEATH
[2] via open() flag O_EMPTY_PATH
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15549
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
5c2f96442a25a1725809a28b3719afbc0bd01830)
David Mulder [Fri, 5 Jan 2024 15:47:07 +0000 (08:47 -0700)]
gp: Skip site GP list if no site is found
[MS-GPOL] 3.2.5.1.4 Site Search says if the site
search returns ERROR_NO_SITENAME, the GP site
search should be skipped.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15548
Signed-off-by: David Mulder <dmulder@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Jan 23 11:20:35 UTC 2024 on atb-devel-224
(cherry picked from commit
f05b61b4991e7f51bd184d76a79f8b50114a0ff3)
Jones Syue [Fri, 12 Jan 2024 03:52:34 +0000 (11:52 +0800)]
s3:passdb: smbpasswd reset permissions only if not 0600
Browsing files or download files from samba server, smbd would check user's
id to decide whether this user could access these files, by lookup user's
information from the password file (e.g. /usr/local/samba/private/smbpasswd).
smbd might goes through startsmbfilepwent(), this api calls [f]chmod() to
make sure the password file has valid permissions 0600.
Consider a scenario: we are doing a read performance benchmark about
downloading a bunch of files (e.g. a thousand files) from a samba server,
monitoring file system i/o activities counters, and expecting that should
be only read operations on file system because this is just downloading, no
uploading is involved. But actually found that still write operations on file
system, because smbd lookup user and always reset 0600 permissions on password
file while access each file, it makes dirty pages (inode modification) in ram,
later triggered a kernel journal daemon to sync dirty pages into back storage
(e.g. ext3 kjournald, or ext4 jbd2).
This looks like not friendly for read performance benchmark if it happened on
an entry-level systems with much less memory and limited computation power,
because dirty pages syncing in the meantime slows down read performance.
This patch adds fstat() before [f]chmod(), it would check whether password
file has valid permissions 0600 or not. If 0600 smbd would bypass [f]chmod()
to avoid making dirty pages on file systems. If not 0600 smbd would warn and
go through [f]chmod() to set valid permissions 0600 to password file as
earlier days.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15555
Signed-off-by: Jones Syue <jonessyue@qnap.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Jan 18 10:28:19 UTC 2024 on atb-devel-224
(cherry picked from commit
c82a267b2a1b7617e818548aa486b7cfbda74657)
Autobuild-User(v4-19-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-19-test): Mon Jan 22 10:53:03 UTC 2024 on atb-devel-224
Bjoern Jacke [Mon, 8 Jan 2024 15:04:12 +0000 (15:04 +0000)]
system.c: fix fake directory create times
This was broken by
c9c3d4312d7281904fc back in 2009 already.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12421
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
56c3dbc2ff8531772bf79eb9da3497767a20ce6f)
Björn Jacke [Sun, 7 Jan 2024 04:09:58 +0000 (05:09 +0100)]
time.c: fix ctime which was feeded with the mtime seconds
This bug was introduced with
53a1d034f3e47ed3c in 2020.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15550
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
2df2e34c3c1ccf76bbcc78586cbbb6433b6d30d5)
Andreas Schneider [Tue, 9 Jan 2024 07:50:01 +0000 (08:50 +0100)]
python:gp: Print a nice message if cepces-submit can't be found
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15552
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>
(cherry picked from commit
8eb42425a8eb1b30ca0e94dfc01d8175ae5cde4b)
Autobuild-User(v4-19-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-19-test): Mon Jan 15 11:11:31 UTC 2024 on atb-devel-224
Gabriel Nagy [Wed, 16 Aug 2023 09:33:59 +0000 (12:33 +0300)]
gp: Send list of keys instead of dict to remove
`cache_get_all_attribute_values` returns a dict whereas we need to pass
a list of keys to `remove`. These will be interpolated in the gpdb search.
