git.samba.org - iboukris/samba-autobuild/.git/log

smbd: split out POSIX info_levels from smbd_do_setfilepathinfo() into own function

smbd_do_setfilepathinfo() can be made fully handle based for all non-POSIX
infolevels with pathref fsps, but for a POSIX create we may not have a fsp if
the path points at a symlink.

Splitting the POSIX from the non-POSIX logic allows for cleaner handling of this
in the future with pathref fsps.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Oct 23 09:19:12 UTC 2020 on sn-devel-184

smbd: mark UCF_UNIX_NAME_LOOKUP as unused

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbd: remove use of UCF_UNIX_NAME_LOOKUP

This is now handled by SMB_FILENAME_POSIX_PATH.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbd: use UCF_POSIX_PATHNAMES flag for path validation logic in filename_convert_internal()

This change means that if a client path is a symlink, we *always* only call
check_veto_path() for POSIX clients using a POSIX pathname, not just when a
POSIX info-level was used in an SMB request.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbd: base POSIX semantics of call_trans2findfirst() on SMB_FILENAME_POSIX_PATH flag

We really want to apply POSIX semantics in this place whenever the client has
enabled UNIX extensions, not only when using UNIX find info-levels.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbd: let directory entries inherit the smb_fname->flags from the directory

If the listed directory has SMB_FILENAME_POSIX_PATH set, this change causes the
smb_fname of directory entries to inherit the flag so subsequent operations on
the directory entry can correctly implement POSIX semantics.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbd: base POSIX semantics in call_trans2findfirst() on req->posix_pathnames

This will require a SMB1 client to enable SMB1 POSIX extensions, just sending
POSIX info-level requests without first enabling them won't cut it.

As discussed with Jeremy, SMB1 POSIX extensions is a global thing and the client
that wants to use it is expected to enable them explicitly before making use of
POSIX info-levels.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

vfs_default: allow dirfsps in the link VFS functions

The functions work just fine with real dirfsps.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

selftest: remove POSIX test from planned tests for ad_dc_ntvfs environ

Just don't run the tests instead of retrofitting them to the skiplist.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

vfs_streams_depot: only assert AT_FDCWD for streams

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

vfs_streams_xattr: only assert AT_FDCWD for streams

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbd: fix order of smb_fname flags and twrp args in call_trans2findfirst()

Also not creating a BUG for this one as I've not seen any reports from the field
that this is causing issues.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbd: fix order of smb_fname flags and twrp args in unlink_internals()

As snapshots are read-only by design, this bug was likely not a real issue so
I'm not creating a BUG for this.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

vfs: make dirfsp arg to SMB_VFS_READLINKAT() const

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

wb_sids2xids: defer/skip wb_lookupsids* unless we get ID_TYPE_WB_REQUIRE_TYPE

We try to give a valid hint for predefined sids and
pass ID_TYPE_BOTH as a hint that the domain part of the sid is valid.

In most cases the idmap child/backend does not require a type_hint
as mappings already exist.

This is a speed up as we no longer need to contact a domain controller.

It's also possible to accept kerberos authentication without reaching
out to a domain controller at all (if the idmap backend doesn't need a
hint).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Oct 23 04:47:26 UTC 2020 on sn-devel-184

winbindd: allow idmap backends to mark entries with ID_[TYPE_WB_]REQUIRE_TYPE

This must only be used between winbindd parent and child!
It must not leak into outside world.

Some backends require ID_TYPE_UID or ID_TYPE_GID as type_hint,
while others may only need ID_TYPE_BOTH in order to validate that
the domain exists.

This will allow us to skip the wb_lookupsids_send/recv in the winbindd parent
in future and only do that on demand.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

wb_sids2xids: build state->idmap_doms based on wb_parent_idmap_config

In future we'll try to avoid wb_lookupsids_send() and only call
it if needed.

The domain name passed should be only relevant to find the correct
idmap backend, and these should all be available in
wb_parent_idmap_config as it was created before the idmap child was forked.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

wb_sids2xids: fill cache as soon as possible

After adding entries to the cache we can mark them
as filled from the cache by setting its domain_index
to UINT32_MAX.

This will allow further changes to fill the results
into state->all_ids in steps.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

wb_sids2xids: directly use state->all_ids to collect results

In order to translate the indexes from state->lookup_sids[]
for wb_lookupsids_send/recv() and state->map_ids.ids[]
for dcerpc_wbint_Sids2UnixIDs_send/recv() back to
state->all_ids.ids[] or state->sids[] we have state->tmp_idx[].