Signed-off-by: Gabriel Nagy <gabriel.nagy@canonical.com>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: David Mulder <dmulder@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Aug 28 03:01:22 UTC 2023 on atb-devel-224
(cherry picked from commit
7dc181757c76b881ceaf1915ebb0bfbcf5aca83a)
Gabriel Nagy [Fri, 18 Aug 2023 14:26:59 +0000 (17:26 +0300)]
gp: Test disabled enrollment unapplies policy
For this we need to stage a Registry.pol file with certificate
autoenrollment enabled, but with checkboxes unticked.
Signed-off-by: Gabriel Nagy <gabriel.nagy@canonical.com>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: David Mulder <dmulder@samba.org>
(cherry picked from commit
ee814f7707a8ddef2657212cd6d31799501b7bb3)
Gabriel Nagy [Wed, 16 Aug 2023 09:37:17 +0000 (12:37 +0300)]
gp: Template changes should invalidate cache
If certificate templates are added or removed, the autoenroll extension
should react to this and reapply the policy. Previously this wasn't
taken into account.
Signed-off-by: Gabriel Nagy <gabriel.nagy@canonical.com>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: David Mulder <dmulder@samba.org>
(cherry picked from commit
2a6ae997f2464b12b72b5314fa80d9784fb0f6c1)
Gabriel Nagy [Fri, 18 Aug 2023 14:16:23 +0000 (17:16 +0300)]
gp: Test adding new cert templates enforces changes
Ensure that cepces-submit reporting additional templates and re-applying
will enforce the updated policy.
Signed-off-by: Gabriel Nagy <gabriel.nagy@canonical.com>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: David Mulder <dmulder@samba.org>
(cherry picked from commit
2d6943a864405f324c467e8c3464c31ac08457b0)
Gabriel Nagy [Wed, 16 Aug 2023 09:20:11 +0000 (12:20 +0300)]
gp: Convert CA certificates to base64
I don't know whether this applies universally, but in our case the
contents of `es['cACertificate'][0]` are binary, so cleanly converting
to a string fails with the following:
'utf-8' codec can't decode byte 0x82 in position 1: invalid start byte
We found a fix to be encoding the certificate to base64 when
constructing the CA list.
Section 4.4.5.2 of MS-CAESO also suggests that the content of
`cACertificate` is binary (OCTET string).
Signed-off-by: Gabriel Nagy <gabriel.nagy@canonical.com>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: David Mulder <dmulder@samba.org>
(cherry picked from commit
157335ee93eb866f9b6a47486a5668d6e76aced5)
Gabriel Nagy [Fri, 18 Aug 2023 14:06:43 +0000 (17:06 +0300)]
gp: Test with binary content for certificate data
This fails all GPO-related tests that call `gpupdate --rsop`.
Signed-off-by: Gabriel Nagy <gabriel.nagy@canonical.com>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: David Mulder <dmulder@samba.org>
(cherry picked from commit
1ef722cf66f9ec99f52939f1cfca031c5fe1ad70)
Gabriel Nagy [Fri, 11 Aug 2023 15:46:42 +0000 (18:46 +0300)]
gp: Change root cert extension suffix
On Ubuntu, certificates must end in '.crt' in order to be considered by
the `update-ca-certificates` helper.
Signed-off-by: Gabriel Nagy <gabriel.nagy@canonical.com>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: David Mulder <dmulder@samba.org>
(cherry picked from commit
bce3a89204545dcab5fb39a712590f6e166f997b)
Gabriel Nagy [Wed, 16 Aug 2023 22:09:28 +0000 (01:09 +0300)]
gp: Support update-ca-trust helper
This is used on RHEL/Fedora instead of update-ca-certificates. They
behave similarly so it's enough to change the command name.
Signed-off-by: Gabriel Nagy <gabriel.nagy@canonical.com>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: David Mulder <dmulder@samba.org>
(cherry picked from commit
fa80d1d86439749c44e60cf9075e84dc9ed3c268)
Gabriel Nagy [Wed, 16 Aug 2023 22:05:54 +0000 (01:05 +0300)]
gp: Support more global trust directories
In addition to the SUSE global trust directory, add support for RHEL and
Debian-based distributions (including Ubuntu).