This simplifies wb_sids2xids_recv() a lot and make further
restructuring much easier.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

wb_sids2xids: change 'i' to 'li' in wb_sids2xids_lookupsids_done()

With all the indexes we have into various array, this makes clear
'li' is the index into the state->lookup_sids array.

This makes the following changes easier to review.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

wb_sids2xids: refactor wb_sids2xids_done() a bit

Here we don't change the logic.

It will make the following changes easier.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

wb_sids2xids: inline wb_sids2xids_extract_for_domain_index() into wb_sids2xids_next_sids2unix()

Instead of re-creating the dom_ids element,
we just use a pre-allocated map_ids_in array.

This is a bit tricky as we need to use map_ids_out as a copy of
map_ids_in, because the _ids argument of dcerpc_wbint_Sids2UnixIDs_send()
in [in,out], which means that _ids->ids is changed between
dcerpc_wbint_Sids2UnixIDs_send() and dcerpc_wbint_Sids2UnixIDs_recv()!

If the domain doesn't need any mappings, we'll move to the next domain
early, for now this can't happend but it will in future.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

wb_sids2xids: move more checks to wb_sids2xids_next_sids2unix()

For the first run this is a no-op, but it simplified the caller.

We'll call wb_sids2xids_next_sids2unix() in a few more places in future
and it's easier to have this all within wb_sids2xids_next_sids2unix().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

wb_sids2xids: rename 'non_cached' to 'lookup_sids'

This array is used to pass to wb_lookupsids_send()
and that will be the only reason to have this in future.

For now it's used for all non cached sids, but that will
also change in the next commits.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

wb_sids2xids: maintain struct wbint_TransIDArray all_ids as cache

Entries with domain_index == UINT32_MAX are valid cache entries.

In the following commits we'll fill in missing entries step by step
until all entries are marked as filled.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

wb_sids2xids: split out wb_sids2xids_next_sids2unix()

Put the code that calls the per-domain idmap backend
in its own function.

This makes further reconstruction easier.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

winbindd: defer the setup_child() from init_idmap_child()

At startup we trigger a wb_parent_idmap_setup_send() and make
sure setup_child() is called just before wb_parent_idmap_setup_recv()
finished.

This makes sure our view of the idmap config in the parent matches
what we have in the child.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

winbindd: assert wb_parent_idmap_setup_send/recv() was called before idmap_child_handle()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

wb_queryuser: explain why wb_parent_idmap_setup_send/recv is not needed

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

wb_sids2xids: call wb_parent_idmap_setup_send/recv as the first step

This isn't really used yet, but it will in the next commits.

Also idmap_child_handle() will soon assert that
wb_parent_idmap_setup_send/recv() was called before it's used.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

wb_xids2sids: make use of the new wb_parent_idmap_setup_send/recv() helpers

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

winbindd: add generic wb_parent_idmap_setup_send/recv() helpers

This is more or less a copy of wb_xids2sids_init_dom_maps_send/recv,
but it's more generic and doesn't imply global state.

It also closes a initialization race by using a tevent_queue to
serialize the calls.

In the next commits we'll replace wb_xids2sids_init_dom_maps_send/recv.

We'll also use the new function in the wb_sids2xids code.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

winbindd: add and use is_idmap_child()

We should avoid calling idmap_child() as much as possible.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

winbindd: add and use idmap_child_pid()

We should avoid calling idmap_child() as much as possible.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

wb_sids2xids: avoid idmap_child() and use idmap_child_handle() instead

This is the only aspect we need here.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

wb_xids2sids: avoid idmap_child() and use idmap_child_handle() instead

This is the only aspect we need here.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

wb_queryuser: avoid idmap_child() and use idmap_child_handle() instead

This is the only aspect we need here.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

winbindd/idmap: apply const to struct nss_info_methods pointers

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

winbindd/idmap: apply const to struct idmap_methods pointers

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

test_idmap_tdb_common: correctly initialize the idmap domain with an init function

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

s3:passdb: use ID_TYPE_* instead of WBC_ID_TYPE_*

Currently these enums have the same values, but that will
change in future.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

winbind.idl: rename wbint_TransID.type to wbint_TransID.type_hint

This makes it clear that it's a hint from the parent to the
child.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

rpc: avoid undefined behaviour when parsing bindings

If the binding string ends with "[", we were setting options to an
empty string, then asking for 'options[strlen(options)-1]', which
UBSan dosn't like because the offset evaluates to (size_t)0xFFFFF...
causing pointer overflow.