To determine the correct directory to use, we iterate over the variants
and stop at the first which is a directory.
In case none is found, fallback to the first option which will produce a
warning as it did previously.
Signed-off-by: Gabriel Nagy <gabriel.nagy@canonical.com>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: David Mulder <dmulder@samba.org>
(cherry picked from commit
a1b285e485c0b5a8747499bdbbb9f3f4fc025b2f)
Ralph Boehme [Fri, 15 Dec 2023 10:59:36 +0000 (11:59 +0100)]
smbd: move access override for previous versions to the SMB layer
Doing the previous version access checks and semantics at the SMB
layer means we can simplify the shadow_copy2 and remove the kludge.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Mon Jan 8 16:58:26 UTC 2024 on atb-devel-224
(backported from commit
f14a7065690b00e3c6af2c1f0b0aec51c1e0b372)
[slow@samba.org: vfs_shadow_copy2.c: no TALLOC_FREE() in context]
[slow@samba.org: open.c: assign result from calculate_open_access_flags()]
Autobuild-User(v4-19-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-19-test): Tue Jan 9 13:17:12 UTC 2024 on atb-devel-224
Ralph Boehme [Wed, 20 Dec 2023 14:09:59 +0000 (15:09 +0100)]
smbd: check for previous versions in check_any_access_fsp()
Now that check_any_access_fsp() is broadly used consistently to
restrict access for all modifying operations, we can add a check for
previous versions to check_any_access_fsp() and it gets enforced
consistently.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
fd4e41144a819b4403340e4a28664ac586722b41)
Ralph Boehme [Wed, 20 Dec 2023 17:01:57 +0000 (18:01 +0100)]
smbd: use check_any_access_fsp() for all access checks
Replaces the direct access to fsp->access_mask with a call to
check_any_access_fsp() which allows doing additional checks if needed.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
02ed99343d19fd0845531ad99a46b1dd5b8a7a4f)
Ralph Boehme [Wed, 20 Dec 2023 17:32:25 +0000 (18:32 +0100)]
smbd: replace CHECK_WRITE() macro with calls to check_any_access_fsp()
The additional check if fd underlying fd is valid and not -1 should not be done
at this place. I actually would prefer an write to fail with EBADF if this
happens, as it's likely easier to debug why this happened. These days we should
always have a valid fd.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
995a31c8d4c1789c16bae6b8196f2565d4b1dfdb)
Ralph Boehme [Wed, 20 Dec 2023 17:03:22 +0000 (18:03 +0100)]
smbd: set fsp->fsp_flags.can_write to false for access to previous-versions
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
ee3035218df4cfd68b6aab6825c78f2b85234c6c)
Ralph Boehme [Fri, 22 Dec 2023 10:19:38 +0000 (11:19 +0100)]
smbd: return correct error when trying to create a hardlink to a VSS file
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
a0ae45be770a13373c148a689b9761f14c4f942c)
Ralph Boehme [Thu, 21 Dec 2023 09:58:09 +0000 (10:58 +0100)]
smbd: fix check_any_access_fsp() for non-fsa fsps
smbd_check_access_rights_fsp() requires *all* rights in access_mask to
be granted by the underlying ACL, but the semantics of this function
is supposed to grant access if any one of the rights in
access_requested is allowed.
Fix this by looping over the requested access mask. If
smbd_check_access_rights_fsp() returns sucess, mask will be non-null
and when assigned to access_granted, the subsequent check will pass,
fail otherwise.
I'm not doing an early exit on purpose because a subsequent commit
adds additional security checks that are done in the subsequent code
path common for fsa and non-fsa fsps.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
bf497819e61131cfa6469971596af3aa9bd4bb49)
Ralph Boehme [Thu, 21 Dec 2023 09:58:09 +0000 (10:58 +0100)]
smbd: rename check_access_fsp() to check_any_access_fsp()
The semantics of the access check in check_access_fsp() itself is to
allow access if *at least* one or more rights of the rights in
access_mask are allowed. The name check_any_access_fsp() better
reflects this.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
96b577c380fa914eb1ffa95849c82bdb88aa1ec6)
Ralph Boehme [Thu, 21 Dec 2023 15:27:42 +0000 (16:27 +0100)]
smbd: set fsp_flags.is_fsa to true on printer file handles
Printer file handles went through SMB_VFS_CREATE_FILE() and are network
callable, so it makes sense to set this on them.