I believe this is actually well defined in practice, but we don't want
to be in the habit of leaving sanitiser warnings in code parsing
untrusted strings.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

.gitlab-ci.yml: Ensure we compile before we start the main parallel testing

This build can be as fast as 10mins if the ccache matches and there
are few tests. Therefore put it first as a sentinal.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

.gitlab-ci.yml: Run the coverity submission job in parallel with the builds

This avoids a flapping test elsewhere delying the submission of the code to coverity
for checking.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

py3: Add is_ad_dc_built option to python glue

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

oss-fuzz: Add very verbose explaination for RPATH vs RUNPATH

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Fri Oct 23 00:33:57 UTC 2020 on sn-devel-184

oss-fuzz: Always run the check, even on the oss-fuzz platform

It is much harder to determine why we get messages like
Step #6: Error occured while running fuzz_reg_parse:
Step #6: /workspace/out/coverage/fuzz_reg_parse: error while loading shared libraries: libavahi-common.so.3: cannot open shared object file: No such file or directory
instead this detects the failure to use RPATH (which is
strictly required instead of the modern RUNPATH)
otherwise.

We do this by creating a new build_samba.sh after renaming
build_samba.sh to do_build.sh because this is what oss-fuzz
runs, meaning we don't need to coordinate a MR there as well.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

oss-fuzz: update comment to reference RPATH for the static-ish binaries

We strictly require RPATH, so fix the comment to avoid mentioning
the modern RUNPATH which is almost but not entirely similar.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

testprogs: Fix and improve upgradeprovision-oldrelease test

This fixes running `make test` in a release tarball!

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14542

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Oct 22 17:28:39 UTC 2020 on sn-devel-184

testprogs: Fix and improve dbcheck-oldrelease test

This fixes running `make test` in a release tarball!

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14542

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>

testprogs: Fix and improve functionalprep test

This fixes running `make test` in a release tarball!

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14542

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>

testprogs: Fix and improve dbcheck-links test

This fixes running `make test` in a release tarball!

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14542

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>

testprogs: Fix and improve runtime-links test

This fixes running `make test` in a release tarball!

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14542

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>

testprogs: Fix and improve tombstones-expunge test

This fixes running `make test` in a release tarball!

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14542

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>

testprogs: Fix and improve demote-saveddb test

This fixes running `make test` in a release tarball!

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14542

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>

testprogs: Add remove_directory to common test functions

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14542

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>

python: Create targetdir recursively

This fixes `make test` in a release tarball.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14542

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>

libndr: Avoid assigning duplicate versions to symbols

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14541

Symbols _ndr_push_error and _ndr_pull_error keep getting redefined as
they are included without wildcard in abi_match.  Apparently on linux ld
does not complain about duplicate symbols, but on freebsd ld fails to
link with following error:

  [ 918/3912] Linking bin/default/librpc/libndr.so
  ld: error: duplicate symbol '_ndr_pull_error' in version script
  ld: error: duplicate symbol '_ndr_push_error' in version script
  clang: error: linker command failed with exit code 1 (use -v to see invocation)

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Andreas Schneider <asn@samba.org>

Add VFS-License-clarification.txt as discussed on the Team list.

Update WHATSNEW.txt with a copy for the next release.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Oct 22 15:34:54 UTC 2020 on sn-devel-184

oss-fuzz: standardise on RPATH for the static-ish binaries

This includes a revert of commit e60df214998afc145ca482cab184691b3ddc3bb2.

We strictly require RPATH, not the modern RUNPATH for the behaviour
we need in oss-fuzz, which is that not just the first line of dependencies
but the full set of libraries used by the program are looked for in the
'$ORIGIN/lib' directory.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Thu Oct 22 14:10:04 UTC 2020 on sn-devel-184

fuzzing: Improve robustness and documentation of the ldd-base library copy

This tries to make progress towards understanding why we sometime see errors like
Step #6: Error occured while running fuzz_reg_parse:
Step #6: /workspace/out/coverage/fuzz_reg_parse: error while loading shared libraries: libavahi-common.so.3: cannot open shared object file: No such file or directory

in the previously failing coverage builds.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

s3:param:service - ensure registry shares loaded before home check

Registry shares should be loaded and checked prior to checking home
directories. This ensures that an explicitly defined service takes
priority over home directories (same behavior as non-registry shares).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14543