This ensures that check_access_fsp() doesn't take the codepath calling
smbd_check_access_rights_fsp(), but just checks the request rights from
fsp->access_mask.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
76c8fe16bff36a29fa326355256b50737d04bd85)
Ralph Boehme [Tue, 19 Dec 2023 12:06:55 +0000 (13:06 +0100)]
smbd: return the correct error in can_rename()
This is what Windows returns for this case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
276c5bd851ab6ab818a49d9c47f6b96de8024778)
Ralph Boehme [Fri, 15 Dec 2023 18:55:23 +0000 (19:55 +0100)]
smbtorture: expand smb2.twrp.write test
Test more modifying operations are blocked and access masks are correct.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
537eedfe2a79fba2e1f062f14ba7a0c5f8f70a88)
Ralph Boehme [Fri, 22 Dec 2023 09:40:39 +0000 (10:40 +0100)]
s4/libcli/raw: implemement RAW_SFILEINFO_LINK_INFORMATION
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
c62484bc2c60ebac42635793d94cb8e62629acbf)
Ralph Boehme [Thu, 21 Dec 2023 18:40:21 +0000 (19:40 +0100)]
selftest: remove error_inject from shadow_write share
Frankly, I can't remember why I added this as part of bug 13688. The
goal of the corresponding test is to verify a write on a read-only
file handle fails. As the file is opened O_RDONLY, the write will fail
anyway and there's no need to inject the error.
To make things worse, having the error injected meant we didn't notice
when the underlying logic of forcing the open to be done with O_RDONLY
was done as O_RDWR, resulting in the write on the handle to succeed.
This happened when we introduced reopen_from_fsp(): the initial
pathref open of a path with a twrp value was correctly detected and
handled by shadow_copy2_openat(). However, when converting the pathref
open to a real one via reopen_from_fsp(), shadow_copy2_openat() only
sees the magic /proc/fd path and has no way of inferring that this was
originating from a prevous version open with a twrp value.
Tl;dr: we can just remove this error injection, it is not needed, the
correct fix is to implement this in the SMB layer which is done in the
subsequent commits.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
78119edba013583555069271bb61134c12c2c135)
Jule Anger [Mon, 8 Jan 2024 14:32:10 +0000 (15:32 +0100)]
VERSION: Bump version up to Samba 4.19.5...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Jule Anger <janger@samba.org>
Jule Anger [Mon, 8 Jan 2024 14:31:21 +0000 (15:31 +0100)]
VERSION: Disable GIT_SNAPSHOT for the 4.19.4 release.
Signed-off-by: Jule Anger <janger@samba.org>
Jule Anger [Mon, 8 Jan 2024 14:30:41 +0000 (15:30 +0100)]
WHATSNEW: Add release notes for Samba 4.19.4.
Signed-off-by: Jule Anger <janger@samba.org>
Björn Jacke [Mon, 25 Dec 2023 18:50:55 +0000 (19:50 +0100)]
docs-xml: use XML_CATALOG_FILES env var if defined
Thanks to Thierry LARONDE for the fix.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15540
Signed-off-by: Björn Jacke <bjacke@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
b9f32b32e0e1463b8ca3e696d682ecf86503464b)
Autobuild-User(v4-19-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-19-test): Mon Jan 8 14:02:25 UTC 2024 on atb-devel-224
Björn Jacke [Mon, 25 Dec 2023 18:53:30 +0000 (19:53 +0100)]
winbind_nss_netbsd: fix missing semicolon
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15541
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
b41f95f891ab5b1d1878735a513be5d9a13f63c6)
Andreas Schneider [Fri, 15 Dec 2023 07:23:25 +0000 (08:23 +0100)]
s3:utils: Fix the auth function to print correct values to the user
In order to show correct values in the password prompt displayed by
cli_credentials_get_password*(). We need to set the domain and username
in the credentials system.
The credentials supplied via the SMB URL have a higher priority than the
command line options.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15538
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
1134c4f3a63c9618c3fb79abefb40a798c7c1701)
Andreas Schneider [Fri, 15 Dec 2023 08:41:06 +0000 (09:41 +0100)]
s3:utils: Handle the domain before username and password
The cli_credentials_get_password*() function will interactively ask the
user for a password if none has been supplied via another ways. To show
the correct domain and username in the prompt, we need handle domain
and user first.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15538
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
25021b836f74d3d247bce44c6c02a2d8b2cc39ea)
Björn Jacke [Mon, 25 Dec 2023 18:49:38 +0000 (19:49 +0100)]
doc-xml: fix name of vfs_linux_xfs man page
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15542
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
2073bbf9dcab5fabe5e683c12e16c195239fcba1)
Volker Lendecke [Thu, 28 Dec 2023 13:38:37 +0000 (14:38 +0100)]
smbd: Fix traversing snapshot dirs that vanished in current fileset
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15544
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jan 2 20:37:01 UTC 2024 on atb-devel-224
(cherry picked from commit
2cfbf43f706d5d29a5b1a5b13aac0661e42da0b1)
Volker Lendecke [Thu, 28 Dec 2023 13:20:11 +0000 (14:20 +0100)]
shadow_copy: Add test for missing directory in "current" fileset
Right now we can't traverse a subdirectory in a snapshot which was
deleted in the current set of files.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15544
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
a0bfadb32b83ab1e58290f84c298d345e21866d9)
Jones Syue [Thu, 4 Jan 2024 01:42:15 +0000 (09:42 +0800)]
s3:smbd multichannel: always refresh the network information
To maintain SMB Multichannel, windows client might periodically query with
FSCTL_QUERY_NETWORK_INTERFACE_INFO to get SMB server's network information,
in my case windows server 2022 would do this every 10 minutes (600 seconds).
Consider a scenario: the network information might have changed between
these queries, some become link down, new interface is link up, network
speed is changed, and etc. So far smbd might not aware of these changes and
still report out-of-date network information to windows client, until we
manually send a SIGHUP to smbd in order to trigger load_interfaces():
smbd_sig_hup_handler() > reload_services () > load_interfaces()
This might be a bit inconvenient because it is hard to decide when should
we manually send a SIGHUP to smbd for refreshing network information.
This patch adds load_interfaces() at fsctl_network_iface_info(), while smbd
received FSCTL_QUERY_NETWORK_INTERFACE_INFO would go through this and refresh
local_interfaces, then respond to client with up-to-date network information;
also refresh num_ifaces to make sure interfaces count is consistent.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15547
Signed-off-by: Jones Syue <jonessyue@qnap.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Björn Jacke <bjacke@samba.org>
(cherry picked from commit
318fd95d5ea63724798592eb6b4eebaecfa0cbfb)
Autobuild-User(v4-19-test): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(v4-19-test): Fri Jan 5 13:47:03 UTC 2024 on atb-devel-224
Stefan Metzmacher [Tue, 15 Aug 2023 06:57:57 +0000 (08:57 +0200)]
s3:ctdbd_conn: fix ctdbd_public_ip_foreach() for ipv6 addresses
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15534
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Dec 21 11:09:30 UTC 2023 on atb-devel-224
(cherry picked from commit
828f3c99122fb033ecb79e24ed24821b8510f0f8)
Autobuild-User(v4-19-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-19-test): Thu Dec 28 17:15:55 UTC 2023 on atb-devel-224
Stefan Metzmacher [Thu, 14 Dec 2023 10:35:19 +0000 (11:35 +0100)]
VERSION: move COPYRIGHT_STARTUP_MESSAGE as SAMBA_COPYRIGHT_STRING into version.h
We also prodive a samba_copyright_string() helper similar to
samba_version_string().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15377
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Björn Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Dec 15 10:44:42 UTC 2023 on atb-devel-224
(cherry picked from commit
d23d6145bf08c4765479951237e697c4b2b11aa2)
Autobuild-User(v4-19-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-19-test): Tue Dec 19 10:43:21 UTC 2023 on atb-devel-224
Stefan Metzmacher [Wed, 22 Nov 2023 16:18:29 +0000 (17:18 +0100)]
lib/util: convert DBG_STARTUP_NOTICE() to use debug_set_forced_log_priority(DBGLVL_NOTICE)
Using -1 as log level is not compatible without our infrastructure.