Signed-off-by: Andrew Walker <awalker@ixsystems.com>
Reviewed-by: Jeremy Alison <jra@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Oct 22 00:30:38 UTC 2020 on sn-devel-184

lib:util:loadparm - fix leak in lpcfg_dump_a_parameter

This function calls talloc_strdup() for the parm_name passed into
it so that we can check whether it's a parametric entry. It's
allocated under the loadparm context passed into the function.
Primary consumer of this is "testparm" and so context short-lived in
typical use-case, but this is also exposed via pyparam and so the
loadparm context may be somewhat longer-lived depending on how it is
being used.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14544

Signed-off-by: Andrew Walker <awalker@ixsystems.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

fuzzing: Fix the oss-fuzz coverage build

It was long thought that the issue here was that no seed corpus was
provided, but actually the issue is that to obtain coverage output
just as we already know for gcc gcov, you must provide fuzzing flags
to both the compile and link phase.

Thankfully clang as a linker does not mind the strange non-linker options
from $COVERAGE_FLAGS.

REF: https://stackoverflow.com/questions/56112019/clang-does-not-generate-profraw-file-when-linking-manually
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19495#c48

Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Oct 21 23:07:37 UTC 2020 on sn-devel-184

lib: Add tevent_req_received() to messaging_filtered_read_recv()

Early talloc_free() for the msg_rec if it's not picked up

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Oct 21 20:27:57 UTC 2020 on sn-devel-184

libsmb: Simplify cli_resolve_path()

The additional conditions in cli_dfs_check_error() were covered
earlier in cli_resolve_path() via cli_conn_have_dfs(). Without those
it's more obvious to directly call NT_STATUS_EQUAL here.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

libsmb: Factor out cli_conn_have_dfs() from cli_resolve_path()

This also does the checks from cli_dfs_check_error(), which can be
removed in the next step.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

includes: nt_printing.h does not need client.h

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

libsmb: Fix a typo

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

libsmb: Use a direct struct initialization to avoid a memset

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

libsmb: Use ZERO_STRUCTP

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

libsmb: Use "struct" in self-references

Don't go via the typedefs for next and prev pointers

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbcacls: Use direct struct initialization

Use implicit NULL/false initialization

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbcacls: Use ISDOT[DOT] instead of strequal

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

libcli: Align integer types

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbd: Modernize DBG statements in notify_msg.c

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

notifyd: Modernize DBG statements

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbd: Remove an unused anonymous struct definition

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

libsmb: Fix a typo

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbd: Fix a typo

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

s4:dsdb:acl_read: Implement "List Object" mode feature

See [MS-ADTS] 5.1.3.3.6 Checking Object Visibility

I tried to avoid any possible overhead for the common cases:

- SEC_ADS_LIST (List Children) is already granted by default
- fDoListObject is off by default

Overhead is only added if the administrator turned on
the fDoListObject feature and removed SEC_ADS_LIST (List Children)
from a parent object.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14531

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Oct 21 08:48:02 UTC 2020 on sn-devel-184

s4:dsdb:util: add dsdb_do_list_object() helper

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14531

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

s4:dsdb:acl_read: defer LDB_ERR_NO_SUCH_OBJECT

We may need to return child objects even if the base dn
is invisible.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14531

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

s4:dsdb:acl_read: make use of aclread_check_object_visible() for the search base

We should only have one place to do access checks.

Use 'git show -w' to see the minimal diff.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14531

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

s4:dsdb:acl_read: fully set up 'struct aclread_context' before the search base acl check

This makes further change much easier.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14531

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

s4:dsdb:acl_read: introduce aclread_check_object_visible() helper

In future this will do more than aclread_check_parent(),
if we implement fDoListObject and SEC_ADS_LIST_OBJECT handling.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14531

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

s4:dsdb:tests: add AclVisibiltyTests

This tests a sorts of combinations in order to
demonstrate the visibility of objects depending on:

- with or without fDoListObject
- with or without explicit DENY ACEs
- A hierachy of objects with 4 levels from the base dn
- SEC_ADS_LIST (List Children)
- SEC_ADS_LIST_LIST_OBJECT (List Object)
- SEC_ADS_READ_PROP
- all possible scopes and basedns

This demonstrates that NO_SUCH_OBJECT doesn't depend purely
on the visibility of the base dn, it's still possible to
get children returned und an invisible base dn.

It also demonstrates the additional behavior with "List Object" mode.
See [MS-ADTS] 5.1.3.3.6 Checking Object Visibility

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14531

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

python/tests: add DynamicTestCase setUpDynamicTestCases() infrastructure

This can be used in order to run a sepcific test (coded just once)
with an autogenerated set of arguments.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14531

Pair-Programmed-With: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

ctdb-common: Avoid aliasing errors during code optimization

When compiling with GCC 10.x and -O3 optimization, the IP checksum
calculation code generates wrong checksum. The function uint16_checksum
gets inlined during optimization and ip4pkt->tcp data gets wrongly
aliased.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14537

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Wed Oct 21 05:52:28 UTC 2020 on sn-devel-184

fuzz/oss-fuzz/build_samba: fetch fuzz seeds

There is a git repository at
https://gitlab.com/samba-team/samba-fuzz-seeds that contains the
seeds. When the master branch of that repository is updated, a CI job
runs that creates a zip file of all the seeds as an artifact. That zip
file is downloaded and unpacked by oss_fuzz/build_samba. The contents
of that zip are further zips that contain the seeds for each fuzzing
binary; these are placed next to the binaries in the manner that
oss-fuzz expects.

That is, beside 'fuzz_foo', we put 'fuzz_foo_seed_corpus.zip' which
contains a pile of fuzz_foo seeds.

There may be times when a new fuzz target does not have a seed corpus,
and times when a removed fuzz target leaves behind a seed corpus.
This is OK, so we don't insist on an exact match between the target
names and the zip names, only that there is some overlap.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Oct 21 03:47:35 UTC 2020 on sn-devel-184

fuzz/oss-fuzz/build-samba: note the calling site

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

fuzzing/README: link to wiki

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:tests: Add tests for 'valid users'.

Extending testsuite for option 'valid/invalid users' from smb.conf.

Signed-off-by: Denis Karpelevich <dkarpele@redhat.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Oct 21 01:17:05 UTC 2020 on sn-devel-184

Rename Samba's DCO to Samba Developer's Declaration

In an effort to reduce any confusion about the differences
between the Samba DCO and the Linux DCO, and as a favor to the
Linux community, rename the Samba DCO to the Samba Developer's
Declaration.

Signed-off-by: Bradley M. Kuhn <bkuhn@sfconservancy.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Simo Sorce <idra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Oct 20 22:54:01 UTC 2020 on sn-devel-184

Update Samba's DCO license in compliance with CC-BY-SA 4.0

The text of "Samba's Developer Certificate of Origin" is copyrighted
and licensed CC-BY-SA. Add notice for compliance with CC-BY-SA 4.0.

Signed-off-by: Bradley M. Kuhn <bkuhn@sfconservancy.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Simo Sorce <idra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Oct 20 18:10:50 UTC 2020 on sn-devel-184

smb.conf.5: add clarification how configuration changes reflected by Samba

Users of Linux distributions know to read smb.conf(5) manual page but
apparently not many of them read smbd(8) and winbindd(8) to understand
how changes to smb.conf file are reflected in the running processes.

Add a small section that makes it clear where to find relevant
information. Also correct the information in smbd, nmbd, and winbindd
manual pages.

The interval at which smbd does check for smb.conf changes was increased
from 60 seconds to 180 seconds in 1999 with commit 3db52feb1f3b.

Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Isaac Boukris <iboukris@samba.org>
Autobuild-User(master): Alexander Bokovoy <ab@samba.org>
Autobuild-Date(master): Tue Oct 20 08:50:13 UTC 2020 on sn-devel-184

s3:ctdbd_conn: Fix the build on FreeBSD

Commit 6b9564c1084d8dc7319857fac984808571ef0eb9 broke the build on
FreeBSD:

[2321/3909] Compiling source3/smbd/process.c
../../source3/smbd/process.c:2797:10: error: use of undeclared identifier 'EREMOTEIO'
                return EREMOTEIO;
                       ^
../../source3/smbd/process.c:2833:14: error: use of undeclared identifier 'EREMOTEIO'
                if (ret == EREMOTEIO) {
                           ^
2 errors generated.

Use one of the POSIX error codes instead.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Tue Oct 20 07:22:08 UTC 2020 on sn-devel-184

fuzz_dcerpc_parse_binding: don't leak

Also, by not tallocing at all in the too-long case, we can short
circuit quicker.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Oct 20 02:26:40 UTC 2020 on sn-devel-184

s3:tests: Improve test_force_close_share test

This fixes the test with fast disks where 20MB transfers are done in
less than a second.

This also cleans up the code to have less sleeping time!

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Oct 19 21:14:21 UTC 2020 on sn-devel-184