As all backends are initialized with .log_level = -1, which means
they don't log the message, but now they all try to handle the
startup message even if they are not configured.
E.g. is means that systemd's journalctl get the message twice
now, first via the syslog and also the systemd backend.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15377
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Björn Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
cd8dcff9e9cbfffab8c502c8701c00b0c8e3512b)
Stefan Metzmacher [Wed, 22 Nov 2023 16:03:30 +0000 (17:03 +0100)]
lib/util: add debug_set_forced_log_priority()
By default the priority for syslog/systemd is derived from
the log level of the debug message.
But for things like startup messages we want to
change the priority temporary, like this:
debug_set_forced_log_priority(DBGLVL_NOTICE);
D_ERR("Startup...\n");
debug_set_forced_log_priority(-1);
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15377
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Björn Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
bd21a0cdefb30ef5522f81d865c03d11a182a63c)
Björn Jacke [Mon, 18 Sep 2023 12:35:55 +0000 (14:35 +0200)]
source3/nmbd/nmbd.c: use DBG_STARTUP_NOTICE
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15377
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
72f20311acc4ab8851f18ac2b87f7ecc7803afad)
Björn Jacke [Mon, 18 Sep 2023 12:34:29 +0000 (14:34 +0200)]
lib/util/become_daemon.c: use DBG_STARTUP_NOTICE
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15377
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
50337acaa566b6696e035e38f6408f65805182a0)
Björn Jacke [Mon, 5 Jun 2023 16:10:07 +0000 (18:10 +0200)]
logging: use DBG_STARTUP_NOTICE for startup message
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15377
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
159cfde446c95c387ef212be103b109ea0dca93d)
Björn Jacke [Mon, 18 Sep 2023 11:48:06 +0000 (13:48 +0200)]
debug.h: introduce DEBUG_STARTUP_NOTICE
this is log level -1 and lowest syslog priority. This is used for start up
messages and copyright notices, which should always be printed but which are no
errors or warnings.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15377
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
ccfe345fece0a5a44d766fb9426d43c2e046d040)
Björn Jacke [Tue, 6 Jun 2023 15:25:35 +0000 (17:25 +0200)]
lib/util: move copyright define to copyright.h
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15377
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
b7631bf603fbce9b80b19410f0680ce8c4170a1b)
Björn Jacke [Mon, 18 Sep 2023 11:45:54 +0000 (13:45 +0200)]
s4/server.c: move some log messages from ERR to NOTICE
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15377
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
baa67024bca391f2e212b91131f544cc911c6895)
Björn Jacke [Mon, 18 Sep 2023 21:42:31 +0000 (23:42 +0200)]
profile: issues info message with lower log level
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15377
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
55d895dc42248ad524a10812b9975ac05a722fdc)
Stefan Metzmacher [Wed, 16 Aug 2023 14:47:24 +0000 (16:47 +0200)]
s3:rpc_server: call reopen_logs before we print the copyright notice
This matches what we do in smbd, winbindd and nmbd.
For the workers it's important to call it at all, otherwise
things like 'debug pid = yes' or 'debug class = yes' have no effect
in the workers.
We could argue if we want the copyright notice on the start
of each worker at all, but that's a different discussion...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
94723b6732a67482eb7792e82b01e26a807e8265)